1241 files changed, 158028 insertions, 0 deletions

diff --git a/security/manager/.eslintrc.js b/security/manager/.eslintrc.js
new file mode 100644
index 000000000..dc9d688aa
--- /dev/null
+++ b/security/manager/.eslintrc.js
@@ -0,0 +1,223 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "rules": {
+    // Braces only needed for multi-line arrow function blocks
+    "arrow-body-style": ["error", "as-needed"],
+
+    // Require spacing around =>
+    "arrow-spacing": "error",
+
+    // Always require spacing around a single line block
+    "block-spacing": "error",
+
+    // No space before always a space after a comma
+    "comma-spacing": ["error", {"before": false, "after": true}],
+
+    // Commas at the end of the line not the start
+    "comma-style": "error",
+
+    // Don't require spaces around computed properties
+    "computed-property-spacing": ["error", "never"],
+
+    // Functions must always return something or nothing
+    "consistent-return": "error",
+
+    // Require braces around blocks that start a new line
+    "curly": ["error", "multi-line"],
+
+    // Always require a trailing EOL
+    "eol-last": "error",
+
+    // Require function* name()
+    "generator-star-spacing": ["error", {"before": false, "after": true}],
+
+    // Space after colon not before in property declarations
+    "key-spacing": ["error", { "beforeColon": false, "afterColon": true, "mode": "minimum" }],
+
+    // Require spaces around keywords
+    "keyword-spacing": "error",
+
+    // Unix linebreaks
+    "linebreak-style": ["error", "unix"],
+
+    // Always require parenthesis for new calls
+    "new-parens": "error",
+
+    // Disallow use of alert(), confirm(), and prompt().
+    "no-alert": "error",
+
+    // Use [] instead of Array()
+    "no-array-constructor": "error",
+
+    // Disallow use of arguments.caller or arguments.callee.
+    "no-caller": "error",
+
+    // Disallow modifying variables of class declarations.
+    "no-class-assign": "error",
+
+    // Disallow assignment in conditional expressions, except if the assignment
+    // is within parentheses.
+    "no-cond-assign": ["error", "except-parens"],
+
+    // Disallow use of the console API.
+    "no-console": "error",
+
+    // Disallow modifying variables that are declared using const.
+    "no-const-assign": "error",
+
+    // Disallow use of debugger
+    "no-debugger": "error",
+
+    // Disallow deletion of variables (deleting properties is fine though).
+    "no-delete-var": "error",
+
+    // No duplicate arguments in function declarations
+    "no-dupe-args": "error",
+
+    // No duplicate keys in object declarations
+    "no-dupe-keys": "error",
+
+    // No duplicate cases in switch statements
+    "no-duplicate-case": "error",
+
+    // Disallow use of eval().
+    "no-eval": "error",
+
+    // No labels
+    "no-labels": "error",
+
+    // If an if block ends with a return no need for an else block
+    "no-else-return": "error",
+
+    // No empty character classes in regex
+    "no-empty-character-class": "error",
+
+    // Disallow empty destructuring
+    "no-empty-pattern": "error",
+
+    // No assigning to exception variable
+    "no-ex-assign": "error",
+
+    // No using !! where casting to boolean is already happening
+    "no-extra-boolean-cast": "error",
+
+    // No double semicolon
+    "no-extra-semi": "error",
+
+    // No overwriting defined functions
+    "no-func-assign": "error",
+
+    // No invalid regular expressions
+    "no-invalid-regexp": "error",
+
+    // No odd whitespace characters
+    "no-irregular-whitespace": "error",
+
+    // No single if block inside an else block
+    "no-lonely-if": "error",
+
+    // No mixing spaces and tabs in indent
+    "no-mixed-spaces-and-tabs": ["error", "smart-tabs"],
+
+    // No unnecessary spacing
+    "no-multi-spaces": ["error", { "exceptions": {
+      "AssignmentExpression": true,
+      "VariableDeclarator": true,
+      "ArrayExpression": true,
+      "ObjectExpression": true
+    }}],
+
+    // No reassigning native JS objects
+    "no-native-reassign": "error",
+
+    // No (!foo in bar)
+    "no-negated-in-lhs": "error",
+
+    // Nested ternary statements are confusing
+    "no-nested-ternary": "error",
+
+    // Use {} instead of new Object()
+    "no-new-object": "error",
+
+    // No Math() or JSON()
+    "no-obj-calls": "error",
+
+    // No octal literals
+    "no-octal": "error",
+
+    // No redeclaring variables
+    "no-redeclare": "error",
+
+    // Disallow use of assignment in return statement.
+    "no-return-assign": ["error", "always"],
+
+    // Disallow self assignment such as |foo = foo|.
+    "no-self-assign": "error",
+
+    // No unnecessary comparisons
+    "no-self-compare": "error",
+
+    // No declaring variables that hide things like arguments
+    "no-shadow-restricted-names": "error",
+
+    // No spaces between function name and parentheses
+    "no-spaced-func": "error",
+
+    // Disallow sparse arrays, eg. let arr = [,,"error"].
+    "no-sparse-arrays": "error",
+
+    // Disallow throwing literals (eg. |throw "error"| instead of
+    // |throw new Error("error")|)
+    "no-throw-literal": "error",
+
+    // No trailing whitespace
+    "no-trailing-spaces": "error",
+
+    // No using undeclared variables
+    "no-undef": "error",
+
+    // Error on newline where a semicolon is needed
+    "no-unexpected-multiline": "error",
+
+    // No unreachable statements
+    "no-unreachable": "error",
+
+    // No expressions where a statement is expected
+    "no-unused-expressions": "error",
+
+    // No using with
+    "no-with": "error",
+
+    // Always require semicolon at end of statement
+    "semi": ["error", "always"],
+
+    // Require space before blocks
+    "space-before-blocks": "error",
+
+    // No space padding in parentheses
+    "space-in-parens": ["error", "never"],
+
+    // Require spaces around operators
+    "space-infix-ops": "error",
+
+    // ++ and -- should not need spacing
+    "space-unary-ops": ["error", { "words": true, "nonwords": false }],
+
+    // Require "use strict" to be defined globally in the script.
+    "strict": ["error", "global"],
+
+    // No comparisons to NaN
+    "use-isnan": "error",
+
+    // Only check typeof against valid results
+    "valid-typeof": "error"
+  },
+  "env": {
+    "browser": true
+  },
+  "globals": {
+    "Components": false,
+    "dump": false
+  }
+};
diff --git a/security/manager/android_stub.h b/security/manager/android_stub.h
new file mode 100644
index 000000000..6f5ad3f55
--- /dev/null
+++ b/security/manager/android_stub.h
@@ -0,0 +1,44 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file allows NSS to build by stubbing out
+ * features that aren't provided by Android/Bionic */
+
+#ifndef ANDROID_STUB_H
+#define ANDROID_STUB_H
+
+/* sysinfo is defined but not implemented.
+ * we may be able to implement it ourselves. */
+#define _SYS_SYSINFO_H_
+
+#include <sys/cdefs.h>
+#include <sys/resource.h>
+#include <linux/kernel.h>
+#include <unistd.h>
+
+#ifndef ANDROID_VERSION
+#include <android/api-level.h>
+#define ANDROID_VERSION __ANDROID_API__
+#endif
+
+/* Use this stub version of getdtablesize
+ * instead of the one in the header */
+__attribute__((unused))
+static int getdtablesize_stub(void)
+{
+    struct rlimit r;
+    if (getrlimit(RLIMIT_NOFILE, &r) < 0) {
+        return sysconf(_SC_OPEN_MAX);
+    }
+    return r.rlim_cur;
+}
+#define getdtablesize() getdtablesize_stub()
+
+#if ANDROID_VERSION < 21
+#define RTLD_NOLOAD 0
+#endif
+
+#define sysinfo(foo) -1
+
+#endif /* ANDROID_STUB_H */
diff --git a/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties b/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties
new file mode 100644
index 000000000..31274f985
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties
@@ -0,0 +1,329 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SSL_ERROR_EXPORT_ONLY_SERVER=Unable to communicate securely. Peer does not support high-grade encryption.
+SSL_ERROR_US_ONLY_SERVER=Unable to communicate securely. Peer requires high-grade encryption which is not supported.
+SSL_ERROR_NO_CYPHER_OVERLAP=Cannot communicate securely with peer: no common encryption algorithm(s).
+SSL_ERROR_NO_CERTIFICATE=Unable to find the certificate or key necessary for authentication.
+SSL_ERROR_BAD_CERTIFICATE=Unable to communicate securely with peer: peers’s certificate was rejected.
+SSL_ERROR_BAD_CLIENT=The server has encountered bad data from the client.
+SSL_ERROR_BAD_SERVER=The client has encountered bad data from the server.
+SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE=Unsupported certificate type.
+SSL_ERROR_UNSUPPORTED_VERSION=Peer using unsupported version of security protocol.
+SSL_ERROR_WRONG_CERTIFICATE=Client authentication failed: private key in key database does not match public key in certificate database.
+SSL_ERROR_BAD_CERT_DOMAIN=Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
+SSL_ERROR_POST_WARNING=Unrecognized SSL error code.
+SSL_ERROR_SSL2_DISABLED=Peer only supports SSL version 2, which is locally disabled.
+SSL_ERROR_BAD_MAC_READ=SSL received a record with an incorrect Message Authentication Code.
+SSL_ERROR_BAD_MAC_ALERT=SSL peer reports incorrect Message Authentication Code.
+SSL_ERROR_BAD_CERT_ALERT=SSL peer cannot verify your certificate.
+SSL_ERROR_REVOKED_CERT_ALERT=SSL peer rejected your certificate as revoked.
+SSL_ERROR_EXPIRED_CERT_ALERT=SSL peer rejected your certificate as expired.
+SSL_ERROR_SSL_DISABLED=Cannot connect: SSL is disabled.
+SSL_ERROR_FORTEZZA_PQG=Cannot connect: SSL peer is in another FORTEZZA domain.
+SSL_ERROR_UNKNOWN_CIPHER_SUITE=An unknown SSL cipher suite has been requested.
+SSL_ERROR_NO_CIPHERS_SUPPORTED=No cipher suites are present and enabled in this program.
+SSL_ERROR_BAD_BLOCK_PADDING=SSL received a record with bad block padding.
+SSL_ERROR_RX_RECORD_TOO_LONG=SSL received a record that exceeded the maximum permissible length.
+SSL_ERROR_TX_RECORD_TOO_LONG=SSL attempted to send a record that exceeded the maximum permissible length.
+SSL_ERROR_RX_MALFORMED_HELLO_REQUEST=SSL received a malformed Hello Request handshake message.
+SSL_ERROR_RX_MALFORMED_CLIENT_HELLO=SSL received a malformed Client Hello handshake message.
+SSL_ERROR_RX_MALFORMED_SERVER_HELLO=SSL received a malformed Server Hello handshake message.
+SSL_ERROR_RX_MALFORMED_CERTIFICATE=SSL received a malformed Certificate handshake message.
+SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH=SSL received a malformed Server Key Exchange handshake message.
+SSL_ERROR_RX_MALFORMED_CERT_REQUEST=SSL received a malformed Certificate Request handshake message.
+SSL_ERROR_RX_MALFORMED_HELLO_DONE=SSL received a malformed Server Hello Done handshake message.
+SSL_ERROR_RX_MALFORMED_CERT_VERIFY=SSL received a malformed Certificate Verify handshake message.
+SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH=SSL received a malformed Client Key Exchange handshake message.
+SSL_ERROR_RX_MALFORMED_FINISHED=SSL received a malformed Finished handshake message.
+SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER=SSL received a malformed Change Cipher Spec record.
+SSL_ERROR_RX_MALFORMED_ALERT=SSL received a malformed Alert record.
+SSL_ERROR_RX_MALFORMED_HANDSHAKE=SSL received a malformed Handshake record.
+SSL_ERROR_RX_MALFORMED_APPLICATION_DATA=SSL received a malformed Application Data record.
+SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST=SSL received an unexpected Hello Request handshake message.
+SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO=SSL received an unexpected Client Hello handshake message.
+SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO=SSL received an unexpected Server Hello handshake message.
+SSL_ERROR_RX_UNEXPECTED_CERTIFICATE=SSL received an unexpected Certificate handshake message.
+SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH=SSL received an unexpected Server Key Exchange handshake message.
+SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST=SSL received an unexpected Certificate Request handshake message.
+SSL_ERROR_RX_UNEXPECTED_HELLO_DONE=SSL received an unexpected Server Hello Done handshake message.
+SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY=SSL received an unexpected Certificate Verify handshake message.
+SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH=SSL received an unexpected Client Key Exchange handshake message.
+SSL_ERROR_RX_UNEXPECTED_FINISHED=SSL received an unexpected Finished handshake message.
+SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER=SSL received an unexpected Change Cipher Spec record.
+SSL_ERROR_RX_UNEXPECTED_ALERT=SSL received an unexpected Alert record.
+SSL_ERROR_RX_UNEXPECTED_HANDSHAKE=SSL received an unexpected Handshake record.
+SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA=SSL received an unexpected Application Data record.
+SSL_ERROR_RX_UNKNOWN_RECORD_TYPE=SSL received a record with an unknown content type.
+SSL_ERROR_RX_UNKNOWN_HANDSHAKE=SSL received a handshake message with an unknown message type.
+SSL_ERROR_RX_UNKNOWN_ALERT=SSL received an alert record with an unknown alert description.
+SSL_ERROR_CLOSE_NOTIFY_ALERT=SSL peer has closed this connection.
+SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT=SSL peer was not expecting a handshake message it received.
+SSL_ERROR_DECOMPRESSION_FAILURE_ALERT=SSL peer was unable to successfully decompress an SSL record it received.
+SSL_ERROR_HANDSHAKE_FAILURE_ALERT=SSL peer was unable to negotiate an acceptable set of security parameters.
+SSL_ERROR_ILLEGAL_PARAMETER_ALERT=SSL peer rejected a handshake message for unacceptable content.
+SSL_ERROR_UNSUPPORTED_CERT_ALERT=SSL peer does not support certificates of the type it received.
+SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT=SSL peer had some unspecified issue with the certificate it received.
+SSL_ERROR_GENERATE_RANDOM_FAILURE=SSL experienced a failure of its random number generator.
+SSL_ERROR_SIGN_HASHES_FAILURE=Unable to digitally sign data required to verify your certificate.
+SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE=SSL was unable to extract the public key from the peer’s certificate.
+SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE=Unspecified failure while processing SSL Server Key Exchange handshake.
+SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE=Unspecified failure while processing SSL Client Key Exchange handshake.
+SSL_ERROR_ENCRYPTION_FAILURE=Bulk data encryption algorithm failed in selected cipher suite.
+SSL_ERROR_DECRYPTION_FAILURE=Bulk data decryption algorithm failed in selected cipher suite.
+SSL_ERROR_SOCKET_WRITE_FAILURE=Attempt to write encrypted data to underlying socket failed.
+SSL_ERROR_MD5_DIGEST_FAILURE=MD5 digest function failed.
+SSL_ERROR_SHA_DIGEST_FAILURE=SHA-1 digest function failed.
+SSL_ERROR_MAC_COMPUTATION_FAILURE=MAC computation failed.
+SSL_ERROR_SYM_KEY_CONTEXT_FAILURE=Failure to create Symmetric Key context.
+SSL_ERROR_SYM_KEY_UNWRAP_FAILURE=Failure to unwrap the Symmetric key in Client Key Exchange message.
+SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED=SSL Server attempted to use domestic-grade public key with export cipher suite.
+SSL_ERROR_IV_PARAM_FAILURE=PKCS11 code failed to translate an IV into a param.
+SSL_ERROR_INIT_CIPHER_SUITE_FAILURE=Failed to initialize the selected cipher suite.
+SSL_ERROR_SESSION_KEY_GEN_FAILURE=Client failed to generate session keys for SSL session.
+SSL_ERROR_NO_SERVER_KEY_FOR_ALG=Server has no key for the attempted key exchange algorithm.
+SSL_ERROR_TOKEN_INSERTION_REMOVAL=PKCS#11 token was inserted or removed while operation was in progress.
+SSL_ERROR_TOKEN_SLOT_NOT_FOUND=No PKCS#11 token could be found to do a required operation.
+SSL_ERROR_NO_COMPRESSION_OVERLAP=Cannot communicate securely with peer: no common compression algorithm(s).
+SSL_ERROR_HANDSHAKE_NOT_COMPLETED=Cannot initiate another SSL handshake until current handshake is complete.
+SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE=Received incorrect handshakes hash values from peer.
+SSL_ERROR_CERT_KEA_MISMATCH=The certificate provided cannot be used with the selected key exchange algorithm.
+SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA=No certificate authority is trusted for SSL client authentication.
+SSL_ERROR_SESSION_NOT_FOUND=Client’s SSL session ID not found in server’s session cache.
+SSL_ERROR_DECRYPTION_FAILED_ALERT=Peer was unable to decrypt an SSL record it received.
+SSL_ERROR_RECORD_OVERFLOW_ALERT=Peer received an SSL record that was longer than is permitted.
+SSL_ERROR_UNKNOWN_CA_ALERT=Peer does not recognize and trust the CA that issued your certificate.
+SSL_ERROR_ACCESS_DENIED_ALERT=Peer received a valid certificate, but access was denied.
+SSL_ERROR_DECODE_ERROR_ALERT=Peer could not decode an SSL handshake message.
+SSL_ERROR_DECRYPT_ERROR_ALERT=Peer reports failure of signature verification or key exchange.
+SSL_ERROR_EXPORT_RESTRICTION_ALERT=Peer reports negotiation not in compliance with export regulations.
+SSL_ERROR_PROTOCOL_VERSION_ALERT=Peer reports incompatible or unsupported protocol version.
+SSL_ERROR_INSUFFICIENT_SECURITY_ALERT=Server requires ciphers more secure than those supported by client.
+SSL_ERROR_INTERNAL_ERROR_ALERT=Peer reports it experienced an internal error.
+SSL_ERROR_USER_CANCELED_ALERT=Peer user canceled handshake.
+SSL_ERROR_NO_RENEGOTIATION_ALERT=Peer does not permit renegotiation of SSL security parameters.
+SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED=SSL server cache not configured and not disabled for this socket.
+SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT=SSL peer does not support requested TLS hello extension.
+SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT=SSL peer could not obtain your certificate from the supplied URL.
+SSL_ERROR_UNRECOGNIZED_NAME_ALERT=SSL peer has no certificate for the requested DNS name.
+SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT=SSL peer was unable to get an OCSP response for its certificate.
+SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT=SSL peer reported bad certificate hash value.
+SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET=SSL received an unexpected New Session Ticket handshake message.
+SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET=SSL received a malformed New Session Ticket handshake message.
+SSL_ERROR_DECOMPRESSION_FAILURE=SSL received a compressed record that could not be decompressed.
+SSL_ERROR_RENEGOTIATION_NOT_ALLOWED=Renegotiation is not allowed on this SSL socket.
+SSL_ERROR_UNSAFE_NEGOTIATION=Peer attempted old style (potentially vulnerable) handshake.
+SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD=SSL received an unexpected uncompressed record.
+SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY=SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
+SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID=SSL received invalid NPN extension data.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2=SSL feature not supported for SSL 2.0 connections.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS=SSL feature not supported for servers.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS=SSL feature not supported for clients.
+SSL_ERROR_INVALID_VERSION_RANGE=SSL version range is not valid.
+SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION=SSL peer selected a cipher suite disallowed for the selected protocol version.
+SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST=SSL received a malformed Hello Verify Request handshake message.
+SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST=SSL received an unexpected Hello Verify Request handshake message.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION=SSL feature not supported for the protocol version.
+SSL_ERROR_RX_UNEXPECTED_CERT_STATUS=SSL received an unexpected Certificate Status handshake message.
+SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM=Unsupported hash algorithm used by TLS peer.
+SSL_ERROR_DIGEST_FAILURE=Digest function failed.
+SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM=Incorrect signature algorithm specified in a digitally-signed element.
+SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK=The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.
+SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL=The server supports no protocols that the client advertises in the ALPN extension.
+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT=The server rejected the handshake because the client downgraded to a lower TLS version than the server supports.
+SSL_ERROR_WEAK_SERVER_CERT_KEY=The server certificate included a public key that was too weak.
+SSL_ERROR_RX_SHORT_DTLS_READ=Not enough room in buffer for DTLS record.
+SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM=No supported TLS signature algorithm was configured.
+SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM=The peer used an unsupported combination of signature and hash algorithm.
+SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET=The peer tried to resume without a correct extended_master_secret extension.
+SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET=The peer tried to resume with an unexpected extended_master_secret extension.
+SEC_ERROR_IO=An I/O error occurred during security authorization.
+SEC_ERROR_LIBRARY_FAILURE=security library failure.
+SEC_ERROR_BAD_DATA=security library: received bad data.
+SEC_ERROR_OUTPUT_LEN=security library: output length error.
+SEC_ERROR_INPUT_LEN=security library has experienced an input length error.
+SEC_ERROR_INVALID_ARGS=security library: invalid arguments.
+SEC_ERROR_INVALID_ALGORITHM=security library: invalid algorithm.
+SEC_ERROR_INVALID_AVA=security library: invalid AVA.
+SEC_ERROR_INVALID_TIME=Improperly formatted time string.
+SEC_ERROR_BAD_DER=security library: improperly formatted DER-encoded message.
+SEC_ERROR_BAD_SIGNATURE=Peer’s certificate has an invalid signature.
+SEC_ERROR_EXPIRED_CERTIFICATE=Peer’s Certificate has expired.
+SEC_ERROR_REVOKED_CERTIFICATE=Peer’s Certificate has been revoked.
+SEC_ERROR_UNKNOWN_ISSUER=Peer’s Certificate issuer is not recognized.
+SEC_ERROR_BAD_KEY=Peer’s public key is invalid.
+SEC_ERROR_BAD_PASSWORD=The security password entered is incorrect.
+SEC_ERROR_RETRY_PASSWORD=New password entered incorrectly. Please try again.
+SEC_ERROR_NO_NODELOCK=security library: no nodelock.
+SEC_ERROR_BAD_DATABASE=security library: bad database.
+SEC_ERROR_NO_MEMORY=security library: memory allocation failure.
+SEC_ERROR_UNTRUSTED_ISSUER=Peer’s certificate issuer has been marked as not trusted by the user.
+SEC_ERROR_UNTRUSTED_CERT=Peer’s certificate has been marked as not trusted by the user.
+SEC_ERROR_DUPLICATE_CERT=Certificate already exists in your database.
+SEC_ERROR_DUPLICATE_CERT_NAME=Downloaded certificate’s name duplicates one already in your database.
+SEC_ERROR_ADDING_CERT=Error adding certificate to database.
+SEC_ERROR_FILING_KEY=Error refiling the key for this certificate.
+SEC_ERROR_NO_KEY=The private key for this certificate cannot be found in key database
+SEC_ERROR_CERT_VALID=This certificate is valid.
+SEC_ERROR_CERT_NOT_VALID=This certificate is not valid.
+SEC_ERROR_CERT_NO_RESPONSE=Cert Library: No Response
+SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE=The certificate issuer’s certificate has expired. Check your system date and time.
+SEC_ERROR_CRL_EXPIRED=The CRL for the certificate’s issuer has expired. Update it or check your system date and time.
+SEC_ERROR_CRL_BAD_SIGNATURE=The CRL for the certificate’s issuer has an invalid signature.
+SEC_ERROR_CRL_INVALID=New CRL has an invalid format.
+SEC_ERROR_EXTENSION_VALUE_INVALID=Certificate extension value is invalid.
+SEC_ERROR_EXTENSION_NOT_FOUND=Certificate extension not found.
+SEC_ERROR_CA_CERT_INVALID=Issuer certificate is invalid.
+SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID=Certificate path length constraint is invalid.
+SEC_ERROR_CERT_USAGES_INVALID=Certificate usages field is invalid.
+SEC_INTERNAL_ONLY=**Internal ONLY module**
+SEC_ERROR_INVALID_KEY=The key does not support the requested operation.
+SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION=Certificate contains unknown critical extension.
+SEC_ERROR_OLD_CRL=New CRL is not later than the current one.
+SEC_ERROR_NO_EMAIL_CERT=Not encrypted or signed: you do not yet have an email certificate.
+SEC_ERROR_NO_RECIPIENT_CERTS_QUERY=Not encrypted: you do not have certificates for each of the recipients.
+SEC_ERROR_NOT_A_RECIPIENT=Cannot decrypt: you are not a recipient, or matching certificate and private key not found.
+SEC_ERROR_PKCS7_KEYALG_MISMATCH=Cannot decrypt: key encryption algorithm does not match your certificate.
+SEC_ERROR_PKCS7_BAD_SIGNATURE=Signature verification failed: no signer found, too many signers found, or improper or corrupted data.
+SEC_ERROR_UNSUPPORTED_KEYALG=Unsupported or unknown key algorithm.
+SEC_ERROR_DECRYPTION_DISALLOWED=Cannot decrypt: encrypted using a disallowed algorithm or key size.
+XP_SEC_FORTEZZA_BAD_CARD=Fortezza card has not been properly initialized. Please remove it and return it to your issuer.
+XP_SEC_FORTEZZA_NO_CARD=No Fortezza cards Found
+XP_SEC_FORTEZZA_NONE_SELECTED=No Fortezza card selected
+XP_SEC_FORTEZZA_MORE_INFO=Please select a personality to get more info on
+XP_SEC_FORTEZZA_PERSON_NOT_FOUND=Personality not found
+XP_SEC_FORTEZZA_NO_MORE_INFO=No more information on that Personality
+XP_SEC_FORTEZZA_BAD_PIN=Invalid Pin
+XP_SEC_FORTEZZA_PERSON_ERROR=Couldn’t initialize Fortezza personalities.
+SEC_ERROR_NO_KRL=No KRL for this site’s certificate has been found.
+SEC_ERROR_KRL_EXPIRED=The KRL for this site’s certificate has expired.
+SEC_ERROR_KRL_BAD_SIGNATURE=The KRL for this site’s certificate has an invalid signature.
+SEC_ERROR_REVOKED_KEY=The key for this site’s certificate has been revoked.
+SEC_ERROR_KRL_INVALID=New KRL has an invalid format.
+SEC_ERROR_NEED_RANDOM=security library: need random data.
+SEC_ERROR_NO_MODULE=security library: no security module can perform the requested operation.
+SEC_ERROR_NO_TOKEN=The security card or token does not exist, needs to be initialized, or has been removed.
+SEC_ERROR_READ_ONLY=security library: read-only database.
+SEC_ERROR_NO_SLOT_SELECTED=No slot or token was selected.
+SEC_ERROR_CERT_NICKNAME_COLLISION=A certificate with the same nickname already exists.
+SEC_ERROR_KEY_NICKNAME_COLLISION=A key with the same nickname already exists.
+SEC_ERROR_SAFE_NOT_CREATED=error while creating safe object
+SEC_ERROR_BAGGAGE_NOT_CREATED=error while creating baggage object
+XP_JAVA_REMOVE_PRINCIPAL_ERROR=Couldn’t remove the principal
+XP_JAVA_DELETE_PRIVILEGE_ERROR=Couldn’t delete the privilege
+XP_JAVA_CERT_NOT_EXISTS_ERROR=This principal doesn’t have a certificate
+SEC_ERROR_BAD_EXPORT_ALGORITHM=Required algorithm is not allowed.
+SEC_ERROR_EXPORTING_CERTIFICATES=Error attempting to export certificates.
+SEC_ERROR_IMPORTING_CERTIFICATES=Error attempting to import certificates.
+SEC_ERROR_PKCS12_DECODING_PFX=Unable to import. Decoding error. File not valid.
+SEC_ERROR_PKCS12_INVALID_MAC=Unable to import. Invalid MAC. Incorrect password or corrupt file.
+SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM=Unable to import. MAC algorithm not supported.
+SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE=Unable to import. Only password integrity and privacy modes supported.
+SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE=Unable to import. File structure is corrupt.
+SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM=Unable to import. Encryption algorithm not supported.
+SEC_ERROR_PKCS12_UNSUPPORTED_VERSION=Unable to import. File version not supported.
+SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT=Unable to import. Incorrect privacy password.
+SEC_ERROR_PKCS12_CERT_COLLISION=Unable to import. Same nickname already exists in database.
+SEC_ERROR_USER_CANCELLED=The user pressed cancel.
+SEC_ERROR_PKCS12_DUPLICATE_DATA=Not imported, already in database.
+SEC_ERROR_MESSAGE_SEND_ABORTED=Message not sent.
+SEC_ERROR_INADEQUATE_KEY_USAGE=Certificate key usage inadequate for attempted operation.
+SEC_ERROR_INADEQUATE_CERT_TYPE=Certificate type not approved for application.
+SEC_ERROR_CERT_ADDR_MISMATCH=Address in signing certificate does not match address in message headers.
+SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY=Unable to import. Error attempting to import private key.
+SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN=Unable to import. Error attempting to import certificate chain.
+SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME=Unable to export. Unable to locate certificate or key by nickname.
+SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY=Unable to export. Private Key could not be located and exported.
+SEC_ERROR_PKCS12_UNABLE_TO_WRITE=Unable to export. Unable to write the export file.
+SEC_ERROR_PKCS12_UNABLE_TO_READ=Unable to import. Unable to read the import file.
+SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED=Unable to export. Key database corrupt or deleted.
+SEC_ERROR_KEYGEN_FAIL=Unable to generate public/private key pair.
+SEC_ERROR_INVALID_PASSWORD=Password entered is invalid. Please pick a different one.
+SEC_ERROR_RETRY_OLD_PASSWORD=Old password entered incorrectly. Please try again.
+SEC_ERROR_BAD_NICKNAME=Certificate nickname already in use.
+SEC_ERROR_NOT_FORTEZZA_ISSUER=Peer FORTEZZA chain has a non-FORTEZZA Certificate.
+SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY=A sensitive key cannot be moved to the slot where it is needed.
+SEC_ERROR_JS_INVALID_MODULE_NAME=Invalid module name.
+SEC_ERROR_JS_INVALID_DLL=Invalid module path/filename
+SEC_ERROR_JS_ADD_MOD_FAILURE=Unable to add module
+SEC_ERROR_JS_DEL_MOD_FAILURE=Unable to delete module
+SEC_ERROR_OLD_KRL=New KRL is not later than the current one.
+SEC_ERROR_CKL_CONFLICT=New CKL has different issuer than current CKL. Delete current CKL.
+SEC_ERROR_CERT_NOT_IN_NAME_SPACE=The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
+SEC_ERROR_KRL_NOT_YET_VALID=The key revocation list for this certificate is not yet valid.
+SEC_ERROR_CRL_NOT_YET_VALID=The certificate revocation list for this certificate is not yet valid.
+SEC_ERROR_UNKNOWN_CERT=The requested certificate could not be found.
+SEC_ERROR_UNKNOWN_SIGNER=The signer’s certificate could not be found.
+SEC_ERROR_CERT_BAD_ACCESS_LOCATION=The location for the certificate status server has invalid format.
+SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE=The OCSP response cannot be fully decoded; it is of an unknown type.
+SEC_ERROR_OCSP_BAD_HTTP_RESPONSE=The OCSP server returned unexpected/invalid HTTP data.
+SEC_ERROR_OCSP_MALFORMED_REQUEST=The OCSP server found the request to be corrupted or improperly formed.
+SEC_ERROR_OCSP_SERVER_ERROR=The OCSP server experienced an internal error.
+SEC_ERROR_OCSP_TRY_SERVER_LATER=The OCSP server suggests trying again later.
+SEC_ERROR_OCSP_REQUEST_NEEDS_SIG=The OCSP server requires a signature on this request.
+SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST=The OCSP server has refused this request as unauthorized.
+SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS=The OCSP server returned an unrecognizable status.
+SEC_ERROR_OCSP_UNKNOWN_CERT=The OCSP server has no status for the certificate.
+SEC_ERROR_OCSP_NOT_ENABLED=You must enable OCSP before performing this operation.
+SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER=You must set the OCSP default responder before performing this operation.
+SEC_ERROR_OCSP_MALFORMED_RESPONSE=The response from the OCSP server was corrupted or improperly formed.
+SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE=The signer of the OCSP response is not authorized to give status for this certificate.
+SEC_ERROR_OCSP_FUTURE_RESPONSE=The OCSP response is not yet valid (contains a date in the future).
+SEC_ERROR_OCSP_OLD_RESPONSE=The OCSP response contains out-of-date information.
+SEC_ERROR_DIGEST_NOT_FOUND=The CMS or PKCS #7 Digest was not found in signed message.
+SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE=The CMS or PKCS #7 Message type is unsupported.
+SEC_ERROR_MODULE_STUCK=PKCS #11 module could not be removed because it is still in use.
+SEC_ERROR_BAD_TEMPLATE=Could not decode ASN.1 data. Specified template was invalid.
+SEC_ERROR_CRL_NOT_FOUND=No matching CRL was found.
+SEC_ERROR_REUSED_ISSUER_AND_SERIAL=You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
+SEC_ERROR_BUSY=NSS could not shutdown. Objects are still in use.
+SEC_ERROR_EXTRA_INPUT=DER-encoded message contained extra unused data.
+SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE=Unsupported elliptic curve.
+SEC_ERROR_UNSUPPORTED_EC_POINT_FORM=Unsupported elliptic curve point form.
+SEC_ERROR_UNRECOGNIZED_OID=Unrecognized Object Identifier.
+SEC_ERROR_OCSP_INVALID_SIGNING_CERT=Invalid OCSP signing certificate in OCSP response.
+SEC_ERROR_REVOKED_CERTIFICATE_CRL=Certificate is revoked in issuer’s certificate revocation list.
+SEC_ERROR_REVOKED_CERTIFICATE_OCSP=Issuer’s OCSP responder reports certificate is revoked.
+SEC_ERROR_CRL_INVALID_VERSION=Issuer’s Certificate Revocation List has an unknown version number.
+SEC_ERROR_CRL_V1_CRITICAL_EXTENSION=Issuer’s V1 Certificate Revocation List has a critical extension.
+SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION=Issuer’s V2 Certificate Revocation List has an unknown critical extension.
+SEC_ERROR_UNKNOWN_OBJECT_TYPE=Unknown object type specified.
+SEC_ERROR_INCOMPATIBLE_PKCS11=PKCS #11 driver violates the spec in an incompatible way.
+SEC_ERROR_NO_EVENT=No new slot event is available at this time.
+SEC_ERROR_CRL_ALREADY_EXISTS=CRL already exists.
+SEC_ERROR_NOT_INITIALIZED=NSS is not initialized.
+SEC_ERROR_TOKEN_NOT_LOGGED_IN=The operation failed because the PKCS#11 token is not logged in.
+SEC_ERROR_OCSP_RESPONDER_CERT_INVALID=Configured OCSP responder’s certificate is invalid.
+SEC_ERROR_OCSP_BAD_SIGNATURE=OCSP response has an invalid signature.
+SEC_ERROR_OUT_OF_SEARCH_LIMITS=Cert validation search is out of search limits
+SEC_ERROR_INVALID_POLICY_MAPPING=Policy mapping contains anypolicy
+SEC_ERROR_POLICY_VALIDATION_FAILED=Cert chain fails policy validation
+SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE=Unknown location type in cert AIA extension
+SEC_ERROR_BAD_HTTP_RESPONSE=Server returned bad HTTP response
+SEC_ERROR_BAD_LDAP_RESPONSE=Server returned bad LDAP response
+SEC_ERROR_FAILED_TO_ENCODE_DATA=Failed to encode data with ASN1 encoder
+SEC_ERROR_BAD_INFO_ACCESS_LOCATION=Bad information access location in cert extension
+SEC_ERROR_LIBPKIX_INTERNAL=Libpkix internal error occurred during cert validation.
+SEC_ERROR_PKCS11_GENERAL_ERROR=A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.
+SEC_ERROR_PKCS11_FUNCTION_FAILED=A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.
+SEC_ERROR_PKCS11_DEVICE_ERROR=A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.
+SEC_ERROR_BAD_INFO_ACCESS_METHOD=Unknown information access method in certificate extension.
+SEC_ERROR_CRL_IMPORT_FAILED=Error attempting to import a CRL.
+SEC_ERROR_EXPIRED_PASSWORD=The password expired.
+SEC_ERROR_LOCKED_PASSWORD=The password is locked.
+SEC_ERROR_UNKNOWN_PKCS11_ERROR=Unknown PKCS #11 error.
+SEC_ERROR_BAD_CRL_DP_URL=Invalid or unsupported URL in CRL distribution point name.
+SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED=The certificate was signed using a signature algorithm that is disabled because it is not secure.
+MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE=The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden.
+MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY=The server uses a certificate with a basic constraints extension identifying it as a certificate authority. For a properly-issued certificate, this should not be the case.
+MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE=The server presented a certificate with a key size that is too small to establish a secure connection.
+MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA=An X.509 version 1 certificate that is not a trust anchor was used to issue the server’s certificate. X.509 version 1 certificates are deprecated and should not be used to sign other certificates.
+MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE=The server presented a certificate that is not yet valid.
+MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE=A certificate that is not yet valid was used to issue the server’s certificate.
+MOZILLA_PKIX_ERROR_SIGNATURE_ALGORITHM_MISMATCH=The signature algorithm in the signature field of the certificate does not match the algorithm in its signatureAlgorithm field.
+MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING=The OCSP response does not include a status for the certificate being verified.
+MOZILLA_PKIX_ERROR_VALIDITY_TOO_LONG=The server presented a certificate that is valid for too long.
+MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING=A required TLS feature is missing.
+MOZILLA_PKIX_ERROR_INVALID_INTEGER_ENCODING=The server presented a certificate that contains an invalid encoding of an integer. Common causes include negative serial numbers, negative RSA moduli, and encodings that are longer than necessary.
+MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME=The server presented a certificate with an empty issuer distinguished name.
diff --git a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
new file mode 100755
index 000000000..9c732ce9d
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -0,0 +1,297 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CertPassPrompt=Please enter the master password for the %S.
+# the following strings have special requirements:
+# they must fit in a 32 or 64 byte buffer after being translated
+# to UTF8.  Note to translator. It's not easy for you to figure
+# whether the escaped unicode string you produce will fit in 
+# the space allocated.
+#
+# 64 bytes long after conversion to UTF8
+RootCertModuleName=Builtin Roots Module
+#
+# 32 bytes long after conversion to UTF8
+ManufacturerID=Mozilla.org
+#
+# 32  bytes long after conversion to UTF8
+LibraryDescription=PSM Internal Crypto Services
+#
+# 32 bytes long after conversion to UTF8
+TokenDescription=Generic Crypto Services
+#
+# 32 bytes long after conversion to UTF8
+PrivateTokenDescription=Software Security Device
+#
+# 64 bytes long after conversion to UTF8
+SlotDescription=PSM Internal Cryptographic Services
+#
+# 64 bytes long after conversion to UTF8
+PrivateSlotDescription=PSM Private Keys
+#
+# 32
+Fips140TokenDescription=Software Security Device (FIPS)
+# 64
+Fips140SlotDescription=FIPS 140 Cryptographic, Key and Certificate Services
+# 32
+InternalToken=Software Security Device
+# End of size restriction.
+VerifySSLClient=SSL Client Certificate
+VerifySSLServer=SSL Server Certificate
+VerifySSLCA=SSL Certificate Authority
+VerifyEmailSigner=Email Signer Certificate
+VerifyEmailRecip=Email Recipient Certificate
+VerifyObjSign=Object Signer
+HighGrade=High Grade
+MediumGrade=Medium Grade
+# LOCALIZATION NOTE (nick_template): $1s is the common name from a cert (e.g. "Mozilla"), $2s is the CA name (e.g. VeriSign)
+nick_template=%1$s’s %2$s ID
+#These are the strings set for the ASN1 objects in a certificate.
+CertDumpCertificate=Certificate
+CertDumpVersion=Version
+# LOCALIZATION NOTE (CertDumpVersionValue): %S is a version number (e.g. "3" in "Version 3")
+CertDumpVersionValue=Version %S
+CertDumpSerialNo=Serial Number
+CertDumpMD2WithRSA=PKCS #1 MD2 With RSA Encryption
+CertDumpMD5WithRSA=PKCS #1 MD5 With RSA Encryption
+CertDumpSHA1WithRSA=PKCS #1 SHA-1 With RSA Encryption
+CertDumpSHA256WithRSA=PKCS #1 SHA-256 With RSA Encryption
+CertDumpSHA384WithRSA=PKCS #1 SHA-384 With RSA Encryption
+CertDumpSHA512WithRSA=PKCS #1 SHA-512 With RSA Encryption
+CertDumpDefOID=Object Identifier (%S)
+CertDumpIssuer=Issuer
+CertDumpSubject=Subject
+CertDumpAVACountry=C
+CertDumpAVAState=ST
+CertDumpAVALocality=L
+CertDumpAVAOrg=O
+CertDumpAVAOU=OU
+CertDumpAVACN=CN
+CertDumpUserID=UID
+CertDumpPK9Email=E
+CertDumpAVADN=DN
+CertDumpAVADC=DC
+CertDumpSurname=Surname
+CertDumpGivenName=Given Name
+CertDumpValidity=Validity
+CertDumpNotBefore=Not Before
+CertDumpNotAfter=Not After
+CertDumpSPKI=Subject Public Key Info
+CertDumpSPKIAlg=Subject Public Key Algorithm
+CertDumpAlgID=Algorithm Identifier
+CertDumpParams=Algorithm Parameters
+CertDumpRSAEncr=PKCS #1 RSA Encryption
+CertDumpRSAPSSSignature=PKCS #1 RSASSA-PSS Signature
+CertDumpRSATemplate=Modulus (%S bits):\n%S\nExponent (%S bits):\n%S
+CertDumpECTemplate=Key size: %S bits\nBase point order length: %S bits\nPublic value:\n%S
+CertDumpIssuerUniqueID=Issuer Unique ID
+CertDumpSubjPubKey=Subject’s Public Key
+CertDumpSubjectUniqueID=Subject Unique ID
+CertDumpExtensions=Extensions
+CertDumpSubjectDirectoryAttr=Certificate Subject Directory Attributes
+CertDumpSubjectKeyID=Certificate Subject Key ID
+CertDumpKeyUsage=Certificate Key Usage
+CertDumpSubjectAltName=Certificate Subject Alt Name
+CertDumpIssuerAltName=Certificate Issuer Alt Name
+CertDumpBasicConstraints=Certificate Basic Constraints
+CertDumpNameConstraints=Certificate Name Constraints
+CertDumpCrlDistPoints=CRL Distribution Points
+CertDumpCertPolicies=Certificate Policies
+CertDumpPolicyMappings=Certificate Policy Mappings
+CertDumpPolicyConstraints=Certificate Policy Constraints
+CertDumpAuthKeyID=Certificate Authority Key Identifier
+CertDumpExtKeyUsage=Extended Key Usage
+CertDumpAuthInfoAccess=Authority Information Access
+CertDumpAnsiX9DsaSignature=ANSI X9.57 DSA Signature
+CertDumpAnsiX9DsaSignatureWithSha1=ANSI X9.57 DSA Signature with SHA1 Digest
+CertDumpAnsiX962ECDsaSignatureWithSha1=ANSI X9.62 ECDSA Signature with SHA1
+CertDumpAnsiX962ECDsaSignatureWithSha224=ANSI X9.62 ECDSA Signature with SHA224
+CertDumpAnsiX962ECDsaSignatureWithSha256=ANSI X9.62 ECDSA Signature with SHA256
+CertDumpAnsiX962ECDsaSignatureWithSha384=ANSI X9.62 ECDSA Signature with SHA384
+CertDumpAnsiX962ECDsaSignatureWithSha512=ANSI X9.62 ECDSA Signature with SHA512
+CertDumpKUSign=Signing
+CertDumpKUNonRep=Non-repudiation
+CertDumpKUEnc=Key Encipherment
+CertDumpKUDEnc=Data Encipherment
+CertDumpKUKA=Key Agreement
+CertDumpKUCertSign=Certificate Signer
+CertDumpKUCRLSigner=CRL Signer
+CertDumpCritical=Critical
+CertDumpNonCritical=Not Critical
+CertDumpSigAlg=Certificate Signature Algorithm
+CertDumpCertSig=Certificate Signature Value
+CertDumpExtensionFailure=Error: Unable to process extension
+CertDumpIsCA=Is a Certificate Authority
+CertDumpIsNotCA=Is not a Certificate Authority
+CertDumpPathLen=Maximum number of intermediate CAs: %S
+CertDumpPathLenUnlimited=unlimited
+CertDumpEKU_1_3_6_1_5_5_7_3_1=TLS Web Server Authentication
+CertDumpEKU_1_3_6_1_5_5_7_3_2=TLS Web Client Authentication
+CertDumpEKU_1_3_6_1_5_5_7_3_3=Code Signing
+CertDumpEKU_1_3_6_1_5_5_7_3_4=E-mail protection
+CertDumpEKU_1_3_6_1_5_5_7_3_8=Time Stamping
+CertDumpEKU_1_3_6_1_5_5_7_3_9=OCSP Signing
+CertDumpEKU_1_3_6_1_4_1_311_2_1_21=Microsoft Individual Code Signing
+CertDumpEKU_1_3_6_1_4_1_311_2_1_22=Microsoft Commercial Code Signing
+CertDumpEKU_1_3_6_1_4_1_311_10_3_1=Microsoft Trust List Signing
+CertDumpEKU_1_3_6_1_4_1_311_10_3_2=Microsoft Time Stamping
+CertDumpEKU_1_3_6_1_4_1_311_10_3_3=Microsoft Server Gated Crypto
+CertDumpEKU_1_3_6_1_4_1_311_10_3_4=Microsoft Encrypting File System
+CertDumpEKU_1_3_6_1_4_1_311_10_3_4_1=Microsoft File Recovery
+CertDumpEKU_1_3_6_1_4_1_311_10_3_5=Microsoft Windows Hardware Driver Verification
+CertDumpEKU_1_3_6_1_4_1_311_10_3_10=Microsoft Qualified Subordination
+CertDumpEKU_1_3_6_1_4_1_311_10_3_11=Microsoft Key Recovery
+CertDumpEKU_1_3_6_1_4_1_311_10_3_12=Microsoft Document Signing
+CertDumpEKU_1_3_6_1_4_1_311_10_3_13=Microsoft Lifetime Signing
+CertDumpEKU_1_3_6_1_4_1_311_20_2_2=Microsoft Smart Card Logon
+CertDumpEKU_1_3_6_1_4_1_311_21_6=Microsoft Key Recovery Agent
+CertDumpMSCerttype=Microsoft Certificate Template Name
+CertDumpMSNTPrincipal=Microsoft Principal Name
+CertDumpMSCAVersion=Microsoft CA Version
+CertDumpMSDomainGUID=Microsoft Domain GUID
+CertDumpEKU_2_16_840_1_113730_4_1=Netscape Server Gated Crypto
+CertDumpRFC822Name=E-Mail Address
+CertDumpDNSName=DNS Name
+CertDumpX400Address=X.400 Address
+CertDumpDirectoryName=X.500 Name
+CertDumpEDIPartyName=EDI Party Name
+CertDumpURI=URI
+CertDumpIPAddress=IP Address
+CertDumpRegisterID=Registered OID
+CertDumpKeyID=Key ID
+CertDumpVerisignNotices=Verisign User Notices
+CertDumpUnused=Unused
+CertDumpKeyCompromise=Key Compromise
+CertDumpCACompromise=CA Compromise
+CertDumpAffiliationChanged=Affiliation Changed
+CertDumpSuperseded=Superseded
+CertDumpCessation=Cessation of Operation
+CertDumpHold=Certificate Hold
+CertDumpOCSPResponder=OCSP
+CertDumpCAIssuers=CA Issuers
+CertDumpCPSPointer=Certification Practice Statement pointer
+CertDumpUserNotice=User Notice
+CertDumpLogotype=Logotype
+CertDumpECPublicKey=Elliptic Curve Public Key
+CertDumpECDSAWithSHA1=X9.62 ECDSA Signature with SHA1
+CertDumpECprime192v1=ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)
+CertDumpECprime192v2=ANSI X9.62 elliptic curve prime192v2
+CertDumpECprime192v3=ANSI X9.62 elliptic curve prime192v3
+CertDumpECprime239v1=ANSI X9.62 elliptic curve prime239v1
+CertDumpECprime239v2=ANSI X9.62 elliptic curve prime239v2
+CertDumpECprime239v3=ANSI X9.62 elliptic curve prime239v3
+CertDumpECprime256v1=ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)
+CertDumpECsecp112r1=SECG elliptic curve secp112r1
+CertDumpECsecp112r2=SECG elliptic curve secp112r2
+CertDumpECsecp128r1=SECG elliptic curve secp128r1
+CertDumpECsecp128r2=SECG elliptic curve secp128r2
+CertDumpECsecp160k1=SECG elliptic curve secp160k1
+CertDumpECsecp160r1=SECG elliptic curve secp160r1
+CertDumpECsecp160r2=SECG elliptic curve secp160r2
+CertDumpECsecp192k1=SECG elliptic curve secp192k1
+CertDumpECsecp224k1=SECG elliptic curve secp224k1
+CertDumpECsecp224r1=SECG elliptic curve secp224r1 (aka NIST P-224)
+CertDumpECsecp256k1=SECG elliptic curve secp256k1
+CertDumpECsecp384r1=SECG elliptic curve secp384r1 (aka NIST P-384)
+CertDumpECsecp521r1=SECG elliptic curve secp521r1 (aka NIST P-521)
+CertDumpECc2pnb163v1=ANSI X9.62 elliptic curve c2pnb163v1
+CertDumpECc2pnb163v2=ANSI X9.62 elliptic curve c2pnb163v2
+CertDumpECc2pnb163v3=ANSI X9.62 elliptic curve c2pnb163v3
+CertDumpECc2pnb176v1=ANSI X9.62 elliptic curve c2pnb176v1
+CertDumpECc2tnb191v1=ANSI X9.62 elliptic curve c2tnb191v1
+CertDumpECc2tnb191v2=ANSI X9.62 elliptic curve c2tnb191v2
+CertDumpECc2tnb191v3=ANSI X9.62 elliptic curve c2tnb191v3
+CertDumpECc2onb191v4=ANSI X9.62 elliptic curve c2onb191v4
+CertDumpECc2onb191v5=ANSI X9.62 elliptic curve c2onb191v5
+CertDumpECc2pnb208w1=ANSI X9.62 elliptic curve c2pnb208w1
+CertDumpECc2tnb239v1=ANSI X9.62 elliptic curve c2tnb239v1
+CertDumpECc2tnb239v2=ANSI X9.62 elliptic curve c2tnb239v2
+CertDumpECc2tnb239v3=ANSI X9.62 elliptic curve c2tnb239v3
+CertDumpECc2onb239v4=ANSI X9.62 elliptic curve c2onb239v4
+CertDumpECc2onb239v5=ANSI X9.62 elliptic curve c2onb239v5
+CertDumpECc2pnb272w1=ANSI X9.62 elliptic curve c2pnb272w1
+CertDumpECc2pnb304w1=ANSI X9.62 elliptic curve c2pnb304w1
+CertDumpECc2tnb359v1=ANSI X9.62 elliptic curve c2tnb359v1
+CertDumpECc2pnb368w1=ANSI X9.62 elliptic curve c2pnb368w1
+CertDumpECc2tnb431r1=ANSI X9.62 elliptic curve c2tnb431r1
+CertDumpECsect113r1=SECG elliptic curve sect113r1
+CertDumpECsect113r2=SECG elliptic curve sect113r2
+CertDumpECsect131r1=SECG elliptic curve sect131r1
+CertDumpECsect131r2=SECG elliptic curve sect131r2
+CertDumpECsect163k1=SECG elliptic curve sect163k1 (aka NIST K-163)
+CertDumpECsect163r1=SECG elliptic curve sect163r1
+CertDumpECsect163r2=SECG elliptic curve sect163r2 (aka NIST B-163)
+CertDumpECsect193r1=SECG elliptic curve sect193r1
+CertDumpECsect193r2=SECG elliptic curve sect193r2
+CertDumpECsect233k1=SECG elliptic curve sect233k1 (aka NIST K-233)
+CertDumpECsect233r1=SECG elliptic curve sect233r1 (aka NIST B-233)
+CertDumpECsect239k1=SECG elliptic curve sect239k1
+CertDumpECsect283k1=SECG elliptic curve sect283k1 (aka NIST K-283)
+CertDumpECsect283r1=SECG elliptic curve sect283r1 (aka NIST B-283)
+CertDumpECsect409k1=SECG elliptic curve sect409k1 (aka NIST K-409)
+CertDumpECsect409r1=SECG elliptic curve sect409r1 (aka NIST B-409)
+CertDumpECsect571k1=SECG elliptic curve sect571k1 (aka NIST K-571)
+CertDumpECsect571r1=SECG elliptic curve sect571r1 (aka NIST B-571)
+CertDumpRawBytesHeader=Size: %S Bytes / %S Bits
+PK11BadPassword=The password entered was incorrect.
+SuccessfulP12Backup=Successfully backed up your security certificate(s) and private key(s).
+SuccessfulP12Restore=Successfully restored your security certificate(s) and private key(s).
+PKCS12DecodeErr=Failed to decode the file.  Either it is not in PKCS #12 format, has been corrupted, or the password you entered was incorrect.
+PKCS12UnknownErrRestore=Failed to restore the PKCS #12 file for unknown reasons.
+PKCS12UnknownErrBackup=Failed to create the PKCS #12 backup file for unknown reasons.
+PKCS12UnknownErr=The PKCS #12 operation failed for unknown reasons.
+PKCS12InfoNoSmartcardBackup=It is not possible to back up certificates from a hardware security device such as a smart card.
+PKCS12DupData=The certificate and private key already exist on the security device.
+AddModuleFailure=Unable to add module
+AddModuleDup=Security Module already exists
+DelModuleWarning=Are you sure you want to delete this security module?
+DelModuleError=Unable to delete module
+AVATemplate=%S = %S
+
+PSMERR_SSL_Disabled=Can’t connect securely because the SSL protocol has been disabled.
+PSMERR_SSL2_Disabled=Can’t connect securely because the site uses an older, insecure version of the SSL protocol.
+PSMERR_HostReusedIssuerSerial=You have received an invalid certificate.  Please contact the server administrator or email correspondent and give them the following information:\n\nYour certificate contains the same serial number as another certificate issued by the certificate authority.  Please get a new certificate containing a unique serial number.
+
+SSLConnectionErrorPrefix=An error occurred during a connection to %S.
+
+certErrorIntro=%S uses an invalid security certificate.
+
+certErrorTrust_SelfSigned=The certificate is not trusted because it is self-signed.
+certErrorTrust_UnknownIssuer=The certificate is not trusted because the issuer certificate is unknown.
+certErrorTrust_UnknownIssuer2=The server might not be sending the appropriate intermediate certificates.
+certErrorTrust_UnknownIssuer3=An additional root certificate may need to be imported.
+certErrorTrust_CaInvalid=The certificate is not trusted because it was issued by an invalid CA certificate.
+certErrorTrust_Issuer=The certificate is not trusted because the issuer certificate is not trusted.
+certErrorTrust_SignatureAlgorithmDisabled=The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
+certErrorTrust_ExpiredIssuer=The certificate is not trusted because the issuer certificate has expired.
+certErrorTrust_Untrusted=The certificate does not come from a trusted source.
+
+certErrorMismatch=The certificate is not valid for the name %S.
+# LOCALIZATION NOTE (certErrorMismatchSingle2): Do not translate <a id="cert_domain_link" title="%1$S">%1$S</a>
+certErrorMismatchSingle2=The certificate is only valid for <a id="cert_domain_link" title="%1$S">%1$S</a>
+certErrorMismatchSinglePlain=The certificate is only valid for %S
+certErrorMismatchMultiple=The certificate is only valid for the following names:
+
+# LOCALIZATION NOTE (certErrorExpiredNow): Do not translate %1$S (date+time of expired certificate) or %2$S (current date+time)
+certErrorExpiredNow=The certificate expired on %1$S. The current time is %2$S.
+# LOCALIZATION NOTE (certErrorNotYetValidNow): Do not translate %1$S (date+time certificate will become valid) or %2$S (current date+time)
+certErrorNotYetValidNow=The certificate will not be valid until %1$S. The current time is %2$S.
+
+# LOCALIZATION NOTE (certErrorCodePrefix2): Do not translate <a id="errorCode" title="%1$S">%1$S</a>
+certErrorCodePrefix2=Error code: <a id="errorCode" title="%1$S">%1$S</a>
+
+P12DefaultNickname=Imported Certificate
+CertUnknown=Unknown
+CertNoNickname=(no nickname)
+CertNoEmailAddress=(no email address)
+CaCertExists=This certificate is already installed as a certificate authority.
+NotACACert=This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.
+NotImportingUnverifiedCert=This certificate can’t be verified and will not be imported. The certificate issuer might be unknown or untrusted, the certificate might have expired or been revoked, or the certificate might not have been approved.
+UserCertIgnoredNoPrivateKey=This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.
+UserCertImported=Your personal certificate has been installed. You should keep a backup copy of this certificate.
+CertOrgUnknown=(Unknown)
+CertNotStored=(Not Stored)
+CertExceptionPermanent=Permanent
+CertExceptionTemporary=Temporary
diff --git a/security/manager/locales/en-US/chrome/pippki/certManager.dtd b/security/manager/locales/en-US/chrome/pippki/certManager.dtd
new file mode 100644
index 000000000..6ad47bf7e
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pippki/certManager.dtd
@@ -0,0 +1,93 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!ENTITY certmgr.title                       "Certificate Manager">
+
+<!ENTITY certmgr.tab.mine                     "Your Certificates">
+<!ENTITY certmgr.tab.others2                  "People">
+<!ENTITY certmgr.tab.websites3                "Servers">
+<!ENTITY certmgr.tab.ca                       "Authorities">
+<!ENTITY certmgr.tab.orphan2                  "Others">
+
+<!ENTITY certmgr.mine                         "You have certificates from these organizations that identify you:">
+<!ENTITY certmgr.others                       "You have certificates on file that identify these people:">
+<!ENTITY certmgr.websites2                    "You have certificates on file that identify these servers:">
+<!ENTITY certmgr.cas                          "You have certificates on file that identify these certificate authorities:">
+<!ENTITY certmgr.orphans                      "You have certificates on file that do not fit in any of the other categories:">
+
+<!ENTITY certmgr.detail.general_tab.title     "General">
+<!ENTITY certmgr.detail.general_tab.accesskey "G">
+<!ENTITY certmgr.detail.prettyprint_tab.title "Details">
+<!ENTITY certmgr.detail.prettyprint_tab.accesskey "D">
+
+<!ENTITY certmgr.pending.label                "Currently verifying certificate…">
+<!ENTITY certmgr.subjectinfo.label            "Issued To">
+<!ENTITY certmgr.issuerinfo.label             "Issued By">
+<!ENTITY certmgr.periodofvalidity.label       "Period of Validity" >
+<!ENTITY certmgr.fingerprints.label           "Fingerprints">
+<!ENTITY certmgr.certdetail.title             "Certificate Detail">
+<!ENTITY certmgr.certdetail.cn                "Common Name (CN)">
+<!ENTITY certmgr.certdetail.o                 "Organization (O)">
+<!ENTITY certmgr.certdetail.ou                "Organizational Unit (OU)">
+<!ENTITY certmgr.certdetail.serialnumber      "Serial Number">
+<!ENTITY certmgr.certdetail.sha256fingerprint "SHA-256 Fingerprint">
+<!ENTITY certmgr.certdetail.sha1fingerprint   "SHA1 Fingerprint">
+
+<!ENTITY certmgr.editcacert.title             "Edit CA certificate trust settings">
+<!ENTITY certmgr.editcert.edittrust           "Edit trust settings:">
+<!ENTITY certmgr.editcert.trustssl            "This certificate can identify websites.">
+<!ENTITY certmgr.editcert.trustemail          "This certificate can identify mail users.">
+<!ENTITY certmgr.editcert.trustobjsign        "This certificate can identify software makers.">
+
+<!ENTITY certmgr.deletecert.title             "Delete Certificate">
+
+<!ENTITY certmgr.certname                     "Certificate Name">
+<!ENTITY certmgr.certserver                   "Server">
+<!ENTITY certmgr.override_lifetime            "Lifetime">
+<!ENTITY certmgr.tokenname                    "Security Device">
+<!ENTITY certmgr.begins                       "Begins On">
+<!ENTITY certmgr.expires                      "Expires On">
+<!ENTITY certmgr.email                        "E-Mail Address">
+<!ENTITY certmgr.serial                       "Serial Number">
+
+<!ENTITY certmgr.close.label                  "Close">
+<!ENTITY certmgr.close.accesskey              "C">
+<!ENTITY certmgr.view2.label                  "View…">
+<!ENTITY certmgr.view2.accesskey              "V">
+<!ENTITY certmgr.edit3.label                  "Edit Trust…">
+<!ENTITY certmgr.edit3.accesskey              "E">
+<!ENTITY certmgr.export.label                 "Export…">
+<!ENTITY certmgr.export.accesskey             "x">
+<!ENTITY certmgr.delete2.label                "Delete…">
+<!ENTITY certmgr.delete2.accesskey            "D">
+<!ENTITY certmgr.delete_builtin.label         "Delete or Distrust…">
+<!ENTITY certmgr.delete_builtin.accesskey     "D">
+<!ENTITY certmgr.backup2.label                "Backup…">
+<!ENTITY certmgr.backup2.accesskey            "B">
+<!ENTITY certmgr.backupall2.label             "Backup All…">
+<!ENTITY certmgr.backupall2.accesskey         "k">
+<!ENTITY certmgr.restore2.label               "Import…">
+<!ENTITY certmgr.restore2.accesskey           "m">
+<!ENTITY certmgr.details.label                "Certificate Fields">
+<!ENTITY certmgr.details.accesskey            "F">
+<!ENTITY certmgr.fields.label                 "Field Value">
+<!ENTITY certmgr.fields.accesskey             "V">
+<!ENTITY certmgr.hierarchy.label              "Certificate Hierarchy">
+<!ENTITY certmgr.hierarchy.accesskey2         "H">
+<!ENTITY certmgr.addException.label           "Add Exception…">
+<!ENTITY certmgr.addException.accesskey       "x">
+
+<!ENTITY exceptionMgr.title                   "Add Security Exception">
+<!ENTITY exceptionMgr.exceptionButton.label   "Confirm Security Exception">
+<!ENTITY exceptionMgr.exceptionButton.accesskey "C">
+<!ENTITY exceptionMgr.supplementalWarning     "Legitimate banks, stores, and other public sites will not ask you to do this.">
+<!ENTITY exceptionMgr.certlocation.caption2   "Server">
+<!ENTITY exceptionMgr.certlocation.url        "Location:">
+<!ENTITY exceptionMgr.certlocation.download   "Get Certificate">
+<!ENTITY exceptionMgr.certlocation.accesskey  "G">
+<!ENTITY exceptionMgr.certstatus.caption      "Certificate Status">
+<!ENTITY exceptionMgr.certstatus.viewCert     "View…">
+<!ENTITY exceptionMgr.certstatus.accesskey    "V">
+<!ENTITY exceptionMgr.permanent.label         "Permanently store this exception">
+<!ENTITY exceptionMgr.permanent.accesskey     "P">
diff --git a/security/manager/locales/en-US/chrome/pippki/deviceManager.dtd b/security/manager/locales/en-US/chrome/pippki/deviceManager.dtd
new file mode 100644
index 000000000..d072fefe1
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pippki/deviceManager.dtd
@@ -0,0 +1,36 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!ENTITY devmgr.title                           "Device Manager">
+<!-- LOCALIZATION NOTE (devmgr.style2): This is CSS style for Device Manager
+     window size. Don't translate "width" nor "height". Adjust the numbers
+     to make window contents fit. -->
+<!ENTITY devmgr.style2                          "width: 67em; height: 32em;">
+
+<!ENTITY devmgr.devlist.label                   "Security Modules and Devices">
+<!ENTITY devmgr.details.title                   "Details">
+<!ENTITY devmgr.details.title2                  "Value">
+
+<!ENTITY devmgr.button.login.label              "Log In">
+<!ENTITY devmgr.button.login.accesskey          "n">
+<!ENTITY devmgr.button.logout.label             "Log Out">
+<!ENTITY devmgr.button.logout.accesskey         "O">
+<!ENTITY devmgr.button.changepw.label           "Change Password">
+<!ENTITY devmgr.button.changepw.accesskey       "P">
+<!ENTITY devmgr.button.load.label               "Load">
+<!ENTITY devmgr.button.load.accesskey           "L">
+<!ENTITY devmgr.button.unload.label             "Unload">
+<!ENTITY devmgr.button.unload.accesskey         "U">
+<!ENTITY devmgr.button.fips.accesskey           "F">
+
+<!ENTITY loaddevice.info                        "Enter the information for the module you want to add.">
+<!ENTITY loaddevice.modname                     "Module Name:">
+<!ENTITY loaddevice.modname.accesskey           "M">
+<!ENTITY loaddevice.modname.default             "New PKCS#11 Module">
+<!ENTITY loaddevice.filename                    "Module filename:">
+<!ENTITY loaddevice.filename.accesskey          "f">
+<!ENTITY loaddevice.browse                      "Browse…">
+<!ENTITY loaddevice.browse.accesskey            "B">
+
+<!ENTITY loaddevice.title                       "Load PKCS#11 Device">
diff --git a/security/manager/locales/en-US/chrome/pippki/pippki.dtd b/security/manager/locales/en-US/chrome/pippki/pippki.dtd
new file mode 100644
index 000000000..3bc3c1f85
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.dtd
@@ -0,0 +1,51 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!-- Values for changepassword.xul -->
+<!ENTITY setPassword.title  "Change Master Password">
+<!ENTITY setPassword.tokenName.label "Security Device">
+<!ENTITY setPassword.oldPassword.label "Current password:">
+<!ENTITY setPassword.newPassword.label "New password:">
+<!ENTITY setPassword.reenterPassword.label "New password (again):">
+<!ENTITY setPassword.meter.label "Password quality meter">
+
+<!-- Values for resetpassword.xul -->
+<!ENTITY resetPasswordButtonLabel "Reset">
+<!ENTITY resetPassword.title  "Reset Master Password">
+<!ENTITY resetPassword.text  "If you reset your master password, all your stored web and e-mail passwords, form data, personal certificates, and private keys will be forgotten. Are you sure you want to reset your master password?">
+
+<!-- Downloading a cert -->
+<!ENTITY downloadCert.title "Downloading Certificate">
+<!ENTITY downloadCert.message1 "You have been asked to trust a new Certificate Authority (CA).">
+<!ENTITY downloadCert.trustSSL "Trust this CA to identify websites.">
+<!ENTITY downloadCert.trustEmail "Trust this CA to identify email users.">
+<!ENTITY downloadCert.trustObjSign "Trust this CA to identify software developers.">
+<!ENTITY downloadCert.message3 "Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).">
+<!ENTITY downloadCert.viewCert.label "View">
+<!ENTITY downloadCert.viewCert.text "Examine CA certificate">
+
+<!-- Strings for the SSL client auth ask dialog -->
+<!ENTITY clientAuthAsk.title "User Identification Request">
+<!ENTITY clientAuthAsk.message1 "This site has requested that you identify yourself with a certificate:">
+<!ENTITY clientAuthAsk.message2 "Choose a certificate to present as identification:">
+<!ENTITY clientAuthAsk.message3 "Details of selected certificate:">
+
+<!ENTITY pkcs12.setpassword.title  "Choose a Certificate Backup Password">
+<!ENTITY pkcs12.setpassword.message  "The certificate backup password you set here protects the backup file that you are about to create.  You must set this password to proceed with the backup.">
+<!ENTITY pkcs12.setpassword.label1 "Certificate backup password:">
+<!ENTITY pkcs12.setpassword.label2 "Certificate backup password (again):">
+<!ENTITY pkcs12.setpassword.reminder "Important: If you forget your certificate backup password, you will not be able to restore this backup later.  Please record it in a safe location.">
+
+<!ENTITY chooseToken.title  "Choose Token Dialog">
+<!ENTITY chooseToken.message1 "Please choose a token.">
+
+<!-- Strings for the CreateCertInfo dialog  -->
+<!ENTITY createCertInfo.title "Generating A Private Key">
+<!ENTITY createCertInfo.msg1 "Key Generation in progress… This may take a few minutes….">
+<!ENTITY createCertInfo.msg2 "Please wait…">
+
+<!-- Strings for protectedAuth dialog -->
+<!ENTITY protectedAuth.title "Protected Token Authentication">
+<!ENTITY protectedAuth.msg "Please authenticate to the token. Authentication method depends on the type of your token.">
+<!ENTITY protectedAuth.tokenName.label "Token:">
diff --git a/security/manager/locales/en-US/chrome/pippki/pippki.properties b/security/manager/locales/en-US/chrome/pippki/pippki.properties
new file mode 100644
index 000000000..fd002b434
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@@ -0,0 +1,192 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CertPassPrompt=Please enter the Personal Security Password for the PSM Private Keys security device.
+
+# LOCALIZATION NOTE(certWithSerial): Used for semi-uniquely representing a cert.
+# %1$S is the serial number of the cert in AA:BB:CC hex format.
+certWithSerial=Certificate with serial number: %1$S
+
+# Download Cert dialog
+# LOCALIZATION NOTE(newCAMessage1):
+# %S is a string representative of the certificate being downloaded/imported.
+newCAMessage1=Do you want to trust “%S” for the following purposes?
+unnamedCA=Certificate Authority (unnamed)
+
+# For editing cert trust
+editTrustCA=The certificate “%S” represents a Certificate Authority.
+
+# For Deleting Certificates
+deleteSslCertConfirm3=Are you sure you want to delete these server exceptions?
+deleteSslCertImpact3=If you delete a server exception, you restore the usual security checks for that server and require it uses a valid certificate.
+deleteSslCertTitle3=Delete Server Certificate Exceptions
+
+deleteUserCertConfirm=Are you sure you want to delete these certificates?
+deleteUserCertImpact=If you delete one of your own certificates, you can no longer use it to identify yourself.
+deleteUserCertTitle=Delete your Certificates
+
+deleteCaCertConfirm2=You have requested to delete these CA certificates. For built-in certificates all trust will be removed, which has the same effect. Are you sure you want to delete or distrust?
+deleteCaCertImpactX2=If you delete or distrust a certificate authority (CA) certificate, this application will no longer trust any certificates issued by that CA.
+deleteCaCertTitle2=Delete or Distrust CA Certificates
+
+deleteEmailCertConfirm=Are you sure you want to delete these people’s e-mail certificates?
+deleteEmailCertImpactDesc=If you delete a person’s e-mail certificate, you will no longer be able to send encrypted e-mail to that person.
+deleteEmailCertTitle=Delete E-Mail Certificates
+
+deleteOrphanCertConfirm=Are you sure you want to delete these certificates?
+deleteOrphanCertTitle=Delete Certificates
+
+# PKCS#12 file dialogs
+chooseP12RestoreFileDialog2=Certificate File to Import
+chooseP12BackupFileDialog=File Name to Backup
+file_browse_PKCS12_spec=PKCS12 Files
+getPKCS12FilePasswordMessage=Please enter the password that was used to encrypt this certificate backup:
+
+# Cert verification
+certVerified=This certificate has been verified for the following uses:
+certNotVerified_CertRevoked=Could not verify this certificate because it has been revoked.
+certNotVerified_CertExpired=Could not verify this certificate because it has expired.
+certNotVerified_CertNotTrusted=Could not verify this certificate because it is not trusted.
+certNotVerified_IssuerNotTrusted=Could not verify this certificate because the issuer is not trusted.
+certNotVerified_IssuerUnknown=Could not verify this certificate because the issuer is unknown.
+certNotVerified_CAInvalid=Could not verify this certificate because the CA certificate is invalid.
+certNotVerified_AlgorithmDisabled=Could not verify this certificate because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
+certNotVerified_Unknown=Could not verify this certificate for unknown reasons.
+
+# Client auth
+clientAuthRemember=Remember this decision
+# LOCALIZATION NOTE(clientAuthNickAndSerial): Represents a single cert when the
+# user is choosing from a list of certificates.
+# %1$S is the nickname of the cert.
+# %2$S is the serial number of the cert in AA:BB:CC hex format.
+clientAuthNickAndSerial=%1$S [%2$S]
+# LOCALIZATION NOTE(clientAuthHostnameAndPort):
+# %1$S is the hostname of the server.
+# %2$S is the port of the server.
+clientAuthHostnameAndPort=%1$S:%2$S
+# LOCALIZATION NOTE(clientAuthMessage1): %S is the Organization of the server
+# cert.
+clientAuthMessage1=Organization: “%S”
+# LOCALIZATION NOTE(clientAuthMessage2): %S is the Organization of the issuer
+# cert of the server cert.
+clientAuthMessage2=Issued Under: “%S”
+# LOCALIZATION NOTE(clientAuthIssuedTo): %1$S is the Distinguished Name of the
+# currently selected client cert, such as "CN=John Doe,OU=Example" (without
+# quotes).
+clientAuthIssuedTo=Issued to: %1$S
+# LOCALIZATION NOTE(clientAuthSerial): %1$S is the serial number of the selected
+# cert in AA:BB:CC hex format.
+clientAuthSerial=Serial number: %1$S
+# LOCALIZATION NOTE(clientAuthValidityPeriod):
+# %1$S is the already localized notBefore date of the selected cert.
+# %2$S is the already localized notAfter date of the selected cert.
+clientAuthValidityPeriod=Valid from %1$S to %2$S
+# LOCALIZATION NOTE(clientAuthKeyUsages): %1$S is a comma separated list of
+# already localized key usages the selected cert is valid for.
+clientAuthKeyUsages=Key Usages: %1$S
+# LOCALIZATION NOTE(clientAuthEmailAddresses): %1$S is a comma separated list of
+# e-mail addresses the selected cert is valid for.
+clientAuthEmailAddresses=Email addresses: %1$S
+# LOCALIZATION NOTE(clientAuthIssuedBy): %1$S is the Distinguished Name of the
+# cert which issued the selected cert.
+clientAuthIssuedBy=Issued by: %1$S
+# LOCALIZATION NOTE(clientAuthStoredOn): %1$S is the name of the PKCS #11 token
+# the selected cert is stored on.
+clientAuthStoredOn=Stored on: %1$S
+
+# Page Info
+pageInfo_NoEncryption=Connection Not Encrypted
+pageInfo_Privacy_None1=The website %S does not support encryption for the page you are viewing.
+pageInfo_Privacy_None2=Information sent over the Internet without encryption can be seen by other people while it is in transit. 
+pageInfo_Privacy_None4=The page you are viewing was not encrypted before being transmitted over the Internet.
+# LOCALIZATION NOTE (pageInfo_EncryptionWithBitsAndProtocol and pageInfo_BrokenEncryption):
+# %1$S is the name of the encryption standard,
+# %2$S is the key size of the cipher.
+# %3$S is protocol version like "SSL 3" or "TLS 1.2"
+pageInfo_EncryptionWithBitsAndProtocol=Connection Encrypted (%1$S, %2$S bit keys, %3$S)
+pageInfo_BrokenEncryption=Broken Encryption (%1$S, %2$S bit keys, %3$S)
+pageInfo_Privacy_Encrypted1=The page you are viewing was encrypted before being transmitted over the Internet.
+pageInfo_Privacy_Encrypted2=Encryption makes it difficult for unauthorized people to view information traveling between computers. It is therefore unlikely that anyone read this page as it traveled across the network.
+pageInfo_MixedContent=Connection Partially Encrypted
+pageInfo_MixedContent2=Parts of the page you are viewing were not encrypted before being transmitted over the Internet.
+pageInfo_WeakCipher=Your connection to this website uses weak encryption and is not private. Other people can view your information or modify the website’s behavior.
+pageInfo_CertificateTransparency_None=This website does not supply Certificate Transparency audit records.
+pageInfo_CertificateTransparency_OK=This website supplies publicly auditable Certificate Transparency records.
+pageInfo_CertificateTransparency_UnknownLog=This website claims to have Certificate Transparency audit records, but the records were issued by an unknown party and cannot be verified.
+pageInfo_CertificateTransparency_Invalid=This website supplies Certificate Transparency audit records, but the records failed verification.
+
+# Cert Viewer
+# LOCALIZATION NOTE(certViewerTitle): Title used for the Certificate Viewer.
+# %1$S is a string representative of the certificate being viewed.
+certViewerTitle=Certificate Viewer: “%1$S”
+notPresent=<Not Part Of Certificate>
+
+# Token Manager
+password_not_set=(not set)
+failed_pw_change=Unable to change Master Password.
+incorrect_pw=You did not enter the correct current Master Password. Please try again.
+pw_change_ok=Master Password successfully changed.
+pw_erased_ok=Warning! You have deleted your Master Password. 
+pw_not_wanted=Warning! You have decided not to use a Master Password.
+pw_empty_warning=Your stored web and email passwords, form data, and private keys will not be protected.
+pw_change2empty_in_fips_mode=You are currently in FIPS mode. FIPS requires a non-empty Master Password.
+login_failed=Failed to Login
+loadPK11TokenDialog=Choose a PKCS#11 device to load
+devinfo_modname=Module
+devinfo_modpath=Path
+devinfo_label=Label
+devinfo_manID=Manufacturer
+devinfo_serialnum=Serial Number
+devinfo_hwversion=HW Version
+devinfo_fwversion=FW Version
+devinfo_status=Status
+devinfo_desc=Description
+devinfo_stat_disabled=Disabled
+devinfo_stat_notpresent=Not Present
+devinfo_stat_uninitialized=Uninitialized
+devinfo_stat_notloggedin=Not Logged In
+devinfo_stat_loggedin=Logged In
+devinfo_stat_ready=Ready
+enable_fips=Enable FIPS
+disable_fips=Disable FIPS
+fips_nonempty_password_required=FIPS mode requires that you have a Master Password set for each security device. Please set the password before trying to enable FIPS mode.
+unable_to_toggle_fips=Unable to change the FIPS mode for the security device. It is recommended that you exit and restart this application.
+
+resetPasswordConfirmationTitle=Reset Master Password
+resetPasswordConfirmationMessage=Your password has been reset.
+
+# Import certificate(s) file dialog
+importEmailCertPrompt=Select File containing somebody’s Email certificate to import
+importCACertsPrompt=Select File containing CA certificate(s) to import
+file_browse_Certificate_spec=Certificate Files
+
+# Cert export
+SaveCertAs=Save Certificate To File
+CertFormatBase64=X.509 Certificate (PEM)
+CertFormatBase64Chain=X.509 Certificate with chain (PEM)
+CertFormatDER=X.509 Certificate (DER)
+CertFormatPKCS7=X.509 Certificate (PKCS#7)
+CertFormatPKCS7Chain=X.509 Certificate with chain (PKCS#7)
+writeFileFailure=File Error
+writeFileFailed=Can’t write to file %S:\n%S.
+writeFileAccessDenied=Access denied
+writeFileIsLocked=File is locked
+writeFileNoDeviceSpace=No space left on device
+writeFileUnknownError=Unknown error
+
+# Add Security Exception dialog
+addExceptionBrandedWarning2=You are about to override how %S identifies this site.
+addExceptionInvalidHeader=This site attempts to identify itself with invalid information.
+addExceptionDomainMismatchShort=Wrong Site
+addExceptionDomainMismatchLong2=The certificate belongs to a different site, which could mean that someone is trying to impersonate this site.
+addExceptionExpiredShort=Outdated Information
+addExceptionExpiredLong2=The certificate is not currently valid. It may have been stolen or lost, and could be used by someone to impersonate this site.
+addExceptionUnverifiedOrBadSignatureShort=Unknown Identity
+addExceptionUnverifiedOrBadSignatureLong2=The certificate is not trusted because it hasn’t been verified as issued by a trusted authority using a secure signature.
+addExceptionValidShort=Valid Certificate
+addExceptionValidLong=This site provides valid, verified identification.  There is no need to add an exception.
+addExceptionCheckingShort=Checking Information
+addExceptionCheckingLong2=Attempting to identify this site…
+addExceptionNoCertShort=No Information Available
+addExceptionNoCertLong2=Unable to obtain identification status for this site.
diff --git a/security/manager/locales/jar.mn b/security/manager/locales/jar.mn
new file mode 100644
index 000000000..9b5c2da44
--- /dev/null
+++ b/security/manager/locales/jar.mn
@@ -0,0 +1,15 @@
+#filter substitution
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+@AB_CD@.jar:
+% locale pipnss @AB_CD@ %locale/@AB_CD@/pipnss/
+% locale pippki @AB_CD@ %locale/@AB_CD@/pippki/
+  locale/@AB_CD@/pipnss/pipnss.properties     (%chrome/pipnss/pipnss.properties)
+  locale/@AB_CD@/pipnss/nsserrors.properties  (%chrome/pipnss/nsserrors.properties)
+  locale/@AB_CD@/pippki/pippki.dtd            (%chrome/pippki/pippki.dtd)
+  locale/@AB_CD@/pippki/pippki.properties     (%chrome/pippki/pippki.properties)
+  locale/@AB_CD@/pippki/certManager.dtd       (%chrome/pippki/certManager.dtd)
+  locale/@AB_CD@/pippki/deviceManager.dtd     (%chrome/pippki/deviceManager.dtd)
diff --git a/security/manager/locales/moz.build b/security/manager/locales/moz.build
new file mode 100644
index 000000000..eb4454d28
--- /dev/null
+++ b/security/manager/locales/moz.build
@@ -0,0 +1,7 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+JAR_MANIFESTS += ['jar.mn']
\ No newline at end of file
diff --git a/security/manager/moz.build b/security/manager/moz.build
new file mode 100644
index 000000000..8097ef5f6
--- /dev/null
+++ b/security/manager/moz.build
@@ -0,0 +1,10 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ['ssl', 'locales']
+
+if CONFIG['MOZ_XUL'] and CONFIG['MOZ_BUILD_APP'] != 'mobile/android':
+    DIRS += ['pki']
diff --git a/security/manager/pki/moz.build b/security/manager/pki/moz.build
new file mode 100644
index 000000000..9a8038922
--- /dev/null
+++ b/security/manager/pki/moz.build
@@ -0,0 +1,26 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ['resources']
+
+XPIDL_SOURCES += [
+    'nsIASN1Tree.idl',
+]
+
+XPIDL_MODULE = 'pippki'
+
+UNIFIED_SOURCES += [
+    'nsASN1Tree.cpp',
+    'nsNSSDialogHelper.cpp',
+    'nsNSSDialogs.cpp',
+    'nsPKIModule.cpp',
+]
+
+LOCAL_INCLUDES += [
+    '!/dist/public/nss',
+]
+
+FINAL_LIBRARY = 'xul'
diff --git a/security/manager/pki/nsASN1Tree.cpp b/security/manager/pki/nsASN1Tree.cpp
new file mode 100644
index 000000000..ce9672d8d
--- /dev/null
+++ b/security/manager/pki/nsASN1Tree.cpp
@@ -0,0 +1,573 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsASN1Tree.h"
+
+#include "mozilla/Assertions.h"
+#include "nsArrayUtils.h"
+#include "nsDebug.h"
+#include "nsIMutableArray.h"
+#include "nsString.h"
+
+NS_IMPL_ISUPPORTS(nsNSSASN1Tree, nsIASN1Tree, nsITreeView)
+
+nsNSSASN1Tree::nsNSSASN1Tree()
+  : mTopNode(nullptr)
+{
+}
+
+nsNSSASN1Tree::~nsNSSASN1Tree()
+{
+  ClearNodes();
+}
+
+void
+nsNSSASN1Tree::ClearNodesRecursively(myNode* n)
+{
+  // Note: |n| is allowed to be null.
+
+  myNode *walk = n;
+  while (walk) {
+    myNode *kill = walk;
+
+    if (walk->child) {
+      ClearNodesRecursively(walk->child);
+    }
+
+    walk = walk->next;
+    delete kill;
+  }
+}
+
+void
+nsNSSASN1Tree::ClearNodes()
+{
+  ClearNodesRecursively(mTopNode);
+  mTopNode = nullptr;
+}
+
+void
+nsNSSASN1Tree::InitChildsRecursively(myNode* n)
+{
+  MOZ_ASSERT(n);
+  if (!n) {
+    return;
+  }
+
+  if (!n->obj)
+    return;
+
+  n->seq = do_QueryInterface(n->obj);
+  if (!n->seq)
+    return;
+
+  // If the object is a sequence, there might still be a reason
+  // why it should not be displayed as a container.
+  // If we decide that it has all the properties to justify
+  // displaying as a container, we will create a new child chain.
+  // If we decide, it does not make sense to display as a container,
+  // we forget that it is a sequence by erasing n->seq.
+  // That way, n->seq and n->child will be either both set or both null.
+
+  bool isContainer;
+  n->seq->GetIsValidContainer(&isContainer);
+  if (!isContainer) {
+    n->seq = nullptr;
+    return;
+  }
+
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  n->seq->GetASN1Objects(getter_AddRefs(asn1Objects));
+  uint32_t numObjects;
+  asn1Objects->GetLength(&numObjects);
+  if (!numObjects) {
+    n->seq = nullptr;
+    return;
+  }
+
+  myNode *walk = nullptr;
+  myNode *prev = nullptr;
+  for (uint32_t i = 0; i < numObjects; i++) {
+    if (0 == i) {
+      n->child = walk = new myNode;
+    }
+    else {
+      walk = new myNode;
+    }
+
+    walk->parent = n;
+    if (prev) {
+      prev->next = walk;
+    }
+
+    walk->obj = do_QueryElementAt(asn1Objects, i);
+
+    InitChildsRecursively(walk);
+
+    prev = walk;
+  }
+}
+
+void
+nsNSSASN1Tree::InitNodes()
+{
+  ClearNodes();
+
+  mTopNode = new myNode;
+  mTopNode->obj = mASN1Object;
+
+  InitChildsRecursively(mTopNode);
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::LoadASN1Structure(nsIASN1Object* asn1Object)
+{
+  // Note: |asn1Object| is allowed to be null.
+
+  // The tree won't automatically re-draw if the contents
+  // have been changed.  So I do a quick test here to let
+  // me know if I should forced the tree to redraw itself
+  // by calling RowCountChanged on it.
+  //
+  bool redraw = (mASN1Object && mTree);
+  int32_t rowsToDelete = 0;
+
+  if (redraw) {
+    // This is the number of rows we will be deleting after
+    // the contents have changed.
+    rowsToDelete = 0-CountVisibleNodes(mTopNode);
+  }
+
+  mASN1Object = asn1Object;
+  InitNodes();
+
+  if (redraw) {
+    // The number of rows in the new content.
+    int32_t newRows = CountVisibleNodes(mTopNode);
+    mTree->BeginUpdateBatch();
+    // Erase all of the old rows.
+    mTree->RowCountChanged(0, rowsToDelete);
+    // Replace them with the new contents
+    mTree->RowCountChanged(0, newRows);
+    mTree->EndUpdateBatch();
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetRowCount(int32_t* aRowCount)
+{
+  NS_ENSURE_ARG_POINTER(aRowCount);
+
+  if (mASN1Object) {
+    *aRowCount = CountVisibleNodes(mTopNode);
+  } else {
+    *aRowCount = 0;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetSelection(nsITreeSelection** aSelection)
+{
+  NS_ENSURE_ARG_POINTER(aSelection);
+  *aSelection = mSelection;
+  NS_IF_ADDREF(*aSelection);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::SetSelection(nsITreeSelection* aSelection)
+{
+  // Note: |aSelection| is allowed to be null.
+  mSelection = aSelection;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetRowProperties(int32_t, nsAString&)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetCellProperties(int32_t, nsITreeColumn*, nsAString&)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetColumnProperties(nsITreeColumn*, nsAString&)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::IsContainer(int32_t index, bool* _retval)
+{
+  NS_ENSURE_ARG_MIN(index, 0);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  myNode *n = FindNodeFromIndex(index);
+  if (!n)
+    return NS_ERROR_FAILURE;
+
+  *_retval = (n->seq != nullptr);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::IsContainerOpen(int32_t index, bool* _retval)
+{
+  NS_ENSURE_ARG_MIN(index, 0);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  myNode *n = FindNodeFromIndex(index);
+  if (!n || !n->seq)
+    return NS_ERROR_FAILURE;
+
+  return n->seq->GetIsExpanded(_retval);
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::IsContainerEmpty(int32_t, bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::IsSeparator(int32_t, bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetLevel(int32_t index, int32_t* _retval)
+{
+  NS_ENSURE_ARG_MIN(index, 0);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  int32_t nodeLevel;
+  myNode* n = FindNodeFromIndex(index, nullptr, &nodeLevel);
+  if (!n)
+    return NS_ERROR_FAILURE;
+
+  *_retval = nodeLevel;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetImageSrc(int32_t, nsITreeColumn*, nsAString&)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetProgressMode(int32_t, nsITreeColumn*, int32_t*)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetCellValue(int32_t, nsITreeColumn*, nsAString&)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetCellText(int32_t row, nsITreeColumn*, nsAString& _retval)
+{
+  NS_ENSURE_ARG_MIN(row, 0);
+
+  _retval.Truncate();
+
+  myNode* n = FindNodeFromIndex(row);
+  if (!n)
+    return NS_ERROR_FAILURE;
+
+  // There's only one column for ASN1 dump.
+  return n->obj->GetDisplayName(_retval);
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetDisplayData(uint32_t index, nsAString& _retval)
+{
+  myNode *n = FindNodeFromIndex(index);
+  if (!n)
+    return NS_ERROR_FAILURE;
+
+  return n->obj->GetDisplayValue(_retval);
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::SetTree(nsITreeBoxObject* tree)
+{
+  // Note: |tree| is allowed to be null.
+  mTree = tree;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::ToggleOpenState(int32_t index)
+{
+  NS_ENSURE_ARG_MIN(index, 0);
+
+  myNode *n = FindNodeFromIndex(index);
+  if (!n)
+    return NS_ERROR_FAILURE;
+
+  if (!n->seq)
+    return NS_ERROR_FAILURE;
+
+  bool IsExpanded;
+  n->seq->GetIsExpanded(&IsExpanded);
+  int32_t rowCountChange;
+  if (IsExpanded) {
+    rowCountChange = -CountVisibleNodes(n->child);
+    n->seq->SetIsExpanded(false);
+  } else {
+    n->seq->SetIsExpanded(true);
+    rowCountChange = CountVisibleNodes(n->child);
+  }
+  if (mTree)
+    mTree->RowCountChanged(index, rowCountChange);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::CycleHeader(nsITreeColumn*)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::SelectionChanged()
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::CycleCell(int32_t, nsITreeColumn*)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::IsEditable(int32_t, nsITreeColumn*, bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::IsSelectable(int32_t, nsITreeColumn*, bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::SetCellValue(int32_t, nsITreeColumn*, const nsAString&)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::SetCellText(int32_t, nsITreeColumn*, const nsAString&)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::PerformAction(const char16_t*)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::PerformActionOnRow(const char16_t*, int32_t)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::PerformActionOnCell(const char16_t*, int32_t, nsITreeColumn*)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::CanDrop(int32_t, int32_t, nsIDOMDataTransfer*, bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::Drop(int32_t, int32_t, nsIDOMDataTransfer*)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::IsSorted(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::GetParentIndex(int32_t rowIndex, int32_t* _retval)
+{
+  NS_ENSURE_ARG_MIN(rowIndex, 0);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  int32_t parentIndex = -1;
+
+  myNode *n = FindNodeFromIndex(rowIndex, &parentIndex);
+  if (!n)
+    return NS_ERROR_FAILURE;
+
+  *_retval = parentIndex;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Tree::HasNextSibling(int32_t rowIndex, int32_t afterIndex,
+                              bool* _retval)
+{
+  NS_ENSURE_ARG_MIN(rowIndex, 0);
+  NS_ENSURE_ARG_MIN(afterIndex, 0);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  myNode *n = FindNodeFromIndex(rowIndex);
+  if (!n)
+    return NS_ERROR_FAILURE;
+
+  if (!n->next) {
+    *_retval = false;
+  }
+  else {
+    int32_t nTotalSize = CountVisibleNodes(n);
+    int32_t nLastChildPos = rowIndex + nTotalSize -1;
+    int32_t nextSiblingPos = nLastChildPos +1;
+    *_retval = (nextSiblingPos > afterIndex);
+  }
+
+  return NS_OK;
+}
+
+int32_t
+nsNSSASN1Tree::CountVisibleNodes(myNode* n)
+{
+  if (!n)
+    return 0;
+
+  myNode *walk = n;
+  int32_t count = 0;
+  while (walk) {
+    ++count;
+
+    if (walk->seq) {
+      bool IsExpanded;
+      walk->seq->GetIsExpanded(&IsExpanded);
+      if (IsExpanded) {
+        count += CountVisibleNodes(walk->child);
+      }
+    }
+
+    walk = walk->next;
+  }
+
+  return count;
+}
+
+// Entry point for find
+nsNSSASN1Tree::myNode*
+nsNSSASN1Tree::FindNodeFromIndex(int32_t wantedIndex,
+                                 int32_t* optionalOutParentIndex,
+                                 int32_t* optionalOutLevel)
+{
+  MOZ_ASSERT(wantedIndex >= 0);
+  if (wantedIndex < 0) {
+    return nullptr;
+  }
+
+  if (0 == wantedIndex) {
+    if (optionalOutLevel) {
+      *optionalOutLevel = 0;
+    }
+    if (optionalOutParentIndex) {
+      *optionalOutParentIndex = -1;
+    }
+    return mTopNode;
+  }
+
+  int32_t index = 0;
+  int32_t level = 0;
+  return FindNodeFromIndex(mTopNode, wantedIndex, index, level,
+                           optionalOutParentIndex, optionalOutLevel);
+}
+
+// Internal recursive helper function
+nsNSSASN1Tree::myNode*
+nsNSSASN1Tree::FindNodeFromIndex(myNode* n, int32_t wantedIndex,
+                                 int32_t& indexCounter, int32_t& levelCounter,
+                                 int32_t* optionalOutParentIndex,
+                                 int32_t* optionalOutLevel)
+{
+  MOZ_ASSERT(wantedIndex >= 0);
+  MOZ_ASSERT(indexCounter >= 0);
+  MOZ_ASSERT(levelCounter >= 0);
+  if (!n || wantedIndex < 0 || indexCounter < 0 || levelCounter < 0) {
+    return nullptr;
+  }
+
+  myNode *walk = n;
+  int32_t parentIndex = indexCounter - 1;
+
+  while (walk) {
+    if (indexCounter == wantedIndex) {
+      if (optionalOutLevel) {
+        *optionalOutLevel = levelCounter;
+      }
+      if (optionalOutParentIndex) {
+        *optionalOutParentIndex = parentIndex;
+      }
+      return walk;
+    }
+
+    if (walk->seq) {
+      bool IsExpanded;
+      walk->seq->GetIsExpanded(&IsExpanded);
+      if (IsExpanded) {
+        ++indexCounter; // set to walk->child
+
+        ++levelCounter;
+        myNode* found = FindNodeFromIndex(walk->child, wantedIndex, indexCounter,
+                                          levelCounter, optionalOutParentIndex,
+                                          optionalOutLevel);
+        --levelCounter;
+
+        if (found)
+          return found;
+      }
+    }
+
+    walk = walk->next;
+    if (walk) {
+      ++indexCounter;
+    }
+  }
+
+  return nullptr;
+}
diff --git a/security/manager/pki/nsASN1Tree.h b/security/manager/pki/nsASN1Tree.h
new file mode 100644
index 000000000..bb2325b7a
--- /dev/null
+++ b/security/manager/pki/nsASN1Tree.h
@@ -0,0 +1,72 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _NSSASNTREE_H_
+#define _NSSASNTREE_H_
+
+#include "nscore.h"
+#include "nsIX509Cert.h"
+#include "nsIASN1Tree.h"
+#include "nsIASN1Object.h"
+#include "nsIASN1Sequence.h"
+#include "nsITreeView.h"
+#include "nsITreeBoxObject.h"
+#include "nsITreeSelection.h"
+#include "nsCOMPtr.h"
+
+//4bfaa9f0-1dd2-11b2-afae-a82cbaa0b606
+#define NS_NSSASN1OUTINER_CID  {             \
+   0x4bfaa9f0,                               \
+   0x1dd2,                                   \
+   0x11b2,                                   \
+   {0xaf,0xae,0xa8,0x2c,0xba,0xa0,0xb6,0x06} \
+  }
+  
+
+class nsNSSASN1Tree : public nsIASN1Tree
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIASN1TREE
+  NS_DECL_NSITREEVIEW
+  
+  nsNSSASN1Tree();
+protected:
+  virtual ~nsNSSASN1Tree();
+
+  class myNode
+  {
+  public:
+    nsCOMPtr<nsIASN1Object> obj;
+    nsCOMPtr<nsIASN1Sequence> seq;
+    myNode *child;
+    myNode *next;
+    myNode *parent;
+    
+    myNode() {
+      child = next = parent = nullptr;
+    }
+  };
+
+  myNode *mTopNode;
+
+  nsCOMPtr<nsIASN1Object> mASN1Object;
+  nsCOMPtr<nsITreeSelection> mSelection;
+  nsCOMPtr<nsITreeBoxObject> mTree;
+
+  void InitNodes();
+  void InitChildsRecursively(myNode *n);
+
+  void ClearNodes();
+  void ClearNodesRecursively(myNode *n);
+
+  int32_t CountVisibleNodes(myNode *n);
+  myNode *FindNodeFromIndex(myNode *n, int32_t wantedIndex,
+                            int32_t &index_counter, int32_t &level_counter,
+                            int32_t *optionalOutParentIndex, int32_t *optionalOutLevel);
+  myNode *FindNodeFromIndex(int32_t wantedIndex, 
+                            int32_t *optionalOutParentIndex = nullptr, 
+                            int32_t *optionalOutLevel = nullptr);
+
+};
+#endif //_NSSASNTREE_H_
diff --git a/security/manager/pki/nsIASN1Tree.idl b/security/manager/pki/nsIASN1Tree.idl
new file mode 100644
index 000000000..a0e2a265a
--- /dev/null
+++ b/security/manager/pki/nsIASN1Tree.idl
@@ -0,0 +1,25 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsITreeView.idl"
+#include "nsIX509Cert.idl"
+
+[scriptable, uuid(de142307-7b88-4e0a-b232-250f310e25d8)]
+interface nsIASN1Tree : nsITreeView {
+
+  void loadASN1Structure(in nsIASN1Object asn1Object);
+
+  AString getDisplayData(in unsigned long index);
+
+};
+
+%{C++
+
+#define NS_ASN1TREE_CONTRACTID "@mozilla.org/security/nsASN1Tree;1"
+
+%}
+
diff --git a/security/manager/pki/nsNSSDialogHelper.cpp b/security/manager/pki/nsNSSDialogHelper.cpp
new file mode 100644
index 000000000..1ec161b81
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogHelper.cpp
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSDialogHelper.h"
+
+#include "mozilla/dom/ScriptSettings.h"
+#include "nsCOMPtr.h"
+#include "nsIDOMWindow.h"
+#include "nsIServiceManager.h"
+#include "nsIWindowWatcher.h"
+
+static const char kOpenDialogParam[] = "centerscreen,chrome,modal,titlebar";
+static const char kOpenWindowParam[] = "centerscreen,chrome,titlebar";
+
+nsresult
+nsNSSDialogHelper::openDialog(mozIDOMWindowProxy* window, const char* url,
+                              nsISupports* params, bool modal)
+{
+#ifdef MOZ_WIDGET_GONK
+  // On b2g devices, we need to proxy the dialog creation & management
+  // to Gaia.
+  return NS_ERROR_NOT_IMPLEMENTED;
+#endif
+
+  nsresult rv;
+  nsCOMPtr<nsIWindowWatcher> windowWatcher = 
+           do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) return rv;
+
+  nsCOMPtr<mozIDOMWindowProxy> parent = window;
+
+  if (!parent) {
+    windowWatcher->GetActiveWindow(getter_AddRefs(parent));
+  }
+
+  // We're loading XUL into this window, and it's happening on behalf of the
+  // system, not on behalf of content. Make sure the initial about:blank window
+  // gets a system principal, otherwise we'll bork when trying to wrap the
+  // nsIKeyGenThread |arguments| property into the unprivileged scoope.
+  MOZ_ASSERT(!strncmp("chrome://", url, strlen("chrome://")));
+  mozilla::dom::AutoNoJSAPI nojsapi;
+
+  nsCOMPtr<mozIDOMWindowProxy> newWindow;
+  rv = windowWatcher->OpenWindow(parent,
+                                 url,
+                                 "_blank",
+                                 modal
+                                 ? kOpenDialogParam
+                                 : kOpenWindowParam,
+                                 params,
+                                 getter_AddRefs(newWindow));
+  return rv;
+}
diff --git a/security/manager/pki/nsNSSDialogHelper.h b/security/manager/pki/nsNSSDialogHelper.h
new file mode 100644
index 000000000..87605da5f
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogHelper.h
@@ -0,0 +1,38 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSDialogHelper_h
+#define nsNSSDialogHelper_h
+
+class mozIDOMWindowProxy;
+class nsISupports;
+
+/**
+ * Helper class that uses the window watcher service to open a standard dialog,
+ * with or without a parent context.
+ */
+class nsNSSDialogHelper
+{
+public:
+  /**
+   * Opens a XUL dialog.
+   *
+   * @param window
+   *        Parent window of the dialog, or nullptr to signal no parent.
+   * @param url
+   *        URL to the XUL dialog.
+   * @param params
+   *        Parameters to pass to the dialog. Same semantics as the
+   *        nsIWindowWatcher.openWindow() |aArguments| parameter.
+   * @param modal
+   *        true if the dialog should be modal, false otherwise.
+   * @return The result of opening the dialog.
+   */
+  static nsresult openDialog(mozIDOMWindowProxy* window, const char* url,
+                             nsISupports* params, bool modal = true);
+};
+
+#endif // nsNSSDialogHelper_h
diff --git a/security/manager/pki/nsNSSDialogs.cpp b/security/manager/pki/nsNSSDialogs.cpp
new file mode 100644
index 000000000..831bce57e
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogs.cpp
@@ -0,0 +1,441 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Dialog services for PIP.
+ */
+
+#include "nsNSSDialogs.h"
+
+#include "mozIDOMWindow.h"
+#include "nsArray.h"
+#include "nsEmbedCID.h"
+#include "nsHashPropertyBag.h"
+#include "nsIDialogParamBlock.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIKeygenThread.h"
+#include "nsIPromptService.h"
+#include "nsIProtectedAuthThread.h"
+#include "nsIWindowWatcher.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509Cert.h"
+#include "nsNSSDialogHelper.h"
+#include "nsString.h"
+#include "nsVariant.h"
+
+#define PIPSTRING_BUNDLE_URL "chrome://pippki/locale/pippki.properties"
+
+nsNSSDialogs::nsNSSDialogs()
+{
+}
+
+nsNSSDialogs::~nsNSSDialogs()
+{
+}
+
+NS_IMPL_ISUPPORTS(nsNSSDialogs, nsITokenPasswordDialogs,
+                  nsICertificateDialogs,
+                  nsIClientAuthDialogs,
+                  nsITokenDialogs,
+                  nsIGeneratingKeypairInfoDialogs)
+
+nsresult
+nsNSSDialogs::Init()
+{
+  nsresult rv;
+
+  nsCOMPtr<nsIStringBundleService> service =
+           do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) return rv;
+  
+  rv = service->CreateBundle(PIPSTRING_BUNDLE_URL,
+                             getter_AddRefs(mPIPStringBundle));
+  return rv;
+}
+
+nsresult
+nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx,
+                          const char16_t *tokenName, bool* _canceled)
+{
+  nsresult rv;
+
+  *_canceled = false;
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+
+  nsCOMPtr<nsIDialogParamBlock> block =
+           do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
+  if (!block) return NS_ERROR_FAILURE;
+
+  rv = block->SetString(1, tokenName);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = nsNSSDialogHelper::openDialog(parent,
+                                "chrome://pippki/content/changepassword.xul",
+                                block);
+
+  if (NS_FAILED(rv)) return rv;
+
+  int32_t status;
+
+  rv = block->GetInt(1, &status);
+  if (NS_FAILED(rv)) return rv;
+
+  *_canceled = (status == 0)?true:false;
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor* ctx,
+                                    nsIX509Cert* cert,
+                            /*out*/ uint32_t* trust,
+                            /*out*/ bool* importConfirmed)
+{
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(cert);
+  NS_ENSURE_ARG(trust);
+  NS_ENSURE_ARG(importConfirmed);
+
+  nsCOMPtr<nsIMutableArray> argArray = nsArrayBase::Create();
+  if (!argArray) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = argArray->AppendElement(cert, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritablePropertyBag2> retVals = new nsHashPropertyBag();
+  rv = argArray->AppendElement(retVals, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+  rv = nsNSSDialogHelper::openDialog(parent,
+                                     "chrome://pippki/content/downloadcert.xul",
+                                     argArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = retVals->GetPropertyAsBool(NS_LITERAL_STRING("importConfirmed"),
+                                  importConfirmed);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  *trust = nsIX509CertDB::UNTRUSTED;
+  if (!*importConfirmed) {
+    return NS_OK;
+  }
+
+  bool trustForSSL = false;
+  rv = retVals->GetPropertyAsBool(NS_LITERAL_STRING("trustForSSL"),
+                                  &trustForSSL);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  bool trustForEmail = false;
+  rv = retVals->GetPropertyAsBool(NS_LITERAL_STRING("trustForEmail"),
+                                  &trustForEmail);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  bool trustForObjSign = false;
+  rv = retVals->GetPropertyAsBool(NS_LITERAL_STRING("trustForObjSign"),
+                                  &trustForObjSign);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  *trust |= trustForSSL ? nsIX509CertDB::TRUSTED_SSL : 0;
+  *trust |= trustForEmail ? nsIX509CertDB::TRUSTED_EMAIL : 0;
+  *trust |= trustForObjSign ? nsIX509CertDB::TRUSTED_OBJSIGN : 0;
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::ChooseCertificate(nsIInterfaceRequestor* ctx,
+                                const nsACString& hostname,
+                                int32_t port,
+                                const nsACString& organization,
+                                const nsACString& issuerOrg,
+                                nsIArray* certList,
+                        /*out*/ uint32_t* selectedIndex,
+                        /*out*/ bool* certificateChosen)
+{
+  NS_ENSURE_ARG_POINTER(ctx);
+  NS_ENSURE_ARG_POINTER(certList);
+  NS_ENSURE_ARG_POINTER(selectedIndex);
+  NS_ENSURE_ARG_POINTER(certificateChosen);
+
+  *certificateChosen = false;
+
+  nsCOMPtr<nsIMutableArray> argArray = nsArrayBase::Create();
+  if (!argArray) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIWritableVariant> hostnameVariant = new nsVariant();
+  nsresult rv = hostnameVariant->SetAsAUTF8String(hostname);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(hostnameVariant, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritableVariant> organizationVariant = new nsVariant();
+  rv = organizationVariant->SetAsAUTF8String(organization);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(organizationVariant, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritableVariant> issuerOrgVariant = new nsVariant();
+  rv = issuerOrgVariant->SetAsAUTF8String(issuerOrg);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(issuerOrgVariant, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritableVariant> portVariant = new nsVariant();
+  rv = portVariant->SetAsInt32(port);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(portVariant, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = argArray->AppendElement(certList, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritablePropertyBag2> retVals = new nsHashPropertyBag();
+  rv = argArray->AppendElement(retVals, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = nsNSSDialogHelper::openDialog(nullptr,
+                                     "chrome://pippki/content/clientauthask.xul",
+                                     argArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIClientAuthUserDecision> extraResult = do_QueryInterface(ctx);
+  if (extraResult) {
+    bool rememberSelection = false;
+    rv = retVals->GetPropertyAsBool(NS_LITERAL_STRING("rememberSelection"),
+                                    &rememberSelection);
+    if (NS_SUCCEEDED(rv)) {
+      extraResult->SetRememberClientAuthCertificate(rememberSelection);
+    }
+  }
+
+  rv = retVals->GetPropertyAsBool(NS_LITERAL_STRING("certChosen"),
+                                  certificateChosen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (*certificateChosen) {
+    rv = retVals->GetPropertyAsUint32(NS_LITERAL_STRING("selectedIndex"),
+                                      selectedIndex);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor* ctx,
+                            /*out*/ nsAString& password,
+                            /*out*/ bool* confirmedPassword)
+{
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(confirmedPassword);
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+  nsCOMPtr<nsIWritablePropertyBag2> retVals = new nsHashPropertyBag();
+  nsresult rv =
+    nsNSSDialogHelper::openDialog(parent,
+                                  "chrome://pippki/content/setp12password.xul",
+                                  retVals);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = retVals->GetPropertyAsBool(NS_LITERAL_STRING("confirmedPassword"),
+                                  confirmedPassword);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!*confirmedPassword) {
+    return NS_OK;
+  }
+
+  return retVals->GetPropertyAsAString(NS_LITERAL_STRING("password"), password);
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor* ctx,
+                                    nsAString& _password,
+                                    bool* _retval)
+{
+  *_retval = false;
+
+  nsCOMPtr<nsIPromptService> promptSvc(
+    do_GetService(NS_PROMPTSERVICE_CONTRACTID));
+  if (!promptSvc) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoString msg;
+  nsresult rv = mPIPStringBundle->GetStringFromName(
+    u"getPKCS12FilePasswordMessage", getter_Copies(msg));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+  bool ignored = false;
+  char16_t* pwTemp = nullptr;
+  rv = promptSvc->PromptPassword(parent, nullptr, msg.get(), &pwTemp, nullptr,
+                                 &ignored, _retval);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (*_retval) {
+    _password.Assign(pwTemp);
+    free(pwTemp);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::ViewCert(nsIInterfaceRequestor* ctx, nsIX509Cert* cert)
+{
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(cert);
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+  return nsNSSDialogHelper::openDialog(parent,
+                                       "chrome://pippki/content/certViewer.xul",
+                                       cert,
+                                       false /*modal*/);
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::DisplayGeneratingKeypairInfo(nsIInterfaceRequestor *aCtx, nsIKeygenThread *runnable) 
+{
+  nsresult rv;
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(aCtx);
+
+  rv = nsNSSDialogHelper::openDialog(parent,
+                                     "chrome://pippki/content/createCertInfo.xul",
+                                     runnable);
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::ChooseToken(nsIInterfaceRequestor *aCtx, const char16_t **aTokenList, uint32_t aCount, char16_t **aTokenChosen, bool *aCanceled) {
+  nsresult rv;
+  uint32_t i;
+
+  *aCanceled = false;
+
+  nsCOMPtr<nsIDialogParamBlock> block =
+           do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
+  if (!block) return NS_ERROR_FAILURE;
+
+  block->SetNumberStrings(aCount);
+
+  for (i = 0; i < aCount; i++) {
+    rv = block->SetString(i, aTokenList[i]);
+    if (NS_FAILED(rv)) return rv;
+  }
+
+  rv = block->SetInt(0, aCount);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = nsNSSDialogHelper::openDialog(nullptr,
+                                "chrome://pippki/content/choosetoken.xul",
+                                block);
+  if (NS_FAILED(rv)) return rv;
+
+  int32_t status;
+
+  rv = block->GetInt(0, &status);
+  if (NS_FAILED(rv)) return rv;
+
+  *aCanceled = (status == 0)?true:false;
+  if (!*aCanceled) {
+    // retrieve the nickname
+    rv = block->GetString(0, aTokenChosen);
+  }
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::DisplayProtectedAuth(nsIInterfaceRequestor *aCtx, nsIProtectedAuthThread *runnable)
+{
+    // We cannot use nsNSSDialogHelper here. We cannot allow close widget
+    // in the window because protected authentication is interruptible
+    // from user interface and changing nsNSSDialogHelper's static variable
+    // would not be thread-safe
+    
+    nsresult rv = NS_ERROR_FAILURE;
+    
+    // Get the parent window for the dialog
+    nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(aCtx);
+    
+    nsCOMPtr<nsIWindowWatcher> windowWatcher = 
+        do_GetService("@mozilla.org/embedcomp/window-watcher;1", &rv);
+    if (NS_FAILED(rv))
+        return rv;
+    
+    if (!parent) {
+        windowWatcher->GetActiveWindow(getter_AddRefs(parent));
+    }
+    
+    nsCOMPtr<mozIDOMWindowProxy> newWindow;
+    rv = windowWatcher->OpenWindow(parent,
+        "chrome://pippki/content/protectedAuth.xul",
+        "_blank",
+        "centerscreen,chrome,modal,titlebar,close=no",
+        runnable,
+        getter_AddRefs(newWindow));
+    
+    return rv;
+}
diff --git a/security/manager/pki/nsNSSDialogs.h b/security/manager/pki/nsNSSDialogs.h
new file mode 100644
index 000000000..164d661ee
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogs.h
@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSDialogs_h
+#define nsNSSDialogs_h
+
+#include "nsCOMPtr.h"
+#include "nsICertificateDialogs.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsIGenKeypairInfoDlg.h"
+#include "nsIStringBundle.h"
+#include "nsITokenDialogs.h"
+#include "nsITokenPasswordDialogs.h"
+
+#define NS_NSSDIALOGS_CID \
+  { 0x518e071f, 0x1dd2, 0x11b2, \
+    { 0x93, 0x7e, 0xc4, 0x5f, 0x14, 0xde, 0xf7, 0x78 }}
+
+class nsNSSDialogs : public nsICertificateDialogs
+                   , public nsIClientAuthDialogs
+                   , public nsIGeneratingKeypairInfoDialogs
+                   , public nsITokenDialogs
+                   , public nsITokenPasswordDialogs
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSITOKENPASSWORDDIALOGS
+  NS_DECL_NSICERTIFICATEDIALOGS
+  NS_DECL_NSICLIENTAUTHDIALOGS
+  NS_DECL_NSITOKENDIALOGS
+  NS_DECL_NSIGENERATINGKEYPAIRINFODIALOGS
+  nsNSSDialogs();
+
+  nsresult Init();
+
+protected:
+  virtual ~nsNSSDialogs();
+  nsCOMPtr<nsIStringBundle> mPIPStringBundle;
+};
+
+#endif // nsNSSDialogs_h
diff --git a/security/manager/pki/nsPKIModule.cpp b/security/manager/pki/nsPKIModule.cpp
new file mode 100644
index 000000000..fc4c5689c
--- /dev/null
+++ b/security/manager/pki/nsPKIModule.cpp
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/ModuleUtils.h"
+#include "nsASN1Tree.h"
+#include "nsNSSDialogs.h"
+
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSDialogs, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSASN1Tree)
+
+NS_DEFINE_NAMED_CID(NS_NSSDIALOGS_CID);
+NS_DEFINE_NAMED_CID(NS_NSSASN1OUTINER_CID);
+
+
+static const mozilla::Module::CIDEntry kPKICIDs[] = {
+  { &kNS_NSSDIALOGS_CID, false, nullptr, nsNSSDialogsConstructor },
+  { &kNS_NSSASN1OUTINER_CID, false, nullptr, nsNSSASN1TreeConstructor },
+  { nullptr }
+};
+
+static const mozilla::Module::ContractIDEntry kPKIContracts[] = {
+  { NS_TOKENPASSWORDSDIALOG_CONTRACTID, &kNS_NSSDIALOGS_CID },
+  { NS_CERTIFICATEDIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
+  { NS_CLIENTAUTHDIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
+  { NS_TOKENDIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
+  { NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
+  { NS_ASN1TREE_CONTRACTID, &kNS_NSSASN1OUTINER_CID },
+  { nullptr }
+};
+
+static const mozilla::Module kPKIModule = {
+  mozilla::Module::kVersion,
+  kPKICIDs,
+  kPKIContracts
+};
+
+NSMODULE_DEFN(PKI) = &kPKIModule;
diff --git a/security/manager/pki/resources/content/CAOverlay.xul b/security/manager/pki/resources/content/CAOverlay.xul
new file mode 100644
index 000000000..ba4f4abf8
--- /dev/null
+++ b/security/manager/pki/resources/content/CAOverlay.xul
@@ -0,0 +1,55 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<overlay id="CAOverlay" 
+         xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
+         xmlns:cert="http://netscape.com/rdf-cert#" 
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+  <vbox id="CACerts">
+    <description>&certmgr.cas;</description>
+    <separator class="thin"/>
+    <tree id="ca-tree" flex="1" enableColumnDrag="true"
+              onselect="ca_enableButtons()">
+      <treecols>
+        <treecol id="certcol" label="&certmgr.certname;" primary="true" 
+                     persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="tokencol" label="&certmgr.tokenname;"
+                     persist="hidden width ordinal" flex="1"/>
+      </treecols>
+      <treechildren ondblclick="viewCerts();"/>
+    </tree>
+
+    <separator class="thin"/>
+
+    <hbox>
+      <button id="ca_viewButton"
+              label="&certmgr.view2.label;"
+              accesskey="&certmgr.view2.accesskey;"
+              disabled="true" oncommand="viewCerts();"/>
+      <button id="ca_editButton"
+              label="&certmgr.edit3.label;"
+              accesskey="&certmgr.edit3.accesskey;"
+              disabled="true" oncommand="editCerts();"/>
+      <button id="ca_addButton"
+              label="&certmgr.restore2.label;"
+              accesskey="&certmgr.restore2.accesskey;"
+              oncommand="addCACerts();"/>
+      <button id="ca_exportButton"
+              label="&certmgr.export.label;"
+              accesskey="&certmgr.export.accesskey;"
+              disabled="true" oncommand="exportCerts();"/>
+      <button id="ca_deleteButton"
+              label="&certmgr.delete_builtin.label;"
+              accesskey="&certmgr.delete_builtin.accesskey;"
+              disabled="true" oncommand="deleteCerts();"/>
+    </hbox>
+  </vbox>
+</overlay>
diff --git a/security/manager/pki/resources/content/MineOverlay.xul b/security/manager/pki/resources/content/MineOverlay.xul
new file mode 100644
index 000000000..57526ac0f
--- /dev/null
+++ b/security/manager/pki/resources/content/MineOverlay.xul
@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<overlay id="MineOverlay" 
+         xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
+         xmlns:cert="http://netscape.com/rdf-cert#" 
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+  <vbox id="myCerts">
+    <description>&certmgr.mine;</description>
+    <separator class="thin"/>
+    <tree id="user-tree" flex="1" enableColumnDrag="true"
+              onselect="mine_enableButtons()">
+      <treecols>
+        <treecol id="certcol" label="&certmgr.certname;" primary="true" 
+                     persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="tokencol" label="&certmgr.tokenname;"
+                     persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="serialnumcol" label="&certmgr.serial;"
+                     persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="issuedcol" label="&certmgr.begins;"
+                     hidden="true" persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="expiredcol" label="&certmgr.expires;"
+                     persist="hidden width ordinal" flex="1"/>
+      </treecols>
+      <treechildren ondblclick="viewCerts();"/>
+    </tree>
+    
+    <separator class="thin"/>
+
+    <hbox>
+       <button id="mine_viewButton" class="normal" 
+               label="&certmgr.view2.label;"
+               accesskey="&certmgr.view2.accesskey;"
+               disabled="true" oncommand="viewCerts();"/>
+       <button id="mine_backupButton" class="normal" 
+               label="&certmgr.backup2.label;"
+               accesskey="&certmgr.backup2.accesskey;"
+               disabled="true" oncommand="backupCerts();"/>
+       <button id="mine_backupAllButton" class="normal" 
+               label="&certmgr.backupall2.label;"
+               accesskey="&certmgr.backupall2.accesskey;"
+               oncommand="backupAllCerts();"/>
+       <button id="mine_restoreButton" class="normal" 
+               label="&certmgr.restore2.label;"
+               accesskey="&certmgr.restore2.accesskey;"
+               oncommand="restoreCerts();"/>
+       <button id="mine_deleteButton" class="normal" 
+               label="&certmgr.delete2.label;"
+               accesskey="&certmgr.delete2.accesskey;"
+               disabled="true" oncommand="deleteCerts();"/>
+    </hbox>
+  </vbox>
+</overlay>
diff --git a/security/manager/pki/resources/content/OrphanOverlay.xul b/security/manager/pki/resources/content/OrphanOverlay.xul
new file mode 100644
index 000000000..a81ca9424
--- /dev/null
+++ b/security/manager/pki/resources/content/OrphanOverlay.xul
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<overlay id="OrphanOverlay" 
+         xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
+         xmlns:cert="http://netscape.com/rdf-cert#" 
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+  <vbox id="OrphanCerts">
+    <description>&certmgr.orphans;</description>
+    <separator class="thin"/>
+    <tree id="orphan-tree" flex="1" enableColumnDrag="true"
+              onselect="orphan_enableButtons()">
+      <treecols>
+        <treecol id="certcol" label="&certmgr.certname;" primary="true" 
+                     persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="tokencol" label="&certmgr.tokenname;"
+                     persist="hidden width ordinal" flex="1"/>
+      </treecols>
+      <treechildren ondblclick="viewCerts();"/>
+    </tree>
+    
+    <separator class="thin"/>
+
+    <hbox>
+       <button id="orphan_viewButton" class="normal" 
+               label="&certmgr.view2.label;"
+               accesskey="&certmgr.view2.accesskey;"
+               disabled="true" oncommand="viewCerts();"/>
+       <button id="orphan_exportButton" class="normal" 
+               label="&certmgr.export.label;"
+               accesskey="&certmgr.export.accesskey;"
+               disabled="true" oncommand="exportCerts();"/>
+       <button id="orphan_deleteButton" class="normal" 
+               label="&certmgr.delete2.label;"
+               accesskey="&certmgr.delete2.accesskey;"
+               disabled="true" oncommand="deleteCerts();"/>
+    </hbox>
+  </vbox>
+</overlay>
diff --git a/security/manager/pki/resources/content/OthersOverlay.xul b/security/manager/pki/resources/content/OthersOverlay.xul
new file mode 100644
index 000000000..0f5154277
--- /dev/null
+++ b/security/manager/pki/resources/content/OthersOverlay.xul
@@ -0,0 +1,54 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<overlay id="OthersOverlay"
+         xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
+         xmlns:cert="http://netscape.com/rdf-cert#" 
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+  <vbox id="othersCerts">
+    <description>&certmgr.others;</description>
+    <separator class="thin"/>
+    <tree id="email-tree" flex="1"
+              onselect="email_enableButtons()">
+      <treecols>
+        <treecol id="certcol" label="&certmgr.certname;" primary="true" 
+                     flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="emailcol" label="&certmgr.email;"
+                     flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="expiredcol" label="&certmgr.expires;"
+                 flex="1"/>
+      </treecols>
+      <treechildren flex="1" ondblclick="viewCerts();"/>
+    </tree>
+
+    <separator class="thin"/>
+
+    <hbox>
+      <button id="email_viewButton"
+              label="&certmgr.view2.label;"
+              accesskey="&certmgr.view2.accesskey;"
+              disabled="true" oncommand="viewCerts();"/>
+      <button id="email_addButton"
+              label="&certmgr.restore2.label;"
+              accesskey="&certmgr.restore2.accesskey;"
+              oncommand="addEmailCert();"/>
+      <button id="email_exportButton"
+              label="&certmgr.export.label;"
+              accesskey="&certmgr.export.accesskey;"
+              disabled="true" oncommand="exportCerts();"/>
+      <button id="email_deleteButton"
+              label="&certmgr.delete2.label;"
+              accesskey="&certmgr.delete2.accesskey;"
+              disabled="true" oncommand="deleteCerts();"/>
+    </hbox>
+  </vbox>
+</overlay>
diff --git a/security/manager/pki/resources/content/WebSitesOverlay.xul b/security/manager/pki/resources/content/WebSitesOverlay.xul
new file mode 100644
index 000000000..e0f3ae788
--- /dev/null
+++ b/security/manager/pki/resources/content/WebSitesOverlay.xul
@@ -0,0 +1,57 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<overlay id="WebSitesOverlay" 
+         xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
+         xmlns:cert="http://netscape.com/rdf-cert#" 
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+  <vbox id="webCerts">
+    <description>&certmgr.websites2;</description>
+    <separator class="thin"/>
+    <tree id="server-tree" flex="1" enableColumnDrag="true"
+              onselect="websites_enableButtons()">
+      <treecols>
+        <treecol id="certcol" label="&certmgr.certname;" primary="true" 
+                     persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="sitecol" label="&certmgr.certserver;" 
+                 persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="lifetimecol" label="&certmgr.override_lifetime;" 
+                 persist="hidden width ordinal" flex="1"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="expiredcol" label="&certmgr.expires;"
+                 persist="hidden width ordinal" flex="1"/>
+      </treecols>
+      <treechildren ondblclick="viewCerts();"/>
+    </tree>
+
+    <separator class="thin"/>
+
+    <hbox>
+      <button id="websites_viewButton"
+              label="&certmgr.view2.label;"
+              accesskey="&certmgr.view2.accesskey;"
+              disabled="true" oncommand="viewCerts();"/>
+      <button id="websites_exportButton"
+              label="&certmgr.export.label;"
+              accesskey="&certmgr.export.accesskey;"
+              disabled="true" oncommand="exportCerts();"/>
+      <button id="websites_deleteButton"
+              label="&certmgr.delete2.label;"
+              accesskey="&certmgr.delete2.accesskey;"
+              disabled="true" oncommand="deleteCerts();"/>
+      <button id="websites_exceptionButton"
+              label="&certmgr.addException.label;"
+              accesskey="&certmgr.addException.accesskey;"
+              oncommand="addException();"/>
+    </hbox>
+  </vbox>
+</overlay>
diff --git a/security/manager/pki/resources/content/certDump.xul b/security/manager/pki/resources/content/certDump.xul
new file mode 100644
index 000000000..74d9b3f8b
--- /dev/null
+++ b/security/manager/pki/resources/content/certDump.xul
@@ -0,0 +1,44 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<overlay id="certDumpOverlay"
+         xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+         xmlns:cert="http://netscape.com/rdf-cert#"
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+<vbox class="box-padded" id="certPrettyPrint" flex="1">
+  <label class="header" value="&certmgr.hierarchy.label;"
+         control="treesetDump" accesskey="&certmgr.hierarchy.accesskey2;"/>
+  <tree id="treesetDump" onselect="updateCertDump();" flex="1"
+        hidecolumnpicker="true" style="height: 8em;">
+    <treecols>
+      <treecol id="dumpCol" flex="1" primary="true" hideheader="true"/>
+    </treecols>
+  </tree>
+
+  <label class="header" value="&certmgr.details.label;"
+         control="prettyDumpTree" accesskey="&certmgr.details.accesskey;"/>
+  <tree id="prettyDumpTree" style="height: 15em" treelines="true" flex="1"
+            onselect="displaySelected();" hidecolumnpicker="true">
+    <treecols>
+      <treecol flex="1" id="certDataCol" primary="true" hideheader="true"/>
+    </treecols>
+    <treechildren/>
+  </tree>
+
+  <label class="header" value="&certmgr.fields.label;"
+         control="certDumpVal" accesskey="&certmgr.fields.accesskey;"/>
+  <textbox id="certDumpVal" multiline="true" flex="1"
+           readonly="true" style="height: 11em; font-family: -moz-fixed;"/>
+
+  <separator class="thin"/>
+  <hbox>
+    <button id="export_cert" class="normal" label="&certmgr.export.label;"
+            accesskey="&certmgr.export.accesskey;"
+            oncommand="exportToFile(window, getCurrentCert());"/>
+  </hbox>
+</vbox>
+</overlay>
diff --git a/security/manager/pki/resources/content/certManager.js b/security/manager/pki/resources/content/certManager.js
new file mode 100644
index 000000000..c52477442
--- /dev/null
+++ b/security/manager/pki/resources/content/certManager.js
@@ -0,0 +1,542 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+const nsIFilePicker = Components.interfaces.nsIFilePicker;
+const nsFilePicker = "@mozilla.org/filepicker;1";
+const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
+const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
+const nsIX509Cert = Components.interfaces.nsIX509Cert;
+const nsICertTree = Components.interfaces.nsICertTree;
+const nsCertTree = "@mozilla.org/security/nsCertTree;1";
+
+const gCertFileTypes = "*.p7b; *.crt; *.cert; *.cer; *.pem; *.der";
+
+var { NetUtil } = Components.utils.import("resource://gre/modules/NetUtil.jsm", {});
+var { Services } = Components.utils.import("resource://gre/modules/Services.jsm", {});
+
+var key;
+
+/**
+ * List of certs currently selected in the active tab.
+ * @type nsIX509Cert[]
+ */
+var selected_certs = [];
+var selected_tree_items = [];
+var selected_index = [];
+var certdb;
+
+/**
+ * Cert tree for the "Authorities" tab.
+ * @type nsICertTree
+ */
+var caTreeView;
+/**
+ * Cert tree for the "Servers" tab.
+ * @type nsICertTree
+ */
+var serverTreeView;
+/**
+ * Cert tree for the "People" tab.
+ * @type nsICertTree
+ */
+var emailTreeView;
+/**
+ * Cert tree for the "Your Certificates" tab.
+ * @type nsICertTree
+ */
+var userTreeView;
+/**
+ * Cert tree for the "Other" tab.
+ * @type nsICertTree
+ */
+var orphanTreeView;
+
+var smartCardObserver = {
+  observe: function() {
+    onSmartCardChange();
+  }
+};
+
+function DeregisterSmartCardObservers()
+{
+  Services.obs.removeObserver(smartCardObserver, "smartcard-insert");
+  Services.obs.removeObserver(smartCardObserver, "smartcard-remove");
+}
+
+function LoadCerts()
+{
+  Services.obs.addObserver(smartCardObserver, "smartcard-insert", false);
+  Services.obs.addObserver(smartCardObserver, "smartcard-remove", false);
+
+  certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
+  var certcache = certdb.getCerts();
+
+  caTreeView = Components.classes[nsCertTree]
+                    .createInstance(nsICertTree);
+  caTreeView.loadCertsFromCache(certcache, nsIX509Cert.CA_CERT);
+  document.getElementById('ca-tree').view = caTreeView;
+
+  serverTreeView = Components.classes[nsCertTree]
+                        .createInstance(nsICertTree);
+  serverTreeView.loadCertsFromCache(certcache, nsIX509Cert.SERVER_CERT);
+  document.getElementById('server-tree').view = serverTreeView;
+
+  emailTreeView = Components.classes[nsCertTree]
+                       .createInstance(nsICertTree);
+  emailTreeView.loadCertsFromCache(certcache, nsIX509Cert.EMAIL_CERT);
+  document.getElementById('email-tree').view = emailTreeView;
+
+  userTreeView = Components.classes[nsCertTree]
+                      .createInstance(nsICertTree);
+  userTreeView.loadCertsFromCache(certcache, nsIX509Cert.USER_CERT);
+  document.getElementById('user-tree').view = userTreeView;
+
+  orphanTreeView = Components.classes[nsCertTree]
+                      .createInstance(nsICertTree);
+  orphanTreeView.loadCertsFromCache(certcache, nsIX509Cert.UNKNOWN_CERT);
+  document.getElementById('orphan-tree').view = orphanTreeView;
+
+  enableBackupAllButton();
+}
+
+function enableBackupAllButton()
+{
+  let backupAllButton = document.getElementById("mine_backupAllButton");
+  backupAllButton.disabled = userTreeView.rowCount < 1;
+}
+
+function getSelectedCerts()
+{
+  var ca_tab = document.getElementById("ca_tab");
+  var mine_tab = document.getElementById("mine_tab");
+  var others_tab = document.getElementById("others_tab");
+  var websites_tab = document.getElementById("websites_tab");
+  var orphan_tab = document.getElementById("orphan_tab");
+  var items = null;
+  if (ca_tab.selected) {
+    items = caTreeView.selection;
+  } else if (mine_tab.selected) {
+    items = userTreeView.selection;
+  } else if (others_tab.selected) {
+    items = emailTreeView.selection;
+  } else if (websites_tab.selected) {
+    items = serverTreeView.selection;
+  } else if (orphan_tab.selected) {
+    items = orphanTreeView.selection;
+  }
+  selected_certs = [];
+  var cert = null;
+  var nr = 0;
+  if (items != null) nr = items.getRangeCount();
+  if (nr > 0) {
+    for (let i = 0; i < nr; i++) {
+      var o1 = {};
+      var o2 = {};
+      items.getRangeAt(i, o1, o2);
+      var min = o1.value;
+      var max = o2.value;
+      for (let j = min; j <= max; j++) {
+        if (ca_tab.selected) {
+          cert = caTreeView.getCert(j);
+        } else if (mine_tab.selected) {
+          cert = userTreeView.getCert(j);
+        } else if (others_tab.selected) {
+          cert = emailTreeView.getCert(j);
+        } else if (websites_tab.selected) {
+          cert = serverTreeView.getCert(j);
+        } else if (orphan_tab.selected) {
+          cert = orphanTreeView.getCert(j);
+        }
+        if (cert) {
+          var sc = selected_certs.length;
+          selected_certs[sc] = cert;
+          selected_index[sc] = j;
+        }
+      }
+    }
+  }
+}
+
+function getSelectedTreeItems()
+{
+  var ca_tab = document.getElementById("ca_tab");
+  var mine_tab = document.getElementById("mine_tab");
+  var others_tab = document.getElementById("others_tab");
+  var websites_tab = document.getElementById("websites_tab");
+  var orphan_tab = document.getElementById("orphan_tab");
+  var items = null;
+  if (ca_tab.selected) {
+    items = caTreeView.selection;
+  } else if (mine_tab.selected) {
+    items = userTreeView.selection;
+  } else if (others_tab.selected) {
+    items = emailTreeView.selection;
+  } else if (websites_tab.selected) {
+    items = serverTreeView.selection;
+  } else if (orphan_tab.selected) {
+    items = orphanTreeView.selection;
+  }
+  selected_certs = [];
+  selected_tree_items = [];
+  selected_index = [];
+  var tree_item = null;
+  var nr = 0;
+  if (items != null) nr = items.getRangeCount();
+  if (nr > 0) {
+    for (let i = 0; i < nr; i++) {
+      var o1 = {};
+      var o2 = {};
+      items.getRangeAt(i, o1, o2);
+      var min = o1.value;
+      var max = o2.value;
+      for (let j = min; j <= max; j++) {
+        if (ca_tab.selected) {
+          tree_item = caTreeView.getTreeItem(j);
+        } else if (mine_tab.selected) {
+          tree_item = userTreeView.getTreeItem(j);
+        } else if (others_tab.selected) {
+          tree_item = emailTreeView.getTreeItem(j);
+        } else if (websites_tab.selected) {
+          tree_item = serverTreeView.getTreeItem(j);
+        } else if (orphan_tab.selected) {
+          tree_item = orphanTreeView.getTreeItem(j);
+        }
+        if (tree_item) {
+          var sc = selected_tree_items.length;
+          selected_tree_items[sc] = tree_item;
+          selected_index[sc] = j;
+        }
+      }
+    }
+  }
+}
+
+/**
+ * Returns true if nothing in the given cert tree is selected or if the
+ * selection includes a container. Returns false otherwise.
+ *
+ * @param {nsICertTree} certTree
+ * @returns {Boolean}
+ */
+function nothingOrContainerSelected(certTree)
+{
+  var certTreeSelection = certTree.selection;
+  var numSelectionRanges = certTreeSelection.getRangeCount();
+
+  if (numSelectionRanges == 0) {
+    return true;
+  }
+
+  for (var i = 0; i < numSelectionRanges; i++) {
+    var o1 = {};
+    var o2 = {};
+    certTreeSelection.getRangeAt(i, o1, o2);
+    var minIndex = o1.value;
+    var maxIndex = o2.value;
+    for (var j = minIndex; j <= maxIndex; j++) {
+      if (certTree.isContainer(j)) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
+
+/**
+ * Enables or disables buttons corresponding to a cert tree depending on what
+ * is selected in the cert tree.
+ *
+ * @param {nsICertTree} certTree
+ * @param {Array} idList A list of string identifiers for button elements to
+ *    enable or disable.
+ */
+function enableButtonsForCertTree(certTree, idList)
+{
+  let disableButtons = nothingOrContainerSelected(certTree);
+
+  for (let id of idList) {
+    document.getElementById(id).setAttribute("disabled", disableButtons);
+  }
+}
+
+function ca_enableButtons()
+{
+  let idList = [
+    "ca_viewButton",
+    "ca_editButton",
+    "ca_exportButton",
+    "ca_deleteButton",
+  ];
+  enableButtonsForCertTree(caTreeView, idList);
+}
+
+function mine_enableButtons()
+{
+  let idList = [
+    "mine_viewButton",
+    "mine_backupButton",
+    "mine_deleteButton",
+  ];
+  enableButtonsForCertTree(userTreeView, idList);
+}
+
+function websites_enableButtons()
+{
+  let idList = [
+    "websites_viewButton",
+    "websites_exportButton",
+    "websites_deleteButton",
+  ];
+  enableButtonsForCertTree(serverTreeView, idList);
+}
+
+function email_enableButtons()
+{
+  let idList = [
+    "email_viewButton",
+    "email_exportButton",
+    "email_deleteButton",
+  ];
+  enableButtonsForCertTree(emailTreeView, idList);
+}
+
+function orphan_enableButtons()
+{
+  let idList = [
+    "orphan_viewButton",
+    "orphan_exportButton",
+    "orphan_deleteButton",
+  ];
+  enableButtonsForCertTree(orphanTreeView, idList);
+}
+
+function backupCerts()
+{
+  getSelectedCerts();
+  var numcerts = selected_certs.length;
+  if (numcerts == 0) {
+    return;
+  }
+
+  var bundle = document.getElementById("pippki_bundle");
+  var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
+  fp.init(window,
+          bundle.getString("chooseP12BackupFileDialog"),
+          nsIFilePicker.modeSave);
+  fp.appendFilter(bundle.getString("file_browse_PKCS12_spec"),
+                  "*.p12");
+  fp.appendFilters(nsIFilePicker.filterAll);
+  var rv = fp.show();
+  if (rv == nsIFilePicker.returnOK || rv == nsIFilePicker.returnReplace) {
+    certdb.exportPKCS12File(null, fp.file, selected_certs.length,
+                            selected_certs);
+  }
+}
+
+function backupAllCerts()
+{
+  // Select all rows, then call doBackup()
+  var items = userTreeView.selection.selectAll();
+  backupCerts();
+}
+
+function editCerts()
+{
+  getSelectedCerts();
+
+  for (let cert of selected_certs) {
+    window.openDialog("chrome://pippki/content/editcacert.xul", "",
+                      "chrome,centerscreen,modal", cert);
+  }
+}
+
+function restoreCerts()
+{
+  var bundle = document.getElementById("pippki_bundle");
+  var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
+  fp.init(window,
+          bundle.getString("chooseP12RestoreFileDialog2"),
+          nsIFilePicker.modeOpen);
+  fp.appendFilter(bundle.getString("file_browse_PKCS12_spec"),
+                  "*.p12; *.pfx");
+  fp.appendFilter(bundle.getString("file_browse_Certificate_spec"),
+                  gCertFileTypes);
+  fp.appendFilters(nsIFilePicker.filterAll);
+  if (fp.show() == nsIFilePicker.returnOK) {
+    // If this is an X509 user certificate, import it as one.
+
+    var isX509FileType = false;
+    var fileTypesList = gCertFileTypes.slice(1).split('; *');
+    for (var type of fileTypesList) {
+      if (fp.file.path.endsWith(type)) {
+        isX509FileType = true;
+        break;
+      }
+    }
+
+    if (isX509FileType) {
+      let fstream = Components.classes["@mozilla.org/network/file-input-stream;1"]
+                      .createInstance(Components.interfaces.nsIFileInputStream);
+      fstream.init(fp.file, -1, 0, 0);
+      let dataString = NetUtil.readInputStreamToString(fstream, fstream.available());
+      let dataArray = [];
+      for (let i = 0; i < dataString.length; i++) {
+        dataArray.push(dataString.charCodeAt(i));
+      }
+      fstream.close();
+      let prompter = Services.ww.getNewPrompter(window);
+      let interfaceRequestor = {
+        getInterface: function() {
+          return prompter;
+        }
+      };
+      certdb.importUserCertificate(dataArray, dataArray.length, interfaceRequestor);
+    } else {
+      // Otherwise, assume it's a PKCS12 file and import it that way.
+      certdb.importPKCS12File(null, fp.file);
+    }
+
+    var certcache = certdb.getCerts();
+    userTreeView.loadCertsFromCache(certcache, nsIX509Cert.USER_CERT);
+    userTreeView.selection.clearSelection();
+    caTreeView.loadCertsFromCache(certcache, nsIX509Cert.CA_CERT);
+    caTreeView.selection.clearSelection();
+    enableBackupAllButton();
+  }
+}
+
+function exportCerts()
+{
+  getSelectedCerts();
+
+  for (let cert of selected_certs) {
+    exportToFile(window, cert);
+  }
+}
+
+/**
+ * Deletes the selected certs in the active tab.
+ */
+function deleteCerts() {
+  getSelectedTreeItems();
+  let numcerts = selected_tree_items.length;
+  if (numcerts == 0) {
+    return;
+  }
+
+  const treeViewMap = {
+    "mine_tab": userTreeView,
+    "websites_tab": serverTreeView,
+    "ca_tab": caTreeView,
+    "others_tab": emailTreeView,
+    "orphan_tab": orphanTreeView,
+  };
+  let selTab = document.getElementById("certMgrTabbox").selectedItem;
+  let selTabID = selTab.getAttribute("id");
+
+  if (!(selTabID in treeViewMap)) {
+    return;
+  }
+
+  let retVals = {
+    deleteConfirmed: false,
+  };
+  window.openDialog("chrome://pippki/content/deletecert.xul", "",
+                    "chrome,centerscreen,modal", selTabID, selected_tree_items,
+                    retVals);
+
+  if (retVals.deleteConfirmed) {
+    let treeView = treeViewMap[selTabID];
+
+    for (let t = numcerts - 1; t >= 0; t--) {
+      treeView.deleteEntryObject(selected_index[t]);
+    }
+
+    selected_tree_items = [];
+    selected_index = [];
+    treeView.selection.clearSelection();
+    if (selTabID == "mine_tab") {
+      enableBackupAllButton();
+    }
+  }
+}
+
+function viewCerts()
+{
+  getSelectedCerts();
+
+  for (let cert of selected_certs) {
+    viewCertHelper(window, cert);
+  }
+}
+
+function addCACerts()
+{
+  var bundle = document.getElementById("pippki_bundle");
+  var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
+  fp.init(window,
+          bundle.getString("importCACertsPrompt"),
+          nsIFilePicker.modeOpen);
+  fp.appendFilter(bundle.getString("file_browse_Certificate_spec"),
+                  gCertFileTypes);
+  fp.appendFilters(nsIFilePicker.filterAll);
+  if (fp.show() == nsIFilePicker.returnOK) {
+    certdb.importCertsFromFile(fp.file, nsIX509Cert.CA_CERT);
+    caTreeView.loadCerts(nsIX509Cert.CA_CERT);
+    caTreeView.selection.clearSelection();
+  }
+}
+
+function onSmartCardChange()
+{
+  var certcache = certdb.getCerts();
+  // We've change the state of the smart cards inserted or removed
+  // that means the available certs may have changed. Update the display
+  userTreeView.loadCertsFromCache(certcache, nsIX509Cert.USER_CERT);
+  userTreeView.selection.clearSelection();
+  caTreeView.loadCertsFromCache(certcache, nsIX509Cert.CA_CERT);
+  caTreeView.selection.clearSelection();
+  serverTreeView.loadCertsFromCache(certcache, nsIX509Cert.SERVER_CERT);
+  serverTreeView.selection.clearSelection();
+  emailTreeView.loadCertsFromCache(certcache, nsIX509Cert.EMAIL_CERT);
+  emailTreeView.selection.clearSelection();
+  orphanTreeView.loadCertsFromCache(certcache, nsIX509Cert.UNKNOWN_CERT);
+  orphanTreeView.selection.clearSelection();
+}
+
+function addEmailCert()
+{
+  var bundle = document.getElementById("pippki_bundle");
+  var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
+  fp.init(window,
+          bundle.getString("importEmailCertPrompt"),
+          nsIFilePicker.modeOpen);
+  fp.appendFilter(bundle.getString("file_browse_Certificate_spec"),
+                  gCertFileTypes);
+  fp.appendFilters(nsIFilePicker.filterAll);
+  if (fp.show() == nsIFilePicker.returnOK) {
+    certdb.importCertsFromFile(fp.file, nsIX509Cert.EMAIL_CERT);
+    var certcache = certdb.getCerts();
+    emailTreeView.loadCertsFromCache(certcache, nsIX509Cert.EMAIL_CERT);
+    emailTreeView.selection.clearSelection();
+    caTreeView.loadCertsFromCache(certcache, nsIX509Cert.CA_CERT);
+    caTreeView.selection.clearSelection();
+  }
+}
+
+function addException()
+{
+  window.openDialog('chrome://pippki/content/exceptionDialog.xul', "",
+                    'chrome,centerscreen,modal');
+  var certcache = certdb.getCerts();
+  serverTreeView.loadCertsFromCache(certcache, nsIX509Cert.SERVER_CERT);
+  serverTreeView.selection.clearSelection();
+  orphanTreeView.loadCertsFromCache(certcache, nsIX509Cert.UNKNOWN_CERT);
+  orphanTreeView.selection.clearSelection();
+}
diff --git a/security/manager/pki/resources/content/certManager.xul b/security/manager/pki/resources/content/certManager.xul
new file mode 100644
index 000000000..3ea5862e4
--- /dev/null
+++ b/security/manager/pki/resources/content/certManager.xul
@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<?xul-overlay href="chrome://pippki/content/MineOverlay.xul"?>
+<?xul-overlay href="chrome://pippki/content/OthersOverlay.xul"?>
+<?xul-overlay href="chrome://pippki/content/WebSitesOverlay.xul"?>
+<?xul-overlay href="chrome://pippki/content/CAOverlay.xul"?>
+<?xul-overlay href="chrome://pippki/content/OrphanOverlay.xul"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<dialog id="certmanager"
+	windowtype="mozilla:certmanager"
+	xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        title="&certmgr.title;"
+        onload="LoadCerts();"
+        onunload="DeregisterSmartCardObservers();"
+        buttons="accept"
+        style="width: 63em; height: 32em;"
+        persist="screenX screenY width height">
+
+  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+  <script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+  <script type="application/javascript" src="chrome://pippki/content/certManager.js"/>
+
+  <vbox flex="1">
+    <tabbox id="certmanagertabs" flex="1" style="margin:5px" persist="selectedIndex">
+      <tabs id="certMgrTabbox">
+        <tab id="mine_tab" label="&certmgr.tab.mine;"/>
+        <tab id="others_tab" label="&certmgr.tab.others2;"/>
+        <tab id="websites_tab" label="&certmgr.tab.websites3;"/>
+        <tab id="ca_tab" label="&certmgr.tab.ca;" selected="true"/>
+        <tab id="orphan_tab" label="&certmgr.tab.orphan2;"/>
+      </tabs>
+      <tabpanels flex="1">
+        <vbox id="myCerts" flex="1"/>
+        <vbox id="othersCerts" flex="1"/>
+        <vbox id="webCerts" flex="1"/>
+        <vbox id="CACerts" flex="1"/>
+        <vbox id="OrphanCerts" flex="1"/>
+      </tabpanels>
+    </tabbox>
+
+  </vbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/certViewer.js b/security/manager/pki/resources/content/certViewer.js
new file mode 100644
index 000000000..c62507694
--- /dev/null
+++ b/security/manager/pki/resources/content/certViewer.js
@@ -0,0 +1,354 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+/**
+ * @file Implements functionality for certViewer.xul and its tabs certDump.xul
+ *       and viewCertDetails.xul: a dialog that allows various attributes of a
+ *       certificate to be viewed.
+ * @argument {nsISupports} window.arguments[0]
+ *           The cert to view, queryable to nsIX509Cert.
+ */
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+
+const nsIX509Cert = Ci.nsIX509Cert;
+const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
+const nsIX509CertDB = Ci.nsIX509CertDB;
+const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
+const nsIPK11TokenDB = Ci.nsIPK11TokenDB;
+const nsIASN1Object = Ci.nsIASN1Object;
+const nsIASN1Sequence = Ci.nsIASN1Sequence;
+const nsIASN1PrintableItem = Ci.nsIASN1PrintableItem;
+const nsIASN1Tree = Ci.nsIASN1Tree;
+const nsASN1Tree = "@mozilla.org/security/nsASN1Tree;1";
+
+var bundle;
+
+function doPrompt(msg)
+{
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  prompts.alert(window, null, msg);
+}
+
+/**
+ * Fills out the "Certificate Hierarchy" tree of the cert viewer "Details" tab.
+ *
+ * @param {tree} node
+ *        Parent tree node to append to.
+ * @param {nsIArray<nsIX509Cert>} chain
+ *        Chain where cert element n is issued by cert element n + 1.
+ */
+function AddCertChain(node, chain)
+{
+  var child = document.getElementById(node);
+  var currCert;
+  var displayVal;
+  for (let i = chain.length - 1; i >= 0; i--) {
+    currCert = chain.queryElementAt(i, nsIX509Cert);
+    if (currCert.commonName) {
+      displayVal = currCert.commonName;
+    } else {
+      displayVal = currCert.windowTitle;
+    }
+    let addTwistie = i != 0;
+    child = addChildrenToTree(child, displayVal, currCert.dbKey, addTwistie);
+  }
+}
+
+/**
+ * Adds a "verified usage" of a cert to the "General" tab of the cert viewer.
+ *
+ * @param {String} usage
+ *        Verified usage to add.
+ */
+function AddUsage(usage)
+{
+  let verifyInfoBox = document.getElementById("verify_info_box");
+  let text = document.createElement("textbox");
+  text.setAttribute("value", usage);
+  text.setAttribute("style", "margin: 2px 5px");
+  text.setAttribute("readonly", "true");
+  text.setAttribute("class", "scrollfield");
+  verifyInfoBox.appendChild(text);
+}
+
+function setWindowName()
+{
+  bundle = document.getElementById("pippki_bundle");
+
+  let cert = window.arguments[0].QueryInterface(Ci.nsIX509Cert);
+  document.title = bundle.getFormattedString("certViewerTitle",
+                                             [cert.windowTitle]);
+
+  //
+  //  Set the cert attributes for viewing
+  //
+
+  //  The chain of trust
+  AddCertChain("treesetDump", cert.getChain());
+  DisplayGeneralDataFromCert(cert);
+  BuildPrettyPrint(cert);
+
+  asyncDetermineUsages(cert);
+}
+
+// Certificate usages we care about in the certificate viewer.
+const certificateUsageSSLClient              = 0x0001;
+const certificateUsageSSLServer              = 0x0002;
+const certificateUsageSSLCA                  = 0x0008;
+const certificateUsageEmailSigner            = 0x0010;
+const certificateUsageEmailRecipient         = 0x0020;
+const certificateUsageObjectSigner           = 0x0040;
+
+// A map from the name of a certificate usage to the value of the usage.
+// Useful for printing debugging information and for enumerating all supported
+// usages.
+const certificateUsages = {
+  certificateUsageSSLClient,
+  certificateUsageSSLServer,
+  certificateUsageSSLCA,
+  certificateUsageEmailSigner,
+  certificateUsageEmailRecipient,
+  certificateUsageObjectSigner,
+};
+
+// Map of certificate usage name to localization identifier.
+const certificateUsageToStringBundleName = {
+  certificateUsageSSLClient: "VerifySSLClient",
+  certificateUsageSSLServer: "VerifySSLServer",
+  certificateUsageSSLCA: "VerifySSLCA",
+  certificateUsageEmailSigner: "VerifyEmailSigner",
+  certificateUsageEmailRecipient: "VerifyEmailRecip",
+  certificateUsageObjectSigner: "VerifyObjSign",
+};
+
+const PRErrorCodeSuccess = 0;
+
+const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
+const SEC_ERROR_EXPIRED_CERTIFICATE                     = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE                     = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED       = SEC_ERROR_BASE + 176;
+
+/**
+ * Kicks off asynchronous verifications of the given certificate to determine
+ * what usages it is currently valid for. Updates the usage display area when
+ * complete.
+ *
+ * @param {nsIX509Cert} cert
+ *        The certificate to determine valid usages for.
+ */
+function asyncDetermineUsages(cert) {
+  let promises = [];
+  let now = Date.now() / 1000;
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  Object.keys(certificateUsages).forEach(usageString => {
+    promises.push(new Promise((resolve, reject) => {
+      let usage = certificateUsages[usageString];
+      certdb.asyncVerifyCertAtTime(cert, usage, 0, null, now,
+        (aPRErrorCode, aVerifiedChain, aHasEVPolicy) => {
+          resolve({ usageString: usageString, errorCode: aPRErrorCode });
+        });
+    }));
+  });
+  Promise.all(promises).then(displayUsages);
+}
+
+/**
+ * Updates the usage display area given the results from asyncDetermineUsages.
+ *
+ * @param {Array} results
+ *        An array of objects with the properties "usageString" and "errorCode".
+ *        usageString is a string that is a key in the certificateUsages map.
+ *        errorCode is either an NSPR error code or PRErrorCodeSuccess (which is
+ *        a pseudo-NSPR error code with the value 0 that indicates success).
+ */
+function displayUsages(results) {
+  document.getElementById("verify_pending").setAttribute("hidden", "true");
+  let verified = document.getElementById("verified");
+  let someSuccess = results.some(result =>
+    result.errorCode == PRErrorCodeSuccess
+  );
+  if (someSuccess) {
+    let verifystr = bundle.getString("certVerified");
+    verified.textContent = verifystr;
+    let pipnssBundle = Services.strings.createBundle(
+      "chrome://pipnss/locale/pipnss.properties");
+    results.forEach(result => {
+      if (result.errorCode != PRErrorCodeSuccess) {
+        return;
+      }
+      let bundleName = certificateUsageToStringBundleName[result.usageString];
+      let usage = pipnssBundle.GetStringFromName(bundleName);
+      AddUsage(usage);
+    });
+  } else {
+    const errorRankings = [
+      { error: SEC_ERROR_REVOKED_CERTIFICATE,
+        bundleString: "certNotVerified_CertRevoked" },
+      { error: SEC_ERROR_UNTRUSTED_CERT,
+        bundleString: "certNotVerified_CertNotTrusted" },
+      { error: SEC_ERROR_UNTRUSTED_ISSUER,
+        bundleString: "certNotVerified_IssuerNotTrusted" },
+      { error: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED,
+        bundleString: "certNotVerified_AlgorithmDisabled" },
+      { error: SEC_ERROR_EXPIRED_CERTIFICATE,
+        bundleString: "certNotVerified_CertExpired" },
+      { error: SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,
+        bundleString: "certNotVerified_CAInvalid" },
+      { error: SEC_ERROR_UNKNOWN_ISSUER,
+        bundleString: "certNotVerified_IssuerUnknown" },
+    ];
+    let verifystr;
+    for (let errorRanking of errorRankings) {
+      let errorPresent = results.some(result =>
+        result.errorCode == errorRanking.error
+      );
+      if (errorPresent) {
+        verifystr = bundle.getString(errorRanking.bundleString);
+        break;
+      }
+    }
+    if (!verifystr) {
+      verifystr = bundle.getString("certNotVerified_Unknown");
+    }
+    verified.textContent = verifystr;
+  }
+  // Notify that we are done determining the certificate's valid usages (this
+  // should be treated as an implementation detail that enables tests to run
+  // efficiently - other code in the browser probably shouldn't rely on this).
+  Services.obs.notifyObservers(window, "ViewCertDetails:CertUsagesDone", null);
+}
+
+function addChildrenToTree(parentTree, label, value, addTwistie)
+{
+  let treeChild1 = document.createElement("treechildren");
+  let treeElement = addTreeItemToTreeChild(treeChild1, label, value,
+                                           addTwistie);
+  parentTree.appendChild(treeChild1);
+  return treeElement;
+}
+
+function addTreeItemToTreeChild(treeChild, label, value, addTwistie)
+{
+  let treeElem1 = document.createElement("treeitem");
+  if (addTwistie) {
+    treeElem1.setAttribute("container", "true");
+    treeElem1.setAttribute("open", "true");
+  }
+  let treeRow = document.createElement("treerow");
+  let treeCell = document.createElement("treecell");
+  treeCell.setAttribute("label", label);
+  if (value) {
+    treeCell.setAttribute("display", value);
+  }
+  treeRow.appendChild(treeCell);
+  treeElem1.appendChild(treeRow);
+  treeChild.appendChild(treeElem1);
+  return treeElem1;
+}
+
+function displaySelected() {
+  var asn1Tree = document.getElementById('prettyDumpTree')
+          .view.QueryInterface(nsIASN1Tree);
+  var items = asn1Tree.selection;
+  var certDumpVal = document.getElementById('certDumpVal');
+  if (items.currentIndex != -1) {
+    var value = asn1Tree.getDisplayData(items.currentIndex);
+    certDumpVal.value = value;
+  } else {
+    certDumpVal.value = "";
+  }
+}
+
+function BuildPrettyPrint(cert)
+{
+  var certDumpTree = Components.classes[nsASN1Tree].
+                          createInstance(nsIASN1Tree);
+  certDumpTree.loadASN1Structure(cert.ASN1Structure);
+  document.getElementById('prettyDumpTree').view = certDumpTree;
+}
+
+function addAttributeFromCert(nodeName, value)
+{
+  var node = document.getElementById(nodeName);
+  if (!value) {
+    value = bundle.getString('notPresent');
+  }
+  node.setAttribute('value', value);
+}
+
+/**
+ * Displays information about a cert in the "General" tab of the cert viewer.
+ *
+ * @param {nsIX509Cert} cert
+ *        Cert to display information about.
+ */
+function DisplayGeneralDataFromCert(cert)
+{
+  addAttributeFromCert("commonname", cert.commonName);
+  addAttributeFromCert("organization", cert.organization);
+  addAttributeFromCert("orgunit", cert.organizationalUnit);
+  addAttributeFromCert("serialnumber", cert.serialNumber);
+  addAttributeFromCert("sha256fingerprint", cert.sha256Fingerprint);
+  addAttributeFromCert("sha1fingerprint", cert.sha1Fingerprint);
+  addAttributeFromCert("validitystart", cert.validity.notBeforeLocalDay);
+  addAttributeFromCert("validityend", cert.validity.notAfterLocalDay);
+
+  addAttributeFromCert("issuercommonname", cert.issuerCommonName);
+  addAttributeFromCert("issuerorganization", cert.issuerOrganization);
+  addAttributeFromCert("issuerorgunit", cert.issuerOrganizationUnit);
+}
+
+function updateCertDump()
+{
+  var asn1Tree = document.getElementById('prettyDumpTree')
+          .view.QueryInterface(nsIASN1Tree);
+
+  var tree = document.getElementById('treesetDump');
+  if (tree.currentIndex < 0) {
+    doPrompt("No items are selected."); //This should never happen.
+  } else {
+    var item = tree.contentView.getItemAtIndex(tree.currentIndex);
+    var dbKey = item.firstChild.firstChild.getAttribute('display');
+    //  Get the cert from the cert database
+    var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
+    var cert = certdb.findCertByDBKey(dbKey);
+    asn1Tree.loadASN1Structure(cert.ASN1Structure);
+  }
+  displaySelected();
+}
+
+function getCurrentCert()
+{
+  var realIndex;
+  var tree = document.getElementById('treesetDump');
+  if (tree.view.selection.isSelected(tree.currentIndex)
+      && document.getElementById('prettyprint_tab').selected) {
+    /* if the user manually selected a cert on the Details tab,
+       then take that one  */
+    realIndex = tree.currentIndex;
+  } else {
+    /* otherwise, take the one at the bottom of the chain
+       (i.e. the one of the end-entity, unless we're displaying
+       CA certs) */
+    realIndex = tree.view.rowCount - 1;
+  }
+  if (realIndex >= 0) {
+    var item = tree.contentView.getItemAtIndex(realIndex);
+    var dbKey = item.firstChild.firstChild.getAttribute('display');
+    var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
+    var cert = certdb.findCertByDBKey(dbKey);
+    return cert;
+  }
+  /* shouldn't really happen */
+  return null;
+}
diff --git a/security/manager/pki/resources/content/certViewer.xul b/security/manager/pki/resources/content/certViewer.xul
new file mode 100644
index 000000000..3f2cd3bde
--- /dev/null
+++ b/security/manager/pki/resources/content/certViewer.xul
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<?xul-overlay href="chrome://pippki/content/viewCertDetails.xul"?>
+<?xul-overlay href="chrome://pippki/content/certDump.xul"?>
+
+<dialog id="certDetails"
+  title="&certmgr.certdetail.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  buttons="accept"
+  buttonlabelaccept="&certmgr.close.label;"
+  buttonaccesskeyaccept="&certmgr.close.accesskey;"
+  onload="setWindowName();">
+
+<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+<script type="application/javascript"
+        src="chrome://pippki/content/certViewer.js"/>
+<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+
+  <tabbox flex="1">
+    <tabs>
+      <tab id="general_tab" label="&certmgr.detail.general_tab.title;"
+           accesskey="&certmgr.detail.general_tab.accesskey;"/>
+      <tab id="prettyprint_tab" label="&certmgr.detail.prettyprint_tab.title;"
+           accesskey="&certmgr.detail.prettyprint_tab.accesskey;"/>
+    </tabs>
+    <tabpanels flex="1">
+      <vbox id="general_info"/>
+      <vbox id="certPrettyPrint"/>
+    </tabpanels>
+  </tabbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/changepassword.js b/security/manager/pki/resources/content/changepassword.js
new file mode 100644
index 000000000..823145697
--- /dev/null
+++ b/security/manager/pki/resources/content/changepassword.js
@@ -0,0 +1,270 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
+const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
+const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
+const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
+const nsIPKCS11ModuleDB = Components.interfaces.nsIPKCS11ModuleDB;
+const nsIPKCS11Slot = Components.interfaces.nsIPKCS11Slot;
+const nsIPK11Token = Components.interfaces.nsIPK11Token;
+
+var params;
+var tokenName = "";
+var pw1;
+
+function doPrompt(msg)
+{
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  prompts.alert(window, null, msg);
+}
+
+function onLoad()
+{
+  document.documentElement.getButton("accept").disabled = true;
+
+  pw1 = document.getElementById("pw1");
+  try {
+     params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
+     tokenName = params.GetString(1);
+  } catch (e) {
+      // this should not happen.
+      // previously we had self.name, but self.name was a bad idea
+      // as window name must be a subset of ascii, and the code was
+      // previously trying to assign unicode to the window's name.
+      // I checked all the places where we get a password prompt and
+      // all of them pass an argument as part of this patch.
+      tokenName = "";
+  }
+
+  if (tokenName == "") {
+    let tokenDB = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
+    let tokenList = tokenDB.listTokens();
+    let i = 0;
+    let menu = document.getElementById("tokenMenu");
+    while (tokenList.hasMoreElements()) {
+      let token = tokenList.getNext().QueryInterface(nsIPK11Token);
+      if (token.needsLogin() || !(token.needsUserInit)) {
+        let menuItemNode = document.createElement("menuitem");
+        menuItemNode.setAttribute("value", token.tokenName);
+        menuItemNode.setAttribute("label", token.tokenName);
+        menu.firstChild.appendChild(menuItemNode);
+        if (i == 0) {
+          menu.selectedItem = menuItemNode;
+          tokenName = token.tokenName;
+        }
+        i++;
+      }
+    }
+  } else {
+    var sel = document.getElementById("tokenMenu");
+    sel.setAttribute("hidden", "true");
+    var tag = document.getElementById("tokenName");
+    tag.setAttribute("value", tokenName);
+  }
+
+  process();
+}
+
+function onMenuChange()
+{
+   //get the selected token
+   var list = document.getElementById("tokenMenu");
+   tokenName = list.value;
+
+   process();
+}
+
+
+function process()
+{
+   var secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
+   var bundle = document.getElementById("pippki_bundle");
+
+   // If the token is unitialized, don't use the old password box.
+   // Otherwise, do.
+
+   var slot = secmoddb.findSlotByName(tokenName);
+   if (slot) {
+     var oldpwbox = document.getElementById("oldpw");
+     var msgBox = document.getElementById("message");
+     var status = slot.status;
+     if (status == nsIPKCS11Slot.SLOT_UNINITIALIZED
+         || status == nsIPKCS11Slot.SLOT_READY) {
+
+       oldpwbox.setAttribute("hidden", "true");
+       msgBox.setAttribute("value", bundle.getString("password_not_set"));
+       msgBox.setAttribute("hidden", "false");
+
+       if (status == nsIPKCS11Slot.SLOT_READY) {
+         oldpwbox.setAttribute("inited", "empty");
+       } else {
+         oldpwbox.setAttribute("inited", "true");
+       }
+
+       // Select first password field
+       document.getElementById('pw1').focus();
+     } else {
+       // Select old password field
+       oldpwbox.setAttribute("hidden", "false");
+       msgBox.setAttribute("hidden", "true");
+       oldpwbox.setAttribute("inited", "false");
+       oldpwbox.focus();
+     }
+   }
+
+  if (params) {
+    // Return value 0 means "canceled"
+    params.SetInt(1, 0);
+  }
+
+  checkPasswords();
+}
+
+function setPassword()
+{
+  var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
+  var token = pk11db.findTokenByName(tokenName);
+
+  var oldpwbox = document.getElementById("oldpw");
+  var initpw = oldpwbox.getAttribute("inited");
+  var bundle = document.getElementById("pippki_bundle");
+
+  var success = false;
+
+  if (initpw == "false" || initpw == "empty") {
+    try {
+      var oldpw = "";
+      var passok = 0;
+
+      if (initpw == "empty") {
+        passok = 1;
+      } else {
+        oldpw = oldpwbox.value;
+        passok = token.checkPassword(oldpw);
+      }
+
+      if (passok) {
+        if (initpw == "empty" && pw1.value == "") {
+          // checkPasswords() should have prevented this path from being reached.
+        } else {
+          if (pw1.value == "") {
+            var secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
+            if (secmoddb.isFIPSEnabled) {
+              // empty passwords are not allowed in FIPS mode
+              doPrompt(bundle.getString("pw_change2empty_in_fips_mode"));
+              passok = 0;
+            }
+          }
+          if (passok) {
+            token.changePassword(oldpw, pw1.value);
+            if (pw1.value == "") {
+              doPrompt(bundle.getString("pw_erased_ok")
+                    + " "
+                    + bundle.getString("pw_empty_warning"));
+            } else {
+              doPrompt(bundle.getString("pw_change_ok"));
+            }
+            success = true;
+          }
+        }
+      } else {
+        oldpwbox.focus();
+        oldpwbox.setAttribute("value", "");
+        doPrompt(bundle.getString("incorrect_pw"));
+      }
+    } catch (e) {
+      doPrompt(bundle.getString("failed_pw_change"));
+    }
+  } else {
+    token.initPassword(pw1.value);
+    if (pw1.value == "") {
+      doPrompt(bundle.getString("pw_not_wanted") + " " +
+               bundle.getString("pw_empty_warning"));
+    }
+    success = true;
+  }
+
+  if (success && params) {
+    // Return value 1 means "successfully executed ok"
+    params.SetInt(1, 1);
+  }
+
+  // Terminate dialog
+  return success;
+}
+
+function setPasswordStrength()
+{
+  // We weigh the quality of the password by checking the number of:
+  //  - Characters
+  //  - Numbers
+  //  - Non-alphanumeric chars
+  //  - Upper and lower case characters
+
+  let pw = document.getElementById("pw1").value;
+
+  let pwlength = pw.length;
+  if (pwlength > 5) {
+    pwlength = 5;
+  }
+
+  let numnumeric = pw.replace(/[0-9]/g, "");
+  let numeric = pw.length - numnumeric.length;
+  if (numeric > 3) {
+    numeric = 3;
+  }
+
+  let symbols = pw.replace(/\W/g, "");
+  let numsymbols = pw.length - symbols.length;
+  if (numsymbols > 3) {
+    numsymbols = 3;
+  }
+
+  let numupper = pw.replace(/[A-Z]/g, "");
+  let upper = pw.length - numupper.length;
+  if (upper > 3) {
+    upper = 3;
+  }
+
+  let pwstrength = (pwlength * 10) - 20 + (numeric * 10) + (numsymbols * 15) +
+                   (upper * 10);
+
+  // Clamp strength to [0, 100].
+  if (pwstrength < 0) {
+    pwstrength = 0;
+  }
+  if (pwstrength > 100) {
+    pwstrength = 100;
+  }
+
+  let meter = document.getElementById("pwmeter");
+  meter.setAttribute("value", pwstrength);
+
+  return;
+}
+
+function checkPasswords()
+{
+  let pw1 = document.getElementById("pw1").value;
+  let pw2 = document.getElementById("pw2").value;
+
+  var oldpwbox = document.getElementById("oldpw");
+  if (oldpwbox) {
+    var initpw = oldpwbox.getAttribute("inited");
+
+    if (initpw == "empty" && pw1 == "") {
+      // The token has already been initialized, therefore this dialog
+      // was called with the intention to change the password.
+      // The token currently uses an empty password.
+      // We will not allow changing the password from empty to empty.
+      document.documentElement.getButton("accept").disabled = true;
+      return;
+    }
+  }
+
+  document.documentElement.getButton("accept").disabled = (pw1 != pw2);
+}
diff --git a/security/manager/pki/resources/content/changepassword.xul b/security/manager/pki/resources/content/changepassword.xul
new file mode 100644
index 000000000..7f0878ec1
--- /dev/null
+++ b/security/manager/pki/resources/content/changepassword.xul
@@ -0,0 +1,78 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/pippki.dtd">
+
+<dialog id="set_password" title="&setPassword.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
+  buttons="accept,cancel"
+  ondialogaccept="return setPassword();"
+  onload="onLoad();">
+
+<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+<script type="application/javascript"
+        src="chrome://pippki/content/changepassword.js"/>
+
+<hbox align="center">
+  <label value="&setPassword.tokenName.label;: "/>
+  <label id="tokenName" />
+  <menulist id="tokenMenu" oncommand="onMenuChange()">
+     <menupopup/>
+  </menulist>
+</hbox>
+
+
+<!--
+    <menulist id="signerList" disabled="true">
+      <menupopup>
+        <menuitem id="token-menu" label="Built-in private key database"/>
+        <menuitem label="Bob Lord's iButton"/>
+      </menupopup>
+    </menulist>
+-->
+<separator/>
+
+<groupbox>
+<grid>
+ <columns>
+   <column/>
+   <column/> 
+ </columns>
+ <rows>
+   <row>
+     <label value="&setPassword.oldPassword.label;"/> 
+     <textbox id="oldpw" type="password"/>
+     <!-- This textbox is inserted as a workaround to the fact that making the 'type' 
+          & 'disabled' property of the 'oldpw' textbox toggle between ['password' & 
+          'false'] and ['text' & 'true'] - as would be necessary if the menu has more 
+          than one tokens, some initialized and some not - does not work properly. So, 
+          either the textbox 'oldpw' or the textbox 'message' would be displayed, 
+          depending on the state of the token selected 
+     -->
+     <textbox id="message" disabled="true" />
+   </row>
+   <row>
+     <label value="&setPassword.newPassword.label;"/> 
+     <textbox id="pw1" type="password" 
+       oninput="setPasswordStrength(); checkPasswords();"/> 
+   </row>
+   <row>
+     <label value="&setPassword.reenterPassword.label;"/> 
+     <textbox id="pw2" type="password" oninput="checkPasswords();"/>  
+   </row>
+ </rows>
+</grid>
+</groupbox>
+
+<groupbox>
+ <caption label="&setPassword.meter.label;"/>
+ <progressmeter id="pwmeter" mode="determined" 
+                  value="0"/>
+</groupbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/choosetoken.js b/security/manager/pki/resources/content/choosetoken.js
new file mode 100644
index 000000000..42e8565da
--- /dev/null
+++ b/security/manager/pki/resources/content/choosetoken.js
@@ -0,0 +1,44 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
+
+var dialogParams;
+
+function onLoad()
+{
+  dialogParams = window.arguments[0].QueryInterface(nsIDialogParamBlock);
+  let selectElement = document.getElementById("tokens");
+  let count = dialogParams.GetInt(0);
+  for (let i = 0; i < count; i++) {
+    let menuItemNode = document.createElement("menuitem");
+    let token = dialogParams.GetString(i);
+    menuItemNode.setAttribute("value", token);
+    menuItemNode.setAttribute("label", token);
+    selectElement.firstChild.appendChild(menuItemNode);
+    if (i == 0) {
+      selectElement.selectedItem = menuItemNode;
+    }
+  }
+}
+
+function doOK()
+{
+  let tokenList = document.getElementById("tokens");
+  // Signal that the user accepted.
+  dialogParams.SetInt(0, 1);
+  // Signal the name of the token the user chose.
+  dialogParams.SetString(0, tokenList.value);
+  return true;
+}
+
+function doCancel()
+{
+  dialogParams.SetInt(0, 0); // Signal that the user cancelled.
+  return true;
+}
diff --git a/security/manager/pki/resources/content/choosetoken.xul b/security/manager/pki/resources/content/choosetoken.xul
new file mode 100644
index 000000000..55d9c108b
--- /dev/null
+++ b/security/manager/pki/resources/content/choosetoken.xul
@@ -0,0 +1,34 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog [
+<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
+%pippkiDTD;
+]>
+
+
+<dialog id="ssl_warning" title="&chooseToken.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
+  style="width: 40em;"
+  buttons="accept,cancel"
+  ondialogaccept="return doOK();"
+  ondialogcancel="return doCancel();"
+  onload="onLoad();">
+
+<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+<script type="application/javascript" src="chrome://pippki/content/choosetoken.js"/>
+
+  <groupbox>
+    <description>&chooseToken.message1;</description>
+    <menulist id="tokens">
+      <menupopup/>
+    </menulist>
+  </groupbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/clientauthask.js b/security/manager/pki/resources/content/clientauthask.js
new file mode 100644
index 000000000..55a3c5b77
--- /dev/null
+++ b/security/manager/pki/resources/content/clientauthask.js
@@ -0,0 +1,158 @@
+/* -*- tab-width: 2; indent-tabs-mode: nil; js-indent-level: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+/**
+ * @file Implements the functionality of clientauthask.xul: a dialog that allows
+ *       a user pick a client certificate for TLS client authentication.
+ * @argument {String} window.arguments[0]
+ *           The hostname of the server requesting client authentication.
+ * @argument {String} window.arguments[1]
+ *           The Organization of the server cert.
+ * @argument {String} window.arguments[2]
+ *           The Organization of the issuer of the server cert.
+ * @argument {Number} window.arguments[3]
+ *           The port of the server.
+ * @argument {nsISupports} window.arguments[4]
+ *           List of certificates the user can choose from, queryable to
+ *           nsIArray<nsIX509Cert>.
+ * @argument {nsISupports} window.arguments[5]
+ *           Object to set the return values of calling the dialog on, queryable
+ *           to the underlying type of ClientAuthAskReturnValues.
+ */
+
+/**
+ * @typedef ClientAuthAskReturnValues
+ * @type nsIWritablePropertyBag2
+ * @property {Boolean} certChosen
+ *           Set to true if the user chose a cert and accepted the dialog, false
+ *           otherwise.
+ * @property {Boolean} rememberSelection
+ *           Set to true if the user wanted their cert selection to be
+ *           remembered, false otherwise.
+ * @property {Number} selectedIndex
+ *           The index the chosen cert is at for the given cert list. Undefined
+ *           value if |certChosen| is not true.
+ */
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+
+/**
+ * The pippki <stringbundle> element.
+ * @type <stringbundle>
+ */
+var bundle;
+/**
+ * The array of certs the user can choose from.
+ * @type nsIArray<nsIX509Cert>
+ */
+var certArray;
+/**
+ * The checkbox storing whether the user wants to remember the selected cert.
+ * @type nsIDOMXULCheckboxElement
+ */
+var rememberBox;
+
+function onLoad() {
+  bundle = document.getElementById("pippki_bundle");
+  let rememberSetting =
+    Services.prefs.getBoolPref("security.remember_cert_checkbox_default_setting");
+
+  rememberBox = document.getElementById("rememberBox");
+  rememberBox.label = bundle.getString("clientAuthRemember");
+  rememberBox.checked = rememberSetting;
+
+  let hostname = window.arguments[0];
+  let org = window.arguments[1];
+  let issuerOrg = window.arguments[2];
+  let port = window.arguments[3];
+  let formattedOrg = bundle.getFormattedString("clientAuthMessage1", [org]);
+  let formattedIssuerOrg = bundle.getFormattedString("clientAuthMessage2",
+                                                     [issuerOrg]);
+  let formattedHostnameAndPort =
+    bundle.getFormattedString("clientAuthHostnameAndPort",
+                              [hostname, port.toString()]);
+  setText("hostname", formattedHostnameAndPort);
+  setText("organization", formattedOrg);
+  setText("issuer", formattedIssuerOrg);
+
+  let selectElement = document.getElementById("nicknames");
+  certArray = window.arguments[4].QueryInterface(Ci.nsIArray);
+  for (let i = 0; i < certArray.length; i++) {
+    let menuItemNode = document.createElement("menuitem");
+    let cert = certArray.queryElementAt(i, Ci.nsIX509Cert);
+    let nickAndSerial =
+      bundle.getFormattedString("clientAuthNickAndSerial",
+                                [cert.nickname, cert.serialNumber]);
+    menuItemNode.setAttribute("value", i);
+    menuItemNode.setAttribute("label", nickAndSerial); // This is displayed.
+    selectElement.firstChild.appendChild(menuItemNode);
+    if (i == 0) {
+      selectElement.selectedItem = menuItemNode;
+    }
+  }
+
+  setDetails();
+
+  Services.obs.notifyObservers(document.getElementById("certAuthAsk"),
+                               "cert-dialog-loaded", null);
+}
+
+/**
+ * Populates the details section with information concerning the selected cert.
+ */
+function setDetails() {
+  let index = parseInt(document.getElementById("nicknames").value);
+  let cert = certArray.queryElementAt(index, Ci.nsIX509Cert);
+
+  let detailLines = [
+    bundle.getFormattedString("clientAuthIssuedTo", [cert.subjectName]),
+    bundle.getFormattedString("clientAuthSerial", [cert.serialNumber]),
+    bundle.getFormattedString("clientAuthValidityPeriod",
+                              [cert.validity.notBeforeLocalTime,
+                               cert.validity.notAfterLocalTime]),
+  ];
+  let keyUsages = cert.keyUsages;
+  if (keyUsages) {
+    detailLines.push(bundle.getFormattedString("clientAuthKeyUsages",
+                                               [keyUsages]));
+  }
+  let emailAddresses = cert.getEmailAddresses({});
+  if (emailAddresses.length > 0) {
+    let joinedAddresses = emailAddresses.join(", ");
+    detailLines.push(bundle.getFormattedString("clientAuthEmailAddresses",
+                                               [joinedAddresses]));
+  }
+  detailLines.push(bundle.getFormattedString("clientAuthIssuedBy",
+                                             [cert.issuerName]));
+  detailLines.push(bundle.getFormattedString("clientAuthStoredOn",
+                                             [cert.tokenName]));
+
+  document.getElementById("details").value = detailLines.join("\n");
+}
+
+function onCertSelected() {
+  setDetails();
+}
+
+function doOK() {
+  let retVals = window.arguments[5].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("certChosen", true);
+  let index = parseInt(document.getElementById("nicknames").value);
+  retVals.setPropertyAsUint32("selectedIndex", index);
+  retVals.setPropertyAsBool("rememberSelection", rememberBox.checked);
+  return true;
+}
+
+function doCancel() {
+  let retVals = window.arguments[5].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("certChosen", false);
+  retVals.setPropertyAsBool("rememberSelection", rememberBox.checked);
+  return true;
+}
diff --git a/security/manager/pki/resources/content/clientauthask.xul b/security/manager/pki/resources/content/clientauthask.xul
new file mode 100644
index 000000000..2d6ba54c2
--- /dev/null
+++ b/security/manager/pki/resources/content/clientauthask.xul
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog [
+<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
+%pippkiDTD;
+]>
+
+
+<dialog id="certAuthAsk" title="&clientAuthAsk.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
+  buttons="accept,cancel"
+  ondialogaccept="return doOK();"
+  ondialogcancel="return doCancel();"
+  onload="onLoad();">
+
+<stringbundleset id="stringbundleset">
+  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+</stringbundleset>
+
+<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+<script type="application/javascript" src="chrome://pippki/content/clientauthask.js"/>
+
+  <groupbox>
+    <description style="font-weight: bold;">&clientAuthAsk.message1;</description>
+    <description id="hostname"/>
+    <description id="organization"/>
+    <description id="issuer"/>
+    </groupbox>
+    <groupbox>
+    <description style="font-weight: bold;">&clientAuthAsk.message2;</description>
+    <broadcaster id="certSelected" oncommand="onCertSelected();"/>
+    <!-- The items in this menulist must never be sorted,
+         but remain in the order filled by the application
+    -->
+    <menulist id="nicknames" observes="certSelected">
+        <menupopup/>
+    </menulist>
+    <description>&clientAuthAsk.message3;</description>
+    <textbox readonly="true" id="details" multiline="true"
+      style="height: 11em;"/>
+    <checkbox id="rememberBox" checked="true"/>
+  </groupbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/createCertInfo.js b/security/manager/pki/resources/content/createCertInfo.js
new file mode 100644
index 000000000..5e7e9052c
--- /dev/null
+++ b/security/manager/pki/resources/content/createCertInfo.js
@@ -0,0 +1,39 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+var keygenThread;
+
+function onLoad()
+{
+  keygenThread = window.arguments[0].QueryInterface(Components.interfaces.nsIKeygenThread);
+
+  if (!keygenThread) {
+    window.close();
+    return;
+  }
+
+  window.setCursor("wait");
+
+  var obs = {
+    observe: function keygenListenerObserve(subject, topic, data) {
+      if (topic == "keygen-finished") {
+        window.close();
+      }
+    }
+  };
+
+  keygenThread.startKeyGeneration(obs);
+}
+
+function onClose()
+{
+  window.setCursor("auto");
+
+  var alreadyClosed = {};
+  keygenThread.userCanceled(alreadyClosed);
+}
diff --git a/security/manager/pki/resources/content/createCertInfo.xul b/security/manager/pki/resources/content/createCertInfo.xul
new file mode 100644
index 000000000..66f4ba9c6
--- /dev/null
+++ b/security/manager/pki/resources/content/createCertInfo.xul
@@ -0,0 +1,30 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE window SYSTEM "chrome://pippki/locale/pippki.dtd">
+
+<window
+  id="domainMismatch" title="&createCertInfo.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  onload="onLoad();"
+  onclose="onClose();"
+>
+
+<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+<script type="application/javascript" src="pippki.js" />
+<script type="application/javascript" src="createCertInfo.js" />
+
+<vbox style="margin: 5px; max-width: 50em;">
+
+  <description>&createCertInfo.msg1;</description>
+  <separator/>
+  <description style="font-weight: bold; text-align: center;">&createCertInfo.msg2;</description>
+  <separator/>
+
+</vbox>
+</window>
diff --git a/security/manager/pki/resources/content/deletecert.js b/security/manager/pki/resources/content/deletecert.js
new file mode 100644
index 000000000..784001ea2
--- /dev/null
+++ b/security/manager/pki/resources/content/deletecert.js
@@ -0,0 +1,134 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+/**
+ * @file Implements the functionality of deletecert.xul: a dialog that allows a
+ *       user to confirm whether to delete certain certificates.
+ * @argument {String} window.arguments[0]
+ *           One of the tab IDs listed in certManager.xul.
+ * @argument {nsICertTreeItem[]} window.arguments[1]
+ *           An array of cert tree items representing the certs to delete.
+ * @argument {DeleteCertReturnValues} window.arguments[2]
+ *           Object holding the return values of calling the dialog.
+ */
+
+/**
+ * @typedef DeleteCertReturnValues
+ * @type Object
+ * @property {Boolean} deleteConfirmed
+ *           Set to true if the user confirmed deletion of the given certs,
+ *           false otherwise.
+ */
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+/**
+ * Returns the most appropriate string to represent the given nsICertTreeItem.
+ * @param {nsICertTreeItem} certTreeItem
+ *        The item to represent.
+ * @returns {String}
+ *          A representative string.
+ */
+function certTreeItemToString(certTreeItem) {
+  let cert = certTreeItem.cert;
+  if (!cert) {
+    return certTreeItem.hostPort;
+  }
+
+  const attributes = [
+    cert.commonName,
+    cert.organizationalUnit,
+    cert.organization,
+    cert.subjectName,
+  ];
+  for (let attribute of attributes) {
+    if (attribute) {
+      return attribute;
+    }
+  }
+
+  let bundle = document.getElementById("pippki_bundle");
+  return bundle.getFormattedString("certWithSerial", [cert.serialNumber]);
+}
+
+/**
+ * onload() handler.
+ */
+function onLoad() {
+  let typeFlag = window.arguments[0];
+  let bundle = document.getElementById("pippki_bundle");
+  let title;
+  let confirm;
+  let impact;
+
+  switch (typeFlag) {
+    case "mine_tab":
+      title = bundle.getString("deleteUserCertTitle");
+      confirm = bundle.getString("deleteUserCertConfirm");
+      impact = bundle.getString("deleteUserCertImpact");
+      break;
+    case "websites_tab":
+      title = bundle.getString("deleteSslCertTitle3");
+      confirm = bundle.getString("deleteSslCertConfirm3");
+      impact = bundle.getString("deleteSslCertImpact3");
+      break;
+    case "ca_tab":
+      title = bundle.getString("deleteCaCertTitle2");
+      confirm = bundle.getString("deleteCaCertConfirm2");
+      impact = bundle.getString("deleteCaCertImpactX2");
+      break;
+    case "others_tab":
+      title = bundle.getString("deleteEmailCertTitle");
+      confirm = bundle.getString("deleteEmailCertConfirm");
+      impact = bundle.getString("deleteEmailCertImpactDesc");
+      break;
+    case "orphan_tab":
+      title = bundle.getString("deleteOrphanCertTitle");
+      confirm = bundle.getString("deleteOrphanCertConfirm");
+      impact = "";
+      break;
+    default:
+      return;
+  }
+
+  document.title = title;
+
+  setText("confirm", confirm);
+
+  let box = document.getElementById("certlist");
+  let certTreeItems = window.arguments[1];
+  for (let certTreeItem of certTreeItems) {
+    let listItem = document.createElement("richlistitem");
+    let label = document.createElement("label");
+    label.setAttribute("value", certTreeItemToString(certTreeItem));
+    listItem.appendChild(label);
+    box.appendChild(listItem);
+  }
+
+  setText("impact", impact);
+}
+
+/**
+ * ondialogaccept() handler.
+ *
+ * @returns {Boolean} true to make the dialog close, false otherwise.
+ */
+function onDialogAccept() {
+  let retVals = window.arguments[2];
+  retVals.deleteConfirmed = true;
+  return true;
+}
+
+/**
+ * ondialogcancel() handler.
+ *
+ * @returns {Boolean} true to make the dialog close, false otherwise.
+ */
+function onDialogCancel() {
+  let retVals = window.arguments[2];
+  retVals.deleteConfirmed = false;
+  return true;
+}
diff --git a/security/manager/pki/resources/content/deletecert.xul b/security/manager/pki/resources/content/deletecert.xul
new file mode 100644
index 000000000..40b0c081b
--- /dev/null
+++ b/security/manager/pki/resources/content/deletecert.xul
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<dialog id="deleteCertificate"
+  title="&certmgr.deletecert.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  onload="onLoad();"
+  buttons="accept,cancel"
+  ondialogaccept="return onDialogAccept();"
+  ondialogcancel="return onDialogCancel();">
+
+  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+  <script type="application/javascript" src="chrome://pippki/content/deletecert.js"/>
+  <script type="application/javascript" src="pippki.js" />
+
+  <description id="confirm" style="width: 400px;"/>
+  <richlistbox id="certlist" class="box-padded" flex="1"
+               style="min-height: 8em; height: 8em; min-width: 35em;"/>
+  <description id="impact" style="width: 400px;"/>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/device_manager.js b/security/manager/pki/resources/content/device_manager.js
new file mode 100644
index 000000000..7d16c5888
--- /dev/null
+++ b/security/manager/pki/resources/content/device_manager.js
@@ -0,0 +1,509 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+const nsIFilePicker = Components.interfaces.nsIFilePicker;
+const nsFilePicker = "@mozilla.org/filepicker;1";
+const nsIPKCS11Slot = Components.interfaces.nsIPKCS11Slot;
+const nsIPKCS11Module = Components.interfaces.nsIPKCS11Module;
+const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
+const nsIPKCS11ModuleDB = Components.interfaces.nsIPKCS11ModuleDB;
+const nsIPK11Token = Components.interfaces.nsIPK11Token;
+const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
+const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
+const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
+const nsDialogParamBlock = "@mozilla.org/embedcomp/dialogparam;1";
+const nsIPKCS11 = Components.interfaces.nsIPKCS11;
+const nsPKCS11ContractID = "@mozilla.org/security/pkcs11;1";
+
+var { Services } = Components.utils.import("resource://gre/modules/Services.jsm", {});
+
+var bundle;
+var secmoddb;
+var skip_enable_buttons = false;
+
+var smartCardObserver = {
+  observe: function() {
+    onSmartCardChange();
+  }
+};
+
+function DeregisterSmartCardObservers()
+{
+  Services.obs.removeObserver(smartCardObserver, "smartcard-insert");
+  Services.obs.removeObserver(smartCardObserver, "smartcard-remove");
+}
+
+/* Do the initial load of all PKCS# modules and list them. */
+function LoadModules()
+{
+  bundle = document.getElementById("pippki_bundle");
+  secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
+  Services.obs.addObserver(smartCardObserver, "smartcard-insert", false);
+  Services.obs.addObserver(smartCardObserver, "smartcard-remove", false);
+
+  RefreshDeviceList();
+}
+
+function getPKCS11()
+{
+  return Components.classes[nsPKCS11ContractID].getService(nsIPKCS11);
+}
+
+function getNSSString(name)
+{
+  return document.getElementById("pipnss_bundle").getString(name);
+}
+
+function doPrompt(msg)
+{
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  prompts.alert(window, null, msg);
+}
+
+function doConfirm(msg)
+{
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  return prompts.confirm(window, null, msg);
+}
+
+function RefreshDeviceList()
+{
+  let modules = secmoddb.listModules();
+  while (modules.hasMoreElements()) {
+    let module = modules.getNext().QueryInterface(nsIPKCS11Module);
+    let slotnames = [];
+    let slots = module.listSlots();
+    while (slots.hasMoreElements()) {
+      let slot = slots.getNext().QueryInterface(nsIPKCS11Slot);
+      // Token names are preferred because NSS prefers lookup by token name.
+      slotnames.push(slot.tokenName ? slot.tokenName : slot.name);
+    }
+    AddModule(module.name, slotnames);
+  }
+
+  // Set the text on the FIPS button.
+  SetFIPSButton();
+}
+
+function SetFIPSButton()
+{
+  var fipsButton = document.getElementById("fipsbutton");
+  var label;
+  if (secmoddb.isFIPSEnabled) {
+   label = bundle.getString("disable_fips");
+  } else {
+   label = bundle.getString("enable_fips");
+  }
+  fipsButton.setAttribute("label", label);
+
+  var can_toggle = secmoddb.canToggleFIPS;
+  if (can_toggle) {
+    fipsButton.removeAttribute("disabled");
+  } else {
+    fipsButton.setAttribute("disabled", "true");
+  }
+}
+
+/* Add a module to the tree.  slots is the array of slots in the module,
+ * to be represented as children.
+ */
+function AddModule(module, slots)
+{
+  var tree = document.getElementById("device_list");
+  var item  = document.createElement("treeitem");
+  var row  = document.createElement("treerow");
+  var cell = document.createElement("treecell");
+  cell.setAttribute("label", module);
+  row.appendChild(cell);
+  item.appendChild(row);
+  var parent = document.createElement("treechildren");
+  for (let slot of slots) {
+    var child_item = document.createElement("treeitem");
+    var child_row = document.createElement("treerow");
+    var child_cell = document.createElement("treecell");
+    child_cell.setAttribute("label", slot);
+    child_row.appendChild(child_cell);
+    child_item.appendChild(child_row);
+    child_item.setAttribute("pk11kind", "slot");
+    parent.appendChild(child_item);
+  }
+  item.appendChild(parent);
+  item.setAttribute("pk11kind", "module");
+  item.setAttribute("open", "true");
+  item.setAttribute("container", "true");
+  tree.appendChild(item);
+}
+
+var selected_slot;
+var selected_module;
+
+/* get the slot selected by the user (can only be one-at-a-time) */
+function getSelectedItem()
+{
+  var tree = document.getElementById('device_tree');
+  if (tree.currentIndex < 0) return;
+  var item = tree.contentView.getItemAtIndex(tree.currentIndex);
+  selected_slot = null;
+  selected_module = null;
+  if (item) {
+    var kind = item.getAttribute("pk11kind");
+    var module_name;
+    if (kind == "slot") {
+      // get the module cell for this slot cell
+      var cell = item.parentNode.parentNode.firstChild.firstChild;
+      module_name = cell.getAttribute("label");
+      var module = secmoddb.findModuleByName(module_name);
+      // get the cell for the selected row (the slot to display)
+      cell = item.firstChild.firstChild;
+      var slot_name = cell.getAttribute("label");
+      selected_slot = module.findSlotByName(slot_name);
+    } else { // (kind == "module")
+      // get the cell for the selected row (the module to display)
+      cell = item.firstChild.firstChild;
+      module_name = cell.getAttribute("label");
+      selected_module = secmoddb.findModuleByName(module_name);
+    }
+  }
+}
+
+function enableButtons()
+{
+  if (skip_enable_buttons) {
+    return;
+  }
+
+  var login_toggle = "true";
+  var logout_toggle = "true";
+  var pw_toggle = "true";
+  var unload_toggle = "true";
+  getSelectedItem();
+  if (selected_module) {
+    unload_toggle = "false";
+    showModuleInfo();
+  } else if (selected_slot) {
+    // here's the workaround - login functions are all with token,
+    // so grab the token type
+    var selected_token = selected_slot.getToken();
+    if (selected_token != null) {
+      if (selected_token.needsLogin() || !(selected_token.needsUserInit)) {
+        pw_toggle = "false";
+        if (selected_token.needsLogin()) {
+          if (selected_token.isLoggedIn()) {
+            logout_toggle = "false";
+          } else {
+            login_toggle = "false";
+          }
+        }
+      }
+    }
+    showSlotInfo();
+  }
+  var thebutton = document.getElementById('login_button');
+  thebutton.setAttribute("disabled", login_toggle);
+  thebutton = document.getElementById('logout_button');
+  thebutton.setAttribute("disabled", logout_toggle);
+  thebutton = document.getElementById('change_pw_button');
+  thebutton.setAttribute("disabled", pw_toggle);
+  thebutton = document.getElementById('unload_button');
+  thebutton.setAttribute("disabled", unload_toggle);
+  // not implemented
+  //thebutton = document.getElementById('change_slotname_button');
+  //thebutton.setAttribute("disabled", toggle);
+}
+
+// clear the display of information for the slot
+function ClearInfoList()
+{
+  let infoList = document.getElementById("info_list");
+  while (infoList.hasChildNodes()) {
+    infoList.removeChild(infoList.firstChild);
+  }
+}
+
+function ClearDeviceList()
+{
+  ClearInfoList();
+
+  skip_enable_buttons = true;
+  var tree = document.getElementById('device_tree');
+  tree.view.selection.clearSelection();
+  skip_enable_buttons = false;
+
+  // Remove the existing listed modules so that a refresh doesn't display the
+  // module that just changed.
+  let deviceList = document.getElementById("device_list");
+  while (deviceList.hasChildNodes()) {
+    deviceList.removeChild(deviceList.firstChild);
+  }
+}
+
+
+// show a list of info about a slot
+function showSlotInfo()
+{
+  var present = true;
+  ClearInfoList();
+  switch (selected_slot.status) {
+   case nsIPKCS11Slot.SLOT_DISABLED:
+     AddInfoRow(bundle.getString("devinfo_status"),
+                bundle.getString("devinfo_stat_disabled"),
+                "tok_status");
+     present = false;
+     break;
+   case nsIPKCS11Slot.SLOT_NOT_PRESENT:
+     AddInfoRow(bundle.getString("devinfo_status"),
+                bundle.getString("devinfo_stat_notpresent"),
+                "tok_status");
+     present = false;
+     break;
+   case nsIPKCS11Slot.SLOT_UNINITIALIZED:
+     AddInfoRow(bundle.getString("devinfo_status"),
+                bundle.getString("devinfo_stat_uninitialized"),
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_NOT_LOGGED_IN:
+     AddInfoRow(bundle.getString("devinfo_status"),
+                bundle.getString("devinfo_stat_notloggedin"),
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_LOGGED_IN:
+     AddInfoRow(bundle.getString("devinfo_status"),
+                bundle.getString("devinfo_stat_loggedin"),
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_READY:
+     AddInfoRow(bundle.getString("devinfo_status"),
+                bundle.getString("devinfo_stat_ready"),
+                "tok_status");
+     break;
+  }
+  AddInfoRow(bundle.getString("devinfo_desc"),
+             selected_slot.desc, "slot_desc");
+  AddInfoRow(bundle.getString("devinfo_manID"),
+             selected_slot.manID, "slot_manID");
+  AddInfoRow(bundle.getString("devinfo_hwversion"),
+             selected_slot.HWVersion, "slot_hwv");
+  AddInfoRow(bundle.getString("devinfo_fwversion"),
+             selected_slot.FWVersion, "slot_fwv");
+  if (present) {
+     showTokenInfo();
+  }
+}
+
+function showModuleInfo()
+{
+  ClearInfoList();
+  AddInfoRow(bundle.getString("devinfo_modname"),
+             selected_module.name, "module_name");
+  AddInfoRow(bundle.getString("devinfo_modpath"),
+             selected_module.libName, "module_path");
+}
+
+// add a row to the info list, as [col1 col2] (ex.: ["status" "logged in"])
+function AddInfoRow(col1, col2, cell_id)
+{
+  var tree = document.getElementById("info_list");
+  var item  = document.createElement("treeitem");
+  var row  = document.createElement("treerow");
+  var cell1 = document.createElement("treecell");
+  cell1.setAttribute("label", col1);
+  cell1.setAttribute("crop", "never");
+  row.appendChild(cell1);
+  var cell2 = document.createElement("treecell");
+  cell2.setAttribute("label", col2);
+  cell2.setAttribute("crop", "never");
+  cell2.setAttribute("id", cell_id);
+  row.appendChild(cell2);
+  item.appendChild(row);
+  tree.appendChild(item);
+}
+
+// log in to a slot
+function doLogin()
+{
+  getSelectedItem();
+  // here's the workaround - login functions are with token
+  var selected_token = selected_slot.getToken();
+  try {
+    selected_token.login(false);
+    var tok_status = document.getElementById("tok_status");
+    if (selected_token.isLoggedIn()) {
+      tok_status.setAttribute("label",
+                              bundle.getString("devinfo_stat_loggedin"));
+    } else {
+      tok_status.setAttribute("label",
+                              bundle.getString("devinfo_stat_notloggedin"));
+    }
+  } catch (e) {
+    doPrompt(bundle.getString("login_failed"));
+  }
+  enableButtons();
+}
+
+// log out of a slot
+function doLogout()
+{
+  getSelectedItem();
+  // here's the workaround - login functions are with token
+  var selected_token = selected_slot.getToken();
+  try {
+    selected_token.logoutAndDropAuthenticatedResources();
+    var tok_status = document.getElementById("tok_status");
+    if (selected_token.isLoggedIn()) {
+      tok_status.setAttribute("label",
+                              bundle.getString("devinfo_stat_loggedin"));
+    } else {
+      tok_status.setAttribute("label",
+                              bundle.getString("devinfo_stat_notloggedin"));
+    }
+  } catch (e) {
+  }
+  enableButtons();
+}
+
+// load a new device
+function doLoad()
+{
+  window.open("load_device.xul", "loaddevice", "chrome,centerscreen,modal");
+  ClearDeviceList();
+  RefreshDeviceList();
+}
+
+function deleteSelected()
+{
+  getSelectedItem();
+  if (selected_module &&
+      doConfirm(getNSSString("DelModuleWarning"))) {
+    try {
+      getPKCS11().deleteModule(selected_module.name);
+    }
+    catch (e) {
+      doPrompt(getNSSString("DelModuleError"));
+      return false;
+    }
+    selected_module = null;
+    return true;
+  }
+  return false;
+}
+
+function doUnload()
+{
+  if (deleteSelected()) {
+    ClearDeviceList();
+    RefreshDeviceList();
+  }
+}
+
+// handle card insertion and removal
+function onSmartCardChange()
+{
+  var tree = document.getElementById('device_tree');
+  var index = tree.currentIndex;
+  tree.currentIndex = 0;
+  ClearDeviceList();
+  RefreshDeviceList();
+  tree.currentIndex = index;
+  enableButtons();
+}
+
+function changePassword()
+{
+  getSelectedItem();
+  let params = Components.classes[nsDialogParamBlock]
+                         .createInstance(nsIDialogParamBlock);
+  params.SetString(1, selected_slot.tokenName);
+  window.openDialog("changepassword.xul", "", "chrome,centerscreen,modal",
+                    params);
+  showSlotInfo();
+  enableButtons();
+}
+
+// browse fs for PKCS#11 device
+function doBrowseFiles()
+{
+  var srbundle = document.getElementById("pippki_bundle");
+  var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
+  fp.init(window,
+          srbundle.getString("loadPK11TokenDialog"),
+          nsIFilePicker.modeOpen);
+  fp.appendFilters(nsIFilePicker.filterAll);
+  if (fp.show() == nsIFilePicker.returnOK) {
+    var pathbox = document.getElementById("device_path");
+    pathbox.setAttribute("value", fp.file.path);
+  }
+}
+
+function doLoadDevice()
+{
+  var name_box = document.getElementById("device_name");
+  var path_box = document.getElementById("device_path");
+  try {
+    getPKCS11().addModule(name_box.value, path_box.value, 0, 0);
+  } catch (e) {
+    if (e.result == Components.results.NS_ERROR_ILLEGAL_VALUE) {
+      doPrompt(getNSSString("AddModuleDup"));
+    } else {
+      doPrompt(getNSSString("AddModuleFailure"));
+    }
+
+    return false;
+  }
+  return true;
+}
+
+// -------------------------------------   Old code
+
+function showTokenInfo()
+{
+  //ClearInfoList();
+  var selected_token = selected_slot.getToken();
+  AddInfoRow(bundle.getString("devinfo_label"),
+             selected_token.tokenLabel, "tok_label");
+  AddInfoRow(bundle.getString("devinfo_manID"),
+             selected_token.tokenManID, "tok_manID");
+  AddInfoRow(bundle.getString("devinfo_serialnum"),
+             selected_token.tokenSerialNumber, "tok_sNum");
+  AddInfoRow(bundle.getString("devinfo_hwversion"),
+             selected_token.tokenHWVersion, "tok_hwv");
+  AddInfoRow(bundle.getString("devinfo_fwversion"),
+             selected_token.tokenFWVersion, "tok_fwv");
+}
+
+function toggleFIPS()
+{
+  if (!secmoddb.isFIPSEnabled) {
+    // A restriction of FIPS mode is, the password must be set
+    // In FIPS mode the password must be non-empty.
+    // This is different from what we allow in NON-Fips mode.
+
+    var tokendb = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
+    var internal_token = tokendb.getInternalKeyToken(); // nsIPK11Token
+    var slot = secmoddb.findSlotByName(internal_token.tokenName);
+    switch (slot.status) {
+      case nsIPKCS11Slot.SLOT_UNINITIALIZED:
+      case nsIPKCS11Slot.SLOT_READY:
+        // Token has either no or an empty password.
+        doPrompt(bundle.getString("fips_nonempty_password_required"));
+        return;
+    }
+  }
+
+  try {
+    secmoddb.toggleFIPSMode();
+  }
+  catch (e) {
+    doPrompt(bundle.getString("unable_to_toggle_fips"));
+    return;
+  }
+
+  // Remove the existing listed modules so that a refresh doesn't display the
+  // module that just changed.
+  ClearDeviceList();
+
+  RefreshDeviceList();
+}
diff --git a/security/manager/pki/resources/content/device_manager.xul b/security/manager/pki/resources/content/device_manager.xul
new file mode 100644
index 000000000..0a5b4ca91
--- /dev/null
+++ b/security/manager/pki/resources/content/device_manager.xul
@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog [
+<!ENTITY % deviceManangerDTD SYSTEM "chrome://pippki/locale/deviceManager.dtd">
+%deviceManangerDTD;
+<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
+%pippkiDTD;
+]>
+
+<dialog id="devicemanager"
+	windowtype="mozilla:devicemanager"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        title="&devmgr.title;"
+        style="&devmgr.style2;"
+        persist="screenX screenY width height"
+        onload="LoadModules();"
+        onunload="DeregisterSmartCardObservers();"
+        buttons="accept">
+
+<stringbundleset id="stringbundleset">
+  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+  <stringbundle id="pipnss_bundle" src="chrome://pipnss/locale/pipnss.properties"/>
+</stringbundleset>
+
+<script type="application/javascript" src="chrome://pippki/content/device_manager.js"/>
+
+<grid flex="1" style="margin:5px">
+  <columns>
+    <column flex="1"/>
+    <column flex="3"/>
+    <column/>
+  </columns>
+  <rows>
+    <row flex="1">
+      <vbox> <!-- List of devices -->
+        <tree id="device_tree" seltype="single"
+              onselect="enableButtons();" hidecolumnpicker="true"
+              flex="1" style="min-width: 15em">
+          <treecols>
+            <treecol id="deviceCol" flex="1" primary="true" label="&devmgr.devlist.label;"/>
+          </treecols>
+          <treechildren id="device_list"/>
+        </tree>
+      </vbox> <!-- / List of devices -->
+      <vbox> <!-- Device status -->
+        <tree id="info_tree" seltype="single" hidecolumnpicker="true"
+              flex="1" style="min-width: 10em">
+          <treecols>
+            <treecol id="title1Col" flex="5" primary="true" label="&devmgr.details.title;"/>
+            <treecol id="title2Col" flex="7" label="&devmgr.details.title2;"/>
+          </treecols>
+          <treechildren id="info_list"/>
+        </tree>
+      </vbox> <!-- / Device status -->
+      <vbox> <!-- Buttons for manipulating devices -->
+        <button id="login_button"
+                label="&devmgr.button.login.label;"
+                accesskey="&devmgr.button.login.accesskey;"
+                oncommand="doLogin();" disabled="true"/>
+        <button id="logout_button"
+                label="&devmgr.button.logout.label;"
+                accesskey="&devmgr.button.logout.accesskey;"
+                oncommand="doLogout();" disabled="true"/>
+        <button id="change_pw_button"
+                label="&devmgr.button.changepw.label;"
+                accesskey="&devmgr.button.changepw.accesskey;"
+                oncommand="changePassword();" disabled="true"/>
+        <button id="load_button"
+                label="&devmgr.button.load.label;"
+                accesskey="&devmgr.button.load.accesskey;"
+                oncommand="doLoad();"/>
+        <button id="unload_button"
+                label="&devmgr.button.unload.label;"
+                accesskey="&devmgr.button.unload.accesskey;"
+                oncommand="doUnload();" disabled="true"/>
+        <button id="fipsbutton"
+                label=""
+                accesskey="&devmgr.button.fips.accesskey;"
+                oncommand="toggleFIPS();"/>
+      </vbox> <!-- / Buttons for manipulating devices -->
+    </row>
+  </rows>
+</grid>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/downloadcert.js b/security/manager/pki/resources/content/downloadcert.js
new file mode 100644
index 000000000..892e34be0
--- /dev/null
+++ b/security/manager/pki/resources/content/downloadcert.js
@@ -0,0 +1,92 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+/**
+ * @file Implements the functionality of downloadcert.xul: a dialog that allows
+ *       a user to confirm whether to import a certificate, and if so what trust
+ *       to give it.
+ * @argument {nsISupports} window.arguments[0]
+ *           Certificate to confirm import of, queryable to nsIX509Cert.
+ * @argument {nsISupports} window.arguments[1]
+ *           Object to set the return values of calling the dialog on, queryable
+ *           to the underlying type of DownloadCertReturnValues.
+ */
+
+/**
+ * @typedef DownloadCertReturnValues
+ * @type nsIWritablePropertyBag2
+ * @property {Boolean} importConfirmed
+ *           Set to true if the user confirmed import of the cert and accepted
+ *           the dialog, false otherwise.
+ * @property {Boolean} trustForSSL
+ *           Set to true if the cert should be trusted for SSL, false otherwise.
+ *           Undefined value if |importConfirmed| is not true.
+ * @property {Boolean} trustForEmail
+ *           Set to true if the cert should be trusted for e-mail, false
+ *           otherwise. Undefined value if |importConfirmed| is not true.
+ * @property {Boolean} trustForObjSign
+ *           Set to true if the cert should be trusted for object signing, false
+ *           otherwise. Undefined value if |importConfirmed| is not true.
+ */
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+/**
+ * The cert to potentially import.
+ * @type nsIX509Cert
+ */
+var gCert;
+
+/**
+ * onload() handler.
+ */
+function onLoad() {
+  gCert = window.arguments[0].QueryInterface(Ci.nsIX509Cert);
+
+  let bundle = document.getElementById("pippki_bundle");
+  let caName = gCert.commonName;
+  if (caName.length == 0) {
+    caName = bundle.getString("unnamedCA");
+  }
+
+  setText("trustHeader", bundle.getFormattedString("newCAMessage1", [caName]));
+}
+
+/**
+ * Handler for the "View Cert" button.
+ */
+function viewCert() {
+  viewCertHelper(window, gCert);
+}
+
+/**
+ * ondialogaccept() handler.
+ *
+ * @returns {Boolean} true to make the dialog close, false otherwise.
+ */
+function onDialogAccept() {
+  let checkSSL = document.getElementById("trustSSL");
+  let checkEmail = document.getElementById("trustEmail");
+  let checkObjSign = document.getElementById("trustObjSign");
+
+  let retVals = window.arguments[1].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("importConfirmed", true);
+  retVals.setPropertyAsBool("trustForSSL", checkSSL.checked);
+  retVals.setPropertyAsBool("trustForEmail", checkEmail.checked);
+  retVals.setPropertyAsBool("trustForObjSign", checkObjSign.checked);
+  return true;
+}
+
+/**
+ * ondialogcancel() handler.
+ *
+ * @returns {Boolean} true to make the dialog close, false otherwise.
+ */
+function onDialogCancel() {
+  let retVals = window.arguments[1].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("importConfirmed", false);
+  return true;
+}
diff --git a/security/manager/pki/resources/content/downloadcert.xul b/security/manager/pki/resources/content/downloadcert.xul
new file mode 100644
index 000000000..9ddc88a17
--- /dev/null
+++ b/security/manager/pki/resources/content/downloadcert.xul
@@ -0,0 +1,69 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/pippki.dtd">
+
+<dialog id="download_cert"
+        title="&downloadCert.title;"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        style="width: 46em;"
+        buttons="accept,cancel"
+        ondialogaccept="return onDialogAccept();"
+        ondialogcancel="return onDialogCancel();"
+        onload="onLoad();">
+
+<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+<script type="application/javascript" src="chrome://pippki/content/downloadcert.js"/>
+<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+
+
+  <!--  Let 'em know what they're doing -->
+  <vbox>
+    <description>&downloadCert.message1;</description>
+  </vbox>
+
+  <separator/>
+
+  <!--  checkboxes for trust bits
+     -  "do you want to?"
+     -  * trust for SSL
+     -  * trust for email
+     -  * trust for object signing
+    -->
+  <vbox>
+    <description id="trustHeader"/>
+    <checkbox label="&downloadCert.trustSSL;"
+              id="trustSSL"/>
+    <checkbox label="&downloadCert.trustEmail;"
+              id="trustEmail"/>
+    <checkbox label="&downloadCert.trustObjSign;"
+              id="trustObjSign"/>
+  </vbox>
+
+  <separator/>
+
+  <vbox>
+    <description>&downloadCert.message3;</description>
+    <separator/>
+    <grid>
+      <columns>
+        <column/>
+        <column/>
+      </columns>
+      <rows>
+        <row>
+          <button id="viewC-button"
+                  label="&downloadCert.viewCert.label;"
+                  oncommand="viewCert();"/>
+          <description style="margin: 4px;">&downloadCert.viewCert.text;</description>
+        </row>
+      </rows>
+    </grid>
+  </vbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/editcacert.js b/security/manager/pki/resources/content/editcacert.js
new file mode 100644
index 000000000..405d5281a
--- /dev/null
+++ b/security/manager/pki/resources/content/editcacert.js
@@ -0,0 +1,58 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                .getService(Ci.nsIX509CertDB);
+/**
+ * Cert to edit the trust of.
+ * @type nsIX509Cert
+ */
+var gCert;
+
+/**
+ * onload() handler.
+ */
+function onLoad() {
+  gCert = window.arguments[0];
+
+  let bundle = document.getElementById("pippki_bundle");
+  setText("certmsg",
+          bundle.getFormattedString("editTrustCA", [gCert.commonName]));
+
+  let sslCheckbox = document.getElementById("trustSSL");
+  sslCheckbox.checked = gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                              Ci.nsIX509CertDB.TRUSTED_SSL);
+
+  let emailCheckbox = document.getElementById("trustEmail");
+  emailCheckbox.checked = gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                                Ci.nsIX509CertDB.TRUSTED_EMAIL);
+
+  let objSignCheckbox = document.getElementById("trustObjSign");
+  objSignCheckbox.checked =
+    gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                          Ci.nsIX509CertDB.TRUSTED_OBJSIGN);
+}
+
+/**
+ * ondialogaccept() handler.
+ *
+ * @returns {Boolean} true to make the dialog close, false otherwise.
+ */
+function onDialogAccept() {
+  let sslCheckbox = document.getElementById("trustSSL");
+  let emailCheckbox = document.getElementById("trustEmail");
+  let objSignCheckbox = document.getElementById("trustObjSign");
+  let trustSSL = sslCheckbox.checked ? Ci.nsIX509CertDB.TRUSTED_SSL : 0;
+  let trustEmail = emailCheckbox.checked ? Ci.nsIX509CertDB.TRUSTED_EMAIL : 0;
+  let trustObjSign = objSignCheckbox.checked ? Ci.nsIX509CertDB.TRUSTED_OBJSIGN
+                                             : 0;
+
+  gCertDB.setCertTrust(gCert, Ci.nsIX509Cert.CA_CERT,
+                       trustSSL | trustEmail | trustObjSign);
+  return true;
+}
diff --git a/security/manager/pki/resources/content/editcacert.xul b/security/manager/pki/resources/content/editcacert.xul
new file mode 100644
index 000000000..46ea4f1f9
--- /dev/null
+++ b/security/manager/pki/resources/content/editcacert.xul
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<dialog id="editCaCert"
+        title="&certmgr.editcacert.title;"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        buttons="accept,cancel"
+        ondialogaccept="return onDialogAccept();"
+        onload="onLoad();"
+>
+
+  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+  <script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+  <script type="application/javascript"
+          src="chrome://pippki/content/editcacert.js"/>
+
+  <description id="certmsg"/>
+  <separator/>
+  <description>&certmgr.editcert.edittrust;</description>
+  <vbox align="start">
+    <checkbox label="&certmgr.editcert.trustssl;"
+              id="trustSSL"/>
+    <checkbox label="&certmgr.editcert.trustemail;"
+              id="trustEmail"/>
+    <checkbox label="&certmgr.editcert.trustobjsign;"
+              id="trustObjSign"/>
+  </vbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/exceptionDialog.js b/security/manager/pki/resources/content/exceptionDialog.js
new file mode 100644
index 000000000..0ca24a614
--- /dev/null
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@@ -0,0 +1,368 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+var gDialog;
+var gBundleBrand;
+var gPKIBundle;
+var gSSLStatus;
+var gCert;
+var gChecking;
+var gBroken;
+var gNeedReset;
+var gSecHistogram;
+var gNsISecTel;
+
+Components.utils.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
+
+function badCertListener() {}
+badCertListener.prototype = {
+  getInterface: function (aIID) {
+    return this.QueryInterface(aIID);
+  },
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Components.interfaces.nsIBadCertListener2) ||
+        aIID.equals(Components.interfaces.nsIInterfaceRequestor) ||
+        aIID.equals(Components.interfaces.nsISupports)) {
+      return this;
+    }
+
+    throw new Error(Components.results.NS_ERROR_NO_INTERFACE);
+  },
+  handle_test_result: function () {
+    if (gSSLStatus) {
+      gCert = gSSLStatus.QueryInterface(Components.interfaces.nsISSLStatus).serverCert;
+    }
+  },
+  notifyCertProblem: function MSR_notifyCertProblem(socketInfo, sslStatus, targetHost) {
+    gBroken = true;
+    gSSLStatus = sslStatus;
+    this.handle_test_result();
+    return true; // suppress error UI
+  }
+};
+
+function initExceptionDialog() {
+  gNeedReset = false;
+  gDialog = document.documentElement;
+  gBundleBrand = document.getElementById("brand_bundle");
+  gPKIBundle = document.getElementById("pippki_bundle");
+  gSecHistogram = Components.classes["@mozilla.org/base/telemetry;1"].
+                    getService(Components.interfaces.nsITelemetry).
+                    getHistogramById("SECURITY_UI");
+  gNsISecTel = Components.interfaces.nsISecurityUITelemetry;
+
+  var brandName = gBundleBrand.getString("brandShortName");
+  setText("warningText", gPKIBundle.getFormattedString("addExceptionBrandedWarning2", [brandName]));
+  gDialog.getButton("extra1").disabled = true;
+
+  var args = window.arguments;
+  if (args && args[0]) {
+    if (args[0].location) {
+      // We were pre-seeded with a location.
+      document.getElementById("locationTextBox").value = args[0].location;
+      document.getElementById('checkCertButton').disabled = false;
+
+      if (args[0].sslStatus) {
+        gSSLStatus = args[0].sslStatus;
+        gCert = gSSLStatus.serverCert;
+        gBroken = true;
+        updateCertStatus();
+      } else if (args[0].prefetchCert) {
+        // We can optionally pre-fetch the certificate too.  Don't do this
+        // synchronously, since it would prevent the window from appearing
+        // until the fetch is completed, which could be multiple seconds.
+        // Instead, let's use a timer to spawn the actual fetch, but update
+        // the dialog to "checking..." state right away, so that the UI
+        // is appropriately responsive.  Bug 453855
+        document.getElementById("checkCertButton").disabled = true;
+        gChecking = true;
+        updateCertStatus();
+
+        window.setTimeout(checkCert, 0);
+      }
+    }
+
+    // Set out parameter to false by default
+    args[0].exceptionAdded = false;
+  }
+}
+
+/**
+ * Attempt to download the certificate for the location specified, and populate
+ * the Certificate Status section with the result.
+ */
+function checkCert() {
+  gCert = null;
+  gSSLStatus = null;
+  gChecking = true;
+  gBroken = false;
+  updateCertStatus();
+
+  var uri = getURI();
+
+  var req = new XMLHttpRequest();
+  try {
+    if (uri) {
+      req.open('GET', uri.prePath, false);
+      req.channel.notificationCallbacks = new badCertListener();
+      req.send(null);
+    }
+  } catch (e) {
+    // We *expect* exceptions if there are problems with the certificate
+    // presented by the site.  Log it, just in case, but we can proceed here,
+    // with appropriate sanity checks
+    Components.utils.reportError("Attempted to connect to a site with a bad certificate in the add exception dialog. " +
+                                 "This results in a (mostly harmless) exception being thrown. " +
+                                 "Logged for information purposes only: " + e);
+  } finally {
+    gChecking = false;
+  }
+
+  if (req.channel && req.channel.securityInfo) {
+    const Ci = Components.interfaces;
+    gSSLStatus = req.channel.securityInfo
+                    .QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+    gCert = gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
+  }
+
+  updateCertStatus();
+}
+
+/**
+ * Build and return a URI, based on the information supplied in the
+ * Certificate Location fields
+ */
+function getURI() {
+  // Use fixup service instead of just ioservice's newURI since it's quite
+  // likely that the host will be supplied without a protocol prefix, resulting
+  // in malformed uri exceptions being thrown.
+  let fus = Components.classes["@mozilla.org/docshell/urifixup;1"]
+                      .getService(Components.interfaces.nsIURIFixup);
+  let locationTextBox = document.getElementById("locationTextBox");
+  let uri = fus.createFixupURI(locationTextBox.value, 0);
+
+  if (!uri) {
+    return null;
+  }
+
+  if (uri.scheme == "http") {
+    uri.scheme = "https";
+  }
+
+  if (uri.port == -1) {
+    uri.port = 443;
+  }
+
+  return uri;
+}
+
+function resetDialog() {
+  document.getElementById("viewCertButton").disabled = true;
+  document.getElementById("permanent").disabled = true;
+  gDialog.getButton("extra1").disabled = true;
+  setText("headerDescription", "");
+  setText("statusDescription", "");
+  setText("statusLongDescription", "");
+  setText("status2Description", "");
+  setText("status2LongDescription", "");
+  setText("status3Description", "");
+  setText("status3LongDescription", "");
+}
+
+/**
+ * Called by input textboxes to manage UI state
+ */
+function handleTextChange() {
+  var checkCertButton = document.getElementById('checkCertButton');
+  checkCertButton.disabled = !(document.getElementById("locationTextBox").value);
+  if (gNeedReset) {
+    gNeedReset = false;
+    resetDialog();
+  }
+}
+
+function updateCertStatus() {
+  var shortDesc, longDesc;
+  var shortDesc2, longDesc2;
+  var shortDesc3, longDesc3;
+  var use2 = false;
+  var use3 = false;
+  let bucketId = gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_BASE;
+  if (gCert) {
+    if (gBroken) {
+      var mms = "addExceptionDomainMismatchShort";
+      var mml = "addExceptionDomainMismatchLong2";
+      var exs = "addExceptionExpiredShort";
+      var exl = "addExceptionExpiredLong2";
+      var uts = "addExceptionUnverifiedOrBadSignatureShort";
+      var utl = "addExceptionUnverifiedOrBadSignatureLong2";
+      var use1 = false;
+      if (gSSLStatus.isDomainMismatch) {
+        bucketId += gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_DOMAIN;
+        use1 = true;
+        shortDesc = mms;
+        longDesc  = mml;
+      }
+      if (gSSLStatus.isNotValidAtThisTime) {
+        bucketId += gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_TIME;
+        if (!use1) {
+          use1 = true;
+          shortDesc = exs;
+          longDesc  = exl;
+        }
+        else {
+          use2 = true;
+          shortDesc2 = exs;
+          longDesc2  = exl;
+        }
+      }
+      if (gSSLStatus.isUntrusted) {
+        bucketId += gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
+        if (!use1) {
+          use1 = true;
+          shortDesc = uts;
+          longDesc  = utl;
+        } else if (!use2) {
+          use2 = true;
+          shortDesc2 = uts;
+          longDesc2  = utl;
+        } else {
+          use3 = true;
+          shortDesc3 = uts;
+          longDesc3  = utl;
+        }
+      }
+      gSecHistogram.add(bucketId);
+
+      // In these cases, we do want to enable the "Add Exception" button
+      gDialog.getButton("extra1").disabled = false;
+
+      // If the Private Browsing service is available and the mode is active,
+      // don't store permanent exceptions, since they would persist after
+      // private browsing mode was disabled.
+      var inPrivateBrowsing = inPrivateBrowsingMode();
+      var pe = document.getElementById("permanent");
+      pe.disabled = inPrivateBrowsing;
+      pe.checked = !inPrivateBrowsing;
+
+      setText("headerDescription", gPKIBundle.getString("addExceptionInvalidHeader"));
+    }
+    else {
+      shortDesc = "addExceptionValidShort";
+      longDesc  = "addExceptionValidLong";
+      gDialog.getButton("extra1").disabled = true;
+      document.getElementById("permanent").disabled = true;
+    }
+
+    // We're done checking the certificate, so allow the user to check it again.
+    document.getElementById("checkCertButton").disabled = false;
+    document.getElementById("viewCertButton").disabled = false;
+
+    // Notify observers about the availability of the certificate
+    Components.classes["@mozilla.org/observer-service;1"]
+              .getService(Components.interfaces.nsIObserverService)
+              .notifyObservers(null, "cert-exception-ui-ready", null);
+  }
+  else if (gChecking) {
+    shortDesc = "addExceptionCheckingShort";
+    longDesc  = "addExceptionCheckingLong2";
+    // We're checking the certificate, so we disable the Get Certificate
+    // button to make sure that the user can't interrupt the process and
+    // trigger another certificate fetch.
+    document.getElementById("checkCertButton").disabled = true;
+    document.getElementById("viewCertButton").disabled = true;
+    gDialog.getButton("extra1").disabled = true;
+    document.getElementById("permanent").disabled = true;
+  }
+  else {
+    shortDesc = "addExceptionNoCertShort";
+    longDesc  = "addExceptionNoCertLong2";
+    // We're done checking the certificate, so allow the user to check it again.
+    document.getElementById("checkCertButton").disabled = false;
+    document.getElementById("viewCertButton").disabled = true;
+    gDialog.getButton("extra1").disabled = true;
+    document.getElementById("permanent").disabled = true;
+  }
+
+  setText("statusDescription", gPKIBundle.getString(shortDesc));
+  setText("statusLongDescription", gPKIBundle.getString(longDesc));
+
+  if (use2) {
+    setText("status2Description", gPKIBundle.getString(shortDesc2));
+    setText("status2LongDescription", gPKIBundle.getString(longDesc2));
+  }
+
+  if (use3) {
+    setText("status3Description", gPKIBundle.getString(shortDesc3));
+    setText("status3LongDescription", gPKIBundle.getString(longDesc3));
+  }
+
+  gNeedReset = true;
+}
+
+/**
+ * Handle user request to display certificate details
+ */
+function viewCertButtonClick() {
+  gSecHistogram.add(gNsISecTel.WARNING_BAD_CERT_TOP_CLICK_VIEW_CERT);
+  if (gCert) {
+    viewCertHelper(this, gCert);
+  }
+}
+
+/**
+ * Handle user request to add an exception for the specified cert
+ */
+function addException() {
+  if (!gCert || !gSSLStatus) {
+    return;
+  }
+
+  var overrideService = Components.classes["@mozilla.org/security/certoverride;1"]
+                                  .getService(Components.interfaces.nsICertOverrideService);
+  var flags = 0;
+  let confirmBucketId = gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
+  if (gSSLStatus.isUntrusted) {
+    flags |= overrideService.ERROR_UNTRUSTED;
+    confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
+  }
+  if (gSSLStatus.isDomainMismatch) {
+    flags |= overrideService.ERROR_MISMATCH;
+    confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
+  }
+  if (gSSLStatus.isNotValidAtThisTime) {
+    flags |= overrideService.ERROR_TIME;
+    confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
+  }
+
+  var permanentCheckbox = document.getElementById("permanent");
+  var shouldStorePermanently = permanentCheckbox.checked && !inPrivateBrowsingMode();
+  if (!permanentCheckbox.checked) {
+    gSecHistogram.add(gNsISecTel.WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION);
+  }
+
+  gSecHistogram.add(confirmBucketId);
+  var uri = getURI();
+  overrideService.rememberValidityOverride(
+    uri.asciiHost, uri.port,
+    gCert,
+    flags,
+    !shouldStorePermanently);
+
+  let args = window.arguments;
+  if (args && args[0]) {
+    args[0].exceptionAdded = true;
+  }
+
+  gDialog.acceptDialog();
+}
+
+/**
+ * Returns true if this dialog is in private browsing mode.
+ */
+function inPrivateBrowsingMode() {
+  return PrivateBrowsingUtils.isWindowPrivate(window);
+}
diff --git a/security/manager/pki/resources/content/exceptionDialog.xul b/security/manager/pki/resources/content/exceptionDialog.xul
new file mode 100644
index 000000000..6d417f360
--- /dev/null
+++ b/security/manager/pki/resources/content/exceptionDialog.xul
@@ -0,0 +1,89 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<dialog id="exceptiondialog"
+        windowtype="mozilla:exceptiondialog"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        title="&exceptionMgr.title;"
+        buttons="cancel,extra1,extra2"
+        buttonlabelextra1="&exceptionMgr.exceptionButton.label;"
+        buttonaccesskeyextra1="&exceptionMgr.exceptionButton.accesskey;"
+        style="width: 46em; min-height: 38em;"
+        onload="initExceptionDialog();"
+        ondialogextra1="addException();"
+        ondialogextra2="checkCert();"
+        persist="screenX screenY width height"
+        defaultButton="extra2">
+
+  <stringbundleset id="stringbundleset">
+    <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+    <stringbundle id="brand_bundle" src="chrome://branding/locale/brand.properties"/>
+  </stringbundleset>
+
+  <script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+  <script type="application/javascript" src="chrome://pippki/content/exceptionDialog.js"/>
+
+  <hbox>
+    <vbox>
+#ifdef MOZ_WIDGET_GTK
+      <image src="moz-icon://stock/gtk-dialog-warning?size=dialog"/>
+#else
+      <image src="chrome://global/skin/icons/warning-large.png"/>
+#endif
+      <spacer flex="1"/>
+    </vbox>
+    <vbox flex="1">
+      <!-- Note that because of the styling, there must be no whitespace within
+      the description tags -->
+      <description id="warningText"
+                   style="white-space: pre-wrap"/>
+      <description id="warningSupplemental"
+                   style="font-weight: bold; white-space: pre-wrap;"
+                   >&exceptionMgr.supplementalWarning;</description>
+    </vbox>
+  </hbox>
+
+  <groupbox id="locationGroupBox">
+    <caption label="&exceptionMgr.certlocation.caption2;"/>
+    <hbox align="center">
+      <label control="locationTextBox" value="&exceptionMgr.certlocation.url;"/>
+      <textbox id="locationTextBox" flex="1" oninput="handleTextChange();"
+               value="https://" class="uri-element"/>
+      <button id="checkCertButton" disabled="true" dlgtype="extra2"
+              accesskey="&exceptionMgr.certlocation.accesskey;"
+              label="&exceptionMgr.certlocation.download;"/>
+    </hbox>
+  </groupbox>
+
+  <groupbox id="certStatusGroupBox" flex="1">
+    <caption label="&exceptionMgr.certstatus.caption;"/>
+    <hbox>
+      <description id="headerDescription" style="white-space: pre-wrap;"
+                   flex="1"/>
+      <vbox>
+        <button id="viewCertButton" label="&exceptionMgr.certstatus.viewCert;"
+                accesskey="&exceptionMgr.certstatus.accesskey;"
+                disabled="true" oncommand="viewCertButtonClick();"/>
+      </vbox>
+    </hbox>
+    <description id="statusDescription"
+                 style="font-weight: bold; padding-bottom: 1em;"/>
+    <description id="statusLongDescription" style="white-space: pre-wrap;"/>
+    <description id="status2Description"
+                 style="font-weight: bold; padding-bottom: 1em;"/>
+    <description id="status2LongDescription" style="white-space: pre-wrap;"/>
+    <description id="status3Description"
+                 style="font-weight: bold; padding-bottom: 1em;"/>
+    <description id="status3LongDescription" style="white-space: pre-wrap;"/>
+    <spacer flex="1"/>
+    <checkbox id="permanent" disabled="true"
+              label="&exceptionMgr.permanent.label;"
+              accesskey="&exceptionMgr.permanent.accesskey;"/>
+  </groupbox>
+</dialog>
diff --git a/security/manager/pki/resources/content/load_device.xul b/security/manager/pki/resources/content/load_device.xul
new file mode 100644
index 000000000..45fffcee7
--- /dev/null
+++ b/security/manager/pki/resources/content/load_device.xul
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog [
+<!ENTITY % deviceManangerDTD SYSTEM "chrome://pippki/locale/deviceManager.dtd">
+%deviceManangerDTD;
+<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
+%pippkiDTD;
+]>
+
+<dialog id="loaddevice" 
+	xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
+        title="&loaddevice.title;"
+        buttons="accept,cancel"
+        ondialogaccept="return doLoadDevice();">
+
+<stringbundleset id="stringbundleset">
+  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+  <stringbundle id="pipnss_bundle" src="chrome://pipnss/locale/pipnss.properties"/>
+</stringbundleset>
+
+  <script type="application/javascript" src="chrome://pippki/content/device_manager.js"/>
+
+  <description>&loaddevice.info;</description>
+  <hbox align="center">
+    <label value="&loaddevice.modname;" accesskey="&loaddevice.modname.accesskey;"
+           control="device_name"/>
+    <textbox id="device_name" flex="1" value="&loaddevice.modname.default;"/>
+  </hbox>
+  <hbox align="center">
+    <label value="&loaddevice.filename;" accesskey="&loaddevice.filename.accesskey;"
+           control="device_path"/>
+    <textbox id="device_path" flex="1"/>
+    <button label="&loaddevice.browse;" flex="1" 
+            accesskey="&loaddevice.browse.accesskey;" oncommand="doBrowseFiles();"/>
+  </hbox>
+
+</dialog>
diff --git a/security/manager/pki/resources/content/pippki.js b/security/manager/pki/resources/content/pippki.js
new file mode 100644
index 000000000..b660d2d93
--- /dev/null
+++ b/security/manager/pki/resources/content/pippki.js
@@ -0,0 +1,191 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+/*
+ * These are helper functions to be included
+ * pippki UI js files.
+ */
+
+function setText(id, value) {
+  let element = document.getElementById(id);
+  if (!element) {
+    return;
+  }
+  if (element.hasChildNodes()) {
+    element.removeChild(element.firstChild);
+  }
+  element.appendChild(document.createTextNode(value));
+}
+
+const nsICertificateDialogs = Components.interfaces.nsICertificateDialogs;
+const nsCertificateDialogs = "@mozilla.org/nsCertificateDialogs;1";
+
+function viewCertHelper(parent, cert) {
+  if (!cert) {
+    return;
+  }
+
+  var cd = Components.classes[nsCertificateDialogs].getService(nsICertificateDialogs);
+  cd.viewCert(parent, cert);
+}
+
+function getDERString(cert)
+{
+  var length = {};
+  var derArray = cert.getRawDER(length);
+  var derString = '';
+  for (var i = 0; i < derArray.length; i++) {
+    derString += String.fromCharCode(derArray[i]);
+  }
+  return derString;
+}
+
+function getPKCS7String(cert, chainMode)
+{
+  var length = {};
+  var pkcs7Array = cert.exportAsCMS(chainMode, length);
+  var pkcs7String = '';
+  for (var i = 0; i < pkcs7Array.length; i++) {
+    pkcs7String += String.fromCharCode(pkcs7Array[i]);
+  }
+  return pkcs7String;
+}
+
+function getPEMString(cert)
+{
+  var derb64 = btoa(getDERString(cert));
+  // Wrap the Base64 string into lines of 64 characters with CRLF line breaks
+  // (as specified in RFC 1421).
+  var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
+  return "-----BEGIN CERTIFICATE-----\r\n"
+         + wrapped
+         + "\r\n-----END CERTIFICATE-----\r\n";
+}
+
+function alertPromptService(title, message)
+{
+  var ps = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+           getService(Components.interfaces.nsIPromptService);
+  ps.alert(window, title, message);
+}
+
+const DEFAULT_CERT_EXTENSION = "crt";
+
+/**
+ * Generates a filename for a cert suitable to set as the |defaultString|
+ * attribute on an nsIFilePicker.
+ *
+ * @param {nsIX509Cert} cert
+ *        The cert to generate a filename for.
+ * @returns {String}
+ *          Generated filename.
+ */
+function certToFilename(cert) {
+  let filename = cert.commonName;
+  if (!filename) {
+    filename = cert.windowTitle;
+  }
+
+  // Remove unneeded and/or unsafe characters.
+  filename = filename.replace(/\s/g, "")
+                     .replace(/\./g, "")
+                     .replace(/\\/g, "")
+                     .replace(/\//g, "");
+
+  // nsIFilePicker.defaultExtension is more of a suggestion to some
+  // implementations, so we include the extension in the file name as well. This
+  // is what the documentation for nsIFilePicker.defaultString says we should do
+  // anyways.
+  return `${filename}.${DEFAULT_CERT_EXTENSION}`;
+}
+
+function exportToFile(parent, cert)
+{
+  var bundle = document.getElementById("pippki_bundle");
+  if (!cert) {
+    return;
+  }
+
+  var nsIFilePicker = Components.interfaces.nsIFilePicker;
+  var fp = Components.classes["@mozilla.org/filepicker;1"].
+           createInstance(nsIFilePicker);
+  fp.init(parent, bundle.getString("SaveCertAs"),
+          nsIFilePicker.modeSave);
+  fp.defaultString = certToFilename(cert);
+  fp.defaultExtension = DEFAULT_CERT_EXTENSION;
+  fp.appendFilter(bundle.getString("CertFormatBase64"), "*.crt; *.pem");
+  fp.appendFilter(bundle.getString("CertFormatBase64Chain"), "*.crt; *.pem");
+  fp.appendFilter(bundle.getString("CertFormatDER"), "*.der");
+  fp.appendFilter(bundle.getString("CertFormatPKCS7"), "*.p7c");
+  fp.appendFilter(bundle.getString("CertFormatPKCS7Chain"), "*.p7c");
+  fp.appendFilters(nsIFilePicker.filterAll);
+  var res = fp.show();
+  if (res != nsIFilePicker.returnOK && res != nsIFilePicker.returnReplace) {
+    return;
+  }
+
+  var content = '';
+  switch (fp.filterIndex) {
+    case 1:
+      content = getPEMString(cert);
+      var chain = cert.getChain();
+      for (let i = 1; i < chain.length; i++) {
+        content += getPEMString(chain.queryElementAt(i, Components.interfaces.nsIX509Cert));
+      }
+      break;
+    case 2:
+      content = getDERString(cert);
+      break;
+    case 3:
+      content = getPKCS7String(cert, Components.interfaces.nsIX509Cert.CMS_CHAIN_MODE_CertOnly);
+      break;
+    case 4:
+      content = getPKCS7String(cert, Components.interfaces.nsIX509Cert.CMS_CHAIN_MODE_CertChainWithRoot);
+      break;
+    case 0:
+    default:
+      content = getPEMString(cert);
+      break;
+  }
+  var msg;
+  var written = 0;
+  try {
+    var file = Components.classes["@mozilla.org/file/local;1"].
+               createInstance(Components.interfaces.nsILocalFile);
+    file.initWithPath(fp.file.path);
+    var fos = Components.classes["@mozilla.org/network/file-output-stream;1"].
+              createInstance(Components.interfaces.nsIFileOutputStream);
+    // flags: PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE
+    fos.init(file, 0x02 | 0x08 | 0x20, 0o0644, 0);
+    written = fos.write(content, content.length);
+    fos.close();
+  } catch (e) {
+    switch (e.result) {
+      case Components.results.NS_ERROR_FILE_ACCESS_DENIED:
+        msg = bundle.getString("writeFileAccessDenied");
+        break;
+      case Components.results.NS_ERROR_FILE_IS_LOCKED:
+        msg = bundle.getString("writeFileIsLocked");
+        break;
+      case Components.results.NS_ERROR_FILE_NO_DEVICE_SPACE:
+      case Components.results.NS_ERROR_FILE_DISK_FULL:
+        msg = bundle.getString("writeFileNoDeviceSpace");
+        break;
+      default:
+        msg = e.message;
+        break;
+    }
+  }
+  if (written != content.length) {
+    if (msg.length == 0) {
+      msg = bundle.getString("writeFileUnknownError");
+    }
+    alertPromptService(bundle.getString("writeFileFailure"),
+                       bundle.getFormattedString("writeFileFailed",
+                       [fp.file.path, msg]));
+  }
+}
diff --git a/security/manager/pki/resources/content/protectedAuth.js b/security/manager/pki/resources/content/protectedAuth.js
new file mode 100644
index 000000000..3ffd96a83
--- /dev/null
+++ b/security/manager/pki/resources/content/protectedAuth.js
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+function onLoad()
+{
+  let protectedAuthThread =
+    window.arguments[0].QueryInterface(Components.interfaces.nsIProtectedAuthThread);
+
+  if (!protectedAuthThread) {
+    window.close();
+    return;
+  }
+
+  try {
+    let tokenName = protectedAuthThread.getTokenName();
+
+    let tag = document.getElementById("tokenName");
+    tag.setAttribute("value", tokenName);
+
+    window.setCursor("wait");
+
+    let obs = {
+      observe: function protectedAuthListenerObserve(subject, topic, data) {
+        if (topic == "operation-completed") {
+          window.close();
+        }
+      }
+    };
+
+    protectedAuthThread.login(obs);
+  } catch (exception) {
+    window.close();
+  }
+}
+
+function onClose()
+{
+  window.setCursor("auto");
+}
diff --git a/security/manager/pki/resources/content/protectedAuth.xul b/security/manager/pki/resources/content/protectedAuth.xul
new file mode 100644
index 000000000..46aba7cce
--- /dev/null
+++ b/security/manager/pki/resources/content/protectedAuth.xul
@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE window SYSTEM "chrome://pippki/locale/pippki.dtd">
+
+<window
+  id="protectedAuth" title="&protectedAuth.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
+  onload="onLoad();"
+  onclose="onClose();"
+>
+
+<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+<script type="application/javascript" src="pippki.js" />
+<script type="application/javascript" src="protectedAuth.js" />
+<script type="application/javascript" src="chrome://help/content/help.js" />
+
+<vbox style="margin: 5px; max-width: 50em;">
+
+  <description>&protectedAuth.msg;</description>
+
+  <hbox>
+         <description>&protectedAuth.tokenName.label;</description>
+         <description id="tokenName"></description>
+  </hbox>
+
+</vbox>
+</window>
diff --git a/security/manager/pki/resources/content/resetpassword.js b/security/manager/pki/resources/content/resetpassword.js
new file mode 100644
index 000000000..35dc5b2e5
--- /dev/null
+++ b/security/manager/pki/resources/content/resetpassword.js
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
+const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
+const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
+
+var tokenName;
+
+function onLoad()
+{
+  if ("arguments" in window) {
+    var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
+    tokenName = params.GetString(1);
+  } else {
+    tokenName = self.name;
+  }
+}
+
+function resetPassword()
+{
+  var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
+  var token = pk11db.findTokenByName(tokenName);
+  token.reset();
+
+  try {
+    var loginManager = Components.classes["@mozilla.org/login-manager;1"].
+                       getService(Components.interfaces.nsILoginManager);
+    loginManager.removeAllLogins();
+  } catch (e) {
+  }
+
+  var bundle = document.getElementById("pippki_bundle");
+  var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService();
+  promptService = promptService.QueryInterface(Components.interfaces.nsIPromptService);
+  if (promptService && bundle) {
+    promptService.alert(window,
+                        bundle.getString("resetPasswordConfirmationTitle"),
+                        bundle.getString("resetPasswordConfirmationMessage"));
+  }
+
+  return true;
+}
+
diff --git a/security/manager/pki/resources/content/resetpassword.xul b/security/manager/pki/resources/content/resetpassword.xul
new file mode 100644
index 000000000..6da79b0d9
--- /dev/null
+++ b/security/manager/pki/resources/content/resetpassword.xul
@@ -0,0 +1,35 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/pippki.dtd">
+
+<dialog id="reset_password" title="&resetPassword.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
+  buttons="accept,cancel"
+  buttonlabelaccept="&resetPasswordButtonLabel;"
+  defaultButton="cancel"
+  ondialogaccept="return resetPassword();"
+  style="width: 40em;" onload="onLoad();">
+
+  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
+
+  <script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
+  <script type="application/javascript" src="chrome://pippki/content/resetpassword.js"/>
+
+  <hbox flex="1">
+    <vbox>
+      <image class="alert-icon" style="margin: 5px;"/>
+    </vbox>
+    <vbox style="margin: 5px;" flex="1">
+      <hbox flex="1">
+        <vbox flex="1">
+          <description>&resetPassword.text;</description>
+        </vbox>
+      </hbox>
+    </vbox>
+  </hbox>
+</dialog>
diff --git a/security/manager/pki/resources/content/setp12password.js b/security/manager/pki/resources/content/setp12password.js
new file mode 100644
index 000000000..5a4836735
--- /dev/null
+++ b/security/manager/pki/resources/content/setp12password.js
@@ -0,0 +1,128 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+/**
+ * @file Implements the functionality of setp12password.xul: a dialog that lets
+ *       the user confirm the password to set on a PKCS #12 file.
+ * @argument {nsISupports} window.arguments[0]
+ *           Object to set the return values of calling the dialog on, queryable
+ *           to the underlying type of SetP12PasswordReturnValues.
+ */
+
+/**
+ * @typedef SetP12PasswordReturnValues
+ * @type nsIWritablePropertyBag2
+ * @property {Boolean} confirmedPassword
+ *           Set to true if the user entered two matching passwords and
+ *           confirmed the dialog.
+ * @property {String} password
+ *           The password the user entered. Undefined value if
+ *           |confirmedPassword| is not true.
+ */
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+/**
+ * onload() handler.
+ */
+function onLoad() {
+  // Ensure the first password textbox has focus.
+  document.getElementById("pw1").focus();
+}
+
+/**
+ * ondialogaccept() handler.
+ *
+ * @returns {Boolean} true to make the dialog close, false otherwise.
+ */
+function onDialogAccept() {
+  let password = document.getElementById("pw1").value;
+
+  let retVals = window.arguments[0].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("confirmedPassword", true);
+  retVals.setPropertyAsAString("password", password);
+  return true;
+}
+
+/**
+ * ondialogcancel() handler.
+ *
+ * @returns {Boolean} true to make the dialog close, false otherwise.
+ */
+function onDialogCancel() {
+  let retVals = window.arguments[0].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("confirmedPassword", false);
+  return true;
+}
+
+/**
+ * Calculates the strength of the given password, suitable for use in updating
+ * a progress bar that represents said strength.
+ *
+ * The strength of the password is calculated by checking the number of:
+ *   - Characters
+ *   - Numbers
+ *   - Non-alphanumeric chars
+ *   - Upper case characters
+ *
+ * @param {String} password
+ *        The password to calculate the strength of.
+ * @returns {Number}
+ *          The strength of the password in the range [0, 100].
+ */
+function getPasswordStrength(password) {
+  let lengthStrength = password.length;
+  if (lengthStrength > 5) {
+    lengthStrength = 5;
+  }
+
+  let nonNumericChars = password.replace(/[0-9]/g, "");
+  let numericStrength = password.length - nonNumericChars.length;
+  if (numericStrength > 3) {
+    numericStrength = 3;
+  }
+
+  let nonSymbolChars = password.replace(/\W/g, "");
+  let symbolStrength = password.length - nonSymbolChars.length;
+  if (symbolStrength > 3) {
+    symbolStrength = 3;
+  }
+
+  let nonUpperAlphaChars = password.replace(/[A-Z]/g, "");
+  let upperAlphaStrength = password.length - nonUpperAlphaChars.length;
+  if (upperAlphaStrength > 3) {
+    upperAlphaStrength = 3;
+  }
+
+  let strength = (lengthStrength * 10) - 20 + (numericStrength * 10) +
+                 (symbolStrength * 15) + (upperAlphaStrength * 10);
+  if (strength < 0) {
+    strength = 0;
+  }
+  if (strength > 100) {
+    strength = 100;
+  }
+
+  return strength;
+}
+
+/**
+ * oninput() handler for both password textboxes.
+ *
+ * @param {Boolean} recalculatePasswordStrength
+ *                  Whether to recalculate the strength of the first password.
+ */
+function onPasswordInput(recalculatePasswordStrength) {
+  let pw1 = document.getElementById("pw1").value;
+
+  if (recalculatePasswordStrength) {
+    document.getElementById("pwmeter").value = getPasswordStrength(pw1);
+  }
+
+  // Disable the accept button if the two passwords don't match, and enable it
+  // if the passwords do match.
+  let pw2 = document.getElementById("pw2").value;
+  document.documentElement.getButton("accept").disabled = (pw1 != pw2);
+}
diff --git a/security/manager/pki/resources/content/setp12password.xul b/security/manager/pki/resources/content/setp12password.xul
new file mode 100644
index 000000000..2bdcd5fe9
--- /dev/null
+++ b/security/manager/pki/resources/content/setp12password.xul
@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/pippki.dtd">
+
+<dialog id="setp12password"
+        title="&pkcs12.setpassword.title;"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        style="width: 48em;"
+        buttons="accept,cancel"
+        ondialogaccept="return onDialogAccept();"
+        ondialogcancel="return onDialogCancel();"
+        onload="onLoad();">
+
+  <script type="application/javascript"
+          src="chrome://pippki/content/setp12password.js"/>
+
+  <description>&pkcs12.setpassword.message;</description>
+  <separator />
+  <grid>
+    <columns> <column/> <column/> </columns>
+    <rows>
+      <row>
+        <label value="&pkcs12.setpassword.label1;"/>
+        <textbox id="pw1" type="password" oninput="onPasswordInput(true);"/>
+      </row>
+      <row>
+        <label value="&pkcs12.setpassword.label2;"/>
+        <textbox id="pw2" type="password" oninput="onPasswordInput(false);"/>
+      </row>
+    </rows>
+  </grid>
+  <separator/>
+  <description>&pkcs12.setpassword.reminder;</description>
+  <separator/>
+  <label value="&setPassword.meter.label;"/>
+  <grid style="margin: 4px;">
+    <rows> <row/> </rows>
+    <columns>
+      <column style="margin: 5px;">
+        <progressmeter flex="1" id="pwmeter" mode="determined" value="0"
+                       orient="horizontal"
+                       style="width: 20em; foreground-color: red"/>
+      </column>
+    </columns>
+  </grid>
+</dialog>
diff --git a/security/manager/pki/resources/content/viewCertDetails.xul b/security/manager/pki/resources/content/viewCertDetails.xul
new file mode 100644
index 000000000..86acb751c
--- /dev/null
+++ b/security/manager/pki/resources/content/viewCertDetails.xul
@@ -0,0 +1,104 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/certManager.dtd">
+
+<overlay id="certViewerOverlay" 
+         xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
+         xmlns:cert="http://netscape.com/rdf-cert#" 
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+<vbox class="box-padded" id="general_info">
+  <vbox id="verify_info_box">
+    <label id="verify_pending" value="&certmgr.pending.label;"/>
+    <label class="header" id="verified"/>
+  </vbox>
+  <separator class="groove"/>
+  <vbox flex="1">
+    <grid> 
+      <columns>
+        <column/>
+        <column flex="1"/>
+      </columns>
+      <rows>
+        <row>
+          <label class="header" value="&certmgr.subjectinfo.label;"/>
+          <spacer/>
+          <spacer/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.cn;"/>
+          <textbox id="commonname" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.o;"/>
+          <textbox id="organization" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.ou;"/>
+          <textbox id="orgunit" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.serialnumber;"/>
+          <textbox id="serialnumber" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <separator class="thin"/>
+          <spacer/>
+        </row>
+        <row>
+          <label class="header" value="&certmgr.issuerinfo.label;"/>
+          <spacer/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.cn;"/>
+          <textbox id="issuercommonname" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.o;"/>
+          <textbox id="issuerorganization" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.ou;"/>
+          <textbox id="issuerorgunit" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <separator class="thin"/>
+          <spacer/>
+        </row>
+        <row>
+          <label class ="header" value="&certmgr.periodofvalidity.label;"/>
+          <spacer/>
+        </row>
+        <row>
+          <label value="&certmgr.begins;"/>
+          <textbox id="validitystart" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <label value="&certmgr.expires;"/>
+          <textbox id="validityend" class="plain" readonly="true"/>
+        </row>
+        <row>
+          <separator class="thin"/>
+          <spacer/>
+        </row>
+        <row>
+          <label class="header" value="&certmgr.fingerprints.label;"/>
+          <spacer/>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.sha256fingerprint;"/>
+          <hbox>
+            <textbox id="sha256fingerprint" class="plain" readonly="true" multiline="true"
+                     style="height: 6ex; width: 48ch; font-family: monospace;"/>
+          </hbox>
+        </row>
+        <row>
+          <label value="&certmgr.certdetail.sha1fingerprint;"/>
+          <textbox id="sha1fingerprint" class="plain" readonly="true" style="min-width:34em;"/>
+        </row>
+      </rows>
+    </grid>
+  </vbox>
+</vbox>
+</overlay>
diff --git a/security/manager/pki/resources/jar.mn b/security/manager/pki/resources/jar.mn
new file mode 100644
index 000000000..36018524f
--- /dev/null
+++ b/security/manager/pki/resources/jar.mn
@@ -0,0 +1,43 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+pippki.jar:
+% content pippki %content/pippki/
+    content/pippki/CAOverlay.xul             (content/CAOverlay.xul)
+    content/pippki/MineOverlay.xul           (content/MineOverlay.xul)
+    content/pippki/OrphanOverlay.xul         (content/OrphanOverlay.xul)
+    content/pippki/OthersOverlay.xul         (content/OthersOverlay.xul)
+    content/pippki/WebSitesOverlay.xul       (content/WebSitesOverlay.xul)
+    content/pippki/certDump.xul              (content/certDump.xul)
+    content/pippki/certManager.js            (content/certManager.js)
+    content/pippki/certManager.xul           (content/certManager.xul)
+    content/pippki/certViewer.js             (content/certViewer.js)
+    content/pippki/certViewer.xul            (content/certViewer.xul)
+    content/pippki/changepassword.js         (content/changepassword.js)
+    content/pippki/changepassword.xul        (content/changepassword.xul)
+    content/pippki/choosetoken.js            (content/choosetoken.js)
+    content/pippki/choosetoken.xul           (content/choosetoken.xul)
+    content/pippki/clientauthask.js          (content/clientauthask.js)
+    content/pippki/clientauthask.xul         (content/clientauthask.xul)
+    content/pippki/createCertInfo.js         (content/createCertInfo.js)
+    content/pippki/createCertInfo.xul        (content/createCertInfo.xul)
+    content/pippki/deletecert.js             (content/deletecert.js)
+    content/pippki/deletecert.xul            (content/deletecert.xul)
+    content/pippki/device_manager.js         (content/device_manager.js)
+    content/pippki/device_manager.xul        (content/device_manager.xul)
+    content/pippki/downloadcert.js           (content/downloadcert.js)
+    content/pippki/downloadcert.xul          (content/downloadcert.xul)
+    content/pippki/editcacert.js             (content/editcacert.js)
+    content/pippki/editcacert.xul            (content/editcacert.xul)
+    content/pippki/exceptionDialog.js        (content/exceptionDialog.js)
+*   content/pippki/exceptionDialog.xul       (content/exceptionDialog.xul)
+    content/pippki/load_device.xul           (content/load_device.xul)
+    content/pippki/pippki.js                 (content/pippki.js)
+    content/pippki/protectedAuth.js          (content/protectedAuth.js)
+    content/pippki/protectedAuth.xul         (content/protectedAuth.xul)
+    content/pippki/resetpassword.js          (content/resetpassword.js)
+    content/pippki/resetpassword.xul         (content/resetpassword.xul)
+    content/pippki/setp12password.js         (content/setp12password.js)
+    content/pippki/setp12password.xul        (content/setp12password.xul)
+    content/pippki/viewCertDetails.xul       (content/viewCertDetails.xul)
diff --git a/security/manager/pki/resources/moz.build b/security/manager/pki/resources/moz.build
new file mode 100644
index 000000000..eb4454d28
--- /dev/null
+++ b/security/manager/pki/resources/moz.build
@@ -0,0 +1,7 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+JAR_MANIFESTS += ['jar.mn']
\ No newline at end of file
diff --git a/security/manager/ssl/CSTrustDomain.cpp b/security/manager/ssl/CSTrustDomain.cpp
new file mode 100644
index 000000000..90008038e
--- /dev/null
+++ b/security/manager/ssl/CSTrustDomain.cpp
@@ -0,0 +1,231 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CSTrustDomain.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Preferences.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "pkix/pkixnss.h"
+
+using namespace mozilla::pkix;
+
+namespace mozilla { namespace psm {
+
+static LazyLogModule gTrustDomainPRLog("CSTrustDomain");
+#define CSTrust_LOG(args) MOZ_LOG(gTrustDomainPRLog, LogLevel::Debug, args)
+
+CSTrustDomain::CSTrustDomain(UniqueCERTCertList& certChain)
+  : mCertChain(certChain)
+  , mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID))
+{
+}
+
+Result
+CSTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
+                            const CertPolicyId& policy, Input candidateCertDER,
+                            /*out*/ TrustLevel& trustLevel)
+{
+  MOZ_ASSERT(policy.IsAnyPolicy());
+  if (!policy.IsAnyPolicy()) {
+    return Result::FATAL_ERROR_INVALID_ARGS;
+  }
+
+  SECItem candidateCertDERSECItem = UnsafeMapInputToSECItem(candidateCertDER);
+  UniqueCERTCertificate candidateCert(
+    CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &candidateCertDERSECItem,
+                            nullptr, false, true));
+  if (!candidateCert) {
+    return MapPRErrorCodeToResult(PR_GetError());
+  }
+
+  bool isCertRevoked;
+  nsresult nsrv = mCertBlocklist->IsCertRevoked(
+                    candidateCert->derIssuer.data,
+                    candidateCert->derIssuer.len,
+                    candidateCert->serialNumber.data,
+                    candidateCert->serialNumber.len,
+                    candidateCert->derSubject.data,
+                    candidateCert->derSubject.len,
+                    candidateCert->derPublicKey.data,
+                    candidateCert->derPublicKey.len,
+                    &isCertRevoked);
+  if (NS_FAILED(nsrv)) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  if (isCertRevoked) {
+    CSTrust_LOG(("CSTrustDomain: certificate is revoked\n"));
+    return Result::ERROR_REVOKED_CERTIFICATE;
+  }
+
+  // Is this cert our built-in content signing root?
+  bool isRoot = false;
+  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (!component) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  nsrv = component->IsCertContentSigningRoot(candidateCert.get(), isRoot);
+  if (NS_FAILED(nsrv)) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  if (isRoot) {
+    CSTrust_LOG(("CSTrustDomain: certificate is a trust anchor\n"));
+    trustLevel = TrustLevel::TrustAnchor;
+    return Success;
+  }
+  CSTrust_LOG(("CSTrustDomain: certificate is *not* a trust anchor\n"));
+
+  trustLevel = TrustLevel::InheritsTrust;
+  return Success;
+}
+
+Result
+CSTrustDomain::FindIssuer(Input encodedIssuerName, IssuerChecker& checker,
+                          Time time)
+{
+  // Loop over the chain, look for a matching subject
+  for (CERTCertListNode* n = CERT_LIST_HEAD(mCertChain);
+      !CERT_LIST_END(n, mCertChain); n = CERT_LIST_NEXT(n)) {
+    Input certDER;
+    Result rv = certDER.Init(n->cert->derCert.data, n->cert->derCert.len);
+    if (rv != Success) {
+      continue; // probably too big
+    }
+
+    // if the subject does not match, try the next certificate
+    Input subjectDER;
+    rv = subjectDER.Init(n->cert->derSubject.data, n->cert->derSubject.len);
+    if (rv != Success) {
+      continue; // just try the next one
+    }
+    if (!InputsAreEqual(subjectDER, encodedIssuerName)) {
+      CSTrust_LOG(("CSTrustDomain: subjects don't match\n"));
+      continue;
+    }
+
+    // If the subject does match, try the next step
+    bool keepGoing;
+    rv = checker.Check(certDER, nullptr/*additionalNameConstraints*/,
+                       keepGoing);
+    if (rv != Success) {
+      return rv;
+    }
+    if (!keepGoing) {
+      CSTrust_LOG(("CSTrustDomain: don't keep going\n"));
+      break;
+    }
+  }
+
+  return Success;
+}
+
+Result
+CSTrustDomain::CheckRevocation(EndEntityOrCA endEntityOrCA,
+                               const CertID& certID, Time time,
+                               Duration validityDuration,
+                               /*optional*/ const Input* stapledOCSPresponse,
+                               /*optional*/ const Input* aiaExtension)
+{
+  // We're relying solely on the CertBlocklist for revocation - and we're
+  // performing checks on this in GetCertTrust (as per nsNSSCertDBTrustDomain)
+  return Success;
+}
+
+Result
+CSTrustDomain::IsChainValid(const DERArray& certChain, Time time)
+{
+  // Check that our chain is not empty
+  if (certChain.GetLength() == 0) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  return Success;
+}
+
+Result
+CSTrustDomain::CheckSignatureDigestAlgorithm(DigestAlgorithm digestAlg,
+                                             EndEntityOrCA endEntityOrCA,
+                                             Time notBefore)
+{
+  if (digestAlg == DigestAlgorithm::sha1) {
+    return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;
+  }
+  return Success;
+}
+
+Result
+CSTrustDomain::CheckRSAPublicKeyModulusSizeInBits(
+  EndEntityOrCA endEntityOrCA, unsigned int modulusSizeInBits)
+{
+  if (modulusSizeInBits < 2048) {
+    return Result::ERROR_INADEQUATE_KEY_SIZE;
+  }
+  return Success;
+}
+
+Result
+CSTrustDomain::VerifyRSAPKCS1SignedDigest(const SignedDigest& signedDigest,
+                                          Input subjectPublicKeyInfo)
+{
+  return VerifyRSAPKCS1SignedDigestNSS(signedDigest, subjectPublicKeyInfo,
+                                       nullptr);
+}
+
+Result
+CSTrustDomain::CheckECDSACurveIsAcceptable(EndEntityOrCA endEntityOrCA,
+                                           NamedCurve curve)
+{
+  switch (curve) {
+    case NamedCurve::secp256r1: // fall through
+    case NamedCurve::secp384r1: // fall through
+    case NamedCurve::secp521r1:
+      return Success;
+  }
+
+  return Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+}
+
+Result
+CSTrustDomain::VerifyECDSASignedDigest(const SignedDigest& signedDigest,
+                                       Input subjectPublicKeyInfo)
+{
+  return VerifyECDSASignedDigestNSS(signedDigest, subjectPublicKeyInfo,
+                                    nullptr);
+}
+
+Result
+CSTrustDomain::CheckValidityIsAcceptable(Time notBefore, Time notAfter,
+                                         EndEntityOrCA endEntityOrCA,
+                                         KeyPurposeId keyPurpose)
+{
+  return Success;
+}
+
+Result
+CSTrustDomain::NetscapeStepUpMatchesServerAuth(Time notBefore,
+                                               /*out*/ bool& matches)
+{
+  matches = false;
+  return Success;
+}
+
+void
+CSTrustDomain::NoteAuxiliaryExtension(AuxiliaryExtension /*extension*/,
+                                      Input /*extensionData*/)
+{
+}
+
+Result
+CSTrustDomain::DigestBuf(Input item, DigestAlgorithm digestAlg,
+                         /*out*/ uint8_t* digestBuf, size_t digestBufLen)
+{
+  return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen);
+}
+
+} } // end namespace mozilla::psm
diff --git a/security/manager/ssl/CSTrustDomain.h b/security/manager/ssl/CSTrustDomain.h
new file mode 100644
index 000000000..29a82539b
--- /dev/null
+++ b/security/manager/ssl/CSTrustDomain.h
@@ -0,0 +1,80 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CSTrustDomain_h
+#define CSTrustDomain_h
+
+#include "pkix/pkixtypes.h"
+#include "mozilla/StaticMutex.h"
+#include "mozilla/UniquePtr.h"
+#include "nsDebug.h"
+#include "nsICertBlocklist.h"
+#include "nsIX509CertDB.h"
+#include "ScopedNSSTypes.h"
+
+namespace mozilla { namespace psm {
+
+class CSTrustDomain final : public mozilla::pkix::TrustDomain
+{
+public:
+  typedef mozilla::pkix::Result Result;
+
+  explicit CSTrustDomain(UniqueCERTCertList& certChain);
+
+  virtual Result GetCertTrust(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    const mozilla::pkix::CertPolicyId& policy,
+    mozilla::pkix::Input candidateCertDER,
+    /*out*/ mozilla::pkix::TrustLevel& trustLevel) override;
+  virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
+                            IssuerChecker& checker,
+                            mozilla::pkix::Time time) override;
+  virtual Result CheckRevocation(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    const mozilla::pkix::CertID& certID, mozilla::pkix::Time time,
+    mozilla::pkix::Duration validityDuration,
+    /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse,
+    /*optional*/ const mozilla::pkix::Input* aiaExtension) override;
+  virtual Result IsChainValid(const mozilla::pkix::DERArray& certChain,
+                              mozilla::pkix::Time time) override;
+  virtual Result CheckSignatureDigestAlgorithm(
+    mozilla::pkix::DigestAlgorithm digestAlg,
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    mozilla::pkix::Time notBefore) override;
+  virtual Result CheckRSAPublicKeyModulusSizeInBits(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    unsigned int modulusSizeInBits) override;
+  virtual Result VerifyRSAPKCS1SignedDigest(
+    const mozilla::pkix::SignedDigest& signedDigest,
+    mozilla::pkix::Input subjectPublicKeyInfo) override;
+  virtual Result CheckECDSACurveIsAcceptable(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    mozilla::pkix::NamedCurve curve) override;
+  virtual Result VerifyECDSASignedDigest(
+    const mozilla::pkix::SignedDigest& signedDigest,
+    mozilla::pkix::Input subjectPublicKeyInfo) override;
+  virtual Result CheckValidityIsAcceptable(
+    mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter,
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    mozilla::pkix::KeyPurposeId keyPurpose) override;
+  virtual Result NetscapeStepUpMatchesServerAuth(
+    mozilla::pkix::Time notBefore, /*out*/ bool& matches) override;
+  virtual void NoteAuxiliaryExtension(
+    mozilla::pkix::AuxiliaryExtension extension,
+    mozilla::pkix::Input extensionData) override;
+  virtual Result DigestBuf(mozilla::pkix::Input item,
+                           mozilla::pkix::DigestAlgorithm digestAlg,
+                           /*out*/ uint8_t* digestBuf,
+                           size_t digestBufLen) override;
+
+private:
+  /*out*/ UniqueCERTCertList& mCertChain;
+  nsCOMPtr<nsICertBlocklist> mCertBlocklist;
+};
+
+} } // namespace mozilla::psm
+
+#endif // CSTrustDomain_h
diff --git a/security/manager/ssl/CertBlocklist.cpp b/security/manager/ssl/CertBlocklist.cpp
new file mode 100644
index 000000000..56473eca3
--- /dev/null
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -0,0 +1,671 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertBlocklist.h"
+
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRTGlue.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsICryptoHash.h"
+#include "nsIFileStreams.h"
+#include "nsILineInputStream.h"
+#include "nsISafeOutputStream.h"
+#include "nsIX509Cert.h"
+#include "nsNetCID.h"
+#include "nsNetUtil.h"
+#include "nsTHashtable.h"
+#include "nsThreadUtils.h"
+#include "pkix/Input.h"
+#include "prtime.h"
+
+NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+
+#define PREF_BACKGROUND_UPDATE_TIMER "app.update.lastUpdateTime.blocklist-background-update-timer"
+#define PREF_BLOCKLIST_ONECRL_CHECKED "services.blocklist.onecrl.checked"
+#define PREF_MAX_STALENESS_IN_SECONDS "security.onecrl.maximum_staleness_in_seconds"
+#define PREF_ONECRL_VIA_AMO "security.onecrl.via.amo"
+
+static LazyLogModule gCertBlockPRLog("CertBlock");
+
+uint32_t CertBlocklist::sLastBlocklistUpdate = 0U;
+uint32_t CertBlocklist::sLastKintoUpdate = 0U;
+uint32_t CertBlocklist::sMaxStaleness = 0U;
+bool CertBlocklist::sUseAMO = true;
+
+CertBlocklistItem::CertBlocklistItem(const uint8_t* DNData,
+                                     size_t DNLength,
+                                     const uint8_t* otherData,
+                                     size_t otherLength,
+                                     CertBlocklistItemMechanism itemMechanism)
+  : mIsCurrent(false)
+  , mItemMechanism(itemMechanism)
+{
+  mDNData = new uint8_t[DNLength];
+  memcpy(mDNData, DNData, DNLength);
+  mDNLength = DNLength;
+
+  mOtherData = new uint8_t[otherLength];
+  memcpy(mOtherData, otherData, otherLength);
+  mOtherLength = otherLength;
+}
+
+CertBlocklistItem::CertBlocklistItem(const CertBlocklistItem& aItem)
+{
+  mDNLength = aItem.mDNLength;
+  mDNData = new uint8_t[mDNLength];
+  memcpy(mDNData, aItem.mDNData, mDNLength);
+
+  mOtherLength = aItem.mOtherLength;
+  mOtherData = new uint8_t[mOtherLength];
+  memcpy(mOtherData, aItem.mOtherData, mOtherLength);
+
+  mItemMechanism = aItem.mItemMechanism;
+
+  mIsCurrent = aItem.mIsCurrent;
+}
+
+CertBlocklistItem::~CertBlocklistItem()
+{
+  delete[] mDNData;
+  delete[] mOtherData;
+}
+
+nsresult
+CertBlocklistItem::ToBase64(nsACString& b64DNOut, nsACString& b64OtherOut)
+{
+  nsDependentCSubstring DNString(BitwiseCast<char*, uint8_t*>(mDNData),
+                                 mDNLength);
+  nsDependentCSubstring otherString(BitwiseCast<char*, uint8_t*>(mOtherData),
+                                    mOtherLength);
+  nsresult rv = Base64Encode(DNString, b64DNOut);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Base64Encode(otherString, b64OtherOut);
+  return rv;
+}
+
+bool
+CertBlocklistItem::operator==(const CertBlocklistItem& aItem) const
+{
+  if (aItem.mItemMechanism != mItemMechanism) {
+    return false;
+  }
+  if (aItem.mDNLength != mDNLength ||
+      aItem.mOtherLength != mOtherLength) {
+    return false;
+  }
+  return memcmp(aItem.mDNData, mDNData, mDNLength) == 0 &&
+         memcmp(aItem.mOtherData, mOtherData, mOtherLength) == 0;
+}
+
+uint32_t
+CertBlocklistItem::Hash() const
+{
+  uint32_t hash;
+  // there's no requirement for a serial to be as large as the size of the hash
+  // key; if it's smaller, fall back to the first octet (otherwise, the last
+  // four)
+  if (mItemMechanism == BlockByIssuerAndSerial &&
+      mOtherLength >= sizeof(hash)) {
+    memcpy(&hash, mOtherData + mOtherLength - sizeof(hash), sizeof(hash));
+  } else {
+    hash = *mOtherData;
+  }
+  return hash;
+}
+
+CertBlocklist::CertBlocklist()
+  : mMutex("CertBlocklist::mMutex")
+  , mModified(false)
+  , mBackingFileIsInitialized(false)
+  , mBackingFile(nullptr)
+{
+}
+
+CertBlocklist::~CertBlocklist()
+{
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_BACKGROUND_UPDATE_TIMER,
+                                  this);
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_MAX_STALENESS_IN_SECONDS,
+                                  this);
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_ONECRL_VIA_AMO,
+                                  this);
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_BLOCKLIST_ONECRL_CHECKED,
+                                  this);
+}
+
+nsresult
+CertBlocklist::Init()
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, ("CertBlocklist::Init"));
+
+  // Init must be on main thread for getting the profile directory
+  if (!NS_IsMainThread()) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::Init - called off main thread"));
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  // Register preference callbacks
+  nsresult rv =
+      Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                           PREF_BACKGROUND_UPDATE_TIMER,
+                                           this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                            PREF_MAX_STALENESS_IN_SECONDS,
+                                            this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                            PREF_ONECRL_VIA_AMO,
+                                            this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                            PREF_BLOCKLIST_ONECRL_CHECKED,
+                                            this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Get the profile directory
+  rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                              getter_AddRefs(mBackingFile));
+  if (NS_FAILED(rv) || !mBackingFile) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::Init - couldn't get profile dir"));
+    // Since we're returning NS_OK here, set mBackingFile to a safe value.
+    // (We need initialization to succeed and CertBlocklist to be in a
+    // well-defined state if the profile directory doesn't exist.)
+    mBackingFile = nullptr;
+    return NS_OK;
+  }
+  rv = mBackingFile->Append(NS_LITERAL_STRING("revocations.txt"));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsAutoCString path;
+  rv = mBackingFile->GetNativePath(path);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::Init certList path: %s", path.get()));
+
+  return NS_OK;
+}
+
+nsresult
+CertBlocklist::EnsureBackingFileInitialized(MutexAutoLock& lock)
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::EnsureBackingFileInitialized"));
+  if (mBackingFileIsInitialized || !mBackingFile) {
+    return NS_OK;
+  }
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::EnsureBackingFileInitialized - not initialized"));
+
+  bool exists = false;
+  nsresult rv = mBackingFile->Exists(&exists);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!exists) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::EnsureBackingFileInitialized no revocations file"));
+    return NS_OK;
+  }
+
+  // Load the revocations file into the cert blocklist
+  nsCOMPtr<nsIFileInputStream> fileStream(
+      do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = fileStream->Init(mBackingFile, -1, -1, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsILineInputStream> lineStream(do_QueryInterface(fileStream, &rv));
+  nsAutoCString line;
+  nsAutoCString DN;
+  nsAutoCString other;
+  CertBlocklistItemMechanism mechanism;
+  // read in the revocations file. The file format is as follows: each line
+  // contains a comment, base64 encoded DER for a DN, base64 encoded DER for a
+  // serial number or a Base64 encoded SHA256 hash of a public key. Comment
+  // lines start with '#', serial number lines, ' ' (a space), public key hashes
+  // with '\t' (a tab) and anything else is assumed to be a DN.
+  bool more = true;
+  do {
+    rv = lineStream->ReadLine(line, &more);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+    // ignore comments and empty lines
+    if (line.IsEmpty() || line.First() == '#') {
+      continue;
+    }
+    if (line.First() != ' ' && line.First() != '\t') {
+      DN = line;
+      continue;
+    }
+    other = line;
+    if (line.First() == ' ') {
+      mechanism = BlockByIssuerAndSerial;
+    } else {
+      mechanism = BlockBySubjectAndPubKey;
+    }
+    other.Trim(" \t", true, false, false);
+    // Serial numbers and public key hashes 'belong' to the last DN line seen;
+    // if no DN has been seen, the serial number or public key hash is ignored.
+    if (DN.IsEmpty() || other.IsEmpty()) {
+      continue;
+    }
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::EnsureBackingFileInitialized adding: %s %s",
+            DN.get(), other.get()));
+
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::EnsureBackingFileInitialized - pre-decode"));
+
+    rv = AddRevokedCertInternal(DN, other, mechanism, CertOldFromLocalCache,
+                                lock);
+
+    if (NS_FAILED(rv)) {
+      // we warn here, rather than abandoning, since we need to
+      // ensure that as many items as possible are read
+      MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+             ("CertBlocklist::EnsureBackingFileInitialized adding revoked cert "
+              "failed"));
+    }
+  } while (more);
+  mBackingFileIsInitialized = true;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CertBlocklist::RevokeCertBySubjectAndPubKey(const char* aSubject,
+                                            const char* aPubKeyHash)
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::RevokeCertBySubjectAndPubKey - subject is: %s and pubKeyHash: %s",
+          aSubject, aPubKeyHash));
+  MutexAutoLock lock(mMutex);
+
+  return AddRevokedCertInternal(nsDependentCString(aSubject),
+                                nsDependentCString(aPubKeyHash),
+                                BlockBySubjectAndPubKey,
+                                CertNewFromBlocklist, lock);
+}
+
+NS_IMETHODIMP
+CertBlocklist::RevokeCertByIssuerAndSerial(const char* aIssuer,
+                                           const char* aSerialNumber)
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::RevokeCertByIssuerAndSerial - issuer is: %s and serial: %s",
+          aIssuer, aSerialNumber));
+  MutexAutoLock lock(mMutex);
+
+  return AddRevokedCertInternal(nsDependentCString(aIssuer),
+                                nsDependentCString(aSerialNumber),
+                                BlockByIssuerAndSerial,
+                                CertNewFromBlocklist, lock);
+}
+
+nsresult
+CertBlocklist::AddRevokedCertInternal(const nsACString& aEncodedDN,
+                                      const nsACString& aEncodedOther,
+                                      CertBlocklistItemMechanism aMechanism,
+                                      CertBlocklistItemState aItemState,
+                                      MutexAutoLock& /*proofOfLock*/)
+{
+  nsCString decodedDN;
+  nsCString decodedOther;
+
+  nsresult rv = Base64Decode(aEncodedDN, decodedDN);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Base64Decode(aEncodedOther, decodedOther);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  CertBlocklistItem item(
+    BitwiseCast<const uint8_t*, const char*>(decodedDN.get()),
+    decodedDN.Length(),
+    BitwiseCast<const uint8_t*, const char*>(decodedOther.get()),
+    decodedOther.Length(),
+    aMechanism);
+
+  if (aItemState == CertNewFromBlocklist) {
+    // We want SaveEntries to be a no-op if no new entries are added.
+    nsGenericHashKey<CertBlocklistItem>* entry = mBlocklist.GetEntry(item);
+    if (!entry) {
+      mModified = true;
+    } else {
+      // Ensure that any existing item is replaced by a fresh one so we can
+      // use mIsCurrent to decide which entries to write out.
+      mBlocklist.RemoveEntry(entry);
+    }
+    item.mIsCurrent = true;
+  }
+  mBlocklist.PutEntry(item);
+
+  return NS_OK;
+}
+
+// Write a line for a given string in the output stream
+nsresult
+WriteLine(nsIOutputStream* outputStream, const nsACString& string)
+{
+  nsAutoCString line(string);
+  line.Append('\n');
+
+  const char* data = line.get();
+  uint32_t length = line.Length();
+  nsresult rv = NS_OK;
+  while (NS_SUCCEEDED(rv) && length) {
+    uint32_t bytesWritten = 0;
+    rv = outputStream->Write(data, length, &bytesWritten);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // if no data is written, something is wrong
+    if (!bytesWritten) {
+      return NS_ERROR_FAILURE;
+    }
+    length -= bytesWritten;
+    data += bytesWritten;
+  }
+  return rv;
+}
+
+// void saveEntries();
+// Store the blockist in a text file containing base64 encoded issuers and
+// serial numbers.
+//
+// Each item is stored on a separate line; each issuer is followed by its
+// revoked serial numbers, indented by one space.
+//
+// lines starting with a # character are ignored
+NS_IMETHODIMP
+CertBlocklist::SaveEntries()
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+      ("CertBlocklist::SaveEntries - not initialized"));
+  MutexAutoLock lock(mMutex);
+  if (!mModified) {
+    return NS_OK;
+  }
+
+  nsresult rv = EnsureBackingFileInitialized(lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!mBackingFile) {
+    // We allow this to succeed with no profile directory for tests
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::SaveEntries no file in profile to write to"));
+    return NS_OK;
+  }
+
+  // Data needed for writing blocklist items out to the revocations file
+  IssuerTable issuerTable;
+  BlocklistStringSet issuers;
+  nsCOMPtr<nsIOutputStream> outputStream;
+
+  rv = NS_NewAtomicFileOutputStream(getter_AddRefs(outputStream),
+                                    mBackingFile, -1, -1, 0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = WriteLine(outputStream,
+                 NS_LITERAL_CSTRING("# Auto generated contents. Do not edit."));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Sort blocklist items into lists of serials for each issuer
+  for (auto iter = mBlocklist.Iter(); !iter.Done(); iter.Next()) {
+    CertBlocklistItem item = iter.Get()->GetKey();
+    if (!item.mIsCurrent) {
+      continue;
+    }
+
+    nsAutoCString encDN;
+    nsAutoCString encOther;
+
+    nsresult rv = item.ToBase64(encDN, encOther);
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+             ("CertBlocklist::SaveEntries writing revocation data failed"));
+      return NS_ERROR_FAILURE;
+    }
+
+    // If it's a subject / public key block, write it straight out
+    if (item.mItemMechanism == BlockBySubjectAndPubKey) {
+      WriteLine(outputStream, encDN);
+      WriteLine(outputStream, NS_LITERAL_CSTRING("\t") + encOther);
+      continue;
+    }
+
+    // Otherwise, we have to group entries by issuer
+    issuers.PutEntry(encDN);
+    BlocklistStringSet* issuerSet = issuerTable.Get(encDN);
+    if (!issuerSet) {
+      issuerSet = new BlocklistStringSet();
+      issuerTable.Put(encDN, issuerSet);
+    }
+    issuerSet->PutEntry(encOther);
+  }
+
+  for (auto iter = issuers.Iter(); !iter.Done(); iter.Next()) {
+    nsCStringHashKey* hashKey = iter.Get();
+    nsAutoPtr<BlocklistStringSet> issuerSet;
+    issuerTable.RemoveAndForget(hashKey->GetKey(), issuerSet);
+
+    nsresult rv = WriteLine(outputStream, hashKey->GetKey());
+    if (NS_FAILED(rv)) {
+      break;
+    }
+
+    // Write serial data to the output stream
+    for (auto iter = issuerSet->Iter(); !iter.Done(); iter.Next()) {
+      nsresult rv = WriteLine(outputStream,
+                              NS_LITERAL_CSTRING(" ") + iter.Get()->GetKey());
+      if (NS_FAILED(rv)) {
+        MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+               ("CertBlocklist::SaveEntries writing revocation data failed"));
+        return NS_ERROR_FAILURE;
+      }
+    }
+  }
+
+  nsCOMPtr<nsISafeOutputStream> safeStream = do_QueryInterface(outputStream);
+  NS_ASSERTION(safeStream, "expected a safe output stream!");
+  if (!safeStream) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = safeStream->Finish();
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::SaveEntries saving revocation data failed"));
+    return rv;
+  }
+  mModified = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CertBlocklist::IsCertRevoked(const uint8_t* aIssuer,
+                             uint32_t aIssuerLength,
+                             const uint8_t* aSerial,
+                             uint32_t aSerialLength,
+                             const uint8_t* aSubject,
+                             uint32_t aSubjectLength,
+                             const uint8_t* aPubKey,
+                             uint32_t aPubKeyLength,
+                             bool* _retval)
+{
+  MutexAutoLock lock(mMutex);
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked?"));
+  nsresult rv = EnsureBackingFileInitialized(lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  Input issuer;
+  Input serial;
+  if (issuer.Init(aIssuer, aIssuerLength) != Success) {
+    return NS_ERROR_FAILURE;
+  }
+  if (serial.Init(aSerial, aSerialLength) != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  CertBlocklistItem issuerSerial(aIssuer, aIssuerLength, aSerial, aSerialLength,
+                                 BlockByIssuerAndSerial);
+
+  nsAutoCString encDN;
+  nsAutoCString encOther;
+
+  issuerSerial.ToBase64(encDN, encOther);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked issuer %s - serial %s",
+           encDN.get(), encOther.get()));
+
+  *_retval = mBlocklist.Contains(issuerSerial);
+
+  if (*_retval) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+            ("certblocklist::IsCertRevoked found by issuer / serial"));
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsICryptoHash> crypto;
+  crypto = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
+
+  rv = crypto->Init(nsICryptoHash::SHA256);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = crypto->Update(aPubKey, aPubKeyLength);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCString hashString;
+  rv = crypto->Finish(false, hashString);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  CertBlocklistItem subjectPubKey(
+    aSubject,
+    static_cast<size_t>(aSubjectLength),
+    BitwiseCast<const uint8_t*, const char*>(hashString.get()),
+    hashString.Length(),
+    BlockBySubjectAndPubKey);
+
+  rv = subjectPubKey.ToBase64(encDN, encOther);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked subject %s - pubKey hash %s",
+           encDN.get(), encOther.get()));
+  *_retval = mBlocklist.Contains(subjectPubKey);
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked by subject / pubkey? %s",
+           *_retval ? "true" : "false"));
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CertBlocklist::IsBlocklistFresh(bool* _retval)
+{
+  MutexAutoLock lock(mMutex);
+  *_retval = false;
+
+  uint32_t now = uint32_t(PR_Now() / PR_USEC_PER_SEC);
+  uint32_t lastUpdate = sUseAMO ? sLastBlocklistUpdate : sLastKintoUpdate;
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsBlocklistFresh using AMO? %i lastUpdate is %i",
+           sUseAMO, lastUpdate));
+
+  if (now > lastUpdate) {
+    int64_t interval = now - lastUpdate;
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::IsBlocklistFresh we're after the last BlocklistUpdate "
+            "interval is %i, staleness %u", interval, sMaxStaleness));
+    *_retval = sMaxStaleness > interval;
+  }
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+         ("CertBlocklist::IsBlocklistFresh ? %s", *_retval ? "true" : "false"));
+  return NS_OK;
+}
+
+
+/* static */
+void
+CertBlocklist::PreferenceChanged(const char* aPref, void* aClosure)
+
+{
+  auto blocklist = static_cast<CertBlocklist*>(aClosure);
+  MutexAutoLock lock(blocklist->mMutex);
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+         ("CertBlocklist::PreferenceChanged %s changed", aPref));
+  if (strcmp(aPref, PREF_BACKGROUND_UPDATE_TIMER) == 0) {
+    sLastBlocklistUpdate = Preferences::GetUint(PREF_BACKGROUND_UPDATE_TIMER,
+                                                uint32_t(0));
+  } else if (strcmp(aPref, PREF_BLOCKLIST_ONECRL_CHECKED) == 0) {
+    sLastKintoUpdate = Preferences::GetUint(PREF_BLOCKLIST_ONECRL_CHECKED,
+                                            uint32_t(0));
+  } else if (strcmp(aPref, PREF_MAX_STALENESS_IN_SECONDS) == 0) {
+    sMaxStaleness = Preferences::GetUint(PREF_MAX_STALENESS_IN_SECONDS,
+                                         uint32_t(0));
+  } else if (strcmp(aPref, PREF_ONECRL_VIA_AMO) == 0) {
+    sUseAMO = Preferences::GetBool(PREF_ONECRL_VIA_AMO, true);
+  }
+}
diff --git a/security/manager/ssl/CertBlocklist.h b/security/manager/ssl/CertBlocklist.h
new file mode 100644
index 000000000..60f675cd8
--- /dev/null
+++ b/security/manager/ssl/CertBlocklist.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CertBlocklist_h
+#define CertBlocklist_h
+
+#include "mozilla/Mutex.h"
+#include "nsClassHashtable.h"
+#include "nsCOMPtr.h"
+#include "nsICertBlocklist.h"
+#include "nsIOutputStream.h"
+#include "nsTHashtable.h"
+#include "nsIX509CertDB.h"
+#include "pkix/Input.h"
+
+#define NS_CERT_BLOCKLIST_CID \
+{0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} }
+
+enum CertBlocklistItemMechanism {
+  BlockByIssuerAndSerial,
+  BlockBySubjectAndPubKey
+};
+
+enum CertBlocklistItemState {
+  CertNewFromBlocklist,
+  CertOldFromLocalCache
+};
+
+class CertBlocklistItem
+{
+public:
+  CertBlocklistItem(const uint8_t*  DNData, size_t DNLength,
+                    const uint8_t* otherData, size_t otherLength,
+                    CertBlocklistItemMechanism itemMechanism);
+  CertBlocklistItem(const CertBlocklistItem& aItem);
+  ~CertBlocklistItem();
+  nsresult ToBase64(nsACString& b64IssuerOut, nsACString& b64SerialOut);
+  bool operator==(const CertBlocklistItem& aItem) const;
+  uint32_t Hash() const;
+  bool mIsCurrent;
+  CertBlocklistItemMechanism mItemMechanism;
+
+private:
+  size_t mDNLength;
+  uint8_t* mDNData;
+  size_t mOtherLength;
+  uint8_t* mOtherData;
+};
+
+typedef nsGenericHashKey<CertBlocklistItem> BlocklistItemKey;
+typedef nsTHashtable<BlocklistItemKey> BlocklistTable;
+typedef nsTHashtable<nsCStringHashKey> BlocklistStringSet;
+typedef nsClassHashtable<nsCStringHashKey, BlocklistStringSet> IssuerTable;
+
+class CertBlocklist : public nsICertBlocklist
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTBLOCKLIST
+  CertBlocklist();
+  nsresult Init();
+
+private:
+  BlocklistTable mBlocklist;
+  nsresult AddRevokedCertInternal(const nsACString& aEncodedDN,
+                                  const nsACString& aEncodedOther,
+                                  CertBlocklistItemMechanism aMechanism,
+                                  CertBlocklistItemState aItemState,
+                                  mozilla::MutexAutoLock& /*proofOfLock*/);
+  mozilla::Mutex mMutex;
+  bool mModified;
+  bool mBackingFileIsInitialized;
+  // call EnsureBackingFileInitialized before operations that read or
+  // modify CertBlocklist data
+  nsresult EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock);
+  nsCOMPtr<nsIFile> mBackingFile;
+
+protected:
+  static void PreferenceChanged(const char* aPref, void* aClosure);
+  static uint32_t sLastBlocklistUpdate;
+  static uint32_t sLastKintoUpdate;
+  static uint32_t sMaxStaleness;
+  static bool sUseAMO;
+  virtual ~CertBlocklist();
+};
+
+#endif // CertBlocklist_h
diff --git a/security/manager/ssl/ContentSignatureVerifier.cpp b/security/manager/ssl/ContentSignatureVerifier.cpp
new file mode 100644
index 000000000..bdeb3f264
--- /dev/null
+++ b/security/manager/ssl/ContentSignatureVerifier.cpp
@@ -0,0 +1,562 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ContentSignatureVerifier.h"
+
+#include "BRNameMatchingPolicy.h"
+#include "SharedCertVerifier.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsContentUtils.h"
+#include "nsISupportsPriority.h"
+#include "nsIURI.h"
+#include "nsNSSComponent.h"
+#include "nsSecurityHeaderParser.h"
+#include "nsStreamUtils.h"
+#include "nsWhitespaceTokenizer.h"
+#include "nsXPCOMStrings.h"
+#include "nssb64.h"
+#include "pkix/pkix.h"
+#include "pkix/pkixtypes.h"
+#include "secerr.h"
+
+NS_IMPL_ISUPPORTS(ContentSignatureVerifier,
+                  nsIContentSignatureVerifier,
+                  nsIInterfaceRequestor,
+                  nsIStreamListener)
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+static LazyLogModule gCSVerifierPRLog("ContentSignatureVerifier");
+#define CSVerifier_LOG(args) MOZ_LOG(gCSVerifierPRLog, LogLevel::Debug, args)
+
+// Content-Signature prefix
+const nsLiteralCString kPREFIX = NS_LITERAL_CSTRING("Content-Signature:\x00");
+
+ContentSignatureVerifier::~ContentSignatureVerifier()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::VerifyContentSignature(
+  const nsACString& aData, const nsACString& aCSHeader,
+  const nsACString& aCertChain, const nsACString& aName, bool* _retval)
+{
+  NS_ENSURE_ARG(_retval);
+  nsresult rv = CreateContext(aData, aCSHeader, aCertChain, aName);
+  if (NS_FAILED(rv)) {
+    *_retval = false;
+    CSVerifier_LOG(("CSVerifier: Signature verification failed\n"));
+    if (rv == NS_ERROR_INVALID_SIGNATURE) {
+      return NS_OK;
+    }
+    return rv;
+  }
+
+  return End(_retval);
+}
+
+bool
+IsNewLine(char16_t c)
+{
+  return c == '\n' || c == '\r';
+}
+
+nsresult
+ReadChainIntoCertList(const nsACString& aCertChain, CERTCertList* aCertList,
+                      const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  bool inBlock = false;
+  bool certFound = false;
+
+  const nsCString header = NS_LITERAL_CSTRING("-----BEGIN CERTIFICATE-----");
+  const nsCString footer = NS_LITERAL_CSTRING("-----END CERTIFICATE-----");
+
+  nsCWhitespaceTokenizerTemplate<IsNewLine> tokenizer(aCertChain);
+
+  nsAutoCString blockData;
+  while (tokenizer.hasMoreTokens()) {
+    nsDependentCSubstring token = tokenizer.nextToken();
+    if (token.IsEmpty()) {
+      continue;
+    }
+    if (inBlock) {
+      if (token.Equals(footer)) {
+        inBlock = false;
+        certFound = true;
+        // base64 decode data, make certs, append to chain
+        ScopedAutoSECItem der;
+        if (!NSSBase64_DecodeBuffer(nullptr, &der, blockData.BeginReading(),
+                                    blockData.Length())) {
+          CSVerifier_LOG(("CSVerifier: decoding the signature failed\n"));
+          return NS_ERROR_FAILURE;
+        }
+        UniqueCERTCertificate tmpCert(
+          CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der, nullptr, false,
+                                  true));
+        if (!tmpCert) {
+          return NS_ERROR_FAILURE;
+        }
+        // if adding tmpCert succeeds, tmpCert will now be owned by aCertList
+        SECStatus res = CERT_AddCertToListTail(aCertList, tmpCert.get());
+        if (res != SECSuccess) {
+          return MapSECStatus(res);
+        }
+        Unused << tmpCert.release();
+      } else {
+        blockData.Append(token);
+      }
+    } else if (token.Equals(header)) {
+      inBlock = true;
+      blockData = "";
+    }
+  }
+  if (inBlock || !certFound) {
+    // the PEM data did not end; bad data.
+    CSVerifier_LOG(("CSVerifier: supplied chain contains bad data\n"));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult
+ContentSignatureVerifier::CreateContextInternal(const nsACString& aData,
+                                                const nsACString& aCertChain,
+                                                const nsACString& aName)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertList certCertList(CERT_NewCertList());
+  if (!certCertList) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  nsresult rv = ReadChainIntoCertList(aCertChain, certCertList.get(), locker);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  CERTCertListNode* node = CERT_LIST_HEAD(certCertList.get());
+  if (!node || CERT_LIST_END(node, certCertList.get()) || !node->cert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  SECItem* certSecItem = &node->cert->derCert;
+
+  Input certDER;
+  mozilla::pkix::Result result =
+    certDER.Init(BitwiseCast<uint8_t*, unsigned char*>(certSecItem->data),
+                 certSecItem->len);
+  if (result != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+
+  // Check the signerCert chain is good
+  CSTrustDomain trustDomain(certCertList);
+  result = BuildCertChain(trustDomain, certDER, Now(),
+                          EndEntityOrCA::MustBeEndEntity,
+                          KeyUsage::noParticularKeyUsageRequired,
+                          KeyPurposeId::id_kp_codeSigning,
+                          CertPolicyId::anyPolicy,
+                          nullptr/*stapledOCSPResponse*/);
+  if (result != Success) {
+    // if there was a library error, return an appropriate error
+    if (IsFatalError(result)) {
+      return NS_ERROR_FAILURE;
+    }
+    // otherwise, assume the signature was invalid
+    CSVerifier_LOG(("CSVerifier: The supplied chain is bad\n"));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  // Check the SAN
+  Input hostnameInput;
+
+  result = hostnameInput.Init(
+    BitwiseCast<const uint8_t*, const char*>(aName.BeginReading()),
+    aName.Length());
+  if (result != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  BRNameMatchingPolicy nameMatchingPolicy(BRNameMatchingPolicy::Mode::Enforce);
+  result = CheckCertHostname(certDER, hostnameInput, nameMatchingPolicy);
+  if (result != Success) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  mKey.reset(CERT_ExtractPublicKey(node->cert));
+
+  // in case we were not able to extract a key
+  if (!mKey) {
+    CSVerifier_LOG(("CSVerifier: unable to extract a key\n"));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  // Base 64 decode the signature
+  ScopedAutoSECItem rawSignatureItem;
+  if (!NSSBase64_DecodeBuffer(nullptr, &rawSignatureItem, mSignature.get(),
+                              mSignature.Length())) {
+    CSVerifier_LOG(("CSVerifier: decoding the signature failed\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // get signature object
+  ScopedAutoSECItem signatureItem;
+  // We have a raw ecdsa signature r||s so we have to DER-encode it first
+  // Note that we have to check rawSignatureItem->len % 2 here as
+  // DSAU_EncodeDerSigWithLen asserts this
+  if (rawSignatureItem.len == 0 || rawSignatureItem.len % 2 != 0) {
+    CSVerifier_LOG(("CSVerifier: signature length is bad\n"));
+    return NS_ERROR_FAILURE;
+  }
+  if (DSAU_EncodeDerSigWithLen(&signatureItem, &rawSignatureItem,
+                               rawSignatureItem.len) != SECSuccess) {
+    CSVerifier_LOG(("CSVerifier: encoding the signature failed\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // this is the only OID we support for now
+  SECOidTag oid = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
+
+  mCx = UniqueVFYContext(
+    VFY_CreateContext(mKey.get(), &signatureItem, oid, nullptr));
+  if (!mCx) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  if (VFY_Begin(mCx.get()) != SECSuccess) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  rv = UpdateInternal(kPREFIX, locker);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // add data if we got any
+  return UpdateInternal(aData, locker);
+}
+
+nsresult
+ContentSignatureVerifier::DownloadCertChain()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  if (mCertChainURL.IsEmpty()) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  nsCOMPtr<nsIURI> certChainURI;
+  nsresult rv = NS_NewURI(getter_AddRefs(certChainURI), mCertChainURL);
+  if (NS_FAILED(rv) || !certChainURI) {
+    return rv;
+  }
+
+  // If the address is not https, fail.
+  bool isHttps = false;
+  rv = certChainURI->SchemeIs("https", &isHttps);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!isHttps) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  rv = NS_NewChannel(getter_AddRefs(mChannel), certChainURI,
+                     nsContentUtils::GetSystemPrincipal(),
+                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                     nsIContentPolicy::TYPE_OTHER);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // we need this chain soon
+  nsCOMPtr<nsISupportsPriority> priorityChannel = do_QueryInterface(mChannel);
+  if (priorityChannel) {
+    priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST);
+  }
+
+  rv = mChannel->AsyncOpen2(this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+// Create a context for content signature verification using CreateContext below.
+// This function doesn't require a cert chain to be passed, but instead aCSHeader
+// must contain an x5u value that is then used to download the cert chain.
+NS_IMETHODIMP
+ContentSignatureVerifier::CreateContextWithoutCertChain(
+  nsIContentSignatureReceiverCallback *aCallback, const nsACString& aCSHeader,
+  const nsACString& aName)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(aCallback);
+  if (mInitialised) {
+    return NS_ERROR_ALREADY_INITIALIZED;
+  }
+  mInitialised = true;
+
+  // we get the raw content-signature header here, so first parse aCSHeader
+  nsresult rv = ParseContentSignatureHeader(aCSHeader);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mCallback = aCallback;
+  mName.Assign(aName);
+
+  // We must download the cert chain now.
+  // This is async and blocks createContextInternal calls.
+  return DownloadCertChain();
+}
+
+// Create a context for a content signature verification.
+// It sets signature, certificate chain and name that should be used to verify
+// the data. The data parameter is the first part of the data to verify (this
+// can be the empty string).
+NS_IMETHODIMP
+ContentSignatureVerifier::CreateContext(const nsACString& aData,
+                                        const nsACString& aCSHeader,
+                                        const nsACString& aCertChain,
+                                        const nsACString& aName)
+{
+  if (mInitialised) {
+    return NS_ERROR_ALREADY_INITIALIZED;
+  }
+  mInitialised = true;
+  // The cert chain is given in aCertChain so we don't have to download anything.
+  mHasCertChain = true;
+
+  // we get the raw content-signature header here, so first parse aCSHeader
+  nsresult rv = ParseContentSignatureHeader(aCSHeader);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return CreateContextInternal(aData, aCertChain, aName);
+}
+
+nsresult
+ContentSignatureVerifier::UpdateInternal(
+  const nsACString& aData, const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  if (!aData.IsEmpty()) {
+    if (VFY_Update(mCx.get(), (const unsigned char*)nsPromiseFlatCString(aData).get(),
+                   aData.Length()) != SECSuccess){
+      return NS_ERROR_INVALID_SIGNATURE;
+    }
+  }
+  return NS_OK;
+}
+
+/**
+ * Add data to the context that shold be verified.
+ */
+NS_IMETHODIMP
+ContentSignatureVerifier::Update(const nsACString& aData)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // If we didn't create the context yet, bail!
+  if (!mHasCertChain) {
+    MOZ_ASSERT_UNREACHABLE(
+      "Someone called ContentSignatureVerifier::Update before "
+      "downloading the cert chain.");
+    return NS_ERROR_FAILURE;
+  }
+
+  return UpdateInternal(aData, locker);
+}
+
+/**
+ * Finish signature verification and return the result in _retval.
+ */
+NS_IMETHODIMP
+ContentSignatureVerifier::End(bool* _retval)
+{
+  NS_ENSURE_ARG(_retval);
+  MOZ_ASSERT(NS_IsMainThread());
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // If we didn't create the context yet, bail!
+  if (!mHasCertChain) {
+    MOZ_ASSERT_UNREACHABLE(
+      "Someone called ContentSignatureVerifier::End before "
+      "downloading the cert chain.");
+    return NS_ERROR_FAILURE;
+  }
+
+  *_retval = (VFY_End(mCx.get()) == SECSuccess);
+
+  return NS_OK;
+}
+
+nsresult
+ContentSignatureVerifier::ParseContentSignatureHeader(
+  const nsACString& aContentSignatureHeader)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  // We only support p384 ecdsa according to spec
+  NS_NAMED_LITERAL_CSTRING(signature_var, "p384ecdsa");
+  NS_NAMED_LITERAL_CSTRING(certChainURL_var, "x5u");
+
+  nsSecurityHeaderParser parser(aContentSignatureHeader.BeginReading());
+  nsresult rv = parser.Parse();
+  if (NS_FAILED(rv)) {
+    CSVerifier_LOG(("CSVerifier: could not parse ContentSignature header\n"));
+    return NS_ERROR_FAILURE;
+  }
+  LinkedList<nsSecurityHeaderDirective>* directives = parser.GetDirectives();
+
+  for (nsSecurityHeaderDirective* directive = directives->getFirst();
+       directive != nullptr; directive = directive->getNext()) {
+    CSVerifier_LOG(("CSVerifier: found directive %s\n", directive->mName.get()));
+    if (directive->mName.Length() == signature_var.Length() &&
+        directive->mName.EqualsIgnoreCase(signature_var.get(),
+                                          signature_var.Length())) {
+      if (!mSignature.IsEmpty()) {
+        CSVerifier_LOG(("CSVerifier: found two ContentSignatures\n"));
+        return NS_ERROR_INVALID_SIGNATURE;
+      }
+
+      CSVerifier_LOG(("CSVerifier: found a ContentSignature directive\n"));
+      mSignature = directive->mValue;
+    }
+    if (directive->mName.Length() == certChainURL_var.Length() &&
+        directive->mName.EqualsIgnoreCase(certChainURL_var.get(),
+                                          certChainURL_var.Length())) {
+      if (!mCertChainURL.IsEmpty()) {
+        CSVerifier_LOG(("CSVerifier: found two x5u values\n"));
+        return NS_ERROR_INVALID_SIGNATURE;
+      }
+
+      CSVerifier_LOG(("CSVerifier: found an x5u directive\n"));
+      mCertChainURL = directive->mValue;
+    }
+  }
+
+  // we have to ensure that we found a signature at this point
+  if (mSignature.IsEmpty()) {
+    CSVerifier_LOG(("CSVerifier: got a Content-Signature header but didn't find a signature.\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Bug 769521: We have to change b64 url to regular encoding as long as we
+  // don't have a b64 url decoder. This should change soon, but in the meantime
+  // we have to live with this.
+  mSignature.ReplaceChar('-', '+');
+  mSignature.ReplaceChar('_', '/');
+
+  return NS_OK;
+}
+
+/* nsIStreamListener implementation */
+
+NS_IMETHODIMP
+ContentSignatureVerifier::OnStartRequest(nsIRequest* aRequest,
+                                         nsISupports* aContext)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::OnStopRequest(nsIRequest* aRequest,
+                                        nsISupports* aContext, nsresult aStatus)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsCOMPtr<nsIContentSignatureReceiverCallback> callback;
+  callback.swap(mCallback);
+  nsresult rv;
+
+  // Check HTTP status code and return if it's not 200.
+  nsCOMPtr<nsIHttpChannel> http = do_QueryInterface(aRequest, &rv);
+  uint32_t httpResponseCode;
+  if (NS_FAILED(rv) || NS_FAILED(http->GetResponseStatus(&httpResponseCode)) ||
+      httpResponseCode != 200) {
+    callback->ContextCreated(false);
+    return NS_OK;
+  }
+
+  if (NS_FAILED(aStatus)) {
+    callback->ContextCreated(false);
+    return NS_OK;
+  }
+
+  nsAutoCString certChain;
+  for (uint32_t i = 0; i < mCertChain.Length(); ++i) {
+    certChain.Append(mCertChain[i]);
+  }
+
+  // We got the cert chain now. Let's create the context.
+  rv = CreateContextInternal(NS_LITERAL_CSTRING(""), certChain, mName);
+  if (NS_FAILED(rv)) {
+    callback->ContextCreated(false);
+    return NS_OK;
+  }
+
+  mHasCertChain = true;
+  callback->ContextCreated(true);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::OnDataAvailable(nsIRequest* aRequest,
+                                          nsISupports* aContext,
+                                          nsIInputStream* aInputStream,
+                                          uint64_t aOffset, uint32_t aCount)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsAutoCString buffer;
+
+  nsresult rv = NS_ConsumeStream(aInputStream, aCount, buffer);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!mCertChain.AppendElement(buffer, fallible)) {
+    mCertChain.TruncateLength(0);
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::GetInterface(const nsIID& uuid, void** result)
+{
+  return QueryInterface(uuid, result);
+}
diff --git a/security/manager/ssl/ContentSignatureVerifier.h b/security/manager/ssl/ContentSignatureVerifier.h
new file mode 100644
index 000000000..c3b8d762d
--- /dev/null
+++ b/security/manager/ssl/ContentSignatureVerifier.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#ifndef ContentSignatureVerifier_h
+#define ContentSignatureVerifier_h
+
+#include "cert.h"
+#include "CSTrustDomain.h"
+#include "nsIContentSignatureVerifier.h"
+#include "nsIStreamListener.h"
+#include "nsNSSShutDown.h"
+#include "ScopedNSSTypes.h"
+
+// 45a5fe2f-c350-4b86-962d-02d5aaaa955a
+#define NS_CONTENTSIGNATUREVERIFIER_CID \
+  { 0x45a5fe2f, 0xc350, 0x4b86, \
+    { 0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a } }
+#define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \
+    "@mozilla.org/security/contentsignatureverifier;1"
+
+class ContentSignatureVerifier final : public nsIContentSignatureVerifier
+                                     , public nsIStreamListener
+                                     , public nsNSSShutDownObject
+                                     , public nsIInterfaceRequestor
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICONTENTSIGNATUREVERIFIER
+  NS_DECL_NSIINTERFACEREQUESTOR
+  NS_DECL_NSISTREAMLISTENER
+  NS_DECL_NSIREQUESTOBSERVER
+
+  ContentSignatureVerifier()
+    : mCx(nullptr)
+    , mInitialised(false)
+    , mHasCertChain(false)
+  {
+  }
+
+  // nsNSSShutDownObject
+  virtual void virtualDestroyNSSReference() override
+  {
+    destructorSafeDestroyNSSReference();
+  }
+
+private:
+  ~ContentSignatureVerifier();
+
+  nsresult UpdateInternal(const nsACString& aData,
+                          const nsNSSShutDownPreventionLock& /*proofOfLock*/);
+  nsresult DownloadCertChain();
+  nsresult CreateContextInternal(const nsACString& aData,
+                                 const nsACString& aCertChain,
+                                 const nsACString& aName);
+
+  void destructorSafeDestroyNSSReference()
+  {
+    mCx = nullptr;
+    mKey = nullptr;
+  }
+
+  nsresult ParseContentSignatureHeader(const nsACString& aContentSignatureHeader);
+
+  // verifier context for incremental verifications
+  mozilla::UniqueVFYContext mCx;
+  bool mInitialised;
+  // Indicates whether we hold a cert chain to verify the signature or not.
+  // It's set by default in CreateContext or when the channel created in
+  // DownloadCertChain finished. Update and End must only be called after
+  // mHashCertChain is set.
+  bool mHasCertChain;
+  // signature to verify
+  nsCString mSignature;
+  // x5u (X.509 URL) value pointing to pem cert chain
+  nsCString mCertChainURL;
+  // the downloaded cert chain to verify against
+  FallibleTArray<nsCString> mCertChain;
+  // verification key
+  mozilla::UniqueSECKEYPublicKey mKey;
+  // name of the verifying context
+  nsCString mName;
+  // callback to notify when finished
+  nsCOMPtr<nsIContentSignatureReceiverCallback> mCallback;
+  // channel to download the cert chain
+  nsCOMPtr<nsIChannel> mChannel;
+};
+
+#endif // ContentSignatureVerifier_h
diff --git a/security/manager/ssl/CryptoTask.cpp b/security/manager/ssl/CryptoTask.cpp
new file mode 100644
index 000000000..71b8ac88d
--- /dev/null
+++ b/security/manager/ssl/CryptoTask.cpp
@@ -0,0 +1,95 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CryptoTask.h"
+#include "nsNSSComponent.h"
+
+namespace mozilla {
+
+CryptoTask::~CryptoTask()
+{
+  MOZ_ASSERT(mReleasedNSSResources);
+
+  nsNSSShutDownPreventionLock lock;
+  if (!isAlreadyShutDown()) {
+    shutdown(ShutdownCalledFrom::Object);
+  }
+}
+
+nsresult
+CryptoTask::Dispatch(const nsACString& taskThreadName)
+{
+  MOZ_ASSERT(taskThreadName.Length() <= 15);
+
+  // Ensure that NSS is initialized, since presumably CalculateResult
+  // will use NSS functions
+  if (!EnsureNSSInitializedChromeOrContent()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Can't add 'this' as the event to run, since mThread may not be set yet
+  nsresult rv = NS_NewThread(getter_AddRefs(mThread), nullptr,
+                             nsIThreadManager::DEFAULT_STACK_SIZE);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  NS_SetThreadName(mThread, taskThreadName);
+  // Note: event must not null out mThread!
+  return mThread->Dispatch(this, NS_DISPATCH_NORMAL);
+}
+
+NS_IMETHODIMP
+CryptoTask::Run()
+{
+  if (!NS_IsMainThread()) {
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      mRv = NS_ERROR_NOT_AVAILABLE;
+    } else {
+      mRv = CalculateResult();
+    }
+    NS_DispatchToMainThread(this);
+  } else {
+    // back on the main thread
+
+    // call ReleaseNSSResources now, before calling CallCallback, so that
+    // CryptoTasks have consistent behavior regardless of whether NSS is shut
+    // down between CalculateResult being called and CallCallback being called.
+    if (!mReleasedNSSResources) {
+      mReleasedNSSResources = true;
+      ReleaseNSSResources();
+    }
+
+    CallCallback(mRv);
+
+    // Not all uses of CryptoTask use a transient thread
+    if (mThread) {
+      // Don't leak threads!
+      mThread->Shutdown(); // can't Shutdown from the thread itself, darn
+      // Don't null out mThread!
+      // See bug 999104.  We must hold a ref to the thread across Dispatch()
+      // since the internal mThread ref could be released while processing
+      // the Dispatch(), and Dispatch/PutEvent itself doesn't hold a ref; it
+      // assumes the caller does.
+    }
+  }
+
+  return NS_OK;
+}
+
+void
+CryptoTask::virtualDestroyNSSReference()
+{
+  MOZ_ASSERT(NS_IsMainThread(),
+             "virtualDestroyNSSReference called off the main thread");
+  if (!mReleasedNSSResources) {
+    mReleasedNSSResources = true;
+    ReleaseNSSResources();
+  }
+}
+
+} // namespace mozilla
diff --git a/security/manager/ssl/CryptoTask.h b/security/manager/ssl/CryptoTask.h
new file mode 100644
index 000000000..ae107fe30
--- /dev/null
+++ b/security/manager/ssl/CryptoTask.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla__CryptoTask_h
+#define mozilla__CryptoTask_h
+
+#include "mozilla/Attributes.h"
+#include "nsThreadUtils.h"
+#include "nsNSSShutDown.h"
+
+namespace mozilla {
+
+/**
+ * Frequently we need to run a task on a background thread without blocking
+ * the main thread, and then call a callback on the main thread with the
+ * result. This class provides the framework for that. Subclasses must:
+ *
+ *   (1) Override CalculateResult for the off-the-main-thread computation.
+ *       NSS functionality may only be accessed within CalculateResult.
+ *   (2) Override ReleaseNSSResources to release references to all NSS
+ *       resources (that do implement nsNSSShutDownObject themselves).
+ *   (3) Override CallCallback() for the on-the-main-thread call of the
+ *       callback.
+ *
+ * CalculateResult, ReleaseNSSResources, and CallCallback are called in order,
+ * except CalculateResult might be skipped if NSS is shut down before it can
+ * be called; in that case ReleaseNSSResources will be called and then
+ * CallCallback will be called with an error code.
+ *
+ * That sequence of events is what happens if you call Dispatch.  If for
+ * some reason, you decide not to run the task (e.g., due to an error in the
+ * constructor), you may call Skip, in which case the task is cleaned up and
+ * not run.  In that case, only ReleaseNSSResources is called.  (So a
+ * subclass must be prepared for ReleaseNSSResources to be run without
+ * CalculateResult having been called first.)
+ *
+ * Once a CryptoTask is created, the calling code must call either
+ * Dispatch or Skip.
+ *
+ */
+class CryptoTask : public Runnable,
+                   public nsNSSShutDownObject
+{
+public:
+  template <size_t LEN>
+  nsresult Dispatch(const char (&taskThreadName)[LEN])
+  {
+    static_assert(LEN <= 15,
+                  "Thread name must be no more than 15 characters");
+    return Dispatch(nsDependentCString(taskThreadName, LEN - 1));
+  }
+
+  nsresult Dispatch(const nsACString& taskThreadName);
+
+  void Skip()
+  {
+    virtualDestroyNSSReference();
+  }
+
+protected:
+  CryptoTask()
+    : mRv(NS_ERROR_NOT_INITIALIZED),
+      mReleasedNSSResources(false)
+  {
+  }
+
+  virtual ~CryptoTask();
+
+  /**
+   * Called on a background thread (never the main thread). If CalculateResult
+   * is called, then its result will be passed to CallCallback on the main
+   * thread.
+   */
+  virtual nsresult CalculateResult() = 0;
+
+  /**
+   * Called on the main thread during NSS shutdown or just before CallCallback
+   * has been called. All NSS resources must be released. Usually, this just
+   * means assigning nullptr to the ScopedNSSType-based memory variables.
+   */
+  virtual void ReleaseNSSResources() = 0;
+
+  /**
+   * Called on the main thread with the result from CalculateResult() or
+   * with an error code if NSS was shut down before CalculateResult could
+   * be called.
+   */
+  virtual void CallCallback(nsresult rv) = 0;
+
+private:
+  NS_IMETHOD Run() override final;
+  virtual void virtualDestroyNSSReference() override final;
+
+  nsresult mRv;
+  bool mReleasedNSSResources;
+
+  nsCOMPtr<nsIThread> mThread;
+};
+
+} // namespace mozilla
+
+#endif // mozilla__CryptoTask_h
diff --git a/security/manager/ssl/DER.jsm b/security/manager/ssl/DER.jsm
new file mode 100644
index 000000000..97669515a
--- /dev/null
+++ b/security/manager/ssl/DER.jsm
@@ -0,0 +1,304 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// A minimal ASN.1 DER decoder. Supports input lengths up to 65539 (one byte for
+// the outer tag, one byte for the 0x82 length-length indicator, two bytes
+// indicating a contents length of 65535, and then the 65535 bytes of contents).
+// Intended to be used like so:
+//
+// let bytes = <an array of bytes describing a SEQUENCE OF INTEGER>;
+// let der = new DER.DER(bytes);
+// let contents = new DER.DER(der.readTagAndGetContents(DER.SEQUENCE));
+// while (!contents.atEnd()) {
+//   let integerBytes = contents.readTagAndGetContents(DER.INTEGER);
+//   <... do something with integerBytes ...>
+// }
+// der.assertAtEnd();
+//
+// For CHOICE, use readTLVChoice and pass an array of acceptable tags.
+// The convenience function readBIT_STRING is provided to handle the unused bits
+// aspect of BIT STRING. It returns an object that has the properties contents
+// (an array of bytes consisting of the bytes making up the BIT STRING) and
+// unusedBits (indicating the number of unused bits at the end).
+// All other functions generally return an array of bytes or a single byte as
+// appropriate.
+// peekTag can be used to see if the next tag is an expected given tag.
+// readTLV reads and returns an entire (tag, length, value) tuple (again
+// returned as an array of bytes).
+
+const UNIVERSAL = 0 << 6;
+const CONSTRUCTED = 1 << 5;
+const CONTEXT_SPECIFIC = 2 << 6;
+
+const INTEGER = UNIVERSAL | 0x02; // 0x02
+const BIT_STRING = UNIVERSAL | 0x03; // 0x03
+const NULL = UNIVERSAL | 0x05; // 0x05
+const OBJECT_IDENTIFIER = UNIVERSAL | 0x06; // 0x06
+const PrintableString = UNIVERSAL | 0x13; // 0x13
+const TeletexString = UNIVERSAL | 0x14; // 0x14
+const IA5String = UNIVERSAL | 0x16; // 0x16
+const UTCTime = UNIVERSAL | 0x17; // 0x17
+const GeneralizedTime = UNIVERSAL | 0x18; // 0x18
+const UTF8String = UNIVERSAL | 0x0c; // 0x0c
+const SEQUENCE = UNIVERSAL | CONSTRUCTED | 0x10; // 0x30
+const SET = UNIVERSAL | CONSTRUCTED | 0x11; // 0x31
+
+const ERROR_INVALID_INPUT = "invalid input";
+const ERROR_DATA_TRUNCATED = "data truncated";
+const ERROR_EXTRA_DATA = "extra data";
+const ERROR_INVALID_LENGTH = "invalid length";
+const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1";
+const ERROR_UNSUPPORTED_LENGTH = "unsupported length";
+const ERROR_INVALID_BIT_STRING = "invalid BIT STRING encoding";
+
+/** Class representing a decoded BIT STRING. */
+class BitString {
+  /**
+   * @param {Number} unusedBits the number of unused bits
+   * @param {Number[]} contents an array of bytes comprising the BIT STRING
+   */
+  constructor(unusedBits, contents) {
+    this._unusedBits = unusedBits;
+    this._contents = contents;
+  }
+
+  /**
+   * Get the number of unused bits in the BIT STRING
+   * @return {Number} the number of unused bits
+   */
+  get unusedBits() {
+    return this._unusedBits;
+  }
+
+  /**
+   * Get the contents of the BIT STRING
+   * @return {Number[]} an array of bytes representing the contents
+   */
+  get contents() {
+    return this._contents;
+  }
+}
+
+/** Class representing DER-encoded data. Provides methods for decoding it. */
+class DER {
+  /**
+   * @param {Number[]} bytes an array of bytes representing the encoded data
+   */
+  constructor(bytes) {
+    // Reject non-array inputs.
+    if (!Array.isArray(bytes)) {
+      throw new Error(ERROR_INVALID_INPUT);
+    }
+    if (bytes.length > 65539) {
+      throw new Error(ERROR_UNSUPPORTED_LENGTH);
+    }
+    // Reject inputs containing non-integer values or values too small or large.
+    if (bytes.some(b => !Number.isInteger(b) || b < 0 || b > 255)) {
+      throw new Error(ERROR_INVALID_INPUT);
+    }
+    this._bytes = bytes;
+    this._cursor = 0;
+  }
+
+  /**
+   * Asserts that the decoder is at the end of the given data. Throws an error
+   * if this is not the case.
+   */
+  assertAtEnd() {
+    if (!this.atEnd()) {
+      throw new Error(ERROR_EXTRA_DATA);
+    }
+  }
+
+  /**
+   * Determines whether or not the decoder is at the end of the given data.
+   * @return {Boolean} true if the decoder is at the end and false otherwise
+   */
+  atEnd() {
+    return this._cursor == this._bytes.length;
+  }
+
+  /**
+   * Reads the next byte of data. Throws if no more data is available.
+   * @return {Number} the next byte of data
+   */
+  readByte() {
+    if (this._cursor >= this._bytes.length) {
+      throw new Error(ERROR_DATA_TRUNCATED);
+    }
+    let val = this._bytes[this._cursor];
+    this._cursor++;
+    return val;
+  }
+
+  /**
+   * Given the next expected tag, reads and asserts that the next tag is in fact
+   * the given tag.
+   * @param {Number} expectedTag the expected next tag
+   */
+  _readExpectedTag(expectedTag) {
+    let tag = this.readByte();
+    if (tag != expectedTag) {
+      throw new Error(`unexpected tag: found ${tag} instead of ${expectedTag}`);
+    }
+  }
+
+  /**
+   * Decodes and returns the length portion of an ASN.1 TLV tuple. Throws if the
+   * length is incorrectly encoded or if it describes a length greater than
+   * 65535 bytes. Indefinite-length encoding is not supported.
+   * @return {Number} the length of the value of the TLV tuple
+   */
+  _readLength() {
+    let nextByte = this.readByte();
+    if (nextByte < 0x80) {
+      return nextByte;
+    }
+    if (nextByte == 0x80) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    if (nextByte == 0x81) {
+      let length = this.readByte();
+      if (length < 0x80) {
+        throw new Error(ERROR_INVALID_LENGTH);
+      }
+      return length;
+    }
+    if (nextByte == 0x82) {
+      let length1 = this.readByte();
+      let length2 = this.readByte();
+      let length = (length1 << 8) | length2;
+      if (length < 256) {
+        throw new Error(ERROR_INVALID_LENGTH);
+      }
+      return length;
+    }
+    throw new Error(ERROR_UNSUPPORTED_LENGTH);
+  }
+
+  /**
+   * Reads <length> bytes of data if available. Throws if less than <length>
+   * bytes are available.
+   * @param {Number} length the number of bytes to read. Must be non-negative.
+   * @return {Number[]} the next <length> bytes of data
+   */
+  readBytes(length) {
+    if (length < 0) {
+      throw new Error(ERROR_INVALID_LENGTH);
+    }
+    let bytes = [];
+    for (let i = 0; i < length; i++) {
+      bytes.push(this.readByte());
+    }
+    return bytes;
+  }
+
+  /**
+   * Given an expected next ASN.1 tag, ensures that that tag is next and returns
+   * the contents of that tag. Throws if a different tag is encountered or if
+   * the data is otherwise incorrectly encoded.
+   * @param {Number} tag the next expected ASN.1 tag
+   * @return {Number[]} the contents of the tag
+   */
+  readTagAndGetContents(tag) {
+    this._readExpectedTag(tag);
+    let length = this._readLength();
+    return this.readBytes(length);
+  }
+
+  /**
+   * Returns the next byte without advancing the decoder. Throws if no more data
+   * is available.
+   * @return {Number} the next available byte
+   */
+  _peekByte() {
+    if (this._cursor >= this._bytes.length) {
+      throw new Error(ERROR_DATA_TRUNCATED);
+    }
+    return this._bytes[this._cursor];
+  }
+
+  /**
+   * Given an expected tag, reads the next entire ASN.1 TLV tuple, asserting
+   * that the tag matches.
+   * @param {Number} tag the expected tag
+   * @return {Number[]} an array of bytes representing the TLV tuple
+   */
+  _readExpectedTLV(tag) {
+    let mark = this._cursor;
+    this._readExpectedTag(tag);
+    let length = this._readLength();
+    // read the bytes so we know they're there (also to advance the cursor)
+    this.readBytes(length);
+    return this._bytes.slice(mark, this._cursor);
+  }
+
+  /**
+   * Reads the next ASN.1 tag, length, and value and returns them as an array of
+   * bytes.
+   * @return {Number[]} an array of bytes representing the next ASN.1 TLV
+   */
+  readTLV() {
+    let nextTag = this._peekByte();
+    return this._readExpectedTLV(nextTag);
+  }
+
+  /**
+   * Convenience function for decoding a BIT STRING. Reads and returns the
+   * contents of the expected next BIT STRING. Throws if the next TLV isn't a
+   * BIT STRING or if the BIT STRING is incorrectly encoded.
+   * @return {BitString} the next BIT STRING
+   */
+  readBIT_STRING() {
+    let contents = this.readTagAndGetContents(BIT_STRING);
+    if (contents.length < 1) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    let unusedBits = contents[0];
+    if (unusedBits > 7) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    // Zero bytes of content but some amount of padding is invalid.
+    if (contents.length == 1 && unusedBits != 0) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    return new BitString(unusedBits, contents.slice(1, contents.length));
+  }
+
+  /**
+   * Looks to see if the next ASN.1 tag is the expected given tag.
+   * @param {Number} tag the expected next ASN.1 tag
+   * @return {Boolean} true if the next tag is the given one and false otherwise
+   */
+  peekTag(tag) {
+    if (this._cursor >= this._bytes.length) {
+      return false;
+    }
+    return this._bytes[this._cursor] == tag;
+  }
+
+  /**
+   * Given a list of possible next ASN.1 tags, returns the next TLV if the next
+   * tag is in the list. Throws if the next tag is not in the list or if the
+   * data is incorrectly encoded.
+   * @param {Number[]} tagList the list of potential next tags
+   * @return {Number[]} the contents of the next TLV if the next tag is in
+   *                    <tagList>
+   */
+  readTLVChoice(tagList) {
+    let tag = this._peekByte();
+    if (!tagList.includes(tag)) {
+      throw new Error(
+        `unexpected tag: found ${tag} instead of one of ${tagList}`);
+    }
+    return this._readExpectedTLV(tag);
+  }
+}
+
+this.DER = { UNIVERSAL, CONSTRUCTED, CONTEXT_SPECIFIC, INTEGER, BIT_STRING,
+             NULL, OBJECT_IDENTIFIER, PrintableString, TeletexString, IA5String,
+             UTCTime, GeneralizedTime, UTF8String, SEQUENCE, SET, DER };
+this.EXPORTED_SYMBOLS = ["DER"];
diff --git a/security/manager/ssl/DataStorage.cpp b/security/manager/ssl/DataStorage.cpp
new file mode 100644
index 000000000..2d9dbf5c4
--- /dev/null
+++ b/security/manager/ssl/DataStorage.cpp
@@ -0,0 +1,940 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "DataStorage.h"
+
+#include "mozilla/ClearOnShutdown.h"
+#include "mozilla/dom/PContent.h"
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/dom/ContentParent.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Services.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsIObserverService.h"
+#include "nsITimer.h"
+#include "nsNetUtil.h"
+#include "nsStreamUtils.h"
+#include "nsThreadUtils.h"
+#include "prprf.h"
+
+// NB: Read DataStorage.h first.
+
+// The default time between data changing and a write, in milliseconds.
+static const uint32_t sDataStorageDefaultTimerDelay = 5u * 60u * 1000u;
+// The maximum score an entry can have (prevents overflow)
+static const uint32_t sMaxScore = UINT32_MAX;
+// The maximum number of entries per type of data (limits resource use)
+static const uint32_t sMaxDataEntries = 1024;
+static const int64_t sOneDayInMicroseconds = int64_t(24 * 60 * 60) *
+                                             PR_USEC_PER_SEC;
+
+namespace mozilla {
+
+NS_IMPL_ISUPPORTS(DataStorage,
+                  nsIObserver)
+
+StaticAutoPtr<DataStorage::DataStorages> DataStorage::sDataStorages;
+
+DataStorage::DataStorage(const nsString& aFilename)
+  : mMutex("DataStorage::mMutex")
+  , mPendingWrite(false)
+  , mShuttingDown(false)
+  , mInitCalled(false)
+  , mReadyMonitor("DataStorage::mReadyMonitor")
+  , mReady(false)
+  , mFilename(aFilename)
+{
+}
+
+DataStorage::~DataStorage()
+{
+}
+
+// static
+already_AddRefed<DataStorage>
+DataStorage::Get(const nsString& aFilename)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!sDataStorages) {
+    sDataStorages = new DataStorages();
+    ClearOnShutdown(&sDataStorages);
+  }
+  RefPtr<DataStorage> storage;
+  if (!sDataStorages->Get(aFilename, getter_AddRefs(storage))) {
+    storage = new DataStorage(aFilename);
+    sDataStorages->Put(aFilename, storage);
+  }
+  return storage.forget();
+}
+
+// static
+already_AddRefed<DataStorage>
+DataStorage::GetIfExists(const nsString& aFilename)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!sDataStorages) {
+    sDataStorages = new DataStorages();
+  }
+  RefPtr<DataStorage> storage;
+  sDataStorages->Get(aFilename, getter_AddRefs(storage));
+  return storage.forget();
+}
+
+nsresult
+DataStorage::Init(bool& aDataWillPersist)
+{
+  // Don't access the observer service or preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("DataStorage::Init called off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  // Ignore attempts to initialize several times.
+  if (mInitCalled) {
+    return NS_OK;
+  }
+
+  mInitCalled = true;
+
+  nsresult rv;
+  if (XRE_IsParentProcess()) {
+    rv = NS_NewNamedThread("DataStorage", getter_AddRefs(mWorkerThread));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+
+    rv = AsyncReadData(aDataWillPersist, lock);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    // In the child process, we ask the parent process for the data.
+    MOZ_ASSERT(XRE_IsContentProcess());
+    aDataWillPersist = false;
+    InfallibleTArray<DataStorageItem> items;
+    dom::ContentChild::GetSingleton()->
+        SendReadDataStorageArray(mFilename, &items);
+    for (auto& item : items) {
+      Entry entry;
+      entry.mValue = item.value();
+      rv = PutInternal(item.key(), entry, item.type(), lock);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+    mReady = true;
+    NotifyObservers("data-storage-ready");
+  }
+
+  nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+  if (NS_WARN_IF(!os)) {
+    return NS_ERROR_FAILURE;
+  }
+  // Clear private data as appropriate.
+  os->AddObserver(this, "last-pb-context-exited", false);
+  // Observe shutdown; save data and prevent any further writes.
+  // In the parent process, we need to write to the profile directory, so
+  // we should listen for profile-before-change so that we can safely
+  // write to the profile.  In the content process however we don't have
+  // access to the profile directory and profile notifications are not
+  // dispatched, so we need to clean up on xpcom-shutdown.
+  if (XRE_IsParentProcess()) {
+    os->AddObserver(this, "profile-before-change", false);
+  }
+  // In the Parent process, this is a backstop for xpcshell and other cases
+  // where profile-before-change might not get sent.
+  os->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false);
+
+  // For test purposes, we can set the write timer to be very fast.
+  mTimerDelay = Preferences::GetInt("test.datastorage.write_timer_ms",
+                                    sDataStorageDefaultTimerDelay);
+  rv = Preferences::AddStrongObserver(this, "test.datastorage.write_timer_ms");
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+class DataStorage::Reader : public Runnable
+{
+public:
+  explicit Reader(DataStorage* aDataStorage)
+    : mDataStorage(aDataStorage)
+  {
+  }
+  ~Reader();
+
+private:
+  NS_DECL_NSIRUNNABLE
+
+  static nsresult ParseLine(nsDependentCSubstring& aLine, nsCString& aKeyOut,
+                            Entry& aEntryOut);
+
+  RefPtr<DataStorage> mDataStorage;
+};
+
+DataStorage::Reader::~Reader()
+{
+  // Notify that calls to Get can proceed.
+  {
+    MonitorAutoLock readyLock(mDataStorage->mReadyMonitor);
+    mDataStorage->mReady = true;
+    nsresult rv = mDataStorage->mReadyMonitor.NotifyAll();
+    Unused << NS_WARN_IF(NS_FAILED(rv));
+  }
+
+  // This is for tests.
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod<const char*>(mDataStorage,
+                                   &DataStorage::NotifyObservers,
+                                   "data-storage-ready");
+  nsresult rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL);
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+}
+
+NS_IMETHODIMP
+DataStorage::Reader::Run()
+{
+  nsresult rv;
+  // Concurrent operations on nsIFile objects are not guaranteed to be safe,
+  // so we clone the file while holding the lock and then release the lock.
+  // At that point, we can safely operate on the clone.
+  nsCOMPtr<nsIFile> file;
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // If we don't have a profile, bail.
+    if (!mDataStorage->mBackingFile) {
+      return NS_OK;
+    }
+    rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), file);
+  // If we failed for some reason other than the file doesn't exist, bail.
+  if (NS_WARN_IF(NS_FAILED(rv) &&
+                 rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST &&  // on Unix
+                 rv != NS_ERROR_FILE_NOT_FOUND)) {             // on Windows
+    return rv;
+  }
+
+  // If there is a file with data in it, read it. If there isn't,
+  // we'll essentially fall through to notifying that we're good to go.
+  nsCString data;
+  if (fileInputStream) {
+    // Limit to 2MB of data, but only store sMaxDataEntries entries.
+    rv = NS_ConsumeStream(fileInputStream, 1u << 21, data);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+
+  // Atomically parse the data and insert the entries read.
+  // Don't clear existing entries - they may have been inserted between when
+  // this read was kicked-off and when it was run.
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // The backing file consists of a list of
+    //   <key>\t<score>\t<last accessed time>\t<value>\n
+    // The final \n is not optional; if it is not present the line is assumed
+    // to be corrupt.
+    int32_t currentIndex = 0;
+    int32_t newlineIndex = 0;
+    do {
+      newlineIndex = data.FindChar('\n', currentIndex);
+      // If there are no more newlines or the data table has too many
+      // entries, we are done.
+      if (newlineIndex < 0 ||
+          mDataStorage->mPersistentDataTable.Count() >= sMaxDataEntries) {
+        break;
+      }
+
+      nsDependentCSubstring line(data, currentIndex,
+                                 newlineIndex - currentIndex);
+      currentIndex = newlineIndex + 1;
+      nsCString key;
+      Entry entry;
+      nsresult parseRV = ParseLine(line, key, entry);
+      if (NS_SUCCEEDED(parseRV)) {
+        // It could be the case that a newer entry was added before
+        // we got around to reading the file. Don't overwrite new entries.
+        Entry newerEntry;
+        bool present = mDataStorage->mPersistentDataTable.Get(key, &newerEntry);
+        if (!present) {
+          mDataStorage->mPersistentDataTable.Put(key, entry);
+        }
+      }
+    } while (true);
+
+    Telemetry::Accumulate(Telemetry::DATA_STORAGE_ENTRIES,
+                          mDataStorage->mPersistentDataTable.Count());
+  }
+
+  return NS_OK;
+}
+
+// The key must be a non-empty string containing no instances of '\t' or '\n',
+// and must have a length no more than 256.
+// The value must not contain '\n' and must have a length no more than 1024.
+// The length limits are to prevent unbounded memory and disk usage.
+/* static */
+nsresult
+DataStorage::ValidateKeyAndValue(const nsCString& aKey, const nsCString& aValue)
+{
+  if (aKey.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aKey.Length() > 256) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  int32_t delimiterIndex = aKey.FindChar('\t', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  delimiterIndex = aKey.FindChar('\n', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  delimiterIndex = aValue.FindChar('\n', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aValue.Length() > 1024) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  return NS_OK;
+}
+
+// Each line is: <key>\t<score>\t<last accessed time>\t<value>
+// Where <score> is a uint32_t as a string, <last accessed time> is a
+// int32_t as a string, and the rest are strings.
+// <value> can contain anything but a newline.
+// Returns a successful status if the line can be decoded into a key and entry.
+// Otherwise, an error status is returned and the values assigned to the
+// output parameters are in an undefined state.
+/* static */
+nsresult
+DataStorage::Reader::ParseLine(nsDependentCSubstring& aLine, nsCString& aKeyOut,
+                               Entry& aEntryOut)
+{
+  // First find the indices to each part of the line.
+  int32_t scoreIndex;
+  scoreIndex = aLine.FindChar('\t', 0) + 1;
+  if (scoreIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  int32_t accessedIndex = aLine.FindChar('\t', scoreIndex) + 1;
+  if (accessedIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  int32_t valueIndex = aLine.FindChar('\t', accessedIndex) + 1;
+  if (valueIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Now make substrings based on where each part is.
+  nsDependentCSubstring keyPart(aLine, 0, scoreIndex - 1);
+  nsDependentCSubstring scorePart(aLine, scoreIndex,
+                                  accessedIndex - scoreIndex - 1);
+  nsDependentCSubstring accessedPart(aLine, accessedIndex,
+                                     valueIndex - accessedIndex - 1);
+  nsDependentCSubstring valuePart(aLine, valueIndex);
+
+  nsresult rv;
+  rv = DataStorage::ValidateKeyAndValue(nsCString(keyPart),
+                                        nsCString(valuePart));
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Now attempt to decode the score part as a uint32_t.
+  // XXX nsDependentCSubstring doesn't support ToInteger
+  int32_t integer = nsCString(scorePart).ToInteger(&rv);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  if (integer < 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  aEntryOut.mScore = (uint32_t)integer;
+
+  integer = nsCString(accessedPart).ToInteger(&rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (integer < 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  aEntryOut.mLastAccessed = integer;
+
+  // Now set the key and value.
+  aKeyOut.Assign(keyPart);
+  aEntryOut.mValue.Assign(valuePart);
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::AsyncReadData(bool& aHaveProfileDir,
+                           const MutexAutoLock& /*aProofOfLock*/)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+  aHaveProfileDir = false;
+  // Allocate a Reader so that even if it isn't dispatched,
+  // the data-storage-ready notification will be fired and Get
+  // will be able to proceed (this happens in its destructor).
+  RefPtr<Reader> job(new Reader(this));
+  nsresult rv;
+  // If we don't have a profile directory, this will fail.
+  // That's okay - it just means there is no persistent state.
+  rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                              getter_AddRefs(mBackingFile));
+  if (NS_FAILED(rv)) {
+    mBackingFile = nullptr;
+    return NS_OK;
+  }
+
+  rv = mBackingFile->Append(mFilename);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  aHaveProfileDir = true;
+  return NS_OK;
+}
+
+void
+DataStorage::WaitForReady()
+{
+  MonitorAutoLock readyLock(mReadyMonitor);
+  while (!mReady) {
+    nsresult rv = readyLock.Wait();
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      break;
+    }
+  }
+  MOZ_ASSERT(mReady);
+}
+
+nsCString
+DataStorage::Get(const nsCString& aKey, DataStorageType aType)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  Entry entry;
+  bool foundValue = GetInternal(aKey, &entry, aType, lock);
+  if (!foundValue) {
+    return EmptyCString();
+  }
+
+  // If we're here, we found a value. Maybe update its score.
+  if (entry.UpdateScore()) {
+    PutInternal(aKey, entry, aType, lock);
+  }
+
+  return entry.mValue;
+}
+
+bool
+DataStorage::GetInternal(const nsCString& aKey, Entry* aEntry,
+                         DataStorageType aType,
+                         const MutexAutoLock& aProofOfLock)
+{
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  bool foundValue = table.Get(aKey, aEntry);
+  return foundValue;
+}
+
+DataStorage::DataStorageTable&
+DataStorage::GetTableForType(DataStorageType aType,
+                             const MutexAutoLock& /*aProofOfLock*/)
+{
+  switch (aType) {
+    case DataStorage_Persistent:
+      return mPersistentDataTable;
+    case DataStorage_Temporary:
+      return mTemporaryDataTable;
+    case DataStorage_Private:
+      return mPrivateDataTable;
+  }
+
+  MOZ_CRASH("given bad DataStorage storage type");
+}
+
+void
+DataStorage::ReadAllFromTable(DataStorageType aType,
+                              InfallibleTArray<dom::DataStorageItem>* aItems,
+                              const MutexAutoLock& aProofOfLock)
+{
+  for (auto iter = GetTableForType(aType, aProofOfLock).Iter();
+       !iter.Done(); iter.Next()) {
+    DataStorageItem* item = aItems->AppendElement();
+    item->key() = iter.Key();
+    item->value() = iter.Data().mValue;
+    item->type() = aType;
+  }
+}
+
+void
+DataStorage::GetAll(InfallibleTArray<dom::DataStorageItem>* aItems)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  aItems->SetCapacity(mPersistentDataTable.Count() +
+                      mTemporaryDataTable.Count() +
+                      mPrivateDataTable.Count());
+  ReadAllFromTable(DataStorage_Persistent, aItems, lock);
+  ReadAllFromTable(DataStorage_Temporary, aItems, lock);
+  ReadAllFromTable(DataStorage_Private, aItems, lock);
+}
+
+// Limit the number of entries per table. This is to prevent unbounded
+// resource use. The eviction strategy is as follows:
+// - An entry's score is incremented once for every day it is accessed.
+// - Evict an entry with score no more than any other entry in the table
+//   (this is the same as saying evict the entry with the lowest score,
+//    except for when there are multiple entries with the lowest score,
+//    in which case one of them is evicted - which one is not specified).
+void
+DataStorage::MaybeEvictOneEntry(DataStorageType aType,
+                                const MutexAutoLock& aProofOfLock)
+{
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  if (table.Count() >= sMaxDataEntries) {
+    KeyAndEntry toEvict;
+    // If all entries have score sMaxScore, this won't actually remove
+    // anything. This will never happen, however, because having that high
+    // a score either means someone tampered with the backing file or every
+    // entry has been accessed once a day for ~4 billion days.
+    // The worst that will happen is there will be 1025 entries in the
+    // persistent data table, with the 1025th entry being replaced every time
+    // data with a new key is inserted into the table. This is bad but
+    // ultimately not that concerning, considering that if an attacker can
+    // modify data in the profile, they can cause much worse harm.
+    toEvict.mEntry.mScore = sMaxScore;
+
+    for (auto iter = table.Iter(); !iter.Done(); iter.Next()) {
+      Entry entry = iter.UserData();
+      if (entry.mScore < toEvict.mEntry.mScore) {
+        toEvict.mKey = iter.Key();
+        toEvict.mEntry = entry;
+      }
+    }
+
+    table.Remove(toEvict.mKey);
+  }
+}
+
+template <class Functor>
+static
+void
+RunOnAllContentParents(Functor func)
+{
+  if (!XRE_IsParentProcess()) {
+    return;
+  }
+  using dom::ContentParent;
+  nsTArray<ContentParent*> parents;
+  ContentParent::GetAll(parents);
+  for (auto& parent: parents) {
+    func(parent);
+  }
+}
+
+nsresult
+DataStorage::Put(const nsCString& aKey, const nsCString& aValue,
+                 DataStorageType aType)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  nsresult rv;
+  rv = ValidateKeyAndValue(aKey, aValue);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  Entry entry;
+  bool exists = GetInternal(aKey, &entry, aType, lock);
+  if (exists) {
+    entry.UpdateScore();
+  } else {
+    MaybeEvictOneEntry(aType, lock);
+  }
+  entry.mValue = aValue;
+  rv = PutInternal(aKey, entry, aType, lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RunOnAllContentParents([&](dom::ContentParent* aParent) {
+    DataStorageItem item;
+    item.key() = aKey;
+    item.value() = aValue;
+    item.type() = aType;
+    Unused << aParent->SendDataStoragePut(mFilename, item);
+  });
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::PutInternal(const nsCString& aKey, Entry& aEntry,
+                         DataStorageType aType,
+                         const MutexAutoLock& aProofOfLock)
+{
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  table.Put(aKey, aEntry);
+
+  if (aType == DataStorage_Persistent && !mPendingWrite) {
+    return AsyncSetTimer(aProofOfLock);
+  }
+
+  return NS_OK;
+}
+
+void
+DataStorage::Remove(const nsCString& aKey, DataStorageType aType)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  DataStorageTable& table = GetTableForType(aType, lock);
+  table.Remove(aKey);
+
+  if (aType == DataStorage_Persistent && !mPendingWrite) {
+    Unused << AsyncSetTimer(lock);
+  }
+
+  RunOnAllContentParents([&](dom::ContentParent* aParent) {
+    Unused << aParent->SendDataStorageRemove(mFilename, aKey, aType);
+  });
+}
+
+class DataStorage::Writer : public Runnable
+{
+public:
+  Writer(nsCString& aData, DataStorage* aDataStorage)
+    : mData(aData)
+    , mDataStorage(aDataStorage)
+  {
+  }
+
+private:
+  NS_DECL_NSIRUNNABLE
+
+  nsCString mData;
+  RefPtr<DataStorage> mDataStorage;
+};
+
+NS_IMETHODIMP
+DataStorage::Writer::Run()
+{
+  nsresult rv;
+  // Concurrent operations on nsIFile objects are not guaranteed to be safe,
+  // so we clone the file while holding the lock and then release the lock.
+  // At that point, we can safely operate on the clone.
+  nsCOMPtr<nsIFile> file;
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // If we don't have a profile, bail.
+    if (!mDataStorage->mBackingFile) {
+      return NS_OK;
+    }
+    rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+
+  nsCOMPtr<nsIOutputStream> outputStream;
+  rv = NS_NewLocalFileOutputStream(getter_AddRefs(outputStream), file,
+                                   PR_CREATE_FILE | PR_TRUNCATE | PR_WRONLY);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  const char* ptr = mData.get();
+  int32_t remaining = mData.Length();
+  uint32_t written = 0;
+  while (remaining > 0) {
+    rv = outputStream->Write(ptr, remaining, &written);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+    remaining -= written;
+    ptr += written;
+  }
+
+  // Observed by tests.
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod<const char*>(mDataStorage,
+                                   &DataStorage::NotifyObservers,
+                                   "data-storage-written");
+  rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::AsyncWriteData(const MutexAutoLock& /*aProofOfLock*/)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  if (mShuttingDown || !mBackingFile) {
+    return NS_OK;
+  }
+
+  nsCString output;
+  for (auto iter = mPersistentDataTable.Iter(); !iter.Done(); iter.Next()) {
+    Entry entry = iter.UserData();
+    output.Append(iter.Key());
+    output.Append('\t');
+    output.AppendInt(entry.mScore);
+    output.Append('\t');
+    output.AppendInt(entry.mLastAccessed);
+    output.Append('\t');
+    output.Append(entry.mValue);
+    output.Append('\n');
+  }
+
+  RefPtr<Writer> job(new Writer(output, this));
+  nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  mPendingWrite = false;
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::Clear()
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+  mPersistentDataTable.Clear();
+  mTemporaryDataTable.Clear();
+  mPrivateDataTable.Clear();
+
+  if (XRE_IsParentProcess()) {
+    // Asynchronously clear the file. This is similar to the permission manager
+    // in that it doesn't wait to synchronously remove the data from its backing
+    // storage either.
+    nsresult rv = AsyncWriteData(lock);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  RunOnAllContentParents([&](dom::ContentParent* aParent) {
+    Unused << aParent->SendDataStorageClear(mFilename);
+  });
+
+  return NS_OK;
+}
+
+/* static */
+void
+DataStorage::TimerCallback(nsITimer* aTimer, void* aClosure)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  RefPtr<DataStorage> aDataStorage = (DataStorage*)aClosure;
+  MutexAutoLock lock(aDataStorage->mMutex);
+  Unused << aDataStorage->AsyncWriteData(lock);
+}
+
+// We only initialize the timer on the worker thread because it's not safe
+// to mix what threads are operating on the timer.
+nsresult
+DataStorage::AsyncSetTimer(const MutexAutoLock& /*aProofOfLock*/)
+{
+  if (mShuttingDown || !XRE_IsParentProcess()) {
+    return NS_OK;
+  }
+
+  mPendingWrite = true;
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod(this, &DataStorage::SetTimer);
+  nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+void
+DataStorage::SetTimer()
+{
+  MOZ_ASSERT(!NS_IsMainThread());
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  MutexAutoLock lock(mMutex);
+
+  nsresult rv;
+  if (!mTimer) {
+    mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return;
+    }
+  }
+
+  rv = mTimer->InitWithFuncCallback(TimerCallback, this,
+                                    mTimerDelay, nsITimer::TYPE_ONE_SHOT);
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+}
+
+void
+DataStorage::NotifyObservers(const char* aTopic)
+{
+  // Don't access the observer service off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("DataStorage::NotifyObservers called off main thread");
+    return;
+  }
+
+  nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+  if (os) {
+    os->NotifyObservers(nullptr, aTopic, mFilename.get());
+  }
+}
+
+nsresult
+DataStorage::DispatchShutdownTimer(const MutexAutoLock& /*aProofOfLock*/)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod(this, &DataStorage::ShutdownTimer);
+  nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+void
+DataStorage::ShutdownTimer()
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+  MOZ_ASSERT(!NS_IsMainThread());
+  MutexAutoLock lock(mMutex);
+  nsresult rv = mTimer->Cancel();
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+  mTimer = nullptr;
+}
+
+//------------------------------------------------------------
+// DataStorage::nsIObserver
+//------------------------------------------------------------
+
+NS_IMETHODIMP
+DataStorage::Observe(nsISupports* aSubject, const char* aTopic,
+                     const char16_t* aData)
+{
+  // Don't access preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("DataStorage::Observe called off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+  if (strcmp(aTopic, "last-pb-context-exited") == 0) {
+    MutexAutoLock lock(mMutex);
+    mPrivateDataTable.Clear();
+  } else if (strcmp(aTopic, "profile-before-change") == 0 ||
+             (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0 &&
+              XRE_IsParentProcess())) {
+    MOZ_ASSERT(XRE_IsParentProcess());
+    // per bug 1271402, this should be safe to run multiple times
+    {
+      MutexAutoLock lock(mMutex);
+      rv = AsyncWriteData(lock);
+      mShuttingDown = true;
+      Unused << NS_WARN_IF(NS_FAILED(rv));
+      if (mTimer) {
+        rv = DispatchShutdownTimer(lock);
+        Unused << NS_WARN_IF(NS_FAILED(rv));
+      }
+    }
+    // Run the thread to completion and prevent any further events
+    // being scheduled to it. The thread may need the lock, so we can't
+    // hold it here.
+    rv = mWorkerThread->Shutdown();
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+
+    sDataStorages->Clear();
+  } else if (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
+    MOZ_ASSERT(!XRE_IsParentProcess());
+    sDataStorages->Clear();
+  } else if (strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    MutexAutoLock lock(mMutex);
+    mTimerDelay = Preferences::GetInt("test.datastorage.write_timer_ms",
+                                      sDataStorageDefaultTimerDelay);
+  }
+
+  return NS_OK;
+}
+
+DataStorage::Entry::Entry()
+  : mScore(0)
+  , mLastAccessed((int32_t)(PR_Now() / sOneDayInMicroseconds))
+{
+}
+
+// Updates this entry's score. Returns true if the score has actually changed.
+// If it's been less than a day since this entry has been accessed, the score
+// does not change. Otherwise, the score increases by 1.
+// The default score is 0. The maximum score is the maximum value that can
+// be represented by an unsigned 32 bit integer.
+// This is to handle evictions from our tables, which in turn is to prevent
+// unbounded resource use.
+bool
+DataStorage::Entry::UpdateScore()
+{
+
+  int32_t nowInDays = (int32_t)(PR_Now() / sOneDayInMicroseconds);
+  int32_t daysSinceAccessed = (nowInDays - mLastAccessed);
+
+  // Update the last accessed time.
+  mLastAccessed = nowInDays;
+
+  // If it's been less than a day since we've been accessed,
+  // the score isn't updated.
+  if (daysSinceAccessed < 1) {
+    return false;
+  }
+
+  // Otherwise, increment the score (but don't overflow).
+  if (mScore < sMaxScore) {
+    mScore++;
+  }
+  return true;
+}
+
+} // namespace mozilla
diff --git a/security/manager/ssl/DataStorage.h b/security/manager/ssl/DataStorage.h
new file mode 100644
index 000000000..5e3182a40
--- /dev/null
+++ b/security/manager/ssl/DataStorage.h
@@ -0,0 +1,202 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_DataStorage_h
+#define mozilla_DataStorage_h
+
+#include "mozilla/Monitor.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/StaticPtr.h"
+#include "nsCOMPtr.h"
+#include "nsDataHashtable.h"
+#include "nsIObserver.h"
+#include "nsIThread.h"
+#include "nsITimer.h"
+#include "nsRefPtrHashtable.h"
+#include "nsString.h"
+
+namespace mozilla {
+
+namespace dom {
+class DataStorageItem;
+}
+
+/**
+ * DataStorage is a threadsafe, generic, narrow string-based hash map that
+ * persists data on disk and additionally handles temporary and private data.
+ * However, if used in a context where there is no profile directory, data
+ * will not be persisted.
+ *
+ * Its lifecycle is as follows:
+ * - Allocate with a filename (this is or will eventually be a file in the
+ *   profile directory, if the profile exists).
+ * - Call Init() from the main thread. This spins off an asynchronous read
+ *   of the backing file.
+ * - Eventually observers of the topic "data-storage-ready" will be notified
+ *   with the backing filename as the data in the notification when this
+ *   has completed.
+ * - Should the profile directory not be available, (e.g. in xpcshell),
+ *   DataStorage will not initially read any persistent data. The
+ *   "data-storage-ready" event will still be emitted. This follows semantics
+ *   similar to the permission manager and allows tests that test
+ *   unrelated components to proceed without a profile.
+ * - When any persistent data changes, a timer is initialized that will
+ *   eventually asynchronously write all persistent data to the backing file.
+ *   When this happens, observers will be notified with the topic
+ *   "data-storage-written" and the backing filename as the data.
+ *   It is possible to receive a "data-storage-written" event while there exist
+ *   pending persistent data changes. However, those changes will cause the
+ *   timer to be reinitialized and another "data-storage-written" event will
+ *   be sent.
+ * - When DataStorage observes the topic "profile-before-change" in
+ *   anticipation of shutdown, all persistent data is synchronously written to
+ *   the backing file. The worker thread responsible for these writes is then
+ *   disabled to prevent further writes to that file (the delayed-write timer
+ *   is cancelled when this happens).
+ * - For testing purposes, the preference "test.datastorage.write_timer_ms" can
+ *   be set to cause the asynchronous writing of data to happen more quickly.
+ * - To prevent unbounded memory and disk use, the number of entries in each
+ *   table is limited to 1024. Evictions are handled in by a modified LRU scheme
+ *   (see implementation comments).
+ * - NB: Instances of DataStorage have long lifetimes because they are strong
+ *   observers of events and won't go away until the observer service does.
+ *
+ * For each key/value:
+ * - The key must be a non-empty string containing no instances of '\t' or '\n'
+ *   (this is a limitation of how the data is stored and will be addressed in
+ *   the future).
+ * - The key must have a length no more than 256.
+ * - The value must not contain '\n' and must have a length no more than 1024.
+ *   (the length limits are to prevent unbounded disk and memory usage)
+ */
+
+/**
+ * Data that is DataStorage_Persistent is saved on disk. DataStorage_Temporary
+ * and DataStorage_Private are not saved. DataStorage_Private is meant to
+ * only be set and accessed from private contexts. It will be cleared upon
+ * observing the event "last-pb-context-exited".
+ */
+enum DataStorageType {
+  DataStorage_Persistent,
+  DataStorage_Temporary,
+  DataStorage_Private
+};
+
+class DataStorage : public nsIObserver
+{
+  typedef dom::DataStorageItem DataStorageItem;
+
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  // If there is a profile directory, there is or will eventually be a file
+  // by the name specified by aFilename there.
+  static already_AddRefed<DataStorage> Get(const nsString& aFilename);
+  static already_AddRefed<DataStorage> GetIfExists(const nsString& aFilename);
+
+  // Initializes the DataStorage. Must be called before using.
+  // aDataWillPersist returns whether or not data can be persistently saved.
+  nsresult Init(/*out*/bool& aDataWillPersist);
+  // Given a key and a type of data, returns a value. Returns an empty string if
+  // the key is not present for that type of data. If Get is called before the
+  // "data-storage-ready" event is observed, it will block. NB: It is not
+  // currently possible to differentiate between missing data and data that is
+  // the empty string.
+  nsCString Get(const nsCString& aKey, DataStorageType aType);
+  // Give a key, value, and type of data, adds an entry as appropriate.
+  // Updates existing entries.
+  nsresult Put(const nsCString& aKey, const nsCString& aValue,
+               DataStorageType aType);
+  // Given a key and type of data, removes an entry if present.
+  void Remove(const nsCString& aKey, DataStorageType aType);
+  // Removes all entries of all types of data.
+  nsresult Clear();
+
+  // Read all of the data items.
+  void GetAll(InfallibleTArray<DataStorageItem>* aItems);
+
+private:
+  explicit DataStorage(const nsString& aFilename);
+  virtual ~DataStorage();
+
+  class Writer;
+  class Reader;
+
+  class Entry
+  {
+  public:
+    Entry();
+    bool UpdateScore();
+
+    uint32_t mScore;
+    int32_t mLastAccessed; // the last accessed time in days since the epoch
+    nsCString mValue;
+  };
+
+  // Utility class for scanning tables for an entry to evict.
+  class KeyAndEntry
+  {
+  public:
+    nsCString mKey;
+    Entry mEntry;
+  };
+
+  typedef nsDataHashtable<nsCStringHashKey, Entry> DataStorageTable;
+  typedef nsRefPtrHashtable<nsStringHashKey, DataStorage> DataStorages;
+
+  void WaitForReady();
+  nsresult AsyncWriteData(const MutexAutoLock& aProofOfLock);
+  nsresult AsyncReadData(bool& aHaveProfileDir,
+                         const MutexAutoLock& aProofOfLock);
+  nsresult AsyncSetTimer(const MutexAutoLock& aProofOfLock);
+  nsresult DispatchShutdownTimer(const MutexAutoLock& aProofOfLock);
+
+  static nsresult ValidateKeyAndValue(const nsCString& aKey,
+                                      const nsCString& aValue);
+  static void TimerCallback(nsITimer* aTimer, void* aClosure);
+  void SetTimer();
+  void ShutdownTimer();
+  void NotifyObservers(const char* aTopic);
+
+  bool GetInternal(const nsCString& aKey, Entry* aEntry, DataStorageType aType,
+                   const MutexAutoLock& aProofOfLock);
+  nsresult PutInternal(const nsCString& aKey, Entry& aEntry,
+                       DataStorageType aType,
+                       const MutexAutoLock& aProofOfLock);
+  void MaybeEvictOneEntry(DataStorageType aType,
+                          const MutexAutoLock& aProofOfLock);
+  DataStorageTable& GetTableForType(DataStorageType aType,
+                                    const MutexAutoLock& aProofOfLock);
+
+  void ReadAllFromTable(DataStorageType aType,
+                        InfallibleTArray<DataStorageItem>* aItems,
+                        const MutexAutoLock& aProofOfLock);
+
+  Mutex mMutex; // This mutex protects access to the following members:
+  DataStorageTable  mPersistentDataTable;
+  DataStorageTable  mTemporaryDataTable;
+  DataStorageTable  mPrivateDataTable;
+  nsCOMPtr<nsIThread> mWorkerThread;
+  nsCOMPtr<nsIFile> mBackingFile;
+  nsCOMPtr<nsITimer> mTimer; // All uses after init must be on the worker thread
+  uint32_t mTimerDelay; // in milliseconds
+  bool mPendingWrite; // true if a write is needed but hasn't been dispatched
+  bool mShuttingDown;
+  bool mInitCalled; // Indicates that Init() has been called.
+  // (End list of members protected by mMutex)
+
+  Monitor mReadyMonitor; // Do not acquire this at the same time as mMutex.
+  bool mReady; // Indicates that saved data has been read and Get can proceed.
+
+  const nsString mFilename;
+
+  static StaticAutoPtr<DataStorages> sDataStorages;
+};
+
+} // namespace mozilla
+
+#endif // mozilla_DataStorage_h
diff --git a/security/manager/ssl/DataStorageIPCUtils.h b/security/manager/ssl/DataStorageIPCUtils.h
new file mode 100644
index 000000000..cab159e60
--- /dev/null
+++ b/security/manager/ssl/DataStorageIPCUtils.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ipc_DataStorageIPCUtils_h
+#define ipc_DataStorageIPCUtils_h
+
+#include "ipc/IPCMessageUtils.h"
+#include "mozilla/DataStorage.h"
+
+namespace IPC {
+  template<>
+  struct ParamTraits<mozilla::DataStorageType> :
+    public ContiguousEnumSerializer<mozilla::DataStorageType,
+                                    mozilla::DataStorage_Persistent,
+                                    mozilla::DataStorageType(mozilla::DataStorage_Private + 1)> {};
+} // namespace IPC
+
+#endif // mozilla_DataStorageIPCUtils_hh
diff --git a/security/manager/ssl/LocalCertService.cpp b/security/manager/ssl/LocalCertService.cpp
new file mode 100644
index 000000000..7ea0b4789
--- /dev/null
+++ b/security/manager/ssl/LocalCertService.cpp
@@ -0,0 +1,501 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "LocalCertService.h"
+
+#include "CryptoTask.h"
+#include "ScopedNSSTypes.h"
+#include "cert.h"
+#include "mozilla/Casting.h"
+#include "mozilla/ModuleUtils.h"
+#include "mozilla/RefPtr.h"
+#include "nsIPK11Token.h"
+#include "nsIPK11TokenDB.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509CertValidity.h"
+#include "nsLiteralString.h"
+#include "nsProxyRelease.h"
+#include "nsServiceManagerUtils.h"
+#include "nsString.h"
+#include "pk11pub.h"
+
+namespace mozilla {
+
+class LocalCertTask : public CryptoTask
+{
+protected:
+  explicit LocalCertTask(const nsACString& aNickname)
+    : mNickname(aNickname)
+  {
+  }
+
+  nsresult RemoveExisting()
+  {
+    // Search for any existing certs with this name and remove them
+    nsresult rv;
+
+    for (;;) {
+      UniqueCERTCertificate cert(
+        PK11_FindCertFromNickname(mNickname.get(), nullptr));
+      if (!cert) {
+        return NS_OK; // All done
+      }
+
+      // Found a cert, check if generated by this service
+      if (!cert->isRoot) {
+        return NS_ERROR_UNEXPECTED; // Should be self-signed
+      }
+
+      NS_NAMED_LITERAL_CSTRING(commonNamePrefix, "CN=");
+      nsAutoCString subjectNameFromNickname(commonNamePrefix + mNickname);
+      if (!subjectNameFromNickname.Equals(cert->subjectName)) {
+        return NS_ERROR_UNEXPECTED; // Subject should match nickname
+      }
+      if (!subjectNameFromNickname.Equals(cert->issuerName)) {
+        return NS_ERROR_UNEXPECTED; // Issuer should match nickname
+      }
+
+      rv = MapSECStatus(PK11_DeleteTokenCertAndKey(cert.get(), nullptr));
+      if (NS_FAILED(rv)) {
+        return rv; // Some error, abort the loop
+      }
+    }
+  }
+
+  nsCString mNickname;
+};
+
+class LocalCertGetTask final : public LocalCertTask
+{
+public:
+  LocalCertGetTask(const nsACString& aNickname,
+                   nsILocalCertGetCallback* aCallback)
+    : LocalCertTask(aNickname)
+    , mCallback(new nsMainThreadPtrHolder<nsILocalCertGetCallback>(aCallback))
+    , mCert(nullptr)
+  {
+  }
+
+private:
+  virtual nsresult CalculateResult() override
+  {
+    // Try to lookup an existing cert in the DB
+    nsresult rv = GetFromDB();
+    // Make a new one if getting fails
+    if (NS_FAILED(rv)) {
+      rv = Generate();
+    }
+    // If generation fails, we're out of luck
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Validate cert, make a new one if it fails
+    rv = Validate();
+    if (NS_FAILED(rv)) {
+      rv = Generate();
+    }
+    // If generation fails, we're out of luck
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    return NS_OK;
+  }
+
+  nsresult Generate()
+  {
+    nsresult rv;
+
+    // Get the key slot for generation later
+    UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+    if (!slot) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Remove existing certs with this name (if any)
+    rv = RemoveExisting();
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Generate a new cert
+    NS_NAMED_LITERAL_CSTRING(commonNamePrefix, "CN=");
+    nsAutoCString subjectNameStr(commonNamePrefix + mNickname);
+    UniqueCERTName subjectName(CERT_AsciiToName(subjectNameStr.get()));
+    if (!subjectName) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Use the well-known NIST P-256 curve
+    SECOidData* curveOidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
+    if (!curveOidData) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Get key params from the curve
+    ScopedAutoSECItem keyParams(2 + curveOidData->oid.len);
+    keyParams.data[0] = SEC_ASN1_OBJECT_ID;
+    keyParams.data[1] = curveOidData->oid.len;
+    memcpy(keyParams.data + 2, curveOidData->oid.data, curveOidData->oid.len);
+
+    // Generate cert key pair
+    SECKEYPublicKey* tempPublicKey;
+    UniqueSECKEYPrivateKey privateKey(
+      PK11_GenerateKeyPair(slot.get(), CKM_EC_KEY_PAIR_GEN, &keyParams,
+                           &tempPublicKey, true /* token */,
+                           true /* sensitive */, nullptr));
+    UniqueSECKEYPublicKey publicKey(tempPublicKey);
+    tempPublicKey = nullptr;
+    if (!privateKey || !publicKey) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Create subject public key info and cert request
+    UniqueCERTSubjectPublicKeyInfo spki(
+      SECKEY_CreateSubjectPublicKeyInfo(publicKey.get()));
+    if (!spki) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+    UniqueCERTCertificateRequest certRequest(
+      CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr));
+    if (!certRequest) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Valid from one day before to 1 year after
+    static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
+                               * PRTime(60)  // sec
+                               * PRTime(60)  // min
+                               * PRTime(24); // hours
+
+    PRTime now = PR_Now();
+    PRTime notBefore = now - oneDay;
+    PRTime notAfter = now + (PRTime(365) * oneDay);
+    UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
+    if (!validity) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Generate random serial
+    unsigned long serial;
+    // This serial in principle could collide, but it's unlikely
+    rv = MapSECStatus(PK11_GenerateRandomOnSlot(
+           slot.get(), BitwiseCast<unsigned char*, unsigned long*>(&serial),
+           sizeof(serial)));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Create the cert from these pieces
+    UniqueCERTCertificate cert(
+      CERT_CreateCertificate(serial, subjectName.get(), validity.get(),
+                             certRequest.get()));
+    if (!cert) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Update the cert version to X509v3
+    if (!cert->version.data) {
+      return NS_ERROR_INVALID_POINTER;
+    }
+    *(cert->version.data) = SEC_CERTIFICATE_VERSION_3;
+    cert->version.len = 1;
+
+    // Set cert signature algorithm
+    PLArenaPool* arena = cert->arena;
+    if (!arena) {
+      return NS_ERROR_INVALID_POINTER;
+    }
+    rv = MapSECStatus(
+           SECOID_SetAlgorithmID(arena, &cert->signature,
+                                 SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, 0));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Encode and self-sign the cert
+    UniqueSECItem certDER(
+      SEC_ASN1EncodeItem(nullptr, nullptr, cert.get(),
+                         SEC_ASN1_GET(CERT_CertificateTemplate)));
+    if (!certDER) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+    rv = MapSECStatus(
+           SEC_DerSignData(arena, &cert->derCert, certDER->data, certDER->len,
+                           privateKey.get(),
+                           SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Create a CERTCertificate from the signed data
+    UniqueCERTCertificate certFromDER(
+      CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &cert->derCert, nullptr,
+                              true /* perm */, true /* copyDER */));
+    if (!certFromDER) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Save the cert in the DB
+    rv = MapSECStatus(PK11_ImportCert(slot.get(), certFromDER.get(),
+                                      CK_INVALID_HANDLE, mNickname.get(),
+                                      false /* unused */));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // We should now have cert in the DB, read it back in nsIX509Cert form
+    return GetFromDB();
+  }
+
+  nsresult GetFromDB()
+  {
+    nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID);
+    if (!certDB) {
+      return NS_ERROR_FAILURE;
+    }
+
+    nsCOMPtr<nsIX509Cert> certFromDB;
+    nsresult rv;
+    rv = certDB->FindCertByNickname(NS_ConvertASCIItoUTF16(mNickname),
+                                    getter_AddRefs(certFromDB));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    mCert = certFromDB;
+    return NS_OK;
+  }
+
+  nsresult Validate()
+  {
+    // Verify cert is self-signed
+    bool selfSigned;
+    nsresult rv = mCert->GetIsSelfSigned(&selfSigned);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (!selfSigned) {
+      return NS_ERROR_FAILURE;
+    }
+
+    // Check that subject and issuer match nickname
+    nsXPIDLString subjectName;
+    nsXPIDLString issuerName;
+    mCert->GetSubjectName(subjectName);
+    mCert->GetIssuerName(issuerName);
+    if (!subjectName.Equals(issuerName)) {
+      return NS_ERROR_FAILURE;
+    }
+    NS_NAMED_LITERAL_STRING(commonNamePrefix, "CN=");
+    nsAutoString subjectNameFromNickname(
+      commonNamePrefix + NS_ConvertASCIItoUTF16(mNickname));
+    if (!subjectName.Equals(subjectNameFromNickname)) {
+      return NS_ERROR_FAILURE;
+    }
+
+    nsCOMPtr<nsIX509CertValidity> validity;
+    mCert->GetValidity(getter_AddRefs(validity));
+
+    PRTime notBefore, notAfter;
+    validity->GetNotBefore(&notBefore);
+    validity->GetNotAfter(&notAfter);
+
+    // Ensure cert will last at least one more day
+    static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
+                               * PRTime(60)  // sec
+                               * PRTime(60)  // min
+                               * PRTime(24); // hours
+    PRTime now = PR_Now();
+    if (notBefore > now ||
+        notAfter < (now - oneDay)) {
+      return NS_ERROR_FAILURE;
+    }
+
+    return NS_OK;
+  }
+
+  virtual void ReleaseNSSResources() override {}
+
+  virtual void CallCallback(nsresult rv) override
+  {
+    (void) mCallback->HandleCert(mCert, rv);
+  }
+
+  nsMainThreadPtrHandle<nsILocalCertGetCallback> mCallback;
+  nsCOMPtr<nsIX509Cert> mCert; // out
+};
+
+class LocalCertRemoveTask final : public LocalCertTask
+{
+public:
+  LocalCertRemoveTask(const nsACString& aNickname,
+                      nsILocalCertCallback* aCallback)
+    : LocalCertTask(aNickname)
+    , mCallback(new nsMainThreadPtrHolder<nsILocalCertCallback>(aCallback))
+  {
+  }
+
+private:
+  virtual nsresult CalculateResult() override
+  {
+    return RemoveExisting();
+  }
+
+  virtual void ReleaseNSSResources() override {}
+
+  virtual void CallCallback(nsresult rv) override
+  {
+    (void) mCallback->HandleResult(rv);
+  }
+
+  nsMainThreadPtrHandle<nsILocalCertCallback> mCallback;
+};
+
+NS_IMPL_ISUPPORTS(LocalCertService, nsILocalCertService)
+
+LocalCertService::LocalCertService()
+{
+}
+
+LocalCertService::~LocalCertService()
+{
+}
+
+nsresult
+LocalCertService::LoginToKeySlot()
+{
+  nsresult rv;
+
+  // Get access to key slot
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+  }
+
+  // If no user password yet, set it an empty one
+  if (PK11_NeedUserInit(slot.get())) {
+    rv = MapSECStatus(PK11_InitPin(slot.get(), "", ""));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  // If user has a password set, prompt to login
+  if (PK11_NeedLogin(slot.get()) && !PK11_IsLoggedIn(slot.get(), nullptr)) {
+    // Switching to XPCOM to get the UI prompt that PSM owns
+    nsCOMPtr<nsIPK11TokenDB> tokenDB =
+      do_GetService(NS_PK11TOKENDB_CONTRACTID);
+    if (!tokenDB) {
+      return NS_ERROR_FAILURE;
+    }
+    nsCOMPtr<nsIPK11Token> keyToken;
+    tokenDB->GetInternalKeyToken(getter_AddRefs(keyToken));
+    if (!keyToken) {
+      return NS_ERROR_FAILURE;
+    }
+    // Prompt the user to login
+    return keyToken->Login(false /* force */);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+LocalCertService::GetOrCreateCert(const nsACString& aNickname,
+                                  nsILocalCertGetCallback* aCallback)
+{
+  if (NS_WARN_IF(aNickname.IsEmpty())) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (NS_WARN_IF(!aCallback)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  // Before sending off the task, login to key slot if needed
+  nsresult rv = LoginToKeySlot();
+  if (NS_FAILED(rv)) {
+    aCallback->HandleCert(nullptr, rv);
+    return NS_OK;
+  }
+
+  RefPtr<LocalCertGetTask> task(new LocalCertGetTask(aNickname, aCallback));
+  return task->Dispatch("LocalCertGet");
+}
+
+NS_IMETHODIMP
+LocalCertService::RemoveCert(const nsACString& aNickname,
+                             nsILocalCertCallback* aCallback)
+{
+  if (NS_WARN_IF(aNickname.IsEmpty())) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (NS_WARN_IF(!aCallback)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  // Before sending off the task, login to key slot if needed
+  nsresult rv = LoginToKeySlot();
+  if (NS_FAILED(rv)) {
+    aCallback->HandleResult(rv);
+    return NS_OK;
+  }
+
+  RefPtr<LocalCertRemoveTask> task(
+    new LocalCertRemoveTask(aNickname, aCallback));
+  return task->Dispatch("LocalCertRm");
+}
+
+NS_IMETHODIMP
+LocalCertService::GetLoginPromptRequired(bool* aRequired)
+{
+  nsresult rv;
+
+  // Get access to key slot
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+  }
+
+  // If no user password yet, set it an empty one
+  if (PK11_NeedUserInit(slot.get())) {
+    rv = MapSECStatus(PK11_InitPin(slot.get(), "", ""));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  *aRequired = PK11_NeedLogin(slot.get()) &&
+               !PK11_IsLoggedIn(slot.get(), nullptr);
+  return NS_OK;
+}
+
+#define LOCALCERTSERVICE_CID \
+{ 0x47402be2, 0xe653, 0x45d0, \
+  { 0x8d, 0xaa, 0x9f, 0x0d, 0xce, 0x0a, 0xc1, 0x48 } }
+
+NS_GENERIC_FACTORY_CONSTRUCTOR(LocalCertService)
+
+NS_DEFINE_NAMED_CID(LOCALCERTSERVICE_CID);
+
+static const Module::CIDEntry kLocalCertServiceCIDs[] = {
+  { &kLOCALCERTSERVICE_CID, false, nullptr, LocalCertServiceConstructor },
+  { nullptr }
+};
+
+static const Module::ContractIDEntry kLocalCertServiceContracts[] = {
+  { LOCALCERTSERVICE_CONTRACTID, &kLOCALCERTSERVICE_CID },
+  { nullptr }
+};
+
+static const Module kLocalCertServiceModule = {
+  Module::kVersion,
+  kLocalCertServiceCIDs,
+  kLocalCertServiceContracts
+};
+
+NSMODULE_DEFN(LocalCertServiceModule) = &kLocalCertServiceModule;
+
+} // namespace mozilla
diff --git a/security/manager/ssl/LocalCertService.h b/security/manager/ssl/LocalCertService.h
new file mode 100644
index 000000000..fb5a999cd
--- /dev/null
+++ b/security/manager/ssl/LocalCertService.h
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef LocalCertService_h
+#define LocalCertService_h
+
+#include "nsILocalCertService.h"
+
+namespace mozilla {
+
+class LocalCertService final : public nsILocalCertService
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSILOCALCERTSERVICE
+
+  LocalCertService();
+
+private:
+  nsresult LoginToKeySlot();
+  ~LocalCertService();
+};
+
+} // namespace mozilla
+
+#endif // LocalCertService_h
diff --git a/security/manager/ssl/NSSErrorsService.cpp b/security/manager/ssl/NSSErrorsService.cpp
new file mode 100644
index 000000000..0632203b1
--- /dev/null
+++ b/security/manager/ssl/NSSErrorsService.cpp
@@ -0,0 +1,206 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "NSSErrorsService.h"
+
+#include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
+#include "pkix/pkixnss.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
+#define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties"
+
+namespace mozilla {
+namespace psm {
+
+static_assert(mozilla::pkix::ERROR_BASE ==
+                nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE,
+              "MOZILLA_PKIX_ERROR_BASE and "
+                "nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE do not match.");
+static_assert(mozilla::pkix::ERROR_LIMIT ==
+                nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT,
+              "MOZILLA_PKIX_ERROR_LIMIT and "
+                "nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT do not match.");
+
+static bool
+IsPSMError(PRErrorCode error)
+{
+  return (error >= mozilla::pkix::ERROR_BASE &&
+          error < mozilla::pkix::ERROR_LIMIT);
+}
+
+NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService)
+
+NSSErrorsService::~NSSErrorsService() { }
+
+nsresult
+NSSErrorsService::Init()
+{
+  nsresult rv;
+  nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
+  if (NS_FAILED(rv) || !bundleService) 
+    return NS_ERROR_FAILURE;
+  
+  bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL,
+                              getter_AddRefs(mPIPNSSBundle));
+  if (!mPIPNSSBundle)
+    rv = NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle(NSSERR_STRBUNDLE_URL,
+                              getter_AddRefs(mNSSErrorsBundle));
+  if (!mNSSErrorsBundle)
+    rv = NS_ERROR_FAILURE;
+
+  return rv;
+}
+
+#define EXPECTED_SEC_ERROR_BASE (-0x2000)
+#define EXPECTED_SSL_ERROR_BASE (-0x3000)
+
+#if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE
+#error "Unexpected change of error code numbers in lib NSS, please adjust the mapping code"
+/*
+ * Please ensure the NSS error codes are mapped into the positive range 0x1000 to 0xf000
+ * Search for NS_ERROR_MODULE_SECURITY to ensure there are no conflicts.
+ * The current code also assumes that NSS library error codes are negative.
+ */
+#endif
+
+bool
+IsNSSErrorCode(PRErrorCode code)
+{
+  return IS_SEC_ERROR(code) || IS_SSL_ERROR(code) || IsPSMError(code);
+}
+
+nsresult
+GetXPCOMFromNSSError(PRErrorCode code)
+{
+  if (!code) {
+    MOZ_CRASH("Function failed without calling PR_GetError");
+  }
+
+  // The error codes within each module must be a 16 bit value.
+  // For simplicity we use the positive value of the NSS code.
+  return (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY,
+                                             -1 * code);
+}
+
+NS_IMETHODIMP
+NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool *_retval)
+{
+  if (!_retval) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *_retval = mozilla::psm::IsNSSErrorCode(aNSPRCode);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode, nsresult *aXPCOMErrorCode)
+{
+  if (!aXPCOMErrorCode) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *aXPCOMErrorCode = mozilla::psm::GetXPCOMFromNSSError(aNSPRCode);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode, uint32_t *aErrorClass)
+{
+  NS_ENSURE_ARG(aErrorClass);
+
+  if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY ||
+      NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) {
+    return NS_ERROR_FAILURE;
+  }
+  
+  int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (mozilla::psm::ErrorIsOverridable(aNSPRCode)) {
+    *aErrorClass = ERROR_CLASS_BAD_CERT;
+  } else {
+    *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
+  }
+
+  return NS_OK;
+}
+
+bool
+ErrorIsOverridable(PRErrorCode code)
+{
+  switch (code)
+  {
+    // Overridable errors.
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SSL_ERROR_BAD_CERT_DOMAIN:
+      return true;
+    // Non-overridable errors.
+    default:
+      return false;
+  }
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode, nsAString &aErrorMessage)
+{
+  if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY ||
+      NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) {
+    return NS_ERROR_FAILURE;
+  }
+  
+  int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIStringBundle> theBundle = mPIPNSSBundle;
+  const char *id_str = nsNSSErrors::getOverrideErrorStringName(aNSPRCode);
+
+  if (!id_str) {
+    id_str = nsNSSErrors::getDefaultErrorStringName(aNSPRCode);
+    theBundle = mNSSErrorsBundle;
+  }
+
+  if (!id_str || !theBundle) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoString msg;
+  nsresult rv =
+    theBundle->GetStringFromName(NS_ConvertASCIItoUTF16(id_str).get(),
+                                 getter_Copies(msg));
+  if (NS_SUCCEEDED(rv)) {
+    aErrorMessage = msg;
+  }
+  return rv;
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/NSSErrorsService.h b/security/manager/ssl/NSSErrorsService.h
new file mode 100644
index 000000000..844ceda35
--- /dev/null
+++ b/security/manager/ssl/NSSErrorsService.h
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSErrorsService_h
+#define NSSErrorsService_h
+
+#include "nsINSSErrorsService.h"
+#include "mozilla/Attributes.h"
+#include "nsCOMPtr.h"
+#include "nsIStringBundle.h"
+#include "prerror.h"
+
+namespace mozilla {
+namespace psm {
+
+class NSSErrorsService final : public nsINSSErrorsService
+{
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSINSSERRORSSERVICE
+
+public:
+  nsresult Init();
+
+private:
+  // For XPCOM implementations that are not a base class for some other
+  // class, it is good practice to make the destructor non-virtual and
+  // private.  Then the only way to delete the object is via Release.
+#ifdef _MSC_VER
+  // C4265: Class has virtual members but destructor is not virtual
+  __pragma(warning(disable:4265))
+#endif
+  ~NSSErrorsService();
+
+  nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
+  nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
+};
+
+bool IsNSSErrorCode(PRErrorCode code);
+nsresult GetXPCOMFromNSSError(PRErrorCode code);
+bool ErrorIsOverridable(PRErrorCode code);
+
+} // namespace psm
+} // namespace mozilla
+
+#define NS_NSSERRORSSERVICE_CID \
+  { 0x9ef18451, 0xa157, 0x4d17, { 0x81, 0x32, 0x47, 0xaf, 0xef, 0x21, 0x36, 0x89 } }
+
+#endif // NSSErrorsService_h
diff --git a/security/manager/ssl/PPSMContentDownloader.ipdl b/security/manager/ssl/PPSMContentDownloader.ipdl
new file mode 100644
index 000000000..a9c0fc266
--- /dev/null
+++ b/security/manager/ssl/PPSMContentDownloader.ipdl
@@ -0,0 +1,28 @@
+/* vim: set sw=2 sts=2 ts=2 et tw=80 ft=cpp: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PContent;
+include protocol PChannelDiverter;
+
+namespace mozilla {
+namespace psm {
+
+protocol PPSMContentDownloader
+{
+  manager PContent;
+
+parent:
+  async OnStartRequest(uint32_t contentLength);
+  async OnDataAvailable(nsCString data, uint64_t offset, uint32_t count);
+  async OnStopRequest(nsresult code);
+
+  async DivertToParentUsing(PChannelDiverter diverter);
+
+child:
+  async __delete__();
+};
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/PSMContentListener.cpp b/security/manager/ssl/PSMContentListener.cpp
new file mode 100644
index 000000000..688e2c18c
--- /dev/null
+++ b/security/manager/ssl/PSMContentListener.cpp
@@ -0,0 +1,454 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set sw=2 sts=2 ts=2 et tw=80:
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "PSMContentListener.h"
+
+#include "nsIDivertableChannel.h"
+#include "nsIStreamListener.h"
+#include "nsIX509CertDB.h"
+#include "nsIXULAppInfo.h"
+
+#include "mozilla/Casting.h"
+#include "mozilla/Services.h"
+#include "mozilla/Unused.h"
+
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/net/ChannelDiverterParent.h"
+#include "mozilla/net/ChannelDiverterChild.h"
+
+#include "nsCRT.h"
+#include "nsNetUtil.h"
+#include "nsIChannel.h"
+#include "nsIInputStream.h"
+#include "nsIURI.h"
+#include "nsNSSHelper.h"
+
+#include "mozilla/Logging.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+namespace mozilla { namespace psm {
+
+namespace {
+
+const int32_t kDefaultCertAllocLength = 2048;
+
+enum {
+  UNKNOWN_TYPE = 0,
+  X509_CA_CERT = 1,
+  X509_USER_CERT = 2,
+  X509_EMAIL_CERT = 3,
+  X509_SERVER_CERT = 4
+};
+
+/* other mime types that we should handle sometime:
+
+   application/x-pkcs7-mime
+   application/pkcs7-signature
+   application/pre-encrypted
+
+*/
+
+uint32_t
+getPSMContentType(const char* aContentType)
+{
+  // Don't forget to update the registration of content listeners in nsNSSModule.cpp
+  // for every supported content type.
+
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
+    return X509_CA_CERT;
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
+    return X509_SERVER_CERT;
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
+    return X509_USER_CERT;
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
+    return X509_EMAIL_CERT;
+
+  return UNKNOWN_TYPE;
+}
+
+int64_t
+ComputeContentLength(nsIRequest* request)
+{
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
+  if (!channel) {
+    return -1;
+  }
+
+  int64_t contentLength;
+  nsresult rv = channel->GetContentLength(&contentLength);
+  if (NS_FAILED(rv) || contentLength <= 0) {
+    return kDefaultCertAllocLength;
+  }
+
+  if (contentLength > INT32_MAX) {
+    return -1;
+  }
+
+  return contentLength;
+}
+
+} // unnamed namespace
+
+/* ------------------------
+ * PSMContentStreamListener
+ * ------------------------ */
+
+PSMContentStreamListener::PSMContentStreamListener(uint32_t type)
+  : mType(type)
+{
+}
+
+PSMContentStreamListener::~PSMContentStreamListener()
+{
+}
+
+NS_IMPL_ISUPPORTS(PSMContentStreamListener, nsIStreamListener, nsIRequestObserver)
+
+NS_IMETHODIMP
+PSMContentStreamListener::OnStartRequest(nsIRequest* request, nsISupports* context)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnStartRequest\n"));
+
+  int64_t contentLength = ComputeContentLength(request);
+  if (contentLength < 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  mByteData.SetCapacity(contentLength);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentStreamListener::OnDataAvailable(nsIRequest* request,
+                                          nsISupports* context,
+                                          nsIInputStream* aIStream,
+                                          uint64_t aSourceOffset,
+                                          uint32_t aLength)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnDataAvailable\n"));
+
+  nsCString chunk;
+  nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mByteData.Append(chunk);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentStreamListener::OnStopRequest(nsIRequest* request,
+                                        nsISupports* context,
+                                        nsresult aStatus)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnStopRequest\n"));
+
+  // Because importing the cert can spin the event loop (via alerts), we can't
+  // do it here. Do it off the event loop instead.
+  nsCOMPtr<nsIRunnable> r =
+    NewRunnableMethod(this, &PSMContentStreamListener::ImportCertificate);
+  MOZ_ALWAYS_SUCCEEDS(NS_DispatchToMainThread(r));
+
+  return NS_OK;
+}
+
+void
+PSMContentStreamListener::ImportCertificate()
+{
+  nsCOMPtr<nsIX509CertDB> certdb;
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+
+  switch (mType) {
+  case X509_CA_CERT:
+  case X509_USER_CERT:
+  case X509_EMAIL_CERT:
+    certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
+    break;
+
+  default:
+    break;
+  }
+
+  if (!certdb) {
+    return;
+  }
+
+  switch (mType) {
+  case X509_CA_CERT:
+    certdb->ImportCertificates(BitwiseCast<uint8_t*, char*>(
+                                 mByteData.BeginWriting()),
+                               mByteData.Length(), mType, ctx);
+    break;
+
+  case X509_USER_CERT:
+    certdb->ImportUserCertificate(BitwiseCast<uint8_t*, char*>(
+                                    mByteData.BeginWriting()),
+                                  mByteData.Length(), ctx);
+    break;
+
+  case X509_EMAIL_CERT:
+    certdb->ImportEmailCertificate(BitwiseCast<uint8_t*, char*>(
+                                     mByteData.BeginWriting()),
+                                   mByteData.Length(), ctx);
+    break;
+
+  default:
+    break;
+  }
+}
+
+/* ------------------------
+ * PSMContentDownloaderParent
+ * ------------------------ */
+
+PSMContentDownloaderParent::PSMContentDownloaderParent(uint32_t type)
+  : PSMContentStreamListener(type)
+  , mIPCOpen(true)
+{
+}
+
+PSMContentDownloaderParent::~PSMContentDownloaderParent()
+{
+}
+
+bool
+PSMContentDownloaderParent::RecvOnStartRequest(const uint32_t& contentLength)
+{
+  mByteData.SetCapacity(contentLength);
+  return true;
+}
+
+bool
+PSMContentDownloaderParent::RecvOnDataAvailable(const nsCString& data,
+                                                const uint64_t& offset,
+                                                const uint32_t& count)
+{
+  mByteData.Append(data);
+  return true;
+}
+
+bool
+PSMContentDownloaderParent::RecvOnStopRequest(const nsresult& code)
+{
+  if (NS_SUCCEEDED(code)) {
+    // See also PSMContentStreamListener::OnStopRequest. In this case, we don't
+    // have to dispatch ImportCertificate off of an event because we don't have
+    // to worry about Necko sending "clean up" events and destroying us if
+    // ImportCertificate spins the event loop.
+    ImportCertificate();
+  }
+
+  if (mIPCOpen) {
+    mozilla::Unused << Send__delete__(this);
+  }
+  return true;
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderParent::OnStopRequest(nsIRequest* request, nsISupports* context, nsresult code)
+{
+  nsresult rv = PSMContentStreamListener::OnStopRequest(request, context, code);
+
+  if (mIPCOpen) {
+    mozilla::Unused << Send__delete__(this);
+  }
+  return rv;
+}
+
+bool
+PSMContentDownloaderParent::RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent* diverter)
+{
+  MOZ_ASSERT(diverter);
+  auto p = static_cast<mozilla::net::ChannelDiverterParent*>(diverter);
+  p->DivertTo(this);
+  mozilla::Unused << p->Send__delete__(p);
+  return true;
+}
+
+void
+PSMContentDownloaderParent::ActorDestroy(ActorDestroyReason why)
+{
+  mIPCOpen = false;
+}
+
+/* ------------------------
+ * PSMContentDownloaderChild
+ * ------------------------ */
+
+NS_IMPL_ISUPPORTS(PSMContentDownloaderChild, nsIStreamListener)
+
+PSMContentDownloaderChild::PSMContentDownloaderChild()
+{
+}
+
+PSMContentDownloaderChild::~PSMContentDownloaderChild()
+{
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderChild::OnStartRequest(nsIRequest* request, nsISupports* context)
+{
+  nsCOMPtr<nsIDivertableChannel> divertable = do_QueryInterface(request);
+  if (divertable) {
+    mozilla::net::ChannelDiverterChild* diverter = nullptr;
+    nsresult rv = divertable->DivertToParent(&diverter);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    MOZ_ASSERT(diverter);
+
+    return SendDivertToParentUsing(diverter) ? NS_OK : NS_ERROR_FAILURE;
+  }
+
+  int64_t contentLength = ComputeContentLength(request);
+  if (contentLength < 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  mozilla::Unused << SendOnStartRequest(contentLength);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderChild::OnDataAvailable(nsIRequest* request,
+                                           nsISupports* context,
+                                           nsIInputStream* aIStream,
+                                           uint64_t aSourceOffset,
+                                           uint32_t aLength)
+{
+  nsCString chunk;
+  nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mozilla::Unused << SendOnDataAvailable(chunk, aSourceOffset, aLength);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderChild::OnStopRequest(nsIRequest* request,
+                                         nsISupports* context,
+                                         nsresult aStatus)
+{
+  mozilla::Unused << SendOnStopRequest(aStatus);
+  return NS_OK;
+}
+
+/* ------------------------
+ * PSMContentListener
+ * ------------------------ */
+
+NS_IMPL_ISUPPORTS(PSMContentListener,
+                  nsIURIContentListener,
+                  nsISupportsWeakReference) 
+
+PSMContentListener::PSMContentListener()
+{
+  mLoadCookie = nullptr;
+  mParentContentListener = nullptr;
+}
+
+PSMContentListener::~PSMContentListener()
+{
+}
+
+nsresult
+PSMContentListener::init()
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::OnStartURIOpen(nsIURI* aURI, bool* aAbortOpen)
+{
+  //if we don't want to handle the URI, return true in
+  //*aAbortOpen
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::IsPreferred(const char* aContentType,
+                                 char** aDesiredContentType,
+                                 bool* aCanHandleContent)
+{
+  return CanHandleContent(aContentType, true,
+                          aDesiredContentType, aCanHandleContent);
+}
+
+NS_IMETHODIMP
+PSMContentListener::CanHandleContent(const char* aContentType,
+                                      bool aIsContentPreferred,
+                                      char** aDesiredContentType,
+                                      bool* aCanHandleContent)
+{
+  uint32_t type = getPSMContentType(aContentType);
+  *aCanHandleContent = (type != UNKNOWN_TYPE);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::DoContent(const nsACString& aContentType,
+                               bool aIsContentPreferred,
+                               nsIRequest* aRequest,
+                               nsIStreamListener** aContentHandler,
+                               bool* aAbortProcess)
+{
+  uint32_t type;
+  type = getPSMContentType(PromiseFlatCString(aContentType).get());
+  if (gPIPNSSLog) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PSMContentListener::DoContent\n"));
+  }
+  if (type != UNKNOWN_TYPE) {
+    nsCOMPtr<nsIStreamListener> downloader;
+    if (XRE_IsParentProcess()) {
+      downloader = new PSMContentStreamListener(type);
+    } else {
+      downloader = static_cast<PSMContentDownloaderChild*>(
+          dom::ContentChild::GetSingleton()->SendPPSMContentDownloaderConstructor(type));
+    }
+
+    downloader.forget(aContentHandler);
+    return NS_OK;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+PSMContentListener::GetLoadCookie(nsISupports** aLoadCookie)
+{
+  nsCOMPtr<nsISupports> loadCookie(mLoadCookie);
+  loadCookie.forget(aLoadCookie);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::SetLoadCookie(nsISupports* aLoadCookie)
+{
+  mLoadCookie = aLoadCookie;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::GetParentContentListener(nsIURIContentListener** aContentListener)
+{
+  nsCOMPtr<nsIURIContentListener> listener(mParentContentListener);
+  listener.forget(aContentListener);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::SetParentContentListener(nsIURIContentListener* aContentListener)
+{
+  mParentContentListener = aContentListener;
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/PSMContentListener.h b/security/manager/ssl/PSMContentListener.h
new file mode 100644
index 000000000..d948383a4
--- /dev/null
+++ b/security/manager/ssl/PSMContentListener.h
@@ -0,0 +1,111 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_psm_PSMCOntentListener_h_
+#define mozilla_psm_PSMCOntentListener_h_
+
+#include "nsCOMPtr.h"
+#include "nsIURIContentListener.h"
+#include "nsWeakReference.h"
+#include "mozilla/psm/PPSMContentDownloaderChild.h"
+#include "mozilla/psm/PPSMContentDownloaderParent.h"
+
+#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
+#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
+
+namespace mozilla {
+namespace net {
+
+class PChannelDiverterParent;
+
+} // namespace net
+} // namespace mozilla
+
+namespace mozilla { namespace psm {
+
+// PSMContentStreamListener for parent-process downloading.
+class PSMContentStreamListener : public nsIStreamListener
+{
+public:
+  explicit PSMContentStreamListener(uint32_t type);
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIREQUESTOBSERVER
+  NS_DECL_NSISTREAMLISTENER
+
+  void ImportCertificate();
+
+protected:
+  virtual ~PSMContentStreamListener();
+
+  nsCString mByteData;
+  uint32_t mType;
+};
+
+// Parent actor for importing a remote cert when the load was started by the
+// child.
+class PSMContentDownloaderParent : public PPSMContentDownloaderParent
+                                 , public PSMContentStreamListener
+{
+public:
+  explicit PSMContentDownloaderParent(uint32_t type);
+
+  virtual bool RecvOnStartRequest(const uint32_t &contentLength) override;
+  virtual bool RecvOnDataAvailable(const nsCString &data,
+                                   const uint64_t &offset,
+                                   const uint32_t &count) override;
+  virtual bool RecvOnStopRequest(const nsresult &code) override;
+
+  // We inherit most of nsIStreamListener from PSMContentStreamListener, but
+  // we have to override OnStopRequest to know when we're done with our IPC
+  // ref.
+  NS_IMETHOD OnStopRequest(nsIRequest *request, nsISupports *aContext, nsresult code) override;
+
+  virtual bool RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent *diverter) override;
+
+protected:
+  virtual ~PSMContentDownloaderParent();
+
+  virtual void ActorDestroy(ActorDestroyReason why) override;
+  bool mIPCOpen;
+};
+
+// Child actor for importing a cert.
+class PSMContentDownloaderChild : public nsIStreamListener
+                                , public PPSMContentDownloaderChild
+{
+public:
+  PSMContentDownloaderChild();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIREQUESTOBSERVER
+  NS_DECL_NSISTREAMLISTENER
+
+private:
+  ~PSMContentDownloaderChild();
+};
+
+
+class PSMContentListener : public nsIURIContentListener,
+                           public nsSupportsWeakReference
+{
+public:
+  PSMContentListener();
+  nsresult init();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIURICONTENTLISTENER
+
+protected:
+  virtual ~PSMContentListener();
+
+private:
+  nsCOMPtr<nsISupports> mLoadCookie;
+  nsCOMPtr<nsIURIContentListener> mParentContentListener;
+};
+
+} } // namespace mozilla::psm
+
+#endif // mozilla_psm_PSMCOntentListener_h
diff --git a/security/manager/ssl/PSMRunnable.cpp b/security/manager/ssl/PSMRunnable.cpp
new file mode 100644
index 000000000..9f151a83f
--- /dev/null
+++ b/security/manager/ssl/PSMRunnable.cpp
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+#include "PSMRunnable.h"
+ 
+namespace mozilla { namespace psm {
+
+SyncRunnableBase::SyncRunnableBase()
+  : monitor("SyncRunnableBase::monitor")
+{
+}
+
+nsresult
+SyncRunnableBase::DispatchToMainThreadAndWait()
+{
+  nsresult rv;
+  if (NS_IsMainThread()) {
+    RunOnTargetThread();
+    rv = NS_OK;
+  } else {
+    mozilla::MonitorAutoLock lock(monitor);
+    rv = NS_DispatchToMainThread(this);
+    if (NS_SUCCEEDED(rv)) {
+      lock.Wait();
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+SyncRunnableBase::Run()
+{
+  RunOnTargetThread();
+  mozilla::MonitorAutoLock(monitor).Notify();
+  return NS_OK;
+}
+
+nsresult
+NotifyObserverRunnable::Run()
+{
+  mObserver->Observe(nullptr, mTopic, nullptr);
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/PSMRunnable.h b/security/manager/ssl/PSMRunnable.h
new file mode 100644
index 000000000..b43bc62c6
--- /dev/null
+++ b/security/manager/ssl/PSMRunnable.h
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PSMRunnable_h
+#define PSMRunnable_h
+
+#include "mozilla/Monitor.h"
+#include "nsThreadUtils.h"
+#include "nsIObserver.h"
+#include "nsProxyRelease.h"
+
+namespace mozilla { namespace psm {
+
+// Wait for the event to run on the target thread without spinning the event
+// loop on the calling thread. (Dispatching events to a thread using
+// NS_DISPATCH_SYNC would cause the event loop on the calling thread to spin.)
+class SyncRunnableBase : public Runnable
+{
+public:
+  NS_DECL_NSIRUNNABLE
+  nsresult DispatchToMainThreadAndWait();
+protected:
+  SyncRunnableBase();
+  virtual void RunOnTargetThread() = 0;
+private:
+  mozilla::Monitor monitor;
+};
+
+class NotifyObserverRunnable : public Runnable
+{
+public:
+  NotifyObserverRunnable(nsIObserver * observer,
+                         const char * topicStringLiteral)
+    : mObserver(new nsMainThreadPtrHolder<nsIObserver>(observer)),
+      mTopic(topicStringLiteral) {
+  }
+  NS_DECL_NSIRUNNABLE
+private:
+  nsMainThreadPtrHandle<nsIObserver> mObserver;
+  const char * const mTopic;
+};
+
+} } // namespace mozilla::psm
+
+#endif
diff --git a/security/manager/ssl/PublicKeyPinningService.cpp b/security/manager/ssl/PublicKeyPinningService.cpp
new file mode 100644
index 000000000..1f34c880b
--- /dev/null
+++ b/security/manager/ssl/PublicKeyPinningService.cpp
@@ -0,0 +1,374 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "PublicKeyPinningService.h"
+
+#include "RootCertificateTelemetryUtils.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Telemetry.h"
+#include "nsISiteSecurityService.h"
+#include "nsServiceManagerUtils.h"
+#include "nsSiteSecurityService.h"
+#include "nssb64.h"
+#include "pkix/pkixtypes.h"
+#include "seccomon.h"
+#include "sechash.h"
+
+#include "StaticHPKPins.h" // autogenerated by genHPKPStaticpins.js
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService");
+
+/**
+ Computes in the location specified by base64Out the SHA256 digest
+ of the DER Encoded subject Public Key Info for the given cert
+*/
+static nsresult
+GetBase64HashSPKI(const CERTCertificate* cert, nsACString& hashSPKIDigest)
+{
+  hashSPKIDigest.Truncate();
+  Digest digest;
+  nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->derPublicKey.data,
+                                 cert->derPublicKey.len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return Base64Encode(nsDependentCSubstring(
+                        BitwiseCast<char*, unsigned char*>(digest.get().data),
+                        digest.get().len),
+                      hashSPKIDigest);
+}
+
+/*
+ * Sets certMatchesPinset to true if a given cert matches any fingerprints from
+ * the given pinset or the dynamicFingerprints array, or to false otherwise.
+ */
+static nsresult
+EvalCert(const CERTCertificate* cert, const StaticFingerprints* fingerprints,
+         const nsTArray<nsCString>* dynamicFingerprints,
+ /*out*/ bool& certMatchesPinset)
+{
+  certMatchesPinset = false;
+  if (!fingerprints && !dynamicFingerprints) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: No hashes found\n"));
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsAutoCString base64Out;
+  nsresult rv = GetBase64HashSPKI(cert, base64Out);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: GetBase64HashSPKI failed!\n"));
+    return rv;
+  }
+
+  if (fingerprints) {
+    for (size_t i = 0; i < fingerprints->size; i++) {
+      if (base64Out.Equals(fingerprints->data[i])) {
+        MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+               ("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
+        certMatchesPinset = true;
+        return NS_OK;
+      }
+    }
+  }
+  if (dynamicFingerprints) {
+    for (size_t i = 0; i < dynamicFingerprints->Length(); i++) {
+      if (base64Out.Equals((*dynamicFingerprints)[i])) {
+        MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+               ("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
+        certMatchesPinset = true;
+        return NS_OK;
+      }
+    }
+  }
+  return NS_OK;
+}
+
+/*
+ * Sets certListIntersectsPinset to true if a given chain matches any
+ * fingerprints from the given static fingerprints or the
+ * dynamicFingerprints array, or to false otherwise.
+ */
+static nsresult
+EvalChain(const UniqueCERTCertList& certList,
+          const StaticFingerprints* fingerprints,
+          const nsTArray<nsCString>* dynamicFingerprints,
+  /*out*/ bool& certListIntersectsPinset)
+{
+  certListIntersectsPinset = false;
+  CERTCertificate* currentCert;
+
+  if (!fingerprints && !dynamicFingerprints) {
+    MOZ_ASSERT(false, "Must pass in at least one type of pinset");
+    return NS_ERROR_FAILURE;
+  }
+
+  CERTCertListNode* node;
+  for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
+       node = CERT_LIST_NEXT(node)) {
+    currentCert = node->cert;
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: certArray subject: '%s'\n", currentCert->subjectName));
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: certArray issuer: '%s'\n", currentCert->issuerName));
+    nsresult rv = EvalCert(currentCert, fingerprints, dynamicFingerprints,
+                           certListIntersectsPinset);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (certListIntersectsPinset) {
+      return NS_OK;
+    }
+  }
+  MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, ("pkpin: no matches found\n"));
+  return NS_OK;
+}
+
+/**
+  Comparator for the is public key pinned host.
+*/
+static int
+TransportSecurityPreloadCompare(const void* key, const void* entry) {
+  auto keyStr = static_cast<const char*>(key);
+  auto preloadEntry = static_cast<const TransportSecurityPreload*>(entry);
+
+  return strcmp(keyStr, preloadEntry->mHost);
+}
+
+nsresult
+PublicKeyPinningService::ChainMatchesPinset(const UniqueCERTCertList& certList,
+                                            const nsTArray<nsCString>& aSHA256keys,
+                                    /*out*/ bool& chainMatchesPinset)
+{
+  return EvalChain(certList, nullptr, &aSHA256keys, chainMatchesPinset);
+}
+
+// Returns via one of the output parameters the most relevant pinning
+// information that is valid for the given host at the given time.
+// Dynamic pins are prioritized over static pins.
+static nsresult
+FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
+               /*out*/ nsTArray<nsCString>& dynamicFingerprints,
+               /*out*/ TransportSecurityPreload*& staticFingerprints)
+{
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  staticFingerprints = nullptr;
+  dynamicFingerprints.Clear();
+  nsCOMPtr<nsISiteSecurityService> sssService =
+    do_GetService(NS_SSSERVICE_CONTRACTID);
+  if (!sssService) {
+    return NS_ERROR_FAILURE;
+  }
+  TransportSecurityPreload* foundEntry = nullptr;
+  char* evalHost = const_cast<char*>(hostname);
+  char* evalPart;
+  // Notice how the (xx = strchr) prevents pins for unqualified domain names.
+  while (!foundEntry && (evalPart = strchr(evalHost, '.'))) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: Querying pinsets for host: '%s'\n", evalHost));
+    // Attempt dynamic pins first
+    nsresult rv;
+    bool found;
+    bool includeSubdomains;
+    nsTArray<nsCString> pinArray;
+    rv = sssService->GetKeyPinsForHostname(evalHost, time, pinArray,
+                                           &includeSubdomains, &found);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (found && (evalHost == hostname || includeSubdomains)) {
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+             ("pkpin: Found dyn match for host: '%s'\n", evalHost));
+      dynamicFingerprints = pinArray;
+      return NS_OK;
+    }
+
+    foundEntry = (TransportSecurityPreload *)bsearch(evalHost,
+      kPublicKeyPinningPreloadList,
+      sizeof(kPublicKeyPinningPreloadList) / sizeof(TransportSecurityPreload),
+      sizeof(TransportSecurityPreload),
+      TransportSecurityPreloadCompare);
+    if (foundEntry) {
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+             ("pkpin: Found pinset for host: '%s'\n", evalHost));
+      if (evalHost != hostname) {
+        if (!foundEntry->mIncludeSubdomains) {
+          // Does not apply to this host, continue iterating
+          foundEntry = nullptr;
+        }
+      }
+    } else {
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+             ("pkpin: Didn't find pinset for host: '%s'\n", evalHost));
+    }
+    // Add one for '.'
+    evalHost = evalPart + 1;
+  }
+
+  if (foundEntry && foundEntry->pinset) {
+    if (time > TimeFromEpochInSeconds(kPreloadPKPinsExpirationTime /
+                                      PR_USEC_PER_SEC)) {
+      return NS_OK;
+    }
+    staticFingerprints = foundEntry;
+  }
+  return NS_OK;
+}
+
+// Returns true via the output parameter if the given certificate list meets
+// pinning requirements for the given host at the given time. It must be the
+// case that either there is an intersection between the set of hashes of
+// subject public key info data in the list and the most relevant non-expired
+// pinset for the host or there is no pinning information for the host.
+static nsresult
+CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
+                     bool enforceTestMode, mozilla::pkix::Time time,
+             /*out*/ bool& chainHasValidPins,
+    /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
+{
+  chainHasValidPins = false;
+  if (!certList) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsTArray<nsCString> dynamicFingerprints;
+  TransportSecurityPreload* staticFingerprints = nullptr;
+  nsresult rv = FindPinningInformation(hostname, time, dynamicFingerprints,
+                                       staticFingerprints);
+  // If we have no pinning information, the certificate chain trivially
+  // validates with respect to pinning.
+  if (dynamicFingerprints.Length() == 0 && !staticFingerprints) {
+    chainHasValidPins = true;
+    return NS_OK;
+  }
+  if (dynamicFingerprints.Length() > 0) {
+    return EvalChain(certList, nullptr, &dynamicFingerprints, chainHasValidPins);
+  }
+  if (staticFingerprints) {
+    bool enforceTestModeResult;
+    rv = EvalChain(certList, staticFingerprints->pinset, nullptr,
+                   enforceTestModeResult);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    chainHasValidPins = enforceTestModeResult;
+    Telemetry::ID histogram = staticFingerprints->mIsMoz
+      ? Telemetry::CERT_PINNING_MOZ_RESULTS
+      : Telemetry::CERT_PINNING_RESULTS;
+    if (staticFingerprints->mTestMode) {
+      histogram = staticFingerprints->mIsMoz
+        ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS
+        : Telemetry::CERT_PINNING_TEST_RESULTS;
+      if (!enforceTestMode) {
+        chainHasValidPins = true;
+      }
+    }
+    // We can collect per-host pinning violations for this host because it is
+    // operationally critical to Firefox.
+    if (pinningTelemetryInfo) {
+      if (staticFingerprints->mId != kUnknownId) {
+        int32_t bucket = staticFingerprints->mId * 2
+                         + (enforceTestModeResult ? 1 : 0);
+        histogram = staticFingerprints->mTestMode
+          ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
+          : Telemetry::CERT_PINNING_MOZ_RESULTS_BY_HOST;
+        pinningTelemetryInfo->certPinningResultBucket = bucket;
+      } else {
+        pinningTelemetryInfo->certPinningResultBucket =
+            enforceTestModeResult ? 1 : 0;
+      }
+      pinningTelemetryInfo->accumulateResult = true;
+      pinningTelemetryInfo->certPinningResultHistogram = histogram;
+    }
+
+    // We only collect per-CA pinning statistics upon failures.
+    CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+    // Only log telemetry if the certificate list is non-empty.
+    if (!CERT_LIST_END(rootNode, certList)) {
+      if (!enforceTestModeResult && pinningTelemetryInfo) {
+        int32_t binNumber = RootCABinNumber(&rootNode->cert->derCert);
+        if (binNumber != ROOT_CERTIFICATE_UNKNOWN ) {
+          pinningTelemetryInfo->accumulateForRoot = true;
+          pinningTelemetryInfo->rootBucket = binNumber;
+        }
+      }
+    }
+
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: Pin check %s for %s host '%s' (mode=%s)\n",
+            enforceTestModeResult ? "passed" : "failed",
+            staticFingerprints->mIsMoz ? "mozilla" : "non-mozilla",
+            hostname, staticFingerprints->mTestMode ? "test" : "production"));
+  }
+
+  return NS_OK;
+}
+
+nsresult
+PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList,
+                                           const char* hostname,
+                                           mozilla::pkix::Time time,
+                                           bool enforceTestMode,
+                                   /*out*/ bool& chainHasValidPins,
+                          /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
+{
+  chainHasValidPins = false;
+  if (!certList) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
+  return CheckPinsForHostname(certList, canonicalizedHostname.get(),
+                              enforceTestMode, time, chainHasValidPins,
+                              pinningTelemetryInfo);
+}
+
+nsresult
+PublicKeyPinningService::HostHasPins(const char* hostname,
+                                     mozilla::pkix::Time time,
+                                     bool enforceTestMode,
+                                     /*out*/ bool& hostHasPins)
+{
+  hostHasPins = false;
+  nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
+  nsTArray<nsCString> dynamicFingerprints;
+  TransportSecurityPreload* staticFingerprints = nullptr;
+  nsresult rv = FindPinningInformation(canonicalizedHostname.get(), time,
+                                       dynamicFingerprints, staticFingerprints);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (dynamicFingerprints.Length() > 0) {
+    hostHasPins = true;
+  } else if (staticFingerprints) {
+    hostHasPins = !staticFingerprints->mTestMode || enforceTestMode;
+  }
+  return NS_OK;
+}
+
+nsAutoCString
+PublicKeyPinningService::CanonicalizeHostname(const char* hostname)
+{
+  nsAutoCString canonicalizedHostname(hostname);
+  ToLowerCase(canonicalizedHostname);
+  while (canonicalizedHostname.Length() > 0 &&
+         canonicalizedHostname.Last() == '.') {
+    canonicalizedHostname.Truncate(canonicalizedHostname.Length() - 1);
+  }
+  return canonicalizedHostname;
+}
diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h
new file mode 100644
index 000000000..f42376b52
--- /dev/null
+++ b/security/manager/ssl/PublicKeyPinningService.h
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PublicKeyPinningService_h
+#define PublicKeyPinningService_h
+
+#include "CertVerifier.h"
+#include "ScopedNSSTypes.h"
+#include "cert.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "pkix/Time.h"
+
+namespace mozilla {
+namespace psm {
+
+class PublicKeyPinningService
+{
+public:
+  /**
+   * Sets chainHasValidPins to true if the given (host, certList) passes pinning
+   * checks, or to false otherwise. If the host is pinned, returns true via
+   * chainHasValidPins if one of the keys in the given certificate chain matches
+   * the pin set specified by the hostname. The certList's head is the EE cert
+   * and the tail is the trust anchor.
+   * Note: if an alt name is a wildcard, it won't necessarily find a pinset
+   * that would otherwise be valid for it
+   */
+  static nsresult ChainHasValidPins(const UniqueCERTCertList& certList,
+                                    const char* hostname,
+                                    mozilla::pkix::Time time,
+                                    bool enforceTestMode,
+                            /*out*/ bool& chainHasValidPins,
+                   /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo);
+  /**
+   * Sets chainMatchesPinset to true if there is any intersection between the
+   * certificate list and the pins specified in the aSHA256keys array.
+   * Values passed in are assumed to be in base64 encoded form.
+   */
+  static nsresult ChainMatchesPinset(const UniqueCERTCertList& certList,
+                                     const nsTArray<nsCString>& aSHA256keys,
+                             /*out*/ bool& chainMatchesPinset);
+
+  /**
+   * Returns true via the output parameter hostHasPins if there is pinning
+   * information for the given host that is valid at the given time, and false
+   * otherwise.
+   */
+  static nsresult HostHasPins(const char* hostname,
+                              mozilla::pkix::Time time,
+                              bool enforceTestMode,
+                      /*out*/ bool& hostHasPins);
+
+  /**
+   * Given a hostname of potentially mixed case with potentially multiple
+   * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no
+   * trailing '.'.
+   */
+  static nsAutoCString CanonicalizeHostname(const char* hostname);
+};
+
+}} // namespace mozilla::psm
+
+#endif // PublicKeyPinningService_h
diff --git a/security/manager/ssl/PublicSSL.h b/security/manager/ssl/PublicSSL.h
new file mode 100644
index 000000000..71351f3e4
--- /dev/null
+++ b/security/manager/ssl/PublicSSL.h
@@ -0,0 +1,25 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_SSL_h
+#define mozilla_SSL_h
+
+namespace mozilla {
+
+void ClearPrivateSSLState();
+
+namespace psm {
+
+void InitializeSSLServerCertVerificationThreads();
+void StopSSLServerCertVerificationThreads();
+void DisableMD5();
+nsresult InitializeCipherSuite();
+
+} //namespace psm
+} // namespace mozilla
+
+#endif
+
diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.cpp b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
new file mode 100644
index 000000000..3f9ea3eb6
--- /dev/null
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
@@ -0,0 +1,90 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "RootCertificateTelemetryUtils.h"
+
+#include "mozilla/Logging.h"
+#include "RootHashes.inc" // Note: Generated by genRootCAHashes.js
+#include "ScopedNSSTypes.h"
+#include "mozilla/ArrayUtils.h"
+
+namespace mozilla { namespace psm {
+
+mozilla::LazyLogModule gPublicKeyPinningTelemetryLog("PublicKeyPinningTelemetryService");
+
+// Used in the BinarySearch method, this does a memcmp between the pointer
+// provided to its construtor and whatever the binary search is looking for.
+//
+// This implementation assumes everything to be of HASH_LEN, so it should not
+// be used generically.
+class BinaryHashSearchArrayComparator
+{
+public:
+  explicit BinaryHashSearchArrayComparator(const uint8_t* aTarget, size_t len)
+    : mTarget(aTarget)
+  {
+    NS_ASSERTION(len == HASH_LEN, "Hashes should be of the same length.");
+  }
+
+  int operator()(const CertAuthorityHash val) const {
+    return memcmp(mTarget, val.hash, HASH_LEN);
+  }
+
+private:
+  const uint8_t* mTarget;
+};
+
+// Perform a hash of the provided cert, then search in the RootHashes.inc data
+// structure for a matching bin number.
+int32_t
+RootCABinNumber(const SECItem* cert)
+{
+  Digest digest;
+
+  // Compute SHA256 hash of the certificate
+  nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->data, cert->len);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return ROOT_CERTIFICATE_HASH_FAILURE;
+  }
+
+  // Compare against list of stored hashes
+  size_t idx;
+
+  MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
+           ("pkpinTelem: First bytes %02hx %02hx %02hx %02hx\n",
+            digest.get().data[0], digest.get().data[1], digest.get().data[2], digest.get().data[3]));
+
+  if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE),
+        BinaryHashSearchArrayComparator(static_cast<uint8_t*>(digest.get().data),
+                                        digest.get().len),
+        &idx)) {
+
+    MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
+          ("pkpinTelem: Telemetry index was %lu, bin is %d\n",
+           idx, ROOT_TABLE[idx].binNumber));
+    return (int32_t) ROOT_TABLE[idx].binNumber;
+  }
+
+  // Didn't match.
+  return ROOT_CERTIFICATE_UNKNOWN;
+}
+
+
+// Attempt to increment the appropriate bin in the provided Telemetry probe ID. If
+// there was a hash failure, we do nothing.
+void
+AccumulateTelemetryForRootCA(mozilla::Telemetry::ID probe, 
+  const CERTCertificate* cert)
+{
+  int32_t binId = RootCABinNumber(&cert->derCert);
+
+  if (binId != ROOT_CERTIFICATE_HASH_FAILURE) {
+    Accumulate(probe, binId);
+  }
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.h b/security/manager/ssl/RootCertificateTelemetryUtils.h
new file mode 100644
index 000000000..05dbb4e44
--- /dev/null
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.h
@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef RootCertificateTelemetryUtils_h
+#define RootCertificateTelemetryUtils_h
+
+#include "mozilla/Telemetry.h"
+#include "certt.h"
+
+namespace mozilla { namespace psm {
+
+// Note: New CAs will show up as UNKNOWN_ROOT until
+// RootHashes.inc is updated to include them. 0 is reserved by
+// genRootCAHashes.js for the unknowns.
+#define ROOT_CERTIFICATE_UNKNOWN  0
+#define ROOT_CERTIFICATE_HASH_FAILURE -1
+
+int32_t
+RootCABinNumber(const SECItem* cert);
+
+void
+AccumulateTelemetryForRootCA(mozilla::Telemetry::ID probe, const CERTCertificate* cert);
+
+} // namespace psm
+} // namespace mozilla
+
+#endif // RootCertificateTelemetryUtils_h
diff --git a/security/manager/ssl/RootHashes.inc b/security/manager/ssl/RootHashes.inc
new file mode 100644
index 000000000..c335990cb
--- /dev/null
+++ b/security/manager/ssl/RootHashes.inc
@@ -0,0 +1,1140 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* RootCertificateTelemetryUtils.cpp, you shouldn't be #including it.        */
+/*****************************************************************************/
+
+#define HASH_LEN 32
+struct CertAuthorityHash {
+ const uint8_t hash[HASH_LEN];
+ const int32_t binNumber;
+};
+
+static const struct CertAuthorityHash ROOT_TABLE[] = {
+  {
+    /* Entrust_Root_Certification_Authority___EC1 */
+    { 0x02, 0xED, 0x0E, 0xB2, 0x8C, 0x14, 0xDA, 0x45, 0x16, 0x5C, 0x56, 0x67, 0x91, 0x70, 0x0D, 0x64,
+      0x51, 0xD7, 0xFB, 0x56, 0xF0, 0xB2, 0xAB, 0x1D, 0x3B, 0x8E, 0xB0, 0x70, 0xE5, 0x6E, 0xDF, 0xF5 },
+      164 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Commercial */
+    { 0x03, 0x76, 0xAB, 0x1D, 0x54, 0xC5, 0xF9, 0x80, 0x3C, 0xE4, 0xB2, 0xE2, 0x01, 0xA0, 0xEE, 0x7E,
+      0xEF, 0x7B, 0x57, 0xB6, 0x36, 0xE8, 0xA9, 0x3C, 0x9B, 0x8D, 0x48, 0x60, 0xC9, 0x6F, 0x5F, 0xA7 },
+      109 /* Bin Number */
+  },
+  {
+    /* ACEDICOM_Root */
+    { 0x03, 0x95, 0x0F, 0xB4, 0x9A, 0x53, 0x1F, 0x3E, 0x19, 0x91, 0x94, 0x23, 0x98, 0xDF, 0xA9, 0xE0,
+      0xEA, 0x32, 0xD7, 0xBA, 0x1C, 0xDD, 0x9B, 0xC8, 0x5D, 0xB5, 0x7E, 0xD9, 0x40, 0x0B, 0x43, 0x4A },
+      98 /* Bin Number */
+  },
+  {
+    /* Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068 */
+    { 0x04, 0x04, 0x80, 0x28, 0xBF, 0x1F, 0x28, 0x64, 0xD4, 0x8F, 0x9A, 0xD4, 0xD8, 0x32, 0x94, 0x36,
+      0x6A, 0x82, 0x88, 0x56, 0x55, 0x3F, 0x3B, 0x14, 0x30, 0x3F, 0x90, 0x14, 0x7F, 0x5D, 0x40, 0xEF },
+      102 /* Bin Number */
+  },
+  {
+    /* Chambers_of_Commerce_Root___2008 */
+    { 0x06, 0x3E, 0x4A, 0xFA, 0xC4, 0x91, 0xDF, 0xD3, 0x32, 0xF3, 0x08, 0x9B, 0x85, 0x42, 0xE9, 0x46,
+      0x17, 0xD8, 0x93, 0xD7, 0xFE, 0x94, 0x4E, 0x10, 0xA7, 0x93, 0x7E, 0xE2, 0x9D, 0x96, 0x93, 0xC0 },
+      104 /* Bin Number */
+  },
+  {
+    /* DST_Root_CA_X3 */
+    { 0x06, 0x87, 0x26, 0x03, 0x31, 0xA7, 0x24, 0x03, 0xD9, 0x09, 0xF1, 0x05, 0xE6, 0x9B, 0xCF, 0x0D,
+      0x32, 0xE1, 0xBD, 0x24, 0x93, 0xFF, 0xC6, 0xD9, 0x20, 0x6D, 0x11, 0xBC, 0xD6, 0x77, 0x07, 0x39 },
+      52 /* Bin Number */
+  },
+  {
+    /* AddTrust_Public_CA_Root */
+    { 0x07, 0x91, 0xCA, 0x07, 0x49, 0xB2, 0x07, 0x82, 0xAA, 0xD3, 0xC7, 0xD7, 0xBD, 0x0C, 0xDF, 0xC9,
+      0x48, 0x58, 0x35, 0x84, 0x3E, 0xB2, 0xD7, 0x99, 0x60, 0x09, 0xCE, 0x43, 0xAB, 0x6C, 0x69, 0x27 },
+      16 /* Bin Number */
+  },
+  {
+    /* OU_Equifax_Secure_Certificate_Authority_O_Equifax_C_US */
+    { 0x08, 0x29, 0x7A, 0x40, 0x47, 0xDB, 0xA2, 0x36, 0x80, 0xC7, 0x31, 0xDB, 0x6E, 0x31, 0x76, 0x53,
+      0xCA, 0x78, 0x48, 0xE1, 0xBE, 0xBD, 0x3A, 0x0B, 0x01, 0x79, 0xA7, 0x07, 0xF9, 0x2C, 0xF1, 0x78 },
+      4 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Networking */
+    { 0x0A, 0x81, 0xEC, 0x5A, 0x92, 0x97, 0x77, 0xF1, 0x45, 0x90, 0x4A, 0xF3, 0x8D, 0x5D, 0x50, 0x9F,
+      0x66, 0xB5, 0xE2, 0xC5, 0x8F, 0xCD, 0xB5, 0x31, 0x05, 0x8B, 0x0E, 0x17, 0xF3, 0xF0, 0xB4, 0x1B },
+      110 /* Bin Number */
+  },
+  {
+    /* Chambers_of_Commerce_Root */
+    { 0x0C, 0x25, 0x8A, 0x12, 0xA5, 0x67, 0x4A, 0xEF, 0x25, 0xF2, 0x8B, 0xA7, 0xDC, 0xFA, 0xEC, 0xEE,
+      0xA3, 0x48, 0xE5, 0x41, 0xE6, 0xF5, 0xCC, 0x4E, 0xE6, 0x3B, 0x71, 0xB3, 0x61, 0x60, 0x6A, 0xC3 },
+      39 /* Bin Number */
+  },
+  {
+    /* COMODO_Certification_Authority */
+    { 0x0C, 0x2C, 0xD6, 0x3D, 0xF7, 0x80, 0x6F, 0xA3, 0x99, 0xED, 0xE8, 0x09, 0x11, 0x6B, 0x57, 0x5B,
+      0xF8, 0x79, 0x89, 0xF0, 0x65, 0x18, 0xF9, 0x80, 0x8C, 0x86, 0x05, 0x03, 0x17, 0x8B, 0xAF, 0x66 },
+      63 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_2_CA_1 */
+    { 0x0F, 0x4E, 0x9C, 0xDD, 0x26, 0x4B, 0x02, 0x55, 0x50, 0xD1, 0x70, 0x80, 0x63, 0x40, 0x21, 0x4F,
+      0xE9, 0x44, 0x34, 0xC9, 0xB0, 0x2F, 0x69, 0x7E, 0xC7, 0x10, 0xFC, 0x5F, 0xEA, 0xFB, 0x5E, 0x38 },
+      80 /* Bin Number */
+  },
+  {
+    /* Class_2_Primary_CA */
+    { 0x0F, 0x99, 0x3C, 0x8A, 0xEF, 0x97, 0xBA, 0xAF, 0x56, 0x87, 0x14, 0x0E, 0xD5, 0x9A, 0xD1, 0x82,
+      0x1B, 0xB4, 0xAF, 0xAC, 0xF0, 0xAA, 0x9A, 0x58, 0xB5, 0xD5, 0x7A, 0x33, 0x8A, 0x3A, 0xFB, 0xCB },
+      51 /* Bin Number */
+  },
+  {
+    /* Global_Chambersign_Root___2008 */
+    { 0x13, 0x63, 0x35, 0x43, 0x93, 0x34, 0xA7, 0x69, 0x80, 0x16, 0xA0, 0xD3, 0x24, 0xDE, 0x72, 0x28,
+      0x4E, 0x07, 0x9D, 0x7B, 0x52, 0x20, 0xBB, 0x8F, 0xBD, 0x74, 0x78, 0x16, 0xEE, 0xBE, 0xBA, 0xCA },
+      105 /* Bin Number */
+  },
+  {
+    /* OU_Starfield_Class_2_Certification_Authority_O__Starfield_Technologies__Inc___C_US */
+    { 0x14, 0x65, 0xFA, 0x20, 0x53, 0x97, 0xB8, 0x76, 0xFA, 0xA6, 0xF0, 0xA9, 0x95, 0x8E, 0x55, 0x90,
+      0xE4, 0x0F, 0xCC, 0x7F, 0xAA, 0x4F, 0xB7, 0xC2, 0xC8, 0x67, 0x75, 0x21, 0xFB, 0x5F, 0xB6, 0x58 },
+      44 /* Bin Number */
+  },
+  {
+    /* Certplus_Root_CA_G1 */
+    { 0x15, 0x2A, 0x40, 0x2B, 0xFC, 0xDF, 0x2C, 0xD5, 0x48, 0x05, 0x4D, 0x22, 0x75, 0xB3, 0x9C, 0x7F,
+      0xCA, 0x3E, 0xC0, 0x97, 0x80, 0x78, 0xB0, 0xF0, 0xEA, 0x76, 0xE5, 0x61, 0xA6, 0xC7, 0x43, 0x3E },
+      176 /* Bin Number */
+  },
+  {
+    /* Network_Solutions_Certificate_Authority */
+    { 0x15, 0xF0, 0xBA, 0x00, 0xA3, 0xAC, 0x7A, 0xF3, 0xAC, 0x88, 0x4C, 0x07, 0x2B, 0x10, 0x11, 0xA0,
+      0x77, 0xBD, 0x77, 0xC0, 0x97, 0xF4, 0x01, 0x64, 0xB2, 0xF8, 0x59, 0x8A, 0xBD, 0x83, 0x86, 0x0C },
+      64 /* Bin Number */
+  },
+  {
+    /* Baltimore_CyberTrust_Root */
+    { 0x16, 0xAF, 0x57, 0xA9, 0xF6, 0x76, 0xB0, 0xAB, 0x12, 0x60, 0x95, 0xAA, 0x5E, 0xBA, 0xDE, 0xF2,
+      0x2A, 0xB3, 0x11, 0x19, 0xD6, 0x44, 0xAC, 0x95, 0xCD, 0x4B, 0x93, 0xDB, 0xF3, 0xF2, 0x6A, 0xEB },
+      11 /* Bin Number */
+  },
+  {
+    /* COMODO_ECC_Certification_Authority */
+    { 0x17, 0x93, 0x92, 0x7A, 0x06, 0x14, 0x54, 0x97, 0x89, 0xAD, 0xCE, 0x2F, 0x8F, 0x34, 0xF7, 0xF0,
+      0xB6, 0x6D, 0x0F, 0x3A, 0xE3, 0xA3, 0xB8, 0x4D, 0x21, 0xEC, 0x15, 0xDB, 0xBA, 0x4F, 0xAD, 0xC7 },
+      66 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0x17, 0x9F, 0xBC, 0x14, 0x8A, 0x3D, 0xD0, 0x0F, 0xD2, 0x4E, 0xA1, 0x34, 0x58, 0xCC, 0x43, 0xBF,
+      0xA7, 0xF5, 0x9C, 0x81, 0x82, 0xD7, 0x83, 0xA5, 0x13, 0xF6, 0xEB, 0xEC, 0x10, 0x0C, 0x89, 0x24 },
+      158 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_3 */
+    { 0x18, 0xCE, 0x6C, 0xFE, 0x7B, 0xF1, 0x4E, 0x60, 0xB2, 0xE3, 0x47, 0xB8, 0xDF, 0xE8, 0x68, 0xCB,
+      0x31, 0xD0, 0x2E, 0xBB, 0x3A, 0xDA, 0x27, 0x15, 0x69, 0xF5, 0x03, 0x43, 0xB4, 0x6D, 0xB3, 0xA4 },
+      185 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_3 */
+    { 0x18, 0xF1, 0xFC, 0x7F, 0x20, 0x5D, 0xF8, 0xAD, 0xDD, 0xEB, 0x7F, 0xE0, 0x07, 0xDD, 0x57, 0xE3,
+      0xAF, 0x37, 0x5A, 0x9C, 0x4D, 0x8D, 0x73, 0x54, 0x6B, 0xF4, 0xF1, 0xFE, 0xD1, 0xE1, 0x8D, 0x35 },
+      33 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_2 */
+    { 0x1B, 0xA5, 0xB2, 0xAA, 0x8C, 0x65, 0x40, 0x1A, 0x82, 0x96, 0x01, 0x18, 0xF8, 0x0B, 0xEC, 0x4F,
+      0x62, 0x30, 0x4D, 0x83, 0xCE, 0xC4, 0x71, 0x3A, 0x19, 0xC3, 0x9C, 0x01, 0x1E, 0xA4, 0x6D, 0xB4 },
+      184 /* Bin Number */
+  },
+  {
+    /* China_Internet_Network_Information_Center_EV_Certificates_Root */
+    { 0x1C, 0x01, 0xC6, 0xF4, 0xDB, 0xB2, 0xFE, 0xFC, 0x22, 0x55, 0x8B, 0x2B, 0xCA, 0x32, 0x56, 0x3F,
+      0x49, 0x84, 0x4A, 0xCF, 0xC3, 0x2B, 0x7B, 0xE4, 0xB0, 0xFF, 0x59, 0x9F, 0x9E, 0x8C, 0x7A, 0xF7 },
+      133 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_CA_1 */
+    { 0x21, 0xDB, 0x20, 0x12, 0x36, 0x60, 0xBB, 0x2E, 0xD4, 0x18, 0x20, 0x5D, 0xA1, 0x1E, 0xE7, 0xA8,
+      0x5A, 0x65, 0xE2, 0xBC, 0x6E, 0x55, 0xB5, 0xAF, 0x7E, 0x78, 0x99, 0xC8, 0xA2, 0x66, 0xD9, 0x2E },
+      47 /* Bin Number */
+  },
+  {
+    /* VeriSign_Universal_Root_Certification_Authority */
+    { 0x23, 0x99, 0x56, 0x11, 0x27, 0xA5, 0x71, 0x25, 0xDE, 0x8C, 0xEF, 0xEA, 0x61, 0x0D, 0xDF, 0x2F,
+      0xA0, 0x78, 0xB5, 0xC8, 0x06, 0x7F, 0x4E, 0x82, 0x82, 0x90, 0xBF, 0xB8, 0x60, 0xE8, 0x4B, 0x3C },
+      90 /* Bin Number */
+  },
+  {
+    /* Izenpe_com */
+    { 0x25, 0x30, 0xCC, 0x8E, 0x98, 0x32, 0x15, 0x02, 0xBA, 0xD9, 0x6F, 0x9B, 0x1F, 0xBA, 0x1B, 0x09,
+      0x9E, 0x2D, 0x29, 0x9E, 0x0F, 0x45, 0x48, 0xBB, 0x91, 0x4F, 0x36, 0x3B, 0xC0, 0xD4, 0x53, 0x1F },
+      103 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G2 */
+    { 0x27, 0x99, 0x58, 0x29, 0xFE, 0x6A, 0x75, 0x15, 0xC1, 0xBF, 0xE8, 0x48, 0xF9, 0xC4, 0x76, 0x1D,
+      0xB1, 0x6C, 0x22, 0x59, 0x29, 0x25, 0x7B, 0xF4, 0x0D, 0x08, 0x94, 0xF2, 0x9E, 0xA8, 0xBA, 0xF2 },
+      179 /* Bin Number */
+  },
+  {
+    /* Certinomis___Root_CA */
+    { 0x2A, 0x99, 0xF5, 0xBC, 0x11, 0x74, 0xB7, 0x3C, 0xBB, 0x1D, 0x62, 0x08, 0x84, 0xE0, 0x1C, 0x34,
+      0xE5, 0x1C, 0xCB, 0x39, 0x78, 0xDA, 0x12, 0x5F, 0x0E, 0x33, 0x26, 0x88, 0x83, 0xBF, 0x41, 0x58 },
+      168 /* Bin Number */
+  },
+  {
+    /* Starfield_Root_Certificate_Authority___G2 */
+    { 0x2C, 0xE1, 0xCB, 0x0B, 0xF9, 0xD2, 0xF9, 0xE1, 0x02, 0x99, 0x3F, 0xBE, 0x21, 0x51, 0x52, 0xC3,
+      0xB2, 0xDD, 0x0C, 0xAB, 0xDE, 0x1C, 0x68, 0xE5, 0x31, 0x9B, 0x83, 0x91, 0x54, 0xDB, 0xB7, 0xF5 },
+      107 /* Bin Number */
+  },
+  {
+    /* OU_ApplicationCA_O_Japanese_Government_C_JP */
+    { 0x2D, 0x47, 0x43, 0x7D, 0xE1, 0x79, 0x51, 0x21, 0x5A, 0x12, 0xF3, 0xC5, 0x8E, 0x51, 0xC7, 0x29,
+      0xA5, 0x80, 0x26, 0xEF, 0x1F, 0xCC, 0x0A, 0x5F, 0xB3, 0xD9, 0xDC, 0x01, 0x2F, 0x60, 0x0D, 0x19 },
+      85 /* Bin Number */
+  },
+  {
+    /* IdenTrust_Public_Sector_Root_CA_1 */
+    { 0x30, 0xD0, 0x89, 0x5A, 0x9A, 0x44, 0x8A, 0x26, 0x20, 0x91, 0x63, 0x55, 0x22, 0xD1, 0xF5, 0x20,
+      0x10, 0xB5, 0x86, 0x7A, 0xCA, 0xE1, 0x2C, 0x78, 0xEF, 0x95, 0x8F, 0xD4, 0xF4, 0x38, 0x9F, 0x2F },
+      162 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_G3 */
+    { 0x31, 0xAD, 0x66, 0x48, 0xF8, 0x10, 0x41, 0x38, 0xC7, 0x38, 0xF3, 0x9E, 0xA4, 0x32, 0x01, 0x33,
+      0x39, 0x3E, 0x3A, 0x18, 0xCC, 0x02, 0x29, 0x6E, 0xF9, 0x7C, 0x2A, 0xC9, 0xEF, 0x67, 0x31, 0xD0 },
+      150 /* Bin Number */
+  },
+  {
+    /* Microsec_e_Szigno_Root_CA */
+    { 0x32, 0x7A, 0x3D, 0x76, 0x1A, 0xBA, 0xDE, 0xA0, 0x34, 0xEB, 0x99, 0x84, 0x06, 0x27, 0x5C, 0xB1,
+      0xA4, 0x77, 0x6E, 0xFD, 0xAE, 0x2F, 0xDF, 0x6D, 0x01, 0x68, 0xEA, 0x1C, 0x4F, 0x55, 0x67, 0xD0 },
+      70 /* Bin Number */
+  },
+  {
+    /* EBG_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x35, 0xAE, 0x5B, 0xDD, 0xD8, 0xF7, 0xAE, 0x63, 0x5C, 0xFF, 0xBA, 0x56, 0x82, 0xA8, 0xF0, 0x0B,
+      0x95, 0xF4, 0x84, 0x62, 0xC7, 0x10, 0x8E, 0xE9, 0xA0, 0xE5, 0x29, 0x2B, 0x07, 0x4A, 0xAF, 0xB2 },
+      82 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority */
+    { 0x37, 0xD5, 0x10, 0x06, 0xC5, 0x12, 0xEA, 0xAB, 0x62, 0x64, 0x21, 0xF1, 0xEC, 0x8C, 0x92, 0x01,
+      0x3F, 0xC5, 0xF8, 0x2A, 0xE9, 0x8E, 0xE5, 0x33, 0xEB, 0x46, 0x19, 0xB8, 0xDE, 0xB4, 0xD0, 0x6C },
+      58 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA___G3 */
+    { 0x3C, 0x4F, 0xB0, 0xB9, 0x5A, 0xB8, 0xB3, 0x00, 0x32, 0xF4, 0x32, 0xB8, 0x6F, 0x53, 0x5F, 0xE1,
+      0x72, 0xC1, 0x85, 0xD0, 0xFD, 0x39, 0x86, 0x58, 0x37, 0xCF, 0x36, 0x18, 0x7F, 0xA6, 0xF4, 0x28 },
+      159 /* Bin Number */
+  },
+  {
+    /* Microsec_e_Szigno_Root_CA_2009 */
+    { 0x3C, 0x5F, 0x81, 0xFE, 0xA5, 0xFA, 0xB8, 0x2C, 0x64, 0xBF, 0xA2, 0xEA, 0xEC, 0xAF, 0xCD, 0xE8,
+      0xE0, 0x77, 0xFC, 0x86, 0x20, 0xA7, 0xCA, 0xE5, 0x37, 0x16, 0x3D, 0xF3, 0x6E, 0xDB, 0xF3, 0x78 },
+      99 /* Bin Number */
+  },
+  {
+    /* PSCProcert */
+    { 0x3C, 0xFC, 0x3C, 0x14, 0xD1, 0xF6, 0x84, 0xFF, 0x17, 0xE3, 0x8C, 0x43, 0xCA, 0x44, 0x0C, 0x00,
+      0xB9, 0x67, 0xEC, 0x93, 0x3E, 0x8B, 0xFE, 0x06, 0x4C, 0xA1, 0xD7, 0x2C, 0x90, 0xF2, 0xAD, 0xB0 },
+      132 /* Bin Number */
+  },
+  {
+    /* EE_Certification_Centre_Root_CA */
+    { 0x3E, 0x84, 0xBA, 0x43, 0x42, 0x90, 0x85, 0x16, 0xE7, 0x75, 0x73, 0xC0, 0x99, 0x2F, 0x09, 0x79,
+      0xCA, 0x08, 0x4E, 0x46, 0x85, 0x68, 0x1F, 0xF1, 0x95, 0xCC, 0xBA, 0x8A, 0x22, 0x9B, 0x8A, 0x76 },
+      128 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_CA */
+    { 0x3E, 0x90, 0x99, 0xB5, 0x01, 0x5E, 0x8F, 0x48, 0x6C, 0x00, 0xBC, 0xEA, 0x9D, 0x11, 0x1E, 0xE7,
+      0x21, 0xFA, 0xBA, 0x35, 0x5A, 0x89, 0xBC, 0xF1, 0xDF, 0x69, 0x56, 0x1E, 0x3D, 0xC6, 0x32, 0x5C },
+      48 /* Bin Number */
+  },
+  {
+    /* Trusted_Certificate_Services */
+    { 0x3F, 0x06, 0xE5, 0x56, 0x81, 0xD4, 0x96, 0xF5, 0xBE, 0x16, 0x9E, 0xB5, 0x38, 0x9F, 0x9F, 0x2B,
+      0x8F, 0xF6, 0x1E, 0x17, 0x08, 0xDF, 0x68, 0x81, 0x72, 0x48, 0x49, 0xCD, 0x5D, 0x27, 0xCB, 0x69 },
+      30 /* Bin Number */
+  },
+  {
+    /* OISTE_WISeKey_Global_Root_GA_CA */
+    { 0x41, 0xC9, 0x23, 0x86, 0x6A, 0xB4, 0xCA, 0xD6, 0xB7, 0xAD, 0x57, 0x80, 0x81, 0x58, 0x2E, 0x02,
+      0x07, 0x97, 0xA6, 0xCB, 0xDF, 0x4F, 0xFF, 0x78, 0xCE, 0x83, 0x96, 0xB3, 0x89, 0x37, 0xD7, 0xF5 },
+      69 /* Bin Number */
+  },
+  {
+    /* Secure_Global_CA */
+    { 0x42, 0x00, 0xF5, 0x04, 0x3A, 0xC8, 0x59, 0x0E, 0xBB, 0x52, 0x7D, 0x20, 0x9E, 0xD1, 0x50, 0x30,
+      0x29, 0xFB, 0xCB, 0xD4, 0x1C, 0xA1, 0xB5, 0x06, 0xEC, 0x27, 0xF1, 0x5A, 0xDE, 0x7D, 0xAC, 0x69 },
+      62 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_CA */
+    { 0x43, 0x48, 0xA0, 0xE9, 0x44, 0x4C, 0x78, 0xCB, 0x26, 0x5E, 0x05, 0x8D, 0x5E, 0x89, 0x44, 0xB4,
+      0xD8, 0x4F, 0x96, 0x62, 0xBD, 0x26, 0xDB, 0x25, 0x7F, 0x89, 0x34, 0xA4, 0x43, 0xC7, 0x01, 0x61 },
+      49 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority___G2 */
+    { 0x43, 0xDF, 0x57, 0x74, 0xB0, 0x3E, 0x7F, 0xEF, 0x5F, 0xE4, 0x0D, 0x93, 0x1A, 0x7B, 0xED, 0xF1,
+      0xBB, 0x2E, 0x6B, 0x42, 0x73, 0x8C, 0x4E, 0x6D, 0x38, 0x41, 0x10, 0x3D, 0x3A, 0xA7, 0xF3, 0x39 },
+      163 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x44, 0x04, 0xE3, 0x3B, 0x5E, 0x14, 0x0D, 0xCF, 0x99, 0x80, 0x51, 0xFD, 0xFC, 0x80, 0x28, 0xC7,
+      0xC8, 0x16, 0x15, 0xC5, 0xEE, 0x73, 0x7B, 0x11, 0x1B, 0x58, 0x82, 0x33, 0xA9, 0xB5, 0x35, 0xA0 },
+      54 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015 */
+    { 0x44, 0xB5, 0x45, 0xAA, 0x8A, 0x25, 0xE6, 0x5A, 0x73, 0xCA, 0x15, 0xDC, 0x27, 0xFC, 0x36, 0xD2,
+      0x4C, 0x1C, 0xB9, 0x95, 0x3A, 0x06, 0x65, 0x39, 0xB1, 0x15, 0x82, 0xDC, 0x48, 0x7B, 0x48, 0x33 },
+      175 /* Bin Number */
+  },
+  {
+    /* Go_Daddy_Root_Certificate_Authority___G2 */
+    { 0x45, 0x14, 0x0B, 0x32, 0x47, 0xEB, 0x9C, 0xC8, 0xC5, 0xB4, 0xF0, 0xD7, 0xB5, 0x30, 0x91, 0xF7,
+      0x32, 0x92, 0x08, 0x9E, 0x6E, 0x5A, 0x63, 0xE2, 0x74, 0x9D, 0xD3, 0xAC, 0xA9, 0x19, 0x8E, 0xDA },
+      106 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H5 */
+    { 0x49, 0x35, 0x1B, 0x90, 0x34, 0x44, 0xC1, 0x85, 0xCC, 0xDC, 0x5C, 0x69, 0x3D, 0x24, 0xD8, 0x55,
+      0x5C, 0xB2, 0x08, 0xD6, 0xA8, 0x14, 0x13, 0x07, 0x69, 0x9F, 0x4A, 0xF0, 0x63, 0x19, 0x9D, 0x78 },
+      166 /* Bin Number */
+  },
+  {
+    /* D_TRUST_Root_Class_3_CA_2_2009 */
+    { 0x49, 0xE7, 0xA4, 0x42, 0xAC, 0xF0, 0xEA, 0x62, 0x87, 0x05, 0x00, 0x54, 0xB5, 0x25, 0x64, 0xB6,
+      0x50, 0xE4, 0xF4, 0x9E, 0x42, 0xE3, 0x48, 0xD6, 0xAA, 0x38, 0xE0, 0x39, 0xE9, 0x57, 0xB1, 0xC1 },
+      130 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA___G3 */
+    { 0x4B, 0x03, 0xF4, 0x58, 0x07, 0xAD, 0x70, 0xF2, 0x1B, 0xFC, 0x2C, 0xAE, 0x71, 0xC9, 0xFD, 0xE4,
+      0x60, 0x4C, 0x06, 0x4C, 0xF5, 0xFF, 0xB6, 0x86, 0xBA, 0xE5, 0xDB, 0xAA, 0xD7, 0xFD, 0xD3, 0x4C },
+      88 /* Bin Number */
+  },
+  {
+    /* Certification_Authority_of_WoSign */
+    { 0x4B, 0x22, 0xD5, 0xA6, 0xAE, 0xC9, 0x9F, 0x3C, 0xDB, 0x79, 0xAA, 0x5E, 0xC0, 0x68, 0x38, 0x47,
+      0x9C, 0xD5, 0xEC, 0xBA, 0x71, 0x64, 0xF7, 0xF2, 0x2D, 0xC1, 0xD6, 0x5F, 0x63, 0xD8, 0x57, 0x08 },
+      152 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_EV_Root_CA */
+    { 0x4D, 0x24, 0x91, 0x41, 0x4C, 0xFE, 0x95, 0x67, 0x46, 0xEC, 0x4C, 0xEF, 0xA6, 0xCF, 0x6F, 0x72,
+      0xE2, 0x8A, 0x13, 0x29, 0x43, 0x2F, 0x9D, 0x8A, 0x90, 0x7A, 0xC4, 0xCB, 0x5D, 0xAD, 0xC1, 0x5A },
+      160 /* Bin Number */
+  },
+  {
+    /* USERTrust_ECC_Certification_Authority */
+    { 0x4F, 0xF4, 0x60, 0xD5, 0x4B, 0x9C, 0x86, 0xDA, 0xBF, 0xBC, 0xFC, 0x57, 0x12, 0xE0, 0x40, 0x0D,
+      0x2B, 0xED, 0x3F, 0xBC, 0x4D, 0x4F, 0xBD, 0xAA, 0x86, 0xE0, 0x6A, 0xDC, 0xD2, 0xA9, 0xAD, 0x7A },
+      156 /* Bin Number */
+  },
+  {
+    /* ComSign_Secured_CA */
+    { 0x50, 0x79, 0x41, 0xC7, 0x44, 0x60, 0xA0, 0xB4, 0x70, 0x86, 0x22, 0x0D, 0x4E, 0x99, 0x32, 0x57,
+      0x2A, 0xB5, 0xD1, 0xB5, 0xBB, 0xCB, 0x89, 0x80, 0xAB, 0x1C, 0xB1, 0x76, 0x51, 0xA8, 0x44, 0xD2 },
+      76 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_RootCA2_O__SECOM_Trust_Systems_CO__LTD___C_JP */
+    { 0x51, 0x3B, 0x2C, 0xEC, 0xB8, 0x10, 0xD4, 0xCD, 0xE5, 0xDD, 0x85, 0x39, 0x1A, 0xDF, 0xC6, 0xC2,
+      0xDD, 0x60, 0xD8, 0x7B, 0xB7, 0x36, 0xD2, 0xB5, 0x21, 0x48, 0x4A, 0xA4, 0x7A, 0x0E, 0xBE, 0xF6 },
+      118 /* Bin Number */
+  },
+  {
+    /* COMODO_RSA_Certification_Authority */
+    { 0x52, 0xF0, 0xE1, 0xC4, 0xE5, 0x8E, 0xC6, 0x29, 0x29, 0x1B, 0x60, 0x31, 0x7F, 0x07, 0x46, 0x71,
+      0xB8, 0x5D, 0x7E, 0xA8, 0x0D, 0x5B, 0x07, 0x27, 0x34, 0x63, 0x53, 0x4B, 0x32, 0xB4, 0x02, 0x34 },
+      154 /* Bin Number */
+  },
+  {
+    /* LuxTrust_Global_Root_2 */
+    { 0x54, 0x45, 0x5F, 0x71, 0x29, 0xC2, 0x0B, 0x14, 0x47, 0xC4, 0x18, 0xF9, 0x97, 0x16, 0x8F, 0x24,
+      0xC5, 0x8F, 0xC5, 0x02, 0x3B, 0xF5, 0xDA, 0x5B, 0xE2, 0xEB, 0x6E, 0x1D, 0xD8, 0x90, 0x2E, 0xD5 },
+      187 /* Bin Number */
+  },
+  {
+    /* DigiCert_Trusted_Root_G4 */
+    { 0x55, 0x2F, 0x7B, 0xDC, 0xF1, 0xA7, 0xAF, 0x9E, 0x6C, 0xE6, 0x72, 0x01, 0x7F, 0x4F, 0x12, 0xAB,
+      0xF7, 0x72, 0x40, 0xC7, 0x8E, 0x76, 0x1A, 0xC2, 0x03, 0xD1, 0xD9, 0xD2, 0x0A, 0xC8, 0x99, 0x88 },
+      151 /* Bin Number */
+  },
+  {
+    /* Actalis_Authentication_Root_CA */
+    { 0x55, 0x92, 0x60, 0x84, 0xEC, 0x96, 0x3A, 0x64, 0xB9, 0x6E, 0x2A, 0xBE, 0x01, 0xCE, 0x0B, 0xA8,
+      0x6A, 0x64, 0xFB, 0xFE, 0xBC, 0xC7, 0xAA, 0xB5, 0xAF, 0xC1, 0x55, 0xB3, 0x7F, 0xD7, 0x60, 0x66 },
+      121 /* Bin Number */
+  },
+  {
+    /* Starfield_Services_Root_Certificate_Authority___G2 */
+    { 0x56, 0x8D, 0x69, 0x05, 0xA2, 0xC8, 0x87, 0x08, 0xA4, 0xB3, 0x02, 0x51, 0x90, 0xED, 0xCF, 0xED,
+      0xB1, 0x97, 0x4A, 0x60, 0x6A, 0x13, 0xC6, 0xE5, 0x29, 0x0F, 0xCB, 0x2A, 0xE6, 0x3E, 0xDA, 0xB5 },
+      108 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G1 */
+    { 0x56, 0xC7, 0x71, 0x28, 0xD9, 0x8C, 0x18, 0xD9, 0x1B, 0x4C, 0xFD, 0xFF, 0xBC, 0x25, 0xEE, 0x91,
+      0x03, 0xD4, 0x75, 0x8E, 0xA2, 0xAB, 0xAD, 0x82, 0x6A, 0x90, 0xF3, 0x45, 0x7D, 0x46, 0x0E, 0xB4 },
+      178 /* Bin Number */
+  },
+  {
+    /* TWCA_Global_Root_CA */
+    { 0x59, 0x76, 0x90, 0x07, 0xF7, 0x68, 0x5D, 0x0F, 0xCD, 0x50, 0x87, 0x2F, 0x9F, 0x95, 0xD5, 0x75,
+      0x5A, 0x5B, 0x2B, 0x45, 0x7D, 0x81, 0xF3, 0x69, 0x2B, 0x61, 0x0A, 0x98, 0x67, 0x2F, 0x0E, 0x1B },
+      139 /* Bin Number */
+  },
+  {
+    /* Certum_Trusted_Network_CA */
+    { 0x5C, 0x58, 0x46, 0x8D, 0x55, 0xF5, 0x8E, 0x49, 0x7E, 0x74, 0x39, 0x82, 0xD2, 0xB5, 0x00, 0x10,
+      0xB6, 0xD1, 0x65, 0x37, 0x4A, 0xCF, 0x83, 0xA7, 0xD4, 0xA3, 0x2D, 0xB7, 0x68, 0xC4, 0x40, 0x8E },
+      113 /* Bin Number */
+  },
+  {
+    /* CFCA_EV_ROOT */
+    { 0x5C, 0xC3, 0xD7, 0x8E, 0x4E, 0x1D, 0x5E, 0x45, 0x54, 0x7A, 0x04, 0xE6, 0x87, 0x3E, 0x64, 0xF9,
+      0x0C, 0xF9, 0x53, 0x6D, 0x1C, 0xCC, 0x2E, 0xF8, 0x00, 0xF3, 0x55, 0xC4, 0xC5, 0xFD, 0x70, 0xFD },
+      165 /* Bin Number */
+  },
+  {
+    /* IdenTrust_Commercial_Root_CA_1 */
+    { 0x5D, 0x56, 0x49, 0x9B, 0xE4, 0xD2, 0xE0, 0x8B, 0xCF, 0xCA, 0xD0, 0x8A, 0x3E, 0x38, 0x72, 0x3D,
+      0x50, 0x50, 0x3B, 0xDE, 0x70, 0x69, 0x48, 0xE4, 0x2F, 0x55, 0x60, 0x30, 0x19, 0xE5, 0x28, 0xAE },
+      161 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority___G2 */
+    { 0x5E, 0xDB, 0x7A, 0xC4, 0x3B, 0x82, 0xA0, 0x6A, 0x87, 0x61, 0xE8, 0xD7, 0xBE, 0x49, 0x79, 0xEB,
+      0xF2, 0x61, 0x1F, 0x7D, 0xD7, 0x9B, 0xF9, 0x1C, 0x1C, 0x6B, 0x56, 0x6A, 0x21, 0x9E, 0xD7, 0x66 },
+      89 /* Bin Number */
+  },
+  {
+    /* Equifax_Secure_Global_eBusiness_CA_1 */
+    { 0x5F, 0x0B, 0x62, 0xEA, 0xB5, 0xE3, 0x53, 0xEA, 0x65, 0x21, 0x65, 0x16, 0x58, 0xFB, 0xB6, 0x53,
+      0x59, 0xF4, 0x43, 0x28, 0x0A, 0x4A, 0xFB, 0xD1, 0x04, 0xD7, 0x7D, 0x10, 0xF9, 0xF0, 0x4C, 0x07 },
+      12 /* Bin Number */
+  },
+  {
+    /* SwissSign_Gold_CA___G2 */
+    { 0x62, 0xDD, 0x0B, 0xE9, 0xB9, 0xF5, 0x0A, 0x16, 0x3E, 0xA0, 0xF8, 0xE7, 0x5C, 0x05, 0x3B, 0x1E,
+      0xCA, 0x57, 0xEA, 0x55, 0xC8, 0x68, 0x8F, 0x64, 0x7C, 0x68, 0x81, 0xF2, 0xC8, 0x35, 0x7B, 0x95 },
+      56 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA___G2 */
+    { 0x66, 0x8C, 0x83, 0x94, 0x7D, 0xA6, 0x3B, 0x72, 0x4B, 0xEC, 0xE1, 0x74, 0x3C, 0x31, 0xA0, 0xE6,
+      0xAE, 0xD0, 0xDB, 0x8E, 0xC5, 0xB3, 0x1B, 0xE3, 0x77, 0xBB, 0x78, 0x4F, 0x91, 0xB6, 0x71, 0x6F },
+      93 /* Bin Number */
+  },
+  {
+    /* AddTrust_External_CA_Root */
+    { 0x68, 0x7F, 0xA4, 0x51, 0x38, 0x22, 0x78, 0xFF, 0xF0, 0xC8, 0xB1, 0x1F, 0x8D, 0x43, 0xD5, 0x76,
+      0x67, 0x1C, 0x6E, 0xB2, 0xBC, 0xEA, 0xB4, 0x13, 0xFB, 0x83, 0xD9, 0x65, 0xD0, 0x6D, 0x2F, 0xF2 },
+      15 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G4 */
+    { 0x69, 0xDD, 0xD7, 0xEA, 0x90, 0xBB, 0x57, 0xC9, 0x3E, 0x13, 0x5D, 0xC8, 0x5E, 0xA6, 0xFC, 0xD5,
+      0x48, 0x0B, 0x60, 0x32, 0x39, 0xBD, 0xC4, 0x54, 0xFC, 0x75, 0x8B, 0x2A, 0x26, 0xCF, 0x7F, 0x79 },
+      91 /* Bin Number */
+  },
+  {
+    /* Visa_eCommerce_Root */
+    { 0x69, 0xFA, 0xC9, 0xBD, 0x55, 0xFB, 0x0A, 0xC7, 0x8D, 0x53, 0xBB, 0xEE, 0x5C, 0xF1, 0xD5, 0x97,
+      0x98, 0x9F, 0xD0, 0xAA, 0xAB, 0x20, 0xA2, 0x51, 0x51, 0xBD, 0xF1, 0x73, 0x3E, 0xE7, 0xD1, 0x22 },
+      26 /* Bin Number */
+  },
+  {
+    /* OISTE_WISeKey_Global_Root_GB_CA */
+    { 0x6B, 0x9C, 0x08, 0xE8, 0x6E, 0xB0, 0xF7, 0x67, 0xCF, 0xAD, 0x65, 0xCD, 0x98, 0xB6, 0x21, 0x49,
+      0xE5, 0x49, 0x4A, 0x67, 0xF5, 0x84, 0x5E, 0x7B, 0xD1, 0xED, 0x01, 0x9F, 0x27, 0xB8, 0x6B, 0xD6 },
+      169 /* Bin Number */
+  },
+  {
+    /* NetLock_Arany__Class_Gold__F_tan_s_tv_ny */
+    { 0x6C, 0x61, 0xDA, 0xC3, 0xA2, 0xDE, 0xF0, 0x31, 0x50, 0x6B, 0xE0, 0x36, 0xD2, 0xA6, 0xFE, 0x40,
+      0x19, 0x94, 0xFB, 0xD1, 0x3D, 0xF9, 0xC8, 0xD4, 0x66, 0x59, 0x92, 0x74, 0xC4, 0x46, 0xEC, 0x98 },
+      92 /* Bin Number */
+  },
+  {
+    /* Certplus_Root_CA_G2 */
+    { 0x6C, 0xC0, 0x50, 0x41, 0xE6, 0x44, 0x5E, 0x74, 0x69, 0x6C, 0x4C, 0xFB, 0xC9, 0xF8, 0x0F, 0x54,
+      0x3B, 0x7E, 0xAB, 0xBB, 0x44, 0xB4, 0xCE, 0x6F, 0x78, 0x7C, 0x6A, 0x99, 0x71, 0xC4, 0x2F, 0x17 },
+      177 /* Bin Number */
+  },
+  {
+    /* Entrust_net_Certification_Authority__2048_ */
+    { 0x6D, 0xC4, 0x71, 0x72, 0xE0, 0x1C, 0xBC, 0xB0, 0xBF, 0x62, 0x58, 0x0D, 0x89, 0x5F, 0xE2, 0xB8,
+      0xAC, 0x9A, 0xD4, 0xF8, 0x73, 0x80, 0x1E, 0x0C, 0x10, 0xB9, 0xC8, 0x37, 0xD2, 0x1E, 0xB1, 0x77 },
+      10 /* Bin Number */
+  },
+  {
+    /* UTN_USERFirst_Hardware */
+    { 0x6E, 0xA5, 0x47, 0x41, 0xD0, 0x04, 0x66, 0x7E, 0xED, 0x1B, 0x48, 0x16, 0x63, 0x4A, 0xA3, 0xA7,
+      0x9E, 0x6E, 0x4B, 0x96, 0x95, 0x0F, 0x82, 0x79, 0xDA, 0xFC, 0x8D, 0x9B, 0xD8, 0x81, 0x21, 0x37 },
+      38 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Premium */
+    { 0x70, 0xA7, 0x3F, 0x7F, 0x37, 0x6B, 0x60, 0x07, 0x42, 0x48, 0x90, 0x45, 0x34, 0xB1, 0x14, 0x82,
+      0xD5, 0xBF, 0x0E, 0x69, 0x8E, 0xCC, 0x49, 0x8D, 0xF5, 0x25, 0x77, 0xEB, 0xF2, 0xE9, 0x3B, 0x9A },
+      111 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority */
+    { 0x73, 0xC1, 0x76, 0x43, 0x4F, 0x1B, 0xC6, 0xD5, 0xAD, 0xF4, 0x5B, 0x0E, 0x76, 0xE7, 0x27, 0x28,
+      0x7C, 0x8D, 0xE5, 0x76, 0x16, 0xC1, 0xE6, 0xE6, 0x14, 0x1A, 0x2B, 0x2C, 0xBC, 0x7D, 0x8E, 0x4C },
+      18 /* Bin Number */
+  },
+  {
+    /* DigiCert_High_Assurance_EV_Root_CA */
+    { 0x74, 0x31, 0xE5, 0xF4, 0xC3, 0xC1, 0xCE, 0x46, 0x90, 0x77, 0x4F, 0x0B, 0x61, 0xE0, 0x54, 0x40,
+      0x88, 0x3B, 0xA9, 0xA0, 0x1E, 0xD0, 0x0B, 0xA6, 0xAB, 0xD7, 0x80, 0x6E, 0xD3, 0xB1, 0x18, 0xCF },
+      50 /* Bin Number */
+  },
+  {
+    /* O_Government_Root_Certification_Authority_C_TW */
+    { 0x76, 0x00, 0x29, 0x5E, 0xEF, 0xE8, 0x5B, 0x9E, 0x1F, 0xD6, 0x24, 0xDB, 0x76, 0x06, 0x2A, 0xAA,
+      0xAE, 0x59, 0x81, 0x8A, 0x54, 0xD2, 0x77, 0x4C, 0xD4, 0xC0, 0xB2, 0xC0, 0x11, 0x31, 0xE1, 0xB3 },
+      46 /* Bin Number */
+  },
+  {
+    /* DST_ACES_CA_X6 */
+    { 0x76, 0x7C, 0x95, 0x5A, 0x76, 0x41, 0x2C, 0x89, 0xAF, 0x68, 0x8E, 0x90, 0xA1, 0xC7, 0x0F, 0x55,
+      0x6C, 0xFD, 0x6B, 0x60, 0x25, 0xDB, 0xEA, 0x10, 0x41, 0x6D, 0x7E, 0xB6, 0x83, 0x1F, 0x8C, 0x40 },
+      53 /* Bin Number */
+  },
+  {
+    /* America_Online_Root_Certification_Authority_1 */
+    { 0x77, 0x40, 0x73, 0x12, 0xC6, 0x3A, 0x15, 0x3D, 0x5B, 0xC0, 0x0B, 0x4E, 0x51, 0x75, 0x9C, 0xDF,
+      0xDA, 0xC2, 0x37, 0xDC, 0x2A, 0x33, 0xB6, 0x79, 0x46, 0xE9, 0x8E, 0x9B, 0xFA, 0x68, 0x0A, 0xE3 },
+      24 /* Bin Number */
+  },
+  {
+    /* Sonera_Class2_CA */
+    { 0x79, 0x08, 0xB4, 0x03, 0x14, 0xC1, 0x38, 0x10, 0x0B, 0x51, 0x8D, 0x07, 0x35, 0x80, 0x7F, 0xFB,
+      0xFC, 0xF8, 0x51, 0x8A, 0x00, 0x95, 0x33, 0x71, 0x05, 0xBA, 0x38, 0x6B, 0x15, 0x3D, 0xD9, 0x27 },
+      35 /* Bin Number */
+  },
+  {
+    /* A_Trust_nQual_03 */
+    { 0x79, 0x3C, 0xBF, 0x45, 0x59, 0xB9, 0xFD, 0xE3, 0x8A, 0xB2, 0x2D, 0xF1, 0x68, 0x69, 0xF6, 0x98,
+      0x81, 0xAE, 0x14, 0xC4, 0xB0, 0x13, 0x9A, 0xC7, 0x88, 0xA7, 0x8A, 0x1A, 0xFC, 0xCA, 0x02, 0xFB },
+      116 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_G2 */
+    { 0x7D, 0x05, 0xEB, 0xB6, 0x82, 0x33, 0x9F, 0x8C, 0x94, 0x51, 0xEE, 0x09, 0x4E, 0xEB, 0xFE, 0xFA,
+      0x79, 0x53, 0xA1, 0x14, 0xED, 0xB2, 0xF4, 0x49, 0x49, 0x45, 0x2F, 0xAB, 0x7D, 0x2F, 0xC1, 0x85 },
+      147 /* Bin Number */
+  },
+  {
+    /* America_Online_Root_Certification_Authority_2 */
+    { 0x7D, 0x3B, 0x46, 0x5A, 0x60, 0x14, 0xE5, 0x26, 0xC0, 0xAF, 0xFC, 0xEE, 0x21, 0x27, 0xD2, 0x31,
+      0x17, 0x27, 0xAD, 0x81, 0x1C, 0x26, 0x84, 0x2D, 0x00, 0x6A, 0xF3, 0x73, 0x06, 0xCC, 0x80, 0xBD },
+      25 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_G3 */
+    { 0x7E, 0x37, 0xCB, 0x8B, 0x4C, 0x47, 0x09, 0x0C, 0xAB, 0x36, 0x55, 0x1B, 0xA6, 0xF4, 0x5D, 0xB8,
+      0x40, 0x68, 0x0F, 0xBA, 0x16, 0x6A, 0x95, 0x2D, 0xB1, 0x00, 0x71, 0x7F, 0x43, 0x05, 0x3F, 0xC2 },
+      148 /* Bin Number */
+  },
+  {
+    /* NetLock_Kozjegyzoi__Class_A__Tanusitvanykiado */
+    { 0x7F, 0x12, 0xCD, 0x5F, 0x7E, 0x5E, 0x29, 0x0E, 0xC7, 0xD8, 0x51, 0x79, 0xD5, 0xB7, 0x2C, 0x20,
+      0xA5, 0xBE, 0x75, 0x08, 0xFF, 0xDB, 0x5B, 0xF8, 0x1A, 0xB9, 0x68, 0x4A, 0x7F, 0xC9, 0xF6, 0x67 },
+      41 /* Bin Number */
+  },
+  {
+    /* AddTrust_Qualified_CA_Root */
+    { 0x80, 0x95, 0x21, 0x08, 0x05, 0xDB, 0x4B, 0xBC, 0x35, 0x5E, 0x44, 0x28, 0xD8, 0xFD, 0x6E, 0xC2,
+      0xCD, 0xE3, 0xAB, 0x5F, 0xB9, 0x7A, 0x99, 0x42, 0x98, 0x8E, 0xB8, 0xF4, 0xDC, 0xD0, 0x60, 0x16 },
+      17 /* Bin Number */
+  },
+  {
+    /* OU_VeriSign_Trust_Network_OU___c__1998_VeriSign__Inc____For_authorized_use_only__OU_Class_3_Public_Primary_Certification_Authority___G2_O__VeriSign__Inc___C_US */
+    { 0x83, 0xCE, 0x3C, 0x12, 0x29, 0x68, 0x8A, 0x59, 0x3D, 0x48, 0x5F, 0x81, 0x97, 0x3C, 0x0F, 0x91,
+      0x95, 0x43, 0x1E, 0xDA, 0x37, 0xCC, 0x5E, 0x36, 0x43, 0x0E, 0x79, 0xC7, 0xA8, 0x88, 0x63, 0x8B },
+      5 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_2 */
+    { 0x85, 0xA0, 0xDD, 0x7D, 0xD7, 0x20, 0xAD, 0xB7, 0xFF, 0x05, 0xF8, 0x3D, 0x54, 0x2B, 0x20, 0x9D,
+      0xC7, 0xFF, 0x45, 0x28, 0xF7, 0xD6, 0x77, 0xB1, 0x83, 0x89, 0xFE, 0xA5, 0xE5, 0xC4, 0x9E, 0x86 },
+      32 /* Bin Number */
+  },
+  {
+    /* UTN___DATACorp_SGC */
+    { 0x85, 0xFB, 0x2F, 0x91, 0xDD, 0x12, 0x27, 0x5A, 0x01, 0x45, 0xB6, 0x36, 0x53, 0x4F, 0x84, 0x02,
+      0x4A, 0xD6, 0x8B, 0x69, 0xB8, 0xEE, 0x88, 0x68, 0x4F, 0xF7, 0x11, 0x37, 0x58, 0x05, 0xB3, 0x48 },
+      37 /* Bin Number */
+  },
+  {
+    /* EC_ACC */
+    { 0x88, 0x49, 0x7F, 0x01, 0x60, 0x2F, 0x31, 0x54, 0x24, 0x6A, 0xE2, 0x8C, 0x4D, 0x5A, 0xEF, 0x10,
+      0xF1, 0xD8, 0x7E, 0xBB, 0x76, 0x62, 0x6F, 0x4A, 0xE0, 0xB7, 0xF9, 0x5B, 0xA7, 0x96, 0x87, 0x99 },
+      119 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_3_G3 */
+    { 0x88, 0xEF, 0x81, 0xDE, 0x20, 0x2E, 0xB0, 0x18, 0x45, 0x2E, 0x43, 0xF8, 0x64, 0x72, 0x5C, 0xEA,
+      0x5F, 0xBD, 0x1F, 0xC2, 0xD9, 0xD2, 0x05, 0x73, 0x07, 0x09, 0xC5, 0xD8, 0xB8, 0x69, 0x0F, 0x46 },
+      146 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_1_G3 */
+    { 0x8A, 0x86, 0x6F, 0xD1, 0xB2, 0x76, 0xB5, 0x7E, 0x57, 0x8E, 0x92, 0x1C, 0x65, 0x82, 0x8A, 0x2B,
+      0xED, 0x58, 0xE9, 0xF2, 0xF2, 0x88, 0x05, 0x41, 0x34, 0xB7, 0xF1, 0xF4, 0xBF, 0xC9, 0xCC, 0x74 },
+      144 /* Bin Number */
+  },
+  {
+    /* CA_WoSign_ECC_Root */
+    { 0x8B, 0x45, 0xDA, 0x1C, 0x06, 0xF7, 0x91, 0xEB, 0x0C, 0xAB, 0xF2, 0x6B, 0xE5, 0x88, 0xF5, 0xFB,
+      0x23, 0x16, 0x5C, 0x2E, 0x61, 0x4B, 0xF8, 0x85, 0x56, 0x2D, 0x0D, 0xCE, 0x50, 0xB2, 0x9B, 0x02 },
+      171 /* Bin Number */
+  },
+  {
+    /* Root_CA_Generalitat_Valenciana */
+    { 0x8C, 0x4E, 0xDF, 0xD0, 0x43, 0x48, 0xF3, 0x22, 0x96, 0x9E, 0x7E, 0x29, 0xA4, 0xCD, 0x4D, 0xCA,
+      0x00, 0x46, 0x55, 0x06, 0x1C, 0x16, 0xE1, 0xB0, 0x76, 0x42, 0x2E, 0xF3, 0x42, 0xAD, 0x63, 0x0E },
+      115 /* Bin Number */
+  },
+  {
+    /* AddTrust_Class_1_CA_Root */
+    { 0x8C, 0x72, 0x09, 0x27, 0x9A, 0xC0, 0x4E, 0x27, 0x5E, 0x16, 0xD0, 0x7F, 0xD3, 0xB7, 0x75, 0xE8,
+      0x01, 0x54, 0xB5, 0x96, 0x80, 0x46, 0xE3, 0x1F, 0x52, 0xDD, 0x25, 0x76, 0x63, 0x24, 0xE9, 0xA7 },
+      14 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA */
+    { 0x8D, 0x72, 0x2F, 0x81, 0xA9, 0xC1, 0x13, 0xC0, 0x79, 0x1D, 0xF1, 0x36, 0xA2, 0x96, 0x6D, 0xB2,
+      0x6C, 0x95, 0x0A, 0x97, 0x1D, 0xB4, 0x6B, 0x41, 0x99, 0xF4, 0xEA, 0x54, 0xB7, 0x8B, 0xFB, 0x9F },
+      59 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Class_3_CA_II */
+    { 0x8D, 0xA0, 0x84, 0xFC, 0xF9, 0x9C, 0xE0, 0x77, 0x22, 0xF8, 0x9B, 0x32, 0x05, 0x93, 0x98, 0x06,
+      0xFA, 0x5C, 0xB8, 0x11, 0xE1, 0xC8, 0x13, 0xF6, 0xA1, 0x08, 0xC7, 0xD3, 0x36, 0xB3, 0x40, 0x8E },
+      73 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H6 */
+    { 0x8D, 0xE7, 0x86, 0x55, 0xE1, 0xBE, 0x7F, 0x78, 0x47, 0x80, 0x0B, 0x93, 0xF6, 0x94, 0xD2, 0x1D,
+      0x36, 0x8C, 0xC0, 0x6E, 0x03, 0x3E, 0x7F, 0xAB, 0x04, 0xBB, 0x5E, 0xB9, 0x9D, 0xA6, 0xB7, 0x00 },
+      167 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_1 */
+    { 0x8E, 0xCD, 0xE6, 0x88, 0x4F, 0x3D, 0x87, 0xB1, 0x12, 0x5B, 0xA3, 0x1A, 0xC3, 0xFC, 0xB1, 0x3D,
+      0x70, 0x16, 0xDE, 0x7F, 0x57, 0xCC, 0x90, 0x4F, 0xE1, 0xCB, 0x97, 0xC6, 0xAE, 0x98, 0x19, 0x6E },
+      183 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_2_G3 */
+    { 0x8F, 0xE4, 0xFB, 0x0A, 0xF9, 0x3A, 0x4D, 0x0D, 0x67, 0xDB, 0x0B, 0xEB, 0xB2, 0x3E, 0x37, 0xC7,
+      0x1B, 0xF3, 0x25, 0xDC, 0xBC, 0xDD, 0x24, 0x0E, 0xA0, 0x4D, 0xAF, 0x58, 0xB4, 0x7E, 0x18, 0x40 },
+      145 /* Bin Number */
+  },
+  {
+    /* T_TeleSec_GlobalRoot_Class_2 */
+    { 0x91, 0xE2, 0xF5, 0x78, 0x8D, 0x58, 0x10, 0xEB, 0xA7, 0xBA, 0x58, 0x73, 0x7D, 0xE1, 0x54, 0x8A,
+      0x8E, 0xCA, 0xCD, 0x01, 0x45, 0x98, 0xBC, 0x0B, 0x14, 0x3E, 0x04, 0x1B, 0x17, 0x05, 0x25, 0x52 },
+      142 /* Bin Number */
+  },
+  {
+    /* CA_Disig */
+    { 0x92, 0xBF, 0x51, 0x19, 0xAB, 0xEC, 0xCA, 0xD0, 0xB1, 0x33, 0x2D, 0xC4, 0xE1, 0xD0, 0x5F, 0xBA,
+      0x75, 0xB5, 0x67, 0x90, 0x44, 0xEE, 0x0C, 0xA2, 0x6E, 0x93, 0x1F, 0x74, 0x4F, 0x2F, 0x33, 0xCF },
+      94 /* Bin Number */
+  },
+  {
+    /* Cybertrust_Global_Root */
+    { 0x96, 0x0A, 0xDF, 0x00, 0x63, 0xE9, 0x63, 0x56, 0x75, 0x0C, 0x29, 0x65, 0xDD, 0x0A, 0x08, 0x67,
+      0xDA, 0x0B, 0x9C, 0xBD, 0x6E, 0x77, 0x71, 0x4A, 0xEA, 0xFB, 0x23, 0x49, 0xAB, 0x39, 0x3D, 0xA3 },
+      77 /* Bin Number */
+  },
+  {
+    /* ISRG_Root_X1 */
+    { 0x96, 0xBC, 0xEC, 0x06, 0x26, 0x49, 0x76, 0xF3, 0x74, 0x60, 0x77, 0x9A, 0xCF, 0x28, 0xC5, 0xA7,
+      0xCF, 0xE8, 0xA3, 0xC0, 0xAA, 0xE1, 0x1A, 0x8F, 0xFC, 0xEE, 0x05, 0xC0, 0xBD, 0xDF, 0x08, 0xC6 },
+      181 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x97, 0x8C, 0xD9, 0x66, 0xF2, 0xFA, 0xA0, 0x7B, 0xA7, 0xAA, 0x95, 0x00, 0xD9, 0xC0, 0x2E, 0x9D,
+      0x77, 0xF2, 0xCD, 0xAD, 0xA6, 0xAD, 0x6B, 0xA7, 0x4A, 0xF4, 0xB9, 0x1C, 0x66, 0x59, 0x3C, 0x50 },
+      129 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_2_Root_CA */
+    { 0x9A, 0x11, 0x40, 0x25, 0x19, 0x7C, 0x5B, 0xB9, 0x5D, 0x94, 0xE6, 0x3D, 0x55, 0xCD, 0x43, 0x79,
+      0x08, 0x47, 0xB6, 0x46, 0xB2, 0x3C, 0xDF, 0x11, 0xAD, 0xA4, 0xA0, 0x0E, 0xFF, 0x15, 0xFB, 0x48 },
+      125 /* Bin Number */
+  },
+  {
+    /* ACCVRAIZ1 */
+    { 0x9A, 0x6E, 0xC0, 0x12, 0xE1, 0xA7, 0xDA, 0x9D, 0xBE, 0x34, 0x19, 0x4D, 0x47, 0x8A, 0xD7, 0xC0,
+      0xDB, 0x18, 0x22, 0xFB, 0x07, 0x1D, 0xF1, 0x29, 0x81, 0x49, 0x6E, 0xD1, 0x04, 0x38, 0x41, 0x13 },
+      138 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G5 */
+    { 0x9A, 0xCF, 0xAB, 0x7E, 0x43, 0xC8, 0xD8, 0x80, 0xD0, 0x6B, 0x26, 0x2A, 0x94, 0xDE, 0xEE, 0xE4,
+      0xB4, 0x65, 0x99, 0x89, 0xC3, 0xD0, 0xCA, 0xF1, 0x9B, 0xAF, 0x64, 0x05, 0xE4, 0x1A, 0xB7, 0xDF },
+      60 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Universal_CA_2 */
+    { 0xA0, 0x23, 0x4F, 0x3B, 0xC8, 0x52, 0x7C, 0xA5, 0x62, 0x8E, 0xEC, 0x81, 0xAD, 0x5D, 0x69, 0x89,
+      0x5D, 0xA5, 0x68, 0x0D, 0xC9, 0x1D, 0x1C, 0xB8, 0x47, 0x7F, 0x33, 0xF8, 0x78, 0xB9, 0x5B, 0x0B },
+      23 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_RootCA_2015 */
+    { 0xA0, 0x40, 0x92, 0x9A, 0x02, 0xCE, 0x53, 0xB4, 0xAC, 0xF4, 0xF2, 0xFF, 0xC6, 0x98, 0x1C, 0xE4,
+      0x49, 0x6F, 0x75, 0x5E, 0x6D, 0x45, 0xFE, 0x0B, 0x2A, 0x69, 0x2B, 0xCD, 0x52, 0x52, 0x3F, 0x36 },
+      174 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Universal_CA */
+    { 0xA0, 0x45, 0x9B, 0x9F, 0x63, 0xB2, 0x25, 0x59, 0xF5, 0xFA, 0x5D, 0x4C, 0x6D, 0xB3, 0xF9, 0xF7,
+      0x2F, 0xF1, 0x93, 0x42, 0x03, 0x35, 0x78, 0xF0, 0x73, 0xBF, 0x1D, 0x1B, 0x46, 0xCB, 0xB9, 0x12 },
+      22 /* Bin Number */
+  },
+  {
+    /* SZAFIR_ROOT_CA2 */
+    { 0xA1, 0x33, 0x9D, 0x33, 0x28, 0x1A, 0x0B, 0x56, 0xE5, 0x57, 0xD3, 0xD3, 0x2B, 0x1C, 0xE7, 0xF9,
+      0x36, 0x7E, 0xB0, 0x94, 0xBD, 0x5F, 0xA7, 0x2A, 0x7E, 0x50, 0x04, 0xC8, 0xDE, 0xD7, 0xCA, 0xFE },
+      172 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_EV_RootCA1_O__SECOM_Trust_Systems_CO__LTD___C_JP */
+    { 0xA2, 0x2D, 0xBA, 0x68, 0x1E, 0x97, 0x37, 0x6E, 0x2D, 0x39, 0x7D, 0x72, 0x8A, 0xAE, 0x3A, 0x9B,
+      0x62, 0x96, 0xB9, 0xFD, 0xBA, 0x60, 0xBC, 0x2E, 0x11, 0xF6, 0x47, 0xF2, 0xC6, 0x75, 0xFB, 0x37 },
+      68 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA___G2 */
+    { 0xA4, 0x31, 0x0D, 0x50, 0xAF, 0x18, 0xA6, 0x44, 0x71, 0x90, 0x37, 0x2A, 0x86, 0xAF, 0xAF, 0x8B,
+      0x95, 0x1F, 0xFB, 0x43, 0x1D, 0x83, 0x7F, 0x1E, 0x56, 0x88, 0xB4, 0x59, 0x71, 0xED, 0x15, 0x57 },
+      87 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_Certification_Authority */
+    { 0xA4, 0x5E, 0xDE, 0x3B, 0xBB, 0xF0, 0x9C, 0x8A, 0xE1, 0x5C, 0x72, 0xEF, 0xC0, 0x72, 0x68, 0xD6,
+      0x93, 0xA2, 0x1C, 0x99, 0x6F, 0xD5, 0x1E, 0x67, 0xCA, 0x07, 0x94, 0x60, 0xFD, 0x6D, 0x88, 0x73 },
+      31 /* Bin Number */
+  },
+  {
+    /* GTE_CyberTrust_Global_Root */
+    { 0xA5, 0x31, 0x25, 0x18, 0x8D, 0x21, 0x10, 0xAA, 0x96, 0x4B, 0x02, 0xC7, 0xB7, 0xC6, 0xDA, 0x32,
+      0x03, 0x17, 0x08, 0x94, 0xE5, 0xFB, 0x71, 0xFF, 0xFB, 0x66, 0x67, 0xD5, 0xE6, 0x81, 0x0A, 0x36 },
+      1 /* Bin Number */
+  },
+  {
+    /* WellsSecure_Public_Root_Certificate_Authority */
+    { 0xA7, 0x12, 0x72, 0xAE, 0xAA, 0xA3, 0xCF, 0xE8, 0x72, 0x7F, 0x7F, 0xB3, 0x9F, 0x0F, 0xB3, 0xD1,
+      0xE5, 0x42, 0x6E, 0x90, 0x60, 0xB0, 0x6E, 0xE6, 0xF1, 0x3E, 0x9A, 0x3C, 0x58, 0x33, 0xCD, 0x43 },
+      65 /* Bin Number */
+  },
+  {
+    /* Thawte_Premium_Server_CA */
+    { 0xAB, 0x70, 0x36, 0x36, 0x5C, 0x71, 0x54, 0xAA, 0x29, 0xC2, 0xC2, 0x9F, 0x5D, 0x41, 0x91, 0x16,
+      0x3B, 0x16, 0x2A, 0x22, 0x25, 0x01, 0x13, 0x57, 0xD5, 0x6D, 0x07, 0xFF, 0xA7, 0xBC, 0x1F, 0x72 },
+      3 /* Bin Number */
+  },
+  {
+    /* OU_RSA_Security_2048_V3_O_RSA_Security_Inc */
+    { 0xAF, 0x8B, 0x67, 0x62, 0xA1, 0xE5, 0x28, 0x22, 0x81, 0x61, 0xA9, 0x5D, 0x5C, 0x55, 0x9E, 0xE2,
+      0x66, 0x27, 0x8F, 0x75, 0xD7, 0x9E, 0x83, 0x01, 0x89, 0xA5, 0x03, 0x50, 0x6A, 0xBD, 0x6B, 0x4C },
+      19 /* Bin Number */
+  },
+  {
+    /* E_Tugra_Certification_Authority */
+    { 0xB0, 0xBF, 0xD5, 0x2B, 0xB0, 0xD7, 0xD9, 0xBD, 0x92, 0xBF, 0x5D, 0x4D, 0xC1, 0x3D, 0xA2, 0x55,
+      0xC0, 0x2C, 0x54, 0x2F, 0x37, 0x83, 0x65, 0xEA, 0x89, 0x39, 0x11, 0xF5, 0x5E, 0x55, 0xF2, 0x3C },
+      141 /* Bin Number */
+  },
+  {
+    /* Thawte_Server_CA */
+    { 0xB4, 0x41, 0x0B, 0x73, 0xE2, 0xE6, 0xEA, 0xCA, 0x47, 0xFB, 0xC4, 0x2F, 0x8F, 0xA4, 0x01, 0x8A,
+      0xF4, 0x38, 0x1D, 0xC5, 0x4C, 0xFA, 0xA8, 0x44, 0x50, 0x46, 0x1E, 0xED, 0x09, 0x45, 0x4D, 0xE9 },
+      2 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority___G3 */
+    { 0xB4, 0x78, 0xB8, 0x12, 0x25, 0x0D, 0xF8, 0x78, 0x63, 0x5C, 0x2A, 0xA7, 0xEC, 0x7D, 0x15, 0x5E,
+      0xAA, 0x62, 0x5E, 0xE8, 0x29, 0x16, 0xE2, 0xCD, 0x29, 0x43, 0x61, 0x88, 0x6C, 0xD1, 0xFB, 0xD4 },
+      86 /* Bin Number */
+  },
+  {
+    /* Deutsche_Telekom_Root_CA_2 */
+    { 0xB6, 0x19, 0x1A, 0x50, 0xD0, 0xC3, 0x97, 0x7F, 0x7D, 0xA9, 0x9B, 0xCD, 0xAA, 0xC8, 0x6A, 0x22,
+      0x7D, 0xAE, 0xB9, 0x67, 0x9E, 0xC7, 0x0B, 0xA3, 0xB0, 0xC9, 0xD9, 0x22, 0x71, 0xC1, 0x70, 0xD3 },
+      75 /* Bin Number */
+  },
+  {
+    /* Certum_Trusted_Network_CA_2 */
+    { 0xB6, 0x76, 0xF2, 0xED, 0xDA, 0xE8, 0x77, 0x5C, 0xD3, 0x6C, 0xB0, 0xF6, 0x3C, 0xD1, 0xD4, 0x60,
+      0x39, 0x61, 0xF4, 0x9E, 0x62, 0x65, 0xBA, 0x01, 0x3A, 0x2F, 0x03, 0x07, 0xB6, 0xD0, 0xB8, 0x04 },
+      173 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_3_CA_1 */
+    { 0xB7, 0xB1, 0x2B, 0x17, 0x1F, 0x82, 0x1D, 0xAA, 0x99, 0x0C, 0xD0, 0xFE, 0x50, 0x87, 0xB1, 0x28,
+      0x44, 0x8B, 0xA8, 0xE5, 0x18, 0x4F, 0x84, 0xC5, 0x1E, 0x02, 0xB5, 0xC8, 0xFB, 0x96, 0x2B, 0x24 },
+      81 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G3 */
+    { 0xB7, 0xC3, 0x62, 0x31, 0x70, 0x6E, 0x81, 0x07, 0x8C, 0x36, 0x7C, 0xB8, 0x96, 0x19, 0x8F, 0x1E,
+      0x32, 0x08, 0xDD, 0x92, 0x69, 0x49, 0xDD, 0x8F, 0x57, 0x09, 0xA4, 0x10, 0xF7, 0x5B, 0x62, 0x92 },
+      180 /* Bin Number */
+  },
+  {
+    /* IGC_A */
+    { 0xB9, 0xBE, 0xA7, 0x86, 0x0A, 0x96, 0x2E, 0xA3, 0x61, 0x1D, 0xAB, 0x97, 0xAB, 0x6D, 0xA3, 0xE2,
+      0x1C, 0x10, 0x68, 0xB9, 0x7D, 0x55, 0x57, 0x5E, 0xD0, 0xE1, 0x12, 0x79, 0xC1, 0x1C, 0x89, 0x32 },
+      67 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_RootCA_2011 */
+    { 0xBC, 0x10, 0x4F, 0x15, 0xA4, 0x8B, 0xE7, 0x09, 0xDC, 0xA5, 0x42, 0xA7, 0xE1, 0xD4, 0xB9, 0xDF,
+      0x6F, 0x05, 0x45, 0x27, 0xE8, 0x02, 0xEA, 0xA9, 0x2D, 0x59, 0x54, 0x44, 0x25, 0x8A, 0xFE, 0x71 },
+      120 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Premium_ECC */
+    { 0xBD, 0x71, 0xFD, 0xF6, 0xDA, 0x97, 0xE4, 0xCF, 0x62, 0xD1, 0x64, 0x7A, 0xDD, 0x25, 0x81, 0xB0,
+      0x7D, 0x79, 0xAD, 0xF8, 0x39, 0x7E, 0xB4, 0xEC, 0xBA, 0x9C, 0x5E, 0x84, 0x88, 0x82, 0x14, 0x23 },
+      112 /* Bin Number */
+  },
+  {
+    /* Secure_Certificate_Services */
+    { 0xBD, 0x81, 0xCE, 0x3B, 0x4F, 0x65, 0x91, 0xD1, 0x1A, 0x67, 0xB5, 0xFC, 0x7A, 0x47, 0xFD, 0xEF,
+      0x25, 0x52, 0x1B, 0xF9, 0xAA, 0x4E, 0x18, 0xB9, 0xE3, 0xDF, 0x2E, 0x34, 0xA7, 0x80, 0x3B, 0xE8 },
+      29 /* Bin Number */
+  },
+  {
+    /* SwissSign_Silver_CA___G2 */
+    { 0xBE, 0x6C, 0x4D, 0xA2, 0xBB, 0xB9, 0xBA, 0x59, 0xB6, 0xF3, 0x93, 0x97, 0x68, 0x37, 0x42, 0x46,
+      0xC3, 0xC0, 0x05, 0x99, 0x3F, 0xA9, 0x8F, 0x02, 0x0D, 0x1D, 0xED, 0xBE, 0xD4, 0x8A, 0x81, 0xD5 },
+      57 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xBE, 0xC9, 0x49, 0x11, 0xC2, 0x95, 0x56, 0x76, 0xDB, 0x6C, 0x0A, 0x55, 0x09, 0x86, 0xD7, 0x6E,
+      0x3B, 0xA0, 0x05, 0x66, 0x7C, 0x44, 0x2C, 0x97, 0x62, 0xB4, 0xFB, 0xB7, 0x73, 0xDE, 0x22, 0x8C },
+      157 /* Bin Number */
+  },
+  {
+    /* SecureSign_RootCA11 */
+    { 0xBF, 0x0F, 0xEE, 0xFB, 0x9E, 0x3A, 0x58, 0x1A, 0xD5, 0xF9, 0xE9, 0xDB, 0x75, 0x89, 0x98, 0x57,
+      0x43, 0xD2, 0x61, 0x08, 0x5C, 0x4D, 0x31, 0x4F, 0x6F, 0x5D, 0x72, 0x59, 0xAA, 0x42, 0x16, 0x12 },
+      97 /* Bin Number */
+  },
+  {
+    /* TWCA_Root_Certification_Authority */
+    { 0xBF, 0xD8, 0x8F, 0xE1, 0x10, 0x1C, 0x41, 0xAE, 0x3E, 0x80, 0x1B, 0xF8, 0xBE, 0x56, 0x35, 0x0E,
+      0xE9, 0xBA, 0xD1, 0xA6, 0xB9, 0xBD, 0x51, 0x5E, 0xDC, 0x5C, 0x6D, 0x5B, 0x87, 0x11, 0xAC, 0x44 },
+      117 /* Bin Number */
+  },
+  {
+    /* OU_ePKI_Root_Certification_Authority_O__Chunghwa_Telecom_Co___Ltd___C_TW */
+    { 0xC0, 0xA6, 0xF4, 0xDC, 0x63, 0xA2, 0x4B, 0xFD, 0xCF, 0x54, 0xEF, 0x2A, 0x6A, 0x08, 0x2A, 0x0A,
+      0x72, 0xDE, 0x35, 0x80, 0x3E, 0x2F, 0xF5, 0xFF, 0x52, 0x7A, 0xE5, 0xD8, 0x72, 0x06, 0xDF, 0xD5 },
+      78 /* Bin Number */
+  },
+  {
+    /* OU_Trustis_FPS_Root_CA_O_Trustis_Limited_C_GB */
+    { 0xC1, 0xB4, 0x82, 0x99, 0xAB, 0xA5, 0x20, 0x8F, 0xE9, 0x63, 0x0A, 0xCE, 0x55, 0xCA, 0x68, 0xA0,
+      0x3E, 0xDA, 0x5A, 0x51, 0x9C, 0x88, 0x02, 0xA0, 0xD3, 0xA6, 0x73, 0xBE, 0x8F, 0x8E, 0x55, 0x7D },
+      122 /* Bin Number */
+  },
+  {
+    /* OU_Go_Daddy_Class_2_Certification_Authority_O__The_Go_Daddy_Group__Inc___C_US */
+    { 0xC3, 0x84, 0x6B, 0xF2, 0x4B, 0x9E, 0x93, 0xCA, 0x64, 0x27, 0x4C, 0x0E, 0xC6, 0x7C, 0x1E, 0xCC,
+      0x5E, 0x02, 0x4F, 0xFC, 0xAC, 0xD2, 0xD7, 0x40, 0x19, 0x35, 0x0E, 0x81, 0xFE, 0x54, 0x6A, 0xE4 },
+      43 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0xC4, 0x70, 0xCF, 0x54, 0x7E, 0x23, 0x02, 0xB9, 0x77, 0xFB, 0x29, 0xDD, 0x71, 0xA8, 0x9A, 0x7B,
+      0x6C, 0x1F, 0x60, 0x77, 0x7B, 0x03, 0x29, 0xF5, 0x60, 0x17, 0xF3, 0x28, 0xBF, 0x4F, 0x6B, 0xE6 },
+      55 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority */
+    { 0xC7, 0x66, 0xA9, 0xBE, 0xF2, 0xD4, 0x07, 0x1C, 0x86, 0x3A, 0x31, 0xAA, 0x49, 0x20, 0xE8, 0x13,
+      0xB2, 0xD1, 0x98, 0x60, 0x8C, 0xB7, 0xB7, 0xCF, 0xE2, 0x11, 0x43, 0xB8, 0x36, 0xDF, 0x09, 0xEA },
+      45 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority_G2 */
+    { 0xC7, 0xBA, 0x65, 0x67, 0xDE, 0x93, 0xA7, 0x98, 0xAE, 0x1F, 0xAA, 0x79, 0x1E, 0x71, 0x2D, 0x37,
+      0x8F, 0xAE, 0x1F, 0x93, 0xC4, 0x39, 0x7F, 0xEA, 0x44, 0x1B, 0xB7, 0xCB, 0xE6, 0xFD, 0x59, 0x95 },
+      124 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Global_CA_2 */
+    { 0xCA, 0x2D, 0x82, 0xA0, 0x86, 0x77, 0x07, 0x2F, 0x8A, 0xB6, 0x76, 0x4F, 0xF0, 0x35, 0x67, 0x6C,
+      0xFE, 0x3E, 0x5E, 0x32, 0x5E, 0x01, 0x21, 0x72, 0xDF, 0x3F, 0x92, 0x09, 0x6D, 0xB7, 0x9B, 0x85 },
+      21 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xCA, 0x42, 0xDD, 0x41, 0x74, 0x5F, 0xD0, 0xB8, 0x1E, 0xB9, 0x02, 0x36, 0x2C, 0xF9, 0xD8, 0xBF,
+      0x71, 0x9D, 0xA1, 0xBD, 0x1B, 0x1E, 0xFC, 0x94, 0x6F, 0x5B, 0x4C, 0x99, 0xF4, 0x2C, 0x1B, 0x9E },
+      7 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_G2 */
+    { 0xCB, 0x3C, 0xCB, 0xB7, 0x60, 0x31, 0xE5, 0xE0, 0x13, 0x8F, 0x8D, 0xD3, 0x9A, 0x23, 0xF9, 0xDE,
+      0x47, 0xFF, 0xC3, 0x5E, 0x43, 0xC1, 0x14, 0x4C, 0xEA, 0x27, 0xD4, 0x6A, 0x5A, 0xB1, 0xCB, 0x5F },
+      149 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xCB, 0xB5, 0x22, 0xD7, 0xB7, 0xF1, 0x27, 0xAD, 0x6A, 0x01, 0x13, 0x86, 0x5B, 0xDF, 0x1C, 0xD4,
+      0x10, 0x2E, 0x7D, 0x07, 0x59, 0xAF, 0x63, 0x5A, 0x7C, 0xF4, 0x72, 0x0D, 0xC9, 0x63, 0xC5, 0x3B },
+      101 /* Bin Number */
+  },
+  {
+    /* XRamp_Global_Certification_Authority */
+    { 0xCE, 0xCD, 0xDC, 0x90, 0x50, 0x99, 0xD8, 0xDA, 0xDF, 0xC5, 0xB1, 0xD2, 0x09, 0xB7, 0x37, 0xCB,
+      0xE2, 0xC1, 0x8C, 0xFB, 0x2C, 0x10, 0xC0, 0xFF, 0x0B, 0xCF, 0x0D, 0x32, 0x86, 0xFC, 0x1A, 0xA2 },
+      42 /* Bin Number */
+  },
+  {
+    /* Equifax_Secure_eBusiness_CA_1 */
+    { 0xCF, 0x56, 0xFF, 0x46, 0xA4, 0xA1, 0x86, 0x10, 0x9D, 0xD9, 0x65, 0x84, 0xB5, 0xEE, 0xB5, 0x8A,
+      0x51, 0x0C, 0x42, 0x75, 0xB0, 0xE5, 0xF9, 0x4F, 0x40, 0xBB, 0xAE, 0x86, 0x5E, 0x19, 0xF6, 0x73 },
+      13 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA */
+    { 0xD4, 0x1D, 0x82, 0x9E, 0x8C, 0x16, 0x59, 0x82, 0x2A, 0xF9, 0x3F, 0xCE, 0x62, 0xBF, 0xFC, 0xDE,
+      0x26, 0x4F, 0xC8, 0x4E, 0x8B, 0x95, 0x0C, 0x5F, 0xF2, 0x75, 0xD0, 0x52, 0x35, 0x46, 0x95, 0xA3 },
+      36 /* Bin Number */
+  },
+  {
+    /* Certification_Authority_of_WoSign_G2 */
+    { 0xD4, 0x87, 0xA5, 0x6F, 0x83, 0xB0, 0x74, 0x82, 0xE8, 0x5E, 0x96, 0x33, 0x94, 0xC1, 0xEC, 0xC2,
+      0xC9, 0xE5, 0x1D, 0x09, 0x03, 0xEE, 0x94, 0x6B, 0x02, 0xC3, 0x01, 0x58, 0x1E, 0xD9, 0x9E, 0x16 },
+      170 /* Bin Number */
+  },
+  {
+    /* CA______ */
+    { 0xD6, 0xF0, 0x34, 0xBD, 0x94, 0xAA, 0x23, 0x3F, 0x02, 0x97, 0xEC, 0xA4, 0x24, 0x5B, 0x28, 0x39,
+      0x73, 0xE4, 0x47, 0xAA, 0x59, 0x0F, 0x31, 0x0C, 0x77, 0xF4, 0x8F, 0xDF, 0x83, 0x11, 0x22, 0x54 },
+      153 /* Bin Number */
+  },
+  {
+    /* AAA_Certificate_Services */
+    { 0xD7, 0xA7, 0xA0, 0xFB, 0x5D, 0x7E, 0x27, 0x31, 0xD7, 0x71, 0xE9, 0x48, 0x4E, 0xBC, 0xDE, 0xF7,
+      0x1D, 0x5F, 0x0C, 0x3E, 0x0A, 0x29, 0x48, 0x78, 0x2B, 0xC8, 0x3E, 0xE0, 0xEA, 0x69, 0x9E, 0xF4 },
+      28 /* Bin Number */
+  },
+  {
+    /* Certum_CA */
+    { 0xD8, 0xE0, 0xFE, 0xBC, 0x1D, 0xB2, 0xE3, 0x8D, 0x00, 0x94, 0x0F, 0x37, 0xD2, 0x7D, 0x41, 0x34,
+      0x4D, 0x99, 0x3E, 0x73, 0x4B, 0x99, 0xD5, 0x65, 0x6D, 0x97, 0x78, 0xD4, 0xD8, 0x14, 0x36, 0x24 },
+      27 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_EV_CA_2 */
+    { 0xD9, 0x5F, 0xEA, 0x3C, 0xA4, 0xEE, 0xDC, 0xE7, 0x4C, 0xD7, 0x6E, 0x75, 0xFC, 0x6D, 0x1F, 0xF6,
+      0x2C, 0x44, 0x1F, 0x0F, 0xA8, 0xBC, 0x77, 0xF0, 0x34, 0xB1, 0x9E, 0x5D, 0xB2, 0x58, 0x01, 0x5D },
+      135 /* Bin Number */
+  },
+  {
+    /* TeliaSonera_Root_CA_v1 */
+    { 0xDD, 0x69, 0x36, 0xFE, 0x21, 0xF8, 0xF0, 0x77, 0xC1, 0x23, 0xA1, 0xA5, 0x21, 0xC1, 0x22, 0x24,
+      0xF7, 0x22, 0x55, 0xB7, 0x3E, 0x03, 0xA7, 0x26, 0x06, 0x93, 0xE8, 0xA2, 0x4B, 0x0F, 0xA3, 0x89 },
+      140 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority */
+    { 0xE1, 0x78, 0x90, 0xEE, 0x09, 0xA3, 0xFB, 0xF4, 0xF4, 0x8B, 0x9C, 0x41, 0x4A, 0x17, 0xD6, 0x37,
+      0xB7, 0xA5, 0x06, 0x47, 0xE9, 0xBC, 0x75, 0x23, 0x22, 0x72, 0x7F, 0xCC, 0x17, 0x42, 0xA9, 0x11 },
+      123 /* Bin Number */
+  },
+  {
+    /* CA_Disig_Root_R2 */
+    { 0xE2, 0x3D, 0x4A, 0x03, 0x6D, 0x7B, 0x70, 0xE9, 0xF5, 0x95, 0xB1, 0x42, 0x20, 0x79, 0xD2, 0xB9,
+      0x1E, 0xDF, 0xBB, 0x1F, 0xB6, 0x51, 0xA0, 0x63, 0x3E, 0xAA, 0x8A, 0x9D, 0xC5, 0xF8, 0x07, 0x03 },
+      137 /* Bin Number */
+  },
+  {
+    /* CNNIC_ROOT */
+    { 0xE2, 0x83, 0x93, 0x77, 0x3D, 0xA8, 0x45, 0xA6, 0x79, 0xF2, 0x08, 0x0C, 0xC7, 0xFB, 0x44, 0xA3,
+      0xB7, 0xA1, 0xC3, 0x79, 0x2C, 0xB7, 0xEB, 0x77, 0x29, 0xFD, 0xCB, 0x6A, 0x8D, 0x99, 0xAE, 0xA7 },
+      84 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_4 */
+    { 0xE3, 0x5D, 0x28, 0x41, 0x9E, 0xD0, 0x20, 0x25, 0xCF, 0xA6, 0x90, 0x38, 0xCD, 0x62, 0x39, 0x62,
+      0x45, 0x8D, 0xA5, 0xC6, 0x95, 0xFB, 0xDE, 0xA3, 0xC2, 0x2B, 0x0B, 0xFB, 0x25, 0x89, 0x70, 0x92 },
+      186 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_4_Public_Primary_Certification_Authority___G3 */
+    { 0xE3, 0x89, 0x36, 0x0D, 0x0F, 0xDB, 0xAE, 0xB3, 0xD2, 0x50, 0x58, 0x4B, 0x47, 0x30, 0x31, 0x4E,
+      0x22, 0x2F, 0x39, 0xC1, 0x56, 0xA0, 0x20, 0x14, 0x4E, 0x8D, 0x96, 0x05, 0x61, 0x79, 0x15, 0x06 },
+      9 /* Bin Number */
+  },
+  {
+    /* Certigna */
+    { 0xE3, 0xB6, 0xA2, 0xDB, 0x2E, 0xD7, 0xCE, 0x48, 0x84, 0x2F, 0x7A, 0xC5, 0x32, 0x41, 0xC7, 0xB7,
+      0x1D, 0x54, 0x14, 0x4B, 0xFB, 0x40, 0xC1, 0x1F, 0x3F, 0x1D, 0x0B, 0x42, 0xF5, 0xEE, 0xA1, 0x2D },
+      71 /* Bin Number */
+  },
+  {
+    /* T_B_TAK_UEKAE_K_k_Sertifika_Hizmet_Sa_lay_c_s____S_r_m_3 */
+    { 0xE4, 0xC7, 0x34, 0x30, 0xD7, 0xA5, 0xB5, 0x09, 0x25, 0xDF, 0x43, 0x37, 0x0A, 0x0D, 0x21, 0x6E,
+      0x9A, 0x79, 0xB9, 0xD6, 0xDB, 0x83, 0x73, 0xA0, 0xC6, 0x9E, 0xB1, 0xCC, 0x31, 0xC7, 0xC5, 0x2A },
+      79 /* Bin Number */
+  },
+  {
+    /* e_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi */
+    { 0xE6, 0x09, 0x07, 0x84, 0x65, 0xA4, 0x19, 0x78, 0x0C, 0xB6, 0xAC, 0x4C, 0x1C, 0x0B, 0xFB, 0x46,
+      0x53, 0xD9, 0xD9, 0xCC, 0x6E, 0xB3, 0x94, 0x6E, 0xB7, 0xF3, 0xD6, 0x99, 0x97, 0xBA, 0xD5, 0x98 },
+      100 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Class_2_CA_II */
+    { 0xE6, 0xB8, 0xF8, 0x76, 0x64, 0x85, 0xF8, 0x07, 0xAE, 0x7F, 0x8D, 0xAC, 0x16, 0x70, 0x46, 0x1F,
+      0x07, 0xC0, 0xA1, 0x3E, 0xEF, 0x3A, 0x1F, 0xF7, 0x17, 0x53, 0x8D, 0x7A, 0xBA, 0xD3, 0x91, 0xB4 },
+      72 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_RootCA1_O_SECOM_Trust_net_C_JP */
+    { 0xE7, 0x5E, 0x72, 0xED, 0x9F, 0x56, 0x0E, 0xEC, 0x6E, 0xB4, 0x80, 0x00, 0x73, 0xA4, 0x3F, 0xC3,
+      0xAD, 0x19, 0x19, 0x5A, 0x39, 0x22, 0x82, 0x01, 0x78, 0x95, 0x97, 0x4A, 0x99, 0x02, 0x6B, 0x6C },
+      34 /* Bin Number */
+  },
+  {
+    /* USERTrust_RSA_Certification_Authority */
+    { 0xE7, 0x93, 0xC9, 0xB0, 0x2F, 0xD8, 0xAA, 0x13, 0xE2, 0x1C, 0x31, 0x22, 0x8A, 0xCC, 0xB0, 0x81,
+      0x19, 0x64, 0x3B, 0x74, 0x9C, 0x89, 0x89, 0x64, 0xB1, 0x74, 0x6D, 0x46, 0xC3, 0xD4, 0xCB, 0xD2 },
+      155 /* Bin Number */
+  },
+  {
+    /* OU_certSIGN_ROOT_CA_O_certSIGN_C_RO */
+    { 0xEA, 0xA9, 0x62, 0xC4, 0xFA, 0x4A, 0x6B, 0xAF, 0xEB, 0xE4, 0x15, 0x19, 0x6D, 0x35, 0x1C, 0xCD,
+      0x88, 0x8D, 0x4F, 0x53, 0xF3, 0xFA, 0x8A, 0xE6, 0xD7, 0xC4, 0x66, 0xA9, 0x4E, 0x60, 0x42, 0xBB },
+      83 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G3 */
+    { 0xEB, 0x04, 0xCF, 0x5E, 0xB1, 0xF3, 0x9A, 0xFA, 0x76, 0x2F, 0x2B, 0xB1, 0x20, 0xF2, 0x96, 0xCB,
+      0xA5, 0x20, 0xC1, 0xB9, 0x7D, 0xB1, 0x58, 0x95, 0x65, 0xB8, 0x1C, 0xB9, 0xA1, 0x7B, 0x72, 0x44 },
+      8 /* Bin Number */
+  },
+  {
+    /* OU_AC_RAIZ_FNMT_RCM_O_FNMT_RCM_C_ES */
+    { 0xEB, 0xC5, 0x57, 0x0C, 0x29, 0x01, 0x8C, 0x4D, 0x67, 0xB1, 0xAA, 0x12, 0x7B, 0xAF, 0x12, 0xF7,
+      0x03, 0xB4, 0x61, 0x1E, 0xBC, 0x17, 0xB7, 0xDA, 0xB5, 0x57, 0x38, 0x94, 0x17, 0x9B, 0x93, 0xFA },
+      182 /* Bin Number */
+  },
+  {
+    /* GlobalSign_Root_CA */
+    { 0xEB, 0xD4, 0x10, 0x40, 0xE4, 0xBB, 0x3E, 0xC7, 0x42, 0xC9, 0xE3, 0x81, 0xD3, 0x1E, 0xF2, 0xA4,
+      0x1A, 0x48, 0xB6, 0x68, 0x5C, 0x96, 0xE7, 0xCE, 0xF3, 0xC1, 0xDF, 0x6C, 0xD4, 0x33, 0x1C, 0x99 },
+      6 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Universal_CA_I */
+    { 0xEB, 0xF3, 0xC0, 0x2A, 0x87, 0x89, 0xB1, 0xFB, 0x7D, 0x51, 0x19, 0x95, 0xD6, 0x63, 0xB7, 0x29,
+      0x06, 0xD9, 0x13, 0xCE, 0x0D, 0x5E, 0x10, 0x56, 0x8A, 0x8A, 0x77, 0xE2, 0x58, 0x61, 0x67, 0xE7 },
+      74 /* Bin Number */
+  },
+  {
+    /* Juur_SK */
+    { 0xEC, 0xC3, 0xE9, 0xC3, 0x40, 0x75, 0x03, 0xBE, 0xE0, 0x91, 0xAA, 0x95, 0x2F, 0x41, 0x34, 0x8F,
+      0xF8, 0x8B, 0xAA, 0x86, 0x3B, 0x22, 0x64, 0xBE, 0xFA, 0xC8, 0x07, 0x90, 0x15, 0x74, 0xE9, 0x39 },
+      95 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_3_Root_CA */
+    { 0xED, 0xF7, 0xEB, 0xBC, 0xA2, 0x7A, 0x2A, 0x38, 0x4D, 0x38, 0x7B, 0x7D, 0x40, 0x10, 0xC6, 0x66,
+      0xE2, 0xED, 0xB4, 0x84, 0x3E, 0x4C, 0x29, 0xB4, 0xAE, 0x1D, 0x5B, 0x93, 0x32, 0xE6, 0xB2, 0x4D },
+      126 /* Bin Number */
+  },
+  {
+    /* D_TRUST_Root_Class_3_CA_2_EV_2009 */
+    { 0xEE, 0xC5, 0x49, 0x6B, 0x98, 0x8C, 0xE9, 0x86, 0x25, 0xB9, 0x34, 0x09, 0x2E, 0xEC, 0x29, 0x08,
+      0xBE, 0xD0, 0xB0, 0xF3, 0x16, 0xC2, 0xD4, 0x73, 0x0C, 0x84, 0xEA, 0xF1, 0xF3, 0xD3, 0x48, 0x81 },
+      131 /* Bin Number */
+  },
+  {
+    /* Global_Chambersign_Root */
+    { 0xEF, 0x3C, 0xB4, 0x17, 0xFC, 0x8E, 0xBF, 0x6F, 0x97, 0x87, 0x6C, 0x9E, 0x4E, 0xCE, 0x39, 0xDE,
+      0x1E, 0xA5, 0xFE, 0x64, 0x91, 0x41, 0xD1, 0x02, 0x8B, 0x7D, 0x11, 0xC0, 0xB2, 0x29, 0x8C, 0xED },
+      40 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_CA_2 */
+    { 0xF0, 0x9B, 0x12, 0x2C, 0x71, 0x14, 0xF4, 0xA0, 0x9B, 0xD4, 0xEA, 0x4F, 0x4A, 0x99, 0xD5, 0x58,
+      0xB4, 0x6E, 0x4C, 0x25, 0xCD, 0x81, 0x14, 0x0D, 0x29, 0xC0, 0x56, 0x13, 0x91, 0x4C, 0x38, 0x41 },
+      134 /* Bin Number */
+  },
+  {
+    /* SecureTrust_CA */
+    { 0xF1, 0xC1, 0xB5, 0x0A, 0xE5, 0xA2, 0x0D, 0xD8, 0x03, 0x0E, 0xC9, 0xF6, 0xBC, 0x24, 0x82, 0x3D,
+      0xD3, 0x67, 0xB5, 0x25, 0x57, 0x59, 0xB4, 0xE7, 0x1B, 0x61, 0xFC, 0xE9, 0xF7, 0x37, 0x5D, 0x73 },
+      61 /* Bin Number */
+  },
+  {
+    /* Atos_TrustedRoot_2011 */
+    { 0xF3, 0x56, 0xBE, 0xA2, 0x44, 0xB7, 0xA9, 0x1E, 0xB3, 0x5D, 0x53, 0xCA, 0x9A, 0xD7, 0x86, 0x4A,
+      0xCE, 0x01, 0x8E, 0x2D, 0x35, 0xD5, 0xF8, 0xF9, 0x6D, 0xDF, 0x68, 0xA6, 0xF4, 0x1A, 0xA4, 0x74 },
+      143 /* Bin Number */
+  },
+  {
+    /* CA_Disig_Root_R1 */
+    { 0xF9, 0x6F, 0x23, 0xF4, 0xC3, 0xE7, 0x9C, 0x07, 0x7A, 0x46, 0x98, 0x8D, 0x5A, 0xF5, 0x90, 0x06,
+      0x76, 0xA0, 0xF0, 0x39, 0xCB, 0x64, 0x5D, 0xD1, 0x75, 0x49, 0xB2, 0x16, 0xC8, 0x24, 0x40, 0xCE },
+      136 /* Bin Number */
+  },
+  {
+    /* Hongkong_Post_Root_CA_1 */
+    { 0xF9, 0xE6, 0x7D, 0x33, 0x6C, 0x51, 0x00, 0x2A, 0xC0, 0x54, 0xC6, 0x32, 0x02, 0x2D, 0x66, 0xDD,
+      0xA2, 0xE7, 0xE3, 0xFF, 0xF1, 0x0A, 0xD0, 0x61, 0xED, 0x31, 0xD8, 0xBB, 0xB4, 0x10, 0xCF, 0xB2 },
+      96 /* Bin Number */
+  },
+  {
+    /* Certinomis___Autorit__Racine */
+    { 0xFC, 0xBF, 0xE2, 0x88, 0x62, 0x06, 0xF7, 0x2B, 0x27, 0x59, 0x3C, 0x8B, 0x07, 0x02, 0x97, 0xE1,
+      0x2D, 0x76, 0x9E, 0xD1, 0x0E, 0xD7, 0x93, 0x07, 0x05, 0xA8, 0x09, 0x8E, 0xFF, 0xC1, 0x4D, 0x17 },
+      114 /* Bin Number */
+  },
+  {
+    /* T_TeleSec_GlobalRoot_Class_3 */
+    { 0xFD, 0x73, 0xDA, 0xD3, 0x1C, 0x64, 0x4F, 0xF1, 0xB4, 0x3B, 0xEF, 0x0C, 0xCD, 0xDA, 0x96, 0x71,
+      0x0B, 0x9C, 0xD9, 0x87, 0x5E, 0xCA, 0x7E, 0x31, 0x70, 0x7A, 0xF3, 0xE9, 0x6D, 0x52, 0x2B, 0xBD },
+      127 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Global_CA */
+    { 0xFF, 0x85, 0x6A, 0x2D, 0x25, 0x1D, 0xCD, 0x88, 0xD3, 0x66, 0x56, 0xF4, 0x50, 0x12, 0x67, 0x98,
+      0xCF, 0xAB, 0xAA, 0xDE, 0x40, 0x79, 0x9C, 0x72, 0x2D, 0xE4, 0xD2, 0xB5, 0xDB, 0x36, 0xA7, 0x3A },
+      20 /* Bin Number */
+  },
+};
+
diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp
new file mode 100644
index 000000000..4ef79f54a
--- /dev/null
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -0,0 +1,1795 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// For connections that are not processed on the socket transport thread, we do
+// NOT use the async logic described below. Instead, we authenticate the
+// certificate on the thread that the connection's I/O happens on,
+// synchronously. This allows us to do certificate verification for blocking
+// (not non-blocking) sockets and sockets that have their I/O processed on a
+// thread other than the socket transport service thread. Also, we DO NOT
+// support blocking sockets on the socket transport service thread at all.
+//
+// During certificate authentication, we call CERT_PKIXVerifyCert or
+// CERT_VerifyCert. These functions may make zero or more HTTP requests
+// for OCSP responses, CRLs, intermediate certificates, etc. Our fetching logic
+// for these requests processes them on the socket transport service thread.
+//
+// If the connection for which we are verifying the certificate is happening
+// on the socket transport thread (the usually case, at least for HTTP), then
+// if our cert auth hook were to call the CERT_*Verify* functions directly,
+// there would be a deadlock: The CERT_*Verify* function would cause an event
+// to be asynchronously posted to the socket transport thread, and then it
+// would block the socket transport thread waiting to be notified of the HTTP
+// response. However, the HTTP request would never actually be processed
+// because the socket transport thread would be blocked and so it wouldn't be
+// able process HTTP requests. (i.e. Deadlock.)
+//
+// Consequently, when we are asked to verify a certificate on the socket
+// transport service thread, we must always call the CERT_*Verify* cert
+// functions on another thread. To accomplish this, our auth cert hook
+// dispatches a SSLServerCertVerificationJob to a pool of background threads,
+// and then immediately returns SECWouldBlock to libssl. These jobs are where
+// the CERT_*Verify* functions are actually called.
+//
+// When our auth cert hook returns SECWouldBlock, libssl will carry on the
+// handshake while we validate the certificate. This will free up the socket
+// transport thread so that HTTP requests--in particular, the OCSP/CRL/cert
+// requests needed for cert verification as mentioned above--can be processed.
+//
+// Once the CERT_*Verify* function returns, the cert verification job
+// dispatches a SSLServerCertVerificationResult to the socket transport thread;
+// the SSLServerCertVerificationResult will notify libssl that the certificate
+// authentication is complete. Once libssl is notified that the authentication
+// is complete, it will continue the SSL handshake (if it hasn't already
+// finished) and it will begin allowing us to send/receive data on the
+// connection.
+//
+// Timeline of events (for connections managed by the socket transport service):
+//
+//    * libssl calls SSLServerCertVerificationJob::Dispatch on the socket
+//      transport thread.
+//    * SSLServerCertVerificationJob::Dispatch queues a job
+//      (instance of SSLServerCertVerificationJob) to its background thread
+//      pool and returns.
+//    * One of the background threads calls CERT_*Verify*, which may enqueue
+//      some HTTP request(s) onto the socket transport thread, and then
+//      blocks that background thread waiting for the responses and/or timeouts
+//      or errors for those requests.
+//    * Once those HTTP responses have all come back or failed, the
+//      CERT_*Verify* function returns a result indicating that the validation
+//      succeeded or failed.
+//    * If the validation succeeded, then a SSLServerCertVerificationResult
+//      event is posted to the socket transport thread, and the cert
+//      verification thread becomes free to verify other certificates.
+//    * Otherwise, a CertErrorRunnable is posted to the socket transport thread
+//      and then to the main thread (blocking both, see CertErrorRunnable) to
+//      do cert override processing and bad cert listener notification. Then
+//      the cert verification thread becomes free to verify other certificates.
+//    * After processing cert overrides, the CertErrorRunnable will dispatch a
+//      SSLServerCertVerificationResult event to the socket transport thread to
+//      notify it of the result of the override processing; then it returns,
+//      freeing up the main thread.
+//    * The SSLServerCertVerificationResult event will either wake up the
+//      socket (using SSL_RestartHandshakeAfterServerCert) if validation
+//      succeeded or there was an error override, or it will set an error flag
+//      so that the next I/O operation on the socket will fail, causing the
+//      socket transport thread to close the connection.
+//
+// Cert override processing must happen on the main thread because it accesses
+// the nsICertOverrideService, and that service must be accessed on the main
+// thread because some extensions (Selenium, in particular) replace it with a
+// Javascript implementation, and chrome JS must always be run on the main
+// thread.
+//
+// SSLServerCertVerificationResult must be dispatched to the socket transport
+// thread because we must only call SSL_* functions on the socket transport
+// thread since they may do I/O, because many parts of nsNSSSocketInfo (the
+// subclass of TransportSecurityInfo used when validating certificates during
+// an SSL handshake) and the PSM NSS I/O layer are not thread-safe, and because
+// we need the event to interrupt the PR_Poll that may waiting for I/O on the
+// socket for which we are validating the cert.
+
+#include "SSLServerCertVerification.h"
+
+#include <cstring>
+
+#include "BRNameMatchingPolicy.h"
+#include "CertVerifier.h"
+#include "CryptoTask.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "PSMRunnable.h"
+#include "RootCertificateTelemetryUtils.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "SharedSSLState.h"
+#include "TransportSecurityInfo.h" // For RememberCertErrorsTable
+#include "cert.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/Unused.h"
+#include "mozilla/net/DNS.h"
+#include "nsComponentManagerUtils.h"
+#include "nsContentUtils.h"
+#include "nsIBadCertListener2.h"
+#include "nsICertOverrideService.h"
+#include "nsISiteSecurityService.h"
+#include "nsISocketProvider.h"
+#include "nsIThreadPool.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSIOLayer.h"
+#include "nsNSSShutDown.h"
+#include "nsSSLStatus.h"
+#include "nsServiceManagerUtils.h"
+#include "nsURLHelper.h"
+#include "nsXPCOMCIDInternal.h"
+#include "pkix/pkix.h"
+#include "pkix/pkixnss.h"
+#include "secerr.h"
+#include "secoidt.h"
+#include "secport.h"
+#include "ssl.h"
+#include "sslerr.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+using namespace mozilla::pkix;
+
+namespace mozilla { namespace psm {
+
+namespace {
+
+// do not use a nsCOMPtr to avoid static initializer/destructor
+nsIThreadPool* gCertVerificationThreadPool = nullptr;
+
+// We avoid using a mutex for the success case to avoid lock-related
+// performance issues. However, we do use a lock in the error case to simplify
+// the code, since performance in the error case is not important.
+Mutex* gSSLVerificationTelemetryMutex = nullptr;
+
+// We add a mutex to serialize PKCS11 database operations
+Mutex* gSSLVerificationPK11Mutex = nullptr;
+
+} // unnamed namespace
+
+// Called when the socket transport thread starts, to initialize the SSL cert
+// verification thread pool. By tying the thread pool startup/shutdown directly
+// to the STS thread's lifetime, we ensure that they are *always* available for
+// SSL connections and that there are no races during startup and especially
+// shutdown. (Previously, we have had multiple problems with races in PSM
+// background threads, and the race-prevention/shutdown logic used there is
+// brittle. Since this service is critical to things like downloading updates,
+// we take no chances.) Also, by doing things this way, we avoid the need for
+// locks, since gCertVerificationThreadPool is only ever accessed on the socket
+// transport thread.
+void
+InitializeSSLServerCertVerificationThreads()
+{
+  gSSLVerificationTelemetryMutex = new Mutex("SSLVerificationTelemetryMutex");
+  gSSLVerificationPK11Mutex = new Mutex("SSLVerificationPK11Mutex");
+  // TODO: tuning, make parameters preferences
+  // XXX: instantiate nsThreadPool directly, to make this more bulletproof.
+  // Currently, the nsThreadPool.h header isn't exported for us to do so.
+  nsresult rv = CallCreateInstance(NS_THREADPOOL_CONTRACTID,
+                                   &gCertVerificationThreadPool);
+  if (NS_FAILED(rv)) {
+    NS_WARNING("Failed to create SSL cert verification threads.");
+    return;
+  }
+
+  (void) gCertVerificationThreadPool->SetIdleThreadLimit(5);
+  (void) gCertVerificationThreadPool->SetIdleThreadTimeout(30 * 1000);
+  (void) gCertVerificationThreadPool->SetThreadLimit(5);
+  (void) gCertVerificationThreadPool->SetName(NS_LITERAL_CSTRING("SSL Cert"));
+}
+
+// Called when the socket transport thread finishes, to destroy the thread
+// pool. Since the socket transport service has stopped processing events, it
+// will not attempt any more SSL I/O operations, so it is clearly safe to shut
+// down the SSL cert verification infrastructure. Also, the STS will not
+// dispatch many SSL verification result events at this point, so any pending
+// cert verifications will (correctly) fail at the point they are dispatched.
+//
+// The other shutdown race condition that is possible is a race condition with
+// shutdown of the nsNSSComponent service. We use the
+// nsNSSShutdownPreventionLock where needed (not here) to prevent that.
+void StopSSLServerCertVerificationThreads()
+{
+  if (gCertVerificationThreadPool) {
+    gCertVerificationThreadPool->Shutdown();
+    NS_RELEASE(gCertVerificationThreadPool);
+  }
+  if (gSSLVerificationTelemetryMutex) {
+    delete gSSLVerificationTelemetryMutex;
+    gSSLVerificationTelemetryMutex = nullptr;
+  }
+  if (gSSLVerificationPK11Mutex) {
+    delete gSSLVerificationPK11Mutex;
+    gSSLVerificationPK11Mutex = nullptr;
+  }
+}
+
+namespace {
+
+void
+LogInvalidCertError(nsNSSSocketInfo* socketInfo,
+                    PRErrorCode errorCode,
+                    ::mozilla::psm::SSLErrorMessageType errorMessageType)
+{
+  nsString message;
+  socketInfo->GetErrorLogMessage(errorCode, errorMessageType, message);
+  if (!message.IsEmpty()) {
+    nsContentUtils::LogSimpleConsoleError(message, "SSL");
+  }
+}
+
+// Dispatched to the STS thread to notify the infoObject of the verification
+// result.
+//
+// This will cause the PR_Poll in the STS thread to return, so things work
+// correctly even if the STS thread is blocked polling (only) on the file
+// descriptor that is waiting for this result.
+class SSLServerCertVerificationResult : public Runnable
+{
+public:
+  NS_DECL_NSIRUNNABLE
+
+  SSLServerCertVerificationResult(nsNSSSocketInfo* infoObject,
+                                  PRErrorCode errorCode,
+                                  Telemetry::ID telemetryID = Telemetry::HistogramCount,
+                                  uint32_t telemetryValue = -1,
+                                  SSLErrorMessageType errorMessageType =
+                                      PlainErrorMessage);
+
+  void Dispatch();
+private:
+  const RefPtr<nsNSSSocketInfo> mInfoObject;
+public:
+  const PRErrorCode mErrorCode;
+  const SSLErrorMessageType mErrorMessageType;
+  const Telemetry::ID mTelemetryID;
+  const uint32_t mTelemetryValue;
+};
+
+class CertErrorRunnable : public SyncRunnableBase
+{
+ public:
+  CertErrorRunnable(const void* fdForLogging,
+                    nsIX509Cert* cert,
+                    nsNSSSocketInfo* infoObject,
+                    PRErrorCode defaultErrorCodeToReport,
+                    uint32_t collectedErrors,
+                    PRErrorCode errorCodeTrust,
+                    PRErrorCode errorCodeMismatch,
+                    PRErrorCode errorCodeTime,
+                    uint32_t providerFlags)
+    : mFdForLogging(fdForLogging), mCert(cert), mInfoObject(infoObject),
+      mDefaultErrorCodeToReport(defaultErrorCodeToReport),
+      mCollectedErrors(collectedErrors),
+      mErrorCodeTrust(errorCodeTrust),
+      mErrorCodeMismatch(errorCodeMismatch),
+      mErrorCodeTime(errorCodeTime),
+      mProviderFlags(providerFlags)
+  {
+  }
+
+  virtual void RunOnTargetThread();
+  RefPtr<SSLServerCertVerificationResult> mResult; // out
+private:
+  SSLServerCertVerificationResult* CheckCertOverrides();
+
+  const void* const mFdForLogging; // may become an invalid pointer; do not dereference
+  const nsCOMPtr<nsIX509Cert> mCert;
+  const RefPtr<nsNSSSocketInfo> mInfoObject;
+  const PRErrorCode mDefaultErrorCodeToReport;
+  const uint32_t mCollectedErrors;
+  const PRErrorCode mErrorCodeTrust;
+  const PRErrorCode mErrorCodeMismatch;
+  const PRErrorCode mErrorCodeTime;
+  const uint32_t mProviderFlags;
+};
+
+// A probe value of 1 means "no error".
+uint32_t
+MapOverridableErrorToProbeValue(PRErrorCode errorCode)
+{
+  switch (errorCode)
+  {
+    case SEC_ERROR_UNKNOWN_ISSUER:                     return  2;
+    case SEC_ERROR_CA_CERT_INVALID:                    return  3;
+    case SEC_ERROR_UNTRUSTED_ISSUER:                   return  4;
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:         return  5;
+    case SEC_ERROR_UNTRUSTED_CERT:                     return  6;
+    case SEC_ERROR_INADEQUATE_KEY_USAGE:               return  7;
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:  return  8;
+    case SSL_ERROR_BAD_CERT_DOMAIN:                    return  9;
+    case SEC_ERROR_EXPIRED_CERTIFICATE:                return 10;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA: return 12;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE: return 13;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE: return 14;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+      return 15;
+    case SEC_ERROR_INVALID_TIME: return 16;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME: return 17;
+  }
+  NS_WARNING("Unknown certificate error code. Does MapOverridableErrorToProbeValue "
+             "handle everything in DetermineCertOverrideErrors?");
+  return 0;
+}
+
+static uint32_t
+MapCertErrorToProbeValue(PRErrorCode errorCode)
+{
+  uint32_t probeValue;
+  switch (errorCode)
+  {
+    // see security/pkix/include/pkix/Result.h
+#define MOZILLA_PKIX_MAP(name, value, nss_name) case nss_name: probeValue = value; break;
+    MOZILLA_PKIX_MAP_LIST
+#undef MOZILLA_PKIX_MAP
+    default: return 0;
+  }
+
+  // Since FATAL_ERROR_FLAG is 0x800, fatal error values are much larger than
+  // non-fatal error values. To conserve space, we remap these so they start at
+  // (decimal) 90 instead of 0x800. Currently there are ~50 non-fatal errors
+  // mozilla::pkix might return, so saving space for 90 should be sufficient
+  // (similarly, there are 4 fatal errors, so saving space for 10 should also
+  // be sufficient).
+  static_assert(FATAL_ERROR_FLAG == 0x800,
+                "mozilla::pkix::FATAL_ERROR_FLAG is not what we were expecting");
+  if (probeValue & FATAL_ERROR_FLAG) {
+    probeValue ^= FATAL_ERROR_FLAG;
+    probeValue += 90;
+  }
+  return probeValue;
+}
+
+SECStatus
+DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
+                            const char* hostName,
+                            PRTime now, PRErrorCode defaultErrorCodeToReport,
+                            /*out*/ uint32_t& collectedErrors,
+                            /*out*/ PRErrorCode& errorCodeTrust,
+                            /*out*/ PRErrorCode& errorCodeMismatch,
+                            /*out*/ PRErrorCode& errorCodeTime)
+{
+  MOZ_ASSERT(cert);
+  MOZ_ASSERT(hostName);
+  MOZ_ASSERT(collectedErrors == 0);
+  MOZ_ASSERT(errorCodeTrust == 0);
+  MOZ_ASSERT(errorCodeMismatch == 0);
+  MOZ_ASSERT(errorCodeTime == 0);
+
+  // Assumes the error prioritization described in mozilla::pkix's
+  // BuildForward function. Also assumes that CheckCertHostname was only
+  // called if CertVerifier::VerifyCert succeeded.
+  switch (defaultErrorCodeToReport) {
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME:
+    {
+      collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED;
+      errorCodeTrust = defaultErrorCodeToReport;
+
+      SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert.get(), now,
+                                                              false);
+      if (validity == secCertTimeUndetermined) {
+        // This only happens if cert is null. CERT_CheckCertValidTimes will
+        // have set the error code to SEC_ERROR_INVALID_ARGS. We should really
+        // be using mozilla::pkix here anyway.
+        MOZ_ASSERT(PR_GetError() == SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+      }
+      if (validity == secCertTimeExpired) {
+        collectedErrors |= nsICertOverrideService::ERROR_TIME;
+        errorCodeTime = SEC_ERROR_EXPIRED_CERTIFICATE;
+      } else if (validity == secCertTimeNotValidYet) {
+        collectedErrors |= nsICertOverrideService::ERROR_TIME;
+        errorCodeTime =
+          mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE;
+      }
+      break;
+    }
+
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
+      collectedErrors = nsICertOverrideService::ERROR_TIME;
+      errorCodeTime = defaultErrorCodeToReport;
+      break;
+
+    case SSL_ERROR_BAD_CERT_DOMAIN:
+      collectedErrors = nsICertOverrideService::ERROR_MISMATCH;
+      errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN;
+      break;
+
+    case 0:
+      NS_ERROR("No error code set during certificate validation failure.");
+      PR_SetError(PR_INVALID_STATE_ERROR, 0);
+      return SECFailure;
+
+    default:
+      PR_SetError(defaultErrorCodeToReport, 0);
+      return SECFailure;
+  }
+
+  if (defaultErrorCodeToReport != SSL_ERROR_BAD_CERT_DOMAIN) {
+    Input certInput;
+    if (certInput.Init(cert->derCert.data, cert->derCert.len) != Success) {
+      PR_SetError(SEC_ERROR_BAD_DER, 0);
+      return SECFailure;
+    }
+    Input hostnameInput;
+    Result result = hostnameInput.Init(
+      BitwiseCast<const uint8_t*, const char*>(hostName),
+      strlen(hostName));
+    if (result != Success) {
+      PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+      return SECFailure;
+    }
+    // Use a lax policy so as to not generate potentially spurious name
+    // mismatch "hints".
+    BRNameMatchingPolicy nameMatchingPolicy(
+      BRNameMatchingPolicy::Mode::DoNotEnforce);
+    // CheckCertHostname expects that its input represents a certificate that
+    // has already been successfully validated by BuildCertChain. This is
+    // obviously not the case, however, because we're in the error path of
+    // certificate verification. Thus, this is problematic. In the future, it
+    // would be nice to remove this optimistic additional error checking and
+    // simply punt to the front-end, which can more easily (and safely) perform
+    // extra checks to give the user hints as to why verification failed.
+    result = CheckCertHostname(certInput, hostnameInput, nameMatchingPolicy);
+    // Treat malformed name information as a domain mismatch.
+    if (result == Result::ERROR_BAD_DER ||
+        result == Result::ERROR_BAD_CERT_DOMAIN) {
+      collectedErrors |= nsICertOverrideService::ERROR_MISMATCH;
+      errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN;
+    } else if (IsFatalError(result)) {
+      // Because its input has not been validated by BuildCertChain,
+      // CheckCertHostname can return an error that is less important than the
+      // original certificate verification error. Only return an error result
+      // from this function if we've encountered a fatal error.
+      PR_SetError(MapResultToPRErrorCode(result), 0);
+      return SECFailure;
+    }
+  }
+
+  return SECSuccess;
+}
+
+SSLServerCertVerificationResult*
+CertErrorRunnable::CheckCertOverrides()
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p][%p] top of CheckCertOverrides\n",
+                                    mFdForLogging, this));
+  // "Use" mFdForLogging in non-PR_LOGGING builds, too, to suppress
+  // clang's -Wunused-private-field build warning for this variable:
+  Unused << mFdForLogging;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("CertErrorRunnable::CheckCertOverrides called off main thread");
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+
+  int32_t port;
+  mInfoObject->GetPort(&port);
+
+  nsAutoCString hostWithPortString(mInfoObject->GetHostName());
+  hostWithPortString.Append(':');
+  hostWithPortString.AppendInt(port);
+
+  uint32_t remaining_display_errors = mCollectedErrors;
+
+
+  // If this is an HTTP Strict Transport Security host or a pinned host and the
+  // certificate is bad, don't allow overrides (RFC 6797 section 12.1,
+  // HPKP draft spec section 2.6).
+  bool strictTransportSecurityEnabled = false;
+  bool hasPinningInformation = false;
+  nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
+  if (!sss) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] couldn't get nsISiteSecurityService to check for HSTS/HPKP\n",
+            mFdForLogging, this));
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+  nsresult nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HSTS,
+                                    mInfoObject->GetHostNameRaw(),
+                                    mProviderFlags,
+                                    nullptr,
+                                    &strictTransportSecurityEnabled);
+  if (NS_FAILED(nsrv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] checking for HSTS failed\n", mFdForLogging, this));
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+  nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HPKP,
+                           mInfoObject->GetHostNameRaw(),
+                           mProviderFlags,
+                           nullptr,
+                           &hasPinningInformation);
+  if (NS_FAILED(nsrv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] checking for HPKP failed\n", mFdForLogging, this));
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+
+  if (!strictTransportSecurityEnabled && !hasPinningInformation) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] no HSTS or HPKP - overrides allowed\n",
+            mFdForLogging, this));
+    nsCOMPtr<nsICertOverrideService> overrideService =
+      do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+    // it is fine to continue without the nsICertOverrideService
+
+    uint32_t overrideBits = 0;
+
+    if (overrideService)
+    {
+      bool haveOverride;
+      bool isTemporaryOverride; // we don't care
+      const nsACString& hostString(mInfoObject->GetHostName());
+      nsrv = overrideService->HasMatchingOverride(hostString, port,
+                                                  mCert,
+                                                  &overrideBits,
+                                                  &isTemporaryOverride,
+                                                  &haveOverride);
+      if (NS_SUCCEEDED(nsrv) && haveOverride)
+      {
+       // remove the errors that are already overriden
+        remaining_display_errors &= ~overrideBits;
+      }
+    }
+
+    if (!remaining_display_errors) {
+      // This can double- or triple-count one certificate with multiple
+      // different types of errors. Since this is telemetry and we just
+      // want a ballpark answer, we don't care.
+      if (mErrorCodeTrust != 0) {
+        uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTrust);
+        Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
+      }
+      if (mErrorCodeMismatch != 0) {
+        uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeMismatch);
+        Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
+      }
+      if (mErrorCodeTime != 0) {
+        uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTime);
+        Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
+      }
+
+      // all errors are covered by override rules, so let's accept the cert
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("[%p][%p] All errors covered by override rules\n",
+             mFdForLogging, this));
+      return new SSLServerCertVerificationResult(mInfoObject, 0);
+    }
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] HSTS or HPKP - no overrides allowed\n",
+            mFdForLogging, this));
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p][%p] Certificate error was not overridden\n",
+         mFdForLogging, this));
+
+  // Ok, this is a full stop.
+  // First, deliver the technical details of the broken SSL status.
+
+  // Try to get a nsIBadCertListener2 implementation from the socket consumer.
+  nsCOMPtr<nsISSLSocketControl> sslSocketControl = do_QueryInterface(
+    NS_ISUPPORTS_CAST(nsITransportSecurityInfo*, mInfoObject));
+  if (sslSocketControl) {
+    nsCOMPtr<nsIInterfaceRequestor> cb;
+    sslSocketControl->GetNotificationCallbacks(getter_AddRefs(cb));
+    if (cb) {
+      nsCOMPtr<nsIBadCertListener2> bcl = do_GetInterface(cb);
+      if (bcl) {
+        nsIInterfaceRequestor* csi
+          = static_cast<nsIInterfaceRequestor*>(mInfoObject);
+        bool suppressMessage = false; // obsolete, ignored
+        nsrv = bcl->NotifyCertProblem(csi, mInfoObject->SSLStatus(),
+                                      hostWithPortString, &suppressMessage);
+      }
+    }
+  }
+
+  // pick the error code to report by priority
+  PRErrorCode errorCodeToReport = mErrorCodeTrust    ? mErrorCodeTrust
+                                : mErrorCodeMismatch ? mErrorCodeMismatch
+                                : mErrorCodeTime     ? mErrorCodeTime
+                                : mDefaultErrorCodeToReport;
+
+  SSLServerCertVerificationResult* result =
+    new SSLServerCertVerificationResult(mInfoObject,
+                                        errorCodeToReport,
+                                        Telemetry::HistogramCount,
+                                        -1,
+                                        OverridableCertErrorMessage);
+
+  LogInvalidCertError(mInfoObject,
+                      result->mErrorCode,
+                      result->mErrorMessageType);
+
+  return result;
+}
+
+void
+CertErrorRunnable::RunOnTargetThread()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  mResult = CheckCertOverrides();
+
+  MOZ_ASSERT(mResult);
+}
+
+// Returns null with the error code (PR_GetError()) set if it does not create
+// the CertErrorRunnable.
+CertErrorRunnable*
+CreateCertErrorRunnable(CertVerifier& certVerifier,
+                        PRErrorCode defaultErrorCodeToReport,
+                        nsNSSSocketInfo* infoObject,
+                        const UniqueCERTCertificate& cert,
+                        const void* fdForLogging,
+                        uint32_t providerFlags,
+                        PRTime now)
+{
+  MOZ_ASSERT(infoObject);
+  MOZ_ASSERT(cert);
+
+  uint32_t probeValue = MapCertErrorToProbeValue(defaultErrorCodeToReport);
+  Telemetry::Accumulate(Telemetry::SSL_CERT_VERIFICATION_ERRORS, probeValue);
+
+  uint32_t collected_errors = 0;
+  PRErrorCode errorCodeTrust = 0;
+  PRErrorCode errorCodeMismatch = 0;
+  PRErrorCode errorCodeTime = 0;
+  if (DetermineCertOverrideErrors(cert, infoObject->GetHostNameRaw(), now,
+                                  defaultErrorCodeToReport, collected_errors,
+                                  errorCodeTrust, errorCodeMismatch,
+                                  errorCodeTime) != SECSuccess) {
+    // Attempt to enforce that if DetermineCertOverrideErrors failed,
+    // PR_SetError was set with a non-overridable error. This is because if we
+    // return from CreateCertErrorRunnable without calling
+    // infoObject->SetStatusErrorBits, we won't have the required information
+    // to actually add a certificate error override. This results in a broken
+    // UI which is annoying but not a security disaster.
+    MOZ_ASSERT(!ErrorIsOverridable(PR_GetError()));
+    return nullptr;
+  }
+
+  RefPtr<nsNSSCertificate> nssCert(nsNSSCertificate::Create(cert.get()));
+  if (!nssCert) {
+    NS_ERROR("nsNSSCertificate::Create failed");
+    PR_SetError(SEC_ERROR_NO_MEMORY, 0);
+    return nullptr;
+  }
+
+  if (!collected_errors) {
+    // This will happen when CERT_*Verify* only returned error(s) that are
+    // not on our whitelist of overridable certificate errors.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] !collected_errors: %d\n",
+           fdForLogging, static_cast<int>(defaultErrorCodeToReport)));
+    PR_SetError(defaultErrorCodeToReport, 0);
+    return nullptr;
+  }
+
+  infoObject->SetStatusErrorBits(nssCert, collected_errors);
+
+  return new CertErrorRunnable(fdForLogging,
+                               static_cast<nsIX509Cert*>(nssCert.get()),
+                               infoObject, defaultErrorCodeToReport,
+                               collected_errors, errorCodeTrust,
+                               errorCodeMismatch, errorCodeTime,
+                               providerFlags);
+}
+
+// When doing async cert processing, we dispatch one of these runnables to the
+// socket transport service thread, which blocks the socket transport
+// service thread while it waits for the inner CertErrorRunnable to execute
+// CheckCertOverrides on the main thread. CheckCertOverrides must block events
+// on both of these threads because it calls TransportSecurityInfo::GetInterface(),
+// which may call nsHttpConnection::GetInterface() through
+// TransportSecurityInfo::mCallbacks. nsHttpConnection::GetInterface must always
+// execute on the main thread, with the socket transport service thread
+// blocked.
+class CertErrorRunnableRunnable : public Runnable
+{
+public:
+  explicit CertErrorRunnableRunnable(CertErrorRunnable* certErrorRunnable)
+    : mCertErrorRunnable(certErrorRunnable)
+  {
+  }
+private:
+  NS_IMETHOD Run() override
+  {
+    nsresult rv = mCertErrorRunnable->DispatchToMainThreadAndWait();
+    // The result must run on the socket transport thread, which we are already
+    // on, so we can just run it directly, instead of dispatching it.
+    if (NS_SUCCEEDED(rv)) {
+      rv = mCertErrorRunnable->mResult ? mCertErrorRunnable->mResult->Run()
+                                       : NS_ERROR_UNEXPECTED;
+    }
+    return rv;
+  }
+  RefPtr<CertErrorRunnable> mCertErrorRunnable;
+};
+
+class SSLServerCertVerificationJob : public Runnable
+{
+public:
+  // Must be called only on the socket transport thread
+  static SECStatus Dispatch(const RefPtr<SharedCertVerifier>& certVerifier,
+                            const void* fdForLogging,
+                            nsNSSSocketInfo* infoObject,
+                            const UniqueCERTCertificate& serverCert,
+                            const UniqueCERTCertList& peerCertChain,
+                            const SECItem* stapledOCSPResponse,
+                            const SECItem* sctsFromTLSExtension,
+                            uint32_t providerFlags,
+                            Time time,
+                            PRTime prtime);
+private:
+  NS_DECL_NSIRUNNABLE
+
+  // Must be called only on the socket transport thread
+  SSLServerCertVerificationJob(const RefPtr<SharedCertVerifier>& certVerifier,
+                               const void* fdForLogging,
+                               nsNSSSocketInfo* infoObject,
+                               const UniqueCERTCertificate& cert,
+                               UniqueCERTCertList peerCertChain,
+                               const SECItem* stapledOCSPResponse,
+                               const SECItem* sctsFromTLSExtension,
+                               uint32_t providerFlags,
+                               Time time,
+                               PRTime prtime);
+  const RefPtr<SharedCertVerifier> mCertVerifier;
+  const void* const mFdForLogging;
+  const RefPtr<nsNSSSocketInfo> mInfoObject;
+  const UniqueCERTCertificate mCert;
+  UniqueCERTCertList mPeerCertChain;
+  const uint32_t mProviderFlags;
+  const Time mTime;
+  const PRTime mPRTime;
+  const TimeStamp mJobStartTime;
+  const UniqueSECItem mStapledOCSPResponse;
+  const UniqueSECItem mSCTsFromTLSExtension;
+};
+
+SSLServerCertVerificationJob::SSLServerCertVerificationJob(
+    const RefPtr<SharedCertVerifier>& certVerifier, const void* fdForLogging,
+    nsNSSSocketInfo* infoObject, const UniqueCERTCertificate& cert,
+    UniqueCERTCertList peerCertChain, const SECItem* stapledOCSPResponse,
+    const SECItem* sctsFromTLSExtension,
+    uint32_t providerFlags, Time time, PRTime prtime)
+  : mCertVerifier(certVerifier)
+  , mFdForLogging(fdForLogging)
+  , mInfoObject(infoObject)
+  , mCert(CERT_DupCertificate(cert.get()))
+  , mPeerCertChain(Move(peerCertChain))
+  , mProviderFlags(providerFlags)
+  , mTime(time)
+  , mPRTime(prtime)
+  , mJobStartTime(TimeStamp::Now())
+  , mStapledOCSPResponse(SECITEM_DupItem(stapledOCSPResponse))
+  , mSCTsFromTLSExtension(SECITEM_DupItem(sctsFromTLSExtension))
+{
+}
+
+// This function assumes that we will only use the SPDY connection coalescing
+// feature on connections where we have negotiated SPDY using NPN. If we ever
+// talk SPDY without having negotiated it with SPDY, this code will give wrong
+// and perhaps unsafe results.
+//
+// Returns SECSuccess on the initial handshake of all connections, on
+// renegotiations for any connections where we did not negotiate SPDY, or on any
+// SPDY connection where the server's certificate did not change.
+//
+// Prohibit changing the server cert only if we negotiated SPDY,
+// in order to support SPDY's cross-origin connection pooling.
+static SECStatus
+BlockServerCertChangeForSpdy(nsNSSSocketInfo* infoObject,
+                             const UniqueCERTCertificate& serverCert)
+{
+  // Get the existing cert. If there isn't one, then there is
+  // no cert change to worry about.
+  nsCOMPtr<nsIX509Cert> cert;
+
+  RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+  if (!status) {
+    // If we didn't have a status, then this is the
+    // first handshake on this connection, not a
+    // renegotiation.
+    return SECSuccess;
+  }
+
+  status->GetServerCert(getter_AddRefs(cert));
+  if (!cert) {
+    NS_NOTREACHED("every nsSSLStatus must have a cert"
+                  "that implements nsIX509Cert");
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+
+  // Filter out sockets that did not neogtiate SPDY via NPN
+  nsAutoCString negotiatedNPN;
+  nsresult rv = infoObject->GetNegotiatedNPN(negotiatedNPN);
+  NS_ASSERTION(NS_SUCCEEDED(rv),
+               "GetNegotiatedNPN() failed during renegotiation");
+
+  if (NS_SUCCEEDED(rv) && !StringBeginsWith(negotiatedNPN,
+                                            NS_LITERAL_CSTRING("spdy/"))) {
+    return SECSuccess;
+  }
+  // If GetNegotiatedNPN() failed we will assume spdy for safety's safe
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BlockServerCertChangeForSpdy failed GetNegotiatedNPN() call."
+            " Assuming spdy.\n"));
+  }
+
+  // Check to see if the cert has actually changed
+  UniqueCERTCertificate c(cert->GetCert());
+  NS_ASSERTION(c, "very bad and hopefully impossible state");
+  bool sameCert = CERT_CompareCerts(c.get(), serverCert.get());
+  if (sameCert) {
+    return SECSuccess;
+  }
+
+  // Report an error - changed cert is confirmed
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("SPDY Refused to allow new cert during renegotiation\n"));
+  PR_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, 0);
+  return SECFailure;
+}
+
+void
+AccumulateSubjectCommonNameTelemetry(const char* commonName,
+                                     bool commonNameInSubjectAltNames)
+{
+  if (!commonName) {
+    // 1 means no common name present
+    Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 1);
+  } else if (!commonNameInSubjectAltNames) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: common name '%s' not in subject alt. names "
+            "(or the subject alt. names extension is not present)\n",
+            commonName));
+    // 2 means the common name is not present in subject alt names
+    Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 2);
+  } else {
+    // 0 means the common name is present in subject alt names
+    Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 0);
+  }
+}
+
+// Returns true if and only if commonName ends with altName (minus its leading
+// "*"). altName has already been checked to be of the form "*.<something>".
+// commonName may be NULL.
+static bool
+TryMatchingWildcardSubjectAltName(const char* commonName,
+                                  const nsACString& altName)
+{
+  return commonName &&
+         StringEndsWith(nsDependentCString(commonName), Substring(altName, 1));
+}
+
+// Gathers telemetry on Baseline Requirements 9.2.1 (Subject Alternative
+// Names Extension) and 9.2.2 (Subject Common Name Field).
+// Specifically:
+//  - whether or not the subject common name field is present
+//  - whether or not the subject alternative names extension is present
+//  - if there is a malformed entry in the subject alt. names extension
+//  - if there is an entry in the subject alt. names extension corresponding
+//    to the subject common name
+// Telemetry is only gathered for certificates that chain to a trusted root
+// in Mozilla's Root CA program.
+// certList consists of a validated certificate chain. The end-entity
+// certificate is first and the root (trust anchor) is last.
+void
+GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList);
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  PR_ASSERT(!(CERT_LIST_END(endEntityNode, certList) ||
+              CERT_LIST_END(rootNode, certList)));
+  if (CERT_LIST_END(endEntityNode, certList) ||
+      CERT_LIST_END(rootNode, certList)) {
+    return;
+  }
+  CERTCertificate* cert = endEntityNode->cert;
+  PR_ASSERT(cert);
+  if (!cert) {
+    return;
+  }
+  UniquePORTString commonName(CERT_GetCommonName(&cert->subject));
+  // This only applies to certificates issued by authorities in our root
+  // program.
+  CERTCertificate* rootCert = rootNode->cert;
+  PR_ASSERT(rootCert);
+  if (!rootCert) {
+    return;
+  }
+  bool isBuiltIn = false;
+  Result result = IsCertBuiltInRoot(rootCert, isBuiltIn);
+  if (result != Success || !isBuiltIn) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: root certificate for '%s' is not a built-in root "
+            "(or IsCertBuiltInRoot failed)\n", commonName.get()));
+    return;
+  }
+  ScopedAutoSECItem altNameExtension;
+  SECStatus rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
+                                        &altNameExtension);
+  if (rv != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: no subject alt names extension for '%s'\n",
+            commonName.get()));
+    // 1 means there is no subject alt names extension
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 1);
+    AccumulateSubjectCommonNameTelemetry(commonName.get(), false);
+    return;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  CERTGeneralName* subjectAltNames =
+    CERT_DecodeAltNameExtension(arena.get(), &altNameExtension);
+  if (!subjectAltNames) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: could not decode subject alt names for '%s'\n",
+            commonName.get()));
+    // 2 means the subject alt names extension could not be decoded
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 2);
+    AccumulateSubjectCommonNameTelemetry(commonName.get(), false);
+    return;
+  }
+
+  CERTGeneralName* currentName = subjectAltNames;
+  bool commonNameInSubjectAltNames = false;
+  bool nonDNSNameOrIPAddressPresent = false;
+  bool malformedDNSNameOrIPAddressPresent = false;
+  bool nonFQDNPresent = false;
+  do {
+    nsAutoCString altName;
+    if (currentName->type == certDNSName) {
+      altName.Assign(BitwiseCast<char*, unsigned char*>(
+                       currentName->name.other.data),
+                     currentName->name.other.len);
+      nsDependentCString altNameWithoutWildcard(altName, 0);
+      if (StringBeginsWith(altNameWithoutWildcard, NS_LITERAL_CSTRING("*."))) {
+        altNameWithoutWildcard.Rebind(altName, 2);
+        commonNameInSubjectAltNames |=
+          TryMatchingWildcardSubjectAltName(commonName.get(), altName);
+      }
+      // net_IsValidHostName appears to return true for valid IP addresses,
+      // which would be invalid for a DNS name.
+      // Note that the net_IsValidHostName check will catch things like
+      // "a.*.example.com".
+      if (!net_IsValidHostName(altNameWithoutWildcard) ||
+          net_IsValidIPv4Addr(altName.get(), altName.Length()) ||
+          net_IsValidIPv6Addr(altName.get(), altName.Length())) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: DNSName '%s' not valid (for '%s')\n",
+                altName.get(), commonName.get()));
+        malformedDNSNameOrIPAddressPresent = true;
+      }
+      if (!altName.Contains('.')) {
+        nonFQDNPresent = true;
+      }
+    } else if (currentName->type == certIPAddress) {
+      // According to DNS.h, this includes space for the null-terminator
+      char buf[net::kNetAddrMaxCStrBufSize] = { 0 };
+      PRNetAddr addr;
+      if (currentName->name.other.len == 4) {
+        addr.inet.family = PR_AF_INET;
+        memcpy(&addr.inet.ip, currentName->name.other.data,
+               currentName->name.other.len);
+        if (PR_NetAddrToString(&addr, buf, sizeof(buf) - 1) != PR_SUCCESS) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: IPAddress (v4) not valid (for '%s')\n",
+                commonName.get()));
+          malformedDNSNameOrIPAddressPresent = true;
+        } else {
+          altName.Assign(buf);
+        }
+      } else if (currentName->name.other.len == 16) {
+        addr.inet.family = PR_AF_INET6;
+        memcpy(&addr.ipv6.ip, currentName->name.other.data,
+               currentName->name.other.len);
+        if (PR_NetAddrToString(&addr, buf, sizeof(buf) - 1) != PR_SUCCESS) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: IPAddress (v6) not valid (for '%s')\n",
+                commonName.get()));
+          malformedDNSNameOrIPAddressPresent = true;
+        } else {
+          altName.Assign(buf);
+        }
+      } else {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: IPAddress not valid (for '%s')\n",
+                commonName.get()));
+        malformedDNSNameOrIPAddressPresent = true;
+      }
+    } else {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("BR telemetry: non-DNSName, non-IPAddress present for '%s'\n",
+              commonName.get()));
+      nonDNSNameOrIPAddressPresent = true;
+    }
+    if (commonName && altName.Equals(commonName.get())) {
+      commonNameInSubjectAltNames = true;
+    }
+    currentName = CERT_GetNextGeneralName(currentName);
+  } while (currentName && currentName != subjectAltNames);
+
+  if (nonDNSNameOrIPAddressPresent) {
+    // 3 means there's an entry that isn't an ip address or dns name
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 3);
+  }
+  if (malformedDNSNameOrIPAddressPresent) {
+    // 4 means there's a malformed ip address or dns name entry
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 4);
+  }
+  if (nonFQDNPresent) {
+    // 5 means there's a DNS name entry with a non-fully-qualified domain name
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 5);
+  }
+  if (!nonDNSNameOrIPAddressPresent && !malformedDNSNameOrIPAddressPresent &&
+      !nonFQDNPresent) {
+    // 0 means the extension is acceptable
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 0);
+  }
+
+  AccumulateSubjectCommonNameTelemetry(commonName.get(),
+                                       commonNameInSubjectAltNames);
+}
+
+// Gather telemetry on whether the end-entity cert for a server has the
+// required TLS Server Authentication EKU, or any others
+void
+GatherEKUTelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList);
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  PR_ASSERT(!(CERT_LIST_END(endEntityNode, certList) ||
+              CERT_LIST_END(rootNode, certList)));
+  if (CERT_LIST_END(endEntityNode, certList) ||
+      CERT_LIST_END(rootNode, certList)) {
+    return;
+  }
+  CERTCertificate* endEntityCert = endEntityNode->cert;
+  PR_ASSERT(endEntityCert);
+  if (!endEntityCert) {
+    return;
+  }
+
+  // Only log telemetry if the root CA is built-in
+  CERTCertificate* rootCert = rootNode->cert;
+  PR_ASSERT(rootCert);
+  if (!rootCert) {
+    return;
+  }
+  bool isBuiltIn = false;
+  Result rv = IsCertBuiltInRoot(rootCert, isBuiltIn);
+  if (rv != Success || !isBuiltIn) {
+    return;
+  }
+
+  // Find the EKU extension, if present
+  bool foundEKU = false;
+  SECOidTag oidTag;
+  CERTCertExtension* ekuExtension = nullptr;
+  for (size_t i = 0; endEntityCert->extensions && endEntityCert->extensions[i];
+       i++) {
+    oidTag = SECOID_FindOIDTag(&endEntityCert->extensions[i]->id);
+    if (oidTag == SEC_OID_X509_EXT_KEY_USAGE) {
+      foundEKU = true;
+      ekuExtension = endEntityCert->extensions[i];
+    }
+  }
+
+  if (!foundEKU) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 0);
+    return;
+  }
+
+  // Parse the EKU extension
+  UniqueCERTOidSequence ekuSequence(
+    CERT_DecodeOidSequence(&ekuExtension->value));
+  if (!ekuSequence) {
+    return;
+  }
+
+  // Search through the available EKUs
+  bool foundServerAuth = false;
+  bool foundOther = false;
+  for (SECItem** oids = ekuSequence->oids; oids && *oids; oids++) {
+    oidTag = SECOID_FindOIDTag(*oids);
+    if (oidTag == SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) {
+      foundServerAuth = true;
+    } else {
+      foundOther = true;
+    }
+  }
+
+  // Cases 3 is included only for completeness.  It should never
+  // appear in these statistics, because CheckExtendedKeyUsage()
+  // should require the EKU extension, if present, to contain the
+  // value id_kp_serverAuth.
+  if (foundServerAuth && !foundOther) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 1);
+  } else if (foundServerAuth && foundOther) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 2);
+  } else if (!foundServerAuth) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 3);
+  }
+}
+
+// Gathers telemetry on which CA is the root of a given cert chain.
+// If the root is a built-in root, then the telemetry makes a count
+// by root.  Roots that are not built-in are counted in one bin.
+void
+GatherRootCATelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  PR_ASSERT(rootNode);
+  if (!rootNode) {
+    return;
+  }
+  PR_ASSERT(!CERT_LIST_END(rootNode, certList));
+  if (CERT_LIST_END(rootNode, certList)) {
+    return;
+  }
+  CERTCertificate* rootCert = rootNode->cert;
+  PR_ASSERT(rootCert);
+  if (!rootCert) {
+    return;
+  }
+  AccumulateTelemetryForRootCA(Telemetry::CERT_VALIDATION_SUCCESS_BY_CA,
+                               rootCert);
+}
+
+// These time are appoximate, i.e., doesn't account for leap seconds, etc
+const uint64_t ONE_WEEK_IN_SECONDS = (7 * (24 * 60 *60));
+const uint64_t ONE_YEAR_IN_WEEKS   = 52;
+
+// Gathers telemetry on the certificate lifetimes we observe in the wild
+void
+GatherEndEntityTelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList);
+  MOZ_ASSERT(endEntityNode && !CERT_LIST_END(endEntityNode, certList));
+  if (!endEntityNode || CERT_LIST_END(endEntityNode, certList)) {
+    return;
+  }
+
+  CERTCertificate* endEntityCert = endEntityNode->cert;
+  PR_ASSERT(endEntityCert);
+  if (!endEntityCert) {
+    return;
+  }
+
+  PRTime notBefore;
+  PRTime notAfter;
+
+  if (CERT_GetCertTimes(endEntityCert, &notBefore, &notAfter) != SECSuccess) {
+    return;
+  }
+
+  PR_ASSERT(notAfter > notBefore);
+  if (notAfter <= notBefore) {
+    return;
+  }
+
+  uint64_t durationInWeeks = (notAfter - notBefore)
+    / PR_USEC_PER_SEC
+    / ONE_WEEK_IN_SECONDS;
+
+  if (durationInWeeks > (2 * ONE_YEAR_IN_WEEKS)) {
+    durationInWeeks = (2 * ONE_YEAR_IN_WEEKS) + 1;
+  }
+
+  Telemetry::Accumulate(Telemetry::SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME,
+      durationInWeeks);
+}
+
+// There are various things that we want to measure about certificate
+// chains that we accept.  This is a single entry point for all of them.
+void
+GatherSuccessfulValidationTelemetry(const UniqueCERTCertList& certList)
+{
+  GatherBaselineRequirementsTelemetry(certList);
+  GatherEKUTelemetry(certList);
+  GatherRootCATelemetry(certList);
+  GatherEndEntityTelemetry(certList);
+}
+
+void
+GatherTelemetryForSingleSCT(const ct::SignedCertificateTimestamp& sct)
+{
+  // See SSL_SCTS_ORIGIN in Histograms.json.
+  uint32_t origin = 0;
+  switch (sct.origin) {
+    case ct::SignedCertificateTimestamp::Origin::Embedded:
+      origin = 1;
+      break;
+    case ct::SignedCertificateTimestamp::Origin::TLSExtension:
+      origin = 2;
+      break;
+    case ct::SignedCertificateTimestamp::Origin::OCSPResponse:
+      origin = 3;
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected SCT::Origin type");
+  }
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_ORIGIN, origin);
+
+  // See SSL_SCTS_VERIFICATION_STATUS in Histograms.json.
+  uint32_t verificationStatus = 0;
+  switch (sct.verificationStatus) {
+    case ct::SignedCertificateTimestamp::VerificationStatus::OK:
+      verificationStatus = 1;
+      break;
+    case ct::SignedCertificateTimestamp::VerificationStatus::UnknownLog:
+      verificationStatus = 2;
+      break;
+    case ct::SignedCertificateTimestamp::VerificationStatus::InvalidSignature:
+      verificationStatus = 3;
+      break;
+    case ct::SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp:
+      verificationStatus = 4;
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type");
+  }
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS,
+                        verificationStatus);
+}
+
+void
+GatherCertificateTransparencyTelemetry(const UniqueCERTCertList& certList,
+                                       const CertificateTransparencyInfo& info)
+{
+  if (!info.enabled) {
+    // No telemetry is gathered when CT is disabled.
+    return;
+  }
+
+  if (!info.processedSCTs) {
+    // We didn't receive any SCT data for this connection.
+    Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, 0);
+    return;
+  }
+
+  for (const ct::SignedCertificateTimestamp& sct : info.verifyResult.scts) {
+    GatherTelemetryForSingleSCT(sct);
+  }
+
+  // Decoding errors are reported to the 0th bucket
+  // of the SSL_SCTS_VERIFICATION_STATUS enumerated probe.
+  for (size_t i = 0; i < info.verifyResult.decodingErrors; ++i) {
+    Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, 0);
+  }
+
+  // Handle the histogram of SCTs counts.
+  uint32_t sctsCount = static_cast<uint32_t>(info.verifyResult.scts.length());
+  // Note that sctsCount can be 0 in case we've received SCT binary data,
+  // but it failed to parse (e.g. due to unsupported CT protocol version).
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, sctsCount);
+}
+
+// Note: Takes ownership of |peerCertChain| if SECSuccess is not returned.
+SECStatus
+AuthCertificate(CertVerifier& certVerifier,
+                nsNSSSocketInfo* infoObject,
+                const UniqueCERTCertificate& cert,
+                UniqueCERTCertList& peerCertChain,
+                const SECItem* stapledOCSPResponse,
+                const SECItem* sctsFromTLSExtension,
+                uint32_t providerFlags,
+                Time time)
+{
+  MOZ_ASSERT(infoObject);
+  MOZ_ASSERT(cert);
+
+  // We want to avoid storing any intermediate cert information when browsing
+  // in private, transient contexts.
+  bool saveIntermediates =
+    !(providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE);
+
+  SECOidTag evOidPolicy;
+  UniqueCERTCertList certList;
+  CertVerifier::OCSPStaplingStatus ocspStaplingStatus =
+    CertVerifier::OCSP_STAPLING_NEVER_CHECKED;
+  KeySizeStatus keySizeStatus = KeySizeStatus::NeverChecked;
+  SHA1ModeResult sha1ModeResult = SHA1ModeResult::NeverChecked;
+  PinningTelemetryInfo pinningTelemetryInfo;
+  CertificateTransparencyInfo certificateTransparencyInfo;
+
+  int flags = 0;
+  if (!infoObject->SharedState().IsOCSPStaplingEnabled() ||
+      !infoObject->SharedState().IsOCSPMustStapleEnabled()) {
+    flags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  }
+
+  Result rv = certVerifier.VerifySSLServerCert(cert, stapledOCSPResponse,
+                                               sctsFromTLSExtension, time,
+                                               infoObject,
+                                               infoObject->GetHostNameRaw(),
+                                               certList, saveIntermediates,
+                                               flags, infoObject->
+                                                      GetOriginAttributes(),
+                                               &evOidPolicy,
+                                               &ocspStaplingStatus,
+                                               &keySizeStatus, &sha1ModeResult,
+                                               &pinningTelemetryInfo,
+                                               &certificateTransparencyInfo);
+
+  uint32_t evStatus = (rv != Success) ? 0                   // 0 = Failure
+                    : (evOidPolicy == SEC_OID_UNKNOWN) ? 1  // 1 = DV
+                    : 2;                                    // 2 = EV
+  Telemetry::Accumulate(Telemetry::CERT_EV_STATUS, evStatus);
+
+  if (ocspStaplingStatus != CertVerifier::OCSP_STAPLING_NEVER_CHECKED) {
+    Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, ocspStaplingStatus);
+  }
+  if (keySizeStatus != KeySizeStatus::NeverChecked) {
+    Telemetry::Accumulate(Telemetry::CERT_CHAIN_KEY_SIZE_STATUS,
+                          static_cast<uint32_t>(keySizeStatus));
+  }
+  if (sha1ModeResult != SHA1ModeResult::NeverChecked) {
+    Telemetry::Accumulate(Telemetry::CERT_CHAIN_SHA1_POLICY_STATUS,
+                          static_cast<uint32_t>(sha1ModeResult));
+  }
+
+  if (pinningTelemetryInfo.accumulateForRoot) {
+    Telemetry::Accumulate(Telemetry::CERT_PINNING_FAILURES_BY_CA,
+                          pinningTelemetryInfo.rootBucket);
+  }
+
+  if (pinningTelemetryInfo.accumulateResult) {
+    Telemetry::Accumulate(pinningTelemetryInfo.certPinningResultHistogram,
+                          pinningTelemetryInfo.certPinningResultBucket);
+  }
+
+  if (rv == Success) {
+    // Certificate verification succeeded. Delete any potential record of
+    // certificate error bits.
+    RememberCertErrorsTable::GetInstance().RememberCertHasError(infoObject,
+                                                                nullptr,
+                                                                SECSuccess);
+    GatherSuccessfulValidationTelemetry(certList);
+    GatherCertificateTransparencyTelemetry(certList,
+                                           certificateTransparencyInfo);
+
+    // The connection may get terminated, for example, if the server requires
+    // a client cert. Let's provide a minimal SSLStatus
+    // to the caller that contains at least the cert and its status.
+    RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+    if (!status) {
+      status = new nsSSLStatus();
+      infoObject->SetSSLStatus(status);
+    }
+
+    if (!status->HasServerCert()) {
+      EVStatus evStatus;
+      if (evOidPolicy == SEC_OID_UNKNOWN) {
+        evStatus = EVStatus::NotEV;
+      } else {
+        evStatus = EVStatus::EV;
+      }
+
+      RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert.get());
+      status->SetServerCert(nsc, evStatus);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("AuthCertificate setting NEW cert %p", nsc.get()));
+    }
+
+    status->SetCertificateTransparencyInfo(certificateTransparencyInfo);
+  }
+
+  if (rv != Success) {
+    // Certificate validation failed; store the peer certificate chain on
+    // infoObject so it can be used for error reporting.
+    infoObject->SetFailedCertChain(Move(peerCertChain));
+    PR_SetError(MapResultToPRErrorCode(rv), 0);
+  }
+
+  return rv == Success ? SECSuccess : SECFailure;
+}
+
+/*static*/ SECStatus
+SSLServerCertVerificationJob::Dispatch(
+  const RefPtr<SharedCertVerifier>& certVerifier,
+  const void* fdForLogging,
+  nsNSSSocketInfo* infoObject,
+  const UniqueCERTCertificate& serverCert,
+  const UniqueCERTCertList& peerCertChain,
+  const SECItem* stapledOCSPResponse,
+  const SECItem* sctsFromTLSExtension,
+  uint32_t providerFlags,
+  Time time,
+  PRTime prtime)
+{
+  // Runs on the socket transport thread
+  if (!certVerifier || !infoObject || !serverCert) {
+    NS_ERROR("Invalid parameters for SSL server cert validation");
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return SECFailure;
+  }
+
+  // Copy the certificate list so the runnable can take ownership of it in the
+  // constructor.
+  // We can safely skip checking if NSS has already shut down here since we're
+  // in the middle of verifying a certificate.
+  nsNSSShutDownPreventionLock lock;
+  UniqueCERTCertList peerCertChainCopy =
+    nsNSSCertList::DupCertList(peerCertChain, lock);
+  if (!peerCertChainCopy) {
+    PR_SetError(SEC_ERROR_NO_MEMORY, 0);
+    return SECFailure;
+  }
+
+  RefPtr<SSLServerCertVerificationJob> job(
+    new SSLServerCertVerificationJob(certVerifier, fdForLogging, infoObject,
+                                     serverCert, Move(peerCertChainCopy),
+                                     stapledOCSPResponse, sctsFromTLSExtension,
+                                     providerFlags, time, prtime));
+
+  nsresult nrv;
+  if (!gCertVerificationThreadPool) {
+    nrv = NS_ERROR_NOT_INITIALIZED;
+  } else {
+    nrv = gCertVerificationThreadPool->Dispatch(job, NS_DISPATCH_NORMAL);
+  }
+  if (NS_FAILED(nrv)) {
+    // We can't call SetCertVerificationResult here to change
+    // mCertVerificationState because SetCertVerificationResult will call
+    // libssl functions that acquire SSL locks that are already being held at
+    // this point. infoObject->mCertVerificationState will be stuck at
+    // waiting_for_cert_verification here, but that is OK because we already
+    // have to be able to handle cases where we encounter non-cert errors while
+    // in that state.
+    PRErrorCode error = nrv == NS_ERROR_OUT_OF_MEMORY
+                      ? SEC_ERROR_NO_MEMORY
+                      : PR_INVALID_STATE_ERROR;
+    PORT_SetError(error);
+    return SECFailure;
+  }
+
+  PORT_SetError(PR_WOULD_BLOCK_ERROR);
+  return SECWouldBlock;
+}
+
+NS_IMETHODIMP
+SSLServerCertVerificationJob::Run()
+{
+  // Runs on a cert verification thread
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] SSLServerCertVerificationJob::Run\n", mInfoObject.get()));
+
+  PRErrorCode error;
+
+  nsNSSShutDownPreventionLock nssShutdownPrevention;
+  if (mInfoObject->isAlreadyShutDown()) {
+    error = SEC_ERROR_USER_CANCELLED;
+  } else {
+    Telemetry::ID successTelemetry
+      = Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX;
+    Telemetry::ID failureTelemetry
+      = Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX;
+
+    // Reset the error code here so we can detect if AuthCertificate fails to
+    // set the error code if/when it fails.
+    PR_SetError(0, 0);
+    SECStatus rv = AuthCertificate(*mCertVerifier, mInfoObject, mCert,
+                                   mPeerCertChain, mStapledOCSPResponse.get(),
+                                   mSCTsFromTLSExtension.get(),
+                                   mProviderFlags, mTime);
+    MOZ_ASSERT(mPeerCertChain || rv != SECSuccess,
+               "AuthCertificate() should take ownership of chain on failure");
+    if (rv == SECSuccess) {
+      uint32_t interval = (uint32_t) ((TimeStamp::Now() - mJobStartTime).ToMilliseconds());
+      RefPtr<SSLServerCertVerificationResult> restart(
+        new SSLServerCertVerificationResult(mInfoObject, 0,
+                                            successTelemetry, interval));
+      restart->Dispatch();
+      Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
+      return NS_OK;
+    }
+
+    // Note: the interval is not calculated once as PR_GetError MUST be called
+    // before any other  function call
+    error = PR_GetError();
+    {
+      TimeStamp now = TimeStamp::Now();
+      MutexAutoLock telemetryMutex(*gSSLVerificationTelemetryMutex);
+      Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now);
+    }
+    if (error != 0) {
+      RefPtr<CertErrorRunnable> runnable(
+          CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert,
+                                  mFdForLogging, mProviderFlags, mPRTime));
+      if (!runnable) {
+        // CreateCertErrorRunnable set a new error code
+        error = PR_GetError();
+      } else {
+        // We must block the the socket transport service thread while the
+        // main thread executes the CertErrorRunnable. The CertErrorRunnable
+        // will dispatch the result asynchronously, so we don't have to block
+        // this thread waiting for it.
+
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("[%p][%p] Before dispatching CertErrorRunnable\n",
+                mFdForLogging, runnable.get()));
+
+        nsresult nrv;
+        nsCOMPtr<nsIEventTarget> stsTarget
+          = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+        if (NS_SUCCEEDED(nrv)) {
+          nrv = stsTarget->Dispatch(new CertErrorRunnableRunnable(runnable),
+                                    NS_DISPATCH_NORMAL);
+        }
+        if (NS_SUCCEEDED(nrv)) {
+          return NS_OK;
+        }
+
+        NS_ERROR("Failed to dispatch CertErrorRunnable");
+        error = PR_INVALID_STATE_ERROR;
+      }
+    }
+  }
+
+  if (error == 0) {
+    NS_NOTREACHED("no error set during certificate validation failure");
+    error = PR_INVALID_STATE_ERROR;
+  }
+
+  RefPtr<SSLServerCertVerificationResult> failure(
+    new SSLServerCertVerificationResult(mInfoObject, error));
+  failure->Dispatch();
+  return NS_OK;
+}
+
+} // unnamed namespace
+
+// Extracts whatever information we need out of fd (using SSL_*) and passes it
+// to SSLServerCertVerificationJob::Dispatch. SSLServerCertVerificationJob should
+// never do anything with fd except logging.
+SECStatus
+AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig, PRBool isServer)
+{
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    PR_SetError(SEC_ERROR_NOT_INITIALIZED, 0);
+    return SECFailure;
+  }
+
+  // Runs on the socket transport thread
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] starting AuthCertificateHook\n", fd));
+
+  // Modern libssl always passes PR_TRUE for checkSig, and we have no means of
+  // doing verification without checking signatures.
+  NS_ASSERTION(checkSig, "AuthCertificateHook: checkSig unexpectedly false");
+
+  // PSM never causes libssl to call this function with PR_TRUE for isServer,
+  // and many things in PSM assume that we are a client.
+  NS_ASSERTION(!isServer, "AuthCertificateHook: isServer unexpectedly true");
+
+  nsNSSSocketInfo* socketInfo = static_cast<nsNSSSocketInfo*>(arg);
+
+  UniqueCERTCertificate serverCert(SSL_PeerCertificate(fd));
+
+  if (!checkSig || isServer || !socketInfo || !serverCert) {
+      PR_SetError(PR_INVALID_STATE_ERROR, 0);
+      return SECFailure;
+  }
+
+  // Get the peer certificate chain for error reporting
+  UniqueCERTCertList peerCertChain(SSL_PeerCertificateChain(fd));
+  if (!peerCertChain) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  socketInfo->SetFullHandshake();
+
+  Time now(Now());
+  PRTime prnow(PR_Now());
+
+  if (BlockServerCertChangeForSpdy(socketInfo, serverCert) != SECSuccess)
+    return SECFailure;
+
+  nsCOMPtr<nsISSLSocketControl> sslSocketControl = do_QueryInterface(
+    NS_ISUPPORTS_CAST(nsITransportSecurityInfo*, socketInfo));
+  if (sslSocketControl && sslSocketControl->GetBypassAuthentication()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] Bypass Auth in AuthCertificateHook\n", fd));
+    return SECSuccess;
+  }
+
+  bool onSTSThread;
+  nsresult nrv;
+  nsCOMPtr<nsIEventTarget> sts
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+  if (NS_SUCCEEDED(nrv)) {
+    nrv = sts->IsOnCurrentThread(&onSTSThread);
+  }
+
+  if (NS_FAILED(nrv)) {
+    NS_ERROR("Could not get STS service or IsOnCurrentThread failed");
+    PR_SetError(PR_UNKNOWN_ERROR, 0);
+    return SECFailure;
+  }
+
+  // SSL_PeerStapledOCSPResponses will never return a non-empty response if
+  // OCSP stapling wasn't enabled because libssl wouldn't have let the server
+  // return a stapled OCSP response.
+  // We don't own these pointers.
+  const SECItemArray* csa = SSL_PeerStapledOCSPResponses(fd);
+  SECItem* stapledOCSPResponse = nullptr;
+  // we currently only support single stapled responses
+  if (csa && csa->len == 1) {
+    stapledOCSPResponse = &csa->items[0];
+  }
+
+  const SECItem* sctsFromTLSExtension = SSL_PeerSignedCertTimestamps(fd);
+  if (sctsFromTLSExtension && sctsFromTLSExtension->len == 0) {
+    // SSL_PeerSignedCertTimestamps returns null on error and empty item
+    // when no extension was returned by the server. We always use null when
+    // no extension was received (for whatever reason), ignoring errors.
+    sctsFromTLSExtension = nullptr;
+  }
+
+  uint32_t providerFlags = 0;
+  socketInfo->GetProviderFlags(&providerFlags);
+
+  if (onSTSThread) {
+
+    // We *must* do certificate verification on a background thread because
+    // we need the socket transport thread to be free for our OCSP requests,
+    // and we *want* to do certificate verification on a background thread
+    // because of the performance benefits of doing so.
+    socketInfo->SetCertVerificationWaiting();
+    SECStatus rv = SSLServerCertVerificationJob::Dispatch(
+                     certVerifier, static_cast<const void*>(fd), socketInfo,
+                     serverCert, peerCertChain, stapledOCSPResponse,
+                     sctsFromTLSExtension, providerFlags, now, prnow);
+    return rv;
+  }
+
+  // We can't do certificate verification on a background thread, because the
+  // thread doing the network I/O may not interrupt its network I/O on receipt
+  // of our SSLServerCertVerificationResult event, and/or it might not even be
+  // a non-blocking socket.
+
+  SECStatus rv = AuthCertificate(*certVerifier, socketInfo, serverCert,
+                                 peerCertChain, stapledOCSPResponse,
+                                 sctsFromTLSExtension, providerFlags, now);
+  MOZ_ASSERT(peerCertChain || rv != SECSuccess,
+             "AuthCertificate() should take ownership of chain on failure");
+  if (rv == SECSuccess) {
+    Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
+    return SECSuccess;
+  }
+
+  PRErrorCode error = PR_GetError();
+  if (error != 0) {
+    RefPtr<CertErrorRunnable> runnable(
+        CreateCertErrorRunnable(*certVerifier, error, socketInfo, serverCert,
+                                static_cast<const void*>(fd), providerFlags,
+                                prnow));
+    if (!runnable) {
+      // CreateCertErrorRunnable sets a new error code when it fails
+      error = PR_GetError();
+    } else {
+      // We have to return SECSuccess or SECFailure based on the result of the
+      // override processing, so we must block this thread waiting for it. The
+      // CertErrorRunnable will NOT dispatch the result at all, since we passed
+      // false for CreateCertErrorRunnable's async parameter
+      nrv = runnable->DispatchToMainThreadAndWait();
+      if (NS_FAILED(nrv)) {
+        NS_ERROR("Failed to dispatch CertErrorRunnable");
+        PR_SetError(PR_INVALID_STATE_ERROR, 0);
+        return SECFailure;
+      }
+
+      if (!runnable->mResult) {
+        NS_ERROR("CertErrorRunnable did not set result");
+        PR_SetError(PR_INVALID_STATE_ERROR, 0);
+        return SECFailure;
+      }
+
+      if (runnable->mResult->mErrorCode == 0) {
+        return SECSuccess; // cert error override occurred.
+      }
+
+      // We must call SetCanceled here to set the error message type
+      // in case it isn't PlainErrorMessage, which is what we would
+      // default to if we just called
+      // PR_SetError(runnable->mResult->mErrorCode, 0) and returned
+      // SECFailure without doing this.
+      socketInfo->SetCanceled(runnable->mResult->mErrorCode,
+                              runnable->mResult->mErrorMessageType);
+      error = runnable->mResult->mErrorCode;
+    }
+  }
+
+  if (error == 0) {
+    NS_ERROR("error code not set");
+    error = PR_UNKNOWN_ERROR;
+  }
+
+  PR_SetError(error, 0);
+  return SECFailure;
+}
+
+SSLServerCertVerificationResult::SSLServerCertVerificationResult(
+        nsNSSSocketInfo* infoObject, PRErrorCode errorCode,
+        Telemetry::ID telemetryID, uint32_t telemetryValue,
+        SSLErrorMessageType errorMessageType)
+  : mInfoObject(infoObject)
+  , mErrorCode(errorCode)
+  , mErrorMessageType(errorMessageType)
+  , mTelemetryID(telemetryID)
+  , mTelemetryValue(telemetryValue)
+{
+// We accumulate telemetry for (only) successful validations on the main thread
+// to avoid adversely affecting performance by acquiring the mutex that we use
+// when accumulating the telemetry for unsuccessful validations. Unsuccessful
+// validations times are accumulated elsewhere.
+MOZ_ASSERT(telemetryID == Telemetry::HistogramCount || errorCode == 0);
+}
+
+void
+SSLServerCertVerificationResult::Dispatch()
+{
+  nsresult rv;
+  nsCOMPtr<nsIEventTarget> stsTarget
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
+  NS_ASSERTION(stsTarget,
+               "Failed to get socket transport service event target");
+  rv = stsTarget->Dispatch(this, NS_DISPATCH_NORMAL);
+  NS_ASSERTION(NS_SUCCEEDED(rv),
+               "Failed to dispatch SSLServerCertVerificationResult");
+}
+
+NS_IMETHODIMP
+SSLServerCertVerificationResult::Run()
+{
+  // TODO: Assert that we're on the socket transport thread
+  if (mTelemetryID != Telemetry::HistogramCount) {
+     Telemetry::Accumulate(mTelemetryID, mTelemetryValue);
+  }
+  // XXX: This cast will be removed by the next patch
+  ((nsNSSSocketInfo*) mInfoObject.get())
+    ->SetCertVerificationResult(mErrorCode, mErrorMessageType);
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/SSLServerCertVerification.h b/security/manager/ssl/SSLServerCertVerification.h
new file mode 100644
index 000000000..e729457c8
--- /dev/null
+++ b/security/manager/ssl/SSLServerCertVerification.h
@@ -0,0 +1,19 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _SSLSERVERCERTVERIFICATION_H
+#define _SSLSERVERCERTVERIFICATION_H
+
+#include "seccomon.h"
+#include "prio.h"
+
+namespace mozilla { namespace psm {
+
+SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                              PRBool checkSig, PRBool isServer);
+
+} } // namespace mozilla::psm
+
+#endif
diff --git a/security/manager/ssl/ScopedNSSTypes.h b/security/manager/ssl/ScopedNSSTypes.h
new file mode 100644
index 000000000..d36f84c97
--- /dev/null
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -0,0 +1,405 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This header provides smart pointers and various helpers for code that needs
+// to interact with NSS.
+
+#ifndef ScopedNSSTypes_h
+#define ScopedNSSTypes_h
+
+#include <limits>
+#include <memory>
+
+#include "cert.h"
+#include "cms.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Likely.h"
+#include "mozilla/Scoped.h"
+#include "mozilla/UniquePtr.h"
+#include "nsDebug.h"
+#include "nsError.h"
+#include "NSSErrorsService.h"
+#include "pk11pub.h"
+#include "pkcs12.h"
+#include "prerror.h"
+#include "prio.h"
+#include "sechash.h"
+#include "secmod.h"
+#include "secpkcs7.h"
+#include "secport.h"
+
+#ifndef MOZ_NO_MOZALLOC
+#include "mozilla/mozalloc_oom.h"
+#endif
+
+namespace mozilla {
+
+// NSPR APIs use PRStatus/PR_GetError and NSS APIs use SECStatus/PR_GetError to
+// report success/failure. This function makes it more convenient and *safer*
+// to translate NSPR/NSS results to nsresult. It is safer because it
+// refuses to translate any bad PRStatus/SECStatus into an NS_OK, even when the
+// NSPR/NSS function forgot to call PR_SetError. The actual enforcement of
+// this happens in mozilla::psm::GetXPCOMFromNSSError.
+// IMPORTANT: This must be called immediately after the function returning the
+// SECStatus result. The recommended usage is:
+//    nsresult rv = MapSECStatus(f(x, y, z));
+inline nsresult
+MapSECStatus(SECStatus rv)
+{
+  if (rv == SECSuccess) {
+    return NS_OK;
+  }
+
+  return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+}
+
+// Alphabetical order by NSS type
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificate,
+                                          CERTCertificate,
+                                          CERT_DestroyCertificate)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateList,
+                                          CERTCertificateList,
+                                          CERT_DestroyCertificateList)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateRequest,
+                                          CERTCertificateRequest,
+                                          CERT_DestroyCertificateRequest)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName,
+                                          CERTName,
+                                          CERT_DestroyName)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo,
+                                          CERTSubjectPublicKeyInfo,
+                                          SECKEY_DestroySubjectPublicKeyInfo)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity,
+                                          CERTValidity,
+                                          CERT_DestroyValidity)
+// Deprecated: use the equivalent UniquePtr templates instead.
+
+namespace internal {
+
+inline void
+PK11_DestroyContext_true(PK11Context * ctx) {
+  PK11_DestroyContext(ctx, true);
+}
+
+} // namespace internal
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNDigestInfo,
+                                          SGNDigestInfo,
+                                          SGN_DestroyDigestInfo)
+
+// Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs.
+#define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \
+struct name##DeletePolicy \
+{ \
+  void operator()(Type* aValue) { Deleter(aValue); } \
+}; \
+typedef std::unique_ptr<Type, name##DeletePolicy> name;
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11Context,
+                                      PK11Context,
+                                      internal::PK11_DestroyContext_true)
+
+/** A more convenient way of dealing with digests calculated into
+ *  stack-allocated buffers. NSS must be initialized on the main thread before
+ *  use, and the caller must ensure NSS isn't shut down, typically by
+ *  subclassing nsNSSShutDownObject, while Digest is in use.
+ *
+ * Typical usage, for digesting a buffer in memory:
+ *
+ *   nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
+ *   Digest digest;
+ *   nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mybuffer, myBufferLen);
+ *   NS_ENSURE_SUCCESS(rv, rv);
+ *   rv = MapSECStatus(SomeNSSFunction(..., digest.get(), ...));
+ *
+ * Less typical usage, for digesting while doing streaming I/O and similar:
+ *
+ *   Digest digest;
+ *   UniquePK11Context digestContext(PK11_CreateDigestContext(SEC_OID_SHA256));
+ *   NS_ENSURE_TRUE(digestContext, NS_ERROR_OUT_OF_MEMORY);
+ *   rv = MapSECStatus(PK11_DigestBegin(digestContext.get()));
+ *   NS_ENSURE_SUCCESS(rv, rv);
+ *   for (...) {
+ *      rv = MapSECStatus(PK11_DigestOp(digestContext.get(), ...));
+ *      NS_ENSURE_SUCCESS(rv, rv);
+ *   }
+ *   rv = digest.End(SEC_OID_SHA256, digestContext);
+ *   NS_ENSURE_SUCCESS(rv, rv)
+ */
+class Digest
+{
+public:
+  Digest()
+  {
+    mItem.type = siBuffer;
+    mItem.data = mItemBuf;
+    mItem.len = 0;
+  }
+
+  nsresult DigestBuf(SECOidTag hashAlg, const uint8_t * buf, uint32_t len)
+  {
+    if (len > static_cast<uint32_t>(std::numeric_limits<int32_t>::max())) {
+      return NS_ERROR_INVALID_ARG;
+    }
+    nsresult rv = SetLength(hashAlg);
+    NS_ENSURE_SUCCESS(rv, rv);
+    return MapSECStatus(PK11_HashBuf(hashAlg, mItem.data, buf,
+                                     static_cast<int32_t>(len)));
+  }
+
+  nsresult End(SECOidTag hashAlg, UniquePK11Context& context)
+  {
+    nsresult rv = SetLength(hashAlg);
+    NS_ENSURE_SUCCESS(rv, rv);
+    uint32_t len;
+    rv = MapSECStatus(PK11_DigestFinal(context.get(), mItem.data, &len,
+                                       mItem.len));
+    NS_ENSURE_SUCCESS(rv, rv);
+    context = nullptr;
+    NS_ENSURE_TRUE(len == mItem.len, NS_ERROR_UNEXPECTED);
+    return NS_OK;
+  }
+
+  const SECItem & get() const { return mItem; }
+
+private:
+  nsresult SetLength(SECOidTag hashType)
+  {
+#ifdef _MSC_VER
+#pragma warning(push)
+    // C4061: enumerator 'symbol' in switch of enum 'symbol' is not
+    // explicitly handled.
+#pragma warning(disable:4061)
+#endif
+    switch (hashType)
+    {
+      case SEC_OID_SHA1:   mItem.len = SHA1_LENGTH;   break;
+      case SEC_OID_SHA256: mItem.len = SHA256_LENGTH; break;
+      case SEC_OID_SHA384: mItem.len = SHA384_LENGTH; break;
+      case SEC_OID_SHA512: mItem.len = SHA512_LENGTH; break;
+      default:
+        return NS_ERROR_INVALID_ARG;
+    }
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+
+    return NS_OK;
+  }
+
+  uint8_t mItemBuf[HASH_LENGTH_MAX];
+  SECItem mItem;
+};
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SlotInfo,
+                                          PK11SlotInfo,
+                                          PK11_FreeSlot)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SymKey,
+                                          PK11SymKey,
+                                          PK11_FreeSymKey)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11GenericObject,
+                                          PK11GenericObject,
+                                          PK11_DestroyGenericObject)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSEC_PKCS12DecoderContext,
+                                          SEC_PKCS12DecoderContext,
+                                          SEC_PKCS12DecoderFinish)
+namespace internal {
+
+inline void
+PORT_FreeArena_false(PLArenaPool* arena)
+{
+  // PL_FreeArenaPool can't be used because it doesn't actually free the
+  // memory, which doesn't work well with memory analysis tools.
+  return PORT_FreeArena(arena, false);
+}
+
+} // namespace internal
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPLArenaPool,
+                                          PLArenaPool,
+                                          internal::PORT_FreeArena_false)
+
+// Wrapper around NSS's SECItem_AllocItem that handles OOM the same way as
+// other allocators.
+inline void
+SECITEM_AllocItem(SECItem & item, uint32_t len)
+{
+  if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len))) {
+#ifndef MOZ_NO_MOZALLOC
+    mozalloc_handle_oom(len);
+    if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len)))
+#endif
+    {
+      MOZ_CRASH();
+    }
+  }
+}
+
+class ScopedAutoSECItem final : public SECItem
+{
+public:
+  explicit ScopedAutoSECItem(uint32_t initialAllocatedLen = 0)
+  {
+    data = nullptr;
+    len = 0;
+    if (initialAllocatedLen > 0) {
+      SECITEM_AllocItem(*this, initialAllocatedLen);
+    }
+  }
+
+  void reset()
+  {
+    SECITEM_FreeItem(this, false);
+  }
+
+  ~ScopedAutoSECItem()
+  {
+    reset();
+  }
+};
+
+class MOZ_RAII AutoSECMODListReadLock final
+{
+public:
+  AutoSECMODListReadLock()
+    : mLock(SECMOD_GetDefaultModuleListLock())
+  {
+    MOZ_ASSERT(mLock, "should have SECMOD lock (has NSS been initialized?)");
+    SECMOD_GetReadLock(mLock);
+  }
+
+  ~AutoSECMODListReadLock()
+  {
+    SECMOD_ReleaseReadLock(mLock);
+  }
+
+private:
+  SECMODListLock* mLock;
+};
+
+namespace internal {
+
+inline void SECITEM_FreeItem_true(SECItem * s)
+{
+  return SECITEM_FreeItem(s, true);
+}
+
+inline void SECOID_DestroyAlgorithmID_true(SECAlgorithmID * a)
+{
+  return SECOID_DestroyAlgorithmID(a, true);
+}
+
+inline void SECKEYEncryptedPrivateKeyInfo_true(SECKEYEncryptedPrivateKeyInfo * epki)
+{
+  return SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
+}
+
+inline void VFY_DestroyContext_true(VFYContext * ctx)
+{
+  VFY_DestroyContext(ctx, true);
+}
+
+} // namespace internal
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECItem,
+                                          SECItem,
+                                          internal::SECITEM_FreeItem_true)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPrivateKey,
+                                          SECKEYPrivateKey,
+                                          SECKEY_DestroyPrivateKey)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYEncryptedPrivateKeyInfo,
+                                          SECKEYEncryptedPrivateKeyInfo,
+                                          internal::SECKEYEncryptedPrivateKeyInfo_true)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPublicKey,
+                                          SECKEYPublicKey,
+                                          SECKEY_DestroyPublicKey)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECAlgorithmID,
+                                          SECAlgorithmID,
+                                          internal::SECOID_DestroyAlgorithmID_true)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificate,
+                                      CERTCertificate,
+                                      CERT_DestroyCertificate)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateList,
+                                      CERTCertificateList,
+                                      CERT_DestroyCertificateList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificatePolicies,
+                                      CERTCertificatePolicies,
+                                      CERT_DestroyCertificatePoliciesExtension)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateRequest,
+                                      CERTCertificateRequest,
+                                      CERT_DestroyCertificateRequest)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertList,
+                                      CERTCertList,
+                                      CERT_DestroyCertList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTName,
+                                      CERTName,
+                                      CERT_DestroyName)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTOidSequence,
+                                      CERTOidSequence,
+                                      CERT_DestroyOidSequence)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTSubjectPublicKeyInfo,
+                                      CERTSubjectPublicKeyInfo,
+                                      SECKEY_DestroySubjectPublicKeyInfo)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTUserNotice,
+                                      CERTUserNotice,
+                                      CERT_DestroyUserNotice)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTValidity,
+                                      CERTValidity,
+                                      CERT_DestroyValidity)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSMessage,
+                                      NSSCMSMessage,
+                                      NSS_CMSMessage_Destroy)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSSignedData,
+                                      NSSCMSSignedData,
+                                      NSS_CMSSignedData_Destroy)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotInfo,
+                                      PK11SlotInfo,
+                                      PK11_FreeSlot)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotList,
+                                      PK11SlotList,
+                                      PK11_FreeSlotList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SymKey,
+                                      PK11SymKey,
+                                      PK11_FreeSymKey)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePLArenaPool,
+                                      PLArenaPool,
+                                      internal::PORT_FreeArena_false)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePORTString,
+                                      char,
+                                      PORT_Free);
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRFileDesc,
+                                      PRFileDesc,
+                                      PR_Close)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem,
+                                      SECItem,
+                                      internal::SECITEM_FreeItem_true)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKey,
+                                      SECKEYPrivateKey,
+                                      SECKEY_DestroyPrivateKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPublicKey,
+                                      SECKEYPublicKey,
+                                      SECKEY_DestroyPublicKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECMODModule,
+                                      SECMODModule,
+                                      SECMOD_DestroyModule)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueVFYContext,
+                                      VFYContext,
+                                      internal::VFY_DestroyContext_true)
+} // namespace mozilla
+
+#endif // ScopedNSSTypes_h
diff --git a/security/manager/ssl/SecretDecoderRing.cpp b/security/manager/ssl/SecretDecoderRing.cpp
new file mode 100644
index 000000000..730251ebb
--- /dev/null
+++ b/security/manager/ssl/SecretDecoderRing.cpp
@@ -0,0 +1,234 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "SecretDecoderRing.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Services.h"
+#include "nsCOMPtr.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIObserverService.h"
+#include "nsIServiceManager.h"
+#include "nsITokenPasswordDialogs.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "pk11func.h"
+#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
+#include "ssl.h" // For SSL_ClearSessionCache
+
+using namespace mozilla;
+
+// NOTE: Should these be the thread-safe versions?
+NS_IMPL_ISUPPORTS(SecretDecoderRing, nsISecretDecoderRing)
+
+SecretDecoderRing::SecretDecoderRing()
+{
+}
+
+SecretDecoderRing::~SecretDecoderRing()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+nsresult
+SecretDecoderRing::Encrypt(const nsACString& data, /*out*/ nsACString& result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Make sure token is initialized. */
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  nsresult rv = setPassword(slot.get(), ctx, locker);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  /* Force authentication */
+  if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* Use default key id */
+  SECItem keyid;
+  keyid.data = nullptr;
+  keyid.len = 0;
+  SECItem request;
+  request.data = BitwiseCast<unsigned char*, const char*>(data.BeginReading());
+  request.len = data.Length();
+  ScopedAutoSECItem reply;
+  if (PK11SDR_Encrypt(&keyid, &request, &reply, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result.Assign(BitwiseCast<char*, unsigned char*>(reply.data), reply.len);
+  return NS_OK;
+}
+
+nsresult
+SecretDecoderRing::Decrypt(const nsACString& data, /*out*/ nsACString& result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Find token with SDR key */
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Force authentication */
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SECItem request;
+  request.data = BitwiseCast<unsigned char*, const char*>(data.BeginReading());
+  request.len = data.Length();
+  ScopedAutoSECItem reply;
+  if (PK11SDR_Decrypt(&request, &reply, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result.Assign(BitwiseCast<char*, unsigned char*>(reply.data), reply.len);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::EncryptString(const nsACString& text,
+                         /*out*/ nsACString& encryptedBase64Text)
+{
+  nsAutoCString encryptedText;
+  nsresult rv = Encrypt(text, encryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = Base64Encode(encryptedText, encryptedBase64Text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::DecryptString(const nsACString& encryptedBase64Text,
+                         /*out*/ nsACString& decryptedText)
+{
+  nsAutoCString encryptedText;
+  nsresult rv = Base64Decode(encryptedBase64Text, encryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = Decrypt(encryptedText, decryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::ChangePassword()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot.get()));
+
+  nsCOMPtr<nsITokenPasswordDialogs> dialogs;
+  nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
+                              NS_GET_IID(nsITokenPasswordDialogs),
+                              NS_TOKENPASSWORDSDIALOG_CONTRACTID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  bool canceled; // Ignored
+  return dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::Logout()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  {
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    PK11_LogoutAll();
+    SSL_ClearSessionCache();
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::LogoutAndTeardown()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  {
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    PK11_LogoutAll();
+    SSL_ClearSessionCache();
+  }
+
+  rv = nssComponent->LogoutAuthenticatedPK11();
+
+  // After we just logged out, we need to prune dead connections to make
+  // sure that all connections that should be stopped, are stopped. See
+  // bug 517584.
+  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+  if (os)
+    os->NotifyObservers(nullptr, "net:prune-dead-connections", nullptr);
+
+  return rv;
+}
diff --git a/security/manager/ssl/SecretDecoderRing.h b/security/manager/ssl/SecretDecoderRing.h
new file mode 100644
index 000000000..3bdcbe5c9
--- /dev/null
+++ b/security/manager/ssl/SecretDecoderRing.h
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SecretDecoderRing_h
+#define SecretDecoderRing_h
+
+#include "nsISecretDecoderRing.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+
+#define NS_SECRETDECODERRING_CONTRACTID "@mozilla.org/security/sdr;1"
+
+#define NS_SECRETDECODERRING_CID \
+  { 0x0c4f1ddc, 0x1dd2, 0x11b2, { 0x9d, 0x95, 0xf2, 0xfd, 0xf1, 0x13, 0x04, 0x4b } }
+
+class SecretDecoderRing : public nsISecretDecoderRing
+                        , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSISECRETDECODERRING
+
+  SecretDecoderRing();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+protected:
+  virtual ~SecretDecoderRing();
+
+private:
+  nsresult Encrypt(const nsACString& data, /*out*/ nsACString& result);
+  nsresult Decrypt(const nsACString& data, /*out*/ nsACString& result);
+};
+
+#endif // SecretDecoderRing_h
diff --git a/security/manager/ssl/SharedCertVerifier.h b/security/manager/ssl/SharedCertVerifier.h
new file mode 100644
index 000000000..03619573a
--- /dev/null
+++ b/security/manager/ssl/SharedCertVerifier.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SharedCertVerifier_h
+#define SharedCertVerifier_h
+
+#include "CertVerifier.h"
+#include "mozilla/RefPtr.h"
+
+namespace mozilla { namespace psm {
+
+class SharedCertVerifier : public mozilla::psm::CertVerifier
+{
+protected:
+  ~SharedCertVerifier();
+
+public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedCertVerifier)
+
+  SharedCertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc,
+                     OcspGetConfig ogc, uint32_t certShortLifetimeInDays,
+                     PinningMode pinningMode, SHA1Mode sha1Mode,
+                     BRNameMatchingPolicy::Mode nameMatchingMode,
+                     NetscapeStepUpPolicy netscapeStepUpPolicy,
+                     CertificateTransparencyMode ctMode)
+    : mozilla::psm::CertVerifier(odc, osc, ogc, certShortLifetimeInDays,
+                                 pinningMode, sha1Mode, nameMatchingMode,
+                                 netscapeStepUpPolicy, ctMode)
+  {
+  }
+};
+
+} } // namespace mozilla::psm
+
+#endif // SharedCertVerifier_h
diff --git a/security/manager/ssl/SharedSSLState.cpp b/security/manager/ssl/SharedSSLState.cpp
new file mode 100644
index 000000000..c97687541
--- /dev/null
+++ b/security/manager/ssl/SharedSSLState.cpp
@@ -0,0 +1,218 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "SharedSSLState.h"
+#include "nsClientAuthRemember.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICertOverrideService.h"
+#include "nsIObserverService.h"
+#include "mozilla/Services.h"
+#include "nsThreadUtils.h"
+#include "nsCRT.h"
+#include "nsServiceManagerUtils.h"
+#include "PSMRunnable.h"
+#include "PublicSSL.h"
+#include "ssl.h"
+#include "nsNetCID.h"
+#include "mozilla/Atomics.h"
+#include "mozilla/Unused.h"
+
+using mozilla::psm::SyncRunnableBase;
+using mozilla::Atomic;
+using mozilla::Unused;
+
+namespace {
+
+static Atomic<bool> sCertOverrideSvcExists(false);
+
+class MainThreadClearer : public SyncRunnableBase
+{
+public:
+  MainThreadClearer() : mShouldClearSessionCache(false) {}
+
+  void RunOnTargetThread() {
+    // In some cases it's possible to cause PSM/NSS to initialize while XPCOM shutdown
+    // is in progress. We want to avoid this, since they do not handle the situation well,
+    // hence the flags to avoid instantiating the services if they don't already exist.
+
+    bool certOverrideSvcExists = sCertOverrideSvcExists.exchange(false);
+    if (certOverrideSvcExists) {
+      sCertOverrideSvcExists = true;
+      nsCOMPtr<nsICertOverrideService> icos = do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+      if (icos) {
+        icos->ClearValidityOverride(
+          NS_LITERAL_CSTRING("all:temporary-certificates"),
+          0);
+      }
+    }
+
+    // This needs to be checked on the main thread to avoid racing with NSS
+    // initialization.
+    mShouldClearSessionCache = mozilla::psm::PrivateSSLState() &&
+                               mozilla::psm::PrivateSSLState()->SocketCreated();
+  }
+  bool mShouldClearSessionCache;
+};
+
+} // namespace
+
+namespace mozilla {
+
+void ClearPrivateSSLState()
+{
+  // This only works if it is called on the socket transport
+  // service thread immediately after closing all private SSL
+  // connections.
+#ifdef DEBUG
+  nsresult rv;
+  nsCOMPtr<nsIEventTarget> sts
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
+  MOZ_ASSERT(NS_SUCCEEDED(rv));
+  bool onSTSThread;
+  rv = sts->IsOnCurrentThread(&onSTSThread);
+  MOZ_ASSERT(NS_SUCCEEDED(rv) && onSTSThread);
+#endif
+
+  RefPtr<MainThreadClearer> runnable = new MainThreadClearer;
+  runnable->DispatchToMainThreadAndWait();
+
+  // If NSS isn't initialized, this throws an assertion. We guard it by checking if
+  // the session cache might even have anything worth clearing.
+  if (runnable->mShouldClearSessionCache) {
+    SSL_ClearSessionCache();
+  }
+}
+
+namespace psm {
+
+namespace {
+class PrivateBrowsingObserver : public nsIObserver {
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  explicit PrivateBrowsingObserver(SharedSSLState* aOwner) : mOwner(aOwner) {}
+protected:
+  virtual ~PrivateBrowsingObserver() {}
+private:
+  SharedSSLState* mOwner;
+};
+
+SharedSSLState* gPublicState;
+SharedSSLState* gPrivateState;
+} // namespace
+
+NS_IMPL_ISUPPORTS(PrivateBrowsingObserver, nsIObserver)
+
+NS_IMETHODIMP
+PrivateBrowsingObserver::Observe(nsISupports     *aSubject,
+                                 const char      *aTopic,
+                                 const char16_t *aData)
+{
+  if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) {
+    mOwner->ResetStoredData();
+  }
+  return NS_OK;
+}
+
+SharedSSLState::SharedSSLState()
+: mClientAuthRemember(new nsClientAuthRememberService)
+, mMutex("SharedSSLState::mMutex")
+, mSocketCreated(false)
+, mOCSPStaplingEnabled(false)
+, mOCSPMustStapleEnabled(false)
+{
+  mIOLayerHelpers.Init();
+  mClientAuthRemember->Init();
+}
+
+SharedSSLState::~SharedSSLState()
+{
+}
+
+void
+SharedSSLState::NotePrivateBrowsingStatus()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  mObserver = new PrivateBrowsingObserver(this);
+  nsCOMPtr<nsIObserverService> obsSvc = mozilla::services::GetObserverService();
+  obsSvc->AddObserver(mObserver, "last-pb-context-exited", false);
+}
+
+void
+SharedSSLState::ResetStoredData()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  mClientAuthRemember->ClearRememberedDecisions();
+  mIOLayerHelpers.clearStoredData();
+}
+
+void
+SharedSSLState::NoteSocketCreated()
+{
+  MutexAutoLock lock(mMutex);
+  mSocketCreated = true;
+}
+
+bool
+SharedSSLState::SocketCreated()
+{
+  MutexAutoLock lock(mMutex);
+  return mSocketCreated;
+}
+
+/*static*/ void
+SharedSSLState::GlobalInit()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  gPublicState = new SharedSSLState();
+  gPrivateState = new SharedSSLState();
+  gPrivateState->NotePrivateBrowsingStatus();
+}
+
+/*static*/ void
+SharedSSLState::GlobalCleanup()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+
+  if (gPrivateState) {
+    gPrivateState->Cleanup();
+    delete gPrivateState;
+    gPrivateState = nullptr;
+  }
+
+  if (gPublicState) {
+    gPublicState->Cleanup();
+    delete gPublicState;
+    gPublicState = nullptr;
+  }
+}
+
+/*static*/ void
+SharedSSLState::NoteCertOverrideServiceInstantiated()
+{
+  sCertOverrideSvcExists = true;
+}
+
+void
+SharedSSLState::Cleanup()
+{
+  mIOLayerHelpers.Cleanup();
+}
+
+SharedSSLState*
+PublicSSLState()
+{
+  return gPublicState;
+}
+
+SharedSSLState*
+PrivateSSLState()
+{
+  return gPrivateState;
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/SharedSSLState.h b/security/manager/ssl/SharedSSLState.h
new file mode 100644
index 000000000..60a059620
--- /dev/null
+++ b/security/manager/ssl/SharedSSLState.h
@@ -0,0 +1,87 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SharedSSLState_h
+#define SharedSSLState_h
+
+#include "mozilla/RefPtr.h"
+#include "nsNSSIOLayer.h"
+
+class nsClientAuthRememberService;
+class nsIObserver;
+
+namespace mozilla {
+namespace psm {
+
+class SharedSSLState {
+public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedSSLState)
+  SharedSSLState();
+
+  static void GlobalInit();
+  static void GlobalCleanup();
+
+  nsClientAuthRememberService* GetClientAuthRememberService() {
+    return mClientAuthRemember;
+  }
+
+  nsSSLIOLayerHelpers& IOLayerHelpers() {
+    return mIOLayerHelpers;
+  }
+
+  // Main-thread only
+  void ResetStoredData();
+  void NotePrivateBrowsingStatus();
+  void SetOCSPStaplingEnabled(bool staplingEnabled)
+  {
+    mOCSPStaplingEnabled = staplingEnabled;
+  }
+  void SetOCSPMustStapleEnabled(bool mustStapleEnabled)
+  {
+    mOCSPMustStapleEnabled = mustStapleEnabled;
+  }
+  void SetSignedCertTimestampsEnabled(bool signedCertTimestampsEnabled)
+  {
+    mSignedCertTimestampsEnabled = signedCertTimestampsEnabled;
+  }
+
+  // The following methods may be called from any thread
+  bool SocketCreated();
+  void NoteSocketCreated();
+  static void NoteCertOverrideServiceInstantiated();
+  bool IsOCSPStaplingEnabled() const { return mOCSPStaplingEnabled; }
+  bool IsOCSPMustStapleEnabled() const { return mOCSPMustStapleEnabled; }
+  bool IsSignedCertTimestampsEnabled() const
+  {
+    return mSignedCertTimestampsEnabled;
+  }
+
+private:
+  ~SharedSSLState();
+
+  void Cleanup();
+
+  nsCOMPtr<nsIObserver> mObserver;
+  RefPtr<nsClientAuthRememberService> mClientAuthRemember;
+  nsSSLIOLayerHelpers mIOLayerHelpers;
+
+  // True if any sockets have been created that use this shared data.
+  // Requires synchronization between the socket and main threads for
+  // reading/writing.
+  Mutex mMutex;
+  bool mSocketCreated;
+  bool mOCSPStaplingEnabled;
+  bool mOCSPMustStapleEnabled;
+  bool mSignedCertTimestampsEnabled;
+};
+
+SharedSSLState* PublicSSLState();
+SharedSSLState* PrivateSSLState();
+
+} // namespace psm
+} // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/StaticHPKPins.errors b/security/manager/ssl/StaticHPKPins.errors
new file mode 100644
index 000000000..f5b0a1ebb
--- /dev/null
+++ b/security/manager/ssl/StaticHPKPins.errors
@@ -0,0 +1,28 @@
+Can't find hash in builtin certs for Chrome nickname GoogleG2, inserting GOOGLE_PIN_GoogleG2
+Can't find hash in builtin certs for Chrome nickname RapidSSL, inserting GOOGLE_PIN_RapidSSL
+Can't find hash in builtin certs for Chrome nickname DigiCertSHA2HighAssuranceServerCA, inserting GOOGLE_PIN_DigiCertSHA2HighAssuranceServerCA
+Can't find hash in builtin certs for Chrome nickname VeriSignClass1, inserting GOOGLE_PIN_VeriSignClass1
+Can't find hash in builtin certs for Chrome nickname VeriSignClass4_G3, inserting GOOGLE_PIN_VeriSignClass4_G3
+Can't find hash in builtin certs for Chrome nickname VeriSignClass3_G2, inserting GOOGLE_PIN_VeriSignClass3_G2
+Can't find hash in builtin certs for Chrome nickname VeriSignClass2_G2, inserting GOOGLE_PIN_VeriSignClass2_G2
+Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL
+Can't find hash in builtin certs for Chrome nickname UTNDATACorpSGC, inserting GOOGLE_PIN_UTNDATACorpSGC
+Can't find hash in builtin certs for Chrome nickname GTECyberTrustGlobalRoot, inserting GOOGLE_PIN_GTECyberTrustGlobalRoot
+Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure
+Can't find hash in builtin certs for Chrome nickname SymantecClass3EVG3, inserting GOOGLE_PIN_SymantecClass3EVG3
+Can't find hash in builtin certs for Chrome nickname DigiCertECCSecureServerCA, inserting GOOGLE_PIN_DigiCertECCSecureServerCA
+Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityPrimary_X1_X3, inserting GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3
+Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityBackup_X2_X4, inserting GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4
+Can't find hash in builtin certs for Chrome nickname COMODORSADomainValidationSecureServerCA, inserting GOOGLE_PIN_COMODORSADomainValidationSecureServerCA
+Writing pinset test
+Writing pinset google
+Writing pinset tor
+Writing pinset twitterCom
+Writing pinset twitterCDN
+Writing pinset dropbox
+Writing pinset facebook
+Writing pinset spideroak
+Writing pinset yahoo
+Writing pinset swehackCom
+Writing pinset ncsccs
+Writing pinset tumblr
diff --git a/security/manager/ssl/StaticHPKPins.h b/security/manager/ssl/StaticHPKPins.h
new file mode 100644
index 000000000..323d8ec85
--- /dev/null
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -0,0 +1,1185 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* PublicKeyPinningService.cpp, you shouldn't be #including it.              */
+/*****************************************************************************/
+#include <stdint.h>
+/* AddTrust External Root */
+static const char kAddTrust_External_RootFingerprint[] =
+  "lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=";
+
+/* AddTrust Low-Value Services Root */
+static const char kAddTrust_Low_Value_Services_RootFingerprint[] =
+  "BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo=";
+
+/* AddTrust Public Services Root */
+static const char kAddTrust_Public_Services_RootFingerprint[] =
+  "OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg=";
+
+/* AddTrust Qualified Certificates Root */
+static const char kAddTrust_Qualified_Certificates_RootFingerprint[] =
+  "xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink=";
+
+/* AffirmTrust Commercial */
+static const char kAffirmTrust_CommercialFingerprint[] =
+  "bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU=";
+
+/* AffirmTrust Networking */
+static const char kAffirmTrust_NetworkingFingerprint[] =
+  "lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA=";
+
+/* AffirmTrust Premium */
+static const char kAffirmTrust_PremiumFingerprint[] =
+  "x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc=";
+
+/* AffirmTrust Premium ECC */
+static const char kAffirmTrust_Premium_ECCFingerprint[] =
+  "MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8=";
+
+/* Baltimore CyberTrust Root */
+static const char kBaltimore_CyberTrust_RootFingerprint[] =
+  "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=";
+
+/* COMODO Certification Authority */
+static const char kCOMODO_Certification_AuthorityFingerprint[] =
+  "AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4=";
+
+/* COMODO ECC Certification Authority */
+static const char kCOMODO_ECC_Certification_AuthorityFingerprint[] =
+  "58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU=";
+
+/* COMODO RSA Certification Authority */
+static const char kCOMODO_RSA_Certification_AuthorityFingerprint[] =
+  "grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=";
+
+/* Comodo AAA Services root */
+static const char kComodo_AAA_Services_rootFingerprint[] =
+  "vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM=";
+
+/* Comodo Secure Services root */
+static const char kComodo_Secure_Services_rootFingerprint[] =
+  "RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4=";
+
+/* Comodo Trusted Services root */
+static const char kComodo_Trusted_Services_rootFingerprint[] =
+  "4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg=";
+
+/* Cybertrust Global Root */
+static const char kCybertrust_Global_RootFingerprint[] =
+  "foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU=";
+
+/* DST Root CA X3 */
+static const char kDST_Root_CA_X3Fingerprint[] =
+  "Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=";
+
+/* DigiCert Assured ID Root CA */
+static const char kDigiCert_Assured_ID_Root_CAFingerprint[] =
+  "I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o=";
+
+/* DigiCert Assured ID Root G2 */
+static const char kDigiCert_Assured_ID_Root_G2Fingerprint[] =
+  "8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik=";
+
+/* DigiCert Assured ID Root G3 */
+static const char kDigiCert_Assured_ID_Root_G3Fingerprint[] =
+  "Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw=";
+
+/* DigiCert Global Root CA */
+static const char kDigiCert_Global_Root_CAFingerprint[] =
+  "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+
+/* DigiCert Global Root G2 */
+static const char kDigiCert_Global_Root_G2Fingerprint[] =
+  "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=";
+
+/* DigiCert Global Root G3 */
+static const char kDigiCert_Global_Root_G3Fingerprint[] =
+  "uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc=";
+
+/* DigiCert High Assurance EV Root CA */
+static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] =
+  "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=";
+
+/* DigiCert Trusted Root G4 */
+static const char kDigiCert_Trusted_Root_G4Fingerprint[] =
+  "Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw=";
+
+/* End Entity Test Cert */
+static const char kEnd_Entity_Test_CertFingerprint[] =
+  "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+
+/* Entrust Root Certification Authority */
+static const char kEntrust_Root_Certification_AuthorityFingerprint[] =
+  "bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU=";
+
+/* Entrust Root Certification Authority - EC1 */
+static const char kEntrust_Root_Certification_Authority___EC1Fingerprint[] =
+  "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI=";
+
+/* Entrust Root Certification Authority - G2 */
+static const char kEntrust_Root_Certification_Authority___G2Fingerprint[] =
+  "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=";
+
+/* Entrust.net Premium 2048 Secure Server CA */
+static const char kEntrust_net_Premium_2048_Secure_Server_CAFingerprint[] =
+  "HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg=";
+
+/* FacebookBackup */
+static const char kFacebookBackupFingerprint[] =
+  "q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ=";
+
+/* GOOGLE_PIN_COMODORSADomainValidationSecureServerCA */
+static const char kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint[] =
+  "klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=";
+
+/* GOOGLE_PIN_DigiCertECCSecureServerCA */
+static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] =
+  "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=";
+
+/* GOOGLE_PIN_DigiCertSHA2HighAssuranceServerCA */
+static const char kGOOGLE_PIN_DigiCertSHA2HighAssuranceServerCAFingerprint[] =
+  "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=";
+
+/* GOOGLE_PIN_Entrust_SSL */
+static const char kGOOGLE_PIN_Entrust_SSLFingerprint[] =
+  "nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw=";
+
+/* GOOGLE_PIN_GTECyberTrustGlobalRoot */
+static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] =
+  "EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU=";
+
+/* GOOGLE_PIN_GoDaddySecure */
+static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] =
+  "MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc=";
+
+/* GOOGLE_PIN_GoogleG2 */
+static const char kGOOGLE_PIN_GoogleG2Fingerprint[] =
+  "7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=";
+
+/* GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4 */
+static const char kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint[] =
+  "sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";
+
+/* GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3 */
+static const char kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint[] =
+  "YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
+
+/* GOOGLE_PIN_RapidSSL */
+static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
+  "lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
+
+/* GOOGLE_PIN_SymantecClass3EVG3 */
+static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] =
+  "gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E=";
+
+/* GOOGLE_PIN_UTNDATACorpSGC */
+static const char kGOOGLE_PIN_UTNDATACorpSGCFingerprint[] =
+  "QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo=";
+
+/* GOOGLE_PIN_VeriSignClass1 */
+static const char kGOOGLE_PIN_VeriSignClass1Fingerprint[] =
+  "LclHC+Y+9KzxvYKGCUArt7h72ZY4pkOTTohoLRvowwg=";
+
+/* GOOGLE_PIN_VeriSignClass2_G2 */
+static const char kGOOGLE_PIN_VeriSignClass2_G2Fingerprint[] =
+  "2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8=";
+
+/* GOOGLE_PIN_VeriSignClass3_G2 */
+static const char kGOOGLE_PIN_VeriSignClass3_G2Fingerprint[] =
+  "AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo=";
+
+/* GOOGLE_PIN_VeriSignClass4_G3 */
+static const char kGOOGLE_PIN_VeriSignClass4_G3Fingerprint[] =
+  "VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU=";
+
+/* GeoTrust Global CA */
+static const char kGeoTrust_Global_CAFingerprint[] =
+  "h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=";
+
+/* GeoTrust Global CA 2 */
+static const char kGeoTrust_Global_CA_2Fingerprint[] =
+  "F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU=";
+
+/* GeoTrust Primary Certification Authority */
+static const char kGeoTrust_Primary_Certification_AuthorityFingerprint[] =
+  "SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo=";
+
+/* GeoTrust Primary Certification Authority - G2 */
+static const char kGeoTrust_Primary_Certification_Authority___G2Fingerprint[] =
+  "vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs=";
+
+/* GeoTrust Primary Certification Authority - G3 */
+static const char kGeoTrust_Primary_Certification_Authority___G3Fingerprint[] =
+  "q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8=";
+
+/* GeoTrust Universal CA */
+static const char kGeoTrust_Universal_CAFingerprint[] =
+  "lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA=";
+
+/* GeoTrust Universal CA 2 */
+static const char kGeoTrust_Universal_CA_2Fingerprint[] =
+  "fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE=";
+
+/* GlobalSign ECC Root CA - R4 */
+static const char kGlobalSign_ECC_Root_CA___R4Fingerprint[] =
+  "CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk=";
+
+/* GlobalSign ECC Root CA - R5 */
+static const char kGlobalSign_ECC_Root_CA___R5Fingerprint[] =
+  "fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8=";
+
+/* GlobalSign Root CA */
+static const char kGlobalSign_Root_CAFingerprint[] =
+  "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=";
+
+/* GlobalSign Root CA - R2 */
+static const char kGlobalSign_Root_CA___R2Fingerprint[] =
+  "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+
+/* GlobalSign Root CA - R3 */
+static const char kGlobalSign_Root_CA___R3Fingerprint[] =
+  "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=";
+
+/* Go Daddy Class 2 CA */
+static const char kGo_Daddy_Class_2_CAFingerprint[] =
+  "VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=";
+
+/* Go Daddy Root Certificate Authority - G2 */
+static const char kGo_Daddy_Root_Certificate_Authority___G2Fingerprint[] =
+  "Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA=";
+
+/* GoogleBackup2048 */
+static const char kGoogleBackup2048Fingerprint[] =
+  "IPMbDAjLVSGntGO3WP53X/zilCVndez5YJ2+vJvhJsA=";
+
+/* SpiderOak2 */
+static const char kSpiderOak2Fingerprint[] =
+  "7Y3UnxbffL8aFPXsOJBpGasgpDmngpIhAxGKdQRklQQ=";
+
+/* SpiderOak3 */
+static const char kSpiderOak3Fingerprint[] =
+  "LkER54vOdlygpTsbYvlpMq1CE/lDAG1AP9xmdtwvV2A=";
+
+/* Starfield Class 2 CA */
+static const char kStarfield_Class_2_CAFingerprint[] =
+  "FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=";
+
+/* Starfield Root Certificate Authority - G2 */
+static const char kStarfield_Root_Certificate_Authority___G2Fingerprint[] =
+  "gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ=";
+
+/* Swehack */
+static const char kSwehackFingerprint[] =
+  "FdaffE799rVb3oyAuhJ2mBW/XJwD07Uajb2G6YwSAEw=";
+
+/* SwehackBackup */
+static const char kSwehackBackupFingerprint[] =
+  "z6cuswA6E1vgFkCjUsbEYo0Lf3aP8M8YOvwkoiGzDCo=";
+
+/* TestSPKI */
+static const char kTestSPKIFingerprint[] =
+  "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+
+/* Tor1 */
+static const char kTor1Fingerprint[] =
+  "bYz9JTDk89X3qu3fgswG+lBQso5vI0N1f0Rx4go4nLo=";
+
+/* Tor2 */
+static const char kTor2Fingerprint[] =
+  "xXCxhTdn7uxXneJSbQCqoAvuW3ZtQl2pDVTf2sewS8w=";
+
+/* Tor3 */
+static const char kTor3Fingerprint[] =
+  "CleC1qwUR8JPgH1nXvSe2VHxDe5/KfNs96EusbfSOfo=";
+
+/* TumblrBackup */
+static const char kTumblrBackupFingerprint[] =
+  "avlD96PLERV78IN1fD+ab5cupkUDD9wTZWJjHX6VC9w=";
+
+/* Twitter1 */
+static const char kTwitter1Fingerprint[] =
+  "vU9M48LzD/CF34wE5PPf4nBwRyosy06X21J0ap8yS5s=";
+
+/* USERTrust ECC Certification Authority */
+static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] =
+  "ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs=";
+
+/* USERTrust RSA Certification Authority */
+static const char kUSERTrust_RSA_Certification_AuthorityFingerprint[] =
+  "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=";
+
+/* UTN USERFirst Email Root CA */
+static const char kUTN_USERFirst_Email_Root_CAFingerprint[] =
+  "Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM=";
+
+/* UTN USERFirst Hardware Root CA */
+static const char kUTN_USERFirst_Hardware_Root_CAFingerprint[] =
+  "TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI=";
+
+/* UTN USERFirst Object Root CA */
+static const char kUTN_USERFirst_Object_Root_CAFingerprint[] =
+  "D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM=";
+
+/* VeriSign Class 3 Public Primary Certification Authority - G4 */
+static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint[] =
+  "UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4=";
+
+/* VeriSign Class 3 Public Primary Certification Authority - G5 */
+static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint[] =
+  "JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=";
+
+/* VeriSign Universal Root Certification Authority */
+static const char kVeriSign_Universal_Root_Certification_AuthorityFingerprint[] =
+  "lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI=";
+
+/* Verisign Class 1 Public Primary Certification Authority - G3 */
+static const char kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint[] =
+  "IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM=";
+
+/* Verisign Class 2 Public Primary Certification Authority - G3 */
+static const char kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint[] =
+  "cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM=";
+
+/* Verisign Class 3 Public Primary Certification Authority - G3 */
+static const char kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint[] =
+  "SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4=";
+
+/* YahooBackup1 */
+static const char kYahooBackup1Fingerprint[] =
+  "2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY=";
+
+/* YahooBackup2 */
+static const char kYahooBackup2Fingerprint[] =
+  "dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A=";
+
+/* thawte Primary Root CA */
+static const char kthawte_Primary_Root_CAFingerprint[] =
+  "HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=";
+
+/* thawte Primary Root CA - G2 */
+static const char kthawte_Primary_Root_CA___G2Fingerprint[] =
+  "Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM=";
+
+/* thawte Primary Root CA - G3 */
+static const char kthawte_Primary_Root_CA___G3Fingerprint[] =
+  "GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik=";
+
+/* Pinsets are each an ordered list by the actual value of the fingerprint */
+struct StaticFingerprints {
+  const size_t size;
+  const char* const* data;
+};
+
+/* PreloadedHPKPins.json pinsets */
+static const char* const kPinset_google_root_pems_Data[] = {
+  kEntrust_Root_Certification_Authority___EC1Fingerprint,
+  kComodo_Trusted_Services_rootFingerprint,
+  kCOMODO_ECC_Certification_AuthorityFingerprint,
+  kDigiCert_Assured_ID_Root_G2Fingerprint,
+  kCOMODO_Certification_AuthorityFingerprint,
+  kAddTrust_Low_Value_Services_RootFingerprint,
+  kGlobalSign_ECC_Root_CA___R4Fingerprint,
+  kGeoTrust_Global_CA_2Fingerprint,
+  kDigiCert_Assured_ID_Root_G3Fingerprint,
+  kStarfield_Class_2_CAFingerprint,
+  kthawte_Primary_Root_CA___G3Fingerprint,
+  kthawte_Primary_Root_CAFingerprint,
+  kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kUSERTrust_ECC_Certification_AuthorityFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGlobalSign_Root_CAFingerprint,
+  kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
+  kAffirmTrust_Premium_ECCFingerprint,
+  kAddTrust_Public_Services_RootFingerprint,
+  kComodo_Secure_Services_rootFingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kUTN_USERFirst_Hardware_Root_CAFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kGo_Daddy_Class_2_CAFingerprint,
+  kDigiCert_Trusted_Root_G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kthawte_Primary_Root_CA___G2Fingerprint,
+  kAffirmTrust_CommercialFingerprint,
+  kEntrust_Root_Certification_AuthorityFingerprint,
+  kGlobalSign_Root_CA___R3Fingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGlobalSign_ECC_Root_CA___R5Fingerprint,
+  kCybertrust_Global_RootFingerprint,
+  kStarfield_Root_Certificate_Authority___G2Fingerprint,
+  kCOMODO_RSA_Certification_AuthorityFingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kDigiCert_Global_Root_G2Fingerprint,
+  kGlobalSign_Root_CA___R2Fingerprint,
+  kAffirmTrust_NetworkingFingerprint,
+  kAddTrust_External_RootFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kDigiCert_Global_Root_G3Fingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+  kComodo_AAA_Services_rootFingerprint,
+  kAffirmTrust_PremiumFingerprint,
+  kUSERTrust_RSA_Certification_AuthorityFingerprint,
+  kAddTrust_Qualified_Certificates_RootFingerprint,
+};
+static const StaticFingerprints kPinset_google_root_pems = {
+  sizeof(kPinset_google_root_pems_Data) / sizeof(const char*),
+  kPinset_google_root_pems_Data
+};
+
+static const char* const kPinset_mozilla_Data[] = {
+  kGeoTrust_Global_CA_2Fingerprint,
+  kthawte_Primary_Root_CA___G3Fingerprint,
+  kthawte_Primary_Root_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kthawte_Primary_Root_CA___G2Fingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+};
+static const StaticFingerprints kPinset_mozilla = {
+  sizeof(kPinset_mozilla_Data) / sizeof(const char*),
+  kPinset_mozilla_Data
+};
+
+static const char* const kPinset_mozilla_services_Data[] = {
+  kDigiCert_Global_Root_CAFingerprint,
+};
+static const StaticFingerprints kPinset_mozilla_services = {
+  sizeof(kPinset_mozilla_services_Data) / sizeof(const char*),
+  kPinset_mozilla_services_Data
+};
+
+static const char* const kPinset_mozilla_test_Data[] = {
+  kEnd_Entity_Test_CertFingerprint,
+};
+static const StaticFingerprints kPinset_mozilla_test = {
+  sizeof(kPinset_mozilla_test_Data) / sizeof(const char*),
+  kPinset_mozilla_test_Data
+};
+
+/* Chrome static pinsets */
+static const char* const kPinset_test_Data[] = {
+  kTestSPKIFingerprint,
+};
+static const StaticFingerprints kPinset_test = {
+  sizeof(kPinset_test_Data) / sizeof(const char*),
+  kPinset_test_Data
+};
+
+static const char* const kPinset_google_Data[] = {
+  kGOOGLE_PIN_GoogleG2Fingerprint,
+  kGoogleBackup2048Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kGlobalSign_Root_CA___R2Fingerprint,
+};
+static const StaticFingerprints kPinset_google = {
+  sizeof(kPinset_google_Data) / sizeof(const char*),
+  kPinset_google_Data
+};
+
+static const char* const kPinset_tor_Data[] = {
+  kTor3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
+  kTor1Fingerprint,
+  kGOOGLE_PIN_RapidSSLFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
+  kTor2Fingerprint,
+};
+static const StaticFingerprints kPinset_tor = {
+  sizeof(kPinset_tor_Data) / sizeof(const char*),
+  kPinset_tor_Data
+};
+
+static const char* const kPinset_twitterCom_Data[] = {
+  kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
+  kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
+  kGeoTrust_Global_CA_2Fingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGOOGLE_PIN_VeriSignClass1Fingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+  kTwitter1Fingerprint,
+};
+static const StaticFingerprints kPinset_twitterCom = {
+  sizeof(kPinset_twitterCom_Data) / sizeof(const char*),
+  kPinset_twitterCom_Data
+};
+
+static const char* const kPinset_twitterCDN_Data[] = {
+  kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
+  kComodo_Trusted_Services_rootFingerprint,
+  kCOMODO_Certification_AuthorityFingerprint,
+  kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
+  kAddTrust_Low_Value_Services_RootFingerprint,
+  kUTN_USERFirst_Object_Root_CAFingerprint,
+  kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint,
+  kGeoTrust_Global_CA_2Fingerprint,
+  kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGlobalSign_Root_CAFingerprint,
+  kUTN_USERFirst_Email_Root_CAFingerprint,
+  kGOOGLE_PIN_VeriSignClass1Fingerprint,
+  kAddTrust_Public_Services_RootFingerprint,
+  kGOOGLE_PIN_UTNDATACorpSGCFingerprint,
+  kComodo_Secure_Services_rootFingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kUTN_USERFirst_Hardware_Root_CAFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kEntrust_Root_Certification_AuthorityFingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kGlobalSign_Root_CA___R3Fingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kGlobalSign_Root_CA___R2Fingerprint,
+  kAddTrust_External_RootFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGOOGLE_PIN_Entrust_SSLFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+  kComodo_AAA_Services_rootFingerprint,
+  kTwitter1Fingerprint,
+  kAddTrust_Qualified_Certificates_RootFingerprint,
+};
+static const StaticFingerprints kPinset_twitterCDN = {
+  sizeof(kPinset_twitterCDN_Data) / sizeof(const char*),
+  kPinset_twitterCDN_Data
+};
+
+static const char* const kPinset_dropbox_Data[] = {
+  kEntrust_Root_Certification_Authority___EC1Fingerprint,
+  kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
+  kGOOGLE_PIN_GoDaddySecureFingerprint,
+  kGo_Daddy_Class_2_CAFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kEntrust_Root_Certification_AuthorityFingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+};
+static const StaticFingerprints kPinset_dropbox = {
+  sizeof(kPinset_dropbox_Data) / sizeof(const char*),
+  kPinset_dropbox_Data
+};
+
+static const char* const kPinset_facebook_Data[] = {
+  kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGOOGLE_PIN_SymantecClass3EVG3Fingerprint,
+  kFacebookBackupFingerprint,
+};
+static const StaticFingerprints kPinset_facebook = {
+  sizeof(kPinset_facebook_Data) / sizeof(const char*),
+  kPinset_facebook_Data
+};
+
+static const char* const kPinset_spideroak_Data[] = {
+  kSpiderOak2Fingerprint,
+  kSpiderOak3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGeoTrust_Global_CAFingerprint,
+};
+static const StaticFingerprints kPinset_spideroak = {
+  sizeof(kPinset_spideroak_Data) / sizeof(const char*),
+  kPinset_spideroak_Data
+};
+
+static const char* const kPinset_yahoo_Data[] = {
+  kYahooBackup1Fingerprint,
+  kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kDigiCert_Trusted_Root_G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kYahooBackup2Fingerprint,
+  kDigiCert_Global_Root_G2Fingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kDigiCert_Global_Root_G3Fingerprint,
+};
+static const StaticFingerprints kPinset_yahoo = {
+  sizeof(kPinset_yahoo_Data) / sizeof(const char*),
+  kPinset_yahoo_Data
+};
+
+static const char* const kPinset_swehackCom_Data[] = {
+  kSwehackFingerprint,
+  kDST_Root_CA_X3Fingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
+  kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
+  kSwehackBackupFingerprint,
+};
+static const StaticFingerprints kPinset_swehackCom = {
+  sizeof(kPinset_swehackCom_Data) / sizeof(const char*),
+  kPinset_swehackCom_Data
+};
+
+static const char* const kPinset_ncsccs_Data[] = {
+  kCOMODO_ECC_Certification_AuthorityFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
+  kCOMODO_RSA_Certification_AuthorityFingerprint,
+  kAddTrust_External_RootFingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
+};
+static const StaticFingerprints kPinset_ncsccs = {
+  sizeof(kPinset_ncsccs_Data) / sizeof(const char*),
+  kPinset_ncsccs_Data
+};
+
+static const char* const kPinset_tumblr_Data[] = {
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kTumblrBackupFingerprint,
+  kGOOGLE_PIN_DigiCertSHA2HighAssuranceServerCAFingerprint,
+};
+static const StaticFingerprints kPinset_tumblr = {
+  sizeof(kPinset_tumblr_Data) / sizeof(const char*),
+  kPinset_tumblr_Data
+};
+
+/* Domainlist */
+struct TransportSecurityPreload {
+  const char* mHost;
+  const bool mIncludeSubdomains;
+  const bool mTestMode;
+  const bool mIsMoz;
+  const int32_t mId;
+  const StaticFingerprints* pinset;
+};
+
+/* Sort hostnames for binary search. */
+static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
+  { "0.me.uk", true, true, false, -1, &kPinset_ncsccs },
+  { "2mdn.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "accounts.firefox.com", true, false, true, 4, &kPinset_mozilla_services },
+  { "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
+  { "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla },
+  { "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services },
+  { "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "apps.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "at.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "au.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla },
+  { "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla },
+  { "az.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "be.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "bi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "blog.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "business.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "business.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "ca.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "cd.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla },
+  { "cdn.mozilla.org", true, false, true, -1, &kPinset_mozilla },
+  { "cg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ch.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "chart.apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "check.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "checkout.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chfr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "chit.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "chrome-devtools-frontend.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chrome.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chrome.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chromiumbugs.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chromiumcodereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "cloud.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "co.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "code.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "code.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "codereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "contributor.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "crbug.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "crosbug.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "crrev.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "developer.android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "developers.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "dist.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "dk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "dl.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "dns.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "do.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "docs.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "domains.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "drive.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "dropbox.com", true, false, false, -1, &kPinset_dropbox },
+  { "dropboxstatic.com", false, true, false, -1, &kPinset_dropbox },
+  { "dropboxusercontent.com", false, true, false, -1, &kPinset_dropbox },
+  { "edit.yahoo.com", true, true, false, -1, &kPinset_yahoo },
+  { "en-maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "encrypted.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "es.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "espanol.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "exclude-subdomains.pinning.example.com", false, false, false, 0, &kPinset_mozilla_test },
+  { "facebook.com", false, false, false, -1, &kPinset_facebook },
+  { "fi.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "fi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "firebaseio.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "fj.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "fr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "g.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "g4w.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "ggpht.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "glass.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gm.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "gmail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "goo.gl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google", true, false, false, -1, &kPinset_google_root_pems },
+  { "google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ac", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ad", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ae", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.af", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ag", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.am", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.as", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.at", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.az", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ba", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.be", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.by", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ca", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cat", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cd", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ch", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ci", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ao", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.bw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ck", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.cr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.hu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.id", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.il", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.im", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.in", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.je", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ke", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.kr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ls", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ma", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.mz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.nz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.th", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.tz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ug", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.uk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.uz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ve", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.vi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.za", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.zm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.zw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.af", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ag", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ai", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ar", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.au", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bd", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.br", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.by", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.do", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ec", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.eg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.et", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.fj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ge", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.hk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.iq", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.jm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.jo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.kh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.kw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.lb", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ly", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.mt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.mx", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.my", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.na", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.nf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ng", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ni", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.np", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.nr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.om", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pe", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ph", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.py", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.qa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ru", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sb", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ua", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.uy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.vc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ve", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.vn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.de", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ee", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.es", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ga", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ge", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ht", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ie", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.im", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.info", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.iq", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.is", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.it", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.it.ao", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.je", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jobs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.kg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ki", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.kz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.la", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.li", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.md", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.me", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ml", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ms", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ne", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ne.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.no", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.off.ai", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ps", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ro", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.rs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ru", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.rw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.se", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.si", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.so", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.st", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.td", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.to", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.us", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.uz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.vg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.vu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ws", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleadservices.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlecode.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlecommerce.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlegroups.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "googleplex.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlesource.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlesyndication.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googletagmanager.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googletagservices.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleusercontent.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlevideo.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleweblight.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "goto.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "groups.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gstatic.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt1.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt2.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt3.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hangouts.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "history.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "hn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "hostedtalkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "id.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ie.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "in.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "inbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "include-subdomains.pinning.example.com", true, false, false, -1, &kPinset_mozilla_test },
+  { "it.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "kr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "kz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "li.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "login.corp.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "login.yahoo.com", true, true, false, -1, &kPinset_yahoo },
+  { "lt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "lu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "lv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "m.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "mail-settings.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mail.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mail.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "malaysia.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "market.android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mbasic.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "meet.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "messenger.com", false, false, false, -1, &kPinset_facebook },
+  { "mobile.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "mt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "mtouch.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "mu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "mw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "mx.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "myaccount.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "myactivity.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "ncsccs.com", true, true, false, -1, &kPinset_ncsccs },
+  { "ni.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "nl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "no.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "np.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "nz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "oauth.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "pa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "payments.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "pe.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ph.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "pinning-test.badssl.com", true, false, false, -1, &kPinset_test },
+  { "pinningtest.appspot.com", true, false, false, -1, &kPinset_test },
+  { "pixel.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "pixel.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "pk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "pl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "play.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "plus.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "pr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "py.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "qc.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "research.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "ro.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ru.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "rw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "script.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "se.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "secure.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "security.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "services.mozilla.com", true, false, true, 6, &kPinset_mozilla_services },
+  { "sg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "sirburton.com", true, true, false, -1, &kPinset_ncsccs },
+  { "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "spideroak.com", true, false, false, -1, &kPinset_spideroak },
+  { "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "static.googleadsserving.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "stats.g.doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "sv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "swehack.org", true, true, false, -1, &kPinset_swehackCom },
+  { "t.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "tablet.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "talk.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test },
+  { "th.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "themathematician.uk", true, true, false, -1, &kPinset_ncsccs },
+  { "torproject.org", false, false, false, -1, &kPinset_tor },
+  { "touch.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "tr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "tv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "tw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "twimg.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "twitter.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "ua.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "uk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "upload.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "urchin.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "uy.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "uz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ve.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "vn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "w-spotlight.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wallet.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-eu-mirror.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-mirror-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-bigsky-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-demo-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-demo-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-dogfood-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-pentest.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-staging-hr.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-training-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-training-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-trial-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "withgoogle.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "withyoutube.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "www.dropbox.com", true, false, false, -1, &kPinset_dropbox },
+  { "www.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "www.gmail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "www.googlegroups.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "www.messenger.com", true, false, false, -1, &kPinset_facebook },
+  { "www.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "www.tumblr.com", false, true, false, -1, &kPinset_tumblr },
+  { "www.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "xa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "xn--7xa.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtu.be", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtube-nocookie.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "za.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+};
+
+// Pinning Preload List Length = 476;
+
+static const int32_t kUnknownId = -1;
+
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1524772960289000);
diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
new file mode 100644
index 000000000..101e2332c
--- /dev/null
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -0,0 +1,1100 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "TransportSecurityInfo.h"
+
+#include "PSMRunnable.h"
+#include "mozilla/Casting.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIArray.h"
+#include "nsICertOverrideService.h"
+#include "nsIDateTimeFormat.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsIWebProgressListener.h"
+#include "nsIX509CertValidity.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsReadableUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "nsXULAppAPI.h"
+#include "pkix/pkixtypes.h"
+#include "secerr.h"
+
+//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal 
+                            //reports when doing SSL read/write
+
+//#define DUMP_BUFFER  //Enable this define along with
+                       //DEBUG_SSL_VERBOSE to dump SSL
+                       //read/write buffer to a log.
+                       //Uses PR_LOG except on Mac where
+                       //we always write out to our own
+                       //file.
+
+namespace mozilla { namespace psm {
+
+TransportSecurityInfo::TransportSecurityInfo()
+  : mMutex("TransportSecurityInfo::mMutex"),
+    mSecurityState(nsIWebProgressListener::STATE_IS_INSECURE),
+    mSubRequestsBrokenSecurity(0),
+    mSubRequestsNoSecurity(0),
+    mErrorCode(0),
+    mErrorMessageType(PlainErrorMessage),
+    mPort(0)
+{
+}
+
+TransportSecurityInfo::~TransportSecurityInfo()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+TransportSecurityInfo::virtualDestroyNSSReference()
+{
+}
+
+NS_IMPL_ISUPPORTS(TransportSecurityInfo,
+                  nsITransportSecurityInfo,
+                  nsIInterfaceRequestor,
+                  nsISSLStatusProvider,
+                  nsIAssociatedContentSecurity,
+                  nsISerializable,
+                  nsIClassInfo)
+
+nsresult
+TransportSecurityInfo::SetHostName(const char* host)
+{
+  mHostName.Adopt(host ? NS_strdup(host) : 0);
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::GetHostName(char **host)
+{
+  *host = (mHostName) ? NS_strdup(mHostName) : nullptr;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetPort(int32_t aPort)
+{
+  mPort = aPort;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::GetPort(int32_t *aPort)
+{
+  *aPort = mPort;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetOriginAttributes(
+  const NeckoOriginAttributes& aOriginAttributes)
+{
+  mOriginAttributes = aOriginAttributes;
+  return NS_OK;
+}
+
+PRErrorCode
+TransportSecurityInfo::GetErrorCode() const
+{
+  MutexAutoLock lock(mMutex);
+
+  return mErrorCode;
+}
+
+void
+TransportSecurityInfo::SetCanceled(PRErrorCode errorCode,
+                                   SSLErrorMessageType errorMessageType)
+{
+  MutexAutoLock lock(mMutex);
+
+  mErrorCode = errorCode;
+  mErrorMessageType = errorMessageType;
+  mErrorMessageCached.Truncate();
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetSecurityState(uint32_t* state)
+{
+  *state = mSecurityState;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetSecurityState(uint32_t aState)
+{
+  mSecurityState = aState;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetCountSubRequestsBrokenSecurity(
+  int32_t *aSubRequestsBrokenSecurity)
+{
+  *aSubRequestsBrokenSecurity = mSubRequestsBrokenSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::SetCountSubRequestsBrokenSecurity(
+  int32_t aSubRequestsBrokenSecurity)
+{
+  mSubRequestsBrokenSecurity = aSubRequestsBrokenSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetCountSubRequestsNoSecurity(
+  int32_t *aSubRequestsNoSecurity)
+{
+  *aSubRequestsNoSecurity = mSubRequestsNoSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::SetCountSubRequestsNoSecurity(
+  int32_t aSubRequestsNoSecurity)
+{
+  mSubRequestsNoSecurity = aSubRequestsNoSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::Flush()
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetErrorMessage(char16_t** aText)
+{
+  NS_ENSURE_ARG_POINTER(aText);
+  *aText = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSSocketInfo::GetErrorMessage called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  if (mErrorMessageCached.IsEmpty()) {
+    nsresult rv = formatErrorMessage(lock, 
+                                     mErrorCode, mErrorMessageType,
+                                     true, true, mErrorMessageCached);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  *aText = ToNewUnicode(mErrorMessageCached);
+  return *aText ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+void
+TransportSecurityInfo::GetErrorLogMessage(PRErrorCode errorCode,
+                                          SSLErrorMessageType errorMessageType,
+                                          nsString &result)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSSocketInfo::GetErrorLogMessage called off the main thread");
+    return;
+  }
+
+  MutexAutoLock lock(mMutex);
+  (void) formatErrorMessage(lock, errorCode, errorMessageType,
+                            false, false, result);
+}
+
+static nsresult
+formatPlainErrorMessage(nsXPIDLCString const & host, int32_t port,
+                        PRErrorCode err, 
+                        bool suppressPort443,
+                        nsString &returnedMessage);
+
+static nsresult
+formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
+                                  PRErrorCode errorCodeToReport, 
+                                  const nsXPIDLCString & host, int32_t port,
+                                  bool suppressPort443,
+                                  bool wantsHtml,
+                                  nsString & returnedMessage);
+
+// XXX: uses nsNSSComponent string bundles off the main thread when called by
+//      nsNSSSocketInfo::Write().
+nsresult
+TransportSecurityInfo::formatErrorMessage(MutexAutoLock const & proofOfLock, 
+                                          PRErrorCode errorCode,
+                                          SSLErrorMessageType errorMessageType,
+                                          bool wantsHtml, bool suppressPort443, 
+                                          nsString &result)
+{
+  result.Truncate();
+  if (errorCode == 0) {
+    return NS_OK;
+  }
+
+  if (!XRE_IsParentProcess()) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  nsresult rv;
+  NS_ConvertASCIItoUTF16 hostNameU(mHostName);
+  NS_ASSERTION(errorMessageType != OverridableCertErrorMessage || 
+                (mSSLStatus && mSSLStatus->HasServerCert() &&
+                 mSSLStatus->mHaveCertErrorBits),
+                "GetErrorLogMessage called for cert error without cert");
+  if (errorMessageType == OverridableCertErrorMessage && 
+      mSSLStatus && mSSLStatus->HasServerCert()) {
+    rv = formatOverridableCertErrorMessage(*mSSLStatus, errorCode,
+                                           mHostName, mPort,
+                                           suppressPort443,
+                                           wantsHtml,
+                                           result);
+  } else {
+    rv = formatPlainErrorMessage(mHostName, mPort, 
+                                 errorCode,
+                                 suppressPort443,
+                                 result);
+  }
+
+  if (NS_FAILED(rv)) {
+    result.Truncate();
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetErrorCode(int32_t* state)
+{
+  *state = GetErrorCode();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSSocketInfo::GetInterface called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+  if (!mCallbacks) {
+    nsCOMPtr<nsIInterfaceRequestor> ir = new PipUIContext();
+    rv = ir->GetInterface(uuid, result);
+  } else {
+    rv = mCallbacks->GetInterface(uuid, result);
+  }
+  return rv;
+}
+
+// This is a new magic value. However, it re-uses the first 4 bytes
+// of the previous value. This is so when older versions attempt to
+// read a newer serialized TransportSecurityInfo, they will actually
+// fail and return NS_ERROR_FAILURE instead of silently failing.
+#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0x1faa, 0x4169, \
+  { 0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde } }
+static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC);
+
+NS_IMETHODIMP
+TransportSecurityInfo::Write(nsIObjectOutputStream* stream)
+{
+  nsresult rv = stream->WriteID(kTransportSecurityInfoMagic);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  rv = stream->Write32(mSecurityState);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = stream->Write32(mSubRequestsBrokenSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = stream->Write32(mSubRequestsNoSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = stream->Write32(static_cast<uint32_t>(mErrorCode));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (mErrorMessageCached.IsEmpty()) {
+    // XXX: uses nsNSSComponent string bundles off the main thread
+    rv = formatErrorMessage(lock, mErrorCode, mErrorMessageType,
+                            true, true, mErrorMessageCached);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+  rv = stream->WriteWStringZ(mErrorMessageCached.get());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // For successful connections and for connections with overridable errors,
+  // mSSLStatus will be non-null. However, for connections with non-overridable
+  // errors, it will be null.
+  nsCOMPtr<nsISerializable> serializable(mSSLStatus);
+  rv = NS_WriteOptionalCompoundObject(stream,
+                                      serializable,
+                                      NS_GET_IID(nsISSLStatus),
+                                      true);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = NS_WriteOptionalCompoundObject(stream,
+                                      mFailedCertChain,
+                                      NS_GET_IID(nsIX509CertList),
+                                      true);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::Read(nsIObjectInputStream* stream)
+{
+  nsID id;
+  nsresult rv = stream->ReadID(&id);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!id.Equals(kTransportSecurityInfoMagic)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  rv = stream->Read32(&mSecurityState);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  uint32_t subRequestsBrokenSecurity;
+  rv = stream->Read32(&subRequestsBrokenSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (subRequestsBrokenSecurity >
+      static_cast<uint32_t>(std::numeric_limits<int32_t>::max())) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  mSubRequestsBrokenSecurity = subRequestsBrokenSecurity;
+  uint32_t subRequestsNoSecurity;
+  rv = stream->Read32(&subRequestsNoSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (subRequestsNoSecurity >
+      static_cast<uint32_t>(std::numeric_limits<int32_t>::max())) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  mSubRequestsNoSecurity = subRequestsNoSecurity;
+  uint32_t errorCode;
+  rv = stream->Read32(&errorCode);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // PRErrorCode will be a negative value
+  mErrorCode = static_cast<PRErrorCode>(errorCode);
+
+  rv = stream->ReadString(mErrorMessageCached);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // For successful connections and for connections with overridable errors,
+  // mSSLStatus will be non-null. For connections with non-overridable errors,
+  // it will be null.
+  nsCOMPtr<nsISupports> supports;
+  rv = NS_ReadOptionalObject(stream, true, getter_AddRefs(supports));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  mSSLStatus = BitwiseCast<nsSSLStatus*, nsISupports*>(supports.get());
+
+  nsCOMPtr<nsISupports> failedCertChainSupports;
+  rv = NS_ReadOptionalObject(stream, true, getter_AddRefs(failedCertChainSupports));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  mFailedCertChain = do_QueryInterface(failedCertChainSupports);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetInterfaces(uint32_t *count, nsIID * **array)
+{
+  *count = 0;
+  *array = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetScriptableHelper(nsIXPCScriptable **_retval)
+{
+  *_retval = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetContractID(char * *aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetClassDescription(char * *aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetClassID(nsCID * *aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID)
+    return NS_ERROR_OUT_OF_MEMORY;
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetFlags(uint32_t *aFlags)
+{
+  *aFlags = 0;
+  return NS_OK;
+}
+
+static NS_DEFINE_CID(kNSSSocketInfoCID, TRANSPORTSECURITYINFO_CID);
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
+{
+  *aClassIDNoAlloc = kNSSSocketInfoCID;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::GetSSLStatus(nsISSLStatus** _result)
+{
+  NS_ENSURE_ARG_POINTER(_result);
+
+  *_result = mSSLStatus;
+  NS_IF_ADDREF(*_result);
+
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetSSLStatus(nsSSLStatus *aSSLStatus)
+{
+  mSSLStatus = aSSLStatus;
+
+  return NS_OK;
+}
+
+/* Formats an error message for non-certificate-related SSL errors
+ * and non-overridable certificate errors (both are of type
+ * PlainErrormMessage). Use formatOverridableCertErrorMessage
+ * for overridable cert errors.
+ */
+static nsresult
+formatPlainErrorMessage(const nsXPIDLCString &host, int32_t port,
+                        PRErrorCode err, 
+                        bool suppressPort443,
+                        nsString &returnedMessage)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  const char16_t *params[1];
+  nsresult rv;
+
+  nsCOMPtr<nsINSSComponent> component = do_GetService(kNSSComponentCID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  if (host.Length())
+  {
+    nsString hostWithPort;
+
+    // For now, hide port when it's 443 and we're reporting the error.
+    // In the future a better mechanism should be used
+    // to make a decision about showing the port number, possibly by requiring
+    // the context object to implement a specific interface.
+    // The motivation is that Mozilla browser would like to hide the port number
+    // in error pages in the common case.
+
+    hostWithPort.AssignASCII(host);
+    if (!suppressPort443 || port != 443) {
+      hostWithPort.Append(':');
+      hostWithPort.AppendInt(port);
+    }
+    params[0] = hostWithPort.get();
+
+    nsString formattedString;
+    rv = component->PIPBundleFormatStringFromName("SSLConnectionErrorPrefix", 
+                                                  params, 1, 
+                                                  formattedString);
+    if (NS_SUCCEEDED(rv))
+    {
+      returnedMessage.Append(formattedString);
+      returnedMessage.AppendLiteral("\n\n");
+    }
+  }
+
+  nsString explanation;
+  rv = nsNSSErrors::getErrorMessageFromCode(err, component, explanation);
+  if (NS_SUCCEEDED(rv))
+    returnedMessage.Append(explanation);
+
+  return NS_OK;
+}
+
+static void
+AppendErrorTextUntrusted(PRErrorCode errTrust,
+                         const nsString &host,
+                         nsIX509Cert* ix509,
+                         nsINSSComponent *component,
+                         nsString &returnedMessage)
+{
+  const char* errorID = nullptr;
+  const char* errorID2 = nullptr;
+  const char* errorID3 = nullptr;
+  bool isSelfSigned;
+  if (NS_SUCCEEDED(ix509->GetIsSelfSigned(&isSelfSigned)) && isSelfSigned) {
+    errorID = "certErrorTrust_SelfSigned";
+  }
+
+  if (!errorID) {
+    switch (errTrust) {
+      case SEC_ERROR_UNKNOWN_ISSUER:
+        errorID = "certErrorTrust_UnknownIssuer";
+        errorID2 = "certErrorTrust_UnknownIssuer2";
+        errorID3 = "certErrorTrust_UnknownIssuer3";
+        break;
+      case SEC_ERROR_CA_CERT_INVALID:
+        errorID = "certErrorTrust_CaInvalid";
+        break;
+      case SEC_ERROR_UNTRUSTED_ISSUER:
+        errorID = "certErrorTrust_Issuer";
+        break;
+      case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+        errorID = "certErrorTrust_SignatureAlgorithmDisabled";
+        break;
+      case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+        errorID = "certErrorTrust_ExpiredIssuer";
+        break;
+      case SEC_ERROR_UNTRUSTED_CERT:
+      default:
+        errorID = "certErrorTrust_Untrusted";
+        break;
+    }
+  }
+
+  const char* errorIDs[] = { errorID, errorID2, errorID3 };
+  for (size_t i = 0; i < ArrayLength(errorIDs); i++) {
+    if (!errorIDs[i]) {
+      break;
+    }
+
+    nsString formattedString;
+    nsresult rv = component->GetPIPNSSBundleString(errorIDs[i], formattedString);
+    if (NS_SUCCEEDED(rv)) {
+      returnedMessage.Append(formattedString);
+      returnedMessage.Append('\n');
+    }
+  }
+}
+
+// Returns the number of dNSName or iPAddress entries encountered in the
+// subject alternative name extension of the certificate.
+// Returns zero if the extension is not present, could not be decoded, or if it
+// does not contain any dNSName or iPAddress entries.
+static uint32_t
+GetSubjectAltNames(CERTCertificate* nssCert, nsString& allNames)
+{
+  allNames.Truncate();
+
+  ScopedAutoSECItem altNameExtension;
+  SECStatus rv = CERT_FindCertExtension(nssCert, SEC_OID_X509_SUBJECT_ALT_NAME,
+                                        &altNameExtension);
+  if (rv != SECSuccess) {
+    return 0;
+  }
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return 0;
+  }
+  CERTGeneralName* sanNameList(CERT_DecodeAltNameExtension(arena.get(),
+                                                           &altNameExtension));
+  if (!sanNameList) {
+    return 0;
+  }
+
+  uint32_t nameCount = 0;
+  CERTGeneralName* current = sanNameList;
+  do {
+    nsAutoString name;
+    switch (current->type) {
+      case certDNSName:
+        {
+          nsDependentCSubstring nameFromCert(BitwiseCast<char*, unsigned char*>(
+                                               current->name.other.data),
+                                             current->name.other.len);
+          // dNSName fields are defined as type IA5String and thus should
+          // be limited to ASCII characters.
+          if (IsASCII(nameFromCert)) {
+            name.Assign(NS_ConvertASCIItoUTF16(nameFromCert));
+            if (!allNames.IsEmpty()) {
+              allNames.AppendLiteral(", ");
+            }
+            ++nameCount;
+            allNames.Append(name);
+          }
+        }
+        break;
+
+      case certIPAddress:
+        {
+          char buf[INET6_ADDRSTRLEN];
+          PRNetAddr addr;
+          if (current->name.other.len == 4) {
+            addr.inet.family = PR_AF_INET;
+            memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len);
+            PR_NetAddrToString(&addr, buf, sizeof(buf));
+            name.AssignASCII(buf);
+          } else if (current->name.other.len == 16) {
+            addr.ipv6.family = PR_AF_INET6;
+            memcpy(&addr.ipv6.ip, current->name.other.data, current->name.other.len);
+            PR_NetAddrToString(&addr, buf, sizeof(buf));
+            name.AssignASCII(buf);
+          } else {
+            /* invalid IP address */
+          }
+          if (!name.IsEmpty()) {
+            if (!allNames.IsEmpty()) {
+              allNames.AppendLiteral(", ");
+            }
+            ++nameCount;
+            allNames.Append(name);
+          }
+          break;
+        }
+
+      default: // all other types of names are ignored
+        break;
+    }
+    current = CERT_GetNextGeneralName(current);
+  } while (current != sanNameList); // double linked
+
+  return nameCount;
+}
+
+static nsresult
+AppendErrorTextMismatch(const nsString& host, nsIX509Cert* ix509,
+                        nsINSSComponent* component, bool wantsHtml,
+                        nsString& returnedMessage)
+{
+  // Prepare a default "not valid for <hostname>" string in case anything
+  // goes wrong (or in case the certificate is not valid for any hostnames).
+  nsAutoString notValidForHostnameString;
+  const char16_t* params[1];
+  params[0] = host.get();
+  nsresult rv = component->PIPBundleFormatStringFromName(
+    "certErrorMismatch", params, 1, notValidForHostnameString);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  notValidForHostnameString.Append('\n');
+
+  UniqueCERTCertificate nssCert(ix509->GetCert());
+  if (!nssCert) {
+    returnedMessage.Append(notValidForHostnameString);
+    return NS_OK;
+  }
+
+  nsAutoString allNames;
+  uint32_t nameCount = GetSubjectAltNames(nssCert.get(), allNames);
+  if (nameCount == 0) {
+    returnedMessage.Append(notValidForHostnameString);
+  } else if (nameCount > 1) {
+    nsString message;
+    rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", message);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    returnedMessage.Append(message);
+    returnedMessage.AppendLiteral("\n  ");
+    returnedMessage.Append(allNames);
+    returnedMessage.AppendLiteral("  \n");
+  } else if (nameCount == 1) {
+    params[0] = allNames.get();
+
+    const char* stringID = wantsHtml ? "certErrorMismatchSingle2"
+                                     : "certErrorMismatchSinglePlain";
+    nsAutoString formattedString;
+    rv = component->PIPBundleFormatStringFromName(stringID, params, 1,
+                                                  formattedString);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    returnedMessage.Append(formattedString);
+    returnedMessage.Append('\n');
+  }
+
+  return NS_OK;
+}
+
+static void
+GetDateBoundary(nsIX509Cert* ix509,
+                nsString &formattedDate,
+                nsString &nowDate,
+                bool &trueExpired_falseNotYetValid)
+{
+  trueExpired_falseNotYetValid = true;
+  formattedDate.Truncate();
+
+  PRTime notAfter, notBefore, timeToUse;
+  nsCOMPtr<nsIX509CertValidity> validity;
+  nsresult rv;
+
+  rv = ix509->GetValidity(getter_AddRefs(validity));
+  if (NS_FAILED(rv))
+    return;
+
+  rv = validity->GetNotAfter(&notAfter);
+  if (NS_FAILED(rv))
+    return;
+
+  rv = validity->GetNotBefore(&notBefore);
+  if (NS_FAILED(rv))
+    return;
+
+  PRTime now = PR_Now();
+  if (now > notAfter) {
+    timeToUse = notAfter;
+  } else {
+    timeToUse = notBefore;
+    trueExpired_falseNotYetValid = false;
+  }
+
+  nsCOMPtr<nsIDateTimeFormat> dateTimeFormat = nsIDateTimeFormat::Create();
+  if (!dateTimeFormat) {
+    return;
+  }
+
+  dateTimeFormat->FormatPRTime(nullptr, kDateFormatLong, kTimeFormatNoSeconds,
+                               timeToUse, formattedDate);
+  dateTimeFormat->FormatPRTime(nullptr, kDateFormatLong, kTimeFormatNoSeconds,
+                               now, nowDate);
+}
+
+static void
+AppendErrorTextTime(nsIX509Cert* ix509,
+                    nsINSSComponent *component,
+                    nsString &returnedMessage)
+{
+  nsAutoString formattedDate, nowDate;
+  bool trueExpired_falseNotYetValid;
+  GetDateBoundary(ix509, formattedDate, nowDate, trueExpired_falseNotYetValid);
+
+  const char16_t *params[2];
+  params[0] = formattedDate.get(); // might be empty, if helper function had a problem 
+  params[1] = nowDate.get();
+
+  const char *key = trueExpired_falseNotYetValid ? 
+                    "certErrorExpiredNow" : "certErrorNotYetValidNow";
+  nsresult rv;
+  nsString formattedString;
+  rv = component->PIPBundleFormatStringFromName(
+           key,
+           params, 
+           ArrayLength(params),
+           formattedString);
+  if (NS_SUCCEEDED(rv))
+  {
+    returnedMessage.Append(formattedString);
+    returnedMessage.Append('\n');
+  }
+}
+
+static void
+AppendErrorTextCode(PRErrorCode errorCodeToReport,
+                    nsINSSComponent *component,
+                    nsString &returnedMessage)
+{
+  const char *codeName = nsNSSErrors::getDefaultErrorStringName(errorCodeToReport);
+  if (codeName)
+  {
+    nsCString error_id(codeName);
+    NS_ConvertASCIItoUTF16 idU(error_id);
+
+    const char16_t *params[1];
+    params[0] = idU.get();
+
+    nsString formattedString;
+    nsresult rv;
+    rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2",
+                                                  params, 1, 
+                                                  formattedString);
+    if (NS_SUCCEEDED(rv)) {
+      returnedMessage.Append('\n');
+      returnedMessage.Append(formattedString);
+      returnedMessage.Append('\n');
+    }
+    else {
+      returnedMessage.AppendLiteral(" (");
+      returnedMessage.Append(idU);
+      returnedMessage.Append(')');
+    }
+  }
+}
+
+/* Formats an error message for overridable certificate errors (of type
+ * OverridableCertErrorMessage). Use formatPlainErrorMessage to format
+ * non-overridable cert errors and non-cert-related errors.
+ */
+static nsresult
+formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
+                                  PRErrorCode errorCodeToReport, 
+                                  const nsXPIDLCString & host, int32_t port,
+                                  bool suppressPort443,
+                                  bool wantsHtml,
+                                  nsString & returnedMessage)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  const char16_t *params[1];
+  nsresult rv;
+  nsAutoString hostWithPort;
+  nsAutoString hostWithoutPort;
+
+  // For now, hide port when it's 443 and we're reporting the error.
+  // In the future a better mechanism should be used
+  // to make a decision about showing the port number, possibly by requiring
+  // the context object to implement a specific interface.
+  // The motivation is that Mozilla browser would like to hide the port number
+  // in error pages in the common case.
+  
+  hostWithoutPort.AppendASCII(host);
+  if (suppressPort443 && port == 443) {
+    params[0] = hostWithoutPort.get();
+  } else {
+    hostWithPort.AppendASCII(host);
+    hostWithPort.Append(':');
+    hostWithPort.AppendInt(port);
+    params[0] = hostWithPort.get();
+  }
+
+  nsCOMPtr<nsINSSComponent> component = do_GetService(kNSSComponentCID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  returnedMessage.Truncate();
+  rv = component->PIPBundleFormatStringFromName("certErrorIntro", params, 1,
+                                                returnedMessage);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  returnedMessage.AppendLiteral("\n\n");
+
+  RefPtr<nsIX509Cert> ix509;
+  rv = sslStatus.GetServerCert(getter_AddRefs(ix509));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  bool isUntrusted;
+  rv = sslStatus.GetIsUntrusted(&isUntrusted);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (isUntrusted) {
+    AppendErrorTextUntrusted(errorCodeToReport, hostWithoutPort, ix509, 
+                             component, returnedMessage);
+  }
+
+  bool isDomainMismatch;
+  rv = sslStatus.GetIsDomainMismatch(&isDomainMismatch);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (isDomainMismatch) {
+    rv = AppendErrorTextMismatch(hostWithoutPort, ix509, component, wantsHtml,
+                                 returnedMessage);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  bool isNotValidAtThisTime;
+  rv = sslStatus.GetIsNotValidAtThisTime(&isNotValidAtThisTime);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (isNotValidAtThisTime) {
+    AppendErrorTextTime(ix509, component, returnedMessage);
+  }
+
+  AppendErrorTextCode(errorCodeToReport, component, returnedMessage);
+
+  return NS_OK;
+}
+
+// RememberCertErrorsTable
+
+/*static*/ RememberCertErrorsTable*
+RememberCertErrorsTable::sInstance = nullptr;
+
+RememberCertErrorsTable::RememberCertErrorsTable()
+  : mErrorHosts()
+  , mMutex("RememberCertErrorsTable::mMutex")
+{
+}
+
+static nsresult
+GetHostPortKey(TransportSecurityInfo* infoObject, nsAutoCString &result)
+{
+  nsresult rv;
+
+  result.Truncate();
+
+  nsXPIDLCString hostName;
+  rv = infoObject->GetHostName(getter_Copies(hostName));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  int32_t port;
+  rv = infoObject->GetPort(&port);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  result.Assign(hostName);
+  result.Append(':');
+  result.AppendInt(port);
+
+  return NS_OK;
+}
+
+void
+RememberCertErrorsTable::RememberCertHasError(TransportSecurityInfo* infoObject,
+                                              nsSSLStatus* status,
+                                              SECStatus certVerificationResult)
+{
+  nsresult rv;
+
+  nsAutoCString hostPortKey;
+  rv = GetHostPortKey(infoObject, hostPortKey);
+  if (NS_FAILED(rv))
+    return;
+
+  if (certVerificationResult != SECSuccess) {
+    NS_ASSERTION(status,
+        "Must have nsSSLStatus object when remembering flags");
+
+    if (!status)
+      return;
+
+    CertStateBits bits;
+    bits.mIsDomainMismatch = status->mIsDomainMismatch;
+    bits.mIsNotValidAtThisTime = status->mIsNotValidAtThisTime;
+    bits.mIsUntrusted = status->mIsUntrusted;
+
+    MutexAutoLock lock(mMutex);
+    mErrorHosts.Put(hostPortKey, bits);
+  }
+  else {
+    MutexAutoLock lock(mMutex);
+    mErrorHosts.Remove(hostPortKey);
+  }
+}
+
+void
+RememberCertErrorsTable::LookupCertErrorBits(TransportSecurityInfo* infoObject,
+                                             nsSSLStatus* status)
+{
+  // Get remembered error bits from our cache, because of SSL session caching
+  // the NSS library potentially hasn't notified us for this socket.
+  if (status->mHaveCertErrorBits)
+    // Rather do not modify bits if already set earlier
+    return;
+
+  nsresult rv;
+
+  nsAutoCString hostPortKey;
+  rv = GetHostPortKey(infoObject, hostPortKey);
+  if (NS_FAILED(rv))
+    return;
+
+  CertStateBits bits;
+  {
+    MutexAutoLock lock(mMutex);
+    if (!mErrorHosts.Get(hostPortKey, &bits))
+      // No record was found, this host had no cert errors
+      return;
+  }
+
+  // This host had cert errors, update the bits correctly
+  status->mHaveCertErrorBits = true;
+  status->mIsDomainMismatch = bits.mIsDomainMismatch;
+  status->mIsNotValidAtThisTime = bits.mIsNotValidAtThisTime;
+  status->mIsUntrusted = bits.mIsUntrusted;
+}
+
+void
+TransportSecurityInfo::SetStatusErrorBits(nsNSSCertificate* cert,
+                                          uint32_t collected_errors)
+{
+  MutexAutoLock lock(mMutex);
+
+  if (!mSSLStatus) {
+    mSSLStatus = new nsSSLStatus();
+  }
+
+  mSSLStatus->SetServerCert(cert, EVStatus::NotEV);
+
+  mSSLStatus->mHaveCertErrorBits = true;
+  mSSLStatus->mIsDomainMismatch = 
+    collected_errors & nsICertOverrideService::ERROR_MISMATCH;
+  mSSLStatus->mIsNotValidAtThisTime = 
+    collected_errors & nsICertOverrideService::ERROR_TIME;
+  mSSLStatus->mIsUntrusted = 
+    collected_errors & nsICertOverrideService::ERROR_UNTRUSTED;
+
+  RememberCertErrorsTable::GetInstance().RememberCertHasError(this,
+                                                              mSSLStatus,
+                                                              SECFailure);
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetFailedCertChain(nsIX509CertList** _result)
+{
+  NS_ASSERTION(_result, "non-NULL destination required");
+
+  *_result = mFailedCertChain;
+  NS_IF_ADDREF(*_result);
+
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetFailedCertChain(UniqueCERTCertList certList)
+{
+  nsNSSShutDownPreventionLock lock;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // nsNSSCertList takes ownership of certList
+  mFailedCertChain = new nsNSSCertList(Move(certList), lock);
+
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/TransportSecurityInfo.h b/security/manager/ssl/TransportSecurityInfo.h
new file mode 100644
index 000000000..7f8847852
--- /dev/null
+++ b/security/manager/ssl/TransportSecurityInfo.h
@@ -0,0 +1,171 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef TransportSecurityInfo_h
+#define TransportSecurityInfo_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "nsDataHashtable.h"
+#include "nsIAssociatedContentSecurity.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsISSLStatusProvider.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsNSSShutDown.h"
+#include "nsSSLStatus.h"
+#include "pkix/pkixtypes.h"
+
+namespace mozilla { namespace psm {
+
+enum SSLErrorMessageType {
+  OverridableCertErrorMessage  = 1, // for *overridable* certificate errors
+  PlainErrorMessage = 2             // all other errors (or "no error")
+};
+
+class TransportSecurityInfo : public nsITransportSecurityInfo,
+                              public nsIInterfaceRequestor,
+                              public nsISSLStatusProvider,
+                              public nsIAssociatedContentSecurity,
+                              public nsISerializable,
+                              public nsIClassInfo,
+                              public nsNSSShutDownObject,
+                              public nsOnPK11LogoutCancelObject
+{
+protected:
+  virtual ~TransportSecurityInfo();
+public:
+  TransportSecurityInfo();
+  
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSITRANSPORTSECURITYINFO
+  NS_DECL_NSIINTERFACEREQUESTOR
+  NS_DECL_NSISSLSTATUSPROVIDER
+  NS_DECL_NSIASSOCIATEDCONTENTSECURITY
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsresult SetSecurityState(uint32_t aState);
+  nsresult SetShortSecurityDescription(const char16_t *aText);
+
+  const nsACString & GetHostName() const { return mHostName; }
+  const char * GetHostNameRaw() const { return mHostName.get(); }
+
+  nsresult GetHostName(char **aHostName);
+  nsresult SetHostName(const char *aHostName);
+
+  int32_t GetPort() const { return mPort; }
+  nsresult GetPort(int32_t *aPort);
+  nsresult SetPort(int32_t aPort);
+
+  const NeckoOriginAttributes& GetOriginAttributes() const {
+    return mOriginAttributes;
+  }
+  nsresult SetOriginAttributes(const NeckoOriginAttributes& aOriginAttributes);
+
+  PRErrorCode GetErrorCode() const;
+  
+  void GetErrorLogMessage(PRErrorCode errorCode,
+                          ::mozilla::psm::SSLErrorMessageType errorMessageType,
+                          nsString &result);
+  
+  void SetCanceled(PRErrorCode errorCode,
+                   ::mozilla::psm::SSLErrorMessageType errorMessageType);
+
+  /* Set SSL Status values */
+  nsresult SetSSLStatus(nsSSLStatus *aSSLStatus);
+  nsSSLStatus* SSLStatus() { return mSSLStatus; }
+  void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors);
+
+  nsresult SetFailedCertChain(UniqueCERTCertList certList);
+
+private:
+  mutable ::mozilla::Mutex mMutex;
+
+protected:
+  nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
+
+private:
+  uint32_t mSecurityState;
+  int32_t mSubRequestsBrokenSecurity;
+  int32_t mSubRequestsNoSecurity;
+
+  PRErrorCode mErrorCode;
+  ::mozilla::psm::SSLErrorMessageType mErrorMessageType;
+  nsString mErrorMessageCached;
+  nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock, 
+                              PRErrorCode errorCode,
+                              ::mozilla::psm::SSLErrorMessageType errorMessageType,
+                              bool wantsHtml, bool suppressPort443, 
+                              nsString &result);
+
+  int32_t mPort;
+  nsXPIDLCString mHostName;
+  NeckoOriginAttributes mOriginAttributes;
+
+  /* SSL Status */
+  RefPtr<nsSSLStatus> mSSLStatus;
+
+  /* Peer cert chain for failed connections (for error reporting) */
+  nsCOMPtr<nsIX509CertList> mFailedCertChain;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+class RememberCertErrorsTable
+{
+private:
+  RememberCertErrorsTable();
+
+  struct CertStateBits
+  {
+    bool mIsDomainMismatch;
+    bool mIsNotValidAtThisTime;
+    bool mIsUntrusted;
+  };
+  nsDataHashtable<nsCStringHashKey, CertStateBits> mErrorHosts;
+
+public:
+  void RememberCertHasError(TransportSecurityInfo * infoobject,
+                            nsSSLStatus * status,
+                            SECStatus certVerificationResult);
+  void LookupCertErrorBits(TransportSecurityInfo * infoObject,
+                           nsSSLStatus* status);
+
+  static nsresult Init()
+  {
+    sInstance = new RememberCertErrorsTable();
+    return NS_OK;
+  }
+
+  static RememberCertErrorsTable & GetInstance()
+  {
+    MOZ_ASSERT(sInstance);
+    return *sInstance;
+  }
+
+  static void Cleanup()
+  {
+    delete sInstance;
+    sInstance = nullptr;
+  }
+private:
+  Mutex mMutex;
+
+  static RememberCertErrorsTable * sInstance;
+};
+
+} } // namespace mozilla::psm
+
+// 16786594-0296-4471-8096-8f84497ca428
+#define TRANSPORTSECURITYINFO_CID \
+{ 0x16786594, 0x0296, 0x4471, \
+    { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }
+
+#endif // TransportSecurityInfo_h
diff --git a/security/manager/ssl/WeakCryptoOverride.cpp b/security/manager/ssl/WeakCryptoOverride.cpp
new file mode 100644
index 000000000..6b86e9f86
--- /dev/null
+++ b/security/manager/ssl/WeakCryptoOverride.cpp
@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WeakCryptoOverride.h"
+
+#include "MainThreadUtils.h"
+#include "SharedSSLState.h"
+#include "nss.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(WeakCryptoOverride,
+                  nsIWeakCryptoOverride)
+
+WeakCryptoOverride::WeakCryptoOverride()
+{
+}
+
+WeakCryptoOverride::~WeakCryptoOverride()
+{
+}
+
+NS_IMETHODIMP
+WeakCryptoOverride::AddWeakCryptoOverride(const nsACString& aHostName,
+                                          bool aPrivate, bool aTemporary)
+{
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  SharedSSLState* sharedState = aPrivate ? PrivateSSLState()
+                                         : PublicSSLState();
+  if (!sharedState) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  const nsPromiseFlatCString& host = PromiseFlatCString(aHostName);
+  sharedState->IOLayerHelpers().addInsecureFallbackSite(host, aTemporary);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+WeakCryptoOverride::RemoveWeakCryptoOverride(const nsACString& aHostName,
+                                             int32_t aPort, bool aPrivate)
+{
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  SharedSSLState* sharedState = aPrivate ? PrivateSSLState()
+                                         : PublicSSLState();
+  if (!sharedState) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  const nsPromiseFlatCString& host = PromiseFlatCString(aHostName);
+  sharedState->IOLayerHelpers().removeInsecureFallbackSite(host, aPort);
+
+  // Some servers will fail with SSL_ERROR_ILLEGAL_PARAMETER_ALERT
+  // unless the session cache is cleared.
+  SSL_ClearSessionCache();
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/WeakCryptoOverride.h b/security/manager/ssl/WeakCryptoOverride.h
new file mode 100644
index 000000000..fefee75ef
--- /dev/null
+++ b/security/manager/ssl/WeakCryptoOverride.h
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WEAKCRYPTOOVERRIDE_H
+#define WEAKCRYPTOOVERRIDE_H
+
+#include "nsIWeakCryptoOverride.h"
+#include "nsWeakReference.h"
+
+namespace mozilla {
+namespace psm {
+
+class WeakCryptoOverride final : public nsIWeakCryptoOverride
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIWEAKCRYPTOOVERRIDE
+
+  WeakCryptoOverride();
+
+protected:
+  ~WeakCryptoOverride();
+};
+
+} // psm
+} // mozilla
+
+#define NS_WEAKCRYPTOOVERRIDE_CID /* ffb06724-3c20-447c-8328-ae71513dd618 */ \
+{ 0xffb06724, 0x3c20, 0x447c, \
+  { 0x83, 0x28, 0xae, 0x71, 0x51, 0x3d, 0xd6, 0x18 } }
+
+#endif
diff --git a/security/manager/ssl/X509.jsm b/security/manager/ssl/X509.jsm
new file mode 100644
index 000000000..be107454e
--- /dev/null
+++ b/security/manager/ssl/X509.jsm
@@ -0,0 +1,632 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const Cu = Components.utils;
+var { DER } = Cu.import("resource://gre/modules/psm/DER.jsm", {});
+
+const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1";
+const ERROR_TIME_NOT_VALID = "Time not valid";
+const ERROR_LIBRARY_FAILURE = "library failure";
+
+const X509v3 = 2;
+
+/**
+ * Helper function to read a NULL tag from the given DER.
+ * @param {DER} der a DER object to read a NULL from
+ * @return {NULL} an object representing an ASN.1 NULL
+ */
+function readNULL(der) {
+  return new NULL(der.readTagAndGetContents(DER.NULL));
+}
+
+/**
+ * Class representing an ASN.1 NULL. When encoded as DER, the only valid value
+ * is 05 00, and thus the contents should always be an empty array.
+ */
+class NULL {
+  /**
+   * @param {Number[]} bytes the contents of the NULL tag (should be empty)
+   */
+  constructor(bytes) {
+    // Lint TODO: bytes should be an empty array
+    this._contents = bytes;
+  }
+}
+
+/**
+ * Helper function to read an OBJECT IDENTIFIER from the given DER.
+ * @param {DER} der the DER to read an OBJECT IDENTIFIER from
+ * @return {OID} the value of the OBJECT IDENTIFIER
+ */
+function readOID(der) {
+  return new OID(der.readTagAndGetContents(DER.OBJECT_IDENTIFIER));
+}
+
+/** Class representing an ASN.1 OBJECT IDENTIFIER */
+class OID {
+  /**
+   * @param {Number[]} bytes the encoded contents of the OBJECT IDENTIFIER
+   *                   (not including the ASN.1 tag or length bytes)
+   */
+  constructor(bytes) {
+    this._values = [];
+    // First octet has value 40 * value1 + value2
+    // Lint TODO: validate that value1 is one of {0, 1, 2}
+    // Lint TODO: validate that value2 is in [0, 39] if value1 is 0 or 1
+    let value1 = Math.floor(bytes[0] / 40);
+    let value2 = bytes[0] - 40 * value1;
+    this._values.push(value1);
+    this._values.push(value2);
+    bytes.shift();
+    let accumulator = 0;
+    // Lint TODO: prevent overflow here
+    while (bytes.length > 0) {
+      let value = bytes.shift();
+      accumulator *= 128;
+      if (value > 128) {
+        accumulator += (value - 128);
+      } else {
+        accumulator += value;
+        this._values.push(accumulator);
+        accumulator = 0;
+      }
+    }
+  }
+}
+
+/**
+ * Class that serves as an abstract base class for more specific classes that
+ * represent datatypes from RFC 5280 and others. Given an array of bytes
+ * representing the DER encoding of such types, this framework simplifies the
+ * process of making a new DER object, attempting to parse the given bytes, and
+ * catching and stashing thrown exceptions. Subclasses are to implement
+ * parseOverride, which should read from this._der to fill out the structure's
+ * values.
+ */
+class DecodedDER {
+  constructor() {
+    this._der = null;
+    this._error = null;
+  }
+
+  /**
+   * Returns the first exception encountered when decoding or null if none has
+   * been encountered.
+   * @return {Error} the first exception encountered when decoding or null
+   */
+  get error() {
+    return this._error;
+  }
+
+  /**
+   * Does the actual work of parsing the data. To be overridden by subclasses.
+   * If an implementation of parseOverride throws an exception, parse will catch
+   * that exception and stash it in the error property. This enables parent
+   * levels in a nested decoding hierarchy to continue to decode as much as
+   * possible.
+   */
+  parseOverride() {
+    throw new Error(ERROR_LIBRARY_FAILURE);
+  }
+
+  /**
+   * Public interface to be called to parse all data. Calls parseOverride inside
+   * a try/catch block. If an exception is thrown, stashes the error, which can
+   * be obtained via the error getter (above).
+   * @param {Number[]} bytes encoded DER to be decoded
+   */
+  parse(bytes) {
+    this._der = new DER.DER(bytes);
+    try {
+      this.parseOverride();
+    } catch (e) {
+      this._error = e;
+    }
+  }
+}
+
+/**
+ * Helper function for reading the next SEQUENCE out of a DER and creating a new
+ * DER out of the resulting bytes.
+ * @param {DER} der the underlying DER object
+ * @return {DER} the contents of the SEQUENCE
+ */
+function readSEQUENCEAndMakeDER(der) {
+  return new DER.DER(der.readTagAndGetContents(DER.SEQUENCE));
+}
+
+/**
+ * Helper function for reading the next item identified by tag out of a DER and
+ * creating a new DER out of the resulting bytes.
+ * @param {DER} der the underlying DER object
+ * @param {Number} tag the expected next tag in the DER
+ * @return {DER} the contents of the tag
+ */
+function readTagAndMakeDER(der, tag) {
+  return new DER.DER(der.readTagAndGetContents(tag));
+}
+
+// Certificate  ::=  SEQUENCE  {
+//      tbsCertificate       TBSCertificate,
+//      signatureAlgorithm   AlgorithmIdentifier,
+//      signatureValue       BIT STRING  }
+class Certificate extends DecodedDER {
+  constructor() {
+    super();
+    this._tbsCertificate = new TBSCertificate();
+    this._signatureAlgorithm = new AlgorithmIdentifier();
+    this._signatureValue = [];
+  }
+
+  get tbsCertificate() {
+    return this._tbsCertificate;
+  }
+
+  get signatureAlgorithm() {
+    return this._signatureAlgorithm;
+  }
+
+  get signatureValue() {
+    return this._signatureValue;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._tbsCertificate.parse(contents.readTLV());
+    this._signatureAlgorithm.parse(contents.readTLV());
+
+    let signatureValue = contents.readBIT_STRING();
+    if (signatureValue.unusedBits != 0) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    this._signatureValue = signatureValue.contents;
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// TBSCertificate  ::=  SEQUENCE  {
+//      version         [0]  EXPLICIT Version DEFAULT v1,
+//      serialNumber         CertificateSerialNumber,
+//      signature            AlgorithmIdentifier,
+//      issuer               Name,
+//      validity             Validity,
+//      subject              Name,
+//      subjectPublicKeyInfo SubjectPublicKeyInfo,
+//      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+//                           -- If present, version MUST be v2 or v3
+//      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+//                           -- If present, version MUST be v2 or v3
+//      extensions      [3]  EXPLICIT Extensions OPTIONAL
+//                           -- If present, version MUST be v3
+//      }
+class TBSCertificate extends DecodedDER {
+  constructor() {
+    super();
+    this._version = null;
+    this._serialNumber = [];
+    this._signature = new AlgorithmIdentifier();
+    this._issuer = new Name();
+    this._validity = new Validity();
+    this._subject = new Name();
+    this._subjectPublicKeyInfo = new SubjectPublicKeyInfo();
+    this._extensions = [];
+  }
+
+  get version() {
+    return this._version;
+  }
+
+  get serialNumber() {
+    return this._serialNumber;
+  }
+
+  get signature() {
+    return this._signature;
+  }
+
+  get issuer() {
+    return this._issuer;
+  }
+
+  get validity() {
+    return this._validity;
+  }
+
+  get subject() {
+    return this._subject;
+  }
+
+  get subjectPublicKeyInfo() {
+    return this._subjectPublicKeyInfo;
+  }
+
+  get extensions() {
+    return this._extensions;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+
+    let versionTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 0;
+    if (!contents.peekTag(versionTag)) {
+      this._version = 1;
+    } else {
+      let versionContents = readTagAndMakeDER(contents, versionTag);
+      let versionBytes = versionContents.readTagAndGetContents(DER.INTEGER);
+      if (versionBytes.length == 1 && versionBytes[0] == X509v3) {
+        this._version = 3;
+      } else {
+        // Lint TODO: warn about non-v3 certificates (this INTEGER could take up
+        // multiple bytes, be negative, and so on).
+        this._version = versionBytes;
+      }
+      versionContents.assertAtEnd();
+    }
+
+    let serialNumberBytes = contents.readTagAndGetContents(DER.INTEGER);
+    this._serialNumber = serialNumberBytes;
+    this._signature.parse(contents.readTLV());
+    this._issuer.parse(contents.readTLV());
+    this._validity.parse(contents.readTLV());
+    this._subject.parse(contents.readTLV());
+    this._subjectPublicKeyInfo.parse(contents.readTLV());
+
+    // Lint TODO: warn about unsupported features
+    let issuerUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 1;
+    if (contents.peekTag(issuerUniqueIDTag)) {
+      contents.readTagAndGetContents(issuerUniqueIDTag);
+    }
+    let subjectUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 2;
+    if (contents.peekTag(subjectUniqueIDTag)) {
+      contents.readTagAndGetContents(subjectUniqueIDTag);
+    }
+
+    let extensionsTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 3;
+    if (contents.peekTag(extensionsTag)) {
+      let extensionsSequence = readTagAndMakeDER(contents, extensionsTag);
+      let extensionsContents = readSEQUENCEAndMakeDER(extensionsSequence);
+      while (!extensionsContents.atEnd()) {
+        // TODO: parse extensions
+        this._extensions.push(extensionsContents.readTLV());
+      }
+      extensionsContents.assertAtEnd();
+      extensionsSequence.assertAtEnd();
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// AlgorithmIdentifier  ::=  SEQUENCE  {
+//      algorithm               OBJECT IDENTIFIER,
+//      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+class AlgorithmIdentifier extends DecodedDER {
+  constructor() {
+    super();
+    this._algorithm = null;
+    this._parameters = null;
+  }
+
+  get algorithm() {
+    return this._algorithm;
+  }
+
+  get parameters() {
+    return this._parameters;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._algorithm = readOID(contents);
+    if (!contents.atEnd()) {
+      if (contents.peekTag(DER.NULL)) {
+        this._parameters = readNULL(contents);
+      } else if (contents.peekTag(DER.OBJECT_IDENTIFIER)) {
+        this._parameters = readOID(contents);
+      }
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// Name ::= CHOICE { -- only one possibility for now --
+//   rdnSequence  RDNSequence }
+//
+// RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+class Name extends DecodedDER {
+  constructor() {
+    super();
+    this._rdns = [];
+  }
+
+  get rdns() {
+    return this._rdns;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    while (!contents.atEnd()) {
+      let rdn = new RelativeDistinguishedName();
+      rdn.parse(contents.readTLV());
+      this._rdns.push(rdn);
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// RelativeDistinguishedName ::=
+//   SET SIZE (1..MAX) OF AttributeTypeAndValue
+class RelativeDistinguishedName extends DecodedDER {
+  constructor() {
+    super();
+    this._avas = [];
+  }
+
+  get avas() {
+    return this._avas;
+  }
+
+  parseOverride() {
+    let contents = readTagAndMakeDER(this._der, DER.SET);
+    // Lint TODO: enforce SET SIZE restrictions
+    while (!contents.atEnd()) {
+      let ava = new AttributeTypeAndValue();
+      ava.parse(contents.readTLV());
+      this._avas.push(ava);
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// AttributeTypeAndValue ::= SEQUENCE {
+//   type     AttributeType,
+//   value    AttributeValue }
+//
+// AttributeType ::= OBJECT IDENTIFIER
+//
+// AttributeValue ::= ANY -- DEFINED BY AttributeType
+class AttributeTypeAndValue extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._value = new DirectoryString();
+  }
+
+  get type() {
+    return this._type;
+  }
+
+  get value() {
+    return this._value;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._type = readOID(contents);
+    // We don't support universalString or bmpString.
+    // IA5String is supported because it is valid if `type == id-emailaddress`.
+    // Lint TODO: validate that the type of string is valid given `type`.
+    this._value.parse(contents.readTLVChoice([ DER.UTF8String,
+                                               DER.PrintableString,
+                                               DER.TeletexString,
+                                               DER.IA5String ]));
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// DirectoryString ::= CHOICE {
+//       teletexString           TeletexString (SIZE (1..MAX)),
+//       printableString         PrintableString (SIZE (1..MAX)),
+//       universalString         UniversalString (SIZE (1..MAX)),
+//       utf8String              UTF8String (SIZE (1..MAX)),
+//       bmpString               BMPString (SIZE (1..MAX)) }
+class DirectoryString extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._value = null;
+  }
+
+  get type() {
+    return this._type;
+  }
+
+  get value() {
+    return this._value;
+  }
+
+  parseOverride() {
+    if (this._der.peekTag(DER.UTF8String)) {
+      this._type = DER.UTF8String;
+    } else if (this._der.peekTag(DER.PrintableString)) {
+      this._type = DER.PrintableString;
+    } else if (this._der.peekTag(DER.TeletexString)) {
+      this._type = DER.TeletexString;
+    } else if (this._der.peekTag(DER.IA5String)) {
+      this._type = DER.IA5String;
+    }
+    // Lint TODO: validate that the contents are actually valid for the type
+    this._value = this._der.readTagAndGetContents(this._type);
+    this._der.assertAtEnd();
+  }
+}
+
+// Time ::= CHOICE {
+//      utcTime        UTCTime,
+//      generalTime    GeneralizedTime }
+class Time extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._time = null;
+  }
+
+  get time() {
+    return this._time;
+  }
+
+  parseOverride() {
+    if (this._der.peekTag(DER.UTCTime)) {
+      this._type = DER.UTCTime;
+    } else if (this._der.peekTag(DER.GeneralizedTime)) {
+      this._type = DER.GeneralizedTime;
+    }
+    let contents = readTagAndMakeDER(this._der, this._type);
+    let year;
+    // Lint TODO: validate that the appropriate one of {UTCTime,GeneralizedTime}
+    // is used according to RFC 5280 and what the value of the date is.
+    // TODO TODO: explain this better (just quote the rfc).
+    if (this._type == DER.UTCTime) {
+      // UTCTime is YYMMDDHHMMSSZ in RFC 5280. If YY is greater than or equal
+      // to 50, the year is 19YY. Otherwise, it is 20YY.
+      let y1 = this._validateDigit(contents.readByte());
+      let y2 = this._validateDigit(contents.readByte());
+      let yy = y1 * 10 + y2;
+      if (yy >= 50) {
+        year = 1900 + yy;
+      } else {
+        year = 2000 + yy;
+      }
+    } else {
+      // GeneralizedTime is YYYYMMDDHHMMSSZ in RFC 5280.
+      year = 0;
+      for (let i = 0; i < 4; i++) {
+        let y = this._validateDigit(contents.readByte());
+        year = year * 10 + y;
+      }
+    }
+
+    let m1 = this._validateDigit(contents.readByte());
+    let m2 = this._validateDigit(contents.readByte());
+    let month = m1 * 10 + m2;
+    if (month == 0 || month > 12) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let d1 = this._validateDigit(contents.readByte());
+    let d2 = this._validateDigit(contents.readByte());
+    let day = d1 * 10 + d2;
+    if (day == 0 || day > 31) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let h1 = this._validateDigit(contents.readByte());
+    let h2 = this._validateDigit(contents.readByte());
+    let hour = h1 * 10 + h2;
+    if (hour > 23) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let min1 = this._validateDigit(contents.readByte());
+    let min2 = this._validateDigit(contents.readByte());
+    let minute = min1 * 10 + min2;
+    if (minute > 59) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let s1 = this._validateDigit(contents.readByte());
+    let s2 = this._validateDigit(contents.readByte());
+    let second = s1 * 10 + s2;
+    if (second > 60) { // leap-seconds mean this can be as much as 60
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let z = contents.readByte();
+    if (z != "Z".charCodeAt(0)) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+    // Lint TODO: verify that the Time doesn't specify a nonsensical
+    // month/day/etc.
+    // months are zero-indexed in JS
+    this._time = new Date(Date.UTC(year, month - 1, day, hour, minute,
+                                   second));
+
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+
+  /**
+   * Takes a byte that is supposed to be in the ASCII range for "0" to "9".
+   * Validates the range and then converts it to the range 0 to 9.
+   * @param {Number} the digit in question (as ASCII in the range ["0", "9"])
+   * @return {Number} the numerical value of the digit (in the range [0, 9])
+   */
+  _validateDigit(d) {
+    if (d < "0".charCodeAt(0) || d > "9".charCodeAt(0)) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+    return d - "0".charCodeAt(0);
+  }
+}
+
+// Validity ::= SEQUENCE {
+//      notBefore      Time,
+//      notAfter       Time }
+class Validity extends DecodedDER {
+  constructor() {
+    super();
+    this._notBefore = new Time();
+    this._notAfter = new Time();
+  }
+
+  get notBefore() {
+    return this._notBefore;
+  }
+
+  get notAfter() {
+    return this._notAfter;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._notBefore.parse(contents.readTLVChoice(
+      [DER.UTCTime, DER.GeneralizedTime]));
+    this._notAfter.parse(contents.readTLVChoice(
+      [DER.UTCTime, DER.GeneralizedTime]));
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// SubjectPublicKeyInfo  ::=  SEQUENCE  {
+//      algorithm            AlgorithmIdentifier,
+//      subjectPublicKey     BIT STRING  }
+class SubjectPublicKeyInfo extends DecodedDER {
+  constructor() {
+    super();
+    this._algorithm = new AlgorithmIdentifier();
+    this._subjectPublicKey = null;
+  }
+
+  get algorithm() {
+    return this._algorithm;
+  }
+
+  get subjectPublicKey() {
+    return this._subjectPublicKey;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._algorithm.parse(contents.readTLV());
+    let subjectPublicKeyBitString = contents.readBIT_STRING();
+    if (subjectPublicKeyBitString.unusedBits != 0) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    this._subjectPublicKey = subjectPublicKeyBitString.contents;
+
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+this.X509 = { Certificate };
+this.EXPORTED_SYMBOLS = ["X509"];
diff --git a/security/manager/ssl/crashtests/398665-1.html b/security/manager/ssl/crashtests/398665-1.html
new file mode 100644
index 000000000..85afb1137
--- /dev/null
+++ b/security/manager/ssl/crashtests/398665-1.html
@@ -0,0 +1 @@
+<html><body><keygen></keygen></body></html>
diff --git a/security/manager/ssl/crashtests/crashtests.list b/security/manager/ssl/crashtests/crashtests.list
new file mode 100644
index 000000000..fbc5b8504
--- /dev/null
+++ b/security/manager/ssl/crashtests/crashtests.list
@@ -0,0 +1 @@
+load 398665-1.html
diff --git a/security/manager/ssl/md4.c b/security/manager/ssl/md4.c
new file mode 100644
index 000000000..696865de3
--- /dev/null
+++ b/security/manager/ssl/md4.c
@@ -0,0 +1,145 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * "clean room" MD4 implementation (see RFC 1320)
+ */
+
+#include <string.h>
+#include "md4.h"
+
+/* the "conditional" function */
+#define F(x,y,z) (((x) & (y)) | (~(x) & (z)))
+
+/* the "majority" function */
+#define G(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+
+/* the "parity" function */
+#define H(x,y,z) ((x) ^ (y) ^ (z))
+
+/* rotate n-bits to the left */
+#define ROTL(x,n) (((x) << (n)) | ((x) >> (0x20 - n)))
+
+/* round 1: [abcd k s]: a = (a + F(b,c,d) + X[k]) <<< s */
+#define RD1(a,b,c,d,k,s) a += F(b,c,d) + X[k]; a = ROTL(a,s)
+
+/* round 2: [abcd k s]: a = (a + G(b,c,d) + X[k] + MAGIC) <<< s */
+#define RD2(a,b,c,d,k,s) a += G(b,c,d) + X[k] + 0x5A827999; a = ROTL(a,s)
+
+/* round 3: [abcd k s]: a = (a + H(b,c,d) + X[k] + MAGIC) <<< s */
+#define RD3(a,b,c,d,k,s) a += H(b,c,d) + X[k] + 0x6ED9EBA1; a = ROTL(a,s)
+
+/* converts from word array to byte array, len is number of bytes */
+static void w2b(uint8_t *out, const uint32_t *in, uint32_t len)
+{
+  uint8_t *bp; const uint32_t *wp, *wpend;
+
+  bp = out;
+  wp = in;
+  wpend = wp + (len >> 2);
+
+  for (; wp != wpend; ++wp, bp += 4)
+  {
+    bp[0] = (uint8_t) ((*wp      ) & 0xFF);
+    bp[1] = (uint8_t) ((*wp >>  8) & 0xFF);
+    bp[2] = (uint8_t) ((*wp >> 16) & 0xFF);
+    bp[3] = (uint8_t) ((*wp >> 24) & 0xFF);
+  }
+}
+
+/* converts from byte array to word array, len is number of bytes */
+static void b2w(uint32_t *out, const uint8_t *in, uint32_t len)
+{
+  uint32_t *wp; const uint8_t *bp, *bpend;
+
+  wp = out;
+  bp = in;
+  bpend = in + len;
+
+  for (; bp != bpend; bp += 4, ++wp)
+  {
+    *wp = (uint32_t) (bp[0]      ) |
+          (uint32_t) (bp[1] <<  8) |
+          (uint32_t) (bp[2] << 16) |
+          (uint32_t) (bp[3] << 24);
+  }
+}
+
+/* update state: data is 64 bytes in length */
+static void md4step(uint32_t state[4], const uint8_t *data)
+{
+  uint32_t A, B, C, D, X[16];
+
+  b2w(X, data, 64);
+
+  A = state[0];
+  B = state[1];
+  C = state[2];
+  D = state[3];
+
+  RD1(A,B,C,D, 0,3); RD1(D,A,B,C, 1,7); RD1(C,D,A,B, 2,11); RD1(B,C,D,A, 3,19);
+  RD1(A,B,C,D, 4,3); RD1(D,A,B,C, 5,7); RD1(C,D,A,B, 6,11); RD1(B,C,D,A, 7,19);
+  RD1(A,B,C,D, 8,3); RD1(D,A,B,C, 9,7); RD1(C,D,A,B,10,11); RD1(B,C,D,A,11,19);
+  RD1(A,B,C,D,12,3); RD1(D,A,B,C,13,7); RD1(C,D,A,B,14,11); RD1(B,C,D,A,15,19);
+
+  RD2(A,B,C,D, 0,3); RD2(D,A,B,C, 4,5); RD2(C,D,A,B, 8, 9); RD2(B,C,D,A,12,13);
+  RD2(A,B,C,D, 1,3); RD2(D,A,B,C, 5,5); RD2(C,D,A,B, 9, 9); RD2(B,C,D,A,13,13);
+  RD2(A,B,C,D, 2,3); RD2(D,A,B,C, 6,5); RD2(C,D,A,B,10, 9); RD2(B,C,D,A,14,13);
+  RD2(A,B,C,D, 3,3); RD2(D,A,B,C, 7,5); RD2(C,D,A,B,11, 9); RD2(B,C,D,A,15,13);
+
+  RD3(A,B,C,D, 0,3); RD3(D,A,B,C, 8,9); RD3(C,D,A,B, 4,11); RD3(B,C,D,A,12,15);
+  RD3(A,B,C,D, 2,3); RD3(D,A,B,C,10,9); RD3(C,D,A,B, 6,11); RD3(B,C,D,A,14,15);
+  RD3(A,B,C,D, 1,3); RD3(D,A,B,C, 9,9); RD3(C,D,A,B, 5,11); RD3(B,C,D,A,13,15);
+  RD3(A,B,C,D, 3,3); RD3(D,A,B,C,11,9); RD3(C,D,A,B, 7,11); RD3(B,C,D,A,15,15);
+
+  state[0] += A;
+  state[1] += B;
+  state[2] += C;
+  state[3] += D;
+}
+
+void md4sum(const uint8_t *input, uint32_t inputLen, uint8_t *result)
+{
+  uint8_t final[128];
+  uint32_t i, n, m, state[4];
+  uint64_t inputLenBits;
+  uint32_t inputLenBitsLow;
+  uint32_t inputLenBitsHigh;
+
+  /* magic initial states */
+  state[0] = 0x67452301;
+  state[1] = 0xEFCDAB89;
+  state[2] = 0x98BADCFE;
+  state[3] = 0x10325476;
+
+  /* compute number of complete 64-byte segments contained in input */
+  m = inputLen >> 6;
+
+  /* digest first m segments */
+  for (i=0; i<m; ++i)
+    md4step(state, (input + (i << 6)));
+
+  /* build final buffer */
+  n = inputLen % 64;
+  memcpy(final, input + (m << 6), n);
+  final[n] = 0x80;
+  memset(final + n + 1, 0, 120 - (n + 1));
+
+  /* Append the original input length in bits as a 64-bit number. This is done
+   * in two 32-bit chunks, with the least-significant 32 bits first.
+   * w2b will handle endianness. */
+  inputLenBits = inputLen << 3;
+  inputLenBitsLow = (uint32_t)(inputLenBits & 0xFFFFFFFF);
+  w2b(final + (n >= 56 ? 120 : 56), &inputLenBitsLow, 4);
+  inputLenBitsHigh = (uint32_t)((inputLenBits >> 32) & 0xFFFFFFFF);
+  w2b(final + (n >= 56 ? 124 : 60), &inputLenBitsHigh, 4);
+
+  md4step(state, final);
+  if (n >= 56)
+    md4step(state, final + 64);
+
+  /* copy state to result */
+  w2b(result, state, 16);
+}
diff --git a/security/manager/ssl/md4.h b/security/manager/ssl/md4.h
new file mode 100644
index 000000000..4107aed40
--- /dev/null
+++ b/security/manager/ssl/md4.h
@@ -0,0 +1,38 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef md4_h__
+#define md4_h__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+/**
+ * md4sum - computes the MD4 sum over the input buffer per RFC 1320
+ *
+ * @param input
+ *        buffer containing input data
+ * @param inputLen
+ *        length of input buffer (number of bytes)
+ * @param result
+ *        16-byte buffer that will contain the MD4 sum upon return
+ *
+ * NOTE: MD4 is superceded by MD5.  do not use MD4 unless required by the
+ * protocol you are implementing (e.g., NTLM requires MD4).
+ *
+ * NOTE: this interface is designed for relatively small buffers.  A streaming
+ * interface would make more sense if that were a requirement.  Currently, this
+ * is good enough for the applications we care about.
+ */
+void md4sum(const uint8_t *input, uint32_t inputLen, uint8_t *result);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* md4_h__ */
diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build
new file mode 100644
index 000000000..19e1b4f4b
--- /dev/null
+++ b/security/manager/ssl/moz.build
@@ -0,0 +1,194 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TEST_DIRS += [ 'tests' ]
+
+XPIDL_SOURCES += [
+    'nsIASN1Object.idl',
+    'nsIASN1PrintableItem.idl',
+    'nsIASN1Sequence.idl',
+    'nsIAssociatedContentSecurity.idl',
+    'nsIBadCertListener2.idl',
+    'nsICertBlocklist.idl',
+    'nsICertificateDialogs.idl',
+    'nsICertOverrideService.idl',
+    'nsIClientAuthDialogs.idl',
+    'nsIContentSignatureVerifier.idl',
+    'nsIDataSignatureVerifier.idl',
+    'nsIGenKeypairInfoDlg.idl',
+    'nsIKeygenThread.idl',
+    'nsIKeyModule.idl',
+    'nsILocalCertService.idl',
+    'nsINSSU2FToken.idl',
+    'nsINSSVersion.idl',
+    'nsIPK11Token.idl',
+    'nsIPK11TokenDB.idl',
+    'nsIPKCS11.idl',
+    'nsIPKCS11Module.idl',
+    'nsIPKCS11ModuleDB.idl',
+    'nsIPKCS11Slot.idl',
+    'nsIProtectedAuthThread.idl',
+    'nsISecretDecoderRing.idl',
+    'nsISecurityUITelemetry.idl',
+    'nsISiteSecurityService.idl',
+    'nsISSLStatus.idl',
+    'nsISSLStatusProvider.idl',
+    'nsITokenDialogs.idl',
+    'nsITokenPasswordDialogs.idl',
+    'nsIU2FToken.idl',
+    'nsIWeakCryptoOverride.idl',
+    'nsIX509Cert.idl',
+    'nsIX509CertDB.idl',
+    'nsIX509CertList.idl',
+    'nsIX509CertValidity.idl',
+]
+
+if CONFIG['MOZ_XUL']:
+    XPIDL_SOURCES += [
+        'nsICertTree.idl',
+    ]
+
+XPIDL_MODULE = 'pipnss'
+
+EXTRA_JS_MODULES.psm += [
+    'DER.jsm',
+    'X509.jsm',
+]
+
+EXPORTS += [
+    'CryptoTask.h',
+    'nsClientAuthRemember.h',
+    'nsCrypto.h',
+    'nsNSSCallbacks.h',
+    'nsNSSCertificate.h',
+    'nsNSSComponent.h',
+    'nsNSSHelper.h',
+    'nsNSSShutDown.h',
+    'nsNSSU2FToken.h',
+    'nsRandomGenerator.h',
+    'nsSecurityHeaderParser.h',
+    'NSSErrorsService.h',
+    'ScopedNSSTypes.h',
+    'SharedCertVerifier.h',
+]
+
+EXPORTS.mozilla += [
+    'DataStorage.h',
+    'PublicSSL.h',
+]
+
+EXPORTS.mozilla.psm += [
+    'PSMContentListener.h',
+]
+
+EXPORTS.ipc += [
+    'DataStorageIPCUtils.h',
+]
+
+UNIFIED_SOURCES += [
+    'CertBlocklist.cpp',
+    'ContentSignatureVerifier.cpp',
+    'CryptoTask.cpp',
+    'CSTrustDomain.cpp',
+    'DataStorage.cpp',
+    'LocalCertService.cpp',
+    'nsCertOverrideService.cpp',
+    'nsClientAuthRemember.cpp',
+    'nsCrypto.cpp',
+    'nsCryptoHash.cpp',
+    'nsDataSignatureVerifier.cpp',
+    'nsKeygenHandler.cpp',
+    'nsKeygenHandlerContent.cpp',
+    'nsKeygenThread.cpp',
+    'nsKeyModule.cpp',
+    'nsNSSASN1Object.cpp',
+    'nsNSSCallbacks.cpp',
+    'nsNSSCertHelper.cpp',
+    'nsNSSCertificate.cpp',
+    'nsNSSCertificateDB.cpp',
+    'nsNSSCertificateFakeTransport.cpp',
+    'nsNSSCertTrust.cpp',
+    'nsNSSCertValidity.cpp',
+    'nsNSSComponent.cpp',
+    'nsNSSErrors.cpp',
+    'nsNSSIOLayer.cpp',
+    'nsNSSModule.cpp',
+    'nsNSSShutDown.cpp',
+    'nsNSSU2FToken.cpp',
+    'nsNSSVersion.cpp',
+    'nsNTLMAuthModule.cpp',
+    'nsPK11TokenDB.cpp',
+    'nsPKCS11Slot.cpp',
+    'nsPKCS12Blob.cpp',
+    'nsProtectedAuthThread.cpp',
+    'nsRandomGenerator.cpp',
+    'nsSecureBrowserUIImpl.cpp',
+    'nsSecurityHeaderParser.cpp',
+    'NSSErrorsService.cpp',
+    'nsSiteSecurityService.cpp',
+    'nsSSLSocketProvider.cpp',
+    'nsSSLStatus.cpp',
+    'nsTLSSocketProvider.cpp',
+    'PSMContentListener.cpp',
+    'PSMRunnable.cpp',
+    'PublicKeyPinningService.cpp',
+    'RootCertificateTelemetryUtils.cpp',
+    'SecretDecoderRing.cpp',
+    'SharedSSLState.cpp',
+    'SSLServerCertVerification.cpp',
+    'TransportSecurityInfo.cpp',
+    'WeakCryptoOverride.cpp',
+]
+
+IPDL_SOURCES += [
+    'PPSMContentDownloader.ipdl',
+]
+
+if not CONFIG['MOZ_NO_SMART_CARDS']:
+    UNIFIED_SOURCES += [
+        'nsSmartCardMonitor.cpp',
+    ]
+
+if CONFIG['MOZ_XUL']:
+    UNIFIED_SOURCES += [
+        'nsCertTree.cpp',
+    ]
+
+UNIFIED_SOURCES += [
+    'md4.c',
+]
+
+FINAL_LIBRARY = 'xul'
+
+LOCAL_INCLUDES += [
+    '/dom/base',
+    '/dom/crypto',
+    '/security/certverifier',
+    '/security/pkix/include',
+]
+
+LOCAL_INCLUDES += [
+    '!/dist/public/nss',
+]
+
+if CONFIG['NSS_DISABLE_DBM']:
+    DEFINES['NSS_DISABLE_DBM'] = '1'
+
+DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True'
+DEFINES['NSS_ENABLE_ECC'] = 'True'
+for var in ('DLL_PREFIX', 'DLL_SUFFIX'):
+    DEFINES[var] = '"%s"' % CONFIG[var]
+
+DEFINES['CERT_AddTempCertToPerm'] = '__CERT_AddTempCertToPerm'
+
+USE_LIBS += [
+    'crmf',
+]
+
+include('/ipc/chromium/chromium-config.mozbuild')
+
+if CONFIG['GNU_CXX']:
+    CXXFLAGS += ['-Wno-error=shadow']
diff --git a/security/manager/ssl/nsCertOverrideService.cpp b/security/manager/ssl/nsCertOverrideService.cpp
new file mode 100644
index 000000000..6582eda03
--- /dev/null
+++ b/security/manager/ssl/nsCertOverrideService.cpp
@@ -0,0 +1,705 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCertOverrideService.h"
+
+#include "NSSCertDBTrustDomain.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "mozilla/Telemetry.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRT.h"
+#include "nsILineInputStream.h"
+#include "nsIObserver.h"
+#include "nsIObserverService.h"
+#include "nsIOutputStream.h"
+#include "nsISafeOutputStream.h"
+#include "nsIX509Cert.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNetUtil.h"
+#include "nsPromiseFlatString.h"
+#include "nsStreamUtils.h"
+#include "nsStringBuffer.h"
+#include "nsThreadUtils.h"
+#include "ssl.h" // For SSL_ClearSessionCache
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+#define CERT_OVERRIDE_FILE_NAME "cert_override.txt"
+
+void
+nsCertOverride::convertBitsToString(OverrideBits ob, nsACString &str)
+{
+  str.Truncate();
+
+  if (ob & ob_Mismatch)
+    str.Append('M');
+
+  if (ob & ob_Untrusted)
+    str.Append('U');
+
+  if (ob & ob_Time_error)
+    str.Append('T');
+}
+
+void
+nsCertOverride::convertStringToBits(const nsACString &str, OverrideBits &ob)
+{
+  const nsPromiseFlatCString &flat = PromiseFlatCString(str);
+  const char *walk = flat.get();
+
+  ob = ob_None;
+
+  for ( ; *walk; ++walk)
+  {
+    switch (*walk)
+    {
+      case 'm':
+      case 'M':
+        ob = (OverrideBits)(ob | ob_Mismatch);
+        break;
+
+      case 'u':
+      case 'U':
+        ob = (OverrideBits)(ob | ob_Untrusted);
+        break;
+
+      case 't':
+      case 'T':
+        ob = (OverrideBits)(ob | ob_Time_error);
+        break;
+
+      default:
+        break;
+    }
+  }
+}
+
+NS_IMPL_ISUPPORTS(nsCertOverrideService,
+                  nsICertOverrideService,
+                  nsIObserver,
+                  nsISupportsWeakReference)
+
+nsCertOverrideService::nsCertOverrideService()
+  : monitor("nsCertOverrideService.monitor")
+{
+}
+
+nsCertOverrideService::~nsCertOverrideService()
+{
+}
+
+nsresult
+nsCertOverrideService::Init()
+{
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("nsCertOverrideService initialized off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  // Note that the names of these variables would seem to indicate that at one
+  // point another hash algorithm was used and is still supported for backwards
+  // compatibility. This is not the case. It has always been SHA256.
+  mOidTagForStoringNewHashes = SEC_OID_SHA256;
+  mDottedOidForStoringNewHashes.Assign("OID.2.16.840.1.101.3.4.2.1");
+
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+
+  // If we cannot add ourselves as a profile change observer, then we will not
+  // attempt to read/write any settings file. Otherwise, we would end up
+  // reading/writing the wrong settings file after a profile change.
+  if (observerService) {
+    observerService->AddObserver(this, "profile-before-change", true);
+    observerService->AddObserver(this, "profile-do-change", true);
+    // simulate a profile change so we read the current profile's settings file
+    Observe(nullptr, "profile-do-change", nullptr);
+  }
+
+  SharedSSLState::NoteCertOverrideServiceInstantiated();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::Observe(nsISupports     *,
+                               const char      *aTopic,
+                               const char16_t *aData)
+{
+  // check the topic
+  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+    // The profile is about to change,
+    // or is going away because the application is shutting down.
+
+    RemoveAllFromMemory();
+  } else if (!nsCRT::strcmp(aTopic, "profile-do-change")) {
+    // The profile has already changed.
+    // Now read from the new profile location.
+    // we also need to update the cached file location
+
+    ReentrantMonitorAutoEnter lock(monitor);
+
+    nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, getter_AddRefs(mSettingsFile));
+    if (NS_SUCCEEDED(rv)) {
+      mSettingsFile->AppendNative(NS_LITERAL_CSTRING(CERT_OVERRIDE_FILE_NAME));
+    } else {
+      mSettingsFile = nullptr;
+    }
+    Read();
+    CountPermanentOverrideTelemetry();
+  }
+
+  return NS_OK;
+}
+
+void
+nsCertOverrideService::RemoveAllFromMemory()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  mSettingsTable.Clear();
+}
+
+void
+nsCertOverrideService::RemoveAllTemporaryOverrides()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    nsCertOverrideEntry *entry = iter.Get();
+    if (entry->mSettings.mIsTemporary) {
+      entry->mSettings.mCert = nullptr;
+      iter.Remove();
+    }
+  }
+  // no need to write, as temporaries are never written to disk
+}
+
+nsresult
+nsCertOverrideService::Read()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+
+  // If we don't have a profile, then we won't try to read any settings file.
+  if (!mSettingsFile)
+    return NS_OK;
+
+  nsresult rv;
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), mSettingsFile);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsILineInputStream> lineInputStream = do_QueryInterface(fileInputStream, &rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsAutoCString buffer;
+  bool isMore = true;
+  int32_t hostIndex = 0, algoIndex, fingerprintIndex, overrideBitsIndex, dbKeyIndex;
+
+  /* file format is:
+   *
+   * host:port \t fingerprint-algorithm \t fingerprint \t override-mask \t dbKey
+   *
+   *   where override-mask is a sequence of characters,
+   *     M meaning hostname-Mismatch-override
+   *     U meaning Untrusted-override
+   *     T meaning Time-error-override (expired/not yet valid)
+   *
+   * if this format isn't respected we move onto the next line in the file.
+   */
+
+  while (isMore && NS_SUCCEEDED(lineInputStream->ReadLine(buffer, &isMore))) {
+    if (buffer.IsEmpty() || buffer.First() == '#') {
+      continue;
+    }
+
+    // this is a cheap, cheesy way of parsing a tab-delimited line into
+    // string indexes, which can be lopped off into substrings. just for
+    // purposes of obfuscation, it also checks that each token was found.
+    // todo: use iterators?
+    if ((algoIndex         = buffer.FindChar('\t', hostIndex)         + 1) == 0 ||
+        (fingerprintIndex  = buffer.FindChar('\t', algoIndex)         + 1) == 0 ||
+        (overrideBitsIndex = buffer.FindChar('\t', fingerprintIndex)  + 1) == 0 ||
+        (dbKeyIndex        = buffer.FindChar('\t', overrideBitsIndex) + 1) == 0) {
+      continue;
+    }
+
+    const nsASingleFragmentCString &tmp = Substring(buffer, hostIndex, algoIndex - hostIndex - 1);
+    const nsASingleFragmentCString &algo_string = Substring(buffer, algoIndex, fingerprintIndex - algoIndex - 1);
+    const nsASingleFragmentCString &fingerprint = Substring(buffer, fingerprintIndex, overrideBitsIndex - fingerprintIndex - 1);
+    const nsASingleFragmentCString &bits_string = Substring(buffer, overrideBitsIndex, dbKeyIndex - overrideBitsIndex - 1);
+    const nsASingleFragmentCString &db_key = Substring(buffer, dbKeyIndex, buffer.Length() - dbKeyIndex);
+
+    nsAutoCString host(tmp);
+    nsCertOverride::OverrideBits bits;
+    nsCertOverride::convertStringToBits(bits_string, bits);
+
+    int32_t port;
+    int32_t portIndex = host.RFindChar(':');
+    if (portIndex == kNotFound)
+      continue; // Ignore broken entries
+
+    nsresult portParseError;
+    nsAutoCString portString(Substring(host, portIndex+1));
+    port = portString.ToInteger(&portParseError);
+    if (NS_FAILED(portParseError))
+      continue; // Ignore broken entries
+
+    host.Truncate(portIndex);
+
+    AddEntryToList(host, port,
+                   nullptr, // don't have the cert
+                   false, // not temporary
+                   algo_string, fingerprint, bits, db_key);
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsCertOverrideService::Write()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+
+  // If we don't have any profile, then we won't try to write any file
+  if (!mSettingsFile) {
+    return NS_OK;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIOutputStream> fileOutputStream;
+  rv = NS_NewSafeLocalFileOutputStream(getter_AddRefs(fileOutputStream),
+                                       mSettingsFile,
+                                       -1,
+                                       0600);
+  if (NS_FAILED(rv)) {
+    NS_ERROR("failed to open cert_warn_settings.txt for writing");
+    return rv;
+  }
+
+  // get a buffered output stream 4096 bytes big, to optimize writes
+  nsCOMPtr<nsIOutputStream> bufferedOutputStream;
+  rv = NS_NewBufferedOutputStream(getter_AddRefs(bufferedOutputStream), fileOutputStream, 4096);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  static const char kHeader[] =
+      "# PSM Certificate Override Settings file" NS_LINEBREAK
+      "# This is a generated file!  Do not edit." NS_LINEBREAK;
+
+  /* see ::Read for file format */
+
+  uint32_t unused;
+  bufferedOutputStream->Write(kHeader, sizeof(kHeader) - 1, &unused);
+
+  static const char kTab[] = "\t";
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    nsCertOverrideEntry *entry = iter.Get();
+
+    const nsCertOverride &settings = entry->mSettings;
+    if (settings.mIsTemporary) {
+      continue;
+    }
+
+    nsAutoCString bits_string;
+    nsCertOverride::convertBitsToString(settings.mOverrideBits, bits_string);
+
+    bufferedOutputStream->Write(entry->mHostWithPort.get(),
+                                entry->mHostWithPort.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(settings.mFingerprintAlgOID.get(),
+                                settings.mFingerprintAlgOID.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(settings.mFingerprint.get(),
+                                settings.mFingerprint.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(bits_string.get(),
+                                bits_string.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(settings.mDBKey.get(),
+                                settings.mDBKey.Length(), &unused);
+    bufferedOutputStream->Write(NS_LINEBREAK, NS_LINEBREAK_LEN, &unused);
+  }
+
+  // All went ok. Maybe except for problems in Write(), but the stream detects
+  // that for us
+  nsCOMPtr<nsISafeOutputStream> safeStream = do_QueryInterface(bufferedOutputStream);
+  NS_ASSERTION(safeStream, "expected a safe output stream!");
+  if (safeStream) {
+    rv = safeStream->Finish();
+    if (NS_FAILED(rv)) {
+      NS_WARNING("failed to save cert warn settings file! possible dataloss");
+      return rv;
+    }
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+GetCertFingerprintByOidTag(nsIX509Cert *aCert,
+                           SECOidTag aOidTag,
+                           nsCString &fp)
+{
+  UniqueCERTCertificate nsscert(aCert->GetCert());
+  if (!nsscert) {
+    return NS_ERROR_FAILURE;
+  }
+  return GetCertFingerprintByOidTag(nsscert.get(), aOidTag, fp);
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::RememberValidityOverride(const nsACString& aHostName,
+                                                int32_t aPort,
+                                                nsIX509Cert* aCert,
+                                                uint32_t aOverrideBits,
+                                                bool aTemporary)
+{
+  NS_ENSURE_ARG_POINTER(aCert);
+  if (aHostName.IsEmpty())
+    return NS_ERROR_INVALID_ARG;
+  if (aPort < -1)
+    return NS_ERROR_INVALID_ARG;
+
+  UniqueCERTCertificate nsscert(aCert->GetCert());
+  if (!nsscert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoCString nickname;
+  nsresult rv = DefaultServerNicknameForCert(nsscert.get(), nickname);
+  if (!aTemporary && NS_SUCCEEDED(rv)) {
+    UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+    if (!slot) {
+      return NS_ERROR_FAILURE;
+    }
+
+    SECStatus srv = PK11_ImportCert(slot.get(), nsscert.get(), CK_INVALID_HANDLE,
+                                    nickname.get(), false);
+    if (srv != SECSuccess) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  nsAutoCString fpStr;
+  rv = GetCertFingerprintByOidTag(nsscert.get(), mOidTagForStoringNewHashes,
+                                  fpStr);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nsAutoCString dbkey;
+  rv = aCert->GetDbKey(dbkey);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    AddEntryToList(aHostName, aPort,
+                   aTemporary ? aCert : nullptr,
+                     // keep a reference to the cert for temporary overrides
+                   aTemporary,
+                   mDottedOidForStoringNewHashes, fpStr,
+                   (nsCertOverride::OverrideBits)aOverrideBits,
+                   dbkey);
+    if (!aTemporary) {
+      Write();
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::RememberTemporaryValidityOverrideUsingFingerprint(
+  const nsACString& aHostName,
+  int32_t aPort,
+  const nsACString& aCertFingerprint,
+  uint32_t aOverrideBits)
+{
+  if(aCertFingerprint.IsEmpty() || aHostName.IsEmpty() || (aPort < -1)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  ReentrantMonitorAutoEnter lock(monitor);
+  AddEntryToList(aHostName, aPort,
+                 nullptr, // No cert to keep alive
+                 true, // temporary
+                 mDottedOidForStoringNewHashes,
+                 aCertFingerprint,
+                 (nsCertOverride::OverrideBits)aOverrideBits,
+                 EmptyCString());  // dbkey
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::HasMatchingOverride(const nsACString & aHostName, int32_t aPort,
+                                           nsIX509Cert *aCert,
+                                           uint32_t *aOverrideBits,
+                                           bool *aIsTemporary,
+                                           bool *_retval)
+{
+  if (aHostName.IsEmpty())
+    return NS_ERROR_INVALID_ARG;
+  if (aPort < -1)
+    return NS_ERROR_INVALID_ARG;
+
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aOverrideBits);
+  NS_ENSURE_ARG_POINTER(aIsTemporary);
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  *aOverrideBits = nsCertOverride::ob_None;
+
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+  nsCertOverride settings;
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsCertOverrideEntry *entry = mSettingsTable.GetEntry(hostPort.get());
+
+    if (!entry)
+      return NS_OK;
+
+    settings = entry->mSettings; // copy
+  }
+
+  *aOverrideBits = settings.mOverrideBits;
+  *aIsTemporary = settings.mIsTemporary;
+
+  nsAutoCString fpStr;
+  nsresult rv;
+
+  // This code was originally written in a way that suggested that other hash
+  // algorithms are supported for backwards compatibility. However, this was
+  // always unnecessary, because only SHA256 has ever been used here.
+  if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) {
+    rv = GetCertFingerprintByOidTag(aCert, mOidTagForStoringNewHashes, fpStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  *_retval = settings.mFingerprint.Equals(fpStr);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::GetValidityOverride(const nsACString & aHostName, int32_t aPort,
+                                           nsACString & aHashAlg,
+                                           nsACString & aFingerprint,
+                                           uint32_t *aOverrideBits,
+                                           bool *aIsTemporary,
+                                           bool *_found)
+{
+  NS_ENSURE_ARG_POINTER(_found);
+  NS_ENSURE_ARG_POINTER(aIsTemporary);
+  NS_ENSURE_ARG_POINTER(aOverrideBits);
+  *_found = false;
+  *aOverrideBits = nsCertOverride::ob_None;
+
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+  nsCertOverride settings;
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsCertOverrideEntry *entry = mSettingsTable.GetEntry(hostPort.get());
+
+    if (entry) {
+      *_found = true;
+      settings = entry->mSettings; // copy
+    }
+  }
+
+  if (*_found) {
+    *aOverrideBits = settings.mOverrideBits;
+    *aIsTemporary = settings.mIsTemporary;
+    aFingerprint = settings.mFingerprint;
+    aHashAlg = settings.mFingerprintAlgOID;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsCertOverrideService::AddEntryToList(const nsACString &aHostName, int32_t aPort,
+                                      nsIX509Cert *aCert,
+                                      const bool aIsTemporary,
+                                      const nsACString &fingerprintAlgOID,
+                                      const nsACString &fingerprint,
+                                      nsCertOverride::OverrideBits ob,
+                                      const nsACString &dbKey)
+{
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsCertOverrideEntry *entry = mSettingsTable.PutEntry(hostPort.get());
+
+    if (!entry) {
+      NS_ERROR("can't insert a null entry!");
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+
+    entry->mHostWithPort = hostPort;
+
+    nsCertOverride &settings = entry->mSettings;
+    settings.mAsciiHost = aHostName;
+    settings.mPort = aPort;
+    settings.mIsTemporary = aIsTemporary;
+    settings.mFingerprintAlgOID = fingerprintAlgOID;
+    settings.mFingerprint = fingerprint;
+    settings.mOverrideBits = ob;
+    settings.mDBKey = dbKey;
+    // remove whitespace from stored dbKey for backwards compatibility
+    settings.mDBKey.StripWhitespace();
+    settings.mCert = aCert;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::ClearValidityOverride(const nsACString & aHostName, int32_t aPort)
+{
+  if (aPort == 0 &&
+      aHostName.EqualsLiteral("all:temporary-certificates")) {
+    RemoveAllTemporaryOverrides();
+    return NS_OK;
+  }
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    mSettingsTable.RemoveEntry(hostPort.get());
+    Write();
+  }
+
+  if (EnsureNSSInitialized(nssEnsure)) {
+    SSL_ClearSessionCache();
+  } else {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return NS_OK;
+}
+
+void
+nsCertOverrideService::CountPermanentOverrideTelemetry()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  uint32_t overrideCount = 0;
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    if (!iter.Get()->mSettings.mIsTemporary) {
+      overrideCount++;
+    }
+  }
+  Telemetry::Accumulate(Telemetry::SSL_PERMANENT_CERT_ERROR_OVERRIDES,
+                        overrideCount);
+}
+
+static bool
+matchesDBKey(nsIX509Cert* cert, const nsCString& matchDbKey)
+{
+  nsAutoCString dbKey;
+  nsresult rv = cert->GetDbKey(dbKey);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+  return dbKey.Equals(matchDbKey);
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::IsCertUsedForOverrides(nsIX509Cert *aCert,
+                                              bool aCheckTemporaries,
+                                              bool aCheckPermanents,
+                                              uint32_t *_retval)
+{
+  NS_ENSURE_ARG(aCert);
+  NS_ENSURE_ARG(_retval);
+
+  uint32_t counter = 0;
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+      const nsCertOverride &settings = iter.Get()->mSettings;
+
+      if (( settings.mIsTemporary && !aCheckTemporaries) ||
+          (!settings.mIsTemporary && !aCheckPermanents)) {
+        continue;
+      }
+
+      if (matchesDBKey(aCert, settings.mDBKey)) {
+        nsAutoCString cert_fingerprint;
+        nsresult rv = NS_ERROR_UNEXPECTED;
+        if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) {
+          rv = GetCertFingerprintByOidTag(aCert,
+                 mOidTagForStoringNewHashes, cert_fingerprint);
+        }
+        if (NS_SUCCEEDED(rv) &&
+            settings.mFingerprint.Equals(cert_fingerprint)) {
+          counter++;
+        }
+      }
+    }
+  }
+  *_retval = counter;
+  return NS_OK;
+}
+
+nsresult
+nsCertOverrideService::EnumerateCertOverrides(nsIX509Cert *aCert,
+                         CertOverrideEnumerator aEnumerator,
+                         void *aUserData)
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    const nsCertOverride &settings = iter.Get()->mSettings;
+
+    if (!aCert) {
+      aEnumerator(settings, aUserData);
+    } else {
+      if (matchesDBKey(aCert, settings.mDBKey)) {
+        nsAutoCString cert_fingerprint;
+        nsresult rv = NS_ERROR_UNEXPECTED;
+        if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) {
+          rv = GetCertFingerprintByOidTag(aCert,
+                 mOidTagForStoringNewHashes, cert_fingerprint);
+        }
+        if (NS_SUCCEEDED(rv) &&
+            settings.mFingerprint.Equals(cert_fingerprint)) {
+          aEnumerator(settings, aUserData);
+        }
+      }
+    }
+  }
+  return NS_OK;
+}
+
+void
+nsCertOverrideService::GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval)
+{
+  nsAutoCString hostPort(aHostName);
+  if (aPort == -1) {
+    aPort = 443;
+  }
+  if (!hostPort.IsEmpty()) {
+    hostPort.Append(':');
+    hostPort.AppendInt(aPort);
+  }
+  _retval.Assign(hostPort);
+}
diff --git a/security/manager/ssl/nsCertOverrideService.h b/security/manager/ssl/nsCertOverrideService.h
new file mode 100644
index 000000000..bb410f8da
--- /dev/null
+++ b/security/manager/ssl/nsCertOverrideService.h
@@ -0,0 +1,187 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __NSCERTOVERRIDESERVICE_H__
+#define __NSCERTOVERRIDESERVICE_H__
+
+#include "mozilla/ReentrantMonitor.h"
+#include "nsICertOverrideService.h"
+#include "nsTHashtable.h"
+#include "nsIObserver.h"
+#include "nsString.h"
+#include "nsIFile.h"
+#include "secoidt.h"
+#include "nsWeakReference.h"
+#include "mozilla/Attributes.h"
+
+class nsCertOverride
+{
+public:
+
+  enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2,
+                      ob_Time_error=4 };
+
+  nsCertOverride()
+  :mPort(-1)
+  ,mOverrideBits(ob_None)
+  {
+  }
+
+  nsCertOverride(const nsCertOverride &other)
+  {
+    this->operator=(other);
+  }
+
+  nsCertOverride &operator=(const nsCertOverride &other)
+  {
+    mAsciiHost = other.mAsciiHost;
+    mPort = other.mPort;
+    mIsTemporary = other.mIsTemporary;
+    mFingerprintAlgOID = other.mFingerprintAlgOID;
+    mFingerprint = other.mFingerprint;
+    mOverrideBits = other.mOverrideBits;
+    mDBKey = other.mDBKey;
+    mCert = other.mCert;
+    return *this;
+  }
+
+  nsCString mAsciiHost;
+  int32_t mPort;
+  bool mIsTemporary; // true: session only, false: stored on disk
+  nsCString mFingerprint;
+  nsCString mFingerprintAlgOID;
+  OverrideBits mOverrideBits;
+  nsCString mDBKey;
+  nsCOMPtr <nsIX509Cert> mCert;
+
+  static void convertBitsToString(OverrideBits ob, nsACString &str);
+  static void convertStringToBits(const nsACString &str, OverrideBits &ob);
+};
+
+
+// hash entry class
+class nsCertOverrideEntry final : public PLDHashEntryHdr
+{
+  public:
+    // Hash methods
+    typedef const char* KeyType;
+    typedef const char* KeyTypePointer;
+
+    // do nothing with aHost - we require mHead to be set before we're live!
+    explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)
+    {
+    }
+
+    nsCertOverrideEntry(const nsCertOverrideEntry& toCopy)
+    {
+      mSettings = toCopy.mSettings;
+      mHostWithPort = toCopy.mHostWithPort;
+    }
+
+    ~nsCertOverrideEntry()
+    {
+    }
+
+    KeyType GetKey() const
+    {
+      return HostWithPortPtr();
+    }
+
+    KeyTypePointer GetKeyPointer() const
+    {
+      return HostWithPortPtr();
+    }
+
+    bool KeyEquals(KeyTypePointer aKey) const
+    {
+      return !strcmp(HostWithPortPtr(), aKey);
+    }
+
+    static KeyTypePointer KeyToPointer(KeyType aKey)
+    {
+      return aKey;
+    }
+
+    static PLDHashNumber HashKey(KeyTypePointer aKey)
+    {
+      return PLDHashTable::HashStringKey(aKey);
+    }
+
+    enum { ALLOW_MEMMOVE = false };
+
+    // get methods
+    inline const nsCString &HostWithPort() const { return mHostWithPort; }
+
+    inline KeyTypePointer HostWithPortPtr() const
+    {
+      return mHostWithPort.get();
+    }
+
+    nsCertOverride mSettings;
+    nsCString mHostWithPort;
+};
+
+class nsCertOverrideService final : public nsICertOverrideService
+                                  , public nsIObserver
+                                  , public nsSupportsWeakReference
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTOVERRIDESERVICE
+  NS_DECL_NSIOBSERVER
+
+  nsCertOverrideService();
+
+  nsresult Init();
+  void RemoveAllTemporaryOverrides();
+
+  typedef void 
+  (*CertOverrideEnumerator)(const nsCertOverride &aSettings,
+                            void *aUserData);
+
+  // aCert == null: return all overrides
+  // aCert != null: return overrides that match the given cert
+  nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
+                                  CertOverrideEnumerator enumerator,
+                                  void *aUserData);
+
+    // Concates host name and the port number. If the port number is -1 then
+    // port 443 is automatically used. This method ensures there is always a port
+    // number separated with colon.
+    static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);
+
+protected:
+    ~nsCertOverrideService();
+
+    mozilla::ReentrantMonitor monitor;
+    nsCOMPtr<nsIFile> mSettingsFile;
+    nsTHashtable<nsCertOverrideEntry> mSettingsTable;
+
+    SECOidTag mOidTagForStoringNewHashes;
+    nsCString mDottedOidForStoringNewHashes;
+
+    void CountPermanentOverrideTelemetry();
+
+    void RemoveAllFromMemory();
+    nsresult Read();
+    nsresult Write();
+    nsresult AddEntryToList(const nsACString &host, int32_t port,
+                            nsIX509Cert *aCert,
+                            const bool aIsTemporary,
+                            const nsACString &algo_oid, 
+                            const nsACString &fingerprint,
+                            nsCertOverride::OverrideBits ob,
+                            const nsACString &dbKey);
+};
+
+#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
+    0x67ba681d,                                                        \
+    0x5485,                                                            \
+    0x4fff,                                                            \
+    {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6}                   \
+  }
+
+#endif
diff --git a/security/manager/ssl/nsCertTree.cpp b/security/manager/ssl/nsCertTree.cpp
new file mode 100644
index 000000000..1ad4e296b
--- /dev/null
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -0,0 +1,1451 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCertTree.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Logging.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsHashKeys.h"
+#include "nsISupportsPrimitives.h"
+#include "nsITreeColumns.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertValidity.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
+#include "nsNSSHelper.h"
+#include "nsReadableUtils.h"
+#include "nsTHashtable.h"
+#include "nsUnicharUtils.h"
+#include "nsXPCOMCID.h"
+#include "nsXPIDLString.h"
+#include "pkix/pkixtypes.h"
+
+using namespace mozilla;
+
+extern LazyLogModule gPIPNSSLog;
+
+static NS_DEFINE_CID(kCertOverrideCID, NS_CERTOVERRIDE_CID);
+
+// treeArrayElStr
+//
+// structure used to hold map of tree.  Each thread (an organization
+// field from a cert) has an element in the array.  The numChildren field
+// stores the number of certs corresponding to that thread.
+struct treeArrayElStr {
+  nsString   orgName;     /* heading for thread                   */
+  bool       open;        /* toggle open state for thread         */
+  int32_t    certIndex;   /* index into cert array for 1st cert   */
+  int32_t    numChildren; /* number of chidren (certs) for thread */
+};
+
+CompareCacheHashEntryPtr::CompareCacheHashEntryPtr()
+{
+  entry = new CompareCacheHashEntry;
+}
+
+CompareCacheHashEntryPtr::~CompareCacheHashEntryPtr()
+{
+  delete entry;
+}
+
+CompareCacheHashEntry::CompareCacheHashEntry()
+:key(nullptr)
+{
+  for (int i = 0; i < max_criterions; ++i) {
+    mCritInit[i] = false;
+  }
+}
+
+static bool
+CompareCacheMatchEntry(const PLDHashEntryHdr *hdr, const void *key)
+{
+  const CompareCacheHashEntryPtr *entryPtr = static_cast<const CompareCacheHashEntryPtr*>(hdr);
+  return entryPtr->entry->key == key;
+}
+
+static void
+CompareCacheInitEntry(PLDHashEntryHdr *hdr, const void *key)
+{
+  new (hdr) CompareCacheHashEntryPtr();
+  CompareCacheHashEntryPtr *entryPtr = static_cast<CompareCacheHashEntryPtr*>(hdr);
+  entryPtr->entry->key = (void*)key;
+}
+
+static void
+CompareCacheClearEntry(PLDHashTable *table, PLDHashEntryHdr *hdr)
+{
+  CompareCacheHashEntryPtr *entryPtr = static_cast<CompareCacheHashEntryPtr*>(hdr);
+  entryPtr->~CompareCacheHashEntryPtr();
+}
+
+static const PLDHashTableOps gMapOps = {
+  PLDHashTable::HashVoidPtrKeyStub,
+  CompareCacheMatchEntry,
+  PLDHashTable::MoveEntryStub,
+  CompareCacheClearEntry,
+  CompareCacheInitEntry
+};
+
+NS_IMPL_ISUPPORTS0(nsCertAddonInfo)
+NS_IMPL_ISUPPORTS(nsCertTreeDispInfo, nsICertTreeItem)
+
+nsCertTreeDispInfo::nsCertTreeDispInfo()
+:mAddonInfo(nullptr)
+,mTypeOfEntry(direct_db)
+,mPort(-1)
+,mOverrideBits(nsCertOverride::ob_None)
+,mIsTemporary(true)
+{
+}
+
+nsCertTreeDispInfo::nsCertTreeDispInfo(nsCertTreeDispInfo &other)
+{
+  mAddonInfo = other.mAddonInfo;
+  mTypeOfEntry = other.mTypeOfEntry;
+  mAsciiHost = other.mAsciiHost;
+  mPort = other.mPort;
+  mOverrideBits = other.mOverrideBits;
+  mIsTemporary = other.mIsTemporary;
+  mCert = other.mCert;
+}
+
+nsCertTreeDispInfo::~nsCertTreeDispInfo()
+{
+}
+
+NS_IMETHODIMP
+nsCertTreeDispInfo::GetCert(nsIX509Cert **_cert)
+{
+  NS_ENSURE_ARG(_cert);
+  if (mCert) {
+    // we may already have the cert for temporary overrides
+    *_cert = mCert;
+    NS_IF_ADDREF(*_cert);
+    return NS_OK;
+  }
+  if (mAddonInfo) {
+    *_cert = mAddonInfo->mCert.get();
+    NS_IF_ADDREF(*_cert);
+  }
+  else {
+    *_cert = nullptr;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTreeDispInfo::GetHostPort(nsAString &aHostPort)
+{
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(mAsciiHost, mPort, hostPort);
+  aHostPort = NS_ConvertUTF8toUTF16(hostPort);
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsCertTree, nsICertTree, nsITreeView)
+
+nsCertTree::nsCertTree()
+  : mTreeArray(nullptr)
+  , mCompareCache(&gMapOps, sizeof(CompareCacheHashEntryPtr),
+                  kInitialCacheLength)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  mNSSComponent = do_GetService(kNSSComponentCID);
+  mOverrideService = do_GetService("@mozilla.org/security/certoverride;1");
+  // Might be a different service if someone is overriding the contract
+  nsCOMPtr<nsICertOverrideService> origCertOverride =
+    do_GetService(kCertOverrideCID);
+  mOriginalOverrideService =
+    static_cast<nsCertOverrideService*>(origCertOverride.get());
+  mCellText = nullptr;
+}
+
+void nsCertTree::ClearCompareHash()
+{
+  mCompareCache.ClearAndPrepareForLength(kInitialCacheLength);
+}
+
+nsCertTree::~nsCertTree()
+{
+  delete [] mTreeArray;
+}
+
+void
+nsCertTree::FreeCertArray()
+{
+  mDispInfo.Clear();
+}
+
+CompareCacheHashEntry*
+nsCertTree::getCacheEntry(void* cache, void* aCert)
+{
+  PLDHashTable& aCompareCache = *static_cast<PLDHashTable*>(cache);
+  auto entryPtr = static_cast<CompareCacheHashEntryPtr*>
+                             (aCompareCache.Add(aCert, fallible));
+  return entryPtr ? entryPtr->entry : nullptr;
+}
+
+void nsCertTree::RemoveCacheEntry(void *key)
+{
+  mCompareCache.Remove(key);
+}
+
+// CountOrganizations
+//
+// Count the number of different organizations encountered in the cert
+// list.
+int32_t
+nsCertTree::CountOrganizations()
+{
+  uint32_t i, certCount;
+  certCount = mDispInfo.Length();
+  if (certCount == 0) return 0;
+  nsCOMPtr<nsIX509Cert> orgCert = nullptr;
+  nsCertAddonInfo *addonInfo = mDispInfo.ElementAt(0)->mAddonInfo;
+  if (addonInfo) {
+    orgCert = addonInfo->mCert;
+  }
+  nsCOMPtr<nsIX509Cert> nextCert = nullptr;
+  int32_t orgCount = 1;
+  for (i=1; i<certCount; i++) {
+    nextCert = nullptr;
+    addonInfo = mDispInfo.SafeElementAt(i, nullptr)->mAddonInfo;
+    if (addonInfo) {
+      nextCert = addonInfo->mCert;
+    }
+    // XXX we assume issuer org is always criterion 1
+    if (CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg, sort_None, sort_None) != 0) {
+      orgCert = nextCert;
+      orgCount++;
+    }
+  }
+  return orgCount;
+}
+
+// GetThreadDescAtIndex
+//
+// If the row at index is an organization thread, return the collection
+// associated with that thread.  Otherwise, return null.
+treeArrayEl *
+nsCertTree::GetThreadDescAtIndex(int32_t index)
+{
+  int i, idx=0;
+  if (index < 0) return nullptr;
+  for (i=0; i<mNumOrgs; i++) {
+    if (index == idx) {
+      return &mTreeArray[i];
+    }
+    if (mTreeArray[i].open) {
+      idx += mTreeArray[i].numChildren;
+    }
+    idx++;
+    if (idx > index) break;
+  }
+  return nullptr;
+}
+
+//  GetCertAtIndex
+//
+//  If the row at index is a cert, return that cert.  Otherwise, return null.
+already_AddRefed<nsIX509Cert>
+nsCertTree::GetCertAtIndex(int32_t index, int32_t *outAbsoluteCertOffset)
+{
+  RefPtr<nsCertTreeDispInfo> certdi(
+    GetDispInfoAtIndex(index, outAbsoluteCertOffset));
+  if (!certdi)
+    return nullptr;
+
+  nsCOMPtr<nsIX509Cert> ret;
+  if (certdi->mCert) {
+    ret = certdi->mCert;
+  } else if (certdi->mAddonInfo) {
+    ret = certdi->mAddonInfo->mCert;
+  }
+  return ret.forget();
+}
+
+//  If the row at index is a cert, return that cert.  Otherwise, return null.
+already_AddRefed<nsCertTreeDispInfo>
+nsCertTree::GetDispInfoAtIndex(int32_t index, 
+                               int32_t *outAbsoluteCertOffset)
+{
+  int i, idx = 0, cIndex = 0, nc;
+  if (index < 0) return nullptr;
+  // Loop over the threads
+  for (i=0; i<mNumOrgs; i++) {
+    if (index == idx) return nullptr; // index is for thread
+    idx++; // get past the thread
+    nc = (mTreeArray[i].open) ? mTreeArray[i].numChildren : 0;
+    if (index < idx + nc) { // cert is within range of this thread
+      int32_t certIndex = cIndex + index - idx;
+      if (outAbsoluteCertOffset)
+        *outAbsoluteCertOffset = certIndex;
+      RefPtr<nsCertTreeDispInfo> certdi(mDispInfo.SafeElementAt(certIndex,
+                                                                nullptr));
+      if (certdi) {
+        return certdi.forget();
+      }
+      break;
+    }
+    if (mTreeArray[i].open)
+      idx += mTreeArray[i].numChildren;
+    cIndex += mTreeArray[i].numChildren;
+    if (idx > index) break;
+  }
+  return nullptr;
+}
+
+nsCertTree::nsCertCompareFunc
+nsCertTree::GetCompareFuncFromCertType(uint32_t aType)
+{
+  switch (aType) {
+    case nsIX509Cert::ANY_CERT:
+    case nsIX509Cert::USER_CERT:
+      return CmpUserCert;
+    case nsIX509Cert::CA_CERT:
+      return CmpCACert;
+    case nsIX509Cert::EMAIL_CERT:
+      return CmpEmailCert;
+    case nsIX509Cert::SERVER_CERT:
+    default:
+      return CmpWebSiteCert;
+  }
+}
+
+struct nsCertAndArrayAndPositionAndCounterAndTracker
+{
+  RefPtr<nsCertAddonInfo> certai;
+  nsTArray< RefPtr<nsCertTreeDispInfo> > *array;
+  int position;
+  int counter;
+  nsTHashtable<nsCStringHashKey> *tracker;
+};
+
+// Used to enumerate host:port overrides that match a stored
+// certificate, creates and adds a display-info-object to the
+// provided array. Increments insert position and entry counter.
+// We remove the given key from the tracker, which is used to 
+// track entries that have not yet been handled.
+// The created display-info references the cert, so make a note
+// of that by incrementing the cert usage counter.
+static void
+MatchingCertOverridesCallback(const nsCertOverride &aSettings,
+                              void *aUserData)
+{
+  nsCertAndArrayAndPositionAndCounterAndTracker *cap = 
+    (nsCertAndArrayAndPositionAndCounterAndTracker*)aUserData;
+  if (!cap)
+    return;
+
+  nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo;
+  if (certdi) {
+    if (cap->certai)
+      cap->certai->mUsageCount++;
+    certdi->mAddonInfo = cap->certai;
+    certdi->mTypeOfEntry = nsCertTreeDispInfo::host_port_override;
+    certdi->mAsciiHost = aSettings.mAsciiHost;
+    certdi->mPort = aSettings.mPort;
+    certdi->mOverrideBits = aSettings.mOverrideBits;
+    certdi->mIsTemporary = aSettings.mIsTemporary;
+    certdi->mCert = aSettings.mCert;
+    cap->array->InsertElementAt(cap->position, certdi);
+    cap->position++;
+    cap->counter++;
+  }
+
+  // this entry is now associated to a displayed cert, remove
+  // it from the list of remaining entries
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort);
+  cap->tracker->RemoveEntry(hostPort);
+}
+
+// Used to collect a list of the (unique) host:port keys
+// for all stored overrides.
+static void
+CollectAllHostPortOverridesCallback(const nsCertOverride &aSettings,
+                                    void *aUserData)
+{
+  nsTHashtable<nsCStringHashKey> *collectorTable =
+    (nsTHashtable<nsCStringHashKey> *)aUserData;
+  if (!collectorTable)
+    return;
+
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort);
+  collectorTable->PutEntry(hostPort);
+}
+
+struct nsArrayAndPositionAndCounterAndTracker
+{
+  nsTArray< RefPtr<nsCertTreeDispInfo> > *array;
+  int position;
+  int counter;
+  nsTHashtable<nsCStringHashKey> *tracker;
+};
+
+// Used when enumerating the stored host:port overrides where
+// no associated certificate was found in the NSS database.
+static void
+AddRemaningHostPortOverridesCallback(const nsCertOverride &aSettings,
+                                     void *aUserData)
+{
+  nsArrayAndPositionAndCounterAndTracker *cap = 
+    (nsArrayAndPositionAndCounterAndTracker*)aUserData;
+  if (!cap)
+    return;
+
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort);
+  if (!cap->tracker->GetEntry(hostPort))
+    return;
+
+  // This entry is not associated to any stored cert,
+  // so we still need to display it.
+
+  nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo;
+  if (certdi) {
+    certdi->mAddonInfo = nullptr;
+    certdi->mTypeOfEntry = nsCertTreeDispInfo::host_port_override;
+    certdi->mAsciiHost = aSettings.mAsciiHost;
+    certdi->mPort = aSettings.mPort;
+    certdi->mOverrideBits = aSettings.mOverrideBits;
+    certdi->mIsTemporary = aSettings.mIsTemporary;
+    certdi->mCert = aSettings.mCert;
+    cap->array->InsertElementAt(cap->position, certdi);
+    cap->position++;
+    cap->counter++;
+  }
+}
+
+nsresult
+nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
+                                       uint32_t aWantedType,
+                                       nsCertCompareFunc  aCertCmpFn,
+                                       void *aCertCmpFnArg)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetCertsByTypeFromCertList"));
+  if (!aCertList)
+    return NS_ERROR_FAILURE;
+
+  if (!mOriginalOverrideService)
+    return NS_ERROR_FAILURE;
+
+  nsTHashtable<nsCStringHashKey> allHostPortOverrideKeys;
+
+  if (aWantedType == nsIX509Cert::SERVER_CERT) {
+    mOriginalOverrideService->
+      EnumerateCertOverrides(nullptr, 
+                             CollectAllHostPortOverridesCallback, 
+                             &allHostPortOverrideKeys);
+  }
+
+  CERTCertListNode *node;
+  int count = 0;
+  for (node = CERT_LIST_HEAD(aCertList);
+       !CERT_LIST_END(node, aCertList);
+       node = CERT_LIST_NEXT(node)) {
+
+    bool wantThisCert = (aWantedType == nsIX509Cert::ANY_CERT);
+    bool wantThisCertIfNoOverrides = false;
+    bool wantThisCertIfHaveOverrides = false;
+    bool addOverrides = false;
+
+    if (!wantThisCert) {
+      uint32_t thisCertType = getCertType(node->cert);
+
+      // The output from getCertType is a "guess", which can be wrong.
+      // The guess is based on stored trust flags, but for the host:port
+      // overrides, we are storing certs without any trust flags associated.
+      // So we must check whether the cert really belongs to the 
+      // server, email or unknown tab. We will lookup the cert in the override
+      // list to come to the decision. Unfortunately, the lookup in the
+      // override list is quite expensive. Therefore we are using this 
+      // lengthy if/else statement to minimize 
+      // the number of override-list-lookups.
+
+      if (aWantedType == nsIX509Cert::SERVER_CERT
+          && thisCertType == nsIX509Cert::UNKNOWN_CERT) {
+        // This unknown cert was stored without trust
+        // Are there host:port based overrides stored?
+        // If yes, display them.
+        addOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::UNKNOWN_CERT
+          && thisCertType == nsIX509Cert::UNKNOWN_CERT) {
+        // This unknown cert was stored without trust.
+        // If there are associated overrides, do not show as unknown.
+        // If there are no associated overrides, display as unknown.
+        wantThisCertIfNoOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::SERVER_CERT
+          && thisCertType == nsIX509Cert::SERVER_CERT) {
+        // This server cert is explicitly marked as a web site peer, 
+        // with or without trust, but editable, so show it
+        wantThisCert = true;
+        // Are there host:port based overrides stored?
+        // If yes, display them.
+        addOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::SERVER_CERT
+          && thisCertType == nsIX509Cert::EMAIL_CERT) {
+        // This cert might have been categorized as an email cert
+        // because it carries an email address. But is it really one?
+        // Our cert categorization is uncertain when it comes to
+        // distinguish between email certs and web site certs.
+        // So, let's see if we have an override for that cert
+        // and if there is, conclude it's really a web site cert.
+        addOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::EMAIL_CERT
+          && thisCertType == nsIX509Cert::EMAIL_CERT) {
+        // This cert might have been categorized as an email cert
+        // because it carries an email address. But is it really one?
+        // Our cert categorization is uncertain when it comes to
+        // distinguish between email certs and web site certs.
+        // So, let's see if we have an override for that cert
+        // and if there is, conclude it's really a web site cert.
+        wantThisCertIfNoOverrides = true;
+      }
+      else
+      if (thisCertType == aWantedType) {
+        wantThisCert = true;
+      }
+    }
+
+    nsCOMPtr<nsIX509Cert> pipCert = nsNSSCertificate::Create(node->cert);
+    if (!pipCert)
+      return NS_ERROR_OUT_OF_MEMORY;
+
+    if (wantThisCertIfNoOverrides || wantThisCertIfHaveOverrides) {
+      uint32_t ocount = 0;
+      nsresult rv = 
+        mOverrideService->IsCertUsedForOverrides(pipCert, 
+                                                 true, // we want temporaries
+                                                 true, // we want permanents
+                                                 &ocount);
+      if (wantThisCertIfNoOverrides) {
+        if (NS_FAILED(rv) || ocount == 0) {
+          // no overrides for this cert
+          wantThisCert = true;
+        }
+      }
+
+      if (wantThisCertIfHaveOverrides) {
+        if (NS_SUCCEEDED(rv) && ocount > 0) {
+          // there are overrides for this cert
+          wantThisCert = true;
+        }
+      }
+    }
+
+    RefPtr<nsCertAddonInfo> certai(new nsCertAddonInfo);
+    certai->mCert = pipCert;
+    certai->mUsageCount = 0;
+
+    if (wantThisCert || addOverrides) {
+      int InsertPosition = 0;
+      for (; InsertPosition < count; ++InsertPosition) {
+        nsCOMPtr<nsIX509Cert> cert = nullptr;
+        RefPtr<nsCertTreeDispInfo> elem(
+          mDispInfo.SafeElementAt(InsertPosition, nullptr));
+        if (elem && elem->mAddonInfo) {
+          cert = elem->mAddonInfo->mCert;
+        }
+        if ((*aCertCmpFn)(aCertCmpFnArg, pipCert, cert) < 0) {
+          break;
+        }
+      }
+      if (wantThisCert) {
+        nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo;
+        certdi->mAddonInfo = certai;
+        certai->mUsageCount++;
+        certdi->mTypeOfEntry = nsCertTreeDispInfo::direct_db;
+        // not necessary: certdi->mAsciiHost.Clear(); certdi->mPort = -1;
+        certdi->mOverrideBits = nsCertOverride::ob_None;
+        certdi->mIsTemporary = false;
+        mDispInfo.InsertElementAt(InsertPosition, certdi);
+        ++count;
+        ++InsertPosition;
+      }
+      if (addOverrides) {
+        nsCertAndArrayAndPositionAndCounterAndTracker cap;
+        cap.certai = certai;
+        cap.array = &mDispInfo;
+        cap.position = InsertPosition;
+        cap.counter = 0;
+        cap.tracker = &allHostPortOverrideKeys;
+
+        mOriginalOverrideService->
+          EnumerateCertOverrides(pipCert, MatchingCertOverridesCallback, &cap);
+        count += cap.counter;
+      }
+    }
+  }
+
+  if (aWantedType == nsIX509Cert::SERVER_CERT) {
+    nsArrayAndPositionAndCounterAndTracker cap;
+    cap.array = &mDispInfo;
+    cap.position = 0;
+    cap.counter = 0;
+    cap.tracker = &allHostPortOverrideKeys;
+    mOriginalOverrideService->
+      EnumerateCertOverrides(nullptr, AddRemaningHostPortOverridesCallback, &cap);
+  }
+
+  return NS_OK;
+}
+
+nsresult 
+nsCertTree::GetCertsByType(uint32_t           aType,
+                           nsCertCompareFunc  aCertCmpFn,
+                           void              *aCertCmpFnArg)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
+  UniqueCERTCertList certList(PK11_ListCerts(PK11CertListUnique, cxt));
+  return GetCertsByTypeFromCertList(certList.get(), aType, aCertCmpFn,
+                                    aCertCmpFnArg);
+}
+
+nsresult
+nsCertTree::GetCertsByTypeFromCache(nsIX509CertList   *aCache,
+                                    uint32_t           aType,
+                                    nsCertCompareFunc  aCertCmpFn,
+                                    void              *aCertCmpFnArg)
+{
+  NS_ENSURE_ARG_POINTER(aCache);
+  // GetRawCertList checks for NSS shutdown since we can't do it ourselves here
+  // easily. We still have to acquire a shutdown prevention lock to prevent NSS
+  // shutting down after GetRawCertList has returned. While cumbersome, this is
+  // at least mostly correct. The rest of this implementation doesn't even go
+  // this far in attempting to check for or prevent NSS shutdown at the
+  // appropriate times. If this were reimplemented at a higher level using
+  // more encapsulated types that handled NSS shutdown themselves, we wouldn't
+  // be having these kinds of problems.
+  nsNSSShutDownPreventionLock locker;
+  CERTCertList* certList = aCache->GetRawCertList();
+  if (!certList)
+    return NS_ERROR_FAILURE;
+  return GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg);
+}
+
+// LoadCerts
+//
+// Load all of the certificates in the DB for this type.  Sort them
+// by token, organization, then common name.
+NS_IMETHODIMP
+nsCertTree::LoadCertsFromCache(nsIX509CertList *aCache, uint32_t aType)
+{
+  if (mTreeArray) {
+    FreeCertArray();
+    delete [] mTreeArray;
+    mTreeArray = nullptr;
+    mNumRows = 0;
+  }
+  ClearCompareHash();
+
+  nsresult rv = GetCertsByTypeFromCache(aCache, aType,
+                                        GetCompareFuncFromCertType(aType),
+                                        &mCompareCache);
+  if (NS_FAILED(rv)) return rv;
+  return UpdateUIContents();
+}
+
+NS_IMETHODIMP 
+nsCertTree::LoadCerts(uint32_t aType)
+{
+  if (mTreeArray) {
+    FreeCertArray();
+    delete [] mTreeArray;
+    mTreeArray = nullptr;
+    mNumRows = 0;
+  }
+  ClearCompareHash();
+
+  nsresult rv = GetCertsByType(aType, GetCompareFuncFromCertType(aType),
+                               &mCompareCache);
+  if (NS_FAILED(rv)) return rv;
+  return UpdateUIContents();
+}
+
+nsresult
+nsCertTree::UpdateUIContents()
+{
+  uint32_t count = mDispInfo.Length();
+  mNumOrgs = CountOrganizations();
+  mTreeArray = new treeArrayEl[mNumOrgs];
+
+  mCellText = nsArrayBase::Create();
+
+if (count) {
+  uint32_t j = 0;
+  nsCOMPtr<nsIX509Cert> orgCert = nullptr;
+  nsCertAddonInfo *addonInfo = mDispInfo.ElementAt(j)->mAddonInfo;
+  if (addonInfo) {
+    orgCert = addonInfo->mCert;
+  }
+  for (int32_t i=0; i<mNumOrgs; i++) {
+    nsString &orgNameRef = mTreeArray[i].orgName;
+    if (!orgCert) {
+      mNSSComponent->GetPIPNSSBundleString("CertOrgUnknown", orgNameRef);
+    }
+    else {
+      orgCert->GetIssuerOrganization(orgNameRef);
+      if (orgNameRef.IsEmpty())
+        orgCert->GetCommonName(orgNameRef);
+    }
+    mTreeArray[i].open = true;
+    mTreeArray[i].certIndex = j;
+    mTreeArray[i].numChildren = 1;
+    if (++j >= count) break;
+    nsCOMPtr<nsIX509Cert> nextCert = nullptr;
+    nsCertAddonInfo *addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo;
+    if (addonInfo) {
+      nextCert = addonInfo->mCert;
+    }
+    while (0 == CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg, sort_None, sort_None)) {
+      mTreeArray[i].numChildren++;
+      if (++j >= count) break;
+      nextCert = nullptr;
+      addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo;
+      if (addonInfo) {
+        nextCert = addonInfo->mCert;
+      }
+    }
+    orgCert = nextCert;
+  }
+}
+  if (mTree) {
+    mTree->BeginUpdateBatch();
+    mTree->RowCountChanged(0, -mNumRows);
+  }
+  mNumRows = count + mNumOrgs;
+  if (mTree)
+    mTree->EndUpdateBatch();
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::DeleteEntryObject(uint32_t index)
+{
+  if (!mTreeArray) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509CertDB> certdb = 
+    do_GetService("@mozilla.org/security/x509certdb;1");
+  if (!certdb) {
+    return NS_ERROR_FAILURE;
+  }
+
+  int i;
+  uint32_t idx = 0, cIndex = 0, nc;
+  // Loop over the threads
+  for (i=0; i<mNumOrgs; i++) {
+    if (index == idx)
+      return NS_OK; // index is for thread
+    idx++; // get past the thread
+    nc = (mTreeArray[i].open) ? mTreeArray[i].numChildren : 0;
+    if (index < idx + nc) { // cert is within range of this thread
+      int32_t certIndex = cIndex + index - idx;
+
+      bool canRemoveEntry = false;
+      RefPtr<nsCertTreeDispInfo> certdi(mDispInfo.SafeElementAt(certIndex,
+                                                                nullptr));
+      
+      // We will remove the element from the visual tree.
+      // Only if we have a certdi, then we can check for additional actions.
+      nsCOMPtr<nsIX509Cert> cert = nullptr;
+      if (certdi) {
+        if (certdi->mAddonInfo) {
+          cert = certdi->mAddonInfo->mCert;
+        }
+        nsCertAddonInfo* addonInfo =
+          certdi->mAddonInfo ? certdi->mAddonInfo.get() : nullptr;
+        if (certdi->mTypeOfEntry == nsCertTreeDispInfo::host_port_override) {
+          mOverrideService->ClearValidityOverride(certdi->mAsciiHost, certdi->mPort);
+          if (addonInfo) {
+            addonInfo->mUsageCount--;
+            if (addonInfo->mUsageCount == 0) {
+              // The certificate stored in the database is no longer
+              // referenced by any other object displayed.
+              // That means we no longer need to keep it around
+              // and really can remove it.
+              canRemoveEntry = true;
+            }
+          } 
+        }
+        else {
+          if (addonInfo && addonInfo->mUsageCount > 1) {
+            // user is trying to delete a perm trusted cert,
+            // although there are still overrides stored,
+            // so, we keep the cert, but remove the trust
+
+            UniqueCERTCertificate nsscert(cert->GetCert());
+
+            if (nsscert) {
+              CERTCertTrust trust;
+              memset((void*)&trust, 0, sizeof(trust));
+
+              SECStatus srv = CERT_DecodeTrustString(&trust, ""); // no override 
+              if (srv == SECSuccess) {
+                CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nsscert.get(),
+                                     &trust);
+              }
+            }
+          }
+          else {
+            canRemoveEntry = true;
+          }
+        }
+      }
+
+      mDispInfo.RemoveElementAt(certIndex);
+
+      if (canRemoveEntry) {
+        RemoveCacheEntry(cert);
+        certdb->DeleteCertificate(cert);
+      }
+
+      delete [] mTreeArray;
+      mTreeArray = nullptr;
+      return UpdateUIContents();
+    }
+    if (mTreeArray[i].open)
+      idx += mTreeArray[i].numChildren;
+    cIndex += mTreeArray[i].numChildren;
+    if (idx > index)
+      break;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Begin nsITreeView methods
+//
+/////////////////////////////////////////////////////////////////////////////
+
+NS_IMETHODIMP
+nsCertTree::GetCert(uint32_t aIndex, nsIX509Cert **_cert)
+{
+  NS_ENSURE_ARG(_cert);
+  *_cert = GetCertAtIndex(aIndex).take();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetTreeItem(uint32_t aIndex, nsICertTreeItem **_treeitem)
+{
+  NS_ENSURE_ARG(_treeitem);
+
+  RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(aIndex));
+  if (!certdi)
+    return NS_ERROR_FAILURE;
+
+  *_treeitem = certdi;
+  NS_IF_ADDREF(*_treeitem);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetRowCount(int32_t *aRowCount)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  uint32_t count = 0;
+  for (int32_t i=0; i<mNumOrgs; i++) {
+    if (mTreeArray[i].open) {
+      count += mTreeArray[i].numChildren;
+    }
+    count++;
+  }
+  *aRowCount = count;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetSelection(nsITreeSelection * *aSelection)
+{
+  *aSelection = mSelection;
+  NS_IF_ADDREF(*aSelection);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetSelection(nsITreeSelection * aSelection)
+{
+  mSelection = aSelection;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetRowProperties(int32_t index, nsAString& aProps)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetCellProperties(int32_t row, nsITreeColumn* col, 
+                              nsAString& aProps)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetColumnProperties(nsITreeColumn* col, nsAString& aProps)
+{
+  return NS_OK;
+}
+NS_IMETHODIMP 
+nsCertTree::IsContainer(int32_t index, bool *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el) {
+    *_retval = true;
+  } else {
+    *_retval = false;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsContainerOpen(int32_t index, bool *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el && el->open) {
+    *_retval = true;
+  } else {
+    *_retval = false;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsContainerEmpty(int32_t index, bool *_retval)
+{
+  *_retval = !mTreeArray;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsSeparator(int32_t index, bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetParentIndex(int32_t rowIndex, int32_t *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  int i, idx = 0;
+  for (i = 0; i < mNumOrgs && idx < rowIndex; i++, idx++) {
+    if (mTreeArray[i].open) {
+      if (rowIndex <= idx + mTreeArray[i].numChildren) {
+        *_retval = idx;
+        return NS_OK;
+      }
+      idx += mTreeArray[i].numChildren;
+    }
+  }
+  *_retval = -1;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::HasNextSibling(int32_t rowIndex, int32_t afterIndex, 
+                               bool *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  int i, idx = 0;
+  for (i = 0; i < mNumOrgs && idx <= rowIndex; i++, idx++) {
+    if (mTreeArray[i].open) {
+      idx += mTreeArray[i].numChildren;
+      if (afterIndex <= idx) {
+        *_retval = afterIndex < idx;
+        return NS_OK;
+      }
+    }
+  }
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetLevel(int32_t index, int32_t *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el) {
+    *_retval = 0;
+  } else {
+    *_retval = 1;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetImageSrc(int32_t row, nsITreeColumn* col, 
+                        nsAString& _retval)
+{
+  _retval.Truncate();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetProgressMode(int32_t row, nsITreeColumn* col, int32_t* _retval)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetCellValue(int32_t row, nsITreeColumn* col, 
+                         nsAString& _retval)
+{
+  _retval.Truncate();
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetCellText(int32_t row, nsITreeColumn* col, 
+                        nsAString& _retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  nsresult rv = NS_OK;
+  _retval.Truncate();
+
+  const char16_t* colID;
+  col->GetIdConst(&colID);
+
+  treeArrayEl *el = GetThreadDescAtIndex(row);
+  if (el) {
+    if (NS_LITERAL_STRING("certcol").Equals(colID))
+      _retval.Assign(el->orgName);
+    else
+      _retval.Truncate();
+    return NS_OK;
+  }
+
+  int32_t absoluteCertOffset;
+  RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(row, &absoluteCertOffset));
+  if (!certdi)
+    return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIX509Cert> cert = certdi->mCert;
+  if (!cert && certdi->mAddonInfo) {
+    cert = certdi->mAddonInfo->mCert;
+  }
+
+  int32_t colIndex;
+  col->GetIndex(&colIndex);
+  uint32_t arrayIndex=absoluteCertOffset+colIndex*(mNumRows-mNumOrgs);
+  uint32_t arrayLength=0;
+  if (mCellText) {
+    mCellText->GetLength(&arrayLength);
+  }
+  if (arrayIndex < arrayLength) {
+    nsCOMPtr<nsISupportsString> myString(do_QueryElementAt(mCellText, arrayIndex));
+    if (myString) {
+      myString->GetData(_retval);
+      return NS_OK;
+    }
+  }
+
+  if (NS_LITERAL_STRING("certcol").Equals(colID)) {
+    if (!cert) {
+      mNSSComponent->GetPIPNSSBundleString("CertNotStored", _retval);
+    }
+    else {
+      rv = cert->GetCommonName(_retval);
+      if (NS_FAILED(rv) || _retval.IsEmpty()) {
+        // kaie: I didn't invent the idea to cut off anything before 
+        //       the first colon. :-)
+        nsAutoString nick;
+        rv = cert->GetNickname(nick);
+        
+        nsAString::const_iterator start, end, end2;
+        nick.BeginReading(start);
+        nick.EndReading(end);
+        end2 = end;
+  
+        if (FindInReadable(NS_LITERAL_STRING(":"), start, end)) {
+          // found. end points to the first char after the colon,
+          // that's what we want.
+          _retval = Substring(end, end2);
+        }
+        else {
+          _retval = nick;
+        }
+      }
+    }
+  } else if (NS_LITERAL_STRING("tokencol").Equals(colID) && cert) {
+    rv = cert->GetTokenName(_retval);
+  } else if (NS_LITERAL_STRING("emailcol").Equals(colID) && cert) {
+    rv = cert->GetEmailAddress(_retval);
+  } else if (NS_LITERAL_STRING("issuedcol").Equals(colID) && cert) {
+    nsCOMPtr<nsIX509CertValidity> validity;
+
+    rv = cert->GetValidity(getter_AddRefs(validity));
+    if (NS_SUCCEEDED(rv)) {
+      validity->GetNotBeforeLocalDay(_retval);
+    }
+  } else if (NS_LITERAL_STRING("expiredcol").Equals(colID) && cert) {
+    nsCOMPtr<nsIX509CertValidity> validity;
+
+    rv = cert->GetValidity(getter_AddRefs(validity));
+    if (NS_SUCCEEDED(rv)) {
+      validity->GetNotAfterLocalDay(_retval);
+    }
+  } else if (NS_LITERAL_STRING("serialnumcol").Equals(colID) && cert) {
+    rv = cert->GetSerialNumber(_retval);
+  } else if (NS_LITERAL_STRING("sitecol").Equals(colID)) {
+    if (certdi->mTypeOfEntry == nsCertTreeDispInfo::host_port_override) {
+      nsAutoCString hostPort;
+      nsCertOverrideService::GetHostWithPort(certdi->mAsciiHost, certdi->mPort, hostPort);
+      _retval = NS_ConvertUTF8toUTF16(hostPort);
+    }
+    else {
+      _retval = NS_LITERAL_STRING("*");
+    }
+  } else if (NS_LITERAL_STRING("lifetimecol").Equals(colID)) {
+    const char *stringID = 
+      (certdi->mIsTemporary) ? "CertExceptionTemporary" : "CertExceptionPermanent";
+    rv = mNSSComponent->GetPIPNSSBundleString(stringID, _retval);
+  } else {
+    return NS_ERROR_FAILURE;
+  }
+  if (mCellText) {
+    nsCOMPtr<nsISupportsString> text(do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv));
+    NS_ENSURE_SUCCESS(rv, rv);
+    text->SetData(_retval);
+    mCellText->ReplaceElementAt(text, arrayIndex, false);
+  }
+  return rv;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetTree(nsITreeBoxObject *tree)
+{
+  mTree = tree;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::ToggleOpenState(int32_t index)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el) {
+    el->open = !el->open;
+    int32_t newChildren = (el->open) ? el->numChildren : -el->numChildren;
+    if (mTree) mTree->RowCountChanged(index + 1, newChildren);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::CycleHeader(nsITreeColumn* col)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SelectionChanged()
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP 
+nsCertTree::CycleCell(int32_t row, nsITreeColumn* col)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsEditable(int32_t row, nsITreeColumn* col, bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsSelectable(int32_t row, nsITreeColumn* col, bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetCellValue(int32_t row, nsITreeColumn* col, 
+                         const nsAString& value)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetCellText(int32_t row, nsITreeColumn* col, 
+                        const nsAString& value)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::PerformAction(const char16_t *action)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::PerformActionOnRow(const char16_t *action, int32_t row)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::PerformActionOnCell(const char16_t *action, int32_t row, 
+                                nsITreeColumn* col)
+{
+  return NS_OK;
+}
+
+#ifdef DEBUG_CERT_TREE
+void
+nsCertTree::dumpMap()
+{
+  for (int i=0; i<mNumOrgs; i++) {
+    nsAutoString org(mTreeArray[i].orgName);
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ORG[%s]", NS_LossyConvertUTF16toASCII(org).get()));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("OPEN[%d]", mTreeArray[i].open));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("INDEX[%d]", mTreeArray[i].certIndex));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NCHILD[%d]", mTreeArray[i].numChildren));
+  }
+  for (int i=0; i<mNumRows; i++) {
+    treeArrayEl *el = GetThreadDescAtIndex(i);
+    if (el) {
+      nsAutoString td(el->orgName);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("thread desc[%d]: %s", i, NS_LossyConvertUTF16toASCII(td).get()));
+    }
+    nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
+    if (ct) {
+      char16_t *goo;
+      ct->GetCommonName(&goo);
+      nsAutoString doo(goo);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("cert [%d]: %s", i, NS_LossyConvertUTF16toASCII(doo).get()));
+    }
+  }
+}
+#endif
+
+//
+// CanDrop
+//
+NS_IMETHODIMP nsCertTree::CanDrop(int32_t index, int32_t orientation,
+                                  nsIDOMDataTransfer* aDataTransfer, bool *_retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  
+  return NS_OK;
+}
+
+
+//
+// Drop
+//
+NS_IMETHODIMP nsCertTree::Drop(int32_t row, int32_t orient, nsIDOMDataTransfer* aDataTransfer)
+{
+  return NS_OK;
+}
+
+
+//
+// IsSorted
+//
+// ...
+//
+NS_IMETHODIMP nsCertTree::IsSorted(bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+#define RETURN_NOTHING
+
+void 
+nsCertTree::CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry,
+                             sortCriterion crit, int32_t level)
+{
+  NS_ENSURE_TRUE(cert && entry, RETURN_NOTHING);
+
+  entry->mCritInit[level] = true;
+  nsXPIDLString &str = entry->mCrit[level];
+  
+  switch (crit) {
+    case sort_IssuerOrg:
+      cert->GetIssuerOrganization(str);
+      if (str.IsEmpty())
+        cert->GetCommonName(str);
+      break;
+    case sort_Org:
+      cert->GetOrganization(str);
+      break;
+    case sort_Token:
+      cert->GetTokenName(str);
+      break;
+    case sort_CommonName:
+      cert->GetCommonName(str);
+      break;
+    case sort_IssuedDateDescending:
+      {
+        nsresult rv;
+        nsCOMPtr<nsIX509CertValidity> validity;
+        PRTime notBefore;
+
+        rv = cert->GetValidity(getter_AddRefs(validity));
+        if (NS_SUCCEEDED(rv)) {
+          rv = validity->GetNotBefore(&notBefore);
+        }
+
+        if (NS_SUCCEEDED(rv)) {
+          PRExplodedTime explodedTime;
+          PR_ExplodeTime(notBefore, PR_GMTParameters, &explodedTime);
+          char datebuf[20]; // 4 + 2 + 2 + 2 + 2 + 2 + 1 = 15
+          if (0 != PR_FormatTime(datebuf, sizeof(datebuf), "%Y%m%d%H%M%S", &explodedTime)) {
+            str = NS_ConvertASCIItoUTF16(nsDependentCString(datebuf));
+          }
+        }
+      }
+      break;
+    case sort_Email:
+      cert->GetEmailAddress(str);
+      break;
+    case sort_None:
+    default:
+      break;
+  }
+}
+
+int32_t
+nsCertTree::CmpByCrit(nsIX509Cert *a, CompareCacheHashEntry *ace, 
+                      nsIX509Cert *b, CompareCacheHashEntry *bce, 
+                      sortCriterion crit, int32_t level)
+{
+  NS_ENSURE_TRUE(a && ace && b && bce, 0);
+
+  if (!ace->mCritInit[level]) {
+    CmpInitCriterion(a, ace, crit, level);
+  }
+
+  if (!bce->mCritInit[level]) {
+    CmpInitCriterion(b, bce, crit, level);
+  }
+
+  nsXPIDLString &str_a = ace->mCrit[level];
+  nsXPIDLString &str_b = bce->mCrit[level];
+
+  int32_t result;
+  if (str_a && str_b)
+    result = Compare(str_a, str_b, nsCaseInsensitiveStringComparator());
+  else
+    result = !str_a ? (!str_b ? 0 : -1) : 1;
+
+  if (sort_IssuedDateDescending == crit)
+    result *= -1; // reverse compare order
+
+  return result;
+}
+
+int32_t
+nsCertTree::CmpBy(void *cache, nsIX509Cert *a, nsIX509Cert *b, 
+                  sortCriterion c0, sortCriterion c1, sortCriterion c2)
+{
+  // This will be called when comparing items for display sorting.
+  // Some items might have no cert associated, so either a or b is null.
+  // We want all those orphans show at the top of the list,
+  // so we treat a null cert as "smaller" by returning -1.
+  // We don't try to sort within the group of no-cert entries,
+  // so we treat them as equal wrt sort order.
+
+  if (!a && !b)
+    return 0;
+
+  if (!a)
+    return -1;
+
+  if (!b)
+    return 1;
+
+  NS_ENSURE_TRUE(cache && a && b, 0);
+
+  CompareCacheHashEntry *ace = getCacheEntry(cache, a);
+  CompareCacheHashEntry *bce = getCacheEntry(cache, b);
+
+  int32_t cmp;
+  cmp = CmpByCrit(a, ace, b, bce, c0, 0);
+  if (cmp != 0)
+    return cmp;
+
+  if (c1 != sort_None) {
+    cmp = CmpByCrit(a, ace, b, bce, c1, 1);
+    if (cmp != 0)
+      return cmp;
+    
+    if (c2 != sort_None) {
+      return CmpByCrit(a, ace, b, bce, c2, 2);
+    }
+  }
+
+  return cmp;
+}
+
+int32_t
+nsCertTree::CmpCACert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Org, sort_Token);
+}
+
+int32_t
+nsCertTree::CmpWebSiteCert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_CommonName, sort_None);
+}
+
+int32_t
+nsCertTree::CmpUserCert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Token, sort_IssuedDateDescending);
+}
+
+int32_t
+nsCertTree::CmpEmailCert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Email, sort_CommonName);
+}
+
diff --git a/security/manager/ssl/nsCertTree.h b/security/manager/ssl/nsCertTree.h
new file mode 100644
index 000000000..bf17b4efa
--- /dev/null
+++ b/security/manager/ssl/nsCertTree.h
@@ -0,0 +1,154 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NS_CERTTREE_H_
+#define _NS_CERTTREE_H_
+
+#include "nsCOMPtr.h"
+#include "nsIServiceManager.h"
+#include "nsICertTree.h"
+#include "nsITreeView.h"
+#include "nsITreeBoxObject.h"
+#include "nsITreeSelection.h"
+#include "nsIMutableArray.h"
+#include "nsNSSComponent.h"
+#include "nsTArray.h"
+#include "PLDHashTable.h"
+#include "nsIX509CertDB.h"
+#include "nsCertOverrideService.h"
+#include "mozilla/Attributes.h"
+
+typedef struct treeArrayElStr treeArrayEl;
+
+struct CompareCacheHashEntry {
+  enum { max_criterions = 3 };
+  CompareCacheHashEntry();
+
+  void *key; // no ownership
+  bool mCritInit[max_criterions];
+  nsXPIDLString mCrit[max_criterions];
+};
+
+struct CompareCacheHashEntryPtr : PLDHashEntryHdr {
+  CompareCacheHashEntryPtr();
+  ~CompareCacheHashEntryPtr();
+  CompareCacheHashEntry *entry;
+};
+
+class nsCertAddonInfo final : public nsISupports
+{
+private:
+  ~nsCertAddonInfo() {}
+
+public:
+  NS_DECL_ISUPPORTS
+
+  nsCertAddonInfo() : mUsageCount(0) {}
+
+  RefPtr<nsIX509Cert> mCert;
+  // how many display entries reference this?
+  // (and therefore depend on the underlying cert)
+  int32_t mUsageCount;
+};
+
+class nsCertTreeDispInfo : public nsICertTreeItem
+{
+protected:
+  virtual ~nsCertTreeDispInfo();
+
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICERTTREEITEM
+
+  nsCertTreeDispInfo();
+  nsCertTreeDispInfo(nsCertTreeDispInfo &other);
+
+  RefPtr<nsCertAddonInfo> mAddonInfo;
+  enum {
+    direct_db, host_port_override
+  } mTypeOfEntry;
+  nsCString mAsciiHost;
+  int32_t mPort;
+  nsCertOverride::OverrideBits mOverrideBits;
+  bool mIsTemporary;
+  nsCOMPtr<nsIX509Cert> mCert;
+};
+
+class nsCertTree : public nsICertTree
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICERTTREE
+  NS_DECL_NSITREEVIEW
+
+  nsCertTree();
+
+  enum sortCriterion { sort_IssuerOrg, sort_Org, sort_Token, 
+    sort_CommonName, sort_IssuedDateDescending, sort_Email, sort_None };
+
+protected:
+  virtual ~nsCertTree();
+
+  void ClearCompareHash();
+  void RemoveCacheEntry(void *key);
+
+  typedef int (*nsCertCompareFunc)(void *, nsIX509Cert *a, nsIX509Cert *b);
+
+  static CompareCacheHashEntry *getCacheEntry(void *cache, void *aCert);
+  static void CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry,
+                               sortCriterion crit, int32_t level);
+  static int32_t CmpByCrit(nsIX509Cert *a, CompareCacheHashEntry *ace, 
+                           nsIX509Cert *b, CompareCacheHashEntry *bce, 
+                           sortCriterion crit, int32_t level);
+  static int32_t CmpBy(void *cache, nsIX509Cert *a, nsIX509Cert *b, 
+                       sortCriterion c0, sortCriterion c1, sortCriterion c2);
+  static int32_t CmpCACert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  static int32_t CmpWebSiteCert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  static int32_t CmpUserCert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  static int32_t CmpEmailCert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  nsCertCompareFunc GetCompareFuncFromCertType(uint32_t aType);
+  int32_t CountOrganizations();
+
+  nsresult GetCertsByType(uint32_t aType, nsCertCompareFunc aCertCmpFn,
+                          void *aCertCmpFnArg);
+
+  nsresult GetCertsByTypeFromCache(nsIX509CertList *aCache, uint32_t aType,
+                                   nsCertCompareFunc aCertCmpFn, void *aCertCmpFnArg);
+private:
+  static const uint32_t kInitialCacheLength = 64;
+
+  nsTArray< RefPtr<nsCertTreeDispInfo> > mDispInfo;
+  nsCOMPtr<nsITreeBoxObject>  mTree;
+  nsCOMPtr<nsITreeSelection>  mSelection;
+  treeArrayEl                *mTreeArray;
+  int32_t                         mNumOrgs;
+  int32_t                         mNumRows;
+  PLDHashTable mCompareCache;
+  nsCOMPtr<nsINSSComponent> mNSSComponent;
+  nsCOMPtr<nsICertOverrideService> mOverrideService;
+  RefPtr<nsCertOverrideService> mOriginalOverrideService;
+
+  treeArrayEl *GetThreadDescAtIndex(int32_t _index);
+  already_AddRefed<nsIX509Cert> 
+    GetCertAtIndex(int32_t _index, int32_t *outAbsoluteCertOffset = nullptr);
+  already_AddRefed<nsCertTreeDispInfo>
+    GetDispInfoAtIndex(int32_t index, int32_t *outAbsoluteCertOffset = nullptr);
+  void FreeCertArray();
+  nsresult UpdateUIContents();
+
+  nsresult GetCertsByTypeFromCertList(CERTCertList *aCertList,
+                                      uint32_t aType,
+                                      nsCertCompareFunc  aCertCmpFn,
+                                      void              *aCertCmpFnArg);
+
+  nsCOMPtr<nsIMutableArray> mCellText;
+
+#ifdef DEBUG_CERT_TREE
+  /* for debugging purposes */
+  void dumpMap();
+#endif
+};
+
+#endif /* _NS_CERTTREE_H_ */
+
diff --git a/security/manager/ssl/nsClientAuthRemember.cpp b/security/manager/ssl/nsClientAuthRemember.cpp
new file mode 100644
index 000000000..059955901
--- /dev/null
+++ b/security/manager/ssl/nsClientAuthRemember.cpp
@@ -0,0 +1,213 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsClientAuthRemember.h"
+
+#include "nsIX509Cert.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/RefPtr.h"
+#include "nsCRT.h"
+#include "nsNSSCertHelper.h"
+#include "nsIObserverService.h"
+#include "nsNetUtil.h"
+#include "nsISupportsPrimitives.h"
+#include "nsPromiseFlatString.h"
+#include "nsThreadUtils.h"
+#include "nsStringBuffer.h"
+#include "cert.h"
+#include "nspr.h"
+#include "pk11pub.h"
+#include "certdb.h"
+#include "sechash.h"
+#include "SharedSSLState.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsClientAuthRememberService,
+                  nsIObserver,
+                  nsISupportsWeakReference)
+
+nsClientAuthRememberService::nsClientAuthRememberService()
+  : monitor("nsClientAuthRememberService.monitor")
+{
+}
+
+nsClientAuthRememberService::~nsClientAuthRememberService()
+{
+  RemoveAllFromMemory();
+}
+
+nsresult
+nsClientAuthRememberService::Init()
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsClientAuthRememberService::Init called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+  if (observerService) {
+    observerService->AddObserver(this, "profile-before-change", true);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::Observe(nsISupports* aSubject,
+                                     const char* aTopic,
+                                     const char16_t* aData)
+{
+  // check the topic
+  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+    // The profile is about to change,
+    // or is going away because the application is shutting down.
+
+    ReentrantMonitorAutoEnter lock(monitor);
+    RemoveAllFromMemory();
+  }
+
+  return NS_OK;
+}
+
+void nsClientAuthRememberService::ClearRememberedDecisions()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  RemoveAllFromMemory();
+}
+
+void nsClientAuthRememberService::ClearAllRememberedDecisions()
+{
+  RefPtr<nsClientAuthRememberService> svc =
+    PublicSSLState()->GetClientAuthRememberService();
+  svc->ClearRememberedDecisions();
+
+  svc = PrivateSSLState()->GetClientAuthRememberService();
+  svc->ClearRememberedDecisions();
+}
+
+void
+nsClientAuthRememberService::RemoveAllFromMemory()
+{
+  mSettingsTable.Clear();
+}
+
+nsresult
+nsClientAuthRememberService::RememberDecision(
+  const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes,
+  CERTCertificate* aServerCert, CERTCertificate* aClientCert)
+{
+  // aClientCert == nullptr means: remember that user does not want to use a cert
+  NS_ENSURE_ARG_POINTER(aServerCert);
+  if (aHostName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsAutoCString fpStr;
+  nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    if (aClientCert) {
+      RefPtr<nsNSSCertificate> pipCert(new nsNSSCertificate(aClientCert));
+      nsAutoCString dbkey;
+      rv = pipCert->GetDbKey(dbkey);
+      if (NS_SUCCEEDED(rv)) {
+        AddEntryToList(aHostName, aOriginAttributes, fpStr, dbkey);
+      }
+    } else {
+      nsCString empty;
+      AddEntryToList(aHostName, aOriginAttributes, fpStr, empty);
+    }
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsClientAuthRememberService::HasRememberedDecision(
+  const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes,
+  CERTCertificate* aCert, nsACString& aCertDBKey, bool* aRetVal)
+{
+  if (aHostName.IsEmpty())
+    return NS_ERROR_INVALID_ARG;
+
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aRetVal);
+  *aRetVal = false;
+
+  nsresult rv;
+  nsAutoCString fpStr;
+  rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nsAutoCString entryKey;
+  GetEntryKey(aHostName, aOriginAttributes, fpStr, entryKey);
+  nsClientAuthRemember settings;
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsClientAuthRememberEntry* entry = mSettingsTable.GetEntry(entryKey.get());
+    if (!entry)
+      return NS_OK;
+    settings = entry->mSettings; // copy
+  }
+
+  aCertDBKey = settings.mDBKey;
+  *aRetVal = true;
+  return NS_OK;
+}
+
+nsresult
+nsClientAuthRememberService::AddEntryToList(
+  const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes,
+  const nsACString& aFingerprint, const nsACString& aDBKey)
+{
+  nsAutoCString entryKey;
+  GetEntryKey(aHostName, aOriginAttributes, aFingerprint, entryKey);
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsClientAuthRememberEntry* entry = mSettingsTable.PutEntry(entryKey.get());
+
+    if (!entry) {
+      NS_ERROR("can't insert a null entry!");
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+
+    entry->mEntryKey = entryKey;
+
+    nsClientAuthRemember& settings = entry->mSettings;
+    settings.mAsciiHost = aHostName;
+    settings.mFingerprint = aFingerprint;
+    settings.mDBKey = aDBKey;
+  }
+
+  return NS_OK;
+}
+
+void
+nsClientAuthRememberService::GetEntryKey(
+  const nsACString& aHostName,
+  const NeckoOriginAttributes& aOriginAttributes,
+  const nsACString& aFingerprint,
+  nsACString& aEntryKey)
+{
+  nsAutoCString hostCert(aHostName);
+  nsAutoCString suffix;
+  aOriginAttributes.CreateSuffix(suffix);
+  hostCert.Append(suffix);
+  hostCert.Append(':');
+  hostCert.Append(aFingerprint);
+
+  aEntryKey.Assign(hostCert);
+}
diff --git a/security/manager/ssl/nsClientAuthRemember.h b/security/manager/ssl/nsClientAuthRemember.h
new file mode 100644
index 000000000..1be5601ce
--- /dev/null
+++ b/security/manager/ssl/nsClientAuthRemember.h
@@ -0,0 +1,155 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __NSCLIENTAUTHREMEMBER_H__
+#define __NSCLIENTAUTHREMEMBER_H__
+
+#include "mozilla/ReentrantMonitor.h"
+#include "nsTHashtable.h"
+#include "nsIObserver.h"
+#include "nsIX509Cert.h"
+#include "nsNSSCertificate.h"
+#include "nsString.h"
+#include "nsWeakReference.h"
+#include "mozilla/Attributes.h"
+
+namespace mozilla {
+  class NeckoOriginAttributes;
+}
+
+using mozilla::NeckoOriginAttributes;
+
+class nsClientAuthRemember
+{
+public:
+
+  nsClientAuthRemember()
+  {
+  }
+
+  nsClientAuthRemember(const nsClientAuthRemember& aOther)
+  {
+    this->operator=(aOther);
+  }
+
+  nsClientAuthRemember& operator=(const nsClientAuthRemember& aOther)
+  {
+    mAsciiHost = aOther.mAsciiHost;
+    mFingerprint = aOther.mFingerprint;
+    mDBKey = aOther.mDBKey;
+    return *this;
+  }
+
+  nsCString mAsciiHost;
+  nsCString mFingerprint;
+  nsCString mDBKey;
+};
+
+
+// hash entry class
+class nsClientAuthRememberEntry final : public PLDHashEntryHdr
+{
+  public:
+    // Hash methods
+    typedef const char* KeyType;
+    typedef const char* KeyTypePointer;
+
+    // do nothing with aHost - we require mHead to be set before we're live!
+    explicit nsClientAuthRememberEntry(KeyTypePointer aHostWithCertUTF8)
+    {
+    }
+
+    nsClientAuthRememberEntry(const nsClientAuthRememberEntry& aToCopy)
+    {
+      mSettings = aToCopy.mSettings;
+    }
+
+    ~nsClientAuthRememberEntry()
+    {
+    }
+
+    KeyType GetKey() const
+    {
+      return EntryKeyPtr();
+    }
+
+    KeyTypePointer GetKeyPointer() const
+    {
+      return EntryKeyPtr();
+    }
+
+    bool KeyEquals(KeyTypePointer aKey) const
+    {
+      return !strcmp(EntryKeyPtr(), aKey);
+    }
+
+    static KeyTypePointer KeyToPointer(KeyType aKey)
+    {
+      return aKey;
+    }
+
+    static PLDHashNumber HashKey(KeyTypePointer aKey)
+    {
+      return PLDHashTable::HashStringKey(aKey);
+    }
+
+    enum { ALLOW_MEMMOVE = false };
+
+    // get methods
+    inline const nsCString& GetEntryKey() const { return mEntryKey; }
+
+    inline KeyTypePointer EntryKeyPtr() const
+    {
+      return mEntryKey.get();
+    }
+
+    nsClientAuthRemember mSettings;
+    nsCString mEntryKey;
+};
+
+class nsClientAuthRememberService final : public nsIObserver,
+                                          public nsSupportsWeakReference
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  nsClientAuthRememberService();
+
+  nsresult Init();
+
+  static void GetEntryKey(const nsACString& aHostName,
+                          const NeckoOriginAttributes& aOriginAttributes,
+                          const nsACString& aFingerprint,
+                          /*out*/ nsACString& aEntryKey);
+
+  nsresult RememberDecision(const nsACString& aHostName,
+                            const NeckoOriginAttributes& aOriginAttributes,
+                            CERTCertificate* aServerCert,
+                            CERTCertificate* aClientCert);
+
+  nsresult HasRememberedDecision(const nsACString& aHostName,
+                                 const NeckoOriginAttributes& aOriginAttributes,
+                                 CERTCertificate* aServerCert,
+                                 nsACString& aCertDBKey, bool* aRetVal);
+
+  void ClearRememberedDecisions();
+  static void ClearAllRememberedDecisions();
+
+protected:
+    ~nsClientAuthRememberService();
+
+    mozilla::ReentrantMonitor monitor;
+    nsTHashtable<nsClientAuthRememberEntry> mSettingsTable;
+
+    void RemoveAllFromMemory();
+    nsresult AddEntryToList(const nsACString& aHost,
+                            const NeckoOriginAttributes& aOriginAttributes,
+                            const nsACString& aServerFingerprint,
+                            const nsACString& aDBKey);
+};
+
+#endif
diff --git a/security/manager/ssl/nsCrypto.cpp b/security/manager/ssl/nsCrypto.cpp
new file mode 100644
index 000000000..361257968
--- /dev/null
+++ b/security/manager/ssl/nsCrypto.cpp
@@ -0,0 +1,113 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCrypto.h"
+
+#include "nsNSSComponent.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "ScopedNSSTypes.h"
+
+// QueryInterface implementation for nsPkcs11
+NS_INTERFACE_MAP_BEGIN(nsPkcs11)
+  NS_INTERFACE_MAP_ENTRY(nsIPKCS11)
+  NS_INTERFACE_MAP_ENTRY(nsISupports)
+NS_INTERFACE_MAP_END
+
+NS_IMPL_ADDREF(nsPkcs11)
+NS_IMPL_RELEASE(nsPkcs11)
+
+nsPkcs11::nsPkcs11()
+{
+}
+
+nsPkcs11::~nsPkcs11()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+// Delete a PKCS11 module from the user's profile.
+NS_IMETHODIMP
+nsPkcs11::DeleteModule(const nsAString& aModuleName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (aModuleName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  NS_ConvertUTF16toUTF8 moduleName(aModuleName);
+  // Introduce additional scope for module so all references to it are released
+  // before we call SECMOD_DeleteModule, below.
+#ifndef MOZ_NO_SMART_CARDS
+  {
+    mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
+    if (!module) {
+      return NS_ERROR_FAILURE;
+    }
+    nsCOMPtr<nsINSSComponent> nssComponent(
+      do_GetService(PSM_COMPONENT_CONTRACTID));
+    nssComponent->ShutdownSmartCardThread(module.get());
+  }
+#endif
+
+  // modType is an output variable. We ignore it.
+  int32_t modType;
+  SECStatus srv = SECMOD_DeleteModule(moduleName.get(), &modType);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+// Add a new PKCS11 module to the user's profile.
+NS_IMETHODIMP
+nsPkcs11::AddModule(const nsAString& aModuleName,
+                    const nsAString& aLibraryFullPath,
+                    int32_t aCryptoMechanismFlags,
+                    int32_t aCipherFlags)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (aModuleName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  NS_ConvertUTF16toUTF8 moduleName(aModuleName);
+  nsCString fullPath;
+  // NSS doesn't support Unicode path.  Use native charset
+  NS_CopyUnicodeToNative(aLibraryFullPath, fullPath);
+  uint32_t mechFlags = SECMOD_PubMechFlagstoInternal(aCryptoMechanismFlags);
+  uint32_t cipherFlags = SECMOD_PubCipherFlagstoInternal(aCipherFlags);
+  SECStatus srv = SECMOD_AddNewModule(moduleName.get(), fullPath.get(),
+                                      mechFlags, cipherFlags);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+#ifndef MOZ_NO_SMART_CARDS
+  mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
+  if (!module) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsINSSComponent> nssComponent(
+    do_GetService(PSM_COMPONENT_CONTRACTID));
+  nssComponent->LaunchSmartCardThread(module.get());
+#endif
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsCrypto.h b/security/manager/ssl/nsCrypto.h
new file mode 100644
index 000000000..ec231b471
--- /dev/null
+++ b/security/manager/ssl/nsCrypto.h
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _nsCrypto_h_
+#define _nsCrypto_h_
+
+#include "nsIPKCS11.h"
+
+#include "nsNSSShutDown.h"
+
+#define NS_PKCS11_CID \
+  {0x74b7a390, 0x3b41, 0x11d4, { 0x8a, 0x80, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
+
+class nsPkcs11 : public nsIPKCS11
+               , public nsNSSShutDownObject
+{
+public:
+  nsPkcs11();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11
+
+protected:
+  virtual ~nsPkcs11();
+
+private:
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#endif //_nsCrypto_h_
diff --git a/security/manager/ssl/nsCryptoHash.cpp b/security/manager/ssl/nsCryptoHash.cpp
new file mode 100644
index 000000000..d57eb5f58
--- /dev/null
+++ b/security/manager/ssl/nsCryptoHash.cpp
@@ -0,0 +1,438 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <algorithm>
+
+#include "nsCryptoHash.h"
+
+#include "nsIInputStream.h"
+#include "nsIKeyModule.h"
+
+#include "nsString.h"
+
+#include "sechash.h"
+#include "pk11pub.h"
+#include "base64.h"
+
+#define NS_CRYPTO_HASH_BUFFER_SIZE 4096
+
+//---------------------------------------------
+// Implementing nsICryptoHash
+//---------------------------------------------
+
+nsCryptoHash::nsCryptoHash()
+  : mHashContext(nullptr)
+  , mInitialized(false)
+{
+}
+
+nsCryptoHash::~nsCryptoHash()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsCryptoHash::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsCryptoHash::destructorSafeDestroyNSSReference()
+{
+  if (mHashContext)
+    HASH_Destroy(mHashContext);
+  mHashContext = nullptr;
+}
+
+NS_IMPL_ISUPPORTS(nsCryptoHash, nsICryptoHash)
+
+NS_IMETHODIMP 
+nsCryptoHash::Init(uint32_t algorithm)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  HASH_HashType hashType = (HASH_HashType)algorithm;
+  if (mHashContext)
+  {
+    if ((!mInitialized) && (HASH_GetType(mHashContext) == hashType))
+    {
+      mInitialized = true;
+      HASH_Begin(mHashContext);
+      return NS_OK;
+    }
+
+    // Destroy current hash context if the type was different
+    // or Finish method wasn't called.
+    HASH_Destroy(mHashContext);
+    mInitialized = false;
+  }
+
+  mHashContext = HASH_Create(hashType);
+  if (!mHashContext)
+    return NS_ERROR_INVALID_ARG;
+
+  HASH_Begin(mHashContext);
+  mInitialized = true;
+  return NS_OK; 
+}
+
+NS_IMETHODIMP
+nsCryptoHash::InitWithString(const nsACString & aAlgorithm)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("md2"))
+    return Init(nsICryptoHash::MD2);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("md5"))
+    return Init(nsICryptoHash::MD5);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha1"))
+    return Init(nsICryptoHash::SHA1);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha256"))
+    return Init(nsICryptoHash::SHA256);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha384"))
+    return Init(nsICryptoHash::SHA384);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha512"))
+    return Init(nsICryptoHash::SHA512);
+
+  return NS_ERROR_INVALID_ARG;
+}
+
+NS_IMETHODIMP
+nsCryptoHash::Update(const uint8_t *data, uint32_t len)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  
+  if (!mInitialized)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  HASH_Update(mHashContext, data, len);
+  return NS_OK; 
+}
+
+NS_IMETHODIMP
+nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mInitialized)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  if (!data)
+    return NS_ERROR_INVALID_ARG;
+
+  uint64_t n;
+  nsresult rv = data->Available(&n);
+  if (NS_FAILED(rv))
+    return rv;
+
+  // if the user has passed UINT32_MAX, then read
+  // everything in the stream
+
+  uint64_t len = aLen;
+  if (aLen == UINT32_MAX)
+    len = n;
+
+  // So, if the stream has NO data available for the hash,
+  // or if the data available is less then what the caller
+  // requested, we can not fulfill the hash update.  In this
+  // case, just return NS_ERROR_NOT_AVAILABLE indicating
+  // that there is not enough data in the stream to satisify
+  // the request.
+
+  if (n == 0 || n < len)
+    return NS_ERROR_NOT_AVAILABLE;
+  
+  char buffer[NS_CRYPTO_HASH_BUFFER_SIZE];
+  uint32_t read, readLimit;
+  
+  while(NS_SUCCEEDED(rv) && len>0)
+  {
+    readLimit = (uint32_t)std::min<uint64_t>(NS_CRYPTO_HASH_BUFFER_SIZE, len);
+    
+    rv = data->Read(buffer, readLimit, &read);
+    
+    if (NS_SUCCEEDED(rv))
+      rv = Update((const uint8_t*)buffer, read);
+    
+    len -= read;
+  }
+  
+  return rv;
+}
+
+NS_IMETHODIMP
+nsCryptoHash::Finish(bool ascii, nsACString & _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  
+  if (!mInitialized)
+    return NS_ERROR_NOT_INITIALIZED;
+  
+  uint32_t hashLen = 0;
+  unsigned char buffer[HASH_LENGTH_MAX];
+  unsigned char* pbuffer = buffer;
+
+  HASH_End(mHashContext, pbuffer, &hashLen, HASH_LENGTH_MAX);
+
+  mInitialized = false;
+
+  if (ascii)
+  {
+    UniquePORTString asciiData(BTOA_DataToAscii(buffer, hashLen));
+    NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY);
+
+    _retval.Assign(asciiData.get());
+  }
+  else
+  {
+    _retval.Assign((const char*)buffer, hashLen);
+  }
+
+  return NS_OK;
+}
+
+//---------------------------------------------
+// Implementing nsICryptoHMAC
+//---------------------------------------------
+
+NS_IMPL_ISUPPORTS(nsCryptoHMAC, nsICryptoHMAC)
+
+nsCryptoHMAC::nsCryptoHMAC()
+{
+  mHMACContext = nullptr;
+}
+
+nsCryptoHMAC::~nsCryptoHMAC()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsCryptoHMAC::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsCryptoHMAC::destructorSafeDestroyNSSReference()
+{
+  if (mHMACContext)
+    PK11_DestroyContext(mHMACContext, true);
+  mHMACContext = nullptr;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (mHMACContext)
+  {
+    PK11_DestroyContext(mHMACContext, true);
+    mHMACContext = nullptr;
+  }
+
+  CK_MECHANISM_TYPE HMACMechType;
+  switch (aAlgorithm)
+  {
+  case nsCryptoHMAC::MD2:
+    HMACMechType = CKM_MD2_HMAC; break;
+  case nsCryptoHMAC::MD5:
+    HMACMechType = CKM_MD5_HMAC; break;
+  case nsCryptoHMAC::SHA1:
+    HMACMechType = CKM_SHA_1_HMAC; break;
+  case nsCryptoHMAC::SHA256:
+    HMACMechType = CKM_SHA256_HMAC; break;
+  case nsCryptoHMAC::SHA384:
+    HMACMechType = CKM_SHA384_HMAC; break;
+  case nsCryptoHMAC::SHA512:
+    HMACMechType = CKM_SHA512_HMAC; break;
+  default:
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  NS_ENSURE_ARG_POINTER(aKeyObject);
+
+  nsresult rv;
+
+  int16_t keyType;
+  rv = aKeyObject->GetType(&keyType);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  NS_ENSURE_TRUE(keyType == nsIKeyObject::SYM_KEY, NS_ERROR_INVALID_ARG);
+
+  PK11SymKey* key;
+  // GetKeyObj doesn't addref the key
+  rv = aKeyObject->GetKeyObj(&key);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  SECItem rawData;
+  rawData.data = 0;
+  rawData.len = 0;
+  mHMACContext = PK11_CreateContextBySymKey(
+      HMACMechType, CKA_SIGN, key, &rawData);
+  NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE);
+
+  SECStatus ss = PK11_DigestBegin(mHMACContext);
+  NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mHMACContext)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  if (!aData)
+    return NS_ERROR_INVALID_ARG;
+
+  SECStatus ss = PK11_DigestOp(mHMACContext, aData, aLen);
+  NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
+  
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mHMACContext)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  if (!aStream)
+    return NS_ERROR_INVALID_ARG;
+
+  uint64_t n;
+  nsresult rv = aStream->Available(&n);
+  if (NS_FAILED(rv))
+    return rv;
+
+  // if the user has passed UINT32_MAX, then read
+  // everything in the stream
+
+  uint64_t len = aLen;
+  if (aLen == UINT32_MAX)
+    len = n;
+
+  // So, if the stream has NO data available for the hash,
+  // or if the data available is less then what the caller
+  // requested, we can not fulfill the HMAC update.  In this
+  // case, just return NS_ERROR_NOT_AVAILABLE indicating
+  // that there is not enough data in the stream to satisify
+  // the request.
+
+  if (n == 0 || n < len)
+    return NS_ERROR_NOT_AVAILABLE;
+  
+  char buffer[NS_CRYPTO_HASH_BUFFER_SIZE];
+  uint32_t read, readLimit;
+  
+  while(NS_SUCCEEDED(rv) && len > 0)
+  {
+    readLimit = (uint32_t)std::min<uint64_t>(NS_CRYPTO_HASH_BUFFER_SIZE, len);
+    
+    rv = aStream->Read(buffer, readLimit, &read);
+    if (read == 0)
+      return NS_BASE_STREAM_CLOSED;
+    
+    if (NS_SUCCEEDED(rv))
+      rv = Update((const uint8_t*)buffer, read);
+    
+    len -= read;
+  }
+  
+  return rv;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mHMACContext)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  uint32_t hashLen = 0;
+  unsigned char buffer[HASH_LENGTH_MAX];
+  unsigned char* pbuffer = buffer;
+
+  PK11_DigestFinal(mHMACContext, pbuffer, &hashLen, HASH_LENGTH_MAX);
+  if (aASCII)
+  {
+    UniquePORTString asciiData(BTOA_DataToAscii(buffer, hashLen));
+    NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY);
+
+    _retval.Assign(asciiData.get());
+  }
+  else
+  {
+    _retval.Assign((const char*)buffer, hashLen);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Reset()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SECStatus ss = PK11_DigestBegin(mHMACContext);
+  NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsCryptoHash.h b/security/manager/ssl/nsCryptoHash.h
new file mode 100644
index 000000000..194f274d6
--- /dev/null
+++ b/security/manager/ssl/nsCryptoHash.h
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _nsCryptoHash_h_
+#define _nsCryptoHash_h_
+
+#include "nsICryptoHash.h"
+#include "nsICryptoHMAC.h"
+#include "nsNSSShutDown.h"
+#include "hasht.h"
+#include "secmodt.h"
+
+class nsIInputStream;
+
+#define NS_CRYPTO_HASH_CID {0x36a1d3b3, 0xd886, 0x4317, {0x96, 0xff, 0x87, 0xb0, 0x00, 0x5c, 0xfe, 0xf7}}
+#define NS_CRYPTO_HMAC_CID {0xa496d0a2, 0xdff7, 0x4e23, {0xbd, 0x65, 0x1c, 0xa7, 0x42, 0xfa, 0x17, 0x8a}}
+
+class nsCryptoHash final : public nsICryptoHash, public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICRYPTOHASH
+
+  nsCryptoHash();
+
+private:
+  ~nsCryptoHash();
+
+  HASHContext* mHashContext;
+  bool mInitialized;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+class nsCryptoHMAC : public nsICryptoHMAC, public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICRYPTOHMAC
+
+  nsCryptoHMAC();
+
+private:
+  ~nsCryptoHMAC();
+  PK11Context* mHMACContext;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+#endif // _nsCryptoHash_h_
+
diff --git a/security/manager/ssl/nsDataSignatureVerifier.cpp b/security/manager/ssl/nsDataSignatureVerifier.cpp
new file mode 100644
index 000000000..e67ff2406
--- /dev/null
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -0,0 +1,336 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsDataSignatureVerifier.h"
+
+#include "cms.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsNSSComponent.h"
+#include "nssb64.h"
+#include "pkix/pkixnss.h"
+#include "pkix/pkixtypes.h"
+#include "ScopedNSSTypes.h"
+#include "secerr.h"
+#include "SharedCertVerifier.h"
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+NS_IMPL_ISUPPORTS(nsDataSignatureVerifier, nsIDataSignatureVerifier)
+
+const SEC_ASN1Template CERT_SignatureDataTemplate[] =
+{
+    { SEC_ASN1_SEQUENCE,
+        0, nullptr, sizeof(CERTSignedData) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(CERTSignedData,signatureAlgorithm),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), },
+    { SEC_ASN1_BIT_STRING,
+        offsetof(CERTSignedData,signature), },
+    { 0, }
+};
+
+nsDataSignatureVerifier::~nsDataSignatureVerifier()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsDataSignatureVerifier::VerifyData(const nsACString& aData,
+                                    const nsACString& aSignature,
+                                    const nsACString& aPublicKey,
+                                    bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // Allocate an arena to handle the majority of the allocations
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // Base 64 decode the key
+  SECItem keyItem;
+  PORT_Memset(&keyItem, 0, sizeof(SECItem));
+  if (!NSSBase64_DecodeBuffer(arena.get(), &keyItem,
+                              PromiseFlatCString(aPublicKey).get(),
+                              aPublicKey.Length())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Extract the public key from the data
+  UniqueCERTSubjectPublicKeyInfo pki(
+    SECKEY_DecodeDERSubjectPublicKeyInfo(&keyItem));
+  if (!pki) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueSECKEYPublicKey publicKey(SECKEY_ExtractPublicKey(pki.get()));
+  if (!publicKey) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Base 64 decode the signature
+  SECItem signatureItem;
+  PORT_Memset(&signatureItem, 0, sizeof(SECItem));
+  if (!NSSBase64_DecodeBuffer(arena.get(), &signatureItem,
+                              PromiseFlatCString(aSignature).get(),
+                              aSignature.Length())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Decode the signature and algorithm
+  CERTSignedData sigData;
+  PORT_Memset(&sigData, 0, sizeof(CERTSignedData));
+  SECStatus srv = SEC_QuickDERDecodeItem(arena.get(), &sigData,
+                                         CERT_SignatureDataTemplate,
+                                         &signatureItem);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Perform the final verification
+  DER_ConvertBitString(&(sigData.signature));
+  srv = VFY_VerifyDataWithAlgorithmID(
+    BitwiseCast<const unsigned char*, const char*>(
+      PromiseFlatCString(aData).get()),
+    aData.Length(), publicKey.get(), &(sigData.signature),
+    &(sigData.signatureAlgorithm), nullptr, nullptr);
+
+  *_retval = (srv == SECSuccess);
+
+  return NS_OK;
+}
+
+namespace mozilla {
+
+nsresult
+VerifyCMSDetachedSignatureIncludingCertificate(
+  const SECItem& buffer, const SECItem& detachedDigest,
+  nsresult (*verifyCertificate)(CERTCertificate* cert, void* context,
+                                void* pinArg),
+  void* verifyCertificateContext, void* pinArg,
+  const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  // XXX: missing pinArg is tolerated.
+  if (NS_WARN_IF(!buffer.data && buffer.len > 0) ||
+      NS_WARN_IF(!detachedDigest.data && detachedDigest.len > 0) ||
+      (!verifyCertificate) ||
+      NS_WARN_IF(!verifyCertificateContext)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueNSSCMSMessage
+    cmsMsg(NSS_CMSMessage_CreateFromDER(const_cast<SECItem*>(&buffer), nullptr,
+                                        nullptr, nullptr, nullptr, nullptr,
+                                        nullptr));
+  if (!cmsMsg) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  if (!NSS_CMSMessage_IsSigned(cmsMsg.get())) {
+    return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
+  }
+
+  NSSCMSContentInfo* cinfo = NSS_CMSMessage_ContentLevel(cmsMsg.get(), 0);
+  if (!cinfo) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // We're expecting this to be a PKCS#7 signedData content info.
+  if (NSS_CMSContentInfo_GetContentTypeTag(cinfo)
+        != SEC_OID_PKCS7_SIGNED_DATA) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // signedData is non-owning
+  NSSCMSSignedData* signedData =
+    static_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
+  if (!signedData) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // Set digest value.
+  if (NSS_CMSSignedData_SetDigestValue(signedData, SEC_OID_SHA1,
+                                       const_cast<SECItem*>(&detachedDigest))) {
+    return NS_ERROR_CMS_VERIFY_BAD_DIGEST;
+  }
+
+  // Parse the certificates into CERTCertificate objects held in memory so
+  // verifyCertificate will be able to find them during path building.
+  UniqueCERTCertList certs(CERT_NewCertList());
+  if (!certs) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  if (signedData->rawCerts) {
+    for (size_t i = 0; signedData->rawCerts[i]; ++i) {
+      UniqueCERTCertificate
+        cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                     signedData->rawCerts[i], nullptr, false,
+                                     true));
+      // Skip certificates that fail to parse
+      if (!cert) {
+        continue;
+      }
+
+      if (CERT_AddCertToListTail(certs.get(), cert.get()) != SECSuccess) {
+        return NS_ERROR_OUT_OF_MEMORY;
+      }
+
+      Unused << cert.release(); // Ownership transferred to the cert list.
+    }
+  }
+
+  // Get the end-entity certificate.
+  int numSigners = NSS_CMSSignedData_SignerInfoCount(signedData);
+  if (NS_WARN_IF(numSigners != 1)) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+  // signer is non-owning.
+  NSSCMSSignerInfo* signer = NSS_CMSSignedData_GetSignerInfo(signedData, 0);
+  if (NS_WARN_IF(!signer)) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+  CERTCertificate* signerCert =
+    NSS_CMSSignerInfo_GetSigningCertificate(signer, CERT_GetDefaultCertDB());
+  if (!signerCert) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  nsresult rv = verifyCertificate(signerCert, verifyCertificateContext, pinArg);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  // See NSS_CMSContentInfo_GetContentTypeOID, which isn't exported from NSS.
+  SECOidData* contentTypeOidData =
+    SECOID_FindOID(&signedData->contentInfo.contentType);
+  if (!contentTypeOidData) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  return MapSECStatus(NSS_CMSSignerInfo_Verify(signer,
+                         const_cast<SECItem*>(&detachedDigest),
+                         &contentTypeOidData->oid));
+}
+
+} // namespace mozilla
+
+namespace {
+
+struct VerifyCertificateContext
+{
+  nsCOMPtr<nsIX509Cert> signingCert;
+  UniqueCERTCertList builtChain;
+};
+
+static nsresult
+VerifyCertificate(CERTCertificate* cert, void* voidContext, void* pinArg)
+{
+  // XXX: missing pinArg is tolerated
+  if (NS_WARN_IF(!cert) || NS_WARN_IF(!voidContext)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  VerifyCertificateContext* context =
+    static_cast<VerifyCertificateContext*>(voidContext);
+
+  nsCOMPtr<nsIX509Cert> xpcomCert(nsNSSCertificate::Create(cert));
+  if (!xpcomCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  context->signingCert = xpcomCert;
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+
+  mozilla::pkix::Result result =
+    certVerifier->VerifyCert(cert,
+                             certificateUsageObjectSigner,
+                             Now(), pinArg,
+                             nullptr, // hostname
+                             context->builtChain);
+  if (result != Success) {
+    return GetXPCOMFromNSSError(MapResultToPRErrorCode(result));
+  }
+
+  return NS_OK;
+}
+
+} // namespace
+
+NS_IMETHODIMP
+nsDataSignatureVerifier::VerifySignature(const char* aRSABuf,
+                                         uint32_t aRSABufLen,
+                                         const char* aPlaintext,
+                                         uint32_t aPlaintextLen,
+                                         int32_t* aErrorCode,
+                                         nsIX509Cert** aSigningCert)
+{
+  if (!aRSABuf || !aPlaintext || !aErrorCode || !aSigningCert) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aErrorCode = VERIFY_ERROR_OTHER;
+  *aSigningCert = nullptr;
+
+  Digest digest;
+  nsresult rv = digest.DigestBuf(
+    SEC_OID_SHA1,
+    BitwiseCast<const uint8_t*, const char*>(aPlaintext),
+    aPlaintextLen);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  SECItem buffer = {
+    siBuffer,
+    BitwiseCast<unsigned char*, const char*>(aRSABuf),
+    aRSABufLen
+  };
+
+  VerifyCertificateContext context;
+  // XXX: pinArg is missing
+  rv = VerifyCMSDetachedSignatureIncludingCertificate(buffer, digest.get(),
+                                                      VerifyCertificate,
+                                                      &context, nullptr, locker);
+  if (NS_SUCCEEDED(rv)) {
+    *aErrorCode = VERIFY_OK;
+  } else if (NS_ERROR_GET_MODULE(rv) == NS_ERROR_MODULE_SECURITY) {
+    if (rv == GetXPCOMFromNSSError(SEC_ERROR_UNKNOWN_ISSUER)) {
+      *aErrorCode = VERIFY_ERROR_UNKNOWN_ISSUER;
+    } else {
+      *aErrorCode = VERIFY_ERROR_OTHER;
+    }
+    rv = NS_OK;
+  }
+  if (rv == NS_OK) {
+    context.signingCert.forget(aSigningCert);
+  }
+
+  return rv;
+}
diff --git a/security/manager/ssl/nsDataSignatureVerifier.h b/security/manager/ssl/nsDataSignatureVerifier.h
new file mode 100644
index 000000000..485af70c8
--- /dev/null
+++ b/security/manager/ssl/nsDataSignatureVerifier.h
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsDataSignatureVerifier_h
+#define nsDataSignatureVerifier_h
+
+#include "certt.h"
+#include "nsIDataSignatureVerifier.h"
+#include "nsNSSShutDown.h"
+
+#define NS_DATASIGNATUREVERIFIER_CID \
+    { 0x296d76aa, 0x275b, 0x4f3c, \
+    { 0xaf, 0x8a, 0x30, 0xa4, 0x02, 0x6c, 0x18, 0xfc } }
+#define NS_DATASIGNATUREVERIFIER_CONTRACTID \
+    "@mozilla.org/security/datasignatureverifier;1"
+
+class nsDataSignatureVerifier final : public nsIDataSignatureVerifier
+                                    , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIDATASIGNATUREVERIFIER
+
+  nsDataSignatureVerifier()
+  {
+  }
+
+private:
+  ~nsDataSignatureVerifier();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+namespace mozilla {
+
+nsresult VerifyCMSDetachedSignatureIncludingCertificate(
+  const SECItem& buffer, const SECItem& detachedDigest,
+  nsresult (*verifyCertificate)(CERTCertificate* cert, void* context,
+                                void* pinArg),
+  void* verifyCertificateContext, void* pinArg,
+  const nsNSSShutDownPreventionLock& proofOfLock);
+
+} // namespace mozilla
+
+#endif // nsDataSignatureVerifier_h
diff --git a/security/manager/ssl/nsIASN1Object.idl b/security/manager/ssl/nsIASN1Object.idl
new file mode 100644
index 000000000..3996286b7
--- /dev/null
+++ b/security/manager/ssl/nsIASN1Object.idl
@@ -0,0 +1,70 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * This represents an ASN.1 object,
+ * where ASN.1 is "Abstract Syntax Notation number One".
+ *
+ * The additional state information carried in this interface
+ * makes it fit for being used as the data structure
+ * when working with visual reprenstation of ASN.1 objects
+ * in a human user interface, like in a tree widget
+ * where open/close state of nodes must be remembered.
+ */
+[scriptable, uuid(ba8bf582-1dd1-11b2-898c-f40246bc9a63)]
+interface nsIASN1Object : nsISupports {
+
+  /**
+   *  Identifiers for the possible types of object.
+   */
+  const unsigned long ASN1_END_CONTENTS     = 0;
+  const unsigned long ASN1_BOOLEAN          = 1;
+  const unsigned long ASN1_INTEGER          = 2;
+  const unsigned long ASN1_BIT_STRING       = 3;
+  const unsigned long ASN1_OCTET_STRING     = 4;
+  const unsigned long ASN1_NULL             = 5; 
+  const unsigned long ASN1_OBJECT_ID        = 6;
+  const unsigned long ASN1_ENUMERATED       = 10;
+  const unsigned long ASN1_UTF8_STRING      = 12;
+  const unsigned long ASN1_SEQUENCE         = 16;
+  const unsigned long ASN1_SET              = 17;
+  const unsigned long ASN1_PRINTABLE_STRING = 19;
+  const unsigned long ASN1_T61_STRING       = 20;
+  const unsigned long ASN1_IA5_STRING       = 22;
+  const unsigned long ASN1_UTC_TIME         = 23;
+  const unsigned long ASN1_GEN_TIME         = 24;
+  const unsigned long ASN1_VISIBLE_STRING   = 26;
+  const unsigned long ASN1_UNIVERSAL_STRING = 28; 
+  const unsigned long ASN1_BMP_STRING       = 30;
+  const unsigned long ASN1_HIGH_TAG_NUMBER  = 31;
+  const unsigned long ASN1_CONTEXT_SPECIFIC = 32;
+  const unsigned long ASN1_APPLICATION      = 33;
+  const unsigned long ASN1_PRIVATE          = 34;
+
+  /**
+   *  "type" will be equal to one of the defined object identifiers.
+   */
+  attribute unsigned long type;
+
+
+  /**
+   *  This contains a tag as explained in ASN.1 standards documents.
+   */
+  attribute unsigned long tag;
+
+  /**
+   *  "displayName" contains a human readable explanatory label.
+   */
+  attribute AString displayName;
+
+  /**
+   *  "displayValue" contains the human readable value.
+   */
+  attribute AString displayValue;
+};
+
diff --git a/security/manager/ssl/nsIASN1PrintableItem.idl b/security/manager/ssl/nsIASN1PrintableItem.idl
new file mode 100644
index 000000000..84e6879c4
--- /dev/null
+++ b/security/manager/ssl/nsIASN1PrintableItem.idl
@@ -0,0 +1,15 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIASN1Object.idl"
+
+[scriptable, uuid(114e1142-1dd2-11b2-ac26-b6db19d9184a)]
+interface nsIASN1PrintableItem : nsIASN1Object {
+  [noscript] void setData(in charPtr data, in unsigned long len);
+  [noscript] void getData(out charPtr data, out unsigned long len);
+};
+
diff --git a/security/manager/ssl/nsIASN1Sequence.idl b/security/manager/ssl/nsIASN1Sequence.idl
new file mode 100644
index 000000000..c865f2bfc
--- /dev/null
+++ b/security/manager/ssl/nsIASN1Sequence.idl
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIASN1Object.idl"
+
+interface nsIMutableArray;
+
+/**
+ * This represents a sequence of ASN.1 objects,
+ * where ASN.1 is "Abstract Syntax Notation number One".
+ *
+ * Overview of how this ASN1 interface is intended to
+ * work.
+ *
+ * First off, the nsIASN1Sequence is any type in ASN1
+ * that consists of sub-elements (ie SEQUENCE, SET)
+ * nsIASN1Printable Items are all the other types that
+ * can be viewed by themselves without interpreting further.
+ * Examples would include INTEGER, UTF-8 STRING, OID.
+ * These are not intended to directly reflect the numberous
+ * types that exist in ASN1, but merely an interface to ease
+ * producing a tree display the ASN1 structure of any DER
+ * object.
+ *
+ * The additional state information carried in this interface
+ * makes it fit for being used as the data structure
+ * when working with visual reprenstation of ASN.1 objects
+ * in a human user interface, like in a tree widget
+ * where open/close state of nodes must be remembered.
+ */
+[scriptable, uuid(b6b957e6-1dd1-11b2-89d7-e30624f50b00)]
+interface nsIASN1Sequence : nsIASN1Object {
+
+  /**
+   *  The array of objects stored in the sequence.
+   */
+  attribute nsIMutableArray ASN1Objects;
+
+  /**
+   *  Whether the node at this position in the ASN.1 data structure
+   *  sequence contains sub elements understood by the
+   *  application.
+   */
+  attribute boolean isValidContainer;
+
+  /**
+   *  Whether the contained objects should be shown or hidden.
+   *  A UI implementation can use this flag to store the current
+   *  expansion state when shown in a tree widget.
+   */
+  attribute boolean isExpanded;
+};
diff --git a/security/manager/ssl/nsIAssociatedContentSecurity.idl b/security/manager/ssl/nsIAssociatedContentSecurity.idl
new file mode 100644
index 000000000..666f141f9
--- /dev/null
+++ b/security/manager/ssl/nsIAssociatedContentSecurity.idl
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This interface is used to cache associated (sub) content security
+ * state. That is determined asynchronously based on callback notification
+ * while loading the content and its sub content particles. 
+ *
+ * Some optimizations like bfcaching removes these callback notifications
+ * and therefor the subcontent state could not be determined. In such
+ * a case it is loaded from this object stored in nsIChannel.securityInfo.
+ */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(a8285dae-f125-454f-9d1b-089e3f01b2c4)]
+interface nsIAssociatedContentSecurity : nsISupports
+{
+  attribute long countSubRequestsBrokenSecurity;
+  attribute long countSubRequestsNoSecurity;
+  void flush();
+};
diff --git a/security/manager/ssl/nsIBadCertListener2.idl b/security/manager/ssl/nsIBadCertListener2.idl
new file mode 100644
index 000000000..9cd1cd382
--- /dev/null
+++ b/security/manager/ssl/nsIBadCertListener2.idl
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsISSLStatus;
+interface nsIInterfaceRequestor;
+
+/**
+ * A mechanism to report a broken SSL status. The recipient should NOT block.
+ * Can be used to obtain the SSL handshake status of a connection
+ * that will be canceled because of improper cert status.
+ */
+[scriptable, uuid(2c3d268c-ad82-49f3-99aa-e9ffddd7a0dc)]
+interface nsIBadCertListener2 : nsISupports {
+
+  /**
+   *  @param socketInfo A network communication context that can be used to obtain more information
+   *                    about the active connection.
+   *  @param status The SSL status object that describes the problem(s).
+   *  @param targetSite The Site name that was used to open the current connection.
+   *
+   *  @return The consumer shall return true if it wants to suppress the error message
+   *          related to the bad cert (the connection will still get canceled).
+   */
+  boolean notifyCertProblem(in nsIInterfaceRequestor socketInfo, 
+                            in nsISSLStatus status,
+                            in AUTF8String targetSite);
+};
diff --git a/security/manager/ssl/nsICertBlocklist.idl b/security/manager/ssl/nsICertBlocklist.idl
new file mode 100644
index 000000000..5cf1c0952
--- /dev/null
+++ b/security/manager/ssl/nsICertBlocklist.idl
@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+%{C++
+#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"
+%}
+
+/**
+ * Represents a service to add certificates as explicitly blocked/distrusted.
+ */
+[scriptable, uuid(e0654480-f433-11e4-b939-0800200c9a66)]
+interface nsICertBlocklist : nsISupports {
+  /**
+   * Add details of a revoked certificate :
+   * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
+   */
+   void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber);
+
+  /**
+   * Add details of a revoked certificate :
+   * subject name (base-64 encoded DER) and hash of public key (base-64 encoded
+   * sha-256 hash of the public key).
+   */
+   void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash);
+
+  /**
+   * Persist (fresh) blocklist entries to the profile (if a profile directory is
+   * available). Note: calling this will result in synchronous I/O.
+   */
+   void saveEntries();
+
+  /**
+   * Check if a certificate is blocked.
+   * isser - issuer name, DER encoded
+   * serial - serial number, DER encoded
+   * subject - subject name, DER encoded
+   * pubkey - public key, DER encoded
+   */
+   boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
+                          in unsigned long issuer_length,
+                          [const, array, size_is(serial_length)] in octet serial,
+                          in unsigned long serial_length,
+                          [const, array, size_is(subject_length)] in octet subject,
+                          in unsigned long subject_length,
+                          [const, array, size_is(pubkey_length)] in octet pubkey,
+                          in unsigned long pubkey_length);
+
+   /**
+    * Check that the blocklist data is current. Specifically, that the current
+    * time is no more than security.onecrl.maximum_staleness_in_seconds seconds
+    * after the last blocklist update (as stored in the
+    * app.update.lastUpdateTime.blocklist-background-update-timer pref)
+    */
+   boolean isBlocklistFresh();
+};
diff --git a/security/manager/ssl/nsICertOverrideService.idl b/security/manager/ssl/nsICertOverrideService.idl
new file mode 100644
index 000000000..b220851e2
--- /dev/null
+++ b/security/manager/ssl/nsICertOverrideService.idl
@@ -0,0 +1,144 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509Cert;
+
+%{C++
+#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
+%}
+
+/**
+ * This represents the global list of triples
+ *   {host:port, cert-fingerprint, allowed-overrides}
+ * that the user wants to accept without further warnings.
+ */
+[scriptable, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
+interface nsICertOverrideService : nsISupports {
+
+  /**
+   *  Override Untrusted
+   */
+  const short ERROR_UNTRUSTED = 1;
+
+  /**
+   *  Override hostname Mismatch
+   */
+  const short ERROR_MISMATCH = 2;
+
+  /**
+   *  Override Time error
+   */
+  const short ERROR_TIME = 4;
+
+  /**
+   *  The given cert should always be accepted for the given hostname:port,
+   *  regardless of errors verifying the cert.
+   *  Host:Port is a primary key, only one entry per host:port can exist.
+   *  The implementation will store a fingerprint of the cert.
+   *  The implementation will decide which fingerprint alg is used.
+   *
+   *  Each override is specific to exactly the errors overridden, so
+   *  overriding everything won't match certs at the given host:port
+   *  which only exhibit some subset of errors.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPort The port this mapping belongs to, if it is -1 then it
+   *          is internaly treated as 443
+   *  @param aCert The cert that should always be accepted
+   *  @param aOverrideBits The precise set of errors we want to be overriden
+   */
+  void rememberValidityOverride(in ACString aHostName,
+                                in int32_t aPort,
+                                in nsIX509Cert aCert,
+                                in uint32_t aOverrideBits,
+                                in boolean aTemporary);
+
+  /**
+   *  Certs with the given fingerprint should always be accepted for the
+   *  given hostname:port, regardless of errors verifying the cert.
+   *  Host:Port is a primary key, only one entry per host:port can exist.
+   *  The fingerprint should be an SHA-256 hash of the certificate.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPort The port this mapping belongs to, if it is -1 then it
+   *          is internaly treated as 443
+   *  @param aCertFingerprint The cert fingerprint that should be accepted, in
+   *          the format 'AA:BB:...' (colon-separated upper-case hex bytes).
+   *  @param aOverrideBits The errors we want to be overriden
+   */
+  void rememberTemporaryValidityOverrideUsingFingerprint(
+      in ACString aHostName,
+      in int32_t aPort,
+      in ACString aCertFingerprint,
+      in uint32_t aOverrideBits);
+
+  /**
+   *  Return whether this host, port, cert triple has a stored override.
+   *  If so, the outparams will contain the specific errors that were
+   *  overridden, and whether the override is permanent, or only for the current
+   *  session.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPort The port this mapping belongs to, if it is -1 then it
+   *         is internally treated as 443
+   *  @param aCert The certificate this mapping belongs to
+   *  @param aOverrideBits The errors that are currently overridden
+   *  @param aIsTemporary Whether the stored override is session-only,
+   *         or permanent
+   *  @return Whether an override has been stored for this host+port+cert
+   */
+  boolean hasMatchingOverride(in ACString aHostName,
+                              in int32_t aPort,
+                              in nsIX509Cert aCert,
+                              out uint32_t aOverrideBits,
+                              out boolean aIsTemporary);
+
+  /**
+   *  Retrieve the stored override for the given hostname:port.
+   *
+   *  @param aHostName The host (punycode) whose entry should be tested
+   *  @param aPort The port whose entry should be tested, if it is -1 then it
+   *          is internaly treated as 443
+   *  @param aHashAlg On return value True, the fingerprint hash algorithm
+   *                  as an OID value in dotted notation.
+   *  @param aFingerprint On return value True, the stored fingerprint
+   *  @param aOverrideBits The errors that are currently overriden
+   *  @return whether a matching override entry for aHostNameWithPort
+   *          and aFingerprint is currently on file
+   */
+  boolean getValidityOverride(in ACString aHostName,
+                              in int32_t aPort,
+                              out ACString aHashAlg,
+                              out ACString aFingerprint,
+                              out uint32_t aOverrideBits,
+                              out boolean aIsTemporary);
+
+  /**
+   *  Remove a override for the given hostname:port.
+   *
+   *  @param aHostName The host (punycode) whose entry should be cleared.
+   *  @param aPort The port whose entry should be cleared.
+   *               If it is -1, then it is internaly treated as 443.
+   *               If it is 0 and aHostName is "all:temporary-certificates",
+   *               then all temporary certificates should be cleared.
+   */
+  void clearValidityOverride(in ACString aHostName,
+                             in int32_t aPort);
+
+  /**
+   *  Is the given cert used in rules?
+   *
+   *  @param aCert The cert we're looking for
+   *  @return how many override entries are currently on file
+   *          for the given certificate
+   */
+  uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
+                                  in boolean aCheckTemporaries,
+                                  in boolean aCheckPermanents);
+};
diff --git a/security/manager/ssl/nsICertTree.idl b/security/manager/ssl/nsICertTree.idl
new file mode 100644
index 000000000..2ef4e1947
--- /dev/null
+++ b/security/manager/ssl/nsICertTree.idl
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsITreeView.idl"
+
+interface nsIX509Cert;
+interface nsIX509CertList;
+
+[scriptable, uuid(d0180863-606e-49e6-8324-cf45ed4dd891)]
+interface nsICertTreeItem : nsISupports {
+  readonly attribute nsIX509Cert cert;
+  readonly attribute AString hostPort;
+};
+
+[scriptable, uuid(55d5ad6b-5572-47fe-941c-f01fe723659e)]
+interface nsICertTree : nsITreeView {
+  void loadCerts(in unsigned long type);
+  void loadCertsFromCache(in nsIX509CertList cache, in unsigned long type);
+
+  nsIX509Cert getCert(in unsigned long index);
+  nsICertTreeItem getTreeItem(in unsigned long index);
+
+  void deleteEntryObject(in unsigned long index);
+};
+
+%{C++
+
+#define NS_CERTTREE_CID { 0x4ea60761, 0x31d6, 0x491d, \
+                         { 0x9e, 0x34, 0x4b, 0x53, 0xa2, 0x6c, 0x41, 0x6c } }
+
+#define NS_CERTTREE_CONTRACTID "@mozilla.org/security/nsCertTree;1"
+
+%}
diff --git a/security/manager/ssl/nsICertificateDialogs.idl b/security/manager/ssl/nsICertificateDialogs.idl
new file mode 100644
index 000000000..a5f023ffd
--- /dev/null
+++ b/security/manager/ssl/nsICertificateDialogs.idl
@@ -0,0 +1,77 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIX509Cert;
+
+/**
+ * Functions that implement user interface dialogs to manage certificates.
+ */
+[scriptable, uuid(da871dab-f69e-4173-ab26-99fcd47b0e85)]
+interface nsICertificateDialogs : nsISupports
+{
+  /**
+   *  UI shown when a user is asked to download a new CA cert.
+   *  Provides user with ability to choose trust settings for the cert.
+   *  Asks the user to grant permission to import the certificate.
+   *
+   *  @param ctx A user interface context.
+   *  @param cert The certificate that is about to get installed.
+   *  @param trust a bit mask of trust flags, 
+   *               see nsIX509CertDB for possible values.
+   *
+   *  @return true if the user allows to import the certificate.
+   */
+  boolean confirmDownloadCACert(in nsIInterfaceRequestor ctx,
+                                in nsIX509Cert cert,
+                                out unsigned long trust);
+
+  /**
+   *  UI shown when a user's personal certificate is going to be
+   *  exported to a backup file.
+   *  The implementation of this dialog should make sure 
+   *  to prompt the user to type the password twice in order to
+   *  confirm correct input.
+   *  The wording in the dialog should also motivate the user 
+   *  to enter a strong password.
+   *
+   *  @param ctx A user interface context.
+   *  @param password The password provided by the user.
+   *
+   *  @return false if the user requests to cancel.
+   */
+  boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx, 
+                                out AString password);
+
+  /**
+   *  UI shown when a user is about to restore a personal
+   *  certificate from a backup file.
+   *  The user is requested to enter the password
+   *  that was used in the past to protect that backup file.
+   *
+   *  @param ctx A user interface context.
+   *  @param password The password provided by the user.
+   *
+   *  @return false if the user requests to cancel.
+   */
+  boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx, 
+                                out AString password);
+
+  /**
+   *  UI shown when a certificate needs to be shown to the user.
+   *  The implementation should try to display as many attributes
+   *  as possible.
+   *
+   *  @param ctx A user interface context.
+   *  @param cert The certificate to be shown to the user.
+   */
+  void viewCert(in nsIInterfaceRequestor ctx, 
+                in nsIX509Cert cert);
+};
+
+%{C++
+#define NS_CERTIFICATEDIALOGS_CONTRACTID "@mozilla.org/nsCertificateDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIClientAuthDialogs.idl b/security/manager/ssl/nsIClientAuthDialogs.idl
new file mode 100644
index 000000000..8fcc7094e
--- /dev/null
+++ b/security/manager/ssl/nsIClientAuthDialogs.idl
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIInterfaceRequestor;
+
+/**
+ * Provides UI for SSL client-auth dialogs.
+ */
+[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)]
+interface nsIClientAuthDialogs : nsISupports
+{
+  /**
+   * Called when a user is asked to choose a certificate for client auth.
+   *
+   * @param ctx Context that allows at least nsIClientAuthUserDecision to be
+   *            queried.
+   * @param hostname Hostname of the server.
+   * @param port Port of the server.
+   * @param organization Organization field of the server cert.
+   * @param issuerOrg Organization field of the issuer cert of the server cert.
+   * @param certList List of certificates the user can choose from.
+   * @param selectedIndex Index of the cert in |certList| that the user chose.
+   *                      Ignored if the return value is false.
+   * @return true if a certificate was chosen. false if the user canceled.
+   */
+  boolean chooseCertificate(in nsIInterfaceRequestor ctx,
+                            in AUTF8String hostname,
+                            in long port,
+                            in AUTF8String organization,
+                            in AUTF8String issuerOrg,
+                            in nsIArray certList,
+                            out unsigned long selectedIndex);
+};
+
+[scriptable, uuid(95c4373e-bdd4-4a63-b431-f5b000367721)]
+interface nsIClientAuthUserDecision : nsISupports
+{
+  attribute boolean rememberClientAuthCertificate;
+};
+
+%{C++
+#define NS_CLIENTAUTHDIALOGS_CONTRACTID "@mozilla.org/nsClientAuthDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIContentSignatureVerifier.idl b/security/manager/ssl/nsIContentSignatureVerifier.idl
new file mode 100644
index 000000000..59a9d83ee
--- /dev/null
+++ b/security/manager/ssl/nsIContentSignatureVerifier.idl
@@ -0,0 +1,116 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "nsISupports.idl"
+
+interface nsIContentSignatureReceiverCallback;
+
+/**
+ * An interface for verifying content-signatures, inspired by
+ * https://tools.ietf.org/html/draft-thomson-http-content-signature-00
+ * described here https://github.com/franziskuskiefer/content-signature/tree/pki
+ *
+ * A new signature verifier instance should be created for each signature
+ * verification - you can create these instances with do_CreateInstance.
+ *
+ * There are two ways to use this functionality:
+ * The first allows a signature to be verified all at once by simply calling
+ * verifyContentSignature.
+ * The second allows for streaming; call createContext with the signature
+ * information (and initial data), call update with more data as it becomes
+ * available then, finally, call end to verify the signature.
+ */
+[scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)]
+interface nsIContentSignatureVerifier : nsISupports
+{
+
+  /**
+   * Verifies that the data matches the data that was used to generate the
+   * signature.
+   *
+   * @param aData                   The data to be tested.
+   * @param aContentSignatureHeader The content-signature header,
+   *                                url-safe base64 encoded.
+   * @param aCertificateChain       The certificate chain to use for verification.
+   *                                PEM encoded string.
+   * @param aName                   The (host)name for which the end entity must
+                                    be valid.
+   * @returns true if the signature matches the data and aCertificateChain is
+   *          valid within aContext, false if not.
+   */
+  boolean verifyContentSignature(in ACString aData,
+                                 in ACString aContentSignatureHeader,
+                                 in ACString aCertificateChain,
+                                 in ACString aName);
+
+  /**
+   * Creates a context to verify a content signature against data that is added
+   * later with update calls.
+   *
+   * @param aData                   The first chunk of data to be tested.
+   * @param aContentSignatureHeader The signature of the data, url-safe base64
+   *                                encoded.
+   * @param aCertificateChain       The certificate chain to use for
+   *                                verification. PEM encoded string.
+   * @param aName                   The (host)name for which the end entity must
+                                    be valid.
+   */
+  void createContext(in ACString aData, in ACString aContentSignatureHeader,
+                     in ACString aCertificateChain, in ACString aName);
+
+  /**
+   * Creates a context to verify a content signature against data that is added
+   * later with update calls.
+   * This does not require the caller to download the certificate chain. It's
+   * done internally.
+   * It requires the x5u parameter to be present in aContentSignatureHeader
+   *
+   * NOTE: Callers have to wait for aCallback to return before invoking anything
+   *       else. Otherwise the ContentSignatureVerifier will fail.
+   *
+   * @param aCallback               Callback that's invoked when the cert chain
+   *                                got fetched.
+   * @param aContentSignatureHeader The signature of the data, url-safe base64
+   *                                encoded, and the x5u value.
+   * @param aName                   The (host)name for which the end entity must
+                                    be valid.
+   */
+  void createContextWithoutCertChain(in nsIContentSignatureReceiverCallback aCallback,
+                                     in ACString aContentSignatureHeader,
+                                     in ACString aName);
+
+  /**
+   * Adds data to the context that was used to generate the signature.
+   *
+   * @param aData        More data to be tested.
+   */
+  void update(in ACString aData);
+
+  /**
+   * Finalises the signature and returns the result of the signature
+   * verification.
+   *
+   * @returns true if the signature matches the data added with createContext
+   *          and update, false if not.
+   */
+  boolean end();
+};
+
+/**
+ * Callback for nsIContentSignatureVerifier.
+ * { 0x1eb90707, 0xdf59, 0x48b7, \
+ *   { 0x9d, 0x42, 0xd8, 0xbf, 0x63, 0x0a, 0xe7, 0x44 } }
+ */
+[scriptable, uuid(1eb90707-df59-48b7-9d42-d8bf630ae744)]
+interface nsIContentSignatureReceiverCallback : nsISupports
+{
+  /**
+   * Notification callback that's called by nsIContentSignatureVerifier when
+   * the cert chain is downloaded.
+   * If download and initialisation were successful, successful is true,
+   * otherwise false. If successful is false, the verification must be aborted.
+   */
+  void contextCreated(in boolean successful);
+};
diff --git a/security/manager/ssl/nsIDataSignatureVerifier.idl b/security/manager/ssl/nsIDataSignatureVerifier.idl
new file mode 100644
index 000000000..347eaedc9
--- /dev/null
+++ b/security/manager/ssl/nsIDataSignatureVerifier.idl
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+/**
+ * An interface for verifying that a given string of data was signed by the
+ * private key matching the given public key.
+ */
+[scriptable, uuid(94066a00-37c9-11e4-916c-0800200c9a66)]
+interface nsIDataSignatureVerifier : nsISupports
+{
+  /**
+   * Verifies that the data matches the data that was used to generate the
+   * signature.
+   *
+   * @param aData      The data to be tested.
+   * @param aSignature The signature of the data, base64 encoded.
+   * @param aPublicKey The public part of the key used for signing, DER encoded
+   *                   then base64 encoded.
+   * @returns true if the signature matches the data, false if not.
+   */
+  boolean verifyData(in ACString aData, in ACString aSignature, in ACString aPublicKey);
+
+   /* Sig Verification Error Codes */
+  const long VERIFY_OK = 0;
+  const long VERIFY_ERROR_UNKNOWN_ISSUER = 1;
+  const long VERIFY_ERROR_OTHER = 2;
+
+  nsIX509Cert verifySignature(in string aSignature,
+                              in unsigned long aSignatureLen,
+                              in string plaintext,
+                              in unsigned long plaintextLen,
+                              out long errorCode);
+
+};
diff --git a/security/manager/ssl/nsIGenKeypairInfoDlg.idl b/security/manager/ssl/nsIGenKeypairInfoDlg.idl
new file mode 100644
index 000000000..03f2c4658
--- /dev/null
+++ b/security/manager/ssl/nsIGenKeypairInfoDlg.idl
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIKeygenThread;
+
+/**
+ * nsIGeneratingKeypairInfoDialogs
+ *  This is the interface for giving feedback to the user
+ *  while generating a key pair.
+ */
+[scriptable, uuid(11bf5cdc-1dd2-11b2-ba6a-c76afb326fa1)]
+interface nsIGeneratingKeypairInfoDialogs : nsISupports
+{
+  void displayGeneratingKeypairInfo(in nsIInterfaceRequestor ctx,
+                                    in nsIKeygenThread runnable);
+};
+
+%{C++
+/**
+ * This component is to be implemented by the embeddor. It is used to show
+ * feedback to the user while a private key is being generated.
+ *
+ * This component is only ever used on the UI thread.
+ *
+ * INTERFACES THAT NEED TO BE IMPLEMENTED:
+ *   nsIGeneratingKeypairInfoDialogs
+ */
+#define NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID \
+            "@mozilla.org/nsGeneratingKeypairInfoDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIKeyModule.idl b/security/manager/ssl/nsIKeyModule.idl
new file mode 100644
index 000000000..d9e1d1138
--- /dev/null
+++ b/security/manager/ssl/nsIKeyModule.idl
@@ -0,0 +1,37 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{ C++
+ /* forward declaration */
+ typedef struct PK11SymKeyStr PK11SymKey;
+%}
+[ptr] native PK11SymKeyPtr(PK11SymKey);
+
+// An opaque key object.
+[scriptable, uuid(ee2dc516-ba7b-4e77-89fe-c43b886ef715)]
+interface nsIKeyObject : nsISupports
+{
+  // Key types
+  const short SYM_KEY = 1;
+
+  // Algorithm types
+  const short HMAC = 257;
+
+  // The nsIKeyObject will take ownership of the key and be responsible
+  // for freeing the key memory when destroyed.
+  [noscript] void initKey(in short aAlgorithm, in PK11SymKeyPtr aKey);
+
+  // Returns a pointer to the underlying key object.
+  [noscript] PK11SymKeyPtr getKeyObj();
+
+  short getType();
+};
+
+[scriptable, uuid(838bdbf1-8244-448f-8bcd-cede70227d75)]
+interface nsIKeyObjectFactory : nsISupports
+{
+  nsIKeyObject keyFromString(in short aAlgorithm, in ACString aKey);
+};
diff --git a/security/manager/ssl/nsIKeygenThread.idl b/security/manager/ssl/nsIKeygenThread.idl
new file mode 100644
index 000000000..85d619b97
--- /dev/null
+++ b/security/manager/ssl/nsIKeygenThread.idl
@@ -0,0 +1,48 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// make sure to include all the required file headers
+
+#include "nsISupports.idl"
+
+interface nsIObserver;
+
+/**
+ * nsIKeygenThread
+ *  This is used to communicate with the thread generating a key pair,
+ *  to be used by the dialog displaying status information.
+ */
+[scriptable, uuid(8712a243-5539-447c-9f47-8653f40c3a09)]
+interface nsIKeygenThread : nsISupports
+{
+  /**
+   * startKeyGeneration - run the thread
+   *   A user interface using this interface needs to
+   *   call this method as soon as the status information
+   *   is displaying. This will trigger key generation.
+   *   To allow the closure of the status information,
+   *   the thread needs a handle to an observer.
+   *
+   *   observer will be called on the UI thread.
+   *   When the key generation is done, the observe method will
+   *   be called with a topic of "keygen-finished" and null data
+   *   and subject.
+   */
+  void startKeyGeneration(in nsIObserver observer);
+
+  /**
+   * userCanceled - notify the thread
+   *   If the user canceled, the thread is no longer allowed to
+   *   close the dialog. However, if the thread already closed
+   *   it, we are not allowed to close it.
+   */
+  void userCanceled(out boolean threadAlreadyClosedDialog);
+};
+
+%{ C++
+// {195763b8-1dd2-11b2-a843-eb44e44aaa37}
+#define NS_KEYGENTHREAD_CID \
+{ 0x195763b8, 0x1dd2, 0x11b2, { 0xa8, 0x43, 0xeb, 0x44, 0xe4, 0x4a, 0xaa, 0x37 } }
+#define NS_KEYGENTHREAD_CONTRACTID "@mozilla.org/security/keygenthread;1"
+%}
diff --git a/security/manager/ssl/nsILocalCertService.idl b/security/manager/ssl/nsILocalCertService.idl
new file mode 100644
index 000000000..a452683d9
--- /dev/null
+++ b/security/manager/ssl/nsILocalCertService.idl
@@ -0,0 +1,69 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+interface nsILocalCertGetCallback;
+interface nsILocalCertCallback;
+
+[scriptable, uuid(9702fdd4-4c2c-439c-ba2e-19cda018eb99)]
+interface nsILocalCertService : nsISupports
+{
+  /**
+   * Get or create a new self-signed X.509 cert to represent this device over a
+   * secure transport, like TLS.
+   *
+   * The cert is stored permanently in the profile's key store after first use,
+   * and is valid for 1 year.  If an expired or otherwise invalid cert is found
+   * with the nickname supplied here, it is removed and a new one is made.
+   *
+   * @param nickname Nickname that identifies the cert
+   * @param cb       Callback to be notified with the result
+   */
+  void getOrCreateCert(in ACString nickname, in nsILocalCertGetCallback cb);
+
+  /**
+   * Remove a X.509 cert with the given nickname.
+   *
+   * @param nickname Nickname that identifies the cert
+   * @param cb       Callback to be notified with the result
+   */
+  void removeCert(in ACString nickname, in nsILocalCertCallback cb);
+
+  /**
+   * Whether calling |getOrCreateCert| or |removeCert| will trigger a login
+   * prompt to be displayed.  Generally this happens if the user has set a
+   * master password, but has not yet logged in.
+   */
+  readonly attribute boolean loginPromptRequired;
+};
+
+[scriptable, uuid(cc09633e-7c70-4093-a9cf-79ab676ca8a9)]
+interface nsILocalCertGetCallback : nsISupports
+{
+  /**
+   * Called with the result of the getOrCreateCert operation above.
+   *
+   * @param cert   Requested cert, or null if some error
+   * @param result Result code from the get operation
+   */
+  void handleCert(in nsIX509Cert cert, in nsresult result);
+};
+
+[scriptable, uuid(518124e9-55e6-4e23-97c0-4995b3a1bec6)]
+interface nsILocalCertCallback : nsISupports
+{
+  /**
+   * Called with the result of the removeCert operation above.
+   *
+   * @param result Result code from the operation
+   */
+  void handleResult(in nsresult result);
+};
+
+%{ C++
+#define LOCALCERTSERVICE_CONTRACTID \
+  "@mozilla.org/security/local-cert-service;1"
+%}
diff --git a/security/manager/ssl/nsINSSU2FToken.idl b/security/manager/ssl/nsINSSU2FToken.idl
new file mode 100644
index 000000000..649ed682a
--- /dev/null
+++ b/security/manager/ssl/nsINSSU2FToken.idl
@@ -0,0 +1,21 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIU2FToken.idl"
+
+/**
+ * Interface used to interact with the NSS-backed software U2F Token
+ */
+[scriptable, uuid(d9104a00-140b-4f86-a4b0-4998878ef4e6 )]
+interface nsINSSU2FToken : nsIU2FToken {
+  /**
+   * Initializes the token and constructs and persists keys, if needed. Asserts
+   * that it is only called by the main thread.
+   */
+  void init();
+};
+
+%{C++
+#define NS_NSSU2FTOKEN_CONTRACTID  "@mozilla.org/dom/u2f/nss-u2f-token;1"
+%}
diff --git a/security/manager/ssl/nsINSSVersion.idl b/security/manager/ssl/nsINSSVersion.idl
new file mode 100644
index 000000000..0ad474b35
--- /dev/null
+++ b/security/manager/ssl/nsINSSVersion.idl
@@ -0,0 +1,27 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#define NS_NSSVERSION_CONTRACTID "@mozilla.org/security/nssversion;1"
+%}
+
+[scriptable, uuid(a8a53a2b-75cc-4c68-a9bb-9791dbddaa00)]
+interface nsINSSVersion : nsISupports {
+    /* Minimal required versions as used at build time */
+    readonly attribute AString NSPR_MinVersion;
+    readonly attribute AString NSS_MinVersion;
+    readonly attribute AString NSSUTIL_MinVersion;
+    readonly attribute AString NSSSSL_MinVersion;
+    readonly attribute AString NSSSMIME_MinVersion;
+
+    /* Versions of libraries currently in use */
+    readonly attribute AString NSPR_Version;
+    readonly attribute AString NSS_Version;
+    readonly attribute AString NSSUTIL_Version;
+    readonly attribute AString NSSSSL_Version;
+    readonly attribute AString NSSSMIME_Version;
+};
diff --git a/security/manager/ssl/nsIPK11Token.idl b/security/manager/ssl/nsIPK11Token.idl
new file mode 100644
index 000000000..1d53ce19a
--- /dev/null
+++ b/security/manager/ssl/nsIPK11Token.idl
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(51191434-1dd2-11b2-a17c-e49c4e99a4e3)]
+interface nsIPK11Token : nsISupports
+{
+  const long ASK_EVERY_TIME  = -1;
+  const long ASK_FIRST_TIME  =  0;
+  const long ASK_EXPIRE_TIME =  1;
+
+  /*
+   * The name of the token
+   */
+  readonly attribute AUTF8String tokenName;
+  readonly attribute AUTF8String tokenLabel;
+  /**
+   * Manufacturer ID of the token.
+   */
+  readonly attribute AUTF8String tokenManID;
+  /**
+   * Hardware version of the token.
+   */
+  readonly attribute AUTF8String tokenHWVersion;
+  /**
+   * Firmware version of the token.
+   */
+  readonly attribute AUTF8String tokenFWVersion;
+  readonly attribute AUTF8String tokenSerialNumber;
+
+  /*
+   * Login information
+   */
+  boolean isLoggedIn();
+  void login(in boolean force);
+  void logoutSimple();
+  void logoutAndDropAuthenticatedResources();
+
+  /*
+   * Reset password
+   */
+  void reset();
+
+  /*
+   * Password information
+   */
+  readonly attribute long minimumPasswordLength;
+  readonly attribute boolean needsUserInit;
+  /**
+   * Checks whether the given password is correct. Logs the token out if an
+   * incorrect password is given.
+   *
+   * @param password The password to check.
+   * @return true if the password was correct, false otherwise.
+   */
+  boolean checkPassword(in AUTF8String password);
+  void initPassword(in AUTF8String initialPassword);
+  void changePassword(in AUTF8String oldPassword, in AUTF8String newPassword);
+  long getAskPasswordTimes();
+  long getAskPasswordTimeout();
+  void setAskPasswordDefaults([const] in long askTimes, [const] in long timeout);
+
+  /*
+   * Other attributes
+   */
+  boolean isHardwareToken();
+  boolean needsLogin();
+  boolean isFriendly();
+};
+
diff --git a/security/manager/ssl/nsIPK11TokenDB.idl b/security/manager/ssl/nsIPK11TokenDB.idl
new file mode 100644
index 000000000..297f3da11
--- /dev/null
+++ b/security/manager/ssl/nsIPK11TokenDB.idl
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPK11Token;
+interface nsISimpleEnumerator;
+
+/**
+ * The PK11 Token Database provides access to the PK11 modules
+ * that are installed, and the tokens that are available.
+ * Interfaces: nsIPK11TokenDB
+ * Threading: ??
+ */
+%{C++
+#define NS_PK11TOKENDB_CONTRACTID "@mozilla.org/security/pk11tokendb;1"
+%}
+
+/**
+ * nsIPK11TokenDB - Manages PK11 Tokens
+ */
+[scriptable, uuid(4ee28c82-1dd2-11b2-aabf-bb4017abe395)]
+interface nsIPK11TokenDB : nsISupports
+{
+  /*
+   * Get the internal key database token
+   */
+  nsIPK11Token getInternalKeyToken();
+
+  /*
+   * Find a token by name
+   */
+  nsIPK11Token findTokenByName(in AUTF8String tokenName);
+
+  /*
+   * List all tokens
+   */
+  nsISimpleEnumerator listTokens();
+};
diff --git a/security/manager/ssl/nsIPKCS11.idl b/security/manager/ssl/nsIPKCS11.idl
new file mode 100644
index 000000000..c1e636b47
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11.idl
@@ -0,0 +1,16 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(5743f870-958e-4f02-aef2-c0afeef67f05)]
+interface nsIPKCS11 : nsISupports
+{
+  void deleteModule(in AString moduleName);
+  void addModule(in AString moduleName,
+                 in AString libraryFullPath,
+                 in long cryptoMechanismFlags,
+                 in long cipherFlags);
+};
diff --git a/security/manager/ssl/nsIPKCS11Module.idl b/security/manager/ssl/nsIPKCS11Module.idl
new file mode 100644
index 000000000..8a1591878
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11Module.idl
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPKCS11Slot;
+interface nsISimpleEnumerator;
+
+[scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)]
+interface nsIPKCS11Module : nsISupports
+{
+  readonly attribute AUTF8String name;
+  readonly attribute AUTF8String libName;
+
+  nsIPKCS11Slot findSlotByName(in AUTF8String name);
+
+  nsISimpleEnumerator listSlots();
+};
diff --git a/security/manager/ssl/nsIPKCS11ModuleDB.idl b/security/manager/ssl/nsIPKCS11ModuleDB.idl
new file mode 100644
index 000000000..6c0749de5
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11ModuleDB.idl
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPKCS11Module;
+interface nsIPKCS11Slot;
+interface nsISimpleEnumerator;
+
+%{C++
+#define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1"
+%}
+
+[scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)]
+interface nsIPKCS11ModuleDB : nsISupports
+{
+  nsIPKCS11Module getInternal();
+
+  nsIPKCS11Module getInternalFIPS();
+
+  nsIPKCS11Module findModuleByName(in AUTF8String name);
+
+  nsIPKCS11Slot findSlotByName(in AUTF8String name);
+
+  nsISimpleEnumerator listModules();
+
+  readonly attribute boolean canToggleFIPS;
+
+  void toggleFIPSMode();
+
+  readonly attribute boolean isFIPSEnabled;
+};
diff --git a/security/manager/ssl/nsIPKCS11Slot.idl b/security/manager/ssl/nsIPKCS11Slot.idl
new file mode 100644
index 000000000..7c41e4fcc
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11Slot.idl
@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPK11Token;
+
+[scriptable, uuid(c2d4f296-ee60-11d4-998b-00b0d02354a0)]
+interface nsIPKCS11Slot : nsISupports {
+  readonly attribute AUTF8String name;
+  readonly attribute AUTF8String desc;
+  /**
+   * Manufacturer ID of the slot.
+   */
+  readonly attribute AUTF8String manID;
+  /**
+   * Hardware version of the slot.
+   */
+  readonly attribute AUTF8String HWVersion;
+  /**
+   * Firmware version of the slot.
+   */
+  readonly attribute AUTF8String FWVersion;
+
+  const unsigned long SLOT_DISABLED      = 0;
+  const unsigned long SLOT_NOT_PRESENT   = 1;
+  const unsigned long SLOT_UNINITIALIZED = 2;
+  const unsigned long SLOT_NOT_LOGGED_IN = 3;
+  const unsigned long SLOT_LOGGED_IN     = 4;
+  const unsigned long SLOT_READY         = 5;
+  readonly attribute unsigned long status;
+
+  /* This is really a workaround for now.  All of the "slot" functions
+   * (isTokenPresent(), etc.) are in nsIPK11Token.  For now, return the
+   * token and handle those things there.
+   */
+  nsIPK11Token getToken();
+
+  /* more fun with workarounds - we're referring to everything by token name */
+  readonly attribute AUTF8String tokenName;
+};
diff --git a/security/manager/ssl/nsIProtectedAuthThread.idl b/security/manager/ssl/nsIProtectedAuthThread.idl
new file mode 100644
index 000000000..3dc650fe9
--- /dev/null
+++ b/security/manager/ssl/nsIProtectedAuthThread.idl
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIObserver.idl"
+#include "nsIPKCS11Slot.idl"
+
+/**
+ * nsIProtectedAuthThread
+ *  This is used to communicate with the thread login on to 
+ *  a token with CKF_PROTECTED_AUTHENTICATION_PATH set.
+ */
+[scriptable, uuid(4bb27cb7-8984-4cee-8ce7-9b014c3d091b)]
+interface nsIProtectedAuthThread : nsISupports
+{
+  /**
+   * login - run the thread
+   *   A user interface implementing this interface needs to
+   *   call this method as soon as the message to the user is
+   *   displayed. This will trigger login operation. No user 
+   *   cancellation is possible during login operation.
+   *
+   *   When the login is done, the observe method of @observer will
+   *   be called on the UI thread with a topic of "login-finished"
+   *   and null data and subject.
+   */
+  void login(in nsIObserver observer);
+
+  /**
+   * The PKCS11 slot
+   */
+  readonly attribute nsIPKCS11Slot slot;
+
+  /**
+   * Gets token to be logged in name.
+   */
+  AString getTokenName();
+};
+
+%{ C++
+// {45334489-3D30-47c6-920B-0A55A313AEBF}
+#define NS_PROTECTEDAUTHTHREAD_CID \
+{ 0x45334489, 0x3d30, 0x47c6, { 0x92, 0x0b, 0x0a, 0x55, 0xa3, 0x13, 0xae, 0xbf } }
+#define NS_PROTECTEDAUTHTHREAD_CONTRACTID "@mozilla.org/security/protectedauththread;1"
+%}
diff --git a/security/manager/ssl/nsISSLStatus.idl b/security/manager/ssl/nsISSLStatus.idl
new file mode 100644
index 000000000..f5c56a8cf
--- /dev/null
+++ b/security/manager/ssl/nsISSLStatus.idl
@@ -0,0 +1,49 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+[scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)]
+interface nsISSLStatus : nsISupports {
+  readonly attribute nsIX509Cert serverCert;
+
+  readonly attribute ACString cipherName;
+  readonly attribute unsigned long keyLength;
+  readonly attribute unsigned long secretKeyLength;
+
+  const short SSL_VERSION_3   = 0;
+  const short TLS_VERSION_1   = 1;
+  const short TLS_VERSION_1_1 = 2;
+  const short TLS_VERSION_1_2 = 3;
+  const short TLS_VERSION_1_3 = 4;
+  readonly attribute unsigned short protocolVersion;
+
+  const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE = 0;
+  const short CERTIFICATE_TRANSPARENCY_NONE           = 1;
+  const short CERTIFICATE_TRANSPARENCY_OK             = 2;
+  const short CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG    = 3;
+  const short CERTIFICATE_TRANSPARENCY_INVALID        = 4;
+  readonly attribute unsigned short certificateTransparencyStatus;
+
+  readonly attribute boolean isDomainMismatch;
+  readonly attribute boolean isNotValidAtThisTime;
+
+  /* Note: To distinguish between
+   *         "unstrusted because missing or untrusted issuer"
+   *       and
+   *         "untrusted because self signed"
+   *       query nsIX509Cert::isSelfSigned
+   */
+  readonly attribute boolean isUntrusted;
+
+  /**
+   * True only if (and after) serverCert was successfully validated as
+   * Extended Validation (EV).
+   */
+  readonly attribute boolean isExtendedValidation;
+};
diff --git a/security/manager/ssl/nsISSLStatusProvider.idl b/security/manager/ssl/nsISSLStatusProvider.idl
new file mode 100644
index 000000000..83048f179
--- /dev/null
+++ b/security/manager/ssl/nsISSLStatusProvider.idl
@@ -0,0 +1,13 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsISSLStatus;
+
+[scriptable, uuid(179b1ab1-0950-4427-9556-6f496dc4a27f)]
+interface nsISSLStatusProvider : nsISupports {
+  readonly attribute nsISSLStatus SSLStatus;
+};
diff --git a/security/manager/ssl/nsISecretDecoderRing.idl b/security/manager/ssl/nsISecretDecoderRing.idl
new file mode 100644
index 000000000..e9f67cbee
--- /dev/null
+++ b/security/manager/ssl/nsISecretDecoderRing.idl
@@ -0,0 +1,49 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(0EC80360-075C-11d4-9FD4-00C04F1B83D8)]
+interface nsISecretDecoderRing: nsISupports {
+  /**
+   * Encrypt to Base64 output.
+   * Note that the input must basically be a byte array (i.e. the code points
+   * must be within the range [0, 255]). Hence, using this method directly to
+   * encrypt passwords (or any text, really) won't work as expected.
+   * Instead, use something like nsIScriptableUnicodeConverter to first convert
+   * the desired password or text to UTF-8, then encrypt that. Remember to
+   * convert back when calling decryptString().
+   *
+   * @param text The text to encrypt.
+   * @return The encrypted text, encoded as Base64.
+   */
+  ACString encryptString(in ACString text);
+
+  /**
+   * Decrypt Base64 input.
+   * See the encryptString() documentation - this method has basically the same
+   * limitations.
+   *
+   * @param encryptedBase64Text Encrypted input text, encoded as Base64.
+   * @return The decoded text.
+   */
+  ACString decryptString(in ACString encryptedBase64Text);
+
+  /**
+   * Prompt the user to change the password on the SDR key.
+   */
+  void changePassword();
+
+  /**
+   * Logout of the security device that protects the SDR key.
+   */
+  void logout();
+
+  /**
+   * Logout of the security device that protects the SDR key and tear
+   * down authenticated objects.
+   */
+  void logoutAndTeardown();
+};
diff --git a/security/manager/ssl/nsISecurityUITelemetry.idl b/security/manager/ssl/nsISecurityUITelemetry.idl
new file mode 100644
index 000000000..05d3473ad
--- /dev/null
+++ b/security/manager/ssl/nsISecurityUITelemetry.idl
@@ -0,0 +1,150 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(5d1acf82-223a-46fb-a8f3-a1b16e2ceb04)]
+
+interface nsISecurityUITelemetry : nsISupports {
+
+/*
+ * Addon installation warnings
+ */
+
+// Firefox prevented this site from asking you to install addon
+const uint32_t WARNING_ADDON_ASKING_PREVENTED = 1;
+// User clicks through and allows site to ask to install addons
+const uint32_t WARNING_ADDON_ASKING_PREVENTED_CLICK_THROUGH = 2;
+// Are you sure you want to install this addon? Only install addons you trust
+const uint32_t WARNING_CONFIRM_ADDON_INSTALL = 3;
+// User clicked she is sure after waiting 3secs
+const uint32_t WARNING_CONFIRM_ADDON_INSTALL_CLICK_THROUGH  = 4;
+
+
+/*
+ * modal dialogs/warnings 
+ */
+
+//     removed WARNING_ENTERING_SECURE_SITE = 5;
+//     removed WARNING_ENTERING_WEAK_SITE = 6;
+//     removed WARNING_LEAVING_SECURE_SITE = 7;
+//     removed WARNING_MIXED_CONTENT  = 8;
+
+// For confirmation dialogs, the clickthrough constant needs to be 1
+// more than the dialog constant so that
+// WARNING_CONFIRM_<X> + 1 == WARNING_CONFIRM_<X>_CLICK_THROUGH
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE = 9;
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE_CLICK_THROUGH = 10;
+//     removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE = 11;
+//     removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE_CLICK_THROUGH = 12;
+
+/*
+ * Phishing / Malware page warnings
+ * deprecated: we use the _TOP and _FRAME versions below
+ */
+
+const uint32_t WARNING_MALWARE_PAGE = 13;
+const uint32_t WARNING_MALWARE_PAGE_WHY_BLOCKED = 14;
+const uint32_t WARNING_MALWARE_PAGE_GET_ME_OUT_OF_HERE = 15;
+const uint32_t WARNING_MALWARE_PAGE_IGNORE_WARNING = 16;
+
+const uint32_t WARNING_PHISHING_PAGE = 17;
+const uint32_t WARNING_PHISHING_PAGE_WHY_BLOCKED = 18;
+const uint32_t WARNING_PHISHING_PAGE_GET_ME_OUT_OF_HERE = 19;
+const uint32_t WARNING_PHISHING_PAGE_IGNORE_WARNING = 20;
+
+/* 
+ * SSL Error dialogs
+ * deprecated: we use the _TOP versions below
+ */
+
+const uint32_t WARNING_BAD_CERT = 21;
+const uint32_t WARNING_BAD_CERT_STS = 22;
+const uint32_t WARNING_BAD_CERT_CLICK_ADD_EXCEPTION = 23;
+const uint32_t WARNING_BAD_CERT_CLICK_VIEW_CERT = 24;
+const uint32_t WARNING_BAD_CERT_DONT_REMEMBER_EXCEPTION = 25;
+const uint32_t WARNING_BAD_CERT_GET_ME_OUT_OF_HERE = 27;
+const uint32_t WARNING_BAD_CERT_UNDERSTAND_RISKS = 28;
+const uint32_t WARNING_BAD_CERT_TECHINICAL_DETAILS = 29;
+
+/*
+ * Note that if we add more possibilities in the warning dialogs,
+ * it is a new experiment and we shouldn't reuse these buckets.
+ */
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_BASE = 30;
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_TIME = 4;
+
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_BASE = 38;
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4;
+// This uses up buckets till 45
+
+/*
+ * Geolocation Popup Telemetry
+ */
+
+const uint32_t WARNING_GEOLOCATION_REQUEST = 46;
+const uint32_t WARNING_GEOLOCATION_REQUEST_SHARE_LOCATION = 47;
+const uint32_t WARNING_GEOLOCATION_REQUEST_ALWAYS_SHARE = 48;
+const uint32_t WARNING_GEOLOCATION_REQUEST_NEVER_SHARE = 49;
+// It would be nice to measure the two cases of user clicking
+// "not now", and user closing the popup. This is currently not implemented.
+
+const uint32_t WARNING_MALWARE_PAGE_TOP = 52;
+const uint32_t WARNING_MALWARE_PAGE_TOP_WHY_BLOCKED = 53;
+const uint32_t WARNING_MALWARE_PAGE_TOP_GET_ME_OUT_OF_HERE = 54;
+const uint32_t WARNING_MALWARE_PAGE_TOP_IGNORE_WARNING = 55;
+
+const uint32_t WARNING_PHISHING_PAGE_TOP = 56;
+const uint32_t WARNING_PHISHING_PAGE_TOP_WHY_BLOCKED = 57;
+const uint32_t WARNING_PHISHING_PAGE_TOP_GET_ME_OUT_OF_HERE = 58;
+const uint32_t WARNING_PHISHING_PAGE_TOP_IGNORE_WARNING = 59;
+
+const uint32_t WARNING_MALWARE_PAGE_FRAME = 60;
+const uint32_t WARNING_MALWARE_PAGE_FRAME_WHY_BLOCKED = 61;
+const uint32_t WARNING_MALWARE_PAGE_FRAME_GET_ME_OUT_OF_HERE = 62;
+const uint32_t WARNING_MALWARE_PAGE_FRAME_IGNORE_WARNING = 63;
+
+const uint32_t WARNING_PHISHING_PAGE_FRAME = 64;
+const uint32_t WARNING_PHISHING_PAGE_FRAME_WHY_BLOCKED = 65;
+const uint32_t WARNING_PHISHING_PAGE_FRAME_GET_ME_OUT_OF_HERE = 66;
+const uint32_t WARNING_PHISHING_PAGE_FRAME_IGNORE_WARNING = 67;
+
+const uint32_t WARNING_BAD_CERT_TOP = 68;
+const uint32_t WARNING_BAD_CERT_TOP_STS = 69;
+const uint32_t WARNING_BAD_CERT_TOP_CLICK_ADD_EXCEPTION = 70;
+const uint32_t WARNING_BAD_CERT_TOP_CLICK_VIEW_CERT = 71;
+const uint32_t WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION = 72;
+const uint32_t WARNING_BAD_CERT_TOP_GET_ME_OUT_OF_HERE = 73;
+const uint32_t WARNING_BAD_CERT_TOP_UNDERSTAND_RISKS = 74;
+//     removed WARNING_BAD_CERT_TOP_TECHNICAL_DETAILS = 75;
+
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_BASE = 76;
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_TIME = 4;
+
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE = 84;
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4;
+
+// Another Safe Browsing list (like malware & phishing above)
+const uint32_t WARNING_UNWANTED_PAGE_TOP = 92;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_WHY_BLOCKED = 93;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_GET_ME_OUT_OF_HERE = 94;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_IGNORE_WARNING = 95;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME = 96;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_WHY_BLOCKED = 97;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_GET_ME_OUT_OF_HERE = 98;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_IGNORE_WARNING = 99;
+
+// This uses up buckets till 99 (including)
+// We only have buckets up to 100.
+};
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl
new file mode 100644
index 000000000..fa20fe307
--- /dev/null
+++ b/security/manager/ssl/nsISiteSecurityService.idl
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+interface nsIObserver;
+interface nsIHttpChannel;
+interface nsISSLStatus;
+
+%{C++
+#include "nsTArrayForwardDeclare.h"
+class nsCString;
+namespace mozilla
+{
+  namespace pkix
+  {
+    class Time;
+  }
+}
+%}
+[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
+[ref] native mozillaPkixTime(mozilla::pkix::Time);
+
+[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
+interface nsISiteSecurityService : nsISupports
+{
+    const uint32_t HEADER_HSTS = 0;
+    const uint32_t HEADER_HPKP = 1;
+    const uint32_t HEADER_OMS = 2;
+
+    const uint32_t Success = 0;
+    const uint32_t ERROR_UNKNOWN = 1;
+    const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2;
+    const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
+    const uint32_t ERROR_NO_MAX_AGE = 4;
+    const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
+    const uint32_t ERROR_INVALID_MAX_AGE = 6;
+    const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
+    const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
+    const uint32_t ERROR_INVALID_PIN = 9;
+    const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10;
+    const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11;
+    const uint32_t ERROR_NO_BACKUP_PIN = 12;
+    const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
+    const uint32_t ERROR_ROOT_NOT_BUILT_IN = 14;
+
+    /**
+     * Parses a given HTTP header and records the results internally.
+     * Currently two header types are supported: HSTS (aka STS) and HPKP
+     * The format of the HSTS header is defined by the HSTS specification:
+     * https://tools.ietf.org/html/rfc6797
+     * and allows a host to specify that future HTTP requests should be
+     * upgraded to HTTPS.
+     * The format of the HPKP header is defined by the HPKP specification:
+     * https://tools.ietf.org/html/rfc7469
+     * and allows a host to specify a subset of trusted anchors to be used
+     * in future HTTPS connections.
+     *
+     * @param aType the type of security header in question.
+     * @param aSourceURI the URI of the resource with the HTTP header.
+     * @param aSSLStatus the SSLStatus of the current channel
+     * @param aHeader the HTTP response header specifying security data.
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     * @param aMaxAge the parsed max-age directive of the header.
+     * @param aIncludeSubdomains the parsed includeSubdomains directive.
+     * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
+                             was returned.
+     * @return NS_OK            if it succeeds
+     *         NS_ERROR_FAILURE if it can't be parsed
+     *         NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+     *                          if there are unrecognized tokens in the header.
+     */
+    void processHeader(in uint32_t aType,
+                       in nsIURI aSourceURI,
+                       in string aHeader,
+                       in nsISSLStatus aSSLStatus,
+                       in uint32_t aFlags,
+                       [optional] out unsigned long long aMaxAge,
+                       [optional] out boolean aIncludeSubdomains,
+                       [optional] out uint32_t aFailureResult);
+
+    /**
+     * Same as processHeader but without checking for the security properties
+     * of the connection. Use ONLY for testing.
+     */
+    void unsafeProcessHeader(in uint32_t aType,
+                             in nsIURI aSourceURI,
+                             in string aHeader,
+                             in uint32_t aFlags,
+                             [optional] out unsigned long long aMaxAge,
+                             [optional] out boolean aIncludeSubdomains,
+                             [optional] out uint32_t aFailureResult);
+
+    /**
+     * Given a header type, removes state relating to that header of a host,
+     * including the includeSubdomains state that would affect subdomains.
+     * This essentially removes the state for the domain tree rooted at this
+     * host.
+     * @param aType   the type of security state in question
+     * @param aURI    the URI of the target host
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     */
+    void removeState(in uint32_t aType,
+                     in nsIURI aURI,
+                     in uint32_t aFlags);
+
+    /**
+     * See isSecureURI
+     *
+     * @param aType the type of security state in question.
+     * @param aHost the hostname (punycode) to query for state.
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     * @param aCached true if we have cached information regarding whether or not
+     *                  the host is HSTS, false otherwise.
+     */
+    boolean isSecureHost(in uint32_t aType,
+                         in string aHost,
+                         in uint32_t aFlags,
+                         [optional] out boolean aCached);
+
+    /**
+     * Checks whether or not the URI's hostname has a given security state set.
+     * For example, for HSTS:
+     * The URI is an HSTS URI if either the host has the HSTS state set, or one
+     * of its super-domains has the HSTS "includeSubdomains" flag set.
+     * NOTE: this function makes decisions based only on the
+     * host contained in the URI, and disregards other portions of the URI
+     * such as path and port.
+     *
+     * @param aType the type of security state in question.
+     * @param aURI the URI to query for STS state.
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     * @param aCached true if we have cached information regarding whether or not
+     *                  the host is HSTS, false otherwise.
+     */
+    boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags,
+                        [optional] out boolean aCached);
+
+    /**
+     * Removes all non-preloaded security state by resetting to factory-original
+     * settings.
+     */
+    void clearAll();
+
+    /**
+     * Removes all preloaded security state.
+     */
+    void clearPreloads();
+
+    /**
+     * Returns an array of sha256-hashed key pins for the given domain, if any.
+     * If these pins also apply to subdomains of the given domain,
+     * aIncludeSubdomains will be true. Pins returned are only for non-built-in
+     * pin entries.
+     *
+     * @param aHostname the hosname (punycode) to be queried about
+     * @param the time at which the pins should be valid. This is in
+              mozilla::pkix::Time which uses internally seconds since 0 AD.
+     * @param aPinArray the set of sha256-hashed key pins for the given domain
+     * @param aIncludeSubdomains true if the pins apply to subdomains of the
+     *        given domain
+     */
+    [noscript] boolean getKeyPinsForHostname(in string aHostname,
+                                             in mozillaPkixTime evalTime,
+                                             out nsCStringTArrayRef aPinArray,
+                                             out boolean aIncludeSubdomains);
+
+    /**
+     * Set public-key pins for a host. The resulting pins will be permanent
+     * and visible from private and non-private contexts. These pins replace
+     * any already set by this mechanism or those built-in to Gecko.
+     *
+     * @param aHost the hostname (punycode) that pins will apply to
+     * @param aIncludeSubdomains whether these pins also apply to subdomains
+     * @param aExpires the time this pin should expire (millis since epoch)
+     * @param aPinCount number of keys being pinnned
+     * @param aSha256Pins array of hashed key fingerprints (SHA-256, base64)
+     * @param aIsPreload are these key pins for a preload entry? (false by
+     *        default)
+     */
+     boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains,
+                        in int64_t aExpires, in unsigned long aPinCount,
+                        [array, size_is(aPinCount)] in string aSha256Pins,
+                        [optional] in boolean aIsPreload);
+
+    /**
+     * Mark a host as declining to provide a given security state so that features
+     * such as HSTS priming will not flood a server with requests.
+     *
+     * @param aURI the nsIURI that this applies to
+     * @param aMaxAge lifetime (in seconds) of this negative cache
+     */
+    [noscript] void cacheNegativeHSTSResult(in nsIURI aURI, in unsigned long long aMaxAge);
+};
+
+%{C++
+#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
+%}
diff --git a/security/manager/ssl/nsITokenDialogs.idl b/security/manager/ssl/nsITokenDialogs.idl
new file mode 100644
index 000000000..ceb625294
--- /dev/null
+++ b/security/manager/ssl/nsITokenDialogs.idl
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIProtectedAuthThread;
+
+[scriptable, uuid(a1cbc159-468c-495d-8068-61dd538cbcca)]
+interface nsITokenDialogs : nsISupports
+{
+  void ChooseToken(in nsIInterfaceRequestor ctx,
+                   [array, size_is(count)] in wstring tokenNameList,
+                   in unsigned long count,
+                   out wstring tokenName,
+                   out boolean canceled);
+
+    /**
+    * displayProtectedAuth - displays notification dialog to the user 
+    * that he is expected to authenticate to the token using its
+    * "protected authentication path" feature
+    */
+  void displayProtectedAuth(in nsIInterfaceRequestor ctx,
+                            in nsIProtectedAuthThread runnable);
+};
+
+%{C++
+#define NS_TOKENDIALOGS_CONTRACTID "@mozilla.org/nsTokenDialogs;1"
+%}
diff --git a/security/manager/ssl/nsITokenPasswordDialogs.idl b/security/manager/ssl/nsITokenPasswordDialogs.idl
new file mode 100644
index 000000000..6e5660b17
--- /dev/null
+++ b/security/manager/ssl/nsITokenPasswordDialogs.idl
@@ -0,0 +1,29 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+
+
+/**
+ * nsITokenPasswordDialogs
+ *  This is the interface for setting and changing password
+ *  on a PKCS11 token.
+ */
+[scriptable, uuid(87dbd64a-4466-474e-95f5-1ad1cee5702c)]
+interface nsITokenPasswordDialogs : nsISupports
+{
+  /**
+   * setPassword - sets the password/PIN on the named token.
+   *   The canceled output value should be set to TRUE when
+   *   the user (or implementation) cancels the operation.
+   */
+  void setPassword(in nsIInterfaceRequestor ctx, in wstring tokenName,
+                   out boolean canceled);
+};
+
+%{C++
+#define NS_TOKENPASSWORDSDIALOG_CONTRACTID "@mozilla.org/nsTokenPasswordDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIU2FToken.idl b/security/manager/ssl/nsIU2FToken.idl
new file mode 100644
index 000000000..119c18593
--- /dev/null
+++ b/security/manager/ssl/nsIU2FToken.idl
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+
+/**
+ * Interface used to interact with U2F Token devices
+ */
+[scriptable, uuid(5778242f-1f42-47a2-b514-fa1adde2d904)]
+interface nsIU2FToken : nsISupports {
+  /**
+   * Is this token compatible with the provided version?
+   *
+   * @param version The offered version to test
+   * @return True if the offered version is compatible
+   */
+  void isCompatibleVersion(in AString version, [retval] out boolean result);
+
+  /**
+   * Return whether the provided KeyHandle belongs to this Token
+   *
+   * @param keyHandle Key Handle to evaluate.
+   * @return True if the Key Handle is ours.
+   */
+  void isRegistered([array, size_is(keyHandleLen)] in octet keyHandle,
+                    in uint32_t keyHandleLen,
+                    [retval] out boolean result);
+
+  /**
+   * Generates a public/private keypair for the provided application
+   * and challenge, returning the pubkey, challenge response, and
+   * key handle in the registration data.
+   *
+   * @param application The FIDO Application data to associate with the key.
+   * @param challenge The Challenge to satisfy in the response.
+   * @param registration An array containing the pubkey, challenge response,
+   *                     and key handle.
+   */
+  void register([array, size_is(applicationLen)] in octet application,
+                in uint32_t applicationLen,
+                [array, size_is(challengeLen)] in octet challenge,
+                in uint32_t challengeLen,
+                [array, size_is(registrationLen)] out octet registration,
+                out uint32_t registrationLen);
+
+  /**
+   * Creates a signature over the "param" arguments using the private key
+   * provided in the key handle argument.
+   *
+   * @param application The FIDO Application data to associate with the key.
+   * @param challenge The Challenge to satisfy in the response.
+   * @param keyHandle The Key Handle opaque object to use.
+   * @param signature The resulting signature.
+   */
+  void sign([array, size_is(applicationLen)] in octet application,
+            in uint32_t applicationLen,
+            [array, size_is(challengeLen)] in octet challenge,
+            in uint32_t challengeLen,
+            [array, size_is(keyHandleLen)] in octet keyHandle,
+            in uint32_t keyHandleLen,
+            [array, size_is(signatureLen)] out octet signature,
+            out uint32_t signatureLen);
+};
diff --git a/security/manager/ssl/nsIWeakCryptoOverride.idl b/security/manager/ssl/nsIWeakCryptoOverride.idl
new file mode 100644
index 000000000..7e3aa663f
--- /dev/null
+++ b/security/manager/ssl/nsIWeakCryptoOverride.idl
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#define NS_WEAKCRYPTOOVERRIDE_CONTRACTID "@mozilla.org/security/weakcryptooverride;1"
+%}
+
+/**
+ * This represents the fallback whitelist for
+ * weak crypto servers such as RC4-only.
+ */
+[scriptable, uuid(27b4d3df-8f15-4eb4-a35f-474e911b61e7)]
+interface nsIWeakCryptoOverride : nsISupports {
+  /**
+   *  Add a weak crypto override for the given hostname.
+   *  Main thread only.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPrivate The override info will used for the private browsing
+   *                  session and no information will be written to the disk.
+   *  @param aTemporary The override info will not persist between sessions.
+   *                    Ignored if aPrivate is true.
+   */
+  void addWeakCryptoOverride(in ACString aHostName,
+                             in boolean aPrivate,
+                             [optional] in boolean aTemporary);
+
+  /**
+   *  Remove a weak crypto override for the given hostname:port.
+   *  Main thread only.
+   *
+   *  @param aHostName The host (punycode) whose entry should be cleared.
+   *  @param aPort The port whose entry should be cleared.
+   *  @param aPrivate The override info will used for the private browsing
+   *                  session.
+   */
+  void removeWeakCryptoOverride(in ACString aHostName,
+                                in int32_t aPort,
+                                in boolean aPrivate);
+};
diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl
new file mode 100644
index 000000000..b1965edd4
--- /dev/null
+++ b/security/manager/ssl/nsIX509Cert.idl
@@ -0,0 +1,261 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509CertValidity;
+interface nsIASN1Object;
+interface nsICertVerificationListener;
+
+%{ C++
+ /* forward declaration */
+ typedef struct CERTCertificateStr CERTCertificate;
+%}
+[ptr] native CERTCertificatePtr(CERTCertificate);
+
+/**
+ * This represents a X.509 certificate.
+ *
+ * NOTE: Service workers persist x.509 certs in object form on disk.  If you
+ *       change this uuid you probably need a hack in nsBinaryInputStream to
+ *       read the old uuid.  If you change the format of the object
+ *       serialization then more complex changes will be needed.
+ */
+[scriptable, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)]
+interface nsIX509Cert : nsISupports {
+
+  /**
+   *  A nickname for the certificate.
+   */
+  readonly attribute AString nickname;
+
+  /**
+   *  The primary email address of the certificate, if present.
+   */
+  readonly attribute AString emailAddress;
+
+  /**
+   * Did this certificate ship with the platform as a built-in root?
+   */
+  readonly attribute bool isBuiltInRoot;
+
+  /**
+   *  Obtain a list of all email addresses
+   *  contained in the certificate.
+   *
+   *  @param length The number of strings in the returned array.
+   *  @return An array of email addresses.
+   */
+  void getEmailAddresses(out unsigned long length,
+                         [retval, array, size_is(length)] out wstring addresses);
+
+  /**
+   *  Check whether a given address is contained in the certificate.
+   *  The comparison will convert the email address to lowercase.
+   *  The behaviour for non ASCII characters is undefined.
+   *
+   *  @param aEmailAddress The address to search for.
+   *
+   *  @return True if the address is contained in the certificate.
+   */
+  boolean containsEmailAddress(in AString aEmailAddress);
+
+  /**
+   *  The subject owning the certificate.
+   */
+  readonly attribute AString subjectName;
+
+  /**
+   *  The subject's common name.
+   */
+  readonly attribute AString commonName;
+
+  /**
+   *  The subject's organization.
+   */
+  readonly attribute AString organization;
+
+  /**
+   *  The subject's organizational unit.
+   */
+  readonly attribute AString organizationalUnit;
+
+  /**
+   *  The fingerprint of the certificate's DER encoding,
+   *  calculated using the SHA-256 algorithm.
+   */
+  readonly attribute AString sha256Fingerprint;
+
+  /**
+   *  The fingerprint of the certificate's DER encoding,
+   *  calculated using the SHA1 algorithm.
+   */
+  readonly attribute AString sha1Fingerprint;
+
+  /**
+   *  A human readable name identifying the hardware or
+   *  software token the certificate is stored on.
+   */
+  readonly attribute AString tokenName;
+
+  /**
+   *  The subject identifying the issuer certificate.
+   */
+  readonly attribute AString issuerName;
+
+  /**
+   *  The serial number the issuer assigned to this certificate.
+   */
+  readonly attribute AString serialNumber;
+
+  /**
+   *  The issuer subject's common name.
+   */
+  readonly attribute AString issuerCommonName;
+
+  /**
+   *  The issuer subject's organization.
+   */
+  readonly attribute AString issuerOrganization;
+
+  /**
+   *  The issuer subject's organizational unit.
+   */
+  readonly attribute AString issuerOrganizationUnit;
+
+  /**
+   *  The certificate used by the issuer to sign this certificate.
+   */
+  readonly attribute nsIX509Cert issuer;
+
+  /**
+   *  This certificate's validity period.
+   */
+  readonly attribute nsIX509CertValidity validity;
+
+  /**
+   *  A unique identifier of this certificate within the local storage.
+   */
+  readonly attribute ACString dbKey;
+
+  /**
+   *  A human readable identifier to label this certificate.
+   */
+  readonly attribute AString windowTitle;
+
+  /**
+   *  Constants to classify the type of a certificate.
+   */
+  const unsigned long UNKNOWN_CERT =      0;
+  const unsigned long CA_CERT      = 1 << 0;
+  const unsigned long USER_CERT    = 1 << 1;
+  const unsigned long EMAIL_CERT   = 1 << 2;
+  const unsigned long SERVER_CERT  = 1 << 3;
+  const unsigned long ANY_CERT     = 0xffff;
+
+  /**
+   * Type of this certificate
+   */
+  readonly attribute unsigned long certType;
+
+  /**
+   *  True if the certificate is self-signed. CA issued
+   *  certificates are always self-signed.
+   */
+  readonly attribute boolean isSelfSigned;
+
+  /**
+   *  Constants for specifying the chain mode when exporting a certificate
+   */
+  const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
+  const unsigned long CMS_CHAIN_MODE_CertChain = 2;
+  const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
+
+  /**
+   *  Obtain a list of certificates that contains this certificate
+   *  and the issuing certificates of all involved issuers,
+   *  up to the root issuer.
+   *
+   *  @return The chain of certifficates including the issuers.
+   */
+  nsIArray getChain();
+
+  /**
+   * A comma separated list of localized strings representing the contents of
+   * the certificate's key usage extension, if present. The empty string if the
+   * certificate doesn't have the key usage extension, or has an empty extension.
+   */
+  readonly attribute AString keyUsages;
+
+  /**
+   *  This is the attribute which describes the ASN1 layout
+   *  of the certificate.  This can be used when doing a
+   *  "pretty print" of the certificate's ASN1 structure.
+   */
+  readonly attribute nsIASN1Object ASN1Structure;
+
+  /**
+   *  Obtain a raw binary encoding of this certificate
+   *  in DER format.
+   *
+   *  @param length The number of bytes in the binary encoding.
+   *  @param data The bytes representing the DER encoded certificate.
+   */
+  void getRawDER(out unsigned long length,
+	               [retval, array, size_is(length)] out octet data);
+
+  /**
+   *  Test whether two certificate instances represent the
+   *  same certificate.
+   *
+   *  @return Whether the certificates are equal
+   */
+  boolean equals(in nsIX509Cert other);
+
+  /**
+   * The base64 encoding of the DER encoded public key info using the specified
+   * digest.
+   */
+  readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
+
+  /**
+   *  Obtain the certificate wrapped in a PKCS#7 SignedData structure,
+   *  with or without the certificate chain
+   *
+   *  @param chainMode Whether to include the chain (with or without the root),
+                       see CMS_CHAIN_MODE constants.
+   *  @param length The number of bytes of the PKCS#7 data.
+   *  @param data The bytes representing the PKCS#7 wrapped certificate.
+   */
+  void exportAsCMS(in unsigned long chainMode,
+                   out unsigned long length,
+                   [retval, array, size_is(length)] out octet data);
+
+  /**
+   * Retrieves the NSS certificate object wrapped by this interface
+   */
+   [notxpcom, noscript] CERTCertificatePtr getCert();
+
+  /**
+   * Human readable names identifying all hardware or
+   * software tokens the certificate is stored on.
+   *
+   * @param length On success, the number of entries in the returned array.
+   * @return On success, an array containing the names of all tokens
+   *         the certificate is stored on (may be empty).
+   *         On failure the function throws/returns an error.
+   */
+  void getAllTokenNames(out unsigned long length,
+                       [retval, array, size_is(length)] out wstring
+                       tokenNames);
+
+  /**
+   * Either delete the certificate from all cert databases,
+   * or mark it as untrusted.
+   */
+  void markForPermDeletion();
+};
diff --git a/security/manager/ssl/nsIX509CertDB.idl b/security/manager/ssl/nsIX509CertDB.idl
new file mode 100644
index 000000000..44d8e0588
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertDB.idl
@@ -0,0 +1,431 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509Cert;
+interface nsIFile;
+interface nsIInterfaceRequestor;
+interface nsIZipReader;
+interface nsIX509CertList;
+interface nsIInputStream;
+
+%{C++
+#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
+%}
+
+typedef uint32_t AppTrustedRoot;
+
+[scriptable, function, uuid(fc2b60e5-9a07-47c2-a2cd-b83b68a660ac)]
+interface nsIOpenSignedAppFileCallback : nsISupports
+{
+  void openSignedAppFileFinished(in nsresult rv,
+                                 in nsIZipReader aZipReader,
+                                 in nsIX509Cert aSignerCert);
+};
+
+[scriptable, function, uuid(d5f97827-622a-488f-be08-d850432ac8ec)]
+interface nsIVerifySignedDirectoryCallback : nsISupports
+{
+  void verifySignedDirectoryFinished(in nsresult rv,
+                                     in nsIX509Cert aSignerCert);
+};
+
+[scriptable, function, uuid(3d6a9c87-5c5f-46fc-9410-96da6092f0f2)]
+interface nsIVerifySignedManifestCallback : nsISupports
+{
+  void verifySignedManifestFinished(in nsresult rv,
+                                    in nsIX509Cert aSignerCert);
+};
+
+/**
+ * Callback type for use with asyncVerifyCertAtTime.
+ * If aPRErrorCode is PRErrorCodeSuccess (i.e. 0), aVerifiedChain represents the
+ * verified certificate chain determined by asyncVerifyCertAtTime. aHasEVPolicy
+ * represents whether or not the end-entity certificate verified as EV.
+ * If aPRErrorCode is non-zero, it represents the error encountered during
+ * verification. aVerifiedChain is null in that case and aHasEVPolicy has no
+ * meaning.
+ */
+[scriptable, function, uuid(49e16fc8-efac-4f57-8361-956ef6b960a4)]
+interface nsICertVerificationCallback : nsISupports {
+  void verifyCertFinished(in int32_t aPRErrorCode,
+                          in nsIX509CertList aVerifiedChain,
+                          in bool aHasEVPolicy);
+};
+
+/**
+ * This represents a service to access and manipulate
+ * X.509 certificates stored in a database.
+ */
+[scriptable, uuid(5c16cd9b-5a73-47f1-ab0f-11ede7495cce)]
+interface nsIX509CertDB : nsISupports {
+
+  /**
+   *  Constants that define which usages a certificate
+   *  is trusted for.
+   */
+  const unsigned long UNTRUSTED       =      0;
+  const unsigned long TRUSTED_SSL     = 1 << 0;
+  const unsigned long TRUSTED_EMAIL   = 1 << 1;
+  const unsigned long TRUSTED_OBJSIGN = 1 << 2;
+
+  /**
+   *  Given a nickname,
+   *  locate the matching certificate.
+   *
+   *  @param aNickname The nickname to be used as the key
+   *                   to find a certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findCertByNickname(in AString aNickname);
+
+  /**
+   *  Will find a certificate based on its dbkey
+   *  retrieved by getting the dbKey attribute of
+   *  the certificate.
+   *
+   *  @param aDBkey Database internal key, as obtained using
+   *                attribute dbkey in nsIX509Cert.
+   */
+  nsIX509Cert findCertByDBKey(in string aDBkey);
+
+  /**
+   *  Find user's own email encryption certificate by nickname.
+   *
+   *  @param aNickname The nickname to be used as the key
+   *                   to find the certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findEmailEncryptionCert(in AString aNickname);
+
+  /**
+   *  Find user's own email signing certificate by nickname.
+   *
+   *  @param aNickname The nickname to be used as the key
+   *                   to find the certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findEmailSigningCert(in AString aNickname);
+
+  /**
+   *  Find a certificate by email address.
+   *
+   *  @param aEmailAddress The email address to be used as the key
+   *                       to find the certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findCertByEmailAddress(in string aEmailAddress);
+
+  /**
+   *  Use this to import a stream sent down as a mime type into
+   *  the certificate database on the default token.
+   *  The stream may consist of one or more certificates.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param type The type of the certificate, see constants in nsIX509Cert
+   *  @param ctx A UI context.
+   */
+  void importCertificates([array, size_is(length)] in octet data,
+                          in unsigned long length,
+                          in unsigned long type,
+                          in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Import another person's email certificate into the database.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param ctx A UI context.
+   */
+  void importEmailCertificate([array, size_is(length)] in octet data,
+                              in unsigned long length,
+                              in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Import a personal certificate into the database, assuming
+   *  the database already contains the private key for this certificate.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param ctx A UI context.
+   */
+  void importUserCertificate([array, size_is(length)] in octet data,
+                             in unsigned long length,
+                             in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Delete a certificate stored in the database.
+   *
+   *  @param aCert Delete this certificate.
+   */
+  void deleteCertificate(in nsIX509Cert aCert);
+
+  /**
+   *  Modify the trust that is stored and associated to a certificate within
+   *  a database. Separate trust is stored for
+   *  One call manipulates the trust for one trust type only.
+   *  See the trust type constants defined within this interface.
+   *
+   *  @param cert Change the stored trust of this certificate.
+   *  @param type The type of the certificate. See nsIX509Cert.
+   *  @param trust A bitmask. The new trust for the possible usages.
+   *               See the trust constants defined within this interface.
+   */
+  void setCertTrust(in nsIX509Cert cert,
+                    in unsigned long type,
+                    in unsigned long trust);
+
+  /**
+   * @param cert        The certificate for which to modify trust.
+   * @param trustString decoded by CERT_DecodeTrustString. 3 comma separated
+   *                    characters, indicating SSL, Email, and Obj signing
+   *                    trust.
+   */
+  void setCertTrustFromString(in nsIX509Cert cert, in ACString trustString);
+
+  /**
+   *  Query whether a certificate is trusted for a particular use.
+   *
+   *  @param cert Obtain the stored trust of this certificate.
+   *  @param certType The type of the certificate. See nsIX509Cert.
+   *  @param trustType A single bit from the usages constants defined
+   *                   within this interface.
+   *
+   *  @return Returns true if the certificate is trusted for the given use.
+   */
+  boolean isCertTrusted(in nsIX509Cert cert,
+                        in unsigned long certType,
+                        in unsigned long trustType);
+
+  /**
+   *  Import certificate(s) from file
+   *
+   *  @param aFile Identifies a file that contains the certificate
+   *               to be imported.
+   *  @param aType Describes the type of certificate that is going to
+   *               be imported. See type constants in nsIX509Cert.
+   */
+  void importCertsFromFile(in nsIFile aFile,
+                           in unsigned long aType);
+
+  /**
+   *  Import a PKCS#12 file containing cert(s) and key(s) into the database.
+   *
+   *  @param aToken Optionally limits the scope of
+   *                this function to a token device.
+   *                Can be null to mean any token.
+   *  @param aFile Identifies a file that contains the data
+   *               to be imported.
+   */
+  void importPKCS12File(in nsISupports aToken,
+                        in nsIFile aFile);
+
+  /**
+   *  Export a set of certs and keys from the database to a PKCS#12 file.
+   *
+   *  @param aToken Optionally limits the scope of
+   *                this function to a token device.
+   *                Can be null to mean any token.
+   *  @param aFile Identifies a file that will be filled with the data
+   *               to be exported.
+   *  @param count The number of certificates to be exported.
+   *  @param aCerts The array of all certificates to be exported.
+   */
+  void exportPKCS12File(in nsISupports aToken,
+                        in nsIFile aFile,
+                        in unsigned long count,
+                        [array, size_is(count)] in nsIX509Cert aCerts);
+
+  /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param base64 The raw representation of a certificate,
+   *                encoded as Base 64.
+   *  @return The new certificate object.
+   */
+  nsIX509Cert constructX509FromBase64(in ACString base64);
+
+  /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param certDER The raw representation of a certificate,
+   *                 encoded as raw DER.
+   *  @param length  The length of the DER string.
+   *  @return The new certificate object.
+   */
+  nsIX509Cert constructX509(in string certDER, in unsigned long length);
+
+  /**
+   *  Verifies the signature on the given JAR file to verify that it has a
+   *  valid signature.  To be considered valid, there must be exactly one
+   *  signature on the JAR file and that signature must have signed every
+   *  entry. Further, the signature must come from a certificate that
+   *  is trusted for code signing.
+   *
+   *  On success, NS_OK, a nsIZipReader, and the trusted certificate that
+   *  signed the JAR are returned.
+   *
+   *  On failure, an error code is returned.
+   *
+   *  This method returns a nsIZipReader, instead of taking an nsIZipReader
+   *  as input, to encourage users of the API to verify the signature as the
+   *  first step in opening the JAR.
+   */
+  const AppTrustedRoot AppMarketplaceProdPublicRoot = 1;
+  const AppTrustedRoot AppMarketplaceProdReviewersRoot = 2;
+  const AppTrustedRoot AppMarketplaceDevPublicRoot = 3;
+  const AppTrustedRoot AppMarketplaceDevReviewersRoot = 4;
+  const AppTrustedRoot AppMarketplaceStageRoot = 5;
+  const AppTrustedRoot AppXPCShellRoot = 6;
+  const AppTrustedRoot AddonsPublicRoot = 7;
+  const AppTrustedRoot AddonsStageRoot = 8;
+  const AppTrustedRoot PrivilegedPackageRoot = 9;
+  /*
+   * If DeveloperImportedRoot is set as trusted root, a CA from local file
+   * system will be imported. Only used when preference
+   * "network.http.packaged-apps-developer-mode" is set.
+   * The path of the CA is specified by preference
+   * "network.http.packaged-apps-developer-trusted-root".
+   */
+  const AppTrustedRoot DeveloperImportedRoot = 10;
+  void openSignedAppFileAsync(in AppTrustedRoot trustedRoot,
+                              in nsIFile aJarFile,
+                              in nsIOpenSignedAppFileCallback callback);
+
+  /**
+   *  Verifies the signature on a directory representing an unpacked signed
+   *  JAR file. To be considered valid, there must be exactly one signature
+   *  on the directory structure and that signature must have signed every
+   *  entry. Further, the signature must come from a certificate that
+   *  is trusted for code signing.
+   *
+   *  On success NS_OK and the trusted certificate that signed the
+   *  unpacked JAR are returned.
+   *
+   *  On failure, an error code is returned.
+   */
+  void verifySignedDirectoryAsync(in AppTrustedRoot trustedRoot,
+                                  in nsIFile aUnpackedDir,
+                                  in nsIVerifySignedDirectoryCallback callback);
+
+  /**
+   * Given streams containing a signature and a manifest file, verifies
+   * that the signature is valid for the manifest. The signature must
+   * come from a certificate that is trusted for code signing and that
+   * was issued by the given trusted root.
+   *
+   *  On success, NS_OK and the trusted certificate that signed the
+   *  Manifest are returned.
+   *
+   *  On failure, an error code is returned.
+   */
+  void verifySignedManifestAsync(in AppTrustedRoot trustedRoot,
+                                 in nsIInputStream aManifestStream,
+                                 in nsIInputStream aSignatureStream,
+                                 in nsIVerifySignedManifestCallback callback);
+
+  /*
+   * Add a cert to a cert DB from a binary string.
+   *
+   * @param certDER The raw DER encoding of a certificate.
+   * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
+   *                indicating SSL, Email, and Obj signing trust
+   * @param aName name of the cert for display purposes.
+   *              TODO(bug 857627): aName is currently ignored. It should either
+   *              not be ignored, or be removed.
+   */
+  void addCert(in ACString certDER, in ACString aTrust, in AUTF8String aName);
+
+  // Flags for verifyCertNow (these must match the values in CertVerifier.cpp):
+  // Prevent network traffic. Doesn't work with classic verification.
+  const uint32_t FLAG_LOCAL_ONLY = 1 << 0;
+  // Do not fall back to DV verification after attempting EV validation.
+  // Actually does prevent network traffic, but can cause a valid EV
+  // certificate to not be considered valid.
+  const uint32_t FLAG_MUST_BE_EV = 1 << 1;
+
+  /** Warning: This interface is inteded to use only for testing only as:
+   *    1. It can create IO on the main thread.
+   *    2. It is in constant change, so in/out can change at any release.
+   *
+   *  Obtain the verification result for a cert given a particular usage.
+   *  On success, the call returns 0, the chain built during verification,
+   *  and whether the cert is good for EV usage.
+   *  On failure, the call returns the PRErrorCode for the verification failure
+   *
+   *  @param aCert Obtain the stored trust of this certificate
+   *  @param aUsage a integer representing the usage from NSS
+   *  @param aFlags flags as described above
+   *  @param aHostname the (optional) hostname to verify for
+   *  @param aTime the time at which to verify, in seconds since the epoch
+   *  @param aVerifiedChain chain of verification up to the root if success
+   *  @param aHasEVPolicy bool that signified that the cert was an EV cert
+   *  @return 0 if success or the value or the error code for the verification
+   *          failure
+   */
+  int32_t /*PRErrorCode*/
+    verifyCertAtTime(in nsIX509Cert aCert,
+                     in int64_t /*SECCertificateUsage*/ aUsage,
+                     in uint32_t aFlags,
+                     in string aHostname,
+                     in uint64_t aTime,
+                     out nsIX509CertList aVerifiedChain,
+                     out bool aHasEVPolicy);
+  int32_t /*PRErrorCode*/
+    verifyCertNow(in nsIX509Cert aCert,
+                  in int64_t /*SECCertificateUsage*/ aUsage,
+                  in uint32_t aFlags,
+                  in string aHostname,
+                  out nsIX509CertList aVerifiedChain,
+                  out bool aHasEVPolicy);
+
+  /**
+   * Similar to the above, but asynchronous. As a result, use of this API is not
+   * limited to tests.
+   */
+  void asyncVerifyCertAtTime(in nsIX509Cert aCert,
+                             in int64_t /*SECCertificateUsage*/ aUsage,
+                             in uint32_t aFlags,
+                             in string aHostname,
+                             in uint64_t aTime,
+                             in nsICertVerificationCallback aCallback);
+
+  // Clears the OCSP cache for the current certificate verification
+  // implementation.
+  void clearOCSPCache();
+
+  /*
+   * Add a cert to a cert DB from a base64 encoded string.
+   *
+   * @param base64 The raw representation of a certificate,
+   *                encoded as Base 64.
+   * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
+   *                indicating SSL, Email, and Obj signing trust
+   * @param aName name of the cert for display purposes.
+   *              TODO(bug 857627): aName is currently ignored. It should either
+   *              not be ignored, or be removed.
+   */
+  void addCertFromBase64(in ACString base64, in ACString aTrust,
+                         in AUTF8String aName);
+
+  /*
+   * Get all the known certs in the database
+   */
+  nsIX509CertList getCerts();
+
+  /*
+   * Get a list of imported enterprise root certificates (currently only
+   * implemented on Windows).
+   */
+  nsIX509CertList getEnterpriseRoots();
+};
diff --git a/security/manager/ssl/nsIX509CertList.idl b/security/manager/ssl/nsIX509CertList.idl
new file mode 100644
index 000000000..63f1c5e38
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertList.idl
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsISimpleEnumerator;
+interface nsIX509Cert;
+
+%{C++
+typedef struct CERTCertListStr CERTCertList;
+%}
+[ptr] native CERTCertListPtr(CERTCertList);
+
+[scriptable, uuid(ae74cda5-cd2f-473f-96f5-f0b7fff62c68)]
+interface nsIX509CertList : nsISupports {
+   void addCert(in nsIX509Cert cert);
+   void deleteCert(in nsIX509Cert cert);
+   nsISimpleEnumerator getEnumerator();
+
+   /**
+    * Returns the raw, backing cert list.
+    * Must be called only from functions where an nsNSSShutDownPreventionLock
+    * has been acquired.
+    */
+   [notxpcom, noscript] CERTCertListPtr getRawCertList();
+
+   /**
+    * Test whether two certificate list instances represent the same
+    * certificate list.
+    *
+    * @return Whether the certificate lists are equal
+    */
+   boolean equals(in nsIX509CertList other);
+
+};
+
+%{C++
+
+#define NS_X509CERTLIST_CID { /* 959fb165-6517-487f-ab9b-d8913be53197 */  \
+    0x959fb165,                                                           \
+    0x6517,                                                               \
+    0x487f,                                                               \
+    {0xab, 0x9b, 0xd8, 0x91, 0x3b, 0xe5, 0x31, 0x97}                      \
+  }
+
+#define NS_X509CERTLIST_CONTRACTID "@mozilla.org/security/x509certlist;1"
+
+%}
diff --git a/security/manager/ssl/nsIX509CertValidity.idl b/security/manager/ssl/nsIX509CertValidity.idl
new file mode 100644
index 000000000..25d4c004b
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertValidity.idl
@@ -0,0 +1,70 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * Information on the validity period of a X.509 certificate.
+ */
+[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
+interface nsIX509CertValidity : nsISupports {
+
+  /**
+   *  The earliest point in time where
+   *  a certificate is valid.
+   */
+  readonly attribute PRTime notBefore;
+  
+  /**
+   *  "notBefore" attribute formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notBeforeLocalTime;
+
+  /**
+   *  The day portion of "notBefore" 
+   *  formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notBeforeLocalDay;
+
+  /**
+   *  "notBefore" attribute formatted as a string
+   *  according to the environment locale,
+   *  displayed as GMT / UTC.
+   */
+  readonly attribute AString notBeforeGMT;
+
+  /**
+   *  The latest point in time where
+   *  a certificate is valid.
+   */
+  readonly attribute PRTime notAfter;
+
+  /**
+   *  "notAfter" attribute formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notAfterLocalTime;
+
+  /**
+   *  The day portion of "notAfter" 
+   *  formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notAfterLocalDay;
+
+  /**
+   *  "notAfter" attribute formatted as a time string
+   *  according to the environment locale,
+   *  displayed as GMT / UTC.
+   */
+  readonly attribute AString notAfterGMT;
+};
diff --git a/security/manager/ssl/nsKeyModule.cpp b/security/manager/ssl/nsKeyModule.cpp
new file mode 100644
index 000000000..41e5f5df9
--- /dev/null
+++ b/security/manager/ssl/nsKeyModule.cpp
@@ -0,0 +1,159 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsKeyModule.h"
+#include "nsString.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsKeyObject, nsIKeyObject)
+
+nsKeyObject::nsKeyObject()
+  : mSymKey(nullptr)
+{
+}
+
+nsKeyObject::~nsKeyObject()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsKeyObject::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsKeyObject::destructorSafeDestroyNSSReference()
+{
+  mSymKey = nullptr;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+// nsIKeyObject
+
+NS_IMETHODIMP
+nsKeyObject::InitKey(int16_t aAlgorithm, PK11SymKey* aKey)
+{
+  if (!aKey || aAlgorithm != nsIKeyObject::HMAC) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  mSymKey.reset(aKey);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsKeyObject::GetKeyObj(PK11SymKey** _retval)
+{
+  if (!_retval) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *_retval = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mSymKey) {
+    return NS_ERROR_NOT_INITIALIZED;
+  }
+
+  *_retval = mSymKey.get();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsKeyObject::GetType(int16_t *_retval)
+{
+  if (!_retval) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  *_retval = nsIKeyObject::SYM_KEY;
+  return NS_OK;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+// nsIKeyObjectFactory
+
+NS_IMPL_ISUPPORTS(nsKeyObjectFactory, nsIKeyObjectFactory)
+
+nsKeyObjectFactory::nsKeyObjectFactory()
+{
+}
+
+nsKeyObjectFactory::~nsKeyObjectFactory()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString& aKey,
+                                  nsIKeyObject** _retval)
+{
+  if (!_retval || aAlgorithm != nsIKeyObject::HMAC) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  CK_MECHANISM_TYPE cipherMech = CKM_GENERIC_SECRET_KEY_GEN;
+  CK_ATTRIBUTE_TYPE cipherOperation = CKA_SIGN;
+
+  nsresult rv;
+  nsCOMPtr<nsIKeyObject> key(
+    do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Convert the raw string into a SECItem
+  const nsCString& flatKey = PromiseFlatCString(aKey);
+  SECItem keyItem;
+  keyItem.data = (unsigned char*)flatKey.get();
+  keyItem.len = flatKey.Length();
+
+  UniquePK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr));
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SymKey symKey(PK11_ImportSymKey(slot.get(), cipherMech,
+                                            PK11_OriginUnwrap, cipherOperation,
+                                            &keyItem, nullptr));
+  if (!symKey) {
+    return NS_ERROR_FAILURE;
+  }
+
+  rv = key->InitKey(aAlgorithm, symKey.release());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  key.swap(*_retval);
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsKeyModule.h b/security/manager/ssl/nsKeyModule.h
new file mode 100644
index 000000000..2f7c21937
--- /dev/null
+++ b/security/manager/ssl/nsKeyModule.h
@@ -0,0 +1,63 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsKeyModule_h
+#define nsKeyModule_h
+
+#include "ScopedNSSTypes.h"
+#include "nsIKeyModule.h"
+#include "nsNSSShutDown.h"
+#include "pk11pub.h"
+
+#define NS_KEYMODULEOBJECT_CID   \
+{ 0x9d383ddd, 0x6856, 0x4187, {0x84, 0x85, 0xf3, 0x61, 0x95, 0xb2, 0x9a, 0x0e} }
+#define NS_KEYMODULEOBJECT_CONTRACTID "@mozilla.org/security/keyobject;1"
+
+#define NS_KEYMODULEOBJECTFACTORY_CID   \
+{ 0x2a35dd47, 0xb026, 0x4e8d, {0xb6, 0xb7, 0x57, 0x40, 0xf6, 0x1a, 0xb9, 0x02} }
+#define NS_KEYMODULEOBJECTFACTORY_CONTRACTID \
+"@mozilla.org/security/keyobjectfactory;1"
+
+class nsKeyObject final : public nsIKeyObject
+                        , public nsNSSShutDownObject
+{
+public:
+  nsKeyObject();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIKEYOBJECT
+
+private:
+  ~nsKeyObject();
+
+  // Disallow copy constructor
+  nsKeyObject(nsKeyObject&);
+
+  UniquePK11SymKey mSymKey;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+
+class nsKeyObjectFactory final : public nsIKeyObjectFactory
+                               , public nsNSSShutDownObject
+{
+public:
+  nsKeyObjectFactory();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIKEYOBJECTFACTORY
+
+private:
+  ~nsKeyObjectFactory();
+
+  // Disallow copy constructor
+  nsKeyObjectFactory(nsKeyObjectFactory&);
+
+  // No NSS resources to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#endif // nsKeyModule_h
diff --git a/security/manager/ssl/nsKeygenHandler.cpp b/security/manager/ssl/nsKeygenHandler.cpp
new file mode 100644
index 000000000..c4529f877
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -0,0 +1,785 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "base64.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Telemetry.h"
+#include "nsIContent.h"
+#include "nsIDOMHTMLSelectElement.h"
+#include "nsIGenKeypairInfoDlg.h"
+#include "nsIServiceManager.h"
+#include "nsITokenDialogs.h"
+#include "nsKeygenHandler.h"
+#include "nsKeygenHandlerContent.h"
+#include "nsKeygenThread.h"
+#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
+#include "nsNSSHelper.h"
+#include "nsReadableUtils.h"
+#include "nsUnicharUtils.h"
+#include "nsXULAppAPI.h"
+#include "nspr.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secdert.h"
+
+//These defines are taken from the PKCS#11 spec
+#define CKM_RSA_PKCS_KEY_PAIR_GEN     0x00000000
+#define CKM_DH_PKCS_KEY_PAIR_GEN      0x00000020
+
+DERTemplate SECAlgorithmIDTemplate[] = {
+    { DER_SEQUENCE,
+          0, nullptr, sizeof(SECAlgorithmID) },
+    { DER_OBJECT_ID,
+          offsetof(SECAlgorithmID,algorithm), },
+    { DER_OPTIONAL | DER_ANY,
+          offsetof(SECAlgorithmID,parameters), },
+    { 0, }
+};
+
+DERTemplate CERTSubjectPublicKeyInfoTemplate[] = {
+    { DER_SEQUENCE,
+          0, nullptr, sizeof(CERTSubjectPublicKeyInfo) },
+    { DER_INLINE,
+          offsetof(CERTSubjectPublicKeyInfo,algorithm),
+          SECAlgorithmIDTemplate, },
+    { DER_BIT_STRING,
+          offsetof(CERTSubjectPublicKeyInfo,subjectPublicKey), },
+    { 0, }
+};
+
+DERTemplate CERTPublicKeyAndChallengeTemplate[] =
+{
+    { DER_SEQUENCE, 0, nullptr, sizeof(CERTPublicKeyAndChallenge) },
+    { DER_ANY, offsetof(CERTPublicKeyAndChallenge,spki), },
+    { DER_IA5_STRING, offsetof(CERTPublicKeyAndChallenge,challenge), },
+    { 0, }
+};
+
+typedef struct curveNameTagPairStr {
+    const char *curveName;
+    SECOidTag curveOidTag;
+} CurveNameTagPair;
+
+static CurveNameTagPair nameTagPair[] =
+{ 
+  { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+  { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+  { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+  { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+  { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+  { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+  { "prime256v1", SEC_OID_ANSIX962_EC_PRIME256V1 },
+
+  { "secp112r1", SEC_OID_SECG_EC_SECP112R1},
+  { "secp112r2", SEC_OID_SECG_EC_SECP112R2},
+  { "secp128r1", SEC_OID_SECG_EC_SECP128R1},
+  { "secp128r2", SEC_OID_SECG_EC_SECP128R2},
+  { "secp160k1", SEC_OID_SECG_EC_SECP160K1},
+  { "secp160r1", SEC_OID_SECG_EC_SECP160R1},
+  { "secp160r2", SEC_OID_SECG_EC_SECP160R2},
+  { "secp192k1", SEC_OID_SECG_EC_SECP192K1},
+  { "secp192r1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+  { "nistp192", SEC_OID_ANSIX962_EC_PRIME192V1 },
+  { "secp224k1", SEC_OID_SECG_EC_SECP224K1},
+  { "secp224r1", SEC_OID_SECG_EC_SECP224R1},
+  { "nistp224", SEC_OID_SECG_EC_SECP224R1},
+  { "secp256k1", SEC_OID_SECG_EC_SECP256K1},
+  { "secp256r1", SEC_OID_ANSIX962_EC_PRIME256V1 },
+  { "nistp256", SEC_OID_ANSIX962_EC_PRIME256V1 },
+  { "secp384r1", SEC_OID_SECG_EC_SECP384R1},
+  { "nistp384", SEC_OID_SECG_EC_SECP384R1},
+  { "secp521r1", SEC_OID_SECG_EC_SECP521R1},
+  { "nistp521", SEC_OID_SECG_EC_SECP521R1},
+
+  { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+  { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+  { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+  { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+  { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+  { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+  { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+  { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+  { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+  { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+  { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+  { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+  { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+  { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+  { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+  { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+  { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+  { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+  { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+  { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+  { "sect113r1", SEC_OID_SECG_EC_SECT113R1},
+  { "sect113r2", SEC_OID_SECG_EC_SECT113R2},
+  { "sect131r1", SEC_OID_SECG_EC_SECT131R1},
+  { "sect131r2", SEC_OID_SECG_EC_SECT131R2},
+  { "sect163k1", SEC_OID_SECG_EC_SECT163K1},
+  { "nistk163", SEC_OID_SECG_EC_SECT163K1},
+  { "sect163r1", SEC_OID_SECG_EC_SECT163R1},
+  { "sect163r2", SEC_OID_SECG_EC_SECT163R2},
+  { "nistb163", SEC_OID_SECG_EC_SECT163R2},
+  { "sect193r1", SEC_OID_SECG_EC_SECT193R1},
+  { "sect193r2", SEC_OID_SECG_EC_SECT193R2},
+  { "sect233k1", SEC_OID_SECG_EC_SECT233K1},
+  { "nistk233", SEC_OID_SECG_EC_SECT233K1},
+  { "sect233r1", SEC_OID_SECG_EC_SECT233R1},
+  { "nistb233", SEC_OID_SECG_EC_SECT233R1},
+  { "sect239k1", SEC_OID_SECG_EC_SECT239K1},
+  { "sect283k1", SEC_OID_SECG_EC_SECT283K1},
+  { "nistk283", SEC_OID_SECG_EC_SECT283K1},
+  { "sect283r1", SEC_OID_SECG_EC_SECT283R1},
+  { "nistb283", SEC_OID_SECG_EC_SECT283R1},
+  { "sect409k1", SEC_OID_SECG_EC_SECT409K1},
+  { "nistk409", SEC_OID_SECG_EC_SECT409K1},
+  { "sect409r1", SEC_OID_SECG_EC_SECT409R1},
+  { "nistb409", SEC_OID_SECG_EC_SECT409R1},
+  { "sect571k1", SEC_OID_SECG_EC_SECT571K1},
+  { "nistk571", SEC_OID_SECG_EC_SECT571K1},
+  { "sect571r1", SEC_OID_SECG_EC_SECT571R1},
+  { "nistb571", SEC_OID_SECG_EC_SECT571R1},
+
+};
+
+mozilla::UniqueSECItem
+DecodeECParams(const char* curve)
+{
+    SECOidData *oidData = nullptr;
+    SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
+    int i, numCurves;
+
+    if (curve && *curve) {
+        numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
+        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); 
+             i++) {
+            if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+                curveOidTag = nameTagPair[i].curveOidTag;
+        }
+    }
+
+    /* Return nullptr if curve name is not recognized */
+    if ((curveOidTag == SEC_OID_UNKNOWN) || 
+        (oidData = SECOID_FindOIDByTag(curveOidTag)) == nullptr) {
+        return nullptr;
+    }
+
+    mozilla::UniqueSECItem ecparams(SECITEM_AllocItem(nullptr, nullptr,
+                                                      2 + oidData->oid.len));
+    if (!ecparams) {
+        return nullptr;
+    }
+
+    /* 
+     * ecparams->data needs to contain the ASN encoding of an object ID (OID)
+     * representing the named curve. The actual OID is in 
+     * oidData->oid.data so we simply prepend 0x06 and OID length
+     */
+    ecparams->data[0] = SEC_ASN1_OBJECT_ID;
+    ecparams->data[1] = oidData->oid.len;
+    memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
+
+    return ecparams;
+}
+
+NS_IMPL_ISUPPORTS(nsKeygenFormProcessor, nsIFormProcessor)
+
+nsKeygenFormProcessor::nsKeygenFormProcessor()
+{ 
+   m_ctx = new PipUIContext();
+} 
+
+nsKeygenFormProcessor::~nsKeygenFormProcessor()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+nsresult
+nsKeygenFormProcessor::Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult)
+{
+  if (GeckoProcessType_Content == XRE_GetProcessType()) {
+    nsCOMPtr<nsISupports> contentProcessor = new nsKeygenFormProcessorContent();
+    return contentProcessor->QueryInterface(aIID, aResult);
+  }
+
+  nsresult rv;
+  NS_ENSURE_NO_AGGREGATION(aOuter);
+  nsKeygenFormProcessor* formProc = new nsKeygenFormProcessor();
+
+  nsCOMPtr<nsISupports> stabilize = formProc;
+  rv = formProc->Init();
+  if (NS_SUCCEEDED(rv)) {
+    rv = formProc->QueryInterface(aIID, aResult);
+  }
+  return rv;
+}
+
+nsresult
+nsKeygenFormProcessor::Init()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv;
+
+  nsCOMPtr<nsINSSComponent> nssComponent;
+  nssComponent = do_GetService(kNSSComponentCID, &rv);
+  if (NS_FAILED(rv))
+    return rv;
+
+  // Init possible key size choices.
+  nssComponent->GetPIPNSSBundleString("HighGrade", mSECKeySizeChoiceList[0].name);
+  mSECKeySizeChoiceList[0].size = 2048;
+
+  nssComponent->GetPIPNSSBundleString("MediumGrade", mSECKeySizeChoiceList[1].name);
+  mSECKeySizeChoiceList[1].size = 1024;
+
+  return NS_OK;
+}
+
+nsresult
+nsKeygenFormProcessor::GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return GetSlotWithMechanism(aMechanism, m_ctx, aSlot, locker);
+}
+
+uint32_t MapGenMechToAlgoMech(uint32_t mechanism)
+{
+    uint32_t searchMech;
+
+    /* We are interested in slots based on the ability to perform
+       a given algorithm, not on their ability to generate keys usable
+       by that algorithm. Therefore, map keygen-specific mechanism tags
+       to tags for the corresponding crypto algorithm. */
+    switch(mechanism)
+    {
+    case CKM_RSA_PKCS_KEY_PAIR_GEN:
+        searchMech = CKM_RSA_PKCS;
+        break;
+    case CKM_RC4_KEY_GEN:
+        searchMech = CKM_RC4;
+        break;
+    case CKM_DH_PKCS_KEY_PAIR_GEN:
+        searchMech = CKM_DH_PKCS_DERIVE; /* ### mwelch  is this right? */
+        break;
+    case CKM_DES_KEY_GEN:
+        /* What do we do about DES keygen? Right now, we're just using
+           DES_KEY_GEN to look for tokens, because otherwise we'll have
+           to search the token list three times. */
+    case CKM_EC_KEY_PAIR_GEN:
+        /* The default should also work for EC key pair generation. */
+    default:
+        searchMech = mechanism;
+        break;
+    }
+    return searchMech;
+}
+
+
+nsresult
+GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx,
+                     PK11SlotInfo** aSlot, nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+    PK11SlotList * slotList = nullptr;
+    char16_t** tokenNameList = nullptr;
+    nsCOMPtr<nsITokenDialogs> dialogs;
+    char16_t *unicodeTokenChosen;
+    PK11SlotListElement *slotElement, *tmpSlot;
+    uint32_t numSlots = 0, i = 0;
+    bool canceled;
+    nsresult rv = NS_OK;
+
+    *aSlot = nullptr;
+
+    // Get the slot
+    slotList = PK11_GetAllTokens(MapGenMechToAlgoMech(aMechanism), 
+                                true, true, m_ctx);
+    if (!slotList || !slotList->head) {
+        rv = NS_ERROR_FAILURE;
+        goto loser;
+    }
+
+    if (!slotList->head->next) {
+        /* only one slot available, just return it */
+        *aSlot = slotList->head->slot;
+      } else {
+        // Gerenate a list of slots and ask the user to choose //
+        tmpSlot = slotList->head;
+        while (tmpSlot) {
+            numSlots++;
+            tmpSlot = tmpSlot->next;
+        }
+
+        // Allocate the slot name buffer //
+        tokenNameList = static_cast<char16_t**>(moz_xmalloc(sizeof(char16_t *) * numSlots));
+        if (!tokenNameList) {
+            rv = NS_ERROR_OUT_OF_MEMORY;
+            goto loser;
+        }
+
+        i = 0;
+        slotElement = PK11_GetFirstSafe(slotList);
+        while (slotElement) {
+            tokenNameList[i] = UTF8ToNewUnicode(nsDependentCString(PK11_GetTokenName(slotElement->slot)));
+            slotElement = PK11_GetNextSafe(slotList, slotElement, false);
+            if (tokenNameList[i])
+                i++;
+            else {
+                // OOM. adjust numSlots so we don't free unallocated memory. 
+                numSlots = i;
+                PK11_FreeSlotListElement(slotList, slotElement);
+                rv = NS_ERROR_OUT_OF_MEMORY;
+                goto loser;
+            }
+        }
+
+        // Throw up the token list dialog and get back the token.
+        rv = getNSSDialogs(getter_AddRefs(dialogs), NS_GET_IID(nsITokenDialogs),
+                           NS_TOKENDIALOGS_CONTRACTID);
+
+        if (NS_FAILED(rv)) {
+            goto loser;
+        }
+
+    if (!tokenNameList || !*tokenNameList) {
+        rv = NS_ERROR_OUT_OF_MEMORY;
+    } else {
+        rv = dialogs->ChooseToken(m_ctx, (const char16_t**)tokenNameList,
+                                  numSlots, &unicodeTokenChosen, &canceled);
+    }
+		if (NS_FAILED(rv)) goto loser;
+
+		if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+
+        // Get the slot //
+        slotElement = PK11_GetFirstSafe(slotList);
+        nsAutoString tokenStr(unicodeTokenChosen);
+        while (slotElement) {
+            if (tokenStr.Equals(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slotElement->slot)))) {
+                *aSlot = slotElement->slot;
+                PK11_FreeSlotListElement(slotList, slotElement);
+                break;
+            }
+            slotElement = PK11_GetNextSafe(slotList, slotElement, false);
+        }
+        if(!(*aSlot)) {
+            rv = NS_ERROR_FAILURE;
+            goto loser;
+        }
+      }
+
+      // Get a reference to the slot //
+      PK11_ReferenceSlot(*aSlot);
+loser:
+      if (slotList) {
+          PK11_FreeSlotList(slotList);
+      }
+      if (tokenNameList) {
+          NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(numSlots, tokenNameList);
+      }
+      return rv;
+}
+
+
+void
+GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve)
+{
+  if (keyGenMechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) {
+    if (keysize > 8196 || keysize < 0) {
+      return;
+    }
+
+    nsCString telemetryValue("rsa");
+    telemetryValue.AppendPrintf("%d", keysize);
+    mozilla::Telemetry::Accumulate(
+        mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, telemetryValue);
+  } else if (keyGenMechanism == CKM_EC_KEY_PAIR_GEN) {
+    nsCString secp384r1 = NS_LITERAL_CSTRING("secp384r1");
+    nsCString secp256r1 = NS_LITERAL_CSTRING("secp256r1");
+
+    mozilla::UniqueSECItem decoded = DecodeECParams(curve);
+    if (!decoded) {
+      switch (keysize) {
+        case 2048:
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
+          break;
+        case 1024:
+        case 512:
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
+          break;
+      }
+    } else {
+      if (secp384r1.EqualsIgnoreCase(curve, secp384r1.Length())) {
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
+      } else if (secp256r1.EqualsIgnoreCase(curve, secp256r1.Length())) {
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
+      } else {
+        mozilla::Telemetry::Accumulate(
+            mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec"));
+      }
+    }
+  } else {
+    MOZ_CRASH("Unknown keygen algorithm");
+    return;
+  }
+}
+
+nsresult
+nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
+                                    const nsAString& aChallenge,
+                                    const nsAFlatString& aKeyType,
+                                    nsAString& aOutPublicKey,
+                                    const nsAString& aKeyParams)
+{
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    nsresult rv = NS_ERROR_FAILURE;
+    UniquePORTString keystring;
+    char *keyparamsString = nullptr;
+    uint32_t keyGenMechanism;
+    PK11SlotInfo *slot = nullptr;
+    PK11RSAGenParams rsaParams;
+    mozilla::UniqueSECItem ecParams;
+    SECOidTag algTag;
+    int keysize = 0;
+    void *params = nullptr; // Non-owning.
+    SECKEYPrivateKey *privateKey = nullptr;
+    SECKEYPublicKey *publicKey = nullptr;
+    CERTSubjectPublicKeyInfo *spkInfo = nullptr;
+    SECStatus srv = SECFailure;
+    SECItem spkiItem;
+    SECItem pkacItem;
+    SECItem signedItem;
+    CERTPublicKeyAndChallenge pkac;
+    pkac.challenge.data = nullptr;
+    nsCOMPtr<nsIGeneratingKeypairInfoDialogs> dialogs;
+    nsKeygenThread *KeygenRunnable = 0;
+    nsCOMPtr<nsIKeygenThread> runnable;
+
+    // permanent and sensitive flags for keygen
+    PK11AttrFlags attrFlags = PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE;
+
+    UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+    if (!arena) {
+        goto loser;
+    }
+
+    // Get the key size //
+    for (size_t i = 0; i < number_of_key_size_choices; ++i) {
+        if (aValue.Equals(mSECKeySizeChoiceList[i].name)) {
+            keysize = mSECKeySizeChoiceList[i].size;
+            break;
+        }
+    }
+    if (!keysize) {
+        goto loser;
+    }
+
+    // Set the keygen mechanism
+    if (aKeyType.IsEmpty() || aKeyType.LowerCaseEqualsLiteral("rsa")) {
+        keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+    } else if (aKeyType.LowerCaseEqualsLiteral("ec")) {
+        keyparamsString = ToNewCString(aKeyParams);
+        if (!keyparamsString) {
+            rv = NS_ERROR_OUT_OF_MEMORY;
+            goto loser;
+        }
+
+        keyGenMechanism = CKM_EC_KEY_PAIR_GEN;
+        /* ecParams are initialized later */
+    } else {
+        goto loser;
+    }
+
+    // Get the slot
+    rv = GetSlot(keyGenMechanism, &slot);
+    if (NS_FAILED(rv)) {
+        goto loser;
+    }
+    switch (keyGenMechanism) {
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+            rsaParams.keySizeInBits = keysize;
+            rsaParams.pe = DEFAULT_RSA_KEYGEN_PE;
+            algTag = DEFAULT_RSA_KEYGEN_ALG;
+            params = &rsaParams;
+            break;
+        case CKM_EC_KEY_PAIR_GEN:
+            /* XXX We ought to rethink how the KEYGEN tag is 
+             * displayed. The pulldown selections presented
+             * to the user must depend on the keytype.
+             * The displayed selection could be picked
+             * from the keyparams attribute (this is currently called
+             * the pqg attribute).
+             * For now, we pick ecparams from the keyparams field
+             * if it specifies a valid supported curve, or else 
+             * we pick one of secp384r1, secp256r1 or secp192r1
+             * respectively depending on the user's selection
+             * (High, Medium, Low). 
+             * (RSA uses RSA-2048, RSA-1024 and RSA-512 for historical
+             * reasons, while ECC choices represent a stronger mapping)
+             * NOTE: The user's selection
+             * is silently ignored when a valid curve is presented
+             * in keyparams.
+             */
+            ecParams = DecodeECParams(keyparamsString);
+            if (!ecParams) {
+                /* The keyparams attribute did not specify a valid
+                 * curve name so use a curve based on the keysize.
+                 * NOTE: Here keysize is used only as an indication of
+                 * High/Medium/Low strength; elliptic curve
+                 * cryptography uses smaller keys than RSA to provide
+                 * equivalent security.
+                 */
+                switch (keysize) {
+                case 2048:
+                    ecParams = DecodeECParams("secp384r1");
+                    break;
+                case 1024:
+                case 512:
+                    ecParams = DecodeECParams("secp256r1");
+                    break;
+                } 
+            }
+            MOZ_ASSERT(ecParams);
+            params = ecParams.get();
+            /* XXX The signature algorithm ought to choose the hashing
+             * algorithm based on key size once ECDSA variations based
+             * on SHA256 SHA384 and SHA512 are standardized.
+             */
+            algTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+            break;
+      default:
+          goto loser;
+      }
+
+    /* Make sure token is initialized. */
+    rv = setPassword(slot, m_ctx, locker);
+    if (NS_FAILED(rv))
+        goto loser;
+
+    srv = PK11_Authenticate(slot, true, m_ctx);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = getNSSDialogs(getter_AddRefs(dialogs),
+                       NS_GET_IID(nsIGeneratingKeypairInfoDialogs),
+                       NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID);
+
+    if (NS_SUCCEEDED(rv)) {
+        KeygenRunnable = new nsKeygenThread();
+        NS_IF_ADDREF(KeygenRunnable);
+    }
+
+    if (NS_FAILED(rv) || !KeygenRunnable) {
+        rv = NS_OK;
+        privateKey = PK11_GenerateKeyPairWithFlags(slot, keyGenMechanism, params,
+                                                   &publicKey, attrFlags, m_ctx);
+    } else {
+        KeygenRunnable->SetParams( slot, attrFlags, nullptr, 0,
+                                   keyGenMechanism, params, m_ctx );
+
+        runnable = do_QueryInterface(KeygenRunnable);
+        if (runnable) {
+            rv = dialogs->DisplayGeneratingKeypairInfo(m_ctx, runnable);
+            // We call join on the thread so we can be sure that no
+            // simultaneous access to the passed parameters will happen.
+            KeygenRunnable->Join();
+
+            if (NS_SUCCEEDED(rv)) {
+                PK11SlotInfo *used_slot = nullptr;
+                rv = KeygenRunnable->ConsumeResult(&used_slot, &privateKey, &publicKey);
+                if (NS_SUCCEEDED(rv) && used_slot) {
+                  PK11_FreeSlot(used_slot);
+                }
+            }
+        }
+    }
+    
+    if (NS_FAILED(rv) || !privateKey) {
+        goto loser;
+    }
+    // just in case we'll need to authenticate to the db -jp //
+    privateKey->wincx = m_ctx;
+
+    /*
+     * Create a subject public key info from the public key.
+     */
+    spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
+    if ( !spkInfo ) {
+        goto loser;
+    }
+
+    /*
+     * Now DER encode the whole subjectPublicKeyInfo.
+     */
+    srv = DER_Encode(arena.get(), &spkiItem, CERTSubjectPublicKeyInfoTemplate,
+                     spkInfo);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * set up the PublicKeyAndChallenge data structure, then DER encode it
+     */
+    pkac.spki = spkiItem;
+    pkac.challenge.len = aChallenge.Length();
+    pkac.challenge.data = (unsigned char *)ToNewCString(aChallenge);
+    if (!pkac.challenge.data) {
+        rv = NS_ERROR_OUT_OF_MEMORY;
+        goto loser;
+    }
+
+    srv = DER_Encode(arena.get(), &pkacItem, CERTPublicKeyAndChallengeTemplate,
+                     &pkac);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * now sign the DER encoded PublicKeyAndChallenge
+     */
+    srv = SEC_DerSignData(arena.get(), &signedItem, pkacItem.data, pkacItem.len,
+                          privateKey, algTag);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * Convert the signed public key and challenge into base64/ascii.
+     */
+    keystring = UniquePORTString(
+      BTOA_DataToAscii(signedItem.data, signedItem.len));
+    if (!keystring) {
+        rv = NS_ERROR_OUT_OF_MEMORY;
+        goto loser;
+    }
+
+    CopyASCIItoUTF16(keystring.get(), aOutPublicKey);
+
+    rv = NS_OK;
+
+    GatherKeygenTelemetry(keyGenMechanism, keysize, keyparamsString);
+loser:
+    if (srv != SECSuccess) {
+        if ( privateKey ) {
+            PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID);
+        }
+        if ( publicKey ) {
+            PK11_DestroyTokenObject(publicKey->pkcs11Slot,publicKey->pkcs11ID);
+        }
+    }
+    if ( spkInfo ) {
+        SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
+    }
+    if ( publicKey ) {
+        SECKEY_DestroyPublicKey(publicKey);
+    }
+    if ( privateKey ) {
+        SECKEY_DestroyPrivateKey(privateKey);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    if (KeygenRunnable) {
+        NS_RELEASE(KeygenRunnable);
+    }
+    if (keyparamsString) {
+        free(keyparamsString);
+    }
+    if (pkac.challenge.data) {
+        free(pkac.challenge.data);
+    }
+    return rv;
+}
+
+// static
+void
+nsKeygenFormProcessor::ExtractParams(nsIDOMHTMLElement* aElement,
+                                     nsAString& challengeValue,
+                                     nsAString& keyTypeValue,
+                                     nsAString& keyParamsValue)
+{
+    aElement->GetAttribute(NS_LITERAL_STRING("keytype"), keyTypeValue);
+    if (keyTypeValue.IsEmpty()) {
+        // If this field is not present, we default to rsa.
+        keyTypeValue.AssignLiteral("rsa");
+    }
+
+    aElement->GetAttribute(NS_LITERAL_STRING("pqg"),
+                           keyParamsValue);
+    /* XXX We can still support the pqg attribute in the keygen 
+     * tag for backward compatibility while introducing a more 
+     * general attribute named keyparams.
+     */
+    if (keyParamsValue.IsEmpty()) {
+        aElement->GetAttribute(NS_LITERAL_STRING("keyparams"), 
+                               keyParamsValue);
+    }
+
+    aElement->GetAttribute(NS_LITERAL_STRING("challenge"), challengeValue);
+}
+
+nsresult
+nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement* aElement,
+                                    const nsAString& aName,
+                                    nsAString& aValue)
+{
+    nsAutoString challengeValue;
+    nsAutoString keyTypeValue;
+    nsAutoString keyParamsValue;
+    ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue);
+
+    return GetPublicKey(aValue, challengeValue, keyTypeValue, 
+                        aValue, keyParamsValue);
+}
+
+nsresult
+nsKeygenFormProcessor::ProcessValueIPC(const nsAString& aOldValue,
+                                       const nsAString& aChallenge,
+                                       const nsAString& aKeyType,
+                                       const nsAString& aKeyParams,
+                                       nsAString& newValue)
+{
+    return GetPublicKey(aOldValue, aChallenge, PromiseFlatString(aKeyType),
+                        newValue, aKeyParams);
+}
+
+nsresult
+nsKeygenFormProcessor::ProvideContent(const nsAString& aFormType,
+                                      nsTArray<nsString>& aContent,
+                                      nsAString& aAttribute)
+{ 
+  if (Compare(aFormType, NS_LITERAL_STRING("SELECT"),
+              nsCaseInsensitiveStringComparator()) == 0) {
+
+    for (size_t i = 0; i < number_of_key_size_choices; ++i) {
+      aContent.AppendElement(mSECKeySizeChoiceList[i].name);
+    }
+    aAttribute.AssignLiteral("-mozilla-keygen");
+  }
+  return NS_OK;
+} 
+
diff --git a/security/manager/ssl/nsKeygenHandler.h b/security/manager/ssl/nsKeygenHandler.h
new file mode 100644
index 000000000..56cac4850
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandler.h
@@ -0,0 +1,82 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsKeygenHandler_h
+#define nsKeygenHandler_h
+
+#include "ScopedNSSTypes.h"
+#include "keythi.h"
+#include "nsCOMPtr.h"
+#include "nsError.h"
+#include "nsIFormProcessor.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsNSSShutDown.h"
+#include "nsTArray.h"
+#include "secmodt.h"
+
+nsresult GetSlotWithMechanism(uint32_t mechanism,
+                              nsIInterfaceRequestor* ctx,
+                              PK11SlotInfo** retSlot,
+                              nsNSSShutDownPreventionLock& /*proofOfLock*/);
+
+#define DEFAULT_RSA_KEYGEN_PE 65537L
+#define DEFAULT_RSA_KEYGEN_ALG SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION
+
+mozilla::UniqueSECItem DecodeECParams(const char* curve);
+
+class nsKeygenFormProcessor : public nsIFormProcessor
+                            , public nsNSSShutDownObject
+{
+public:
+  nsKeygenFormProcessor();
+  nsresult Init();
+
+  virtual nsresult ProcessValue(nsIDOMHTMLElement* aElement,
+                                const nsAString& aName,
+                                nsAString& aValue) override;
+
+  virtual nsresult ProcessValueIPC(const nsAString& aOldValue,
+                                   const nsAString& aChallenge,
+                                   const nsAString& aKeyType,
+                                   const nsAString& aKeyParams,
+                                   nsAString& aNewValue) override;
+
+  virtual nsresult ProvideContent(const nsAString& aFormType,
+                                  nsTArray<nsString>& aContent,
+                                  nsAString& aAttribute) override;
+  NS_DECL_THREADSAFE_ISUPPORTS
+
+  static nsresult Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult);
+
+  static void ExtractParams(nsIDOMHTMLElement* aElement,
+                            nsAString& challengeValue,
+                            nsAString& keyTypeValue,
+                            nsAString& keyParamsValue);
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+protected:
+  virtual ~nsKeygenFormProcessor();
+
+  nsresult GetPublicKey(const nsAString& aValue, const nsAString& aChallenge,
+                        const nsAFlatString& akeyType, nsAString& aOutPublicKey,
+                        const nsAString& aPqg);
+  nsresult GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot);
+private:
+  nsCOMPtr<nsIInterfaceRequestor> m_ctx;
+
+  typedef struct SECKeySizeChoiceInfoStr {
+      nsString name;
+      int size;
+  } SECKeySizeChoiceInfo;
+
+  enum { number_of_key_size_choices = 2 };
+
+  SECKeySizeChoiceInfo mSECKeySizeChoiceList[number_of_key_size_choices];
+};
+
+#endif // nsKeygenHandler_h
diff --git a/security/manager/ssl/nsKeygenHandlerContent.cpp b/security/manager/ssl/nsKeygenHandlerContent.cpp
new file mode 100644
index 000000000..766da0a6d
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandlerContent.cpp
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=2 sw=2 sts=2 et tw=80:
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsKeygenHandlerContent.h"
+
+#include "nsIFormProcessor.h"
+#include "nsString.h"
+
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/Unused.h"
+
+#include "keythi.h"
+#include "nss.h"
+#include "secmodt.h"
+#include "nsKeygenHandler.h"
+
+using mozilla::dom::ContentChild;
+using mozilla::Unused;
+
+NS_IMPL_ISUPPORTS(nsKeygenFormProcessorContent, nsIFormProcessor)
+
+nsKeygenFormProcessorContent::nsKeygenFormProcessorContent()
+{
+}
+
+nsKeygenFormProcessorContent::~nsKeygenFormProcessorContent()
+{
+}
+
+nsresult
+nsKeygenFormProcessorContent::ProcessValue(nsIDOMHTMLElement* aElement,
+                                           const nsAString& aName,
+                                           nsAString& aValue)
+{
+  nsAutoString challengeValue;
+  nsAutoString keyTypeValue;
+  nsAutoString keyParamsValue;
+  nsKeygenFormProcessor::ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue);
+
+  ContentChild* child = ContentChild::GetSingleton();
+
+  nsString oldValue(aValue);
+  nsString newValue;
+  Unused << child->SendKeygenProcessValue(oldValue, challengeValue,
+                                          keyTypeValue, keyParamsValue,
+                                          &newValue);
+
+  aValue.Assign(newValue);
+  return NS_OK;
+}
+
+nsresult
+nsKeygenFormProcessorContent::ProcessValueIPC(const nsAString& aOldValue,
+                                              const nsAString& aChallenge,
+                                              const nsAString& aKeyType,
+                                              const nsAString& aKeyParams,
+                                              nsAString& aNewValue)
+{
+  MOZ_ASSERT(false, "should never be called in the child process");
+  return NS_ERROR_UNEXPECTED;
+}
+
+nsresult
+nsKeygenFormProcessorContent::ProvideContent(const nsAString& aFormType,
+                                             nsTArray<nsString>& aContent,
+                                             nsAString& aAttribute)
+{
+  nsString attribute;
+  Unused <<
+    ContentChild::GetSingleton()->SendKeygenProvideContent(&attribute,
+                                                           &aContent);
+  aAttribute.Assign(attribute);
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsKeygenHandlerContent.h b/security/manager/ssl/nsKeygenHandlerContent.h
new file mode 100644
index 000000000..c36e57051
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandlerContent.h
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=2 sw=2 sts=2 et tw=80:
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsKeygenHandlerContent_h
+#define nsKeygenHandlerContent_h
+
+#include "mozilla/Attributes.h"
+#include "nsIFormProcessor.h"
+#include "nsStringFwd.h"
+#include "nsTArray.h"
+
+class nsIDOMHTMLElement;
+
+class nsKeygenFormProcessorContent final : public nsIFormProcessor {
+public:
+  nsKeygenFormProcessorContent();
+
+  virtual nsresult ProcessValue(nsIDOMHTMLElement* aElement,
+                                const nsAString& aName,
+                                nsAString& aValue) override;
+
+  virtual nsresult ProcessValueIPC(const nsAString& aOldValue,
+                                   const nsAString& aChallenge,
+                                   const nsAString& aKeyType,
+                                   const nsAString& aKeyParams,
+                                   nsAString& aNewValue) override;
+
+  virtual nsresult ProvideContent(const nsAString& aFormType,
+                                  nsTArray<nsString>& aContent,
+                                  nsAString& aAttribute) override;
+
+  NS_DECL_ISUPPORTS
+
+protected:
+  ~nsKeygenFormProcessorContent();
+};
+
+#endif // nsKeygenHandlerContent_h
diff --git a/security/manager/ssl/nsKeygenThread.cpp b/security/manager/ssl/nsKeygenThread.cpp
new file mode 100644
index 000000000..b295c4f36
--- /dev/null
+++ b/security/manager/ssl/nsKeygenThread.cpp
@@ -0,0 +1,254 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11func.h"
+#include "nsCOMPtr.h"
+#include "nsThreadUtils.h"
+#include "nsKeygenThread.h"
+#include "nsIObserver.h"
+#include "nsNSSShutDown.h"
+#include "PSMRunnable.h"
+#include "mozilla/DebugOnly.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsKeygenThread, nsIKeygenThread)
+
+
+nsKeygenThread::nsKeygenThread()
+:mutex("nsKeygenThread.mutex"),
+ iAmRunning(false),
+ keygenReady(false),
+ statusDialogClosed(false),
+ alreadyReceivedParams(false),
+ privateKey(nullptr),
+ publicKey(nullptr),
+ slot(nullptr),
+ flags(0),
+ altSlot(nullptr),
+ altFlags(0),
+ usedSlot(nullptr),
+ keyGenMechanism(0),
+ params(nullptr),
+ wincx(nullptr),
+ threadHandle(nullptr)
+{
+}
+
+nsKeygenThread::~nsKeygenThread()
+{
+  // clean up in the unlikely case that nobody consumed our results
+  
+  if (privateKey)
+    SECKEY_DestroyPrivateKey(privateKey);
+    
+  if (publicKey)
+    SECKEY_DestroyPublicKey(publicKey);
+    
+  if (usedSlot)
+    PK11_FreeSlot(usedSlot);
+}
+
+void nsKeygenThread::SetParams(
+    PK11SlotInfo *a_slot,
+    PK11AttrFlags a_flags,
+    PK11SlotInfo *a_alternative_slot,
+    PK11AttrFlags a_alternative_flags,
+    uint32_t a_keyGenMechanism,
+    void *a_params,
+    void *a_wincx )
+{
+  nsNSSShutDownPreventionLock locker;
+  MutexAutoLock lock(mutex);
+ 
+    if (!alreadyReceivedParams) {
+      alreadyReceivedParams = true;
+      slot = (a_slot) ? PK11_ReferenceSlot(a_slot) : nullptr;
+      flags = a_flags;
+      altSlot = (a_alternative_slot) ? PK11_ReferenceSlot(a_alternative_slot) : nullptr;
+      altFlags = a_alternative_flags;
+      keyGenMechanism = a_keyGenMechanism;
+      params = a_params;
+      wincx = a_wincx;
+    }
+}
+
+nsresult nsKeygenThread::ConsumeResult(
+    PK11SlotInfo **a_used_slot,
+    SECKEYPrivateKey **a_privateKey,
+    SECKEYPublicKey **a_publicKey)
+{
+  if (!a_used_slot || !a_privateKey || !a_publicKey) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv;
+
+  MutexAutoLock lock(mutex);
+  
+    // GetParams must not be called until thread creator called
+    // Join on this thread.
+    NS_ASSERTION(keygenReady, "logic error in nsKeygenThread::GetParams");
+
+    if (keygenReady) {
+      *a_privateKey = privateKey;
+      *a_publicKey = publicKey;
+      *a_used_slot = usedSlot;
+
+      privateKey = 0;
+      publicKey = 0;
+      usedSlot = 0;
+      
+      rv = NS_OK;
+    }
+    else {
+      rv = NS_ERROR_FAILURE;
+    }
+  
+  return rv;
+}
+
+static void nsKeygenThreadRunner(void *arg)
+{
+  PR_SetCurrentThreadName("Keygen");
+  nsKeygenThread *self = static_cast<nsKeygenThread *>(arg);
+  self->Run();
+}
+
+nsresult nsKeygenThread::StartKeyGeneration(nsIObserver* aObserver)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsKeygenThread::StartKeyGeneration called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  
+  if (!aObserver)
+    return NS_OK;
+
+  MutexAutoLock lock(mutex);
+
+    if (iAmRunning || keygenReady) {
+      return NS_OK;
+    }
+
+    // We must AddRef aObserver only here on the main thread, because it
+    // probably does not implement a thread-safe AddRef.
+    mNotifyObserver = new NotifyObserverRunnable(aObserver, "keygen-finished");
+
+    iAmRunning = true;
+
+    threadHandle = PR_CreateThread(PR_USER_THREAD, nsKeygenThreadRunner, static_cast<void*>(this), 
+      PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
+
+    // bool thread_started_ok = (threadHandle != nullptr);
+    // we might want to return "thread started ok" to caller in the future
+    NS_ASSERTION(threadHandle, "Could not create nsKeygenThreadRunner thread\n");
+  
+  return NS_OK;
+}
+
+nsresult nsKeygenThread::UserCanceled(bool *threadAlreadyClosedDialog)
+{
+  if (!threadAlreadyClosedDialog)
+    return NS_OK;
+
+  *threadAlreadyClosedDialog = false;
+
+  MutexAutoLock lock(mutex);
+  
+    if (keygenReady)
+      *threadAlreadyClosedDialog = statusDialogClosed;
+
+    // User somehow closed the dialog, but we will not cancel.
+    // Bad luck, we told him not do, and user still has to wait.
+    // However, we remember that it's closed and will not close
+    // it again to avoid problems.
+    statusDialogClosed = true;
+
+  return NS_OK;
+}
+
+void nsKeygenThread::Run(void)
+{
+  nsNSSShutDownPreventionLock locker;
+  bool canGenerate = false;
+
+  {
+    MutexAutoLock lock(mutex);
+    if (alreadyReceivedParams) {
+      canGenerate = true;
+      keygenReady = false;
+    }
+  }
+
+  if (canGenerate) {
+    privateKey = PK11_GenerateKeyPairWithFlags(slot, keyGenMechanism,
+                                               params, &publicKey,
+                                               flags, wincx);
+
+    if (privateKey) {
+      usedSlot = PK11_ReferenceSlot(slot);
+    }
+    else if (altSlot) {
+      privateKey = PK11_GenerateKeyPairWithFlags(altSlot, keyGenMechanism,
+                                                 params, &publicKey,
+                                                 altFlags, wincx);
+      if (privateKey) {
+        usedSlot = PK11_ReferenceSlot(altSlot);
+      }
+    }
+  }
+  
+  // This call gave us ownership over privateKey and publicKey.
+  // But as the params structure is owner by our caller,
+  // we effectively transferred ownership to the caller.
+  // As long as key generation can't be canceled, we don't need 
+  // to care for cleaning this up.
+
+  nsCOMPtr<nsIRunnable> notifyObserver;
+  {
+    MutexAutoLock lock(mutex);
+
+    keygenReady = true;
+    iAmRunning = false;
+
+    // forget our parameters
+    if (slot) {
+      PK11_FreeSlot(slot);
+      slot = 0;
+    }
+    if (altSlot) {
+      PK11_FreeSlot(altSlot);
+      altSlot = 0;
+    }
+    keyGenMechanism = 0;
+    params = 0;
+    wincx = 0;
+
+    if (!statusDialogClosed && mNotifyObserver)
+      notifyObserver = mNotifyObserver;
+
+    mNotifyObserver = nullptr;
+  }
+
+  if (notifyObserver) {
+    DebugOnly<nsresult> rv = NS_DispatchToMainThread(notifyObserver);
+    NS_ASSERTION(NS_SUCCEEDED(rv),
+		 "failed to dispatch keygen thread observer to main thread");
+  }
+}
+
+void nsKeygenThread::Join()
+{
+  if (!threadHandle)
+    return;
+  
+  PR_JoinThread(threadHandle);
+  threadHandle = nullptr;
+
+  return;
+}
diff --git a/security/manager/ssl/nsKeygenThread.h b/security/manager/ssl/nsKeygenThread.h
new file mode 100644
index 000000000..139bf89f8
--- /dev/null
+++ b/security/manager/ssl/nsKeygenThread.h
@@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSKEYGENTHREAD_H_
+#define _NSKEYGENTHREAD_H_
+
+#include "keyhi.h"
+#include "nspr.h"
+
+#include "mozilla/Mutex.h"
+#include "nsIKeygenThread.h"
+#include "nsCOMPtr.h"
+
+class nsIRunnable;
+
+class nsKeygenThread : public nsIKeygenThread
+{
+private:
+  mozilla::Mutex mutex;
+  
+  nsCOMPtr<nsIRunnable> mNotifyObserver;
+
+  bool iAmRunning;
+  bool keygenReady;
+  bool statusDialogClosed;
+  bool alreadyReceivedParams;
+
+  SECKEYPrivateKey *privateKey;
+  SECKEYPublicKey *publicKey;
+  PK11SlotInfo *slot;
+  PK11AttrFlags flags;
+  PK11SlotInfo *altSlot;
+  PK11AttrFlags altFlags;
+  PK11SlotInfo *usedSlot;
+  uint32_t keyGenMechanism;
+  void *params;
+  void *wincx;
+
+  PRThread *threadHandle;
+
+protected:
+  virtual ~nsKeygenThread();
+
+public:
+  nsKeygenThread();
+  
+  NS_DECL_NSIKEYGENTHREAD
+  NS_DECL_THREADSAFE_ISUPPORTS
+
+  void SetParams(
+    PK11SlotInfo *a_slot,
+    PK11AttrFlags a_flags,
+    PK11SlotInfo *a_alternative_slot,
+    PK11AttrFlags a_alternative_flags,
+    uint32_t a_keyGenMechanism,
+    void *a_params,
+    void *a_wincx );
+
+  nsresult ConsumeResult(
+    PK11SlotInfo **a_used_slot,
+    SECKEYPrivateKey **a_privateKey,
+    SECKEYPublicKey **a_publicKey);
+  
+  void Join(void);
+
+  void Run(void);
+};
+
+#endif //_NSKEYGENTHREAD_H_
diff --git a/security/manager/ssl/nsNSSASN1Object.cpp b/security/manager/ssl/nsNSSASN1Object.cpp
new file mode 100644
index 000000000..6b52d8c94
--- /dev/null
+++ b/security/manager/ssl/nsNSSASN1Object.cpp
@@ -0,0 +1,430 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsNSSASN1Object.h"
+
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsIComponentManager.h"
+#include "nsReadableUtils.h"
+#include "nsXPCOMCID.h"
+#include "secasn1.h"
+
+NS_IMPL_ISUPPORTS(nsNSSASN1Sequence, nsIASN1Sequence, nsIASN1Object)
+NS_IMPL_ISUPPORTS(nsNSSASN1PrintableItem, nsIASN1PrintableItem, nsIASN1Object)
+
+// This function is used to interpret an integer that
+// was encoded in a DER buffer. This function is used
+// when converting a DER buffer into a nsIASN1Object 
+// structure.  This interprets the buffer in data
+// as defined by the DER (Distinguised Encoding Rules) of
+// ASN1.
+static int
+getInteger256(unsigned char *data, unsigned int nb)
+{
+    int val;
+
+    switch (nb) {
+      case 1:
+        val = data[0];
+        break;
+      case 2:
+        val = (data[0] << 8) | data[1];
+        break;
+      case 3:
+        val = (data[0] << 16) | (data[1] << 8) | data[2];
+        break;
+      case 4:
+        val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
+        break;
+      default:
+        return -1;
+    }
+
+    return val;
+}
+
+// This function is used to retrieve the lenght of a DER encoded
+// item.  It looks to see if this a multibyte length and then
+// interprets the buffer accordingly to get the actual length value.
+// This funciton is used mostly while parsing the DER headers.
+// 
+// A DER encoded item has the following structure:
+//
+//  <tag><length<data consisting of lenght bytes>
+static int32_t
+getDERItemLength(unsigned char *data, unsigned char *end,
+                 unsigned long *bytesUsed, bool *indefinite)
+{
+  unsigned char lbyte = *data++;
+  int32_t length = -1;
+  
+  *indefinite = false;
+  if (lbyte >= 0x80) {
+    // Multibyte length
+    unsigned nb = (unsigned) (lbyte & 0x7f);
+    if (nb > 4) {
+      return -1;
+    }
+    if (nb > 0) {
+    
+      if ((data+nb) > end) {
+        return -1;
+      }
+      length = getInteger256(data, nb);
+      if (length < 0)
+        return -1;
+    } else {
+      *indefinite = true;
+      length = 0;
+    }
+    *bytesUsed = nb+1;
+  } else {
+    length = lbyte;
+    *bytesUsed = 1; 
+  }
+  return length;
+}
+
+static nsresult
+buildASN1ObjectFromDER(unsigned char *data,
+                       unsigned char *end,
+                       nsIASN1Sequence *parent)
+{
+  nsresult rv;
+  nsCOMPtr<nsIASN1Sequence> sequence;
+  nsCOMPtr<nsIASN1PrintableItem> printableItem;
+  nsCOMPtr<nsIASN1Object> asn1Obj;
+  nsCOMPtr<nsIMutableArray> parentObjects;
+
+  NS_ENSURE_ARG_POINTER(parent);
+  if (data >= end)
+    return NS_OK;
+
+  unsigned char code, tagnum;
+
+  // A DER item has the form of |tag|len|data
+  // tag is one byte and describes the type of element
+  //     we are dealing with.
+  // len is a DER encoded int telling us how long the data is
+  // data is a buffer that is len bytes long and has to be
+  //      interpreted according to its type.
+  unsigned long bytesUsed;
+  bool indefinite;
+  int32_t len;
+  uint32_t type;
+
+  rv = parent->GetASN1Objects(getter_AddRefs(parentObjects));
+  if (NS_FAILED(rv) || !parentObjects)
+    return NS_ERROR_FAILURE;
+  while (data < end) {
+    code = *data;
+    tagnum = code & SEC_ASN1_TAGNUM_MASK;
+
+    /*
+     * NOTE: This code does not (yet) handle the high-tag-number form!
+     */
+    if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
+      return NS_ERROR_FAILURE;
+    }
+
+    data++;
+    len = getDERItemLength(data, end, &bytesUsed, &indefinite);
+    if (len < 0) {
+      return NS_ERROR_FAILURE;
+    }
+
+    data += bytesUsed;
+    if (data + len > end) {
+      return NS_ERROR_FAILURE;
+    }
+
+    if (code & SEC_ASN1_CONSTRUCTED) {
+      if (len > 0 || indefinite) {
+        sequence = new nsNSSASN1Sequence();
+        switch (code & SEC_ASN1_CLASS_MASK) {
+        case SEC_ASN1_UNIVERSAL:
+          type = tagnum;
+          break;
+        case SEC_ASN1_APPLICATION:
+          type = nsIASN1Object::ASN1_APPLICATION;
+          break;
+        case SEC_ASN1_CONTEXT_SPECIFIC:
+          type = nsIASN1Object::ASN1_CONTEXT_SPECIFIC;
+          break;
+        case SEC_ASN1_PRIVATE:
+          type = nsIASN1Object::ASN1_PRIVATE;
+          break;
+        default:
+          NS_ERROR("Bad DER");
+          return NS_ERROR_FAILURE;
+        }
+        sequence->SetTag(tagnum);
+        sequence->SetType(type);
+        rv = buildASN1ObjectFromDER(data, (len == 0) ? end : data + len, 
+                                    sequence);
+        asn1Obj = sequence;
+      }
+    } else {
+      printableItem = new nsNSSASN1PrintableItem();
+
+      asn1Obj = printableItem;
+      asn1Obj->SetType(tagnum);
+      asn1Obj->SetTag(tagnum); 
+      printableItem->SetData((char*)data, len);
+    }
+    data += len;
+    parentObjects->AppendElement(asn1Obj, false);
+  }
+
+  return NS_OK;
+}
+
+nsresult
+CreateFromDER(unsigned char *data,
+              unsigned int   len,
+              nsIASN1Object **retval)
+{
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence;
+  *retval = nullptr;
+  
+  nsresult rv =  buildASN1ObjectFromDER(data, data+len, sequence);
+
+  if (NS_SUCCEEDED(rv)) {
+    // The actual object will be the first element inserted
+    // into the sequence of the sequence variable we created.
+    nsCOMPtr<nsIMutableArray> elements;
+
+    sequence->GetASN1Objects(getter_AddRefs(elements));
+    nsCOMPtr<nsIASN1Object> asn1Obj = do_QueryElementAt(elements, 0);
+    if (!asn1Obj) {
+      return NS_ERROR_FAILURE;
+    }
+
+    asn1Obj.forget(retval);
+  }
+  return rv; 
+}
+
+nsNSSASN1Sequence::nsNSSASN1Sequence() : mType(0),
+                                         mTag(0),
+                                         mIsValidContainer(true),
+                                         mIsExpanded(true)
+{
+  /* member initializers and constructor code */
+}
+
+nsNSSASN1Sequence::~nsNSSASN1Sequence()
+{
+  /* destructor code */
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetASN1Objects(nsIMutableArray * *aASN1Objects)
+{
+  if (!mASN1Objects) {
+    mASN1Objects = nsArrayBase::Create();
+  }
+  *aASN1Objects = mASN1Objects;
+  NS_IF_ADDREF(*aASN1Objects);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetASN1Objects(nsIMutableArray * aASN1Objects)
+{
+  mASN1Objects = aASN1Objects;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetTag(uint32_t *aTag)
+{
+  *aTag = mTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetTag(uint32_t aTag)
+{
+  mTag = aTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetType(uint32_t *aType)
+{
+  *aType = mType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetType(uint32_t aType)
+{
+  mType = aType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetDisplayName(nsAString &aDisplayName)
+{
+  aDisplayName = mDisplayName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetDisplayName(const nsAString &aDisplayName)
+{
+  mDisplayName = aDisplayName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetDisplayValue(nsAString &aDisplayValue)
+{
+  aDisplayValue = mDisplayValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetDisplayValue(const nsAString &aDisplayValue)
+{
+  mDisplayValue = aDisplayValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetIsValidContainer(bool *aIsValidContainer)
+{
+  NS_ENSURE_ARG_POINTER(aIsValidContainer);
+  *aIsValidContainer = mIsValidContainer;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Sequence::SetIsValidContainer(bool aIsValidContainer)
+{
+  mIsValidContainer = aIsValidContainer;
+  SetIsExpanded(mIsValidContainer);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetIsExpanded(bool *aIsExpanded)
+{
+  NS_ENSURE_ARG_POINTER(aIsExpanded);
+  *aIsExpanded = mIsExpanded;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetIsExpanded(bool aIsExpanded)
+{
+  mIsExpanded = aIsExpanded;
+  return NS_OK;
+}
+
+nsNSSASN1PrintableItem::nsNSSASN1PrintableItem() : mType(0),
+                                                   mTag(0),
+                                                   mData(nullptr),
+                                                   mLen(0)
+{
+  /* member initializers and constructor code */
+}
+
+nsNSSASN1PrintableItem::~nsNSSASN1PrintableItem()
+{
+  /* destructor code */
+  if (mData)
+    free(mData);
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetDisplayValue(nsAString &aValue)
+{
+  aValue = mValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetDisplayValue(const nsAString &aValue)
+{
+  mValue = aValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetTag(uint32_t *aTag)
+{
+  *aTag = mTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetTag(uint32_t aTag)
+{
+  mTag = aTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetType(uint32_t *aType)
+{
+  *aType = mType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetType(uint32_t aType)
+{
+  mType = aType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetData(char *data, uint32_t len)
+{
+  if (len > 0) {
+    if (mLen < len) {
+      unsigned char* newData = (unsigned char*)moz_xrealloc(mData, len);
+      if (!newData)
+        return NS_ERROR_OUT_OF_MEMORY;
+
+      mData = newData;
+    }
+
+    memcpy(mData, data, len);
+  } else if (len == 0) {
+    if (mData) {
+      free(mData);
+      mData = nullptr;
+    }
+  }
+  mLen = len;
+  return NS_OK;  
+}
+
+NS_IMETHODIMP
+nsNSSASN1PrintableItem::GetData(char **outData, uint32_t *outLen)
+{
+  NS_ENSURE_ARG_POINTER(outData);
+  NS_ENSURE_ARG_POINTER(outLen);
+
+  *outData = (char*)mData;
+  *outLen  = mLen;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetDisplayName(nsAString &aDisplayName)
+{
+  aDisplayName = mDisplayName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetDisplayName(const nsAString &aDisplayName)
+{
+  mDisplayName = aDisplayName;
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSASN1Object.h b/security/manager/ssl/nsNSSASN1Object.h
new file mode 100644
index 000000000..b995a58fc
--- /dev/null
+++ b/security/manager/ssl/nsNSSASN1Object.h
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _NSSASN_H_
+#define _NSSASN_H_
+
+#include "nscore.h"
+#include "nsIX509Cert.h"
+#include "nsCOMPtr.h"
+#include "nsString.h"
+#include "nsIASN1Sequence.h"
+#include "nsIASN1PrintableItem.h"
+#include "nsIMutableArray.h"
+
+//
+// Read comments in nsIX509Cert.idl for a description of the desired
+// purpose for this ASN1 interface implementation.
+//
+
+class nsNSSASN1Sequence : public nsIASN1Sequence
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIASN1SEQUENCE
+  NS_DECL_NSIASN1OBJECT
+
+  nsNSSASN1Sequence();
+protected:
+  virtual ~nsNSSASN1Sequence();
+  /* additional members */
+private:
+  nsCOMPtr<nsIMutableArray> mASN1Objects;
+  nsString mDisplayName;
+  nsString mDisplayValue;
+  uint32_t mType;
+  uint32_t mTag;
+  bool     mIsValidContainer;
+  bool     mIsExpanded;
+};
+
+class nsNSSASN1PrintableItem : public nsIASN1PrintableItem
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIASN1PRINTABLEITEM
+  NS_DECL_NSIASN1OBJECT
+
+  nsNSSASN1PrintableItem();
+protected:
+  virtual ~nsNSSASN1PrintableItem();
+  /* additional members */
+private:
+  nsString mDisplayName;
+  nsString mValue;
+  uint32_t mType;
+  uint32_t mTag;
+  unsigned char *mData;
+  uint32_t       mLen;
+};
+
+nsresult CreateFromDER(unsigned char *data,
+                       unsigned int   len,
+                       nsIASN1Object **retval);
+#endif //_NSSASN_H_
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
new file mode 100644
index 000000000..e28760d5f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -0,0 +1,1379 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCallbacks.h"
+
+#include "PSMRunnable.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "SharedSSLState.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/TimeStamp.h"
+#include "mozilla/Unused.h"
+#include "nsContentUtils.h"
+#include "nsICertOverrideService.h"
+#include "nsIHttpChannelInternal.h"
+#include "nsIPrompt.h"
+#include "nsISupportsPriority.h"
+#include "nsITokenDialogs.h"
+#include "nsIUploadChannel.h"
+#include "nsIWebProgressListener.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSIOLayer.h"
+#include "nsNetUtil.h"
+#include "nsProtectedAuthThread.h"
+#include "nsProxyRelease.h"
+#include "pkix/pkixtypes.h"
+#include "ssl.h"
+#include "sslproto.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+static void AccumulateCipherSuite(Telemetry::ID probe,
+                                  const SSLChannelInfo& channelInfo);
+
+namespace {
+
+// Bits in bit mask for SSL_REASONS_FOR_NOT_FALSE_STARTING telemetry probe
+// These bits are numbered so that the least subtle issues have higher values.
+// This should make it easier for us to interpret the results.
+const uint32_t NPN_NOT_NEGOTIATED = 64;
+const uint32_t POSSIBLE_VERSION_DOWNGRADE = 4;
+const uint32_t POSSIBLE_CIPHER_SUITE_DOWNGRADE = 2;
+const uint32_t KEA_NOT_SUPPORTED = 1;
+
+} // namespace
+
+class nsHTTPDownloadEvent : public Runnable {
+public:
+  nsHTTPDownloadEvent();
+  ~nsHTTPDownloadEvent();
+
+  NS_IMETHOD Run();
+
+  nsNSSHttpRequestSession *mRequestSession;
+  
+  RefPtr<nsHTTPListener> mListener;
+  bool mResponsibleForDoneSignal;
+  TimeStamp mStartTime;
+};
+
+nsHTTPDownloadEvent::nsHTTPDownloadEvent()
+:mResponsibleForDoneSignal(true)
+{
+}
+
+nsHTTPDownloadEvent::~nsHTTPDownloadEvent()
+{
+  if (mResponsibleForDoneSignal && mListener)
+    mListener->send_done_signal();
+
+  mRequestSession->Release();
+}
+
+NS_IMETHODIMP
+nsHTTPDownloadEvent::Run()
+{
+  if (!mListener)
+    return NS_OK;
+
+  nsresult rv;
+
+  nsCOMPtr<nsIIOService> ios = do_GetIOService();
+  NS_ENSURE_STATE(ios);
+
+  nsCOMPtr<nsIChannel> chan;
+  ios->NewChannel2(mRequestSession->mURL,
+                   nullptr,
+                   nullptr,
+                   nullptr, // aLoadingNode
+                   nsContentUtils::GetSystemPrincipal(),
+                   nullptr, // aTriggeringPrincipal
+                   nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                   nsIContentPolicy::TYPE_OTHER,
+                   getter_AddRefs(chan));
+  NS_ENSURE_STATE(chan);
+
+  // Security operations scheduled through normal HTTP channels are given
+  // high priority to accommodate real time OCSP transactions.
+  nsCOMPtr<nsISupportsPriority> priorityChannel = do_QueryInterface(chan);
+  if (priorityChannel)
+    priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST);
+
+  chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS |
+                     nsIChannel::LOAD_BYPASS_SERVICE_WORKER);
+
+  // For OCSP requests, only the first party domain aspect of origin attributes
+  // is used. This means that OCSP requests are shared across different
+  // containers.
+  if (mRequestSession->mOriginAttributes != NeckoOriginAttributes()) {
+    NeckoOriginAttributes attrs;
+    attrs.mFirstPartyDomain =
+      mRequestSession->mOriginAttributes.mFirstPartyDomain;
+
+    nsCOMPtr<nsILoadInfo> loadInfo = chan->GetLoadInfo();
+    if (loadInfo) {
+      rv = loadInfo->SetOriginAttributes(attrs);
+      NS_ENSURE_SUCCESS(rv, rv);
+    }
+  }
+
+  // Create a loadgroup for this new channel.  This way if the channel
+  // is redirected, we'll have a way to cancel the resulting channel.
+  nsCOMPtr<nsILoadGroup> lg = do_CreateInstance(NS_LOADGROUP_CONTRACTID);
+  chan->SetLoadGroup(lg);
+
+  if (mRequestSession->mHasPostData)
+  {
+    nsCOMPtr<nsIInputStream> uploadStream;
+    rv = NS_NewPostDataStream(getter_AddRefs(uploadStream),
+                              false,
+                              mRequestSession->mPostData);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    nsCOMPtr<nsIUploadChannel> uploadChannel(do_QueryInterface(chan));
+    NS_ENSURE_STATE(uploadChannel);
+
+    rv = uploadChannel->SetUploadStream(uploadStream, 
+                                        mRequestSession->mPostContentType,
+                                        -1);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  // Do not use SPDY for internal security operations. It could result
+  // in the silent upgrade to ssl, which in turn could require an SSL
+  // operation to fulfill something like an OCSP fetch, which is an
+  // endless loop.
+  nsCOMPtr<nsIHttpChannelInternal> internalChannel = do_QueryInterface(chan);
+  if (internalChannel) {
+    rv = internalChannel->SetAllowSpdy(false);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  nsCOMPtr<nsIHttpChannel> hchan = do_QueryInterface(chan);
+  NS_ENSURE_STATE(hchan);
+
+  rv = hchan->SetAllowSTS(false);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = hchan->SetRequestMethod(mRequestSession->mRequestMethod);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  mResponsibleForDoneSignal = false;
+  mListener->mResponsibleForDoneSignal = true;
+
+  mListener->mLoadGroup = lg.get();
+  NS_ADDREF(mListener->mLoadGroup);
+  mListener->mLoadGroupOwnerThread = PR_GetCurrentThread();
+
+  rv = NS_NewStreamLoader(getter_AddRefs(mListener->mLoader), 
+                          mListener);
+
+  if (NS_SUCCEEDED(rv)) {
+    mStartTime = TimeStamp::Now();
+    rv = hchan->AsyncOpen2(mListener->mLoader);
+  }
+
+  if (NS_FAILED(rv)) {
+    mListener->mResponsibleForDoneSignal = false;
+    mResponsibleForDoneSignal = true;
+
+    NS_RELEASE(mListener->mLoadGroup);
+    mListener->mLoadGroup = nullptr;
+    mListener->mLoadGroupOwnerThread = nullptr;
+  }
+
+  return NS_OK;
+}
+
+struct nsCancelHTTPDownloadEvent : Runnable {
+  RefPtr<nsHTTPListener> mListener;
+
+  NS_IMETHOD Run() override {
+    mListener->FreeLoadGroup(true);
+    mListener = nullptr;
+    return NS_OK;
+  }
+};
+
+mozilla::pkix::Result
+nsNSSHttpServerSession::createSessionFcn(const char* host,
+                                         uint16_t portnum,
+                                 /*out*/ nsNSSHttpServerSession** pSession)
+{
+  if (!host || !pSession) {
+    return Result::FATAL_ERROR_INVALID_ARGS;
+  }
+
+  nsNSSHttpServerSession* hss = new nsNSSHttpServerSession;
+  if (!hss) {
+    return Result::FATAL_ERROR_NO_MEMORY;
+  }
+
+  hss->mHost = host;
+  hss->mPort = portnum;
+
+  *pSession = hss;
+  return Success;
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::createFcn(const nsNSSHttpServerSession* session,
+                                   const char* http_protocol_variant,
+                                   const char* path_and_query_string,
+                                   const char* http_request_method,
+                                   const NeckoOriginAttributes& origin_attributes,
+                                   const PRIntervalTime timeout,
+                           /*out*/ nsNSSHttpRequestSession** pRequest)
+{
+  if (!session || !http_protocol_variant || !path_and_query_string ||
+      !http_request_method || !pRequest) {
+    return Result::FATAL_ERROR_INVALID_ARGS;
+  }
+
+  nsNSSHttpRequestSession* rs = new nsNSSHttpRequestSession;
+  if (!rs) {
+    return Result::FATAL_ERROR_NO_MEMORY;
+  }
+
+  rs->mTimeoutInterval = timeout;
+
+  // Use a maximum timeout value of 10 seconds because of bug 404059.
+  // FIXME: Use a better approach once 406120 is ready.
+  uint32_t maxBug404059Timeout = PR_TicksPerSecond() * 10;
+  if (timeout > maxBug404059Timeout) {
+    rs->mTimeoutInterval = maxBug404059Timeout;
+  }
+
+  rs->mURL.Assign(http_protocol_variant);
+  rs->mURL.AppendLiteral("://");
+  rs->mURL.Append(session->mHost);
+  rs->mURL.Append(':');
+  rs->mURL.AppendInt(session->mPort);
+  rs->mURL.Append(path_and_query_string);
+
+  rs->mOriginAttributes = origin_attributes;
+
+  rs->mRequestMethod = http_request_method;
+
+  *pRequest = rs;
+  return Success;
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::setPostDataFcn(const char* http_data,
+                                        const uint32_t http_data_len,
+                                        const char* http_content_type)
+{
+  mHasPostData = true;
+  mPostData.Assign(http_data, http_data_len);
+  mPostContentType.Assign(http_content_type);
+
+  return Success;
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::trySendAndReceiveFcn(PRPollDesc** pPollDesc,
+                                              uint16_t* http_response_code,
+                                              const char** http_response_content_type,
+                                              const char** http_response_headers,
+                                              const char** http_response_data,
+                                              uint32_t* http_response_data_len)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("nsNSSHttpRequestSession::trySendAndReceiveFcn to %s\n", mURL.get()));
+
+  bool onSTSThread;
+  nsresult nrv;
+  nsCOMPtr<nsIEventTarget> sts
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+  if (NS_FAILED(nrv)) {
+    NS_ERROR("Could not get STS service");
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  nrv = sts->IsOnCurrentThread(&onSTSThread);
+  if (NS_FAILED(nrv)) {
+    NS_ERROR("IsOnCurrentThread failed");
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  if (onSTSThread) {
+    NS_ERROR("nsNSSHttpRequestSession::trySendAndReceiveFcn called on socket "
+             "thread; this will not work.");
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  const int max_retries = 2;
+  int retry_count = 0;
+  bool retryable_error = false;
+  Result rv = Result::ERROR_UNKNOWN_ERROR;
+
+  do
+  {
+    if (retry_count > 0)
+    {
+      if (retryable_error)
+      {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("nsNSSHttpRequestSession::trySendAndReceiveFcn - sleeping and retrying: %d of %d\n",
+                retry_count, max_retries));
+      }
+
+      PR_Sleep( PR_MillisecondsToInterval(300) * retry_count );
+    }
+
+    ++retry_count;
+    retryable_error = false;
+
+    rv =
+      internal_send_receive_attempt(retryable_error, pPollDesc, http_response_code,
+                                    http_response_content_type, http_response_headers,
+                                    http_response_data, http_response_data_len);
+  }
+  while (retryable_error &&
+         retry_count < max_retries);
+
+  if (retry_count > 1)
+  {
+    if (retryable_error)
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("nsNSSHttpRequestSession::trySendAndReceiveFcn - still failing, giving up...\n"));
+    else
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("nsNSSHttpRequestSession::trySendAndReceiveFcn - success at attempt %d\n",
+              retry_count));
+  }
+
+  return rv;
+}
+
+void
+nsNSSHttpRequestSession::AddRef()
+{
+  ++mRefCount;
+}
+
+void
+nsNSSHttpRequestSession::Release()
+{
+  int32_t newRefCount = --mRefCount;
+  if (!newRefCount) {
+    delete this;
+  }
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error,
+                                                       PRPollDesc **pPollDesc,
+                                                       uint16_t *http_response_code,
+                                                       const char **http_response_content_type,
+                                                       const char **http_response_headers,
+                                                       const char **http_response_data,
+                                                       uint32_t *http_response_data_len)
+{
+  if (pPollDesc) *pPollDesc = nullptr;
+  if (http_response_code) *http_response_code = 0;
+  if (http_response_content_type) *http_response_content_type = 0;
+  if (http_response_headers) *http_response_headers = 0;
+  if (http_response_data) *http_response_data = 0;
+
+  uint32_t acceptableResultSize = 0;
+
+  if (http_response_data_len)
+  {
+    acceptableResultSize = *http_response_data_len;
+    *http_response_data_len = 0;
+  }
+
+  if (!mListener) {
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  Mutex& waitLock = mListener->mLock;
+  CondVar& waitCondition = mListener->mCondition;
+  volatile bool &waitFlag = mListener->mWaitFlag;
+  waitFlag = true;
+
+  RefPtr<nsHTTPDownloadEvent> event(new nsHTTPDownloadEvent);
+  if (!event) {
+    return Result::FATAL_ERROR_NO_MEMORY;
+  }
+
+  event->mListener = mListener;
+  this->AddRef();
+  event->mRequestSession = this;
+
+  nsresult rv = NS_DispatchToMainThread(event);
+  if (NS_FAILED(rv)) {
+    event->mResponsibleForDoneSignal = false;
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  bool request_canceled = false;
+
+  {
+    MutexAutoLock locker(waitLock);
+
+    const PRIntervalTime start_time = PR_IntervalNow();
+    PRIntervalTime wait_interval;
+
+    bool running_on_main_thread = NS_IsMainThread();
+    if (running_on_main_thread)
+    {
+      // The result of running this on the main thread
+      // is a series of small timeouts mixed with spinning the
+      // event loop - this is always dangerous as there is so much main
+      // thread code that does not expect to be called re-entrantly. Your
+      // app really shouldn't do that.
+      NS_WARNING("Security network blocking I/O on Main Thread");
+
+      // let's process events quickly
+      wait_interval = PR_MicrosecondsToInterval(50);
+    }
+    else
+    { 
+      // On a secondary thread, it's fine to wait some more for
+      // for the condition variable.
+      wait_interval = PR_MillisecondsToInterval(250);
+    }
+
+    while (waitFlag)
+    {
+      if (running_on_main_thread)
+      {
+        // Networking runs on the main thread, which we happen to block here.
+        // Processing events will allow the OCSP networking to run while we 
+        // are waiting. Thanks a lot to Darin Fisher for rewriting the 
+        // thread manager. Thanks a lot to Christian Biesinger who
+        // made me aware of this possibility. (kaie)
+
+        MutexAutoUnlock unlock(waitLock);
+        NS_ProcessNextEvent(nullptr);
+      }
+
+      waitCondition.Wait(wait_interval);
+      
+      if (!waitFlag)
+        break;
+
+      if (!request_canceled)
+      {
+        bool timeout = 
+          (PRIntervalTime)(PR_IntervalNow() - start_time) > mTimeoutInterval;
+ 
+        if (timeout)
+        {
+          request_canceled = true;
+
+          RefPtr<nsCancelHTTPDownloadEvent> cancelevent(
+            new nsCancelHTTPDownloadEvent);
+          cancelevent->mListener = mListener;
+          rv = NS_DispatchToMainThread(cancelevent);
+          if (NS_FAILED(rv)) {
+            NS_WARNING("cannot post cancel event");
+          }
+          break;
+        }
+      }
+    }
+  }
+
+  if (!event->mStartTime.IsNull()) {
+    if (request_canceled) {
+      Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 0);
+      Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_CANCELED_TIME,
+        event->mStartTime, TimeStamp::Now());
+    }
+    else if (NS_SUCCEEDED(mListener->mResultCode) &&
+             mListener->mHttpResponseCode == 200) {
+      Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 1);
+      Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_SUCCEEDED_TIME,
+        event->mStartTime, TimeStamp::Now());
+    }
+    else {
+      Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 2);
+      Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME,
+        event->mStartTime, TimeStamp::Now());
+    }
+  }
+  else {
+    Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3);
+  }
+
+  if (request_canceled) {
+    return Result::ERROR_OCSP_SERVER_ERROR;
+  }
+
+  if (NS_FAILED(mListener->mResultCode)) {
+    if (mListener->mResultCode == NS_ERROR_CONNECTION_REFUSED ||
+        mListener->mResultCode == NS_ERROR_NET_RESET) {
+      retryable_error = true;
+    }
+    return Result::ERROR_OCSP_SERVER_ERROR;
+  }
+
+  if (http_response_code)
+    *http_response_code = mListener->mHttpResponseCode;
+
+  if (mListener->mHttpRequestSucceeded && http_response_data &&
+      http_response_data_len) {
+    *http_response_data_len = mListener->mResultLen;
+
+    // acceptableResultSize == 0 means: any size is acceptable
+    if (acceptableResultSize != 0 &&
+        acceptableResultSize < mListener->mResultLen) {
+      return Result::ERROR_OCSP_SERVER_ERROR;
+    }
+
+    // Return data by reference, result data will be valid until "this" gets
+    // destroyed.
+    *http_response_data = (const char*)mListener->mResultData;
+  }
+
+  if (mListener->mHttpRequestSucceeded && http_response_content_type) {
+    if (mListener->mHttpResponseContentType.Length()) {
+      *http_response_content_type = mListener->mHttpResponseContentType.get();
+    }
+  }
+
+  return Success;
+}
+
+nsNSSHttpRequestSession::nsNSSHttpRequestSession()
+: mRefCount(1),
+  mHasPostData(false),
+  mTimeoutInterval(0),
+  mListener(new nsHTTPListener)
+{
+}
+
+nsNSSHttpRequestSession::~nsNSSHttpRequestSession()
+{
+}
+
+nsHTTPListener::nsHTTPListener()
+: mResultData(nullptr),
+  mResultLen(0),
+  mLock("nsHTTPListener.mLock"),
+  mCondition(mLock, "nsHTTPListener.mCondition"),
+  mWaitFlag(true),
+  mResponsibleForDoneSignal(false),
+  mLoadGroup(nullptr),
+  mLoadGroupOwnerThread(nullptr)
+{
+}
+
+nsHTTPListener::~nsHTTPListener()
+{
+  if (mResponsibleForDoneSignal)
+    send_done_signal();
+
+  if (mResultData) {
+    free(const_cast<uint8_t *>(mResultData));
+  }
+
+  if (mLoader) {
+    NS_ReleaseOnMainThread(mLoader.forget());
+  }
+}
+
+NS_IMPL_ISUPPORTS(nsHTTPListener, nsIStreamLoaderObserver)
+
+void
+nsHTTPListener::FreeLoadGroup(bool aCancelLoad)
+{
+  nsILoadGroup *lg = nullptr;
+
+  MutexAutoLock locker(mLock);
+
+  if (mLoadGroup) {
+    if (mLoadGroupOwnerThread != PR_GetCurrentThread()) {
+      NS_ASSERTION(false,
+                   "attempt to access nsHTTPDownloadEvent::mLoadGroup on multiple threads, leaking it!");
+    }
+    else {
+      lg = mLoadGroup;
+      mLoadGroup = nullptr;
+    }
+  }
+
+  if (lg) {
+    if (aCancelLoad) {
+      lg->Cancel(NS_ERROR_ABORT);
+    }
+    NS_RELEASE(lg);
+  }
+}
+
+NS_IMETHODIMP
+nsHTTPListener::OnStreamComplete(nsIStreamLoader* aLoader,
+                                 nsISupports* aContext,
+                                 nsresult aStatus,
+                                 uint32_t stringLen,
+                                 const uint8_t* string)
+{
+  mResultCode = aStatus;
+
+  FreeLoadGroup(false);
+
+  nsCOMPtr<nsIRequest> req;
+  nsCOMPtr<nsIHttpChannel> hchan;
+
+  nsresult rv = aLoader->GetRequest(getter_AddRefs(req));
+  
+  if (NS_FAILED(aStatus))
+  {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsHTTPListener::OnStreamComplete status failed %d", aStatus));
+  }
+
+  if (NS_SUCCEEDED(rv))
+    hchan = do_QueryInterface(req, &rv);
+
+  if (NS_SUCCEEDED(rv))
+  {
+    rv = hchan->GetRequestSucceeded(&mHttpRequestSucceeded);
+    if (NS_FAILED(rv))
+      mHttpRequestSucceeded = false;
+
+    mResultLen = stringLen;
+    mResultData = string; // take ownership of allocation
+    aStatus = NS_SUCCESS_ADOPTED_DATA;
+
+    unsigned int rcode;
+    rv = hchan->GetResponseStatus(&rcode);
+    if (NS_FAILED(rv))
+      mHttpResponseCode = 500;
+    else
+      mHttpResponseCode = rcode;
+
+    hchan->GetResponseHeader(NS_LITERAL_CSTRING("Content-Type"), 
+                                    mHttpResponseContentType);
+  }
+
+  if (mResponsibleForDoneSignal)
+    send_done_signal();
+  
+  return aStatus;
+}
+
+void nsHTTPListener::send_done_signal()
+{
+  mResponsibleForDoneSignal = false;
+
+  {
+    MutexAutoLock locker(mLock);
+    mWaitFlag = false;
+    mCondition.NotifyAll();
+  }
+}
+
+static char*
+ShowProtectedAuthPrompt(PK11SlotInfo* slot, nsIInterfaceRequestor *ir)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("ShowProtectedAuthPrompt called off the main thread");
+    return nullptr;
+  }
+
+  char* protAuthRetVal = nullptr;
+
+  // Get protected auth dialogs
+  nsCOMPtr<nsITokenDialogs> dialogs;
+  nsresult nsrv = getNSSDialogs(getter_AddRefs(dialogs),
+                                NS_GET_IID(nsITokenDialogs),
+                                NS_TOKENDIALOGS_CONTRACTID);
+  if (NS_SUCCEEDED(nsrv))
+  {
+    nsProtectedAuthThread* protectedAuthRunnable = new nsProtectedAuthThread();
+    if (protectedAuthRunnable)
+    {
+      NS_ADDREF(protectedAuthRunnable);
+
+      protectedAuthRunnable->SetParams(slot);
+      
+      nsCOMPtr<nsIProtectedAuthThread> runnable = do_QueryInterface(protectedAuthRunnable);
+      if (runnable)
+      {
+        nsrv = dialogs->DisplayProtectedAuth(ir, runnable);
+              
+        // We call join on the thread,
+        // so we can be sure that no simultaneous access will happen.
+        protectedAuthRunnable->Join();
+              
+        if (NS_SUCCEEDED(nsrv))
+        {
+          SECStatus rv = protectedAuthRunnable->GetResult();
+          switch (rv)
+          {
+              case SECSuccess:
+                  protAuthRetVal = ToNewCString(nsDependentCString(PK11_PW_AUTHENTICATED));
+                  break;
+              case SECWouldBlock:
+                  protAuthRetVal = ToNewCString(nsDependentCString(PK11_PW_RETRY));
+                  break;
+              default:
+                  protAuthRetVal = nullptr;
+                  break;
+          }
+        }
+      }
+
+      NS_RELEASE(protectedAuthRunnable);
+    }
+  }
+
+  return protAuthRetVal;
+}
+
+class PK11PasswordPromptRunnable : public SyncRunnableBase
+                                 , public nsNSSShutDownObject
+{
+public:
+  PK11PasswordPromptRunnable(PK11SlotInfo* slot, 
+                             nsIInterfaceRequestor* ir)
+    : mResult(nullptr),
+      mSlot(slot),
+      mIR(ir)
+  {
+  }
+  virtual ~PK11PasswordPromptRunnable();
+
+  // This doesn't own the PK11SlotInfo or any other NSS objects, so there's
+  // nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+  char * mResult; // out
+  virtual void RunOnTargetThread() override;
+private:
+  PK11SlotInfo* const mSlot; // in
+  nsIInterfaceRequestor* const mIR; // in
+};
+
+PK11PasswordPromptRunnable::~PK11PasswordPromptRunnable()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+PK11PasswordPromptRunnable::RunOnTargetThread()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIPrompt> prompt;
+  if (!mIR) {
+    rv = nsNSSComponent::GetNewPrompter(getter_AddRefs(prompt));
+    if (NS_FAILED(rv)) {
+      return;
+    }
+  } else {
+    prompt = do_GetInterface(mIR);
+    MOZ_ASSERT(prompt, "Interface requestor should implement nsIPrompt");
+  }
+
+  if (!prompt) {
+    return;
+  }
+
+  if (PK11_ProtectedAuthenticationPath(mSlot)) {
+    mResult = ShowProtectedAuthPrompt(mSlot, mIR);
+    return;
+  }
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID));
+  if (!nssComponent) {
+    return;
+  }
+
+  NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(mSlot));
+  const char16_t* formatStrings[] = {
+    tokenName.get(),
+  };
+  nsAutoString promptString;
+  rv = nssComponent->PIPBundleFormatStringFromName("CertPassPrompt",
+                                                   formatStrings,
+                                                   ArrayLength(formatStrings),
+                                                   promptString);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  nsXPIDLString password;
+  // |checkState| is unused because |checkMsg| (the argument just before it) is
+  // null, but XPConnect requires it to point to a valid bool nonetheless.
+  bool checkState = false;
+  bool userClickedOK = false;
+  rv = prompt->PromptPassword(nullptr, promptString.get(),
+                              getter_Copies(password), nullptr, &checkState,
+                              &userClickedOK);
+  if (NS_FAILED(rv) || !userClickedOK) {
+    return;
+  }
+
+  mResult = ToNewUTF8String(password);
+}
+
+char*
+PK11PasswordPrompt(PK11SlotInfo* slot, PRBool /*retry*/, void* arg)
+{
+  RefPtr<PK11PasswordPromptRunnable> runnable(
+    new PK11PasswordPromptRunnable(slot,
+                                   static_cast<nsIInterfaceRequestor*>(arg)));
+  runnable->DispatchToMainThreadAndWait();
+  return runnable->mResult;
+}
+
+// call with shutdown prevention lock held
+static void
+PreliminaryHandshakeDone(PRFileDesc* fd)
+{
+  nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+  if (!infoObject)
+    return;
+
+  SSLChannelInfo channelInfo;
+  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) {
+    infoObject->SetSSLVersionUsed(channelInfo.protocolVersion);
+    infoObject->SetEarlyDataAccepted(channelInfo.earlyDataAccepted);
+
+    SSLCipherSuiteInfo cipherInfo;
+    if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                               sizeof cipherInfo) == SECSuccess) {
+      /* Set the SSL Status information */
+      RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+      if (!status) {
+        status = new nsSSLStatus();
+        infoObject->SetSSLStatus(status);
+      }
+
+      status->mHaveCipherSuiteAndProtocol = true;
+      status->mCipherSuite = channelInfo.cipherSuite;
+      status->mProtocolVersion = channelInfo.protocolVersion & 0xFF;
+      infoObject->SetKEAUsed(channelInfo.keaType);
+      infoObject->SetKEAKeyBits(channelInfo.keaKeyBits);
+      infoObject->SetMACAlgorithmUsed(cipherInfo.macAlgorithm);
+    }
+  }
+
+  // Don't update NPN details on renegotiation.
+  if (infoObject->IsPreliminaryHandshakeDone()) {
+    return;
+  }
+
+  // Get the NPN value.
+  SSLNextProtoState state;
+  unsigned char npnbuf[256];
+  unsigned int npnlen;
+
+  if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen,
+                       AssertedCast<unsigned int>(ArrayLength(npnbuf)))
+        == SECSuccess) {
+    if (state == SSL_NEXT_PROTO_NEGOTIATED ||
+        state == SSL_NEXT_PROTO_SELECTED) {
+      infoObject->SetNegotiatedNPN(BitwiseCast<char*, unsigned char*>(npnbuf),
+                                   npnlen);
+    } else {
+      infoObject->SetNegotiatedNPN(nullptr, 0);
+    }
+    mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state);
+  } else {
+    infoObject->SetNegotiatedNPN(nullptr, 0);
+  }
+
+  infoObject->SetPreliminaryHandshakeDone();
+}
+
+SECStatus
+CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart)
+{
+  *canFalseStart = false;
+
+  nsNSSShutDownPreventionLock locker;
+
+  nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+  if (!infoObject) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  infoObject->SetFalseStartCallbackCalled();
+
+  if (infoObject->isAlreadyShutDown()) {
+    MOZ_CRASH("SSL socket used after NSS shut down");
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  PreliminaryHandshakeDone(fd);
+
+  uint32_t reasonsForNotFalseStarting = 0;
+
+  SSLChannelInfo channelInfo;
+  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) != SECSuccess) {
+    return SECSuccess;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                             sizeof (cipherInfo)) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                      " KEA %d\n", fd,
+                                      static_cast<int32_t>(channelInfo.keaType)));
+    return SECSuccess;
+  }
+
+  nsSSLIOLayerHelpers& helpers = infoObject->SharedState().IOLayerHelpers();
+
+  // Prevent version downgrade attacks from TLS 1.2, and avoid False Start for
+  // TLS 1.3 and later. See Bug 861310 for all the details as to why.
+  if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                      "SSL Version must be TLS 1.2, was %x\n", fd,
+                                      static_cast<int32_t>(channelInfo.protocolVersion)));
+    reasonsForNotFalseStarting |= POSSIBLE_VERSION_DOWNGRADE;
+  }
+
+  // See bug 952863 for why ECDHE is allowed, but DHE (and RSA) are not.
+  if (channelInfo.keaType != ssl_kea_ecdh) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                      "unsupported KEA %d\n", fd,
+                                      static_cast<int32_t>(channelInfo.keaType)));
+    reasonsForNotFalseStarting |= KEA_NOT_SUPPORTED;
+  }
+
+  // Prevent downgrade attacks on the symmetric cipher. We do not allow CBC
+  // mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt
+  // design. See bug 1109766 for more details.
+  if (cipherInfo.macAlgorithm != ssl_mac_aead) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("CanFalseStartCallback [%p] failed - non-AEAD cipher used, %d, "
+            "is not supported with False Start.\n", fd,
+            static_cast<int32_t>(cipherInfo.symCipher)));
+    reasonsForNotFalseStarting |= POSSIBLE_CIPHER_SUITE_DOWNGRADE;
+  }
+
+  // XXX: An attacker can choose which protocols are advertised in the
+  // NPN extension. TODO(Bug 861311): We should restrict the ability
+  // of an attacker leverage this capability by restricting false start
+  // to the same protocol we previously saw for the server, after the
+  // first successful connection to the server.
+
+  // Enforce NPN to do false start if policy requires it. Do this as an
+  // indicator if server compatibility.
+  if (helpers.mFalseStartRequireNPN) {
+    nsAutoCString negotiatedNPN;
+    if (NS_FAILED(infoObject->GetNegotiatedNPN(negotiatedNPN)) ||
+        !negotiatedNPN.Length()) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                        "NPN cannot be verified\n", fd));
+      reasonsForNotFalseStarting |= NPN_NOT_NEGOTIATED;
+    }
+  }
+
+  Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING,
+                        reasonsForNotFalseStarting);
+
+  if (reasonsForNotFalseStarting == 0) {
+    *canFalseStart = PR_TRUE;
+    infoObject->SetFalseStarted();
+    infoObject->NoteTimeUntilReady();
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] ok\n", fd));
+  }
+
+  return SECSuccess;
+}
+
+static void
+AccumulateNonECCKeySize(Telemetry::ID probe, uint32_t bits)
+{
+  unsigned int value = bits <   512 ?  1 : bits ==   512 ?  2
+                     : bits <   768 ?  3 : bits ==   768 ?  4
+                     : bits <  1024 ?  5 : bits ==  1024 ?  6
+                     : bits <  1280 ?  7 : bits ==  1280 ?  8
+                     : bits <  1536 ?  9 : bits ==  1536 ? 10
+                     : bits <  2048 ? 11 : bits ==  2048 ? 12
+                     : bits <  3072 ? 13 : bits ==  3072 ? 14
+                     : bits <  4096 ? 15 : bits ==  4096 ? 16
+                     : bits <  8192 ? 17 : bits ==  8192 ? 18
+                     : bits < 16384 ? 19 : bits == 16384 ? 20
+                     : 0;
+  Telemetry::Accumulate(probe, value);
+}
+
+// XXX: This attempts to map a bit count to an ECC named curve identifier. In
+// the vast majority of situations, we only have the Suite B curves available.
+// In that case, this mapping works fine. If we were to have more curves
+// available, the mapping would be ambiguous since there could be multiple
+// named curves for a given size (e.g. secp256k1 vs. secp256r1). We punt on
+// that for now. See also NSS bug 323674.
+static void
+AccumulateECCCurve(Telemetry::ID probe, uint32_t bits)
+{
+  unsigned int value = bits == 256 ? 23 // P-256
+                     : bits == 384 ? 24 // P-384
+                     : bits == 521 ? 25 // P-521
+                     : 0; // Unknown
+  Telemetry::Accumulate(probe, value);
+}
+
+static void
+AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
+{
+  uint32_t value;
+  switch (channelInfo.cipherSuite) {
+    // ECDHE key exchange
+    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: value = 1; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: value = 2; break;
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: value = 3; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: value = 4; break;
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: value = 5; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: value = 6; break;
+    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 7; break;
+    case TLS_ECDHE_RSA_WITH_RC4_128_SHA: value = 8; break;
+    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break;
+    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break;
+    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: value = 11; break;
+    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: value = 12; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: value = 13; break;
+    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: value = 14; break;
+    // DHE key exchange
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: value = 21; break;
+    case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 22; break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: value = 23; break;
+    case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 24; break;
+    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 25; break;
+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: value = 26; break;
+    case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: value = 27; break;
+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: value = 28; break;
+    case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: value = 29; break;
+    case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: value = 30; break;
+    // ECDH key exchange
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: value = 41; break;
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: value = 42; break;
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: value = 43; break;
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: value = 44; break;
+    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 45; break;
+    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: value = 46; break;
+    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: value = 47; break;
+    case TLS_ECDH_RSA_WITH_RC4_128_SHA: value = 48; break;
+    // RSA key exchange
+    case TLS_RSA_WITH_AES_128_CBC_SHA: value = 61; break;
+    case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 62; break;
+    case TLS_RSA_WITH_AES_256_CBC_SHA: value = 63; break;
+    case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 64; break;
+    case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: value = 65; break;
+    case TLS_RSA_WITH_3DES_EDE_CBC_SHA: value = 66; break;
+    case TLS_RSA_WITH_SEED_CBC_SHA: value = 67; break;
+    case TLS_RSA_WITH_RC4_128_SHA: value = 68; break;
+    case TLS_RSA_WITH_RC4_128_MD5: value = 69; break;
+    // TLS 1.3 PSK resumption
+    case TLS_AES_128_GCM_SHA256: value = 70; break;
+    case TLS_CHACHA20_POLY1305_SHA256: value = 71; break;
+    case TLS_AES_256_GCM_SHA384: value = 72; break;
+    // unknown
+    default:
+      value = 0;
+      break;
+  }
+  MOZ_ASSERT(value != 0);
+  Telemetry::Accumulate(probe, value);
+}
+
+// In the case of session resumption, the AuthCertificate hook has been bypassed
+// (because we've previously successfully connected to our peer). That being the
+// case, we unfortunately don't know if the peer's server certificate verified
+// as extended validation or not. To address this, we attempt to build a
+// verified EV certificate chain here using as much of the original context as
+// possible (e.g. stapled OCSP responses, SCTs, the hostname, the first party
+// domain, etc.). Note that because we are on the socket thread, this must not
+// cause any network requests, hence the use of FLAG_LOCAL_ONLY.
+static void
+DetermineEVStatusAndSetNewCert(RefPtr<nsSSLStatus> sslStatus, PRFileDesc* fd,
+                               nsNSSSocketInfo* infoObject)
+{
+  MOZ_ASSERT(sslStatus);
+  MOZ_ASSERT(fd);
+  MOZ_ASSERT(infoObject);
+
+  if (!sslStatus || !fd || !infoObject) {
+    return;
+  }
+
+  UniqueCERTCertificate cert(SSL_PeerCertificate(fd));
+  MOZ_ASSERT(cert, "SSL_PeerCertificate failed in TLS handshake callback?");
+  if (!cert) {
+    return;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  MOZ_ASSERT(certVerifier,
+             "Certificate verifier uninitialized in TLS handshake callback?");
+  if (!certVerifier) {
+    return;
+  }
+
+  // We don't own these pointers.
+  const SECItemArray* stapledOCSPResponses = SSL_PeerStapledOCSPResponses(fd);
+  const SECItem* stapledOCSPResponse = nullptr;
+  // we currently only support single stapled responses
+  if (stapledOCSPResponses && stapledOCSPResponses->len == 1) {
+    stapledOCSPResponse = &stapledOCSPResponses->items[0];
+  }
+  const SECItem* sctsFromTLSExtension = SSL_PeerSignedCertTimestamps(fd);
+  if (sctsFromTLSExtension && sctsFromTLSExtension->len == 0) {
+    // SSL_PeerSignedCertTimestamps returns null on error and empty item
+    // when no extension was returned by the server. We always use null when
+    // no extension was received (for whatever reason), ignoring errors.
+    sctsFromTLSExtension = nullptr;
+  }
+
+  int flags = mozilla::psm::CertVerifier::FLAG_LOCAL_ONLY |
+              mozilla::psm::CertVerifier::FLAG_MUST_BE_EV;
+  if (!infoObject->SharedState().IsOCSPStaplingEnabled() ||
+      !infoObject->SharedState().IsOCSPMustStapleEnabled()) {
+    flags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  }
+
+  SECOidTag evOidPolicy;
+  UniqueCERTCertList unusedBuiltChain;
+  const bool saveIntermediates = false;
+  mozilla::pkix::Result rv = certVerifier->VerifySSLServerCert(
+    cert,
+    stapledOCSPResponse,
+    sctsFromTLSExtension,
+    mozilla::pkix::Now(),
+    infoObject,
+    infoObject->GetHostNameRaw(),
+    unusedBuiltChain,
+    saveIntermediates,
+    flags,
+    infoObject->GetOriginAttributes(),
+    &evOidPolicy);
+
+  RefPtr<nsNSSCertificate> nssc(nsNSSCertificate::Create(cert.get()));
+  if (rv == Success && evOidPolicy != SEC_OID_UNKNOWN) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("HandshakeCallback using NEW cert %p (is EV)", nssc.get()));
+    sslStatus->SetServerCert(nssc, EVStatus::EV);
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("HandshakeCallback using NEW cert %p (is not EV)", nssc.get()));
+    sslStatus->SetServerCert(nssc, EVStatus::NotEV);
+  }
+}
+
+void HandshakeCallback(PRFileDesc* fd, void* client_data) {
+  nsNSSShutDownPreventionLock locker;
+  SECStatus rv;
+
+  nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+
+  // Do the bookkeeping that needs to be done after the
+  // server's ServerHello...ServerHelloDone have been processed, but that doesn't
+  // need the handshake to be completed.
+  PreliminaryHandshakeDone(fd);
+
+  nsSSLIOLayerHelpers& ioLayerHelpers
+    = infoObject->SharedState().IOLayerHelpers();
+
+  SSLVersionRange versions(infoObject->GetTLSVersionRange());
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] HandshakeCallback: succeeded using TLS version range (0x%04x,0x%04x)\n",
+          fd, static_cast<unsigned int>(versions.min),
+              static_cast<unsigned int>(versions.max)));
+
+  // If the handshake completed, then we know the site is TLS tolerant
+  ioLayerHelpers.rememberTolerantAtVersion(infoObject->GetHostName(),
+                                           infoObject->GetPort(),
+                                           versions.max);
+
+  bool usesFallbackCipher = false;
+  SSLChannelInfo channelInfo;
+  rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
+  MOZ_ASSERT(rv == SECSuccess);
+  if (rv == SECSuccess) {
+    // Get the protocol version for telemetry
+    // 1=tls1, 2=tls1.1, 3=tls1.2
+    unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
+    MOZ_ASSERT(versionEnum > 0);
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum);
+    AccumulateCipherSuite(
+      infoObject->IsFullHandshake() ? Telemetry::SSL_CIPHER_SUITE_FULL
+                                    : Telemetry::SSL_CIPHER_SUITE_RESUMED,
+      channelInfo);
+
+    SSLCipherSuiteInfo cipherInfo;
+    rv = SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                                sizeof cipherInfo);
+    MOZ_ASSERT(rv == SECSuccess);
+    if (rv == SECSuccess) {
+      usesFallbackCipher = channelInfo.keaType == ssl_kea_dh;
+
+      // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
+      Telemetry::Accumulate(
+        infoObject->IsFullHandshake()
+          ? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL
+          : Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED,
+        channelInfo.keaType);
+
+      MOZ_ASSERT(infoObject->GetKEAUsed() == channelInfo.keaType);
+
+      if (infoObject->IsFullHandshake()) {
+        switch (channelInfo.keaType) {
+          case ssl_kea_rsa:
+            AccumulateNonECCKeySize(Telemetry::SSL_KEA_RSA_KEY_SIZE_FULL,
+                                    channelInfo.keaKeyBits);
+            break;
+          case ssl_kea_dh:
+            AccumulateNonECCKeySize(Telemetry::SSL_KEA_DHE_KEY_SIZE_FULL,
+                                    channelInfo.keaKeyBits);
+            break;
+          case ssl_kea_ecdh:
+            AccumulateECCCurve(Telemetry::SSL_KEA_ECDHE_CURVE_FULL,
+                               channelInfo.keaKeyBits);
+            break;
+          default:
+            MOZ_CRASH("impossible KEA");
+            break;
+        }
+
+        Telemetry::Accumulate(Telemetry::SSL_AUTH_ALGORITHM_FULL,
+                              channelInfo.authType);
+
+        // RSA key exchange doesn't use a signature for auth.
+        if (channelInfo.keaType != ssl_kea_rsa) {
+          switch (channelInfo.authType) {
+            case ssl_auth_rsa:
+            case ssl_auth_rsa_sign:
+              AccumulateNonECCKeySize(Telemetry::SSL_AUTH_RSA_KEY_SIZE_FULL,
+                                      channelInfo.authKeyBits);
+              break;
+            case ssl_auth_ecdsa:
+              AccumulateECCCurve(Telemetry::SSL_AUTH_ECDSA_CURVE_FULL,
+                                 channelInfo.authKeyBits);
+              break;
+            default:
+              MOZ_CRASH("impossible auth algorithm");
+              break;
+          }
+        }
+      }
+
+      Telemetry::Accumulate(
+          infoObject->IsFullHandshake()
+            ? Telemetry::SSL_SYMMETRIC_CIPHER_FULL
+            : Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED,
+          cipherInfo.symCipher);
+    }
+  }
+
+  PRBool siteSupportsSafeRenego;
+  if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_3) {
+    rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn,
+                                          &siteSupportsSafeRenego);
+    MOZ_ASSERT(rv == SECSuccess);
+    if (rv != SECSuccess) {
+      siteSupportsSafeRenego = false;
+    }
+  } else {
+    // TLS 1.3 dropped support for renegotiation.
+    siteSupportsSafeRenego = true;
+  }
+  bool renegotiationUnsafe = !siteSupportsSafeRenego &&
+                             ioLayerHelpers.treatUnsafeNegotiationAsBroken();
+
+
+  /* Set the SSL Status information */
+  RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+  if (!status) {
+    status = new nsSSLStatus();
+    infoObject->SetSSLStatus(status);
+  }
+
+  RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject,
+                                                             status);
+
+  uint32_t state;
+  if (renegotiationUnsafe) {
+    state = nsIWebProgressListener::STATE_IS_BROKEN;
+  } else {
+    state = nsIWebProgressListener::STATE_IS_SECURE |
+            nsIWebProgressListener::STATE_SECURE_HIGH;
+    if (!usesFallbackCipher) {
+      SSLVersionRange defVersion;
+      rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
+      if (rv == SECSuccess && versions.max >= defVersion.max) {
+        // we know this site no longer requires a fallback cipher
+        ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
+                                                  infoObject->GetPort());
+      }
+    }
+  }
+
+  if (status->HasServerCert()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("HandshakeCallback KEEPING existing cert\n"));
+  } else {
+    DetermineEVStatusAndSetNewCert(status, fd, infoObject);
+  }
+
+  bool domainMismatch;
+  bool untrusted;
+  bool notValidAtThisTime;
+  // These all return NS_OK, so don't even bother checking the return values.
+  Unused << status->GetIsDomainMismatch(&domainMismatch);
+  Unused << status->GetIsUntrusted(&untrusted);
+  Unused << status->GetIsNotValidAtThisTime(&notValidAtThisTime);
+  // If we're here, the TLS handshake has succeeded. Thus if any of these
+  // booleans are true, the user has added an override for a certificate error.
+  if (domainMismatch || untrusted || notValidAtThisTime) {
+    state |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN;
+  }
+
+  infoObject->SetSecurityState(state);
+
+  // XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead,
+  // we should set a flag on the channel that higher (UI) level code can check
+  // to log the warning. In particular, these warnings should go to the web
+  // console instead of to the error console. Also, the warning is not
+  // localized.
+  if (!siteSupportsSafeRenego) {
+    nsXPIDLCString hostName;
+    infoObject->GetHostName(getter_Copies(hostName));
+
+    nsAutoString msg;
+    msg.Append(NS_ConvertASCIItoUTF16(hostName));
+    msg.AppendLiteral(" : server does not support RFC 5746, see CVE-2009-3555");
+
+    nsContentUtils::LogSimpleConsoleError(msg, "SSL");
+  }
+
+  infoObject->NoteTimeUntilReady();
+  infoObject->SetHandshakeCompleted();
+}
diff --git a/security/manager/ssl/nsNSSCallbacks.h b/security/manager/ssl/nsNSSCallbacks.h
new file mode 100644
index 000000000..e9d7f3172
--- /dev/null
+++ b/security/manager/ssl/nsNSSCallbacks.h
@@ -0,0 +1,198 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCallbacks_h
+#define nsNSSCallbacks_h
+
+#include "mozilla/Attributes.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/CondVar.h"
+#include "mozilla/Mutex.h"
+#include "nsAutoPtr.h"
+#include "nsCOMPtr.h"
+#include "nsIStreamLoader.h"
+#include "nspr.h"
+#include "nsString.h"
+#include "pk11func.h"
+#include "pkix/pkixtypes.h"
+
+#include "ocspt.h" // Must be included after pk11func.h.
+
+using mozilla::NeckoOriginAttributes;
+
+class nsILoadGroup;
+
+char*
+PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
+
+void HandshakeCallback(PRFileDesc *fd, void *client_data);
+SECStatus CanFalseStartCallback(PRFileDesc* fd, void* client_data,
+                                PRBool *canFalseStart);
+
+class nsHTTPListener final : public nsIStreamLoaderObserver
+{
+private:
+  // For XPCOM implementations that are not a base class for some other
+  // class, it is good practice to make the destructor non-virtual and
+  // private.  Then the only way to delete the object is via Release.
+#ifdef _MSC_VER
+  // C4265: Class has virtual members but destructor is not virtual
+  __pragma(warning(disable:4265))
+#endif
+  ~nsHTTPListener();
+
+public:
+  nsHTTPListener();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISTREAMLOADEROBSERVER
+
+  nsCOMPtr<nsIStreamLoader> mLoader;
+
+  nsresult mResultCode;
+
+  bool mHttpRequestSucceeded;
+  uint16_t mHttpResponseCode;
+  nsCString mHttpResponseContentType;
+
+  const uint8_t* mResultData; // allocated in loader, but owned by listener
+  uint32_t mResultLen;
+
+  mozilla::Mutex mLock;
+  mozilla::CondVar mCondition;
+  volatile bool mWaitFlag;
+
+  bool mResponsibleForDoneSignal;
+  void send_done_signal();
+
+  // no nsCOMPtr. When I use it, I get assertions about
+  //   loadgroup not being thread safe.
+  // So, let's use a raw pointer and ensure we only create and destroy
+  // it on the network thread ourselves.
+  nsILoadGroup *mLoadGroup;
+  PRThread *mLoadGroupOwnerThread;
+  void FreeLoadGroup(bool aCancelLoad);
+};
+
+class nsNSSHttpServerSession
+{
+public:
+  typedef mozilla::pkix::Result Result;
+
+  nsCString mHost;
+  uint16_t mPort;
+
+  static Result createSessionFcn(const char* host,
+                                 uint16_t portnum,
+                         /*out*/ nsNSSHttpServerSession** pSession);
+};
+
+class nsNSSHttpRequestSession
+{
+protected:
+  mozilla::ThreadSafeAutoRefCnt mRefCount;
+
+public:
+  typedef mozilla::pkix::Result Result;
+
+  static Result createFcn(const nsNSSHttpServerSession* session,
+                          const char* httpProtocolVariant,
+                          const char* pathAndQueryString,
+                          const char* httpRequestMethod,
+                          const NeckoOriginAttributes& originAttributes,
+                          const PRIntervalTime timeout,
+                  /*out*/ nsNSSHttpRequestSession** pRequest);
+
+  Result setPostDataFcn(const char* httpData,
+                        const uint32_t httpDataLen,
+                        const char* httpContentType);
+
+  Result trySendAndReceiveFcn(PRPollDesc** pPollDesc,
+                              uint16_t* httpResponseCode,
+                              const char** httpResponseContentType,
+                              const char** httpResponseHeaders,
+                              const char** httpResponseData,
+                              uint32_t* httpResponseDataLen);
+
+  void AddRef();
+  void Release();
+
+  nsCString mURL;
+  nsCString mRequestMethod;
+
+  bool mHasPostData;
+  nsCString mPostData;
+  nsCString mPostContentType;
+
+  NeckoOriginAttributes mOriginAttributes;
+
+  PRIntervalTime mTimeoutInterval;
+
+  RefPtr<nsHTTPListener> mListener;
+
+protected:
+  nsNSSHttpRequestSession();
+  ~nsNSSHttpRequestSession();
+
+  Result internal_send_receive_attempt(bool& retryableError,
+                                       PRPollDesc** pPollDesc,
+                                       uint16_t* httpResponseCode,
+                                       const char** httpResponseContentType,
+                                       const char** httpResponseHeaders,
+                                       const char** httpResponseData,
+                                       uint32_t* httpResponseDataLen);
+};
+
+class nsNSSHttpInterface
+{
+public:
+  typedef mozilla::pkix::Result Result;
+
+  static Result createSessionFcn(const char* host,
+                                 uint16_t portnum,
+                         /*out*/ nsNSSHttpServerSession** pSession)
+  {
+    return nsNSSHttpServerSession::createSessionFcn(host, portnum, pSession);
+  }
+
+  static Result createFcn(const nsNSSHttpServerSession* session,
+                          const char* httpProtocolVariant,
+                          const char* pathAndQueryString,
+                          const char* httpRequestMethod,
+                          const NeckoOriginAttributes& originAttributes,
+                          const PRIntervalTime timeout,
+                  /*out*/ nsNSSHttpRequestSession** pRequest)
+  {
+    return nsNSSHttpRequestSession::createFcn(session, httpProtocolVariant,
+                                              pathAndQueryString,
+                                              httpRequestMethod, originAttributes,
+                                              timeout, pRequest);
+  }
+
+  static Result setPostDataFcn(nsNSSHttpRequestSession* request,
+                               const char* httpData,
+                               const uint32_t httpDataLen,
+                               const char* httpContentType)
+  {
+    return request->setPostDataFcn(httpData, httpDataLen, httpContentType);
+  }
+
+  static Result trySendAndReceiveFcn(nsNSSHttpRequestSession* request,
+                                     PRPollDesc** pPollDesc,
+                                     uint16_t* httpResponseCode,
+                                     const char** httpResponseContentType,
+                                     const char** httpResponseHeaders,
+                                     const char** httpResponseData,
+                                     uint32_t* httpResponseDataLen)
+  {
+    return request->trySendAndReceiveFcn(pPollDesc, httpResponseCode,
+                                         httpResponseContentType,
+                                         httpResponseHeaders,
+                                         httpResponseData, httpResponseDataLen);
+  }
+};
+
+#endif // nsNSSCallbacks_h
diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp
new file mode 100644
index 000000000..64c87ad2f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertHelper.cpp
@@ -0,0 +1,2039 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertHelper.h"
+
+#include <algorithm>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/UniquePtr.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDateTimeFormatCID.h"
+#include "nsIDateTimeFormat.h"
+#include "nsNSSASN1Object.h"
+#include "nsNSSCertTrust.h"
+#include "nsNSSCertValidity.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
+#include "prerror.h"
+#include "secder.h"
+
+using namespace mozilla;
+ 
+/* Object Identifier constants */
+#define CONST_OID static const unsigned char
+#define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
+#define PKIX_OID 0x2b, 0x6, 0x01, 0x05, 0x05, 0x07
+CONST_OID msCertExtCerttype[]      = { MICROSOFT_OID, 20, 2};
+CONST_OID msNTPrincipalName[]      = { MICROSOFT_OID, 20, 2, 3 };
+CONST_OID msCertsrvCAVersion[]     = { MICROSOFT_OID, 21, 1 };
+CONST_OID msNTDSReplication[]      = { MICROSOFT_OID, 25, 1 };
+CONST_OID pkixLogotype[]           = { PKIX_OID, 1, 12 };
+
+#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
+#define OD(oid,desc,mech,ext) {OI(oid), SEC_OID_UNKNOWN, desc, mech, ext}
+#define SEC_OID(tag) more_oids[tag].offset
+
+static SECOidData more_oids[] = {
+    /* Microsoft OIDs */
+    #define MS_CERT_EXT_CERTTYPE 0
+    OD( msCertExtCerttype,
+        "Microsoft Certificate Template Name", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define MS_NT_PRINCIPAL_NAME 1
+    OD( msNTPrincipalName,
+        "Microsoft Principal Name", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define MS_CERTSERV_CA_VERSION 2
+    OD( msCertsrvCAVersion,
+        "Microsoft CA Version", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define MS_NTDS_REPLICATION 3
+    OD( msNTDSReplication,
+        "Microsoft Domain GUID", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define PKIX_LOGOTYPE 4
+    OD( pkixLogotype,
+        "Logotype", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+};
+
+static const unsigned int numOids = (sizeof more_oids) / (sizeof more_oids[0]);
+
+static nsresult
+ProcessVersion(SECItem* versionItem, nsINSSComponent* nssComponent,
+               nsIASN1PrintableItem** retItem)
+{
+  nsAutoString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpVersion", text);
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+  nsresult rv = printableItem->SetDisplayName(text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Now to figure out what version this certificate is.
+  unsigned int version;
+  if (versionItem->data) {
+    // Filter out totally bogus version values/encodings.
+    if (versionItem->len != 1) {
+      return NS_ERROR_FAILURE;
+    }
+    version = *BitwiseCast<uint8_t*, unsigned char*>(versionItem->data);
+  } else {
+    // If there is no version present in the cert, then RFC 5280 says we
+    // default to v1 (0).
+    version = 0;
+  }
+
+  // A value of n actually corresponds to version n + 1
+  nsAutoString versionString;
+  versionString.AppendInt(version + 1);
+  const char16_t* params[1] = { versionString.get() };
+  rv = nssComponent->PIPBundleFormatStringFromName("CertDumpVersionValue",
+                                                   params,
+                                                   MOZ_ARRAY_LENGTH(params),
+                                                   text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = printableItem->SetDisplayValue(text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  printableItem.forget(retItem);
+  return NS_OK;
+}
+
+static nsresult
+ProcessSerialNumberDER(const SECItem& serialItem,
+                       NotNull<nsINSSComponent*> nssComponent,
+               /*out*/ nsCOMPtr<nsIASN1PrintableItem>& retItem)
+{
+  nsAutoString text;
+  nsresult rv = nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+  rv = printableItem->SetDisplayName(text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniquePORTString serialNumber(
+    CERT_Hexify(const_cast<SECItem*>(&serialItem), 1));
+  if (!serialNumber) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  rv = printableItem->SetDisplayValue(NS_ConvertASCIItoUTF16(serialNumber.get()));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  retItem = printableItem.forget();
+  return NS_OK;
+}
+
+static nsresult
+GetDefaultOIDFormat(SECItem *oid,
+                    nsINSSComponent *nssComponent,
+                    nsAString &outString,
+                    char separator)
+{
+  outString.Truncate();
+  int invalidCount = 0;
+    
+  unsigned int i;
+  unsigned long val  = 0;
+  bool invalid = false;
+  bool first = true;
+
+  val = 0;
+  for (i = 0; i < oid->len; ++i) {
+    // In this loop, we have to parse a DER formatted 
+    // If the first bit is a 1, then the integer is 
+    // represented by more than one byte.  If the 
+    // first bit is set then we continue on and add
+    // the values of the later bytes until we get 
+    // a byte without the first bit set.
+    unsigned long j;
+
+    j = oid->data[i];
+    val = (val << 7) | (j & 0x7f);
+    if (j & 0x80) {
+      // - If val is 0 in this block, the OID number particle starts with 0x80
+      // what is specified as an invalid formating.
+      // - If val is larger then 2^32-7, on next left shift by 7 we will loose
+      // the most significant bits, this OID number particle cannot be read
+      // by our implementation.
+      // - If the first bit is set while this is the last component of the OID
+      // we are also in an invalid state.
+      if (val == 0 || (val >= (1 << (32-7))) || (i == oid->len-1)) {
+        invalid = true;
+      }
+
+      if (i < oid->len-1)
+        continue;
+    }
+
+    if (!invalid) {
+      if (first) {
+        unsigned long one = std::min(val/40, 2UL); // never > 2
+        unsigned long two = val - (one * 40);
+
+        outString.AppendPrintf("%lu%c%lu", one, separator, two);
+      }
+      else {
+        outString.AppendPrintf("%c%lu", separator, val);
+      }
+    }
+    else {
+      if (!first) {
+        outString.AppendPrintf("%c", separator);
+      }
+      nsAutoString unknownText;
+      nssComponent->GetPIPNSSBundleString("CertUnknown", 
+                                          unknownText);
+      outString.Append(unknownText);
+
+      if (++invalidCount > 3) {
+        // Allow only 3 occurences of Unknown in OID display string to
+        // prevent bloat.
+        break;
+      }
+    }
+
+    val = 0;      
+    invalid = false;
+    first = false;
+  }
+
+  return NS_OK; 
+}
+
+static nsresult
+GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsAString &text)
+{ 
+  nsresult rv;
+  SECOidTag oidTag = SECOID_FindOIDTag(oid);
+  const char *bundlekey = 0;
+
+  switch (oidTag) {
+  case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpMD2WithRSA";
+    break;
+  case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpMD5WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA1WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA256WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA384WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA512WithRSA";
+    break;
+  case SEC_OID_PKCS1_RSA_ENCRYPTION:
+    bundlekey = "CertDumpRSAEncr";
+    break;
+  case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+    bundlekey = "CertDumpRSAPSSSignature";
+    break;
+  case SEC_OID_AVA_COUNTRY_NAME:
+    bundlekey = "CertDumpAVACountry";
+    break;
+  case SEC_OID_AVA_COMMON_NAME:
+    bundlekey = "CertDumpAVACN";
+    break;
+  case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
+    bundlekey = "CertDumpAVAOU";
+    break;
+  case SEC_OID_AVA_ORGANIZATION_NAME:
+    bundlekey = "CertDumpAVAOrg";
+    break;
+  case SEC_OID_AVA_LOCALITY:
+    bundlekey = "CertDumpAVALocality";
+    break;
+  case SEC_OID_AVA_DN_QUALIFIER:
+    bundlekey = "CertDumpAVADN";
+    break;
+  case SEC_OID_AVA_DC:
+    bundlekey = "CertDumpAVADC";
+    break;
+  case SEC_OID_AVA_STATE_OR_PROVINCE:
+    bundlekey = "CertDumpAVAState";
+    break;
+  case SEC_OID_AVA_SURNAME:
+    bundlekey = "CertDumpSurname";
+    break;
+  case SEC_OID_AVA_GIVEN_NAME:
+    bundlekey = "CertDumpGivenName";
+    break;
+  case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
+    bundlekey = "CertDumpSubjectDirectoryAttr";
+    break;
+  case SEC_OID_X509_SUBJECT_KEY_ID:
+    bundlekey = "CertDumpSubjectKeyID";
+    break;
+  case SEC_OID_X509_KEY_USAGE:
+    bundlekey = "CertDumpKeyUsage";
+    break;
+  case SEC_OID_X509_SUBJECT_ALT_NAME:
+    bundlekey = "CertDumpSubjectAltName";
+    break;
+  case SEC_OID_X509_ISSUER_ALT_NAME:
+    bundlekey = "CertDumpIssuerAltName";
+    break;
+  case SEC_OID_X509_BASIC_CONSTRAINTS:
+    bundlekey = "CertDumpBasicConstraints";
+    break;
+  case SEC_OID_X509_NAME_CONSTRAINTS:
+    bundlekey = "CertDumpNameConstraints";
+    break;
+  case SEC_OID_X509_CRL_DIST_POINTS:
+    bundlekey = "CertDumpCrlDistPoints";
+    break;
+  case SEC_OID_X509_CERTIFICATE_POLICIES:
+    bundlekey = "CertDumpCertPolicies";
+    break;
+  case SEC_OID_X509_POLICY_MAPPINGS:
+    bundlekey = "CertDumpPolicyMappings";
+    break;
+  case SEC_OID_X509_POLICY_CONSTRAINTS:
+    bundlekey = "CertDumpPolicyConstraints";
+    break;
+  case SEC_OID_X509_AUTH_KEY_ID:
+    bundlekey = "CertDumpAuthKeyID";
+    break;
+  case SEC_OID_X509_EXT_KEY_USAGE:
+    bundlekey = "CertDumpExtKeyUsage";
+    break;
+  case SEC_OID_X509_AUTH_INFO_ACCESS:
+    bundlekey = "CertDumpAuthInfoAccess";
+    break;
+  case SEC_OID_ANSIX9_DSA_SIGNATURE:
+    bundlekey = "CertDumpAnsiX9DsaSignature";
+    break;
+  case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+    bundlekey = "CertDumpAnsiX9DsaSignatureWithSha1";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha1";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha224";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha256";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha384";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha512";
+    break;
+  case SEC_OID_RFC1274_UID:
+    bundlekey = "CertDumpUserID";
+    break;
+  case SEC_OID_PKCS9_EMAIL_ADDRESS:
+    bundlekey = "CertDumpPK9Email";
+    break;
+  case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+    bundlekey = "CertDumpECPublicKey";
+    break;
+  /* ANSI X9.62 named elliptic curves (prime field) */
+  case SEC_OID_ANSIX962_EC_PRIME192V1:
+    /* same as SEC_OID_SECG_EC_SECP192r1 */
+    bundlekey = "CertDumpECprime192v1";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME192V2:
+    bundlekey = "CertDumpECprime192v2";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME192V3:
+    bundlekey = "CertDumpECprime192v3";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME239V1:
+    bundlekey = "CertDumpECprime239v1";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME239V2:
+    bundlekey = "CertDumpECprime239v2";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME239V3:
+    bundlekey = "CertDumpECprime239v3";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME256V1:
+    /* same as SEC_OID_SECG_EC_SECP256r1 */
+    bundlekey = "CertDumpECprime256v1";
+    break;
+  /* SECG named elliptic curves (prime field) */
+  case SEC_OID_SECG_EC_SECP112R1:
+    bundlekey = "CertDumpECsecp112r1";
+    break;
+  case SEC_OID_SECG_EC_SECP112R2:
+    bundlekey = "CertDumpECsecp112r2";
+    break;
+  case SEC_OID_SECG_EC_SECP128R1:
+    bundlekey = "CertDumpECsecp128r1";
+    break;
+  case SEC_OID_SECG_EC_SECP128R2:
+    bundlekey = "CertDumpECsecp128r2";
+    break;
+  case SEC_OID_SECG_EC_SECP160K1:
+    bundlekey = "CertDumpECsecp160k1";
+    break;
+  case SEC_OID_SECG_EC_SECP160R1:
+    bundlekey = "CertDumpECsecp160r1";
+    break;
+  case SEC_OID_SECG_EC_SECP160R2:
+    bundlekey = "CertDumpECsecp160r2";
+    break;
+  case SEC_OID_SECG_EC_SECP192K1:
+    bundlekey = "CertDumpECsecp192k1";
+    break;
+  case SEC_OID_SECG_EC_SECP224K1:
+    bundlekey = "CertDumpECsecp224k1";
+    break;
+  case SEC_OID_SECG_EC_SECP224R1:
+    bundlekey = "CertDumpECsecp224r1";
+    break;
+  case SEC_OID_SECG_EC_SECP256K1:
+    bundlekey = "CertDumpECsecp256k1";
+    break;
+  case SEC_OID_SECG_EC_SECP384R1:
+    bundlekey = "CertDumpECsecp384r1";
+    break;
+
+  case SEC_OID_SECG_EC_SECP521R1:
+    bundlekey = "CertDumpECsecp521r1";
+    break;
+  /* ANSI X9.62 named elliptic curves (characteristic two field) */
+  case SEC_OID_ANSIX962_EC_C2PNB163V1:
+    bundlekey = "CertDumpECc2pnb163v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB163V2:
+    bundlekey = "CertDumpECc2pnb163v2";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB163V3:
+    bundlekey = "CertDumpECc2pnb163v3";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB176V1:
+    bundlekey = "CertDumpECc2pnb176v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB191V1:
+    bundlekey = "CertDumpECc2tnb191v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB191V2:
+    bundlekey = "CertDumpECc2tnb191v2";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB191V3:
+    bundlekey = "CertDumpECc2tnb191v3";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB191V4:
+    bundlekey = "CertDumpECc2onb191v4";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB191V5:
+    bundlekey = "CertDumpECc2onb191v5";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB208W1:
+    bundlekey = "CertDumpECc2pnb208w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB239V1:
+    bundlekey = "CertDumpECc2tnb239v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB239V2:
+    bundlekey = "CertDumpECc2tnb239v2";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB239V3:
+    bundlekey = "CertDumpECc2tnb239v3";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB239V4:
+    bundlekey = "CertDumpECc2onb239v4";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB239V5:
+    bundlekey = "CertDumpECc2onb239v5";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB272W1:
+    bundlekey = "CertDumpECc2pnb272w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB304W1:
+    bundlekey = "CertDumpECc2pnb304w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB359V1:
+    bundlekey = "CertDumpECc2tnb359v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB368W1:
+    bundlekey = "CertDumpECc2pnb368w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB431R1:
+    bundlekey = "CertDumpECc2tnb431r1";
+    break;
+  /* SECG named elliptic curves (characteristic two field) */
+  case SEC_OID_SECG_EC_SECT113R1:
+    bundlekey = "CertDumpECsect113r1";
+    break;
+  case SEC_OID_SECG_EC_SECT113R2:
+    bundlekey = "CertDumpECsect113r2";
+    break;
+  case SEC_OID_SECG_EC_SECT131R1:
+    bundlekey = "CertDumpECsect131r1";
+    break;
+  case SEC_OID_SECG_EC_SECT131R2:
+    bundlekey = "CertDumpECsect131r2";
+    break;
+  case SEC_OID_SECG_EC_SECT163K1:
+    bundlekey = "CertDumpECsect163k1";
+    break;
+  case SEC_OID_SECG_EC_SECT163R1:
+    bundlekey = "CertDumpECsect163r1";
+    break;
+  case SEC_OID_SECG_EC_SECT163R2:
+    bundlekey = "CertDumpECsect163r2";
+    break;
+  case SEC_OID_SECG_EC_SECT193R1:
+    bundlekey = "CertDumpECsect193r1";
+    break;
+  case SEC_OID_SECG_EC_SECT193R2:
+    bundlekey = "CertDumpECsect193r2";
+    break;
+  case SEC_OID_SECG_EC_SECT233K1:
+    bundlekey = "CertDumpECsect233k1";
+    break;
+  case SEC_OID_SECG_EC_SECT233R1:
+    bundlekey = "CertDumpECsect233r1";
+    break;
+  case SEC_OID_SECG_EC_SECT239K1:
+    bundlekey = "CertDumpECsect239k1";
+    break;
+  case SEC_OID_SECG_EC_SECT283K1:
+    bundlekey = "CertDumpECsect283k1";
+    break;
+  case SEC_OID_SECG_EC_SECT283R1:
+    bundlekey = "CertDumpECsect283r1";
+    break;
+  case SEC_OID_SECG_EC_SECT409K1:
+    bundlekey = "CertDumpECsect409k1";
+    break;
+  case SEC_OID_SECG_EC_SECT409R1:
+    bundlekey = "CertDumpECsect409r1";
+    break;
+  case SEC_OID_SECG_EC_SECT571K1:
+    bundlekey = "CertDumpECsect571k1";
+    break;
+  case SEC_OID_SECG_EC_SECT571R1:
+    bundlekey = "CertDumpECsect571r1";
+    break;
+  default: 
+    if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) {
+      bundlekey = "CertDumpMSCerttype";
+      break;
+    }
+    if (oidTag == SEC_OID(MS_CERTSERV_CA_VERSION)) {
+      bundlekey = "CertDumpMSCAVersion";
+      break;
+    }
+    if (oidTag == SEC_OID(PKIX_LOGOTYPE)) {
+      bundlekey = "CertDumpLogotype";
+      break;
+    }
+    /* fallthrough */
+  }
+
+  if (bundlekey) {
+    rv = nssComponent->GetPIPNSSBundleString(bundlekey, text);
+  } else {
+    nsAutoString text2;
+    rv = GetDefaultOIDFormat(oid, nssComponent, text2, ' ');
+    if (NS_FAILED(rv))
+      return rv;
+
+    const char16_t *params[1] = {text2.get()};
+    rv = nssComponent->PIPBundleFormatStringFromName("CertDumpDefOID",
+                                                     params, 1, text);
+  }
+  return rv;  
+}
+
+#define SEPARATOR "\n"
+
+static nsresult
+ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data, 
+                nsAString &text, bool wantHeader = true)
+{
+  // This function is used to display some DER bytes
+  // that we have not added support for decoding.
+  // If it's short, let's display as an integer, no size header.
+
+  if (data->len <= 4) {
+    int i_pv = DER_GetInteger(data);
+    nsAutoString value;
+    value.AppendInt(i_pv);
+    text.Append(value);
+    text.AppendLiteral(SEPARATOR);
+    return NS_OK;
+  }
+
+  // Else produce a hex dump.
+
+  if (wantHeader) {
+    nsAutoString bytelen, bitlen;
+    bytelen.AppendInt(data->len);
+    bitlen.AppendInt(data->len*8);
+  
+    const char16_t *params[2] = {bytelen.get(), bitlen.get()};
+    nsresult rv = nssComponent->PIPBundleFormatStringFromName("CertDumpRawBytesHeader",
+                                                              params, 2, text);
+    if (NS_FAILED(rv))
+      return rv;
+
+    text.AppendLiteral(SEPARATOR);
+  }
+
+  // This prints the value of the byte out into a 
+  // string that can later be displayed as a byte
+  // string.  We place a new line after 24 bytes
+  // to break up extermaly long sequence of bytes.
+
+  uint32_t i;
+  char buffer[5];
+  for (i=0; i<data->len; i++) {
+    SprintfLiteral(buffer, "%02x ", data->data[i]);
+    AppendASCIItoUTF16(buffer, text);
+    if ((i+1)%16 == 0) {
+      text.AppendLiteral(SEPARATOR);
+    }
+  }
+  return NS_OK;
+}
+
+/**
+ * Appends a pipnss bundle string to the given string.
+ *
+ * @param nssComponent For accessing the string bundle.
+ * @param bundleKey Key for the string to append.
+ * @param currentText The text to append to, using |SEPARATOR| as the separator.
+ */
+template<size_t N>
+void AppendBundleString(const NotNull<nsINSSComponent*>& nssComponent,
+                        const char (&bundleKey)[N],
+             /*in/out*/ nsAString& currentText)
+{
+  nsAutoString bundleString;
+  nsresult rv = nssComponent->GetPIPNSSBundleString(bundleKey, bundleString);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  currentText.Append(bundleString);
+  currentText.AppendLiteral(SEPARATOR);
+}
+
+static nsresult
+ProcessKeyUsageExtension(SECItem *extData, nsAString &text,
+                         nsINSSComponent *nssComponent)
+{
+  MOZ_ASSERT(extData);
+  MOZ_ASSERT(nssComponent);
+  NS_ENSURE_ARG(extData);
+  NS_ENSURE_ARG(nssComponent);
+
+  NotNull<nsINSSComponent*> wrappedNSSComponent = WrapNotNull(nssComponent);
+  ScopedAutoSECItem decoded;
+  if (SEC_ASN1DecodeItem(nullptr, &decoded, SEC_ASN1_GET(SEC_BitStringTemplate),
+                         extData) != SECSuccess) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpExtensionFailure", text);
+    return NS_OK;
+  }
+  unsigned char keyUsage = 0;
+  if (decoded.len) {
+    keyUsage = decoded.data[0];
+  }
+
+  if (keyUsage & KU_DIGITAL_SIGNATURE) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUSign", text);
+  }
+  if (keyUsage & KU_NON_REPUDIATION) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUNonRep", text);
+  }
+  if (keyUsage & KU_KEY_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUEnc", text);
+  }
+  if (keyUsage & KU_DATA_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUDEnc", text);
+  }
+  if (keyUsage & KU_KEY_AGREEMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUKA", text);
+  }
+  if (keyUsage & KU_KEY_CERT_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCertSign", text);
+  }
+  if (keyUsage & KU_CRL_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSigner", text);
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessBasicConstraints(SECItem  *extData, 
+                        nsAString &text,
+                        nsINSSComponent *nssComponent)
+{
+  nsAutoString local;
+  CERTBasicConstraints value;
+  SECStatus rv;
+  nsresult rv2;
+
+  value.pathLenConstraint = -1;
+  rv = CERT_DecodeBasicConstraintValue (&value, extData);
+  if (rv != SECSuccess) {
+    ProcessRawBytes(nssComponent, extData, text);
+    return NS_OK;
+  }
+  if (value.isCA)
+    rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsCA", local);
+  else
+    rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsNotCA", local);
+  if (NS_FAILED(rv2))
+    return rv2;
+  text.Append(local.get());
+  if (value.pathLenConstraint != -1) {
+    nsAutoString depth;
+    if (value.pathLenConstraint == CERT_UNLIMITED_PATH_CONSTRAINT)
+      nssComponent->GetPIPNSSBundleString("CertDumpPathLenUnlimited", depth);
+    else
+      depth.AppendInt(value.pathLenConstraint);
+    const char16_t *params[1] = {depth.get()};
+    rv2 = nssComponent->PIPBundleFormatStringFromName("CertDumpPathLen",
+                                                      params, 1, local);
+    if (NS_FAILED(rv2))
+      return rv2;
+    text.AppendLiteral(SEPARATOR);
+    text.Append(local.get());
+  }
+  return NS_OK;
+}
+
+static nsresult
+ProcessExtKeyUsage(SECItem  *extData, 
+                   nsAString &text,
+                   nsINSSComponent *nssComponent)
+{
+  nsAutoString local;
+  SECItem **oids;
+  SECItem *oid;
+  nsresult rv;
+
+  UniqueCERTOidSequence extKeyUsage(CERT_DecodeOidSequence(extData));
+  if (!extKeyUsage) {
+    return NS_ERROR_FAILURE;
+  }
+
+  oids = extKeyUsage->oids;
+  while (oids && *oids) {
+    // For each OID, try to find a bundle string
+    // of the form CertDumpEKU_<underlined-OID>
+    nsAutoString oidname;
+    oid = *oids;
+    rv = GetDefaultOIDFormat(oid, nssComponent, oidname, '_');
+    if (NS_FAILED(rv))
+      return rv;
+    nsAutoString bundlekey = NS_LITERAL_STRING("CertDumpEKU_")+ oidname;
+    NS_ConvertUTF16toUTF8 bk_ascii(bundlekey);
+    
+    rv = nssComponent->GetPIPNSSBundleString(bk_ascii.get(), local);
+    nsresult rv2 = GetDefaultOIDFormat(oid, nssComponent, oidname, '.');
+    if (NS_FAILED(rv2))
+      return rv2;
+    if (NS_SUCCEEDED(rv)) {
+      // display name and OID in parentheses
+      text.Append(local);
+      text.AppendLiteral(" (");
+      text.Append(oidname);
+      text.Append(')');
+    } else
+      // If there is no bundle string, just display the OID itself
+      text.Append(oidname);
+
+    text.AppendLiteral(SEPARATOR);
+    oids++;
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessRDN(CERTRDN* rdn, nsAString &finalString, nsINSSComponent *nssComponent)
+{
+  nsresult rv;
+  CERTAVA** avas;
+  CERTAVA* ava;
+  nsString avavalue;
+  nsString type;
+  nsAutoString temp;
+  const char16_t *params[2];
+
+  avas = rdn->avas;
+  while ((ava = *avas++) != 0) {
+    rv = GetOIDText(&ava->type, nssComponent, type);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    //This function returns a string in UTF8 format.
+    UniqueSECItem decodeItem(CERT_DecodeAVAValue(&ava->value));
+    if (!decodeItem) {
+      return NS_ERROR_FAILURE;
+    }
+
+    // We know we can fit buffer of this length. CERT_RFC1485_EscapeAndQuote
+    // will fail if we provide smaller buffer then the result can fit to.
+    int escapedValueCapacity = decodeItem->len * 3 + 3;
+    UniquePtr<char[]> escapedValue = MakeUnique<char[]>(escapedValueCapacity);
+
+    SECStatus status = CERT_RFC1485_EscapeAndQuote(
+          escapedValue.get(),
+          escapedValueCapacity, 
+          (char*)decodeItem->data, 
+          decodeItem->len);
+    if (SECSuccess != status) {
+      return NS_ERROR_FAILURE;
+    }
+
+    avavalue = NS_ConvertUTF8toUTF16(escapedValue.get());
+
+    params[0] = type.get();
+    params[1] = avavalue.get();
+    nssComponent->PIPBundleFormatStringFromName("AVATemplate",
+                                                  params, 2, temp);
+    finalString += temp + NS_LITERAL_STRING("\n");
+  }
+  return NS_OK;
+}
+
+static nsresult
+ProcessName(CERTName *name, nsINSSComponent *nssComponent, char16_t **value)
+{
+  CERTRDN** rdns;
+  CERTRDN** rdn;
+  nsString finalString;
+
+  rdns = name->rdns;
+
+  nsresult rv;
+  CERTRDN **lastRdn;
+  /* find last RDN */
+  lastRdn = rdns;
+  while (*lastRdn) lastRdn++;
+  // The above whille loop will put us at the last member
+  // of the array which is a nullptr pointer.  So let's back
+  // up one spot so that we have the last non-nullptr entry in 
+  // the array in preparation for traversing the 
+  // RDN's (Relative Distinguished Name) in reverse oder.
+  lastRdn--;
+   
+  /*
+   * Loop over name contents in _reverse_ RDN order appending to string
+   * When building the Ascii string, NSS loops over these entries in 
+   * reverse order, so I will as well.  The difference is that NSS
+   * will always place them in a one line string separated by commas,
+   * where I want each entry on a single line.  I can't just use a comma
+   * as my delimitter because it is a valid character to have in the 
+   * value portion of the AVA and could cause trouble when parsing.
+   */
+  for (rdn = lastRdn; rdn >= rdns; rdn--) {
+    rv = ProcessRDN(*rdn, finalString, nssComponent);
+    if (NS_FAILED(rv))
+      return rv;
+  }
+  *value = ToNewUnicode(finalString);    
+  return NS_OK;
+}
+
+static nsresult
+ProcessIA5String(const SECItem& extData, /*in/out*/ nsAString& text)
+{
+  ScopedAutoSECItem item;
+  if (SEC_ASN1DecodeItem(nullptr, &item, SEC_ASN1_GET(SEC_IA5StringTemplate),
+                         &extData) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  text.AppendASCII(BitwiseCast<char*, unsigned char*>(item.data),
+                   AssertedCast<uint32_t>(item.len));
+  return NS_OK;
+}
+
+static nsresult
+AppendBMPtoUTF16(const UniquePLArenaPool& arena, unsigned char* data,
+                 unsigned int len, nsAString& text)
+{
+  if (len % 2 != 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* XXX instead of converting to and from UTF-8, it would
+     be sufficient to just swap bytes, or do nothing */
+  unsigned int utf8ValLen = len * 3 + 1;
+  unsigned char* utf8Val = (unsigned char*)PORT_ArenaZAlloc(arena.get(),
+                                                            utf8ValLen);
+  if (!PORT_UCS2_UTF8Conversion(false, data, len, utf8Val, utf8ValLen,
+                                &utf8ValLen)) {
+    return NS_ERROR_FAILURE;
+  }
+  AppendUTF8toUTF16((char*)utf8Val, text);
+  return NS_OK;
+}
+
+static nsresult
+ProcessBMPString(SECItem* extData, nsAString& text)
+{
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  SECItem item;
+  if (SEC_ASN1DecodeItem(arena.get(), &item, SEC_ASN1_GET(SEC_BMPStringTemplate),
+                         extData) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return AppendBMPtoUTF16(arena, item.data, item.len, text);
+}
+
+static nsresult
+ProcessGeneralName(const UniquePLArenaPool& arena, CERTGeneralName* current,
+                   nsAString& text, nsINSSComponent* nssComponent)
+{
+  NS_ENSURE_ARG_POINTER(current);
+
+  nsAutoString key;
+  nsXPIDLString value;
+  nsresult rv = NS_OK;
+
+  switch (current->type) {
+  case certOtherName: {
+    SECOidTag oidTag = SECOID_FindOIDTag(&current->name.OthName.oid);
+    if (oidTag == SEC_OID(MS_NT_PRINCIPAL_NAME)) {
+	/* The type of this name is apparently nowhere explicitly
+	   documented. However, in the generated templates, it is always
+	   UTF-8. So try to decode this as UTF-8; if that fails, dump the
+	   raw data. */
+	SECItem decoded;
+	nssComponent->GetPIPNSSBundleString("CertDumpMSNTPrincipal", key);
+        if (SEC_ASN1DecodeItem(arena.get(), &decoded,
+			       SEC_ASN1_GET(SEC_UTF8StringTemplate), 
+			       &current->name.OthName.name) == SECSuccess) {
+	  AppendUTF8toUTF16(nsAutoCString((char*)decoded.data, decoded.len),
+			    value);
+	} else {
+	  ProcessRawBytes(nssComponent, &current->name.OthName.name, value);
+	}
+	break;
+    } else if (oidTag == SEC_OID(MS_NTDS_REPLICATION)) {
+	/* This should be a 16-byte GUID */
+	SECItem guid;
+	nssComponent->GetPIPNSSBundleString("CertDumpMSDomainGUID", key);
+        if (SEC_ASN1DecodeItem(arena.get(), &guid,
+			       SEC_ASN1_GET(SEC_OctetStringTemplate),
+			       &current->name.OthName.name) == SECSuccess
+	    && guid.len == 16) {
+	  char buf[40];
+	  unsigned char *d = guid.data;
+          SprintfLiteral(buf,
+            "{%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x}",
+            d[3], d[2], d[1], d[0], d[5], d[4], d[7], d[6],
+            d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]);
+	  value.AssignASCII(buf);
+	} else {
+	  ProcessRawBytes(nssComponent, &current->name.OthName.name, value);
+	}
+    } else {
+      rv = GetDefaultOIDFormat(&current->name.OthName.oid, nssComponent, key, ' ');
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      ProcessRawBytes(nssComponent, &current->name.OthName.name, value);
+    }
+    break;
+  }
+  case certRFC822Name:
+    nssComponent->GetPIPNSSBundleString("CertDumpRFC822Name", key);
+    value.AssignASCII((char*)current->name.other.data, current->name.other.len);
+    break;
+  case certDNSName:
+    nssComponent->GetPIPNSSBundleString("CertDumpDNSName", key);
+    value.AssignASCII((char*)current->name.other.data, current->name.other.len);
+    break;
+  case certX400Address:
+    nssComponent->GetPIPNSSBundleString("CertDumpX400Address", key);
+    ProcessRawBytes(nssComponent, &current->name.other, value);
+    break;
+  case certDirectoryName:
+    nssComponent->GetPIPNSSBundleString("CertDumpDirectoryName", key);
+    rv = ProcessName(&current->name.directoryName, nssComponent, 
+		     getter_Copies(value));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    break;
+  case certEDIPartyName:
+    nssComponent->GetPIPNSSBundleString("CertDumpEDIPartyName", key);
+    ProcessRawBytes(nssComponent, &current->name.other, value);
+    break;
+  case certURI:
+    nssComponent->GetPIPNSSBundleString("CertDumpURI", key);
+    value.AssignASCII((char*)current->name.other.data, current->name.other.len);
+    break;
+  case certIPAddress:
+    {
+      char buf[INET6_ADDRSTRLEN];
+      PRStatus status = PR_FAILURE;
+      PRNetAddr addr;
+      memset(&addr, 0, sizeof(addr));
+      nssComponent->GetPIPNSSBundleString("CertDumpIPAddress", key);
+      if (current->name.other.len == 4) {
+        addr.inet.family = PR_AF_INET;
+        memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len);
+        status = PR_NetAddrToString(&addr, buf, sizeof(buf));
+      } else if (current->name.other.len == 16) {
+        addr.ipv6.family = PR_AF_INET6;
+        memcpy(&addr.ipv6.ip, current->name.other.data, current->name.other.len);
+        status = PR_NetAddrToString(&addr, buf, sizeof(buf));
+      }
+      if (status == PR_SUCCESS) {
+        value.AssignASCII(buf);
+      } else {
+        /* invalid IP address */
+        ProcessRawBytes(nssComponent, &current->name.other, value);
+      }
+      break;
+    }
+  case certRegisterID:
+    nssComponent->GetPIPNSSBundleString("CertDumpRegisterID", key);
+    rv = GetDefaultOIDFormat(&current->name.other, nssComponent, value, '.');
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    break;
+  }
+  text.Append(key);
+  text.AppendLiteral(": ");
+  text.Append(value);
+  text.AppendLiteral(SEPARATOR);
+
+  return rv;
+}
+
+static nsresult
+ProcessGeneralNames(const UniquePLArenaPool& arena, CERTGeneralName* nameList,
+                    nsAString& text, nsINSSComponent* nssComponent)
+{
+  CERTGeneralName* current = nameList;
+  nsresult rv;
+
+  do {
+    rv = ProcessGeneralName(arena, current, text, nssComponent);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+    current = CERT_GetNextGeneralName(current);
+  } while (current != nameList);
+  return rv;
+}
+
+static nsresult
+ProcessAltName(SECItem* extData, nsAString& text, nsINSSComponent* nssComponent)
+{
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTGeneralName* nameList = CERT_DecodeAltNameExtension(arena.get(), extData);
+  if (!nameList) {
+    return NS_OK;
+  }
+
+  return ProcessGeneralNames(arena, nameList, text, nssComponent);
+}
+
+static nsresult
+ProcessSubjectKeyId(SECItem  *extData, 
+		    nsAString &text,
+		    nsINSSComponent *nssComponent)
+{
+  SECItem decoded;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  if (SEC_QuickDERDecodeItem(arena.get(), &decoded,
+			     SEC_ASN1_GET(SEC_OctetStringTemplate), 
+			     extData) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nssComponent->GetPIPNSSBundleString("CertDumpKeyID", local);
+  text.Append(local);
+  text.AppendLiteral(": ");
+  ProcessRawBytes(nssComponent, &decoded, text);
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessAuthKeyId(SECItem  *extData, 
+		 nsAString &text,
+		 nsINSSComponent *nssComponent)
+{
+  nsresult rv = NS_OK;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTAuthKeyID* ret = CERT_DecodeAuthKeyID(arena.get(), extData);
+  if (!ret) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (ret->keyID.len > 0) {
+    nssComponent->GetPIPNSSBundleString("CertDumpKeyID", local);
+    text.Append(local);
+    text.AppendLiteral(": ");
+    ProcessRawBytes(nssComponent, &ret->keyID, text);
+    text.AppendLiteral(SEPARATOR);
+  }
+
+  if (ret->authCertIssuer) {
+    nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local);
+    text.Append(local);
+    text.AppendLiteral(": ");
+    rv = ProcessGeneralNames(arena, ret->authCertIssuer, text, nssComponent);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  if (ret->authCertSerialNumber.len > 0) {
+    nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", local);
+    text.Append(local);
+    text.AppendLiteral(": ");
+    ProcessRawBytes(nssComponent, &ret->authCertSerialNumber, text);
+  }
+
+  return rv;
+}
+
+static nsresult
+ProcessUserNotice(SECItem* derNotice, nsAString& text,
+                  nsINSSComponent* nssComponent)
+{
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  UniqueCERTUserNotice notice(CERT_DecodeUserNotice(derNotice));
+  if (!notice) {
+    ProcessRawBytes(nssComponent, derNotice, text);
+    return NS_OK;
+  }
+
+  if (notice->noticeReference.organization.len != 0) {
+    switch (notice->noticeReference.organization.type) {
+    case siAsciiString:
+    case siVisibleString:
+    case siUTF8String:
+      text.Append(NS_ConvertUTF8toUTF16(
+                  (const char *)notice->noticeReference.organization.data,
+                  notice->noticeReference.organization.len));
+      break;
+    case siBMPString:
+      AppendBMPtoUTF16(arena, notice->noticeReference.organization.data,
+                       notice->noticeReference.organization.len, text);
+      break;
+    default:
+      break;
+    }
+    text.AppendLiteral(" - ");
+    SECItem** itemList = notice->noticeReference.noticeNumbers;
+    while (*itemList) {
+      unsigned long number;
+      char buffer[60];
+      if (SEC_ASN1DecodeInteger(*itemList, &number) == SECSuccess) {
+        SprintfLiteral(buffer, "#%lu", number);
+        if (itemList != notice->noticeReference.noticeNumbers)
+          text.AppendLiteral(", ");
+        AppendASCIItoUTF16(buffer, text);
+      }
+      itemList++;
+    }
+  }
+  if (notice->displayText.len != 0) {
+    text.AppendLiteral(SEPARATOR);
+    text.AppendLiteral("    ");
+    switch (notice->displayText.type) {
+    case siAsciiString:
+    case siVisibleString:
+    case siUTF8String:
+      text.Append(NS_ConvertUTF8toUTF16((const char *)notice->displayText.data,
+                                        notice->displayText.len));
+      break;
+    case siBMPString:
+      AppendBMPtoUTF16(arena, notice->displayText.data, notice->displayText.len,
+		       text);
+      break;
+    default:
+      break;
+    }
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessCertificatePolicies(SECItem  *extData, 
+			   nsAString &text,
+			   nsINSSComponent *nssComponent)
+{
+  CERTPolicyInfo **policyInfos, *policyInfo;
+  CERTPolicyQualifier **policyQualifiers, *policyQualifier;
+  nsAutoString local;
+  nsresult rv = NS_OK;
+
+  UniqueCERTCertificatePolicies policies(
+    CERT_DecodeCertificatePoliciesExtension(extData));
+  if (!policies) {
+    return NS_ERROR_FAILURE;
+  }
+
+  policyInfos = policies->policyInfos;
+  while (*policyInfos) {
+    policyInfo = *policyInfos++;
+    switch (policyInfo->oid) {
+    case SEC_OID_VERISIGN_USER_NOTICES:
+      nssComponent->GetPIPNSSBundleString("CertDumpVerisignNotices", local);
+      text.Append(local);
+      break;
+    default:
+      GetDefaultOIDFormat(&policyInfo->policyID, nssComponent, local, '.');
+      text.Append(local);
+    }
+
+    if (policyInfo->policyQualifiers) {
+      /* Add all qualifiers on separate lines, indented */
+      policyQualifiers = policyInfo->policyQualifiers;
+      text.Append(':');
+      text.AppendLiteral(SEPARATOR);
+      while (*policyQualifiers) {
+	text.AppendLiteral("  ");
+	policyQualifier = *policyQualifiers++;
+	switch(policyQualifier->oid) {
+	case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
+	  nssComponent->GetPIPNSSBundleString("CertDumpCPSPointer", local);
+	  text.Append(local);
+	  text.Append(':');
+	  text.AppendLiteral(SEPARATOR);
+	  text.AppendLiteral("    ");
+	  /* The CPS pointer ought to be the cPSuri alternative
+	     of the Qualifier choice. */
+          rv = ProcessIA5String(policyQualifier->qualifierValue, text);
+          if (NS_FAILED(rv)) {
+            return rv;
+          }
+	  break;
+	case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
+	  nssComponent->GetPIPNSSBundleString("CertDumpUserNotice", local);
+	  text.Append(local);
+	  text.AppendLiteral(": ");
+	  rv = ProcessUserNotice(&policyQualifier->qualifierValue,
+				 text, nssComponent);
+	  break;
+	default:
+	  GetDefaultOIDFormat(&policyQualifier->qualifierID, nssComponent, local, '.');
+	  text.Append(local);
+	  text.AppendLiteral(": ");
+	  ProcessRawBytes(nssComponent, &policyQualifier->qualifierValue, text);
+	}
+	text.AppendLiteral(SEPARATOR);
+      } /* while policyQualifiers */
+    } /* if policyQualifiers */
+    text.AppendLiteral(SEPARATOR);
+  }
+
+  return rv;
+}
+
+static nsresult
+ProcessCrlDistPoints(SECItem  *extData, 
+		     nsAString &text,
+		     nsINSSComponent *nssComponent)
+{
+  nsresult rv = NS_OK;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTCrlDistributionPoints* crldp =
+    CERT_DecodeCRLDistributionPoints(arena.get(), extData);
+  if (!crldp || !crldp->distPoints) {
+    return NS_ERROR_FAILURE;
+  }
+
+  for (CRLDistributionPoint** points = crldp->distPoints; *points; points++) {
+    CRLDistributionPoint* point = *points;
+    switch (point->distPointType) {
+    case generalName:
+      rv = ProcessGeneralName(arena, point->distPoint.fullName,
+			      text, nssComponent);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      break;
+    case relativeDistinguishedName:
+      rv = ProcessRDN(&point->distPoint.relativeName, 
+		      text, nssComponent);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      break;
+    }
+    if (point->reasons.len) { 
+      int reasons = point->reasons.data[0];
+      text.Append(' ');
+      bool comma = false;
+      if (reasons & RF_UNUSED) {
+	nssComponent->GetPIPNSSBundleString("CertDumpUnused", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_KEY_COMPROMISE) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpKeyCompromise", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_CA_COMPROMISE) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpCACompromise", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_AFFILIATION_CHANGED) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpAffiliationChanged", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_SUPERSEDED) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpSuperseded", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_CESSATION_OF_OPERATION) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpCessation", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_CERTIFICATE_HOLD) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpHold", local);
+        text.Append(local);
+        comma = true;
+      }
+      text.AppendLiteral(SEPARATOR);
+    }
+    if (point->crlIssuer) {
+      nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local);
+      text.Append(local);
+      text.AppendLiteral(": ");
+      rv = ProcessGeneralNames(arena, point->crlIssuer,
+			       text, nssComponent);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessAuthInfoAccess(SECItem  *extData, 
+		      nsAString &text,
+		      nsINSSComponent *nssComponent)
+{
+  nsresult rv = NS_OK;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTAuthInfoAccess** aia = CERT_DecodeAuthInfoAccessExtension(arena.get(),
+                                                                extData);
+  if (!aia) {
+    return NS_OK;
+  }
+
+  while (*aia) {
+    CERTAuthInfoAccess* desc = *aia++;
+    switch (SECOID_FindOIDTag(&desc->method)) {
+    case SEC_OID_PKIX_OCSP:
+      nssComponent->GetPIPNSSBundleString("CertDumpOCSPResponder", local);
+      break;
+    case SEC_OID_PKIX_CA_ISSUERS:
+      nssComponent->GetPIPNSSBundleString("CertDumpCAIssuers", local);
+      break;
+    default:
+      rv = GetDefaultOIDFormat(&desc->method, nssComponent, local, '.');
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+    text.Append(local);
+    text.AppendLiteral(": ");
+    rv = ProcessGeneralName(arena, desc->location, text, nssComponent);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return rv;
+}
+
+static nsresult
+ProcessMSCAVersion(SECItem  *extData, 
+		   nsAString &text,
+		   nsINSSComponent *nssComponent)
+{
+  MOZ_ASSERT(extData);
+  NS_ENSURE_ARG(extData);
+
+  ScopedAutoSECItem decoded;
+  if (SEC_ASN1DecodeItem(nullptr, &decoded, SEC_ASN1_GET(SEC_IntegerTemplate),
+                         extData) != SECSuccess) {
+    /* This extension used to be an Integer when this code
+       was written, but apparently isn't anymore. Display
+       the raw bytes instead. */
+    return ProcessRawBytes(nssComponent, extData, text);
+  }
+
+  unsigned long version;
+  if (SEC_ASN1DecodeInteger(&decoded, &version) != SECSuccess) {
+    /* Value out of range, display raw bytes */
+    return ProcessRawBytes(nssComponent, extData, text);
+  }
+
+  /* Apparently, the encoding is <minor><major>, with 16 bits each */
+  char buf[50];
+  if (SprintfLiteral(buf, "%lu.%lu", version & 0xFFFF, version >> 16) <= 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  text.AppendASCII(buf);
+  return NS_OK;
+}
+
+static nsresult
+ProcessExtensionData(SECOidTag oidTag, SECItem *extData, 
+                     nsAString &text, 
+                     nsINSSComponent *nssComponent)
+{
+  nsresult rv;
+  switch (oidTag) {
+  case SEC_OID_X509_KEY_USAGE:
+    rv = ProcessKeyUsageExtension(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_BASIC_CONSTRAINTS:
+    rv = ProcessBasicConstraints(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_EXT_KEY_USAGE:
+    rv = ProcessExtKeyUsage(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_ISSUER_ALT_NAME:
+  case SEC_OID_X509_SUBJECT_ALT_NAME:
+    rv = ProcessAltName(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_SUBJECT_KEY_ID:
+    rv = ProcessSubjectKeyId(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_AUTH_KEY_ID:
+    rv = ProcessAuthKeyId(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_CERTIFICATE_POLICIES:
+    rv = ProcessCertificatePolicies(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_CRL_DIST_POINTS:
+    rv = ProcessCrlDistPoints(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_AUTH_INFO_ACCESS:
+    rv = ProcessAuthInfoAccess(extData, text, nssComponent);
+    break;
+  default:
+    if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) {
+      rv = ProcessBMPString(extData, text);
+      break;
+    }
+    if (oidTag == SEC_OID(MS_CERTSERV_CA_VERSION)) {
+      rv = ProcessMSCAVersion(extData, text, nssComponent);
+      break;
+    }
+    rv = ProcessRawBytes(nssComponent, extData, text);
+    break; 
+  }
+  return rv;
+}
+
+static nsresult
+ProcessSingleExtension(CERTCertExtension *extension,
+                       nsINSSComponent *nssComponent,
+                       nsIASN1PrintableItem **retExtension)
+{
+  nsAutoString text, extvalue;
+  GetOIDText(&extension->id, nssComponent, text);
+  nsCOMPtr<nsIASN1PrintableItem>extensionItem = new nsNSSASN1PrintableItem();
+
+  extensionItem->SetDisplayName(text);
+  SECOidTag oidTag = SECOID_FindOIDTag(&extension->id);
+  text.Truncate();
+  if (extension->critical.data) {
+    if (extension->critical.data[0]) {
+      nssComponent->GetPIPNSSBundleString("CertDumpCritical", text);
+    } else {
+      nssComponent->GetPIPNSSBundleString("CertDumpNonCritical", text);
+    }
+  } else {
+    nssComponent->GetPIPNSSBundleString("CertDumpNonCritical", text);
+  }
+  text.AppendLiteral(SEPARATOR);
+  nsresult rv = ProcessExtensionData(oidTag, &extension->value, extvalue, 
+                                     nssComponent);
+  if (NS_FAILED(rv)) {
+    extvalue.Truncate();
+    rv = ProcessRawBytes(nssComponent, &extension->value, extvalue, false);
+  }
+  text.Append(extvalue);
+
+  extensionItem->SetDisplayValue(text);
+  extensionItem.forget(retExtension);
+  return NS_OK;
+}
+
+static nsresult
+ProcessSECAlgorithmID(SECAlgorithmID *algID,
+                      nsINSSComponent *nssComponent,
+                      nsIASN1Sequence **retSequence)
+{
+  SECOidTag algOIDTag = SECOID_FindOIDTag(&algID->algorithm);
+  SECItem paramsOID = { siBuffer, nullptr, 0 };
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
+
+  *retSequence = nullptr;
+  nsString text;
+  GetOIDText(&algID->algorithm, nssComponent, text);
+  if (!algID->parameters.len || algID->parameters.data[0] == nsIASN1Object::ASN1_NULL) {
+    sequence->SetDisplayValue(text);
+    sequence->SetIsValidContainer(false);
+  } else {
+    nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+
+    printableItem->SetDisplayValue(text);
+    nsCOMPtr<nsIMutableArray> asn1Objects;
+    sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+    asn1Objects->AppendElement(printableItem, false);
+    nssComponent->GetPIPNSSBundleString("CertDumpAlgID", text);
+    printableItem->SetDisplayName(text);
+
+    printableItem = new nsNSSASN1PrintableItem();
+
+    asn1Objects->AppendElement(printableItem, false);
+    nssComponent->GetPIPNSSBundleString("CertDumpParams", text);
+    printableItem->SetDisplayName(text);
+    if ((algOIDTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) &&
+        (algID->parameters.len > 2) && 
+        (algID->parameters.data[0] == nsIASN1Object::ASN1_OBJECT_ID)) {
+       paramsOID.len = algID->parameters.len - 2;
+       paramsOID.data = algID->parameters.data + 2;
+       GetOIDText(&paramsOID, nssComponent, text);
+    } else {
+       ProcessRawBytes(nssComponent, &algID->parameters,text);
+    }
+    printableItem->SetDisplayValue(text);
+  }
+  sequence.forget(retSequence);
+  return NS_OK;
+}
+
+static nsresult
+ProcessTime(PRTime dispTime, const char16_t* displayName,
+            nsIASN1Sequence* parentSequence)
+{
+  nsCOMPtr<nsIDateTimeFormat> dateFormatter = nsIDateTimeFormat::Create();
+  if (!dateFormatter) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsString text;
+  nsString tempString;
+
+  PRExplodedTime explodedTime;
+  PR_ExplodeTime(dispTime, PR_LocalTimeParameters, &explodedTime);
+
+  dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong,
+                                      kTimeFormatSeconds, &explodedTime,
+                                      tempString);
+
+  text.Append(tempString);
+  text.AppendLiteral("\n(");
+
+  PRExplodedTime explodedTimeGMT;
+  PR_ExplodeTime(dispTime, PR_GMTParameters, &explodedTimeGMT);
+
+  dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong,
+                                      kTimeFormatSeconds, &explodedTimeGMT,
+                                      tempString);
+
+  text.Append(tempString);
+  text.AppendLiteral(" GMT)");
+
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+
+  printableItem->SetDisplayValue(text);
+  printableItem->SetDisplayName(nsDependentString(displayName));
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(printableItem, false);
+  return NS_OK;
+}
+
+static nsresult
+ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki, 
+                            nsIASN1Sequence *parentSequence,
+                            nsINSSComponent *nssComponent)
+{
+  nsCOMPtr<nsIASN1Sequence> spkiSequence = new nsNSSASN1Sequence();
+
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpSPKI", text);
+  spkiSequence->SetDisplayName(text);
+
+  nssComponent->GetPIPNSSBundleString("CertDumpSPKIAlg", text);
+  nsCOMPtr<nsIASN1Sequence> sequenceItem;
+  nsresult rv = ProcessSECAlgorithmID(&spki->algorithm, nssComponent,
+                                      getter_AddRefs(sequenceItem));
+  if (NS_FAILED(rv))
+    return rv;
+  sequenceItem->SetDisplayName(text);
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  spkiSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(sequenceItem, false);
+
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+
+  text.Truncate();
+
+  UniqueSECKEYPublicKey key(SECKEY_ExtractPublicKey(spki));
+  bool displayed = false;
+  if (key) {
+      switch (key->keyType) {
+      case rsaKey: {
+         displayed = true;
+         nsAutoString length1, length2, data1, data2;
+         length1.AppendInt(key->u.rsa.modulus.len * 8);
+         length2.AppendInt(key->u.rsa.publicExponent.len * 8);
+         ProcessRawBytes(nssComponent, &key->u.rsa.modulus, data1, 
+                         false);
+         ProcessRawBytes(nssComponent, &key->u.rsa.publicExponent, data2,
+                         false);
+         const char16_t *params[4] = {length1.get(), data1.get(), 
+                                       length2.get(), data2.get()};
+         nssComponent->PIPBundleFormatStringFromName("CertDumpRSATemplate",
+                                                     params, 4, text);
+         break;
+      }
+      case ecKey: {
+        displayed = true;
+        SECKEYECPublicKey &ecpk = key->u.ec;
+        int fieldSizeLenAsBits = 
+              SECKEY_ECParamsToKeySize(&ecpk.DEREncodedParams);
+        int basePointOrderLenAsBits = 
+              SECKEY_ECParamsToBasePointOrderLen(&ecpk.DEREncodedParams);
+        nsAutoString s_fsl, s_bpol, s_pv;
+        s_fsl.AppendInt(fieldSizeLenAsBits);
+        s_bpol.AppendInt(basePointOrderLenAsBits);
+
+        if (ecpk.publicValue.len > 4) {
+          ProcessRawBytes(nssComponent, &ecpk.publicValue, s_pv, false);
+        } else {
+          int i_pv = DER_GetInteger(&ecpk.publicValue);
+          s_pv.AppendInt(i_pv);
+        }
+        const char16_t *params[] = {s_fsl.get(), s_bpol.get(), s_pv.get()};
+        nssComponent->PIPBundleFormatStringFromName("CertDumpECTemplate",
+                                                    params, 3, text);
+        break;
+      }
+      default:
+         /* Algorithm unknown, or too rarely used to bother displaying it */
+         break;
+      }
+  }
+  if (!displayed) {
+      // Algorithm unknown, display raw bytes
+      // The subjectPublicKey field is encoded as a bit string.
+      // ProcessRawBytes expects the length to be in bytes, so 
+      // let's convert the lenght into a temporary SECItem.
+      SECItem data;
+      data.data = spki->subjectPublicKey.data;
+      data.len  = spki->subjectPublicKey.len / 8;
+      ProcessRawBytes(nssComponent, &data, text);
+  
+  }
+ 
+  printableItem->SetDisplayValue(text);
+  nssComponent->GetPIPNSSBundleString("CertDumpSubjPubKey", text);
+  printableItem->SetDisplayName(text);
+  asn1Objects->AppendElement(printableItem, false);
+  
+  parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(spkiSequence, false);
+  return NS_OK;
+}
+
+static nsresult
+ProcessExtensions(CERTCertExtension **extensions, 
+                  nsIASN1Sequence *parentSequence,
+                  nsINSSComponent *nssComponent)
+{
+  nsCOMPtr<nsIASN1Sequence> extensionSequence = new nsNSSASN1Sequence;
+
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpExtensions", text);
+  extensionSequence->SetDisplayName(text);
+  int32_t i;
+  nsresult rv;
+  nsCOMPtr<nsIASN1PrintableItem> newExtension;
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  extensionSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  for (i=0; extensions[i] != nullptr; i++) {
+    rv = ProcessSingleExtension(extensions[i], 
+                                nssComponent,
+                                getter_AddRefs(newExtension));
+    if (NS_FAILED(rv))
+      return rv;
+
+    asn1Objects->AppendElement(newExtension, false);
+  }
+  parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(extensionSequence, false);
+  return NS_OK;
+}
+
+static bool registered;
+static SECStatus RegisterDynamicOids()
+{
+  unsigned int i;
+  SECStatus rv = SECSuccess;
+
+  if (registered)
+    return rv;
+
+  for (i = 0; i < numOids; i++) {
+    SECOidTag tag = SECOID_AddEntry(&more_oids[i]);
+    if (tag == SEC_OID_UNKNOWN) {
+      rv = SECFailure;
+      continue;
+    }
+    more_oids[i].offset = tag;
+  }
+  registered = true;
+  return rv;
+}
+
+nsresult
+nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
+                                                 nsINSSComponent *nssComponent)
+{
+  MOZ_ASSERT(nssComponent);
+  NS_ENSURE_ARG(nssComponent);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (RegisterDynamicOids() != SECSuccess)
+    return NS_ERROR_FAILURE;
+
+  //
+  //   TBSCertificate  ::=  SEQUENCE  {
+  //        version         [0]  EXPLICIT Version DEFAULT v1,
+  //        serialNumber         CertificateSerialNumber,
+  //        signature            AlgorithmIdentifier,
+  //        issuer               Name,
+  //        validity             Validity,
+  //        subject              Name,
+  //        subjectPublicKeyInfo SubjectPublicKeyInfo,
+  //        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+  //                             -- If present, version shall be v2 or v3
+  //        subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+  //                             -- If present, version shall be v2 or v3
+  //        extensions      [3]  EXPLICIT Extensions OPTIONAL
+  //                            -- If present, version shall be v3
+  //        }
+  //
+  // This is the ASN1 structure we should be dealing with at this point.
+  // The code in this method will assert this is the structure we're dealing
+  // and then add more user friendly text for that field.
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
+
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpCertificate", text);
+  sequence->SetDisplayName(text);
+  nsCOMPtr<nsIASN1PrintableItem> printableItem;
+  
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+
+  nsresult rv = ProcessVersion(&mCert->version, nssComponent,
+                               getter_AddRefs(printableItem));
+  if (NS_FAILED(rv))
+    return rv;
+
+  asn1Objects->AppendElement(printableItem, false);
+
+  rv = ProcessSerialNumberDER(mCert->serialNumber, WrapNotNull(nssComponent),
+                              printableItem);
+  if (NS_FAILED(rv))
+    return rv;
+  asn1Objects->AppendElement(printableItem, false);
+
+  nsCOMPtr<nsIASN1Sequence> algID;
+  rv = ProcessSECAlgorithmID(&mCert->signature,
+                             nssComponent, getter_AddRefs(algID));
+  if (NS_FAILED(rv))
+    return rv;
+
+  nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text);
+  algID->SetDisplayName(text);
+  asn1Objects->AppendElement(algID, false);
+
+  nsXPIDLString value;
+  ProcessName(&mCert->issuer, nssComponent, getter_Copies(value));
+
+  printableItem = new nsNSSASN1PrintableItem();
+
+  printableItem->SetDisplayValue(value);
+  nssComponent->GetPIPNSSBundleString("CertDumpIssuer", text);
+  printableItem->SetDisplayName(text);
+  asn1Objects->AppendElement(printableItem, false);
+  
+  nsCOMPtr<nsIASN1Sequence> validitySequence = new nsNSSASN1Sequence();
+  nssComponent->GetPIPNSSBundleString("CertDumpValidity", text);
+  validitySequence->SetDisplayName(text);
+  asn1Objects->AppendElement(validitySequence, false);
+  nssComponent->GetPIPNSSBundleString("CertDumpNotBefore", text);
+  nsCOMPtr<nsIX509CertValidity> validityData;
+  GetValidity(getter_AddRefs(validityData));
+  PRTime notBefore, notAfter;
+
+  validityData->GetNotBefore(&notBefore);
+  validityData->GetNotAfter(&notAfter);
+  validityData = nullptr;
+  rv = ProcessTime(notBefore, text.get(), validitySequence);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nssComponent->GetPIPNSSBundleString("CertDumpNotAfter", text);
+  rv = ProcessTime(notAfter, text.get(), validitySequence);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nssComponent->GetPIPNSSBundleString("CertDumpSubject", text);
+
+  printableItem = new nsNSSASN1PrintableItem();
+
+  printableItem->SetDisplayName(text);
+  ProcessName(&mCert->subject, nssComponent,getter_Copies(value));
+  printableItem->SetDisplayValue(value);
+  asn1Objects->AppendElement(printableItem, false);
+
+  rv = ProcessSubjectPublicKeyInfo(&mCert->subjectPublicKeyInfo, sequence,
+                                   nssComponent); 
+  if (NS_FAILED(rv))
+    return rv;
+ 
+  SECItem data; 
+  // Is there an issuerUniqueID?
+  if (mCert->issuerID.data) {
+    // The issuerID is encoded as a bit string.
+    // The function ProcessRawBytes expects the
+    // length to be in bytes, so let's convert the
+    // length in a temporary SECItem
+    data.data = mCert->issuerID.data;
+    data.len  = (mCert->issuerID.len + 7) / 8;
+
+    ProcessRawBytes(nssComponent, &data, text);
+    printableItem = new nsNSSASN1PrintableItem();
+
+    printableItem->SetDisplayValue(text);
+    nssComponent->GetPIPNSSBundleString("CertDumpIssuerUniqueID", text);
+    printableItem->SetDisplayName(text);
+    asn1Objects->AppendElement(printableItem, false);
+  }
+
+  if (mCert->subjectID.data) {
+    // The subjectID is encoded as a bit string.
+    // The function ProcessRawBytes expects the
+    // length to be in bytes, so let's convert the
+    // length in a temporary SECItem
+    data.data = mCert->subjectID.data;
+    data.len  = (mCert->subjectID.len + 7) / 8;
+
+    ProcessRawBytes(nssComponent, &data, text);
+    printableItem = new nsNSSASN1PrintableItem();
+
+    printableItem->SetDisplayValue(text);
+    nssComponent->GetPIPNSSBundleString("CertDumpSubjectUniqueID", text);
+    printableItem->SetDisplayName(text);
+    asn1Objects->AppendElement(printableItem, false);
+
+  }
+  if (mCert->extensions) {
+    rv = ProcessExtensions(mCert->extensions, sequence, nssComponent);
+    if (NS_FAILED(rv))
+      return rv;
+  }
+  sequence.forget(retSequence);
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificate::CreateASN1Struct(nsIASN1Object** aRetVal)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
+
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+
+  nsAutoString title;
+  nsresult rv = GetWindowTitle(title);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  sequence->SetDisplayName(title);
+  sequence.forget(aRetVal);
+
+  // This sequence will be contain the tbsCertificate, signatureAlgorithm,
+  // and signatureValue.
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  rv = CreateTBSCertificateASN1Struct(getter_AddRefs(sequence),
+                                      nssComponent);
+  if (NS_FAILED(rv))
+    return rv;
+
+  asn1Objects->AppendElement(sequence, false);
+  nsCOMPtr<nsIASN1Sequence> algID;
+
+  rv = ProcessSECAlgorithmID(&mCert->signatureWrap.signatureAlgorithm, 
+                             nssComponent, getter_AddRefs(algID));
+  if (NS_FAILED(rv))
+    return rv;
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text);
+  algID->SetDisplayName(text);
+  asn1Objects->AppendElement(algID, false);
+  nsCOMPtr<nsIASN1PrintableItem>printableItem = new nsNSSASN1PrintableItem();
+  nssComponent->GetPIPNSSBundleString("CertDumpCertSig", text);
+  printableItem->SetDisplayName(text);
+  // The signatureWrap is encoded as a bit string.
+  // The function ProcessRawBytes expects the
+  // length to be in bytes, so let's convert the
+  // length in a temporary SECItem
+  SECItem temp;
+  temp.data = mCert->signatureWrap.signature.data;
+  temp.len  = mCert->signatureWrap.signature.len / 8;
+  text.Truncate();
+  ProcessRawBytes(nssComponent, &temp,text);
+  printableItem->SetDisplayValue(text);
+  asn1Objects->AppendElement(printableItem, false);
+  return NS_OK;
+}
+
+uint32_t 
+getCertType(CERTCertificate *cert)
+{
+  nsNSSCertTrust trust(cert->trust);
+  if (cert->nickname && trust.HasAnyUser())
+    return nsIX509Cert::USER_CERT;
+  if (trust.HasAnyCA())
+    return nsIX509Cert::CA_CERT;
+  if (trust.HasPeer(true, false, false))
+    return nsIX509Cert::SERVER_CERT;
+  if (trust.HasPeer(false, true, false) && cert->emailAddr)
+    return nsIX509Cert::EMAIL_CERT;
+  if (CERT_IsCACert(cert, nullptr))
+    return nsIX509Cert::CA_CERT;
+  if (cert->emailAddr)
+    return nsIX509Cert::EMAIL_CERT;
+  return nsIX509Cert::UNKNOWN_CERT;
+}
+
+nsresult
+GetCertFingerprintByOidTag(CERTCertificate* nsscert,
+                           SECOidTag aOidTag, 
+                           nsCString &fp)
+{
+  Digest digest;
+  nsresult rv = digest.DigestBuf(aOidTag, nsscert->derCert.data,
+                                 nsscert->derCert.len);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  UniquePORTString tmpstr(CERT_Hexify(const_cast<SECItem*>(&digest.get()), 1));
+  NS_ENSURE_TRUE(tmpstr, NS_ERROR_OUT_OF_MEMORY);
+
+  fp.Assign(tmpstr.get());
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertHelper.h b/security/manager/ssl/nsNSSCertHelper.h
new file mode 100644
index 000000000..d84e1b39f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertHelper.h
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertHelper_h
+#define nsNSSCertHelper_h
+
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46
+#endif
+
+#include "certt.h"
+#include "nsString.h"
+
+uint32_t
+getCertType(CERTCertificate *cert);
+
+nsresult
+GetCertFingerprintByOidTag(CERTCertificate* nsscert,
+                           SECOidTag aOidTag, 
+                           nsCString &fp);
+
+#endif // nsNSSCertHelper_h
diff --git a/security/manager/ssl/nsNSSCertTrust.cpp b/security/manager/ssl/nsNSSCertTrust.cpp
new file mode 100644
index 000000000..b608aebe1
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertTrust.cpp
@@ -0,0 +1,233 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertTrust.h"
+
+void
+nsNSSCertTrust::AddCATrust(bool ssl, bool email, bool objSign)
+{
+  if (ssl) {
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+  if (email) {
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+  if (objSign) {
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+}
+
+void
+nsNSSCertTrust::AddPeerTrust(bool ssl, bool email, bool objSign)
+{
+  if (ssl)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
+  if (email)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
+  if (objSign)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
+}
+
+nsNSSCertTrust::nsNSSCertTrust()
+{
+  memset(&mTrust, 0, sizeof(CERTCertTrust));
+}
+
+nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, 
+                               unsigned int email, 
+                               unsigned int objsign)
+{
+  memset(&mTrust, 0, sizeof(CERTCertTrust));
+  addTrust(&mTrust.sslFlags, ssl);
+  addTrust(&mTrust.emailFlags, email);
+  addTrust(&mTrust.objectSigningFlags, objsign);
+}
+
+nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
+{
+  if (t)
+    memcpy(&mTrust, t, sizeof(CERTCertTrust));
+  else
+    memset(&mTrust, 0, sizeof(CERTCertTrust)); 
+}
+
+nsNSSCertTrust::~nsNSSCertTrust()
+{
+}
+
+void
+nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer,
+                            bool ca,   bool tCA, bool tClientCA,
+                            bool user, bool warn)
+{
+  mTrust.sslFlags = 0;
+  if (peer || tPeer)
+    addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
+  if (ca || tCA)
+    addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
+  if (tClientCA)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
+  if (user)
+    addTrust(&mTrust.sslFlags, CERTDB_USER);
+  if (warn)
+    addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
+}
+
+void
+nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer,
+                              bool ca,   bool tCA, bool tClientCA,
+                              bool user, bool warn)
+{
+  mTrust.emailFlags = 0;
+  if (peer || tPeer)
+    addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
+  if (ca || tCA)
+    addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
+  if (tClientCA)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
+  if (user)
+    addTrust(&mTrust.emailFlags, CERTDB_USER);
+  if (warn)
+    addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
+}
+
+void
+nsNSSCertTrust::SetObjSignTrust(bool peer, bool tPeer,
+                                bool ca,   bool tCA, bool tClientCA,
+                                bool user, bool warn)
+{
+  mTrust.objectSigningFlags = 0;
+  if (peer || tPeer)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
+  if (ca || tCA)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);
+  if (tClientCA)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
+  if (user)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_USER);
+  if (warn)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);
+}
+
+void
+nsNSSCertTrust::SetValidCA()
+{
+  SetSSLTrust(false, false,
+              true, false, false,
+              false, false);
+  SetEmailTrust(false, false,
+                true, false, false,
+                false, false);
+  SetObjSignTrust(false, false,
+                  true, false, false,
+                  false, false);
+}
+
+void 
+nsNSSCertTrust::SetValidPeer()
+{
+  SetSSLTrust(true, false,
+              false, false, false,
+              false, false);
+  SetEmailTrust(true, false,
+                false, false, false,
+                false, false);
+  SetObjSignTrust(true, false,
+                  false, false, false,
+                  false, false);
+}
+
+bool
+nsNSSCertTrust::HasAnyCA()
+{
+  if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
+      hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
+      hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
+    return true;
+  return false;
+}
+
+bool
+nsNSSCertTrust::HasPeer(bool checkSSL, 
+                        bool checkEmail,  
+                        bool checkObjSign)
+{
+  if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  return true;
+}
+
+bool
+nsNSSCertTrust::HasAnyUser()
+{
+  if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
+      hasTrust(mTrust.emailFlags, CERTDB_USER) ||
+      hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
+    return true;
+  return false;
+}
+
+bool
+nsNSSCertTrust::HasTrustedCA(bool checkSSL, 
+                             bool checkEmail,  
+                             bool checkObjSign)
+{
+  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
+                    hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
+                      hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  if (checkObjSign && 
+       !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) ||
+         hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  return true;
+}
+
+bool
+nsNSSCertTrust::HasTrustedPeer(bool checkSSL, 
+                               bool checkEmail,  
+                               bool checkObjSign)
+{
+  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
+    return false;
+  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
+    return false;
+  if (checkObjSign && 
+       !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED)))
+    return false;
+  return true;
+}
+
+void
+nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
+{
+  *t |= v;
+}
+
+bool
+nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
+{
+  return !!(t & v);
+}
diff --git a/security/manager/ssl/nsNSSCertTrust.h b/security/manager/ssl/nsNSSCertTrust.h
new file mode 100644
index 000000000..c3f7e5441
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertTrust.h
@@ -0,0 +1,70 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertTrust_h
+#define nsNSSCertTrust_h
+
+#include "certdb.h"
+#include "certt.h"
+
+/*
+ * Class for maintaining trust flags for an NSS certificate.
+ */
+class nsNSSCertTrust
+{
+public:
+  nsNSSCertTrust();
+  nsNSSCertTrust(unsigned int ssl, unsigned int email, unsigned int objsign);
+  explicit nsNSSCertTrust(CERTCertTrust *t);
+  virtual ~nsNSSCertTrust();
+
+  /* query */
+  bool HasAnyCA();
+  bool HasAnyUser();
+  bool HasPeer(bool checkSSL = true, 
+                 bool checkEmail = true,  
+                 bool checkObjSign = true);
+  bool HasTrustedCA(bool checkSSL = true, 
+                      bool checkEmail = true,  
+                      bool checkObjSign = true);
+  bool HasTrustedPeer(bool checkSSL = true, 
+                        bool checkEmail = true,  
+                        bool checkObjSign = true);
+
+  /* common defaults */
+  /* equivalent to "c,c,c" */
+  void SetValidCA();
+  /* equivalent to "p,p,p" */
+  void SetValidPeer();
+
+  /* general setters */
+  /* read: "p, P, c, C, T, u, w" */
+  void SetSSLTrust(bool peer, bool tPeer,
+                   bool ca,   bool tCA, bool tClientCA,
+                   bool user, bool warn); 
+
+  void SetEmailTrust(bool peer, bool tPeer,
+                     bool ca,   bool tCA, bool tClientCA,
+                     bool user, bool warn);
+
+  void SetObjSignTrust(bool peer, bool tPeer,
+                       bool ca,   bool tCA, bool tClientCA,
+                       bool user, bool warn);
+
+  /* set c <--> CT */
+  void AddCATrust(bool ssl, bool email, bool objSign);
+  /* set p <--> P */
+  void AddPeerTrust(bool ssl, bool email, bool objSign);
+
+  /* get it (const?) (shallow?) */
+  CERTCertTrust * GetTrust() { return &mTrust; }
+
+private:
+  void addTrust(unsigned int *t, unsigned int v);
+  void removeTrust(unsigned int *t, unsigned int v);
+  bool hasTrust(unsigned int t, unsigned int v);
+  CERTCertTrust mTrust;
+};
+
+#endif // nsNSSCertTrust_h
diff --git a/security/manager/ssl/nsNSSCertValidity.cpp b/security/manager/ssl/nsNSSCertValidity.cpp
new file mode 100644
index 000000000..536aafc8f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertValidity.cpp
@@ -0,0 +1,130 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertValidity.h"
+
+#include "cert.h"
+#include "mozilla/Assertions.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsReadableUtils.h"
+
+NS_IMPL_ISUPPORTS(nsX509CertValidity, nsIX509CertValidity)
+
+nsX509CertValidity::nsX509CertValidity(const mozilla::UniqueCERTCertificate& cert)
+  : mTimesInitialized(false)
+{
+  MOZ_ASSERT(cert);
+  if (!cert) {
+    return;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  if (CERT_GetCertTimes(cert.get(), &mNotBefore, &mNotAfter) == SECSuccess) {
+    mTimesInitialized = true;
+  }
+}
+
+nsX509CertValidity::~nsX509CertValidity()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBefore(PRTime* aNotBefore)
+{
+  NS_ENSURE_ARG(aNotBefore);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotBefore = mNotBefore;
+  return NS_OK;
+}
+
+nsresult
+nsX509CertValidity::FormatTime(const PRTime& aTimeDate,
+                               PRTimeParamFn aParamFn,
+                               const nsTimeFormatSelector aTimeFormatSelector,
+                               nsAString& aFormattedTimeDate)
+{
+  if (!mTimesInitialized)
+    return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIDateTimeFormat> dateFormatter = nsIDateTimeFormat::Create();
+  if (!dateFormatter) {
+    return NS_ERROR_FAILURE;
+  }
+
+  PRExplodedTime explodedTime;
+  PR_ExplodeTime(const_cast<PRTime&>(aTimeDate), aParamFn, &explodedTime);
+  return dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong,
+					     aTimeFormatSelector,
+					     &explodedTime, aFormattedTimeDate);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBeforeLocalTime(nsAString& aNotBeforeLocalTime)
+{
+  return FormatTime(mNotBefore, PR_LocalTimeParameters,
+                    kTimeFormatSeconds, aNotBeforeLocalTime);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBeforeLocalDay(nsAString& aNotBeforeLocalDay)
+{
+  return FormatTime(mNotBefore, PR_LocalTimeParameters,
+                    kTimeFormatNone, aNotBeforeLocalDay);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBeforeGMT(nsAString& aNotBeforeGMT)
+{
+  return FormatTime(mNotBefore, PR_GMTParameters,
+                    kTimeFormatSeconds, aNotBeforeGMT);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfter(PRTime* aNotAfter)
+{
+  NS_ENSURE_ARG(aNotAfter);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotAfter = mNotAfter;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfterLocalTime(nsAString& aNotAfterLocaltime)
+{
+  return FormatTime(mNotAfter, PR_LocalTimeParameters,
+                    kTimeFormatSeconds, aNotAfterLocaltime);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfterLocalDay(nsAString& aNotAfterLocalDay)
+{
+  return FormatTime(mNotAfter, PR_LocalTimeParameters,
+                    kTimeFormatNone, aNotAfterLocalDay);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfterGMT(nsAString& aNotAfterGMT)
+{
+  return FormatTime(mNotAfter, PR_GMTParameters,
+                    kTimeFormatSeconds, aNotAfterGMT);
+}
diff --git a/security/manager/ssl/nsNSSCertValidity.h b/security/manager/ssl/nsNSSCertValidity.h
new file mode 100644
index 000000000..79c95e383
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertValidity.h
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertValidity_h
+#define nsNSSCertValidity_h
+
+#include "ScopedNSSTypes.h"
+#include "nsIDateTimeFormat.h"
+#include "nsIX509CertValidity.h"
+#include "nsNSSShutDown.h"
+
+class nsX509CertValidity : public nsIX509CertValidity
+                         , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTVALIDITY
+
+  explicit nsX509CertValidity(const mozilla::UniqueCERTCertificate& cert);
+
+protected:
+  virtual ~nsX509CertValidity();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+private:
+  nsresult FormatTime(const PRTime& aTime,
+                      PRTimeParamFn aParamFn,
+                      const nsTimeFormatSelector aTimeFormatSelector,
+                      nsAString& aFormattedTimeDate);
+
+  PRTime mNotBefore;
+  PRTime mNotAfter;
+  bool mTimesInitialized;
+
+  nsX509CertValidity(const nsX509CertValidity& x) = delete;
+  nsX509CertValidity& operator=(const nsX509CertValidity& x) = delete;
+};
+
+#endif // nsNSSCertValidity_h
diff --git a/security/manager/ssl/nsNSSCertificate.cpp b/security/manager/ssl/nsNSSCertificate.cpp
new file mode 100644
index 000000000..12fca5065
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -0,0 +1,1635 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificate.h"
+
+#include "CertVerifier.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "certdb.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/Unused.h"
+#include "nsArray.h"
+#include "nsCOMPtr.h"
+#include "nsCRT.h"
+#include "nsICertificateDialogs.h"
+#include "nsIClassInfoImpl.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsISupportsPrimitives.h"
+#include "nsIURI.h"
+#include "nsIX509Cert.h"
+#include "nsNSSASN1Object.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertValidity.h"
+#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
+#include "nsPK11TokenDB.h"
+#include "nsPKCS12Blob.h"
+#include "nsProxyRelease.h"
+#include "nsReadableUtils.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+#include "nsUnicharUtils.h"
+#include "nsXULAppAPI.h"
+#include "nspr.h"
+#include "pkix/pkixnss.h"
+#include "pkix/pkixtypes.h"
+#include "pkix/Result.h"
+#include "prerror.h"
+#include "prmem.h"
+#include "prprf.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#ifdef XP_WIN
+#include <winsock.h> // for htonl
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+// This is being stored in an uint32_t that can otherwise
+// only take values from nsIX509Cert's list of cert types.
+// As nsIX509Cert is frozen, we choose a value not contained
+// in the list to mean not yet initialized.
+#define CERT_TYPE_NOT_YET_INITIALIZED (1 << 30)
+
+NS_IMPL_ISUPPORTS(nsNSSCertificate,
+                  nsIX509Cert,
+                  nsISerializable,
+                  nsIClassInfo)
+
+static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+/*static*/ nsNSSCertificate*
+nsNSSCertificate::Create(CERTCertificate* cert)
+{
+  if (GeckoProcessType_Default != XRE_GetProcessType()) {
+    NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!");
+    return nullptr;
+  }
+  if (cert)
+    return new nsNSSCertificate(cert);
+  else
+    return new nsNSSCertificate();
+}
+
+nsNSSCertificate*
+nsNSSCertificate::ConstructFromDER(char* certDER, int derLen)
+{
+  // On non-chrome process prevent instantiation
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+    return nullptr;
+
+  nsNSSCertificate* newObject = nsNSSCertificate::Create();
+  if (newObject && !newObject->InitFromDER(certDER, derLen)) {
+    delete newObject;
+    newObject = nullptr;
+  }
+
+  return newObject;
+}
+
+bool
+nsNSSCertificate::InitFromDER(char* certDER, int derLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return false;
+
+  if (!certDER || !derLen)
+    return false;
+
+  CERTCertificate* aCert = CERT_DecodeCertFromPackage(certDER, derLen);
+
+  if (!aCert)
+    return false;
+
+  if (!aCert->dbhandle)
+  {
+    aCert->dbhandle = CERT_GetDefaultCertDB();
+  }
+
+  mCert.reset(aCert);
+  return true;
+}
+
+nsNSSCertificate::nsNSSCertificate(CERTCertificate* cert)
+  : mCert(nullptr)
+  , mPermDelete(false)
+  , mCertType(CERT_TYPE_NOT_YET_INITIALIZED)
+{
+#if defined(DEBUG)
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+    NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!");
+#endif
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  if (cert) {
+    mCert.reset(CERT_DupCertificate(cert));
+  }
+}
+
+nsNSSCertificate::nsNSSCertificate()
+  : mCert(nullptr)
+  , mPermDelete(false)
+  , mCertType(CERT_TYPE_NOT_YET_INITIALIZED)
+{
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+    NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!");
+}
+
+nsNSSCertificate::~nsNSSCertificate()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void nsNSSCertificate::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void nsNSSCertificate::destructorSafeDestroyNSSReference()
+{
+  if (mPermDelete) {
+    if (mCertType == nsNSSCertificate::USER_CERT) {
+      nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
+      PK11_DeleteTokenCertAndKey(mCert.get(), cxt);
+    } else if (mCert->slot && !PK11_IsReadOnly(mCert->slot)) {
+      // If the list of built-ins does contain a non-removable
+      // copy of this certificate, our call will not remove
+      // the certificate permanently, but rather remove all trust.
+      SEC_DeletePermCertificate(mCert.get());
+    }
+  }
+
+  mCert = nullptr;
+}
+
+nsresult
+nsNSSCertificate::GetCertType(uint32_t* aCertType)
+{
+  if (mCertType == CERT_TYPE_NOT_YET_INITIALIZED) {
+     // only determine cert type once and cache it
+     mCertType = getCertType(mCert.get());
+  }
+  *aCertType = mCertType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIsSelfSigned(bool* aIsSelfSigned)
+{
+  NS_ENSURE_ARG(aIsSelfSigned);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *aIsSelfSigned = mCert->isRoot;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot)
+{
+  NS_ENSURE_ARG(aIsBuiltInRoot);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  pkix::Result rv = IsCertBuiltInRoot(mCert.get(), *aIsBuiltInRoot);
+  if (rv != pkix::Result::Success) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificate::MarkForPermDeletion()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // make sure user is logged in to the token
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+
+  if (mCert->slot && PK11_NeedLogin(mCert->slot) &&
+      !PK11_NeedUserInit(mCert->slot) && !PK11_IsInternal(mCert->slot)) {
+    if (SECSuccess != PK11_Authenticate(mCert->slot, true, ctx)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  mPermDelete = true;
+  return NS_OK;
+}
+
+/**
+ * Appends a pipnss bundle string to the given string.
+ *
+ * @param nssComponent For accessing the string bundle.
+ * @param bundleKey Key for the string to append.
+ * @param currentText The text to append to, using commas as separators.
+ */
+template<size_t N>
+void
+AppendBundleString(const NotNull<nsCOMPtr<nsINSSComponent>>& nssComponent,
+                   const char (&bundleKey)[N],
+        /*in/out*/ nsAString& currentText)
+{
+  nsAutoString bundleString;
+  nsresult rv = nssComponent->GetPIPNSSBundleString(bundleKey, bundleString);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  if (!currentText.IsEmpty()) {
+    currentText.Append(',');
+  }
+  currentText.Append(bundleString);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetKeyUsages(nsAString& text)
+{
+  text.Truncate();
+
+  nsCOMPtr<nsINSSComponent> nssComponent = do_GetService(kNSSComponentCID);
+  if (!nssComponent) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCert->extensions) {
+    return NS_OK;
+  }
+
+  ScopedAutoSECItem keyUsageItem;
+  if (CERT_FindKeyUsageExtension(mCert.get(), &keyUsageItem) != SECSuccess) {
+    return PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND ? NS_OK
+                                                            : NS_ERROR_FAILURE;
+  }
+
+  unsigned char keyUsage = 0;
+  if (keyUsageItem.len) {
+    keyUsage = keyUsageItem.data[0];
+  }
+
+  NotNull<nsCOMPtr<nsINSSComponent>> wrappedNSSComponent =
+    WrapNotNull(nssComponent);
+  if (keyUsage & KU_DIGITAL_SIGNATURE) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUSign", text);
+  }
+  if (keyUsage & KU_NON_REPUDIATION) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUNonRep", text);
+  }
+  if (keyUsage & KU_KEY_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUEnc", text);
+  }
+  if (keyUsage & KU_DATA_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUDEnc", text);
+  }
+  if (keyUsage & KU_KEY_AGREEMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUKA", text);
+  }
+  if (keyUsage & KU_KEY_CERT_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCertSign", text);
+  }
+  if (keyUsage & KU_CRL_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSign", text);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetDbKey(nsACString& aDbKey)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  return GetDbKey(mCert, aDbKey);
+}
+
+nsresult
+nsNSSCertificate::GetDbKey(const UniqueCERTCertificate& cert, nsACString& aDbKey)
+{
+  static_assert(sizeof(uint64_t) == 8, "type size sanity check");
+  static_assert(sizeof(uint32_t) == 4, "type size sanity check");
+  // The format of the key is the base64 encoding of the following:
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was
+  //                        never implemented)
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was
+  //                        never implemented)
+  // 4 bytes: <serial number length in big-endian order>
+  // 4 bytes: <DER-encoded issuer distinguished name length in big-endian order>
+  // n bytes: <bytes of serial number>
+  // m bytes: <DER-encoded issuer distinguished name>
+  nsAutoCString buf;
+  const char leadingZeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
+  buf.Append(leadingZeroes, sizeof(leadingZeroes));
+  uint32_t serialNumberLen = htonl(cert->serialNumber.len);
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&serialNumberLen),
+             sizeof(uint32_t));
+  uint32_t issuerLen = htonl(cert->derIssuer.len);
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&issuerLen),
+             sizeof(uint32_t));
+  buf.Append(BitwiseCast<char*, unsigned char*>(cert->serialNumber.data),
+             cert->serialNumber.len);
+  buf.Append(BitwiseCast<char*, unsigned char*>(cert->derIssuer.data),
+             cert->derIssuer.len);
+
+  return Base64Encode(buf, aDbKey);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetWindowTitle(nsAString& aWindowTitle)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aWindowTitle.Truncate();
+
+  if (!mCert) {
+    NS_ERROR("Somehow got nullptr for mCert in nsNSSCertificate.");
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePORTString commonName(CERT_GetCommonName(&mCert->subject));
+
+  const char* titleOptions[] = {
+    mCert->nickname,
+    commonName.get(),
+    mCert->subjectName,
+    mCert->emailAddr
+  };
+
+  nsAutoCString titleOption;
+  for (size_t i = 0; i < ArrayLength(titleOptions); i++) {
+    titleOption = titleOptions[i];
+    if (titleOption.Length() > 0 && IsUTF8(titleOption)) {
+      CopyUTF8toUTF16(titleOption, aWindowTitle);
+      return NS_OK;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetNickname(nsAString& aNickname)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mCert->nickname) {
+    CopyUTF8toUTF16(mCert->nickname, aNickname);
+  } else {
+    nsresult rv;
+    nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+    if (NS_FAILED(rv) || !nssComponent) {
+      return NS_ERROR_FAILURE;
+    }
+    nssComponent->GetPIPNSSBundleString("CertNoNickname", aNickname);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mCert->emailAddr) {
+    CopyUTF8toUTF16(mCert->emailAddr, aEmailAddress);
+  } else {
+    nsresult rv;
+    nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+    if (NS_FAILED(rv) || !nssComponent) {
+      return NS_ERROR_FAILURE;
+    }
+    nssComponent->GetPIPNSSBundleString("CertNoEmailAddress", aEmailAddress);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetEmailAddresses(uint32_t* aLength, char16_t*** aAddresses)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aLength);
+  NS_ENSURE_ARG(aAddresses);
+
+  *aLength = 0;
+
+  const char* aAddr;
+  for (aAddr = CERT_GetFirstEmailAddress(mCert.get())
+       ;
+       aAddr
+       ;
+       aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr))
+  {
+    ++(*aLength);
+  }
+
+  *aAddresses = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength));
+  if (!*aAddresses)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  uint32_t iAddr;
+  for (aAddr = CERT_GetFirstEmailAddress(mCert.get()), iAddr = 0
+       ;
+       aAddr
+       ;
+       aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr), ++iAddr)
+  {
+    (*aAddresses)[iAddr] = ToNewUnicode(NS_ConvertUTF8toUTF16(aAddr));
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress,
+                                       bool* result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(result);
+  *result = false;
+
+  const char* aAddr = nullptr;
+  for (aAddr = CERT_GetFirstEmailAddress(mCert.get())
+       ;
+       aAddr
+       ;
+       aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr))
+  {
+    NS_ConvertUTF8toUTF16 certAddr(aAddr);
+    ToLowerCase(certAddr);
+
+    nsAutoString testAddr(aEmailAddress);
+    ToLowerCase(testAddr);
+
+    if (certAddr == testAddr)
+    {
+      *result = true;
+      break;
+    }
+
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetCommonName(nsAString& aCommonName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aCommonName.Truncate();
+  if (mCert) {
+    UniquePORTString commonName(CERT_GetCommonName(&mCert->subject));
+    if (commonName) {
+      aCommonName = NS_ConvertUTF8toUTF16(commonName.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganization(nsAString& aOrganization)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganization.Truncate();
+  if (mCert) {
+    UniquePORTString organization(CERT_GetOrgName(&mCert->subject));
+    if (organization) {
+      aOrganization = NS_ConvertUTF8toUTF16(organization.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aCommonName.Truncate();
+  if (mCert) {
+    UniquePORTString commonName(CERT_GetCommonName(&mCert->issuer));
+    if (commonName) {
+      aCommonName = NS_ConvertUTF8toUTF16(commonName.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganization.Truncate();
+  if (mCert) {
+    UniquePORTString organization(CERT_GetOrgName(&mCert->issuer));
+    if (organization) {
+      aOrganization = NS_ConvertUTF8toUTF16(organization.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganizationUnit.Truncate();
+  if (mCert) {
+    UniquePORTString organizationUnit(CERT_GetOrgUnitName(&mCert->issuer));
+    if (organizationUnit) {
+      aOrganizationUnit = NS_ConvertUTF8toUTF16(organizationUnit.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuer(nsIX509Cert** aIssuer)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aIssuer);
+  *aIssuer = nullptr;
+
+  nsCOMPtr<nsIArray> chain;
+  nsresult rv;
+  rv = GetChain(getter_AddRefs(chain));
+  NS_ENSURE_SUCCESS(rv, rv);
+  uint32_t length;
+  if (!chain || NS_FAILED(chain->GetLength(&length)) || length == 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  if (length == 1) { // No known issuer
+    return NS_OK;
+  }
+  nsCOMPtr<nsIX509Cert> cert;
+  chain->QueryElementAt(1, NS_GET_IID(nsIX509Cert), getter_AddRefs(cert));
+  if (!cert) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  cert.forget(aIssuer);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganizationalUnit(nsAString& aOrganizationalUnit)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganizationalUnit.Truncate();
+  if (mCert) {
+    UniquePORTString orgunit(CERT_GetOrgUnitName(&mCert->subject));
+    if (orgunit) {
+      aOrganizationalUnit = NS_ConvertUTF8toUTF16(orgunit.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetChain(nsIArray** _rvChain)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(_rvChain);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting chain for \"%s\"\n", mCert->nickname));
+
+  mozilla::pkix::Time now(mozilla::pkix::Now());
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+
+  UniqueCERTCertList nssChain;
+  // We want to test all usages, but we start with server because most of the
+  // time Firefox users care about server certs.
+  if (certVerifier->VerifyCert(mCert.get(), certificateUsageSSLServer, now,
+                               nullptr, /*XXX fixme*/
+                               nullptr, /* hostname */
+                               nssChain,
+                               CertVerifier::FLAG_LOCAL_ONLY)
+        != mozilla::pkix::Success) {
+    nssChain = nullptr;
+    // keep going
+  }
+
+  // This is the whitelist of all non-SSLServer usages that are supported by
+  // verifycert.
+  const int otherUsagesToTest = certificateUsageSSLClient |
+                                certificateUsageSSLCA |
+                                certificateUsageEmailSigner |
+                                certificateUsageEmailRecipient |
+                                certificateUsageObjectSigner |
+                                certificateUsageStatusResponder;
+  for (int usage = certificateUsageSSLClient;
+       usage < certificateUsageAnyCA && !nssChain;
+       usage = usage << 1) {
+    if ((usage & otherUsagesToTest) == 0) {
+      continue;
+    }
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("pipnss: PKIX attempting chain(%d) for '%s'\n",
+            usage, mCert->nickname));
+    if (certVerifier->VerifyCert(mCert.get(), usage, now,
+                                 nullptr, /*XXX fixme*/
+                                 nullptr, /*hostname*/
+                                 nssChain,
+                                 CertVerifier::FLAG_LOCAL_ONLY)
+          != mozilla::pkix::Success) {
+      nssChain = nullptr;
+      // keep going
+    }
+  }
+
+  if (!nssChain) {
+    // There is not verified path for the chain, however we still want to
+    // present to the user as much of a possible chain as possible, in the case
+    // where there was a problem with the cert or the issuers.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("pipnss: getchain :CertVerify failed to get chain for '%s'\n",
+            mCert->nickname));
+    nssChain = UniqueCERTCertList(
+      CERT_GetCertChainFromCert(mCert.get(), PR_Now(), certUsageSSLClient));
+  }
+  if (!nssChain) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // enumerate the chain for scripting purposes
+  nsCOMPtr<nsIMutableArray> array = nsArrayBase::Create();
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+  CERTCertListNode* node;
+  for (node = CERT_LIST_HEAD(nssChain.get());
+       !CERT_LIST_END(node, nssChain.get());
+       node = CERT_LIST_NEXT(node)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("adding %s to chain\n", node->cert->nickname));
+    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::Create(node->cert);
+    array->AppendElement(cert, false);
+  }
+  *_rvChain = array;
+  NS_IF_ADDREF(*_rvChain);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetAllTokenNames(uint32_t* aLength, char16_t*** aTokenNames)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aLength);
+  NS_ENSURE_ARG(aTokenNames);
+  *aLength = 0;
+  *aTokenNames = nullptr;
+
+  // Get the slots from NSS
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting slots for \"%s\"\n", mCert->nickname));
+  UniquePK11SlotList slots(PK11_GetAllSlotsForCert(mCert.get(), nullptr));
+  if (!slots) {
+    if (PORT_GetError() == SEC_ERROR_NO_TOKEN) {
+      return NS_OK; // List of slots is empty, return empty array
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // read the token names from slots
+  PK11SlotListElement* le;
+
+  for (le = slots->head; le; le = le->next) {
+    ++(*aLength);
+  }
+
+  *aTokenNames = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength));
+  if (!*aTokenNames) {
+    *aLength = 0;
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  uint32_t iToken;
+  for (le = slots->head, iToken = 0; le; le = le->next, ++iToken) {
+    char* token = PK11_GetTokenName(le->slot);
+    (*aTokenNames)[iToken] = ToNewUnicode(NS_ConvertUTF8toUTF16(token));
+    if (!(*aTokenNames)[iToken]) {
+      NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(iToken, *aTokenNames);
+      *aLength = 0;
+      *aTokenNames = nullptr;
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSubjectName(nsAString& _subjectName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  _subjectName.Truncate();
+  if (mCert->subjectName) {
+    _subjectName = NS_ConvertUTF8toUTF16(mCert->subjectName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerName(nsAString& _issuerName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  _issuerName.Truncate();
+  if (mCert->issuerName) {
+    _issuerName = NS_ConvertUTF8toUTF16(mCert->issuerName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  _serialNumber.Truncate();
+  UniquePORTString tmpstr(CERT_Hexify(&mCert->serialNumber, 1));
+  if (tmpstr) {
+    _serialNumber = NS_ConvertASCIItoUTF16(tmpstr.get());
+    return NS_OK;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+nsresult
+nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aFingerprint.Truncate();
+  Digest digest;
+  nsresult rv = digest.DigestBuf(aHashAlg, mCert->derCert.data,
+                                 mCert->derCert.len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // CERT_Hexify's second argument is an int that is interpreted as a boolean
+  UniquePORTString fpStr(CERT_Hexify(const_cast<SECItem*>(&digest.get()), 1));
+  if (!fpStr) {
+    return NS_ERROR_FAILURE;
+  }
+
+  aFingerprint.AssignASCII(fpStr.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha256Fingerprint(nsAString& aSha256Fingerprint)
+{
+  return GetCertificateHash(aSha256Fingerprint, SEC_OID_SHA256);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint)
+{
+  return GetCertificateHash(_sha1Fingerprint, SEC_OID_SHA1);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetTokenName(nsAString& aTokenName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aTokenName.Truncate();
+  if (mCert) {
+    // HACK alert
+    // When the trust of a builtin cert is modified, NSS copies it into the
+    // cert db.  At this point, it is now "managed" by the user, and should
+    // not be listed with the builtins.  However, in the collection code
+    // used by PK11_ListCerts, the cert is found in the temp db, where it
+    // has been loaded from the token.  Though the trust is correct (grabbed
+    // from the cert db), the source is wrong.  I believe this is a safe
+    // way to work around this.
+    if (mCert->slot) {
+      char* token = PK11_GetTokenName(mCert->slot);
+      if (token) {
+        aTokenName = NS_ConvertUTF8toUTF16(token);
+      }
+    } else {
+      nsresult rv;
+      nsAutoString tok;
+      nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+      if (NS_FAILED(rv)) return rv;
+      rv = nssComponent->GetPIPNSSBundleString("InternalToken", tok);
+      if (NS_SUCCEEDED(rv))
+        aTokenName = tok;
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDigest)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aSha256SPKIDigest.Truncate();
+  Digest digest;
+  nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mCert->derPublicKey.data,
+                                 mCert->derPublicKey.len);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  rv = Base64Encode(nsDependentCSubstring(
+                      BitwiseCast<char*, unsigned char*>(digest.get().data),
+                      digest.get().len),
+                    aSha256SPKIDigest);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetRawDER(uint32_t* aLength, uint8_t** aArray)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mCert) {
+    *aArray = (uint8_t*)moz_xmalloc(mCert->derCert.len);
+    if (*aArray) {
+      memcpy(*aArray, mCert->derCert.data, mCert->derCert.len);
+      *aLength = mCert->derCert.len;
+      return NS_OK;
+    }
+  }
+  *aLength = 0;
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
+                              uint32_t* aLength, uint8_t** aArray)
+{
+  NS_ENSURE_ARG(aLength);
+  NS_ENSURE_ARG(aArray);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (!mCert)
+    return NS_ERROR_FAILURE;
+
+  switch (chainMode) {
+    case nsIX509Cert::CMS_CHAIN_MODE_CertOnly:
+    case nsIX509Cert::CMS_CHAIN_MODE_CertChain:
+    case nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot:
+      break;
+    default:
+      return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
+  if (!cmsg) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't create CMS message\n"));
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // first, create SignedData with the certificate only (no chain)
+  UniqueNSSCMSSignedData sigd(
+    NSS_CMSSignedData_CreateCertsOnly(cmsg.get(), mCert.get(), false));
+  if (!sigd) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't create SignedData\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Calling NSS_CMSSignedData_CreateCertsOnly() will not allow us
+  // to specify the inclusion of the root, but CERT_CertChainFromCert() does.
+  // Since CERT_CertChainFromCert() also includes the certificate itself,
+  // we have to start at the issuing cert (to avoid duplicate certs
+  // in the SignedData).
+  if (chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChain ||
+      chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot) {
+    UniqueCERTCertificate issuerCert(
+      CERT_FindCertIssuer(mCert.get(), PR_Now(), certUsageAnyCA));
+    // the issuerCert of a self signed root is the cert itself,
+    // so make sure we're not adding duplicates, again
+    if (issuerCert && issuerCert != mCert) {
+      bool includeRoot =
+        (chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot);
+      UniqueCERTCertificateList certChain(
+        CERT_CertChainFromCert(issuerCert.get(), certUsageAnyCA, includeRoot));
+      if (certChain) {
+        if (NSS_CMSSignedData_AddCertList(sigd.get(), certChain.get())
+              == SECSuccess) {
+          Unused << certChain.release();
+        }
+        else {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                 ("nsNSSCertificate::ExportAsCMS - can't add chain\n"));
+          return NS_ERROR_FAILURE;
+        }
+      }
+      else {
+        // try to add the issuerCert, at least
+        if (NSS_CMSSignedData_AddCertificate(sigd.get(), issuerCert.get())
+              == SECSuccess) {
+          Unused << issuerCert.release();
+        }
+        else {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                 ("nsNSSCertificate::ExportAsCMS - can't add issuer cert\n"));
+          return NS_ERROR_FAILURE;
+        }
+      }
+    }
+  }
+
+  NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg.get());
+  if (NSS_CMSContentInfo_SetContent_SignedData(cmsg.get(), cinfo, sigd.get())
+       == SECSuccess) {
+    Unused << sigd.release();
+  }
+  else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't attach SignedData\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(1024));
+  if (!arena) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - out of memory\n"));
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  SECItem certP7 = { siBuffer, nullptr, 0 };
+  NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(cmsg.get(), nullptr, nullptr,
+                                                   &certP7, arena.get(), nullptr,
+                                                   nullptr, nullptr, nullptr,
+                                                   nullptr, nullptr);
+  if (!ecx) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't create encoder context\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - failed to add encoded data\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  *aArray = (uint8_t*)moz_xmalloc(certP7.len);
+  if (!*aArray)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  memcpy(*aArray, certP7.data, certP7.len);
+  *aLength = certP7.len;
+  return NS_OK;
+}
+
+CERTCertificate*
+nsNSSCertificate::GetCert()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return nullptr;
+
+  return (mCert) ? CERT_DupCertificate(mCert.get()) : nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetValidity(nsIX509CertValidity** aValidity)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aValidity);
+
+  if (!mCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509CertValidity> validity = new nsX509CertValidity(mCert);
+  validity.forget(aValidity);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetASN1Structure(nsIASN1Object** aASN1Structure)
+{
+  NS_ENSURE_ARG_POINTER(aASN1Structure);
+  return CreateASN1Struct(aASN1Structure);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::Equals(nsIX509Cert* other, bool* result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(other);
+  NS_ENSURE_ARG(result);
+
+  UniqueCERTCertificate cert(other->GetCert());
+  *result = (mCert.get() == cert.get());
+  return NS_OK;
+}
+
+namespace mozilla {
+
+// TODO(bug 1036065): It seems like we only construct CERTCertLists for the
+// purpose of constructing nsNSSCertLists, so maybe we should change this
+// function to output an nsNSSCertList instead.
+SECStatus
+ConstructCERTCertListFromReversedDERArray(
+  const mozilla::pkix::DERArray& certArray,
+  /*out*/ UniqueCERTCertList& certList)
+{
+  certList = UniqueCERTCertList(CERT_NewCertList());
+  if (!certList) {
+    return SECFailure;
+  }
+
+  CERTCertDBHandle* certDB(CERT_GetDefaultCertDB()); // non-owning
+
+  size_t numCerts = certArray.GetLength();
+  for (size_t i = 0; i < numCerts; ++i) {
+    SECItem certDER(UnsafeMapInputToSECItem(*certArray.GetDER(i)));
+    UniqueCERTCertificate cert(CERT_NewTempCertificate(certDB, &certDER,
+                                                       nullptr, false, true));
+    if (!cert) {
+      return SECFailure;
+    }
+    // certArray is ordered with the root first, but we want the resulting
+    // certList to have the root last.
+    if (CERT_AddCertToListHead(certList.get(), cert.get()) != SECSuccess) {
+      return SECFailure;
+    }
+    Unused << cert.release(); // cert is now owned by certList.
+  }
+
+  return SECSuccess;
+}
+
+} // namespace mozilla
+
+NS_IMPL_CLASSINFO(nsNSSCertList,
+                  nullptr,
+                  // inferred from nsIX509Cert
+                  nsIClassInfo::THREADSAFE,
+                  NS_X509CERTLIST_CID)
+
+NS_IMPL_ISUPPORTS_CI(nsNSSCertList,
+                     nsIX509CertList,
+                     nsISerializable)
+
+nsNSSCertList::nsNSSCertList(UniqueCERTCertList certList,
+                             const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  if (certList) {
+    mCertList = Move(certList);
+  } else {
+    mCertList = UniqueCERTCertList(CERT_NewCertList());
+  }
+}
+
+nsNSSCertList::nsNSSCertList()
+{
+  mCertList = UniqueCERTCertList(CERT_NewCertList());
+}
+
+nsNSSCertList::~nsNSSCertList()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void nsNSSCertList::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void nsNSSCertList::destructorSafeDestroyNSSReference()
+{
+  mCertList = nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::AddCert(nsIX509Cert* aCert)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  CERTCertificate* cert = aCert->GetCert();
+  if (!cert) {
+    NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate.");
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCertList) {
+    NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList.");
+    return NS_ERROR_FAILURE;
+  }
+  // XXX: check return value!
+  CERT_AddCertToListTail(mCertList.get(), cert);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::DeleteCert(nsIX509Cert* aCert)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  CERTCertificate* cert = aCert->GetCert();
+  CERTCertListNode* node;
+
+  if (!cert) {
+    NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate.");
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCertList) {
+    NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList.");
+    return NS_ERROR_FAILURE;
+  }
+
+  for (node = CERT_LIST_HEAD(mCertList.get());
+       !CERT_LIST_END(node, mCertList.get()); node = CERT_LIST_NEXT(node)) {
+    if (node->cert == cert) {
+	CERT_RemoveCertListNode(node);
+        return NS_OK;
+    }
+  }
+  return NS_OK; // XXX Should we fail if we couldn't find it?
+}
+
+UniqueCERTCertList
+nsNSSCertList::DupCertList(const UniqueCERTCertList& certList,
+                           const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  if (!certList) {
+    return nullptr;
+  }
+
+  UniqueCERTCertList newList(CERT_NewCertList());
+  if (!newList) {
+    return nullptr;
+  }
+
+  for (CERTCertListNode* node = CERT_LIST_HEAD(certList);
+       !CERT_LIST_END(node, certList);
+       node = CERT_LIST_NEXT(node)) {
+    UniqueCERTCertificate cert(CERT_DupCertificate(node->cert));
+    if (!cert) {
+      return nullptr;
+    }
+
+    if (CERT_AddCertToListTail(newList.get(), cert.get()) != SECSuccess) {
+      return nullptr;
+    }
+
+    Unused << cert.release(); // Ownership transferred to the cert list.
+  }
+  return newList;
+}
+
+CERTCertList*
+nsNSSCertList::GetRawCertList()
+{
+  // This function should only be called after acquiring a
+  // nsNSSShutDownPreventionLock. It's difficult to enforce this in code since
+  // this is an implementation of an XPCOM interface function (albeit a
+  // C++-only one), so we acquire the (reentrant) lock and check for shutdown
+  // ourselves here. At the moment it appears that only nsCertTree uses this
+  // function. When that gets removed and replaced by a more reasonable
+  // implementation of the certificate manager, this function can be removed.
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return nullptr;
+  }
+  return mCertList.get();
+}
+
+NS_IMETHODIMP
+nsNSSCertList::Write(nsIObjectOutputStream* aStream)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_STATE(mCertList);
+  nsresult rv = NS_OK;
+
+  // First, enumerate the certs to get the length of the list
+  uint32_t certListLen = 0;
+  CERTCertListNode* node = nullptr;
+  for (node = CERT_LIST_HEAD(mCertList);
+       !CERT_LIST_END(node, mCertList);
+       node = CERT_LIST_NEXT(node), ++certListLen) {
+  }
+
+  // Write the length of the list
+  rv = aStream->Write32(certListLen);
+
+  // Repeat the loop, and serialize each certificate
+  node = nullptr;
+  for (node = CERT_LIST_HEAD(mCertList);
+       !CERT_LIST_END(node, mCertList);
+       node = CERT_LIST_NEXT(node))
+  {
+    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::Create(node->cert);
+    if (!cert) {
+      rv = NS_ERROR_OUT_OF_MEMORY;
+      break;
+    }
+
+    nsCOMPtr<nsISerializable> serializableCert = do_QueryInterface(cert);
+    rv = aStream->WriteCompoundObject(serializableCert, NS_GET_IID(nsIX509Cert), true);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::Read(nsIObjectInputStream* aStream)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_STATE(mCertList);
+  nsresult rv = NS_OK;
+
+  uint32_t certListLen;
+  rv = aStream->Read32(&certListLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  for(uint32_t i = 0; i < certListLen; ++i) {
+    nsCOMPtr<nsISupports> certSupports;
+    rv = aStream->ReadObject(true, getter_AddRefs(certSupports));
+    if (NS_FAILED(rv)) {
+      break;
+    }
+
+    nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(certSupports);
+    rv = AddCert(cert);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::GetEnumerator(nsISimpleEnumerator** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mCertList) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsISimpleEnumerator> enumerator =
+    new nsNSSCertListEnumerator(mCertList, locker);
+
+  enumerator.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::Equals(nsIX509CertList* other, bool* result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(result);
+  *result = true;
+
+  nsresult rv;
+
+  nsCOMPtr<nsISimpleEnumerator> selfEnumerator;
+  rv = GetEnumerator(getter_AddRefs(selfEnumerator));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsISimpleEnumerator> otherEnumerator;
+  rv = other->GetEnumerator(getter_AddRefs(otherEnumerator));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsISupports> selfSupports;
+  nsCOMPtr<nsISupports> otherSupports;
+  while (NS_SUCCEEDED(selfEnumerator->GetNext(getter_AddRefs(selfSupports)))) {
+    if (NS_SUCCEEDED(otherEnumerator->GetNext(getter_AddRefs(otherSupports)))) {
+      nsCOMPtr<nsIX509Cert> selfCert = do_QueryInterface(selfSupports);
+      nsCOMPtr<nsIX509Cert> otherCert = do_QueryInterface(otherSupports);
+
+      bool certsEqual = false;
+      rv = selfCert->Equals(otherCert, &certsEqual);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      if (!certsEqual) {
+        *result = false;
+        break;
+      }
+    } else {
+      // other is shorter than self
+      *result = false;
+      break;
+    }
+  }
+
+  // Make sure self is the same length as other
+  bool otherHasMore = false;
+  rv = otherEnumerator->HasMoreElements(&otherHasMore);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (otherHasMore) {
+    *result = false;
+  }
+
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsNSSCertListEnumerator, nsISimpleEnumerator)
+
+nsNSSCertListEnumerator::nsNSSCertListEnumerator(
+  const UniqueCERTCertList& certList,
+  const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  MOZ_ASSERT(certList);
+  mCertList = nsNSSCertList::DupCertList(certList, proofOfLock);
+}
+
+nsNSSCertListEnumerator::~nsNSSCertListEnumerator()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void nsNSSCertListEnumerator::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void nsNSSCertListEnumerator::destructorSafeDestroyNSSReference()
+{
+  mCertList = nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertListEnumerator::HasMoreElements(bool* _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE);
+
+  *_retval = !CERT_LIST_EMPTY(mCertList);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertListEnumerator::GetNext(nsISupports** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE);
+
+  CERTCertListNode* node = CERT_LIST_HEAD(mCertList);
+  if (CERT_LIST_END(node, mCertList)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(node->cert);
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  nssCert.forget(_retval);
+
+  CERT_RemoveCertListNode(node);
+  return NS_OK;
+}
+
+// NB: This serialization must match that of nsNSSCertificateFakeTransport.
+NS_IMETHODIMP
+nsNSSCertificate::Write(nsIObjectOutputStream* aStream)
+{
+  NS_ENSURE_STATE(mCert);
+  // This field used to be the cached EV status, but it is no longer necessary.
+  nsresult rv = aStream->Write32(0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = aStream->Write32(mCert->derCert.len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return aStream->WriteByteArray(mCert->derCert.data, mCert->derCert.len);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::Read(nsIObjectInputStream* aStream)
+{
+  NS_ENSURE_STATE(!mCert);
+
+  // This field is no longer used.
+  uint32_t unusedCachedEVStatus;
+  nsresult rv = aStream->Read32(&unusedCachedEVStatus);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint32_t len;
+  rv = aStream->Read32(&len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsXPIDLCString str;
+  rv = aStream->ReadBytes(len, getter_Copies(str));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!InitFromDER(const_cast<char*>(str.get()), len)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetInterfaces(uint32_t* count, nsIID*** array)
+{
+  *count = 0;
+  *array = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetScriptableHelper(nsIXPCScriptable** _retval)
+{
+  *_retval = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetContractID(char** aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassDescription(char** aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassID(nsCID** aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID)
+    return NS_ERROR_OUT_OF_MEMORY;
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetFlags(uint32_t* aFlags)
+{
+  *aFlags = nsIClassInfo::THREADSAFE;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
+{
+  static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
+
+  *aClassIDNoAlloc = kNSSCertificateCID;
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertificate.h b/security/manager/ssl/nsNSSCertificate.h
new file mode 100644
index 000000000..b62c6c7ac
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificate.h
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificate_h
+#define nsNSSCertificate_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "nsCOMPtr.h"
+#include "nsIASN1Object.h"
+#include "nsIClassInfo.h"
+#include "nsISerializable.h"
+#include "nsISimpleEnumerator.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509CertList.h"
+#include "nsNSSShutDown.h"
+
+namespace mozilla { namespace pkix { class DERArray; } }
+
+class nsAutoString;
+class nsINSSComponent;
+class nsIASN1Sequence;
+
+class nsNSSCertificate final : public nsIX509Cert,
+                               public nsISerializable,
+                               public nsIClassInfo,
+                               public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERT
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  friend class nsNSSCertificateFakeTransport;
+
+  explicit nsNSSCertificate(CERTCertificate* cert);
+  nsNSSCertificate();
+  static nsNSSCertificate* Create(CERTCertificate* cert = nullptr);
+  static nsNSSCertificate* ConstructFromDER(char* certDER, int derLen);
+
+  // This is a separate static method so nsNSSComponent can use it during NSS
+  // initialization. Other code should probably not use it.
+  static nsresult GetDbKey(const mozilla::UniqueCERTCertificate& cert,
+                           nsACString& aDbKey);
+
+private:
+  virtual ~nsNSSCertificate();
+
+  mozilla::UniqueCERTCertificate mCert;
+  bool             mPermDelete;
+  uint32_t         mCertType;
+  nsresult CreateASN1Struct(nsIASN1Object** aRetVal);
+  nsresult CreateTBSCertificateASN1Struct(nsIASN1Sequence** retSequence,
+                                          nsINSSComponent* nssComponent);
+  nsresult GetSortableDate(PRTime aTime, nsAString& _aSortableDate);
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+  bool InitFromDER(char* certDER, int derLen);  // return false on failure
+
+  nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg);
+};
+
+namespace mozilla {
+
+SECStatus ConstructCERTCertListFromReversedDERArray(
+            const mozilla::pkix::DERArray& certArray,
+            /*out*/ mozilla::UniqueCERTCertList& certList);
+
+} // namespace mozilla
+
+class nsNSSCertList: public nsIX509CertList,
+                     public nsISerializable,
+                     public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTLIST
+  NS_DECL_NSISERIALIZABLE
+
+  // certList is adopted
+  nsNSSCertList(mozilla::UniqueCERTCertList certList,
+                const nsNSSShutDownPreventionLock& proofOfLock);
+
+  nsNSSCertList();
+
+  static mozilla::UniqueCERTCertList DupCertList(
+    const mozilla::UniqueCERTCertList& certList,
+    const nsNSSShutDownPreventionLock& proofOfLock);
+
+private:
+   virtual ~nsNSSCertList();
+   virtual void virtualDestroyNSSReference() override;
+   void destructorSafeDestroyNSSReference();
+
+   mozilla::UniqueCERTCertList mCertList;
+
+   nsNSSCertList(const nsNSSCertList&) = delete;
+   void operator=(const nsNSSCertList&) = delete;
+};
+
+class nsNSSCertListEnumerator: public nsISimpleEnumerator,
+                               public nsNSSShutDownObject
+{
+public:
+   NS_DECL_THREADSAFE_ISUPPORTS
+   NS_DECL_NSISIMPLEENUMERATOR
+
+   nsNSSCertListEnumerator(const mozilla::UniqueCERTCertList& certList,
+                           const nsNSSShutDownPreventionLock& proofOfLock);
+private:
+   virtual ~nsNSSCertListEnumerator();
+   virtual void virtualDestroyNSSReference() override;
+   void destructorSafeDestroyNSSReference();
+
+   mozilla::UniqueCERTCertList mCertList;
+
+   nsNSSCertListEnumerator(const nsNSSCertListEnumerator&) = delete;
+   void operator=(const nsNSSCertListEnumerator&) = delete;
+};
+
+#define NS_X509CERT_CID { /* 660a3226-915c-4ffb-bb20-8985a632df05 */   \
+    0x660a3226,                                                        \
+    0x915c,                                                            \
+    0x4ffb,                                                            \
+    { 0xbb, 0x20, 0x89, 0x85, 0xa6, 0x32, 0xdf, 0x05 }                 \
+  }
+
+#endif // nsNSSCertificate_h
diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp
new file mode 100644
index 000000000..3d7c7eec4
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -0,0 +1,1658 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificateDB.h"
+
+#include "CertVerifier.h"
+#include "CryptoTask.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "SharedSSLState.h"
+#include "certdb.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsCOMPtr.h"
+#include "nsCRT.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICertificateDialogs.h"
+#include "nsIFile.h"
+#include "nsIMutableArray.h"
+#include "nsIObserverService.h"
+#include "nsIPrefBranch.h"
+#include "nsIPrefService.h"
+#include "nsIPrompt.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertTrust.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsPK11TokenDB.h"
+#include "nsPKCS12Blob.h"
+#include "nsPromiseFlatString.h"
+#include "nsProxyRelease.h"
+#include "nsReadableUtils.h"
+#include "nsThreadUtils.h"
+#include "nspr.h"
+#include "pkix/Time.h"
+#include "pkix/pkixnss.h"
+#include "pkix/pkixtypes.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#ifdef XP_WIN
+#include <winsock.h> // for ntohl
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+using mozilla::psm::SharedSSLState;
+
+extern LazyLogModule gPIPNSSLog;
+
+static nsresult
+attemptToLogInWithDefaultPassword()
+{
+#ifdef NSS_DISABLE_DBM
+  // The SQL NSS DB requires the user to be authenticated to set certificate
+  // trust settings, even if the user's password is empty. To maintain
+  // compatibility with the DBM-based database, try to log in with the
+  // default empty password. This will allow, at least, tests that need to
+  // change certificate trust to pass on all platforms. TODO(bug 978120): Do
+  // proper testing and/or implement a better solution so that we are confident
+  // that this does the correct thing outside of xpcshell tests too.
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return MapSECStatus(SECFailure);
+  }
+  if (PK11_NeedUserInit(slot.get())) {
+    // Ignore the return value. Presumably PK11_InitPin will fail if the user
+    // has a non-default password.
+    Unused << PK11_InitPin(slot.get(), nullptr, nullptr);
+  }
+#endif
+
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB)
+
+nsNSSCertificateDB::~nsNSSCertificateDB()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindCertByNickname(const nsAString& nickname,
+                                       nsIX509Cert** _rvCert)
+{
+  NS_ENSURE_ARG_POINTER(_rvCert);
+  *_rvCert = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  char *asciiname = nullptr;
+  NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname);
+  asciiname = const_cast<char*>(aUtf8Nickname.get());
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"\n", asciiname));
+  UniqueCERTCertificate cert(PK11_FindCertFromNickname(asciiname, nullptr));
+  if (!cert) {
+    cert.reset(CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname));
+  }
+  if (cert) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("got it\n"));
+    nsCOMPtr<nsIX509Cert> pCert = nsNSSCertificate::Create(cert.get());
+    if (pCert) {
+      pCert.forget(_rvCert);
+      return NS_OK;
+    }
+  }
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindCertByDBKey(const char* aDBKey,nsIX509Cert** _cert)
+{
+  NS_ENSURE_ARG_POINTER(aDBKey);
+  NS_ENSURE_ARG(aDBKey[0]);
+  NS_ENSURE_ARG_POINTER(_cert);
+  *_cert = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueCERTCertificate cert;
+  nsresult rv = FindCertByDBKey(aDBKey, cert);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // If we can't find the certificate, that's not an error. Just return null.
+  if (!cert) {
+    return NS_OK;
+  }
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_cert);
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificateDB::FindCertByDBKey(const char* aDBKey,
+                                    UniqueCERTCertificate& cert)
+{
+  static_assert(sizeof(uint64_t) == 8, "type size sanity check");
+  static_assert(sizeof(uint32_t) == 4, "type size sanity check");
+  // (From nsNSSCertificate::GetDbKey)
+  // The format of the key is the base64 encoding of the following:
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was
+  //                        never implemented)
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was
+  //                        never implemented)
+  // 4 bytes: <serial number length in big-endian order>
+  // 4 bytes: <DER-encoded issuer distinguished name length in big-endian order>
+  // n bytes: <bytes of serial number>
+  // m bytes: <DER-encoded issuer distinguished name>
+  nsAutoCString decoded;
+  nsAutoCString tmpDBKey(aDBKey);
+  // Filter out any whitespace for backwards compatibility.
+  tmpDBKey.StripWhitespace();
+  nsresult rv = Base64Decode(tmpDBKey, decoded);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (decoded.Length() < 16) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  const char* reader = decoded.BeginReading();
+  uint64_t zeroes = *BitwiseCast<const uint64_t*, const char*>(reader);
+  if (zeroes != 0) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  reader += sizeof(uint64_t);
+  // Note: We surround the ntohl() argument with parentheses to stop the macro
+  //       from thinking two arguments were passed.
+  uint32_t serialNumberLen = ntohl(
+    (*BitwiseCast<const uint32_t*, const char*>(reader)));
+  reader += sizeof(uint32_t);
+  uint32_t issuerLen = ntohl(
+    (*BitwiseCast<const uint32_t*, const char*>(reader)));
+  reader += sizeof(uint32_t);
+  if (decoded.Length() != 16ULL + serialNumberLen + issuerLen) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  CERTIssuerAndSN issuerSN;
+  issuerSN.serialNumber.len = serialNumberLen;
+  issuerSN.serialNumber.data = BitwiseCast<unsigned char*, const char*>(reader);
+  reader += serialNumberLen;
+  issuerSN.derIssuer.len = issuerLen;
+  issuerSN.derIssuer.data = BitwiseCast<unsigned char*, const char*>(reader);
+  reader += issuerLen;
+  MOZ_ASSERT(reader == decoded.EndReading());
+
+  cert.reset(CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN));
+  return NS_OK;
+}
+
+SECStatus
+collect_certs(void *arg, SECItem **certs, int numcerts)
+{
+  CERTDERCerts *collectArgs;
+  SECItem *cert;
+  SECStatus rv;
+
+  collectArgs = (CERTDERCerts *)arg;
+
+  collectArgs->numcerts = numcerts;
+  collectArgs->rawCerts = (SECItem *) PORT_ArenaZAlloc(collectArgs->arena,
+                                           sizeof(SECItem) * numcerts);
+  if (!collectArgs->rawCerts)
+    return(SECFailure);
+
+  cert = collectArgs->rawCerts;
+
+  while ( numcerts-- ) {
+    rv = SECITEM_CopyItem(collectArgs->arena, cert, *certs);
+    if ( rv == SECFailure )
+      return(SECFailure);
+    cert++;
+    certs++;
+  }
+
+  return (SECSuccess);
+}
+
+CERTDERCerts*
+nsNSSCertificateDB::getCertsFromPackage(const UniquePLArenaPool& arena,
+                                        uint8_t* data, uint32_t length,
+                                        const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  CERTDERCerts* collectArgs = PORT_ArenaZNew(arena.get(), CERTDERCerts);
+  if (!collectArgs) {
+    return nullptr;
+  }
+
+  collectArgs->arena = arena.get();
+  if (CERT_DecodeCertPackage(BitwiseCast<char*, uint8_t*>(data), length,
+                             collect_certs, collectArgs) != SECSuccess) {
+    return nullptr;
+  }
+
+  return collectArgs;
+}
+
+nsresult
+nsNSSCertificateDB::handleCACertDownload(NotNull<nsIArray*> x509Certs,
+                                         nsIInterfaceRequestor *ctx,
+                                         const nsNSSShutDownPreventionLock &proofOfLock)
+{
+  // First thing we have to do is figure out which certificate we're 
+  // gonna present to the user.  The CA may have sent down a list of 
+  // certs which may or may not be a chained list of certs.  Until
+  // the day we can design some solid UI for the general case, we'll
+  // code to the > 90% case.  That case is where a CA sends down a
+  // list that is a hierarchy whose root is either the first or 
+  // the last cert.  What we're gonna do is compare the first 
+  // 2 entries, if the second was signed by the first, we assume
+  // the root cert is the first cert and display it.  Otherwise,
+  // we compare the last 2 entries, if the second to last cert was
+  // signed by the last cert, then we assume the last cert is the
+  // root and display it.
+
+  uint32_t numCerts;
+
+  x509Certs->GetLength(&numCerts);
+  NS_ASSERTION(numCerts > 0, "Didn't get any certs to import.");
+  if (numCerts == 0)
+    return NS_OK; // Nothing to import, so nothing to do.
+
+  nsCOMPtr<nsIX509Cert> certToShow;
+  uint32_t selCertIndex;
+  if (numCerts == 1) {
+    // There's only one cert, so let's show it.
+    selCertIndex = 0;
+    certToShow = do_QueryElementAt(x509Certs, selCertIndex);
+  } else {
+    nsCOMPtr<nsIX509Cert> cert0;    // first cert
+    nsCOMPtr<nsIX509Cert> cert1;    // second cert
+    nsCOMPtr<nsIX509Cert> certn_2;  // second to last cert
+    nsCOMPtr<nsIX509Cert> certn_1;  // last cert
+
+    cert0 = do_QueryElementAt(x509Certs, 0);
+    cert1 = do_QueryElementAt(x509Certs, 1);
+    certn_2 = do_QueryElementAt(x509Certs, numCerts-2);
+    certn_1 = do_QueryElementAt(x509Certs, numCerts-1);
+
+    nsXPIDLString cert0SubjectName;
+    nsXPIDLString cert1IssuerName;
+    nsXPIDLString certn_2IssuerName;
+    nsXPIDLString certn_1SubjectName;
+
+    cert0->GetSubjectName(cert0SubjectName);
+    cert1->GetIssuerName(cert1IssuerName);
+    certn_2->GetIssuerName(certn_2IssuerName);
+    certn_1->GetSubjectName(certn_1SubjectName);
+
+    if (cert1IssuerName.Equals(cert0SubjectName)) {
+      // In this case, the first cert in the list signed the second,
+      // so the first cert is the root.  Let's display it. 
+      selCertIndex = 0;
+      certToShow = cert0;
+    } else 
+    if (certn_2IssuerName.Equals(certn_1SubjectName)) { 
+      // In this case the last cert has signed the second to last cert.
+      // The last cert is the root, so let's display it.
+      selCertIndex = numCerts-1;
+      certToShow = certn_1;
+    } else {
+      // It's not a chain, so let's just show the first one in the 
+      // downloaded list.
+      selCertIndex = 0;
+      certToShow = cert0;
+    }
+  }
+
+  if (!certToShow)
+    return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsICertificateDialogs> dialogs;
+  nsresult rv = ::getNSSDialogs(getter_AddRefs(dialogs), 
+                                NS_GET_IID(nsICertificateDialogs),
+                                NS_CERTIFICATEDIALOGS_CONTRACTID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertificate tmpCert(certToShow->GetCert());
+  if (!tmpCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!CERT_IsCACert(tmpCert.get(), nullptr)) {
+    DisplayCertificateAlert(ctx, "NotACACert", certToShow, proofOfLock);
+    return NS_ERROR_FAILURE;
+  }
+
+  if (tmpCert->isperm) {
+    DisplayCertificateAlert(ctx, "CaCertExists", certToShow, proofOfLock);
+    return NS_ERROR_FAILURE;
+  }
+
+  uint32_t trustBits;
+  bool allows;
+  rv = dialogs->ConfirmDownloadCACert(ctx, certToShow, &trustBits, &allows);
+  if (NS_FAILED(rv))
+    return rv;
+
+  if (!allows)
+    return NS_ERROR_NOT_AVAILABLE;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("trust is %d\n", trustBits));
+  UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get()));
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get()));
+
+  nsNSSCertTrust trust;
+  trust.SetValidCA();
+  trust.AddCATrust(!!(trustBits & nsIX509CertDB::TRUSTED_SSL),
+                   !!(trustBits & nsIX509CertDB::TRUSTED_EMAIL),
+                   !!(trustBits & nsIX509CertDB::TRUSTED_OBJSIGN));
+
+  if (CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(),
+                             trust.GetTrust()) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Import additional delivered certificates that can be verified.
+
+  // build a CertList for filtering
+  UniqueCERTCertList certList(CERT_NewCertList());
+  if (!certList) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // get all remaining certs into temp store
+
+  for (uint32_t i=0; i<numCerts; i++) {
+    if (i == selCertIndex) {
+      // we already processed that one
+      continue;
+    }
+
+    nsCOMPtr<nsIX509Cert> remainingCert = do_QueryElementAt(x509Certs, i);
+    if (!remainingCert) {
+      continue;
+    }
+
+    UniqueCERTCertificate tmpCert2(remainingCert->GetCert());
+    if (!tmpCert2) {
+      continue;  // Let's try to import the rest of 'em
+    }
+
+    if (CERT_AddCertToListTail(certList.get(), tmpCert2.get()) != SECSuccess) {
+      continue;
+    }
+
+    Unused << tmpCert2.release();
+  }
+
+  return ImportValidCACertsInList(certList, ctx, proofOfLock);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportCertificates(uint8_t* data, uint32_t length,
+                                       uint32_t type,
+                                       nsIInterfaceRequestor* ctx)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // We currently only handle CA certificates.
+  if (type != nsIX509Cert::CA_CERT) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTDERCerts* certCollection = getCertsFromPackage(arena, data, length,
+                                                     locker);
+  if (!certCollection) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = nsArrayBase::Create();
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Now let's create some certs to work with
+  for (int i = 0; i < certCollection->numcerts; i++) {
+    SECItem* currItem = &certCollection->rawCerts[i];
+    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::ConstructFromDER(
+      BitwiseCast<char*, unsigned char*>(currItem->data), currItem->len);
+    if (!cert) {
+      return NS_ERROR_FAILURE;
+    }
+    nsresult rv = array->AppendElement(cert, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return handleCACertDownload(WrapNotNull(array), ctx, locker);
+}
+
+/**
+ * Filters an array of certs by usage and imports them into temporary storage.
+ *
+ * @param numcerts
+ *        Size of the |certs| array.
+ * @param certs
+ *        Pointer to array of certs to import.
+ * @param usage
+ *        Usage the certs should be filtered on.
+ * @param caOnly
+ *        Whether to import only CA certs.
+ * @param filteredCerts
+ *        List of certs that weren't filtered out and were successfully imported.
+ */
+static nsresult
+ImportCertsIntoTempStorage(int numcerts, SECItem* certs,
+                           const SECCertUsage usage, const bool caOnly,
+                           const nsNSSShutDownPreventionLock& /*proofOfLock*/,
+                   /*out*/ const UniqueCERTCertList& filteredCerts)
+{
+  NS_ENSURE_ARG_MIN(numcerts, 1);
+  NS_ENSURE_ARG_POINTER(certs);
+  NS_ENSURE_ARG_POINTER(filteredCerts.get());
+
+  // CERT_ImportCerts() expects an array of *pointers* to SECItems, so we have
+  // to convert |certs| to such a format first.
+  SECItem** ptrArray =
+    static_cast<SECItem**>(PORT_Alloc(sizeof(SECItem*) * numcerts));
+  if (!ptrArray) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  for (int i = 0; i < numcerts; i++) {
+    ptrArray[i] = &certs[i];
+  }
+
+  CERTCertificate** importedCerts = nullptr;
+  SECStatus srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), usage,
+                                   numcerts, ptrArray, &importedCerts, false,
+                                   caOnly, nullptr);
+  PORT_Free(ptrArray);
+  ptrArray = nullptr;
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  for (int i = 0; i < numcerts; i++) {
+    if (!importedCerts[i]) {
+      continue;
+    }
+
+    UniqueCERTCertificate cert(CERT_DupCertificate(importedCerts[i]));
+    if (!cert) {
+      continue;
+    }
+
+    if (CERT_AddCertToListTail(filteredCerts.get(), cert.get()) == SECSuccess) {
+      Unused << cert.release();
+    }
+  }
+
+  CERT_DestroyCertArray(importedCerts, numcerts);
+
+  // CERT_ImportCerts() ignores its |usage| parameter, so we have to manually
+  // filter out unwanted certs.
+  if (CERT_FilterCertListByUsage(filteredCerts.get(), usage, caOnly)
+        != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+static SECStatus
+ImportCertsIntoPermanentStorage(const UniqueCERTCertList& certChain,
+                                const SECCertUsage usage, const bool caOnly)
+{
+  int chainLen = 0;
+  for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain);
+       !CERT_LIST_END(chainNode, certChain);
+       chainNode = CERT_LIST_NEXT(chainNode)) {
+    chainLen++;
+  }
+
+  SECItem **rawArray;
+  rawArray = (SECItem **) PORT_Alloc(chainLen * sizeof(SECItem *));
+  if (!rawArray) {
+    return SECFailure;
+  }
+
+  int i = 0;
+  for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain);
+       !CERT_LIST_END(chainNode, certChain);
+       chainNode = CERT_LIST_NEXT(chainNode), i++) {
+    rawArray[i] = &chainNode->cert->derCert;
+  }
+  SECStatus srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), usage, chainLen,
+                                   rawArray, nullptr, true, caOnly, nullptr);
+
+  PORT_Free(rawArray);
+  return srv;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportEmailCertificate(uint8_t* data, uint32_t length,
+                                           nsIInterfaceRequestor* ctx)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTDERCerts *certCollection = getCertsFromPackage(arena, data, length, locker);
+  if (!certCollection) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertList filteredCerts(CERT_NewCertList());
+  if (!filteredCerts) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = ImportCertsIntoTempStorage(certCollection->numcerts,
+                                           certCollection->rawCerts,
+                                           certUsageEmailRecipient,
+                                           false, locker, filteredCerts);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Iterate through the filtered cert list and import verified certs into
+  // permanent storage.
+  // Note: We verify the certs in order to prevent DoS attacks. See Bug 249004.
+  for (CERTCertListNode* node = CERT_LIST_HEAD(filteredCerts.get());
+       !CERT_LIST_END(node, filteredCerts.get());
+       node = CERT_LIST_NEXT(node)) {
+    if (!node->cert) {
+      continue;
+    }
+
+    UniqueCERTCertList certChain;
+    mozilla::pkix::Result result =
+      certVerifier->VerifyCert(node->cert, certificateUsageEmailRecipient,
+                               mozilla::pkix::Now(), ctx, nullptr, certChain);
+    if (result != mozilla::pkix::Success) {
+      nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(node->cert);
+      DisplayCertificateAlert(ctx, "NotImportingUnverifiedCert", certToShow, locker);
+      continue;
+    }
+    SECStatus srv = ImportCertsIntoPermanentStorage(certChain,
+                                                    certUsageEmailRecipient,
+                                                    false);
+    if (srv != SECSuccess) {
+      return NS_ERROR_FAILURE;
+    }
+    CERT_SaveSMimeProfile(node->cert, nullptr, nullptr);
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem* caCerts,
+                                       nsIInterfaceRequestor* ctx,
+                                       const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  UniqueCERTCertList filteredCerts(CERT_NewCertList());
+  if (!filteredCerts) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = ImportCertsIntoTempStorage(numCACerts, caCerts, certUsageAnyCA,
+                                           true, proofOfLock, filteredCerts);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return ImportValidCACertsInList(filteredCerts, ctx, proofOfLock);
+}
+
+nsresult
+nsNSSCertificateDB::ImportValidCACertsInList(const UniqueCERTCertList& filteredCerts,
+                                             nsIInterfaceRequestor* ctx,
+                                             const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Iterate through the filtered cert list and import verified certs into
+  // permanent storage.
+  // Note: We verify the certs in order to prevent DoS attacks. See Bug 249004.
+  for (CERTCertListNode* node = CERT_LIST_HEAD(filteredCerts.get());
+       !CERT_LIST_END(node, filteredCerts.get());
+       node = CERT_LIST_NEXT(node)) {
+    UniqueCERTCertList certChain;
+    mozilla::pkix::Result result =
+      certVerifier->VerifyCert(node->cert, certificateUsageVerifyCA,
+                               mozilla::pkix::Now(), ctx, nullptr, certChain);
+    if (result != mozilla::pkix::Success) {
+      nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(node->cert);
+      DisplayCertificateAlert(ctx, "NotImportingUnverifiedCert", certToShow, proofOfLock);
+      continue;
+    }
+
+    SECStatus srv = ImportCertsIntoPermanentStorage(certChain, certUsageAnyCA,
+                                                    true);
+    if (srv != SECSuccess) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  return NS_OK;
+}
+
+void nsNSSCertificateDB::DisplayCertificateAlert(nsIInterfaceRequestor *ctx, 
+                                                 const char *stringID, 
+                                                 nsIX509Cert *certToShow,
+                                                 const nsNSSShutDownPreventionLock &/*proofOfLock*/)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSCertificateDB::DisplayCertificateAlert called off the main thread");
+    return;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> my_ctx = ctx;
+  if (!my_ctx) {
+    my_ctx = new PipUIContext();
+  }
+
+  // This shall be replaced by embedding ovverridable prompts
+  // as discussed in bug 310446, and should make use of certToShow.
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_SUCCEEDED(rv)) {
+    nsAutoString tmpMessage;
+    nssComponent->GetPIPNSSBundleString(stringID, tmpMessage);
+
+    nsCOMPtr<nsIPrompt> prompt (do_GetInterface(my_ctx));
+    if (!prompt) {
+      return;
+    }
+
+    prompt->Alert(nullptr, tmpMessage.get());
+  }
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportUserCertificate(uint8_t* data, uint32_t length,
+                                          nsIInterfaceRequestor* ctx)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSCertificateDB::ImportUserCertificate called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTDERCerts* collectArgs = getCertsFromPackage(arena, data, length, locker);
+  if (!collectArgs) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertificate cert(
+    CERT_NewTempCertificate(CERT_GetDefaultCertDB(), collectArgs->rawCerts,
+                            nullptr, false, true));
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert.get(), nullptr, ctx));
+  if (!slot) {
+    nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(cert.get());
+    DisplayCertificateAlert(ctx, "UserCertIgnoredNoPrivateKey", certToShow, locker);
+    return NS_ERROR_FAILURE;
+  }
+  slot = nullptr;
+
+  /* pick a nickname for the cert */
+  nsAutoCString nickname;
+  if (cert->nickname) {
+    nickname = cert->nickname;
+  } else {
+    get_default_nickname(cert.get(), ctx, nickname, locker);
+  }
+
+  /* user wants to import the cert */
+  slot.reset(PK11_ImportCertForKey(cert.get(), nickname.get(), ctx));
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+  slot = nullptr;
+
+  {
+    nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(cert.get());
+    DisplayCertificateAlert(ctx, "UserCertImported", certToShow, locker);
+  }
+
+  int numCACerts = collectArgs->numcerts - 1;
+  if (numCACerts) {
+    SECItem* caCerts = collectArgs->rawCerts + 1;
+    return ImportValidCACerts(numCACerts, caCerts, ctx, locker);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert)
+{
+  NS_ENSURE_ARG_POINTER(aCert);
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  UniqueCERTCertificate cert(aCert->GetCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  SECStatus srv = SECSuccess;
+
+  uint32_t certType;
+  aCert->GetCertType(&certType);
+  if (NS_FAILED(aCert->MarkForPermDeletion()))
+  {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (cert->slot && certType != nsIX509Cert::USER_CERT) {
+    // To delete a cert of a slot (builtin, most likely), mark it as
+    // completely untrusted.  This way we keep a copy cached in the
+    // local database, and next time we try to load it off of the 
+    // external token/slot, we'll know not to trust it.  We don't 
+    // want to do that with user certs, because a user may  re-store
+    // the cert onto the card again at which point we *will* want to 
+    // trust that cert if it chains up properly.
+    nsNSSCertTrust trust(0, 0, 0);
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               cert.get(), trust.GetTrust());
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("cert deleted: %d", srv));
+  return (srv) ? NS_ERROR_FAILURE : NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert, 
+                                 uint32_t type,
+                                 uint32_t trusted)
+{
+  NS_ENSURE_ARG_POINTER(cert);
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  nsNSSCertTrust trust;
+  nsresult rv;
+  UniqueCERTCertificate nsscert(cert->GetCert());
+
+  rv = attemptToLogInWithDefaultPassword();
+  if (NS_WARN_IF(rv != NS_OK)) {
+    return rv;
+  }
+
+  SECStatus srv;
+  if (type == nsIX509Cert::CA_CERT) {
+    // always start with untrusted and move up
+    trust.SetValidCA();
+    trust.AddCATrust(!!(trusted & nsIX509CertDB::TRUSTED_SSL),
+                     !!(trusted & nsIX509CertDB::TRUSTED_EMAIL),
+                     !!(trusted & nsIX509CertDB::TRUSTED_OBJSIGN));
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               nsscert.get(),
+                               trust.GetTrust());
+  } else if (type == nsIX509Cert::SERVER_CERT) {
+    // always start with untrusted and move up
+    trust.SetValidPeer();
+    trust.AddPeerTrust(trusted & nsIX509CertDB::TRUSTED_SSL, 0, 0);
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               nsscert.get(),
+                               trust.GetTrust());
+  } else if (type == nsIX509Cert::EMAIL_CERT) {
+    // always start with untrusted and move up
+    trust.SetValidPeer();
+    trust.AddPeerTrust(0, !!(trusted & nsIX509CertDB::TRUSTED_EMAIL), 0);
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               nsscert.get(),
+                               trust.GetTrust());
+  } else {
+    // ignore user certs
+    return NS_OK;
+  }
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert, 
+                                  uint32_t certType,
+                                  uint32_t trustType,
+                                  bool *_isTrusted)
+{
+  NS_ENSURE_ARG_POINTER(_isTrusted);
+  *_isTrusted = false;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  SECStatus srv;
+  UniqueCERTCertificate nsscert(cert->GetCert());
+  CERTCertTrust nsstrust;
+  srv = CERT_GetCertTrust(nsscert.get(), &nsstrust);
+  if (srv != SECSuccess)
+    return NS_ERROR_FAILURE;
+
+  nsNSSCertTrust trust(&nsstrust);
+  if (certType == nsIX509Cert::CA_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedCA(true, false, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedCA(false, true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) {
+      *_isTrusted = trust.HasTrustedCA(false, false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } else if (certType == nsIX509Cert::SERVER_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedPeer(true, false, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedPeer(false, true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) {
+      *_isTrusted = trust.HasTrustedPeer(false, false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } else if (certType == nsIX509Cert::EMAIL_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedPeer(true, false, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedPeer(false, true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) {
+      *_isTrusted = trust.HasTrustedPeer(false, false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } /* user: ignore */
+  return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  switch (aType) {
+    case nsIX509Cert::CA_CERT:
+    case nsIX509Cert::EMAIL_CERT:
+      // good
+      break;
+
+    default:
+      // not supported (yet)
+      return NS_ERROR_FAILURE;
+  }
+
+  PRFileDesc* fd = nullptr;
+  nsresult rv = aFile->OpenNSPRFileDesc(PR_RDONLY, 0, &fd);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!fd) {
+    return NS_ERROR_FAILURE;
+  }
+
+  PRFileInfo fileInfo;
+  if (PR_GetOpenFileInfo(fd, &fileInfo) != PR_SUCCESS) {
+    return NS_ERROR_FAILURE;
+  }
+
+  auto buf = MakeUnique<unsigned char[]>(fileInfo.size);
+  int32_t bytesObtained = PR_Read(fd, buf.get(), fileInfo.size);
+  PR_Close(fd);
+
+  if (bytesObtained != fileInfo.size) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
+
+  switch (aType) {
+    case nsIX509Cert::CA_CERT:
+      return ImportCertificates(buf.get(), bytesObtained, aType, cxt);
+    case nsIX509Cert::EMAIL_CERT:
+      return ImportEmailCertificate(buf.get(), bytesObtained, cxt);
+    default:
+      MOZ_ASSERT(false, "Unsupported type should have been filtered out");
+      break;
+  }
+
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportPKCS12File(nsISupports* aToken, nsIFile* aFile)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  nsPKCS12Blob blob;
+  nsCOMPtr<nsIPK11Token> token = do_QueryInterface(aToken);
+  if (token) {
+    blob.SetToken(token);
+  }
+  return blob.ImportFromFile(aFile);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ExportPKCS12File(nsISupports* aToken,
+                                     nsIFile* aFile,
+                                     uint32_t count,
+                                     nsIX509Cert** certs)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  nsPKCS12Blob blob;
+  if (count == 0) return NS_OK;
+  nsCOMPtr<nsIPK11Token> localRef;
+  if (!aToken) {
+    UniquePK11SlotInfo keySlot(PK11_GetInternalKeySlot());
+    if (!keySlot) {
+      return NS_ERROR_FAILURE;
+    }
+    localRef = new nsPK11Token(keySlot.get());
+  } else {
+    localRef = do_QueryInterface(aToken);
+  }
+  blob.SetToken(localRef);
+  return blob.ExportToFile(aFile, certs, count);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString& aNickname,
+                                            nsIX509Cert** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = nullptr;
+
+  if (aNickname.IsEmpty())
+    return NS_OK;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  char *asciiname = nullptr;
+  NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
+  asciiname = const_cast<char*>(aUtf8Nickname.get());
+
+  /* Find a good cert in the user's database */
+  UniqueCERTCertificate cert(CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                      asciiname,
+                                                      certUsageEmailRecipient,
+                                                      true, ctx));
+  if (!cert) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindEmailSigningCert(const nsAString& aNickname,
+                                         nsIX509Cert** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = nullptr;
+
+  if (aNickname.IsEmpty())
+    return NS_OK;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  char *asciiname = nullptr;
+  NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
+  asciiname = const_cast<char*>(aUtf8Nickname.get());
+
+  /* Find a good cert in the user's database */
+  UniqueCERTCertificate cert(CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                      asciiname,
+                                                      certUsageEmailSigner,
+                                                      true, ctx));
+  if (!cert) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindCertByEmailAddress(const char* aEmailAddress,
+                                           nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+
+  UniqueCERTCertList certlist(
+      PK11_FindCertsFromEmailAddress(aEmailAddress, nullptr));
+  if (!certlist)
+    return NS_ERROR_FAILURE;
+
+  // certlist now contains certificates with the right email address,
+  // but they might not have the correct usage or might even be invalid
+
+  if (CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist))
+    return NS_ERROR_FAILURE; // no certs found
+
+  CERTCertListNode *node;
+  // search for a valid certificate
+  for (node = CERT_LIST_HEAD(certlist);
+       !CERT_LIST_END(node, certlist);
+       node = CERT_LIST_NEXT(node)) {
+
+    UniqueCERTCertList unusedCertChain;
+    mozilla::pkix::Result result =
+      certVerifier->VerifyCert(node->cert, certificateUsageEmailRecipient,
+                               mozilla::pkix::Now(),
+                               nullptr /*XXX pinarg*/,
+                               nullptr /*hostname*/,
+                               unusedCertChain);
+    if (result == mozilla::pkix::Success) {
+      break;
+    }
+  }
+
+  if (CERT_LIST_END(node, certlist)) {
+    // no valid cert found
+    return NS_ERROR_FAILURE;
+  }
+
+  // node now contains the first valid certificate with correct usage 
+  RefPtr<nsNSSCertificate> nssCert = nsNSSCertificate::Create(node->cert);
+  if (!nssCert)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509FromBase64(const nsACString& base64,
+                                    /*out*/ nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (!_retval) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  // Base64Decode() doesn't consider a zero length input as an error, and just
+  // returns the empty string. We don't want this behavior, so the below check
+  // catches this case.
+  if (base64.Length() < 1) {
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  nsAutoCString certDER;
+  nsresult rv = Base64Decode(base64, certDER);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return ConstructX509(certDER.get(), certDER.Length(), _retval);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509(const char* certDER,
+                                  uint32_t lengthDER,
+                                  nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (NS_WARN_IF(!_retval)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  SECItem secitem_cert;
+  secitem_cert.type = siDERCertBuffer;
+  secitem_cert.data = (unsigned char*)certDER;
+  secitem_cert.len = lengthDER;
+
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                                     &secitem_cert, nullptr,
+                                                     false, true));
+  if (!cert)
+    return (PORT_GetError() == SEC_ERROR_NO_MEMORY)
+      ? NS_ERROR_OUT_OF_MEMORY : NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+void
+nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert, 
+                                         nsIInterfaceRequestor* ctx,
+                                         nsCString &nickname,
+                                         const nsNSSShutDownPreventionLock &/*proofOfLock*/)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nickname.Truncate();
+
+  nsresult rv;
+  CK_OBJECT_HANDLE keyHandle;
+
+  CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return;
+
+  nsAutoCString username;
+  UniquePORTString tempCN(CERT_GetCommonName(&cert->subject));
+  if (tempCN) {
+    username = tempCN.get();
+  }
+
+  nsAutoCString caname;
+  UniquePORTString tempIssuerOrg(CERT_GetOrgName(&cert->issuer));
+  if (tempIssuerOrg) {
+    caname = tempIssuerOrg.get();
+  }
+
+  nsAutoString tmpNickFmt;
+  nssComponent->GetPIPNSSBundleString("nick_template", tmpNickFmt);
+  NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt);
+
+  nsAutoCString baseName;
+  baseName.AppendPrintf(nickFmt.get(), username.get(), caname.get());
+  if (baseName.IsEmpty()) {
+    return;
+  }
+
+  nickname = baseName;
+
+  /*
+   * We need to see if the private key exists on a token, if it does
+   * then we need to check for nicknames that already exist on the smart
+   * card.
+   */
+  UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert, &keyHandle, ctx));
+  if (!slot)
+    return;
+
+  if (!PK11_IsInternal(slot.get())) {
+    nsAutoCString tmp;
+    tmp.AppendPrintf("%s:%s", PK11_GetTokenName(slot.get()), baseName.get());
+    if (tmp.IsEmpty()) {
+      nickname.Truncate();
+      return;
+    }
+    baseName = tmp;
+    nickname = baseName;
+  }
+
+  int count = 1;
+  while (true) {
+    if ( count > 1 ) {
+      nsAutoCString tmp;
+      tmp.AppendPrintf("%s #%d", baseName.get(), count);
+      if (tmp.IsEmpty()) {
+        nickname.Truncate();
+        return;
+      }
+      nickname = tmp;
+    }
+
+    UniqueCERTCertificate dummycert;
+
+    if (PK11_IsInternal(slot.get())) {
+      /* look up the nickname to make sure it isn't in use already */
+      dummycert.reset(CERT_FindCertByNickname(defaultcertdb, nickname.get()));
+    } else {
+      // Check the cert against others that already live on the smart card.
+      dummycert.reset(PK11_FindCertFromNickname(nickname.get(), ctx));
+      if (dummycert) {
+	// Make sure the subject names are different.
+	if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual)
+	{
+	  /*
+	   * There is another certificate with the same nickname and
+	   * the same subject name on the smart card, so let's use this
+	   * nickname.
+	   */
+	  dummycert = nullptr;
+	}
+      }
+    }
+    if (!dummycert) {
+      break;
+    }
+    count++;
+  }
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AddCertFromBase64(const nsACString& aBase64,
+                                      const nsACString& aTrust,
+                                      const nsACString& /*aName*/)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsNSSCertTrust trust;
+  if (CERT_DecodeTrustString(trust.GetTrust(), PromiseFlatCString(aTrust).get())
+        != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509Cert> newCert;
+  nsresult rv = ConstructX509FromBase64(aBase64, getter_AddRefs(newCert));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertificate tmpCert(newCert->GetCert());
+  if (!tmpCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // If there's already a certificate that matches this one in the database, we
+  // still want to set its trust to the given value.
+  if (tmpCert->isperm) {
+    return SetCertTrustFromString(newCert, aTrust);
+  }
+
+  UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get()));
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get()));
+
+  rv = attemptToLogInWithDefaultPassword();
+  if (NS_WARN_IF(rv != NS_OK)) {
+    return rv;
+  }
+
+  SECStatus srv = CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(),
+                                         trust.GetTrust());
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AddCert(const nsACString& aCertDER, const nsACString& aTrust,
+                            const nsACString& aName)
+{
+  nsCString base64;
+  nsresult rv = Base64Encode(aCertDER, base64);
+  NS_ENSURE_SUCCESS(rv, rv);
+  return AddCertFromBase64(base64, aTrust, aName);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert,
+                                           const nsACString& trustString)
+{
+  NS_ENSURE_ARG(cert);
+
+  CERTCertTrust trust;
+  SECStatus srv = CERT_DecodeTrustString(&trust,
+                                         PromiseFlatCString(trustString).get());
+  if (srv != SECSuccess) {
+    return MapSECStatus(srv);
+  }
+  UniqueCERTCertificate nssCert(cert->GetCert());
+
+  nsresult rv = attemptToLogInWithDefaultPassword();
+  if (NS_WARN_IF(rv != NS_OK)) {
+    return rv;
+  }
+
+  srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nssCert.get(), &trust);
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::GetCerts(nsIX509CertList **_retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  nsCOMPtr<nsIX509CertList> nssCertList;
+  UniqueCERTCertList certList(PK11_ListCerts(PK11CertListUnique, ctx));
+
+  // nsNSSCertList 1) adopts certList, and 2) handles the nullptr case fine.
+  // (returns an empty list) 
+  nssCertList = new nsNSSCertList(Move(certList), locker);
+
+  nssCertList.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(enterpriseRoots);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+#ifdef XP_WIN
+  nsCOMPtr<nsINSSComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (!psm) {
+    return NS_ERROR_FAILURE;
+  }
+  return psm->GetEnterpriseRoots(enterpriseRoots);
+#else
+  return NS_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
+nsresult
+VerifyCertAtTime(nsIX509Cert* aCert,
+                 int64_t /*SECCertificateUsage*/ aUsage,
+                 uint32_t aFlags,
+                 const char* aHostname,
+                 mozilla::pkix::Time aTime,
+                 nsIX509CertList** aVerifiedChain,
+                 bool* aHasEVPolicy,
+                 int32_t* /*PRErrorCode*/ _retval,
+                 const nsNSSShutDownPreventionLock& locker)
+{
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aHasEVPolicy);
+  NS_ENSURE_ARG_POINTER(aVerifiedChain);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  *aVerifiedChain = nullptr;
+  *aHasEVPolicy = false;
+  *_retval = PR_UNKNOWN_ERROR;
+
+  UniqueCERTCertificate nssCert(aCert->GetCert());
+  if (!nssCert) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);
+
+  UniqueCERTCertList resultChain;
+  SECOidTag evOidPolicy;
+  mozilla::pkix::Result result;
+
+  if (aHostname && aUsage == certificateUsageSSLServer) {
+    result = certVerifier->VerifySSLServerCert(nssCert,
+                                               nullptr, // stapledOCSPResponse
+                                               nullptr, // sctsFromTLSExtension
+                                               aTime,
+                                               nullptr, // Assume no context
+                                               aHostname,
+                                               resultChain,
+                                               false, // don't save intermediates
+                                               aFlags,
+                                               NeckoOriginAttributes(),
+                                               &evOidPolicy);
+  } else {
+    result = certVerifier->VerifyCert(nssCert.get(), aUsage, aTime,
+                                      nullptr, // Assume no context
+                                      aHostname,
+                                      resultChain,
+                                      aFlags,
+                                      nullptr, // stapledOCSPResponse
+                                      nullptr, // sctsFromTLSExtension
+                                      NeckoOriginAttributes(),
+                                      &evOidPolicy);
+  }
+
+  nsCOMPtr<nsIX509CertList> nssCertList;
+  // This adopts the list
+  nssCertList = new nsNSSCertList(Move(resultChain), locker);
+  NS_ENSURE_TRUE(nssCertList, NS_ERROR_FAILURE);
+
+  *_retval = mozilla::pkix::MapResultToPRErrorCode(result);
+  if (result == mozilla::pkix::Success && evOidPolicy != SEC_OID_UNKNOWN) {
+    *aHasEVPolicy = true;
+  }
+  nssCertList.forget(aVerifiedChain);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::VerifyCertNow(nsIX509Cert* aCert,
+                                  int64_t /*SECCertificateUsage*/ aUsage,
+                                  uint32_t aFlags,
+                                  const char* aHostname,
+                                  nsIX509CertList** aVerifiedChain,
+                                  bool* aHasEVPolicy,
+                                  int32_t* /*PRErrorCode*/ _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname,
+                            mozilla::pkix::Now(),
+                            aVerifiedChain, aHasEVPolicy, _retval, locker);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::VerifyCertAtTime(nsIX509Cert* aCert,
+                                     int64_t /*SECCertificateUsage*/ aUsage,
+                                     uint32_t aFlags,
+                                     const char* aHostname,
+                                     uint64_t aTime,
+                                     nsIX509CertList** aVerifiedChain,
+                                     bool* aHasEVPolicy,
+                                     int32_t* /*PRErrorCode*/ _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname,
+                            mozilla::pkix::TimeFromEpochInSeconds(aTime),
+                            aVerifiedChain, aHasEVPolicy, _retval, locker);
+}
+
+class VerifyCertAtTimeTask final : public CryptoTask
+{
+public:
+  VerifyCertAtTimeTask(nsIX509Cert* aCert, int64_t aUsage, uint32_t aFlags,
+                       const char* aHostname, uint64_t aTime,
+                       nsICertVerificationCallback* aCallback)
+    : mCert(aCert)
+    , mUsage(aUsage)
+    , mFlags(aFlags)
+    , mHostname(aHostname)
+    , mTime(aTime)
+    , mCallback(new nsMainThreadPtrHolder<nsICertVerificationCallback>(aCallback))
+    , mPRErrorCode(SEC_ERROR_LIBRARY_FAILURE)
+    , mVerifiedCertList(nullptr)
+    , mHasEVPolicy(false)
+  {
+  }
+
+private:
+  virtual nsresult CalculateResult() override
+  {
+    nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID);
+    if (!certDB) {
+      return NS_ERROR_FAILURE;
+    }
+    // Unfortunately mHostname will have made the empty string out of a null
+    // pointer passed in the constructor. If we pass the empty string on to
+    // VerifyCertAtTime with the usage certificateUsageSSLServer, it will call
+    // VerifySSLServerCert, which expects a non-empty hostname. To avoid this,
+    // check the length and use nullptr if appropriate.
+    const char* hostname = mHostname.Length() > 0 ? mHostname.get() : nullptr;
+    return certDB->VerifyCertAtTime(mCert, mUsage, mFlags, hostname, mTime,
+                                    getter_AddRefs(mVerifiedCertList),
+                                    &mHasEVPolicy, &mPRErrorCode);
+  }
+
+  // No NSS resources are directly held, so there is nothing to release.
+  virtual void ReleaseNSSResources() override { }
+
+  virtual void CallCallback(nsresult rv) override
+  {
+    if (NS_FAILED(rv)) {
+      Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE,
+                                              nullptr, false);
+    } else {
+      Unused << mCallback->VerifyCertFinished(mPRErrorCode, mVerifiedCertList,
+                                              mHasEVPolicy);
+    }
+  }
+
+  nsCOMPtr<nsIX509Cert> mCert;
+  int64_t mUsage;
+  uint32_t mFlags;
+  nsCString mHostname;
+  uint64_t mTime;
+  nsMainThreadPtrHandle<nsICertVerificationCallback> mCallback;
+  int32_t mPRErrorCode;
+  nsCOMPtr<nsIX509CertList> mVerifiedCertList;
+  bool mHasEVPolicy;
+};
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AsyncVerifyCertAtTime(nsIX509Cert* aCert,
+                                          int64_t /*SECCertificateUsage*/ aUsage,
+                                          uint32_t aFlags,
+                                          const char* aHostname,
+                                          uint64_t aTime,
+                                          nsICertVerificationCallback* aCallback)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  RefPtr<VerifyCertAtTimeTask> task(new VerifyCertAtTimeTask(aCert, aUsage,
+                                                             aFlags, aHostname,
+                                                             aTime, aCallback));
+  return task->Dispatch("VerifyCert");
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ClearOCSPCache()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);
+  certVerifier->ClearOCSPCache();
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertificateDB.h b/security/manager/ssl/nsNSSCertificateDB.h
new file mode 100644
index 000000000..06af6739a
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateDB.h
@@ -0,0 +1,77 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificateDB_h
+#define nsNSSCertificateDB_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "nsIX509CertDB.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+
+class nsCString;
+class nsIArray;
+
+class nsNSSCertificateDB final : public nsIX509CertDB
+                               , public nsNSSShutDownObject
+
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTDB
+
+  // Use this function to generate a default nickname for a user
+  // certificate that is to be imported onto a token.
+  static void
+  get_default_nickname(CERTCertificate *cert, nsIInterfaceRequestor* ctx,
+                       nsCString &nickname,
+                       const nsNSSShutDownPreventionLock &proofOfLock);
+
+  static nsresult 
+  ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInterfaceRequestor *ctx,
+                     const nsNSSShutDownPreventionLock &proofOfLock);
+
+  // This is a separate static method so nsNSSComponent can use it during NSS
+  // initialization. Other code should probably not use it.
+  static nsresult
+  FindCertByDBKey(const char* aDBKey, mozilla::UniqueCERTCertificate& cert);
+
+protected:
+  virtual ~nsNSSCertificateDB();
+
+private:
+
+  static nsresult
+  ImportValidCACertsInList(const mozilla::UniqueCERTCertList& filteredCerts,
+                           nsIInterfaceRequestor* ctx,
+                           const nsNSSShutDownPreventionLock& proofOfLock);
+
+  static void DisplayCertificateAlert(nsIInterfaceRequestor *ctx, 
+                                      const char *stringID, nsIX509Cert *certToShow,
+                                      const nsNSSShutDownPreventionLock &proofOfLock);
+
+  CERTDERCerts* getCertsFromPackage(const mozilla::UniquePLArenaPool& arena,
+                                    uint8_t* data, uint32_t length,
+                                    const nsNSSShutDownPreventionLock& proofOfLock);
+  nsresult handleCACertDownload(mozilla::NotNull<nsIArray*> x509Certs,
+                                nsIInterfaceRequestor *ctx,
+                                const nsNSSShutDownPreventionLock &proofOfLock);
+
+  // We don't own any NSS objects here, so no need to clean up
+  virtual void virtualDestroyNSSReference() override { };
+};
+
+#define NS_X509CERTDB_CID { /* fb0bbc5c-452e-4783-b32c-80124693d871 */ \
+    0xfb0bbc5c,                                                        \
+    0x452e,                                                            \
+    0x4783,                                                            \
+    {0xb3, 0x2c, 0x80, 0x12, 0x46, 0x93, 0xd8, 0x71}                   \
+  }
+
+#endif // nsNSSCertificateDB_h
diff --git a/security/manager/ssl/nsNSSCertificateFakeTransport.cpp b/security/manager/ssl/nsNSSCertificateFakeTransport.cpp
new file mode 100644
index 000000000..088a5c4ed
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateFakeTransport.cpp
@@ -0,0 +1,478 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificateFakeTransport.h"
+
+#include "mozilla/Assertions.h"
+#include "nsIClassInfoImpl.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsISupportsPrimitives.h"
+#include "nsNSSCertificate.h"
+#include "nsString.h"
+
+NS_IMPL_ISUPPORTS(nsNSSCertificateFakeTransport,
+                  nsIX509Cert,
+                  nsISerializable,
+                  nsIClassInfo)
+
+nsNSSCertificateFakeTransport::nsNSSCertificateFakeTransport()
+  : mCertSerialization(nullptr)
+{
+}
+
+nsNSSCertificateFakeTransport::~nsNSSCertificateFakeTransport()
+{
+  mCertSerialization = nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetDbKey(nsACString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetWindowTitle(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetNickname(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetEmailAddress(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetEmailAddresses(uint32_t*, char16_t***)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::ContainsEmailAddress(const nsAString&, bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetCommonName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetOrganization(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerCommonName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerOrganization(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerOrganizationUnit(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuer(nsIX509Cert**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetOrganizationalUnit(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetChain(nsIArray**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSubjectName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSerialNumber(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSha256Fingerprint(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSha1Fingerprint(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetTokenName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetRawDER(uint32_t*, uint8_t**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetValidity(nsIX509CertValidity**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetKeyUsages(nsAString&)
+{
+  MOZ_ASSERT_UNREACHABLE("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetASN1Structure(nsIASN1Object**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::Equals(nsIX509Cert*, bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSha256SubjectPublicKeyInfoDigest(nsACString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+// NB: This serialization must match that of nsNSSCertificate.
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::Write(nsIObjectOutputStream* aStream)
+{
+  // On a non-chrome process we don't have mCert because we lack
+  // nsNSSComponent. nsNSSCertificateFakeTransport object is used only to
+  // carry the certificate serialization.
+
+  // This serialization has to match that of nsNSSCertificate, so include this
+  // now-unused field.
+  nsresult rv = aStream->Write32(0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = aStream->Write32(mCertSerialization->len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return aStream->WriteByteArray(mCertSerialization->data,
+                                 mCertSerialization->len);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::Read(nsIObjectInputStream* aStream)
+{
+  // This serialization has to match that of nsNSSCertificate, so read the (now
+  // unused) cachedEVStatus.
+  uint32_t unusedCachedEVStatus;
+  nsresult rv = aStream->Read32(&unusedCachedEVStatus);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint32_t len;
+  rv = aStream->Read32(&len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsXPIDLCString str;
+  rv = aStream->ReadBytes(len, getter_Copies(str));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // On a non-chrome process we cannot instatiate mCert because we lack
+  // nsNSSComponent. nsNSSCertificateFakeTransport object is used only to
+  // carry the certificate serialization.
+  mCertSerialization =
+    mozilla::UniqueSECItem(SECITEM_AllocItem(nullptr, nullptr, len));
+  if (!mCertSerialization) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  PORT_Memcpy(mCertSerialization->data, str.Data(), len);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetInterfaces(uint32_t* count, nsIID*** array)
+{
+  *count = 0;
+  *array = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetScriptableHelper(nsIXPCScriptable** _retval)
+{
+  *_retval = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetContractID(char** aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetClassDescription(char** aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetClassID(nsCID** aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID)
+    return NS_ERROR_OUT_OF_MEMORY;
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetFlags(uint32_t* aFlags)
+{
+  *aFlags = nsIClassInfo::THREADSAFE;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
+{
+  static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
+
+  *aClassIDNoAlloc = kNSSCertificateCID;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetCertType(unsigned int*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIsSelfSigned(bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIsBuiltInRoot(bool* aIsBuiltInRoot)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetAllTokenNames(unsigned int*, char16_t***)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+CERTCertificate*
+nsNSSCertificateFakeTransport::GetCert()
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::ExportAsCMS(unsigned int,
+                                           unsigned int*,
+                                           unsigned char**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::MarkForPermDeletion()
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMPL_CLASSINFO(nsNSSCertListFakeTransport,
+                  nullptr,
+                  // inferred from nsIX509Cert
+                  nsIClassInfo::THREADSAFE,
+                  NS_X509CERTLIST_CID)
+
+NS_IMPL_ISUPPORTS_CI(nsNSSCertListFakeTransport,
+                     nsIX509CertList,
+                     nsISerializable)
+
+nsNSSCertListFakeTransport::nsNSSCertListFakeTransport()
+{
+}
+
+nsNSSCertListFakeTransport::~nsNSSCertListFakeTransport()
+{
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::AddCert(nsIX509Cert* aCert)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::DeleteCert(nsIX509Cert* aCert)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+CERTCertList*
+nsNSSCertListFakeTransport::GetRawCertList()
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::GetEnumerator(nsISimpleEnumerator**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::Equals(nsIX509CertList*, bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+// NB: This serialization must match that of nsNSSCertList.
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::Write(nsIObjectOutputStream* aStream)
+{
+  uint32_t certListLen = mFakeCertList.length();
+  // Write the length of the list
+  nsresult rv = aStream->Write32(certListLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  for (size_t i = 0; i < certListLen; i++) {
+    nsCOMPtr<nsIX509Cert> cert = mFakeCertList[i];
+    nsCOMPtr<nsISerializable> serializableCert = do_QueryInterface(cert);
+    rv = aStream->WriteCompoundObject(serializableCert,
+                                      NS_GET_IID(nsIX509Cert), true);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::Read(nsIObjectInputStream* aStream)
+{
+  uint32_t certListLen;
+  nsresult rv = aStream->Read32(&certListLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  for (uint32_t i = 0; i < certListLen; i++) {
+    nsCOMPtr<nsISupports> certSupports;
+    rv = aStream->ReadObject(true, getter_AddRefs(certSupports));
+    if (NS_FAILED(rv)) {
+      break;
+    }
+
+    nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(certSupports);
+    if (!mFakeCertList.append(cert)) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  }
+
+  return rv;
+}
diff --git a/security/manager/ssl/nsNSSCertificateFakeTransport.h b/security/manager/ssl/nsNSSCertificateFakeTransport.h
new file mode 100644
index 000000000..1c57505b4
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateFakeTransport.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificateFakeTransport_h
+#define nsNSSCertificateFakeTransport_h
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Vector.h"
+#include "nsCOMPtr.h"
+#include "nsIClassInfo.h"
+#include "nsISerializable.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertList.h"
+#include "secitem.h"
+
+class nsNSSCertificateFakeTransport : public nsIX509Cert,
+                                      public nsISerializable,
+                                      public nsIClassInfo
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERT
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsNSSCertificateFakeTransport();
+
+protected:
+  virtual ~nsNSSCertificateFakeTransport();
+
+private:
+  mozilla::UniqueSECItem mCertSerialization;
+};
+
+class nsNSSCertListFakeTransport : public nsIX509CertList,
+                                   public nsISerializable
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTLIST
+  NS_DECL_NSISERIALIZABLE
+
+  nsNSSCertListFakeTransport();
+
+protected:
+  virtual ~nsNSSCertListFakeTransport();
+
+private:
+  mozilla::Vector<nsCOMPtr<nsIX509Cert> > mFakeCertList;
+};
+
+#endif // nsNSSCertificateFakeTransport_h
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
new file mode 100644
index 000000000..d53f846ed
--- /dev/null
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -0,0 +1,2499 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSComponent.h"
+
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "cert.h"
+#include "certdb.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/PublicSSL.h"
+#include "mozilla/Services.h"
+#include "mozilla/StaticPtr.h"
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRT.h"
+#include "nsClientAuthRemember.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsICertOverrideService.h"
+#include "nsIFile.h"
+#include "nsIObserverService.h"
+#include "nsIPrompt.h"
+#include "nsIProperties.h"
+#include "nsISiteSecurityService.h"
+#include "nsITokenPasswordDialogs.h"
+#include "nsIWindowWatcher.h"
+#include "nsIXULRuntime.h"
+#include "nsNSSCertificateDB.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "nsXULAppAPI.h"
+#include "nss.h"
+#include "p12plcy.h"
+#include "pkix/pkixnss.h"
+#include "secerr.h"
+#include "secmod.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#ifndef MOZ_NO_SMART_CARDS
+#include "nsSmartCardMonitor.h"
+#endif
+
+#ifdef XP_WIN
+#include "mozilla/WindowsVersion.h"
+#include "nsILocalFileWin.h"
+
+#include "windows.h" // this needs to be before the following includes
+#include "lmcons.h"
+#include "sddl.h"
+#include "wincrypt.h"
+#include "nsIWindowsRegKey.h"
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+LazyLogModule gPIPNSSLog("pipnss");
+
+int nsNSSComponent::mInstanceCount = 0;
+
+// This function can be called from chrome or content processes
+// to ensure that NSS is initialized.
+bool EnsureNSSInitializedChromeOrContent()
+{
+  nsresult rv;
+  if (XRE_IsParentProcess()) {
+    nsCOMPtr<nsISupports> nss = do_GetService(PSM_COMPONENT_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return false;
+    }
+
+    return true;
+  }
+
+  // If this is a content process and not the main thread (i.e. probably a
+  // worker) then forward this call to the main thread.
+  if (!NS_IsMainThread()) {
+    static Atomic<bool> initialized(false);
+
+    // Cache the result to dispatch to the main thread only once per worker.
+    if (initialized) {
+      return true;
+    }
+
+    nsCOMPtr<nsIThread> mainThread;
+    nsresult rv = NS_GetMainThread(getter_AddRefs(mainThread));
+    if (NS_FAILED(rv)) {
+      return false;
+    }
+
+    // Forward to the main thread synchronously.
+    mozilla::SyncRunnable::DispatchToThread(mainThread,
+      new SyncRunnable(NS_NewRunnableFunction([]() {
+        initialized = EnsureNSSInitializedChromeOrContent();
+      }))
+    );
+
+    return initialized;
+  }
+
+  if (NSS_IsInitialized()) {
+    return true;
+  }
+
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return false;
+  }
+
+  if (NS_FAILED(mozilla::psm::InitializeCipherSuite())) {
+    return false;
+  }
+
+  mozilla::psm::DisableMD5();
+  return true;
+}
+
+// We must ensure that the nsNSSComponent has been loaded before
+// creating any other components.
+bool EnsureNSSInitialized(EnsureNSSOperator op)
+{
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+  {
+    if (op == nssEnsureOnChromeOnly)
+    {
+      // If the component needs PSM/NSS initialized only on the chrome process,
+      // pretend we successfully initiated it but in reality we bypass it.
+      // It's up to the programmer to check for process type in such components
+      // and take care not to call anything that needs NSS/PSM initiated.
+      return true;
+    }
+
+    NS_ERROR("Trying to initialize PSM/NSS in a non-chrome process!");
+    return false;
+  }
+
+  static bool loading = false;
+  static int32_t haveLoaded = 0;
+
+  switch (op)
+  {
+    // In following 4 cases we are protected by monitor of XPCOM component
+    // manager - we are inside of do_GetService call for nss component, so it is
+    // safe to move with the flags here.
+  case nssLoadingComponent:
+    if (loading)
+      return false; // We are reentered during nss component creation
+    loading = true;
+    return true;
+
+  case nssInitSucceeded:
+    NS_ASSERTION(loading, "Bad call to EnsureNSSInitialized(nssInitSucceeded)");
+    loading = false;
+    PR_AtomicSet(&haveLoaded, 1);
+    return true;
+
+  case nssInitFailed:
+    NS_ASSERTION(loading, "Bad call to EnsureNSSInitialized(nssInitFailed)");
+    loading = false;
+    MOZ_FALLTHROUGH;
+
+  case nssShutdown:
+    PR_AtomicSet(&haveLoaded, 0);
+    return false;
+
+    // In this case we are called from a component to ensure nss initilization.
+    // If the component has not yet been loaded and is not currently loading
+    // call do_GetService for nss component to ensure it.
+  case nssEnsure:
+  case nssEnsureOnChromeOnly:
+  case nssEnsureChromeOrContent:
+    // We are reentered during nss component creation or nss component is already up
+    if (PR_AtomicAdd(&haveLoaded, 0) || loading)
+      return true;
+
+    {
+    nsCOMPtr<nsINSSComponent> nssComponent
+      = do_GetService(PSM_COMPONENT_CONTRACTID);
+
+    // Nss component failed to initialize, inform the caller of that fact.
+    // Flags are appropriately set by component constructor itself.
+    if (!nssComponent)
+      return false;
+
+    bool isInitialized;
+    nsresult rv = nssComponent->IsNSSInitialized(&isInitialized);
+    return NS_SUCCEEDED(rv) && isInitialized;
+    }
+
+  default:
+    NS_ASSERTION(false, "Bad operator to EnsureNSSInitialized");
+    return false;
+  }
+}
+
+static void
+GetRevocationBehaviorFromPrefs(/*out*/ CertVerifier::OcspDownloadConfig* odc,
+                               /*out*/ CertVerifier::OcspStrictConfig* osc,
+                               /*out*/ CertVerifier::OcspGetConfig* ogc,
+                               /*out*/ uint32_t* certShortLifetimeInDays,
+                               const MutexAutoLock& /*proofOfLock*/)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(odc);
+  MOZ_ASSERT(osc);
+  MOZ_ASSERT(ogc);
+  MOZ_ASSERT(certShortLifetimeInDays);
+
+  // 0 = disabled
+  // 1 = enabled for everything (default)
+  // 2 = enabled for EV certificates only
+  int32_t ocspLevel = Preferences::GetInt("security.OCSP.enabled", 1);
+  switch (ocspLevel) {
+    case 0: *odc = CertVerifier::ocspOff; break;
+    case 2: *odc = CertVerifier::ocspEVOnly; break;
+    default: *odc = CertVerifier::ocspOn; break;
+  }
+
+  *osc = Preferences::GetBool("security.OCSP.require", false)
+       ? CertVerifier::ocspStrict
+       : CertVerifier::ocspRelaxed;
+
+  // XXX: Always use POST for OCSP; see bug 871954 for undoing this.
+  *ogc = Preferences::GetBool("security.OCSP.GET.enabled", false)
+       ? CertVerifier::ocspGetEnabled
+       : CertVerifier::ocspGetDisabled;
+
+  // If we pass in just 0 as the second argument to Preferences::GetUint, there
+  // are two function signatures that match (given that 0 can be intepreted as
+  // a null pointer). Thus the compiler will complain without the cast.
+  *certShortLifetimeInDays =
+    Preferences::GetUint("security.pki.cert_short_lifetime_in_days",
+                         static_cast<uint32_t>(0));
+
+  SSL_ClearSessionCache();
+}
+
+nsNSSComponent::nsNSSComponent()
+  : mutex("nsNSSComponent.mutex")
+  , mNSSInitialized(false)
+#ifndef MOZ_NO_SMART_CARDS
+  , mThreadList(nullptr)
+#endif
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ctor\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
+  ++mInstanceCount;
+}
+
+nsNSSComponent::~nsNSSComponent()
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  // All cleanup code requiring services needs to happen in xpcom_shutdown
+
+  ShutdownNSS();
+  SharedSSLState::GlobalCleanup();
+  RememberCertErrorsTable::Cleanup();
+  --mInstanceCount;
+  nsNSSShutDownList::shutdown();
+
+  // We are being freed, drop the haveLoaded flag to re-enable
+  // potential nss initialization later.
+  EnsureNSSInitialized(nssShutdown);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor finished\n"));
+}
+
+NS_IMETHODIMP
+nsNSSComponent::PIPBundleFormatStringFromName(const char* name,
+                                              const char16_t** params,
+                                              uint32_t numParams,
+                                              nsAString& outString)
+{
+  nsresult rv = NS_ERROR_FAILURE;
+
+  if (mPIPNSSBundle && name) {
+    nsXPIDLString result;
+    rv = mPIPNSSBundle->FormatStringFromName(NS_ConvertASCIItoUTF16(name).get(),
+                                             params, numParams,
+                                             getter_Copies(result));
+    if (NS_SUCCEEDED(rv)) {
+      outString = result;
+    }
+  }
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetPIPNSSBundleString(const char* name, nsAString& outString)
+{
+  nsresult rv = NS_ERROR_FAILURE;
+
+  outString.SetLength(0);
+  if (mPIPNSSBundle && name) {
+    nsXPIDLString result;
+    rv = mPIPNSSBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(),
+                                          getter_Copies(result));
+    if (NS_SUCCEEDED(rv)) {
+      outString = result;
+      rv = NS_OK;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetNSSBundleString(const char* name, nsAString& outString)
+{
+  nsresult rv = NS_ERROR_FAILURE;
+
+  outString.SetLength(0);
+  if (mNSSErrorsBundle && name) {
+    nsXPIDLString result;
+    rv = mNSSErrorsBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(),
+                                             getter_Copies(result));
+    if (NS_SUCCEEDED(rv)) {
+      outString = result;
+      rv = NS_OK;
+    }
+  }
+
+  return rv;
+}
+
+#ifndef MOZ_NO_SMART_CARDS
+void
+nsNSSComponent::LaunchSmartCardThreads()
+{
+  nsNSSShutDownPreventionLock locker;
+  {
+    SECMODModuleList* list;
+    SECMODListLock* lock = SECMOD_GetDefaultModuleListLock();
+    if (!lock) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+               ("Couldn't get the module list lock, can't launch smart card threads\n"));
+        return;
+    }
+    SECMOD_GetReadLock(lock);
+    list = SECMOD_GetDefaultModuleList();
+
+    while (list) {
+      SECMODModule* module = list->module;
+      LaunchSmartCardThread(module);
+      list = list->next;
+    }
+    SECMOD_ReleaseReadLock(lock);
+  }
+}
+
+NS_IMETHODIMP
+nsNSSComponent::LaunchSmartCardThread(SECMODModule* module)
+{
+  SmartCardMonitoringThread* newThread;
+  if (SECMOD_HasRemovableSlots(module)) {
+    if (!mThreadList) {
+      mThreadList = new SmartCardThreadList();
+    }
+    newThread = new SmartCardMonitoringThread(module);
+    // newThread is adopted by the add.
+    return mThreadList->Add(newThread);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::ShutdownSmartCardThread(SECMODModule* module)
+{
+  if (!mThreadList) {
+    return NS_OK;
+  }
+  mThreadList->Remove(module);
+  return NS_OK;
+}
+
+void
+nsNSSComponent::ShutdownSmartCardThreads()
+{
+  delete mThreadList;
+  mThreadList = nullptr;
+}
+#endif // MOZ_NO_SMART_CARDS
+
+#ifdef XP_WIN
+static bool
+GetUserSid(nsAString& sidString)
+{
+  // UNLEN is the maximum user name length (see Lmcons.h). +1 for the null
+  // terminator.
+  WCHAR lpAccountName[UNLEN + 1];
+  DWORD lcAccountName = sizeof(lpAccountName) / sizeof(lpAccountName[0]);
+  BOOL success = GetUserName(lpAccountName, &lcAccountName);
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetUserName failed"));
+    return false;
+  }
+  char sid_buffer[SECURITY_MAX_SID_SIZE];
+  SID* sid = BitwiseCast<SID*, char*>(sid_buffer);
+  DWORD cbSid = ArrayLength(sid_buffer);
+  SID_NAME_USE eUse;
+  // There doesn't appear to be a defined maximum length for the domain name
+  // here. To deal with this, we start with a reasonable buffer length and
+  // see if that works. If it fails and the error indicates insufficient length,
+  // we use the indicated required length and try again.
+  DWORD cchReferencedDomainName = 128;
+  auto ReferencedDomainName(MakeUnique<WCHAR[]>(cchReferencedDomainName));
+  success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid,
+                              ReferencedDomainName.get(),
+                              &cchReferencedDomainName, &eUse);
+  if (!success && GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed"));
+    return false;
+  }
+  if (!success) {
+    ReferencedDomainName = MakeUnique<WCHAR[]>(cchReferencedDomainName);
+    success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid,
+                                ReferencedDomainName.get(),
+                                &cchReferencedDomainName, &eUse);
+  }
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed"));
+    return false;
+  }
+  LPTSTR StringSid;
+  success = ConvertSidToStringSid(sid, &StringSid);
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ConvertSidToStringSid failed"));
+    return false;
+  }
+  sidString.Assign(StringSid);
+  LocalFree(StringSid);
+  return true;
+}
+
+// This is a specialized helper function to read the value of a registry key
+// that might not be present. If it is present, returns (via the output
+// parameter) its value. Otherwise, returns the given default value.
+// This function handles one level of nesting. That is, if the desired value
+// is actually in a direct child of the given registry key (where the child
+// and/or the value being sought may not actually be present), this function
+// will handle that. In the normal case, though, optionalChildName will be
+// null.
+static nsresult
+ReadRegKeyValueWithDefault(nsCOMPtr<nsIWindowsRegKey> regKey,
+                           uint32_t flags,
+                           wchar_t* optionalChildName,
+                           wchar_t* valueName,
+                           uint32_t defaultValue,
+                           uint32_t& valueOut)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ReadRegKeyValueWithDefault"));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("attempting to read '%S%s%S' with default '%u'",
+           optionalChildName ? optionalChildName : L"",
+           optionalChildName ? "\\" : "", valueName, defaultValue));
+  if (optionalChildName) {
+    nsDependentString childNameString(optionalChildName);
+    bool hasChild;
+    nsresult rv = regKey->HasChild(childNameString, &hasChild);
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to determine if child key is present"));
+      return rv;
+    }
+    if (!hasChild) {
+      valueOut = defaultValue;
+      return NS_OK;
+    }
+    nsCOMPtr<nsIWindowsRegKey> childRegKey;
+    rv = regKey->OpenChild(childNameString, flags,
+                           getter_AddRefs(childRegKey));
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open child key"));
+      return rv;
+    }
+    return ReadRegKeyValueWithDefault(childRegKey, flags, nullptr, valueName,
+                                      defaultValue, valueOut);
+  }
+  nsDependentString valueNameString(valueName);
+  bool hasValue;
+  nsresult rv = regKey->HasValue(valueNameString, &hasValue);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to determine if value is present"));
+    return rv;
+  }
+  if (!hasValue) {
+    valueOut = defaultValue;
+    return NS_OK;
+  }
+  rv = regKey->ReadIntValue(valueNameString, &valueOut);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to read value"));
+    return rv;
+  }
+  return NS_OK;
+}
+
+static nsresult
+AccountHasFamilySafetyEnabled(bool& enabled)
+{
+  enabled = false;
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("AccountHasFamilySafetyEnabled?"));
+  nsCOMPtr<nsIWindowsRegKey> parentalControlsKey(
+    do_CreateInstance("@mozilla.org/windows-registry-key;1"));
+  if (!parentalControlsKey) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't create nsIWindowsRegKey"));
+    return NS_ERROR_FAILURE;
+  }
+  uint32_t flags = nsIWindowsRegKey::ACCESS_READ | nsIWindowsRegKey::WOW64_64;
+  NS_NAMED_LITERAL_STRING(familySafetyPath,
+    "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls");
+  nsresult rv = parentalControlsKey->Open(
+    nsIWindowsRegKey::ROOT_KEY_LOCAL_MACHINE, familySafetyPath, flags);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open parentalControlsKey"));
+    return rv;
+  }
+  NS_NAMED_LITERAL_STRING(usersString, "Users");
+  bool hasUsers;
+  rv = parentalControlsKey->HasChild(usersString, &hasUsers);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(Users) failed"));
+    return rv;
+  }
+  if (!hasUsers) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("Users subkey not present - Parental Controls not enabled"));
+    return NS_OK;
+  }
+  nsCOMPtr<nsIWindowsRegKey> usersKey;
+  rv = parentalControlsKey->OpenChild(usersString, flags,
+                                      getter_AddRefs(usersKey));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to open Users subkey"));
+    return rv;
+  }
+  nsAutoString sid;
+  if (!GetUserSid(sid)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't get sid"));
+    return NS_ERROR_FAILURE;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("our sid is '%S'", sid.get()));
+  bool hasSid;
+  rv = usersKey->HasChild(sid, &hasSid);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(sid) failed"));
+    return rv;
+  }
+  if (!hasSid) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("sid not present in Family Safety Users"));
+    return NS_OK;
+  }
+  nsCOMPtr<nsIWindowsRegKey> sidKey;
+  rv = usersKey->OpenChild(sid, flags, getter_AddRefs(sidKey));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open sid key"));
+    return rv;
+  }
+  // There are three keys we're interested in: "Parental Controls On",
+  // "Logging Required", and "Web\\Filter On". These keys will have value 0
+  // or 1, indicating a particular feature is disabled or enabled,
+  // respectively. So, if "Parental Controls On" is not 1, Family Safety is
+  // disabled and we don't care about anything else. If both "Logging
+  // Required" and "Web\\Filter On" are 0, the proxy will not be running,
+  // so for our purposes we can consider Family Safety disabled in that
+  // case.
+  // By default, "Logging Required" is 1 and "Web\\Filter On" is 0,
+  // reflecting the initial settings when Family Safety is enabled for an
+  // account for the first time, However, these sub-keys are not created
+  // unless they are switched away from the default value.
+  uint32_t parentalControlsOn;
+  rv = sidKey->ReadIntValue(NS_LITERAL_STRING("Parental Controls On"),
+                            &parentalControlsOn);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't read Parental Controls On"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Parental Controls On: %u", parentalControlsOn));
+  if (parentalControlsOn != 1) {
+    return NS_OK;
+  }
+  uint32_t loggingRequired;
+  rv = ReadRegKeyValueWithDefault(sidKey, flags, nullptr, L"Logging Required",
+                                  1, loggingRequired);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to read value of Logging Required"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Logging Required: %u", loggingRequired));
+  uint32_t webFilterOn;
+  rv = ReadRegKeyValueWithDefault(sidKey, flags, L"Web", L"Filter On", 0,
+                                  webFilterOn);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to read value of Web\\Filter On"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Web\\Filter On: %u", webFilterOn));
+  enabled = loggingRequired == 1 || webFilterOn == 1;
+  return NS_OK;
+}
+
+// It would be convenient to just use nsIX509CertDB in the following code.
+// However, since nsIX509CertDB depends on nsNSSComponent initialization (and
+// since this code runs during that initialization), we can't use it. Instead,
+// we can use NSS APIs directly (as long as we're called late enough in
+// nsNSSComponent initialization such that those APIs are safe to use).
+
+// Helper function to convert a PCCERT_CONTEXT (i.e. a certificate obtained via
+// a Windows API) to a temporary CERTCertificate (i.e. a certificate for use
+// with NSS APIs).
+static UniqueCERTCertificate
+PCCERT_CONTEXTToCERTCertificate(PCCERT_CONTEXT pccert)
+{
+  MOZ_ASSERT(pccert);
+  if (!pccert) {
+    return nullptr;
+  }
+
+  SECItem derCert = {
+    siBuffer,
+    pccert->pbCertEncoded,
+    pccert->cbCertEncoded
+  };
+  return UniqueCERTCertificate(
+    CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
+                            nullptr, // nickname unnecessary
+                            false, // not permanent
+                            true)); // copy DER
+}
+
+static const char* kMicrosoftFamilySafetyCN = "Microsoft Family Safety";
+
+nsresult
+nsNSSComponent::MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
+                                            bool& wasFamilySafetyRoot)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("MaybeImportFamilySafetyRoot"));
+  wasFamilySafetyRoot = false;
+
+  UniqueCERTCertificate nssCertificate(
+    PCCERT_CONTEXTToCERTCertificate(certificate));
+  if (!nssCertificate) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate"));
+    return NS_ERROR_FAILURE;
+  }
+  // Looking for a certificate with the common name 'Microsoft Family Safety'
+  UniquePORTString subjectName(CERT_GetCommonName(&nssCertificate->subject));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("subject name is '%s'", subjectName.get()));
+  if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) {
+    wasFamilySafetyRoot = true;
+    CERTCertTrust trust = {
+      CERTDB_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_USER,
+      0,
+      0
+    };
+    if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust)
+          != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("couldn't trust certificate for TLS server auth"));
+      return NS_ERROR_FAILURE;
+    }
+    MOZ_ASSERT(!mFamilySafetyRoot);
+    mFamilySafetyRoot = Move(nssCertificate);
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("added Family Safety root"));
+  }
+  return NS_OK;
+}
+
+// Because HCERTSTORE is just a typedef void*, we can't use any of the nice
+// scoped or unique pointer templates. To elaborate, any attempt would
+// instantiate those templates with T = void. When T gets used in the context
+// of T&, this results in void&, which isn't legal.
+class ScopedCertStore final
+{
+public:
+  explicit ScopedCertStore(HCERTSTORE certstore) : certstore(certstore) {}
+
+  ~ScopedCertStore()
+  {
+    CertCloseStore(certstore, 0);
+  }
+
+  HCERTSTORE get()
+  {
+    return certstore;
+  }
+
+private:
+  ScopedCertStore(const ScopedCertStore&) = delete;
+  ScopedCertStore& operator=(const ScopedCertStore&) = delete;
+  HCERTSTORE certstore;
+};
+
+static const wchar_t* kWindowsDefaultRootStoreName = L"ROOT";
+
+nsresult
+nsNSSComponent::LoadFamilySafetyRoot()
+{
+  ScopedCertStore certstore(
+    CertOpenSystemStore(0, kWindowsDefaultRootStoreName));
+  if (!certstore.get()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't get certstore '%S'", kWindowsDefaultRootStoreName));
+    return NS_ERROR_FAILURE;
+  }
+  // Any resources held by the certificate are released by the next call to
+  // CertFindCertificateInStore.
+  PCCERT_CONTEXT certificate = nullptr;
+  while ((certificate = CertFindCertificateInStore(certstore.get(),
+                                                   X509_ASN_ENCODING, 0,
+                                                   CERT_FIND_ANY, nullptr,
+                                                   certificate))) {
+    bool wasFamilySafetyRoot = false;
+    nsresult rv = MaybeImportFamilySafetyRoot(certificate,
+                                              wasFamilySafetyRoot);
+    if (NS_SUCCEEDED(rv) && wasFamilySafetyRoot) {
+      return NS_OK; // We're done (we're only expecting one root).
+    }
+  }
+  return NS_ERROR_FAILURE;
+}
+
+void
+nsNSSComponent::UnloadFamilySafetyRoot()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("UnloadFamilySafetyRoot"));
+  if (!mFamilySafetyRoot) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Family Safety Root wasn't present"));
+    return;
+  }
+  // It would be intuitive to set the trust to { 0, 0, 0 } here. However, this
+  // doesn't work for temporary certificates because CERT_ChangeCertTrust first
+  // looks up the current trust settings in the permanent cert database, finds
+  // that such trust doesn't exist, considers the current trust to be
+  // { 0, 0, 0 }, and decides that it doesn't need to update the trust since
+  // they're the same. To work around this, we set a non-zero flag to ensure
+  // that the trust will get updated.
+  CERTCertTrust trust = { CERTDB_USER, 0, 0 };
+  if (CERT_ChangeCertTrust(nullptr, mFamilySafetyRoot.get(), &trust)
+        != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't untrust certificate for TLS server auth"));
+  }
+  mFamilySafetyRoot = nullptr;
+}
+
+#endif // XP_WIN
+
+// The supported values of this pref are:
+// 0: disable detecting Family Safety mode and importing the root
+// 1: only attempt to detect Family Safety mode (don't import the root)
+// 2: detect Family Safety mode and import the root
+const char* kFamilySafetyModePref = "security.family_safety.mode";
+
+// The telemetry gathered by this function is as follows:
+// 0-2: the value of the Family Safety mode pref
+// 3: detecting Family Safety mode failed
+// 4: Family Safety was not enabled
+// 5: Family Safety was enabled
+// 6: failed to import the Family Safety root
+// 7: successfully imported the root
+void
+nsNSSComponent::MaybeEnableFamilySafetyCompatibility()
+{
+#ifdef XP_WIN
+  UnloadFamilySafetyRoot();
+  if (!(IsWin8Point1OrLater() && !IsWin10OrLater())) {
+    return;
+  }
+  // Detect but don't import by default.
+  uint32_t familySafetyMode = Preferences::GetUint(kFamilySafetyModePref, 1);
+  if (familySafetyMode > 2) {
+    familySafetyMode = 0;
+  }
+  Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, familySafetyMode);
+  if (familySafetyMode == 0) {
+    return;
+  }
+  bool familySafetyEnabled;
+  nsresult rv = AccountHasFamilySafetyEnabled(familySafetyEnabled);
+  if (NS_FAILED(rv)) {
+    Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 3);
+    return;
+  }
+  if (!familySafetyEnabled) {
+    Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 4);
+    return;
+  }
+  Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 5);
+  if (familySafetyMode == 2) {
+    rv = LoadFamilySafetyRoot();
+    if (NS_FAILED(rv)) {
+      Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 6);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to load Family Safety root"));
+    } else {
+      Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 7);
+    }
+  }
+#endif // XP_WIN
+}
+
+#ifdef XP_WIN
+// Helper function to determine if the OS considers the given certificate to be
+// a trust anchor for TLS server auth certificates. This is to be used in the
+// context of importing what are presumed to be root certificates from the OS.
+// If this function returns true but it turns out that the given certificate is
+// in some way unsuitable to issue certificates, mozilla::pkix will never build
+// a valid chain that includes the certificate, so importing it even if it
+// isn't a valid CA poses no risk.
+static bool
+CertIsTrustAnchorForTLSServerAuth(PCCERT_CONTEXT certificate)
+{
+  MOZ_ASSERT(certificate);
+  if (!certificate) {
+    return false;
+  }
+
+  PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
+  CERT_ENHKEY_USAGE enhkeyUsage;
+  memset(&enhkeyUsage, 0, sizeof(CERT_ENHKEY_USAGE));
+  LPSTR identifiers[] = {
+    "1.3.6.1.5.5.7.3.1", // id-kp-serverAuth
+  };
+  enhkeyUsage.cUsageIdentifier = ArrayLength(identifiers);
+  enhkeyUsage.rgpszUsageIdentifier = identifiers;
+  CERT_USAGE_MATCH certUsage;
+  memset(&certUsage, 0, sizeof(CERT_USAGE_MATCH));
+  certUsage.dwType = USAGE_MATCH_TYPE_AND;
+  certUsage.Usage = enhkeyUsage;
+  CERT_CHAIN_PARA chainPara;
+  memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA));
+  chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
+  chainPara.RequestedUsage = certUsage;
+
+  if (!CertGetCertificateChain(nullptr, certificate, nullptr, nullptr,
+                               &chainPara, 0, nullptr, &pChainContext)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertGetCertificateChain failed"));
+    return false;
+  }
+  bool trusted = pChainContext->TrustStatus.dwErrorStatus ==
+                 CERT_TRUST_NO_ERROR;
+  bool isRoot = pChainContext->cChain == 1;
+  CertFreeCertificateChain(pChainContext);
+  if (trusted && isRoot) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("certificate is trust anchor for TLS server auth"));
+    return true;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("certificate not trust anchor for TLS server auth"));
+  return false;
+}
+
+void
+nsNSSComponent::UnloadEnterpriseRoots()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("UnloadEnterpriseRoots"));
+  if (!mEnterpriseRoots) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("no enterprise roots were present"));
+    return;
+  }
+  // It would be intuitive to set the trust to { 0, 0, 0 } here. However, this
+  // doesn't work for temporary certificates because CERT_ChangeCertTrust first
+  // looks up the current trust settings in the permanent cert database, finds
+  // that such trust doesn't exist, considers the current trust to be
+  // { 0, 0, 0 }, and decides that it doesn't need to update the trust since
+  // they're the same. To work around this, we set a non-zero flag to ensure
+  // that the trust will get updated.
+  CERTCertTrust trust = { CERTDB_USER, 0, 0 };
+  for (CERTCertListNode* n = CERT_LIST_HEAD(mEnterpriseRoots.get());
+       !CERT_LIST_END(n, mEnterpriseRoots.get()); n = CERT_LIST_NEXT(n)) {
+    if (!n || !n->cert) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("library failure: CERTCertListNode null or lacks cert"));
+      continue;
+    }
+    if (CERT_ChangeCertTrust(nullptr, n->cert, &trust) != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("couldn't untrust certificate for TLS server auth"));
+    }
+  }
+  mEnterpriseRoots = nullptr;
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("unloaded enterprise roots"));
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  NS_ENSURE_ARG_POINTER(enterpriseRoots);
+
+  nsNSSShutDownPreventionLock lock;
+  // nsNSSComponent isn't a nsNSSShutDownObject, so we can't check
+  // isAlreadyShutDown(). However, since mEnterpriseRoots is cleared when NSS
+  // shuts down, we can use that as a proxy for checking for NSS shutdown.
+  // (Of course, it may also be the case that no enterprise roots were imported,
+  // so we should just return a null list and NS_OK in this case.)
+  if (!mEnterpriseRoots) {
+    *enterpriseRoots = nullptr;
+    return NS_OK;
+  }
+  UniqueCERTCertList enterpriseRootsCopy(
+    nsNSSCertList::DupCertList(mEnterpriseRoots, lock));
+  if (!enterpriseRootsCopy) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIX509CertList> enterpriseRootsCertList(
+    new nsNSSCertList(Move(enterpriseRootsCopy), lock));
+  if (!enterpriseRootsCertList) {
+    return NS_ERROR_FAILURE;
+  }
+  enterpriseRootsCertList.forget(enterpriseRoots);
+  return NS_OK;
+}
+#endif // XP_WIN
+
+static const char* kEnterpriseRootModePref = "security.enterprise_roots.enabled";
+
+void
+nsNSSComponent::MaybeImportEnterpriseRoots()
+{
+#ifdef XP_WIN
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  UnloadEnterpriseRoots();
+  bool importEnterpriseRoots = Preferences::GetBool(kEnterpriseRootModePref,
+                                                    false);
+  if (!importEnterpriseRoots) {
+    return;
+  }
+
+  MOZ_ASSERT(!mEnterpriseRoots);
+  mEnterpriseRoots.reset(CERT_NewCertList());
+  if (!mEnterpriseRoots) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to allocate a new CERTCertList for mEnterpriseRoots"));
+    return;
+  }
+
+  ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE);
+  ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY);
+  ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE);
+#endif // XP_WIN
+}
+
+#ifdef XP_WIN
+// Loads the enterprise roots at the registry location corresponding to the
+// given location flag.
+// Supported flags are:
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE
+//     (for HKLM\SOFTWARE\Microsoft\SystemCertificates)
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
+//     (for HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates)
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
+//     (for HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates)
+void
+nsNSSComponent::ImportEnterpriseRootsForLocation(DWORD locationFlag)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  MOZ_ASSERT(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
+             locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
+             locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE,
+             "unexpected locationFlag for ImportEnterpriseRootsForLocation");
+  if (!(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
+        locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
+        locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE)) {
+    return;
+  }
+
+  DWORD flags = locationFlag |
+                CERT_STORE_OPEN_EXISTING_FLAG |
+                CERT_STORE_READONLY_FLAG;
+  // The certificate store being opened should consist only of certificates
+  // added by a user or administrator and not any certificates that are part
+  // of Microsoft's root store program.
+  // The 3rd parameter to CertOpenStore should be NULL according to
+  // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376559%28v=vs.85%29.aspx
+  ScopedCertStore enterpriseRootStore(CertOpenStore(
+    CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, NULL, flags,
+    kWindowsDefaultRootStoreName));
+  if (!enterpriseRootStore.get()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to open enterprise root store"));
+    return;
+  }
+  CERTCertTrust trust = {
+    CERTDB_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_USER,
+    0,
+    0
+  };
+  PCCERT_CONTEXT certificate = nullptr;
+  uint32_t numImported = 0;
+  while ((certificate = CertFindCertificateInStore(enterpriseRootStore.get(),
+                                                   X509_ASN_ENCODING, 0,
+                                                   CERT_FIND_ANY, nullptr,
+                                                   certificate))) {
+    if (!CertIsTrustAnchorForTLSServerAuth(certificate)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("skipping cert not trust anchor for TLS server auth"));
+      continue;
+    }
+    UniqueCERTCertificate nssCertificate(
+      PCCERT_CONTEXTToCERTCertificate(certificate));
+    if (!nssCertificate) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate"));
+      continue;
+    }
+    // Don't import the Microsoft Family Safety root (this prevents the
+    // Enterprise Roots feature from interacting poorly with the Family
+    // Safety support).
+    UniquePORTString subjectName(
+      CERT_GetCommonName(&nssCertificate->subject));
+    if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("skipping Family Safety Root"));
+      continue;
+    }
+    MOZ_ASSERT(mEnterpriseRoots, "mEnterpriseRoots unexpectedly NULL?");
+    if (!mEnterpriseRoots) {
+      return;
+    }
+    if (CERT_AddCertToListTail(mEnterpriseRoots.get(), nssCertificate.get())
+          != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't add cert to list"));
+      continue;
+    }
+    if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust)
+          != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("couldn't trust certificate for TLS server auth"));
+    }
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Imported '%s'", subjectName.get()));
+    numImported++;
+    // now owned by mEnterpriseRoots
+    Unused << nssCertificate.release();
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("imported %u roots", numImported));
+}
+#endif // XP_WIN
+
+void
+nsNSSComponent::LoadLoadableRoots()
+{
+  nsNSSShutDownPreventionLock locker;
+  SECMODModule* RootsModule = nullptr;
+
+  // In the past we used SECMOD_AddNewModule to load our module containing
+  // root CA certificates. This caused problems, refer to bug 176501.
+  // On startup, we fix our database and clean any stored module reference,
+  // and will use SECMOD_LoadUserModule to temporarily load it
+  // for the session. (This approach requires to clean up
+  // using SECMOD_UnloadUserModule at the end of the session.)
+
+  {
+    // Find module containing root certs
+
+    SECMODModuleList* list;
+    SECMODListLock* lock = SECMOD_GetDefaultModuleListLock();
+    if (!lock) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+               ("Couldn't get the module list lock, can't install loadable roots\n"));
+        return;
+    }
+    SECMOD_GetReadLock(lock);
+    list = SECMOD_GetDefaultModuleList();
+
+    while (!RootsModule && list) {
+      SECMODModule* module = list->module;
+
+      for (int i=0; i < module->slotCount; i++) {
+        PK11SlotInfo* slot = module->slots[i];
+        if (PK11_IsPresent(slot)) {
+          if (PK11_HasRootCerts(slot)) {
+            RootsModule = SECMOD_ReferenceModule(module);
+            break;
+          }
+        }
+      }
+
+      list = list->next;
+    }
+    SECMOD_ReleaseReadLock(lock);
+  }
+
+  if (RootsModule) {
+    int32_t modType;
+    SECMOD_DeleteModule(RootsModule->commonName, &modType);
+    SECMOD_DestroyModule(RootsModule);
+    RootsModule = nullptr;
+  }
+
+  // Find the best Roots module for our purposes.
+  // Prefer the application's installation directory,
+  // but also ensure the library is at least the version we expect.
+
+  nsAutoString modName;
+  nsresult rv = GetPIPNSSBundleString("RootCertModuleName", modName);
+  if (NS_FAILED(rv)) {
+    // When running Cpp unit tests on Android, this will fail because string
+    // bundles aren't available (see bug 1311077, bug 1228175 comment 12, and
+    // bug 929655). Because the module name is really only for display purposes,
+    // we can just hard-code the value here. Furthermore, if we want to be able
+    // to stop using string bundles in PSM in this way, we'll have to hard-code
+    // the string and only use the localized version when displaying it to the
+    // user, so this is a step in that direction anyway.
+    modName.AssignLiteral("Builtin Roots Module");
+  }
+
+  nsCOMPtr<nsIProperties> directoryService(do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID));
+  if (!directoryService)
+    return;
+
+  static const char nss_lib[] = "nss3";
+  const char* possible_ckbi_locations[] = {
+    nss_lib, // This special value means: search for ckbi in the directory
+             // where nss3 is.
+    NS_XPCOM_CURRENT_PROCESS_DIR,
+    NS_GRE_DIR,
+    0 // This special value means:
+      //   search for ckbi in the directories on the shared
+      //   library/DLL search path
+  };
+
+  for (size_t il = 0; il < sizeof(possible_ckbi_locations)/sizeof(const char*); ++il) {
+    nsAutoCString libDir;
+
+    if (possible_ckbi_locations[il]) {
+      nsCOMPtr<nsIFile> mozFile;
+      if (possible_ckbi_locations[il] == nss_lib) {
+        // Get the location of the nss3 library.
+        char* nss_path = PR_GetLibraryFilePathname(DLL_PREFIX "nss3" DLL_SUFFIX,
+                                                   (PRFuncPtr) NSS_Initialize);
+        if (!nss_path) {
+          continue;
+        }
+        // Get the directory containing the nss3 library.
+        nsCOMPtr<nsIFile> nssLib(do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv));
+        if (NS_SUCCEEDED(rv)) {
+          rv = nssLib->InitWithNativePath(nsDependentCString(nss_path));
+        }
+        PR_Free(nss_path);
+        if (NS_SUCCEEDED(rv)) {
+          nsCOMPtr<nsIFile> file;
+          if (NS_SUCCEEDED(nssLib->GetParent(getter_AddRefs(file)))) {
+            mozFile = do_QueryInterface(file);
+          }
+        }
+      } else {
+        directoryService->Get( possible_ckbi_locations[il],
+                               NS_GET_IID(nsIFile),
+                               getter_AddRefs(mozFile));
+      }
+
+      if (!mozFile) {
+        continue;
+      }
+
+      if (NS_FAILED(mozFile->GetNativePath(libDir))) {
+        continue;
+      }
+    }
+
+    NS_ConvertUTF16toUTF8 modNameUTF8(modName);
+    if (mozilla::psm::LoadLoadableRoots(
+            libDir.Length() > 0 ? libDir.get() : nullptr,
+            modNameUTF8.get()) == SECSuccess) {
+      break;
+    }
+  }
+}
+
+void
+nsNSSComponent::UnloadLoadableRoots()
+{
+  nsresult rv;
+  nsAutoString modName;
+  rv = GetPIPNSSBundleString("RootCertModuleName", modName);
+  if (NS_FAILED(rv)) return;
+
+  NS_ConvertUTF16toUTF8 modNameUTF8(modName);
+  ::mozilla::psm::UnloadLoadableRoots(modNameUTF8.get());
+}
+
+nsresult
+nsNSSComponent::ConfigureInternalPKCS11Token()
+{
+  nsNSSShutDownPreventionLock locker;
+  nsAutoString manufacturerID;
+  nsAutoString libraryDescription;
+  nsAutoString tokenDescription;
+  nsAutoString privateTokenDescription;
+  nsAutoString slotDescription;
+  nsAutoString privateSlotDescription;
+  nsAutoString fips140SlotDescription;
+  nsAutoString fips140TokenDescription;
+
+  nsresult rv;
+  rv = GetPIPNSSBundleString("ManufacturerID", manufacturerID);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("LibraryDescription", libraryDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("TokenDescription", tokenDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("PrivateTokenDescription", privateTokenDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("SlotDescription", slotDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("PrivateSlotDescription", privateSlotDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("Fips140SlotDescription", fips140SlotDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("Fips140TokenDescription", fips140TokenDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  PK11_ConfigurePKCS11(NS_ConvertUTF16toUTF8(manufacturerID).get(),
+                       NS_ConvertUTF16toUTF8(libraryDescription).get(),
+                       NS_ConvertUTF16toUTF8(tokenDescription).get(),
+                       NS_ConvertUTF16toUTF8(privateTokenDescription).get(),
+                       NS_ConvertUTF16toUTF8(slotDescription).get(),
+                       NS_ConvertUTF16toUTF8(privateSlotDescription).get(),
+                       NS_ConvertUTF16toUTF8(fips140SlotDescription).get(),
+                       NS_ConvertUTF16toUTF8(fips140TokenDescription).get(),
+                       0, 0);
+  return NS_OK;
+}
+
+nsresult
+nsNSSComponent::InitializePIPNSSBundle()
+{
+  // Called during init only, no mutex required.
+
+  nsresult rv;
+  nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+  MOZ_RELEASE_ASSERT(bundleService);
+#endif
+  if (NS_FAILED(rv) || !bundleService)
+    return NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle("chrome://pipnss/locale/pipnss.properties",
+                              getter_AddRefs(mPIPNSSBundle));
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(mPIPNSSBundle);
+#endif
+  if (!mPIPNSSBundle)
+    rv = NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle("chrome://pipnss/locale/nsserrors.properties",
+                              getter_AddRefs(mNSSErrorsBundle));
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(mNSSErrorsBundle);
+#endif
+  if (!mNSSErrorsBundle)
+    rv = NS_ERROR_FAILURE;
+
+  return rv;
+}
+
+// Table of pref names and SSL cipher ID
+typedef struct {
+  const char* pref;
+  long id;
+  bool enabledByDefault;
+  bool weak;
+} CipherPref;
+
+// Update the switch statement in AccumulateCipherSuite in nsNSSCallbacks.cpp
+// when you add/remove cipher suites here.
+static const CipherPref sCipherPrefs[] = {
+ { "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
+   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, true },
+ { "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",
+   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, true },
+
+ { "security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256",
+   TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, true },
+ { "security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256",
+   TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, true },
+
+ { "security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384",
+   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, true },
+ { "security.ssl3.ecdhe_rsa_aes_256_gcm_sha384",
+   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, true },
+
+ { "security.ssl3.ecdhe_rsa_aes_128_sha",
+   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
+ { "security.ssl3.ecdhe_ecdsa_aes_128_sha",
+   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true },
+
+ { "security.ssl3.ecdhe_rsa_aes_256_sha",
+   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, true },
+ { "security.ssl3.ecdhe_ecdsa_aes_256_sha",
+   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true },
+
+ { "security.ssl3.dhe_rsa_aes_128_sha",
+   TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true },
+
+ { "security.ssl3.dhe_rsa_aes_256_sha",
+   TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true },
+
+ { "security.tls13.aes_128_gcm_sha256",
+   TLS_AES_128_GCM_SHA256, true },
+ { "security.tls13.chacha20_poly1305_sha256",
+   TLS_CHACHA20_POLY1305_SHA256, true },
+ { "security.tls13.aes_256_gcm_sha384",
+   TLS_AES_256_GCM_SHA384, true },
+
+ { "security.ssl3.rsa_aes_128_sha",
+   TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange)
+ { "security.ssl3.rsa_aes_256_sha",
+   TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange)
+ { "security.ssl3.rsa_des_ede3_sha",
+   TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES)
+
+ // All the rest are disabled
+
+ { nullptr, 0 } // end marker
+};
+
+// Bit flags indicating what weak ciphers are enabled.
+// The bit index will correspond to the index in sCipherPrefs.
+// Wrtten by the main thread, read from any threads.
+static Atomic<uint32_t> sEnabledWeakCiphers;
+static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint32_t) * CHAR_BIT,
+              "too many cipher suites");
+
+/*static*/ bool
+nsNSSComponent::AreAnyWeakCiphersEnabled()
+{
+  return !!sEnabledWeakCiphers;
+}
+
+/*static*/ void
+nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd)
+{
+  const uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
+  const CipherPref* const cp = sCipherPrefs;
+  for (size_t i = 0; cp[i].pref; ++i) {
+    if (enabledWeakCiphers & ((uint32_t)1 << i)) {
+      SSL_CipherPrefSet(fd, cp[i].id, true);
+    }
+  }
+}
+
+// This function will convert from pref values like 1, 2, ...
+// to the internal values of SSL_LIBRARY_VERSION_TLS_1_0,
+// SSL_LIBRARY_VERSION_TLS_1_1, ...
+/*static*/ void
+nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
+                                    uint32_t minFromPrefs,
+                                    uint32_t maxFromPrefs,
+                                    SSLVersionRange defaults)
+{
+  rangeOut = defaults;
+  // determine what versions are supported
+  SSLVersionRange supported;
+  if (SSL_VersionRangeGetSupported(ssl_variant_stream, &supported)
+        != SECSuccess) {
+    return;
+  }
+
+  // Clip the defaults by what NSS actually supports to enable
+  // working with a system NSS with different ranges.
+  rangeOut.min = std::max(rangeOut.min, supported.min);
+  rangeOut.max = std::min(rangeOut.max, supported.max);
+
+  // convert min/maxFromPrefs to the internal representation
+  minFromPrefs += SSL_LIBRARY_VERSION_3_0;
+  maxFromPrefs += SSL_LIBRARY_VERSION_3_0;
+  // if min/maxFromPrefs are invalid, use defaults
+  if (minFromPrefs > maxFromPrefs ||
+      minFromPrefs < supported.min || maxFromPrefs > supported.max ||
+      minFromPrefs < SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+
+  // fill out rangeOut
+  rangeOut.min = (uint16_t) minFromPrefs;
+  rangeOut.max = (uint16_t) maxFromPrefs;
+}
+
+static const int32_t OCSP_ENABLED_DEFAULT = 1;
+static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false;
+static const bool FALSE_START_ENABLED_DEFAULT = true;
+static const bool NPN_ENABLED_DEFAULT = true;
+static const bool ALPN_ENABLED_DEFAULT = false;
+static const bool ENABLED_0RTT_DATA_DEFAULT = false;
+
+static void
+ConfigureTLSSessionIdentifiers()
+{
+  bool disableSessionIdentifiers =
+    Preferences::GetBool("security.ssl.disable_session_identifiers", false);
+  SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, !disableSessionIdentifiers);
+  SSL_OptionSetDefault(SSL_NO_CACHE, disableSessionIdentifiers);
+}
+
+namespace {
+
+class CipherSuiteChangeObserver : public nsIObserver
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  static nsresult StartObserve();
+
+protected:
+  virtual ~CipherSuiteChangeObserver() {}
+
+private:
+  static StaticRefPtr<CipherSuiteChangeObserver> sObserver;
+  CipherSuiteChangeObserver() {}
+};
+
+NS_IMPL_ISUPPORTS(CipherSuiteChangeObserver, nsIObserver)
+
+// static
+StaticRefPtr<CipherSuiteChangeObserver> CipherSuiteChangeObserver::sObserver;
+
+// static
+nsresult
+CipherSuiteChangeObserver::StartObserve()
+{
+  NS_ASSERTION(NS_IsMainThread(), "CipherSuiteChangeObserver::StartObserve() can only be accessed in main thread");
+  if (!sObserver) {
+    RefPtr<CipherSuiteChangeObserver> observer = new CipherSuiteChangeObserver();
+    nsresult rv = Preferences::AddStrongObserver(observer.get(), "security.");
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+    if (NS_FAILED(rv)) {
+      sObserver = nullptr;
+      return rv;
+    }
+
+    nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+    observerService->AddObserver(observer, NS_XPCOM_SHUTDOWN_OBSERVER_ID,
+                                 false);
+
+    sObserver = observer;
+  }
+  return NS_OK;
+}
+
+nsresult
+CipherSuiteChangeObserver::Observe(nsISupports* aSubject,
+                                   const char* aTopic,
+                                   const char16_t* someData)
+{
+  NS_ASSERTION(NS_IsMainThread(), "CipherSuiteChangeObserver::Observe can only be accessed in main thread");
+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    NS_ConvertUTF16toUTF8  prefName(someData);
+    // Look through the cipher table and set according to pref setting
+    const CipherPref* const cp = sCipherPrefs;
+    for (size_t i = 0; cp[i].pref; ++i) {
+      if (prefName.Equals(cp[i].pref)) {
+        bool cipherEnabled = Preferences::GetBool(cp[i].pref,
+                                                  cp[i].enabledByDefault);
+        if (cp[i].weak) {
+          // Weak ciphers will not be used by default even if they
+          // are enabled in prefs. They are only used on specific
+          // sockets as a part of a fallback mechanism.
+          // Only the main thread will change sEnabledWeakCiphers.
+          uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
+          if (cipherEnabled) {
+            enabledWeakCiphers |= ((uint32_t)1 << i);
+          } else {
+            enabledWeakCiphers &= ~((uint32_t)1 << i);
+          }
+          sEnabledWeakCiphers = enabledWeakCiphers;
+        } else {
+          SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
+          SSL_ClearSessionCache();
+        }
+        break;
+      }
+    }
+  } else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
+    Preferences::RemoveObserver(this, "security.");
+    MOZ_ASSERT(sObserver.get() == this);
+    sObserver = nullptr;
+    nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+    observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID);
+  }
+  return NS_OK;
+}
+
+} // namespace
+
+// Caller must hold a lock on nsNSSComponent::mutex when calling this function
+void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+                                          const MutexAutoLock& lock)
+{
+  // This preference controls whether we do OCSP fetching and does not affect
+  // OCSP stapling.
+  // 0 = disabled, 1 = enabled
+  int32_t ocspEnabled = Preferences::GetInt("security.OCSP.enabled",
+                                            OCSP_ENABLED_DEFAULT);
+
+  bool ocspRequired = ocspEnabled &&
+    Preferences::GetBool("security.OCSP.require", false);
+
+  // We measure the setting of the pref at startup only to minimize noise by
+  // addons that may muck with the settings, though it probably doesn't matter.
+  if (isInitialSetting) {
+    Telemetry::Accumulate(Telemetry::CERT_OCSP_ENABLED, ocspEnabled);
+    Telemetry::Accumulate(Telemetry::CERT_OCSP_REQUIRED, ocspRequired);
+  }
+
+  bool ocspStaplingEnabled = Preferences::GetBool("security.ssl.enable_ocsp_stapling",
+                                                  true);
+  PublicSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
+  PrivateSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
+
+  bool ocspMustStapleEnabled = Preferences::GetBool("security.ssl.enable_ocsp_must_staple",
+                                                    true);
+  PublicSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);
+  PrivateSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);
+
+  const CertVerifier::CertificateTransparencyMode defaultCTMode =
+    CertVerifier::CertificateTransparencyMode::TelemetryOnly;
+  CertVerifier::CertificateTransparencyMode ctMode =
+    static_cast<CertVerifier::CertificateTransparencyMode>
+      (Preferences::GetInt("security.pki.certificate_transparency.mode",
+                           static_cast<int32_t>(defaultCTMode)));
+  switch (ctMode) {
+    case CertVerifier::CertificateTransparencyMode::Disabled:
+    case CertVerifier::CertificateTransparencyMode::TelemetryOnly:
+      break;
+    default:
+      ctMode = defaultCTMode;
+      break;
+  }
+  bool sctsEnabled =
+    ctMode != CertVerifier::CertificateTransparencyMode::Disabled;
+  PublicSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
+  PrivateSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
+
+  CertVerifier::PinningMode pinningMode =
+    static_cast<CertVerifier::PinningMode>
+      (Preferences::GetInt("security.cert_pinning.enforcement_level",
+                           CertVerifier::pinningDisabled));
+  if (pinningMode > CertVerifier::pinningEnforceTestMode) {
+    pinningMode = CertVerifier::pinningDisabled;
+  }
+
+  CertVerifier::SHA1Mode sha1Mode = static_cast<CertVerifier::SHA1Mode>
+      (Preferences::GetInt("security.pki.sha1_enforcement_level",
+                           static_cast<int32_t>(CertVerifier::SHA1Mode::Allowed)));
+  switch (sha1Mode) {
+    case CertVerifier::SHA1Mode::Allowed:
+    case CertVerifier::SHA1Mode::Forbidden:
+    case CertVerifier::SHA1Mode::UsedToBeBefore2016ButNowIsForbidden:
+    case CertVerifier::SHA1Mode::ImportedRoot:
+    case CertVerifier::SHA1Mode::ImportedRootOrBefore2016:
+      break;
+    default:
+      sha1Mode = CertVerifier::SHA1Mode::Allowed;
+      break;
+  }
+
+  // Convert a previously-available setting to a safe one.
+  if (sha1Mode == CertVerifier::SHA1Mode::UsedToBeBefore2016ButNowIsForbidden) {
+    sha1Mode = CertVerifier::SHA1Mode::Forbidden;
+  }
+
+  BRNameMatchingPolicy::Mode nameMatchingMode =
+    static_cast<BRNameMatchingPolicy::Mode>
+      (Preferences::GetInt("security.pki.name_matching_mode",
+                           static_cast<int32_t>(BRNameMatchingPolicy::Mode::DoNotEnforce)));
+  switch (nameMatchingMode) {
+    case BRNameMatchingPolicy::Mode::Enforce:
+    case BRNameMatchingPolicy::Mode::EnforceAfter23August2015:
+    case BRNameMatchingPolicy::Mode::EnforceAfter23August2016:
+    case BRNameMatchingPolicy::Mode::DoNotEnforce:
+      break;
+    default:
+      nameMatchingMode = BRNameMatchingPolicy::Mode::DoNotEnforce;
+      break;
+  }
+
+  NetscapeStepUpPolicy netscapeStepUpPolicy =
+    static_cast<NetscapeStepUpPolicy>
+      (Preferences::GetUint("security.pki.netscape_step_up_policy",
+                            static_cast<uint32_t>(NetscapeStepUpPolicy::AlwaysMatch)));
+  switch (netscapeStepUpPolicy) {
+    case NetscapeStepUpPolicy::AlwaysMatch:
+    case NetscapeStepUpPolicy::MatchBefore23August2016:
+    case NetscapeStepUpPolicy::MatchBefore23August2015:
+    case NetscapeStepUpPolicy::NeverMatch:
+      break;
+    default:
+      netscapeStepUpPolicy = NetscapeStepUpPolicy::AlwaysMatch;
+      break;
+  }
+
+  CertVerifier::OcspDownloadConfig odc;
+  CertVerifier::OcspStrictConfig osc;
+  CertVerifier::OcspGetConfig ogc;
+  uint32_t certShortLifetimeInDays;
+
+  GetRevocationBehaviorFromPrefs(&odc, &osc, &ogc, &certShortLifetimeInDays,
+                                 lock);
+  mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc,
+                                                certShortLifetimeInDays,
+                                                pinningMode, sha1Mode,
+                                                nameMatchingMode,
+                                                netscapeStepUpPolicy,
+                                                ctMode);
+}
+
+// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
+// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+nsresult
+nsNSSComponent::setEnabledTLSVersions()
+{
+  // keep these values in sync with security-prefs.js
+  // 1 means TLS 1.0, 2 means TLS 1.1, etc.
+  static const uint32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+  static const uint32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+  uint32_t minFromPrefs = Preferences::GetUint("security.tls.version.min",
+                                               PSM_DEFAULT_MIN_TLS_VERSION);
+  uint32_t maxFromPrefs = Preferences::GetUint("security.tls.version.max",
+                                               PSM_DEFAULT_MAX_TLS_VERSION);
+
+  SSLVersionRange defaults = {
+    SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MIN_TLS_VERSION,
+    SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MAX_TLS_VERSION
+  };
+  SSLVersionRange filledInRange;
+  FillTLSVersionRange(filledInRange, minFromPrefs, maxFromPrefs, defaults);
+
+  SECStatus srv =
+    SSL_VersionRangeSetDefault(ssl_variant_stream, &filledInRange);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+GetNSSProfilePath(nsAutoCString& aProfilePath)
+{
+  aProfilePath.Truncate();
+  const char* dbDirOverride = getenv("MOZPSM_NSSDBDIR_OVERRIDE");
+  if (dbDirOverride && strlen(dbDirOverride) > 0) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("Using specified MOZPSM_NSSDBDIR_OVERRIDE as NSS DB dir: %s\n",
+            dbDirOverride));
+    aProfilePath.Assign(dbDirOverride);
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIFile> profileFile;
+  nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                       getter_AddRefs(profileFile));
+  if (NS_FAILED(rv)) {
+    NS_WARNING("NSS will be initialized without a profile directory. "
+               "Some things may not work as expected.");
+    return NS_OK;
+  }
+
+#if defined(XP_WIN)
+  // Native path will drop Unicode characters that cannot be mapped to system's
+  // codepage, using short (canonical) path as workaround.
+  nsCOMPtr<nsILocalFileWin> profileFileWin(do_QueryInterface(profileFile));
+  if (!profileFileWin) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+           ("Could not get nsILocalFileWin for profile directory.\n"));
+    return NS_ERROR_FAILURE;
+  }
+  rv = profileFileWin->GetNativeCanonicalPath(aProfilePath);
+#else
+  rv = profileFile->GetNativePath(aProfilePath);
+#endif
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+           ("Could not get native path for profile directory.\n"));
+    return rv;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("NSS profile at '%s'\n", aProfilePath.get()));
+  return NS_OK;
+}
+
+nsresult
+nsNSSComponent::InitializeNSS()
+{
+  // Can be called both during init and profile change.
+  // Needs mutex protection.
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::InitializeNSS\n"));
+
+  static_assert(nsINSSErrorsService::NSS_SEC_ERROR_BASE == SEC_ERROR_BASE &&
+                nsINSSErrorsService::NSS_SEC_ERROR_LIMIT == SEC_ERROR_LIMIT &&
+                nsINSSErrorsService::NSS_SSL_ERROR_BASE == SSL_ERROR_BASE &&
+                nsINSSErrorsService::NSS_SSL_ERROR_LIMIT == SSL_ERROR_LIMIT,
+                "You must update the values in nsINSSErrorsService.idl");
+
+  MutexAutoLock lock(mutex);
+
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(!mNSSInitialized);
+#endif
+  if (mNSSInitialized) {
+    // We should never try to initialize NSS more than once in a process.
+    MOZ_ASSERT_UNREACHABLE("Trying to initialize NSS twice");
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization beginning\n"));
+
+  // The call to ConfigureInternalPKCS11Token needs to be done before NSS is initialized,
+  // but affects only static data.
+  // If we could assume i18n will not change between profiles, one call per application
+  // run were sufficient. As I can't predict what happens in the future, let's repeat
+  // this call for every re-init of NSS.
+
+  ConfigureInternalPKCS11Token();
+
+  nsAutoCString profileStr;
+  nsresult rv = GetNSSProfilePath(profileStr);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SECStatus init_rv = SECFailure;
+  bool nocertdb = Preferences::GetBool("security.nocertdb", false);
+  bool inSafeMode = true;
+  nsCOMPtr<nsIXULRuntime> runtime(do_GetService("@mozilla.org/xre/runtime;1"));
+  // There might not be an nsIXULRuntime in embedded situations. This will
+  // default to assuming we are in safe mode (as a result, no external PKCS11
+  // modules will be loaded).
+  if (runtime) {
+    rv = runtime->GetInSafeMode(&inSafeMode);
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode));
+
+  if (!nocertdb && !profileStr.IsEmpty()) {
+    // First try to initialize the NSS DB in read/write mode.
+    // Only load PKCS11 modules if we're not in safe mode.
+    init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
+    // If that fails, attempt read-only mode.
+    if (init_rv != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
+      init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode);
+    }
+    if (init_rv != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));
+    }
+  }
+  // If we haven't succeeded in initializing the DB in our profile
+  // directory or we don't have a profile at all, or the "security.nocertdb"
+  // pref has been set to "true", attempt to initialize with no DB.
+  if (nocertdb || init_rv != SECSuccess) {
+    init_rv = NSS_NoDB_Init(nullptr);
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(init_rv == SECSuccess);
+#endif
+  }
+  if (init_rv != SECSuccess) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("could not initialize NSS - panicking\n"));
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // ensure we have an initial value for the content signer root
+  mContentSigningRootHash =
+    Preferences::GetString("security.content.signature.root_hash");
+
+  mNSSInitialized = true;
+
+  PK11_SetPasswordFunc(PK11PasswordPrompt);
+
+  SharedSSLState::GlobalInit();
+
+  // Register an observer so we can inform NSS when these prefs change
+  Preferences::AddStrongObserver(this, "security.");
+
+  SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
+  SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
+
+  rv = setEnabledTLSVersions();
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  DisableMD5();
+  LoadLoadableRoots();
+
+  rv = LoadExtendedValidationInfo();
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to load EV info"));
+    return rv;
+  }
+
+  MaybeEnableFamilySafetyCompatibility();
+  MaybeImportEnterpriseRoots();
+
+  ConfigureTLSSessionIdentifiers();
+
+  bool requireSafeNegotiation =
+    Preferences::GetBool("security.ssl.require_safe_negotiation",
+                         REQUIRE_SAFE_NEGOTIATION_DEFAULT);
+  SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
+
+  SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN);
+
+  SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true);
+
+  SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
+                       Preferences::GetBool("security.ssl.enable_false_start",
+                                            FALSE_START_ENABLED_DEFAULT));
+
+  // SSL_ENABLE_NPN and SSL_ENABLE_ALPN also require calling
+  // SSL_SetNextProtoNego in order for the extensions to be negotiated.
+  // WebRTC does not do that so it will not use NPN or ALPN even when these
+  // preferences are true.
+  SSL_OptionSetDefault(SSL_ENABLE_NPN,
+                       Preferences::GetBool("security.ssl.enable_npn",
+                                            NPN_ENABLED_DEFAULT));
+  SSL_OptionSetDefault(SSL_ENABLE_ALPN,
+                       Preferences::GetBool("security.ssl.enable_alpn",
+                                            ALPN_ENABLED_DEFAULT));
+
+  SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
+                       Preferences::GetBool("security.tls.enable_0rtt_data",
+                                            ENABLED_0RTT_DATA_DEFAULT));
+
+  if (NS_FAILED(InitializeCipherSuite())) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to initialize cipher suite settings\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // TLSServerSocket may be run with the session cache enabled. It is necessary
+  // to call this once before that can happen. This specifies a maximum of 1000
+  // cache entries (the default number of cache entries is 10000, which seems a
+  // little excessive as there probably won't be that many clients connecting to
+  // any TLSServerSockets the browser runs.)
+  // Note that this must occur before any calls to SSL_ClearSessionCache
+  // (otherwise memory will leak).
+  if (SSL_ConfigServerSessionIDCache(1000, 0, 0, nullptr) != SECSuccess) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    return NS_ERROR_FAILURE;
+  }
+
+  // ensure the CertBlocklist is initialised
+  nsCOMPtr<nsICertBlocklist> certList = do_GetService(NS_CERTBLOCKLIST_CONTRACTID);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(certList);
+#endif
+  if (!certList) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // dynamic options from prefs
+  setValidationOptions(true, lock);
+
+#ifndef MOZ_NO_SMART_CARDS
+  LaunchSmartCardThreads();
+#endif
+
+  mozilla::pkix::RegisterErrorTable();
+
+  // Initialize the site security service
+  nsCOMPtr<nsISiteSecurityService> sssService =
+    do_GetService(NS_SSSERVICE_CONTRACTID);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(sssService);
+#endif
+  if (!sssService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize site security service\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Initialize the cert override service
+  nsCOMPtr<nsICertOverrideService> coService =
+    do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(coService);
+#endif
+  if (!coService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize cert override service\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  if (PK11_IsFIPS()) {
+    Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true);
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n"));
+  return NS_OK;
+}
+
+void
+nsNSSComponent::ShutdownNSS()
+{
+  // Can be called both during init and profile change,
+  // needs mutex protection.
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ShutdownNSS\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  MutexAutoLock lock(mutex);
+
+  if (mNSSInitialized) {
+    mNSSInitialized = false;
+
+    PK11_SetPasswordFunc((PK11PasswordFunc)nullptr);
+
+    Preferences::RemoveObserver(this, "security.");
+
+#ifdef XP_WIN
+    mFamilySafetyRoot = nullptr;
+    mEnterpriseRoots = nullptr;
+#endif
+
+#ifndef MOZ_NO_SMART_CARDS
+    ShutdownSmartCardThreads();
+#endif
+    SSL_ClearSessionCache();
+    // TLSServerSocket may be run with the session cache enabled. This ensures
+    // those resources are cleaned up.
+    Unused << SSL_ShutdownServerSessionIDCache();
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("evaporating psm resources"));
+    if (NS_FAILED(nsNSSShutDownList::evaporateAllNSSResources())) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to evaporate resources"));
+      return;
+    }
+    UnloadLoadableRoots();
+    EnsureNSSInitialized(nssShutdown);
+    if (SECSuccess != ::NSS_Shutdown()) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("NSS SHUTDOWN FAILURE"));
+    } else {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS shutdown =====>> OK <<====="));
+    }
+  }
+}
+
+nsresult
+nsNSSComponent::Init()
+{
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv = NS_OK;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
+
+  rv = InitializePIPNSSBundle();
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to create pipnss bundle.\n"));
+    return rv;
+  }
+
+  // Access our string bundles now, this prevents assertions from I/O
+  // - nsStandardURL not thread-safe
+  // - wrong thread: 'NS_IsMainThread()' in nsIOService.cpp
+  // when loading error strings on the SSL threads.
+  {
+    NS_NAMED_LITERAL_STRING(dummy_name, "dummy");
+    nsXPIDLString result;
+    mPIPNSSBundle->GetStringFromName(dummy_name.get(),
+                                     getter_Copies(result));
+    mNSSErrorsBundle->GetStringFromName(dummy_name.get(),
+                                        getter_Copies(result));
+  }
+
+
+  rv = InitializeNSS();
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("nsNSSComponent::InitializeNSS() failed\n"));
+    return rv;
+  }
+
+  RememberCertErrorsTable::Init();
+
+  return RegisterObservers();
+}
+
+// nsISupports Implementation for the class
+NS_IMPL_ISUPPORTS(nsNSSComponent,
+                  nsINSSComponent,
+                  nsIObserver)
+
+static const char* const PROFILE_BEFORE_CHANGE_TOPIC = "profile-before-change";
+
+NS_IMETHODIMP
+nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic,
+                        const char16_t* someData)
+{
+  if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("receiving profile change topic\n"));
+    DoProfileBeforeChange();
+  } else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    nsNSSShutDownPreventionLock locker;
+    bool clearSessionCache = true;
+    NS_ConvertUTF16toUTF8  prefName(someData);
+
+    if (prefName.EqualsLiteral("security.tls.version.min") ||
+        prefName.EqualsLiteral("security.tls.version.max")) {
+      (void) setEnabledTLSVersions();
+    } else if (prefName.EqualsLiteral("security.ssl.require_safe_negotiation")) {
+      bool requireSafeNegotiation =
+        Preferences::GetBool("security.ssl.require_safe_negotiation",
+                             REQUIRE_SAFE_NEGOTIATION_DEFAULT);
+      SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
+    } else if (prefName.EqualsLiteral("security.ssl.enable_false_start")) {
+      SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
+                           Preferences::GetBool("security.ssl.enable_false_start",
+                                                FALSE_START_ENABLED_DEFAULT));
+    } else if (prefName.EqualsLiteral("security.ssl.enable_npn")) {
+      SSL_OptionSetDefault(SSL_ENABLE_NPN,
+                           Preferences::GetBool("security.ssl.enable_npn",
+                                                NPN_ENABLED_DEFAULT));
+    } else if (prefName.EqualsLiteral("security.ssl.enable_alpn")) {
+      SSL_OptionSetDefault(SSL_ENABLE_ALPN,
+                           Preferences::GetBool("security.ssl.enable_alpn",
+                                                ALPN_ENABLED_DEFAULT));
+    } else if (prefName.EqualsLiteral("security.tls.enable_0rtt_data")) {
+      SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
+                           Preferences::GetBool("security.tls.enable_0rtt_data",
+                                                ENABLED_0RTT_DATA_DEFAULT));
+    } else if (prefName.Equals("security.ssl.disable_session_identifiers")) {
+      ConfigureTLSSessionIdentifiers();
+    } else if (prefName.EqualsLiteral("security.OCSP.enabled") ||
+               prefName.EqualsLiteral("security.OCSP.require") ||
+               prefName.EqualsLiteral("security.OCSP.GET.enabled") ||
+               prefName.EqualsLiteral("security.pki.cert_short_lifetime_in_days") ||
+               prefName.EqualsLiteral("security.ssl.enable_ocsp_stapling") ||
+               prefName.EqualsLiteral("security.ssl.enable_ocsp_must_staple") ||
+               prefName.EqualsLiteral("security.pki.certificate_transparency.mode") ||
+               prefName.EqualsLiteral("security.cert_pinning.enforcement_level") ||
+               prefName.EqualsLiteral("security.pki.sha1_enforcement_level") ||
+               prefName.EqualsLiteral("security.pki.name_matching_mode") ||
+               prefName.EqualsLiteral("security.pki.netscape_step_up_policy")) {
+      MutexAutoLock lock(mutex);
+      setValidationOptions(false, lock);
+#ifdef DEBUG
+    } else if (prefName.EqualsLiteral("security.test.built_in_root_hash")) {
+      MutexAutoLock lock(mutex);
+      mTestBuiltInRootHash = Preferences::GetString("security.test.built_in_root_hash");
+#endif // DEBUG
+    } else if (prefName.Equals(kFamilySafetyModePref)) {
+      MaybeEnableFamilySafetyCompatibility();
+    } else if (prefName.EqualsLiteral("security.content.signature.root_hash")) {
+      MutexAutoLock lock(mutex);
+      mContentSigningRootHash =
+        Preferences::GetString("security.content.signature.root_hash");
+    } else if (prefName.Equals(kEnterpriseRootModePref)) {
+      MaybeImportEnterpriseRoots();
+    } else {
+      clearSessionCache = false;
+    }
+    if (clearSessionCache)
+      SSL_ClearSessionCache();
+  }
+
+  return NS_OK;
+}
+
+/*static*/ nsresult
+nsNSSComponent::GetNewPrompter(nsIPrompt** result)
+{
+  NS_ENSURE_ARG_POINTER(result);
+  *result = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsSDRContext::GetNewPrompter called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = wwatch->GetNewPrompter(0, result);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return rv;
+}
+
+/*static*/ nsresult
+nsNSSComponent::ShowAlertWithConstructedString(const nsString& message)
+{
+  nsCOMPtr<nsIPrompt> prompter;
+  nsresult rv = GetNewPrompter(getter_AddRefs(prompter));
+  if (prompter) {
+    rv = prompter->Alert(nullptr, message.get());
+  }
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::ShowAlertFromStringBundle(const char* messageID)
+{
+  nsString message;
+  nsresult rv;
+
+  rv = GetPIPNSSBundleString(messageID, message);
+  if (NS_FAILED(rv)) {
+    NS_ERROR("GetPIPNSSBundleString failed");
+    return rv;
+  }
+
+  return ShowAlertWithConstructedString(message);
+}
+
+nsresult nsNSSComponent::LogoutAuthenticatedPK11()
+{
+  nsCOMPtr<nsICertOverrideService> icos =
+    do_GetService("@mozilla.org/security/certoverride;1");
+  if (icos) {
+    icos->ClearValidityOverride(
+            NS_LITERAL_CSTRING("all:temporary-certificates"),
+            0);
+  }
+
+  nsClientAuthRememberService::ClearAllRememberedDecisions();
+
+  return nsNSSShutDownList::doPK11Logout();
+}
+
+nsresult
+nsNSSComponent::RegisterObservers()
+{
+  // Happens once during init only, no mutex protection.
+
+  nsCOMPtr<nsIObserverService> observerService(
+    do_GetService("@mozilla.org/observer-service;1"));
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(observerService);
+#endif
+  if (!observerService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSComponent: couldn't get observer service\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: adding observers\n"));
+  // Using false for the ownsweak parameter means the observer service will
+  // keep a strong reference to this component. As a result, this will live at
+  // least as long as the observer service.
+  observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, false);
+
+  return NS_OK;
+}
+
+void
+nsNSSComponent::DoProfileBeforeChange()
+{
+  bool needsCleanup = true;
+
+  {
+    MutexAutoLock lock(mutex);
+
+    if (!mNSSInitialized) {
+      // Make sure we don't try to cleanup if we have already done so.
+      // This makes sure we behave safely, in case we are notified
+      // multiple times.
+      needsCleanup = false;
+    }
+  }
+
+  if (needsCleanup) {
+    ShutdownNSS();
+  }
+}
+
+NS_IMETHODIMP
+nsNSSComponent::IsNSSInitialized(bool* initialized)
+{
+  MutexAutoLock lock(mutex);
+  *initialized = mNSSInitialized;
+  return NS_OK;
+}
+
+#ifdef DEBUG
+NS_IMETHODIMP
+nsNSSComponent::IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result)
+{
+  MutexAutoLock lock(mutex);
+  MOZ_ASSERT(mNSSInitialized);
+
+  result = false;
+
+  if (mTestBuiltInRootHash.IsEmpty()) {
+    return NS_OK;
+  }
+
+  RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert);
+  if (!nsc) {
+    return NS_ERROR_FAILURE;
+  }
+  nsAutoString certHash;
+  nsresult rv = nsc->GetSha256Fingerprint(certHash);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  result = mTestBuiltInRootHash.Equals(certHash);
+  return NS_OK;
+}
+#endif // DEBUG
+
+NS_IMETHODIMP
+nsNSSComponent::IsCertContentSigningRoot(CERTCertificate* cert, bool& result)
+{
+  MutexAutoLock lock(mutex);
+  MOZ_ASSERT(mNSSInitialized);
+
+  result = false;
+
+  if (mContentSigningRootHash.IsEmpty()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("mContentSigningRootHash is empty"));
+    return NS_ERROR_FAILURE;
+  }
+
+  RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert);
+  if (!nsc) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("creating nsNSSCertificate failed"));
+    return NS_ERROR_FAILURE;
+  }
+  nsAutoString certHash;
+  nsresult rv = nsc->GetSha256Fingerprint(certHash);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("getting cert fingerprint failed"));
+    return rv;
+  }
+
+  result = mContentSigningRootHash.Equals(certHash);
+  return NS_OK;
+}
+
+SharedCertVerifier::~SharedCertVerifier() { }
+
+already_AddRefed<SharedCertVerifier>
+nsNSSComponent::GetDefaultCertVerifier()
+{
+  MutexAutoLock lock(mutex);
+  MOZ_ASSERT(mNSSInitialized);
+  RefPtr<SharedCertVerifier> certVerifier(mDefaultCertVerifier);
+  return certVerifier.forget();
+}
+
+namespace mozilla { namespace psm {
+
+already_AddRefed<SharedCertVerifier>
+GetDefaultCertVerifier()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID));
+  if (nssComponent) {
+    return nssComponent->GetDefaultCertVerifier();
+  }
+
+  return nullptr;
+}
+
+} } // namespace mozilla::psm
+
+NS_IMPL_ISUPPORTS(PipUIContext, nsIInterfaceRequestor)
+
+PipUIContext::PipUIContext()
+{
+}
+
+PipUIContext::~PipUIContext()
+{
+}
+
+NS_IMETHODIMP
+PipUIContext::GetInterface(const nsIID& uuid, void** result)
+{
+  NS_ENSURE_ARG_POINTER(result);
+  *result = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("PipUIContext::GetInterface called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (!uuid.Equals(NS_GET_IID(nsIPrompt)))
+    return NS_ERROR_NO_INTERFACE;
+
+  nsIPrompt* prompt = nullptr;
+  nsresult rv = nsNSSComponent::GetNewPrompter(&prompt);
+  *result = prompt;
+  return rv;
+}
+
+nsresult
+getNSSDialogs(void** _result, REFNSIID aIID, const char* contract)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("getNSSDialogs called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+
+  nsCOMPtr<nsISupports> svc = do_GetService(contract, &rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = svc->QueryInterface(aIID, _result);
+
+  return rv;
+}
+
+nsresult
+setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx,
+            nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  MOZ_ASSERT(slot);
+  MOZ_ASSERT(ctx);
+  NS_ENSURE_ARG_POINTER(slot);
+  NS_ENSURE_ARG_POINTER(ctx);
+
+  if (PK11_NeedUserInit(slot)) {
+    nsCOMPtr<nsITokenPasswordDialogs> dialogs;
+    nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
+                                NS_GET_IID(nsITokenPasswordDialogs),
+                                NS_TOKENPASSWORDSDIALOG_CONTRACTID);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    bool canceled;
+    NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot));
+    rv = dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (canceled) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+  }
+
+  return NS_OK;
+}
+
+namespace mozilla {
+namespace psm {
+
+nsresult
+InitializeCipherSuite()
+{
+  NS_ASSERTION(NS_IsMainThread(), "InitializeCipherSuite() can only be accessed in main thread");
+
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    return NS_ERROR_FAILURE;
+  }
+
+  // Disable any ciphers that NSS might have enabled by default
+  for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    uint16_t cipher_id = SSL_ImplementedCiphers[i];
+    SSL_CipherPrefSetDefault(cipher_id, false);
+  }
+
+  // Now only set SSL/TLS ciphers we knew about at compile time
+  uint32_t enabledWeakCiphers = 0;
+  const CipherPref* const cp = sCipherPrefs;
+  for (size_t i = 0; cp[i].pref; ++i) {
+    bool cipherEnabled = Preferences::GetBool(cp[i].pref,
+                                              cp[i].enabledByDefault);
+    if (cp[i].weak) {
+      // Weak ciphers are not used by default. See the comment
+      // in CipherSuiteChangeObserver::Observe for details.
+      if (cipherEnabled) {
+        enabledWeakCiphers |= ((uint32_t)1 << i);
+      }
+    } else {
+      SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
+    }
+  }
+  sEnabledWeakCiphers = enabledWeakCiphers;
+
+  // Enable ciphers for PKCS#12
+  SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+  SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+  SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+  SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+  PORT_SetUCS2_ASCIIConversionFunction(pip_ucs2_ascii_conversion_fn);
+
+  // PSM enforces a minimum RSA key size of 1024 bits, which is overridable.
+  // NSS has its own minimum, which is not overridable (the default is 1023
+  // bits). This sets the NSS minimum to 512 bits so users can still connect to
+  // devices like wifi routers with woefully small keys (they would have to add
+  // an override to do so, but they already do for such devices).
+  NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 512);
+
+  // Observe preference change around cipher suite setting.
+  return CipherSuiteChangeObserver::StartObserve();
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/nsNSSComponent.h b/security/manager/ssl/nsNSSComponent.h
new file mode 100644
index 000000000..e510dd10f
--- /dev/null
+++ b/security/manager/ssl/nsNSSComponent.h
@@ -0,0 +1,234 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _nsNSSComponent_h_
+#define _nsNSSComponent_h_
+
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "nsIObserver.h"
+#include "nsIStringBundle.h"
+#include "nsNSSCallbacks.h"
+#include "prerror.h"
+#include "sslt.h"
+
+#ifdef XP_WIN
+#include "windows.h" // this needs to be before the following includes
+#include "wincrypt.h"
+#endif // XP_WIN
+
+class nsIDOMWindow;
+class nsIPrompt;
+class nsIX509CertList;
+class SmartCardThreadList;
+
+namespace mozilla { namespace psm {
+
+MOZ_MUST_USE
+  ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+  GetDefaultCertVerifier();
+
+} } // namespace mozilla::psm
+
+
+#define NS_NSSCOMPONENT_CID \
+{0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}}
+
+#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
+
+#define NS_INSSCOMPONENT_IID \
+  { 0xa0a8f52b, 0xea18, 0x4abc, \
+    { 0xa3, 0xca, 0xec, 0xcf, 0x70, 0x4f, 0xfe, 0x63 } }
+
+enum EnsureNSSOperator
+{
+  nssLoadingComponent = 0,
+  nssInitSucceeded = 1,
+  nssInitFailed = 2,
+  nssShutdown = 3,
+  nssEnsure = 100,
+  nssEnsureOnChromeOnly = 101,
+  nssEnsureChromeOrContent = 102,
+};
+
+extern bool EnsureNSSInitializedChromeOrContent();
+
+extern bool EnsureNSSInitialized(EnsureNSSOperator op);
+
+class NS_NO_VTABLE nsINSSComponent : public nsISupports
+{
+public:
+  NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
+
+  NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) = 0;
+
+  NS_IMETHOD GetPIPNSSBundleString(const char* name,
+                                   nsAString& outString) = 0;
+  NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
+                                           const char16_t** params,
+                                           uint32_t numParams,
+                                           nsAString& outString) = 0;
+
+  NS_IMETHOD GetNSSBundleString(const char* name,
+                                nsAString& outString) = 0;
+
+  NS_IMETHOD LogoutAuthenticatedPK11() = 0;
+
+#ifndef MOZ_NO_SMART_CARDS
+  NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) = 0;
+
+  NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) = 0;
+#endif
+
+  NS_IMETHOD IsNSSInitialized(bool* initialized) = 0;
+
+#ifdef DEBUG
+  NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) = 0;
+#endif
+
+  NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) = 0;
+
+#ifdef XP_WIN
+  NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) = 0;
+#endif
+
+  virtual ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+    GetDefaultCertVerifier() = 0;
+};
+
+NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
+
+class nsNSSShutDownList;
+
+// Implementation of the PSM component interface.
+class nsNSSComponent final : public nsINSSComponent
+                           , public nsIObserver
+{
+public:
+  NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
+
+  nsNSSComponent();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  nsresult Init();
+
+  static nsresult GetNewPrompter(nsIPrompt** result);
+  static nsresult ShowAlertWithConstructedString(const nsString& message);
+  NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) override;
+
+  NS_IMETHOD GetPIPNSSBundleString(const char* name,
+                                   nsAString& outString) override;
+  NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
+                                           const char16_t** params,
+                                           uint32_t numParams,
+                                           nsAString& outString) override;
+  NS_IMETHOD GetNSSBundleString(const char* name, nsAString& outString) override;
+  NS_IMETHOD LogoutAuthenticatedPK11() override;
+
+#ifndef MOZ_NO_SMART_CARDS
+  NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) override;
+  NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) override;
+  void LaunchSmartCardThreads();
+  void ShutdownSmartCardThreads();
+  nsresult DispatchEventToWindow(nsIDOMWindow* domWin,
+                                 const nsAString& eventType,
+                                 const nsAString& token);
+#endif
+
+  NS_IMETHOD IsNSSInitialized(bool* initialized) override;
+
+#ifdef DEBUG
+  NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) override;
+#endif
+
+  NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) override;
+
+#ifdef XP_WIN
+  NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) override;
+#endif
+
+  ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+    GetDefaultCertVerifier() override;
+
+  // The following two methods are thread-safe.
+  static bool AreAnyWeakCiphersEnabled();
+  static void UseWeakCiphersOnSocket(PRFileDesc* fd);
+
+  static void FillTLSVersionRange(SSLVersionRange& rangeOut,
+                                  uint32_t minFromPrefs,
+                                  uint32_t maxFromPrefs,
+                                  SSLVersionRange defaults);
+
+protected:
+  virtual ~nsNSSComponent();
+
+private:
+  nsresult InitializeNSS();
+  void ShutdownNSS();
+
+  void LoadLoadableRoots();
+  void UnloadLoadableRoots();
+  void setValidationOptions(bool isInitialSetting,
+                            const mozilla::MutexAutoLock& lock);
+  nsresult setEnabledTLSVersions();
+  nsresult InitializePIPNSSBundle();
+  nsresult ConfigureInternalPKCS11Token();
+  nsresult RegisterObservers();
+
+  void DoProfileBeforeChange();
+
+  void MaybeEnableFamilySafetyCompatibility();
+  void MaybeImportEnterpriseRoots();
+#ifdef XP_WIN
+  void ImportEnterpriseRootsForLocation(DWORD locationFlag);
+  nsresult MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
+                                       bool& wasFamilySafetyRoot);
+  nsresult LoadFamilySafetyRoot();
+  void UnloadFamilySafetyRoot();
+
+  void UnloadEnterpriseRoots();
+
+  mozilla::UniqueCERTCertificate mFamilySafetyRoot;
+  mozilla::UniqueCERTCertList mEnterpriseRoots;
+#endif // XP_WIN
+
+  mozilla::Mutex mutex;
+
+  nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
+  nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
+  bool mNSSInitialized;
+  static int mInstanceCount;
+#ifndef MOZ_NO_SMART_CARDS
+  SmartCardThreadList* mThreadList;
+#endif
+
+#ifdef DEBUG
+  nsString mTestBuiltInRootHash;
+#endif
+  nsString mContentSigningRootHash;
+
+  nsNSSHttpInterface mHttpForNSS;
+  RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier;
+
+  static PRStatus IdentityInfoInit(void);
+};
+
+class nsNSSErrors
+{
+public:
+  static const char* getDefaultErrorStringName(PRErrorCode err);
+  static const char* getOverrideErrorStringName(PRErrorCode aErrorCode);
+  static nsresult getErrorMessageFromCode(PRErrorCode err,
+                                          nsINSSComponent* component,
+                                          nsString& returnedMessage);
+};
+
+#endif // _nsNSSComponent_h_
diff --git a/security/manager/ssl/nsNSSErrors.cpp b/security/manager/ssl/nsNSSErrors.cpp
new file mode 100644
index 000000000..fc8bd3e31
--- /dev/null
+++ b/security/manager/ssl/nsNSSErrors.cpp
@@ -0,0 +1,103 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSComponent.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+const char *
+nsNSSErrors::getDefaultErrorStringName(PRErrorCode err)
+{
+  return PR_ErrorToName(err);
+}
+
+const char *
+nsNSSErrors::getOverrideErrorStringName(PRErrorCode aErrorCode)
+{
+  const char *id_str = nullptr;
+
+  switch (aErrorCode) {
+    case SSL_ERROR_SSL_DISABLED:
+      id_str = "PSMERR_SSL_Disabled";
+      break;
+  
+    case SSL_ERROR_SSL2_DISABLED:
+      id_str = "PSMERR_SSL2_Disabled";
+      break;
+  
+    case SEC_ERROR_REUSED_ISSUER_AND_SERIAL:
+      id_str = "PSMERR_HostReusedIssuerSerial";
+      break;
+  }
+
+  return id_str;
+}
+
+nsresult
+nsNSSErrors::getErrorMessageFromCode(PRErrorCode err,
+                                     nsINSSComponent *component,
+                                     nsString &returnedMessage)
+{
+  NS_ENSURE_ARG_POINTER(component);
+  returnedMessage.Truncate();
+
+  const char *nss_error_id_str = getDefaultErrorStringName(err);
+  const char *id_str = getOverrideErrorStringName(err);
+
+  if (id_str || nss_error_id_str)
+  {
+    nsString defMsg;
+    nsresult rv;
+    if (id_str)
+    {
+      rv = component->GetPIPNSSBundleString(id_str, defMsg);
+    }
+    else
+    {
+      rv = component->GetNSSBundleString(nss_error_id_str, defMsg);
+    }
+
+    if (NS_SUCCEEDED(rv))
+    {
+      returnedMessage.Append(defMsg);
+      returnedMessage.Append('\n');
+    }
+  }
+  
+  if (returnedMessage.IsEmpty())
+  {
+    // no localized string available, use NSS' internal
+    returnedMessage.AppendASCII(PR_ErrorToString(err, PR_LANGUAGE_EN));
+    returnedMessage.Append('\n');
+  }
+  
+  if (nss_error_id_str)
+  {
+    nsresult rv;
+    nsCString error_id(nss_error_id_str);
+    NS_ConvertASCIItoUTF16 idU(error_id);
+
+    const char16_t *params[1];
+    params[0] = idU.get();
+
+    nsString formattedString;
+    rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2",
+                                                  params, 1, 
+                                                  formattedString);
+    if (NS_SUCCEEDED(rv)) {
+      returnedMessage.Append('\n');
+      returnedMessage.Append(formattedString);
+      returnedMessage.Append('\n');
+    }
+    else {
+      returnedMessage.Append('(');
+      returnedMessage.Append(idU);
+      returnedMessage.Append(')');
+    }
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSHelper.h b/security/manager/ssl/nsNSSHelper.h
new file mode 100644
index 000000000..005076099
--- /dev/null
+++ b/security/manager/ssl/nsNSSHelper.h
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSS_HELPER_
+#define NSS_HELPER_
+
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsNSSShutDown.h"
+#include "pk11func.h"
+
+//
+// Implementation of an nsIInterfaceRequestor for use
+// as context for NSS calls
+//
+class PipUIContext : public nsIInterfaceRequestor
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIINTERFACEREQUESTOR
+
+  PipUIContext();
+
+protected:
+  virtual ~PipUIContext();
+};
+
+//
+// Function to get the implementor for a certain set of NSS
+// specific dialogs.
+//
+
+nsresult 
+getNSSDialogs(void **_result, REFNSIID aIID, const char *contract);
+
+extern "C" {
+// a "fake" unicode conversion function
+PRBool
+pip_ucs2_ascii_conversion_fn(PRBool toUnicode,
+                             unsigned char *inBuf,
+                             unsigned int inBufLen,
+                             unsigned char *outBuf,
+                             unsigned int maxOutBufLen,
+                             unsigned int *outBufLen,
+                             PRBool swapBytes);
+}
+
+//
+// A function that sets the password on an unitialized slot.
+//
+nsresult
+setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx,
+            nsNSSShutDownPreventionLock& /*proofOfLock*/);
+
+#endif
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
new file mode 100644
index 000000000..8be215308
--- /dev/null
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -0,0 +1,2731 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSIOLayer.h"
+
+#include <algorithm>
+
+#include "NSSCertDBTrustDomain.h"
+#include "NSSErrorsService.h"
+#include "PSMRunnable.h"
+#include "SSLServerCertVerification.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "keyhi.h"
+#include "mozilla/Casting.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Move.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Telemetry.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsCharSeparatedTokenizer.h"
+#include "nsClientAuthRemember.h"
+#include "nsContentUtils.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsIConsoleService.h"
+#include "nsIPrefService.h"
+#include "nsISocketProvider.h"
+#include "nsIWebProgressListener.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSComponent.h"
+#include "nsPrintfCString.h"
+#include "nsServiceManagerUtils.h"
+#include "pkix/pkixtypes.h"
+#include "prmem.h"
+#include "prnetdb.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal
+                            //reports when doing SSL read/write
+
+//#define DUMP_BUFFER  //Enable this define along with
+                       //DEBUG_SSL_VERBOSE to dump SSL
+                       //read/write buffer to a log.
+                       //Uses PR_LOG except on Mac where
+                       //we always write out to our own
+                       //file.
+
+namespace {
+
+#define MAX_ALPN_LENGTH 255
+
+void
+getSiteKey(const nsACString& hostName, uint16_t port,
+           /*out*/ nsCSubstring& key)
+{
+  key = hostName;
+  key.AppendASCII(":");
+  key.AppendInt(port);
+}
+
+// Historically, we have required that the server negotiate ALPN or NPN in
+// order to false start, as a compatibility hack to work around
+// implementations that just stop responding during false start. However, now
+// false start is resricted to modern crypto (TLS 1.2 and AEAD cipher suites)
+// so it is less likely that requring NPN or ALPN is still necessary.
+static const bool FALSE_START_REQUIRE_NPN_DEFAULT = false;
+
+} // unnamed namespace
+
+extern LazyLogModule gPIPNSSLog;
+
+nsNSSSocketInfo::nsNSSSocketInfo(SharedSSLState& aState, uint32_t providerFlags)
+  : mFd(nullptr),
+    mCertVerificationState(before_cert_verification),
+    mSharedState(aState),
+    mForSTARTTLS(false),
+    mHandshakePending(true),
+    mRememberClientAuthCertificate(false),
+    mPreliminaryHandshakeDone(false),
+    mNPNCompleted(false),
+    mEarlyDataAccepted(false),
+    mFalseStartCallbackCalled(false),
+    mFalseStarted(false),
+    mIsFullHandshake(false),
+    mHandshakeCompleted(false),
+    mJoined(false),
+    mSentClientCert(false),
+    mNotedTimeUntilReady(false),
+    mFailedVerification(false),
+    mKEAUsed(nsISSLSocketControl::KEY_EXCHANGE_UNKNOWN),
+    mKEAKeyBits(0),
+    mSSLVersionUsed(nsISSLSocketControl::SSL_VERSION_UNKNOWN),
+    mMACAlgorithmUsed(nsISSLSocketControl::SSL_MAC_UNKNOWN),
+    mBypassAuthentication(false),
+    mProviderFlags(providerFlags),
+    mSocketCreationTimestamp(TimeStamp::Now()),
+    mPlaintextBytesRead(0),
+    mClientCert(nullptr)
+{
+  mTLSVersionRange.min = 0;
+  mTLSVersionRange.max = 0;
+}
+
+nsNSSSocketInfo::~nsNSSSocketInfo()
+{
+}
+
+NS_IMPL_ISUPPORTS_INHERITED(nsNSSSocketInfo, TransportSecurityInfo,
+                            nsISSLSocketControl,
+                            nsIClientAuthUserDecision)
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetProviderFlags(uint32_t* aProviderFlags)
+{
+  *aProviderFlags = mProviderFlags;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetKEAUsed(int16_t* aKea)
+{
+  *aKea = mKEAUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetKEAKeyBits(uint32_t* aKeyBits)
+{
+  *aKeyBits = mKEAKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetSSLVersionUsed(int16_t* aSSLVersionUsed)
+{
+  *aSSLVersionUsed = mSSLVersionUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetSSLVersionOffered(int16_t* aSSLVersionOffered)
+{
+  *aSSLVersionOffered = mTLSVersionRange.max;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetMACAlgorithmUsed(int16_t* aMac)
+{
+  *aMac = mMACAlgorithmUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetClientCert(nsIX509Cert** aClientCert)
+{
+  NS_ENSURE_ARG_POINTER(aClientCert);
+  *aClientCert = mClientCert;
+  NS_IF_ADDREF(*aClientCert);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetClientCert(nsIX509Cert* aClientCert)
+{
+  mClientCert = aClientCert;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetBypassAuthentication(bool* arg)
+{
+  *arg = mBypassAuthentication;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetFailedVerification(bool* arg)
+{
+  *arg = mFailedVerification;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetRememberClientAuthCertificate(bool* aRemember)
+{
+  NS_ENSURE_ARG_POINTER(aRemember);
+  *aRemember = mRememberClientAuthCertificate;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetRememberClientAuthCertificate(bool aRemember)
+{
+  mRememberClientAuthCertificate = aRemember;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetNotificationCallbacks(nsIInterfaceRequestor** aCallbacks)
+{
+  *aCallbacks = mCallbacks;
+  NS_IF_ADDREF(*aCallbacks);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetNotificationCallbacks(nsIInterfaceRequestor* aCallbacks)
+{
+  if (!aCallbacks) {
+    mCallbacks = nullptr;
+    return NS_OK;
+  }
+
+  mCallbacks = aCallbacks;
+
+  return NS_OK;
+}
+
+void
+nsNSSSocketInfo::NoteTimeUntilReady()
+{
+  if (mNotedTimeUntilReady)
+    return;
+
+  mNotedTimeUntilReady = true;
+
+  // This will include TCP and proxy tunnel wait time
+  Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY,
+                                 mSocketCreationTimestamp, TimeStamp::Now());
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] nsNSSSocketInfo::NoteTimeUntilReady\n", mFd));
+}
+
+void
+nsNSSSocketInfo::SetHandshakeCompleted()
+{
+  if (!mHandshakeCompleted) {
+    enum HandshakeType {
+      Resumption = 1,
+      FalseStarted = 2,
+      ChoseNotToFalseStart = 3,
+      NotAllowedToFalseStart = 4,
+    };
+
+    HandshakeType handshakeType = !IsFullHandshake() ? Resumption
+                                : mFalseStarted ? FalseStarted
+                                : mFalseStartCallbackCalled ? ChoseNotToFalseStart
+                                : NotAllowedToFalseStart;
+
+    // This will include TCP and proxy tunnel wait time
+    Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_HANDSHAKE_FINISHED,
+                                   mSocketCreationTimestamp, TimeStamp::Now());
+
+    // If the handshake is completed for the first time from just 1 callback
+    // that means that TLS session resumption must have been used.
+    Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION,
+                          handshakeType == Resumption);
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType);
+  }
+
+
+    // Remove the plain text layer as it is not needed anymore.
+    // The plain text layer is not always present - so its not a fatal error
+    // if it cannot be removed
+    PRFileDesc* poppedPlaintext =
+      PR_GetIdentitiesLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    if (poppedPlaintext) {
+      PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+      poppedPlaintext->dtor(poppedPlaintext);
+    }
+
+    mHandshakeCompleted = true;
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] nsNSSSocketInfo::SetHandshakeCompleted\n", (void*) mFd));
+
+    mIsFullHandshake = false; // reset for next handshake on this connection
+}
+
+void
+nsNSSSocketInfo::SetNegotiatedNPN(const char* value, uint32_t length)
+{
+  if (!value) {
+    mNegotiatedNPN.Truncate();
+  } else {
+    mNegotiatedNPN.Assign(value, length);
+  }
+  mNPNCompleted = true;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetNegotiatedNPN(nsACString& aNegotiatedNPN)
+{
+  if (!mNPNCompleted)
+    return NS_ERROR_NOT_CONNECTED;
+
+  aNegotiatedNPN = mNegotiatedNPN;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown() || isPK11LoggedOut()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  SSLNextProtoState alpnState;
+  unsigned char chosenAlpn[MAX_ALPN_LENGTH];
+  unsigned int chosenAlpnLen;
+  SECStatus rv = SSL_GetNextProto(mFd, &alpnState, chosenAlpn, &chosenAlpnLen,
+                                  AssertedCast<unsigned int>(ArrayLength(chosenAlpn)));
+
+  if (rv != SECSuccess || alpnState != SSL_NEXT_PROTO_EARLY_VALUE ||
+      chosenAlpnLen == 0) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aAlpnSelected.Assign(BitwiseCast<char*, unsigned char*>(chosenAlpn),
+                       chosenAlpnLen);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetEarlyDataAccepted(bool* aAccepted)
+{
+  *aAccepted = mEarlyDataAccepted;
+  return NS_OK;
+}
+
+void
+nsNSSSocketInfo::SetEarlyDataAccepted(bool aAccepted)
+{
+  mEarlyDataAccepted = aAccepted;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::DriveHandshake()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown() || isPK11LoggedOut()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (!mFd) {
+    return NS_ERROR_FAILURE;
+  }
+  PRErrorCode errorCode = GetErrorCode();
+  if (errorCode) {
+    return GetXPCOMFromNSSError(errorCode);
+  }
+
+  SECStatus rv = SSL_ForceHandshake(mFd);
+
+  if (rv != SECSuccess) {
+    errorCode = PR_GetError();
+    if (errorCode == PR_WOULD_BLOCK_ERROR) {
+      return NS_BASE_STREAM_WOULD_BLOCK;
+    }
+
+    SetCanceled(errorCode, PlainErrorMessage);
+    return GetXPCOMFromNSSError(errorCode);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval)
+{
+  NS_ENSURE_ARG(_retval);
+
+  *_retval = false;
+
+  // If this is the same hostname then the certicate status does not
+  // need to be considered. They are joinable.
+  if (hostname.Equals(GetHostName())) {
+    *_retval = true;
+    return NS_OK;
+  }
+
+  // Before checking the server certificate we need to make sure the
+  // handshake has completed.
+  if (!mHandshakeCompleted || !SSLStatus() || !SSLStatus()->HasServerCert()) {
+    return NS_OK;
+  }
+
+  // If the cert has error bits (e.g. it is untrusted) then do not join.
+  // The value of mHaveCertErrorBits is only reliable because we know that
+  // the handshake completed.
+  if (SSLStatus()->mHaveCertErrorBits)
+    return NS_OK;
+
+  // If the connection is using client certificates then do not join
+  // because the user decides on whether to send client certs to hosts on a
+  // per-domain basis.
+  if (mSentClientCert)
+    return NS_OK;
+
+  // Ensure that the server certificate covers the hostname that would
+  // like to join this connection
+
+  UniqueCERTCertificate nssCert;
+
+  nsCOMPtr<nsIX509Cert> cert;
+  if (NS_FAILED(SSLStatus()->GetServerCert(getter_AddRefs(cert)))) {
+    return NS_OK;
+  }
+  if (cert) {
+    nssCert.reset(cert->GetCert());
+  }
+
+  if (!nssCert) {
+    return NS_OK;
+  }
+
+  // Attempt to verify the joinee's certificate using the joining hostname.
+  // This ensures that any hostname-specific verification logic (e.g. key
+  // pinning) is satisfied by the joinee's certificate chain.
+  // This verification only uses local information; since we're on the network
+  // thread, we would be blocking on ourselves if we attempted any network i/o.
+  // TODO(bug 1056935): The certificate chain built by this verification may be
+  // different than the certificate chain originally built during the joined
+  // connection's TLS handshake. Consequently, we may report a wrong and/or
+  // misleading certificate chain for HTTP transactions coalesced onto this
+  // connection. This may become problematic in the future. For example,
+  // if/when we begin relying on intermediate certificates being stored in the
+  // securityInfo of a cached HTTPS response, that cached certificate chain may
+  // actually be the wrong chain. We should consider having JoinConnection
+  // return the certificate chain built here, so that the calling Necko code
+  // can associate the correct certificate chain with the HTTP transactions it
+  // is trying to join onto this connection.
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    return NS_OK;
+  }
+  nsAutoCString hostnameFlat(PromiseFlatCString(hostname));
+  CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY;
+  UniqueCERTCertList unusedBuiltChain;
+  mozilla::pkix::Result result =
+    certVerifier->VerifySSLServerCert(nssCert,
+                                      nullptr, // stapledOCSPResponse
+                                      nullptr, // sctsFromTLSExtension
+                                      mozilla::pkix::Now(),
+                                      nullptr, // pinarg
+                                      hostnameFlat.get(),
+                                      unusedBuiltChain,
+                                      false, // save intermediates
+                                      flags);
+  if (result != mozilla::pkix::Success) {
+    return NS_OK;
+  }
+
+  // All tests pass
+  *_retval = true;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::JoinConnection(const nsACString& npnProtocol,
+                                const nsACString& hostname,
+                                int32_t port,
+                                bool* _retval)
+{
+  *_retval = false;
+
+  // Different ports may not be joined together
+  if (port != GetPort())
+    return NS_OK;
+
+  // Make sure NPN has been completed and matches requested npnProtocol
+  if (!mNPNCompleted || !mNegotiatedNPN.Equals(npnProtocol))
+    return NS_OK;
+
+  if (mBypassAuthentication) {
+    // An unauthenticated connection does not know whether or not it
+    // is acceptable for a particular hostname
+    return NS_OK;
+  }
+
+  IsAcceptableForHost(hostname, _retval);
+
+  if (*_retval) {
+    // All tests pass - this is joinable
+    mJoined = true;
+  }
+  return NS_OK;
+}
+
+bool
+nsNSSSocketInfo::GetForSTARTTLS()
+{
+  return mForSTARTTLS;
+}
+
+void
+nsNSSSocketInfo::SetForSTARTTLS(bool aForSTARTTLS)
+{
+  mForSTARTTLS = aForSTARTTLS;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::ProxyStartSSL()
+{
+  return ActivateSSL();
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::StartTLS()
+{
+  return ActivateSSL();
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetNPNList(nsTArray<nsCString>& protocolArray)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+  if (!mFd)
+    return NS_ERROR_FAILURE;
+
+  // the npn list is a concatenated list of 8 bit byte strings.
+  nsCString npnList;
+
+  for (uint32_t index = 0; index < protocolArray.Length(); ++index) {
+    if (protocolArray[index].IsEmpty() ||
+        protocolArray[index].Length() > 255)
+      return NS_ERROR_ILLEGAL_VALUE;
+
+    npnList.Append(protocolArray[index].Length());
+    npnList.Append(protocolArray[index]);
+  }
+
+  if (SSL_SetNextProtoNego(
+        mFd,
+        BitwiseCast<const unsigned char*, const char*>(npnList.get()),
+        npnList.Length()) != SECSuccess)
+    return NS_ERROR_FAILURE;
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSSocketInfo::ActivateSSL()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (SECSuccess != SSL_OptionSet(mFd, SSL_SECURITY, true))
+    return NS_ERROR_FAILURE;
+  if (SECSuccess != SSL_ResetHandshake(mFd, false))
+    return NS_ERROR_FAILURE;
+
+  mHandshakePending = true;
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSSocketInfo::GetFileDescPtr(PRFileDesc** aFilePtr)
+{
+  *aFilePtr = mFd;
+  return NS_OK;
+}
+
+nsresult
+nsNSSSocketInfo::SetFileDescPtr(PRFileDesc* aFilePtr)
+{
+  mFd = aFilePtr;
+  return NS_OK;
+}
+
+void
+nsNSSSocketInfo::SetCertVerificationWaiting()
+{
+  // mCertVerificationState may be before_cert_verification for the first
+  // handshake on the connection, or after_cert_verification for subsequent
+  // renegotiation handshakes.
+  NS_ASSERTION(mCertVerificationState != waiting_for_cert_verification,
+               "Invalid state transition to waiting_for_cert_verification");
+  mCertVerificationState = waiting_for_cert_verification;
+}
+
+// Be careful that SetCertVerificationResult does NOT get called while we are
+// processing a SSL callback function, because SSL_AuthCertificateComplete will
+// attempt to acquire locks that are already held by libssl when it calls
+// callbacks.
+void
+nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode,
+                                           SSLErrorMessageType errorMessageType)
+{
+  NS_ASSERTION(mCertVerificationState == waiting_for_cert_verification,
+               "Invalid state transition to cert_verification_finished");
+
+  if (mFd) {
+    SECStatus rv = SSL_AuthCertificateComplete(mFd, errorCode);
+    // Only replace errorCode if there was originally no error
+    if (rv != SECSuccess && errorCode == 0) {
+      errorCode = PR_GetError();
+      errorMessageType = PlainErrorMessage;
+      if (errorCode == 0) {
+        NS_ERROR("SSL_AuthCertificateComplete didn't set error code");
+        errorCode = PR_INVALID_STATE_ERROR;
+      }
+    }
+  }
+
+  if (errorCode) {
+    mFailedVerification = true;
+    SetCanceled(errorCode, errorMessageType);
+  }
+
+  if (mPlaintextBytesRead && !errorCode) {
+    Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK,
+                          AssertedCast<uint32_t>(mPlaintextBytesRead));
+  }
+
+  mCertVerificationState = after_cert_verification;
+}
+
+SharedSSLState&
+nsNSSSocketInfo::SharedState()
+{
+  return mSharedState;
+}
+
+void nsSSLIOLayerHelpers::Cleanup()
+{
+  MutexAutoLock lock(mutex);
+  mTLSIntoleranceInfo.Clear();
+  mInsecureFallbackSites.Clear();
+}
+
+static void
+nsHandleSSLError(nsNSSSocketInfo* socketInfo,
+                 ::mozilla::psm::SSLErrorMessageType errtype,
+                 PRErrorCode err)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsHandleSSLError called off the main thread");
+    return;
+  }
+
+  // SetCanceled is only called by the main thread or the socket transport
+  // thread. Whenever this function is called on the main thread, the SSL
+  // thread is blocked on it. So, no mutex is necessary for
+  // SetCanceled()/GetError*().
+  if (socketInfo->GetErrorCode()) {
+    // If the socket has been flagged as canceled,
+    // the code who did was responsible for setting the error code.
+    return;
+  }
+
+  // We must cancel first, which sets the error code.
+  socketInfo->SetCanceled(err, PlainErrorMessage);
+  nsXPIDLString errorString;
+  socketInfo->GetErrorLogMessage(err, errtype, errorString);
+
+  if (!errorString.IsEmpty()) {
+    nsContentUtils::LogSimpleConsoleError(errorString, "SSL");
+  }
+}
+
+namespace {
+
+enum Operation { reading, writing, not_reading_or_writing };
+
+int32_t checkHandshake(int32_t bytesTransfered, bool wasReading,
+                       PRFileDesc* ssl_layer_fd,
+                       nsNSSSocketInfo* socketInfo);
+
+nsNSSSocketInfo*
+getSocketInfoIfRunning(PRFileDesc* fd, Operation op,
+                       const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  if (!fd || !fd->lower || !fd->secret ||
+      fd->identity != nsSSLIOLayerHelpers::nsSSLIOLayerIdentity) {
+    NS_ERROR("bad file descriptor passed to getSocketInfoIfRunning");
+    PR_SetError(PR_BAD_DESCRIPTOR_ERROR, 0);
+    return nullptr;
+  }
+
+  nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret;
+
+  if (socketInfo->isAlreadyShutDown() || socketInfo->isPK11LoggedOut()) {
+    PR_SetError(PR_SOCKET_SHUTDOWN_ERROR, 0);
+    return nullptr;
+  }
+
+  if (socketInfo->GetErrorCode()) {
+    PRErrorCode err = socketInfo->GetErrorCode();
+    PR_SetError(err, 0);
+    if (op == reading || op == writing) {
+      // We must do TLS intolerance checks for reads and writes, for timeouts
+      // in particular.
+      (void) checkHandshake(-1, op == reading, fd, socketInfo);
+    }
+
+    // If we get here, it is probably because cert verification failed and this
+    // is the first I/O attempt since that failure.
+    return nullptr;
+  }
+
+  return socketInfo;
+}
+
+} // namespace
+
+static PRStatus
+nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
+                    PRIntervalTime timeout)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] connecting SSL socket\n",
+         (void*) fd));
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  PRStatus status = fd->lower->methods->connect(fd->lower, addr, timeout);
+  if (status != PR_SUCCESS) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("[%p] Lower layer connect error: %d\n",
+                                      (void*) fd, PR_GetError()));
+    return status;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Connect\n", (void*) fd));
+  return status;
+}
+
+void
+nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName,
+                                               int16_t port, uint16_t tolerant)
+{
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    entry.tolerant = std::max(entry.tolerant, tolerant);
+    if (entry.intolerant != 0 && entry.intolerant <= entry.tolerant) {
+      entry.intolerant = entry.tolerant + 1;
+      entry.intoleranceReason = 0; // lose the reason
+    }
+    if (entry.strongCipherStatus == StrongCipherStatusUnknown) {
+      entry.strongCipherStatus = StrongCiphersWorked;
+    }
+  } else {
+    entry.tolerant = tolerant;
+    entry.intolerant = 0;
+    entry.intoleranceReason = 0;
+    entry.strongCipherStatus = StrongCiphersWorked;
+  }
+
+  entry.AssertInvariant();
+
+  mTLSIntoleranceInfo.Put(key, entry);
+}
+
+void
+nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
+                                       int16_t port)
+{
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+
+    entry.intolerant = 0;
+    entry.intoleranceReason = 0;
+    if (entry.strongCipherStatus != StrongCiphersWorked) {
+      entry.strongCipherStatus = StrongCipherStatusUnknown;
+    }
+
+    entry.AssertInvariant();
+    mTLSIntoleranceInfo.Put(key, entry);
+  }
+}
+
+bool
+nsSSLIOLayerHelpers::fallbackLimitReached(const nsACString& hostName,
+                                          uint16_t intolerant)
+{
+  if (isInsecureFallbackSite(hostName)) {
+    return intolerant <= SSL_LIBRARY_VERSION_TLS_1_0;
+  }
+  return intolerant <= mVersionFallbackLimit;
+}
+
+// returns true if we should retry the handshake
+bool
+nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
+                                                 int16_t port,
+                                                 uint16_t minVersion,
+                                                 uint16_t intolerant,
+                                                 PRErrorCode intoleranceReason)
+{
+  if (intolerant <= minVersion || fallbackLimitReached(hostName, intolerant)) {
+    // We can't fall back any further. Assume that intolerance isn't the issue.
+    forgetIntolerance(hostName, port);
+    return false;
+  }
+
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    if (intolerant <= entry.tolerant) {
+      // We already know the server is tolerant at an equal or higher version.
+      return false;
+    }
+    if ((entry.intolerant != 0 && intolerant >= entry.intolerant)) {
+      // We already know that the server is intolerant at a lower version.
+      return true;
+    }
+  } else {
+    entry.tolerant = 0;
+    entry.strongCipherStatus = StrongCipherStatusUnknown;
+  }
+
+  entry.intolerant = intolerant;
+  entry.intoleranceReason = intoleranceReason;
+  entry.AssertInvariant();
+  mTLSIntoleranceInfo.Put(key, entry);
+
+  return true;
+}
+
+// returns true if we should retry the handshake
+bool
+nsSSLIOLayerHelpers::rememberStrongCiphersFailed(const nsACString& hostName,
+                                                 int16_t port,
+                                                 PRErrorCode intoleranceReason)
+{
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    if (entry.strongCipherStatus != StrongCipherStatusUnknown) {
+      // We already know if the server supports a strong cipher.
+      return false;
+    }
+  } else {
+    entry.tolerant = 0;
+    entry.intolerant = 0;
+    entry.intoleranceReason = intoleranceReason;
+  }
+
+  entry.strongCipherStatus = StrongCiphersFailed;
+  entry.AssertInvariant();
+  mTLSIntoleranceInfo.Put(key, entry);
+
+  return true;
+}
+
+void
+nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName,
+                                             int16_t port,
+                                             /*in/out*/ SSLVersionRange& range,
+                                             /*out*/ StrongCipherStatus& strongCipherStatus)
+{
+  IntoleranceEntry entry;
+
+  {
+    nsCString key;
+    getSiteKey(hostName, port, key);
+
+    MutexAutoLock lock(mutex);
+    if (!mTLSIntoleranceInfo.Get(key, &entry)) {
+      return;
+    }
+  }
+
+  entry.AssertInvariant();
+
+  if (entry.intolerant != 0) {
+    // We've tried connecting at a higher range but failed, so try at the
+    // version we haven't tried yet, unless we have reached the minimum.
+    if (range.min < entry.intolerant) {
+      range.max = entry.intolerant - 1;
+    }
+  }
+  strongCipherStatus = entry.strongCipherStatus;
+}
+
+PRErrorCode
+nsSSLIOLayerHelpers::getIntoleranceReason(const nsACString& hostName,
+                                          int16_t port)
+{
+  IntoleranceEntry entry;
+
+  {
+    nsCString key;
+    getSiteKey(hostName, port, key);
+
+    MutexAutoLock lock(mutex);
+    if (!mTLSIntoleranceInfo.Get(key, &entry)) {
+      return 0;
+    }
+  }
+
+  entry.AssertInvariant();
+  return entry.intoleranceReason;
+}
+
+bool nsSSLIOLayerHelpers::nsSSLIOLayerInitialized = false;
+PRDescIdentity nsSSLIOLayerHelpers::nsSSLIOLayerIdentity;
+PRDescIdentity nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity;
+PRIOMethods nsSSLIOLayerHelpers::nsSSLIOLayerMethods;
+PRIOMethods nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods;
+
+static PRStatus
+nsSSLIOLayerClose(PRFileDesc* fd)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!fd)
+    return PR_FAILURE;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Shutting down socket\n",
+         (void*) fd));
+
+  nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret;
+  NS_ASSERTION(socketInfo,"nsNSSSocketInfo was null for an fd");
+
+  return socketInfo->CloseSocketAndDestroy(locker);
+}
+
+PRStatus
+nsNSSSocketInfo::CloseSocketAndDestroy(
+    const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  PRFileDesc* popped = PR_PopIOLayer(mFd, PR_TOP_IO_LAYER);
+  NS_ASSERTION(popped &&
+               popped->identity == nsSSLIOLayerHelpers::nsSSLIOLayerIdentity,
+               "SSL Layer not on top of stack");
+
+  // The plain text layer is not always present - so its not a fatal error
+  // if it cannot be removed
+  PRFileDesc* poppedPlaintext =
+    PR_GetIdentitiesLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+  if (poppedPlaintext) {
+    PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    poppedPlaintext->dtor(poppedPlaintext);
+  }
+
+  PRStatus status = mFd->methods->close(mFd);
+
+  // the nsNSSSocketInfo instance can out-live the connection, so we need some
+  // indication that the connection has been closed. mFd == nullptr is that
+  // indication. This is needed, for example, when the connection is closed
+  // before we have finished validating the server's certificate.
+  mFd = nullptr;
+
+  if (status != PR_SUCCESS) return status;
+
+  popped->identity = PR_INVALID_IO_LAYER;
+  NS_RELEASE_THIS();
+  popped->dtor(popped);
+
+  return PR_SUCCESS;
+}
+
+#if defined(DEBUG_SSL_VERBOSE) && defined(DUMP_BUFFER)
+// Dumps a (potentially binary) buffer using SSM_DEBUG.  (We could have used
+// the version in ssltrace.c, but that's specifically tailored to SSLTRACE.)
+#define DUMPBUF_LINESIZE 24
+static void
+nsDumpBuffer(unsigned char* buf, int len)
+{
+  char hexbuf[DUMPBUF_LINESIZE*3+1];
+  char chrbuf[DUMPBUF_LINESIZE+1];
+  static const char* hex = "0123456789abcdef";
+  int i = 0;
+  int l = 0;
+  char ch;
+  char* c;
+  char* h;
+  if (len == 0)
+    return;
+  hexbuf[DUMPBUF_LINESIZE*3] = '\0';
+  chrbuf[DUMPBUF_LINESIZE] = '\0';
+  (void) memset(hexbuf, 0x20, DUMPBUF_LINESIZE*3);
+  (void) memset(chrbuf, 0x20, DUMPBUF_LINESIZE);
+  h = hexbuf;
+  c = chrbuf;
+
+  while (i < len) {
+    ch = buf[i];
+
+    if (l == DUMPBUF_LINESIZE) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf));
+      (void) memset(hexbuf, 0x20, DUMPBUF_LINESIZE*3);
+      (void) memset(chrbuf, 0x20, DUMPBUF_LINESIZE);
+      h = hexbuf;
+      c = chrbuf;
+      l = 0;
+    }
+
+    // Convert a character to hex.
+    *h++ = hex[(ch >> 4) & 0xf];
+    *h++ = hex[ch & 0xf];
+    h++;
+
+    // Put the character (if it's printable) into the character buffer.
+    if ((ch >= 0x20) && (ch <= 0x7e)) {
+      *c++ = ch;
+    } else {
+      *c++ = '.';
+    }
+    i++; l++;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf));
+}
+
+#define DEBUG_DUMP_BUFFER(buf,len) nsDumpBuffer(buf,len)
+#else
+#define DEBUG_DUMP_BUFFER(buf,len)
+#endif
+
+class SSLErrorRunnable : public SyncRunnableBase
+{
+ public:
+  SSLErrorRunnable(nsNSSSocketInfo* infoObject,
+                   ::mozilla::psm::SSLErrorMessageType errtype,
+                   PRErrorCode errorCode)
+    : mInfoObject(infoObject)
+    , mErrType(errtype)
+    , mErrorCode(errorCode)
+  {
+  }
+
+  virtual void RunOnTargetThread()
+  {
+    nsHandleSSLError(mInfoObject, mErrType, mErrorCode);
+  }
+
+  RefPtr<nsNSSSocketInfo> mInfoObject;
+  ::mozilla::psm::SSLErrorMessageType mErrType;
+  const PRErrorCode mErrorCode;
+};
+
+namespace {
+
+uint32_t tlsIntoleranceTelemetryBucket(PRErrorCode err)
+{
+  // returns a numeric code for where we track various errors in telemetry
+  // only errors that cause version fallback are tracked,
+  // so this is also used to determine which errors can cause version fallback
+  switch (err) {
+    case SSL_ERROR_BAD_MAC_ALERT: return 1;
+    case SSL_ERROR_BAD_MAC_READ: return 2;
+    case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: return 3;
+    case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: return 4;
+    case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: return 6;
+    case SSL_ERROR_NO_CYPHER_OVERLAP: return 7;
+    case SSL_ERROR_UNSUPPORTED_VERSION: return 10;
+    case SSL_ERROR_PROTOCOL_VERSION_ALERT: return 11;
+    case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE: return 13;
+    case SSL_ERROR_DECODE_ERROR_ALERT: return 14;
+    case PR_CONNECT_RESET_ERROR: return 16;
+    case PR_END_OF_FILE_ERROR: return 17;
+    case SSL_ERROR_INTERNAL_ERROR_ALERT: return 18;
+    default: return 0;
+  }
+}
+
+bool
+retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
+{
+  // This function is supposed to decide which error codes should
+  // be used to conclude server is TLS intolerant.
+  // Note this only happens during the initial SSL handshake.
+
+  SSLVersionRange range = socketInfo->GetTLSVersionRange();
+  nsSSLIOLayerHelpers& helpers = socketInfo->SharedState().IOLayerHelpers();
+
+  if (err == SSL_ERROR_UNSUPPORTED_VERSION &&
+      range.min == SSL_LIBRARY_VERSION_TLS_1_0) {
+    socketInfo->SetSecurityState(nsIWebProgressListener::STATE_IS_INSECURE |
+                                 nsIWebProgressListener::STATE_USES_SSL_3);
+  }
+
+  // NSS will return SSL_ERROR_RX_MALFORMED_SERVER_HELLO if anti-downgrade
+  // detected the downgrade.
+  if (err == SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT ||
+      err == SSL_ERROR_RX_MALFORMED_SERVER_HELLO) {
+    // This is a clear signal that we've fallen back too many versions.  Treat
+    // this as a hard failure, but forget any intolerance so that later attempts
+    // don't use this version (i.e., range.max) and trigger the error again.
+
+    // First, track the original cause of the version fallback.  This uses the
+    // same buckets as the telemetry below, except that bucket 0 will include
+    // all cases where there wasn't an original reason.
+    PRErrorCode originalReason =
+      helpers.getIntoleranceReason(socketInfo->GetHostName(),
+                                   socketInfo->GetPort());
+    Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE,
+                          tlsIntoleranceTelemetryBucket(originalReason));
+
+    helpers.forgetIntolerance(socketInfo->GetHostName(),
+                              socketInfo->GetPort());
+
+    return false;
+  }
+
+  // Disallow PR_CONNECT_RESET_ERROR if fallback limit reached.
+  bool fallbackLimitReached =
+    helpers.fallbackLimitReached(socketInfo->GetHostName(), range.max);
+  if (err == PR_CONNECT_RESET_ERROR && fallbackLimitReached) {
+    return false;
+  }
+
+  if ((err == SSL_ERROR_NO_CYPHER_OVERLAP || err == PR_END_OF_FILE_ERROR ||
+       err == PR_CONNECT_RESET_ERROR) &&
+       nsNSSComponent::AreAnyWeakCiphersEnabled()) {
+    if (helpers.isInsecureFallbackSite(socketInfo->GetHostName()) ||
+        helpers.mUnrestrictedRC4Fallback) {
+      if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
+                                              socketInfo->GetPort(), err)) {
+        Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
+                              tlsIntoleranceTelemetryBucket(err));
+        return true;
+      }
+      Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
+    }
+  }
+
+  // When not using a proxy we'll see a connection reset error.
+  // When using a proxy, we'll see an end of file error.
+
+  // Don't allow STARTTLS connections to fall back on connection resets or
+  // EOF.
+  if ((err == PR_CONNECT_RESET_ERROR || err == PR_END_OF_FILE_ERROR)
+      && socketInfo->GetForSTARTTLS()) {
+    return false;
+  }
+
+  uint32_t reason = tlsIntoleranceTelemetryBucket(err);
+  if (reason == 0) {
+    return false;
+  }
+
+  Telemetry::ID pre;
+  Telemetry::ID post;
+  switch (range.max) {
+    case SSL_LIBRARY_VERSION_TLS_1_3:
+      pre = Telemetry::SSL_TLS13_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS13_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_2:
+      pre = Telemetry::SSL_TLS12_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS12_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_1:
+      pre = Telemetry::SSL_TLS11_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS11_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_0:
+      pre = Telemetry::SSL_TLS10_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS10_INTOLERANCE_REASON_POST;
+      break;
+    default:
+      MOZ_CRASH("impossible TLS version");
+      return false;
+  }
+
+  // The difference between _PRE and _POST represents how often we avoided
+  // TLS intolerance fallback due to remembered tolerance.
+  Telemetry::Accumulate(pre, reason);
+
+  if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(),
+                                           socketInfo->GetPort(),
+                                           range.min, range.max, err)) {
+    return false;
+  }
+
+  Telemetry::Accumulate(post, reason);
+
+  return true;
+}
+
+// Ensure that we haven't added too many errors to fit.
+static_assert((SSL_ERROR_END_OF_LIST - SSL_ERROR_BASE) <= 256,
+              "too many SSL errors");
+static_assert((SEC_ERROR_END_OF_LIST - SEC_ERROR_BASE) <= 256,
+              "too many SEC errors");
+static_assert((PR_MAX_ERROR - PR_NSPR_ERROR_BASE) <= 128,
+              "too many NSPR errors");
+static_assert((mozilla::pkix::ERROR_BASE - mozilla::pkix::END_OF_LIST) < 31,
+              "too many moz::pkix errors");
+
+static void
+reportHandshakeResult(int32_t bytesTransferred, bool wasReading, PRErrorCode err)
+{
+  uint32_t bucket;
+
+  // A negative bytesTransferred or a 0 read are errors.
+  if (bytesTransferred > 0) {
+    bucket = 0;
+  } else if ((bytesTransferred == 0) && !wasReading) {
+    // PR_Write() is defined to never return 0, but let's make sure.
+    // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_Write.
+    MOZ_ASSERT(false);
+    bucket = 671;
+  } else if (IS_SSL_ERROR(err)) {
+    bucket = err - SSL_ERROR_BASE;
+    MOZ_ASSERT(bucket > 0);   // SSL_ERROR_EXPORT_ONLY_SERVER isn't used.
+  } else if (IS_SEC_ERROR(err)) {
+    bucket = (err - SEC_ERROR_BASE) + 256;
+  } else if ((err >= PR_NSPR_ERROR_BASE) && (err < PR_MAX_ERROR)) {
+    bucket = (err - PR_NSPR_ERROR_BASE) + 512;
+  } else if ((err >= mozilla::pkix::ERROR_BASE) &&
+             (err < mozilla::pkix::ERROR_LIMIT)) {
+    bucket = (err - mozilla::pkix::ERROR_BASE) + 640;
+  } else {
+    bucket = 671;
+  }
+
+  Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket);
+}
+
+int32_t
+checkHandshake(int32_t bytesTransfered, bool wasReading,
+               PRFileDesc* ssl_layer_fd, nsNSSSocketInfo* socketInfo)
+{
+  const PRErrorCode originalError = PR_GetError();
+  PRErrorCode err = originalError;
+
+  // This is where we work around all of those SSL servers that don't
+  // conform to the SSL spec and shutdown a connection when we request
+  // SSL v3.1 (aka TLS).  The spec says the client says what version
+  // of the protocol we're willing to perform, in our case SSL v3.1
+  // In its response, the server says which version it wants to perform.
+  // Many servers out there only know how to do v3.0.  Next, we're supposed
+  // to send back the version of the protocol we requested (ie v3.1).  At
+  // this point many servers's implementations are broken and they shut
+  // down the connection when they don't see the version they sent back.
+  // This is supposed to prevent a man in the middle from forcing one
+  // side to dumb down to a lower level of the protocol.  Unfortunately,
+  // there are enough broken servers out there that such a gross work-around
+  // is necessary.  :(
+
+  // Do NOT assume TLS intolerance on a closed connection after bad cert ui was shown.
+  // Simply retry.
+  // This depends on the fact that Cert UI will not be shown again,
+  // should the user override the bad cert.
+
+  bool handleHandshakeResultNow = socketInfo->IsHandshakePending();
+
+  bool wantRetry = false;
+
+  if (0 > bytesTransfered) {
+    if (handleHandshakeResultNow) {
+      if (PR_WOULD_BLOCK_ERROR == err) {
+        PR_SetError(err, 0);
+        return bytesTransfered;
+      }
+
+      wantRetry = retryDueToTLSIntolerance(err, socketInfo);
+    }
+
+    // This is the common place where we trigger non-cert-errors on a SSL
+    // socket. This might be reached at any time of the connection.
+    //
+    // The socketInfo->GetErrorCode() check is here to ensure we don't try to
+    // do the synchronous dispatch to the main thread unnecessarily after we've
+    // already handled a certificate error. (SSLErrorRunnable calls
+    // nsHandleSSLError, which has logic to avoid replacing the error message,
+    // so without the !socketInfo->GetErrorCode(), it would just be an
+    // expensive no-op.)
+    if (!wantRetry && mozilla::psm::IsNSSErrorCode(err) &&
+        !socketInfo->GetErrorCode()) {
+      RefPtr<SyncRunnableBase> runnable(new SSLErrorRunnable(socketInfo,
+                                                             PlainErrorMessage,
+                                                             err));
+      (void) runnable->DispatchToMainThreadAndWait();
+    }
+  } else if (wasReading && 0 == bytesTransfered) {
+    // zero bytes on reading, socket closed
+    if (handleHandshakeResultNow) {
+      wantRetry = retryDueToTLSIntolerance(PR_END_OF_FILE_ERROR, socketInfo);
+    }
+  }
+
+  if (wantRetry) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] checkHandshake: will retry with lower max TLS version\n",
+            ssl_layer_fd));
+    // We want to cause the network layer to retry the connection.
+    err = PR_CONNECT_RESET_ERROR;
+    if (wasReading)
+      bytesTransfered = -1;
+  }
+
+  // TLS intolerant servers only cause the first transfer to fail, so let's
+  // set the HandshakePending attribute to false so that we don't try the logic
+  // above again in a subsequent transfer.
+  if (handleHandshakeResultNow) {
+    // Report the result once for each handshake. Note that this does not
+    // get handshakes which are cancelled before any reads or writes
+    // happen.
+    reportHandshakeResult(bytesTransfered, wasReading, originalError);
+    socketInfo->SetHandshakeNotPending();
+  }
+
+  if (bytesTransfered < 0) {
+    // Remember that we encountered an error so that getSocketInfoIfRunning
+    // will correctly cause us to fail if another part of Gecko
+    // (erroneously) calls an I/O function (PR_Send/PR_Recv/etc.) again on
+    // this socket. Note that we use the original error because if we use
+    // PR_CONNECT_RESET_ERROR, we'll repeated try to reconnect.
+    if (originalError != PR_WOULD_BLOCK_ERROR && !socketInfo->GetErrorCode()) {
+      socketInfo->SetCanceled(originalError, PlainErrorMessage);
+    }
+    PR_SetError(err, 0);
+  }
+
+  return bytesTransfered;
+}
+
+} // namespace
+
+static int16_t
+nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags, int16_t* out_flags)
+{
+  nsNSSShutDownPreventionLock locker;
+
+  if (!out_flags) {
+    NS_WARNING("nsSSLIOLayerPoll called with null out_flags");
+    return 0;
+  }
+
+  *out_flags = 0;
+
+  nsNSSSocketInfo* socketInfo =
+    getSocketInfoIfRunning(fd, not_reading_or_writing, locker);
+
+  if (!socketInfo) {
+    // If we get here, it is probably because certificate validation failed
+    // and this is the first I/O operation after the failure.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] polling SSL socket right after certificate verification failed "
+                  "or NSS shutdown or SDR logout %d\n",
+             fd, (int) in_flags));
+
+    NS_ASSERTION(in_flags & PR_POLL_EXCEPT,
+                 "caller did not poll for EXCEPT (canceled)");
+    // Since this poll method cannot return errors, we want the caller to call
+    // PR_Send/PR_Recv right away to get the error, so we tell that we are
+    // ready for whatever I/O they are asking for. (See getSocketInfoIfRunning).
+    *out_flags = in_flags | PR_POLL_EXCEPT; // see also bug 480619
+    return in_flags;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          (socketInfo->IsWaitingForCertVerification()
+             ?  "[%p] polling SSL socket during certificate verification using lower %d\n"
+             :  "[%p] poll SSL socket using lower %d\n",
+           fd, (int) in_flags));
+
+  // We want the handshake to continue during certificate validation, so we
+  // don't need to do anything special here. libssl automatically blocks when
+  // it reaches any point that would be unsafe to send/receive something before
+  // cert validation is complete.
+  int16_t result = fd->lower->methods->poll(fd->lower, in_flags, out_flags);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] poll SSL socket returned %d\n", (void*) fd, (int) result));
+  return result;
+}
+
+nsSSLIOLayerHelpers::nsSSLIOLayerHelpers()
+  : mTreatUnsafeNegotiationAsBroken(false)
+  , mTLSIntoleranceInfo()
+  , mFalseStartRequireNPN(false)
+  , mUnrestrictedRC4Fallback(false)
+  , mVersionFallbackLimit(SSL_LIBRARY_VERSION_TLS_1_0)
+  , mutex("nsSSLIOLayerHelpers.mutex")
+{
+}
+
+static int
+_PSM_InvalidInt(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return -1;
+}
+
+static int64_t
+_PSM_InvalidInt64(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return -1;
+}
+
+static PRStatus
+_PSM_InvalidStatus(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return PR_FAILURE;
+}
+
+static PRFileDesc*
+_PSM_InvalidDesc(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return nullptr;
+}
+
+static PRStatus
+PSMGetsockname(PRFileDesc* fd, PRNetAddr* addr)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->getsockname(fd->lower, addr);
+}
+
+static PRStatus
+PSMGetpeername(PRFileDesc* fd, PRNetAddr* addr)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->getpeername(fd->lower, addr);
+}
+
+static PRStatus
+PSMGetsocketoption(PRFileDesc* fd, PRSocketOptionData* data)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->getsocketoption(fd, data);
+}
+
+static PRStatus
+PSMSetsocketoption(PRFileDesc* fd, const PRSocketOptionData* data)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->setsocketoption(fd, data);
+}
+
+static int32_t
+PSMRecv(PRFileDesc* fd, void* buf, int32_t amount, int flags,
+        PRIntervalTime timeout)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsNSSSocketInfo* socketInfo = getSocketInfoIfRunning(fd, reading, locker);
+  if (!socketInfo)
+    return -1;
+
+  if (flags != PR_MSG_PEEK && flags != 0) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return -1;
+  }
+
+  int32_t bytesRead = fd->lower->methods->recv(fd->lower, buf, amount, flags,
+                                               timeout);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] read %d bytes\n", (void*) fd, bytesRead));
+
+#ifdef DEBUG_SSL_VERBOSE
+  DEBUG_DUMP_BUFFER((unsigned char*) buf, bytesRead);
+#endif
+
+  return checkHandshake(bytesRead, true, fd, socketInfo);
+}
+
+static int32_t
+PSMSend(PRFileDesc* fd, const void* buf, int32_t amount, int flags,
+        PRIntervalTime timeout)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsNSSSocketInfo* socketInfo = getSocketInfoIfRunning(fd, writing, locker);
+  if (!socketInfo)
+    return -1;
+
+  if (flags != 0) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return -1;
+  }
+
+#ifdef DEBUG_SSL_VERBOSE
+  DEBUG_DUMP_BUFFER((unsigned char*) buf, amount);
+#endif
+
+  int32_t bytesWritten = fd->lower->methods->send(fd->lower, buf, amount,
+                                                  flags, timeout);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] wrote %d bytes\n", fd, bytesWritten));
+
+  return checkHandshake(bytesWritten, false, fd, socketInfo);
+}
+
+static PRStatus
+PSMBind(PRFileDesc* fd, const PRNetAddr *addr)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->bind(fd->lower, addr);
+}
+
+static int32_t
+nsSSLIOLayerRead(PRFileDesc* fd, void* buf, int32_t amount)
+{
+  return PSMRecv(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT);
+}
+
+static int32_t
+nsSSLIOLayerWrite(PRFileDesc* fd, const void* buf, int32_t amount)
+{
+  return PSMSend(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT);
+}
+
+static PRStatus
+PSMConnectcontinue(PRFileDesc* fd, int16_t out_flags)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) {
+    return PR_FAILURE;
+  }
+
+  return fd->lower->methods->connectcontinue(fd, out_flags);
+}
+
+static int
+PSMAvailable(void)
+{
+  // This is called through PR_Available(), but is not implemented in PSM
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+  return -1;
+}
+
+static int64_t
+PSMAvailable64(void)
+{
+  // This is called through PR_Available(), but is not implemented in PSM
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+  return -1;
+}
+
+namespace {
+
+class PrefObserver : public nsIObserver {
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  explicit PrefObserver(nsSSLIOLayerHelpers* aOwner) : mOwner(aOwner) {}
+
+protected:
+  virtual ~PrefObserver() {}
+private:
+  nsSSLIOLayerHelpers* mOwner;
+};
+
+} // unnamed namespace
+
+NS_IMPL_ISUPPORTS(PrefObserver, nsIObserver)
+
+NS_IMETHODIMP
+PrefObserver::Observe(nsISupports* aSubject, const char* aTopic,
+                      const char16_t* someData)
+{
+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    NS_ConvertUTF16toUTF8 prefName(someData);
+
+    if (prefName.EqualsLiteral("security.ssl.treat_unsafe_negotiation_as_broken")) {
+      bool enabled;
+      Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
+      mOwner->setTreatUnsafeNegotiationAsBroken(enabled);
+    } else if (prefName.EqualsLiteral("security.ssl.false_start.require-npn")) {
+      mOwner->mFalseStartRequireNPN =
+        Preferences::GetBool("security.ssl.false_start.require-npn",
+                             FALSE_START_REQUIRE_NPN_DEFAULT);
+    } else if (prefName.EqualsLiteral("security.tls.version.fallback-limit")) {
+      mOwner->loadVersionFallbackLimit();
+    } else if (prefName.EqualsLiteral("security.tls.insecure_fallback_hosts")) {
+      // Changes to the whitelist on the public side will update the pref.
+      // Don't propagate the changes to the private side.
+      if (mOwner->isPublic()) {
+        mOwner->initInsecureFallbackSites();
+      }
+    } else if (prefName.EqualsLiteral("security.tls.unrestricted_rc4_fallback")) {
+      mOwner->mUnrestrictedRC4Fallback =
+        Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false);
+    }
+  }
+  return NS_OK;
+}
+
+static int32_t
+PlaintextRecv(PRFileDesc* fd, void* buf, int32_t amount, int flags,
+              PRIntervalTime timeout)
+{
+  // The shutdownlocker is not needed here because it will already be
+  // held higher in the stack
+  nsNSSSocketInfo* socketInfo = nullptr;
+
+  int32_t bytesRead = fd->lower->methods->recv(fd->lower, buf, amount, flags,
+                                               timeout);
+  if (fd->identity == nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity)
+    socketInfo = (nsNSSSocketInfo*) fd->secret;
+
+  if ((bytesRead > 0) && socketInfo)
+    socketInfo->AddPlaintextBytesRead(bytesRead);
+  return bytesRead;
+}
+
+nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers()
+{
+  // mPrefObserver will only be set if this->Init was called. The GTest tests
+  // do not call Init.
+  if (mPrefObserver) {
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.ssl.treat_unsafe_negotiation_as_broken");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.ssl.false_start.require-npn");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.tls.version.fallback-limit");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.tls.insecure_fallback_hosts");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.tls.unrestricted_rc4_fallback");
+  }
+}
+
+nsresult
+nsSSLIOLayerHelpers::Init()
+{
+  if (!nsSSLIOLayerInitialized) {
+    nsSSLIOLayerInitialized = true;
+    nsSSLIOLayerIdentity = PR_GetUniqueIdentity("NSS layer");
+    nsSSLIOLayerMethods  = *PR_GetDefaultIOMethods();
+
+    nsSSLIOLayerMethods.available = (PRAvailableFN) PSMAvailable;
+    nsSSLIOLayerMethods.available64 = (PRAvailable64FN) PSMAvailable64;
+    nsSSLIOLayerMethods.fsync = (PRFsyncFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.seek = (PRSeekFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.seek64 = (PRSeek64FN) _PSM_InvalidInt64;
+    nsSSLIOLayerMethods.fileInfo = (PRFileInfoFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.fileInfo64 = (PRFileInfo64FN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.writev = (PRWritevFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.accept = (PRAcceptFN) _PSM_InvalidDesc;
+    nsSSLIOLayerMethods.listen = (PRListenFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.shutdown = (PRShutdownFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.recvfrom = (PRRecvfromFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.sendto = (PRSendtoFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.acceptread = (PRAcceptreadFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.transmitfile = (PRTransmitfileFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.sendfile = (PRSendfileFN) _PSM_InvalidInt;
+
+    nsSSLIOLayerMethods.getsockname = PSMGetsockname;
+    nsSSLIOLayerMethods.getpeername = PSMGetpeername;
+    nsSSLIOLayerMethods.getsocketoption = PSMGetsocketoption;
+    nsSSLIOLayerMethods.setsocketoption = PSMSetsocketoption;
+    nsSSLIOLayerMethods.recv = PSMRecv;
+    nsSSLIOLayerMethods.send = PSMSend;
+    nsSSLIOLayerMethods.connectcontinue = PSMConnectcontinue;
+    nsSSLIOLayerMethods.bind = PSMBind;
+
+    nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect;
+    nsSSLIOLayerMethods.close = nsSSLIOLayerClose;
+    nsSSLIOLayerMethods.write = nsSSLIOLayerWrite;
+    nsSSLIOLayerMethods.read = nsSSLIOLayerRead;
+    nsSSLIOLayerMethods.poll = nsSSLIOLayerPoll;
+
+    nsSSLPlaintextLayerIdentity = PR_GetUniqueIdentity("Plaintxext PSM layer");
+    nsSSLPlaintextLayerMethods  = *PR_GetDefaultIOMethods();
+    nsSSLPlaintextLayerMethods.recv = PlaintextRecv;
+  }
+
+  bool enabled = false;
+  Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
+  setTreatUnsafeNegotiationAsBroken(enabled);
+
+  mFalseStartRequireNPN =
+    Preferences::GetBool("security.ssl.false_start.require-npn",
+                         FALSE_START_REQUIRE_NPN_DEFAULT);
+  loadVersionFallbackLimit();
+  initInsecureFallbackSites();
+  mUnrestrictedRC4Fallback =
+    Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false);
+
+  mPrefObserver = new PrefObserver(this);
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.ssl.treat_unsafe_negotiation_as_broken");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.ssl.false_start.require-npn");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.tls.version.fallback-limit");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.tls.insecure_fallback_hosts");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.tls.unrestricted_rc4_fallback");
+  return NS_OK;
+}
+
+void
+nsSSLIOLayerHelpers::loadVersionFallbackLimit()
+{
+  // see nsNSSComponent::setEnabledTLSVersions for pref handling rules
+  uint32_t limit = Preferences::GetUint("security.tls.version.fallback-limit",
+                                        3); // 3 = TLS 1.2
+  SSLVersionRange defaults = { SSL_LIBRARY_VERSION_TLS_1_2,
+                               SSL_LIBRARY_VERSION_TLS_1_2 };
+  SSLVersionRange filledInRange;
+  nsNSSComponent::FillTLSVersionRange(filledInRange, limit, limit, defaults);
+  if (filledInRange.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+    filledInRange.max = SSL_LIBRARY_VERSION_TLS_1_2;
+  }
+
+  mVersionFallbackLimit = filledInRange.max;
+}
+
+void
+nsSSLIOLayerHelpers::clearStoredData()
+{
+  MutexAutoLock lock(mutex);
+  mInsecureFallbackSites.Clear();
+  mTLSIntoleranceInfo.Clear();
+}
+
+void
+nsSSLIOLayerHelpers::setInsecureFallbackSites(const nsCString& str)
+{
+  MutexAutoLock lock(mutex);
+
+  mInsecureFallbackSites.Clear();
+
+  if (str.IsEmpty()) {
+    return;
+  }
+
+  nsCCharSeparatedTokenizer toker(str, ',');
+
+  while (toker.hasMoreTokens()) {
+    const nsCSubstring& host = toker.nextToken();
+    if (!host.IsEmpty()) {
+      mInsecureFallbackSites.PutEntry(host);
+    }
+  }
+}
+
+void
+nsSSLIOLayerHelpers::initInsecureFallbackSites()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsCString insecureFallbackHosts;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts",
+                          &insecureFallbackHosts);
+  setInsecureFallbackSites(insecureFallbackHosts);
+}
+
+bool
+nsSSLIOLayerHelpers::isPublic() const
+{
+  return this == &PublicSSLState()->IOLayerHelpers();
+}
+
+void
+nsSSLIOLayerHelpers::addInsecureFallbackSite(const nsCString& hostname,
+                                             bool temporary)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  {
+    MutexAutoLock lock(mutex);
+    if (mInsecureFallbackSites.Contains(hostname)) {
+      return;
+    }
+    mInsecureFallbackSites.PutEntry(hostname);
+  }
+  if (!isPublic() || temporary) {
+    return;
+  }
+  nsCString value;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts", &value);
+  if (!value.IsEmpty()) {
+    value.Append(',');
+  }
+  value.Append(hostname);
+  Preferences::SetCString("security.tls.insecure_fallback_hosts", value);
+}
+
+class FallbackPrefRemover final : public Runnable
+{
+public:
+  explicit FallbackPrefRemover(const nsACString& aHost)
+    : mHost(aHost)
+  {}
+  NS_IMETHOD Run() override;
+private:
+  nsCString mHost;
+};
+
+NS_IMETHODIMP
+FallbackPrefRemover::Run()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsCString oldValue;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts", &oldValue);
+  nsCCharSeparatedTokenizer toker(oldValue, ',');
+  nsCString newValue;
+  while (toker.hasMoreTokens()) {
+    const nsCSubstring& host = toker.nextToken();
+    if (host.Equals(mHost)) {
+      continue;
+    }
+    if (!newValue.IsEmpty()) {
+      newValue.Append(',');
+    }
+    newValue.Append(host);
+  }
+  Preferences::SetCString("security.tls.insecure_fallback_hosts", newValue);
+  return NS_OK;
+}
+
+void
+nsSSLIOLayerHelpers::removeInsecureFallbackSite(const nsACString& hostname,
+                                                uint16_t port)
+{
+  forgetIntolerance(hostname, port);
+  {
+    MutexAutoLock lock(mutex);
+    if (!mInsecureFallbackSites.Contains(hostname)) {
+      return;
+    }
+    mInsecureFallbackSites.RemoveEntry(hostname);
+  }
+  if (!isPublic()) {
+    return;
+  }
+  RefPtr<Runnable> runnable = new FallbackPrefRemover(hostname);
+  if (NS_IsMainThread()) {
+    runnable->Run();
+  } else {
+    NS_DispatchToMainThread(runnable);
+  }
+}
+
+bool
+nsSSLIOLayerHelpers::isInsecureFallbackSite(const nsACString& hostname)
+{
+  MutexAutoLock lock(mutex);
+  return mInsecureFallbackSites.Contains(hostname);
+}
+
+void
+nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(bool broken)
+{
+  MutexAutoLock lock(mutex);
+  mTreatUnsafeNegotiationAsBroken = broken;
+}
+
+bool
+nsSSLIOLayerHelpers::treatUnsafeNegotiationAsBroken()
+{
+  MutexAutoLock lock(mutex);
+  return mTreatUnsafeNegotiationAsBroken;
+}
+
+nsresult
+nsSSLIOLayerNewSocket(int32_t family,
+                      const char* host,
+                      int32_t port,
+                      nsIProxyInfo *proxy,
+                      const NeckoOriginAttributes& originAttributes,
+                      PRFileDesc** fd,
+                      nsISupports** info,
+                      bool forSTARTTLS,
+                      uint32_t flags)
+{
+
+  PRFileDesc* sock = PR_OpenTCPSocket(family);
+  if (!sock) return NS_ERROR_OUT_OF_MEMORY;
+
+  nsresult rv = nsSSLIOLayerAddToSocket(family, host, port, proxy,
+                                        originAttributes, sock, info,
+                                        forSTARTTLS, flags);
+  if (NS_FAILED(rv)) {
+    PR_Close(sock);
+    return rv;
+  }
+
+  *fd = sock;
+  return NS_OK;
+}
+
+// Creates CA names strings from (CERTDistNames* caNames)
+//
+// - arena: arena to allocate strings on
+// - caNameStrings: filled with CA names strings on return
+// - caNames: CERTDistNames to extract strings from
+// - return: SECSuccess if successful; error code otherwise
+//
+// Note: copied in its entirety from Nova code
+static SECStatus
+nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings,
+                          CERTDistNames* caNames)
+{
+    MOZ_ASSERT(arena.get());
+    MOZ_ASSERT(caNameStrings);
+    MOZ_ASSERT(caNames);
+    if (!arena.get() || !caNameStrings || !caNames) {
+        PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+        return SECFailure;
+    }
+
+    SECItem* dername;
+    SECStatus rv;
+    int headerlen;
+    uint32_t contentlen;
+    SECItem newitem;
+    int n;
+    char* namestring;
+
+    for (n = 0; n < caNames->nnames; n++) {
+        newitem.data = nullptr;
+        dername = &caNames->names[n];
+
+        rv = DER_Lengths(dername, &headerlen, &contentlen);
+
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        if (headerlen + contentlen != dername->len) {
+            // This must be from an enterprise 2.x server, which sent
+            // incorrectly formatted der without the outer wrapper of type and
+            // length. Fix it up by adding the top level header.
+            if (dername->len <= 127) {
+                newitem.data = (unsigned char*) PR_Malloc(dername->len + 2);
+                if (!newitem.data) {
+                    goto loser;
+                }
+                newitem.data[0] = (unsigned char) 0x30;
+                newitem.data[1] = (unsigned char) dername->len;
+                (void) memcpy(&newitem.data[2], dername->data, dername->len);
+            } else if (dername->len <= 255) {
+                newitem.data = (unsigned char*) PR_Malloc(dername->len + 3);
+                if (!newitem.data) {
+                    goto loser;
+                }
+                newitem.data[0] = (unsigned char) 0x30;
+                newitem.data[1] = (unsigned char) 0x81;
+                newitem.data[2] = (unsigned char) dername->len;
+                (void) memcpy(&newitem.data[3], dername->data, dername->len);
+            } else {
+                // greater than 256, better be less than 64k
+                newitem.data = (unsigned char*) PR_Malloc(dername->len + 4);
+                if (!newitem.data) {
+                    goto loser;
+                }
+                newitem.data[0] = (unsigned char) 0x30;
+                newitem.data[1] = (unsigned char) 0x82;
+                newitem.data[2] = (unsigned char) ((dername->len >> 8) & 0xff);
+                newitem.data[3] = (unsigned char) (dername->len & 0xff);
+                memcpy(&newitem.data[4], dername->data, dername->len);
+            }
+            dername = &newitem;
+        }
+
+        namestring = CERT_DerNameToAscii(dername);
+        if (!namestring) {
+            // XXX - keep going until we fail to convert the name
+            caNameStrings[n] = const_cast<char*>("");
+        } else {
+            caNameStrings[n] = PORT_ArenaStrdup(arena.get(), namestring);
+            PR_Free(namestring);
+            if (!caNameStrings[n]) {
+                goto loser;
+            }
+        }
+
+        if (newitem.data) {
+            PR_Free(newitem.data);
+        }
+    }
+
+    return SECSuccess;
+loser:
+    if (newitem.data) {
+        PR_Free(newitem.data);
+    }
+    return SECFailure;
+}
+
+// Possible behaviors for choosing a cert for client auth.
+enum class UserCertChoice {
+  // Ask the user to choose a cert.
+  Ask = 0,
+  // Automatically choose a cert.
+  Auto = 1,
+};
+
+// Returns the most appropriate user cert choice based on the value of the
+// security.default_personal_cert preference.
+UserCertChoice
+nsGetUserCertChoice()
+{
+  nsAutoCString value;
+  nsresult rv = Preferences::GetCString("security.default_personal_cert", &value);
+  if (NS_FAILED(rv)) {
+    return UserCertChoice::Ask;
+  }
+
+  // There are three cases for what the preference could be set to:
+  //   1. "Select Automatically" -> Auto.
+  //   2. "Ask Every Time" -> Ask.
+  //   3. Something else -> Ask. This might be a nickname from a migrated cert,
+  //      but we no longer support this case.
+  return value.EqualsLiteral("Select Automatically") ? UserCertChoice::Auto
+                                                     : UserCertChoice::Ask;
+}
+
+static bool
+hasExplicitKeyUsageNonRepudiation(CERTCertificate* cert)
+{
+  // There is no extension, v1 or v2 certificate
+  if (!cert->extensions)
+    return false;
+
+  SECStatus srv;
+  SECItem keyUsageItem;
+  keyUsageItem.data = nullptr;
+
+  srv = CERT_FindKeyUsageExtension(cert, &keyUsageItem);
+  if (srv == SECFailure)
+    return false;
+
+  unsigned char keyUsage = keyUsageItem.data[0];
+  PORT_Free (keyUsageItem.data);
+
+  return !!(keyUsage & KU_NON_REPUDIATION);
+}
+
+class ClientAuthDataRunnable : public SyncRunnableBase
+{
+public:
+  ClientAuthDataRunnable(CERTDistNames* caNames,
+                         CERTCertificate** pRetCert,
+                         SECKEYPrivateKey** pRetKey,
+                         nsNSSSocketInfo* info,
+                         const UniqueCERTCertificate& serverCert)
+    : mRV(SECFailure)
+    , mErrorCodeToReport(SEC_ERROR_NO_MEMORY)
+    , mPRetCert(pRetCert)
+    , mPRetKey(pRetKey)
+    , mCANames(caNames)
+    , mSocketInfo(info)
+    , mServerCert(serverCert.get())
+  {
+  }
+
+  SECStatus mRV;                        // out
+  PRErrorCode mErrorCodeToReport;       // out
+  CERTCertificate** const mPRetCert;    // in/out
+  SECKEYPrivateKey** const mPRetKey;    // in/out
+protected:
+  virtual void RunOnTargetThread();
+private:
+  CERTDistNames* const mCANames;        // in
+  nsNSSSocketInfo* const mSocketInfo;   // in
+  CERTCertificate* const mServerCert;   // in
+};
+
+// This callback function is used to pull client certificate
+// information upon server request
+//
+// - arg: SSL data connection
+// - socket: SSL socket we're dealing with
+// - caNames: list of CA names
+// - pRetCert: returns a pointer to a pointer to a valid certificate if
+//             successful; otherwise nullptr
+// - pRetKey: returns a pointer to a pointer to the corresponding key if
+//            successful; otherwise nullptr
+SECStatus
+nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
+                           CERTDistNames* caNames, CERTCertificate** pRetCert,
+                           SECKEYPrivateKey** pRetKey)
+{
+  nsNSSShutDownPreventionLock locker;
+
+  if (!socket || !caNames || !pRetCert || !pRetKey) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return SECFailure;
+  }
+
+  RefPtr<nsNSSSocketInfo> info(
+    BitwiseCast<nsNSSSocketInfo*, PRFilePrivate*>(socket->higher->secret));
+
+  UniqueCERTCertificate serverCert(SSL_PeerCertificate(socket));
+  if (!serverCert) {
+    NS_NOTREACHED("Missing server certificate should have been detected during "
+                  "server cert authentication.");
+    PR_SetError(SSL_ERROR_NO_CERTIFICATE, 0);
+    return SECFailure;
+  }
+
+  if (info->GetJoined()) {
+    // We refuse to send a client certificate when there are multiple hostnames
+    // joined on this connection, because we only show the user one hostname
+    // (mHostName) in the client certificate UI.
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] Not returning client cert due to previous join\n", socket));
+    *pRetCert = nullptr;
+    *pRetKey = nullptr;
+    return SECSuccess;
+  }
+
+  // XXX: This should be done asynchronously; see bug 696976
+  RefPtr<ClientAuthDataRunnable> runnable(
+    new ClientAuthDataRunnable(caNames, pRetCert, pRetKey, info, serverCert));
+  nsresult rv = runnable->DispatchToMainThreadAndWait();
+  if (NS_FAILED(rv)) {
+    PR_SetError(SEC_ERROR_NO_MEMORY, 0);
+    return SECFailure;
+  }
+
+  if (runnable->mRV != SECSuccess) {
+    PR_SetError(runnable->mErrorCodeToReport, 0);
+  } else if (*runnable->mPRetCert || *runnable->mPRetKey) {
+    // Make joinConnection prohibit joining after we've sent a client cert
+    info->SetSentClientCert();
+  }
+
+  return runnable->mRV;
+}
+
+void
+ClientAuthDataRunnable::RunOnTargetThread()
+{
+  // We check the value of a pref in this runnable, so this runnable should only
+  // be run on the main thread.
+  MOZ_ASSERT(NS_IsMainThread());
+
+  UniquePLArenaPool arena;
+  char** caNameStrings;
+  UniqueCERTCertificate cert;
+  UniqueSECKEYPrivateKey privKey;
+  void* wincx = mSocketInfo;
+  nsresult rv;
+
+  nsCOMPtr<nsIX509Cert> socketClientCert;
+  mSocketInfo->GetClientCert(getter_AddRefs(socketClientCert));
+
+  // If a client cert preference was set on the socket info, use that and skip
+  // the client cert UI and/or search of the user's past cert decisions.
+  if (socketClientCert) {
+    cert.reset(socketClientCert->GetCert());
+    if (!cert) {
+      goto loser;
+    }
+
+    // Get the private key
+    privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx));
+    if (!privKey) {
+      goto loser;
+    }
+
+    *mPRetCert = cert.release();
+    *mPRetKey = privKey.release();
+    mRV = SECSuccess;
+    return;
+  }
+
+  // create caNameStrings
+  arena.reset(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    goto loser;
+  }
+
+  caNameStrings = static_cast<char**>(
+    PORT_ArenaAlloc(arena.get(), sizeof(char*) * mCANames->nnames));
+  if (!caNameStrings) {
+    goto loser;
+  }
+
+  mRV = nsConvertCANamesToStrings(arena, caNameStrings, mCANames);
+  if (mRV != SECSuccess) {
+    goto loser;
+  }
+
+  // find valid user cert and key pair
+  if (nsGetUserCertChoice() == UserCertChoice::Auto) {
+    // automatically find the right cert
+
+    // find all user certs that are valid and for SSL
+    UniqueCERTCertList certList(
+      CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient,
+                                false, true, wincx));
+    if (!certList) {
+      goto loser;
+    }
+
+    // filter the list to those issued by CAs supported by the server
+    mRV = CERT_FilterCertListByCANames(certList.get(), mCANames->nnames,
+                                       caNameStrings, certUsageSSLClient);
+    if (mRV != SECSuccess) {
+      goto loser;
+    }
+
+    // make sure the list is not empty
+    if (CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
+      goto loser;
+    }
+
+    UniqueCERTCertificate lowPrioNonrepCert;
+
+    // loop through the list until we find a cert with a key
+    for (CERTCertListNode* node = CERT_LIST_HEAD(certList);
+         !CERT_LIST_END(node, certList);
+         node = CERT_LIST_NEXT(node)) {
+      // if the certificate has restriction and we do not satisfy it we do not
+      // use it
+      privKey.reset(PK11_FindKeyByAnyCert(node->cert, wincx));
+      if (privKey) {
+        if (hasExplicitKeyUsageNonRepudiation(node->cert)) {
+          privKey = nullptr;
+          // Not a preferred cert
+          if (!lowPrioNonrepCert) { // did not yet find a low prio cert
+            lowPrioNonrepCert.reset(CERT_DupCertificate(node->cert));
+          }
+        } else {
+          // this is a good cert to present
+          cert.reset(CERT_DupCertificate(node->cert));
+          break;
+        }
+      }
+      if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) {
+        // problem with password: bail
+        goto loser;
+      }
+    }
+
+    if (!cert && lowPrioNonrepCert) {
+      cert = Move(lowPrioNonrepCert);
+      privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx));
+    }
+
+    if (!cert) {
+      goto loser;
+    }
+  } else { // Not Auto => ask
+    // Get the SSL Certificate
+
+    nsXPIDLCString hostname;
+    mSocketInfo->GetHostName(getter_Copies(hostname));
+
+    RefPtr<nsClientAuthRememberService> cars =
+      mSocketInfo->SharedState().GetClientAuthRememberService();
+
+    bool hasRemembered = false;
+    nsCString rememberedDBKey;
+    if (cars) {
+      bool found;
+      rv = cars->HasRememberedDecision(hostname,
+                                       mSocketInfo->GetOriginAttributes(),
+                                       mServerCert, rememberedDBKey, &found);
+      if (NS_SUCCEEDED(rv) && found) {
+        hasRemembered = true;
+      }
+    }
+
+    if (hasRemembered && !rememberedDBKey.IsEmpty()) {
+      nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
+      if (certdb) {
+        nsCOMPtr<nsIX509Cert> foundCert;
+        rv = certdb->FindCertByDBKey(rememberedDBKey.get(),
+                                     getter_AddRefs(foundCert));
+        if (NS_SUCCEEDED(rv) && foundCert) {
+          nsNSSCertificate* objCert =
+            BitwiseCast<nsNSSCertificate*, nsIX509Cert*>(foundCert.get());
+          if (objCert) {
+            cert.reset(objCert->GetCert());
+          }
+        }
+
+        if (!cert) {
+          hasRemembered = false;
+        }
+      }
+    }
+
+    if (!hasRemembered) {
+      // user selects a cert to present
+      nsCOMPtr<nsIClientAuthDialogs> dialogs;
+
+      // find all user certs that are for SSL
+      // note that we are allowing expired certs in this list
+      UniqueCERTCertList certList(
+        CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient,
+                                  false, false, wincx));
+      if (!certList) {
+        goto loser;
+      }
+
+      if (mCANames->nnames != 0) {
+        // filter the list to those issued by CAs supported by the server
+        mRV = CERT_FilterCertListByCANames(certList.get(),
+                                           mCANames->nnames,
+                                           caNameStrings,
+                                           certUsageSSLClient);
+        if (mRV != SECSuccess) {
+          goto loser;
+        }
+      }
+
+      if (CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
+        // list is empty - no matching certs
+        goto loser;
+      }
+
+      int32_t port;
+      mSocketInfo->GetPort(&port);
+
+      UniquePORTString corg(CERT_GetOrgName(&mServerCert->subject));
+      nsAutoCString org(corg.get());
+
+      UniquePORTString cissuer(CERT_GetOrgName(&mServerCert->issuer));
+      nsAutoCString issuer(cissuer.get());
+
+      nsCOMPtr<nsIMutableArray> certArray = nsArrayBase::Create();
+      if (!certArray) {
+        goto loser;
+      }
+
+      for (CERTCertListNode* node = CERT_LIST_HEAD(certList);
+           !CERT_LIST_END(node, certList);
+           node = CERT_LIST_NEXT(node)) {
+        nsCOMPtr<nsIX509Cert> tempCert = nsNSSCertificate::Create(node->cert);
+        if (!tempCert) {
+          goto loser;
+        }
+
+        rv = certArray->AppendElement(tempCert, false);
+        if (NS_FAILED(rv)) {
+          goto loser;
+        }
+      }
+
+      // Throw up the client auth dialog and get back the index of the selected cert
+      rv = getNSSDialogs(getter_AddRefs(dialogs),
+                         NS_GET_IID(nsIClientAuthDialogs),
+                         NS_CLIENTAUTHDIALOGS_CONTRACTID);
+
+      if (NS_FAILED(rv)) {
+        goto loser;
+      }
+
+      uint32_t selectedIndex = 0;
+      bool certChosen = false;
+      rv = dialogs->ChooseCertificate(mSocketInfo, hostname, port, org, issuer,
+                                      certArray, &selectedIndex, &certChosen);
+      if (NS_FAILED(rv)) {
+        goto loser;
+      }
+
+      // even if the user has canceled, we want to remember that, to avoid repeating prompts
+      bool wantRemember = false;
+      mSocketInfo->GetRememberClientAuthCertificate(&wantRemember);
+
+      if (certChosen) {
+        nsCOMPtr<nsIX509Cert> selectedCert = do_QueryElementAt(certArray,
+                                                               selectedIndex);
+        if (!selectedCert) {
+          goto loser;
+        }
+        cert.reset(selectedCert->GetCert());
+      }
+
+      if (cars && wantRemember) {
+        cars->RememberDecision(hostname, mSocketInfo->GetOriginAttributes(),
+                               mServerCert, certChosen ? cert.get() : nullptr);
+      }
+    }
+
+    if (!cert) {
+      goto loser;
+    }
+
+    // go get the private key
+    privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx));
+    if (!privKey) {
+      goto loser;
+    }
+  }
+  goto done;
+
+loser:
+  if (mRV == SECSuccess) {
+    mRV = SECFailure;
+  }
+done:
+  int error = PR_GetError();
+
+  *mPRetCert = cert.release();
+  *mPRetKey = privKey.release();
+
+  if (mRV == SECFailure) {
+    mErrorCodeToReport = error;
+  }
+}
+
+static PRFileDesc*
+nsSSLIOLayerImportFD(PRFileDesc* fd,
+                     nsNSSSocketInfo* infoObject,
+                     const char* host)
+{
+  nsNSSShutDownPreventionLock locker;
+  PRFileDesc* sslSock = SSL_ImportFD(nullptr, fd);
+  if (!sslSock) {
+    NS_ASSERTION(false, "NSS: Error importing socket");
+    return nullptr;
+  }
+  SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*) infoObject);
+  SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject);
+  SSL_SetCanFalseStartCallback(sslSock, CanFalseStartCallback, infoObject);
+
+  // Disable this hook if we connect anonymously. See bug 466080.
+  uint32_t flags = 0;
+  infoObject->GetProviderFlags(&flags);
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) {
+      SSL_GetClientAuthDataHook(sslSock, nullptr, infoObject);
+  } else {
+      SSL_GetClientAuthDataHook(sslSock,
+                            (SSLGetClientAuthData) nsNSS_SSLGetClientAuthData,
+                            infoObject);
+  }
+  if (flags & nsISocketProvider::MITM_OK) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] nsSSLIOLayerImportFD: bypass authentication flag\n", fd));
+    infoObject->SetBypassAuthentication(true);
+  }
+  if (SECSuccess != SSL_AuthCertificateHook(sslSock, AuthCertificateHook,
+                                            infoObject)) {
+    NS_NOTREACHED("failed to configure AuthCertificateHook");
+    goto loser;
+  }
+
+  if (SECSuccess != SSL_SetURL(sslSock, host)) {
+    NS_NOTREACHED("SSL_SetURL failed");
+    goto loser;
+  }
+
+  return sslSock;
+loser:
+  if (sslSock) {
+    PR_Close(sslSock);
+  }
+  return nullptr;
+}
+
+static const SSLSignatureScheme sEnabledSignatureSchemes[] = {
+  ssl_sig_ecdsa_secp256r1_sha256,
+  ssl_sig_ecdsa_secp384r1_sha384,
+  ssl_sig_ecdsa_secp521r1_sha512,
+  ssl_sig_rsa_pss_sha256,
+  ssl_sig_rsa_pss_sha384,
+  ssl_sig_rsa_pss_sha512,
+  ssl_sig_rsa_pkcs1_sha256,
+  ssl_sig_rsa_pkcs1_sha384,
+  ssl_sig_rsa_pkcs1_sha512,
+  ssl_sig_ecdsa_sha1,
+  ssl_sig_rsa_pkcs1_sha1,
+};
+
+static nsresult
+nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
+                       bool haveProxy, const char* host, int32_t port,
+                       nsNSSSocketInfo* infoObject)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (forSTARTTLS || haveProxy) {
+    if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  SSLVersionRange range;
+  if (SSL_VersionRangeGet(fd, &range) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if ((infoObject->GetProviderFlags() & nsISocketProvider::BE_CONSERVATIVE) &&
+      (range.max > SSL_LIBRARY_VERSION_TLS_1_2)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] nsSSLIOLayerSetOptions: range.max limited to 1.2 due to BE_CONSERVATIVE flag\n",
+             fd));
+    range.max = SSL_LIBRARY_VERSION_TLS_1_2;
+  }
+
+  uint16_t maxEnabledVersion = range.max;
+  StrongCipherStatus strongCiphersStatus = StrongCipherStatusUnknown;
+  infoObject->SharedState().IOLayerHelpers()
+    .adjustForTLSIntolerance(infoObject->GetHostName(), infoObject->GetPort(),
+                             range, strongCiphersStatus);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] nsSSLIOLayerSetOptions: using TLS version range (0x%04x,0x%04x)%s\n",
+          fd, static_cast<unsigned int>(range.min),
+              static_cast<unsigned int>(range.max),
+          strongCiphersStatus == StrongCiphersFailed ? " with weak ciphers" : ""));
+
+  if (SSL_VersionRangeSet(fd, &range) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  infoObject->SetTLSVersionRange(range);
+
+  if (strongCiphersStatus == StrongCiphersFailed) {
+    nsNSSComponent::UseWeakCiphersOnSocket(fd);
+  }
+
+  // when adjustForTLSIntolerance tweaks the maximum version downward,
+  // we tell the server using this SCSV so they can detect a downgrade attack
+  if (range.max < maxEnabledVersion) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] nsSSLIOLayerSetOptions: enabling TLS_FALLBACK_SCSV\n", fd));
+    // Some servers will choke if we send the fallback SCSV with TLS 1.2.
+    if (range.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+      if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, true)) {
+        return NS_ERROR_FAILURE;
+      }
+    }
+    // tell NSS the max enabled version to make anti-downgrade effective
+    if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  // Include a modest set of named groups.
+  const SSLNamedGroup namedGroups[] = {
+    ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+    ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072
+  };
+  if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups,
+                                         mozilla::ArrayLength(namedGroups))) {
+    return NS_ERROR_FAILURE;
+  }
+  // This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so
+  // that servers are less likely to use HelloRetryRequest.
+  if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 1)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECSuccess != SSL_SignatureSchemePrefSet(fd, sEnabledSignatureSchemes,
+                      mozilla::ArrayLength(sEnabledSignatureSchemes))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled();
+  if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  bool sctsEnabled = infoObject->SharedState().IsSignedCertTimestampsEnabled();
+  if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+      sctsEnabled)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Set the Peer ID so that SSL proxy connections work properly and to
+  // separate anonymous and/or private browsing connections.
+  uint32_t flags = infoObject->GetProviderFlags();
+  nsAutoCString peerId;
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
+    peerId.AppendLiteral("anon:");
+  }
+  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    peerId.AppendLiteral("private:");
+  }
+  if (flags & nsISocketProvider::MITM_OK) {
+    peerId.AppendLiteral("bypassAuth:");
+  }
+  if (flags & nsISocketProvider::BE_CONSERVATIVE) {
+    peerId.AppendLiteral("beConservative:");
+  }
+  peerId.Append(host);
+  peerId.Append(':');
+  peerId.AppendInt(port);
+  nsAutoCString suffix;
+  infoObject->GetOriginAttributes().CreateSuffix(suffix);
+  peerId.Append(suffix);
+  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsSSLIOLayerAddToSocket(int32_t family,
+                        const char* host,
+                        int32_t port,
+                        nsIProxyInfo* proxy,
+                        const NeckoOriginAttributes& originAttributes,
+                        PRFileDesc* fd,
+                        nsISupports** info,
+                        bool forSTARTTLS,
+                        uint32_t providerFlags)
+{
+  nsNSSShutDownPreventionLock locker;
+  PRFileDesc* layer = nullptr;
+  PRFileDesc* plaintextLayer = nullptr;
+  nsresult rv;
+  PRStatus stat;
+
+  SharedSSLState* sharedState =
+    providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE ? PrivateSSLState() : PublicSSLState();
+  nsNSSSocketInfo* infoObject = new nsNSSSocketInfo(*sharedState, providerFlags);
+  if (!infoObject) return NS_ERROR_FAILURE;
+
+  NS_ADDREF(infoObject);
+  infoObject->SetForSTARTTLS(forSTARTTLS);
+  infoObject->SetHostName(host);
+  infoObject->SetPort(port);
+  infoObject->SetOriginAttributes(originAttributes);
+
+  bool haveProxy = false;
+  if (proxy) {
+    nsCString proxyHost;
+    proxy->GetHost(proxyHost);
+    haveProxy = !proxyHost.IsEmpty();
+  }
+
+  // A plaintext observer shim is inserted so we can observe some protocol
+  // details without modifying nss
+  plaintextLayer = PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity,
+                                        &nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods);
+  if (plaintextLayer) {
+    plaintextLayer->secret = (PRFilePrivate*) infoObject;
+    stat = PR_PushIOLayer(fd, PR_TOP_IO_LAYER, plaintextLayer);
+    if (stat == PR_FAILURE) {
+      plaintextLayer->dtor(plaintextLayer);
+      plaintextLayer = nullptr;
+    }
+  }
+
+  PRFileDesc* sslSock = nsSSLIOLayerImportFD(fd, infoObject, host);
+  if (!sslSock) {
+    NS_ASSERTION(false, "NSS: Error importing socket");
+    goto loser;
+  }
+
+  infoObject->SetFileDescPtr(sslSock);
+
+  rv = nsSSLIOLayerSetOptions(sslSock, forSTARTTLS, haveProxy, host, port,
+                              infoObject);
+
+  if (NS_FAILED(rv))
+    goto loser;
+
+  // Now, layer ourselves on top of the SSL socket...
+  layer = PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLIOLayerIdentity,
+                               &nsSSLIOLayerHelpers::nsSSLIOLayerMethods);
+  if (!layer)
+    goto loser;
+
+  layer->secret = (PRFilePrivate*) infoObject;
+  stat = PR_PushIOLayer(sslSock, PR_GetLayersIdentity(sslSock), layer);
+
+  if (stat == PR_FAILURE) {
+    goto loser;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Socket set up\n", (void*) sslSock));
+  infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**) (info));
+
+  // We are going use a clear connection first //
+  if (forSTARTTLS || haveProxy) {
+    infoObject->SetHandshakeNotPending();
+  }
+
+  infoObject->SharedState().NoteSocketCreated();
+
+  return NS_OK;
+ loser:
+  NS_IF_RELEASE(infoObject);
+  if (layer) {
+    layer->dtor(layer);
+  }
+  if (plaintextLayer) {
+    PR_PopIOLayer(fd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    plaintextLayer->dtor(plaintextLayer);
+  }
+  return NS_ERROR_FAILURE;
+}
diff --git a/security/manager/ssl/nsNSSIOLayer.h b/security/manager/ssl/nsNSSIOLayer.h
new file mode 100644
index 000000000..b0b6281a8
--- /dev/null
+++ b/security/manager/ssl/nsNSSIOLayer.h
@@ -0,0 +1,263 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSIOLayer_h
+#define nsNSSIOLayer_h
+
+#include "TransportSecurityInfo.h"
+#include "mozilla/TimeStamp.h"
+#include "nsCOMPtr.h"
+#include "nsDataHashtable.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsIProxyInfo.h"
+#include "nsISSLSocketControl.h"
+#include "nsNSSCertificate.h"
+#include "nsTHashtable.h"
+#include "sslt.h"
+
+namespace mozilla {
+class NeckoOriginAttributes;
+namespace psm {
+class SharedSSLState;
+} // namespace psm
+} // namespace mozilla
+
+using mozilla::NeckoOriginAttributes;
+
+class nsIObserver;
+
+class nsNSSSocketInfo final : public mozilla::psm::TransportSecurityInfo,
+                              public nsISSLSocketControl,
+                              public nsIClientAuthUserDecision
+{
+public:
+  nsNSSSocketInfo(mozilla::psm::SharedSSLState& aState, uint32_t providerFlags);
+
+  NS_DECL_ISUPPORTS_INHERITED
+  NS_DECL_NSISSLSOCKETCONTROL
+  NS_DECL_NSICLIENTAUTHUSERDECISION
+
+  void SetForSTARTTLS(bool aForSTARTTLS);
+  bool GetForSTARTTLS();
+
+  nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
+  nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
+
+  bool IsHandshakePending() const { return mHandshakePending; }
+  void SetHandshakeNotPending() { mHandshakePending = false; }
+
+  void SetTLSVersionRange(SSLVersionRange range) { mTLSVersionRange = range; }
+  SSLVersionRange GetTLSVersionRange() const { return mTLSVersionRange; };
+
+  PRStatus CloseSocketAndDestroy(
+                const nsNSSShutDownPreventionLock& proofOfLock);
+
+  void SetNegotiatedNPN(const char* value, uint32_t length);
+  void SetEarlyDataAccepted(bool aAccepted);
+
+  void SetHandshakeCompleted();
+  void NoteTimeUntilReady();
+
+
+  void SetFalseStartCallbackCalled() { mFalseStartCallbackCalled = true; }
+  void SetFalseStarted() { mFalseStarted = true; }
+
+  // Note that this is only valid *during* a handshake; at the end of the handshake,
+  // it gets reset back to false.
+  void SetFullHandshake() { mIsFullHandshake = true; }
+  bool IsFullHandshake() const { return mIsFullHandshake; }
+
+  bool GetJoined() { return mJoined; }
+  void SetSentClientCert() { mSentClientCert = true; }
+
+  uint32_t GetProviderFlags() const { return mProviderFlags; }
+
+  mozilla::psm::SharedSSLState& SharedState();
+
+  // XXX: These are only used on for diagnostic purposes
+  enum CertVerificationState {
+    before_cert_verification,
+    waiting_for_cert_verification,
+    after_cert_verification
+  };
+  void SetCertVerificationWaiting();
+  // Use errorCode == 0 to indicate success; in that case, errorMessageType is
+  // ignored.
+  void SetCertVerificationResult(PRErrorCode errorCode,
+              ::mozilla::psm::SSLErrorMessageType errorMessageType);
+
+  // for logging only
+  PRBool IsWaitingForCertVerification() const
+  {
+    return mCertVerificationState == waiting_for_cert_verification;
+  }
+  void AddPlaintextBytesRead(uint64_t val) { mPlaintextBytesRead += val; }
+
+  bool IsPreliminaryHandshakeDone() const { return mPreliminaryHandshakeDone; }
+  void SetPreliminaryHandshakeDone() { mPreliminaryHandshakeDone = true; }
+
+  void SetKEAUsed(uint16_t kea) { mKEAUsed = kea; }
+
+  void SetKEAKeyBits(uint32_t keaBits) { mKEAKeyBits = keaBits; }
+
+  void SetBypassAuthentication(bool val)
+  {
+    if (!mHandshakeCompleted) {
+      mBypassAuthentication = val;
+    }
+  }
+
+  void SetSSLVersionUsed(int16_t version)
+  {
+    mSSLVersionUsed = version;
+  }
+
+  void SetMACAlgorithmUsed(int16_t mac) { mMACAlgorithmUsed = mac; }
+
+protected:
+  virtual ~nsNSSSocketInfo();
+
+private:
+  PRFileDesc* mFd;
+
+  CertVerificationState mCertVerificationState;
+
+  mozilla::psm::SharedSSLState& mSharedState;
+  bool mForSTARTTLS;
+  SSLVersionRange mTLSVersionRange;
+  bool mHandshakePending;
+  bool mRememberClientAuthCertificate;
+  bool mPreliminaryHandshakeDone; // after false start items are complete
+
+  nsresult ActivateSSL();
+
+  nsCString mNegotiatedNPN;
+  bool      mNPNCompleted;
+  bool      mEarlyDataAccepted;
+  bool      mFalseStartCallbackCalled;
+  bool      mFalseStarted;
+  bool      mIsFullHandshake;
+  bool      mHandshakeCompleted;
+  bool      mJoined;
+  bool      mSentClientCert;
+  bool      mNotedTimeUntilReady;
+  bool      mFailedVerification;
+
+  // mKEA* are used in false start and http/2 detetermination
+  // Values are from nsISSLSocketControl
+  int16_t mKEAUsed;
+  uint32_t mKEAKeyBits;
+  int16_t mSSLVersionUsed;
+  int16_t mMACAlgorithmUsed;
+  bool    mBypassAuthentication;
+
+  uint32_t mProviderFlags;
+  mozilla::TimeStamp mSocketCreationTimestamp;
+  uint64_t mPlaintextBytesRead;
+
+  nsCOMPtr<nsIX509Cert> mClientCert;
+};
+
+enum StrongCipherStatus {
+  StrongCipherStatusUnknown,
+  StrongCiphersWorked,
+  StrongCiphersFailed
+};
+
+class nsSSLIOLayerHelpers
+{
+public:
+  nsSSLIOLayerHelpers();
+  ~nsSSLIOLayerHelpers();
+
+  nsresult Init();
+  void Cleanup();
+
+  static bool nsSSLIOLayerInitialized;
+  static PRDescIdentity nsSSLIOLayerIdentity;
+  static PRDescIdentity nsSSLPlaintextLayerIdentity;
+  static PRIOMethods nsSSLIOLayerMethods;
+  static PRIOMethods nsSSLPlaintextLayerMethods;
+
+  bool mTreatUnsafeNegotiationAsBroken;
+
+  void setTreatUnsafeNegotiationAsBroken(bool broken);
+  bool treatUnsafeNegotiationAsBroken();
+
+private:
+  struct IntoleranceEntry
+  {
+    uint16_t tolerant;
+    uint16_t intolerant;
+    PRErrorCode intoleranceReason;
+    StrongCipherStatus strongCipherStatus;
+
+    void AssertInvariant() const
+    {
+      MOZ_ASSERT(intolerant == 0 || tolerant < intolerant);
+    }
+  };
+  nsDataHashtable<nsCStringHashKey, IntoleranceEntry> mTLSIntoleranceInfo;
+  // Sites that require insecure fallback to TLS 1.0, set by the pref
+  // security.tls.insecure_fallback_hosts, which is a comma-delimited
+  // list of domain names.
+  nsTHashtable<nsCStringHashKey> mInsecureFallbackSites;
+public:
+  void rememberTolerantAtVersion(const nsACString& hostname, int16_t port,
+                                 uint16_t tolerant);
+  bool fallbackLimitReached(const nsACString& hostname, uint16_t intolerant);
+  bool rememberIntolerantAtVersion(const nsACString& hostname, int16_t port,
+                                   uint16_t intolerant, uint16_t minVersion,
+                                   PRErrorCode intoleranceReason);
+  bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port,
+                                   PRErrorCode intoleranceReason);
+  void forgetIntolerance(const nsACString& hostname, int16_t port);
+  void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
+                               /*in/out*/ SSLVersionRange& range,
+                               /*out*/ StrongCipherStatus& strongCipherStatus);
+  PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port);
+
+  void clearStoredData();
+  void loadVersionFallbackLimit();
+  void setInsecureFallbackSites(const nsCString& str);
+  void initInsecureFallbackSites();
+  bool isPublic() const;
+  void addInsecureFallbackSite(const nsCString& hostname, bool temporary);
+  void removeInsecureFallbackSite(const nsACString& hostname, uint16_t port);
+  bool isInsecureFallbackSite(const nsACString& hostname);
+
+  bool mFalseStartRequireNPN;
+  bool mUnrestrictedRC4Fallback;
+  uint16_t mVersionFallbackLimit;
+private:
+  mozilla::Mutex mutex;
+  nsCOMPtr<nsIObserver> mPrefObserver;
+};
+
+nsresult nsSSLIOLayerNewSocket(int32_t family,
+                               const char* host,
+                               int32_t port,
+                               nsIProxyInfo *proxy,
+                               const NeckoOriginAttributes& originAttributes,
+                               PRFileDesc** fd,
+                               nsISupports** securityInfo,
+                               bool forSTARTTLS,
+                               uint32_t flags);
+
+nsresult nsSSLIOLayerAddToSocket(int32_t family,
+                                 const char* host,
+                                 int32_t port,
+                                 nsIProxyInfo *proxy,
+                                 const NeckoOriginAttributes& originAttributes,
+                                 PRFileDesc* fd,
+                                 nsISupports** securityInfo,
+                                 bool forSTARTTLS,
+                                 uint32_t flags);
+
+nsresult nsSSLIOLayerFreeTLSIntolerantSites();
+nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo* infoObject, int error);
+
+#endif // nsNSSIOLayer_h
diff --git a/security/manager/ssl/nsNSSModule.cpp b/security/manager/ssl/nsNSSModule.cpp
new file mode 100644
index 000000000..e43d7d23d
--- /dev/null
+++ b/security/manager/ssl/nsNSSModule.cpp
@@ -0,0 +1,348 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertBlocklist.h"
+#include "ContentSignatureVerifier.h"
+#include "NSSErrorsService.h"
+#include "PSMContentListener.h"
+#include "SecretDecoderRing.h"
+#include "TransportSecurityInfo.h"
+#include "WeakCryptoOverride.h"
+#include "mozilla/ModuleUtils.h"
+#include "nsCURILoader.h"
+#include "nsCertOverrideService.h"
+#include "nsCrypto.h"
+#include "nsCryptoHash.h"
+#include "nsDOMCID.h" // For the NS_CRYPTO_CONTRACTID define
+#include "nsDataSignatureVerifier.h"
+#include "nsICategoryManager.h"
+#include "nsKeyModule.h"
+#include "nsKeygenHandler.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSCertificateDB.h"
+#include "nsNSSCertificateFakeTransport.h"
+#include "nsNSSComponent.h"
+#include "nsNSSU2FToken.h"
+#include "nsNSSVersion.h"
+#include "nsNTLMAuthModule.h"
+#include "nsNetCID.h"
+#include "nsPK11TokenDB.h"
+#include "nsPKCS11Slot.h"
+#include "nsRandomGenerator.h"
+#include "nsSSLSocketProvider.h"
+#include "nsSSLStatus.h"
+#include "nsSecureBrowserUIImpl.h"
+#include "nsSiteSecurityService.h"
+#include "nsTLSSocketProvider.h"
+#include "nsXULAppAPI.h"
+
+#ifdef MOZ_XUL
+#include "nsCertTree.h"
+#endif
+
+#define NS_IS_PROCESS_DEFAULT                                                 \
+    (GeckoProcessType_Default == XRE_GetProcessType())
+
+#define NS_NSS_INSTANTIATE(ensureOperator, _InstanceClass)                    \
+    PR_BEGIN_MACRO                                                            \
+        _InstanceClass * inst;                                                \
+        inst = new _InstanceClass();                                          \
+        NS_ADDREF(inst);                                                      \
+        rv = inst->QueryInterface(aIID, aResult);                             \
+        NS_RELEASE(inst);                                                     \
+    PR_END_MACRO
+
+#define NS_NSS_INSTANTIATE_INIT(ensureOperator, _InstanceClass, _InitMethod)  \
+    PR_BEGIN_MACRO                                                            \
+        _InstanceClass * inst;                                                \
+        inst = new _InstanceClass();                                          \
+        NS_ADDREF(inst);                                                      \
+        rv = inst->_InitMethod();                                             \
+        if(NS_SUCCEEDED(rv)) {                                                \
+            rv = inst->QueryInterface(aIID, aResult);                         \
+        }                                                                     \
+        NS_RELEASE(inst);                                                     \
+   PR_END_MACRO
+
+
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(ensureOperator,                    \
+                                           _InstanceClass)                    \
+   NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator,               \
+                                                _InstanceClass,               \
+                                                _InstanceClass)
+
+// These two macros are ripped off from nsIGenericFactory.h and slightly
+// modified.
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator,          \
+                                                     _InstanceClassChrome,    \
+                                                     _InstanceClassContent)   \
+static nsresult                                                               \
+_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID,         \
+                                  void **aResult)                             \
+{                                                                             \
+    nsresult rv;                                                              \
+                                                                              \
+    *aResult = nullptr;                                                          \
+    if (nullptr != aOuter) {                                                     \
+        rv = NS_ERROR_NO_AGGREGATION;                                         \
+        return rv;                                                            \
+    }                                                                         \
+                                                                              \
+    if (!NS_IS_PROCESS_DEFAULT &&                                             \
+        ensureOperator == nssEnsureChromeOrContent) {                         \
+        if (!EnsureNSSInitializedChromeOrContent()) {                         \
+            return NS_ERROR_FAILURE;                                          \
+        }                                                                     \
+    } else if (!EnsureNSSInitialized(ensureOperator)) {                       \
+        return NS_ERROR_FAILURE;                                              \
+    }                                                                         \
+                                                                              \
+    if (NS_IS_PROCESS_DEFAULT)                                                \
+        NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassChrome);             \
+    else                                                                      \
+        NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassContent);            \
+                                                                              \
+    if (ensureOperator == nssLoadingComponent)                                \
+    {                                                                         \
+        if (NS_SUCCEEDED(rv))                                                 \
+            EnsureNSSInitialized(nssInitSucceeded);                           \
+        else                                                                  \
+            EnsureNSSInitialized(nssInitFailed);                              \
+    }                                                                         \
+                                                                              \
+    return rv;                                                                \
+}
+
+ 
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(ensureOperator,               \
+                                                _InstanceClass,               \
+                                                _InitMethod)                  \
+    NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator,         \
+                                                      _InstanceClass,         \
+                                                      _InstanceClass,         \
+                                                      _InitMethod)
+
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator,     \
+                                                _InstanceClassChrome,         \
+                                                _InstanceClassContent,        \
+                                                _InitMethod)                  \
+static nsresult                                                               \
+_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID,         \
+                                  void **aResult)                             \
+{                                                                             \
+    nsresult rv;                                                              \
+                                                                              \
+    *aResult = nullptr;                                                       \
+    if (nullptr != aOuter) {                                                  \
+        rv = NS_ERROR_NO_AGGREGATION;                                         \
+        return rv;                                                            \
+    }                                                                         \
+                                                                              \
+    if (!NS_IS_PROCESS_DEFAULT &&                                             \
+        ensureOperator == nssEnsureChromeOrContent) {                         \
+        if (!EnsureNSSInitializedChromeOrContent()) {                         \
+            return NS_ERROR_FAILURE;                                          \
+        }                                                                     \
+    } else if (!EnsureNSSInitialized(ensureOperator)) {                       \
+        return NS_ERROR_FAILURE;                                              \
+    }                                                                         \
+                                                                              \
+    if (NS_IS_PROCESS_DEFAULT)                                                \
+        NS_NSS_INSTANTIATE_INIT(ensureOperator,                               \
+                                _InstanceClassChrome,                         \
+                                _InitMethod);                                 \
+    else                                                                      \
+        NS_NSS_INSTANTIATE_INIT(ensureOperator,                               \
+                                _InstanceClassContent,                        \
+                                _InitMethod);                                 \
+                                                                              \
+    if (ensureOperator == nssLoadingComponent)                                \
+    {                                                                         \
+        if (NS_SUCCEEDED(rv))                                                 \
+            EnsureNSSInitialized(nssInitSucceeded);                           \
+        else                                                                  \
+            EnsureNSSInitialized(nssInitFailed);                              \
+    }                                                                         \
+                                                                              \
+    return rv;                                                                \
+}
+
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssLoadingComponent, nsNSSComponent,
+                                        Init)
+
+using namespace mozilla::psm;
+
+namespace {
+
+// Use the special factory constructor for everything this module implements,
+// because all code could potentially require the NSS library.
+// Our factory constructor takes an additional boolean parameter.
+// Only for the nsNSSComponent, set this to true.
+// All other classes must have this set to false.
+
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsSSLSocketProvider)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsTLSSocketProvider)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, SecretDecoderRing)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPK11TokenDB)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPKCS11ModuleDB)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
+                                             nsNSSCertificate,
+                                             nsNSSCertificateFakeTransport)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertificateDB)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
+                                             nsNSSCertList,
+                                             nsNSSCertListFakeTransport)
+#ifdef MOZ_XUL
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree)
+#endif
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHMAC)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObject)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObjectFactory)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, ContentSignatureVerifier)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsRandomGenerator)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNSSU2FToken, Init)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo)
+
+typedef mozilla::psm::NSSErrorsService NSSErrorsService;
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSVersion)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCertOverrideService, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR(WeakCryptoOverride)
+
+NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID);
+NS_DEFINE_NAMED_CID(NS_SSLSOCKETPROVIDER_CID);
+NS_DEFINE_NAMED_CID(NS_STARTTLSSOCKETPROVIDER_CID);
+NS_DEFINE_NAMED_CID(NS_SECRETDECODERRING_CID);
+NS_DEFINE_NAMED_CID(NS_PK11TOKENDB_CID);
+NS_DEFINE_NAMED_CID(NS_PKCS11MODULEDB_CID);
+NS_DEFINE_NAMED_CID(NS_PSMCONTENTLISTEN_CID);
+NS_DEFINE_NAMED_CID(NS_X509CERT_CID);
+NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID);
+NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID);
+NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID);
+#ifdef MOZ_XUL
+NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
+#endif
+NS_DEFINE_NAMED_CID(NS_PKCS11_CID);
+NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
+NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
+NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
+NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
+NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
+NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
+NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
+NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
+NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
+NS_DEFINE_NAMED_CID(NS_NSSU2FTOKEN_CID);
+NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
+NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
+NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
+NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
+NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
+NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
+NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
+NS_DEFINE_NAMED_CID(NS_WEAKCRYPTOOVERRIDE_CID);
+
+static const mozilla::Module::CIDEntry kNSSCIDs[] = {
+  { &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor },
+  { &kNS_SSLSOCKETPROVIDER_CID, false, nullptr, nsSSLSocketProviderConstructor },
+  { &kNS_STARTTLSSOCKETPROVIDER_CID, false, nullptr, nsTLSSocketProviderConstructor },
+  { &kNS_SECRETDECODERRING_CID, false, nullptr, SecretDecoderRingConstructor },
+  { &kNS_PK11TOKENDB_CID, false, nullptr, nsPK11TokenDBConstructor },
+  { &kNS_PKCS11MODULEDB_CID, false, nullptr, nsPKCS11ModuleDBConstructor },
+  { &kNS_PSMCONTENTLISTEN_CID, false, nullptr, PSMContentListenerConstructor },
+  { &kNS_X509CERT_CID, false, nullptr, nsNSSCertificateConstructor },
+  { &kNS_X509CERTDB_CID, false, nullptr, nsNSSCertificateDBConstructor },
+  { &kNS_X509CERTLIST_CID, false, nullptr, nsNSSCertListConstructor },
+  { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
+#ifdef MOZ_XUL
+  { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor },
+#endif
+  { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor },
+  { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
+  { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
+  { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
+  { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
+  { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
+  { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
+  { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr, ContentSignatureVerifierConstructor },
+  { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
+  { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
+  { &kNS_NSSU2FTOKEN_CID, false, nullptr, nsNSSU2FTokenConstructor },
+  { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor },
+  { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor },
+  { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor },
+  { &kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor },
+  { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
+  { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
+  { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor},
+  { &kNS_WEAKCRYPTOOVERRIDE_CID, false, nullptr, WeakCryptoOverrideConstructor },
+  { nullptr }
+};
+
+static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
+  { PSM_COMPONENT_CONTRACTID, &kNS_NSSCOMPONENT_CID },
+  { NS_NSS_ERRORS_SERVICE_CONTRACTID, &kNS_NSSERRORSSERVICE_CID },
+  { NS_NSSVERSION_CONTRACTID, &kNS_NSSVERSION_CID },
+  { NS_SSLSOCKETPROVIDER_CONTRACTID, &kNS_SSLSOCKETPROVIDER_CID },
+  { NS_STARTTLSSOCKETPROVIDER_CONTRACTID, &kNS_STARTTLSSOCKETPROVIDER_CID },
+  { NS_SECRETDECODERRING_CONTRACTID, &kNS_SECRETDECODERRING_CID },
+  { NS_PK11TOKENDB_CONTRACTID, &kNS_PK11TOKENDB_CID },
+  { NS_PKCS11MODULEDB_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
+  { NS_PSMCONTENTLISTEN_CONTRACTID, &kNS_PSMCONTENTLISTEN_CID },
+  { NS_X509CERTDB_CONTRACTID, &kNS_X509CERTDB_CID },
+  { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID },
+  { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID },
+#ifdef MOZ_XUL
+  { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID },
+#endif
+  { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID },
+  { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
+  { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
+  { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
+  { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
+  { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
+  { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
+  { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
+  { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
+  { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },
+  { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
+  { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
+  { NS_NSSU2FTOKEN_CONTRACTID, &kNS_NSSU2FTOKEN_CID },
+  { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
+  { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
+  { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
+  { NS_WEAKCRYPTOOVERRIDE_CONTRACTID, &kNS_WEAKCRYPTOOVERRIDE_CID },
+  { nullptr }
+};
+
+static const mozilla::Module::CategoryEntry kNSSCategories[] = {
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-ca-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-server-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { nullptr }
+};
+
+static const mozilla::Module kNSSModule = {
+  mozilla::Module::kVersion,
+  kNSSCIDs,
+  kNSSContracts,
+  kNSSCategories
+};
+
+} // unnamed namespace
+
+NSMODULE_DEFN(NSS) = &kNSSModule;
diff --git a/security/manager/ssl/nsNSSShutDown.cpp b/security/manager/ssl/nsNSSShutDown.cpp
new file mode 100644
index 000000000..cffebac1e
--- /dev/null
+++ b/security/manager/ssl/nsNSSShutDown.cpp
@@ -0,0 +1,288 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSShutDown.h"
+
+#include "mozilla/Casting.h"
+#include "nsCOMPtr.h"
+
+using namespace mozilla;
+
+extern LazyLogModule gPIPNSSLog;
+
+struct ObjectHashEntry : PLDHashEntryHdr {
+  nsNSSShutDownObject *obj;
+};
+
+static bool
+ObjectSetMatchEntry(const PLDHashEntryHdr *hdr, const void *key)
+{
+  const ObjectHashEntry *entry = static_cast<const ObjectHashEntry*>(hdr);
+  return entry->obj == static_cast<const nsNSSShutDownObject*>(key);
+}
+
+static void
+ObjectSetInitEntry(PLDHashEntryHdr *hdr, const void *key)
+{
+  ObjectHashEntry *entry = static_cast<ObjectHashEntry*>(hdr);
+  entry->obj = const_cast<nsNSSShutDownObject*>(static_cast<const nsNSSShutDownObject*>(key));
+}
+
+static const PLDHashTableOps gSetOps = {
+  PLDHashTable::HashVoidPtrKeyStub,
+  ObjectSetMatchEntry,
+  PLDHashTable::MoveEntryStub,
+  PLDHashTable::ClearEntryStub,
+  ObjectSetInitEntry
+};
+
+StaticMutex sListLock;
+Atomic<bool> sInShutdown(false);
+nsNSSShutDownList *singleton = nullptr;
+
+nsNSSShutDownList::nsNSSShutDownList()
+  : mObjects(&gSetOps, sizeof(ObjectHashEntry))
+  , mPK11LogoutCancelObjects(&gSetOps, sizeof(ObjectHashEntry))
+{
+}
+
+nsNSSShutDownList::~nsNSSShutDownList()
+{
+  PR_ASSERT(this == singleton);
+  singleton = nullptr;
+}
+
+void nsNSSShutDownList::remember(nsNSSShutDownObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!nsNSSShutDownList::construct(lock)) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mObjects.Add(o, fallible);
+}
+
+void nsNSSShutDownList::forget(nsNSSShutDownObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!singleton) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mObjects.Remove(o);
+}
+
+void nsNSSShutDownList::remember(nsOnPK11LogoutCancelObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!nsNSSShutDownList::construct(lock)) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mPK11LogoutCancelObjects.Add(o, fallible);
+}
+
+void nsNSSShutDownList::forget(nsOnPK11LogoutCancelObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!singleton) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mPK11LogoutCancelObjects.Remove(o);
+}
+
+nsresult nsNSSShutDownList::doPK11Logout()
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!singleton) {
+    return NS_OK;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("canceling all open SSL sockets to disallow future IO\n"));
+
+  // During our iteration we will set a bunch of PRBools to true.
+  // Nobody else ever modifies that bool, only we do.
+  // We only must ensure that our objects do not go away.
+  // This is guaranteed by holding the list lock.
+
+  for (auto iter = singleton->mPK11LogoutCancelObjects.Iter();
+       !iter.Done();
+       iter.Next()) {
+    auto entry = static_cast<ObjectHashEntry*>(iter.Get());
+    nsOnPK11LogoutCancelObject* pklco =
+      BitwiseCast<nsOnPK11LogoutCancelObject*, nsNSSShutDownObject*>(entry->obj);
+    if (pklco) {
+      pklco->logout();
+    }
+  }
+
+  return NS_OK;
+}
+
+nsresult nsNSSShutDownList::evaporateAllNSSResources()
+{
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  StaticMutexAutoLock lock(sListLock);
+  // Other threads can acquire an nsNSSShutDownPreventionLock and cause this
+  // thread to block when it calls restructActivityToCurrentThread, below. If
+  // those other threads then attempt to create an object that must be
+  // remembered by the shut down list, they will call
+  // nsNSSShutDownList::remember, which attempts to acquire sListLock.
+  // Consequently, holding sListLock while we're in
+  // restrictActivityToCurrentThread would result in deadlock. sListLock
+  // protects the singleton, so if we enforce that the singleton only be created
+  // and destroyed on the main thread, and if we similarly enforce that this
+  // function is only called on the main thread, what we can do is check that
+  // the singleton hasn't already gone away and then we don't actually have to
+  // hold sListLock while calling restrictActivityToCurrentThread.
+  if (!singleton) {
+    return NS_OK;
+  }
+
+  {
+    StaticMutexAutoUnlock unlock(sListLock);
+    PRStatus rv = singleton->mActivityState.restrictActivityToCurrentThread();
+    if (rv != PR_SUCCESS) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to restrict activity to current thread"));
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("now evaporating NSS resources"));
+
+  // Never free more than one entry, because other threads might be calling
+  // us and remove themselves while we are iterating over the list,
+  // and the behaviour of changing the list while iterating is undefined.
+  while (singleton) {
+    auto iter = singleton->mObjects.Iter();
+    if (iter.Done()) {
+      break;
+    }
+    auto entry = static_cast<ObjectHashEntry*>(iter.Get());
+    {
+      StaticMutexAutoUnlock unlock(sListLock);
+      entry->obj->shutdown(nsNSSShutDownObject::ShutdownCalledFrom::List);
+    }
+    iter.Remove();
+  }
+
+  if (!singleton) {
+    return NS_ERROR_FAILURE;
+  }
+
+  singleton->mActivityState.releaseCurrentThreadActivityRestriction();
+  return NS_OK;
+}
+
+void nsNSSShutDownList::enterActivityState()
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (nsNSSShutDownList::construct(lock)) {
+    singleton->mActivityState.enter();
+  }
+}
+
+void nsNSSShutDownList::leaveActivityState()
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (singleton) {
+    singleton->mActivityState.leave();
+  }
+}
+
+bool nsNSSShutDownList::construct(const StaticMutexAutoLock& /*proofOfLock*/)
+{
+  if (!singleton && !sInShutdown && XRE_IsParentProcess()) {
+    singleton = new nsNSSShutDownList();
+  }
+
+  return !!singleton;
+}
+
+void nsNSSShutDownList::shutdown()
+{
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  StaticMutexAutoLock lock(sListLock);
+  sInShutdown = true;
+
+  if (singleton) {
+    delete singleton;
+  }
+}
+
+nsNSSActivityState::nsNSSActivityState()
+:mNSSActivityStateLock("nsNSSActivityState.mNSSActivityStateLock"), 
+ mNSSActivityChanged(mNSSActivityStateLock,
+                     "nsNSSActivityState.mNSSActivityStateLock"),
+ mNSSActivityCounter(0),
+ mNSSRestrictedThread(nullptr)
+{
+}
+
+nsNSSActivityState::~nsNSSActivityState()
+{
+}
+
+void nsNSSActivityState::enter()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  while (mNSSRestrictedThread && mNSSRestrictedThread != PR_GetCurrentThread()) {
+    mNSSActivityChanged.Wait();
+  }
+
+  ++mNSSActivityCounter;
+}
+
+void nsNSSActivityState::leave()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  --mNSSActivityCounter;
+
+  mNSSActivityChanged.NotifyAll();
+}
+
+PRStatus nsNSSActivityState::restrictActivityToCurrentThread()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  while (mNSSActivityCounter > 0) {
+    mNSSActivityChanged.Wait(PR_TicksPerSecond());
+  }
+
+  mNSSRestrictedThread = PR_GetCurrentThread();
+
+  return PR_SUCCESS;
+}
+
+void nsNSSActivityState::releaseCurrentThreadActivityRestriction()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  mNSSRestrictedThread = nullptr;
+
+  mNSSActivityChanged.NotifyAll();
+}
+
+nsNSSShutDownPreventionLock::nsNSSShutDownPreventionLock()
+{
+  nsNSSShutDownList::enterActivityState();
+}
+
+nsNSSShutDownPreventionLock::~nsNSSShutDownPreventionLock()
+{
+  nsNSSShutDownList::leaveActivityState();
+}
diff --git a/security/manager/ssl/nsNSSShutDown.h b/security/manager/ssl/nsNSSShutDown.h
new file mode 100644
index 000000000..00d017239
--- /dev/null
+++ b/security/manager/ssl/nsNSSShutDown.h
@@ -0,0 +1,271 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSShutDown_h
+#define nsNSSShutDown_h
+
+#include "PLDHashTable.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/CondVar.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/StaticMutex.h"
+#include "nscore.h"
+#include "nspr.h"
+
+class nsNSSShutDownObject;
+class nsOnPK11LogoutCancelObject;
+
+// Singleton, owned by nsNSSShutDownList
+class nsNSSActivityState
+{
+public:
+  nsNSSActivityState();
+  ~nsNSSActivityState();
+
+  // Call enter/leave when PSM enters a scope during which
+  // shutting down NSS is prohibited.
+  void enter();
+  void leave();
+  // Wait for all activity to stop, and block any other thread on entering
+  // relevant PSM code.
+  PRStatus restrictActivityToCurrentThread();
+
+  // Go back to normal state.
+  void releaseCurrentThreadActivityRestriction();
+
+private:
+  // The lock protecting all our member variables.
+  mozilla::Mutex mNSSActivityStateLock;
+
+  // The activity variable, bound to our lock,
+  // used either to signal the activity counter reaches zero,
+  // or a thread restriction has been released.
+  mozilla::CondVar mNSSActivityChanged;
+
+  // The number of active scopes holding resources.
+  int mNSSActivityCounter;
+
+  // nullptr means "no restriction"
+  // if not null, activity is only allowed on that thread
+  PRThread* mNSSRestrictedThread;
+};
+
+// Helper class that automatically enters/leaves the global activity state
+class nsNSSShutDownPreventionLock
+{
+public:
+  nsNSSShutDownPreventionLock();
+  ~nsNSSShutDownPreventionLock();
+};
+
+// Singleton, used by nsNSSComponent to track the list of PSM objects,
+// which hold NSS resources and support the "early cleanup mechanism".
+class nsNSSShutDownList
+{
+public:
+  static void shutdown();
+
+  // track instances that support early cleanup
+  static void remember(nsNSSShutDownObject *o);
+  static void forget(nsNSSShutDownObject *o);
+
+  // track instances that would like notification when
+  // a PK11 logout operation is performed.
+  static void remember(nsOnPK11LogoutCancelObject *o);
+  static void forget(nsOnPK11LogoutCancelObject *o);
+
+  // Do the "early cleanup", if possible.
+  static nsresult evaporateAllNSSResources();
+
+  // PSM has been asked to log out of a token.
+  // Notify all registered instances that want to react to that event.
+  static nsresult doPK11Logout();
+
+  // Signal entering/leaving a scope where shutting down NSS is prohibited.
+  static void enterActivityState();
+  static void leaveActivityState();
+
+private:
+  static bool construct(const mozilla::StaticMutexAutoLock& /*proofOfLock*/);
+
+  nsNSSShutDownList();
+  ~nsNSSShutDownList();
+
+protected:
+  PLDHashTable mObjects;
+  PLDHashTable mPK11LogoutCancelObjects;
+  nsNSSActivityState mActivityState;
+};
+
+/*
+  A class deriving from nsNSSShutDownObject will have its instances
+  automatically tracked in a list. However, it must follow some rules
+  to assure correct behaviour.
+
+  The tricky part is that it is not possible to call virtual
+  functions from a destructor.
+
+  The deriving class must override virtualDestroyNSSReference().
+  Within this function, it should clean up all resources held to NSS.
+  The function will be called by the global list, if it is time to
+  shut down NSS before all references have been freed.
+
+  The same code that goes into virtualDestroyNSSReference must
+  also be called from the destructor of the deriving class,
+  which is the standard cleanup (not called from the tracking list).
+
+  Because of that duplication, it is suggested to implement a
+  function destructorSafeDestroyNSSReference() in the deriving
+  class, and make the implementation of virtualDestroyNSSReference()
+  call destructorSafeDestroyNSSReference().
+
+  The destructor of the derived class must prevent NSS shutdown on
+  another thread by acquiring an nsNSSShutDownPreventionLock. It must
+  then check to see if NSS has already been shut down by calling
+  isAlreadyShutDown(). If NSS has not been shut down, the destructor
+  must then call destructorSafeDestroyNSSReference() and then
+  shutdown(ShutdownCalledFrom::Object). The second call will deregister with
+  the tracking list, to ensure no additional attempt to free the resources
+  will be made.
+
+  ----------------------------------------------------------------------------
+  IMPORTANT NOTE REGARDING CLASSES THAT IMPLEMENT nsNSSShutDownObject BUT DO
+  NOT DIRECTLY HOLD NSS RESOURCES:
+  ----------------------------------------------------------------------------
+  Currently, classes that do not hold NSS resources but do call NSS functions
+  inherit from nsNSSShutDownObject (and use the lock/isAlreadyShutDown
+  mechanism) as a way of ensuring it is safe to call those functions. Because
+  these classes do not hold any resources, however, it is tempting to skip the
+  destructor component of this interface. This MUST NOT be done, because
+  if an object of such a class is destructed before the nsNSSShutDownList
+  processes all of its entries, this essentially causes a use-after-free when
+  nsNSSShutDownList reaches the entry that has been destroyed. The safe way to
+  do this is to implement the destructor as usual but omit the call to
+  destructorSafeDestroyNSSReference() as it is unnecessary and probably isn't
+  defined for that class.
+
+  destructorSafeDestroyNSSReference() does not need to acquire an
+  nsNSSShutDownPreventionLock or check isAlreadyShutDown() as long as it
+  is only called by the destructor that has already acquired the lock and
+  checked for shutdown or by the NSS shutdown code itself (which acquires
+  the same lock and checks if objects it cleans up have already cleaned
+  up themselves).
+
+  destructorSafeDestroyNSSReference() MUST NOT cause any other
+  nsNSSShutDownObject to be deconstructed. Doing so can cause
+  unsupported concurrent operations on the hash table in the
+  nsNSSShutDownList.
+
+  class derivedClass : public nsISomeInterface,
+                       public nsNSSShutDownObject
+  {
+    virtual void virtualDestroyNSSReference()
+    {
+      destructorSafeDestroyNSSReference();
+    }
+
+    void destructorSafeDestroyNSSReference()
+    {
+      // clean up all NSS resources here
+    }
+
+    virtual ~derivedClass()
+    {
+      nsNSSShutDownPreventionLock locker;
+      if (isAlreadyShutDown()) {
+        return;
+      }
+      destructorSafeDestroyNSSReference();
+      shutdown(ShutdownCalledFrom::Object);
+    }
+
+    NS_IMETHODIMP doSomething()
+    {
+      if (isAlreadyShutDown())
+        return NS_ERROR_NOT_AVAILABLE;
+
+      // use the NSS resources and do something
+    }
+  };
+*/
+
+class nsNSSShutDownObject
+{
+public:
+  enum class ShutdownCalledFrom {
+    List,
+    Object,
+  };
+
+  nsNSSShutDownObject()
+  {
+    mAlreadyShutDown = false;
+    nsNSSShutDownList::remember(this);
+  }
+
+  virtual ~nsNSSShutDownObject()
+  {
+    // The derived class must call
+    //   shutdown(ShutdownCalledFrom::Object);
+    // in its destructor
+  }
+
+  void shutdown(ShutdownCalledFrom calledFrom)
+  {
+    if (!mAlreadyShutDown) {
+      switch (calledFrom) {
+        case ShutdownCalledFrom::Object:
+          nsNSSShutDownList::forget(this);
+          break;
+        case ShutdownCalledFrom::List:
+          virtualDestroyNSSReference();
+          break;
+        default:
+          MOZ_CRASH("shutdown() called from an unknown source");
+      }
+      mAlreadyShutDown = true;
+    }
+  }
+
+  bool isAlreadyShutDown() const { return mAlreadyShutDown; }
+
+protected:
+  virtual void virtualDestroyNSSReference() = 0;
+private:
+  volatile bool mAlreadyShutDown;
+};
+
+class nsOnPK11LogoutCancelObject
+{
+public:
+  nsOnPK11LogoutCancelObject()
+    : mIsLoggedOut(false)
+  {
+    nsNSSShutDownList::remember(this);
+  }
+
+  virtual ~nsOnPK11LogoutCancelObject()
+  {
+    nsNSSShutDownList::forget(this);
+  }
+
+  void logout()
+  {
+    // We do not care for a race condition.
+    // Once the bool arrived at false,
+    // later calls to isPK11LoggedOut() will see it.
+    // This is a one-time change from 0 to 1.
+    mIsLoggedOut = true;
+  }
+
+  bool isPK11LoggedOut()
+  {
+    return mIsLoggedOut;
+  }
+
+private:
+  volatile bool mIsLoggedOut;
+};
+
+#endif // nsNSSShutDown_h
diff --git a/security/manager/ssl/nsNSSU2FToken.cpp b/security/manager/ssl/nsNSSU2FToken.cpp
new file mode 100644
index 000000000..f8492df02
--- /dev/null
+++ b/security/manager/ssl/nsNSSU2FToken.cpp
@@ -0,0 +1,752 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSU2FToken.h"
+
+#include "CryptoBuffer.h"
+#include "mozilla/Casting.h"
+#include "nsNSSComponent.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "secerr.h"
+#include "WebCryptoCommon.h"
+
+using namespace mozilla;
+using mozilla::dom::CreateECParamsForCurve;
+
+NS_IMPL_ISUPPORTS(nsNSSU2FToken, nsIU2FToken, nsINSSU2FToken)
+
+// Not named "security.webauth.u2f_softtoken_counter" because setting that
+// name causes the window.u2f object to disappear until preferences get
+// reloaded, as its' pref is a substring!
+#define PREF_U2F_NSSTOKEN_COUNTER "security.webauth.softtoken_counter"
+
+const nsCString nsNSSU2FToken::mSecretNickname =
+  NS_LITERAL_CSTRING("U2F_NSSTOKEN");
+const nsString nsNSSU2FToken::mVersion =
+  NS_LITERAL_STRING("U2F_V2");
+NS_NAMED_LITERAL_CSTRING(kAttestCertSubjectName, "CN=Firefox U2F Soft Token");
+
+// This U2F-compatible soft token uses FIDO U2F-compatible ECDSA keypairs
+// on the SEC_OID_SECG_EC_SECP256R1 curve. When asked to Register, it will
+// generate and return a new keypair KP, where the private component is wrapped
+// using AES-KW with the 128-bit mWrappingKey to make an opaque "key handle".
+// In other words, Register yields { KP_pub, AES-KW(KP_priv, key=mWrappingKey) }
+//
+// The value mWrappingKey is long-lived; it is persisted as part of the NSS DB
+// for the current profile. The attestation certificates that are produced are
+// ephemeral to counteract profiling. They have little use for a soft-token
+// at any rate, but are required by the specification.
+
+const uint32_t kParamLen = 32;
+const uint32_t kPublicKeyLen = 65;
+const uint32_t kWrappedKeyBufLen = 256;
+const uint32_t kWrappingKeyByteLen = 128/8;
+NS_NAMED_LITERAL_STRING(kEcAlgorithm, WEBCRYPTO_NAMED_CURVE_P256);
+
+const PRTime kOneDay = PRTime(PR_USEC_PER_SEC)
+                     * PRTime(60)  // sec
+                     * PRTime(60)  // min
+                     * PRTime(24); // hours
+const PRTime kExpirationSlack = kOneDay; // Pre-date for clock skew
+const PRTime kExpirationLife = kOneDay;
+
+static mozilla::LazyLogModule gNSSTokenLog("webauth_u2f");
+
+nsNSSU2FToken::nsNSSU2FToken()
+  : mInitialized(false)
+{}
+
+nsNSSU2FToken::~nsNSSU2FToken()
+{
+  nsNSSShutDownPreventionLock locker;
+
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsNSSU2FToken::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsNSSU2FToken::destructorSafeDestroyNSSReference()
+{
+  mWrappingKey = nullptr;
+}
+
+/**
+ * Gets the first key with the given nickname from the given slot. Any other
+ * keys found are not returned.
+ * PK11_GetNextSymKey() should not be called on the returned key.
+ *
+ * @param aSlot Slot to search.
+ * @param aNickname Nickname the key should have.
+ * @return The first key found. nullptr if no key could be found.
+ */
+static UniquePK11SymKey
+GetSymKeyByNickname(const UniquePK11SlotInfo& aSlot,
+                    const nsCString& aNickname,
+                    const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return nullptr;
+  }
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+          ("Searching for a symmetric key named %s", aNickname.get()));
+
+  UniquePK11SymKey keyListHead(
+    PK11_ListFixedKeysInSlot(aSlot.get(), const_cast<char*>(aNickname.get()),
+                             /* wincx */ nullptr));
+  if (!keyListHead) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("Symmetric key not found."));
+    return nullptr;
+  }
+
+  // Sanity check PK11_ListFixedKeysInSlot() only returns keys with the correct
+  // nickname.
+  MOZ_ASSERT(aNickname ==
+               UniquePORTString(PK11_GetSymKeyNickname(keyListHead.get())).get());
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("Symmetric key found!"));
+
+  // Free any remaining keys in the key list.
+  UniquePK11SymKey freeKey(PK11_GetNextSymKey(keyListHead.get()));
+  while (freeKey) {
+    freeKey = UniquePK11SymKey(PK11_GetNextSymKey(freeKey.get()));
+  }
+
+  return keyListHead;
+}
+
+static nsresult
+GenEcKeypair(const UniquePK11SlotInfo& aSlot,
+     /*out*/ UniqueSECKEYPrivateKey& aPrivKey,
+     /*out*/ UniqueSECKEYPublicKey& aPubKey,
+             const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // Set the curve parameters; keyParams belongs to the arena memory space
+  SECItem* keyParams = CreateECParamsForCurve(kEcAlgorithm, arena.get());
+  if (!keyParams) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // Generate a key pair
+  CK_MECHANISM_TYPE mechanism = CKM_EC_KEY_PAIR_GEN;
+
+  SECKEYPublicKey* pubKeyRaw;
+  aPrivKey = UniqueSECKEYPrivateKey(
+    PK11_GenerateKeyPair(aSlot.get(), mechanism, keyParams, &pubKeyRaw,
+                         /* ephemeral */ false, false,
+                         /* wincx */ nullptr));
+  aPubKey = UniqueSECKEYPublicKey(pubKeyRaw);
+  pubKeyRaw = nullptr;
+  if (!aPrivKey.get() || !aPubKey.get()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Check that the public key has the correct length
+  if (aPubKey->u.ec.publicValue.len != kPublicKeyLen) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSU2FToken::GetOrCreateWrappingKey(const UniquePK11SlotInfo& aSlot,
+                                      const nsNSSShutDownPreventionLock& locker)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  // Search for an existing wrapping key. If we find it,
+  // store it for later and mark ourselves initialized.
+  mWrappingKey = GetSymKeyByNickname(aSlot, mSecretNickname, locker);
+  if (mWrappingKey) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("U2F Soft Token Key found."));
+    mInitialized = true;
+    return NS_OK;
+  }
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Info,
+          ("No keys found. Generating new U2F Soft Token wrapping key."));
+
+  // We did not find an existing wrapping key, so we generate one in the
+  // persistent database (e.g, Token).
+  mWrappingKey = UniquePK11SymKey(
+    PK11_TokenKeyGenWithFlags(aSlot.get(), CKM_AES_KEY_GEN,
+                              /* default params */ nullptr,
+                              kWrappingKeyByteLen,
+                              /* empty keyid */ nullptr,
+                              /* flags */ CKF_WRAP | CKF_UNWRAP,
+                              /* attributes */ PK11_ATTR_TOKEN |
+                                               PK11_ATTR_PRIVATE,
+                              /* wincx */ nullptr));
+
+  if (!mWrappingKey) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to store wrapping key, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  SECStatus srv = PK11_SetSymKeyNickname(mWrappingKey.get(),
+                                         mSecretNickname.get());
+  if (srv != SECSuccess) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to set nickname, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+          ("Key stored, nickname set to %s.", mSecretNickname.get()));
+
+  Preferences::SetUint(PREF_U2F_NSSTOKEN_COUNTER, 0);
+  return NS_OK;
+}
+
+static nsresult
+GetAttestationCertificate(const UniquePK11SlotInfo& aSlot,
+                  /*out*/ UniqueSECKEYPrivateKey& aAttestPrivKey,
+                  /*out*/ UniqueCERTCertificate& aAttestCert,
+                          const nsNSSShutDownPreventionLock& locker)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueSECKEYPublicKey pubKey;
+
+  // Construct an ephemeral keypair for this Attestation Certificate
+  nsresult rv = GenEcKeypair(aSlot, aAttestPrivKey, pubKey, locker);
+  if (NS_FAILED(rv) || !aAttestPrivKey || !pubKey) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen keypair, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Construct the Attestation Certificate itself
+  UniqueCERTName subjectName(CERT_AsciiToName(kAttestCertSubjectName.get()));
+  if (!subjectName) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to set subject name, NSS error #%d", PORT_GetError()));
+      return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTSubjectPublicKeyInfo spki(
+    SECKEY_CreateSubjectPublicKeyInfo(pubKey.get()));
+  if (!spki) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to set SPKI, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertificateRequest certreq(
+    CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr));
+  if (!certreq) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen CSR, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  PRTime now = PR_Now();
+  PRTime notBefore = now - kExpirationSlack;
+  PRTime notAfter = now + kExpirationLife;
+
+  UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
+  if (!validity) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen validity, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  unsigned long serial;
+  unsigned char* serialBytes =
+    mozilla::BitwiseCast<unsigned char*, unsigned long*>(&serial);
+  SECStatus srv = PK11_GenerateRandomOnSlot(aSlot.get(), serialBytes,
+                                            sizeof(serial));
+  if (srv != SECSuccess) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen serial, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+  // Ensure that the most significant bit isn't set (which would
+  // indicate a negative number, which isn't valid for serial
+  // numbers).
+  serialBytes[0] &= 0x7f;
+  // Also ensure that the least significant bit on the most
+  // significant byte is set (to prevent a leading zero byte,
+  // which also wouldn't be valid).
+  serialBytes[0] |= 0x01;
+
+  aAttestCert = UniqueCERTCertificate(
+    CERT_CreateCertificate(serial, subjectName.get(), validity.get(),
+                           certreq.get()));
+  if (!aAttestCert) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen certificate, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  PLArenaPool* arena = aAttestCert->arena;
+
+  srv = SECOID_SetAlgorithmID(arena, &aAttestCert->signature,
+                              SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
+                              /* wincx */ nullptr);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Set version to X509v3.
+  *(aAttestCert->version.data) = SEC_CERTIFICATE_VERSION_3;
+  aAttestCert->version.len = 1;
+
+  SECItem innerDER = { siBuffer, nullptr, 0 };
+  if (!SEC_ASN1EncodeItem(arena, &innerDER, aAttestCert.get(),
+                          SEC_ASN1_GET(CERT_CertificateTemplate))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  SECItem* signedCert = PORT_ArenaZNew(arena, SECItem);
+  if (!signedCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  srv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len,
+                        aAttestPrivKey.get(),
+                        SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  aAttestCert->derCert = *signedCert;
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+          ("U2F Soft Token attestation certificate generated."));
+  return NS_OK;
+}
+
+// Set up the context for the soft U2F Token. This is called by NSS
+// initialization.
+NS_IMETHODIMP
+nsNSSU2FToken::Init()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(!mInitialized);
+  if (mInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  MOZ_ASSERT(slot.get());
+
+  // Search for an existing wrapping key, or create one.
+  nsresult rv = GetOrCreateWrappingKey(slot, locker);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  mInitialized = true;
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("U2F Soft Token initialized."));
+  return NS_OK;
+}
+
+// Convert a Private Key object into an opaque key handle, using AES Key Wrap
+// and aWrappingKey to convert aPrivKey.
+static UniqueSECItem
+KeyHandleFromPrivateKey(const UniquePK11SlotInfo& aSlot,
+                        const UniquePK11SymKey& aWrappingKey,
+                        const UniqueSECKEYPrivateKey& aPrivKey,
+                        const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  MOZ_ASSERT(aWrappingKey);
+  MOZ_ASSERT(aPrivKey);
+  if (!aSlot || !aWrappingKey || !aPrivKey) {
+    return nullptr;
+  }
+
+  UniqueSECItem wrappedKey(SECITEM_AllocItem(/* default arena */ nullptr,
+                                             /* no buffer */ nullptr,
+                                             kWrappedKeyBufLen));
+  if (!wrappedKey) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to allocate memory, NSS error #%d", PORT_GetError()));
+    return nullptr;
+  }
+
+  UniqueSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD,
+                                       /* default IV */ nullptr ));
+
+  SECStatus srv = PK11_WrapPrivKey(aSlot.get(), aWrappingKey.get(),
+                                   aPrivKey.get(), CKM_NSS_AES_KEY_WRAP_PAD,
+                                   param.get(), wrappedKey.get(),
+                                   /* wincx */ nullptr);
+  if (srv != SECSuccess) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to wrap U2F key, NSS error #%d", PORT_GetError()));
+    return nullptr;
+  }
+
+  return wrappedKey;
+}
+
+// Convert an opaque key handle aKeyHandle back into a Private Key object, using
+// aWrappingKey and the AES Key Wrap algorithm.
+static UniqueSECKEYPrivateKey
+PrivateKeyFromKeyHandle(const UniquePK11SlotInfo& aSlot,
+                        const UniquePK11SymKey& aWrappingKey,
+                        uint8_t* aKeyHandle, uint32_t aKeyHandleLen,
+                        const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  MOZ_ASSERT(aWrappingKey);
+  MOZ_ASSERT(aKeyHandle);
+  if (!aSlot || !aWrappingKey || !aKeyHandle) {
+    return nullptr;
+  }
+
+  ScopedAutoSECItem pubKey(kPublicKeyLen);
+
+  ScopedAutoSECItem keyHandleItem(aKeyHandleLen);
+  memcpy(keyHandleItem.data, aKeyHandle, keyHandleItem.len);
+
+  UniqueSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD,
+                                       /* default IV */ nullptr ));
+
+  CK_ATTRIBUTE_TYPE usages[] = { CKA_SIGN };
+  int usageCount = 1;
+
+  UniqueSECKEYPrivateKey unwrappedKey(
+    PK11_UnwrapPrivKey(aSlot.get(), aWrappingKey.get(), CKM_NSS_AES_KEY_WRAP_PAD,
+                       param.get(), &keyHandleItem,
+                       /* no nickname */ nullptr,
+                       /* discard pubkey */ &pubKey,
+                       /* not permanent */ false,
+                       /* non-exportable */ true,
+                       CKK_EC, usages, usageCount,
+                       /* wincx */ nullptr));
+  if (!unwrappedKey) {
+    // Not our key.
+    MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+            ("Could not unwrap key handle, NSS Error #%d", PORT_GetError()));
+    return nullptr;
+  }
+
+  return unwrappedKey;
+}
+
+// Return whether the provided version is supported by this token.
+NS_IMETHODIMP
+nsNSSU2FToken::IsCompatibleVersion(const nsAString& aVersion, bool* aResult)
+{
+  NS_ENSURE_ARG_POINTER(aResult);
+  MOZ_ASSERT(mInitialized);
+  *aResult = (mVersion == aVersion);
+  return NS_OK;
+}
+
+// IsRegistered determines if the provided key handle is usable by this token.
+NS_IMETHODIMP
+nsNSSU2FToken::IsRegistered(uint8_t* aKeyHandle, uint32_t aKeyHandleLen,
+                            bool* aResult)
+{
+  NS_ENSURE_ARG_POINTER(aKeyHandle);
+  NS_ENSURE_ARG_POINTER(aResult);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSU2FToken::IsRegistered called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_ASSERT(mInitialized);
+  if (!mInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  MOZ_ASSERT(slot.get());
+
+  // Decode the key handle
+  UniqueSECKEYPrivateKey privKey = PrivateKeyFromKeyHandle(slot, mWrappingKey,
+                                                           aKeyHandle,
+                                                           aKeyHandleLen,
+                                                           locker);
+  *aResult = (privKey.get() != nullptr);
+  return NS_OK;
+}
+
+// A U2F Register operation causes a new key pair to be generated by the token.
+// The token then returns the public key of the key pair, and a handle to the
+// private key, which is a fancy way of saying "key wrapped private key", as
+// well as the generated attestation certificate and a signature using that
+// certificate's private key.
+//
+// The KeyHandleFromPrivateKey and PrivateKeyFromKeyHandle methods perform
+// the actual key wrap/unwrap operations.
+//
+// The format of the return registration data is as follows:
+//
+// Bytes  Value
+// 1      0x05
+// 65     public key
+// 1      key handle length
+// *      key handle
+// ASN.1  attestation certificate
+// *      attestation signature
+//
+NS_IMETHODIMP
+nsNSSU2FToken::Register(uint8_t* aApplication,
+                        uint32_t aApplicationLen,
+                        uint8_t* aChallenge,
+                        uint32_t aChallengeLen,
+                        uint8_t** aRegistration,
+                        uint32_t* aRegistrationLen)
+{
+  NS_ENSURE_ARG_POINTER(aApplication);
+  NS_ENSURE_ARG_POINTER(aChallenge);
+  NS_ENSURE_ARG_POINTER(aRegistration);
+  NS_ENSURE_ARG_POINTER(aRegistrationLen);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSU2FToken::Register called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  MOZ_ASSERT(mInitialized);
+  if (!mInitialized) {
+    return NS_ERROR_NOT_INITIALIZED;
+  }
+
+  // We should already have a wrapping key
+  MOZ_ASSERT(mWrappingKey);
+
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  MOZ_ASSERT(slot.get());
+
+  // Construct a one-time-use Attestation Certificate
+  UniqueSECKEYPrivateKey attestPrivKey;
+  UniqueCERTCertificate attestCert;
+  nsresult rv = GetAttestationCertificate(slot, attestPrivKey, attestCert,
+                                          locker);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return NS_ERROR_FAILURE;
+  }
+  MOZ_ASSERT(attestCert);
+  MOZ_ASSERT(attestPrivKey);
+
+  // Generate a new keypair; the private will be wrapped into a Key Handle
+  UniqueSECKEYPrivateKey privKey;
+  UniqueSECKEYPublicKey pubKey;
+  rv = GenEcKeypair(slot, privKey, pubKey, locker);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // The key handle will be the result of keywrap(privKey, key=mWrappingKey)
+  UniqueSECItem keyHandleItem = KeyHandleFromPrivateKey(slot, mWrappingKey,
+                                                        privKey, locker);
+  if (!keyHandleItem.get()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Sign the challenge using the Attestation privkey (from attestCert)
+  mozilla::dom::CryptoBuffer signedDataBuf;
+  if (!signedDataBuf.SetCapacity(1 + aApplicationLen + aChallengeLen +
+                                 keyHandleItem->len + kPublicKeyLen,
+                                 mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // It's OK to ignore the return values here because we're writing into
+  // pre-allocated space
+  signedDataBuf.AppendElement(0x00, mozilla::fallible);
+  signedDataBuf.AppendElements(aApplication, aApplicationLen, mozilla::fallible);
+  signedDataBuf.AppendElements(aChallenge, aChallengeLen, mozilla::fallible);
+  signedDataBuf.AppendSECItem(keyHandleItem.get());
+  signedDataBuf.AppendSECItem(pubKey->u.ec.publicValue);
+
+  ScopedAutoSECItem signatureItem;
+  SECStatus srv = SEC_SignData(&signatureItem, signedDataBuf.Elements(),
+                               signedDataBuf.Length(), attestPrivKey.get(),
+                               SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
+  if (srv != SECSuccess) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Signature failure: %d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Serialize the registration data
+  mozilla::dom::CryptoBuffer registrationBuf;
+  if (!registrationBuf.SetCapacity(1 + kPublicKeyLen + 1 + keyHandleItem->len +
+                                   attestCert.get()->derCert.len +
+                                   signatureItem.len, mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  registrationBuf.AppendElement(0x05, mozilla::fallible);
+  registrationBuf.AppendSECItem(pubKey->u.ec.publicValue);
+  registrationBuf.AppendElement(keyHandleItem->len, mozilla::fallible);
+  registrationBuf.AppendSECItem(keyHandleItem.get());
+  registrationBuf.AppendSECItem(attestCert.get()->derCert);
+  registrationBuf.AppendSECItem(signatureItem);
+  if (!registrationBuf.ToNewUnsignedBuffer(aRegistration, aRegistrationLen)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+// A U2F Sign operation creates a signature over the "param" arguments (plus
+// some other stuff) using the private key indicated in the key handle argument.
+//
+// The format of the signed data is as follows:
+//
+//  32    Application parameter
+//  1     User presence (0x01)
+//  4     Counter
+//  32    Challenge parameter
+//
+// The format of the signature data is as follows:
+//
+//  1     User presence
+//  4     Counter
+//  *     Signature
+//
+NS_IMETHODIMP
+nsNSSU2FToken::Sign(uint8_t* aApplication, uint32_t aApplicationLen,
+                    uint8_t* aChallenge, uint32_t aChallengeLen,
+                    uint8_t* aKeyHandle, uint32_t aKeyHandleLen,
+                    uint8_t** aSignature, uint32_t* aSignatureLen)
+{
+  NS_ENSURE_ARG_POINTER(aApplication);
+  NS_ENSURE_ARG_POINTER(aChallenge);
+  NS_ENSURE_ARG_POINTER(aKeyHandle);
+  NS_ENSURE_ARG_POINTER(aKeyHandleLen);
+  NS_ENSURE_ARG_POINTER(aSignature);
+  NS_ENSURE_ARG_POINTER(aSignatureLen);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSU2FToken::Sign called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  MOZ_ASSERT(mInitialized);
+  if (!mInitialized) {
+    return NS_ERROR_NOT_INITIALIZED;
+  }
+
+  MOZ_ASSERT(mWrappingKey);
+
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  MOZ_ASSERT(slot.get());
+
+  if ((aChallengeLen != kParamLen) || (aApplicationLen != kParamLen)) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Parameter lengths are wrong! challenge=%d app=%d expected=%d",
+            aChallengeLen, aApplicationLen, kParamLen));
+
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  // Decode the key handle
+  UniqueSECKEYPrivateKey privKey = PrivateKeyFromKeyHandle(slot, mWrappingKey,
+                                                           aKeyHandle,
+                                                           aKeyHandleLen,
+                                                           locker);
+  if (!privKey.get()) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning, ("Couldn't get the priv key!"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Increment the counter and turn it into a SECItem
+  uint32_t counter = Preferences::GetUint(PREF_U2F_NSSTOKEN_COUNTER) + 1;
+  Preferences::SetUint(PREF_U2F_NSSTOKEN_COUNTER, counter);
+  ScopedAutoSECItem counterItem(4);
+  counterItem.data[0] = (counter >> 24) & 0xFF;
+  counterItem.data[1] = (counter >> 16) & 0xFF;
+  counterItem.data[2] = (counter >>  8) & 0xFF;
+  counterItem.data[3] = (counter >>  0) & 0xFF;
+
+  // Compute the signature
+  mozilla::dom::CryptoBuffer signedDataBuf;
+  if (!signedDataBuf.SetCapacity(1 + 4 + (2 * kParamLen), mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // It's OK to ignore the return values here because we're writing into
+  // pre-allocated space
+  signedDataBuf.AppendElements(aApplication, aApplicationLen, mozilla::fallible);
+  signedDataBuf.AppendElement(0x01, mozilla::fallible);
+  signedDataBuf.AppendSECItem(counterItem);
+  signedDataBuf.AppendElements(aChallenge, aChallengeLen, mozilla::fallible);
+
+  ScopedAutoSECItem signatureItem;
+  SECStatus srv = SEC_SignData(&signatureItem, signedDataBuf.Elements(),
+                               signedDataBuf.Length(), privKey.get(),
+                               SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
+  if (srv != SECSuccess) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Signature failure: %d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Assemble the signature data into a buffer for return
+  mozilla::dom::CryptoBuffer signatureBuf;
+  if (!signatureBuf.SetCapacity(1 + counterItem.len + signatureItem.len,
+                                mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // It's OK to ignore the return values here because we're writing into
+  // pre-allocated space
+  signatureBuf.AppendElement(0x01, mozilla::fallible);
+  signatureBuf.AppendSECItem(counterItem);
+  signatureBuf.AppendSECItem(signatureItem);
+
+  if (!signatureBuf.ToNewUnsignedBuffer(aSignature, aSignatureLen)) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSU2FToken.h b/security/manager/ssl/nsNSSU2FToken.h
new file mode 100644
index 000000000..818e19a50
--- /dev/null
+++ b/security/manager/ssl/nsNSSU2FToken.h
@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSU2FToken_h
+#define nsNSSU2FToken_h
+
+#include "nsINSSU2FToken.h"
+
+#include "nsNSSShutDown.h"
+#include "ScopedNSSTypes.h"
+
+#define NS_NSSU2FTOKEN_CID \
+  {0x79f95a6c, 0xd0f7, 0x4d7d, {0xae, 0xaa, 0xcd, 0x0a, 0x04, 0xb6, 0x50, 0x89}}
+
+class nsNSSU2FToken : public nsINSSU2FToken,
+                      public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIU2FTOKEN
+  NS_DECL_NSINSSU2FTOKEN
+
+  nsNSSU2FToken();
+
+  // For nsNSSShutDownObject
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+
+private:
+  bool mInitialized;
+  mozilla::UniquePK11SymKey mWrappingKey;
+
+  static const nsCString mSecretNickname;
+  static const nsString mVersion;
+
+  ~nsNSSU2FToken();
+  nsresult GetOrCreateWrappingKey(const mozilla::UniquePK11SlotInfo& aSlot,
+                                  const nsNSSShutDownPreventionLock&);
+};
+
+#endif // nsNSSU2FToken_h
diff --git a/security/manager/ssl/nsNSSVersion.cpp b/security/manager/ssl/nsNSSVersion.cpp
new file mode 100644
index 000000000..854f7fb57
--- /dev/null
+++ b/security/manager/ssl/nsNSSVersion.cpp
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSVersion.h"
+#include "nsString.h"
+#include "prinit.h"
+#include "nss.h"
+#include "nssutil.h"
+#include "ssl.h"
+#include "smime.h"
+
+NS_IMPL_ISUPPORTS(nsNSSVersion, nsINSSVersion)
+
+nsNSSVersion::nsNSSVersion()
+{
+}
+
+nsNSSVersion::~nsNSSVersion()
+{
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSPR_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(PR_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSS_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSUTIL_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSUTIL_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSSL_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSSSL_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSMIME_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSSMIME_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSPR_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(PR_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSS_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSUTIL_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSUTIL_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSSL_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSMIME_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_VERSION, v);
+    return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSVersion.h b/security/manager/ssl/nsNSSVersion.h
new file mode 100644
index 000000000..277a552e0
--- /dev/null
+++ b/security/manager/ssl/nsNSSVersion.h
@@ -0,0 +1,27 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NS_NSSVERSION_H_
+#define _NS_NSSVERSION_H_
+
+#include "nsINSSVersion.h"
+#include "mozilla/Attributes.h"
+
+class nsNSSVersion final : public nsINSSVersion
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSINSSVERSION
+  
+  nsNSSVersion();
+
+private:
+  ~nsNSSVersion();
+};
+
+#define NS_NSSVERSION_CID \
+  { 0x23ad3531, 0x11d2, 0x4e8e, { 0x80, 0x5a, 0x6a, 0x75, 0x2e, 0x91, 0x68, 0x1a } }
+
+#endif
diff --git a/security/manager/ssl/nsNTLMAuthModule.cpp b/security/manager/ssl/nsNTLMAuthModule.cpp
new file mode 100644
index 000000000..a0564118a
--- /dev/null
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@@ -0,0 +1,1179 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNTLMAuthModule.h"
+
+#include <time.h>
+
+#include "ScopedNSSTypes.h"
+#include "md4.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/CheckedInt.h"
+#include "mozilla/EndianUtils.h"
+#include "mozilla/Likely.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/Telemetry.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICryptoHMAC.h"
+#include "nsICryptoHash.h"
+#include "nsIKeyModule.h"
+#include "nsKeyModule.h"
+#include "nsNSSShutDown.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsNetCID.h"
+#include "nsUnicharUtils.h"
+#include "pk11pub.h"
+#include "prsystem.h"
+
+static bool sNTLMv1Forced = false;
+static mozilla::LazyLogModule sNTLMLog("NTLM");
+
+#define LOG(x) MOZ_LOG(sNTLMLog, mozilla::LogLevel::Debug, x)
+#define LOG_ENABLED() MOZ_LOG_TEST(sNTLMLog, mozilla::LogLevel::Debug)
+
+static void des_makekey(const uint8_t *raw, uint8_t *key);
+static void des_encrypt(const uint8_t *key, const uint8_t *src, uint8_t *hash);
+
+//-----------------------------------------------------------------------------
+// this file contains a cross-platform NTLM authentication implementation. it
+// is based on documentation from: http://davenport.sourceforge.net/ntlm.html
+//-----------------------------------------------------------------------------
+
+#define NTLM_NegotiateUnicode               0x00000001
+#define NTLM_NegotiateOEM                   0x00000002
+#define NTLM_RequestTarget                  0x00000004
+#define NTLM_Unknown1                       0x00000008
+#define NTLM_NegotiateSign                  0x00000010
+#define NTLM_NegotiateSeal                  0x00000020
+#define NTLM_NegotiateDatagramStyle         0x00000040
+#define NTLM_NegotiateLanManagerKey         0x00000080
+#define NTLM_NegotiateNetware               0x00000100
+#define NTLM_NegotiateNTLMKey               0x00000200
+#define NTLM_Unknown2                       0x00000400
+#define NTLM_Unknown3                       0x00000800
+#define NTLM_NegotiateDomainSupplied        0x00001000
+#define NTLM_NegotiateWorkstationSupplied   0x00002000
+#define NTLM_NegotiateLocalCall             0x00004000
+#define NTLM_NegotiateAlwaysSign            0x00008000
+#define NTLM_TargetTypeDomain               0x00010000
+#define NTLM_TargetTypeServer               0x00020000
+#define NTLM_TargetTypeShare                0x00040000
+#define NTLM_NegotiateNTLM2Key              0x00080000
+#define NTLM_RequestInitResponse            0x00100000
+#define NTLM_RequestAcceptResponse          0x00200000
+#define NTLM_RequestNonNTSessionKey         0x00400000
+#define NTLM_NegotiateTargetInfo            0x00800000
+#define NTLM_Unknown4                       0x01000000
+#define NTLM_Unknown5                       0x02000000
+#define NTLM_Unknown6                       0x04000000
+#define NTLM_Unknown7                       0x08000000
+#define NTLM_Unknown8                       0x10000000
+#define NTLM_Negotiate128                   0x20000000
+#define NTLM_NegotiateKeyExchange           0x40000000
+#define NTLM_Negotiate56                    0x80000000
+
+// we send these flags with our type 1 message
+#define NTLM_TYPE1_FLAGS      \
+  (NTLM_NegotiateUnicode |    \
+   NTLM_NegotiateOEM |        \
+   NTLM_RequestTarget |       \
+   NTLM_NegotiateNTLMKey |    \
+   NTLM_NegotiateAlwaysSign | \
+   NTLM_NegotiateNTLM2Key)
+
+static const char NTLM_SIGNATURE[] = "NTLMSSP";
+static const char NTLM_TYPE1_MARKER[] = { 0x01, 0x00, 0x00, 0x00 };
+static const char NTLM_TYPE2_MARKER[] = { 0x02, 0x00, 0x00, 0x00 };
+static const char NTLM_TYPE3_MARKER[] = { 0x03, 0x00, 0x00, 0x00 };
+
+#define NTLM_TYPE1_HEADER_LEN 32
+#define NTLM_TYPE2_HEADER_LEN 48
+#define NTLM_TYPE3_HEADER_LEN 64
+
+/**
+ * We don't actually send a LM response, but we still have to send something in this spot
+ */
+#define LM_RESP_LEN 24
+
+#define NTLM_CHAL_LEN 8
+
+#define NTLM_HASH_LEN 16
+#define NTLMv2_HASH_LEN 16
+#define NTLM_RESP_LEN 24
+#define NTLMv2_RESP_LEN 16
+#define NTLMv2_BLOB1_LEN 28
+
+//-----------------------------------------------------------------------------
+
+/**
+ * Prints a description of flags to the NSPR Log, if enabled.
+ */
+static void LogFlags(uint32_t flags)
+{
+  if (!LOG_ENABLED())
+    return;
+#define TEST(_flag) \
+  if (flags & NTLM_ ## _flag) \
+    PR_LogPrint("    0x%08x (" # _flag ")\n", NTLM_ ## _flag)
+
+  TEST(NegotiateUnicode);
+  TEST(NegotiateOEM);
+  TEST(RequestTarget);
+  TEST(Unknown1);
+  TEST(NegotiateSign);
+  TEST(NegotiateSeal);
+  TEST(NegotiateDatagramStyle);
+  TEST(NegotiateLanManagerKey);
+  TEST(NegotiateNetware);
+  TEST(NegotiateNTLMKey);
+  TEST(Unknown2);
+  TEST(Unknown3);
+  TEST(NegotiateDomainSupplied);
+  TEST(NegotiateWorkstationSupplied);
+  TEST(NegotiateLocalCall);
+  TEST(NegotiateAlwaysSign);
+  TEST(TargetTypeDomain);
+  TEST(TargetTypeServer);
+  TEST(TargetTypeShare);
+  TEST(NegotiateNTLM2Key);
+  TEST(RequestInitResponse);
+  TEST(RequestAcceptResponse);
+  TEST(RequestNonNTSessionKey);
+  TEST(NegotiateTargetInfo);
+  TEST(Unknown4);
+  TEST(Unknown5);
+  TEST(Unknown6);
+  TEST(Unknown7);
+  TEST(Unknown8);
+  TEST(Negotiate128);
+  TEST(NegotiateKeyExchange);
+  TEST(Negotiate56);
+
+#undef TEST
+}
+
+/**
+ * Prints a hexdump of buf to the NSPR Log, if enabled.
+ * @param tag Description of the data, will be printed in front of the data
+ * @param buf the data to print
+ * @param bufLen length of the data
+ */
+static void
+LogBuf(const char *tag, const uint8_t *buf, uint32_t bufLen)
+{
+  int i;
+
+  if (!LOG_ENABLED())
+    return;
+
+  PR_LogPrint("%s =\n", tag);
+  char line[80];
+  while (bufLen > 0)
+  {
+    int count = bufLen;
+    if (count > 8)
+      count = 8;
+
+    strcpy(line, "    ");
+    for (i=0; i<count; ++i)
+    {
+      int len = strlen(line);
+      snprintf(line + len, sizeof(line) - len, "0x%02x ", int(buf[i]));
+    }
+    for (; i<8; ++i)
+    {
+      int len = strlen(line);
+      snprintf(line + len, sizeof(line) - len, "     ");
+    }
+
+    int len = strlen(line);
+    snprintf(line + len, sizeof(line) - len, "   ");
+    for (i=0; i<count; ++i)
+    {
+      len = strlen(line);
+      if (isprint(buf[i]))
+        snprintf(line + len, sizeof(line) - len, "%c", buf[i]);
+      else
+        snprintf(line + len, sizeof(line) - len, ".");
+    }
+    PR_LogPrint("%s\n", line);
+
+    bufLen -= count;
+    buf += count;
+  }
+}
+
+/**
+ * Print base64-encoded token to the NSPR Log.
+ * @param name Description of the token, will be printed in front
+ * @param token The token to print
+ * @param tokenLen length of the data in token
+ */
+static void
+LogToken(const char* name, const void* token, uint32_t tokenLen)
+{
+  if (!LOG_ENABLED()) {
+    return;
+  }
+
+  nsDependentCSubstring tokenString(static_cast<const char*>(token), tokenLen);
+  nsAutoCString base64Token;
+  nsresult rv = mozilla::Base64Encode(tokenString, base64Token);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  PR_LogPrint("%s: %s\n", name, base64Token.get());
+}
+
+//-----------------------------------------------------------------------------
+
+// byte order swapping
+#define SWAP16(x) ((((x) & 0xff) << 8) | (((x) >> 8) & 0xff))
+#define SWAP32(x) ((SWAP16((x) & 0xffff) << 16) | (SWAP16((x) >> 16)))
+
+static void *
+WriteBytes(void *buf, const void *data, uint32_t dataLen)
+{
+  memcpy(buf, data, dataLen);
+  return (uint8_t *) buf + dataLen;
+}
+
+static void *
+WriteDWORD(void *buf, uint32_t dword)
+{
+#ifdef IS_BIG_ENDIAN 
+  // NTLM uses little endian on the wire
+  dword = SWAP32(dword);
+#endif
+  return WriteBytes(buf, &dword, sizeof(dword));
+}
+
+static void *
+WriteSecBuf(void *buf, uint16_t length, uint32_t offset)
+{
+#ifdef IS_BIG_ENDIAN
+  length = SWAP16(length);
+  offset = SWAP32(offset);
+#endif
+  buf = WriteBytes(buf, &length, sizeof(length));
+  buf = WriteBytes(buf, &length, sizeof(length));
+  buf = WriteBytes(buf, &offset, sizeof(offset));
+  return buf;
+}
+
+#ifdef IS_BIG_ENDIAN
+/**
+ * WriteUnicodeLE copies a unicode string from one buffer to another.  The
+ * resulting unicode string is in little-endian format.  The input string is
+ * assumed to be in the native endianness of the local machine.  It is safe
+ * to pass the same buffer as both input and output, which is a handy way to
+ * convert the unicode buffer to little-endian on big-endian platforms.
+ */
+static void *
+WriteUnicodeLE(void *buf, const char16_t *str, uint32_t strLen)
+{
+  // convert input string from BE to LE
+  uint8_t *cursor = (uint8_t *) buf,
+          *input  = (uint8_t *) str;
+  for (uint32_t i=0; i<strLen; ++i, input+=2, cursor+=2)
+  {
+    // allow for the case where |buf == str|
+    uint8_t temp = input[0];
+    cursor[0] = input[1];
+    cursor[1] = temp;
+  }
+  return buf;
+}
+#endif
+
+static uint16_t
+ReadUint16(const uint8_t *&buf)
+{
+  uint16_t x = ((uint16_t) buf[0]) | ((uint16_t) buf[1] << 8);
+  buf += sizeof(x);
+  return x;
+}
+
+static uint32_t
+ReadUint32(const uint8_t *&buf)
+{
+  uint32_t x = ( (uint32_t) buf[0])        |
+               (((uint32_t) buf[1]) << 8)  |
+               (((uint32_t) buf[2]) << 16) |
+               (((uint32_t) buf[3]) << 24);
+  buf += sizeof(x);
+  return x;
+}
+
+//-----------------------------------------------------------------------------
+
+static void
+ZapBuf(void *buf, size_t bufLen)
+{
+  memset(buf, 0, bufLen);
+}
+
+static void
+ZapString(nsString &s)
+{
+  ZapBuf(s.BeginWriting(), s.Length() * 2);
+}
+
+/**
+ * NTLM_Hash computes the NTLM hash of the given password.
+ *
+ * @param password
+ *        null-terminated unicode password.
+ * @param hash
+ *        16-byte result buffer
+ */
+static void
+NTLM_Hash(const nsString &password, unsigned char *hash)
+{
+  uint32_t len = password.Length();
+  uint8_t *passbuf;
+  
+#ifdef IS_BIG_ENDIAN
+  passbuf = (uint8_t *) malloc(len * 2);
+  WriteUnicodeLE(passbuf, password.get(), len);
+#else
+  passbuf = (uint8_t *) password.get();
+#endif
+
+  md4sum(passbuf, len * 2, hash);
+
+#ifdef IS_BIG_ENDIAN
+  ZapBuf(passbuf, len * 2);
+  free(passbuf);
+#endif
+}
+
+//-----------------------------------------------------------------------------
+
+/** 
+ * LM_Response generates the LM response given a 16-byte password hash and the
+ * challenge from the Type-2 message.
+ *
+ * @param hash
+ *        16-byte password hash
+ * @param challenge
+ *        8-byte challenge from Type-2 message
+ * @param response
+ *        24-byte buffer to contain the LM response upon return
+ */
+static void
+LM_Response(const uint8_t *hash, const uint8_t *challenge, uint8_t *response)
+{
+  uint8_t keybytes[21], k1[8], k2[8], k3[8];
+
+  memcpy(keybytes, hash, 16);
+  ZapBuf(keybytes + 16, 5);
+
+  des_makekey(keybytes     , k1);
+  des_makekey(keybytes +  7, k2);
+  des_makekey(keybytes + 14, k3);
+
+  des_encrypt(k1, challenge, response);
+  des_encrypt(k2, challenge, response + 8);
+  des_encrypt(k3, challenge, response + 16);
+}
+
+//-----------------------------------------------------------------------------
+
+static nsresult
+GenerateType1Msg(void **outBuf, uint32_t *outLen)
+{
+  //
+  // verify that bufLen is sufficient
+  //
+  *outLen = NTLM_TYPE1_HEADER_LEN;
+  *outBuf = moz_xmalloc(*outLen);
+  if (!*outBuf)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  //
+  // write out type 1 msg
+  //
+  void *cursor = *outBuf;
+
+  // 0 : signature
+  cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
+
+  // 8 : marker
+  cursor = WriteBytes(cursor, NTLM_TYPE1_MARKER, sizeof(NTLM_TYPE1_MARKER));
+
+  // 12 : flags
+  cursor = WriteDWORD(cursor, NTLM_TYPE1_FLAGS);
+
+  //
+  // NOTE: it is common for the domain and workstation fields to be empty.
+  //       this is true of Win2k clients, and my guess is that there is
+  //       little utility to sending these strings before the charset has
+  //       been negotiated.  we follow suite -- anyways, it doesn't hurt
+  //       to save some bytes on the wire ;-)
+  //
+
+  // 16 : supplied domain security buffer (empty)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  // 24 : supplied workstation security buffer (empty)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  return NS_OK;
+}
+
+struct Type2Msg
+{
+  uint32_t    flags;                    // NTLM_Xxx bitwise combination
+  uint8_t     challenge[NTLM_CHAL_LEN]; // 8 byte challenge
+  const uint8_t *target;                // target string (type depends on flags)
+  uint32_t    targetLen;                // target length in bytes
+  const uint8_t *targetInfo;            // target Attribute-Value pairs (DNS domain, et al)
+  uint32_t    targetInfoLen;            // target AV pairs length in bytes
+};
+
+static nsresult
+ParseType2Msg(const void *inBuf, uint32_t inLen, Type2Msg *msg)
+{
+  // make sure inBuf is long enough to contain a meaningful type2 msg.
+  //
+  // 0  NTLMSSP Signature
+  // 8  NTLM Message Type
+  // 12 Target Name
+  // 20 Flags
+  // 24 Challenge
+  // 32 targetInfo
+  // 48 start of optional data blocks
+  //
+  if (inLen < NTLM_TYPE2_HEADER_LEN)
+    return NS_ERROR_UNEXPECTED;
+
+  auto cursor = static_cast<const uint8_t*>(inBuf);
+
+  // verify NTLMSSP signature
+  if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0)
+    return NS_ERROR_UNEXPECTED;
+
+  cursor += sizeof(NTLM_SIGNATURE);
+
+  // verify Type-2 marker
+  if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0)
+    return NS_ERROR_UNEXPECTED;
+
+  cursor += sizeof(NTLM_TYPE2_MARKER);
+
+  // Read target name security buffer: ...
+  // ... read target length.
+  uint32_t targetLen = ReadUint16(cursor);
+  // ... skip next 16-bit "allocated space" value.
+  ReadUint16(cursor);
+  // ... read offset from inBuf.
+  uint32_t offset = ReadUint32(cursor);
+  mozilla::CheckedInt<uint32_t> targetEnd = offset;
+  targetEnd += targetLen;
+  // Check the offset / length combo is in range of the input buffer, including
+  // integer overflow checking.
+  if (MOZ_LIKELY(targetEnd.isValid() && targetEnd.value() <= inLen)) {
+    msg->targetLen = targetLen;
+    msg->target = static_cast<const uint8_t*>(inBuf) + offset;
+  } else {
+    // Do not error out, for (conservative) backward compatibility.
+    msg->targetLen = 0;
+    msg->target = nullptr;
+  }
+
+  // read flags
+  msg->flags = ReadUint32(cursor);
+
+  // read challenge
+  memcpy(msg->challenge, cursor, sizeof(msg->challenge));
+  cursor += sizeof(msg->challenge);
+
+  LOG(("NTLM type 2 message:\n"));
+  LogBuf("target", msg->target, msg->targetLen);
+  LogBuf("flags",
+         mozilla::BitwiseCast<const uint8_t*, const uint32_t*>(&msg->flags), 4);
+  LogFlags(msg->flags);
+  LogBuf("challenge", msg->challenge, sizeof(msg->challenge));
+
+  // Read (and skip) the reserved field
+  ReadUint32(cursor);
+  ReadUint32(cursor);
+  // Read target name security buffer: ...
+  // ... read target length.
+  uint32_t targetInfoLen = ReadUint16(cursor);
+  // ... skip next 16-bit "allocated space" value.
+  ReadUint16(cursor);
+  // ... read offset from inBuf.
+  offset = ReadUint32(cursor);
+  mozilla::CheckedInt<uint32_t> targetInfoEnd = offset;
+  targetInfoEnd += targetInfoLen;
+  // Check the offset / length combo is in range of the input buffer, including
+  // integer overflow checking.
+  if (MOZ_LIKELY(targetInfoEnd.isValid() && targetInfoEnd.value() <= inLen)) {
+    msg->targetInfoLen = targetInfoLen;
+    msg->targetInfo = static_cast<const uint8_t*>(inBuf) + offset;
+  } else {
+    NS_ERROR("failed to get NTLMv2 target info");
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+GenerateType3Msg(const nsString &domain,
+                 const nsString &username,
+                 const nsString &password,
+                 const void     *inBuf,
+                 uint32_t        inLen,
+                 void          **outBuf,
+                 uint32_t       *outLen)
+{
+  // inBuf contains Type-2 msg (the challenge) from server
+  MOZ_ASSERT(NS_IsMainThread());
+  nsresult rv;
+  Type2Msg msg;
+
+  rv = ParseType2Msg(inBuf, inLen, &msg);
+  if (NS_FAILED(rv))
+    return rv;
+
+  bool unicode = (msg.flags & NTLM_NegotiateUnicode);
+
+  // There is no negotiation for NTLMv2, so we just do it unless we are forced
+  // by explict user configuration to use the older DES-based cryptography.
+  bool ntlmv2 = (sNTLMv1Forced == false);
+
+  // temporary buffers for unicode strings
+#ifdef IS_BIG_ENDIAN
+  nsAutoString ucsDomainBuf, ucsUserBuf;
+#endif
+  nsAutoCString hostBuf;
+  nsAutoString ucsHostBuf; 
+  // temporary buffers for oem strings
+  nsAutoCString oemDomainBuf, oemUserBuf, oemHostBuf;
+  // pointers and lengths for the string buffers; encoding is unicode if
+  // the "negotiate unicode" flag was set in the Type-2 message.
+  const void *domainPtr, *userPtr, *hostPtr;
+  uint32_t domainLen, userLen, hostLen;
+
+  // This is for NTLM, for NTLMv2 we set the new full length once we know it
+  mozilla::CheckedInt<uint16_t> ntlmRespLen = NTLM_RESP_LEN;
+
+  //
+  // get domain name
+  //
+  if (unicode)
+  {
+#ifdef IS_BIG_ENDIAN
+    ucsDomainBuf = domain;
+    domainPtr = ucsDomainBuf.get();
+    domainLen = ucsDomainBuf.Length() * 2;
+    WriteUnicodeLE(const_cast<void*>(domainPtr),
+                   static_cast<const char16_t*>(domainPtr),
+                   ucsDomainBuf.Length());
+#else
+    domainPtr = domain.get();
+    domainLen = domain.Length() * 2;
+#endif
+  }
+  else
+  {
+    NS_CopyUnicodeToNative(domain, oemDomainBuf);
+    domainPtr = oemDomainBuf.get();
+    domainLen = oemDomainBuf.Length();
+  }
+
+  //
+  // get user name
+  //
+  if (unicode)
+  {
+#ifdef IS_BIG_ENDIAN
+    ucsUserBuf = username;
+    userPtr = ucsUserBuf.get();
+    userLen = ucsUserBuf.Length() * 2;
+    WriteUnicodeLE(const_cast<void*>(userPtr),
+                   static_cast<const char16_t*>(userPtr),
+                   ucsUserBuf.Length());
+#else
+    userPtr = username.get();
+    userLen = username.Length() * 2;
+#endif
+  }
+  else
+  {
+    NS_CopyUnicodeToNative(username, oemUserBuf);
+    userPtr = oemUserBuf.get();
+    userLen = oemUserBuf.Length();
+  }
+
+  //
+  // get workstation name
+  // (do not use local machine's hostname after bug 1046421)
+  //
+  rv = mozilla::Preferences::GetCString("network.generic-ntlm-auth.workstation",
+                                        &hostBuf);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (unicode)
+  {
+    ucsHostBuf = NS_ConvertUTF8toUTF16(hostBuf);
+    hostPtr = ucsHostBuf.get();
+    hostLen = ucsHostBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(hostPtr),
+                   static_cast<const char16_t*>(hostPtr),
+                   ucsHostBuf.Length());
+#endif
+  }
+  else
+  {
+    hostPtr = hostBuf.get();
+    hostLen = hostBuf.Length();
+  }
+
+  //
+  // now that we have generated all of the strings, we can allocate outBuf.
+  //
+  //
+  // next, we compute the NTLM or NTLM2 responses.
+  //
+  uint8_t lmResp[LM_RESP_LEN];
+  uint8_t ntlmResp[NTLM_RESP_LEN];
+  uint8_t ntlmv2Resp[NTLMv2_RESP_LEN];
+  uint8_t ntlmHash[NTLM_HASH_LEN];
+  uint8_t ntlmv2_blob1[NTLMv2_BLOB1_LEN];
+  if (ntlmv2) {
+    // NTLMv2 mode, the default
+    nsString userUpper, domainUpper;
+    nsAutoCString ntlmHashStr;
+    nsAutoCString ntlmv2HashStr;
+    nsAutoCString lmv2ResponseStr;
+    nsAutoCString ntlmv2ResponseStr;
+
+    // temporary buffers for unicode strings
+    nsAutoString ucsDomainUpperBuf;
+    nsAutoString ucsUserUpperBuf;
+    const void *domainUpperPtr;
+    const void *userUpperPtr;
+    uint32_t domainUpperLen;
+    uint32_t userUpperLen;
+
+    if (msg.targetInfoLen == 0) {
+      NS_ERROR("failed to get NTLMv2 target info, can not do NTLMv2");
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    ToUpperCase(username, ucsUserUpperBuf);
+    userUpperPtr = ucsUserUpperBuf.get();
+    userUpperLen = ucsUserUpperBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(userUpperPtr),
+                   static_cast<const char16_t*>(userUpperPtr),
+                   ucsUserUpperBuf.Length());
+#endif
+    ToUpperCase(domain, ucsDomainUpperBuf);
+    domainUpperPtr = ucsDomainUpperBuf.get();
+    domainUpperLen = ucsDomainUpperBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(domainUpperPtr),
+                   static_cast<const char16_t*>(domainUpperPtr),
+                   ucsDomainUpperBuf.Length());
+#endif
+
+    NTLM_Hash(password, ntlmHash);
+    ntlmHashStr = nsAutoCString(
+      mozilla::BitwiseCast<const char*, const uint8_t*>(ntlmHash), NTLM_HASH_LEN);
+
+    nsCOMPtr<nsIKeyObjectFactory> keyFactory =
+        do_CreateInstance(NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &rv);
+
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    nsCOMPtr<nsIKeyObject> ntlmKey =
+        do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = keyFactory->KeyFromString(nsIKeyObject::HMAC, ntlmHashStr, getter_AddRefs(ntlmKey));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    nsCOMPtr<nsICryptoHMAC> hasher =
+        do_CreateInstance(NS_CRYPTO_HMAC_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Init(nsICryptoHMAC::MD5, ntlmKey);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(static_cast<const uint8_t*>(userUpperPtr), userUpperLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(static_cast<const uint8_t*>(domainUpperPtr),
+                        domainUpperLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, ntlmv2HashStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    uint8_t client_random[NTLM_CHAL_LEN];
+    PK11_GenerateRandom(client_random, NTLM_CHAL_LEN);
+
+    nsCOMPtr<nsIKeyObject> ntlmv2Key =
+        do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Prepare the LMv2 response
+    rv = keyFactory->KeyFromString(nsIKeyObject::HMAC, ntlmv2HashStr, getter_AddRefs(ntlmv2Key));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = hasher->Init(nsICryptoHMAC::MD5, ntlmv2Key);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(client_random, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, lmv2ResponseStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (lmv2ResponseStr.Length() != NTLMv2_HASH_LEN) {
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    memcpy(lmResp, lmv2ResponseStr.get(), NTLMv2_HASH_LEN);
+    memcpy(lmResp + NTLMv2_HASH_LEN, client_random, NTLM_CHAL_LEN);
+
+    memset(ntlmv2_blob1, 0, NTLMv2_BLOB1_LEN);
+
+    time_t unix_time;
+    uint64_t nt_time = time(&unix_time);
+    nt_time += 11644473600LL;    // Number of seconds betwen 1601 and 1970
+    nt_time *= 1000 * 1000 * 10; // Convert seconds to 100 ns units
+
+    ntlmv2_blob1[0] = 1;
+    ntlmv2_blob1[1] = 1;
+    mozilla::LittleEndian::writeUint64(&ntlmv2_blob1[8], nt_time);
+    PK11_GenerateRandom(&ntlmv2_blob1[16], NTLM_CHAL_LEN);
+
+    rv = hasher->Init(nsICryptoHMAC::MD5, ntlmv2Key);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(ntlmv2_blob1, NTLMv2_BLOB1_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.targetInfo, msg.targetInfoLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, ntlmv2ResponseStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (ntlmv2ResponseStr.Length() != NTLMv2_RESP_LEN) {
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    memcpy(ntlmv2Resp, ntlmv2ResponseStr.get(), NTLMv2_RESP_LEN);
+    ntlmRespLen = NTLMv2_RESP_LEN + NTLMv2_BLOB1_LEN;
+    ntlmRespLen += msg.targetInfoLen;
+    if (!ntlmRespLen.isValid()) {
+      NS_ERROR("failed to do NTLMv2: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+  } else if (msg.flags & NTLM_NegotiateNTLM2Key) {
+    // compute NTLM2 session response
+    nsCString sessionHashString;
+
+    PK11_GenerateRandom(lmResp, NTLM_CHAL_LEN);
+    memset(lmResp + NTLM_CHAL_LEN, 0, LM_RESP_LEN - NTLM_CHAL_LEN);
+
+    nsCOMPtr<nsICryptoHash> hasher =
+        do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Init(nsICryptoHash::MD5);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(lmResp, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, sessionHashString);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    auto sessionHash = mozilla::BitwiseCast<const uint8_t*, const char*>(
+      sessionHashString.get());
+
+    LogBuf("NTLM2 effective key: ", sessionHash, 8);
+
+    NTLM_Hash(password, ntlmHash);
+    LM_Response(ntlmHash, sessionHash, ntlmResp);
+  } else {
+    NTLM_Hash(password, ntlmHash);
+    LM_Response(ntlmHash, msg.challenge, ntlmResp);
+
+    // According to http://davenport.sourceforge.net/ntlm.html#ntlmVersion2,
+    // the correct way to not send the LM hash is to send the NTLM hash twice
+    // in both the LM and NTLM response fields.
+    LM_Response(ntlmHash, msg.challenge, lmResp);
+  }
+
+  mozilla::CheckedInt<uint32_t> totalLen = NTLM_TYPE3_HEADER_LEN + LM_RESP_LEN;
+  totalLen += hostLen;
+  totalLen += domainLen;
+  totalLen += userLen;
+  totalLen += ntlmRespLen.value();
+
+  if (!totalLen.isValid()) {
+    NS_ERROR("failed preparing to allocate NTLM response: integer overflow?!?");
+    return NS_ERROR_FAILURE;
+  }
+  *outBuf = moz_xmalloc(totalLen.value());
+  *outLen = totalLen.value();
+  if (!*outBuf) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  //
+  // finally, we assemble the Type-3 msg :-)
+  //
+  void *cursor = *outBuf;
+  mozilla::CheckedInt<uint32_t> offset;
+
+  // 0 : signature
+  cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
+
+  // 8 : marker
+  cursor = WriteBytes(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_TYPE3_MARKER));
+
+  // 12 : LM response sec buf
+  offset = NTLM_TYPE3_HEADER_LEN;
+  offset += domainLen;
+  offset += userLen;
+  offset += hostLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), lmResp, LM_RESP_LEN);
+
+  // 20 : NTLM or NTLMv2 response sec buf
+  offset += LM_RESP_LEN;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, ntlmRespLen.value(), offset.value());
+  if (ntlmv2) {
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2Resp,
+           NTLMv2_RESP_LEN);
+    offset += NTLMv2_RESP_LEN;
+    if (!offset.isValid()) {
+      NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2_blob1,
+           NTLMv2_BLOB1_LEN);
+    offset += NTLMv2_BLOB1_LEN;
+    if (!offset.isValid()) {
+      NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), msg.targetInfo,
+           msg.targetInfoLen);
+  } else {
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmResp,
+           NTLM_RESP_LEN);
+  }
+  // 28 : domain name sec buf
+  offset = NTLM_TYPE3_HEADER_LEN;
+  cursor = WriteSecBuf(cursor, domainLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), domainPtr, domainLen);
+
+  // 36 : user name sec buf
+  offset += domainLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, userLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), userPtr, userLen);
+
+  // 44 : workstation (host) name sec buf
+  offset += userLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, hostLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), hostPtr, hostLen);
+
+  // 52 : session key sec buf (not used)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  // 60 : negotiated flags
+  cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS);
+
+  return NS_OK;
+}
+
+//-----------------------------------------------------------------------------
+
+NS_IMPL_ISUPPORTS(nsNTLMAuthModule, nsIAuthModule)
+
+nsNTLMAuthModule::~nsNTLMAuthModule()
+{
+  ZapString(mPassword);
+}
+
+nsresult
+nsNTLMAuthModule::InitTest()
+{
+  static bool prefObserved = false;
+  if (!prefObserved) {
+    mozilla::Preferences::AddBoolVarCache(
+      &sNTLMv1Forced, "network.auth.force-generic-ntlm-v1", sNTLMv1Forced);
+    prefObserved = true;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  //
+  // disable NTLM authentication when FIPS mode is enabled.
+  //
+  return PK11_IsFIPS() ? NS_ERROR_NOT_AVAILABLE : NS_OK;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Init(const char      *serviceName,
+                       uint32_t         serviceFlags,
+                       const char16_t *domain,
+                       const char16_t *username,
+                       const char16_t *password)
+{
+  NS_ASSERTION((serviceFlags & ~nsIAuthModule::REQ_PROXY_AUTH) == nsIAuthModule::REQ_DEFAULT,
+      "unexpected service flags");
+
+  mDomain = domain;
+  mUsername = username;
+  mPassword = password;
+  mNTLMNegotiateSent = false;
+
+  static bool sTelemetrySent = false;
+  if (!sTelemetrySent) {
+      mozilla::Telemetry::Accumulate(
+          mozilla::Telemetry::NTLM_MODULE_USED_2,
+          serviceFlags & nsIAuthModule::REQ_PROXY_AUTH
+              ? NTLM_MODULE_GENERIC_PROXY
+              : NTLM_MODULE_GENERIC_DIRECT);
+      sTelemetrySent = true;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::GetNextToken(const void *inToken,
+                               uint32_t    inTokenLen,
+                               void      **outToken,
+                               uint32_t   *outTokenLen)
+{
+  nsresult rv;
+  nsNSSShutDownPreventionLock locker;
+  //
+  // disable NTLM authentication when FIPS mode is enabled.
+  //
+  if (PK11_IsFIPS())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mNTLMNegotiateSent) {
+    // if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1),
+    // then the NTLMSSP_CHALLENGE (type 2) is expected
+    if (inToken) {
+      LogToken("in-token", inToken, inTokenLen);
+      // Now generate the NTLMSSP_AUTH (type 3)
+      rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
+			    inTokenLen, outToken, outTokenLen);
+    } else {
+      LOG(("NTLMSSP_NEGOTIATE already sent and presumably "
+	   "rejected by the server, refusing to send another"));
+      rv = NS_ERROR_UNEXPECTED;
+    }
+  } else {
+    if (inToken) {
+      LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?"));
+      rv = NS_ERROR_UNEXPECTED;
+    } else {
+      rv = GenerateType1Msg(outToken, outTokenLen);
+      if (NS_SUCCEEDED(rv)) {
+	mNTLMNegotiateSent = true;
+      }
+    }
+  }
+
+  if (NS_SUCCEEDED(rv))
+    LogToken("out-token", *outToken, *outTokenLen);
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Unwrap(const void *inToken,
+                        uint32_t    inTokenLen,
+                        void      **outToken,
+                        uint32_t   *outTokenLen)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Wrap(const void *inToken,
+                       uint32_t    inTokenLen,
+                       bool        confidential,
+                       void      **outToken,
+                       uint32_t   *outTokenLen)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+//-----------------------------------------------------------------------------
+// DES support code
+
+// set odd parity bit (in least significant bit position)
+static uint8_t
+des_setkeyparity(uint8_t x)
+{
+  if ((((x >> 7) ^ (x >> 6) ^ (x >> 5) ^
+        (x >> 4) ^ (x >> 3) ^ (x >> 2) ^
+        (x >> 1)) & 0x01) == 0)
+    x |= 0x01;
+  else
+    x &= 0xfe;
+  return x;
+}
+
+// build 64-bit des key from 56-bit raw key
+static void
+des_makekey(const uint8_t *raw, uint8_t *key)
+{
+  key[0] = des_setkeyparity(raw[0]);
+  key[1] = des_setkeyparity((raw[0] << 7) | (raw[1] >> 1));
+  key[2] = des_setkeyparity((raw[1] << 6) | (raw[2] >> 2));
+  key[3] = des_setkeyparity((raw[2] << 5) | (raw[3] >> 3));
+  key[4] = des_setkeyparity((raw[3] << 4) | (raw[4] >> 4));
+  key[5] = des_setkeyparity((raw[4] << 3) | (raw[5] >> 5));
+  key[6] = des_setkeyparity((raw[5] << 2) | (raw[6] >> 6));
+  key[7] = des_setkeyparity((raw[6] << 1));
+}
+
+// run des encryption algorithm (using NSS)
+static void
+des_encrypt(const uint8_t *key, const uint8_t *src, uint8_t *hash)
+{
+  CK_MECHANISM_TYPE cipherMech = CKM_DES_ECB;
+  PK11SymKey *symkey = nullptr;
+  PK11Context *ctxt = nullptr;
+  SECItem keyItem;
+  mozilla::UniqueSECItem param;
+  SECStatus rv;
+  unsigned int n;
+
+  mozilla::UniquePK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr));
+  if (!slot)
+  {
+    NS_ERROR("no slot");
+    goto done;
+  }
+
+  keyItem.data = const_cast<uint8_t*>(key);
+  keyItem.len = 8;
+  symkey = PK11_ImportSymKey(slot.get(), cipherMech,
+                             PK11_OriginUnwrap, CKA_ENCRYPT,
+                             &keyItem, nullptr);
+  if (!symkey)
+  {
+    NS_ERROR("no symkey");
+    goto done;
+  }
+
+  // no initialization vector required
+  param = mozilla::UniqueSECItem(PK11_ParamFromIV(cipherMech, nullptr));
+  if (!param)
+  {
+    NS_ERROR("no param");
+    goto done;
+  }
+
+  ctxt = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT,
+                                    symkey, param.get());
+  if (!ctxt) {
+    NS_ERROR("no context");
+    goto done;
+  }
+
+  rv = PK11_CipherOp(ctxt, hash, (int *) &n, 8, (uint8_t *) src, 8);
+  if (rv != SECSuccess) {
+    NS_ERROR("des failure");
+    goto done;
+  }
+
+  rv = PK11_DigestFinal(ctxt, hash+8, &n, 0);
+  if (rv != SECSuccess) {
+    NS_ERROR("des failure");
+    goto done;
+  }
+
+done:
+  if (ctxt)
+    PK11_DestroyContext(ctxt, true);
+  if (symkey)
+    PK11_FreeSymKey(symkey);
+}
diff --git a/security/manager/ssl/nsNTLMAuthModule.h b/security/manager/ssl/nsNTLMAuthModule.h
new file mode 100644
index 000000000..27bf2999f
--- /dev/null
+++ b/security/manager/ssl/nsNTLMAuthModule.h
@@ -0,0 +1,44 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNTLMAuthModule_h__
+#define nsNTLMAuthModule_h__
+
+#include "nsIAuthModule.h"
+#include "nsString.h"
+
+class nsNTLMAuthModule : public nsIAuthModule
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIAUTHMODULE
+
+  nsNTLMAuthModule() {}
+
+  nsresult InitTest();
+
+  static void SetSendLM(bool sendLM);
+
+protected:
+  virtual ~nsNTLMAuthModule();
+
+private:
+  nsString mDomain;
+  nsString mUsername;
+  nsString mPassword;
+  bool mNTLMNegotiateSent;
+};
+
+#define NS_NTLMAUTHMODULE_CONTRACTID \
+  NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm"
+#define NS_NTLMAUTHMODULE_CID \
+{ /* a4e5888f-4fe4-4632-8e7e-745196ea7c70 */       \
+  0xa4e5888f,                                      \
+  0x4fe4,                                          \
+  0x4632,                                          \
+  {0x8e, 0x7e, 0x74, 0x51, 0x96, 0xea, 0x7c, 0x70} \
+}
+
+#endif // nsNTLMAuthModule_h__
diff --git a/security/manager/ssl/nsPK11TokenDB.cpp b/security/manager/ssl/nsPK11TokenDB.cpp
new file mode 100644
index 000000000..7743b7d5d
--- /dev/null
+++ b/security/manager/ssl/nsPK11TokenDB.cpp
@@ -0,0 +1,498 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsPK11TokenDB.h"
+
+#include <string.h>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsIMutableArray.h"
+#include "nsISupports.h"
+#include "nsNSSComponent.h"
+#include "nsPromiseFlatString.h"
+#include "nsReadableUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "prerror.h"
+#include "secerr.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsPK11Token, nsIPK11Token)
+
+nsPK11Token::nsPK11Token(PK11SlotInfo* slot)
+  : mUIContext(new PipUIContext())
+{
+  MOZ_ASSERT(slot);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  mSlot.reset(PK11_ReferenceSlot(slot));
+  mSeries = PK11_GetSlotSeries(slot);
+
+  Unused << refreshTokenInfo(locker);
+}
+
+nsresult
+nsPK11Token::refreshTokenInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  mTokenName = PK11_GetTokenName(mSlot.get());
+
+  CK_TOKEN_INFO tokInfo;
+  nsresult rv = MapSECStatus(PK11_GetTokenInfo(mSlot.get(), &tokInfo));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Set the Label field
+  const char* ccLabel = mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(tokInfo.label);
+  mTokenLabel.Assign(ccLabel, strnlen(ccLabel, sizeof(tokInfo.label)));
+  mTokenLabel.Trim(" ", false, true);
+
+  // Set the Manufacturer field
+  const char* ccManID =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(tokInfo.manufacturerID);
+  mTokenManufacturerID.Assign(
+    ccManID,
+    strnlen(ccManID, sizeof(tokInfo.manufacturerID)));
+  mTokenManufacturerID.Trim(" ", false, true);
+
+  // Set the Hardware Version field
+  mTokenHWVersion.Truncate();
+  mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.major);
+  mTokenHWVersion.Append('.');
+  mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.minor);
+
+  // Set the Firmware Version field
+  mTokenFWVersion.Truncate();
+  mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.major);
+  mTokenFWVersion.Append('.');
+  mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.minor);
+
+  // Set the Serial Number field
+  const char* ccSerial =
+    mozilla::BitwiseCast<char*, CK_CHAR*>(tokInfo.serialNumber);
+  mTokenSerialNum.Assign(ccSerial,
+                         strnlen(ccSerial, sizeof(tokInfo.serialNumber)));
+  mTokenSerialNum.Trim(" ", false, true);
+
+  return NS_OK;
+}
+
+nsPK11Token::~nsPK11Token()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsPK11Token::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsPK11Token::destructorSafeDestroyNSSReference()
+{
+  mSlot = nullptr;
+}
+
+nsresult
+nsPK11Token::GetAttributeHelper(const nsACString& attribute,
+                        /*out*/ nsACString& xpcomOutParam)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // Handle removals/insertions.
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshTokenInfo(locker);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  xpcomOutParam = attribute;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenName(/*out*/ nsACString& tokenName)
+{
+  return GetAttributeHelper(mTokenName, tokenName);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenLabel(/*out*/ nsACString& tokenLabel)
+{
+  return GetAttributeHelper(mTokenLabel, tokenLabel);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenManID(/*out*/ nsACString& tokenManufacturerID)
+{
+  return GetAttributeHelper(mTokenManufacturerID, tokenManufacturerID);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenHWVersion(/*out*/ nsACString& tokenHWVersion)
+{
+  return GetAttributeHelper(mTokenHWVersion, tokenHWVersion);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenFWVersion(/*out*/ nsACString& tokenFWVersion)
+{
+  return GetAttributeHelper(mTokenFWVersion, tokenFWVersion);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenSerialNumber(/*out*/ nsACString& tokenSerialNum)
+{
+  return GetAttributeHelper(mTokenSerialNum, tokenSerialNum);
+}
+
+NS_IMETHODIMP
+nsPK11Token::IsLoggedIn(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_IsLoggedIn(mSlot.get(), 0);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::Login(bool force)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  nsresult rv;
+  bool test;
+  rv = this->NeedsLogin(&test);
+  if (NS_FAILED(rv)) return rv;
+  if (test && force) {
+    rv = this->LogoutSimple();
+    if (NS_FAILED(rv)) return rv;
+  }
+  rv = setPassword(mSlot.get(), mUIContext, locker);
+  if (NS_FAILED(rv)) return rv;
+
+  return MapSECStatus(PK11_Authenticate(mSlot.get(), true, mUIContext));
+}
+
+NS_IMETHODIMP
+nsPK11Token::LogoutSimple()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // PK11_Logout() can fail if the user wasn't logged in beforehand. We want
+  // this method to succeed even in this case, so we ignore the return value.
+  Unused << PK11_Logout(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::LogoutAndDropAuthenticatedResources()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv = LogoutSimple();
+
+  if (NS_FAILED(rv))
+    return rv;
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  return nssComponent->LogoutAuthenticatedPK11();
+}
+
+NS_IMETHODIMP
+nsPK11Token::Reset()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  return MapSECStatus(PK11_ResetToken(mSlot.get(), nullptr));
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetMinimumPasswordLength(int32_t* aMinimumPasswordLength)
+{
+  NS_ENSURE_ARG_POINTER(aMinimumPasswordLength);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *aMinimumPasswordLength = PK11_GetMinimumPwdLength(mSlot.get());
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetNeedsUserInit(bool* aNeedsUserInit)
+{
+  NS_ENSURE_ARG_POINTER(aNeedsUserInit);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *aNeedsUserInit = PK11_NeedUserInit(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::CheckPassword(const nsACString& password, bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  SECStatus srv =
+    PK11_CheckUserPassword(mSlot.get(), PromiseFlatCString(password).get());
+  if (srv != SECSuccess) {
+    *_retval =  false;
+    PRErrorCode error = PR_GetError();
+    if (error != SEC_ERROR_BAD_PASSWORD) {
+      /* something really bad happened - throw an exception */
+      return mozilla::psm::GetXPCOMFromNSSError(error);
+    }
+  } else {
+    *_retval =  true;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::InitPassword(const nsACString& initialPassword)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  return MapSECStatus(
+    PK11_InitPin(mSlot.get(), "", PromiseFlatCString(initialPassword).get()));
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetAskPasswordTimes(int32_t* askTimes)
+{
+  NS_ENSURE_ARG_POINTER(askTimes);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  int askTimeout;
+  PK11_GetSlotPWValues(mSlot.get(), askTimes, &askTimeout);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetAskPasswordTimeout(int32_t* askTimeout)
+{
+  NS_ENSURE_ARG_POINTER(askTimeout);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  int askTimes;
+  PK11_GetSlotPWValues(mSlot.get(), &askTimes, askTimeout);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::SetAskPasswordDefaults(const int32_t askTimes,
+                                    const int32_t askTimeout)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  PK11_SetSlotPWValues(mSlot.get(), askTimes, askTimeout);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::ChangePassword(const nsACString& oldPassword,
+                            const nsACString& newPassword)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // PK11_ChangePW() has different semantics for the empty string and for
+  // nullptr. In order to support this difference, we need to check IsVoid() to
+  // find out if our caller supplied null/undefined args or just empty strings.
+  // See Bug 447589.
+  return MapSECStatus(PK11_ChangePW(
+    mSlot.get(),
+    oldPassword.IsVoid() ? nullptr : PromiseFlatCString(oldPassword).get(),
+    newPassword.IsVoid() ? nullptr : PromiseFlatCString(newPassword).get()));
+}
+
+NS_IMETHODIMP
+nsPK11Token::IsHardwareToken(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_IsHW(mSlot.get());
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::NeedsLogin(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_NeedLogin(mSlot.get());
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::IsFriendly(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_IsFriendly(mSlot.get());
+
+  return NS_OK;
+}
+
+/*=========================================================*/
+
+NS_IMPL_ISUPPORTS(nsPK11TokenDB, nsIPK11TokenDB)
+
+nsPK11TokenDB::nsPK11TokenDB()
+{
+}
+
+nsPK11TokenDB::~nsPK11TokenDB()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsPK11TokenDB::GetInternalKeyToken(nsIPK11Token** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot.get());
+  token.forget(_retval);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11TokenDB::FindTokenByName(const nsACString& tokenName,
+                       /*out*/ nsIPK11Token** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(
+    PK11_FindSlotByName(PromiseFlatCString(tokenName).get()));
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot.get());
+  token.forget(_retval);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11TokenDB::ListTokens(nsISimpleEnumerator** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *_retval = nullptr;
+
+  UniquePK11SlotList list(
+    PK11_GetAllTokens(CKM_INVALID_MECHANISM, false, false, 0));
+  if (!list) {
+    return NS_ERROR_FAILURE;
+  }
+
+  for (PK11SlotListElement* le = PK11_GetFirstSafe(list.get()); le;
+       le = PK11_GetNextSafe(list.get(), le, false)) {
+    nsCOMPtr<nsIPK11Token> token = new nsPK11Token(le->slot);
+    nsresult rv = array->AppendElement(token, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return array->Enumerate(_retval);
+}
diff --git a/security/manager/ssl/nsPK11TokenDB.h b/security/manager/ssl/nsPK11TokenDB.h
new file mode 100644
index 000000000..1d29e592f
--- /dev/null
+++ b/security/manager/ssl/nsPK11TokenDB.h
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsPK11TokenDB_h
+#define nsPK11TokenDB_h
+
+#include "nsCOMPtr.h"
+#include "nsIPK11Token.h"
+#include "nsIPK11TokenDB.h"
+#include "nsISupports.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+#include "pk11func.h"
+#include "ScopedNSSTypes.h"
+
+class nsPK11Token : public nsIPK11Token,
+                    public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPK11TOKEN
+
+  explicit nsPK11Token(PK11SlotInfo *slot);
+
+protected:
+  virtual ~nsPK11Token();
+
+private:
+  friend class nsPK11TokenDB;
+  nsresult refreshTokenInfo(const nsNSSShutDownPreventionLock& proofOfLock);
+
+  nsCString mTokenName;
+  nsCString mTokenLabel;
+  nsCString mTokenManufacturerID;
+  nsCString mTokenHWVersion;
+  nsCString mTokenFWVersion;
+  nsCString mTokenSerialNum;
+  mozilla::UniquePK11SlotInfo mSlot;
+  int mSeries;
+  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+  nsresult GetAttributeHelper(const nsACString& attribute,
+                      /*out*/ nsACString& xpcomOutParam);
+};
+
+class nsPK11TokenDB : public nsIPK11TokenDB
+                    , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPK11TOKENDB
+
+  nsPK11TokenDB();
+
+protected:
+  virtual ~nsPK11TokenDB();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#define NS_PK11TOKENDB_CID \
+{ 0xb084a2ce, 0x1dd1, 0x11b2, \
+  { 0xbf, 0x10, 0x83, 0x24, 0xf8, 0xe0, 0x65, 0xcc }}
+
+#endif // nsPK11TokenDB_h
diff --git a/security/manager/ssl/nsPKCS11Slot.cpp b/security/manager/ssl/nsPKCS11Slot.cpp
new file mode 100644
index 000000000..780a7c4b2
--- /dev/null
+++ b/security/manager/ssl/nsPKCS11Slot.cpp
@@ -0,0 +1,569 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsPKCS11Slot.h"
+
+#include <string.h>
+
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsIMutableArray.h"
+#include "nsPK11TokenDB.h"
+#include "nsPromiseFlatString.h"
+#include "secmod.h"
+
+using mozilla::LogLevel;
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
+
+nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot)
+{
+  MOZ_ASSERT(slot);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  mSlot.reset(PK11_ReferenceSlot(slot));
+  mSeries = PK11_GetSlotSeries(slot);
+  Unused << refreshSlotInfo(locker);
+}
+
+nsresult
+nsPKCS11Slot::refreshSlotInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  CK_SLOT_INFO slotInfo;
+  nsresult rv = MapSECStatus(PK11_GetSlotInfo(mSlot.get(), &slotInfo));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Set the Description field
+  const char* ccDesc =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.slotDescription);
+  mSlotDesc.Assign(ccDesc, strnlen(ccDesc, sizeof(slotInfo.slotDescription)));
+  mSlotDesc.Trim(" ", false, true);
+
+  // Set the Manufacturer field
+  const char* ccManID =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.manufacturerID);
+  mSlotManufacturerID.Assign(
+    ccManID,
+    strnlen(ccManID, sizeof(slotInfo.manufacturerID)));
+  mSlotManufacturerID.Trim(" ", false, true);
+
+  // Set the Hardware Version field
+  mSlotHWVersion.Truncate();
+  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.major);
+  mSlotHWVersion.Append('.');
+  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.minor);
+
+  // Set the Firmware Version field
+  mSlotFWVersion.Truncate();
+  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.major);
+  mSlotFWVersion.Append('.');
+  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.minor);
+
+  return NS_OK;
+}
+
+nsPKCS11Slot::~nsPKCS11Slot()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsPKCS11Slot::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsPKCS11Slot::destructorSafeDestroyNSSReference()
+{
+  mSlot = nullptr;
+}
+
+nsresult
+nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute,
+                         /*out*/ nsACString& xpcomOutParam)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshSlotInfo(locker);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  xpcomOutParam = attribute;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetName(/*out*/ nsACString& name)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // |csn| is non-owning.
+  char* csn = PK11_GetSlotName(mSlot.get());
+  if (csn && *csn) {
+    name = csn;
+  } else if (PK11_HasRootCerts(mSlot.get())) {
+    // This is a workaround to an Root Module bug - the root certs module has
+    // no slot name.  Not bothering to localize, because this is a workaround
+    // and for now all the slot names returned by NSS are char * anyway.
+    name = NS_LITERAL_CSTRING("Root Certificates");
+  } else {
+    // same as above, this is a catch-all
+    name = NS_LITERAL_CSTRING("Unnamed Slot");
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetDesc(/*out*/ nsACString& desc)
+{
+  return GetAttributeHelper(mSlotDesc, desc);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetManID(/*out*/ nsACString& manufacturerID)
+{
+  return GetAttributeHelper(mSlotManufacturerID, manufacturerID);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetHWVersion(/*out*/ nsACString& hwVersion)
+{
+  return GetAttributeHelper(mSlotHWVersion, hwVersion);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetFWVersion(/*out*/ nsACString& fwVersion)
+{
+  return GetAttributeHelper(mSlotFWVersion, fwVersion);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetToken(nsIPK11Token** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot.get());
+  token.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetTokenName(/*out*/ nsACString& tokenName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (!PK11_IsPresent(mSlot.get())) {
+    tokenName.SetIsVoid(true);
+    return NS_OK;
+  }
+
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshSlotInfo(locker);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  tokenName = PK11_GetTokenName(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetStatus(uint32_t* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (PK11_IsDisabled(mSlot.get())) {
+    *_retval = SLOT_DISABLED;
+  } else if (!PK11_IsPresent(mSlot.get())) {
+    *_retval = SLOT_NOT_PRESENT;
+  } else if (PK11_NeedLogin(mSlot.get()) && PK11_NeedUserInit(mSlot.get())) {
+    *_retval = SLOT_UNINITIALIZED;
+  } else if (PK11_NeedLogin(mSlot.get()) &&
+             !PK11_IsLoggedIn(mSlot.get(), nullptr)) {
+    *_retval = SLOT_NOT_LOGGED_IN;
+  } else if (PK11_NeedLogin(mSlot.get())) {
+    *_retval = SLOT_LOGGED_IN;
+  } else {
+    *_retval = SLOT_READY;
+  }
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)
+
+nsPKCS11Module::nsPKCS11Module(SECMODModule* module)
+{
+  MOZ_ASSERT(module);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  mModule.reset(SECMOD_ReferenceModule(module));
+}
+
+nsPKCS11Module::~nsPKCS11Module()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsPKCS11Module::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsPKCS11Module::destructorSafeDestroyNSSReference()
+{
+  mModule = nullptr;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::GetName(/*out*/ nsACString& name)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  name = mModule->commonName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::GetLibName(/*out*/ nsACString& libName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mModule->dllName) {
+    libName = mModule->dllName;
+  } else {
+    libName.SetIsVoid(true);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::FindSlotByName(const nsACString& name,
+                       /*out*/ nsIPKCS11Slot** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  const nsCString& flatName = PromiseFlatCString(name);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"", flatName.get()));
+  UniquePK11SlotInfo slotInfo;
+  UniquePK11SlotList slotList(PK11_FindSlotsByNames(mModule->dllName,
+                                                    flatName.get() /*slotName*/,
+                                                    nullptr /*tokenName*/,
+                                                    false));
+  if (!slotList) {
+    /* name must be the token name */
+    slotList.reset(PK11_FindSlotsByNames(mModule->dllName, nullptr /*slotName*/,
+                                         flatName.get() /*tokenName*/, false));
+  }
+  if (slotList && slotList->head && slotList->head->slot) {
+    slotInfo.reset(PK11_ReferenceSlot(slotList->head->slot));
+  }
+  if (!slotInfo) {
+    // workaround - the builtin module has no name
+    if (!flatName.EqualsLiteral("Root Certificates")) {
+      // Give up.
+      return NS_ERROR_FAILURE;
+    }
+
+    slotInfo.reset(PK11_ReferenceSlot(mModule->slots[0]));
+  }
+
+  nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotInfo.get());
+  slot.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* applications which allow new slot creation (which Firefox now does
+   * since it uses the WaitForSlotEvent call) need to hold the
+   * ModuleList Read lock to prevent the slot array from changing out
+   * from under it. */
+  AutoSECMODListReadLock lock;
+  for (int i = 0; i < mModule->slotCount; i++) {
+    if (mModule->slots[i]) {
+      nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
+      nsresult rv = array->AppendElement(slot, false);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+  }
+
+  return array->Enumerate(_retval);
+}
+
+NS_IMPL_ISUPPORTS(nsPKCS11ModuleDB, nsIPKCS11ModuleDB, nsICryptoFIPSInfo)
+
+nsPKCS11ModuleDB::nsPKCS11ModuleDB()
+{
+}
+
+nsPKCS11ModuleDB::~nsPKCS11ModuleDB()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueSECMODModule nssMod(
+    SECMOD_CreateModule(nullptr, SECMOD_INT_NAME, nullptr, SECMOD_INT_FLAGS));
+  if (!nssMod) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod.get());
+  module.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueSECMODModule nssMod(
+    SECMOD_CreateModule(nullptr, SECMOD_FIPS_NAME, nullptr, SECMOD_FIPS_FLAGS));
+  if (!nssMod) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod.get());
+  module.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::FindModuleByName(const nsACString& name,
+                           /*out*/ nsIPKCS11Module** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueSECMODModule mod(SECMOD_FindModule(PromiseFlatCString(name).get()));
+  if (!mod) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(mod.get());
+  module.forget(_retval);
+  return NS_OK;
+}
+
+/* This is essentially the same as nsIPK11Token::findTokenByName, except
+ * that it returns an nsIPKCS11Slot, which may be desired.
+ */
+NS_IMETHODIMP
+nsPKCS11ModuleDB::FindSlotByName(const nsACString& name,
+                         /*out*/ nsIPKCS11Slot** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slotInfo(
+    PK11_FindSlotByName(PromiseFlatCString(name).get()));
+  if (!slotInfo) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotInfo.get());
+  slot.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::ListModules(nsISimpleEnumerator** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* lock down the list for reading */
+  AutoSECMODListReadLock lock;
+  for (SECMODModuleList* list = SECMOD_GetDefaultModuleList(); list;
+       list = list->next) {
+    nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
+    nsresult rv = array->AppendElement(module, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  /* Get the modules in the database that didn't load */
+  for (SECMODModuleList* list = SECMOD_GetDeadModuleList(); list;
+       list = list->next) {
+    nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
+    nsresult rv = array->AppendElement(module, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return array->Enumerate(_retval);
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS)
+{
+  NS_ENSURE_ARG_POINTER(aCanToggleFIPS);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aCanToggleFIPS = SECMOD_CanDeleteInternalModule();
+  return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::ToggleFIPSMode()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // The way to toggle FIPS mode in NSS is extremely obscure. Basically, we
+  // delete the internal module, and it gets replaced with the opposite module
+  // (i.e. if it was FIPS before, then it becomes non-FIPS next).
+  // SECMOD_GetInternalModule() returns a pointer to a local copy of the
+  // internal module stashed in NSS.  We don't want to delete it since it will
+  // cause much pain in NSS.
+  SECMODModule* internal = SECMOD_GetInternalModule();
+  if (!internal) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECMOD_DeleteInternalModule(internal->commonName) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (PK11_IsFIPS()) {
+    Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetIsFIPSEnabled(bool* aIsFIPSEnabled)
+{
+  NS_ENSURE_ARG_POINTER(aIsFIPSEnabled);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aIsFIPSEnabled = PK11_IsFIPS();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetIsFIPSModeActive(bool* aIsFIPSModeActive)
+{
+  return GetIsFIPSEnabled(aIsFIPSModeActive);
+}
diff --git a/security/manager/ssl/nsPKCS11Slot.h b/security/manager/ssl/nsPKCS11Slot.h
new file mode 100644
index 000000000..978df377c
--- /dev/null
+++ b/security/manager/ssl/nsPKCS11Slot.h
@@ -0,0 +1,88 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsPKCS11Slot_h
+#define nsPKCS11Slot_h
+
+#include "ScopedNSSTypes.h"
+#include "nsICryptoFIPSInfo.h"
+#include "nsIPKCS11Module.h"
+#include "nsIPKCS11ModuleDB.h"
+#include "nsIPKCS11Slot.h"
+#include "nsISupports.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+#include "pk11func.h"
+
+class nsPKCS11Slot : public nsIPKCS11Slot,
+                     public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11SLOT
+
+  explicit nsPKCS11Slot(PK11SlotInfo* slot);
+
+protected:
+  virtual ~nsPKCS11Slot();
+
+private:
+  mozilla::UniquePK11SlotInfo mSlot;
+  nsCString mSlotDesc;
+  nsCString mSlotManufacturerID;
+  nsCString mSlotHWVersion;
+  nsCString mSlotFWVersion;
+  int mSeries;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+  nsresult refreshSlotInfo(const nsNSSShutDownPreventionLock& proofOfLock);
+  nsresult GetAttributeHelper(const nsACString& attribute,
+                      /*out*/ nsACString& xpcomOutParam);
+};
+
+class nsPKCS11Module : public nsIPKCS11Module,
+                       public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULE
+
+  explicit nsPKCS11Module(SECMODModule* module);
+
+protected:
+  virtual ~nsPKCS11Module();
+
+private:
+  mozilla::UniqueSECMODModule mModule;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+class nsPKCS11ModuleDB : public nsIPKCS11ModuleDB
+                       , public nsICryptoFIPSInfo
+                       , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULEDB
+  NS_DECL_NSICRYPTOFIPSINFO
+
+  nsPKCS11ModuleDB();
+
+protected:
+  virtual ~nsPKCS11ModuleDB();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#define NS_PKCS11MODULEDB_CID \
+{ 0xff9fbcd7, 0x9517, 0x4334, \
+  { 0xb9, 0x7a, 0xce, 0xed, 0x78, 0x90, 0x99, 0x74 }}
+
+#endif // nsPKCS11Slot_h
diff --git a/security/manager/ssl/nsPKCS12Blob.cpp b/security/manager/ssl/nsPKCS12Blob.cpp
new file mode 100644
index 000000000..e3d80a398
--- /dev/null
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -0,0 +1,644 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsPKCS12Blob.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "nsCRT.h"
+#include "nsCRTGlue.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsICertificateDialogs.h"
+#include "nsIDirectoryService.h"
+#include "nsIFile.h"
+#include "nsIInputStream.h"
+#include "nsKeygenHandler.h" // For GetSlotWithMechanism
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsNetUtil.h"
+#include "nsPK11TokenDB.h"
+#include "nsReadableUtils.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+#include "pkix/pkixtypes.h"
+#include "prmem.h"
+#include "prprf.h"
+#include "secerr.h"
+
+using namespace mozilla;
+extern LazyLogModule gPIPNSSLog;
+
+#define PIP_PKCS12_TMPFILENAME   NS_LITERAL_CSTRING(".pip_p12tmp")
+#define PIP_PKCS12_BUFFER_SIZE   2048
+#define PIP_PKCS12_RESTORE_OK          1
+#define PIP_PKCS12_BACKUP_OK           2
+#define PIP_PKCS12_USER_CANCELED       3
+#define PIP_PKCS12_NOSMARTCARD_EXPORT  4
+#define PIP_PKCS12_RESTORE_FAILED      5
+#define PIP_PKCS12_BACKUP_FAILED       6
+#define PIP_PKCS12_NSS_ERROR           7
+
+// constructor
+nsPKCS12Blob::nsPKCS12Blob():mCertArray(nullptr),
+                             mTmpFile(nullptr),
+                             mTokenSet(false)
+{
+  mUIContext = new PipUIContext();
+}
+
+// destructor
+nsPKCS12Blob::~nsPKCS12Blob()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+// nsPKCS12Blob::SetToken
+//
+// Set the token to use for import/export
+nsresult
+nsPKCS12Blob::SetToken(nsIPK11Token *token)
+{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+  return NS_ERROR_NOT_AVAILABLE;
+ }
+ nsresult rv = NS_OK;
+ if (token) {
+   mToken = token;
+ } else {
+   PK11SlotInfo *slot;
+   rv = GetSlotWithMechanism(CKM_RSA_PKCS, mUIContext, &slot, locker);
+   if (NS_FAILED(rv)) {
+      mToken = nullptr;
+   } else {
+     mToken = new nsPK11Token(slot);
+     PK11_FreeSlot(slot);
+   }
+ }
+ mTokenSet = true;
+ return rv;
+}
+
+// nsPKCS12Blob::ImportFromFile
+//
+// Given a file handle, read a PKCS#12 blob from that file, decode it,
+// and import the results into the token.
+nsresult
+nsPKCS12Blob::ImportFromFile(nsIFile *file)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv = NS_OK;
+
+  if (!mToken) {
+    if (!mTokenSet) {
+      rv = SetToken(nullptr); // Ask the user to pick a slot
+      if (NS_FAILED(rv)) {
+        handleError(PIP_PKCS12_USER_CANCELED);
+        return rv;
+      }
+    }
+  }
+
+  if (!mToken) {
+    handleError(PIP_PKCS12_RESTORE_FAILED);
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // init slot
+  rv = mToken->Login(true);
+  if (NS_FAILED(rv)) return rv;
+  
+  RetryReason wantRetry;
+  
+  do {
+    rv = ImportFromFileHelper(file, im_standard_prompt, wantRetry);
+    
+    if (NS_SUCCEEDED(rv) && wantRetry == rr_auto_retry_empty_password_flavors)
+    {
+      rv = ImportFromFileHelper(file, im_try_zero_length_secitem, wantRetry);
+    }
+  }
+  while (NS_SUCCEEDED(rv) && (wantRetry != rr_do_not_retry));
+  
+  return rv;
+}
+
+nsresult
+nsPKCS12Blob::ImportFromFileHelper(nsIFile *file, 
+                                   nsPKCS12Blob::ImportMode aImportMode,
+                                   nsPKCS12Blob::RetryReason &aWantRetry)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv = NS_OK;
+  SECStatus srv = SECSuccess;
+  SEC_PKCS12DecoderContext *dcx = nullptr;
+  SECItem unicodePw;
+
+  UniquePK11SlotInfo slot;
+  nsAutoCString tokenName;
+  unicodePw.data = nullptr;
+
+  aWantRetry = rr_do_not_retry;
+
+  if (aImportMode == im_try_zero_length_secitem)
+  {
+    unicodePw.len = 0;
+  }
+  else
+  {
+    // get file password (unicode)
+    rv = getPKCS12FilePassword(&unicodePw);
+    if (NS_FAILED(rv)) goto finish;
+    if (!unicodePw.data) {
+      handleError(PIP_PKCS12_USER_CANCELED);
+      return NS_OK;
+    }
+  }
+
+  rv = mToken->GetTokenName(tokenName);
+  if (NS_FAILED(rv)) {
+    goto finish;
+  }
+  slot = UniquePK11SlotInfo(PK11_FindSlotByName(tokenName.get()));
+  if (!slot) {
+    srv = SECFailure;
+    goto finish;
+  }
+
+  // initialize the decoder
+  dcx = SEC_PKCS12DecoderStart(&unicodePw, slot.get(), nullptr, nullptr,
+                               nullptr, nullptr, nullptr, nullptr);
+  if (!dcx) {
+    srv = SECFailure;
+    goto finish;
+  }
+  // read input file and feed it to the decoder
+  rv = inputToDecoder(dcx, file);
+  if (NS_FAILED(rv)) {
+    if (NS_ERROR_ABORT == rv) {
+      // inputToDecoder indicated a NSS error
+      srv = SECFailure;
+    }
+    goto finish;
+  }
+  // verify the blob
+  srv = SEC_PKCS12DecoderVerify(dcx);
+  if (srv) goto finish;
+  // validate bags
+  srv = SEC_PKCS12DecoderValidateBags(dcx, nickname_collision);
+  if (srv) goto finish;
+  // import cert and key
+  srv = SEC_PKCS12DecoderImportBags(dcx);
+  if (srv) goto finish;
+  // Later - check to see if this should become default email cert
+  handleError(PIP_PKCS12_RESTORE_OK);
+finish:
+  // If srv != SECSuccess, NSS probably set a specific error code.
+  // We should use that error code instead of inventing a new one
+  // for every error possible.
+  if (srv != SECSuccess) {
+    if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) {
+      if (unicodePw.len == sizeof(char16_t))
+      {
+        // no password chars available, 
+        // unicodeToItem allocated space for the trailing zero character only.
+        aWantRetry = rr_auto_retry_empty_password_flavors;
+      }
+      else
+      {
+        aWantRetry = rr_bad_password;
+        handleError(PIP_PKCS12_NSS_ERROR);
+      }
+    }
+    else
+    {
+      handleError(PIP_PKCS12_NSS_ERROR);
+    }
+  } else if (NS_FAILED(rv)) {
+    handleError(PIP_PKCS12_RESTORE_FAILED);
+  }
+  // finish the decoder
+  if (dcx)
+    SEC_PKCS12DecoderFinish(dcx);
+  SECITEM_ZfreeItem(&unicodePw, false);
+  return NS_OK;
+}
+
+static bool
+isExtractable(SECKEYPrivateKey *privKey)
+{
+  ScopedAutoSECItem value;
+  SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey,
+                                       CKA_EXTRACTABLE, &value);
+  if (rv != SECSuccess) {
+    return false;
+  }
+
+  bool isExtractable = false;
+  if ((value.len == 1) && value.data) {
+    isExtractable = !!(*(CK_BBOOL*)value.data);
+  }
+  return isExtractable;
+}
+
+// nsPKCS12Blob::ExportToFile
+//
+// Having already loaded the certs, form them into a blob (loading the keys
+// also), encode the blob, and stuff it into the file.
+//
+// TODO: handle slots correctly
+//       mirror "slotToUse" behavior from PSM 1.x
+//       verify the cert array to start off with?
+//       open output file as nsIFileStream object?
+//       set appropriate error codes
+nsresult
+nsPKCS12Blob::ExportToFile(nsIFile *file, 
+                           nsIX509Cert **certs, int numCerts)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv;
+  SECStatus srv = SECSuccess;
+  SEC_PKCS12ExportContext *ecx = nullptr;
+  SEC_PKCS12SafeInfo *certSafe = nullptr, *keySafe = nullptr;
+  SECItem unicodePw;
+  nsAutoString filePath;
+  int i;
+  nsCOMPtr<nsIFile> localFileRef;
+  NS_ASSERTION(mToken, "Need to set the token before exporting");
+  // init slot
+
+  bool InformedUserNoSmartcardBackup = false;
+  int numCertsExported = 0;
+
+  rv = mToken->Login(true);
+  if (NS_FAILED(rv)) goto finish;
+  // get file password (unicode)
+  unicodePw.data = nullptr;
+  rv = newPKCS12FilePassword(&unicodePw);
+  if (NS_FAILED(rv)) goto finish;
+  if (!unicodePw.data) {
+    handleError(PIP_PKCS12_USER_CANCELED);
+    return NS_OK;
+  }
+  // what about slotToUse in psm 1.x ???
+  // create export context
+  ecx = SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
+  if (!ecx) {
+    srv = SECFailure;
+    goto finish;
+  }
+  // add password integrity
+  srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1);
+  if (srv) goto finish;
+  for (i=0; i<numCerts; i++) {
+    nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
+    // get it as a CERTCertificate XXX
+    UniqueCERTCertificate nssCert(cert->GetCert());
+    if (!nssCert) {
+      rv = NS_ERROR_FAILURE;
+      goto finish;
+    }
+    // We can only successfully export certs that are on 
+    // internal token.  Most, if not all, smart card vendors
+    // won't let you extract the private key (in any way
+    // shape or form) from the card.  So let's punt if 
+    // the cert is not in the internal db.
+    if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) {
+      // we aren't the internal token, see if the key is extractable.
+      SECKEYPrivateKey *privKey=PK11_FindKeyByDERCert(nssCert->slot,
+                                                      nssCert.get(), this);
+
+      if (privKey) {
+        bool privKeyIsExtractable = isExtractable(privKey);
+
+        SECKEY_DestroyPrivateKey(privKey);
+
+        if (!privKeyIsExtractable) {
+          if (!InformedUserNoSmartcardBackup) {
+            InformedUserNoSmartcardBackup = true;
+            handleError(PIP_PKCS12_NOSMARTCARD_EXPORT);
+          }
+          continue;
+        }
+      }
+    }
+
+    // XXX this is why, to verify the slot is the same
+    // PK11_FindObjectForCert(nssCert, nullptr, slot);
+    // create the cert and key safes
+    keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx);
+    if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
+      certSafe = keySafe;
+    } else {
+      certSafe = SEC_PKCS12CreatePasswordPrivSafe(ecx, &unicodePw,
+                           SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
+    }
+    if (!certSafe || !keySafe) {
+      rv = NS_ERROR_FAILURE;
+      goto finish;
+    }
+    // add the cert and key to the blob
+    srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, nullptr, nssCert.get(),
+                                  CERT_GetDefaultCertDB(), // XXX
+                                  keySafe, nullptr, true, &unicodePw,
+                      SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
+    if (srv) goto finish;
+    // cert was dup'ed, so release it
+    ++numCertsExported;
+  }
+  
+  if (!numCertsExported) goto finish;
+  
+  // prepare the instance to write to an export file
+  this->mTmpFile = nullptr;
+  file->GetPath(filePath);
+  // Use the nsCOMPtr var localFileRef so that
+  // the reference to the nsIFile we create gets released as soon as
+  // we're out of scope, ie when this function exits.
+  if (filePath.RFind(".p12", true, -1, 4) < 0) {
+    // We're going to add the .p12 extension to the file name just like
+    // Communicator used to.  We create a new nsIFile and initialize
+    // it with the new patch.
+    filePath.AppendLiteral(".p12");
+    localFileRef = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) goto finish;
+    localFileRef->InitWithPath(filePath);
+    file = localFileRef;
+  }
+  rv = file->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0664, 
+                              &mTmpFile);
+  if (NS_FAILED(rv) || !this->mTmpFile) goto finish;
+  // encode and write
+  srv = SEC_PKCS12Encode(ecx, write_export_file, this);
+  if (srv) goto finish;
+  handleError(PIP_PKCS12_BACKUP_OK);
+finish:
+  if (NS_FAILED(rv) || srv != SECSuccess) {
+    handleError(PIP_PKCS12_BACKUP_FAILED);
+  }
+  if (ecx)
+    SEC_PKCS12DestroyExportContext(ecx);
+  if (this->mTmpFile) {
+    PR_Close(this->mTmpFile);
+    this->mTmpFile = nullptr;
+  }
+  SECITEM_ZfreeItem(&unicodePw, false);
+  return rv;
+}
+
+///////////////////////////////////////////////////////////////////////
+//
+//  private members
+//
+///////////////////////////////////////////////////////////////////////
+
+// unicodeToItem
+//
+// For the NSS PKCS#12 library, must convert PRUnichars (shorts) to
+// a buffer of octets.  Must handle byte order correctly.
+nsresult
+nsPKCS12Blob::unicodeToItem(const char16_t *uni, SECItem *item)
+{
+  uint32_t len = NS_strlen(uni) + 1;
+  if (!SECITEM_AllocItem(nullptr, item, sizeof(char16_t) * len)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  mozilla::NativeEndian::copyAndSwapToBigEndian(item->data, uni, len);
+
+  return NS_OK;
+}
+
+// newPKCS12FilePassword
+//
+// Launch a dialog requesting the user for a new PKCS#12 file passowrd.
+// Handle user canceled by returning null password (caller must catch).
+nsresult
+nsPKCS12Blob::newPKCS12FilePassword(SECItem *unicodePw)
+{
+  nsresult rv = NS_OK;
+  nsAutoString password;
+  nsCOMPtr<nsICertificateDialogs> certDialogs;
+  rv = ::getNSSDialogs(getter_AddRefs(certDialogs), 
+                       NS_GET_IID(nsICertificateDialogs),
+                       NS_CERTIFICATEDIALOGS_CONTRACTID);
+  if (NS_FAILED(rv)) return rv;
+  bool pressedOK;
+  rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &pressedOK);
+  if (NS_FAILED(rv) || !pressedOK) return rv;
+  return unicodeToItem(password.get(), unicodePw);
+}
+
+// getPKCS12FilePassword
+//
+// Launch a dialog requesting the user for the password to a PKCS#12 file.
+// Handle user canceled by returning null password (caller must catch).
+nsresult
+nsPKCS12Blob::getPKCS12FilePassword(SECItem *unicodePw)
+{
+  nsresult rv = NS_OK;
+  nsAutoString password;
+  nsCOMPtr<nsICertificateDialogs> certDialogs;
+  rv = ::getNSSDialogs(getter_AddRefs(certDialogs), 
+                       NS_GET_IID(nsICertificateDialogs),
+                       NS_CERTIFICATEDIALOGS_CONTRACTID);
+  if (NS_FAILED(rv)) return rv;
+  bool pressedOK;
+  rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &pressedOK);
+  if (NS_FAILED(rv) || !pressedOK) return rv;
+  return unicodeToItem(password.get(), unicodePw);
+}
+
+// inputToDecoder
+//
+// Given a decoder, read bytes from file and input them to the decoder.
+nsresult
+nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext *dcx, nsIFile *file)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv;
+  SECStatus srv;
+  uint32_t amount;
+  char buf[PIP_PKCS12_BUFFER_SIZE];
+
+  nsCOMPtr<nsIInputStream> fileStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileStream), file);
+  
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  while (true) {
+    rv = fileStream->Read(buf, PIP_PKCS12_BUFFER_SIZE, &amount);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // feed the file data into the decoder
+    srv = SEC_PKCS12DecoderUpdate(dcx, 
+				  (unsigned char*) buf, 
+				  amount);
+    if (srv) {
+      // don't allow the close call to overwrite our precious error code
+      int pr_err = PORT_GetError();
+      PORT_SetError(pr_err);
+      return NS_ERROR_ABORT;
+    }
+    if (amount < PIP_PKCS12_BUFFER_SIZE)
+      break;
+  }
+  return NS_OK;
+}
+
+// nickname_collision
+// what to do when the nickname collides with one already in the db.
+// TODO: not handled, throw a dialog allowing the nick to be changed?
+SECItem *
+nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsNSSShutDownPreventionLock locker;
+  *cancel = false;
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv)) return nullptr;
+  int count = 1;
+  nsCString nickname;
+  nsAutoString nickFromProp;
+  nssComponent->GetPIPNSSBundleString("P12DefaultNickname", nickFromProp);
+  NS_ConvertUTF16toUTF8 nickFromPropC(nickFromProp);
+  // The user is trying to import a PKCS#12 file that doesn't have the
+  // attribute we use to set the nickname.  So in order to reduce the
+  // number of interactions we require with the user, we'll build a nickname
+  // for the user.  The nickname isn't prominently displayed in the UI, 
+  // so it's OK if we generate one on our own here.
+  //   XXX If the NSS API were smarter and actually passed a pointer to
+  //       the CERTCertificate* we're importing we could actually just
+  //       call default_nickname (which is what the issuance code path
+  //       does) and come up with a reasonable nickname.  Alas, the NSS
+  //       API limits our ability to produce a useful nickname without
+  //       bugging the user.  :(
+  while (1) {
+    // If we've gotten this far, that means there isn't a certificate
+    // in the database that has the same subject name as the cert we're
+    // trying to import.  So we need to come up with a "nickname" to 
+    // satisfy the NSS requirement or fail in trying to import.  
+    // Basically we use a default nickname from a properties file and 
+    // see if a certificate exists with that nickname.  If there isn't, then
+    // create update the count by one and append the string '#1' Or 
+    // whatever the count currently is, and look for a cert with 
+    // that nickname.  Keep updating the count until we find a nickname
+    // without a corresponding cert.
+    //  XXX If a user imports *many* certs without the 'friendly name'
+    //      attribute, then this may take a long time.  :(
+    nickname = nickFromPropC;
+    if (count > 1) {
+      nickname.AppendPrintf(" #%d", count);
+    }
+    UniqueCERTCertificate cert(CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
+                                                       nickname.get()));
+    if (!cert) {
+      break;
+    }
+    count++;
+  }
+  SECItem *newNick = new SECItem;
+  if (!newNick)
+    return nullptr;
+
+  newNick->type = siAsciiString;
+  newNick->data = (unsigned char*) strdup(nickname.get());
+  newNick->len  = strlen((char*)newNick->data);
+  return newNick;
+}
+
+// write_export_file
+// write bytes to the exported PKCS#12 file
+void
+nsPKCS12Blob::write_export_file(void *arg, const char *buf, unsigned long len)
+{
+  nsPKCS12Blob *cx = (nsPKCS12Blob *)arg;
+  PR_Write(cx->mTmpFile, buf, len);
+}
+
+// pip_ucs2_ascii_conversion_fn
+// required to be set by NSS (to do PKCS#12), but since we've already got
+// unicode make this a no-op.
+PRBool
+pip_ucs2_ascii_conversion_fn(PRBool toUnicode,
+                             unsigned char *inBuf,
+                             unsigned int inBufLen,
+                             unsigned char *outBuf,
+                             unsigned int maxOutBufLen,
+                             unsigned int *outBufLen,
+                             PRBool swapBytes)
+{
+  // do a no-op, since I've already got unicode.  Hah!
+  *outBufLen = inBufLen;
+  memcpy(outBuf, inBuf, inBufLen);
+  return true;
+}
+
+void
+nsPKCS12Blob::handleError(int myerr)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsPKCS12Blob::handleError called off the mai nthread.");
+    return;
+  }
+
+  int prerr = PORT_GetError();
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: NSS/NSPR error(%d)", prerr));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: I called(%d)", myerr));
+
+  const char * msgID = nullptr;
+
+  switch (myerr) {
+  case PIP_PKCS12_RESTORE_OK:       msgID = "SuccessfulP12Restore"; break;
+  case PIP_PKCS12_BACKUP_OK:        msgID = "SuccessfulP12Backup";  break;
+  case PIP_PKCS12_USER_CANCELED:
+    return;  /* Just ignore it for now */
+  case PIP_PKCS12_NOSMARTCARD_EXPORT: msgID = "PKCS12InfoNoSmartcardBackup"; break;
+  case PIP_PKCS12_RESTORE_FAILED:   msgID = "PKCS12UnknownErrRestore"; break;
+  case PIP_PKCS12_BACKUP_FAILED:    msgID = "PKCS12UnknownErrBackup"; break;
+  case PIP_PKCS12_NSS_ERROR:
+    switch (prerr) {
+    // The following errors have the potential to be "handled", by asking
+    // the user (via a dialog) whether s/he wishes to continue
+    case 0: break;
+    case SEC_ERROR_PKCS12_CERT_COLLISION:
+      /* pop a dialog saying the cert is already in the database */
+      /* ask to keep going?  what happens if one collision but others ok? */
+      // The following errors cannot be "handled", notify the user (via an alert)
+      // that the operation failed.
+    case SEC_ERROR_BAD_PASSWORD: msgID = "PK11BadPassword"; break;
+
+    case SEC_ERROR_BAD_DER:
+    case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
+    case SEC_ERROR_PKCS12_INVALID_MAC:
+      msgID = "PKCS12DecodeErr";
+      break;
+
+    case SEC_ERROR_PKCS12_DUPLICATE_DATA: msgID = "PKCS12DupData"; break;
+    }
+    break;
+  }
+
+  if (!msgID)
+    msgID = "PKCS12UnknownErr";
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent = do_GetService(kNSSComponentCID, &rv);
+  if (NS_SUCCEEDED(rv))
+    (void) nssComponent->ShowAlertFromStringBundle(msgID);
+}
diff --git a/security/manager/ssl/nsPKCS12Blob.h b/security/manager/ssl/nsPKCS12Blob.h
new file mode 100644
index 000000000..35891182c
--- /dev/null
+++ b/security/manager/ssl/nsPKCS12Blob.h
@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* $Id: nsPKCS12Blob.h,v 1.16 2006/04/12 15:43:32 benjamin%smedbergs.us Exp $ */
+
+#ifndef _NS_PKCS12BLOB_H_
+#define _NS_PKCS12BLOB_H_
+
+#include "nsCOMPtr.h"
+#include "nsString.h"
+#include "nsIFile.h"
+#include "nsIPK11TokenDB.h"
+#include "nsNSSHelper.h"
+#include "nsIPK11Token.h"
+#include "nsIMutableArray.h"
+
+#include "nss.h"
+
+#include "pkcs12.h"
+#include "p12plcy.h"
+
+class nsIX509Cert;
+
+//
+// nsPKCS12Blob
+//
+// Class for importing/exporting PKCS#12 blobs
+//
+class nsPKCS12Blob : public nsNSSShutDownObject
+{
+public:
+  nsPKCS12Blob();
+  virtual ~nsPKCS12Blob();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+  // Set the token to use (default is internal)
+  nsresult SetToken(nsIPK11Token *token);
+
+  // PKCS#12 Import
+  nsresult ImportFromFile(nsIFile *file);
+
+  // PKCS#12 Export
+  nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts);
+
+private:
+
+  nsCOMPtr<nsIPK11Token>          mToken;
+  nsCOMPtr<nsIMutableArray>       mCertArray;
+  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
+
+  // local helper functions
+  nsresult getPKCS12FilePassword(SECItem *);
+  nsresult newPKCS12FilePassword(SECItem *);
+  nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *);
+  nsresult unicodeToItem(const char16_t *, SECItem *);
+  void handleError(int myerr = 0);
+
+  // RetryReason and ImportMode are used when importing a PKCS12 file.
+  // There are two reasons that cause us to retry:
+  // - When the password entered by the user is incorrect.
+  //   The user will be prompted to try again.
+  // - When the user entered a zero length password.
+  //   An empty password should be represented as an empty
+  //   string (a SECItem that contains a single terminating
+  //   null UTF16 character), but some applications use a
+  //   zero length SECItem.
+  //   We try both variations, zero length item and empty string,
+  //   without giving a user prompt when trying the different empty password flavors.
+  
+  enum RetryReason { rr_do_not_retry, rr_bad_password, rr_auto_retry_empty_password_flavors };
+  enum ImportMode { im_standard_prompt, im_try_zero_length_secitem };
+  
+  nsresult ImportFromFileHelper(nsIFile *file, ImportMode aImportMode, RetryReason &aWantRetry);
+
+  // NSPR file I/O for export file
+  PRFileDesc *mTmpFile;
+
+  bool        mTokenSet;
+
+  static SECItem * nickname_collision(SECItem *, PRBool *, void *);
+  static void write_export_file(void *arg, const char *buf, unsigned long len);
+
+};
+
+#endif /* _NS_PKCS12BLOB_H_ */
diff --git a/security/manager/ssl/nsProtectedAuthThread.cpp b/security/manager/ssl/nsProtectedAuthThread.cpp
new file mode 100644
index 000000000..ea511b24a
--- /dev/null
+++ b/security/manager/ssl/nsProtectedAuthThread.cpp
@@ -0,0 +1,146 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11func.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "PSMRunnable.h"
+#include "nsString.h"
+#include "nsReadableUtils.h"
+#include "nsPKCS11Slot.h"
+#include "nsProtectedAuthThread.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsProtectedAuthThread, nsIProtectedAuthThread)
+
+static void nsProtectedAuthThreadRunner(void *arg)
+{
+    PR_SetCurrentThreadName("Protected Auth");
+
+    nsProtectedAuthThread *self = static_cast<nsProtectedAuthThread *>(arg);
+    self->Run();
+}
+
+nsProtectedAuthThread::nsProtectedAuthThread()
+: mMutex("nsProtectedAuthThread.mMutex")
+, mIAmRunning(false)
+, mLoginReady(false)
+, mThreadHandle(nullptr)
+, mSlot(0)
+, mLoginResult(SECFailure)
+{
+}
+
+nsProtectedAuthThread::~nsProtectedAuthThread()
+{
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::Login(nsIObserver *aObserver)
+{
+    NS_ENSURE_ARG(aObserver);
+    
+    if (!mSlot)
+        // We need pointer to the slot
+        return NS_ERROR_FAILURE;
+
+    MutexAutoLock lock(mMutex);
+    
+    if (mIAmRunning || mLoginReady) {
+        return NS_OK;
+    }
+
+    if (aObserver) {
+      // We must AddRef aObserver here on the main thread, because it probably
+      // does not implement a thread-safe AddRef.
+      mNotifyObserver = new NotifyObserverRunnable(aObserver,
+                                                   "operation-completed");
+    }
+
+    mIAmRunning = true;
+    
+    mThreadHandle = PR_CreateThread(PR_USER_THREAD, nsProtectedAuthThreadRunner, static_cast<void*>(this), 
+        PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
+    
+    // bool thread_started_ok = (threadHandle != nullptr);
+    // we might want to return "thread started ok" to caller in the future
+    NS_ASSERTION(mThreadHandle, "Could not create nsProtectedAuthThreadRunner thread\n");
+    
+    return NS_OK;
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::GetTokenName(nsAString &_retval)
+{
+    MutexAutoLock lock(mMutex);
+
+    // Get token name
+    CopyUTF8toUTF16(nsDependentCString(PK11_GetTokenName(mSlot)), _retval);
+
+    return NS_OK;
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::GetSlot(nsIPKCS11Slot **_retval)
+{
+    RefPtr<nsPKCS11Slot> slot;
+    {
+        MutexAutoLock lock(mMutex);
+        slot = new nsPKCS11Slot(mSlot);
+    }
+
+    slot.forget(_retval);
+    return NS_OK;
+}
+
+void nsProtectedAuthThread::SetParams(PK11SlotInfo* aSlot)
+{
+    MutexAutoLock lock(mMutex);
+
+    mSlot = (aSlot) ? PK11_ReferenceSlot(aSlot) : 0;
+}
+
+SECStatus nsProtectedAuthThread::GetResult()
+{
+    return mLoginResult;
+}
+
+void nsProtectedAuthThread::Run(void)
+{
+    // Login with null password. This call will also do C_Logout() but 
+    // it is harmless here
+    mLoginResult = PK11_CheckUserPassword(mSlot, 0);
+
+    nsCOMPtr<nsIRunnable> notifyObserver;
+    {
+        MutexAutoLock lock(mMutex);
+
+        mLoginReady = true;
+        mIAmRunning = false;
+
+        // Forget the slot
+        if (mSlot)
+        {
+            PK11_FreeSlot(mSlot);
+            mSlot = 0;
+        }
+
+        notifyObserver.swap(mNotifyObserver);
+    }
+    
+    if (notifyObserver) {
+        DebugOnly<nsresult> rv = NS_DispatchToMainThread(notifyObserver);
+	NS_ASSERTION(NS_SUCCEEDED(rv),
+		     "failed to dispatch protected auth observer to main thread");
+    }
+}
+
+void nsProtectedAuthThread::Join()
+{
+    if (!mThreadHandle)
+        return;
+    
+    PR_JoinThread(mThreadHandle);
+    mThreadHandle = nullptr;
+}
diff --git a/security/manager/ssl/nsProtectedAuthThread.h b/security/manager/ssl/nsProtectedAuthThread.h
new file mode 100644
index 000000000..d6bea8e13
--- /dev/null
+++ b/security/manager/ssl/nsProtectedAuthThread.h
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSPROTECTEDAUTHTHREAD_H_
+#define NSPROTECTEDAUTHTHREAD_H_
+
+#include <nsCOMPtr.h>
+#include "keyhi.h"
+#include "nspr.h"
+
+#include "mozilla/Mutex.h"
+#include "nsIProtectedAuthThread.h"
+
+class nsIRunnable;
+
+class nsProtectedAuthThread : public nsIProtectedAuthThread
+{
+private:
+    mozilla::Mutex mMutex;
+
+    nsCOMPtr<nsIRunnable> mNotifyObserver;
+
+    bool        mIAmRunning;
+    bool        mLoginReady;
+
+    PRThread    *mThreadHandle;
+
+    // Slot to do authentication on
+    PK11SlotInfo*   mSlot;
+
+    // Result of the authentication
+    SECStatus       mLoginResult;
+
+public:
+
+    nsProtectedAuthThread();
+
+    NS_DECL_THREADSAFE_ISUPPORTS
+    NS_DECL_NSIPROTECTEDAUTHTHREAD
+
+    // Sets parameters for the thread
+    void SetParams(PK11SlotInfo *slot);
+
+    // Gets result of the protected authentication operation
+    SECStatus GetResult();
+
+    void Join(void);
+
+    void Run(void);
+
+protected:
+    virtual ~nsProtectedAuthThread();
+};
+
+#endif // NSPROTECTEDAUTHTHREAD_H_
diff --git a/security/manager/ssl/nsRandomGenerator.cpp b/security/manager/ssl/nsRandomGenerator.cpp
new file mode 100644
index 000000000..6e41fae60
--- /dev/null
+++ b/security/manager/ssl/nsRandomGenerator.cpp
@@ -0,0 +1,55 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsRandomGenerator.h"
+
+#include "ScopedNSSTypes.h"
+#include "nsNSSComponent.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "secerr.h"
+
+NS_IMPL_ISUPPORTS(nsRandomGenerator, nsIRandomGenerator)
+
+NS_IMETHODIMP
+nsRandomGenerator::GenerateRandomBytes(uint32_t aLength,
+                                       uint8_t** aBuffer)
+{
+  NS_ENSURE_ARG_POINTER(aBuffer);
+  *aBuffer = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  auto buf = static_cast<uint8_t*>(moz_xmalloc(aLength));
+  if (!buf) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  SECStatus srv = PK11_GenerateRandomOnSlot(slot.get(), buf, aLength);
+  if (srv != SECSuccess) {
+    free(buf);
+    return NS_ERROR_FAILURE;
+  }
+
+  *aBuffer = buf;
+
+  return NS_OK;
+}
+
+nsRandomGenerator::~nsRandomGenerator()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  shutdown(ShutdownCalledFrom::Object);
+}
diff --git a/security/manager/ssl/nsRandomGenerator.h b/security/manager/ssl/nsRandomGenerator.h
new file mode 100644
index 000000000..197f2d747
--- /dev/null
+++ b/security/manager/ssl/nsRandomGenerator.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsRandomGenerator_h
+#define nsRandomGenerator_h
+
+#include "mozilla/Attributes.h"
+#include "nsIRandomGenerator.h"
+#include "nsNSSShutDown.h"
+
+#define NS_RANDOMGENERATOR_CID \
+  {0xbe65e2b7, 0xfe46, 0x4e0f, {0x88, 0xe0, 0x4b, 0x38, 0x5d, 0xb4, 0xd6, 0x8a}}
+
+#define NS_RANDOMGENERATOR_CONTRACTID \
+  "@mozilla.org/security/random-generator;1"
+
+class nsRandomGenerator final : public nsIRandomGenerator
+                              , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIRANDOMGENERATOR
+
+private:
+  ~nsRandomGenerator();
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#endif // nsRandomGenerator_h
diff --git a/security/manager/ssl/nsSSLSocketProvider.cpp b/security/manager/ssl/nsSSLSocketProvider.cpp
new file mode 100644
index 000000000..c0fe8586f
--- /dev/null
+++ b/security/manager/ssl/nsSSLSocketProvider.cpp
@@ -0,0 +1,68 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/BasePrincipal.h"
+#include "nsSSLSocketProvider.h"
+#include "nsNSSIOLayer.h"
+#include "nsError.h"
+
+using mozilla::NeckoOriginAttributes;
+
+nsSSLSocketProvider::nsSSLSocketProvider()
+{
+}
+
+nsSSLSocketProvider::~nsSSLSocketProvider()
+{
+}
+
+NS_IMPL_ISUPPORTS(nsSSLSocketProvider, nsISocketProvider)
+
+NS_IMETHODIMP
+nsSSLSocketProvider::NewSocket(int32_t family,
+                               const char *host,
+                               int32_t port,
+                               nsIProxyInfo *proxy,
+                               const NeckoOriginAttributes &originAttributes,
+                               uint32_t flags,
+                               PRFileDesc **_result,
+                               nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerNewSocket(family,
+                                      host,
+                                      port,
+                                      proxy,
+                                      originAttributes,
+                                      _result,
+                                      securityInfo,
+                                      false,
+                                      flags);
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
+
+// Add the SSL IO layer to an existing socket
+NS_IMETHODIMP
+nsSSLSocketProvider::AddToSocket(int32_t family,
+                                 const char *host,
+                                 int32_t port,
+                                 nsIProxyInfo *proxy,
+                                 const NeckoOriginAttributes &originAttributes,
+                                 uint32_t flags,
+                                 PRFileDesc *aSocket,
+                                 nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerAddToSocket(family,
+                                        host,
+                                        port,
+                                        proxy,
+                                        originAttributes,
+                                        aSocket,
+                                        securityInfo,
+                                        false,
+                                        flags);
+  
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
diff --git a/security/manager/ssl/nsSSLSocketProvider.h b/security/manager/ssl/nsSSLSocketProvider.h
new file mode 100644
index 000000000..95132f204
--- /dev/null
+++ b/security/manager/ssl/nsSSLSocketProvider.h
@@ -0,0 +1,29 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSSSLSOCKETPROVIDER_H_
+#define _NSSSLSOCKETPROVIDER_H_
+
+#include "nsISocketProvider.h"
+
+/* 217d014a-1dd2-11b2-999c-b0c4df79b324 */
+#define NS_SSLSOCKETPROVIDER_CID   \
+{ 0x217d014a, 0x1dd2, 0x11b2, {0x99, 0x9c, 0xb0, 0xc4, 0xdf, 0x79, 0xb3, 0x24}}
+
+
+class nsSSLSocketProvider : public nsISocketProvider
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISOCKETPROVIDER
+
+  // nsSSLSocketProvider methods:
+  nsSSLSocketProvider();
+protected:
+  virtual ~nsSSLSocketProvider();
+};
+
+#endif /* _NSSSLSOCKETPROVIDER_H_ */
diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp
new file mode 100644
index 000000000..1538b2aa7
--- /dev/null
+++ b/security/manager/ssl/nsSSLStatus.cpp
@@ -0,0 +1,379 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/Casting.h"
+#include "nsSSLStatus.h"
+#include "nsIClassInfoImpl.h"
+#include "nsIObjectOutputStream.h"
+#include "nsIObjectInputStream.h"
+#include "nsNSSCertificate.h"
+#include "SignedCertificateTimestamp.h"
+#include "ssl.h"
+
+NS_IMETHODIMP
+nsSSLStatus::GetServerCert(nsIX509Cert** aServerCert)
+{
+  NS_ENSURE_ARG_POINTER(aServerCert);
+
+  nsCOMPtr<nsIX509Cert> cert = mServerCert;
+  cert.forget(aServerCert);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetKeyLength(uint32_t* aKeyLength)
+{
+  NS_ENSURE_ARG_POINTER(aKeyLength);
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aKeyLength = cipherInfo.symKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetSecretKeyLength(uint32_t* aSecretKeyLength)
+{
+  NS_ENSURE_ARG_POINTER(aSecretKeyLength);
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aSecretKeyLength = cipherInfo.effectiveKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetCipherName(nsACString& aCipherName)
+{
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  aCipherName.Assign(cipherInfo.cipherSuiteName);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetProtocolVersion(uint16_t* aProtocolVersion)
+{
+  NS_ENSURE_ARG_POINTER(aProtocolVersion);
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aProtocolVersion = mProtocolVersion;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetCertificateTransparencyStatus(
+  uint16_t* aCertificateTransparencyStatus)
+{
+  NS_ENSURE_ARG_POINTER(aCertificateTransparencyStatus);
+
+  *aCertificateTransparencyStatus = mCertificateTransparencyStatus;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsDomainMismatch(bool* aIsDomainMismatch)
+{
+  NS_ENSURE_ARG_POINTER(aIsDomainMismatch);
+
+  *aIsDomainMismatch = mHaveCertErrorBits && mIsDomainMismatch;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsNotValidAtThisTime(bool* aIsNotValidAtThisTime)
+{
+  NS_ENSURE_ARG_POINTER(aIsNotValidAtThisTime);
+
+  *aIsNotValidAtThisTime = mHaveCertErrorBits && mIsNotValidAtThisTime;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsUntrusted(bool* aIsUntrusted)
+{
+  NS_ENSURE_ARG_POINTER(aIsUntrusted);
+
+  *aIsUntrusted = mHaveCertErrorBits && mIsUntrusted;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsExtendedValidation(bool* aIsEV)
+{
+  NS_ENSURE_ARG_POINTER(aIsEV);
+  *aIsEV = false;
+
+  // Never allow bad certs for EV, regardless of overrides.
+  if (mHaveCertErrorBits) {
+    return NS_OK;
+  }
+
+  if (mHasIsEVStatus) {
+    *aIsEV = mIsEV;
+    return NS_OK;
+  }
+
+  return NS_ERROR_NOT_AVAILABLE;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::Read(nsIObjectInputStream* aStream)
+{
+  nsCOMPtr<nsISupports> cert;
+  nsresult rv = aStream->ReadObject(true, getter_AddRefs(cert));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  mServerCert = do_QueryInterface(cert);
+  if (!mServerCert) {
+    return NS_NOINTERFACE;
+  }
+
+  rv = aStream->Read16(&mCipherSuite);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // The code below is a workaround to allow serializing new fields
+  // while preserving binary compatibility with older streams. For more details
+  // on the binary compatibility requirement, refer to bug 1248628.
+  // Here, we take advantage of the fact that mProtocolVersion was originally
+  // stored as a 16 bits integer, but the highest 8 bits were never used.
+  // These bits are now used for stream versioning.
+  uint16_t protocolVersionAndStreamFormatVersion;
+  rv = aStream->Read16(&protocolVersionAndStreamFormatVersion);
+  NS_ENSURE_SUCCESS(rv, rv);
+  mProtocolVersion = protocolVersionAndStreamFormatVersion & 0xFF;
+  const uint8_t streamFormatVersion =
+    (protocolVersionAndStreamFormatVersion >> 8) & 0xFF;
+
+  rv = aStream->ReadBoolean(&mIsDomainMismatch);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mIsNotValidAtThisTime);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mIsUntrusted);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mIsEV);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->ReadBoolean(&mHasIsEVStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mHaveCipherSuiteAndProtocol);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mHaveCertErrorBits);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // Added in version 1 (see bug 1305289).
+  if (streamFormatVersion >= 1) {
+    rv = aStream->Read16(&mCertificateTransparencyStatus);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::Write(nsIObjectOutputStream* aStream)
+{
+  // The current version of the binary stream format.
+  const uint8_t STREAM_FORMAT_VERSION = 1;
+
+  nsresult rv = aStream->WriteCompoundObject(mServerCert,
+                                             NS_GET_IID(nsIX509Cert),
+                                             true);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->Write16(mCipherSuite);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  uint16_t protocolVersionAndStreamFormatVersion =
+    mozilla::AssertedCast<uint8_t>(mProtocolVersion) |
+    (STREAM_FORMAT_VERSION << 8);
+  rv = aStream->Write16(protocolVersionAndStreamFormatVersion);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->WriteBoolean(mIsDomainMismatch);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mIsNotValidAtThisTime);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mIsUntrusted);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mIsEV);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->WriteBoolean(mHasIsEVStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mHaveCipherSuiteAndProtocol);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mHaveCertErrorBits);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // Added in version 1.
+  rv = aStream->Write16(mCertificateTransparencyStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetInterfaces(uint32_t* aCount, nsIID*** aArray)
+{
+  *aCount = 0;
+  *aArray = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetScriptableHelper(nsIXPCScriptable** aHelper)
+{
+  *aHelper = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetContractID(char** aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetClassDescription(char** aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetClassID(nsCID** aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetFlags(uint32_t* aFlags)
+{
+  *aFlags = 0;
+  return NS_OK;
+}
+
+static NS_DEFINE_CID(kSSLStatusCID, NS_SSLSTATUS_CID);
+
+NS_IMETHODIMP
+nsSSLStatus::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
+{
+  *aClassIDNoAlloc = kSSLStatusCID;
+  return NS_OK;
+}
+
+nsSSLStatus::nsSSLStatus()
+: mCipherSuite(0)
+, mProtocolVersion(0)
+, mCertificateTransparencyStatus(nsISSLStatus::
+    CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE)
+, mIsDomainMismatch(false)
+, mIsNotValidAtThisTime(false)
+, mIsUntrusted(false)
+, mIsEV(false)
+, mHasIsEVStatus(false)
+, mHaveCipherSuiteAndProtocol(false)
+, mHaveCertErrorBits(false)
+{
+}
+
+NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
+
+nsSSLStatus::~nsSSLStatus()
+{
+}
+
+void
+nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus)
+{
+  MOZ_ASSERT(aServerCert);
+
+  mServerCert = aServerCert;
+  mIsEV = (aEVStatus == EVStatus::EV);
+  mHasIsEVStatus = true;
+}
+
+void
+nsSSLStatus::SetCertificateTransparencyInfo(
+  const mozilla::psm::CertificateTransparencyInfo& info)
+{
+  using mozilla::ct::SignedCertificateTimestamp;
+
+  if (!info.enabled) {
+    // CT disabled.
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE;
+    return;
+  }
+
+  if (!info.processedSCTs) {
+    // No SCTs processed on the connection.
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_NONE;
+    return;
+  }
+
+  bool hasOKSCTs = false;
+  bool hasUnknownLogSCTs = false;
+  bool hasInvalidSCTs = false;
+  for (const SignedCertificateTimestamp& sct : info.verifyResult.scts) {
+    switch (sct.verificationStatus) {
+      case SignedCertificateTimestamp::VerificationStatus::OK:
+        hasOKSCTs = true;
+        break;
+      case SignedCertificateTimestamp::VerificationStatus::UnknownLog:
+        hasUnknownLogSCTs = true;
+        break;
+      case SignedCertificateTimestamp::VerificationStatus::InvalidSignature:
+      case SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp:
+        hasInvalidSCTs = true;
+        break;
+      default:
+        MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type");
+    }
+  }
+
+  if (hasOKSCTs) {
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_OK;
+  } else if (hasUnknownLogSCTs) {
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG;
+  } else if (hasInvalidSCTs) {
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_INVALID;
+  }
+}
diff --git a/security/manager/ssl/nsSSLStatus.h b/security/manager/ssl/nsSSLStatus.h
new file mode 100644
index 000000000..2a8343407
--- /dev/null
+++ b/security/manager/ssl/nsSSLStatus.h
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSSSLSTATUS_H
+#define _NSSSLSTATUS_H
+
+#include "CertVerifier.h" // For CertificateTransparencyInfo
+#include "nsISSLStatus.h"
+#include "nsCOMPtr.h"
+#include "nsXPIDLString.h"
+#include "nsIX509Cert.h"
+#include "nsISerializable.h"
+#include "nsIClassInfo.h"
+
+class nsNSSCertificate;
+
+enum class EVStatus {
+  NotEV = 0,
+  EV = 1,
+};
+
+class nsSSLStatus final
+  : public nsISSLStatus
+  , public nsISerializable
+  , public nsIClassInfo
+{
+protected:
+  virtual ~nsSSLStatus();
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISSLSTATUS
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsSSLStatus();
+
+  void SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus);
+
+  bool HasServerCert() {
+    return mServerCert != nullptr;
+  }
+
+  void SetCertificateTransparencyInfo(
+    const mozilla::psm::CertificateTransparencyInfo& info);
+
+  /* public for initilization in this file */
+  uint16_t mCipherSuite;
+  uint16_t mProtocolVersion;
+  uint16_t mCertificateTransparencyStatus;
+
+  bool mIsDomainMismatch;
+  bool mIsNotValidAtThisTime;
+  bool mIsUntrusted;
+  bool mIsEV;
+
+  bool mHasIsEVStatus;
+  bool mHaveCipherSuiteAndProtocol;
+
+  /* mHaveCertErrrorBits is relied on to determine whether or not a SPDY
+     connection is eligible for joining in nsNSSSocketInfo::JoinConnection() */
+  bool mHaveCertErrorBits;
+
+private:
+  nsCOMPtr<nsIX509Cert> mServerCert;
+};
+
+#define NS_SSLSTATUS_CID \
+{ 0xe2f14826, 0x9e70, 0x4647, \
+  { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } }
+
+#endif
diff --git a/security/manager/ssl/nsSTSPreloadList.errors b/security/manager/ssl/nsSTSPreloadList.errors
new file mode 100644
index 000000000..647f31527
--- /dev/null
+++ b/security/manager/ssl/nsSTSPreloadList.errors
@@ -0,0 +1,10853 @@
+0-1.party: did not receive HSTS header
+00001.am: did not receive HSTS header
+00002.am: did not receive HSTS header
+0005.com: could not connect to host
+0005aa.com: could not connect to host
+00220022.net: could not connect to host
+007sascha.de: did not receive HSTS header
+01100010011001010111001101110100.com: could not connect to host
+020wifi.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+0222aa.com: did not receive HSTS header
+040fit.nl: did not receive HSTS header
+048.ag: could not connect to host
+050508.com: could not connect to host
+070709.net: could not connect to host
+07733.win: could not connect to host
+0day.su: could not connect to host
+0f.io: could not connect to host
+0fl.com: did not receive HSTS header
+0g.org.uk: could not connect to host
+0i0.nl: could not connect to host
+0o0.ooo: could not connect to host
+0p.no: did not receive HSTS header
+0vi.org: could not connect to host
+0w0.vc: could not connect to host
+0x0a.net: could not connect to host
+0x1337.eu: could not connect to host
+0x44.net: did not receive HSTS header
+0x4b0c131e.pub: could not connect to host
+0x52.org: could not connect to host
+0x539.pw: could not connect to host
+0x90.fi: could not connect to host
+0xa.in: could not connect to host
+0xb612.org: could not connect to host
+1017scribes.com: could not connect to host
+1018hosting.nl: did not receive HSTS header
+1022996493.rsc.cdn77.org: could not connect to host
+1091.jp: could not connect to host
+10gb.io: could not connect to host
+10ppm.com: did not receive HSTS header
+10seos.com: did not receive HSTS header
+10tacle.io: could not connect to host
+12.net: did not receive HSTS header
+120dayweightloss.com: could not connect to host
+123.gg: could not connect to host
+123share.org: could not connect to host
+123test.de: did not receive HSTS header
+123test.es: did not receive HSTS header
+123test.fr: did not receive HSTS header
+126ium.moe: could not connect to host
+127011-networks.ch: did not receive HSTS header
+12vpn.org: could not connect to host
+12vpnchina.com: could not connect to host
+135vv.com: could not connect to host
+13826145000.com: could not connect to host
+1391kj.com: did not receive HSTS header
+1396.cc: did not receive HSTS header
+1536.cf: could not connect to host
+163pwd.com: could not connect to host
+166166.com: could not connect to host
+16deza.com: did not receive HSTS header
+16packets.com: could not connect to host
+173vpn.cn: could not connect to host
+173vpns.com: did not receive HSTS header
+173vpnv.com: could not connect to host
+188betwarriors.co.uk: could not connect to host
+188trafalgar.ca: did not receive HSTS header
+195gm.com: could not connect to host
+1a-jva.de: could not connect to host
+1atic.com: could not connect to host
+1co-jp.net: did not receive HSTS header
+1cover.com: could not connect to host
+1k8b.com: could not connect to host
+1ll.uk: did not receive HSTS header
+1nian.vip: could not connect to host
+1q365a.com: could not connect to host
+1s.tn: did not receive HSTS header
+1stcapital.com.sg: did not receive HSTS header
+1three1.net: did not receive HSTS header
+1xcess.com: did not receive HSTS header
+1years.cc: could not connect to host
+2-cpu.de: did not receive HSTS header
+206rc.net: max-age too low: 2592000
+20hs.cn: did not receive HSTS header
+21lg.co: could not connect to host
+247quickbooks.com: did not receive HSTS header
+2488.ch: did not receive HSTS header
+24hourpaint.com: could not connect to host
+24hrs.shopping: could not connect to host
+24sihu.com: could not connect to host
+25daysof.io: could not connect to host
+2859cc.com: could not connect to host
+28spots.net: could not connect to host
+2acbi-asso.fr: did not receive HSTS header
+2bizi.ru: could not connect to host
+2brokegirls.org: could not connect to host
+2carpros.com: did not receive HSTS header
+2intermediate.co.uk: did not receive HSTS header
+2or3.tk: could not connect to host
+2smart4food.com: did not receive HSTS header
+2ss.jp: could not connect to host
+300651.ru: did not receive HSTS header
+300mbmovie24.com: could not connect to host
+300mbmovies4u.cc: could not connect to host
+301.website: could not connect to host
+302.nyc: could not connect to host
+314166.com: could not connect to host
+314chan.org: could not connect to host
+32ph.com: could not connect to host
+33836.com: did not receive HSTS header
+33drugstore.com: did not receive HSTS header
+341.mg: could not connect to host
+3555aa.com: could not connect to host
+35792.de: could not connect to host
+360gradus.com: did not receive HSTS header
+365.or.jp: could not connect to host
+368mibn.com: could not connect to host
+3778xl.com: did not receive HSTS header
+38sihu.com: could not connect to host
+39sihu.com: could not connect to host
+3bigking.com: could not connect to host
+3chit.cf: could not connect to host
+3click-loan.com: could not connect to host
+3d-bastler.de: could not connect to host
+3dcart.com: did not receive HSTS header
+3delivered.com: could not connect to host
+3dproteinimaging.com: did not receive HSTS header
+3fl.com: did not receive HSTS header
+3sreporting.com: did not receive HSTS header
+3vlnaeet.cz: could not connect to host
+3wecommerce.com.br: could not connect to host
+404.sh: could not connect to host
+404404.info: could not connect to host
+411film.com: could not connect to host
+41844.de: could not connect to host
+420dongstorm.com: could not connect to host
+42ms.org: could not connect to host
+439191.com: could not connect to host
+440hz-radio.de: did not receive HSTS header
+4455software.com: could not connect to host
+44957.com: could not connect to host
+4679.space: could not connect to host
+47tech.com: could not connect to host
+4azino777.ru: did not receive HSTS header
+4cclothing.com: could not connect to host
+4d2.xyz: could not connect to host
+4eyes.ch: did not receive HSTS header
+4loc.us: could not connect to host
+4miners.net: could not connect to host
+4mybaby.ch: did not receive HSTS header
+4ourty2.org: did not receive HSTS header
+4sqsu.eu: could not connect to host
+4w-performers.link: could not connect to host
+4web-hosting.com: could not connect to host
+4x4.lk: could not connect to host
+5000yz.com: could not connect to host
+50millionablaze.org: could not connect to host
+513vpn.net: did not receive HSTS header
+517vpn.cn: could not connect to host
+518maicai.com: did not receive HSTS header
+52kb1.com: could not connect to host
+52neptune.com: could not connect to host
+540.co: did not receive HSTS header
+54bf.com: could not connect to host
+555fl.com: did not receive HSTS header
+56ct.com: could not connect to host
+5ece.de: could not connect to host
+5piecesofadvice.com: could not connect to host
+605508.cc: did not receive HSTS header
+605508.com: did not receive HSTS header
+60ych.net: did not receive HSTS header
+6120.eu: did not receive HSTS header
+64616e.xyz: could not connect to host
+660011.com: max-age too low: 0
+68277.me: could not connect to host
+69mentor.com: could not connect to host
+69square.com: could not connect to host
+721av.com: max-age too low: 2592000
+7261696e626f77.net: could not connect to host
+7777av.co: did not receive HSTS header
+7f-wgg.cf: could not connect to host
+7kovrikov.ru: did not receive HSTS header
+7thheavenrestaurant.com: could not connect to host
+7trade8.com: could not connect to host
+8.net.co: could not connect to host
+808.lv: did not receive HSTS header
+83i.net: could not connect to host
+8522.am: could not connect to host
+8522cn.com: did not receive HSTS header
+8560.be: could not connect to host
+87577.com: could not connect to host
+88.to: could not connect to host
+8887999.com: could not connect to host
+8888av.co: did not receive HSTS header
+888azino.com: did not receive HSTS header
+888lu.co: could not connect to host
+88laohu.cc: could not connect to host
+88laohu.com: could not connect to host
+89955.com: could not connect to host
+899699.com: did not receive HSTS header
+8ballbombom.uk: could not connect to host
+8mpay.com: did not receive HSTS header
+8t88.biz: could not connect to host
+90smthng.com: could not connect to host
+91-freedom.com: could not connect to host
+9118b.com: could not connect to host
+911911.pw: could not connect to host
+915ers.com: did not receive HSTS header
+922.be: could not connect to host
+92bmh.com: did not receive HSTS header
+960news.ca: could not connect to host
+9651678.ru: could not connect to host
+99511.fi: did not receive HSTS header
+9iwan.net: did not receive HSTS header
+9jadirect.com: could not connect to host
+9point6.com: could not connect to host
+9ss6.com: could not connect to host
+9tolife.be: did not receive HSTS header
+a-plus.space: could not connect to host
+a-rickroll-n.pw: could not connect to host
+a-theme.com: could not connect to host
+a1-autopartsglasgow.com: did not receive HSTS header
+a200k.xyz: did not receive HSTS header
+a3workshop.swiss: could not connect to host
+a9c.co: could not connect to host
+aa7733.com: did not receive HSTS header
+aaeblog.com: did not receive HSTS header
+aaeblog.net: did not receive HSTS header
+aaeblog.org: did not receive HSTS header
+aaoo.net: could not connect to host
+aapp.space: could not connect to host
+aaron-gustafson.com: did not receive HSTS header
+aaronkimmig.de: did not receive HSTS header
+abareplace.com: did not receive HSTS header
+abcdentalcare.com: did not receive HSTS header
+abearofsoap.com: could not connect to host
+aberdeenalmeras.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+abilitylist.org: did not receive HSTS header
+abioniere.de: could not connect to host
+ablogagency.net: could not connect to host
+abloop.com: could not connect to host
+abmahnhelfer.de: did not receive HSTS header
+abnarnro.com: could not connect to host
+abolition.co: could not connect to host
+abona24.pl: max-age too low: 0
+about.ge: did not receive HSTS header
+aboutmyip.info: did not receive HSTS header
+aboutmyproperty.ca: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+aboutyou-deals.de: could not connect to host
+absinthium.ch: could not connect to host
+abt.de: did not receive HSTS header
+abtom.de: did not receive HSTS header
+abury.fr: did not receive HSTS header
+abury.me: did not receive HSTS header
+abyssproject.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ac0g.dyndns.org: could not connect to host
+acabadosboston.com: could not connect to host
+academialowcost.com.br: did not receive HSTS header
+academicenterprise.org: could not connect to host
+acai51.net: could not connect to host
+acbc.ie: max-age too low: 0
+accelerole.com: did not receive HSTS header
+accelight.co.jp: did not receive HSTS header
+accelight.jp: did not receive HSTS header
+access-sofia.org: did not receive HSTS header
+accommodation-berry.com.au: max-age too low: 300
+accountradar.com: max-age too low: 86400
+accounts-p.com: could not connect to host
+accuritpresence.com: did not receive HSTS header
+accwing.com: could not connect to host
+acg.sb: could not connect to host
+acgaudio.com: could not connect to host
+acgmoon.org: did not receive HSTS header
+acheirj.com.br: could not connect to host
+acheritage.co.uk: did not receive HSTS header
+achterhoekseveiligheidsbeurs.nl: could not connect to host
+acisonline.net: did not receive HSTS header
+acoffeeshops.com: could not connect to host
+acpinformatique.fr: could not connect to host
+acr.im: could not connect to host
+acrepairdrippingsprings.com: could not connect to host
+acritelli.com: did not receive HSTS header
+acrossgw.com: could not connect to host
+acslimited.co.uk: did not receive HSTS header
+activateplay.com: max-age too low: 86400
+active-escape.com: did not receive HSTS header
+activeclearweb.com: could not connect to host
+activeweb.top: could not connect to host
+activiti.alfresco.com: did not receive HSTS header
+actu-medias.com: could not connect to host
+actualite-videos.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+acuve.jp: could not connect to host
+ada.is: max-age too low: 2592000
+adajwells.me: could not connect to host
+adambryant.ca: could not connect to host
+adamdixon.co.uk: could not connect to host
+adamricheimer.com: could not connect to host
+adamwk.com: did not receive HSTS header
+adastra.re: could not connect to host
+adboos.com: could not connect to host
+addaxpetroleum.com: could not connect to host
+addvocate.com: could not connect to host
+adec-emsa.ae: could not connect to host
+adelevie.com: could not connect to host
+adelinlydia-coach.com: did not receive HSTS header
+adequatetechnology.com: could not connect to host
+aderal.io: could not connect to host
+adesa-asesoria.com: did not receive HSTS header
+adfa-1.com: could not connect to host
+adhosting.nl: did not receive HSTS header
+adhs-chaoten.net: did not receive HSTS header
+adindexr.com: could not connect to host
+admin.google.com: did not receive HSTS header (error ignored - included regardless)
+admiral.dp.ua: did not receive HSTS header
+admitcard.co.in: did not receive HSTS header
+admsel.ec: could not connect to host
+adoge.me: could not connect to host
+adonairelogios.com.br: could not connect to host
+adopteunsiteflash.com: could not connect to host
+adquisitio.de: could not connect to host
+adquisitio.in: could not connect to host
+adriancohea.ninja: did not receive HSTS header
+adrianseo.ro: did not receive HSTS header
+adrl.ca: could not connect to host
+adsfund.org: could not connect to host
+aduedu.de: did not receive HSTS header
+adult.properties: could not connect to host
+adunanza.net: did not receive HSTS header
+advancedstudio.ro: did not receive HSTS header
+advantagemechanicalinc.com: did not receive HSTS header
+adventures.is: did not receive HSTS header
+adver.top: did not receive HSTS header
+adviespuntklokkenluiders.nl: could not connect to host
+adzuna.co.uk: did not receive HSTS header
+aemoria.com: could not connect to host
+aerialmediapro.net: could not connect to host
+aerolog.co: did not receive HSTS header
+aerotheque.fr: did not receive HSTS header
+aes256.ru: could not connect to host
+aether.pw: could not connect to host
+aevpn.net: could not connect to host
+aevpn.org: could not connect to host
+aeyoun.com: did not receive HSTS header
+af-fotografie.net: did not receive HSTS header
+afdkompakt.de: max-age too low: 86400
+affily.io: could not connect to host
+aficotroceni.ro: did not receive HSTS header
+afiru.net: could not connect to host
+afmchandler.com: did not receive HSTS header
+afp548.tk: could not connect to host
+africantourer.com: did not receive HSTS header
+after.im: did not receive HSTS header
+afterstack.net: could not connect to host
+afvallendoeje.nu: could not connect to host
+afyou.co.kr: could not connect to host
+afzco.asia: did not receive HSTS header
+agalaxyfarfaraway.co.uk: could not connect to host
+agatheetraphael.fr: could not connect to host
+agbremen.de: did not receive HSTS header
+agentseeker.ca: could not connect to host
+agevio.com: could not connect to host
+agonswim.com: could not connect to host
+agrias.com.br: did not receive HSTS header
+agrimap.com: did not receive HSTS header
+agro-id.gov.ua: did not receive HSTS header
+agtv.com.br: did not receive HSTS header
+ahabingo.com: did not receive HSTS header
+ahfazahmed.net: did not receive HSTS header
+ahoynetwork.com: did not receive HSTS header
+ahri.ovh: could not connect to host
+ahwah.net: could not connect to host
+ahwatukeefoothillsmontessori.com: did not receive HSTS header
+aicial.com.au: could not connect to host
+aidanmontare.net: could not connect to host
+aidanwoods.com: did not receive HSTS header
+aidikofflaw.com: did not receive HSTS header
+aids.gov: did not receive HSTS header
+aifreeze.ru: could not connect to host
+aify.eu: could not connect to host
+aiicy.org: could not connect to host
+aim-consultants.com: could not connect to host
+ainrb.com: could not connect to host
+aip-marine.com: could not connect to host
+aiponne.com: could not connect to host
+airlea.com: could not connect to host
+airlinecheckins.com: did not receive HSTS header
+airmazinginflatables.com: did not receive HSTS header
+airproto.com: did not receive HSTS header
+aishnair.com: could not connect to host
+aisle3.space: could not connect to host
+aiticon.de: did not receive HSTS header
+aiw-thkoeln.online: could not connect to host
+ajmahal.com: could not connect to host
+ajouin.com: could not connect to host
+aka.my: did not receive HSTS header
+akboy.pw: could not connect to host
+akclinics.org: did not receive HSTS header
+akerek.hu: could not connect to host
+akgundemirbas.com: could not connect to host
+akiba-server.info: could not connect to host
+akita-stream.com: could not connect to host
+akkadia.cc: could not connect to host
+akombakom.net: could not connect to host
+akoww.de: could not connect to host
+akselimedia.fi: did not receive HSTS header
+akstudentsfirst.org: did not receive HSTS header
+aktivist.in: did not receive HSTS header
+akul.co.in: could not connect to host
+al-f.net: could not connect to host
+al-shami.net: could not connect to host
+aladdin.ie: did not receive HSTS header
+alair.cn: did not receive HSTS header
+alanlee.net: could not connect to host
+alanrickmanflipstable.com: could not connect to host
+alariel.de: did not receive HSTS header
+alarme-gps.ch: could not connect to host
+alarmegps.ch: could not connect to host
+alarmsystemreviews.com: did not receive HSTS header
+alasta.info: could not connect to host
+alauda-home.de: could not connect to host
+albanien.guide: could not connect to host
+alberguecimballa.es: could not connect to host
+albertbogdanowicz.pl: did not receive HSTS header
+albertopimienta.com: did not receive HSTS header
+alcantarafleuriste.com: did not receive HSTS header
+alcatraz.online: could not connect to host
+alcazaar.com: could not connect to host
+alcnutrition.com: could not connect to host
+aldorr.net: could not connect to host
+alecvannoten.be: did not receive HSTS header
+alenan.org: could not connect to host
+alessandro.pw: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+alessandroz.pro: could not connect to host
+alethearose.com: did not receive HSTS header
+alexandernorth.ch: could not connect to host
+alexandre.sh: did not receive HSTS header
+alexdodge.ca: could not connect to host
+alexei.su: could not connect to host
+alexkidd.de: did not receive HSTS header
+alexmol.tk: could not connect to host
+alexperry.io: could not connect to host
+alfa24.pro: could not connect to host
+alfredxing.com: did not receive HSTS header
+alilialili.ga: could not connect to host
+alistairpialek.com: max-age too low: 86400
+alittlebitcheeky.com: did not receive HSTS header
+aljaspod.net: did not receive HSTS header
+aljmz.com: did not receive HSTS header
+alkami.com: could not connect to host
+alkamitech.com: did not receive HSTS header
+all-subtitles.com: could not connect to host
+all.tf: could not connect to host
+all4os.com: did not receive HSTS header
+alldaymonitoring.com: could not connect to host
+alldm.ru: could not connect to host
+allegro-inc.com: did not receive HSTS header
+allinnote.com: could not connect to host
+allmbw.com: could not connect to host
+allmystery.de: did not receive HSTS header
+allo-symo.fr: did not receive HSTS header
+allods-zone.ru: could not connect to host
+alloffice.com.ua: did not receive HSTS header
+alloinformatique.net: could not connect to host
+allrealty.co.za: could not connect to host
+allscammers.exposed: could not connect to host
+allsortscastles.co.uk: did not receive HSTS header
+allstarswithus.com: could not connect to host
+aloalabs.com: did not receive HSTS header
+alpha.irccloud.com: could not connect to host
+alphabit-secure.com: could not connect to host
+alphabuild.io: could not connect to host
+alphagamers.net: did not receive HSTS header
+alphalabs.xyz: could not connect to host
+alphasall.com: could not connect to host
+als-hardware.co.za: did not receive HSTS header
+alspolska.pl: could not connect to host
+alt33c3.org: could not connect to host
+altahrim.net: could not connect to host
+altailife.ru: did not receive HSTS header
+altamarea.se: could not connect to host
+alteqnia.com: could not connect to host
+altfire.ca: could not connect to host
+altmv.com: max-age too low: 7776000
+aluminium-scaffolding.co.uk: could not connect to host
+alunjam.es: did not receive HSTS header
+alusta.co: could not connect to host
+am8888.top: could not connect to host
+amandaonishi.com: could not connect to host
+amateurvoicetalent.com: could not connect to host
+amavis.org: did not receive HSTS header
+amazing-gaming.fr: could not connect to host
+amcvega.com: did not receive HSTS header
+amdouglas.uk: could not connect to host
+amerhd.com: could not connect to host
+american-truck-simulator.de: could not connect to host
+american-truck-simulator.net: could not connect to host
+americandistribuidora.com: could not connect to host
+americansportsinstitute.org: did not receive HSTS header
+americanworkwear.nl: did not receive HSTS header
+amigogeek.net: could not connect to host
+amilx.com: could not connect to host
+amilx.org: could not connect to host
+amimoto-ami.com: max-age too low: 3153600
+amishsecurity.com: could not connect to host
+amitse.com: did not receive HSTS header
+amitube.com: did not receive HSTS header
+amlvfs.net: could not connect to host
+ammoulianiapartments.com: did not receive HSTS header
+amo-entreprise-et-commerce.fr: could not connect to host
+amoory.com: could not connect to host
+amorimendes.com.br: could not connect to host
+amri.nl: did not receive HSTS header
+amua.fr: could not connect to host
+amunoz.org: could not connect to host
+anabol.nl: could not connect to host
+anacruz.es: did not receive HSTS header
+anadoluefessporkulubu.org: could not connect to host
+anagra.ms: could not connect to host
+analytic-s.ml: could not connect to host
+analyticsinmotion.net: could not connect to host
+analyzemyfriends.com: could not connect to host
+ancientcraft.eu: did not receive HSTS header
+ancientkarma.com: could not connect to host
+andere-gedanken.net: max-age too low: 10
+anderslind.dk: could not connect to host
+andiplusben.com: could not connect to host
+andre-ballensiefen.de: did not receive HSTS header
+andreas-kluge.eu: could not connect to host
+andreasanti.net: did not receive HSTS header
+andreasbreitenlohner.de: max-age too low: 600000
+andreasfritz-fotografie.de: could not connect to host
+andreaskluge.eu: could not connect to host
+andreastoneman.com: could not connect to host
+andrei-coman.com: could not connect to host
+andreigec.net: did not receive HSTS header
+andrerose.ca: did not receive HSTS header
+andrew.fi: did not receive HSTS header
+andrew.london: did not receive HSTS header
+andrewbroekman.com: did not receive HSTS header
+andrewdaws.co: could not connect to host
+andrewdaws.info: could not connect to host
+andrewdaws.me: could not connect to host
+andrewdaws.tv: could not connect to host
+andrewmichaud.beer: could not connect to host
+andrewrdaws.com: could not connect to host
+andrewregan.me: could not connect to host
+andrewvoce.com: did not receive HSTS header
+andrewx.net: could not connect to host
+andrewyg.net: could not connect to host
+andreypopp.com: did not receive HSTS header
+androidprosmart.com: could not connect to host
+androled.fr: max-age too low: 5184000
+androoz.se: could not connect to host
+anduril.de: could not connect to host
+anduril.eu: could not connect to host
+andyclark.io: could not connect to host
+andymartin.cc: could not connect to host
+andyuk.org: did not receive HSTS header
+anfsanchezo.co: could not connect to host
+anfsanchezo.me: could not connect to host
+angeloroberto.ch: did not receive HSTS header
+anghami.com: did not receive HSTS header
+anglesya.win: did not receive HSTS header
+anglictinatabor.cz: could not connect to host
+angrydragonproductions.com: could not connect to host
+angryroute.com: could not connect to host
+animal-nature-human.com: did not receive HSTS header
+anime1video.tk: could not connect to host
+animeday.ml: could not connect to host
+animesfusion.com.br: could not connect to host
+animurecs.com: did not receive HSTS header
+aniplus.cf: could not connect to host
+aniplus.gq: could not connect to host
+aniplus.ml: could not connect to host
+anisekai.com: max-age too low: 2592000
+anitklib.ml: could not connect to host
+ankakaak.com: could not connect to host
+ankaraprofesyonelnakliyat.com: did not receive HSTS header
+ankaraprofesyonelnakliyat.com.tr: did not receive HSTS header
+ankarayilmaznakliyat.com: did not receive HSTS header
+ankarayucelnakliyat.com: did not receive HSTS header
+annabellaw.com: did not receive HSTS header
+annahmeschluss.de: did not receive HSTS header
+annetaan.fi: could not connect to host
+annonasoftware.com: could not connect to host
+anomaly.ws: did not receive HSTS header
+anonymo.co.uk: could not connect to host
+anonymo.uk: could not connect to host
+anonymousstatecollegelulzsec.com: could not connect to host
+anook.com: max-age too low: 0
+anoxinon.de: did not receive HSTS header
+ansdell.info: could not connect to host
+anshuman-chatterjee.com: did not receive HSTS header
+ansibeast.net: could not connect to host
+anstoncs.com.au: max-age too low: 86400
+answers-online.ru: could not connect to host
+ant.land: could not connect to host
+anthenor.co.uk: could not connect to host
+anthonyavon.com: could not connect to host
+antimatiere.space: could not connect to host
+antimine.kr: could not connect to host
+antoine-roux.fr: could not connect to host
+antoined.fr: did not receive HSTS header
+antoinemary.io: could not connect to host
+antoineschaller.ch: did not receive HSTS header
+antoniomarques.eu: did not receive HSTS header
+antoniorequena.com.ve: could not connect to host
+antscript.com: did not receive HSTS header
+anttitenhunen.com: could not connect to host
+anycoin.me: could not connect to host
+anymetrix.io: did not receive HSTS header
+anyways.at: could not connect to host
+aocast.info: could not connect to host
+aojf.fr: could not connect to host
+aopedeure.nl: could not connect to host
+aov.io: could not connect to host
+aozora.moe: could not connect to host
+apachelounge.com: did not receive HSTS header
+apadrinaunolivo.org: did not receive HSTS header
+apaginastore.com.br: could not connect to host
+apeasternpower.com: could not connect to host
+aperture-laboratories.science: did not receive HSTS header
+api.mega.co.nz: could not connect to host
+apibot.de: could not connect to host
+apis.google.com: did not receive HSTS header (error ignored - included regardless)
+apis.world: could not connect to host
+apkoyunlar.club: could not connect to host
+apm.com.tw: did not receive HSTS header
+apmg-certified.com: did not receive HSTS header
+apmg-cyber.com: did not receive HSTS header
+apnakliyat.com: did not receive HSTS header
+apolloyl.com: could not connect to host
+aponkral.site: could not connect to host
+aponkralsunucu.com: could not connect to host
+aponow.de: did not receive HSTS header
+app: could not connect to host
+app-arena.com: did not receive HSTS header
+app.lookout.com: did not receive HSTS header
+app.manilla.com: could not connect to host
+apparels24.com: could not connect to host
+appart.ninja: could not connect to host
+appdb.cc: did not receive HSTS header
+appdrinks.com: could not connect to host
+appengine.google.com: did not receive HSTS header (error ignored - included regardless)
+apple.ax: could not connect to host
+applez.xyz: could not connect to host
+applic8.com: did not receive HSTS header
+appraisal-comps.com: could not connect to host
+appreciationkards.com: did not receive HSTS header
+approlys.fr: did not receive HSTS header
+apps-for-fishing.com: could not connect to host
+appsbystudio.co.uk: did not receive HSTS header
+appsdash.io: could not connect to host
+appuro.com: did not receive HSTS header
+aquapoint.kiev.ua: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+aquariumaccessories.shop: did not receive HSTS header
+aquilalab.com: could not connect to host
+arabdigitalexpression.org: did not receive HSTS header
+aradulconteaza.ro: could not connect to host
+aran.me.uk: could not connect to host
+arboineuropa.nl: did not receive HSTS header
+arboleda-hurtado.com: could not connect to host
+arbu.eu: max-age too low: 2419200
+ardao.me: did not receive HSTS header
+ardorlabs.se: could not connect to host
+area3.org: could not connect to host
+arenlor.com: could not connect to host
+arenlor.info: could not connect to host
+arenns.com: could not connect to host
+arent.kz: could not connect to host
+arewedubstepyet.com: did not receive HSTS header
+areyouever.me: did not receive HSTS header
+argennon.xyz: could not connect to host
+argh.io: could not connect to host
+arguggi.co.uk: could not connect to host
+ariacreations.net: did not receive HSTS header
+arislight.com: could not connect to host
+arkadiyt.com: did not receive HSTS header
+arlen.io: could not connect to host
+arlen.se: could not connect to host
+armenians.online: could not connect to host
+armingrodon.de: max-age too low: 0
+armor.com: did not receive HSTS header
+armored.ninja: could not connect to host
+armory.consulting: could not connect to host
+armory.supplies: could not connect to host
+armsday.com: could not connect to host
+armytricka.cz: did not receive HSTS header
+arne-petersen.net: could not connect to host
+arod.tk: could not connect to host
+aromaclub.nl: did not receive HSTS header
+aroundme.org: did not receive HSTS header
+arpa.ph: did not receive HSTS header
+arpr.co: did not receive HSTS header
+arrayify.com: could not connect to host
+arresttracker.com: could not connect to host
+arrow-cloud.nl: could not connect to host
+arrowfunction.com: could not connect to host
+ars-design.net: could not connect to host
+art2web.net: could not connect to host
+artartefatos.com.br: could not connect to host
+artegusto.ru: did not receive HSTS header
+artesupra.com: did not receive HSTS header
+arthan.me: could not connect to host
+articaexports.com: could not connect to host
+artifex21.com: could not connect to host
+artifex21.fr: could not connect to host
+artiming.com: could not connect to host
+artisanhd.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+artisavotins.com: could not connect to host
+artisense.de: could not connect to host
+artisticedgegranite.net: could not connect to host
+artistnetwork.nl: did not receive HSTS header
+arto.bg: did not receive HSTS header
+arturkohut.com: could not connect to host
+artyland.ru: did not receive HSTS header
+arvamus.eu: could not connect to host
+arzaroth.com: did not receive HSTS header
+as.se: could not connect to host
+as9178.net: could not connect to host
+asahikoji.net: could not connect to host
+asasuou.pw: could not connect to host
+asc16.com: could not connect to host
+ascamso.com: could not connect to host
+aschaefer.net: could not connect to host
+asdpress.cn: could not connect to host
+ashlane-cottages.com: could not connect to host
+ashleyadum.com: could not connect to host
+ashleymedway.com: did not receive HSTS header
+asianodor.com: could not connect to host
+ask.pe: did not receive HSTS header
+askfit.cz: did not receive HSTS header
+askmagicconch.com: could not connect to host
+asmui.ga: could not connect to host
+asmui.ml: could not connect to host
+asphaltfruehling.de: could not connect to host
+asral7.com: could not connect to host
+ass.org.au: could not connect to host
+assdecoeur.org: could not connect to host
+assekuranzjobs.de: could not connect to host
+asset-alive.com: did not receive HSTS header
+asset-alive.net: did not receive HSTS header
+assindia.nl: could not connect to host
+asthon.cn: could not connect to host
+astral.gq: could not connect to host
+astrea-voetbal-groningen.nl: could not connect to host
+astrolpost.com: could not connect to host
+astromelody.com: did not receive HSTS header
+asuhe.xyz: could not connect to host
+at-one.ca: could not connect to host
+at1.co: could not connect to host
+atavio.at: could not connect to host
+atavio.ch: could not connect to host
+atavio.de: did not receive HSTS header
+atbeckett.com: did not receive HSTS header
+atcreform.gov: did not receive HSTS header
+atelier-rk.com: did not receive HSTS header
+atencionbimbo.com: max-age too low: 86400
+athaliasoft.com: could not connect to host
+athenelive.com: could not connect to host
+athensbusinessresources.us: did not receive HSTS header
+athi.pl: could not connect to host
+athul.xyz: could not connect to host
+atigerseye.com: could not connect to host
+atlex.nl: did not receive HSTS header
+atlseccon.com: did not receive HSTS header
+atomic.menu: could not connect to host
+atomik.pro: could not connect to host
+atop.io: could not connect to host
+attic118.com: could not connect to host
+attimidesigns.com: did not receive HSTS header
+attogproductions.com: could not connect to host
+au-pair24.de: did not receive HSTS header
+au.search.yahoo.com: max-age too low: 172800
+au2pb.net: could not connect to host
+aubiosales.com: could not connect to host
+aucubin.moe: could not connect to host
+audiovisualdevices.com.au: did not receive HSTS header
+auditmatrix.com: did not receive HSTS header
+aufmerksamkeitsstudie.com: could not connect to host
+augias.org: could not connect to host
+augrandinquisiteur.com: did not receive HSTS header
+aujapan.ru: could not connect to host
+aurainfosec.com: did not receive HSTS header
+aurainfosec.com.au: did not receive HSTS header
+auraredeye.com: could not connect to host
+auraredshield.com: could not connect to host
+aurora-terraria.org: did not receive HSTS header
+auroratownshipfd.org: could not connect to host
+aurugs.com: did not receive HSTS header
+ausec.ch: could not connect to host
+ausnah.me: could not connect to host
+ausoptic.com.au: max-age too low: 2592000
+aussiecable.org: did not receive HSTS header
+austinsutphin.com: could not connect to host
+australiancattle.dog: could not connect to host
+auth.mail.ru: did not receive HSTS header
+authentication.io: could not connect to host
+authint.com: could not connect to host
+authland.com: could not connect to host
+author24.ru: did not receive HSTS header
+authoritynutrition.com: did not receive HSTS header
+authsrv.nl.eu.org: could not connect to host
+auto-serwis.zgorzelec.pl: did not receive HSTS header
+auto3d.cn: could not connect to host
+auto4trade.nl: could not connect to host
+autobedarf.net: did not receive HSTS header
+autodeploy.it: could not connect to host
+autoecolebudget.ch: did not receive HSTS header
+autoeet.cz: did not receive HSTS header
+autoepc.ro: did not receive HSTS header
+autojuhos.sk: could not connect to host
+autokovrik-diskont.ru: did not receive HSTS header
+automobiles5.com: could not connect to host
+autosearch.me: could not connect to host
+autosiero.nl: did not receive HSTS header
+autostop-occasions.be: could not connect to host
+autotsum.com: could not connect to host
+autumnwindsagility.com: could not connect to host
+auverbox.ovh: could not connect to host
+aux-arts-de-la-table.com: did not receive HSTS header
+auxetek.se: could not connect to host
+auxiliumincrementum.co.uk: could not connect to host
+av.de: did not receive HSTS header
+avadatravel.com: did not receive HSTS header
+avantmfg.com: did not receive HSTS header
+avdelivers.com: could not connect to host
+avec-ou-sans-ordonnance.fr: could not connect to host
+aveling-adventure.co.uk: did not receive HSTS header
+avepol.cz: did not receive HSTS header
+avepol.eu: did not receive HSTS header
+aviacao.pt: did not receive HSTS header
+avidcruiser.com: did not receive HSTS header
+aviodeals.com: could not connect to host
+avonlearningcampus.com: could not connect to host
+avqueen.cn: could not connect to host
+avus-automobile.com: did not receive HSTS header
+awan.tech: could not connect to host
+awanderlustadventure.com: did not receive HSTS header
+awf0.xyz: could not connect to host
+awg-mode.de: did not receive HSTS header
+aww.moe: did not receive HSTS header
+axado.com.br: did not receive HSTS header
+axel-fischer.science: could not connect to host
+axelchv.fr: did not receive HSTS header
+axeny.com: did not receive HSTS header
+axg.io: did not receive HSTS header
+axolsoft.com: max-age too low: 10540800
+ayahuascaadvisor.com: could not connect to host
+ayor.jp: could not connect to host
+ayor.tech: could not connect to host
+ayuru.info: could not connect to host
+azamra.com: did not receive HSTS header
+azazy.net: max-age too low: 2592000
+azirevpn.com: did not receive HSTS header
+azlo.com: did not receive HSTS header
+azprep.us: could not connect to host
+b-landia.net: did not receive HSTS header
+b-rickroll-e.pw: could not connect to host
+b-space.de: did not receive HSTS header
+b2bpromoteit.com: did not receive HSTS header
+b303.me: did not receive HSTS header
+b3orion.com: max-age too low: 0
+b8a.me: could not connect to host
+babelfisch.eu: could not connect to host
+baby-click.de: did not receive HSTS header
+babybee.ie: could not connect to host
+babybic.hu: did not receive HSTS header
+babycs.house: could not connect to host
+babyhouse.xyz: could not connect to host
+babymasaze.cz: did not receive HSTS header
+babysaying.me: could not connect to host
+bacchanallia.com: could not connect to host
+back-bone.nl: did not receive HSTS header
+backgroundchecks.online: did not receive HSTS header
+backintomotionphysiotherapy.com: did not receive HSTS header
+backyardbbqbash.com: did not receive HSTS header
+bad.pet: could not connect to host
+bad.show: could not connect to host
+badcronjob.com: could not connect to host
+badenhard.eu: could not connect to host
+badkamergigant.com: could not connect to host
+badlink.org: could not connect to host
+baff.lu: could not connect to host
+bageez.us: could not connect to host
+bagiobella.com: max-age too low: 0
+baiduaccount.com: could not connect to host
+bailbondsaffordable.com: did not receive HSTS header
+bair.io: could not connect to host
+baito-j.jp: did not receive HSTS header
+baiyangliu.com: could not connect to host
+baka.network: could not connect to host
+bakaweb.fr: could not connect to host
+bakhansen.com: did not receive HSTS header
+bakingstone.com: could not connect to host
+bakkerdesignandbuild.com: did not receive HSTS header
+balatoni-nyar.hu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+balcan-underground.net: could not connect to host
+baldwinkoo.com: could not connect to host
+baleares.party: could not connect to host
+balihai.com: did not receive HSTS header
+balloonphp.com: could not connect to host
+ballparkbuns.com: max-age too low: 86400
+balnearionaturaspa.com: did not receive HSTS header
+balonmano.co: could not connect to host
+bambooforest.nl: could not connect to host
+bambumania.com.br: could not connect to host
+bananabandy.com: could not connect to host
+bananium.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+banbanchs.com: could not connect to host
+banchethai.com: could not connect to host
+bandally.net: could not connect to host
+bandarifamily.com: could not connect to host
+bandb.xyz: could not connect to host
+bandrcrafts.com: did not receive HSTS header
+bangzafran.com: did not receive HSTS header
+bank: could not connect to host
+bankmilhas.com.br: did not receive HSTS header
+banksaround.com: did not receive HSTS header
+bannisbierblog.de: could not connect to host
+banqingdiao.com: could not connect to host
+baobaobooks.net: did not receive HSTS header
+baobeiglass.com: did not receive HSTS header
+barcel.com.mx: max-age too low: 86400
+barely.sexy: did not receive HSTS header
+barracuda.blog: could not connect to host
+barreaudenice.com: could not connect to host
+barrelhead.org: could not connect to host
+barrut.me: did not receive HSTS header
+barshout.co.uk: could not connect to host
+bartbania.com: did not receive HSTS header
+bartlamboo.nl: could not connect to host
+barunisystems.com: could not connect to host
+bashcode.ninja: could not connect to host
+basicsolutionsus.com: did not receive HSTS header
+basilisk.io: could not connect to host
+bassh.net: did not receive HSTS header
+batfoundry.com: could not connect to host
+baud.ninja: could not connect to host
+baudairenergyservices.com: did not receive HSTS header
+baum.ga: could not connect to host
+baumstark.ca: could not connect to host
+baysse.eu: could not connect to host
+bazarstupava.sk: could not connect to host
+bazisszoftver.hu: did not receive HSTS header
+bb-shiokaze.jp: did not receive HSTS header
+bbb1991.me: could not connect to host
+bbdos.ru: could not connect to host
+bbka.org.uk: could not connect to host
+bblovess.cn: could not connect to host
+bbnx.net: could not connect to host
+bbrinck.eu: could not connect to host
+bbuio.com: max-age too low: 86400
+bbwdom.xyz: could not connect to host
+bbwfacesitting.xyz: could not connect to host
+bbwfight.xyz: could not connect to host
+bbwteens.org: could not connect to host
+bcbsmagentprofile.com: could not connect to host
+bcchack.com: could not connect to host
+bccx.com: could not connect to host
+bcheng.cf: did not receive HSTS header
+bchep.com: could not connect to host
+bckp.de: could not connect to host
+bcm.com.au: did not receive HSTS header
+bcnx.de: max-age too low: 0
+bcradio.org: could not connect to host
+bcsytv.com: could not connect to host
+bcvps.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bcweightlifting.ca: could not connect to host
+bddemir.com: could not connect to host
+bde-epitech.fr: could not connect to host
+bdsmxxxpics.com: could not connect to host
+bdvg.org: could not connect to host
+be-real.life: did not receive HSTS header
+beach-inspector.com: did not receive HSTS header
+beachi.es: could not connect to host
+beaglewatch.com: could not connect to host
+beamitapp.com: could not connect to host
+bearden.io: could not connect to host
+beardydave.com: did not receive HSTS header
+beasel.biz: could not connect to host
+beastlog.tk: could not connect to host
+beastowner.com: did not receive HSTS header
+beautyconcept.co: did not receive HSTS header
+beavers.io: could not connect to host
+bebeefy.uk: could not connect to host
+bebesurdoue.com: could not connect to host
+bedabox.com: max-age too low: 0
+bedeta.de: could not connect to host
+bedreid.dk: did not receive HSTS header
+bedrijvenadministratie.nl: could not connect to host
+beerboutique.com.br: could not connect to host
+beetleroadstories.com: could not connect to host
+befundup.com: could not connect to host
+behere.be: could not connect to host
+beholdthehurricane.com: could not connect to host
+beier.io: did not receive HSTS header
+beikeil.de: max-age too low: 86400
+belairsewvac.com: could not connect to host
+belewpictures.com: could not connect to host
+belgien.guide: could not connect to host
+belize-firmengruendung.com: could not connect to host
+bellavistaoutdoor.com: could not connect to host
+belliash.eu.org: did not receive HSTS header
+belltower.io: could not connect to host
+belmontprom.com: could not connect to host
+belpbleibtbelp.ch: could not connect to host
+belwederczykow.eu: could not connect to host
+bemyvictim.com: max-age too low: 2678400
+bendechrai.com: did not receive HSTS header
+beneffy.com: did not receive HSTS header
+benjakesjohnson.com: could not connect to host
+benjamin-horvath.com: could not connect to host
+benjamin-suess.de: could not connect to host
+benk.press: could not connect to host
+benny003.de: could not connect to host
+benohead.com: did not receive HSTS header
+bentphotos.se: could not connect to host
+benwattie.com: could not connect to host
+benzkosmetik.de: did not receive HSTS header
+benzou-space.com: could not connect to host
+beourvictim.com: max-age too low: 2678400
+bep362.vn: could not connect to host
+beraru.tk: could not connect to host
+berduri.com: could not connect to host
+berger.work: could not connect to host
+bergland-seefeld.at: did not receive HSTS header
+berlatih.com: did not receive HSTS header
+berlinleaks.com: could not connect to host
+bermytraq.bm: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bernexskiclub.ch: did not receive HSTS header
+bernieware.de: could not connect to host
+berrymark.be: max-age too low: 0
+berthelier.me: could not connect to host
+besixdouze.world: could not connect to host
+beslider.com: could not connect to host
+besnik.de: could not connect to host
+besola.de: did not receive HSTS header
+bestbeards.ca: could not connect to host
+bestcellular.com: did not receive HSTS header
+bestellipticalmachinereview.info: could not connect to host
+bestfitnesswatchreview.info: could not connect to host
+besthost.cz: did not receive HSTS header
+besthotsales.com: could not connect to host
+bestof1001.de: did not receive HSTS header
+bestorangeseo.com: could not connect to host
+betaclean.fr: did not receive HSTS header
+betafive.net: could not connect to host
+betakah.net: could not connect to host
+betcafearena.ro: did not receive HSTS header
+bethanyduke.com: did not receive HSTS header
+bethditto.com: did not receive HSTS header
+betnet.fr: could not connect to host
+betobaccofree.gov: could not connect to host
+betplanning.it: did not receive HSTS header
+bets.de: did not receive HSTS header
+betterlifemakers.com: max-age too low: 200
+bettween.com: did not receive HSTS header
+betz.ro: did not receive HSTS header
+beulahtabernacle.com: could not connect to host
+bevapehappy.com: did not receive HSTS header
+bewerbungsfibel.de: did not receive HSTS header
+bey.io: could not connect to host
+beyond-edge.com: could not connect to host
+beyuna.co.uk: did not receive HSTS header
+beyuna.eu: did not receive HSTS header
+beyuna.nl: did not receive HSTS header
+bezorg.ninja: could not connect to host
+bezprawnik.pl: did not receive HSTS header
+bf.am: max-age too low: 0
+bfd.vodka: did not receive HSTS header
+bfear.com: could not connect to host
+bfelob.gov: could not connect to host
+bffm.biz: could not connect to host
+bfrailwayclub.cf: could not connect to host
+bgcparkstad.nl: did not receive HSTS header
+bgmn.net: could not connect to host
+bhatia.at: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+biapinheiro.com.br: max-age too low: 5184000
+bible-maroc.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+biblerhymes.com: did not receive HSTS header
+bidon.ca: did not receive HSTS header
+bie.edu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bieberium.de: could not connect to host
+biego.cn: did not receive HSTS header
+bielsa.me: could not connect to host
+bienenblog.cc: could not connect to host
+bierbringer.at: could not connect to host
+big-black.de: did not receive HSTS header
+bigbbqbrush.bid: could not connect to host
+bigbounceentertainment.co.uk: did not receive HSTS header
+bigbrownpromotions.com.au: did not receive HSTS header
+bigerbio.com: could not connect to host
+biglou.com: max-age too low: 3153600
+bigshinylock.minazo.net: could not connect to host
+biguixhe.net: did not receive HSTS header
+bijouxdegriffe.com.br: could not connect to host
+bijugeral.com.br: could not connect to host
+bikermusic.net: could not connect to host
+bildiri.ci: did not receive HSTS header
+biletua.de: could not connect to host
+billin.net: did not receive HSTS header
+billkiss.com: could not connect to host
+billninja.com: did not receive HSTS header
+billrusling.com: could not connect to host
+bimbo.com: did not receive HSTS header
+bimbo.com.ar: max-age too low: 86400
+bimbobakeriesusa.com: max-age too low: 86400
+binam.center: could not connect to host
+binaryfigments.com: max-age too low: 86400
+binderapp.net: could not connect to host
+bingcheung.com: could not connect to host
+binimo.com: could not connect to host
+binsp.net: could not connect to host
+bioespuna.eu: did not receive HSTS header
+biofam.ru: did not receive HSTS header
+bioknowme.com: did not receive HSTS header
+bionicspirit.com: could not connect to host
+biophysik-ssl.de: did not receive HSTS header
+bip.gov.sa: could not connect to host
+birkman.com: did not receive HSTS header
+birminghamsunset.com: could not connect to host
+biscuits-rec.com: could not connect to host
+biscuits-shop.com: could not connect to host
+bismarck.moe: did not receive HSTS header
+bisterfeldt.com: could not connect to host
+bitbit.org: did not receive HSTS header
+bitbr.net: did not receive HSTS header
+bitcantor.com: did not receive HSTS header
+bitchan.it: could not connect to host
+bitcoin-class.com: could not connect to host
+bitcoin-daijin.com: could not connect to host
+bitcoinjpn.com: could not connect to host
+bitcoinprivacy.net: did not receive HSTS header
+bitcoinworld.me: did not receive HSTS header
+bitconcepts.co.uk: could not connect to host
+biteoftech.com: did not receive HSTS header
+bitf.ly: could not connect to host
+bitfactory.ws: could not connect to host
+bitfarm-archiv.com: did not receive HSTS header
+bitfarm-archiv.de: did not receive HSTS header
+bitheus.com: could not connect to host
+bithosting.io: did not receive HSTS header
+bitlish.com: max-age too low: 86400
+bitmaincare.com.ua: could not connect to host
+bitmaincare.ru: could not connect to host
+bitnet.io: did not receive HSTS header
+bitrage.de: could not connect to host
+bitraum.io: could not connect to host
+bitsafe.systems: did not receive HSTS header
+bitvigor.com: did not receive HSTS header
+bitwrought.net: could not connect to host
+bityes.org: could not connect to host
+bivsi.com: could not connect to host
+bizcms.com: did not receive HSTS header
+bizon.sk: did not receive HSTS header
+bizpare.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bizzartech.com: did not receive HSTS header
+bizzybeebouncers.co.uk: did not receive HSTS header
+bjgongyi.com: could not connect to host
+bjs.gov: did not receive HSTS header
+bjtxl.cn: could not connect to host
+bkb-skandal.ch: could not connect to host
+black-armada.com: could not connect to host
+black-armada.com.pl: could not connect to host
+black-armada.pl: could not connect to host
+black-octopus.ru: could not connect to host
+black-raven.fr: did not receive HSTS header
+blackburn.link: could not connect to host
+blackdiam.net: could not connect to host
+blacklane.com: did not receive HSTS header
+blackly.uk: max-age too low: 0
+blackpayment.ru: could not connect to host
+blackunicorn.wtf: could not connect to host
+bladesmith.io: did not receive HSTS header
+blakerandall.xyz: could not connect to host
+blantik.net: could not connect to host
+blauwwit.be: did not receive HSTS header
+blazeit.io: could not connect to host
+blazor.nl: did not receive HSTS header
+blendlecdn.com: could not connect to host
+blenheimchalcot.com: did not receive HSTS header
+blessnet.jp: did not receive HSTS header
+blha303.com.au: could not connect to host
+blindaryproduction.tk: could not connect to host
+blindsexdate.nl: did not receive HSTS header
+blinkenlight.co.uk: could not connect to host
+blinkenlight.com.au: could not connect to host
+blitzprog.org: could not connect to host
+blmiller.com: could not connect to host
+blocksatz-medien.de: could not connect to host
+blog-ritaline.com: could not connect to host
+blog.coffee: could not connect to host
+blog.cyveillance.com: did not receive HSTS header
+blog.gparent.org: could not connect to host
+blog.torproject.org: max-age too low: 1000
+bloglife-bb.com: did not receive HSTS header
+bloglikepro.com: could not connect to host
+blognone.com: did not receive HSTS header
+blogonblogspot.com: did not receive HSTS header
+blokuhaka.fr: could not connect to host
+bloomnbud.com: did not receive HSTS header
+bloomzoomy.ru: max-age too low: 172800
+blowjs.com: could not connect to host
+bltc.co: could not connect to host
+blubbablasen.de: could not connect to host
+blucas.org: did not receive HSTS header
+blue17.co.uk: did not receive HSTS header
+bluebill.net: did not receive HSTS header
+bluecon.eu: did not receive HSTS header
+bluefrag.com: did not receive HSTS header
+blueglobalmedia.com: did not receive HSTS header
+blueliv.com: did not receive HSTS header
+bluepearl.tk: could not connect to host
+bluescloud.xyz: could not connect to host
+bluetenmeer.com: did not receive HSTS header
+bluketing.com: did not receive HSTS header
+blumen-garage.de: could not connect to host
+bluserv.net: could not connect to host
+bluteklab.com: did not receive HSTS header
+blutroyal.de: could not connect to host
+bm-i.ch: could not connect to host
+bm-trading.nl: did not receive HSTS header
+bngsecure.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bnhlibrary.com: did not receive HSTS header
+board-buy.ru: could not connect to host
+bodo-wolff.de: could not connect to host
+bodrumfarm.com: could not connect to host
+bodyblog.nl: did not receive HSTS header
+bodybuilding-legends.com: could not connect to host
+bodyweightsolution.com: could not connect to host
+boensou.com: did not receive HSTS header
+bogosity.se: could not connect to host
+bohaishibei.com: did not receive HSTS header
+bohan.life: could not connect to host
+bohramt.de: did not receive HSTS header
+boiadeirodeberna.com: could not connect to host
+boltdata.io: could not connect to host
+bolwerk.com.br: could not connect to host
+bomberus.de: could not connect to host
+bonapp.restaurant: could not connect to host
+boneko.de: could not connect to host
+bonitabrazilian.co.nz: did not receive HSTS header
+bonobo.cz: could not connect to host
+bonop.com: did not receive HSTS header
+bonta.one: did not receive HSTS header
+book-of-ra.de: did not receive HSTS header
+bookcelerator.com: did not receive HSTS header
+booked.holiday: could not connect to host
+bookofraonlinecasinos.com: did not receive HSTS header
+bookshopofindia.com: could not connect to host
+boomerang.com: did not receive HSTS header
+boosterlearnpro.com: did not receive HSTS header
+booth.in.th: could not connect to host
+bootikexpress.fr: did not receive HSTS header
+boozinyan.com: could not connect to host
+borchers-media.de: could not connect to host
+borderlinegroup.com: could not connect to host
+boringsecurity.net: could not connect to host
+boris.one: did not receive HSTS header
+boris64.net: did not receive HSTS header
+borisbesemer.com: could not connect to host
+borrelioz.com: did not receive HSTS header
+borscheid-wenig.com: did not receive HSTS header
+bosabosa.org: could not connect to host
+boschee.net: could not connect to host
+botox.bz: did not receive HSTS header
+botstack.host: did not receive HSTS header
+bounceboxspc.com: did not receive HSTS header
+bouncecoffee.com: did not receive HSTS header
+bouncelanduk.co.uk: did not receive HSTS header
+bouncing-bugs.co.uk: could not connect to host
+bouwbedrijfpurmerend.nl: did not receive HSTS header
+bowlroll.net: max-age too low: 0
+boxcryptor.com: did not receive HSTS header
+boxing-austria.eu: did not receive HSTS header
+boxintense.com: did not receive HSTS header
+boxlitepackaging.com: did not receive HSTS header
+boyan.in: did not receive HSTS header
+boyfriendhusband.men: did not receive HSTS header
+bp-wahl.at: did not receive HSTS header
+bqcp.net: could not connect to host
+bqtoolbox.com: could not connect to host
+bragasoft.com.br: did not receive HSTS header
+brage.info: could not connect to host
+braineet.com: did not receive HSTS header
+brainfork.ml: could not connect to host
+brainfpv.com: did not receive HSTS header
+braintensive.com: could not connect to host
+braintm.com: could not connect to host
+braintreebouncycastles.com: did not receive HSTS header
+braintreegateway.com: did not receive HSTS header
+braintreepayments.com: did not receive HSTS header
+brainvation.de: did not receive HSTS header
+brambogaerts.nl: did not receive HSTS header
+bran.cc: could not connect to host
+branchtrack.com: did not receive HSTS header
+branchzero.com: did not receive HSTS header
+brandnewdays.nl: could not connect to host
+brandon.so: could not connect to host
+brandons.site: did not receive HSTS header
+brandontaylor-black.com: could not connect to host
+brandred.net: could not connect to host
+brandspray.com: could not connect to host
+brasilien.guide: could not connect to host
+brasilmorar.com: could not connect to host
+bravz.de: could not connect to host
+breathingblanket.com: could not connect to host
+brenden.net.au: could not connect to host
+bress.cloud: could not connect to host
+brettpemberton.xyz: did not receive HSTS header
+briangarcia.ga: could not connect to host
+brianpcurran.com: could not connect to host
+brickoo.com: could not connect to host
+brickyardbuffalo.com: did not receive HSTS header
+bridholm.se: could not connect to host
+brightonchilli.org.uk: could not connect to host
+brightstarkids.co.uk: did not receive HSTS header
+brightstarkids.com.au: did not receive HSTS header
+brightstarkids.net: did not receive HSTS header
+brightstarkids.sg: did not receive HSTS header
+brilliantbuilders.co.uk: did not receive HSTS header
+brio-ukraine.store: could not connect to host
+britzer-toner.de: did not receive HSTS header
+brix.ninja: did not receive HSTS header
+brks.xyz: could not connect to host
+broken-oak.com: could not connect to host
+brookechase.com: did not receive HSTS header
+brookframework.org: could not connect to host
+browserid.org: could not connect to host
+brrd.io: did not receive HSTS header
+brrr.fr: could not connect to host
+brunix.net: did not receive HSTS header
+brunohenc.from.hr: could not connect to host
+brunoonline.co.uk: could not connect to host
+bryn.xyz: could not connect to host
+brynnan.nl: could not connect to host
+bs12v.ru: did not receive HSTS header
+bsalyzer.com: could not connect to host
+bsdtips.com: could not connect to host
+bsklabels.com: did not receive HSTS header
+bsktweetup.info: could not connect to host
+bslim-e-boutique.com: could not connect to host
+bsuess.de: could not connect to host
+btc-e.com: did not receive HSTS header
+btcdlc.com: could not connect to host
+btcpot.ltd: did not receive HSTS header
+btxiaobai.com: did not receive HSTS header
+buben.tech: did not receive HSTS header
+bubulazi.com: did not receive HSTS header
+bubulazy.com: did not receive HSTS header
+buch-cuber.de: max-age too low: 0
+buchheld.at: did not receive HSTS header
+bucket.tk: could not connect to host
+budgetthostels.nl: did not receive HSTS header
+budskap.eu: could not connect to host
+buenosairesestetica.com.ar: could not connect to host
+bugginslab.co.uk: could not connect to host
+bugsmashed.com: could not connect to host
+bugtrack.io: could not connect to host
+buhler.pro: did not receive HSTS header
+build.chromium.org: did not receive HSTS header (error ignored - included regardless)
+buildci.asia: could not connect to host
+buildify.co.za: could not connect to host
+buildingclouds.at: could not connect to host
+buildingclouds.ch: could not connect to host
+buildingclouds.de: did not receive HSTS header
+buildingclouds.es: could not connect to host
+buildingclouds.eu: could not connect to host
+buildingclouds.fr: could not connect to host
+buildsaver.co.za: did not receive HSTS header
+builmaker.com: did not receive HSTS header
+built.by: did not receive HSTS header
+bukatv.cz: could not connect to host
+bulgarien.guide: could not connect to host
+bulkbuy.tech: could not connect to host
+bullbits.com: max-age too low: 0
+bulletbabu.com: could not connect to host
+bulletpoint.cz: could not connect to host
+bullterrier.me: could not connect to host
+bulmafox.com: could not connect to host
+bumarkamoda.com: did not receive HSTS header
+bunaken.asia: did not receive HSTS header
+bunbomenu.de: could not connect to host
+bunsenlabs.org: max-age too low: 2592000
+bupu.ml: did not receive HSTS header
+bureaubolster.nl: did not receive HSTS header
+bureaugravity.com: did not receive HSTS header
+burian-server.cz: could not connect to host
+burlesquemakeup.com: did not receive HSTS header
+burningcrash.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+burpsuite.site: could not connect to host
+burrow.ovh: could not connect to host
+burrowingsec.com: could not connect to host
+burtrum.top: could not connect to host
+buryat-mongol.cf: could not connect to host
+bush41.org: did not receive HSTS header
+business.lookout.com: could not connect to host
+business.medbank.com.mt: did not receive HSTS header
+businessfurs.info: could not connect to host
+businesshosting.nl: did not receive HSTS header
+businesshub.cz: could not connect to host
+businessloanconnection.org: did not receive HSTS header
+businessmodeler.se: could not connect to host
+busold.ws: could not connect to host
+bustimes.org.uk: did not receive HSTS header
+butchersworkshop.com: did not receive HSTS header
+butian518.com: did not receive HSTS header
+buttercoin.com: could not connect to host
+butterfieldstraining.com: did not receive HSTS header
+buvinghausen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+buybaby.eu: did not receive HSTS header
+buyfox.de: did not receive HSTS header
+buyingsellingflorida.com: could not connect to host
+buynowdepot.com: did not receive HSTS header
+buyshoe.org: could not connect to host
+buzzconcert.com: could not connect to host
+buzztelco.com.au: did not receive HSTS header
+bvexplained.co.uk: could not connect to host
+bw81.xyz: could not connect to host
+bwear4all.de: could not connect to host
+by1898.com: could not connect to host
+by4cqb.cn: could not connect to host
+bydisk.com: could not connect to host
+byji.com: could not connect to host
+bynet.cz: could not connect to host
+bynumlaw.net: did not receive HSTS header
+bypass.kr: could not connect to host
+bypassed.bid: could not connect to host
+bypassed.cc: could not connect to host
+bypassed.club: could not connect to host
+bypassed.date: could not connect to host
+bypassed.download: could not connect to host
+bypassed.faith: could not connect to host
+bypassed.host: could not connect to host
+bypassed.me: could not connect to host
+bypassed.online: could not connect to host
+bypassed.org: did not receive HSTS header
+bypassed.party: could not connect to host
+bypassed.press: could not connect to host
+bypassed.pw: could not connect to host
+bypassed.rocks: did not receive HSTS header
+bypassed.site: could not connect to host
+bypassed.st: did not receive HSTS header
+bypassed.today: could not connect to host
+bypassed.works: could not connect to host
+bypassed.world: could not connect to host
+bypro.xyz: could not connect to host
+bysymphony.com: max-age too low: 0
+byte.chat: did not receive HSTS header
+byte.wtf: did not receive HSTS header
+bytepark.de: did not receive HSTS header
+bytesatwork.eu: could not connect to host
+byteshift.ca: could not connect to host
+bytesund.biz: could not connect to host
+byurudraw.pics: could not connect to host
+c-rickroll-v.pw: could not connect to host
+c0rn3j.com: did not receive HSTS header
+c16t.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+c1yd3i.me: could not connect to host
+c2lab.net: did not receive HSTS header
+c3-compose.com: could not connect to host
+c3b.info: could not connect to host
+cabsites.com: could not connect to host
+cabusar.fr: did not receive HSTS header
+caconnect.org: could not connect to host
+cadao.me: did not receive HSTS header
+caesreon.com: could not connect to host
+cafe-murr.de: could not connect to host
+cafe-scientifique.org.ec: could not connect to host
+cafe-service.ru: did not receive HSTS header
+cafesg.net: could not connect to host
+caim.cz: did not receive HSTS header
+caipai.fm: could not connect to host
+cajapopcorn.com: did not receive HSTS header
+cake.care: could not connect to host
+calcularpagerank.com.br: could not connect to host
+calculatoaresecondhand.xyz: could not connect to host
+calgaryconstructionjobs.com: did not receive HSTS header
+calix.com: max-age too low: 0
+callabs.net: could not connect to host
+callsigns.ca: could not connect to host
+calltrackingreports.com: could not connect to host
+calomel.org: max-age too low: 2764800
+caltonnutrition.com: did not receive HSTS header
+calvin.me: max-age too low: 2592000
+calvinallen.net: did not receive HSTS header
+calypsogames.net: did not receive HSTS header
+camashop.de: did not receive HSTS header
+cambridgeanalytica.net: could not connect to host
+cambridgeanalytica.org: did not receive HSTS header
+camda.online: could not connect to host
+camelservers.com: did not receive HSTS header
+camisadotorcedor.com.br: could not connect to host
+camjackson.net: did not receive HSTS header
+cammarkets.com: could not connect to host
+camolist.com: could not connect to host
+campaignelves.com: did not receive HSTS header
+campbellsoftware.co.uk: could not connect to host
+campfire.co.il: did not receive HSTS header
+campingcarlovers.com: could not connect to host
+campusdrugprevention.gov: did not receive HSTS header
+camsanalytics.com: could not connect to host
+canadabread.com: max-age too low: 86400
+canadiangamblingchoice.com: did not receive HSTS header
+cancelmyprofile.com: could not connect to host
+cancreate.nl: did not receive HSTS header
+candicontrols.com: did not receive HSTS header
+candratech.com: could not connect to host
+candygirl.shop: could not connect to host
+canyonshoa.com: did not receive HSTS header
+capecycles.co.za: did not receive HSTS header
+capeyorkfire.com.au: did not receive HSTS header
+capogna.com: did not receive HSTS header
+caps.is: could not connect to host
+capsogusto.com: did not receive HSTS header
+captchatheprize.com: could not connect to host
+captianseb.de: could not connect to host
+captivatedbytabrett.com: could not connect to host
+capturethepen.co.uk: could not connect to host
+car-navi.ph: did not receive HSTS header
+carano-service.de: did not receive HSTS header
+caraudio69.cz: could not connect to host
+carboneselectricosnettosl.info: max-age too low: 0
+card-toka.jp: did not receive HSTS header
+cardloan-manual.net: could not connect to host
+cardoni.net: did not receive HSTS header
+cardse.net: could not connect to host
+cardstream.com: did not receive HSTS header
+cardurl.com: did not receive HSTS header
+careerstuds.com: could not connect to host
+caringladies.org: could not connect to host
+carlo.mx: did not receive HSTS header
+carlolly.co.uk: could not connect to host
+carlosalves.info: did not receive HSTS header
+carloshmm.stream: could not connect to host
+carlovanwyk.com: could not connect to host
+carpliyz.com: could not connect to host
+carroarmato0.be: did not receive HSTS header
+carsforbackpackers.com: could not connect to host
+carstenfeuls.de: did not receive HSTS header
+cartesunicef.be: did not receive HSTS header
+cartoonhd.cc: did not receive HSTS header
+carwashvapeur.be: could not connect to host
+casashopp.com.br: could not connect to host
+casc.cz: did not receive HSTS header
+casedi.org: max-age too low: 0
+casefall.com: could not connect to host
+cash-pos.com: could not connect to host
+cashmyphone.ch: could not connect to host
+casino-cashflow.ru: did not receive HSTS header
+casinoreal.com: could not connect to host
+casinostest.com: could not connect to host
+casioshop.eu: did not receive HSTS header
+casovi.cf: could not connect to host
+castagnonavocats.com: did not receive HSTS header
+cata.ga: could not connect to host
+catalin.pw: could not connect to host
+catarsisvr.com: could not connect to host
+catinmay.com: did not receive HSTS header
+catnapstudios.com: could not connect to host
+catsmagic.pp.ua: could not connect to host
+caughtredhanded.co.nz: could not connect to host
+cavaleria.ro: did not receive HSTS header
+caveclan.org: did not receive HSTS header
+cavedevs.de: could not connect to host
+cavedroid.xyz: could not connect to host
+cavern.tv: did not receive HSTS header
+cayafashion.de: did not receive HSTS header
+cbengineeringinc.com: could not connect to host
+cbhq.net: could not connect to host
+ccblog.de: did not receive HSTS header
+ccretreatandfarm.com: did not receive HSTS header
+ccsys.com: could not connect to host
+cctech.ph: could not connect to host
+cctld.com: could not connect to host
+cd0.us: could not connect to host
+cdcpartners.gov: could not connect to host
+cdeck.net: could not connect to host
+cdnb.co: could not connect to host
+cdndepo.com: could not connect to host
+cdnk39.com: could not connect to host
+cdreporting.co.uk: did not receive HSTS header
+cdt.org: did not receive HSTS header
+ce-agentur.de: did not receive HSTS header
+cee.io: could not connect to host
+cegfw.com: could not connect to host
+celebphotos.blog: did not receive HSTS header
+celeirorural.com.br: did not receive HSTS header
+celina-reads.de: did not receive HSTS header
+cellsites.nz: could not connect to host
+celuliteonline.com: could not connect to host
+cencalvia.org: could not connect to host
+centennialrewards.com: did not receive HSTS header
+centos.pub: could not connect to host
+centrallead.net: could not connect to host
+centralpoint.be: did not receive HSTS header
+centralpoint.nl: did not receive HSTS header
+centralvacsunlimited.net: did not receive HSTS header
+centralync.com: could not connect to host
+centrepoint-community.com: could not connect to host
+centsforchange.net: could not connect to host
+ceresia.ch: could not connect to host
+ceritamalam.net: could not connect to host
+cerize.love: could not connect to host
+cernega.ro: did not receive HSTS header
+cert.se: max-age too low: 2628001
+certifi.io: could not connect to host
+certmgr.org: could not connect to host
+cesal.net: could not connect to host
+cesidianroot.eu: could not connect to host
+cevrimici.com: could not connect to host
+cfcnexus.org: could not connect to host
+cfcproperties.com: did not receive HSTS header
+cfetengineering.com: could not connect to host
+cfoitplaybook.com: could not connect to host
+cganx.org: could not connect to host
+cgerstner.eu: did not receive HSTS header
+cgsshelper.tk: could not connect to host
+cgtx.us: could not connect to host
+chadklass.com: could not connect to host
+chahub.com: could not connect to host
+chainmonitor.com: could not connect to host
+challengeskins.com: could not connect to host
+champ.dog: did not receive HSTS header
+championnat-romand-cuisiniers-amateurs.ch: could not connect to host
+championsofregnum.com: did not receive HSTS header
+champserver.net: could not connect to host
+chandlerredding.com: did not receive HSTS header
+changelab.cc: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+changetip.com: did not receive HSTS header
+channellife.asia: could not connect to host
+chanshiyu.com: did not receive HSTS header
+chaos.fail: could not connect to host
+chaoswebs.net: did not receive HSTS header
+chaouby.com: could not connect to host
+charbonnel.eu: could not connect to host
+chargejuice.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+charityclear.com: did not receive HSTS header
+charitystreet.co.uk: could not connect to host
+charlenevondell.com: could not connect to host
+charliemcneive.com: did not receive HSTS header
+charlipopkids.com.au: could not connect to host
+charnleyhouse.co.uk: did not receive HSTS header
+charonsecurity.com: could not connect to host
+charp.eu: could not connect to host
+chartstoffarm.de: max-age too low: 10
+chaska.co.za: did not receive HSTS header
+chat-porc.eu: did not receive HSTS header
+chatbot.me: did not receive HSTS header
+chateauconstellation.ch: did not receive HSTS header
+chatup.cf: could not connect to host
+chaulootz.com: did not receive HSTS header
+chcemvediet.sk: max-age too low: 1555200
+cheapdns.org: could not connect to host
+cheapwritingservice.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+cheatturnitin.com: did not receive HSTS header
+cheazey.net: did not receive HSTS header
+chebedara.com: could not connect to host
+checkout.google.com: did not receive HSTS header (error ignored - included regardless)
+cheerflow.com: could not connect to host
+cheesefusion.com: could not connect to host
+cheesetart.my: could not connect to host
+cheetah85.de: could not connect to host
+chefgalles.com.br: could not connect to host
+chejianer.cn: could not connect to host
+chelema.xyz: could not connect to host
+chenfengyi.com: could not connect to host
+chensir.net: could not connect to host
+chepaofen.com: did not receive HSTS header
+cherekerry.com: could not connect to host
+cherysunzhang.com: did not receive HSTS header
+chesterbrass.uk: did not receive HSTS header
+chiamata-aiuto.ch: could not connect to host
+chib.chat: could not connect to host
+chihiro.xyz: did not receive HSTS header
+chijiokeindustries.co.uk: could not connect to host
+childcaresolutionscny.org: did not receive HSTS header
+childrendeservebetter.org: could not connect to host
+china-line.org: could not connect to host
+chinternet.xyz: could not connect to host
+chiphell.com: did not receive HSTS header
+chirgui.eu: could not connect to host
+chiropracticwpb.com: could not connect to host
+chloe.re: could not connect to host
+chlouis.net: could not connect to host
+chm.vn: did not receive HSTS header
+chodobien.com: could not connect to host
+choiralberta.ca: could not connect to host
+chontalpa.pw: could not connect to host
+chordso.com: could not connect to host
+choruscrowd.com: could not connect to host
+chotu.net: could not connect to host
+chris-web.info: could not connect to host
+chrisandsarahinasia.com: did not receive HSTS header
+chrisbrakebill.com: could not connect to host
+chrisbrown.id.au: could not connect to host
+chrisfaber.com: could not connect to host
+chriskirchner.de: did not receive HSTS header
+chriskyrouac.com: could not connect to host
+chrisopperwall.com: did not receive HSTS header
+chrisself.xyz: did not receive HSTS header
+christiaandruif.nl: could not connect to host
+christianbro.gq: could not connect to host
+christianhoffmann.info: could not connect to host
+christina-quast.de: did not receive HSTS header
+christophercolumbusfoundation.gov: could not connect to host
+christophersole.com: could not connect to host
+christophheich.me: did not receive HSTS header
+chrisupjohn.com: could not connect to host
+chrisvicmall.com: did not receive HSTS header
+chromaryu.net: could not connect to host
+chrome: could not connect to host
+chrome-devtools-frontend.appspot.com: did not receive HSTS header (error ignored - included regardless)
+chrome.google.com: did not receive HSTS header (error ignored - included regardless)
+chrst.ph: could not connect to host
+chs.us: did not receive HSTS header
+chua.cf: could not connect to host
+chuckame.fr: did not receive HSTS header
+chulado.com: did not receive HSTS header
+churchux.co: did not receive HSTS header
+churrasqueirafacil.com.br: could not connect to host
+chziyue.com: could not connect to host
+ci-labo.com.tw: max-age too low: 7889238
+cidr.ml: could not connect to host
+cienbeaute-lidl.fr: did not receive HSTS header
+cigarblogs.net: could not connect to host
+cigi.site: could not connect to host
+ciicutini.ro: did not receive HSTS header
+cim2b.de: could not connect to host
+cimalando.eu: could not connect to host
+cinartelorgu.com: did not receive HSTS header
+cintdirect.com: could not connect to host
+cioconference.co.nz: could not connect to host
+cipher.land: could not connect to host
+ciplanutrition.com: did not receive HSTS header
+circ-logic.com: did not receive HSTS header
+ciscohomeanalytics.com: could not connect to host
+ciscommerce.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+citiagent.cz: could not connect to host
+citimarinestore.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+cityoflaurel.org: did not receive HSTS header
+citywalkr.com: could not connect to host
+cium.ru: could not connect to host
+cjcaron.org: could not connect to host
+cjr.host: could not connect to host
+cjtkfan.club: could not connect to host
+claimit.ml: could not connect to host
+clan-ww.com: did not receive HSTS header
+clara-baumert.de: could not connect to host
+claralabs.com: did not receive HSTS header
+clarity-c2ced.appspot.com: did not receive HSTS header
+classicday.nl: could not connect to host
+classicsandexotics.com: could not connect to host
+classicshop.ua: did not receive HSTS header
+classicspublishing.com: could not connect to host
+classifiedssa.co.za: could not connect to host
+clcleaningco.com: could not connect to host
+cleanexperts.co.uk: could not connect to host
+cleaningsquad.ca: could not connect to host
+cleanmta.com: could not connect to host
+clearc.tk: could not connect to host
+clearchatsandbox.com: could not connect to host
+clearsky.me: did not receive HSTS header
+clearviewwealthprojector.com.au: could not connect to host
+clerkendweller.uk: did not receive HSTS header
+clickandgo.com: did not receive HSTS header
+clickandshoot.nl: did not receive HSTS header
+clickclickphish.com: did not receive HSTS header
+clickgram.biz: could not connect to host
+clicn.bio: could not connect to host
+clicnbio.com: did not receive HSTS header
+cliftons.com: did not receive HSTS header
+clinicaferrusbratos.com: did not receive HSTS header
+clintonbloodworth.com: could not connect to host
+clintonbloodworth.io: could not connect to host
+clintwilson.technology: max-age too low: 2592000
+clip.ovh: did not receive HSTS header
+clipped4u.com: could not connect to host
+closient.com: did not receive HSTS header
+cloud-crowd.com.au: did not receive HSTS header
+cloud-project.com: could not connect to host
+cloud.wtf: could not connect to host
+cloud42.ch: did not receive HSTS header
+cloudapi.vc: could not connect to host
+cloudbasedsite.com: did not receive HSTS header
+cloudbleed.info: could not connect to host
+cloudcert.org: did not receive HSTS header
+cloudcy.net: could not connect to host
+clouddesktop.co.nz: could not connect to host
+cloudey.net: did not receive HSTS header
+cloudfren.com: did not receive HSTS header
+cloudimag.es: could not connect to host
+cloudimproved.com: could not connect to host
+cloudimprovedtest.com: could not connect to host
+cloudlink.club: could not connect to host
+cloudns.com.au: could not connect to host
+cloudopt.net: did not receive HSTS header
+clouds.webcam: could not connect to host
+cloudspotterapp.com: did not receive HSTS header
+cloudstoragemaus.com: could not connect to host
+cloudstorm.me: could not connect to host
+cloudstrike.co: could not connect to host
+cloudwalk.io: did not receive HSTS header
+clounix.online: could not connect to host
+clovissantos.com: did not receive HSTS header
+clowde.in: could not connect to host
+clownaroundbouncycastles.co.uk: did not receive HSTS header
+clownish.co.il: could not connect to host
+club-adulti.ro: did not receive HSTS header
+clubalfa.it: did not receive HSTS header
+clubmix.co.kr: could not connect to host
+cluster.id: did not receive HSTS header
+clvrwebdesign.com: did not receive HSTS header
+clycat.ru: could not connect to host
+clywedogmaths.co.uk: could not connect to host
+cmc-versand.de: did not receive HSTS header
+cmci.dk: did not receive HSTS header
+cms-weble.jp: could not connect to host
+cmsbattle.com: could not connect to host
+cmscafe.ru: did not receive HSTS header
+cmso-cal.com: could not connect to host
+cncn.us: did not receive HSTS header
+cnlic.com: could not connect to host
+cnwage.com: could not connect to host
+cnwarn.com: could not connect to host
+co-driversphoto.se: could not connect to host
+co-yutaka.com: could not connect to host
+coach-sportif.paris: did not receive HSTS header
+cobaltlp.com: could not connect to host
+cobrax.net: could not connect to host
+coccolebenessere.it: could not connect to host
+cocktailfuture.fr: could not connect to host
+cocolovesdaddy.com: could not connect to host
+codabix.com: did not receive HSTS header
+codabix.de: could not connect to host
+codabix.net: could not connect to host
+code-35.com: could not connect to host
+code-digsite.com: could not connect to host
+code-judge.tk: did not receive HSTS header
+code.google.com: did not receive HSTS header (error ignored - included regardless)
+codealkemy.co: max-age too low: 43200
+codeco.pw: could not connect to host
+codecontrollers.de: could not connect to host
+codeforce.io: could not connect to host
+codeforhakodate.org: did not receive HSTS header
+codejunkie.de: did not receive HSTS header
+codelayer.ca: could not connect to host
+codelitmus.com: did not receive HSTS header
+codelove.de: did not receive HSTS header
+codemonkeyrawks.net: could not connect to host
+codenlife.xyz: could not connect to host
+codepoet.de: did not receive HSTS header
+codepx.com: did not receive HSTS header
+codercross.com: could not connect to host
+codes.pk: did not receive HSTS header
+codewiththepros.org: could not connect to host
+codewiz.xyz: could not connect to host
+codigosddd.com.br: did not receive HSTS header
+coffeeetc.co.uk: max-age too low: 7889238
+coffeestrategies.com: max-age too low: 5184000
+cogniflex.com: did not receive HSTS header
+cogumelosmagicos.org: could not connect to host
+cohesive.io: did not receive HSTS header
+coin.dance: did not receive HSTS header
+coinbit.trade: did not receive HSTS header
+coindam.com: could not connect to host
+colasjourdain.fr: did not receive HSTS header
+coldlostsick.net: could not connect to host
+colearnr.com: could not connect to host
+collabra.email: did not receive HSTS header
+collard.tk: did not receive HSTS header
+collectosaurus.com: did not receive HSTS header
+colleencornez.com: could not connect to host
+collegepulse.org: could not connect to host
+collies.eu: max-age too low: 3
+collins.kg: could not connect to host
+collins.press: did not receive HSTS header
+collinsartworks.com: did not receive HSTS header
+collision.fyi: could not connect to host
+colmexpro.com: did not receive HSTS header
+colognegaming.net: could not connect to host
+coloradocomputernetworking.net: could not connect to host
+colorlib.com: did not receive HSTS header
+colorunhas.com.br: could not connect to host
+comalia.com: could not connect to host
+combatshield.cz: could not connect to host
+comeoncolleen.com: did not receive HSTS header
+comfortdom.ua: did not receive HSTS header
+comfortticket.de: did not receive HSTS header
+comfy.cafe: did not receive HSTS header
+comfy.moe: did not receive HSTS header
+comico.info: did not receive HSTS header
+comicspines.com: could not connect to host
+comitesaustria.at: could not connect to host
+comiteshopping.com: could not connect to host
+commerciallocker.com: did not receive HSTS header
+commercialplanet.eu: could not connect to host
+commune-preuilly.fr: did not receive HSTS header
+comocurarlashemorroides.org: could not connect to host
+comocurarlashemorroidesya.com: did not receive HSTS header
+comotalk.com: could not connect to host
+compalytics.com: could not connect to host
+comparamejor.com: did not receive HSTS header
+compareandrecycle.co.uk: did not receive HSTS header
+comparejewelleryprices.co.uk: could not connect to host
+comparetravelinsurance.com.au: did not receive HSTS header
+compassionate-biology.com: could not connect to host
+compiledworks.com: could not connect to host
+completesportperformance.com: did not receive HSTS header
+completionist.audio: could not connect to host
+complt.xyz: could not connect to host
+complymd.com: did not receive HSTS header
+comprehensiveihc.com: could not connect to host
+compsmag.com: did not receive HSTS header
+compucorner.com.mx: could not connect to host
+computertal.de: could not connect to host
+comyuno.com: did not receive HSTS header
+concentrade.de: did not receive HSTS header
+conception.sk: could not connect to host
+concord-group.co.jp: did not receive HSTS header
+confirm365.com: could not connect to host
+conflux.tw: did not receive HSTS header
+conformal.com: could not connect to host
+confucio.cl: did not receive HSTS header
+congz.me: could not connect to host
+conjugacao.com.br: did not receive HSTS header
+connect.ua: could not connect to host
+connected-verhuurservice.nl: did not receive HSTS header
+connectfss.com: could not connect to host
+connectingconcepts.com: did not receive HSTS header
+conniesacademy.com: could not connect to host
+conrad.am: could not connect to host
+consciousandglamorous.com: could not connect to host
+consciousbrand.org.au: could not connect to host
+consciousbranding.org.au: could not connect to host
+consciousbrands.net.au: could not connect to host
+console.python.org: did not receive HSTS header
+console.support: did not receive HSTS header
+construct-trust.com: could not connect to host
+consultcelerity.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+contactbig.com: did not receive HSTS header
+contactsingapore.sg: did not receive HSTS header
+contaimo.com: did not receive HSTS header
+container-lion.com: did not receive HSTS header
+containerstatistics.com: could not connect to host
+contarkos.xyz: could not connect to host
+content-design.de: did not receive HSTS header
+continuumgaming.com: could not connect to host
+controlcenter.gigahost.dk: did not receive HSTS header
+controleer-maar-een-ander.nl: did not receive HSTS header
+convert.zone: did not receive HSTS header
+cooink.net: could not connect to host
+coolaj86.com: did not receive HSTS header
+coolbutbroken.com: did not receive HSTS header
+coolchevy.org.ua: did not receive HSTS header
+coole-meister.de: could not connect to host
+coolrc.me: could not connect to host
+coolvox.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+cooxa.com: did not receive HSTS header
+copshop.com.br: could not connect to host
+cor-ser.es: could not connect to host
+coralproject.net: did not receive HSTS header
+coralrosado.com.br: did not receive HSTS header
+coramcdaniel.com: did not receive HSTS header
+corderoscleaning.com: did not receive HSTS header
+cordial-restaurant.com: did not receive HSTS header
+core.mx: could not connect to host
+core4system.de: could not connect to host
+corecdn.org: could not connect to host
+corenetworking.de: could not connect to host
+corex.io: did not receive HSTS header
+corgicloud.com: could not connect to host
+corinnanese.de: could not connect to host
+corkyoga.site: could not connect to host
+cormactagging.ie: could not connect to host
+cormilu.com.br: did not receive HSTS header
+cornishcamels.com: did not receive HSTS header
+coroasdefloresonline.com.br: could not connect to host
+corozanu.ro: did not receive HSTS header
+corpoatletico.com.br: could not connect to host
+corporateencryption.com: could not connect to host
+corporatesubscriptions.com.au: did not receive HSTS header
+correct.horse: could not connect to host
+correctpaardbatterijnietje.nl: did not receive HSTS header
+corruption-mc.net: could not connect to host
+corruption-rsps.net: could not connect to host
+corruption-server.net: could not connect to host
+cosmeticosdelivery.com.br: could not connect to host
+cosplayer.com: could not connect to host
+costow.club: could not connect to host
+coughlan.de: did not receive HSTS header
+count.sh: could not connect to host
+couponcodeq.com: could not connect to host
+couragewhispers.ca: could not connect to host
+coursdeprogrammation.com: could not connect to host
+coursella.com: did not receive HSTS header
+covenantbank.net: could not connect to host
+coverdat.com: did not receive HSTS header
+coverduck.ru: could not connect to host
+cpaneltips.com: could not connect to host
+cpuvinf.eu.org: could not connect to host
+cracking.org: did not receive HSTS header
+crackingking.com: did not receive HSTS header
+crackpfer.de: could not connect to host
+crackslut.eu: could not connect to host
+craftbeerbarn.co.uk: could not connect to host
+craftedge.xyz: could not connect to host
+craftmain.eu: could not connect to host
+cranems.com.ua: did not receive HSTS header
+cranioschule.com: did not receive HSTS header
+crate.io: did not receive HSTS header
+cravelyrics.com: could not connect to host
+crazifyngers.com: could not connect to host
+crazy-crawler.de: did not receive HSTS header
+crazycen.com: did not receive HSTS header
+crazycraftland.de: could not connect to host
+crazycraftland.net: did not receive HSTS header
+crazyhotseeds.com: did not receive HSTS header
+crazyker.com: did not receive HSTS header
+crbug.com: did not receive HSTS header (error ignored - included regardless)
+creaescola.com: did not receive HSTS header
+create-test-publish.co.uk: could not connect to host
+creative-wave.fr: could not connect to host
+creativeapple.ltd: did not receive HSTS header
+creativeartifice.com: did not receive HSTS header
+creativecommonscatpictures.com: could not connect to host
+creativephysics.ml: could not connect to host
+creativeplayuk.com: did not receive HSTS header
+crecket.me: could not connect to host
+creditclear.com.au: did not receive HSTS header
+crendontech.com: could not connect to host
+crestoncottage.com: could not connect to host
+crimewatch.net.za: could not connect to host
+crisissurvivalspecialists.com: could not connect to host
+cristiandeluxe.com: did not receive HSTS header
+cristianhares.com: could not connect to host
+criticalaim.com: could not connect to host
+crizk.com: could not connect to host
+crmdemo.website: did not receive HSTS header
+crockett.io: did not receive HSTS header
+croco.vision: did not receive HSTS header
+croome.no-ip.org: could not connect to host
+crosbug.com: did not receive HSTS header (error ignored - included regardless)
+crosssec.com: did not receive HSTS header
+crowd.supply: did not receive HSTS header
+crowdcloud.be: could not connect to host
+crowdcurity.com: did not receive HSTS header
+crowdjuris.com: could not connect to host
+crownruler.com: did not receive HSTS header
+crows.io: max-age too low: 60
+crox.co: could not connect to host
+crrev.com: did not receive HSTS header (error ignored - included regardless)
+crtvmgmt.com: could not connect to host
+crudysql.com: could not connect to host
+crufad.org: did not receive HSTS header
+cruikshank.com.au: could not connect to host
+cruzr.xyz: could not connect to host
+crypt.guru: did not receive HSTS header
+crypticshell.co.uk: could not connect to host
+cryptify.eu: could not connect to host
+cryptobin.org: could not connect to host
+cryptodash.net: could not connect to host
+cryptojar.io: did not receive HSTS header
+cryptolab.pro: could not connect to host
+cryptolab.tk: could not connect to host
+cryptopartyatx.org: could not connect to host
+cryptopartynewcastle.org: could not connect to host
+cryptopush.com: did not receive HSTS header
+crysadm.com: could not connect to host
+crystalclassics.co.uk: did not receive HSTS header
+crystalmate.eu: did not receive HSTS header
+cs-ubladego.pl: could not connect to host
+csapak.com: did not receive HSTS header
+csawctf.poly.edu: could not connect to host
+cselzer.com: could not connect to host
+csfs.org.uk: could not connect to host
+csgf.ru: did not receive HSTS header
+csgo77.com: could not connect to host
+csgodicegame.com: did not receive HSTS header
+csgoelemental.com: did not receive HSTS header
+csgokings.eu: could not connect to host
+csgoshifter.com: could not connect to host
+csinfo.us: could not connect to host
+csohack.tk: could not connect to host
+cspbuilder.info: could not connect to host
+cspeti.hu: could not connect to host
+cssps.org: could not connect to host
+cssu.in: did not receive HSTS header
+csuw.net: could not connect to host
+csvalpha.nl: did not receive HSTS header
+csvape.com: did not receive HSTS header
+ct-status.org: could not connect to host
+ct-watches.dk: did not receive HSTS header
+cthulhuden.com: could not connect to host
+ctj.im: could not connect to host
+ctrl.blog: did not receive HSTS header
+cu247secure.ie: did not receive HSTS header
+cuanhua3s.com: did not receive HSTS header
+cubecart-demo.co.uk: did not receive HSTS header
+cubecart-hosting.co.uk: did not receive HSTS header
+cubecart.net: did not receive HSTS header
+cubeserver.eu: could not connect to host
+cubewano.com: could not connect to host
+cucc.date: did not receive HSTS header
+cuecamania.com.br: did not receive HSTS header
+cujanovic.com: did not receive HSTS header
+cujba.com: could not connect to host
+culinae.nl: could not connect to host
+cumshots-video.ru: could not connect to host
+cunha.be: could not connect to host
+cuntflaps.me: could not connect to host
+cuongquach.com: did not receive HSTS header
+cuonic.com: could not connect to host
+curacao-license.com: could not connect to host
+curlyroots.com: did not receive HSTS header
+currentobserver.com: could not connect to host
+curroapp.com: could not connect to host
+curveweb.co.uk: did not receive HSTS header
+cusfit.com: did not receive HSTS header
+custe.rs: could not connect to host
+customadesign.com: did not receive HSTS header
+customfilmworks.com: could not connect to host
+cutorrent.com: could not connect to host
+cuvva.insure: did not receive HSTS header
+cvjm-memmingen.de: did not receive HSTS header
+cvtparking.co.uk: did not receive HSTS header
+cwage.com: could not connect to host
+cyanogenmod.xxx: could not connect to host
+cyber-computer.club: could not connect to host
+cybercecurity.com: did not receive HSTS header
+cyberfrancais.ro: did not receive HSTS header
+cyberlab.kiev.ua: did not receive HSTS header
+cyberlab.team: did not receive HSTS header
+cyberpeace.nl: could not connect to host
+cyberpunk.ca: could not connect to host
+cybersafesolutions.com: did not receive HSTS header
+cybershambles.com: could not connect to host
+cybersmart.co.uk: did not receive HSTS header
+cyberstatus.de: could not connect to host
+cycleluxembourg.lu: did not receive HSTS header
+cyclingjunkies.com: could not connect to host
+cydia-search.io: could not connect to host
+cymtech.net: did not receive HSTS header
+cynoshair.com: could not connect to host
+cyoda.com: did not receive HSTS header
+cypherpunk.ws: could not connect to host
+cyphertite.com: could not connect to host
+cytadel.fr: did not receive HSTS header
+cyyzaid.cn: could not connect to host
+czlx.co: could not connect to host
+d-rickroll-e.pw: could not connect to host
+d1ves.io: did not receive HSTS header
+d4rkdeagle.tk: could not connect to host
+d8studio.net: could not connect to host
+dabbot.org: did not receive HSTS header
+dad256.tk: could not connect to host
+dadtheimpaler.com: could not connect to host
+dah5.com: did not receive HSTS header
+dahl-pind.dk: did not receive HSTS header
+dai-rin.co.jp: could not connect to host
+dailybits.be: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+dailystormerpodcasts.com: could not connect to host
+daimadi.com: could not connect to host
+daisuki.pw: did not receive HSTS header
+dakerealestate.com: did not receive HSTS header
+dakl-shop.de: did not receive HSTS header
+dakrib.net: could not connect to host
+daku.gdn: could not connect to host
+dalingk.co: could not connect to host
+daltonedwards.me: could not connect to host
+dam74.com.ar: could not connect to host
+damianuv-blog.cz: did not receive HSTS header
+danbarrett.com.au: did not receive HSTS header
+dancerdates.net: could not connect to host
+dane-bre.net: did not receive HSTS header
+daniel-mosquera.com: could not connect to host
+daniel-stahl.net: could not connect to host
+daniel-steuer.de: could not connect to host
+danielcowie.me: could not connect to host
+danieldk.eu: did not receive HSTS header
+danielheal.net: could not connect to host
+danieliancu.com: could not connect to host
+danielthompson.info: could not connect to host
+danielworthy.com: did not receive HSTS header
+danijobs.com: could not connect to host
+danishenanigans.com: could not connect to host
+dankeblog.com: could not connect to host
+danmark.guide: could not connect to host
+dannycrichton.com: did not receive HSTS header
+danpiel.net: could not connect to host
+danrl.de: could not connect to host
+danwillenberg.com: did not receive HSTS header
+daolerp.xyz: could not connect to host
+dargasia.is: could not connect to host
+dario.im: could not connect to host
+dariosirangelo.me: did not receive HSTS header
+dark-x.cf: could not connect to host
+darkag.ovh: could not connect to host
+darkanzali.pl: max-age too low: 0
+darkfriday.ddns.net: could not connect to host
+darkhole.cn: did not receive HSTS header
+darkkeepers.dk: max-age too low: 172800
+darknebula.space: could not connect to host
+darkpony.ru: could not connect to host
+darksideof.it: could not connect to host
+darkstance.org: could not connect to host
+darktree.in: could not connect to host
+darlo.co.uk: could not connect to host
+darrenellis.xyz: did not receive HSTS header
+dash-board.jp: did not receive HSTS header
+dash.rocks: did not receive HSTS header
+dashburst.com: did not receive HSTS header
+dashnimorad.com: did not receive HSTS header
+data-abundance.com: could not connect to host
+data-detox.com: could not connect to host
+data.haus: could not connect to host
+data.qld.gov.au: did not receive HSTS header
+datacool.tk: could not connect to host
+datarank.com: max-age too low: 0
+dataretention.solutions: could not connect to host
+datascience.cafe: did not receive HSTS header
+datasnitch.co.uk: could not connect to host
+datatekniikka.com: could not connect to host
+datedeposit.com: could not connect to host
+datengrab.ws: could not connect to host
+datenkeks.de: did not receive HSTS header
+datenreiter.cf: did not receive HSTS header
+datenreiter.gq: did not receive HSTS header
+datenreiter.ml: did not receive HSTS header
+datenreiter.tk: did not receive HSTS header
+datorb.com: could not connect to host
+datortipsen.se: did not receive HSTS header
+davidandkailey.com: could not connect to host
+davidglidden.eu: did not receive HSTS header
+davidgrudl.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+davidhunter.scot: did not receive HSTS header
+davidnoren.com: did not receive HSTS header
+davidreinhardt.de: could not connect to host
+davidscherzer.at: could not connect to host
+davros.eu: could not connect to host
+davros.ru: could not connect to host
+dawnson.is: could not connect to host
+dawnsonb.com: could not connect to host
+day.vip: did not receive HSTS header
+daylightcompany.com: did not receive HSTS header
+days.one: could not connect to host
+daytonaseaside.com: did not receive HSTS header
+db.gy: could not connect to host
+dbcom.ru: could not connect to host
+dbox.ga: could not connect to host
+dbx.ovh: could not connect to host
+dcaracing.nl: could not connect to host
+dcc.moe: could not connect to host
+dccode.gov: could not connect to host
+dccoffeeproducts.com: did not receive HSTS header
+dccraft.net: could not connect to host
+dcl.re: did not receive HSTS header
+dcpower.eu: max-age too low: 600
+dctxf.com: did not receive HSTS header
+dcuofriends.net: could not connect to host
+dcurt.is: did not receive HSTS header
+dcw.io: did not receive HSTS header
+ddatsh.com: could not connect to host
+dden.website: could not connect to host
+dden.xyz: could not connect to host
+ddepot.us: did not receive HSTS header
+de-gucci.com: could not connect to host
+de-servers.de: could not connect to host
+deadsoul.net: max-age too low: 0
+debank.tv: did not receive HSTS header
+debatch.se: could not connect to host
+debian-vhost.de: could not connect to host
+debiton.dk: could not connect to host
+debtkit.co.uk: did not receive HSTS header
+debtprotectionreporting.com: did not receive HSTS header
+decafu.co: could not connect to host
+decesus.com: could not connect to host
+decibelios.li: could not connect to host
+decloverly.com: did not receive HSTS header
+deco.me: could not connect to host
+decoboutique.com: did not receive HSTS header
+decofire.pl: did not receive HSTS header
+deconsolutions.com: did not receive HSTS header
+decorland.com.ua: did not receive HSTS header
+decoyrouting.com: could not connect to host
+dedeo.tk: did not receive HSTS header
+dedicatutiempo.es: could not connect to host
+dedietrich-asia.com: could not connect to host
+deepcovelabs.net: could not connect to host
+deepcreampie.com: could not connect to host
+deepearth.uk: could not connect to host
+deeprecce.com: did not receive HSTS header
+deeprecce.link: could not connect to host
+deeprecce.tech: could not connect to host
+deepspace.dedyn.io: could not connect to host
+deepvision.com.ua: did not receive HSTS header
+deetz.nl: did not receive HSTS header
+deetzen.de: did not receive HSTS header
+defiler.tk: could not connect to host
+deflumeri.com: did not receive HSTS header
+degroetenvanrosaline.nl: did not receive HSTS header
+deight.co: could not connect to host
+deinserverhost.de: did not receive HSTS header
+dekasan.ru: could not connect to host
+delayrefunds.co.uk: could not connect to host
+deliverance.co.uk: could not connect to host
+deloittequant.com: could not connect to host
+deltaconcepts.de: did not receive HSTS header
+delvj.org: could not connect to host
+demdis.org: could not connect to host
+demilitarized.ninja: could not connect to host
+demo-server.us: could not connect to host
+demomanca.com: did not receive HSTS header
+demotops.com: could not connect to host
+dempsters.ca: max-age too low: 86400
+denh.am: could not connect to host
+denisjean.fr: could not connect to host
+dentaldomain.org: did not receive HSTS header
+dentaldomain.ph: could not connect to host
+denvercybersecurity.com: did not receive HSTS header
+denverprophit.us: did not receive HSTS header
+deped.blog: could not connect to host
+depedtayo.com: did not receive HSTS header
+depijl-mz.nl: did not receive HSTS header
+depixion.agency: could not connect to host
+depo.space: could not connect to host
+dequehablamos.es: could not connect to host
+derbyshiredotnet.co.uk: did not receive HSTS header
+derchris.me: could not connect to host
+derevtsov.com: did not receive HSTS header
+derivativeshub.pro: could not connect to host
+dermacarecomplex.com: could not connect to host
+derpumpkinfuhrer.com: could not connect to host
+derrickemery.com: could not connect to host
+derwaldschrat.net: did not receive HSTS header
+derwolfe.net: did not receive HSTS header
+desiccantpackets.com: did not receive HSTS header
+designandmore.it: did not receive HSTS header
+designgears.com: did not receive HSTS header
+designthinking.or.jp: did not receive HSTS header
+despora.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+desserteagleselvenar.tk: could not connect to host
+destinationbijoux.fr: could not connect to host
+destom.be: could not connect to host
+detecte-fuite.ch: could not connect to host
+detecte.ch: could not connect to host
+detectefuite.ch: could not connect to host
+detector.exposed: could not connect to host
+detest.org: could not connect to host
+detteflies.com: max-age too low: 7889238
+detutorial.com: max-age too low: 36000
+deuxvia.com: could not connect to host
+dev: could not connect to host
+dev-aegon.azurewebsites.net: did not receive HSTS header
+dev-bluep.pantheonsite.io: did not receive HSTS header
+dev-talk.eu: could not connect to host
+devcu.net: could not connect to host
+develop.fitness: could not connect to host
+developersclub.website: could not connect to host
+developyourelement.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+deviltraxxx.de: could not connect to host
+devincrow.me: could not connect to host
+devisonline.ch: could not connect to host
+devistravaux.org: did not receive HSTS header
+devkid.net: could not connect to host
+devmsg.com: did not receive HSTS header
+devnsec.com: could not connect to host
+devnull.team: could not connect to host
+devopps.me: did not receive HSTS header
+devops.moe: could not connect to host
+devopsconnected.com: could not connect to host
+devtub.com: did not receive HSTS header
+devuan.org: did not receive HSTS header
+dewebwerf.nl: did not receive HSTS header
+dewin.io: could not connect to host
+dfnet.ml: did not receive HSTS header
+dfrance.com.br: could not connect to host
+dfviana.com.br: max-age too low: 2592000
+dhaynes.xyz: max-age too low: 2592000
+dhl-smart.ch: could not connect to host
+dhpcs.com: did not receive HSTS header
+dhpiggott.net: did not receive HSTS header
+dhub.xyz: could not connect to host
+dhuy.net: could not connect to host
+diablotine.rocks: could not connect to host
+diagnosia.com: did not receive HSTS header
+diagonale-deco.fr: did not receive HSTS header
+diamondcare.com.br: could not connect to host
+dianlujitao.com: did not receive HSTS header
+diannaobos.com: did not receive HSTS header
+diasp.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+dicando.com: could not connect to host
+diceduels.com: could not connect to host
+dicelab.co.uk: could not connect to host
+dicgaming.net: could not connect to host
+dicionariofinanceiro.com: did not receive HSTS header
+dicionariopopular.com: did not receive HSTS header
+dick.red: could not connect to host
+didierlaumen.be: could not connect to host
+dieb.photo: could not connect to host
+diejanssens.net: did not receive HSTS header
+diemogebhardt.com: could not connect to host
+dierenkruiden.nl: could not connect to host
+dieser.me: could not connect to host
+diewebstube.de: could not connect to host
+diezel.com: could not connect to host
+diferenca.com: did not receive HSTS header
+diggable.co: did not receive HSTS header
+digihyp.ch: could not connect to host
+digioccumss.ddns.net: could not connect to host
+digired.xyz: could not connect to host
+digitalbank.kz: could not connect to host
+digitaldaddy.net: could not connect to host
+digitalero.rip: did not receive HSTS header
+digitalhurricane.io: could not connect to host
+digitaljungle.net: could not connect to host
+digitallocker.com: did not receive HSTS header
+digitalnonplus.com: could not connect to host
+digitalquery.com: did not receive HSTS header
+digitalriver.tk: did not receive HSTS header
+digitalskillswap.com: could not connect to host
+diguass.us: could not connect to host
+dijks.com: could not connect to host
+dikshant.net: did not receive HSTS header
+diletec.com.br: did not receive HSTS header
+dim.lighting: could not connect to host
+dimitrisotiropoulosbooks.com: max-age too low: 7889238
+dimonb.com: could not connect to host
+din-tools.com: did not receive HSTS header
+dinamoelektrik.com: could not connect to host
+dingcc.me: could not connect to host
+dingcc.org: could not connect to host
+dingcc.xyz: could not connect to host
+dinkum.online: could not connect to host
+dipconsultants.com: could not connect to host
+directhskincream.com: could not connect to host
+directorinegocis.cat: could not connect to host
+direnv.net: did not receive HSTS header
+dirk-weise.de: did not receive HSTS header
+dirtycat.ru: could not connect to host
+disability.gov: could not connect to host
+disadattamentolavorativo.it: could not connect to host
+disclosure.io: did not receive HSTS header
+disco-crazy-world.de: could not connect to host
+discovery.lookout.com: did not receive HSTS header
+discoveryballoon.org: could not connect to host
+discoveryottawa.ca: could not connect to host
+dise-online.de: did not receive HSTS header
+disking.co.uk: did not receive HSTS header
+dislocated.de: did not receive HSTS header
+disorderboutique.com: did not receive HSTS header
+disruptivelabs.net: could not connect to host
+disruptivelabs.org: could not connect to host
+dissimulo.me: could not connect to host
+distinctivephotography.com.au: could not connect to host
+distractionco.de: did not receive HSTS header
+ditch.ch: could not connect to host
+ditrutoancau.vn: could not connect to host
+dittvertshus.no: could not connect to host
+diva-ey.com: could not connect to host
+divvymonkey.com: did not receive HSTS header
+divvyradio.com: did not receive HSTS header
+dixiediner.com: did not receive HSTS header
+dixmag.com: could not connect to host
+diyvideoeditor.com: did not receive HSTS header
+dizihocasi.com: could not connect to host
+dizorg.net: could not connect to host
+dj4et.de: could not connect to host
+djieno.com: did not receive HSTS header
+djxmmx.net: did not receive HSTS header
+djz4music.com: did not receive HSTS header
+dkniss.de: could not connect to host
+dl.google.com: did not receive HSTS header (error ignored - included regardless)
+dlc.viasinc.com: could not connect to host
+dlemper.de: did not receive HSTS header
+dlitz.net: could not connect to host
+dlouwrink.nl: could not connect to host
+dlyl888.com: could not connect to host
+dmcibulldog.com: did not receive HSTS header
+dmix.ca: could not connect to host
+dmtry.me: did not receive HSTS header
+dmwall.cn: could not connect to host
+dmz.ninja: could not connect to host
+dns.google.com: did not receive HSTS header (error ignored - included regardless)
+dnsbird.net: could not connect to host
+dnscrypt.org: could not connect to host
+dnsknowledge.com: did not receive HSTS header
+do-do.tk: could not connect to host
+doak.io: could not connect to host
+dobet.in: could not connect to host
+dobrisan.ro: could not connect to host
+docid.io: could not connect to host
+docket.news: could not connect to host
+doclot.io: did not receive HSTS header
+docset.io: could not connect to host
+docufiel.com: could not connect to host
+doculus.io: did not receive HSTS header
+docxtemplater.com: did not receive HSTS header
+doeswindowssuckforeveryoneorjustme.com: could not connect to host
+dogbox.se: could not connect to host
+dogcratereview.info: could not connect to host
+dogespeed.ga: could not connect to host
+dogfi.sh: did not receive HSTS header
+doggieholic.net: could not connect to host
+dognlife.com: could not connect to host
+dogoodbehappyllc.com: did not receive HSTS header
+dohosting.ru: could not connect to host
+dojifish.space: could not connect to host
+dojin.nagoya: did not receive HSTS header
+dokan.online: did not receive HSTS header
+doked.io: could not connect to host
+dolevik.com: could not connect to host
+dollarstore24.com: could not connect to host
+dollywiki.co.uk: could not connect to host
+dolphin-cloud.com: could not connect to host
+dolphincorp.co.uk: did not receive HSTS header
+dolphinswithlasers.com: could not connect to host
+domaine-aigoual-cevennes.com: did not receive HSTS header
+domainelaremejeanne.com: did not receive HSTS header
+domaris.de: could not connect to host
+domengrad.ru: could not connect to host
+domenicocatelli.com: did not receive HSTS header
+domfee.com: could not connect to host
+dominikanskarepubliken.guide: could not connect to host
+dominioanimal.com: could not connect to host
+dominique-mueller.de: did not receive HSTS header
+don.yokohama: could not connect to host
+donmez.uk: could not connect to host
+donmez.ws: could not connect to host
+donttrustrobots.nl: could not connect to host
+donzelot.co.uk: did not receive HSTS header
+doobydude.us: could not connect to host
+doodledraw.ninja: did not receive HSTS header
+dooku.cz: could not connect to host
+doomleika.com: could not connect to host
+doooonoooob.com: could not connect to host
+doop.im: could not connect to host
+doopdidoop.com: could not connect to host
+dopost.it: could not connect to host
+doridian.com: could not connect to host
+doridian.de: could not connect to host
+doridian.net: did not receive HSTS header
+doridian.org: could not connect to host
+doriginal.es: did not receive HSTS header
+dorkfarm.com: did not receive HSTS header
+dosenbierrepublik.com: did not receive HSTS header
+dostavkakurierom.ru: could not connect to host
+dot42.no: could not connect to host
+dotadata.me: could not connect to host
+dotspaperie.com: could not connect to host
+doublethink.online: could not connect to host
+doubleyummy.uk: did not receive HSTS header
+doujin.nagoya: did not receive HSTS header
+dovecotadmin.org: could not connect to host
+doveholesband.co.uk: did not receive HSTS header
+dovetailnow.com: could not connect to host
+download.jitsi.org: did not receive HSTS header
+downsouthweddings.com.au: could not connect to host
+doxcelerate.com: max-age too low: 69
+doyoulyft.com: could not connect to host
+doze-cloud.tech: could not connect to host
+dpsg-roden.de: could not connect to host
+dr-becarelli-philippe.chirurgiens-dentistes.fr: did not receive HSTS header
+dr2dr.ca: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+drach.xyz: did not receive HSTS header
+dragonisles.net: could not connect to host
+dragons-of-highlands.cz: did not receive HSTS header
+dragonsmoke.cloud: could not connect to host
+dragonstower.net: could not connect to host
+dragonteam.ninja: could not connect to host
+drainagebuizen.nl: did not receive HSTS header
+drakefortreasurer.sexy: could not connect to host
+drakenson.de: did not receive HSTS header
+dralexjimenez.com: did not receive HSTS header
+drastosasports.com.br: could not connect to host
+drawvesly.ovh: did not receive HSTS header
+drdevil.ru: could not connect to host
+dreadbyte.com: could not connect to host
+dreamcatcherblog.de: could not connect to host
+dreaming.solutions: could not connect to host
+dreamlighteyeserum.com: could not connect to host
+dreamsforabetterworld.com.au: did not receive HSTS header
+dredgepress.com: did not receive HSTS header
+drewgle.net: could not connect to host
+drhopeson.com: could not connect to host
+driesjtuver.nl: could not connect to host
+drinknaturespower.com: could not connect to host
+drinkvabeer.com: could not connect to host
+drishti.guru: could not connect to host
+drivercopilot.com: could not connect to host
+driving-lessons.co.uk: could not connect to host
+drivinghorror.com: could not connect to host
+drixn.cn: could not connect to host
+drixn.info: could not connect to host
+drixn.net: could not connect to host
+drizz.com.br: could not connect to host
+drogoz.moe: could not connect to host
+droidboss.com: did not receive HSTS header
+droncentrum.pl: could not connect to host
+dronexpertos.com: could not connect to host
+droomhuis-in-brielle-kopen.nl: could not connect to host
+droomhuis-in-de-friese-meren-kopen.nl: could not connect to host
+droomhuis-in-delfzijl-kopen.nl: could not connect to host
+droomhuis-in-friesland-kopen.nl: could not connect to host
+droomhuis-in-laren-kopen.nl: could not connect to host
+droomhuis-in-pekela-kopen.nl: could not connect to host
+droomhuis-in-rijnwaarden-kopen.nl: could not connect to host
+droomhuis-in-sudwest-fryslan-kopen.nl: could not connect to host
+droomhuis-in-veendam-kopen.nl: could not connect to host
+droomhuis-in-zeeland-kopen.nl: could not connect to host
+droomhuis-in-zuid-holland-kopen.nl: could not connect to host
+droomhuisindestadverkopen.nl: could not connect to host
+droomhuisophetplattelandverkopen.nl: could not connect to host
+dropcam.com: did not receive HSTS header
+drostschocolates.com: did not receive HSTS header
+drtroyhendrickson.com: could not connect to host
+drtti.io: could not connect to host
+drumbandesperanto.nl: did not receive HSTS header
+drunkscifi.com: could not connect to host
+drupal123.com: could not connect to host
+dryan.com: did not receive HSTS header
+drycreekapiary.com: could not connect to host
+ds-christiansen.de: could not connect to host
+dshiv.io: could not connect to host
+dtub.co: could not connect to host
+dubik.su: did not receive HSTS header
+dubrovskiy.net: could not connect to host
+dubrovskiy.pro: could not connect to host
+duch.cloud: could not connect to host
+ducohosting.com: max-age too low: 2592000
+dudesunderwear.com.br: could not connect to host
+duelsow.eu: could not connect to host
+duelysthub.com: could not connect to host
+duerls.de: did not receive HSTS header
+dukec.me: did not receive HSTS header
+duks.com.br: could not connect to host
+dullsir.com: could not connect to host
+dune.io: did not receive HSTS header
+dunea.nl: did not receive HSTS header
+dungi.org: could not connect to host
+duo.money: could not connect to host
+duole30.com: did not receive HSTS header
+duongpho.com: did not receive HSTS header
+durangoenergyllc.com: could not connect to host
+duskopy.top: could not connect to host
+dutchessuganda.com: did not receive HSTS header
+dutchrank.com: did not receive HSTS header
+dutchwanderers.nl: could not connect to host
+duuu.ch: could not connect to host
+dwhd.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+dwnld.me: could not connect to host
+dycem-ns.com: did not receive HSTS header
+dycoa.com: could not connect to host
+dycontrol.de: could not connect to host
+dylanscott.com.au: did not receive HSTS header
+dymersion.com: did not receive HSTS header
+dynamic-innovations.net: could not connect to host
+dynamize.solutions: did not receive HSTS header
+dzimejl.sk: did not receive HSTS header
+dzlibs.io: could not connect to host
+dznn.nl: could not connect to host
+e-aut.net: could not connect to host
+e-biografias.net: did not receive HSTS header
+e-deca2.org: did not receive HSTS header
+e-isfa.eu: did not receive HSTS header
+e-mak.eu: could not connect to host
+e-newshub.com: could not connect to host
+e-pokupki.eu: did not receive HSTS header
+e-rickroll-r.pw: could not connect to host
+e-sa.com: did not receive HSTS header
+e-verify.gov: did not receive HSTS header
+e-wishlist.net: could not connect to host
+e30gruppe.com: did not receive HSTS header
+e3amn2l.com: could not connect to host
+eagle-aluminum.com: did not receive HSTS header
+eam-gmbh.com: did not receive HSTS header
+earga.sm: could not connect to host
+earlybirdsnacks.com: could not connect to host
+earthrise16.com: could not connect to host
+earthsystemprediction.gov: did not receive HSTS header
+easez.net: did not receive HSTS header
+easthokkaido-5airport.jp: did not receive HSTS header
+easychiller.org: could not connect to host
+easykonto.de: could not connect to host
+easyplane.it: did not receive HSTS header
+eatfitoutlet.com.br: could not connect to host
+eatry.io: could not connect to host
+eatvisor.co.uk: could not connect to host
+eauclairecommerce.com: could not connect to host
+eaucube.com: did not receive HSTS header
+ebankcbt.com: could not connect to host
+ebcs-solutions.com: did not receive HSTS header
+ebecs.com: did not receive HSTS header
+ebertek.com: did not receive HSTS header
+ebiografia.com: did not receive HSTS header
+ebiografias.com.br: could not connect to host
+ebolsa.com.br: did not receive HSTS header
+ebolsas.com.br: did not receive HSTS header
+ebonyriddle.com: could not connect to host
+ebooksgratuits.org: did not receive HSTS header
+ebp2p.com: did not receive HSTS header
+ebpglobal.com: did not receive HSTS header
+ebraph.com: could not connect to host
+ecake.in: could not connect to host
+ecc-kaufbeuren.de: could not connect to host
+ecdn.cz: could not connect to host
+ecfs.link: could not connect to host
+ecg.fr: could not connect to host
+echipstore.com: did not receive HSTS header
+eckro.com: did not receive HSTS header
+ecole-en-danger.fr: could not connect to host
+ecole-maternelle-saint-joseph.be: could not connect to host
+ecology-21.ru: did not receive HSTS header
+ecomlane.com: could not connect to host
+ecomparemo.com: did not receive HSTS header
+ecorus.eu: did not receive HSTS header
+ecrimex.net: did not receive HSTS header
+ectora.com: could not connect to host
+edanni.io: did not receive HSTS header
+edati.lv: could not connect to host
+edcphenix.tk: could not connect to host
+eddmixpanel.com: could not connect to host
+eddyn.net: did not receive HSTS header
+edelblack.ch: could not connect to host
+edelsteincosmetic.com: did not receive HSTS header
+eden-mobility.co.uk: did not receive HSTS header
+eden-noel.at: could not connect to host
+edenaya.com: did not receive HSTS header
+edgecustomersportal.com: could not connect to host
+edgereinvent.com: did not receive HSTS header
+ediscomp.sk: did not receive HSTS header
+edissecurity.sk: did not receive HSTS header
+edited.de: did not receive HSTS header
+edix.ru: could not connect to host
+edk.com.tr: did not receive HSTS header
+edmodo.com: did not receive HSTS header
+edpubs.gov: did not receive HSTS header
+edsh.de: did not receive HSTS header
+eduardnikolenko.ru: could not connect to host
+educatio.tech: could not connect to host
+educourse.ga: could not connect to host
+eduif.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+edusantorini.com: could not connect to host
+eduvance.in: did not receive HSTS header
+eeb98.com: could not connect to host
+eengezinswoning-in-alphen-aan-den-rijn-kopen.nl: could not connect to host
+eengezinswoning-in-de-friese-meren-kopen.nl: could not connect to host
+eengezinswoning-in-friesland-kopen.nl: could not connect to host
+eengezinswoning-in-leeuwarden-kopen.nl: could not connect to host
+eengezinswoning-in-pekela-kopen.nl: could not connect to host
+eengezinswoning-in-rijnwaarden-kopen.nl: could not connect to host
+eengezinswoning-in-sudwest-fryslan-kopen.nl: could not connect to host
+eengezinswoning-in-zeeland-kopen.nl: could not connect to host
+eengezinswoning-in-zuid-holland-kopen.nl: could not connect to host
+eengezinswoning-in-zuidplas-kopen.nl: could not connect to host
+eengezinswoning-in-zwartewaterland-kopen.nl: could not connect to host
+eengezinswoningverkopen.nl: could not connect to host
+eenhoorn.ga: could not connect to host
+eesistumine2017.ee: could not connect to host
+efficienthealth.com: did not receive HSTS header
+effortlesshr.com: did not receive HSTS header
+eftcorp.biz: max-age too low: 0
+egge.com: max-age too low: 0
+egit.co: could not connect to host
+ego-world.org: could not connect to host
+ehealthcounselor.com: could not connect to host
+ehipaadev.com: could not connect to host
+ehito.ovh: could not connect to host
+ehrenamt-skpfcw.de: could not connect to host
+ehuber.info: could not connect to host
+eicfood.com: could not connect to host
+eidolonhost.com: did not receive HSTS header
+eifelindex.de: did not receive HSTS header
+eigo.work: could not connect to host
+einhorn.space: could not connect to host
+einsatzstiefel.info: could not connect to host
+ekbanden.nl: could not connect to host
+ekobudisantoso.net: could not connect to host
+eksik.com: did not receive HSTS header
+el-soul.com: did not receive HSTS header
+elaintehtaat.fi: could not connect to host
+elan-organics.com: did not receive HSTS header
+elanguest.pl: could not connect to host
+elanguest.ro: could not connect to host
+elanguest.ru: could not connect to host
+elastic7.uk: could not connect to host
+elbetech.net: could not connect to host
+elblein.de: did not receive HSTS header
+electricant.com: did not receive HSTS header
+electricant.nl: did not receive HSTS header
+electricianforum.co.uk: did not receive HSTS header
+electricoperaduo.com: did not receive HSTS header
+electromc.com: could not connect to host
+electrostatics.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+eleicoes2016.com.br: did not receive HSTS header
+elektronring.com: could not connect to host
+element-43.com: did not receive HSTS header
+elemenx.com: could not connect to host
+elemprendedor.com.ve: could not connect to host
+elenag.ga: could not connect to host
+elenagherta.ga: could not connect to host
+elenoon.ir: did not receive HSTS header
+elenorsmadness.org: could not connect to host
+elgacien.de: could not connect to host
+elglobo.com.mx: max-age too low: 86400
+elia.cloud: could not connect to host
+elimdengelen.com: did not receive HSTS header
+eliolita.com: could not connect to host
+elite-porno.ru: could not connect to host
+elitecovering.fr: did not receive HSTS header
+elitefishtank.com: could not connect to host
+ellen-skye.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+elmar-kraamzorg.nl: did not receive HSTS header
+elnutricionista.es: could not connect to host
+elohna.ch: did not receive HSTS header
+elonbase.com: could not connect to host
+eloxt.com: did not receive HSTS header
+elpay.kz: did not receive HSTS header
+elpo.xyz: could not connect to host
+elsamakhin.com: could not connect to host
+elsemanario.com: did not receive HSTS header
+elsitar.com: could not connect to host
+elsword.moe: could not connect to host
+eltransportquevolem.org: could not connect to host
+email.lookout.com: could not connect to host
+email2rss.net: could not connect to host
+emanatepixels.com: could not connect to host
+emanga.su: did not receive HSTS header
+embellir-aroma.com: could not connect to host
+embellir-kyujin.com: could not connect to host
+embracethedarkness.co.uk: could not connect to host
+embroidered-stuff.com: could not connect to host
+emeldi-commerce.com: max-age too low: 0
+emesolutions.net: did not receive HSTS header
+emiele.com.br: could not connect to host
+emilyhorsman.com: did not receive HSTS header
+emilyjohnson.ga: could not connect to host
+eminovic.me: could not connect to host
+emjainteractive.com: did not receive HSTS header
+emjimadhu.com: could not connect to host
+emkei.cz: could not connect to host
+emmable.com: could not connect to host
+emnitech.com: could not connect to host
+empleosentorreon.mx: could not connect to host
+empleostampico.com: did not receive HSTS header
+employeestore.org: did not receive HSTS header
+employer.gov: could not connect to host
+empty-r.com: could not connect to host
+emptypath.com: did not receive HSTS header
+enaah.de: did not receive HSTS header
+enaia.fr: did not receive HSTS header
+encode.space: could not connect to host
+encode.uk.com: did not receive HSTS header
+encoder.pw: could not connect to host
+encontrebarato.com.br: did not receive HSTS header
+encrypted.google.com: did not receive HSTS header (error ignored - included regardless)
+encryptio.com: could not connect to host
+end.pp.ua: could not connect to host
+endlessdark.net: max-age too low: 600
+endlesshorizon.net: could not connect to host
+endlesstone.com: could not connect to host
+endohaus.ca: could not connect to host
+endohaus.com: could not connect to host
+endohaus.eu: could not connect to host
+endspamwith.us: could not connect to host
+enecoshop.nl: did not receive HSTS header
+enefan.jp: could not connect to host
+engelwerbung.com: did not receive HSTS header
+enginsight.com: did not receive HSTS header
+englishyamal.ru: did not receive HSTS header
+enigmacpt.com: did not receive HSTS header
+enigmail.net: did not receive HSTS header
+enjen.net: did not receive HSTS header
+enjoymayfield.com: max-age too low: 0
+enpalmademallorca.info: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+enteente.club: could not connect to host
+enteente.space: could not connect to host
+enteente.xyz: could not connect to host
+enterdev.co: did not receive HSTS header
+enterprisecarclub.co.uk: did not receive HSTS header
+entersynapse.com: did not receive HSTS header
+entourneebeetle.com: could not connect to host
+entrepreneur.or.id: did not receive HSTS header
+enum.eu.org: could not connect to host
+enumify.com: could not connect to host
+enviapresentes.com.br: could not connect to host
+envygeeks.com: could not connect to host
+envygeeks.io: could not connect to host
+eol34.com: could not connect to host
+eoldb.org: could not connect to host
+epanurse.com: could not connect to host
+ephry.com: could not connect to host
+epicmc.games: could not connect to host
+epoxate.com: could not connect to host
+eq8.net.au: could not connect to host
+eqib.nl: did not receive HSTS header
+eqim.me: could not connect to host
+equate.net.au: did not receive HSTS header
+equatetechnologies.com.au: did not receive HSTS header
+equilibre-yoga-jennifer-will.com: could not connect to host
+equitee.co: did not receive HSTS header
+equityflows.com: did not receive HSTS header
+er-music.com: could not connect to host
+erawanarifnugroho.com: did not receive HSTS header
+eressea.xyz: could not connect to host
+ergorium.com: max-age too low: 0
+ergorium.eu: max-age too low: 0
+ericbond.net: could not connect to host
+erichalv.com: could not connect to host
+ericorporation.com: did not receive HSTS header
+ericyl.com: could not connect to host
+eridanus.uk: could not connect to host
+eriel.com.br: could not connect to host
+erikwalther.eu: could not connect to host
+eriser.fr: did not receive HSTS header
+ernaehrungsberatung-rapperswil.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ernaehrungsberatung-zurich.ch: could not connect to host
+ernesto.at: could not connect to host
+eromixx.com: did not receive HSTS header
+erotalia.es: could not connect to host
+eroticen.com: did not receive HSTS header
+eroticforce.com: did not receive HSTS header
+erotische-aanbiedingen.nl: could not connect to host
+errolz.com: could not connect to host
+errors.zenpayroll.com: could not connect to host
+ersindemirtas.com: did not receive HSTS header
+erspro.net: could not connect to host
+eru.me: did not receive HSTS header
+erwinvanlonden.net: did not receive HSTS header
+erwinwensveen.nl: could not connect to host
+escalate.eu: could not connect to host
+escolaengenharia.com.br: did not receive HSTS header
+escotour.com: could not connect to host
+esec.rs: did not receive HSTS header
+esko.bar: could not connect to host
+esln.org: did not receive HSTS header
+esn-ypci.com: could not connect to host
+esocweb.com: could not connect to host
+esp8285.store: could not connect to host
+espace-gestion.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+espacemontmorency.com: did not receive HSTS header
+especificosba.com.mx: could not connect to host
+espo.com.ua: did not receive HSTS header
+espra.com: could not connect to host
+esquonic.com: could not connect to host
+essenzialeenxovais.com.br: could not connect to host
+essexghosthunters.co.uk: did not receive HSTS header
+estaciona.guru: could not connect to host
+estebanborges.com: did not receive HSTS header
+estilosapeca.com: could not connect to host
+estland.guide: could not connect to host
+et-buchholz.de: could not connect to host
+et180.com: could not connect to host
+etangs-magazine.com: could not connect to host
+etaoinwu.tk: could not connect to host
+etdonline.co.uk: could not connect to host
+eternitylove.us: could not connect to host
+eth9.net: could not connect to host
+etheria-software.tk: did not receive HSTS header
+etherpad.fr: did not receive HSTS header
+ethicalexploiting.com: did not receive HSTS header
+ethicall.org.uk: did not receive HSTS header
+ethil-faer.fr: could not connect to host
+ethiobaba.com: could not connect to host
+etk2000.com: did not receive HSTS header
+etmirror.top: could not connect to host
+etmirror.xyz: could not connect to host
+etoto.pl: did not receive HSTS header
+etproxy.tech: could not connect to host
+etrker.com: did not receive HSTS header
+ets2mp.de: did not receive HSTS header
+etsysecure.com: could not connect to host
+ettebiz.com: did not receive HSTS header
+etula.ga: could not connect to host
+etula.me: could not connect to host
+euanbaines.com: did not receive HSTS header
+eucl3d.com: did not receive HSTS header
+euclideanpostulates.xyz: could not connect to host
+eucollegetours.com: could not connect to host
+euexia.fr: could not connect to host
+eulerpi.io: could not connect to host
+eupho.me: could not connect to host
+euren.se: could not connect to host
+eurocamping.se: could not connect to host
+europeancupinline.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+euroshop24.net: could not connect to host
+eurospecautowerks.com: did not receive HSTS header
+eurostrategy.vn.ua: could not connect to host
+ev-zertifikate.de: could not connect to host
+evafojtova.cz: did not receive HSTS header
+evanhandgraaf.nl: did not receive HSTS header
+evankurniawan.com: could not connect to host
+evdenevenakliyatankara.pw: could not connect to host
+evecalm.com: did not receive HSTS header
+events12.com: did not receive HSTS header
+eventsafrica.net: did not receive HSTS header
+everpcpc.com: did not receive HSTS header
+everybooks.com: could not connect to host
+everydaytherich.com: max-age too low: 7776000
+everygayporn.xyz: did not receive HSTS header
+everylab.org: could not connect to host
+everything.place: did not receive HSTS header
+everytrycounts.gov: could not connect to host
+eveseat.net: could not connect to host
+eveshaiwu.com: could not connect to host
+evi.be: did not receive HSTS header
+evileden.com: could not connect to host
+evilnerd.de: did not receive HSTS header
+evilsay.com: could not connect to host
+evin.ml: could not connect to host
+evites.me: could not connect to host
+evoludis.net: did not receive HSTS header
+evomon.com: could not connect to host
+evossd.tk: could not connect to host
+evowl.com: could not connect to host
+ewallet-optimizer.com: did not receive HSTS header
+ewex.org: could not connect to host
+excelgum.ca: did not receive HSTS header
+exceptionalservices.us: could not connect to host
+exfiles.cz: did not receive HSTS header
+exgravitus.com: could not connect to host
+exno.co: could not connect to host
+exo.do: could not connect to host
+exousiakaidunamis.xyz: could not connect to host
+expertmile.com: did not receive HSTS header
+exploit-db.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+expo-designers.com: did not receive HSTS header
+expressfinance.co.za: did not receive HSTS header
+exteriorservices.io: could not connect to host
+extrathemeshowcase.net: could not connect to host
+extratorrentlive.xyz: could not connect to host
+extratorrents.tech: could not connect to host
+extreemhost.nl: did not receive HSTS header
+extremenetworking.net: could not connect to host
+exy.pw: could not connect to host
+eyasc.nl: could not connect to host
+eye-carat.com: did not receive HSTS header
+eyedarts.com: did not receive HSTS header
+eyeglassuniverse.com: did not receive HSTS header
+eyes-of-universe.eu: did not receive HSTS header
+eyesoccer-didikh.rhcloud.com: could not connect to host
+eyesonly.cc: did not receive HSTS header
+eytosh.net: could not connect to host
+ez.fi: could not connect to host
+ezimoeko.net: could not connect to host
+ezmod.org: could not connect to host
+ezrefurb.co.uk: did not receive HSTS header
+eztv.ch: did not receive HSTS header
+f-rickroll-g.pw: could not connect to host
+f-s-u.co.uk: could not connect to host
+f00.ca: did not receive HSTS header
+f2f.cash: could not connect to host
+f8842.com: could not connect to host
+faber.io: could not connect to host
+fabhub.io: could not connect to host
+fabian-kluge.de: could not connect to host
+fabianfischer.de: did not receive HSTS header
+fabled.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fabriko.fr: did not receive HSTS header
+facebook.ax: could not connect to host
+facilitrak.com: could not connect to host
+factorable.net: did not receive HSTS header
+factorygw.com: did not receive HSTS header
+factureenlinea.com: could not connect to host
+fadilus.com: did not receive HSTS header
+faesser.com: did not receive HSTS header
+fafatiger.com: could not connect to host
+fahmed.de: did not receive HSTS header
+faidanoi.it: did not receive HSTS header
+fail4free.de: did not receive HSTS header
+failproof.be: max-age too low: 604800
+faircom.co.za: did not receive HSTS header
+fairkey.dk: did not receive HSTS header
+fairlyoddtreasures.com: did not receive HSTS header
+faithwatch.org: could not connect to host
+faizan.xyz: did not receive HSTS header
+fakeletters.org: did not receive HSTS header
+faktura.pl: did not receive HSTS header
+falconfrag.com: could not connect to host
+falconwiz.com: did not receive HSTS header
+falkhusemann.de: did not receive HSTS header
+falkp.no: did not receive HSTS header
+falkus.net: could not connect to host
+fallenangeldrinks.eu: could not connect to host
+fallenangelspirits.uk: could not connect to host
+fallofthecitadel.com: did not receive HSTS header
+faluninfo.ba: did not receive HSTS header
+fam-weyer.de: did not receive HSTS header
+fame-agency.net: could not connect to host
+famep.gov: could not connect to host
+famer.me: could not connect to host
+fameuxhosting.co.uk: could not connect to host
+familie-sander.rocks: could not connect to host
+familie-sprink.de: could not connect to host
+familie-zimmermann.at: could not connect to host
+famio.cn: did not receive HSTS header
+fancy-bridge.com: could not connect to host
+fanflow.com: did not receive HSTS header
+fant.dk: did not receive HSTS header
+fantasticgardenersmelbourne.com.au: did not receive HSTS header
+fantasyfootballpundit.com: did not receive HSTS header
+fanyl.cn: could not connect to host
+farces.com: did not receive HSTS header
+faretravel.co.uk: could not connect to host
+farm24.co.uk: could not connect to host
+farmaciaformula.com.br: could not connect to host
+farwat.ru: did not receive HSTS header
+fashion.net: did not receive HSTS header
+fashioncare.cz: did not receive HSTS header
+fashionholic.my: did not receive HSTS header
+fashionoutfits24.com: did not receive HSTS header
+fasset.jp: could not connect to host
+fastaim.de: could not connect to host
+fastbackmbg.be: could not connect to host
+fastcomcorp.com: did not receive HSTS header
+fastcomcorp.net: did not receive HSTS header
+fastograph.com: could not connect to host
+fastopen.ml: could not connect to host
+fastworx.com: could not connect to host
+fatdoge.cn: did not receive HSTS header
+fatgeekflix.net: could not connect to host
+fatherhood.gov: did not receive HSTS header
+fatlossguide.xyz: could not connect to host
+fator25.com.br: could not connect to host
+fatwin.pw: could not connect to host
+fatzebra.com.au: max-age too low: 0
+faxreader.net: could not connect to host
+fayolle.info: did not receive HSTS header
+fbox.li: could not connect to host
+fcsic.gov: max-age too low: 2592000
+fdj.im: could not connect to host
+fdt.name: did not receive HSTS header
+feard.space: could not connect to host
+fed51.com: could not connect to host
+federalregister.gov: did not receive HSTS header
+fedn.it: could not connect to host
+fedo.moe: could not connect to host
+feedstringer.com: could not connect to host
+feedthebot.com: did not receive HSTS header
+feedthefuture.gov: did not receive HSTS header
+feezmodo.com: did not receive HSTS header
+fefore.com: did not receive HSTS header
+fegans.org.uk: did not receive HSTS header
+feirlane.org: could not connect to host
+feist.io: could not connect to host
+felisslovakia.sk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+feliwyn.fr: did not receive HSTS header
+felixrr.pro: could not connect to host
+femaledom.xyz: could not connect to host
+feminists.co: could not connect to host
+fengyadi.com: could not connect to host
+fenno.net: could not connect to host
+fensdorf.de: did not receive HSTS header
+fensterbau-mutscheller.de: did not receive HSTS header
+fenteo.com: could not connect to host
+feragon.net: did not receive HSTS header
+feras-alhajjaji.com: could not connect to host
+feriahuamantla.com: could not connect to host
+fermanacuratampaparts.com: could not connect to host
+fernangp.com: did not receive HSTS header
+fernseher-kauf.de: could not connect to host
+ferrolatino.com: could not connect to host
+feschiyan.com: did not receive HSTS header
+festember.com: did not receive HSTS header
+festrip.com: could not connect to host
+fetch.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fetclips.se: could not connect to host
+fettbrot.tk: did not receive HSTS header
+feuerwehr-heiligenberg.de: did not receive HSTS header
+fexmen.com: could not connect to host
+ff-getzersdorf.at: did not receive HSTS header
+ffb.gov: could not connect to host
+ficklenote.net: could not connect to host
+fics-twosigma.com: could not connect to host
+fideleslaici.com: did not receive HSTS header
+fiendishmasterplan.com: did not receive HSTS header
+fierman.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fierman.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fierman.us: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fifieldtech.com: could not connect to host
+fiftyshadesofluca.ml: could not connect to host
+fig.co: did not receive HSTS header
+fightr.co: could not connect to host
+figuurzagers.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fiksel.info: did not receive HSTS header
+fikt.space: could not connect to host
+filebox.moe: could not connect to host
+fileio.io: could not connect to host
+filemeal.com: did not receive HSTS header
+filey.co.uk: did not receive HSTS header
+filmesubtitrate2017.online: could not connect to host
+filo.xyz: did not receive HSTS header
+filoitoupediou.gr: did not receive HSTS header
+finalgear.com: did not receive HSTS header
+finalvpn.com: could not connect to host
+financieringsportaal.nl: did not receive HSTS header
+finanzkontor.net: could not connect to host
+findigo.fish: could not connect to host
+findingmyname.com: did not receive HSTS header
+findmybottleshop.com.au: could not connect to host
+findtutorsnearme.com: did not receive HSTS header
+fingent.com: did not receive HSTS header
+finiteheap.com: did not receive HSTS header
+finpt.com: did not receive HSTS header
+finstererlebnis.de: could not connect to host
+finsterlebnis.de: did not receive HSTS header
+fintechnics.com: did not receive HSTS header
+fiodental.com.br: did not receive HSTS header
+firebaseio-demo.com: could not connect to host
+firebaseio.com: could not connect to host (error ignored - included regardless)
+firebird.io: could not connect to host
+firefall.rocks: could not connect to host
+fireinthedeep.com: could not connect to host
+firemail.io: could not connect to host
+firemudfm.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+firenza.org: did not receive HSTS header
+fireorbit.de: did not receive HSTS header
+firexarxa.de: could not connect to host
+firmament.space: could not connect to host
+firmenverzeichnis.nu: could not connect to host
+firstdogonthemoon.com.au: did not receive HSTS header
+firstforex.co.uk: did not receive HSTS header
+firstlook.org: did not receive HSTS header
+fit4medien.de: did not receive HSTS header
+fitbylo.com: did not receive HSTS header
+fitea.cz: did not receive HSTS header
+fitiapp.com: could not connect to host
+fitnesswerk.de: could not connect to host
+fitshop.com.br: could not connect to host
+fitsw.com: did not receive HSTS header
+five.vn: did not receive HSTS header
+fivestarsitters.com: did not receive HSTS header
+fivestepfunnels.com: could not connect to host
+fivezerocreative.com: did not receive HSTS header
+fix-the-timeline.com: could not connect to host
+fix-the-timeline.org: could not connect to host
+fixico-staging.nl: could not connect to host
+fixingdns.com: could not connect to host
+fixmyglitch.com: could not connect to host
+fixtectools.co.za: could not connect to host
+fixthetimeline.com: could not connect to host
+fixthetimeline.org: could not connect to host
+fjruiz.es: did not receive HSTS header
+fkcovering.be: could not connect to host
+fl0000.com: did not receive HSTS header
+fl010.com: did not receive HSTS header
+fl0111.com: did not receive HSTS header
+fl0222.com: did not receive HSTS header
+fl0333.com: did not receive HSTS header
+fl0555.com: did not receive HSTS header
+fl0666.com: did not receive HSTS header
+fl0777.com: did not receive HSTS header
+fl0888.com: did not receive HSTS header
+fl0999.com: did not receive HSTS header
+flags.ninja: could not connect to host
+flairbros.at: could not connect to host
+flajshans.cz: did not receive HSTS header
+flamewall.net: could not connect to host
+flamingkeys.com.au: could not connect to host
+flareon.net: could not connect to host
+flatbellyreview.com: max-age too low: 2592000
+flawcheck.com: could not connect to host
+flc111.com: did not receive HSTS header
+flc999.com: did not receive HSTS header
+fliexer.com: could not connect to host
+flipkey.com: did not receive HSTS header
+flirchi.com: could not connect to host
+flixtor.net: could not connect to host
+floless.co.uk: did not receive HSTS header
+floorball-haunwoehr.de: did not receive HSTS header
+florafiora.com.br: did not receive HSTS header
+florian-lillpopp.de: max-age too low: 10
+florianlillpopp.de: max-age too low: 10
+floridaescapes.co.uk: did not receive HSTS header
+flouartistique.ch: could not connect to host
+flow.pe: could not connect to host
+flow.su: could not connect to host
+flowersandclouds.com: could not connect to host
+floweslawncare.com: did not receive HSTS header
+flowlo.me: could not connect to host
+flugplatz-edvc.de: could not connect to host
+fluidojobs.com: could not connect to host
+flukethoughts.com: could not connect to host
+flurrybridge.com: did not receive HSTS header
+flushstudios.com: did not receive HSTS header
+fly.moe: could not connect to host
+flyaces.com: could not connect to host
+flygpost.com: could not connect to host
+flyingdoggy.net: could not connect to host
+fm83.nl: could not connect to host
+fm992.com: did not receive HSTS header
+fnvsecurity.com: could not connect to host
+fobc-usa.org: did not receive HSTS header
+focalforest.com: could not connect to host
+fojtova.cz: did not receive HSTS header
+fojtovi.cz: did not receive HSTS header
+fokan.ch: did not receive HSTS header
+folioapp.io: could not connect to host
+followback.net: did not receive HSTS header
+fonetiq.io: could not connect to host
+foo: could not connect to host
+food4health.guide: could not connect to host
+foodbuddy.ch: could not connect to host
+foodiebox.no: did not receive HSTS header
+foodies.my: did not receive HSTS header
+foodievenues.com: could not connect to host
+foodplantengineering.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+foodsafetyworkinggroup.gov: could not connect to host
+footballmapped.com: could not connect to host
+footlegende.fr: did not receive HSTS header
+forafifty.co.za: could not connect to host
+foraje-profesionale.ro: did not receive HSTS header
+forbook.net: could not connect to host
+forcamp.ga: could not connect to host
+fordbydesign.com: could not connect to host
+fordshop.by: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+foreignexchangeresource.com: did not receive HSTS header
+forestfinance.fr: did not receive HSTS header
+foreveralone.io: could not connect to host
+forewordreviews.com: did not receive HSTS header
+forex-dan.com: did not receive HSTS header
+forgix.com: could not connect to host
+formazioneopen.it: could not connect to host
+formersessalaries.com: did not receive HSTS header
+formula.cf: could not connect to host
+forplanetsake.com: could not connect to host
+forschbach-janssen.de: could not connect to host
+forsyththeatre.com: could not connect to host
+fortuna-loessnitz.de: could not connect to host
+forty2.eu: did not receive HSTS header
+forus.be: could not connect to host
+foshanshequ.com: could not connect to host
+fossewayflowers.co.uk: could not connect to host
+fossewayflowers.com: could not connect to host
+fossewaygardencentre.co.uk: did not receive HSTS header
+fotiu.com: could not connect to host
+fotocerita.net: could not connect to host
+fotofaerie.net: could not connect to host
+fotogiraffe.ru: could not connect to host
+fotografosexpertos.com: did not receive HSTS header
+fotopasja.info: could not connect to host
+fourchin.net: could not connect to host
+fourwheelpartloanssimple.com: did not receive HSTS header
+foxdev.io: did not receive HSTS header
+foxelbox.com: did not receive HSTS header
+foxley-farm.co.uk: did not receive HSTS header
+foxley-seeds.co.uk: did not receive HSTS header
+foxleyseeds.co.uk: could not connect to host
+foxtrot.pw: could not connect to host
+foxyslut.com: could not connect to host
+fr33d0m.link: could not connect to host
+fragilesolar.cf: could not connect to host
+fragnic.com: could not connect to host
+fralef.me: did not receive HSTS header
+francevpn.xyz: could not connect to host
+franckyz.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+francois-vidit.com: did not receive HSTS header
+frangor.info: did not receive HSTS header
+frankierprofi.de: did not receive HSTS header
+fransallen.com: could not connect to host
+franta.biz: did not receive HSTS header
+franta.email: did not receive HSTS header
+franzt.de: could not connect to host
+franzt.ovh: could not connect to host
+frasesdeamizade.pt: could not connect to host
+frasys.io: did not receive HSTS header
+fraudempire.com: could not connect to host
+frebib.net: could not connect to host
+fredliang.cn: could not connect to host
+fredtec.ru: could not connect to host
+freeboson.org: could not connect to host
+freeflow.tv: could not connect to host
+freejidi.com: could not connect to host
+freekdevries.nl: did not receive HSTS header
+freelanced.co.za: could not connect to host
+freelansir.com: could not connect to host
+freelo.cz: did not receive HSTS header
+freematthale.net: did not receive HSTS header
+freeshkre.li: could not connect to host
+freesoftwaredriver.com: could not connect to host
+freethought.org.au: could not connect to host
+freeutopia.org: did not receive HSTS header
+freqlabs.com: did not receive HSTS header
+freshfind.xyz: could not connect to host
+freshlymind.com: did not receive HSTS header
+frezbo.com: could not connect to host
+frforms.com: did not receive HSTS header
+frickenate.com: could not connect to host
+fridaperfumaria.com.br: could not connect to host
+fridolinka.cz: could not connect to host
+friedhelm-wolf.de: could not connect to host
+friendica.ch: could not connect to host
+friendlyfiregameshow.com: could not connect to host
+frimons.com: could not connect to host
+frodriguez.xyz: could not connect to host
+froggstack.de: could not connect to host
+frolov.net: could not connect to host
+fromlemaytoz.com: could not connect to host
+fromthesoutherncross.com: could not connect to host
+front-end.dog: could not connect to host
+frontisme.nl: did not receive HSTS header
+frontmin.com: did not receive HSTS header
+frost-ci.xyz: could not connect to host
+frosty-gaming.xyz: could not connect to host
+froxlor.support: could not connect to host
+frp-roleplay.de: could not connect to host
+frsis2017.com: could not connect to host
+fruitusers.com: could not connect to host
+frumious.fyi: could not connect to host
+frusky.net: could not connect to host
+fs-gamenet.de: could not connect to host
+fsapubs.gov: did not receive HSTS header
+fsfi.is: could not connect to host
+fsinf.at: did not receive HSTS header
+fspphoto.com: could not connect to host
+fsradio.eu: could not connect to host
+fstfy.de: could not connect to host
+ftctele.com: could not connect to host
+fteproxy.org: did not receive HSTS header
+ftpi.ml: could not connect to host
+fuckbilibili.com: could not connect to host
+fuckcf.cf: could not connect to host
+fuckgfw233.org: could not connect to host
+fugle.de: could not connect to host
+fuitedeau.ch: could not connect to host
+fukuko.biz: could not connect to host
+fukuko.xyz: could not connect to host
+fukushima-web.com: did not receive HSTS header
+fuli.am: did not receive HSTS header
+fulilingyu.info: could not connect to host
+fuliydys.com: did not receive HSTS header
+fullytrained.co.uk: did not receive HSTS header
+fumiware.com: could not connect to host
+fun9.cc: could not connect to host
+fun99.cc: could not connect to host
+fundacionhijosdelsol.org: could not connect to host
+fungame.eu: did not receive HSTS header
+funkes-ferien.de: did not receive HSTS header
+funkyweddingideas.com.au: could not connect to host
+funnyang.com: could not connect to host
+funrun.com: did not receive HSTS header
+funspins.com: could not connect to host
+funtastic-event-hire.co.uk: did not receive HSTS header
+fuorifuocogenova.it: did not receive HSTS header
+furiffic.com: did not receive HSTS header
+furnation.com: could not connect to host
+furnishedproperty.com.au: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+furry.be: did not receive HSTS header
+fusedrops.com: could not connect to host
+fusionmate.com: did not receive HSTS header
+futbol11.com: did not receive HSTS header
+futos.de: could not connect to host
+futurefundapp.com: did not receive HSTS header
+futurestarsusa.org: did not receive HSTS header
+futuretechnologi.es: could not connect to host
+futureyouhealth.com: did not receive HSTS header
+fuvpn.com: could not connect to host
+fuzoku-sodan.com: could not connect to host
+fws.gov: did not receive HSTS header
+fx-rk.com: did not receive HSTS header
+fyfywka.com: max-age too low: 86400
+fyodorpi.com: did not receive HSTS header
+fyol.pw: could not connect to host
+fysiohaenraets.nl: did not receive HSTS header
+fzn.io: did not receive HSTS header
+fzslm.me: could not connect to host
+g-i-s.vn: did not receive HSTS header
+g-marketing.ro: did not receive HSTS header
+g-rickroll-o.pw: could not connect to host
+g1jeu.com: could not connect to host
+g2a.co: did not receive HSTS header
+g2g.com: did not receive HSTS header
+g4w.co: could not connect to host (error ignored - included regardless)
+g5led.nl: could not connect to host
+g77.ca: could not connect to host
+gaasuper6.com: could not connect to host
+gabber.scot: could not connect to host
+gabi.com.es: could not connect to host
+gabi.soy: did not receive HSTS header
+gabi.uno: could not connect to host
+gablaxian.com: max-age too low: 2592000
+gabriel.to: could not connect to host
+gabriele-kluge.de: could not connect to host
+gaelleetarnaud.com: did not receive HSTS header
+gafachi.com: could not connect to host
+gainesvillegoneaustin.org: did not receive HSTS header
+gaiserik.com: could not connect to host
+gaite.me: did not receive HSTS header
+gakkainavi-epsilon.net: did not receive HSTS header
+gakkainavi.jp: did not receive HSTS header
+gakkainavi4.com: could not connect to host
+gakkainavi4.net: did not receive HSTS header
+gala.kiev.ua: could not connect to host
+galardi.org: could not connect to host
+galena.io: could not connect to host
+galenskap.eu: could not connect to host
+galeriadobimba.com.br: could not connect to host
+gali.review: could not connect to host
+gallery44.org: did not receive HSTS header
+galletasgabi.com.mx: max-age too low: 86400
+galoisvpn.xyz: could not connect to host
+gam3rs.de: could not connect to host
+gambitcloud.net: could not connect to host
+game-gentle.com: could not connect to host
+game.yt: could not connect to host
+gamecave.de: could not connect to host
+gamechasm.com: could not connect to host
+gamefund.me: did not receive HSTS header
+gamehacks.me: could not connect to host
+gameink.net: max-age too low: 0
+gamek.es: could not connect to host
+gamenected.com: could not connect to host
+gamenected.de: could not connect to host
+gamepad.vg: could not connect to host
+gamepader.com: could not connect to host
+gameparade.de: could not connect to host
+gamepiece.com: could not connect to host
+gamerpoets.com: did not receive HSTS header
+gamers-life.fr: could not connect to host
+gamerslair.org: did not receive HSTS header
+gamerz-point.de: could not connect to host
+gamesdepartment.co.uk: did not receive HSTS header
+gameserver-sponsor.de: did not receive HSTS header
+gamesurferapp.com: could not connect to host
+gameswitchers.uk: could not connect to host
+gametium.com: could not connect to host
+gametium.es: could not connect to host
+gamingmedia.eu: did not receive HSTS header
+gamoice.com: did not receive HSTS header
+gampenhof.de: did not receive HSTS header
+garageon.net: did not receive HSTS header
+garciamartin.me: could not connect to host
+garcinia--cambogia.com: could not connect to host
+garden.trade: could not connect to host
+gasbarkenora.com: could not connect to host
+gasnews.net: could not connect to host
+gasser-daniel.ch: did not receive HSTS header
+gatapro.net: could not connect to host
+gatorsa.es: did not receive HSTS header
+gaussorgues.me: could not connect to host
+gautham.it: could not connect to host
+gautham.pro: could not connect to host
+gaygeeks.de: could not connect to host
+gc.net: could not connect to host
+gchoic.com: could not connect to host
+gdegem.org: did not receive HSTS header
+gdevpenze.ru: could not connect to host
+gdhzcgs.com: could not connect to host
+gdz-otvety.com: could not connect to host
+gebn.co.uk: did not receive HSTS header
+gebn.uk: could not connect to host
+gedankenbude.info: could not connect to host
+geekbaba.com: could not connect to host
+geekcast.co.uk: did not receive HSTS header
+geekmind.org: max-age too low: 172800
+geeks.berlin: could not connect to host
+geeks.lgbt: could not connect to host
+geeky.software: could not connect to host
+geemo.top: could not connect to host
+gehrke.nrw: could not connect to host
+geigr.de: could not connect to host
+geli-graphics.com: did not receive HSTS header
+gemsoftheworld.org: could not connect to host
+gemuplay.com: could not connect to host
+generationnext.pl: could not connect to host
+genesischangelog.com: did not receive HSTS header
+geneve.guide: could not connect to host
+genossen.ru: could not connect to host
+genshiken.org: could not connect to host
+genuu.com: could not connect to host
+genuxation.com: could not connect to host
+genyaa.com: could not connect to host
+genyhitch.com: did not receive HSTS header
+geoffdev.com: could not connect to host
+geoffreyrichard.com: did not receive HSTS header
+geopals.net: did not receive HSTS header
+geoponika.gr: did not receive HSTS header
+george-brighton.co.uk: could not connect to host
+georgebrighton.co.uk: could not connect to host
+georgescarryout.com: could not connect to host
+georgesonarthurs.com.au: did not receive HSTS header
+gereja.ga: could not connect to host
+gerencianet.com.br: did not receive HSTS header
+gereon.ch: could not connect to host
+geri.be: could not connect to host
+geschenkly.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+gesiwista.net: could not connect to host
+gesunde-smoothies.de: did not receive HSTS header
+get-cctv.com: could not connect to host
+get.zenpayroll.com: did not receive HSTS header
+geta.pub: did not receive HSTS header
+getable.com: did not receive HSTS header
+getblys.com.au: did not receive HSTS header
+getbooks.co.il: did not receive HSTS header
+getcarefirst.com: could not connect to host
+getcarina.com: could not connect to host
+getcleartouch.com: did not receive HSTS header
+getcolor.com: did not receive HSTS header
+getfestify.com: did not receive HSTS header
+getfilterlive.org: could not connect to host
+getfirepress.com: could not connect to host
+getgeek.dk: could not connect to host
+getgeek.ee: could not connect to host
+getgeek.es: could not connect to host
+getgeek.eu: did not receive HSTS header
+getgeek.fi: could not connect to host
+getgeek.fr: could not connect to host
+getgeek.io: could not connect to host
+getgeek.no: could not connect to host
+getgeek.nu: could not connect to host
+getgeek.pl: could not connect to host
+getgeek.se: did not receive HSTS header
+getinternet.de: did not receive HSTS header
+getkai.co.nz: did not receive HSTS header
+getlantern.org: did not receive HSTS header
+getlifti.com: could not connect to host
+getlittleapps.com: could not connect to host
+getlolaccount.com: did not receive HSTS header
+getmassage.com.ng: could not connect to host
+getmondo.co.uk: could not connect to host
+getpake.com: could not connect to host
+getpop.org: did not receive HSTS header
+getpublii.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+getremembrall.com: could not connect to host
+getronics.care: could not connect to host
+getsello.com: could not connect to host
+getspeaker.com: did not receive HSTS header
+getwarden.net: could not connect to host
+getwashdaddy.com: could not connect to host
+gevaulug.fr: could not connect to host
+gfbouncycastles.co.uk: could not connect to host
+gfhgiro.nl: max-age too low: 0
+gfm.tech: could not connect to host
+gfoss.gr: could not connect to host
+gfwsb.ml: could not connect to host
+gglks.com: could not connect to host
+ggrks-asano.com: could not connect to host
+ggss.cf: could not connect to host
+ggss.ml: could not connect to host
+gheorghe-sarcov.ga: could not connect to host
+gheorghesarcov.ga: could not connect to host
+gheorghesarcov.tk: could not connect to host
+ghi.gov: could not connect to host
+ghkim.net: could not connect to host
+ghuntley.com: max-age too low: 0
+giakki.eu: could not connect to host
+gianlucapartengo.photography: did not receive HSTS header
+gibraltar-firma.com: did not receive HSTS header
+gidea.nu: could not connect to host
+gietvloergarant.nl: did not receive HSTS header
+giftgofers.com: did not receive HSTS header
+giftservices.nl: could not connect to host
+gifzilla.net: could not connect to host
+gigacloud.org: max-age too low: 0
+gigacog.com: could not connect to host
+gigin.me: did not receive HSTS header
+gilcloud.com: could not connect to host
+gilgaz.com: did not receive HSTS header
+gillet-cros.fr: could not connect to host
+gilly.berlin: did not receive HSTS header
+gilroywestwood.org: did not receive HSTS header
+gina-architektur.design: could not connect to host
+gincher.net: did not receive HSTS header
+gingali.de: did not receive HSTS header
+ginijony.com: did not receive HSTS header
+gintenreiter-photography.com: did not receive HSTS header
+giogadesign.com: did not receive HSTS header
+gipsamsfashion.com: could not connect to host
+gipsic.com: did not receive HSTS header
+gis3m.org: did not receive HSTS header
+gistfy.com: could not connect to host
+git-stuff.tk: could not connect to host
+git.co: could not connect to host
+givemyanswer.com: could not connect to host
+gizzo.sk: could not connect to host
+glasner.photo: could not connect to host
+glass.google.com: did not receive HSTS header (error ignored - included regardless)
+glasslikes.com: did not receive HSTS header
+glbg.eu: did not receive HSTS header
+glentakahashi.com: could not connect to host
+glittersjabloon.nl: did not receive HSTS header
+glitzmirror.com: could not connect to host
+global-adult-webcams.com: did not receive HSTS header
+globalado.com: could not connect to host
+globalbridge-japan.com: did not receive HSTS header
+globalcomix.com: did not receive HSTS header
+globalexpert.co.nz: could not connect to host
+globalinsights.xyz: could not connect to host
+globalittech.com: could not connect to host
+globalmusic.ga: could not connect to host
+globalsites.nl: did not receive HSTS header
+glotter.com: did not receive HSTS header
+gloucesterphotographer.com: did not receive HSTS header
+glubbforum.de: did not receive HSTS header
+glutenfreelife.co.nz: could not connect to host
+glws.org: did not receive HSTS header
+gm-assicurazioni.it: could not connect to host
+gmail.com: did not receive HSTS header (error ignored - included regardless)
+gmantra.org: could not connect to host
+gmanukyan.com: could not connect to host
+gmat.ovh: could not connect to host
+gmoes.at: max-age too low: 600000
+gnom.me: could not connect to host
+gnosticjade.net: could not connect to host
+go.ax: did not receive HSTS header
+go2sh.de: did not receive HSTS header
+go4it.solutions: did not receive HSTS header
+goabonga.com: could not connect to host
+goalsetup.com: did not receive HSTS header
+goaltree.ch: did not receive HSTS header
+goarmy.eu: could not connect to host
+goat.chat: did not receive HSTS header
+goat.xyz: did not receive HSTS header
+goben.ch: could not connect to host
+goblins.net: did not receive HSTS header
+godrealms.com: could not connect to host
+goedeke.ml: could not connect to host
+goerner.me: did not receive HSTS header
+goge.site: could not connect to host
+gogenenglish.com: could not connect to host
+gogetssl.com: did not receive HSTS header
+goggs.eu: could not connect to host
+gogold-g.com: could not connect to host
+goiaspropaganda.com.br: could not connect to host
+gold24.in: did not receive HSTS header
+goldegg-training.com: did not receive HSTS header
+goldendata.io: could not connect to host
+goldminer.ga: could not connect to host
+goldpros.com: did not receive HSTS header
+golocal-media.de: could not connect to host
+gong8.win: could not connect to host
+gongjuhao.com: could not connect to host
+gonzalosanchez.mx: did not receive HSTS header
+goodfurday.ca: did not receive HSTS header
+goodtech.com.br: could not connect to host
+goodwin43.ru: could not connect to host
+google: could not connect to host (error ignored - included regardless)
+google.ax: could not connect to host
+googlemail.com: did not receive HSTS header (error ignored - included regardless)
+googleplex.com: did not receive HSTS header (error ignored - included regardless)
+googley.fr: max-age too low: 0
+goolok.com: could not connect to host
+gootlijsten.nl: did not receive HSTS header
+goozz.nl: did not receive HSTS header
+gopay.cz: did not receive HSTS header
+gopokego.cz: could not connect to host
+goranrango.ch: could not connect to host
+gorgiaxx.com: could not connect to host
+gorilla-gym.site: could not connect to host
+gorillow.com: could not connect to host
+gosharewood.com: did not receive HSTS header
+goshop.cz: did not receive HSTS header
+gostream.asia: did not receive HSTS header
+gotgenes.com: could not connect to host
+goto.google.com: did not receive HSTS header (error ignored - included regardless)
+goto.msk.ru: did not receive HSTS header
+gotobrno.cz: did not receive HSTS header
+gotocloud.ru: did not receive HSTS header
+gotowned.org: max-age too low: 0
+gotspot.com: could not connect to host
+gottcode.org: did not receive HSTS header
+gottfridsberg.org: could not connect to host
+gottfriedfeyen.com: did not receive HSTS header
+gourmettia.com: did not receive HSTS header
+gouv.ovh: did not receive HSTS header
+gov.ax: could not connect to host
+goverage.org: did not receive HSTS header
+govillemo.ca: did not receive HSTS header
+gozadentro.com: could not connect to host
+gozel.com.tr: did not receive HSTS header
+gparent.org: did not receive HSTS header
+gpo.gov: did not receive HSTS header
+gpstuner.com: did not receive HSTS header
+graavaapi.elasticbeanstalk.com: could not connect to host
+gracebaking.com: max-age too low: 86400
+gracechurchpc.net: max-age too low: 2592000
+gracesofgrief.com: could not connect to host
+grachtenpandverkopen.nl: could not connect to host
+gradsm-ci.net: could not connect to host
+grafitec.ru: did not receive HSTS header
+grana.com: did not receive HSTS header
+grandlinecsk.ru: did not receive HSTS header
+grandmascookieblog.com: did not receive HSTS header
+grantedby.me: max-age too low: 0
+granth.io: could not connect to host
+graph.no: did not receive HSTS header
+graphire.io: could not connect to host
+graphsearchengine.com: could not connect to host
+gratis-app.com: did not receive HSTS header
+gratisonlinesex.com: could not connect to host
+gravitation.pro: could not connect to host
+gravito.nl: did not receive HSTS header
+gravity-net.de: could not connect to host
+graycell.net: could not connect to host
+grazetech.com: did not receive HSTS header
+grcnode.co.uk: could not connect to host
+great.nagoya: did not receive HSTS header
+greatestwebsiteonearth.com: could not connect to host
+greatideahub.com: did not receive HSTS header
+greatnet.de: did not receive HSTS header
+greatsong.net: did not receive HSTS header
+greencardtalent.com: could not connect to host
+greenesting.ch: could not connect to host
+greenesting.com: could not connect to host
+greenhillantiques.co.uk: did not receive HSTS header
+greensolid.biz: could not connect to host
+greenvines.com.tw: did not receive HSTS header
+greenvpn.ltd: could not connect to host
+greenvpn.pro: did not receive HSTS header
+greggsfoundation.org.uk: could not connect to host
+gregmartyn.com: could not connect to host
+gregmilton.org: could not connect to host
+gregorytlee.me: could not connect to host
+grekland.guide: could not connect to host
+gremots.com: could not connect to host
+greplin.com: could not connect to host
+gresb.com: did not receive HSTS header
+gretchelizartistry.com: did not receive HSTS header
+greuel.online: could not connect to host
+grevesgarten.de: could not connect to host
+greyline.se: could not connect to host
+gribani.com: could not connect to host
+grid2osm.org: could not connect to host
+grigalanzsoftware.com: could not connect to host
+grillinfools.com: did not receive HSTS header
+gripopgriep.net: could not connect to host
+gritte.net: could not connect to host
+groenewoud.run: could not connect to host
+groetzner.net: did not receive HSTS header
+groseb.net: did not receive HSTS header
+grossell.ru: could not connect to host
+grossmann.gr: could not connect to host
+grossmisconduct.news: could not connect to host
+groupe-cassous.com: did not receive HSTS header
+groups.google.com: did not receive HSTS header (error ignored - included regardless)
+grow-shop.ee: could not connect to host
+grow-shop.lt: could not connect to host
+grow-shop.lv: could not connect to host
+grozip.com: did not receive HSTS header
+grunex.com: did not receive HSTS header
+grupopgn.com.br: could not connect to host
+gryffin.ga: could not connect to host
+gryffin.ml: could not connect to host
+gryffin.tk: could not connect to host
+gsm-map.com: could not connect to host
+gsnort.com: did not receive HSTS header
+gtamodshop.org: could not connect to host
+gtanda.tk: could not connect to host
+gtech.work: did not receive HSTS header
+gtldna.com: could not connect to host
+gtlfsonlinepay.com: did not receive HSTS header
+gtraxapp.com: could not connect to host
+gts-schulsoftware.de: did not receive HSTS header
+guarajubaimoveis.com.br: did not receive HSTS header
+guava.studio: did not receive HSTS header
+guentherhouse.com: did not receive HSTS header
+guenthernoack.de: could not connect to host
+guffrits.com: could not connect to host
+gugaltika-ipb.org: could not connect to host
+guge.gq: could not connect to host
+gugga.dk: could not connect to host
+guguke.net: did not receive HSTS header
+guilde-vindicta.fr: did not receive HSTS header
+guillaume-leduc.fr: did not receive HSTS header
+guillaumematheron.fr: did not receive HSTS header
+guinea-pig.co: could not connect to host
+guineafruitcorp.com: could not connect to host
+gulch.in.ua: did not receive HSTS header
+gulenet.com: could not connect to host
+gulfcoast-sandbox.com: could not connect to host
+gunnarhafdal.com: did not receive HSTS header
+gunnaro.com: could not connect to host
+guntbert.net: could not connect to host
+guoqiang.info: did not receive HSTS header
+gurom.lv: could not connect to host
+gurusupe.com: could not connect to host
+gus.moe: could not connect to host
+guso.gq: could not connect to host
+guso.ml: could not connect to host
+guso.site: could not connect to host
+guso.tech: could not connect to host
+gussi.is: did not receive HSTS header
+gvchannel.xyz: could not connect to host
+gvpt.sk: did not receive HSTS header
+gvt2.com: could not connect to host (error ignored - included regardless)
+gvt3.com: could not connect to host (error ignored - included regardless)
+gw2oracle.com: could not connect to host
+gw2reload.eu: could not connect to host
+gwijaya.com: could not connect to host
+gwtest.us: could not connect to host
+gxlrx.net: could not connect to host
+gyboche.com: could not connect to host
+gyboche.science: could not connect to host
+gycis.me: could not connect to host
+gylauto.fr: could not connect to host
+gym-old.de: max-age too low: 0
+gypthecat.com: did not receive HSTS header
+gyz.io: could not connect to host
+h-og.com: could not connect to host
+h-rickroll-n.pw: could not connect to host
+h2cdn.cloud: could not connect to host
+h2check.org: did not receive HSTS header
+h3artbl33d.nl: could not connect to host
+haarkliniek.com: did not receive HSTS header
+habbo.life: did not receive HSTS header
+habbotalk.nl: could not connect to host
+habeo.si: could not connect to host
+hablemosdetecnologia.com.ve: could not connect to host
+hac30.com: could not connect to host
+hack.cz: could not connect to host
+hack.li: could not connect to host
+hacker8.cn: did not receive HSTS header
+hackercat.ninja: did not receive HSTS header
+hackerforever.com: did not receive HSTS header
+hackerone-ext-adroll.com: could not connect to host
+hackerspace-ntnu.no: did not receive HSTS header
+hackest.org: did not receive HSTS header
+hackit.im: could not connect to host
+hackroyale.xyz: did not receive HSTS header
+hacksnack.io: could not connect to host
+hadaf.pro: could not connect to host
+hadzic.co: could not connect to host
+haeckdesign.com: did not receive HSTS header
+haeckl.eu: did not receive HSTS header
+haemmerle.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+haf.gr: could not connect to host
+hafoda.com: did not receive HSTS header
+hahayidu.org: could not connect to host
+hainoni.com: did not receive HSTS header
+hairlossstop.net: did not receive HSTS header
+haitschi.com: could not connect to host
+haitschi.de: did not receive HSTS header
+haitschi.net: could not connect to host
+haitschi.org: could not connect to host
+haku.moe: could not connect to host
+hakugin.me: could not connect to host
+hakugin.org: could not connect to host
+halcyonsbastion.com: could not connect to host
+halkyon.net: could not connect to host
+halletienne.fr: could not connect to host
+halo.red: could not connect to host
+halyul.cc: did not receive HSTS header
+halyul.com: did not receive HSTS header
+haman.nl: could not connect to host
+hamu.blue: could not connect to host
+hancc.net: could not connect to host
+handenafvanhetmedischdossier.nl: could not connect to host
+handicapindeles.nl: did not receive HSTS header
+handiworker.com: could not connect to host
+handleidingkwijt.com: did not receive HSTS header
+handsandall.com: did not receive HSTS header
+hanfu.la: could not connect to host
+hang333.pw: could not connect to host
+hangar18-modelismo.com.br: could not connect to host
+hanimalis.fr: could not connect to host
+hans-natur.de: did not receive HSTS header
+hao2taiwan.com: max-age too low: 0
+haobo111.com: could not connect to host
+haobo1111.com: could not connect to host
+haobo222.com: could not connect to host
+haobo2222.com: could not connect to host
+haobo4444.com: could not connect to host
+haobo5555.com: could not connect to host
+haobo6666.com: could not connect to host
+haobo7777.com: could not connect to host
+haomwei.com: could not connect to host
+haoyugao.com: could not connect to host
+hapijs.cn: could not connect to host
+happist.com: did not receive HSTS header
+happix.nl: did not receive HSTS header
+happyfabric.me: did not receive HSTS header
+happygastro.com: could not connect to host
+harambe.site: could not connect to host
+harbourweb.net: did not receive HSTS header
+hardline.xyz: could not connect to host
+haribosupermix.com: could not connect to host
+harisht.me: could not connect to host
+harlentimberproducts.co.uk: did not receive HSTS header
+harmonycosmetic.com: max-age too low: 300
+harristony.com: could not connect to host
+harrypottereditor.net: could not connect to host
+hartlep.eu: could not connect to host
+hartmancpa.com: did not receive HSTS header
+harvestrenewal.org: did not receive HSTS header
+harz.cloud: could not connect to host
+has.vision: could not connect to host
+hasabig.wang: could not connect to host
+hasalittle.wang: could not connect to host
+hash-list.com: could not connect to host
+hashidays.com: did not receive HSTS header
+hashnode.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+hashplex.com: could not connect to host
+hasilocke.de: did not receive HSTS header
+hasinase.de: could not connect to host
+haste.ch: could not connect to host
+hastherebeenamassshooting.today: could not connect to host
+hatoko.net: could not connect to host
+haufschild.de: could not connect to host
+haurumcraft.net: could not connect to host
+hausarzt-stader-str.de: did not receive HSTS header
+haveeruexaminer.com: could not connect to host
+havenmoon.com: could not connect to host
+havenswift-hosting.co.uk: did not receive HSTS header
+hawthornharpist.com: could not connect to host
+haxoff.com: could not connect to host
+haxon.me: could not connect to host
+haxx.hu: could not connect to host
+haydenhill.us: could not connect to host
+hazcod.com: could not connect to host
+haze-productions.com: could not connect to host
+haze.network: could not connect to host
+haze.sucks: could not connect to host
+hazyrom.net: could not connect to host
+hb1111.com: could not connect to host
+hb3333.com: could not connect to host
+hb4444.com: could not connect to host
+hbbet.com: could not connect to host
+hbvip.com: could not connect to host
+hbvip01.com: could not connect to host
+hbvip02.com: could not connect to host
+hbvip03.com: could not connect to host
+hbvip04.com: could not connect to host
+hbvip05.com: could not connect to host
+hbvip06.com: could not connect to host
+hbvip07.com: could not connect to host
+hbvip08.com: could not connect to host
+hcie.pl: could not connect to host
+hcr.io: did not receive HSTS header
+hcs-company.com: did not receive HSTS header
+hcs-company.nl: did not receive HSTS header
+hcstr.com: could not connect to host
+hdm.io: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+hdrboundless.com: could not connect to host
+hdserver.info: did not receive HSTS header
+hdsmigrationtool.com: could not connect to host
+hduin.xyz: could not connect to host
+hdwallpapers.net: did not receive HSTS header
+head-shop.lt: could not connect to host
+head-shop.lv: could not connect to host
+headmates.xyz: could not connect to host
+healthjoy.com: did not receive HSTS header
+healthyandnaturalliving.com: could not connect to host
+healthycod.in: could not connect to host
+healtious.com: could not connect to host
+hearingshofar.com: could not connect to host
+heart.ge: could not connect to host
+heartlandrentals.com: did not receive HSTS header
+hearty.ink: could not connect to host
+hearty.space: could not connect to host
+hearty.tw: did not receive HSTS header
+heartyme.net: could not connect to host
+heathmanners.com: could not connect to host
+heavenlysmokenc.com: could not connect to host
+heavystresser.com: could not connect to host
+hebaus.com: could not connect to host
+heidilein.info: did not receive HSTS header
+heijblok.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+heimnetze.org: could not connect to host
+heisenberg.co: could not connect to host
+hejahanif.se: could not connect to host
+hejsupport.se: could not connect to host
+helencrump.co.uk: did not receive HSTS header
+helgakristoffer.com: could not connect to host
+helgakristoffer.wedding: could not connect to host
+hellofilters.com: could not connect to host
+hellomouse.tk: could not connect to host
+helloworldhost.com: did not receive HSTS header
+hellscanyonraft.com: did not receive HSTS header
+helpadmin.net: could not connect to host
+helpantiaging.com: could not connect to host
+helpekwendenihospital.com: could not connect to host
+helpium.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+helpmebuild.com: did not receive HSTS header
+helsingfors.guide: could not connect to host
+hemlockhillscabinrentals.com: did not receive HSTS header
+hencagon.com: could not connect to host
+hendersonrealestatepros.com: did not receive HSTS header
+henriknoerr.com: could not connect to host
+hentai.design: could not connect to host
+hentaimaster.net: could not connect to host
+herbandpat.org: could not connect to host
+herbertmouwen.nl: could not connect to host
+here.ml: could not connect to host
+here4funpartysolutions.ie: did not receive HSTS header
+heribe-maruo.com: could not connect to host
+heritagedentistry.ca: did not receive HSTS header
+heroin.org.uk: could not connect to host
+herpaderp.net: could not connect to host
+herrenfahrt.com: did not receive HSTS header
+herzbotschaft.de: did not receive HSTS header
+hetmeisjeachterpauw.nl: could not connect to host
+hetmer.com: did not receive HSTS header
+hetmer.cz: did not receive HSTS header
+hetmer.net: did not receive HSTS header
+heutger.net: did not receive HSTS header
+hex2013.com: did not receive HSTS header
+hexhu.com: could not connect to host
+hexobind.com: could not connect to host
+heyfringe.com: could not connect to host
+heyguevara.com: could not connect to host
+heywoodtown.co.uk: did not receive HSTS header
+hfcbank.com.gh: did not receive HSTS header
+hfi.me: could not connect to host
+hfu.io: could not connect to host
+hg881.com: could not connect to host
+hibilog.com: could not connect to host
+hicn.gq: could not connect to host
+hiddendepth.ie: max-age too low: 0
+hiddenmail.xyz: could not connect to host
+hiddenrefuge.eu.org: could not connect to host
+hideftv.deals: could not connect to host
+hiexmerida-mailing.com: did not receive HSTS header
+higherpress.org: could not connect to host
+highgrove.org.uk: could not connect to host
+highseer.com: did not receive HSTS header
+highsurf-miyazaki.com: could not connect to host
+hightower.eu: could not connect to host
+highvelocitydesign.com: could not connect to host
+hiisukun.com: could not connect to host
+hiitcentre.com: did not receive HSTS header
+hikariempire.com: could not connect to host
+hilinemerchandising.com: did not receive HSTS header
+hill.selfip.net: could not connect to host
+hillcity.org.nz: did not receive HSTS header
+hilnu.tk: could not connect to host
+hinkel-sohn.de: did not receive HSTS header
+hintergedanken.com: did not receive HSTS header
+hintermeier-rae.at: could not connect to host
+hipercultura.com: did not receive HSTS header
+hiphopconvention.nl: could not connect to host
+hipnos.net: did not receive HSTS header
+hiqhub.co.uk: could not connect to host
+hirefitness.co.uk: did not receive HSTS header
+hirevets.gov: did not receive HSTS header
+hirokilog.com: could not connect to host
+hirte-digital.de: could not connect to host
+hitchunion.org: could not connect to host
+hititgunesi-tr.com: did not receive HSTS header
+hitoy.org: did not receive HSTS header
+hitrek.ml: could not connect to host
+hittipps.com: did not receive HSTS header
+hiv.gov: did not receive HSTS header
+hlyue.com: did not receive HSTS header
+hm1ch.ovh: could not connect to host
+hmksq.ae: max-age too low: 7776000
+hmm.nyc: could not connect to host
+hmsseahawk.com: did not receive HSTS header
+hoast.xyz: could not connect to host
+hobaugh.social: did not receive HSTS header
+hodamakade.com: did not receive HSTS header
+hodne.io: could not connect to host
+hoekwoningverkopen.nl: could not connect to host
+hoerbuecher-und-hoerspiele.de: could not connect to host
+hofiprojekt.cz: did not receive HSTS header
+hogar123.es: could not connect to host
+hohm.in: could not connect to host
+hoiku-map.tokyo: could not connect to host
+hoiku-navi.com: did not receive HSTS header
+holgerlehner.com: could not connect to host
+holidayincotswolds.co.uk: could not connect to host
+holifestival-freyung.de: could not connect to host
+holymoly.lu: could not connect to host
+homa.website: could not connect to host
+homads.com: did not receive HSTS header
+homeandyarddetailing.com: could not connect to host
+homeclouding.de: could not connect to host
+homedna.com: did not receive HSTS header
+homeexx.com: did not receive HSTS header
+homeownersassociationmanagementla.com: could not connect to host
+homeseller.co.uk: could not connect to host
+hometownmall.com: max-age too low: 0
+homeyantra.com: did not receive HSTS header
+homoglyph.net: could not connect to host
+honeytracks.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+hongyd.online: could not connect to host
+hongzhaxiaofendui.com: could not connect to host
+honoo.com: could not connect to host
+hoodoo.io: could not connect to host
+hoodoo.tech: could not connect to host
+hookandloom.com: did not receive HSTS header
+hoopsacademyusa.com: could not connect to host
+hoovism.com: did not receive HSTS header
+hopesb.org: could not connect to host
+horizonshypnosis.ca: did not receive HSTS header
+horning.co: did not receive HSTS header
+horosho.in: could not connect to host
+horseboners.xxx: did not receive HSTS header
+hortifarm.ro: did not receive HSTS header
+horvathtom.com: could not connect to host
+hosteasy.nl: did not receive HSTS header
+hosted-oswa.org: could not connect to host
+hostedtalkgadget.google.com: did not receive HSTS header (error ignored - included regardless)
+hostelite.com: did not receive HSTS header
+hostfuture.co.in: did not receive HSTS header
+hostgarou.com: did not receive HSTS header
+hostinaus.com.au: did not receive HSTS header
+hostingfj.com: could not connect to host
+hostisan.com: could not connect to host
+hostworkz.com: did not receive HSTS header
+hotartup.com: could not connect to host
+hotchoc.io: did not receive HSTS header
+hotel-tongruben.de: max-age too low: 0
+hotelaustria-wien.at: did not receive HSTS header
+hotelmadhuwanvihar.com: could not connect to host
+hotelvictoriaoax-mailing.com: did not receive HSTS header
+hotelvillahermosa-mailing.com: did not receive HSTS header
+hotelvue.nl: could not connect to host
+houkago-step.com: did not receive HSTS header
+housemaadiah.org: did not receive HSTS header
+housingstudents.org.uk: could not connect to host
+howardtyson.com: could not connect to host
+howfargames.com: could not connect to host
+howrandom.org: could not connect to host
+howtocuremysciatica.com: could not connect to host
+hozinga.de: could not connect to host
+hp-work.net: could not connect to host
+hpepub.asia: could not connect to host
+hpepub.com: could not connect to host
+hpepub.org: could not connect to host
+hppub.info: could not connect to host
+hppub.org: could not connect to host
+hppub.site: could not connect to host
+hqhost.net: did not receive HSTS header
+hr-intranet.com: could not connect to host
+hr98.tk: could not connect to host
+hrackydomino.cz: did not receive HSTS header
+hrk.io: could not connect to host
+hserver.top: could not connect to host
+hsir.me: could not connect to host
+hsts.com.br: could not connect to host
+hsts.date: could not connect to host
+hszhyy120.com: could not connect to host
+html-lab.tk: could not connect to host
+http418.xyz: could not connect to host
+httphacker.com: could not connect to host
+https.ps: could not connect to host
+httpstatuscode418.xyz: could not connect to host
+huangh.com: could not connect to host
+huarongdao.com: could not connect to host
+hubert.systems: did not receive HSTS header
+hugocollignon.fr: could not connect to host
+huiser.nl: could not connect to host
+hukkatavara.com: could not connect to host
+humankode.com: did not receive HSTS header
+humblefinances.com: did not receive HSTS header
+humeurs.net: could not connect to host
+humortuga.pt: could not connect to host
+hump.dk: did not receive HSTS header
+humpi.at: could not connect to host
+humpteedumptee.in: did not receive HSTS header
+hunger.im: could not connect to host
+huntshomeinspections.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+huodongweb.com: could not connect to host
+hup.blue: could not connect to host
+huskybutt.dog: could not connect to host
+huwjones.me: could not connect to host
+huzu.com: did not receive HSTS header
+huzurmetal.net: could not connect to host
+hyakumachi.com: did not receive HSTS header
+hyatt.com: did not receive HSTS header
+hydra.ws: could not connect to host
+hydrante.ch: could not connect to host
+hydrodipcenter.nl: did not receive HSTS header
+hydronium.cf: could not connect to host
+hydronium.ga: could not connect to host
+hydronium.me: could not connect to host
+hydronium.ml: could not connect to host
+hydronium.tk: could not connect to host
+hypa.net.au: did not receive HSTS header
+hyper69.com: did not receive HSTS header
+hypnoresults.com.au: did not receive HSTS header
+hypnos.hu: did not receive HSTS header
+hypotheques24.ch: could not connect to host
+hysg.me: could not connect to host
+hzh.pub: could not connect to host
+i-jp.net: could not connect to host
+i-partners.sk: did not receive HSTS header
+i-rickroll-n.pw: could not connect to host
+i10z.com: could not connect to host
+iacono.com.br: did not receive HSTS header
+iadttaveras.com: could not connect to host
+iamjoshellis.com: could not connect to host
+iamokay.nl: did not receive HSTS header
+iamreubin.co.uk: did not receive HSTS header
+iamveto.com: could not connect to host
+iapws.com: did not receive HSTS header
+iban.is: could not connect to host
+ibarf.nl: did not receive HSTS header
+ibase.com: did not receive HSTS header
+ibenchu.com: did not receive HSTS header
+ibestreview.com: did not receive HSTS header
+ibnuwebhost.com: could not connect to host
+icabanken.se: did not receive HSTS header
+icaforsakring.se: did not receive HSTS header
+ice.yt: could not connect to host
+icebound.cc: could not connect to host
+iceloch.com: could not connect to host
+icepink.com.br: could not connect to host
+icewoman.net: did not receive HSTS header
+icfl.com.br: could not connect to host
+ich-find-den-g.net: could not connect to host
+ich-mach-druck.eu: did not receive HSTS header
+ichnichtskaufmann.de: could not connect to host
+ichoosebtec.com: did not receive HSTS header
+icity.ly: did not receive HSTS header
+icloud.net: could not connect to host
+icntorrent.download: could not connect to host
+icreative.nl: could not connect to host
+ictpro.info: could not connect to host
+icusignature.com: could not connect to host
+id-co.in: could not connect to host
+id-conf.com: did not receive HSTS header
+id.fedoraproject.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+idcrane.com: could not connect to host
+ideadozz.hu: could not connect to host
+ideal-envelopes.co.uk: did not receive HSTS header
+idealmoto.com: did not receive HSTS header
+idealmykonos.com: did not receive HSTS header
+ideaman924.com: did not receive HSTS header
+ideaplus.me: could not connect to host
+ideasmeetingpoint.com: could not connect to host
+ideation-inc.co.jp: could not connect to host
+idedr.com: could not connect to host
+idemo.in: could not connect to host
+identitylabs.uk: could not connect to host
+identitysandbox.gov: could not connect to host
+idgsupply.com: did not receive HSTS header
+idinby.dk: did not receive HSTS header
+idisplay.es: did not receive HSTS header
+idlekernel.com: could not connect to host
+idol-bikes.ru: could not connect to host
+idontexist.me: did not receive HSTS header
+iemb.cf: could not connect to host
+iemb.tk: did not receive HSTS header
+ierna.com: did not receive HSTS header
+ies-italia.it: did not receive HSTS header
+ies.id.lv: could not connect to host
+ievgenialehner.com: could not connect to host
+ifad.org: did not receive HSTS header
+ifastuniversity.com: did not receive HSTS header
+ifengge.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ifleurs.com: could not connect to host
+ifoss.me: could not connect to host
+ifx.ee: could not connect to host
+ifxnet.com: could not connect to host
+igforums.com: could not connect to host
+igi.codes: did not receive HSTS header
+igiftcards.nl: did not receive HSTS header
+ignatisd.gr: did not receive HSTS header
+igule.net: could not connect to host
+ihotel.io: did not receive HSTS header
+ihrlotto.de: could not connect to host
+ihrnationalrat.ch: could not connect to host
+ihsbsd.me: could not connect to host
+ihsbsd.tk: could not connect to host
+iispeed.com: did not receive HSTS header
+ijn-dd.nl: could not connect to host
+ijoda.com: could not connect to host
+ikenmeyer.com: could not connect to host
+ikenmeyer.eu: could not connect to host
+ikocik.sk: did not receive HSTS header
+ikon.name: did not receive HSTS header
+ikwilguidobellen.nl: could not connect to host
+ikzoekeengoedkopeauto.nl: could not connect to host
+ikzoekjeugdhulp.nl: did not receive HSTS header
+ilbuongiorno.it: did not receive HSTS header
+ileat.com: could not connect to host
+ilgi.work: could not connect to host
+ilhansubasi.com: did not receive HSTS header
+ilikerainbows.co: could not connect to host
+ilikerainbows.co.uk: could not connect to host
+ilikfreshweedstores.com: did not receive HSTS header
+illegalpornography.me: could not connect to host
+ilmconpm.de: could not connect to host
+ilona.graphics: did not receive HSTS header
+iluvscotland.co.uk: max-age too low: 7889238
+imakepoems.net: could not connect to host
+ime.moe: could not connect to host
+imed.com.pt: did not receive HSTS header
+imed.pt: did not receive HSTS header
+img.ovh: could not connect to host
+imgencrypt.com: could not connect to host
+imgup.co: did not receive HSTS header
+imim.pw: could not connect to host
+imjiangtao.com: did not receive HSTS header
+imlinan.cn: could not connect to host
+imlinan.info: could not connect to host
+imlinan.net: could not connect to host
+immaterium.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+immersion-pictures.com: did not receive HSTS header
+immersionwealth.com: could not connect to host
+immoprotect.ca: did not receive HSTS header
+immortals-co.com: did not receive HSTS header
+immoverkauf24.at: did not receive HSTS header
+immoverkauf24.de: did not receive HSTS header
+immunicity.cc: could not connect to host
+immunicity.date: did not receive HSTS header
+immunicity.eu: did not receive HSTS header
+immunicity.host: could not connect to host
+immunicity.info: could not connect to host
+immunicity.online: could not connect to host
+immunicity.press: could not connect to host
+immunicity.rocks: could not connect to host
+immunicity.st: did not receive HSTS header
+immunicity.today: could not connect to host
+immunicity.top: could not connect to host
+immunicity.win: could not connect to host
+immunicity.works: could not connect to host
+immunicity.world: could not connect to host
+imolug.org: did not receive HSTS header
+imoni-blog.net: could not connect to host
+imoto.me: could not connect to host
+imouto.my: max-age too low: 5184000
+imperdintechnologies.com: could not connect to host
+imperialwebsolutions.com: did not receive HSTS header
+implicitdenial.com: could not connect to host
+imu.li: did not receive HSTS header
+imusic.dk: did not receive HSTS header
+inb4.us: could not connect to host
+inbox.li: did not receive HSTS header
+incendiary-arts.com: could not connect to host
+inche-ali.com: did not receive HSTS header
+inchomatic.com: did not receive HSTS header
+increasetestosteronelevels.org: could not connect to host
+indicateurs-flash.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+indiecert.net: could not connect to host
+indiemods.com: could not connect to host
+indien.guide: could not connect to host
+indochina.io: could not connect to host
+indoorskiassen.nl: did not receive HSTS header
+indredouglas.me: could not connect to host
+industreiler.com: could not connect to host
+industreiler.com.br: could not connect to host
+industrybazar.com: did not receive HSTS header
+ineed.com.mt: could not connect to host
+inexpensivecomputers.net: could not connect to host
+infcof.com: did not receive HSTS header
+infilock.com: could not connect to host
+infinitude.me.uk: could not connect to host
+infinitude.xyz: could not connect to host
+infinitudecloud.com: could not connect to host
+infinitusgaming.eu: could not connect to host
+infinity-freedom.com: could not connect to host
+infinity-freedom.de: could not connect to host
+infinity-lifestyle.de: could not connect to host
+inflatadays.co.uk: could not connect to host
+inflation.ml: could not connect to host
+info-sys.tk: could not connect to host
+infoduv.fr: did not receive HSTS header
+infogrfx.com: did not receive HSTS header
+inforichjapan.com: did not receive HSTS header
+informaticapremium.com: did not receive HSTS header
+informatik.zone: could not connect to host
+infosec.rip: could not connect to host
+infosoph.org: could not connect to host
+infotics.es: did not receive HSTS header
+infoworm.org: could not connect to host
+infranix.eu: max-age too low: 7360000
+infura.co.th: could not connect to host
+ingesol.fr: did not receive HSTS header
+inhelix.com: could not connect to host
+injertoshorticolas.com: did not receive HSTS header
+injigo.com: did not receive HSTS header
+injust.cf: could not connect to host
+injust.ga: could not connect to host
+injust.gq: could not connect to host
+injust.me: could not connect to host
+injust.ml: could not connect to host
+injust.tk: could not connect to host
+inked-guy.de: could not connect to host
+inkedguy.de: could not connect to host
+inkstory.gr: did not receive HSTS header
+inksupply.com: did not receive HSTS header
+inkvisual.tk: could not connect to host
+inleaked.com: could not connect to host
+inmyarea.com: max-age too low: 0
+innolabfribourg.ch: could not connect to host
+innophate-security.nl: could not connect to host
+inondation.ch: could not connect to host
+inplacers.ru: did not receive HSTS header
+inquisitive.io: did not receive HSTS header
+insane-bullets.com: could not connect to host
+inscript.pl: could not connect to host
+insite-feedback.com: could not connect to host
+insouciant.org: could not connect to host
+inspire-av.com: did not receive HSTS header
+inspiroinc.com: could not connect to host
+instacart.com: did not receive HSTS header
+instant-hack.com: did not receive HSTS header
+instantdev.io: could not connect to host
+instaquiz.ru: could not connect to host
+instasex.ch: could not connect to host
+institutoflordelavida.com: could not connect to host
+institutolancaster.com: did not receive HSTS header
+instruktor.io: could not connect to host
+insurance: could not connect to host
+insurance321.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+intel.gov: did not receive HSTS header
+intel.li: could not connect to host
+intelldynamics.com: could not connect to host
+interboursegeneva.ch: did not receive HSTS header
+interference.io: could not connect to host
+interhosts.co.za: could not connect to host
+interim-cto.de: could not connect to host
+interleucina.org: did not receive HSTS header
+interlocal.co.uk: could not connect to host
+interlun.com: could not connect to host
+intermezzo-emmerich.de: did not receive HSTS header
+intermezzo-emmerich.nl: did not receive HSTS header
+internaldh.com: could not connect to host
+internet-pornografie.de: did not receive HSTS header
+internetcasinos.de: could not connect to host
+internetcensus.org: could not connect to host
+internetdentalalliance.com: did not receive HSTS header
+internetpro.me: could not connect to host
+internetradiocharts.de: did not receive HSTS header
+internshipandwork.com: did not receive HSTS header
+internshipandwork.ru: did not receive HSTS header
+intersectraven.net: did not receive HSTS header
+interserved.com: did not receive HSTS header
+interviewpipeline.co.uk: could not connect to host
+intervisteperstrada.com: could not connect to host
+intexplore.org: could not connect to host
+intim-uslugi-kazan.net: could not connect to host
+intimateperrierjouet.com: could not connect to host
+intimici.com.br: could not connect to host
+intimtoy.com.ua: could not connect to host
+intocities.de: did not receive HSTS header
+intranetsec.fr: could not connect to host
+intrp.net: did not receive HSTS header
+inverselink-user-content.com: could not connect to host
+inverselink.com: could not connect to host
+investnext.com: max-age too low: 43200
+investor.gov: did not receive HSTS header
+investorloanshub.com: could not connect to host
+invictusmc.uk: could not connect to host
+invinsec.cloud: did not receive HSTS header
+inviosolutions.com: max-age too low: 0
+invite24.pro: could not connect to host
+iolife.dk: could not connect to host
+ionas-law.ro: did not receive HSTS header
+iop.intuit.com: max-age too low: 86400
+iora.fr: could not connect to host
+iosmods.com: did not receive HSTS header
+iostips.ru: could not connect to host
+ip.or.at: could not connect to host
+ip6.im: did not receive HSTS header
+ipbill.org.uk: could not connect to host
+iphonechina.net: could not connect to host
+iplife.cn: could not connect to host
+ipmimagazine.com: did not receive HSTS header
+ipnetworking.net: could not connect to host
+iprice.co.id: did not receive HSTS header
+iprice.hk: did not receive HSTS header
+iprice.my: did not receive HSTS header
+iprice.ph: did not receive HSTS header
+iprice.sg: did not receive HSTS header
+iprice.vn: did not receive HSTS header
+ipricethailand.com: did not receive HSTS header
+iprody.com: max-age too low: 7889238
+iptel.ro: could not connect to host
+ipuservicedesign.com: could not connect to host
+ipv6.watch: did not receive HSTS header
+ipv6cloud.club: could not connect to host
+ipv6only.network: could not connect to host
+ipvsec.nl: could not connect to host
+iqcn.co: could not connect to host
+iqualtech.com: max-age too low: 7889238
+ir-saitama.com: could not connect to host
+iranianlawschool.com: could not connect to host
+iraqidinar.org: did not receive HSTS header
+irazimina.ru: did not receive HSTS header
+irccloud.com: did not receive HSTS header
+irelandesign.com: could not connect to host
+irinkeby.nu: could not connect to host
+irland.guide: could not connect to host
+irmtrudjurke.de: did not receive HSTS header
+irugs.ch: did not receive HSTS header
+irugs.co.uk: did not receive HSTS header
+irugs.com.sg: did not receive HSTS header
+irukandjilabs.com: could not connect to host
+irvinepa.org: max-age too low: 10540800
+is-a-furry.org: did not receive HSTS header
+isabellehogarth.co.uk: could not connect to host
+isamiok.com: could not connect to host
+ischool.co.jp: did not receive HSTS header
+isdf.me: could not connect to host
+isef-eg.com: did not receive HSTS header
+iseulde.com: did not receive HSTS header
+ishadowsocks.ltd: could not connect to host
+ishangirdhar.com: could not connect to host
+ishillaryclintoninprisonyet.com: could not connect to host
+isitamor.pm: could not connect to host
+iskai.net: did not receive HSTS header
+iskaz.rs: did not receive HSTS header
+islandzero.net: did not receive HSTS header
+islief.com: did not receive HSTS header
+ismetroonfiretoday.com: could not connect to host
+isoface33.fr: did not receive HSTS header
+isogen5.com: could not connect to host
+isogram.nl: could not connect to host
+istanbul.systems: did not receive HSTS header
+istanbultravelguide.info: could not connect to host
+istaspirtslietas.lv: did not receive HSTS header
+isz.no: could not connect to host
+it-cave.com: could not connect to host
+it-go.net: did not receive HSTS header
+it-schwerin.de: could not connect to host
+itad.top: could not connect to host
+itechgeek.com: max-age too low: 0
+items.lv: did not receive HSTS header
+itemton.com: could not connect to host
+itfaq.nl: did not receive HSTS header
+ithakama.com: did not receive HSTS header
+ithakama.cz: did not receive HSTS header
+itinsight.hu: did not receive HSTS header
+itos.asia: did not receive HSTS header
+itos.pl: did not receive HSTS header
+itpol.dk: did not receive HSTS header
+itpro-mg.de: could not connect to host
+itproject.guru: did not receive HSTS header
+itrack.in.th: did not receive HSTS header
+itriskltd.com: did not receive HSTS header
+its-schindler.de: could not connect to host
+itsadog.co.uk: did not receive HSTS header
+itsagadget.com: did not receive HSTS header
+itsamurai.ru: max-age too low: 2592000
+itsatrap.nl: could not connect to host
+itsecurityassurance.pw: could not connect to host
+itsg-faq.de: could not connect to host
+itshost.ru: could not connect to host
+itspawned.com: max-age too low: 200
+itu2015.de: could not connect to host
+ius.io: did not receive HSTS header
+iuscommunity.org: did not receive HSTS header
+ivanilla.org: could not connect to host
+ivanpolchenko.com: could not connect to host
+ivi-co.com: max-age too low: 0
+ivi-fertility.com: max-age too low: 0
+ivi.es: max-age too low: 0
+ivk.website: could not connect to host
+ivklombard.ru: did not receive HSTS header
+iwannarefill.com: could not connect to host
+iwilcox.me.uk: could not connect to host
+iwpbk.com: could not connect to host
+ix8.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ixec2.tk: could not connect to host
+ixh.me: did not receive HSTS header
+izdiwho.com: could not connect to host
+izolight.ch: could not connect to host
+izoox.com: did not receive HSTS header
+izzzorgconcerten.nl: could not connect to host
+j-lsolutions.com: could not connect to host
+j-rickroll-a.pw: could not connect to host
+j0ng.xyz: could not connect to host
+ja-publications.com: did not receive HSTS header
+jaan.su: could not connect to host
+jackalworks.com: could not connect to host
+jackdoan.com: did not receive HSTS header
+jackfahnestock.com: could not connect to host
+jacobdevans.com: could not connect to host
+jacobparry.ca: did not receive HSTS header
+jacobsenarquitetura.com: max-age too low: 5184000
+jagido.de: did not receive HSTS header
+jahliveradio.com: could not connect to host
+jaimechanaga.com: could not connect to host
+jaion.ml: could not connect to host
+jakerullman.com: could not connect to host
+jakincode.army: could not connect to host
+jaksel.id: could not connect to host
+jamanji.com.ng: could not connect to host
+james-parker.com: did not receive HSTS header
+james.je: could not connect to host
+jamesandanneke.com: did not receive HSTS header
+jamesandpame.la: could not connect to host
+jamesburton.london: could not connect to host
+jamesbywater.co.uk: could not connect to host
+jamesbywater.com: could not connect to host
+jamesbywater.me: could not connect to host
+jamesbywater.me.uk: could not connect to host
+jamesbywater.uk: could not connect to host
+jamesconroyfinn.com: did not receive HSTS header
+jamescostian.com: did not receive HSTS header
+jamesdoell.com: could not connect to host
+jamesdoylephoto.com: did not receive HSTS header
+jamesf.xyz: could not connect to host
+jamesforman.co.nz: did not receive HSTS header
+jameshale.me: did not receive HSTS header
+jamesheald.com: could not connect to host
+jamesmaurer.com: did not receive HSTS header
+jami.am: did not receive HSTS header
+jamourtney.com: could not connect to host
+jan-and-maaret.de: could not connect to host
+jan-cermak.cz: did not receive HSTS header
+jan-daniels.de: did not receive HSTS header
+jan-roenspies.de: could not connect to host
+jan27.org: did not receive HSTS header
+janario.me: could not connect to host
+janbrodda.de: max-age too low: 2592000
+jangho.me: could not connect to host
+janking.de: did not receive HSTS header
+jannyrijneveld.nl: did not receive HSTS header
+janssen.fm: could not connect to host
+janus-engineering.de: did not receive HSTS header
+japaripark.com: could not connect to host
+japlex.com: could not connect to host
+jaqen.ch: could not connect to host
+jardins-utopie.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+jaredbates.net: did not receive HSTS header
+jaredfraser.com: could not connect to host
+jarivisual.com: did not receive HSTS header
+jarnail.ca: did not receive HSTS header
+jaroslavtrsek.cz: did not receive HSTS header
+jarsater.com: could not connect to host
+jartza.org: could not connect to host
+jasmineconseil.com: did not receive HSTS header
+jasoncosper.com: did not receive HSTS header
+jasonrobinson.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+jasonroe.me: could not connect to host
+jasperespejo.com: could not connect to host
+jastoria.pl: did not receive HSTS header
+jav-collective.com: could not connect to host
+java-board.com: could not connect to host
+javachip.win: could not connect to host
+javan.ga: could not connect to host
+javascriptlab.fr: could not connect to host
+javelinsms.com: could not connect to host
+javilacat.info: could not connect to host
+jayblock.com: did not receive HSTS header
+jaylen.com.ar: did not receive HSTS header
+jayna.design: did not receive HSTS header
+jayschulman.com: did not receive HSTS header
+jayscoaching.com: could not connect to host
+jayshao.com: did not receive HSTS header
+jballelectronics.com: did not receive HSTS header
+jbelien.be: did not receive HSTS header
+jbelien.photography: did not receive HSTS header
+jbfp.dk: did not receive HSTS header
+jbj.co.uk: did not receive HSTS header
+jbn.mx: could not connect to host
+jbrowndesign.me: did not receive HSTS header
+jccars-occasions.be: could not connect to host
+jcch.de: could not connect to host
+jccrew.org: could not connect to host
+jcf-office.com: did not receive HSTS header
+jcor.me: did not receive HSTS header
+jcoscia.com: could not connect to host
+jcraft.us: could not connect to host
+jctf.io: could not connect to host
+jdav-leipzig.de: could not connect to host
+jebengotai.com: did not receive HSTS header
+jecho.cn: did not receive HSTS header
+jeff393.com: could not connect to host
+jeffersonregan.org: could not connect to host
+jeffreymagee.com: could not connect to host
+jeil-makes.co.kr: could not connect to host
+jellow.nl: did not receive HSTS header
+jenjoit.de: could not connect to host
+jennifercherniack.com: did not receive HSTS header
+jens-prangenberg.de: did not receive HSTS header
+jens.hk: could not connect to host
+jensenbanden.no: could not connect to host
+jeremyc.ca: could not connect to host
+jeremye77.com: did not receive HSTS header
+jeroenseegers.com: could not connect to host
+jesorsenville.com: did not receive HSTS header
+jessicabenedictus.nl: could not connect to host
+jessicah.org: could not connect to host
+jesuisformidable.nl: could not connect to host
+jet-code.com: could not connect to host
+jetaprices.com: max-age too low: 0
+jetflex.de: did not receive HSTS header
+jetlagphotography.com: could not connect to host
+jeton.com: did not receive HSTS header
+jetsetcharge.com: could not connect to host
+jetsetpay.com: could not connect to host
+jettlarue.com: could not connect to host
+jettshome.org: could not connect to host
+jewellerydesignstore.com: could not connect to host
+jfmel.com: did not receive HSTS header
+jfnllc.com: did not receive HSTS header
+jfx.space: did not receive HSTS header
+jh-media.eu: could not connect to host
+jhburton.co.uk: could not connect to host
+jhburton.uk: could not connect to host
+jhejderup.me: could not connect to host
+jia1hao.com: could not connect to host
+jiaidu.com: could not connect to host
+jiangzequn.com: could not connect to host
+jiangzm.com: could not connect to host
+jianjiantv.com: did not receive HSTS header
+jiaqiang.vip: could not connect to host
+jichi.me: could not connect to host
+jief.me: did not receive HSTS header
+jikken.de: could not connect to host
+jimas.eu: did not receive HSTS header
+jimenacocina.com: did not receive HSTS header
+jimgao.tk: did not receive HSTS header
+jimmehcai.com: could not connect to host
+jimmycai.org: could not connect to host
+jingyuesi.com: could not connect to host
+jinmaguoji.com: did not receive HSTS header
+jinshavip.com: did not receive HSTS header
+jirav.io: could not connect to host
+jisaku-homepage.com: did not receive HSTS header
+jitsi.org: did not receive HSTS header
+jiyue.com: did not receive HSTS header
+jjf.org.au: did not receive HSTS header
+jka.io: did not receive HSTS header
+jkb.pics: could not connect to host
+jkbuster.com: could not connect to host
+jko.works: could not connect to host
+jm06.com: did not receive HSTS header
+jm22.com: did not receive HSTS header
+jmbelloteau.com: did not receive HSTS header
+jmdekker.it: could not connect to host
+jmoreau.ddns.net: could not connect to host
+jn1.me: did not receive HSTS header
+joakimalgroy.com: could not connect to host
+jobflyapp.com: could not connect to host
+jobmedic.com: could not connect to host
+jobshq.com: did not receive HSTS header
+jobss.co.uk: did not receive HSTS header
+joecod.es: could not connect to host
+joelgonewild.com: did not receive HSTS header
+joetyson.io: could not connect to host
+johannes-sprink.de: could not connect to host
+johnbrownphotography.ch: did not receive HSTS header
+johncardell.com: did not receive HSTS header
+johners.me: could not connect to host
+johngaltgroup.com: did not receive HSTS header
+johngo.tk: could not connect to host
+johnhgaunt.com: did not receive HSTS header
+johnmcgovern.com: max-age too low: 43200
+johnrom.com: did not receive HSTS header
+johnverkerk.com: could not connect to host
+jointoweb.com: could not connect to host
+jonas-keidel.de: did not receive HSTS header
+jonasgroth.se: did not receive HSTS header
+jonathan.ir: could not connect to host
+jonathanreyes.com: did not receive HSTS header
+jonathansanchez.pro: could not connect to host
+jongha.me: could not connect to host
+jonn.me: could not connect to host
+jonnichols.info: did not receive HSTS header
+jonsno.ws: could not connect to host
+joostbovee.nl: could not connect to host
+jooto.com: could not connect to host
+jordanhamilton.me: could not connect to host
+jordanstrustcompany.cn: could not connect to host
+jordanstrustcompany.ru: could not connect to host
+jordikroon.nl: did not receive HSTS header
+joretapo.fr: could not connect to host
+jorgemesa.me: could not connect to host
+josahrens.me: could not connect to host
+josecage.com: could not connect to host
+joshi.su: could not connect to host
+joshplant.co.uk: did not receive HSTS header
+joshstroup.me: could not connect to host
+jotpics.com: could not connect to host
+jottit.com: could not connect to host
+joyceclerkx.com: could not connect to host
+joyjohnston.ca: did not receive HSTS header
+joyqi.com: did not receive HSTS header
+jpaglier.com: could not connect to host
+jpbike.cz: did not receive HSTS header
+jpeaches.xyz: could not connect to host
+jptun.com: could not connect to host
+jrgold.me: could not connect to host
+jrmd.io: could not connect to host
+jrvar.com: could not connect to host
+js88.sg: could not connect to host
+jsanders.us: did not receive HSTS header
+jsbentertainment.nl: did not receive HSTS header
+jsc7776.com: could not connect to host
+jsg-technologies.de: did not receive HSTS header
+jsjyhzy.cc: could not connect to host
+jualautoclave.com: did not receive HSTS header
+jualssh.com: could not connect to host
+juandesouza.com: did not receive HSTS header
+judosaintdenis.fr: did not receive HSTS header
+juka.pp.ua: did not receive HSTS header
+juliamweber.de: could not connect to host
+julian-kipka.de: did not receive HSTS header
+julian-witusch.de: could not connect to host
+juliaoantiguidades.com.br: could not connect to host
+juliawebber.co.za: could not connect to host
+julido.de: did not receive HSTS header
+jumbopan.com: could not connect to host
+jumbopan.net: could not connect to host
+jumbox.xyz: could not connect to host
+jumbster.com: max-age too low: 2592000
+jumping-duck.com: could not connect to host
+junaos.com: did not receive HSTS header
+junaos.xyz: did not receive HSTS header
+jundimax.com.br: could not connect to host
+junge-selbsthilfe.info: could not connect to host
+junglegoat.xyz: did not receive HSTS header
+junjung.me: could not connect to host
+junqtion.com: could not connect to host
+jupp0r.de: did not receive HSTS header
+juristas.com.br: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+just-pools.co.za: could not connect to host
+justiceforfathers.com: could not connect to host
+justinharrison.ca: could not connect to host
+justinlemay.com: could not connect to host
+justlikethat.hosting: did not receive HSTS header
+justmy.website: did not receive HSTS header
+justnaw.co.uk: could not connect to host
+justudin.com: did not receive HSTS header
+justwood.cz: did not receive HSTS header
+justzz.xyz: could not connect to host
+jutella.de: did not receive HSTS header
+juvenex.co: could not connect to host
+juventusmania1897.com: could not connect to host
+juwairen.cn: could not connect to host
+jvoice.net: could not connect to host
+jwilsson.me: could not connect to host
+jxm.in: could not connect to host
+jym.fit: did not receive HSTS header
+jysperm.me: did not receive HSTS header
+jznet.org: could not connect to host
+k-dev.de: could not connect to host
+k-rickroll-g.pw: could not connect to host
+k-wallet.com: did not receive HSTS header
+k1cp.com: could not connect to host
+k33k00.com: could not connect to host
+k3nny.fr: did not receive HSTS header
+ka-clan.com: could not connect to host
+kaasbijwijn.nl: could not connect to host
+kaashosting.nl: did not receive HSTS header
+kabinapp.com: could not connect to host
+kabuabc.com: could not connect to host
+kackscharf.de: could not connect to host
+kadioglumakina.com.tr: did not receive HSTS header
+kaela.design: could not connect to host
+kahopoon.net: could not connect to host
+kaibol.com: could not connect to host
+kaika-facilitymanagement.de: could not connect to host
+kaisers.de: did not receive HSTS header
+kaiyuewu.com: could not connect to host
+kaketalk.com: did not receive HSTS header
+kalami.nl: could not connect to host
+kaleidomarketing.com: did not receive HSTS header
+kaloix.de: could not connect to host
+kambodja.guide: could not connect to host
+kamcvicit.sk: could not connect to host
+kamikano.com: could not connect to host
+kamitech.ch: could not connect to host
+kanaanonline.org: max-age too low: 86400
+kanada.guide: could not connect to host
+kaneo-gmbh.de: did not receive HSTS header
+kanganer.com: could not connect to host
+kangzaber.com: could not connect to host
+kaniklani.co.za: could not connect to host
+kanscooking.org: could not connect to host
+kany.me: did not receive HSTS header
+kanzlei-wirtschaftsrecht.berlin: max-age too low: 600000
+kaohub.com: could not connect to host
+kaplatz.is: could not connect to host
+kapo.info: could not connect to host
+kapucini.si: max-age too low: 0
+kaputt.com: did not receive HSTS header
+kapverde.guide: could not connect to host
+karamna.com: could not connect to host
+karanlyons.com: could not connect to host
+karaoketonight.com: could not connect to host
+karenledger.ca: could not connect to host
+karlic.net: could not connect to host
+karloskontana.tk: could not connect to host
+karsofsystems.com: could not connect to host
+karting34.com: did not receive HSTS header
+karuneshjohri.com: could not connect to host
+kashdash.ca: could not connect to host
+katalogakci.cz: did not receive HSTS header
+katiaetdavid.fr: could not connect to host
+katoju.co.jp: could not connect to host
+katproxy.al: could not connect to host
+katproxy.online: could not connect to host
+katproxy.site: could not connect to host
+katproxy.tech: could not connect to host
+katproxy.top: did not receive HSTS header
+katrinjanke.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+katyusha.net: did not receive HSTS header
+katzen.me: could not connect to host
+kaufkraftkiel.de: could not connect to host
+kauplusprofesional.com: did not receive HSTS header
+kausch.at: could not connect to host
+kavinvin.me: could not connect to host
+kawaii.io: could not connect to host
+kawaiiku.com: could not connect to host
+kawaiiku.de: could not connect to host
+kcluster.io: could not connect to host
+kd-plus.pp.ua: could not connect to host
+kdata.it: did not receive HSTS header
+kdbx.online: could not connect to host
+kdm-online.de: did not receive HSTS header
+keeley.gq: could not connect to host
+keeley.ml: could not connect to host
+keeleysam.me: could not connect to host
+keepaa.com: could not connect to host
+keepassa.co: could not connect to host
+keepclean.me: could not connect to host
+keepcoalintheground.org: could not connect to host
+keepflow.io: could not connect to host
+kefaloniatoday.com: did not receive HSTS header
+kelm.me: could not connect to host
+kenkoelectric.com: did not receive HSTS header
+kentacademiestrust.org.uk: did not receive HSTS header
+kenvix.com: could not connect to host
+kenyons.info: could not connect to host
+kepkonyvtar.hu: could not connect to host
+kerangalam.com: did not receive HSTS header
+kerksanders.nl: did not receive HSTS header
+kermadec.blog: could not connect to host
+kermadec.net: did not receive HSTS header
+kernl.us: did not receive HSTS header
+keskeces.com: did not receive HSTS header
+kevinbowers.me: could not connect to host
+kevindekoninck.com: could not connect to host
+keymaster.lookout.com: did not receive HSTS header
+keyserver.sexy: could not connect to host
+kfbrussels.be: could not connect to host
+kg-rating.com: could not connect to host
+kgb.us: could not connect to host
+kgm-irm.be: could not connect to host
+kgxtech.com: max-age too low: 2592000
+khaganat.net: did not receive HSTS header
+ki-on.net: did not receive HSTS header
+kialo.com: did not receive HSTS header
+kickass-proxies.org: could not connect to host
+kickass.al: could not connect to host
+kickasstorrents.gq: did not receive HSTS header
+kickstart.com.pk: did not receive HSTS header
+kid-dachau.de: did not receive HSTS header
+kidbacker.com: could not connect to host
+kidkat.cn: could not connect to host
+kids2day.in: did not receive HSTS header
+kiedys.net: could not connect to host
+kiel-media.de: did not receive HSTS header
+kieranjones.uk: did not receive HSTS header
+kieranweightman.me: could not connect to host
+kievradio.com: could not connect to host
+kimana.pe: could not connect to host
+kimberg.co.uk: did not receive HSTS header
+kimpost.org: could not connect to host
+kina.guide: could not connect to host
+kinderly.co.uk: did not receive HSTS header
+kinderwagen-test24.de: could not connect to host
+kindlyfire.com: could not connect to host
+kindof.ninja: could not connect to host
+kinepolis-studio.ga: could not connect to host
+kingbird.me: could not connect to host
+kingclass.cn: could not connect to host
+kingmanhall.org: could not connect to host
+kingopen.cn: max-age too low: 0
+kinkdr.com: could not connect to host
+kinniyaonlus.com: could not connect to host
+kinnon.enterprises: could not connect to host
+kintoandar.com: max-age too low: 0
+kintrip.com: did not receive HSTS header
+kionetworks.com: did not receive HSTS header
+kipin.fr: did not receive HSTS header
+kipira.com: could not connect to host
+kirainmoe.com: max-age too low: 233000
+kirara.eu: could not connect to host
+kirill.ws: could not connect to host
+kirkforcongress.com: could not connect to host
+kirkforsenate.com: could not connect to host
+kirkpatrickdavis.com: could not connect to host
+kisa.io: could not connect to host
+kisalt.im: did not receive HSTS header
+kiss-register.org: did not receive HSTS header
+kissart.net: could not connect to host
+kisstyle.ru: did not receive HSTS header
+kisun.co.jp: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kita.id: did not receive HSTS header
+kitabgaul.com: did not receive HSTS header
+kitakemon.com: could not connect to host
+kitashop.com.br: did not receive HSTS header
+kitatec.com.br: could not connect to host
+kitchen-profi.kz: could not connect to host
+kitchenaccessories.pro: did not receive HSTS header
+kitchenchaos.de: could not connect to host
+kitchenpunx.com: could not connect to host
+kitestar.co.uk: did not receive HSTS header
+kitk.at: could not connect to host
+kitsostech.com: could not connect to host
+kitsta.com: could not connect to host
+kiwiirc.com: max-age too low: 5256000
+kiyo.space: could not connect to host
+kizil.net: could not connect to host
+kj1391.com: did not receive HSTS header
+kj1396.net: could not connect to host
+kj1397.com: did not receive HSTS header
+kjaermaxi.me: did not receive HSTS header
+kjchernov.info: could not connect to host
+kjg-bachrain.de: could not connect to host
+kjoglum.me: could not connect to host
+klas.or.id: did not receive HSTS header
+klauwd.com: could not connect to host
+klaxn.org: could not connect to host
+klean-ritekc.com: did not receive HSTS header
+kleertjesvoordelig.nl: could not connect to host
+kleinblogje.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kleinerarchitekturfuehrer.de: could not connect to host
+klempnershop.eu: did not receive HSTS header
+kleppe.co: could not connect to host
+kletterkater.com: did not receive HSTS header
+klicktojob.de: could not connect to host
+klingeletest.de: could not connect to host
+kloentrup.de: did not receive HSTS header
+klunkergarten.org: could not connect to host
+knapen.io: max-age too low: 604800
+knccloud.com: could not connect to host
+knigadel.com: did not receive HSTS header
+knightsbridgegroup.org: could not connect to host
+knightsweep.com: could not connect to host
+knowdebt.org: did not receive HSTS header
+knowledgesnap.com: could not connect to host
+knowledgesnapsites.com: could not connect to host
+knownsec.cf: could not connect to host
+kodakit.com: max-age too low: 0
+koddsson.com: did not receive HSTS header
+kodexplorer.ml: could not connect to host
+kodiaklabs.org: could not connect to host
+kodokushi.fr: could not connect to host
+koen.io: max-age too low: 86400
+koenrouwhorst.nl: did not receive HSTS header
+koenvdheuvel.me: did not receive HSTS header
+koerperimpuls.ch: did not receive HSTS header
+koez-mangal.ch: could not connect to host
+koezmangal.ch: could not connect to host
+koik.io: could not connect to host
+kojima-life.co.jp: max-age too low: 0
+kojipkgs.fedoraproject.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kokenmetaanbiedingen.nl: could not connect to host
+kola-entertainments.de: did not receive HSTS header
+kolaykaydet.com: did not receive HSTS header
+kollawat.me: could not connect to host
+kolozsvaricsuhe.hu: did not receive HSTS header
+komikito.com: could not connect to host
+komiksbaza.pl: could not connect to host
+kompetenzwerft.de: did not receive HSTS header
+konata.us: could not connect to host
+kongbaofang.com: could not connect to host
+konicaprinterdriver.com: could not connect to host
+kontaxis.network: could not connect to host
+konventseliten.se: could not connect to host
+koop-bremen.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+koopjesnel.nl: did not receive HSTS header
+koordinate.net: could not connect to host
+kori.ml: did not receive HSTS header
+koriyoukai.net: did not receive HSTS header
+kornersafe.com: did not receive HSTS header
+korni22.org: did not receive HSTS header
+korsanparti.org: could not connect to host
+kostuumstore.nl: could not connect to host
+kotois.com: could not connect to host
+kotonehoko.net: could not connect to host
+kotorimusic.ga: could not connect to host
+kotovstyle.ru: could not connect to host
+koukni.cz: did not receive HSTS header
+kourpe.online: could not connect to host
+kousaku.jp: did not receive HSTS header
+kozmik.co: could not connect to host
+kpdyer.com: did not receive HSTS header
+kprog.net: could not connect to host
+kraftfleisch.de: did not receive HSTS header
+kraigwalker.com: could not connect to host
+kralik.xyz: could not connect to host
+krampus-fischamend.at: could not connect to host
+kravelindo-adventure.com: could not connect to host
+krayx.com: max-age too low: 0
+kream.io: did not receive HSTS header
+kreavis.com: did not receive HSTS header
+kreb.io: could not connect to host
+kredietpaspoort.nl: did not receive HSTS header
+kredite.sale: could not connect to host
+krestanskydarek.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kriegt.es: did not receive HSTS header
+kriptosec.com: could not connect to host
+kristjanrang.eu: did not receive HSTS header
+kristofferkoch.com: could not connect to host
+krizevackapajdasija.hr: could not connect to host
+krmela.com: did not receive HSTS header
+kroetenfuchs.de: could not connect to host
+kroodle.nl: did not receive HSTS header
+krouzkyliduska.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kruegerrand-wert.de: did not receive HSTS header
+krunut.com: did not receive HSTS header
+krypteia.org: could not connect to host
+kryptomech.com: could not connect to host
+ksero.center: could not connect to host
+ksfh-mail.de: could not connect to host
+kstan.me: could not connect to host
+ksukelife.com: did not receive HSTS header
+kswriter.com: could not connect to host
+kteen.info: could not connect to host
+ktube.yt: could not connect to host
+kuba.guide: could not connect to host
+kubusadvocaten.nl: could not connect to host
+kucom.it: could not connect to host
+kudo.co.id: did not receive HSTS header
+kuechenplan.online: could not connect to host
+kueulangtahunanak.net: could not connect to host
+kuko-crews.org: could not connect to host
+kultmobil.se: did not receive HSTS header
+kum.com: could not connect to host
+kummerlaender.eu: did not receive HSTS header
+kupelne-ptacek.sk: did not receive HSTS header
+kuppingercole.com: did not receive HSTS header
+kura.io: could not connect to host
+kurehun.org: could not connect to host
+kuro346.moe: could not connect to host
+kurtmclester.com: did not receive HSTS header
+kurz.pw: could not connect to host
+kurzonline.com.br: could not connect to host
+kvt.berlin: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kweddingplanning.com: did not receive HSTS header
+kwikmed.eu: could not connect to host
+kwok.tv: did not receive HSTS header
+kwondratsch.com: could not connect to host
+kxind.cn: could not connect to host
+kyanite.co: could not connect to host
+kylapps.com: did not receive HSTS header
+kyle.place: could not connect to host
+kylebaldw.in: could not connect to host
+kylling.io: could not connect to host
+kyochon.fr: could not connect to host
+kyujin-office.net: could not connect to host
+kzjnet.com: could not connect to host
+l-rickroll-i.pw: could not connect to host
+l18.io: could not connect to host
+l2guru.ru: could not connect to host
+la-flora-negra.de: could not connect to host
+la-grande-jaugue.fr: did not receive HSTS header
+la-retraite-info.com: did not receive HSTS header
+la-serendipite.fr: did not receive HSTS header
+labaia.info: could not connect to host
+labella-umbrella.com: did not receive HSTS header
+labina.com.tr: did not receive HSTS header
+laboiteapc.fr: did not receive HSTS header
+labordata.io: could not connect to host
+laborie.io: could not connect to host
+laboutiquemarocaineduconvoyeur.com: could not connect to host
+laboutiquemarocaineduconvoyeur.ma: could not connect to host
+labrador-retrievers.com.au: did not receive HSTS header
+labrasaq8.com: did not receive HSTS header
+labs.directory: could not connect to host
+labs.moscow: did not receive HSTS header
+lacarpesaintaubinoise.fr: did not receive HSTS header
+lacasa.fr: could not connect to host
+lacasseroy.com: could not connect to host
+lacaverne.nl: could not connect to host
+lacentral.com: did not receive HSTS header
+lachlankidson.net: did not receive HSTS header
+lacledeslan.ninja: could not connect to host
+lacocinadelila.com: did not receive HSTS header
+ladylikeit.com: could not connect to host
+ladylucks.co.uk: did not receive HSTS header
+laemen.com: did not receive HSTS header
+laemen.nl: could not connect to host
+laf.in.net: could not connect to host
+lafr4nc3.xyz: could not connect to host
+lagalerievirtuelle.fr: did not receive HSTS header
+lagier.xyz: could not connect to host
+lagoza.name: could not connect to host
+lainchan.org: did not receive HSTS header
+laisashop.com.br: could not connect to host
+lakarwebb.se: did not receive HSTS header
+lakewoodcomputerservices.com: could not connect to host
+lamaland.ru: did not receive HSTS header
+lambda-complex.org: could not connect to host
+lambdafive.co.uk: could not connect to host
+lamboo.be: could not connect to host
+lamomebijou.paris: did not receive HSTS header
+lampl.info: did not receive HSTS header
+lanauzedesigns.com: did not receive HSTS header
+lanboll.com: could not connect to host
+lancehoteis.com: did not receive HSTS header
+lancehoteis.com.br: did not receive HSTS header
+land-links.org: did not receive HSTS header
+landbetweenthelakes.us: did not receive HSTS header
+landell.ml: could not connect to host
+landgoedverkopen.nl: could not connect to host
+landhuisverkopen.nl: could not connect to host
+landscape.canonical.com: max-age too low: 2592000
+landscapingmedic.com: did not receive HSTS header
+langenbach.rocks: could not connect to host
+langendries.eu: could not connect to host
+langhun.me: did not receive HSTS header
+laniakean.com: could not connect to host
+lanonfire.com: could not connect to host
+lanseyujie.com: max-age too low: 2592000
+lansinoh.co.uk: did not receive HSTS header
+lanzainc.xyz: did not receive HSTS header
+laobox.fr: could not connect to host
+laplaceduvillage.net: could not connect to host
+laquack.com: could not connect to host
+laredsemanario.com: could not connect to host
+lasepiataca.com: did not receive HSTS header
+lasercloud.ml: could not connect to host
+laserfuchs.de: did not receive HSTS header
+lashstuff.com: did not receive HSTS header
+latelierdekathy.com: could not connect to host
+latg.com: max-age too low: 300
+lathamlabs.com: could not connect to host
+lathamlabs.net: could not connect to host
+lathamlabs.org: could not connect to host
+latinred.com: could not connect to host
+latus.xyz: could not connect to host
+launchkey.com: did not receive HSTS header
+laurel4th.org: did not receive HSTS header
+laureltv.org: did not receive HSTS header
+lausitzer-widerstand.de: did not receive HSTS header
+lavapot.com: could not connect to host
+laventainnhotel-mailing.com: could not connect to host
+lavine.ch: did not receive HSTS header
+lavito.cz: could not connect to host
+lavoiepharmd.com: could not connect to host
+lawly.org: could not connect to host
+laxatus.com: could not connect to host
+laxiongames.es: could not connect to host
+layer8.tk: could not connect to host
+lazulu.com: could not connect to host
+lbarrios.es: could not connect to host
+lbrls.tk: could not connect to host
+lbrt.xyz: could not connect to host
+lcti.biz: could not connect to host
+ldarby.me.uk: could not connect to host
+ldcraft.pw: could not connect to host
+leadbook.ru: max-age too low: 604800
+leadership9.com: could not connect to host
+leardev.de: did not receive HSTS header
+learnedovo.com: did not receive HSTS header
+learnfrenchfluently.com: could not connect to host
+learningorder.com: could not connect to host
+lebal.se: could not connect to host
+lebrun.org: could not connect to host
+lecourtier.fr: did not receive HSTS header
+leddruckalarm.de: did not receive HSTS header
+ledgerscope.net: could not connect to host
+leebiblestudycentre.net: could not connect to host
+leebiblestudycentre.org: could not connect to host
+leefindlow.com: could not connect to host
+leen.io: did not receive HSTS header
+legal.farm: could not connect to host
+legarage.org: could not connect to host
+legavenue.com.br: did not receive HSTS header
+legioniv.org: could not connect to host
+legitaxi.com: could not connect to host
+legymnase.eu: did not receive HSTS header
+lehtinen.xyz: did not receive HSTS header
+leighneithardt.com: could not connect to host
+leinir.dk: did not receive HSTS header
+leitner.com.au: did not receive HSTS header
+leiyun.me: did not receive HSTS header
+lellyboi.ml: could not connect to host
+lelongbank.com: did not receive HSTS header
+lemp.io: did not receive HSTS header
+lenders.direct: could not connect to host
+lenn1.de: did not receive HSTS header
+lennarth.com: could not connect to host
+lennartheinrich.de: could not connect to host
+lenovogaming.com: could not connect to host
+lentri.com: did not receive HSTS header
+leob.in: could not connect to host
+leolana.com: could not connect to host
+leon-jaekel.com: could not connect to host
+leonardcamacho.me: could not connect to host
+leonhooijer.nl: could not connect to host
+leonmahler.consulting: did not receive HSTS header
+leopold.email: could not connect to host
+leopotamgroup.com: could not connect to host
+leovanna.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+lepont.pl: could not connect to host
+leppis-it.de: did not receive HSTS header
+lerasenglish.com: max-age too low: 0
+lerlivros.online: could not connect to host
+lerner.moscow: did not receive HSTS header
+les-corsaires.net: could not connect to host
+les-voitures-electriques.com: did not receive HSTS header
+lescomptoirsdepierrot.com: could not connect to host
+lesdouceursdeliyana.com: could not connect to host
+lesecuadors.com: did not receive HSTS header
+lesharris.com: could not connect to host
+lesliekearney.com: did not receive HSTS header
+lesperlesdunet.fr: could not connect to host
+lesquerda.cat: did not receive HSTS header
+lessets-graphiques.com: could not connect to host
+letitfly.me: did not receive HSTS header
+letras.mus.br: did not receive HSTS header
+letsmultiplayerplay.com: did not receive HSTS header
+letstox.com: could not connect to host
+letustravel.tk: could not connect to host
+levatc.tk: did not receive HSTS header
+level-10.net: did not receive HSTS header
+levelcheat.com: did not receive HSTS header
+levelum.com: did not receive HSTS header
+leveredge.net: could not connect to host
+levert.ch: could not connect to host
+lewisjuggins.co.uk: did not receive HSTS header
+lexpierce.social: could not connect to host
+lez-cuties.com: could not connect to host
+lezdomsm.com: could not connect to host
+lfaz.org: could not connect to host
+lfullerdesign.com: could not connect to host
+lg21.co: could not connect to host
+lgiswa.com.au: did not receive HSTS header
+lgrs.com.au: did not receive HSTS header
+lgts.se: could not connect to host
+lheinrich.org: could not connect to host
+lhsj28.com: could not connect to host
+lhsj68.com: could not connect to host
+lhsj78.com: could not connect to host
+liaillustr.at: did not receive HSTS header
+liam-w.com: did not receive HSTS header
+liamjack.fr: could not connect to host
+lianye.in: could not connect to host
+lianyexiuchang.in: could not connect to host
+liaoshuma.com: could not connect to host
+liautard.fr: could not connect to host
+libanco.com: could not connect to host
+libertas-tech.com: could not connect to host
+libertyrp.org: did not receive HSTS header
+libfte.org: did not receive HSTS header
+libnull.com: could not connect to host
+library.linode.com: did not receive HSTS header
+librechan.net: could not connect to host
+libreduca.com: could not connect to host
+lichess4545.com: did not receive HSTS header
+lichess4545.tv: did not receive HSTS header
+liebach.me: did not receive HSTS header
+liebestarot.at: did not receive HSTS header
+liemen.net: did not receive HSTS header
+life-time.nl: did not receive HSTS header
+lifecoach.tw: did not receive HSTS header
+lifecoachproviders.com: did not receive HSTS header
+lifeguard.aecom.com: did not receive HSTS header
+lifeinitsownway.com: could not connect to host
+lifeng.us: did not receive HSTS header
+lifeskillsdirect.com: did not receive HSTS header
+lifestyler.me: could not connect to host
+lifetimemoneymachine.com: did not receive HSTS header
+lightarmory.com: could not connect to host
+lightning-ashe.com: did not receive HSTS header
+lightnovelsekai.com: did not receive HSTS header
+lightpaste.com: could not connect to host
+lightworkerandempathsupport.com: max-age too low: 300
+lightworx.io: did not receive HSTS header
+likenosis.com: could not connect to host
+lila.pink: did not receive HSTS header
+lillepuu.com: did not receive HSTS header
+lillpopp.eu: did not receive HSTS header
+lilpwny.com: could not connect to host
+lilycms.com: could not connect to host
+lim-light.com: did not receive HSTS header
+limalama.eu: max-age too low: 1
+limeyeti.com: could not connect to host
+limiteddata.co.uk: did not receive HSTS header
+limodo-shop.de: did not receive HSTS header
+limpens.net: did not receive HSTS header
+limpido.it: could not connect to host
+lincolnwayflorist.com: could not connect to host
+lindberg.io: did not receive HSTS header
+lingerie.net.br: did not receive HSTS header
+lingerieonline.com.br: did not receive HSTS header
+lingolia.com: did not receive HSTS header
+lingros-test.tk: could not connect to host
+linguaquote.com: did not receive HSTS header
+linguatrip.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+linhaoyi.com: did not receive HSTS header
+link.ba: could not connect to host
+link2serve.com: did not receive HSTS header
+linkage.ph: did not receive HSTS header
+linkages.org: could not connect to host
+linksanitizer.com: could not connect to host
+linksextremist.at: could not connect to host
+linley.de: could not connect to host
+linmi.cc: did not receive HSTS header
+linno.me: could not connect to host
+linorman1997.me: could not connect to host
+linux-admin-california.com: could not connect to host
+linux-mint.cz: could not connect to host
+linux.sb: could not connect to host
+linuxandstuff.de: could not connect to host
+linuxcode.net: could not connect to host
+linuxeyecandy.com: could not connect to host
+linuxfixed.it: could not connect to host
+linuxforyou.com: could not connect to host
+linuxgeek.ro: could not connect to host
+linuxmint.cz: could not connect to host
+linuxmonitoring.net: did not receive HSTS header
+liquid.solutions: did not receive HSTS header
+liquidcomm.net: could not connect to host
+liquorsanthe.in: could not connect to host
+lisaco.de: could not connect to host
+lisbongold.com: did not receive HSTS header
+lisgade.dk: could not connect to host
+lisieuxarquitetura.com.br: could not connect to host
+lissabon.guide: could not connect to host
+listafirmelor.com: could not connect to host
+listage.ovh: did not receive HSTS header
+litespeed.io: could not connect to host
+little.pw: did not receive HSTS header
+littlefreelibrary.org: did not receive HSTS header
+littleqiu.net: could not connect to host
+littleservice.cn: could not connect to host
+liujunyang.com: did not receive HSTS header
+liukang.tech: could not connect to host
+livedemo.io: could not connect to host
+livej.am: could not connect to host
+liverewrite.com: could not connect to host
+liviababynet.com.br: could not connect to host
+livrariahugodesaovitor.com.br: did not receive HSTS header
+lixiang.one: could not connect to host
+lixingcong.com: could not connect to host
+lkp111138.me: could not connect to host
+llamasweet.tech: could not connect to host
+llvm.us: could not connect to host
+lmkts.com: max-age too low: 0
+loacg.com: did not receive HSTS header
+loadingdeck.com: did not receive HSTS header
+loadso.me: could not connect to host
+loafbox.com: could not connect to host
+loansonline.today: could not connect to host
+loanstreet.be: could not connect to host
+lobosdomain.no-ip.info: could not connect to host
+lobste.rs: did not receive HSTS header
+localchum.com: could not connect to host
+localdrive.me: could not connect to host
+localnetwork.nz: could not connect to host
+locker3.com: could not connect to host
+locksmithrandburg24-7.co.za: could not connect to host
+locktheirphone.com: could not connect to host
+lockyourcomputer.pw: did not receive HSTS header
+locomotive.ca: did not receive HSTS header
+locvis.ru: did not receive HSTS header
+loforo.com: did not receive HSTS header
+loftboard.eu: could not connect to host
+log2n.uk: could not connect to host
+logario.com.br: could not connect to host
+logcat.info: could not connect to host
+logic8.ml: could not connect to host
+logicaladvertising.com: could not connect to host
+logimagine.com: could not connect to host
+login.corp.google.com: max-age too low: 7776000 (error ignored - included regardless)
+login.persona.org: could not connect to host
+loginseite.com: could not connect to host
+logistify.com.mx: did not receive HSTS header
+lognot.net: could not connect to host
+logue.be: could not connect to host
+logymedia.com: could not connect to host
+loisircreatif.net: did not receive HSTS header
+lojadocristaozinho.com.br: did not receive HSTS header
+lojashowdecozinha.com.br: could not connect to host
+lojasviavento.com.br: could not connect to host
+lojavalcapelli.com.br: could not connect to host
+loli.bz: did not receive HSTS header
+lolicore.ch: could not connect to host
+lolidunno.com: could not connect to host
+london-transfers.com: did not receive HSTS header
+londoncalling.co: did not receive HSTS header
+londonlanguageexchange.com: could not connect to host
+lonerwolf.com: did not receive HSTS header
+longboarding-ulm.de: could not connect to host
+look-at-my.site: could not connect to host
+lookatmysco.re: did not receive HSTS header
+lookout.com: did not receive HSTS header
+looktothestars.org: did not receive HSTS header
+lookupclose.com: did not receive HSTS header
+lookzook.com: did not receive HSTS header
+loongsg.xyz: could not connect to host
+loothole.com: could not connect to host
+loqyu.co: could not connect to host
+lordjevington.co.uk: did not receive HSTS header
+losebellyfat.pro: could not connect to host
+lostg.com: did not receive HSTS header
+lostinsecurity.com: could not connect to host
+lostinweb.eu: could not connect to host
+lothai.re: did not receive HSTS header
+lothuytinhsi.com: could not connect to host
+lotos-ag.ch: did not receive HSTS header
+lotsencafe.de: did not receive HSTS header
+lotuscloud.org: could not connect to host
+louduniverse.net: did not receive HSTS header
+louiewatch.com: could not connect to host
+loveable.de: could not connect to host
+loveandloyalty.se: could not connect to host
+lovelifelovelive.com: could not connect to host
+lovelivewiki.com: did not receive HSTS header
+lovelyblogacademy.com: did not receive HSTS header
+lovelycorral.com: did not receive HSTS header
+lovelyfriends.org: did not receive HSTS header
+lovelytimes.net: did not receive HSTS header
+loveto.at: could not connect to host
+lovingearth.net: max-age too low: 0
+lowhangingfruitgrabber.com: could not connect to host
+lowt.us: could not connect to host
+lowtherpavilion.co.uk: did not receive HSTS header
+loxis.be: did not receive HSTS header
+loyaltech.ch: could not connect to host
+lpak.nl: could not connect to host
+lpgram.ga: could not connect to host
+lrhsclubs.com: could not connect to host
+lrhstsa.com: could not connect to host
+ls-a.org: did not receive HSTS header
+ls-reallife.de: did not receive HSTS header
+lsky.cn: could not connect to host
+lsp-sports.de: did not receive HSTS header
+ltbytes.com: could not connect to host
+ltechnologygroup.com: did not receive HSTS header
+ltransferts.com: could not connect to host
+ltu.social: could not connect to host
+lucas-garte.com: did not receive HSTS header
+lucascodes.com: could not connect to host
+lucaterzini.com: could not connect to host
+luclu7.pw: could not connect to host
+lucyparsonslabs.com: did not receive HSTS header
+ludwig.click: did not receive HSTS header
+lufthansaexperts.com: max-age too low: 2592000
+luis-checa.com: could not connect to host
+lukasunger.cz: could not connect to host
+lukasunger.net: could not connect to host
+lukaszdolan.com: did not receive HSTS header
+lukasztkacz.com: could not connect to host
+lukeng.me: could not connect to host
+lukonet.com: did not receive HSTS header
+luludapomerania.com: could not connect to host
+lumd.me: could not connect to host
+lumi.do: did not receive HSTS header
+lumi.pw: could not connect to host
+lunarift.com: could not connect to host
+lunarlog.com: could not connect to host
+lunarrift.net: could not connect to host
+luneta.nearbuysystems.com: could not connect to host
+luno.io: could not connect to host
+luody.info: could not connect to host
+luoe.ml: could not connect to host
+luom.net: could not connect to host
+luoxiao.im: could not connect to host
+luripump.se: could not connect to host
+lusis.fr: did not receive HSTS header
+lusis.net: did not receive HSTS header
+lustrumxi.nl: could not connect to host
+luther.fi: did not receive HSTS header
+luxinmo.com: did not receive HSTS header
+luxonetwork.com: could not connect to host
+luxus-russen.de: did not receive HSTS header
+luzeshomologadas.com.br: could not connect to host
+luzfaltex.com: did not receive HSTS header
+lvmoo.com: did not receive HSTS header
+lycly.top: could not connect to host
+lydia-und-simon.de: could not connect to host
+lydiagorstein.com: could not connect to host
+lymia.moe: could not connect to host
+lyonelkaufmann.ch: did not receive HSTS header
+lyuba.fr: could not connect to host
+lzahq.tech: did not receive HSTS header
+lzh.one: could not connect to host
+lzkill.com: did not receive HSTS header
+lzzr.me: did not receive HSTS header
+m-ali.xyz: did not receive HSTS header
+m-rickroll-v.pw: could not connect to host
+m.gparent.org: could not connect to host
+m.nu: did not receive HSTS header
+m0wef.uk: could not connect to host
+m2tc.fr: could not connect to host
+m3-gmbh.de: did not receive HSTS header
+m4570.xyz: could not connect to host
+m4g.ru: could not connect to host
+m82labs.com: did not receive HSTS header
+ma-musique.fr: did not receive HSTS header
+maarten.nyc: could not connect to host
+maartenterpstra.xyz: could not connect to host
+mac-torrents.me: did not receive HSTS header
+macbolo.com: could not connect to host
+macchaberrycream.com: could not connect to host
+macchedil.com: did not receive HSTS header
+macdj.tk: could not connect to host
+macedopesca.com.br: did not receive HSTS header
+macgeneral.de: did not receive HSTS header
+mach1club.com: did not receive HSTS header
+macinyasha.net: could not connect to host
+macleodnc.com: did not receive HSTS header
+macsandcheesedreams.com: could not connect to host
+macustar.eu: could not connect to host
+madars.org: did not receive HSTS header
+maddin.ga: could not connect to host
+madebyfalcon.co.uk: did not receive HSTS header
+madebymagnitude.com: did not receive HSTS header
+madeinorder.com: did not receive HSTS header
+madeintucson.org: could not connect to host
+mademoiselle-emma.be: did not receive HSTS header
+mademoiselle-emma.fr: did not receive HSTS header
+maderwin.com: did not receive HSTS header
+madesoftware.com.br: could not connect to host
+madusecurity.com: could not connect to host
+mafamane.com: could not connect to host
+mafiareturns.com: max-age too low: 2592000
+magazin3513.com: could not connect to host
+magenx.com: did not receive HSTS header
+magia360.com: did not receive HSTS header
+magicbroccoli.de: did not receive HSTS header
+magnacumlaude.co: could not connect to host
+magneticanvil.com: did not receive HSTS header
+magyarokegyhelyen.hu: did not receive HSTS header
+mahamed91.pw: could not connect to host
+mahfouzadedimeji.com: did not receive HSTS header
+maidofhonorcleaning.net: max-age too low: 200
+maik-mahlow.de: could not connect to host
+mail-settings.google.com: did not receive HSTS header (error ignored - included regardless)
+mail.google.com: did not receive HSTS header (error ignored - included regardless)
+mailchuck.com: could not connect to host
+maildragon.com: could not connect to host
+mailgarant.nl: could not connect to host
+mailhost.it: could not connect to host
+mailing-femprendedores.com: did not receive HSTS header
+mailing-jbgg.com: did not receive HSTS header
+mailon.ga: could not connect to host
+main-street-seo.com: did not receive HSTS header
+mainlywrenches.co: max-age too low: 0
+maintainerheaven.ch: could not connect to host
+maisalto.ind.br: could not connect to host
+majesnix.org: did not receive HSTS header
+majncloud.tk: could not connect to host
+make-pizza.info: could not connect to host
+makedonien.guide: could not connect to host
+makeitdynamic.com: could not connect to host
+makerstuff.net: did not receive HSTS header
+makeshiftco.de: did not receive HSTS header
+makeyourank.com: max-age too low: 200
+maldiverna.guide: could not connect to host
+maleexcel.com: did not receive HSTS header
+malena.com.ua: did not receive HSTS header
+malerversand.de: did not receive HSTS header
+malesbdsm.com: could not connect to host
+malfait.nl: could not connect to host
+malgraph.net: could not connect to host
+malibubeachrecoverycenter.com: did not receive HSTS header
+maljaars-media.nl: could not connect to host
+malmstroms-co.se: could not connect to host
+maltes.website: could not connect to host
+malwaretips.com: did not receive HSTS header
+malwre.io: could not connect to host
+malya.fr: could not connect to host
+mamaison.io: could not connect to host
+mamaxi.org: did not receive HSTS header
+mammothmail.com: could not connect to host
+mammothmail.net: could not connect to host
+mammothmail.org: could not connect to host
+mammut.space: could not connect to host
+mamochka.org.ua: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+manaboutahor.se: did not receive HSTS header
+manage.zenpayroll.com: did not receive HSTS header
+manage4all.com: could not connect to host
+manageall.de: could not connect to host
+manageforall.com: could not connect to host
+manageforall.de: could not connect to host
+managemynetsuite.com: did not receive HSTS header
+manantial.mx: did not receive HSTS header
+mandpress.com: did not receive HSTS header
+mangazuki.co: did not receive HSTS header
+maniadeprazer.com.br: could not connect to host
+manifestbin.com: did not receive HSTS header
+manipulatedtme.com: could not connect to host
+manitasicily.com: did not receive HSTS header
+manningbrothers.com: did not receive HSTS header
+manns-solutions.com: did not receive HSTS header
+manns-solutions.ru: did not receive HSTS header
+mannsolutions.co.uk: did not receive HSTS header
+mansfieldplacevt.com: did not receive HSTS header
+manshop24.com: could not connect to host
+mansion-note.com: did not receive HSTS header
+manududu.com.br: did not receive HSTS header
+maomaofuli.vip: could not connect to host
+maosi.xin: did not receive HSTS header
+maple5.com: did not receive HSTS header
+mapresidentielle.fr: could not connect to host
+marbinvest.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+marcelmarnitz.com: could not connect to host
+marcelparra.com: could not connect to host
+marchagen.nl: did not receive HSTS header
+marche-nordic-jorat.ch: could not connect to host
+marco01809.net: could not connect to host
+marcoececilia.it: did not receive HSTS header
+marcofinke.de: could not connect to host
+marcontrol.com: did not receive HSTS header
+marcosteixeira.tk: could not connect to host
+marcschlagenhauf.de: could not connect to host
+marcus-scheffler.com: did not receive HSTS header
+marcush.de: could not connect to host
+mardelcupon.com: could not connect to host
+mare92.cz: could not connect to host
+margaretrosefashions.co.uk: could not connect to host
+marialempke.com: max-age too low: 0
+mariannematthew.com: could not connect to host
+marie-curie.fr: could not connect to host
+marie-elisabeth.dk: did not receive HSTS header
+marie-en-provence.com: did not receive HSTS header
+marienschule-sundern.de: did not receive HSTS header
+marilsnijders.nl: could not connect to host
+marinela.com.mx: max-age too low: 86400
+marinelausa.com: max-age too low: 86400
+markaconnor.com: did not receive HSTS header
+markayapilandirma.com: could not connect to host
+markcp.me: could not connect to host
+market.android.com: did not receive HSTS header (error ignored - included regardless)
+marketespace.fr: did not receive HSTS header
+marketingdesignu.cz: could not connect to host
+markllego.com: could not connect to host
+marko-fenster24.de: could not connect to host
+markorszulak.com: did not receive HSTS header
+markrobin.de: did not receive HSTS header
+marksill.com: could not connect to host
+marktboten.de: did not receive HSTS header
+markusabraham.com: did not receive HSTS header
+markusweimar.de: did not receive HSTS header
+marleyresort.com: did not receive HSTS header
+marriottvetcareers.com: could not connect to host
+marshut.net: could not connect to host
+martensson.io: did not receive HSTS header
+martialc.be: could not connect to host
+martiert.com: could not connect to host
+martijnvhoof.nl: could not connect to host
+martinec.co.uk: could not connect to host
+martinestyle.com: could not connect to host
+martineve.com: did not receive HSTS header
+martinp.no: could not connect to host
+martinreed.net: did not receive HSTS header
+martinrogalla.com: did not receive HSTS header
+martynhare.co.uk: could not connect to host
+martynhare.uk: could not connect to host
+marumagic.com: did not receive HSTS header
+marxist.party: could not connect to host
+marykshoup.com: did not receive HSTS header
+masa-yoga.com: did not receive HSTS header
+masa.li: could not connect to host
+mashnew.com: could not connect to host
+masjidtawheed.net: did not receive HSTS header
+maskt.pw: could not connect to host
+massivum.de: did not receive HSTS header
+massot.eu: did not receive HSTS header
+masterapi.ninja: did not receive HSTS header
+masteringtheterminal.com: did not receive HSTS header
+masterofbytes.ch: did not receive HSTS header
+mastichor.info: could not connect to host
+mastimtibetano.com: could not connect to host
+mastod.life: could not connect to host
+mastodon.direct: could not connect to host
+mastodon.engineering: could not connect to host
+mastodon.expert: could not connect to host
+mastodon.my: could not connect to host
+mastodon.pl: could not connect to host
+mastodones.club: could not connect to host
+masty.nl: could not connect to host
+matarrosabierzo.com: could not connect to host
+matatall.com: could not connect to host
+matchneedle.com: could not connect to host
+maternalsafety.org: did not receive HSTS header
+mateusmeyer.com.br: could not connect to host
+mathers.ovh: did not receive HSTS header
+mathijskingma.nl: could not connect to host
+matillat.ovh: did not receive HSTS header
+matomeplus.co: could not connect to host
+matrict.com: could not connect to host
+matrip.de: could not connect to host
+matrixcheats.net: could not connect to host
+matsuz.com: could not connect to host
+matt.tf: did not receive HSTS header
+mattandreko.com: did not receive HSTS header
+mattberryman.com: max-age too low: 43200
+matterconcern.com: could not connect to host
+matthewprenger.com: could not connect to host
+matthewtester.com: could not connect to host
+matthiassteen.be: max-age too low: 0
+matthiasweiler.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mattia98.org: could not connect to host
+mattli.us: could not connect to host
+mattressinsider.com: max-age too low: 3153600
+mattsvensson.com: max-age too low: 0
+mattwb65.com: could not connect to host
+matty.digital: did not receive HSTS header
+matze.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+maultrom.ml: could not connect to host
+maupiknik.com: did not receive HSTS header
+maur.cz: did not receive HSTS header
+maurus-automation.de: did not receive HSTS header
+mausi.co: did not receive HSTS header
+mavisang.cf: could not connect to host
+mawe.red: could not connect to host
+maximov.space: could not connect to host
+maxmachine.ind.br: could not connect to host
+maxr1998.de: did not receive HSTS header
+maxserver.com: did not receive HSTS header
+maya.mg: could not connect to host
+maynardnetworks.com: could not connect to host
+mazurlabs.tk: could not connect to host
+mazyun.com: max-age too low: 3600
+mazz-tech.com: could not connect to host
+mb-is.info: could not connect to host
+mbconsultancy.nu: did not receive HSTS header
+mbdrogenbos-usedcars.be: could not connect to host
+mbsec.net: could not connect to host
+mbwemmel-usedcars.be: could not connect to host
+mc81.com: did not receive HSTS header
+mca2017.org: did not receive HSTS header
+mcard.vn: did not receive HSTS header
+mcb-bank.com: did not receive HSTS header
+mcc.re: could not connect to host
+mccarty.io: could not connect to host
+mcdanieldevelopmentservices.com: could not connect to host
+mcdonalds.ru: did not receive HSTS header
+mcga.media: could not connect to host
+mckinley1.com: could not connect to host
+mclab.su: max-age too low: 2592000
+mclist.it: could not connect to host
+mclyr.com: did not receive HSTS header
+mcmillansedationdentistry.com: did not receive HSTS header
+mcooperlaw.com: did not receive HSTS header
+mcsa-usa.org: could not connect to host
+mcsnovatamabayan.com: could not connect to host
+mctherealm.net: could not connect to host
+mcuexchange.com: did not receive HSTS header
+mdfnet.se: did not receive HSTS header
+mdkr.nl: did not receive HSTS header
+mdscomp.net: did not receive HSTS header
+me-dc.com: could not connect to host
+meadowfen.farm: could not connect to host
+meadowfenfarm.com: could not connect to host
+meamod.com: max-age too low: 0
+meanevo.com: could not connect to host
+meat-education.com: could not connect to host
+meathealth.com: could not connect to host
+mebio.us: could not connect to host
+mecanicadom.com: could not connect to host
+mecenat-cassous.com: did not receive HSTS header
+mechmk1.me: did not receive HSTS header
+medallia.io: could not connect to host
+mediacru.sh: could not connect to host
+mediadandy.com: could not connect to host
+mediafinancelab.org: did not receive HSTS header
+mediamag.am: max-age too low: 0
+mediawikicn.org: could not connect to host
+medicinskavranje.edu.rs: could not connect to host
+medienservice-fritz.de: did not receive HSTS header
+medirich.co: could not connect to host
+meditek-dv.ru: did not receive HSTS header
+mediterenopmaandag.nl: did not receive HSTS header
+mediweed.tk: could not connect to host
+medm-test.com: could not connect to host
+medy-me.com: could not connect to host
+medzinenews.com: did not receive HSTS header
+meedoennoordkop.nl: did not receive HSTS header
+meedoenzaanstad.nl: did not receive HSTS header
+meeko.cc: could not connect to host
+meetfinch.com: could not connect to host
+meetscompany.jp: did not receive HSTS header
+megaflowers.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+megakiste.de: could not connect to host
+megashur.se: did not receive HSTS header
+meghudson.com: could not connect to host
+meifrench.com: could not connect to host
+mein-gesundheitsmanager.com: max-age too low: 0
+meincloudspeicher.de: could not connect to host
+meinebo.it: could not connect to host
+mekatrotekno.com: did not receive HSTS header
+melangebrasil.com: could not connect to host
+melaniebilodeau.com: did not receive HSTS header
+melcher.it: did not receive HSTS header
+melhoresdominios.net: could not connect to host
+melhorproduto.com.br: could not connect to host
+melonstudios.net: could not connect to host
+melpomene.me: could not connect to host
+melted.pw: could not connect to host
+melvinlow.com: could not connect to host
+memberpress.com: did not receive HSTS header
+members.mayfirst.org: did not receive HSTS header
+memeblast.ninja: could not connect to host
+memory-plus-180.com: could not connect to host
+memorytrace.space: could not connect to host
+menchez.me: could not connect to host
+menkyo-blog.com: did not receive HSTS header
+mensmaximus.de: did not receive HSTS header
+mentax.net: did not receive HSTS header
+menthix.net: could not connect to host
+menudrivetest.com: could not connect to host
+menzaijia.com: could not connect to host
+meow.cloud: could not connect to host
+meozcraft.com: could not connect to host
+mercanix.co.uk: could not connect to host
+merccorp.de: did not receive HSTS header
+mercedes-benz-usedcars.be: could not connect to host
+mereckas.com: could not connect to host
+meredithkm.info: did not receive HSTS header
+meritz.rocks: could not connect to host
+mersinunivercity.com: could not connect to host
+merson.me: could not connect to host
+meshlab.co: could not connect to host
+meskdeals.com: could not connect to host
+mesmoque.com: could not connect to host
+metadistribution.com: did not receive HSTS header
+metagrader.com: could not connect to host
+metasyntactic.xyz: could not connect to host
+metebalci.com: did not receive HSTS header
+meteosherbrooke.com: could not connect to host
+meteosky.net: could not connect to host
+meter.md: could not connect to host
+metin2blog.de: did not receive HSTS header
+metis.pw: could not connect to host
+metrans-spedition.de: could not connect to host
+metricaid.com: did not receive HSTS header
+metrix-money-ptc.com: could not connect to host
+metrix.design: could not connect to host
+metzgerei-birkenhof.de: could not connect to host
+meucosmetico.com.br: could not connect to host
+meuemail.pro: could not connect to host
+mexbt.com: could not connect to host
+mexicanbusinessweb.mx: did not receive HSTS header
+mexicansbook.ru: did not receive HSTS header
+mexior.nl: could not connect to host
+meyeraviation.com: could not connect to host
+mfcatalin.com: could not connect to host
+mfedderke.com: could not connect to host
+mfiles.pl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mgdigital.fr: did not receive HSTS header
+mgiay.com: did not receive HSTS header
+mh-bloemen.co.jp: could not connect to host
+mhdsyarif.com: did not receive HSTS header
+mhealthdemocamp.com: could not connect to host
+mhertel.com: did not receive HSTS header
+mhict.nl: could not connect to host
+mhjuma.com: could not connect to host
+mht-travel.com: could not connect to host
+mhx.pw: could not connect to host
+mianfei-vpn.com: did not receive HSTS header
+michaeldemuth.com: could not connect to host
+michaelfitzpatrickruth.com: could not connect to host
+michaelmorpurgo.com: did not receive HSTS header
+michaeln.net: did not receive HSTS header
+michaelscrivo.com: did not receive HSTS header
+michaelsulzer.com: could not connect to host
+michaelsulzer.eu: could not connect to host
+michaelwaite.org: could not connect to host
+michal-kral.cz: could not connect to host
+michalborka.cz: could not connect to host
+michiganmetalartwork.com: max-age too low: 7889238
+miconware.de: could not connect to host
+micro-dv.ru: could not connect to host
+micro-rain-systems.com: did not receive HSTS header
+microme.ga: could not connect to host
+micropple.net: could not connect to host
+microtalk.org: could not connect to host
+midirs.org: did not receive HSTS header
+midonet.org: did not receive HSTS header
+midriversmotorsllc.com: could not connect to host
+midwestwomenworkers.org: could not connect to host
+miegl.cz: could not connect to host
+miemie.jp: could not connect to host
+migeeks.de: did not receive HSTS header
+mightydicks.io: could not connect to host
+mightydicks.tech: could not connect to host
+mightysounds.cz: max-age too low: 0
+migrator.co: could not connect to host
+miguksaram.com: could not connect to host
+mijcorijneveld.nl: did not receive HSTS header
+mijn-email.org: could not connect to host
+mijnetickets.nl: did not receive HSTS header
+mijnkredietpaspoort.nl: could not connect to host
+mikadesign.se: did not receive HSTS header
+mikaelemilsson.net: did not receive HSTS header
+mikeburns.com: could not connect to host
+mikedugan.org: did not receive HSTS header
+mikeg.de: did not receive HSTS header
+mikek.work: did not receive HSTS header
+mikeology.org: could not connect to host
+mikepair.net: could not connect to host
+mikeybot.com: could not connect to host
+mikii.club: could not connect to host
+mikk.cz: could not connect to host
+miku.be: could not connect to host
+miku.hatsune.my: max-age too low: 5184000
+mikusinec.com: could not connect to host
+milang.xyz: could not connect to host
+milanpala.cz: did not receive HSTS header
+milatrans.pl: did not receive HSTS header
+milcoresonline.com: could not connect to host
+milesgeek.com: did not receive HSTS header
+military-portal.cz: did not receive HSTS header
+militarycarlot.com: did not receive HSTS header
+millenniumweb.com: max-age too low: 86400
+mimeit.de: could not connect to host
+mimoderoupa.pt: could not connect to host
+mind.sh: did not receive HSTS header
+mindcraft.ga: could not connect to host
+mine.world: could not connect to host
+minecraft-forum.cf: could not connect to host
+minecraft-forum.ga: could not connect to host
+minecraft-forum.gq: could not connect to host
+minecraft-forum.ml: could not connect to host
+minecraft-forums.cf: could not connect to host
+minecraft-forums.ga: could not connect to host
+minecraft-forums.gq: could not connect to host
+minecraftforum.ch: could not connect to host
+minecraftforums.cf: could not connect to host
+minecraftforums.gq: could not connect to host
+minecraftforums.ml: could not connect to host
+minecraftserverz.com: could not connect to host
+minecraftvoter.com: could not connect to host
+mineover.es: could not connect to host
+mingming.info: did not receive HSTS header
+mingo.nl: max-age too low: 2592000
+mingy.ddns.net: could not connect to host
+mingyueli.com: could not connect to host
+minh.at: could not connect to host
+mini-piraten.de: did not receive HSTS header
+minikneet.nl: could not connect to host
+minimaliston.com: did not receive HSTS header
+minimoo.se: could not connect to host
+minis-hip.de: max-age too low: 172800
+minitruckin.net: could not connect to host
+minkondom.nu: could not connect to host
+minnesotadata.com: could not connect to host
+minobar.com: could not connect to host
+minora.io: could not connect to host
+minoris.se: could not connect to host
+mintea-noua.ro: did not receive HSTS header
+miragrow.com: could not connect to host
+mirindadomo.ru: did not receive HSTS header
+mironized.com: did not receive HSTS header
+mirrorx.com: did not receive HSTS header
+misgluteosperfectos.com: did not receive HSTS header
+misiondelosangeles-mailing.com: did not receive HSTS header
+missrain.tw: could not connect to host
+mist.ink: could not connect to host
+mister.hosting: did not receive HSTS header
+misterl.net: did not receive HSTS header
+mitarbeiter-pc.de: did not receive HSTS header
+mitchellrenouf.ca: could not connect to host
+mitm-software.badssl.com: could not connect to host
+mittenhacks.com: could not connect to host
+mivcon.net: could not connect to host
+miweb.cr: did not receive HSTS header
+mizd.at: could not connect to host
+mizi.name: could not connect to host
+mjcaffarattilaw.com: did not receive HSTS header
+mjhsc.nl: could not connect to host
+mk-dizajn.com: did not receive HSTS header
+mkfs.be: could not connect to host
+mkfs.fr: could not connect to host
+mlcdn.co: could not connect to host
+mlp.ee: did not receive HSTS header
+mlpchan.net: could not connect to host
+mlpepilepsy.org: could not connect to host
+mlpvc-rr.ml: did not receive HSTS header
+mmgazhomeloans.com: could not connect to host
+mmmm.com: could not connect to host
+mmstick.tk: could not connect to host
+mnemotiv.com: could not connect to host
+mnetworkingsolutions.co.uk: could not connect to host
+mnmt.no: did not receive HSTS header
+mnwt.nl: could not connect to host
+moar.so: did not receive HSTS header
+mobaircon.com: did not receive HSTS header
+mobile-gesundheit.org: did not receive HSTS header
+mobile.eti.br: could not connect to host
+mobilebay.top: could not connect to host
+mobilecoach.com: did not receive HSTS header
+mobilekey.co: could not connect to host
+mobilemedics.com: did not receive HSTS header
+mobilethreat.net: could not connect to host
+mobilethreatnetwork.net: could not connect to host
+mobilpass.no: could not connect to host
+mobiwalk.com: could not connect to host
+mobix5.com: did not receive HSTS header
+mockmyapp.com: could not connect to host
+mocloud.eu: could not connect to host
+mocsuite.club: could not connect to host
+mocurio.com: could not connect to host
+modaperuimport.com: could not connect to host
+modded-minecraft-server-list.com: could not connect to host
+moddedark.com: could not connect to host
+mode-marine.com: could not connect to host
+model9.io: did not receive HSTS header
+modeldimension.com: did not receive HSTS header
+modelsclub.org.ua: did not receive HSTS header
+modemagazines.co.uk: could not connect to host
+moderatortv.de: did not receive HSTS header
+moderntld.net: could not connect to host
+modx.by: max-age too low: 31536
+modx.io: could not connect to host
+modydev.club: could not connect to host
+moe-max.jp: could not connect to host
+moe4sale.in: could not connect to host
+moebel-nagel.de: did not receive HSTS header
+moegirl.org: did not receive HSTS header
+moellers.it: could not connect to host
+moeloli.pw: could not connect to host
+moelord.org: could not connect to host
+moen.io: could not connect to host
+moevenpick-cafe.com: did not receive HSTS header
+mogry.net: did not receive HSTS header
+moho.kr: could not connect to host
+mohs.es: could not connect to host
+moitur.com: could not connect to host
+mojizuri.jp: max-age too low: 86400
+mols.me: did not receive HSTS header
+molun.net: did not receive HSTS header
+mommel.com: could not connect to host
+mommelonline.de: could not connect to host
+momoka.moe: could not connect to host
+mon-a-lisa.com: did not receive HSTS header
+mona.lu: could not connect to host
+monarca.systems: could not connect to host
+monasterialis.eu: could not connect to host
+monautoneuve.fr: did not receive HSTS header
+mondar.io: could not connect to host
+mondopoint.com: did not receive HSTS header
+mondwandler.de: could not connect to host
+moneromerchant.com: could not connect to host
+moneycrownmedia.com: could not connect to host
+mongla168.net: could not connect to host
+mongla88.net: could not connect to host
+monika-sokol.de: did not receive HSTS header
+monitaure.io: could not connect to host
+monitman.com: did not receive HSTS header
+monitori.ng: could not connect to host
+montanacures.org: could not connect to host
+montanwerk.de: did not receive HSTS header
+montonicms.com: could not connect to host
+moobo.xyz: could not connect to host
+moon.lc: could not connect to host
+moonless.net: could not connect to host
+moonloupe.com: could not connect to host
+moonysbouncycastles.co.uk: did not receive HSTS header
+moosemanstudios.com: could not connect to host
+moov.is: could not connect to host
+moparcraft.com: could not connect to host
+moparcraft.org: could not connect to host
+moparisthebest.biz: could not connect to host
+moparisthebest.info: could not connect to host
+moparscape.org: did not receive HSTS header
+mopsuite.club: could not connect to host
+mor.cloud: could not connect to host
+mor.gl: could not connect to host
+mordrum.com: could not connect to host
+morethanadream.lv: could not connect to host
+morethandigital.info: did not receive HSTS header
+morfitronik.pl: could not connect to host
+morganestes.com: max-age too low: 0
+morningcalculation.com: could not connect to host
+morninglory.com: max-age too low: 2592000
+mornings.com: did not receive HSTS header
+morotech.com.br: could not connect to host
+morpheusx.at: could not connect to host
+morpheusxaut.net: could not connect to host
+morpork.xyz: could not connect to host
+mortgagecentersmo.com: did not receive HSTS header
+morz.org: could not connect to host
+mosaique-lachenaie.fr: could not connect to host
+moskva.guide: could not connect to host
+mostwuat.com: could not connect to host
+motherbase.io: could not connect to host
+motionfreight.com: could not connect to host
+motionpicturesolutions.com: did not receive HSTS header
+motocyklovedily.cz: did not receive HSTS header
+motomorgen.com: could not connect to host
+motorbiketourhanoi.com: could not connect to host
+mottvd.com: could not connect to host
+moudicat.com: max-age too low: 6307200
+moula.com.au: did not receive HSTS header
+mountainadventureseminars.com: could not connect to host
+mountainmusicpromotions.com: did not receive HSTS header
+movabletype.net: max-age too low: 3600
+moviedollars.com: did not receive HSTS header
+moviesabout.net: could not connect to host
+moving-pixtures.de: could not connect to host
+movio.ga: did not receive HSTS header
+mowalls.net: could not connect to host
+moy-gorod.od.ua: did not receive HSTS header
+moy.cat: did not receive HSTS header
+mozart-game.cz: did not receive HSTS header
+mozartgame.cz: did not receive HSTS header
+mozoa.net: could not connect to host
+mozzilla.cz: could not connect to host
+mp3donusturucu.com: did not receive HSTS header
+mp3donusturucu.net: did not receive HSTS header
+mp3juices.is: could not connect to host
+mpkossen.com: did not receive HSTS header
+mpserver12.org: could not connect to host
+mqas.net: could not connect to host
+mr-hosting.com: could not connect to host
+mrafrohead.com: could not connect to host
+mrawe.com: could not connect to host
+mrdani.net: could not connect to host
+mredsanders.net: did not receive HSTS header
+mremallin.ca: could not connect to host
+mrettich.org: did not receive HSTS header
+mrhee.com: did not receive HSTS header
+mrizzio.com: could not connect to host
+mrjooz.com: could not connect to host
+mrksk.com: did not receive HSTS header
+mrliu.me: could not connect to host
+mrning.com: did not receive HSTS header
+mrnonz.com: max-age too low: 0
+mrpopat.in: did not receive HSTS header
+mrs-shop.com: did not receive HSTS header
+mrsbairds.com: max-age too low: 86400
+msc-seereisen.net: max-age too low: 0
+msgallery.tk: could not connect to host
+mstd.tokyo: did not receive HSTS header
+mstdn-tech.jp: could not connect to host
+mszaki.com: did not receive HSTS header
+mt.me.uk: could not connect to host
+mtamaki.com: could not connect to host
+mtcgf.com: did not receive HSTS header
+mtdn.jp: could not connect to host
+mtg-esport.de: did not receive HSTS header
+mtn.cc: could not connect to host
+muevetumundo.com.mx: max-age too low: 86400
+muj-svet.cz: could not connect to host
+mujadin.se: did not receive HSTS header
+mullen.net.au: did not receive HSTS header
+multimarques.com: max-age too low: 86400
+munch.me: could not connect to host
+mundodapoesia.com: did not receive HSTS header
+munduch.cz: could not connect to host
+munecoscabezones.com: did not receive HSTS header
+munich-rage.de: could not connect to host
+munkiepus.com: did not receive HSTS header
+munuc.org: did not receive HSTS header
+munzee.com: did not receive HSTS header
+muonium.ch: could not connect to host
+muriburi.land: could not connect to host
+muriburiland.com: could not connect to host
+murodese.org: could not connect to host
+murraycolin.org: could not connect to host
+murrayrun.com: did not receive HSTS header
+murz.tv: could not connect to host
+museminder2.com: did not receive HSTS header
+musewearflipflops.com: could not connect to host
+mushroomandfern.com: could not connect to host
+musi.cx: could not connect to host
+musicalbim.com.br: could not connect to host
+musikkfondene.no: did not receive HSTS header
+musikzug-bookholzberg.de: did not receive HSTS header
+muslimbanter.co.za: could not connect to host
+mustardking.me: did not receive HSTS header
+mustika.cf: could not connect to host
+mutamatic.com: could not connect to host
+mutuelle-obligatoire-pme.fr: did not receive HSTS header
+muzeumkomiksu.eu: could not connect to host
+muzgra.in: did not receive HSTS header
+muzykaprzeszladoplay.pl: could not connect to host
+mvanmarketing.nl: did not receive HSTS header
+mvnet.com.br: did not receive HSTS header
+mvsecurity.nl: could not connect to host
+mwohlfarth.de: did not receive HSTS header
+my-demo.co: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+my-owncloud.com: could not connect to host
+my.alfresco.com: did not receive HSTS header
+my.swedbank.se: did not receive HSTS header
+myairshop.gr: could not connect to host
+myandroid.tools: could not connect to host
+myandroidtools.cc: could not connect to host
+myandroidtools.pro: could not connect to host
+mybeautyjobs.de: could not connect to host
+mybudget.xyz: could not connect to host
+mybuilderinlondon.co.uk: did not receive HSTS header
+mybusiness.cm: did not receive HSTS header
+mycamda.com: could not connect to host
+mychocolateweightloss.com: could not connect to host
+myclientsplus.com: did not receive HSTS header
+mycollab.net: could not connect to host
+mycoted.com: did not receive HSTS header
+mydeos.com: could not connect to host
+mydigipass.com: did not receive HSTS header
+mydmdi.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mydnaresults.com: could not connect to host
+mydnatest.com: did not receive HSTS header
+mydriversedge.com: did not receive HSTS header
+myfappening.org: could not connect to host
+myfdic.gov: could not connect to host
+mygate.at: could not connect to host
+mygivingcircle.org: did not receive HSTS header
+mygooder.com: did not receive HSTS header
+mygov.scot: did not receive HSTS header
+myhair.asia: did not receive HSTS header
+myicare.org: did not receive HSTS header
+myiocc.org: could not connect to host
+myip.tech: max-age too low: 2592000
+myjumpsuit.de: did not receive HSTS header
+mykolab.com: did not receive HSTS header
+mykreuzfahrt.de: could not connect to host
+mymp3singer.site: did not receive HSTS header
+mynetblog.com: did not receive HSTS header
+mynetworkingbuddy.com: could not connect to host
+mynewleaf.co: did not receive HSTS header
+mynewselfbariatrics.com: did not receive HSTS header
+myni.io: could not connect to host
+mynigma.org: did not receive HSTS header
+mypagella.com: could not connect to host
+mypagella.eu: could not connect to host
+mypagella.it: could not connect to host
+mypension.ca: could not connect to host
+myphonebox.de: could not connect to host
+myraytech.net: did not receive HSTS header
+myrepublic.co.id: max-age too low: 0
+myrig.net: could not connect to host
+myrsa.in: did not receive HSTS header
+mysecretcase.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mysecretrewards.com: could not connect to host
+myshirtsize.com: could not connect to host
+myspa.asia: did not receive HSTS header
+mystery-science-theater-3000.de: did not receive HSTS header
+mysteryblog.de: did not receive HSTS header
+mythlogic.com: did not receive HSTS header
+mythslegendscollection.com: did not receive HSTS header
+mytravelblog.de: could not connect to host
+mytweeps.com: did not receive HSTS header
+myweb360.de: did not receive HSTS header
+myzone.com: did not receive HSTS header
+mzlog.win: could not connect to host
+n-rickroll-e.pw: could not connect to host
+n0099.cf: could not connect to host
+n0psled.nl: could not connect to host
+n2x.in: could not connect to host
+n4l.pw: could not connect to host
+n8ch.net: could not connect to host
+naano.org: could not connect to host
+nabru.co.uk: did not receive HSTS header
+nabu-bad-nauheim.de: did not receive HSTS header
+nabytko.cz: could not connect to host
+nacktetatsachen.at: did not receive HSTS header
+nadia.pt: could not connect to host
+nagios.by: did not receive HSTS header
+nagoya-kyuyo.com: could not connect to host
+naiharngym.com: did not receive HSTS header
+najedlo.sk: could not connect to host
+nakamastreamingcommunity.com: could not connect to host
+nakliyatsirketi.biz: could not connect to host
+nakuro.de: could not connect to host
+nalifornia.com: did not receive HSTS header
+nalinux.cz: did not receive HSTS header
+nallon.com.br: could not connect to host
+namacindia.com: did not receive HSTS header
+namaho.com: could not connect to host
+named.ga: could not connect to host
+nametaken-cloud.duckdns.org: could not connect to host
+namethatbone.com: could not connect to host
+namorico.me: could not connect to host
+nan.ci: did not receive HSTS header
+nan.zone: could not connect to host
+nandex.org: could not connect to host
+naniki.co.uk: did not receive HSTS header
+nanogeneinc.com: could not connect to host
+nanokamo.com: did not receive HSTS header
+nanrenba.net: could not connect to host
+nansay.cn: could not connect to host
+nanto.eu: could not connect to host
+naphex.rocks: could not connect to host
+narodniki.com: did not receive HSTS header
+narodsovety.ru: could not connect to host
+narrenverein-wolkenschieber.de: did not receive HSTS header
+narviz.com: did not receive HSTS header
+nashira.cz: did not receive HSTS header
+nasralmabrooka.com: did not receive HSTS header
+natalia-fadeeva.ru: could not connect to host
+natalia.io: could not connect to host
+natalieandjoshua.com: could not connect to host
+natalt.org: did not receive HSTS header
+nathanmfarrugia.com: did not receive HSTS header
+nationalmall.gov: could not connect to host
+nationwidevehiclecontracts.co.uk: did not receive HSTS header
+natural-progesterone.net: could not connect to host
+naturecoaster.com: did not receive HSTS header
+naturesharvestbread.com: max-age too low: 86400
+natuurbehangnederland.nl: could not connect to host
+nauck.org: did not receive HSTS header
+naudles.me: could not connect to host
+nav.jobs: could not connect to host
+naval.tf: could not connect to host
+navjobs.com: did not receive HSTS header
+nbb.io: could not connect to host
+nbg-ha.de: could not connect to host
+ncc60205.info: could not connect to host
+ncdesigns-studio.com: could not connect to host
+ncpc.gov: could not connect to host
+nct.org.uk: did not receive HSTS header
+nctx.co.uk: did not receive HSTS header
+ndtmarket.place: could not connect to host
+near.st: did not receive HSTS header
+nearbiwa.com: did not receive HSTS header
+neavision.de: did not receive HSTS header
+nebulousenhanced.com: could not connect to host
+nedcf.org.uk: did not receive HSTS header
+nedwave.com: did not receive HSTS header
+nedzad.me: could not connect to host
+neels.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+neer.io: could not connect to host
+neftaly.com: did not receive HSTS header
+negativecurvature.net: could not connect to host
+negativzinsen.info: did not receive HSTS header
+neilgreen.net: did not receive HSTS header
+nejnamc.org: could not connect to host
+neko-life.com: did not receive HSTS header
+neko-system.com: did not receive HSTS header
+nemno.de: could not connect to host
+nemovement.org: could not connect to host
+neoani.me: did not receive HSTS header
+neofelhz.space: could not connect to host
+neonisi.com: could not connect to host
+neonnuke.tech: could not connect to host
+neosolution.ca: did not receive HSTS header
+nephy.jp: could not connect to host
+nepustil.net: did not receive HSTS header
+nerd42.de: could not connect to host
+nerdhouse.io: could not connect to host
+nerfroute.com: could not connect to host
+neris.io: could not connect to host
+nerpa-club.ru: did not receive HSTS header
+nestedquotes.ca: could not connect to host
+nestone.ru: could not connect to host
+net-navi.cc: did not receive HSTS header
+net2o.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+net2o.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+net2o.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+net4it.de: did not receive HSTS header
+netbox.cc: could not connect to host
+netbrief.ml: did not receive HSTS header
+netherwind.eu: did not receive HSTS header
+netlilo.com: could not connect to host
+netloanusa.com: could not connect to host
+netmagik.com: did not receive HSTS header
+netprofile.com.au: could not connect to host
+netraising.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+netresourcedesign.com: could not connect to host
+netsparkercloud.com: did not receive HSTS header
+nettefoundation.com: could not connect to host
+networx-online.de: could not connect to host
+netzbit.de: could not connect to host
+netzpolitik.org: max-age too low: 2592000
+netztest.at: did not receive HSTS header
+netzvieh.de: did not receive HSTS header
+netzzwerg4u.de: could not connect to host
+neueonlinecasino2016.com: could not connect to host
+neuralgic.net: could not connect to host
+neuro-plus-100.com: could not connect to host
+neuronfactor.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nevadafiber.net: could not connect to host
+never-afk.de: did not receive HSTS header
+never.pet: did not receive HSTS header
+neveta.com: could not connect to host
+newbieboss.com: did not receive HSTS header
+newcityinfo.info: could not connect to host
+newedivideo.it: could not connect to host
+newgenerationplus.org: could not connect to host
+newhdmovies.io: could not connect to host
+newkaliningrad.ru: did not receive HSTS header
+newlooknow.com: did not receive HSTS header
+newmelalife.com: did not receive HSTS header
+newparadigmventures.net: did not receive HSTS header
+newportpropertygroup.com: could not connect to host
+newstarnootropics.com: max-age too low: 7889238
+newtonwarp.com: could not connect to host
+nexgeneration-solutions.com: could not connect to host
+next176.sk: did not receive HSTS header
+next47.com: did not receive HSTS header
+nextcloud.org: could not connect to host
+nextgenthemes.com: did not receive HSTS header
+nexth.de: could not connect to host
+nexth.net: could not connect to host
+nexth.us: could not connect to host
+nextpages.de: could not connect to host
+nextproject.us: could not connect to host
+nexusbyte.de: could not connect to host
+nexuscorporation.in: could not connect to host
+nfluence.org: could not connect to host
+nfo.so: could not connect to host
+ng-security.com: could not connect to host
+ngine.ch: did not receive HSTS header
+nginxnudes.com: could not connect to host
+nglr.org: could not connect to host
+ngt-service.ru: did not receive HSTS header
+ngtoys.com.br: could not connect to host
+nibiisclaim.com: could not connect to host
+nicesco.re: did not receive HSTS header
+nicestresser.fr: could not connect to host
+nicky.io: did not receive HSTS header
+nico.one: could not connect to host
+nico.st: could not connect to host
+nicoborghuis.nl: could not connect to host
+nicolas-simond.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nicolasbettag.me: did not receive HSTS header
+nicolasdutour.com: did not receive HSTS header
+niconiconi.xyz: could not connect to host
+niconode.com: could not connect to host
+nidux.com: did not receive HSTS header
+niduxcomercial.com: could not connect to host
+nien.chat: could not connect to host
+nienfun.com: could not connect to host
+nifpnet.nl: did not receive HSTS header
+nightsnack.cf: could not connect to host
+niho.jp: did not receive HSTS header
+nikcub.com: could not connect to host
+nikklassen.ca: did not receive HSTS header
+nikksno.io: could not connect to host
+niklaslindblad.se: did not receive HSTS header
+nikolaichik.photo: did not receive HSTS header
+nikolasbradshaw.com: could not connect to host
+nil2.org: did not receive HSTS header
+niloxy.com: did not receive HSTS header
+ninchisho-online.com: did not receive HSTS header
+ninhs.org: could not connect to host
+ninjan.co: did not receive HSTS header
+ninjaspiders.com: did not receive HSTS header
+niouininon.eu: could not connect to host
+nippler.org: could not connect to host
+nippombashi.net: did not receive HSTS header
+nipponcareers.com: did not receive HSTS header
+nirada.info: could not connect to host
+nishikino-maki.com: could not connect to host
+niva.synology.me: could not connect to host
+nixien.fr: could not connect to host
+nixmag.net: could not connect to host
+nkadvertising.online: could not connect to host
+nkautoservice.nl: did not receive HSTS header
+nkb.in.th: could not connect to host
+nll.fi: could not connect to host
+nmadda.com: could not connect to host
+nmctest.net: could not connect to host
+nmueller.at: could not connect to host
+nnote.net: did not receive HSTS header
+nnya.cat: could not connect to host
+no-ip.cz: did not receive HSTS header
+no17sifangjie.cc: could not connect to host
+nocallaghan.com: could not connect to host
+noclegi-online.pl: did not receive HSTS header
+noctinus.tk: could not connect to host
+node-core-app.com: could not connect to host
+nodebrewery.com: could not connect to host
+nodelab-it.de: did not receive HSTS header
+nodepanel.net: could not connect to host
+nodeselect.com: could not connect to host
+nodespin.com: could not connect to host
+nodetemple.com: could not connect to host
+nodi.at: did not receive HSTS header
+noexpect.org: could not connect to host
+noima.com: did not receive HSTS header
+nolag.host: could not connect to host
+nolatepayments.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nolberg.net: did not receive HSTS header
+nolimitsbook.de: did not receive HSTS header
+nolte.work: could not connect to host
+nomorebytes.de: could not connect to host
+nonemu.ninja: could not connect to host
+noodlesandwich.com: did not receive HSTS header
+noodplan.co.za: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nootropicsource.com: did not receive HSTS header
+nope.website: could not connect to host
+nopex.no: could not connect to host
+nopol.de: could not connect to host
+norad.sytes.net: could not connect to host
+norandom.com: could not connect to host
+norb.at: could not connect to host
+nordlicht.photography: did not receive HSTS header
+nordseeblicke.de: could not connect to host
+norge.guide: could not connect to host
+northcutt.com: did not receive HSTS header
+northwest-events.co.uk: did not receive HSTS header
+nosbenevolesontdutalent.com: could not connect to host
+nosecretshop.com: could not connect to host
+nostraspace.com: did not receive HSTS header
+notadd.io: could not connect to host
+notarankastojkovic.me: could not connect to host
+notarobot.fr: could not connect to host
+note7forever.com: could not connect to host
+notenoughtime.de: could not connect to host
+notesforpebble.com: could not connect to host
+notevencode.com: could not connect to host
+nothing.net.nz: max-age too low: 7776000
+nothing.org.uk: could not connect to host
+noticia.do: did not receive HSTS header
+notjustbitchy.com: did not receive HSTS header
+nottheonion.net: did not receive HSTS header
+nou.si: could not connect to host
+nouvelle-vague-saint-cast.fr: did not receive HSTS header
+nova-elearning.com: could not connect to host
+novaco.in: max-age too low: 3600
+novacraft.me: did not receive HSTS header
+novascan.net: could not connect to host
+novatrucking.de: could not connect to host
+novavoidhowl.com: did not receive HSTS header
+novelabs.de: could not connect to host
+novelabs.eu: could not connect to host
+novelshouse.com: did not receive HSTS header
+novtest.ru: did not receive HSTS header
+novurania.com: did not receive HSTS header
+nowak.ninja: did not receive HSTS header
+noworrywp.com: could not connect to host
+nowprotein.com: did not receive HSTS header
+nowremindme.com: could not connect to host
+nozoe.jp: could not connect to host
+npol.de: could not connect to host
+nq7.pl: could not connect to host
+nrechn.de: could not connect to host
+nrizzio.me: could not connect to host
+nrnjn.xyz: did not receive HSTS header
+nsbfalconacademy.org: could not connect to host
+nsdev.cn: could not connect to host
+nsmail.cn: could not connect to host
+nsweb.solutions: could not connect to host
+ntbs.pro: could not connect to host
+ntse.xyz: could not connect to host
+nu3.at: did not receive HSTS header
+nu3.ch: did not receive HSTS header
+nu3.co.uk: could not connect to host
+nu3.com: did not receive HSTS header
+nu3.de: did not receive HSTS header
+nu3.dk: did not receive HSTS header
+nu3.fi: did not receive HSTS header
+nu3.fr: did not receive HSTS header
+nu3.no: did not receive HSTS header
+nu3.se: did not receive HSTS header
+nube.ninja: did not receive HSTS header
+nudel.ninja: could not connect to host
+nufla.de: could not connect to host
+nuiguru.me: could not connect to host
+nukenet.se: could not connect to host
+nukute.com: did not receive HSTS header
+null-pointer.eu: did not receive HSTS header
+null-sec.ru: could not connect to host
+null.cat: did not receive HSTS header
+null.tips: could not connect to host
+nullpoint.at: did not receive HSTS header
+nullpro.com: could not connect to host
+numericacu.com: did not receive HSTS header
+numero-di-telefono.it: could not connect to host
+numista.com: did not receive HSTS header
+nunnun.jp: could not connect to host
+nuovamoda.al: did not receive HSTS header
+nup.pw: could not connect to host
+nuriacamaras.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nurserybook.co: did not receive HSTS header
+nurture.be: did not receive HSTS header
+nusatrip-api.com: did not receive HSTS header
+nutricuerpo.com: did not receive HSTS header
+nutritionculture.com: could not connect to host
+nutsandboltsmedia.com: did not receive HSTS header
+nuttyveg.com: did not receive HSTS header
+nwa.xyz: could not connect to host
+nweb.co.nz: could not connect to host
+nwork.media: could not connect to host
+nyanpasu.tv: could not connect to host
+nyazeeland.guide: could not connect to host
+nycroth.com: could not connect to host
+nyesider.org: could not connect to host
+nyored.com: did not receive HSTS header
+nyphox.net: could not connect to host
+nysepho.pw: could not connect to host
+nysifclaimcentral.com: did not receive HSTS header
+nystart.no: did not receive HSTS header
+nyxi.eu: could not connect to host
+nz.search.yahoo.com: max-age too low: 172800
+nzbs.io: could not connect to host
+nzmk.cz: did not receive HSTS header
+nzquakes.maori.nz: could not connect to host
+o-rickroll-y.pw: could not connect to host
+o0o.one: could not connect to host
+oasis.mobi: could not connect to host
+oasisim.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+obdolbacca.ru: could not connect to host
+oben.pl: did not receive HSTS header
+oberam.de: could not connect to host
+oberhof.co: could not connect to host
+obscuredfiles.com: could not connect to host
+obsydian.org: could not connect to host
+occupymedia.org: did not receive HSTS header
+ochaken.cf: could not connect to host
+ocmeulebeke.be: did not receive HSTS header
+ocrami.us: did not receive HSTS header
+octocat.ninja: could not connect to host
+oddmouse.com: could not connect to host
+odin.xxx: could not connect to host
+odinkapital.no: did not receive HSTS header
+odinoffice.no: did not receive HSTS header
+odysseyandco.com: could not connect to host
+oe8.bet: could not connect to host
+ofcourselanguages.com: could not connect to host
+ofer.site: did not receive HSTS header
+off-the-clock.us: could not connect to host
+offenedialoge.de: max-age too low: 2592000
+offgames.pro: could not connect to host
+office-ruru.com: could not connect to host
+officeclub.com.mx: did not receive HSTS header
+offshore-firma.org: could not connect to host
+offshore-unternehmen.com: could not connect to host
+offshorefirma-gruenden.com: could not connect to host
+offshoremarineparts.com: did not receive HSTS header
+oficinadocelular.com.br: could not connect to host
+ofo2.com: did not receive HSTS header
+oganek.ie: could not connect to host
+oganime.com: could not connect to host
+ogogoshop.com: could not connect to host
+ohm2013.org: could not connect to host
+ohsocool.org: did not receive HSTS header
+ohyooo.com: could not connect to host
+oiepoie.nl: could not connect to host
+oishioffice.com: did not receive HSTS header
+ojls.co: could not connect to host
+okane.love: could not connect to host
+okok-rent.com: could not connect to host
+okok.rent: could not connect to host
+okutama.in.th: could not connect to host
+olafnorge.de: did not receive HSTS header
+olanderflorist.com: could not connect to host
+olcso-vps-szerver.hu: could not connect to host
+oldnews.news: could not connect to host
+oldoakflorist.com: could not connect to host
+oliverdunk.com: did not receive HSTS header
+oliverspringer.eu: could not connect to host
+ollehbizev.co.kr: could not connect to host
+ols.io: did not receive HSTS header
+olswangtrainees.com: could not connect to host
+omacostudio.com: could not connect to host
+omgaanmetidealen.com: could not connect to host
+ominto.com: did not receive HSTS header
+omnibot.tv: could not connect to host
+omniti.com: max-age too low: 1
+omquote.gq: could not connect to host
+omskit.ru: did not receive HSTS header
+one---line.com: could not connect to host
+one-pe.com: did not receive HSTS header
+onearth.one: did not receive HSTS header
+oneb4nk.com: could not connect to host
+onecycling.my: could not connect to host
+onecycling.world: could not connect to host
+onefour.co: could not connect to host
+onehourloan.com: could not connect to host
+onehourloan.sg: did not receive HSTS header
+oneiros.cc: could not connect to host
+oneminute.io: did not receive HSTS header
+oneminutefilm.tv: could not connect to host
+onepathnetwork.com: max-age too low: 7776000
+onepluscamps.com: could not connect to host
+onepopstore.com: could not connect to host
+onespiritinc.com: did not receive HSTS header
+onet.space: could not connect to host
+onetwentyseven001.com: did not receive HSTS header
+onewebdev.info: could not connect to host
+oneworldbank.com: did not receive HSTS header
+onewpst.com: did not receive HSTS header
+oniichan.us: did not receive HSTS header
+onioncloud.org: could not connect to host
+onionsburg.com: could not connect to host
+online-casino.eu: did not receive HSTS header
+online-pr.at: did not receive HSTS header
+online-wetten.de: did not receive HSTS header
+onlinebiller.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+onlinebillingform.com: did not receive HSTS header
+onlinecompliance.org: did not receive HSTS header
+onlinedemo.hu: could not connect to host
+onlinedeposit.us: could not connect to host
+onlinekasino.de: did not receive HSTS header
+onlinepollsph.com: could not connect to host
+onlineschadestaat.nl: did not receive HSTS header
+onlinespielothek.com: did not receive HSTS header
+onlinewetten.de: could not connect to host
+only-roses.co.uk: did not receive HSTS header
+only-roses.com: did not receive HSTS header
+onlyshopstation.com: did not receive HSTS header
+onlyzero.net: could not connect to host
+onmuvo.com: did not receive HSTS header
+onovlena.dn.ua: could not connect to host
+onpatient.com: did not receive HSTS header
+onsitemassageco.com: did not receive HSTS header
+onstud.com: could not connect to host
+ontimestamp.com: did not receive HSTS header
+ontras.com: could not connect to host
+onwie.fr: could not connect to host
+onyxwall.com: could not connect to host
+onyxwall.link: could not connect to host
+onyxwall.net: could not connect to host
+oo.edu.rs: did not receive HSTS header
+ooeste.com: could not connect to host
+oogami.name: could not connect to host
+ookjesprookje.nl: could not connect to host
+ooooush.co.uk: could not connect to host
+oopsmycase.com: could not connect to host
+oopsorup.com: could not connect to host
+oost.io: could not connect to host
+open-mx.de: could not connect to host
+open-to-repair.fr: max-age too low: 86400
+openas.org: could not connect to host
+openconcept.no: did not receive HSTS header
+opendesk.cc: did not receive HSTS header
+opengateway.fr: did not receive HSTS header
+openmind-shop.de: did not receive HSTS header
+openmtbmap.org: did not receive HSTS header
+openpriv.pw: could not connect to host
+openprovider.nl: did not receive HSTS header
+openshift.redhat.com: did not receive HSTS header
+opensourcehouse.net: could not connect to host
+openspace.xxx: did not receive HSTS header
+opensrd.com: could not connect to host
+openssf.org: did not receive HSTS header
+openxmpp.com: could not connect to host
+opim.ca: did not receive HSTS header
+opioids.gov: could not connect to host
+opium.io: could not connect to host
+opoleo.com: could not connect to host
+opperwall.net: could not connect to host
+opsafewinter.net: could not connect to host
+opsbears.com: did not receive HSTS header
+opstacks.com: did not receive HSTS header
+optenhoefel.de: could not connect to host
+optimal-e.com: did not receive HSTS header
+optimista.soy: could not connect to host
+optometriepunt.nl: did not receive HSTS header
+optumrxhealthstore.com: could not connect to host
+oracaodocredo.com.br: could not connect to host
+orbiosales.com: could not connect to host
+orbitcom.de: did not receive HSTS header
+orbograph-hrcm.com: could not connect to host
+order.one: could not connect to host
+ordereat.fr: could not connect to host
+orderlounge.de: did not receive HSTS header
+organic-superfood.net: could not connect to host
+organisationsberatung-jacobi.de: did not receive HSTS header
+originalmockups.com: did not receive HSTS header
+originpc.com: did not receive HSTS header
+orioncustompcs.com: could not connect to host
+orionfcu.com: did not receive HSTS header
+orionrebellion.com: did not receive HSTS header
+orleika.ml: could not connect to host
+oroweatorganic.com: could not connect to host
+orthodoxy.lt: did not receive HSTS header
+osaiyuwu.com: could not connect to host
+oscarmashauri.com: could not connect to host
+oscloud.com: could not connect to host
+oscloud.com.ua: could not connect to host
+oscreen.me: could not connect to host
+oscreen.org: could not connect to host
+oscsdp.cz: could not connect to host
+osdls.gov: could not connect to host
+oslfoundation.org: could not connect to host
+osmanlitorunu.com: could not connect to host
+osp.cx: could not connect to host
+ossan-kobe-gourmet.com: did not receive HSTS header
+ossbinaries.com: could not connect to host
+osteammate.com: could not connect to host
+ostendorf.com: did not receive HSTS header
+osticketawesome.com: did not receive HSTS header
+oswaldmattgroup.com: did not receive HSTS header
+otakuworld.de: could not connect to host
+othercode.nl: could not connect to host
+othermedia.cc: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+otherstuff.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+otichi.com: did not receive HSTS header
+otinane.eu: could not connect to host
+otokonna.com: did not receive HSTS header
+otrsdemo.hu: did not receive HSTS header
+ottospora.nl: could not connect to host
+ourbank.com: did not receive HSTS header
+ourchoice2016.com: could not connect to host
+outdooradventures.pro: did not receive HSTS header
+outdoorproducts.com: did not receive HSTS header
+outetc.com: could not connect to host
+outreachbuddy.com: could not connect to host
+outsider.im: could not connect to host
+outurnate.com: did not receive HSTS header
+ouvirmusica.com.br: did not receive HSTS header
+ovenapp.io: did not receive HSTS header
+over25tips.com: did not receive HSTS header
+override.io: could not connect to host
+oversight.io: could not connect to host
+ovuscloud.de: could not connect to host
+ovvy.net: did not receive HSTS header
+owennelson.me: could not connect to host
+owlscrap.ru: could not connect to host
+owncloud.help: could not connect to host
+ownmovies.fr: could not connect to host
+oxro.co: could not connect to host
+oxygaming.com: did not receive HSTS header
+oxygenabsorbers.com: did not receive HSTS header
+oxymc.com: did not receive HSTS header
+oxynux.fr: could not connect to host
+oxynux.xyz: could not connect to host
+oyste.in: could not connect to host
+ozoz.cc: could not connect to host
+p-rickroll-o.pw: could not connect to host
+p.linode.com: could not connect to host
+p1c.pw: could not connect to host
+p3.marketing: did not receive HSTS header
+p3in.com: could not connect to host
+p8r.de: could not connect to host
+paavolastudio.com: could not connect to host
+pablocamino.tk: could not connect to host
+packlane.com: did not receive HSTS header
+pactocore.org: could not connect to host
+pader-deko.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+paestbin.com: could not connect to host
+page: could not connect to host
+pagerate.io: did not receive HSTS header
+pagetoimage.com: could not connect to host
+pahlawanpulsa.com: did not receive HSTS header
+paichai.space: could not connect to host
+paigeglass.com: did not receive HSTS header
+paino.cloud: could not connect to host
+paintingat.com: could not connect to host
+paio2-rec.com: could not connect to host
+paio2.com: could not connect to host
+paisaone.com: did not receive HSTS header
+pajonzeck.de: could not connect to host
+paket.io: did not receive HSTS header
+pakho.xyz: could not connect to host
+paku.me: could not connect to host
+palmer.im: could not connect to host
+pammbook.com: did not receive HSTS header
+pamplona.tv: could not connect to host
+pamsoft.pl: max-age too low: 0
+pan.tips: could not connect to host
+panaceallc.net: could not connect to host
+panama-gbs.com: did not receive HSTS header
+panamaequity.com: did not receive HSTS header
+panamateakforestry.com: did not receive HSTS header
+panasca.is: could not connect to host
+panascais.co: could not connect to host
+panascais.com: could not connect to host
+panascais.de: could not connect to host
+panascais.eu: could not connect to host
+panascais.host: could not connect to host
+panascais.io: could not connect to host
+panascais.me: could not connect to host
+panascais.net: did not receive HSTS header
+panascais.pw: could not connect to host
+panascais.site: could not connect to host
+panascais.tech: could not connect to host
+panascais.us: could not connect to host
+pandapsy.com: could not connect to host
+panelomix.net: did not receive HSTS header
+panicparts.com: max-age too low: 10540800
+panni.me: could not connect to host
+panoranordic.net: could not connect to host
+pansu.space: could not connect to host
+pants-off.xyz: could not connect to host
+pantsu.cat: did not receive HSTS header
+papalytics.com: could not connect to host
+papeda.net: could not connect to host
+papelariadante.com.br: could not connect to host
+papercard.co.uk: did not receive HSTS header
+papercrunch.io: could not connect to host
+paperwallets.io: did not receive HSTS header
+papierniak.net: could not connect to host
+papygeek.com: could not connect to host
+parabhairavayoga.com: max-age too low: 0
+pardnoy.com: could not connect to host
+parent5446.us: could not connect to host
+parentmail.co.uk: did not receive HSTS header
+parfum-baza.ru: could not connect to host
+paris-cyber.fr: did not receive HSTS header
+parisvox.info: did not receive HSTS header
+parithy.net: could not connect to host
+parkingplus.co.il: could not connect to host
+parkrocker.com: max-age too low: 604800
+parkwithark.com: could not connect to host
+parodybit.net: did not receive HSTS header
+parpaing-paillette.net: could not connect to host
+particonpsplus.it: could not connect to host
+partiono.com: did not receive HSTS header
+partirkyoto.jp: did not receive HSTS header
+partnercardservices.com: did not receive HSTS header
+partnersfcu.org: did not receive HSTS header
+partyhaus.ovh: could not connect to host
+partyhireformby.co.uk: did not receive HSTS header
+partyvan.eu: could not connect to host
+partyvan.it: could not connect to host
+partyvan.moe: could not connect to host
+partyvan.nl: could not connect to host
+partyvan.se: could not connect to host
+pascalchristen.ch: did not receive HSTS header
+passrhce.com: could not connect to host
+passrhcsa.com: could not connect to host
+passumpsicbank.com: did not receive HSTS header
+passwd.io: could not connect to host
+passwordbox.com: did not receive HSTS header
+passwordrevelator.net: did not receive HSTS header
+pastaf.com: could not connect to host
+pastdream.xyz: could not connect to host
+paste.linode.com: could not connect to host
+pastebin.linode.com: could not connect to host
+pastenib.com: could not connect to host
+paster.li: did not receive HSTS header
+pastie.se: could not connect to host
+pataua.kiwi: did not receive HSTS header
+paternitydnatest.com: could not connect to host
+patfs.com: did not receive HSTS header
+patientinsight.net: did not receive HSTS header
+patrickbusch.net: could not connect to host
+patrickneuro.de: could not connect to host
+patt.us: did not receive HSTS header
+patterson.mp: could not connect to host
+paul-kerebel.pro: could not connect to host
+paulbramhall.uk: could not connect to host
+paulbunyanmls.com: did not receive HSTS header
+paulewen.ca: could not connect to host
+paulproell.at: could not connect to host
+paulrudge.codes: could not connect to host
+paulshir.com: could not connect to host
+paulshir.is: could not connect to host
+paulyang.cn: did not receive HSTS header
+pavelfojt.cz: did not receive HSTS header
+pavelkahouseforcisco.com: did not receive HSTS header
+paxdei.com.br: could not connect to host
+paxwinkel.nl: did not receive HSTS header
+pay.gigahost.dk: did not receive HSTS header
+payfreez.com: could not connect to host
+payments-reference.org: could not connect to host
+payments.google.com: did not receive HSTS header (error ignored - included regardless)
+paymon.tj: could not connect to host
+paypod.org: could not connect to host
+payroll.ch: could not connect to host
+paytwopay.com: could not connect to host
+pbapp.net: did not receive HSTS header
+pbbr.com: did not receive HSTS header
+pbprint.ru: did not receive HSTS header
+pc-nf.de: did not receive HSTS header
+pcat.io: could not connect to host
+pcfun.net: could not connect to host
+pchax.net: could not connect to host
+pchospital.cc: could not connect to host
+pcmr.info: did not receive HSTS header
+pcvirusclear.com: could not connect to host
+pdamsidoarjo.co.id: could not connect to host
+pdevio.com: could not connect to host
+pdf.yt: could not connect to host
+pe-bank.co.jp: max-age too low: 604800
+pe-kyousai.jp: did not receive HSTS header
+peaceandwool.com: did not receive HSTS header
+peakapp.nl: could not connect to host
+pear2pear.de: could not connect to host
+pebblesdemo.com: could not connect to host
+peekops.com: could not connect to host
+peerherrmann.de: could not connect to host
+peirong.me: could not connect to host
+peissen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+pekkapikkarainen.fi: did not receive HSTS header
+pekkarik.ru: could not connect to host
+peliculasaudiolatinoonline.com: could not connect to host
+peliseries24.com: did not receive HSTS header
+pemberton.at: did not receive HSTS header
+penablog.com: did not receive HSTS header
+pengisatelier.net: could not connect to host
+pengui.uk: could not connect to host
+penguinclientsystem.com: did not receive HSTS header
+pennylane.me.uk: did not receive HSTS header
+pensanisso.com: max-age too low: 2592000
+pentagram.me: max-age too low: 2592000
+pentano.net: could not connect to host
+people-mozilla.org: could not connect to host
+peperiot.com: did not receive HSTS header
+pepperhead.com: did not receive HSTS header
+pepperworldhotshop.de: did not receive HSTS header
+pepsicoemployeepreferencesurvey.com: could not connect to host
+perdel.cn: did not receive HSTS header
+perfect-radiant-wrinkles.com: could not connect to host
+perfectionis.me: could not connect to host
+perfectseourl.com: did not receive HSTS header
+performaterm.ro: could not connect to host
+performous.org: could not connect to host
+perfumista.vn: did not receive HSTS header
+periscopeliveweb.com: could not connect to host
+perlwork.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+pernatie.ru: could not connect to host
+perplex.nl: did not receive HSTS header
+perroud.pro: did not receive HSTS header
+persjrp.ca: could not connect to host
+persoform.ch: could not connect to host
+personalcommunicationsecurity.com: could not connect to host
+personaldatabasen.no: could not connect to host
+personalinjurylist.com: could not connect to host
+personalizedtouch.co: could not connect to host
+perthdevicelab.com: did not receive HSTS header
+pestalozzishop.com.br: could not connect to host
+pet-nsk.ru: could not connect to host
+petbooking.it: did not receive HSTS header
+petchart.net: could not connect to host
+peterkshultz.com: did not receive HSTS header
+petersmark.com: did not receive HSTS header
+pethub.com: did not receive HSTS header
+petit.site: could not connect to host
+petlife.od.ua: could not connect to host
+petplum.com: could not connect to host
+petravdbos.nl: did not receive HSTS header
+petrkrapek.cz: could not connect to host
+petrolplus.ru: max-age too low: 7776000
+petrovsky.pro: could not connect to host
+petsittersservices.com: could not connect to host
+pettsy.com: could not connect to host
+peuf.shop: could not connect to host
+pewboards.com: could not connect to host
+pexieapp.com: did not receive HSTS header
+peykezamin.ir: could not connect to host
+peytonfarrar.com: did not receive HSTS header
+pfgshop.com.br: could not connect to host
+pflegedienst-gratia.de: max-age too low: 300
+pgcpbc.com: could not connect to host
+pgmsource.com: could not connect to host
+pgpm.io: could not connect to host
+pgtb.be: did not receive HSTS header
+phalconist.com: could not connect to host
+pharmgkb.org: could not connect to host
+phdsupply.com: could not connect to host
+phdwuda.com: could not connect to host
+phil.tw: could not connect to host
+philadelphiacandies.com: did not receive HSTS header
+philippa.cool: could not connect to host
+phillmoore.com: did not receive HSTS header
+philpropertygroup.com: could not connect to host
+phoebe.co.nz: did not receive HSTS header
+phoenicis.com.ua: did not receive HSTS header
+phonenumberinfo.co.uk: could not connect to host
+phongmay24h.com: could not connect to host
+photoblogverona.com: could not connect to host
+photoboothpartyhire.co.uk: did not receive HSTS header
+photops.fr: could not connect to host
+phototag.org: did not receive HSTS header
+php-bach.org: could not connect to host
+phperformances.fr: did not receive HSTS header
+phpfashion.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+phrasing.me: could not connect to host
+physicaltherapist.com: did not receive HSTS header
+pi-eng.fr: did not receive HSTS header
+pianetaottica.eu: could not connect to host
+pianetaottica.net: could not connect to host
+pianetaottica.org: could not connect to host
+picallo.es: could not connect to host
+picardiascr.com: did not receive HSTS header
+pickersurvey.org: could not connect to host
+pickr.co: did not receive HSTS header
+picotronic.biz: could not connect to host
+picscare.co.uk: did not receive HSTS header
+pidatacenters.com: did not receive HSTS header
+pidomex.com: did not receive HSTS header
+pierrejeansuau.fr: could not connect to host
+pieterhordijk.com: could not connect to host
+pieterjangeeroms.me: could not connect to host
+piggott.me.uk: did not receive HSTS header
+pilgermaske.org: did not receive HSTS header
+piligrimname.com: could not connect to host
+pillowandpepper.com: did not receive HSTS header
+pilotcrowd.nl: did not receive HSTS header
+pimpmymac.ru: did not receive HSTS header
+pims.global: did not receive HSTS header
+pimspage.nl: could not connect to host
+pinebaylibrary.org: could not connect to host
+pinkyf.com: could not connect to host
+pioche.ovh: did not receive HSTS header
+pippen.io: could not connect to host
+pips.rocks: did not receive HSTS header
+pir9.com: did not receive HSTS header
+pirata.ga: did not receive HSTS header
+piratebit.tech: could not connect to host
+piratedb.com: could not connect to host
+piratedot.com: could not connect to host
+piratelist.online: could not connect to host
+piratenlogin.de: could not connect to host
+pirateproxy.pe: could not connect to host
+pirateproxy.sx: did not receive HSTS header
+pirateproxy.vip: could not connect to host
+pirati.cz: did not receive HSTS header
+piratte.net: did not receive HSTS header
+pirlitu.com: did not receive HSTS header
+pisexy.me: did not receive HSTS header
+pisidia.de: could not connect to host
+pitchup.com: did not receive HSTS header
+pitonarms.com: could not connect to host
+pittonpreschool.com: did not receive HSTS header
+piwko.co: could not connect to host
+pixdigital.net: did not receive HSTS header
+pixeame.com: did not receive HSTS header
+pixel.google.com: did not receive HSTS header (error ignored - included regardless)
+pixelcode.com.au: could not connect to host
+pixelgliders.de: could not connect to host
+pixelhero.co.uk: did not receive HSTS header
+pixi.chat: could not connect to host
+pixi.me: did not receive HSTS header
+pizzadoc.ch: could not connect to host
+pizzahut.ru: did not receive HSTS header
+pj83.duckdns.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+pjbet.mg: did not receive HSTS header
+pkautodesign.com: did not receive HSTS header
+pkschat.com: could not connect to host
+plaasprodukte.com: could not connect to host
+placollection.org: could not connect to host
+plaettliaktion.ch: did not receive HSTS header
+planbox.info: could not connect to host
+planpharmacy.com: could not connect to host
+plant.ml: did not receive HSTS header
+plass.hamburg: could not connect to host
+plasvilledescartaveis.com.br: could not connect to host
+plataformadeinformacion.es: max-age too low: 30000
+platform.lookout.com: could not connect to host
+platomania.eu: did not receive HSTS header
+play.google.com: did not receive HSTS header (error ignored - included regardless)
+playerhunter.com: did not receive HSTS header
+playerscout.net: did not receive HSTS header
+playflick.com: did not receive HSTS header
+playmaker.io: could not connect to host
+playmaza.live: did not receive HSTS header
+playnation.io: did not receive HSTS header
+playsharp.com: could not connect to host
+pleasure.forsale: could not connect to host
+pleier-it.de: did not receive HSTS header
+pleier.it: did not receive HSTS header
+plfgr.eu.org: could not connect to host
+plhdb.org: did not receive HSTS header
+plirt.ru: could not connect to host
+plixer.com: did not receive HSTS header
+plogable.co: could not connect to host
+plombirator.kz: did not receive HSTS header
+plothost.com: did not receive HSTS header
+ploup.net: could not connect to host
+ploxel.com: did not receive HSTS header
+pluff.nl: did not receive HSTS header
+plur.com.au: did not receive HSTS header
+plus-digital.net: did not receive HSTS header
+plus-u.com.au: did not receive HSTS header
+plus.sandbox.google.com: did not receive HSTS header (error ignored - included regardless)
+plussizereviews.com: could not connect to host
+plut.org: did not receive HSTS header
+plymouthsoftplay.co.uk: could not connect to host
+pm13-media.cz: could not connect to host
+pmac.pt: could not connect to host
+pmbremer.de: could not connect to host
+pmemanager.fr: did not receive HSTS header
+pmnts.io: could not connect to host
+pnsc.is: could not connect to host
+pnukee.com: did not receive HSTS header
+pnyxnet.com: did not receive HSTS header
+po.gl: did not receive HSTS header
+pocketsix.com: could not connect to host
+pocloud.homelinux.net: could not connect to host
+podiumsdiskussion.org: did not receive HSTS header
+pogs.us: could not connect to host
+poiema.com.sg: did not receive HSTS header
+poinsot.beer: could not connect to host
+pointeringles.com: could not connect to host
+pointpro.de: did not receive HSTS header
+pokeduel.me: did not receive HSTS header
+pokomichi.com: did not receive HSTS header
+pol-expo.ru: did not receive HSTS header
+pol.in.th: could not connect to host
+polarityschule.com: did not receive HSTS header
+pole.net.nz: could not connect to host
+polen.guide: could not connect to host
+policeiwitness.sg: could not connect to host
+polimat.org: could not connect to host
+polit.im: could not connect to host
+politic.org.ua: could not connect to host
+politically-incorrect.xyz: could not connect to host
+politiewervingshop.nl: did not receive HSTS header
+politologos.org: did not receive HSTS header
+polycoise.com: could not connect to host
+polycrypt.us: could not connect to host
+polypho.nyc: could not connect to host
+pomardaserra.com: could not connect to host
+pompefunebrilariviera.it: could not connect to host
+pompompoes.com: could not connect to host
+ponteencima.com: could not connect to host
+pontokay.com.br: could not connect to host
+pontualcomp.com: could not connect to host
+pony.today: could not connect to host
+ponythread.com: did not receive HSTS header
+poolinstallers.co.za: could not connect to host
+poolsandstuff.com: did not receive HSTS header
+poon.tech: could not connect to host
+popi.se: did not receive HSTS header
+popkins.ml: could not connect to host
+poris.web.id: could not connect to host
+porno-gif.ru: did not receive HSTS header
+pornstars.me: did not receive HSTS header
+portalm.tk: could not connect to host
+portalplatform.net: could not connect to host
+portaluniversalista.org: could not connect to host
+portalzine.de: did not receive HSTS header
+poshpak.com: max-age too low: 86400
+posoiu.net: could not connect to host
+postcodewise.co.uk: did not receive HSTS header
+postscheduler.org: could not connect to host
+posylka.de: did not receive HSTS header
+potatoheads.net: could not connect to host
+potbar.com: could not connect to host
+potlytics.com: could not connect to host
+potsky.com: did not receive HSTS header
+pouets.ovh: could not connect to host
+pourmesloisirs.com: did not receive HSTS header
+poussinooz.fr: could not connect to host
+povitria.net: could not connect to host
+power-l.ch: did not receive HSTS header
+power-of-interest.com: did not receive HSTS header
+power99press.com: did not receive HSTS header
+powerentertainment.tv: could not connect to host
+poweroff.win: could not connect to host
+powerplannerapp.com: could not connect to host
+powershift.ne.jp: did not receive HSTS header
+powerxequality.com: could not connect to host
+poy-tech.com: could not connect to host
+pozniak.at: did not receive HSTS header
+pozyczka-bez-zaswiadczen.pl: did not receive HSTS header
+ppr-truby.ru: could not connect to host
+ppro.com: did not receive HSTS header
+ppuu.org: did not receive HSTS header
+ppy3.com: could not connect to host
+practicallabs.com: could not connect to host
+practodev.com: could not connect to host
+pratinav.xyz: could not connect to host
+prattpokemon.com: could not connect to host
+praxis-research.info: could not connect to host
+precisionaeroimaging.com: did not receive HSTS header
+prediksisydney.com: could not connect to host
+preezzie.com: could not connect to host
+prefis.com: did not receive HSTS header
+prefontaine.name: could not connect to host
+prego-shop.de: did not receive HSTS header
+preissler.co.uk: could not connect to host
+prelist.org: did not receive HSTS header
+prelogica.com.br: did not receive HSTS header
+prepandgo-euro.com: could not connect to host
+preppertactics.com: did not receive HSTS header
+presidentials2016.com: could not connect to host
+press-anime-nenkan.com: did not receive HSTS header
+pressenews.net: did not receive HSTS header
+pressfreedomfoundation.org: did not receive HSTS header
+prettygrouse.com: did not receive HSTS header
+prettyphotoart.de: did not receive HSTS header
+pretzlaff.info: did not receive HSTS header
+preworkout.me: could not connect to host
+prezola.com: max-age too low: 0
+prgslab.net: could not connect to host
+pridoc.se: did not receive HSTS header
+prilock.com: did not receive HSTS header
+primecaplending.com: did not receive HSTS header
+prinbanat.ngo: did not receive HSTS header
+princessbackpack.de: could not connect to host
+printerest.io: could not connect to host
+printersonline.be: did not receive HSTS header
+printery.be: could not connect to host
+printfn.com: could not connect to host
+priolkar.com: did not receive HSTS header
+prism-communication.com: could not connect to host
+privacylabs.io: did not receive HSTS header
+privacymanatee.com: could not connect to host
+privacyrup.net: could not connect to host
+privcloud.org: could not connect to host
+privilegevisa.fr: could not connect to host
+privytime.com: could not connect to host
+prnt.li: did not receive HSTS header
+pro-zone.com: could not connect to host
+proactive.run: could not connect to host
+probas.de: max-age too low: 0
+procode.gq: could not connect to host
+prodpad.com: did not receive HSTS header
+production.vn: did not receive HSTS header
+producto8.com: did not receive HSTS header
+profhome-shop.com: did not receive HSTS header
+profi-durchgangsmelder.de: did not receive HSTS header
+profivps.com: could not connect to host
+profloorstl.com: did not receive HSTS header
+profpay.com: could not connect to host
+profundr.com: could not connect to host
+profusion.io: did not receive HSTS header
+progblog.net: could not connect to host
+progress-technologies.com: could not connect to host
+progressivecfo.co.nz: could not connect to host
+prohostonline.fi: could not connect to host
+proitconsulting.com.au: could not connect to host
+project-sparks.eu: did not receive HSTS header
+projectascension.io: could not connect to host
+projectasterk.com: could not connect to host
+projectdp.net: could not connect to host
+projectmercury.space: could not connect to host
+projectvault.ovh: did not receive HSTS header
+projectx.top: could not connect to host
+projektik.cz: did not receive HSTS header
+projetoresecia.com: could not connect to host
+prokop.ovh: could not connect to host
+prolan.pw: did not receive HSTS header
+promarketer.net: did not receive HSTS header
+promecon-gmbh.de: did not receive HSTS header
+prontocleaners.co.uk: did not receive HSTS header
+prontolight.com: did not receive HSTS header
+prontomovers.co.uk: could not connect to host
+propactrading.com: could not connect to host
+propmag.co: could not connect to host
+prosoft.sk: did not receive HSTS header
+prosperident.com: did not receive HSTS header
+protoyou.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+provitacare.com: could not connect to host
+prowhisky.de: did not receive HSTS header
+proximato.com: could not connect to host
+proxybay.al: could not connect to host
+proxybay.club: could not connect to host
+proxybay.info: did not receive HSTS header
+proxybay.top: did not receive HSTS header
+proxydesk.eu: could not connect to host
+proxydesk.net: could not connect to host
+proxyowl.pw: could not connect to host
+proxyrox.com: could not connect to host
+proxyweb.us: did not receive HSTS header
+prpsss.com: could not connect to host
+pruikshop.nl: could not connect to host
+prxio.date: could not connect to host
+prxio.site: could not connect to host
+prytkov.com: could not connect to host
+pscleaningsolutions.co.uk: could not connect to host
+pshostpk.com: did not receive HSTS header
+psicologia.co.ve: could not connect to host
+psncardplus.be: could not connect to host
+psncardplus.com: could not connect to host
+psncardplus.dk: could not connect to host
+psncardplus.nl: could not connect to host
+psncardplus.se: could not connect to host
+pstudio.me: did not receive HSTS header
+psw.academy: could not connect to host
+psw.consulting: could not connect to host
+psychoco.net: could not connect to host
+ptn.moscow: could not connect to host
+ptonet.com: could not connect to host
+pubkey.is: could not connect to host
+publications.qld.gov.au: did not receive HSTS header
+publicidadnovagrass.com.mx: did not receive HSTS header
+publicspeakingcamps.com: could not connect to host
+publimepa.it: could not connect to host
+puentes.info: did not receive HSTS header
+pugilares.com.pl: could not connect to host
+pugliese.fr: could not connect to host
+puhe.se: could not connect to host
+puiterwijk.org: could not connect to host
+pulsar.guru: did not receive HSTS header
+pult.co: could not connect to host
+pumpgames.net: could not connect to host
+punchkickinteractive.com: did not receive HSTS header
+punchr-kamikazee.rhcloud.com: did not receive HSTS header
+puppydns.com: did not receive HSTS header
+purewebmasters.com: could not connect to host
+purplebricks.com: did not receive HSTS header
+purplemoon.mobi: did not receive HSTS header
+purplestar.mobi: did not receive HSTS header
+purpoz.com.br: could not connect to host
+push.world: did not receive HSTS header
+pushapp.org: did not receive HSTS header
+pushstar.com: max-age too low: 0
+pvagner.tk: did not receive HSTS header
+pwd.ovh: could not connect to host
+pwm.jp: could not connect to host
+pwnsdx.pw: could not connect to host
+pycrypto.org: could not connect to host
+pyol.org: could not connect to host
+pypi-mirrors.org: could not connect to host
+pypi-status.org: could not connect to host
+pyplo.org: did not receive HSTS header
+pypt.lt: did not receive HSTS header
+pyrrhonism.org: could not connect to host
+pysays.net: did not receive HSTS header
+pythia.nz: could not connect to host
+pythonic.guru: could not connect to host
+pythonic.training: could not connect to host
+pzgreni.ch: did not receive HSTS header
+pzme.me: could not connect to host
+q-rickroll-u.pw: could not connect to host
+q2.si: did not receive HSTS header
+q8mp3.me: did not receive HSTS header
+qa.fedoraproject.org: could not connect to host
+qbik.de: did not receive HSTS header
+qbnt.ca: could not connect to host
+qccqld.org.au: could not connect to host
+qforum.org: could not connect to host
+qiannews.net: could not connect to host
+qikan.net: could not connect to host
+qiliang.wang: did not receive HSTS header
+qingxuan.info: could not connect to host
+qinxi1992.com: could not connect to host
+qionglu.pw: could not connect to host
+qipp.com: did not receive HSTS header
+qixxit.de: did not receive HSTS header
+qldconservation.org: could not connect to host
+qldformulaford.org: could not connect to host
+qnatek.org: could not connect to host
+qonqa.de: did not receive HSTS header
+qop.io: could not connect to host
+qoqo.us: could not connect to host
+qorm.co.uk: did not receive HSTS header
+qqq.gg: could not connect to host
+qr-city.org: did not receive HSTS header
+qrara.net: did not receive HSTS header
+qredo.com: did not receive HSTS header
+qrforex.com: did not receive HSTS header
+qrlending.com: could not connect to host
+qrlfinancial.com: could not connect to host
+qscloud.de: could not connect to host
+qswoo.org: could not connect to host
+qto.net: could not connect to host
+quail.solutions: could not connect to host
+quakerlens.com: did not receive HSTS header
+quality1.com.br: did not receive HSTS header
+qualityology.com: did not receive HSTS header
+quanglepro.com: could not connect to host
+quantacloud.ch: could not connect to host
+quantenteranik.eu: could not connect to host
+quantum-cloud.xyz: could not connect to host
+quantum-ethics.com: could not connect to host
+quantumcourse.org: did not receive HSTS header
+quay.net: could not connect to host
+quebecmailbox.com: could not connect to host
+queenbrownie.com.br: could not connect to host
+quelmandataire.fr: did not receive HSTS header
+queryplayground.com: could not connect to host
+questsandrewards.com: could not connect to host
+quickandroid.tools: could not connect to host
+quickpayservice.com: could not connect to host
+quizionic.com: could not connect to host
+quizmemes.org: could not connect to host
+quotehex.com: could not connect to host
+quotemaster.co.za: could not connect to host
+quranserver.net: could not connect to host
+qwilink.me: did not receive HSTS header
+r-ay.club: did not receive HSTS header
+r-ay.cn: could not connect to host
+r-core.ru: could not connect to host
+r-rickroll-u.pw: could not connect to host
+r10n.com: did not receive HSTS header
+r15.me: did not receive HSTS header
+r3bl.me: did not receive HSTS header
+ra-schaal.de: did not receive HSTS header
+raajheshkannaa.com: could not connect to host
+rabota-x.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+rackblue.com: could not connect to host
+radeticlaw.com: max-age too low: 0
+radicaleducation.net: could not connect to host
+radioheteroglossia.com: did not receive HSTS header
+radishmoon.com: max-age too low: 0
+rafaelcz.de: could not connect to host
+ragingserenity.com: did not receive HSTS header
+raiblockscommunity.net: could not connect to host
+raidensnakesden.co.uk: could not connect to host
+raidensnakesden.com: could not connect to host
+raidensnakesden.net: could not connect to host
+raidstone.com: could not connect to host
+raidstone.net: could not connect to host
+raidstone.rocks: could not connect to host
+rainbin.com: could not connect to host
+rainbowbarracuda.com: could not connect to host
+ramarka.de: could not connect to host
+ramon-c.nl: could not connect to host
+ramonj.nl: could not connect to host
+randomcage.com: did not receive HSTS header
+randomcloud.net: could not connect to host
+randomhero.cloud: could not connect to host
+randomwinpicker.de: could not connect to host
+randy.pw: could not connect to host
+ranegroup.hosting: could not connect to host
+rankthespot.com: could not connect to host
+ranktopay.com: did not receive HSTS header
+rannseier.org: could not connect to host
+ranos.org: could not connect to host
+rany.duckdns.org: could not connect to host
+rany.io: could not connect to host
+rany.pw: could not connect to host
+rapdogg.com: could not connect to host
+rapidresearch.me: could not connect to host
+rapidthunder.io: could not connect to host
+rasing.me: could not connect to host
+rastreador.com.es: did not receive HSTS header
+ratajczak.fr: could not connect to host
+rate-esport.de: could not connect to host
+rationem.nl: did not receive HSTS header
+ratuseks.com: could not connect to host
+ratuseks.net: could not connect to host
+ratuseks.us: could not connect to host
+rauchenwald.net: did not receive HSTS header
+raulfraile.net: could not connect to host
+ravage.fm: did not receive HSTS header
+raven.lipetsk.ru: could not connect to host
+ravengergaming.ga: did not receive HSTS header
+ravengergaming.net: could not connect to host
+ravkr.duckdns.org: max-age too low: 360000
+ravse.dk: could not connect to host
+raw-diets.com: did not receive HSTS header
+rawet.se: could not connect to host
+rawoil.com: could not connect to host
+rawstorieslondon.com: could not connect to host
+raycarruthersphotography.co.uk: could not connect to host
+raydan.space: could not connect to host
+raydobe.me: could not connect to host
+raytron.org: could not connect to host
+razeencheng.com: could not connect to host
+razlaw.name: did not receive HSTS header
+razzolini.com.br: could not connect to host
+rbhighinc.org: could not connect to host
+rbose.org: could not connect to host
+rbqcloud.com: did not receive HSTS header
+rbti.me: could not connect to host
+rc-rp.com: could not connect to host
+rc4.io: could not connect to host
+rcafox.com: could not connect to host
+rcoliveira.com: could not connect to host
+rcorporation.be: did not receive HSTS header
+rcpcbd.com: could not connect to host
+rcraigmurphy.net: did not receive HSTS header
+rcvd.io: did not receive HSTS header
+rdfz.tech: could not connect to host
+rdns.im: did not receive HSTS header
+rdyrda.fr: could not connect to host
+re-customer.net: did not receive HSTS header
+reachr.com: could not connect to host
+reader.ga: could not connect to host
+readify.com.au: did not receive HSTS header
+readityourself.net: could not connect to host
+readmeeatmedrinkme.com: did not receive HSTS header
+readr.pw: could not connect to host
+readydok.com: did not receive HSTS header
+reagir43.fr: did not receive HSTS header
+reaiaer.com: could not connect to host
+real-compare.com: could not connect to host
+realcli.com: could not connect to host
+realmic.net: could not connect to host
+realmofespionage.com: could not connect to host
+realraghavgupta.com: could not connect to host
+realwoo.com: could not connect to host
+reapdrive.net: did not receive HSTS header
+reaper.rip: could not connect to host
+reardenporn.com: could not connect to host
+rebekaesgabor.online: could not connect to host
+rebootmc.com: could not connect to host
+redable.nl: did not receive HSTS header
+redair.es: did not receive HSTS header
+redar.xyz: could not connect to host
+reddiseals.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+reddit.com: did not receive HSTS header
+rede.ca: did not receive HSTS header
+redhorsemountainranch.com: did not receive HSTS header
+redicabo.de: could not connect to host
+redirectman.com: did not receive HSTS header
+redlatam.org: did not receive HSTS header
+redmbk.com: did not receive HSTS header
+redner.cc: did not receive HSTS header
+rednertv.de: did not receive HSTS header
+redoakmedia.net: did not receive HSTS header
+redports.org: could not connect to host
+redra.ws: did not receive HSTS header
+redy.host: did not receive HSTS header
+reevu.net: could not connect to host
+referenten.org: did not receive HSTS header
+refitplanner.com: did not receive HSTS header
+reflecton.io: could not connect to host
+reg.ru: did not receive HSTS header
+regaloaks.com: did not receive HSTS header
+regalpalms.com: did not receive HSTS header
+regenbogenwald.de: did not receive HSTS header
+regendevices.eu: could not connect to host
+regenerescence.com: did not receive HSTS header
+reggae-cdmx.com: could not connect to host
+regio-salland.nl: could not connect to host
+regionale.org: did not receive HSTS header
+registertovoteflorida.gov: did not receive HSTS header
+rehabthailand.nl: could not connect to host
+reic.me: could not connect to host
+reidascuecas.com.br: did not receive HSTS header
+reignsphere.net: could not connect to host
+reikiqueen.uk: could not connect to host
+reismil.ch: could not connect to host
+reisyukaku.org: did not receive HSTS header
+reithguard-it.de: did not receive HSTS header
+rejo.in: could not connect to host
+rejuvemedspa.com: did not receive HSTS header
+relayawards.com: could not connect to host
+reldoc.com.mx: did not receive HSTS header
+reliable-mail.de: could not connect to host
+relisten.nl: did not receive HSTS header
+relvan.com: did not receive HSTS header
+rem.pe: did not receive HSTS header
+rema.site: could not connect to host
+remaimodern.org: did not receive HSTS header
+remedica.fr: did not receive HSTS header
+remedioskaseros.com: did not receive HSTS header
+remedium.de: did not receive HSTS header
+rememberthis.co.za: could not connect to host
+remitatm.com: could not connect to host
+remodela.com.ve: could not connect to host
+remonttitekniikka.fi: could not connect to host
+remoteham.com: could not connect to host
+remotestance.com: did not receive HSTS header
+rencaijia.com: did not receive HSTS header
+renemayrhofer.com: could not connect to host
+rengarenkblog.com: could not connect to host
+renideo.fr: could not connect to host
+renkhosting.com: did not receive HSTS header
+renlong.org: did not receive HSTS header
+renrenss.com: could not connect to host
+renscreations.com: did not receive HSTS header
+rentacarcluj.xyz: could not connect to host
+rentbrowser.com: could not connect to host
+rentbrowsertrain.me: could not connect to host
+rentcarassist.com: could not connect to host
+renteater.com: could not connect to host
+rentex.com: did not receive HSTS header
+renyiyou.com: could not connect to host
+replacemychina.com: could not connect to host
+report-incident.de: could not connect to host
+report-to.com: did not receive HSTS header
+report-to.io: did not receive HSTS header
+report-uri.io: did not receive HSTS header
+report-url.com: did not receive HSTS header
+report-url.io: did not receive HSTS header
+reported.ly: did not receive HSTS header
+reporturl.com: did not receive HSTS header
+reporturl.io: did not receive HSTS header
+reprolife.co.uk: could not connect to host
+reqognize.com: could not connect to host
+res-rheingau.de: did not receive HSTS header
+res42.com: could not connect to host
+research.md: could not connect to host
+reserve-online.net: did not receive HSTS header
+residentsinsurance.co.uk: did not receive HSTS header
+resl20.servehttp.com: could not connect to host
+respice.xyz: could not connect to host
+ressl.ch: could not connect to host
+restaurace-klokocka.cz: did not receive HSTS header
+restchart.com: did not receive HSTS header
+reth.ch: could not connect to host
+retroarms.com: did not receive HSTS header
+retroarms.cz: did not receive HSTS header
+retube.ga: could not connect to host
+returnofwar.com: could not connect to host
+revapost.ch: could not connect to host
+revealdata.com: did not receive HSTS header
+revelaciones.tv: could not connect to host
+revello.org: did not receive HSTS header
+reverie.pw: could not connect to host
+review.info: did not receive HSTS header
+reviewbestseller.com: did not receive HSTS header
+reviewjust.com: did not receive HSTS header
+reviews.anime.my: max-age too low: 5184000
+revtut.net: could not connect to host
+rewardstock.com: max-age too low: 0
+rewopit.net: did not receive HSTS header
+reykjavik.guide: could not connect to host
+rezept-planer.de: could not connect to host
+rhapsodhy.hu: could not connect to host
+rhdigital.pro: could not connect to host
+rhering.de: could not connect to host
+rhodosdreef.nl: could not connect to host
+riaucybersolution.net: did not receive HSTS header
+ribopierre.fr: could not connect to host
+riceglue.com: could not connect to host
+richeza.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+richiemail.net: could not connect to host
+richmondsunlight.com: did not receive HSTS header
+richmtdriver.com: could not connect to host
+richsiciliano.com: could not connect to host
+richterphilipp.com: could not connect to host
+rid-wan.com: could not connect to host
+rideaudiscount.com: did not receive HSTS header
+rideforwade.com: could not connect to host
+rideforwade.net: could not connect to host
+rideforwade.org: could not connect to host
+rideworks.com: did not receive HSTS header
+ridwan.co: could not connect to host
+right-to-love.name: did not receive HSTS header
+right2.org: could not connect to host
+righttoknow.ie: did not receive HSTS header
+rigolitch.fr: did not receive HSTS header
+riiconnect24.net: max-age too low: 0
+rijndael.xyz: could not connect to host
+rijnmondeg.nl: did not receive HSTS header
+rika.me: could not connect to host
+ring0.xyz: did not receive HSTS header
+ringh.am: could not connect to host
+rionewyork.com.br: could not connect to host
+ripa.io: did not receive HSTS header
+rippleunion.com: could not connect to host
+riskmgt.com.au: could not connect to host
+rithm.ch: could not connect to host
+rivercruiseadvisor.com: did not receive HSTS header
+rivlo.com: could not connect to host
+rizon.me: could not connect to host
+rj.gg: could not connect to host
+rk6.cz: could not connect to host
+rkkhok.hu: did not receive HSTS header
+rkmantpur.org: did not receive HSTS header
+rmaqequipamentos.com.br: did not receive HSTS header
+rme.li: did not receive HSTS header
+roadfeast.com: could not connect to host
+roan24.pl: did not receive HSTS header
+robi-net.it: could not connect to host
+robigalia.org: did not receive HSTS header
+robomonkey.org: could not connect to host
+robteix.com: did not receive HSTS header
+robtex.com: did not receive HSTS header
+robtex.net: did not receive HSTS header
+robtex.org: did not receive HSTS header
+robust.ga: could not connect to host
+rochman.id: could not connect to host
+rocket-wars.de: did not receive HSTS header
+rocketgnomes.com: could not connect to host
+rocketnet.ml: could not connect to host
+rockeyscrivo.com: did not receive HSTS header
+rocksberg.net: could not connect to host
+rockz.io: did not receive HSTS header
+roddis.net: did not receive HSTS header
+rodehutskors.net: could not connect to host
+rodney.id.au: did not receive HSTS header
+rodneybrooksjr.com: did not receive HSTS header
+rodosto.com: did not receive HSTS header
+roeper.party: could not connect to host
+roesemann.email: could not connect to host
+rofrank.space: could not connect to host
+roguelikecenter.fr: did not receive HSTS header
+rohanbassett.com: could not connect to host
+rohlik.cz: did not receive HSTS header
+roketix.co.uk: did not receive HSTS header
+rolandslate.com: did not receive HSTS header
+rolemaster.net: could not connect to host
+roleplayhome.com: could not connect to host
+rolroer.co.za: could not connect to host
+romaimperator.com: did not receive HSTS header
+romainmuller.xyz: did not receive HSTS header
+romans-place.me.uk: could not connect to host
+romanticschemer.com: could not connect to host
+romanticvillas.com.au: could not connect to host
+romeoferraris.com: did not receive HSTS header
+romulusapp.com: could not connect to host
+ron2k.za.net: could not connect to host
+ronanrbr.com: did not receive HSTS header
+rondoniatec.com.br: did not receive HSTS header
+ronghexx.com: could not connect to host
+ronvandordt.info: could not connect to host
+ronwo.de: max-age too low: 1
+roolevoi.ru: could not connect to host
+room-checkin24.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+rootbsd.at: could not connect to host
+rootforum.org: did not receive HSTS header
+rootservice.org: did not receive HSTS header
+rootwpn.com: could not connect to host
+rop.io: could not connect to host
+roquecenter.org: did not receive HSTS header
+rorymcdaniel.com: did not receive HSTS header
+rospa100.com: could not connect to host
+rossen.be: did not receive HSTS header
+rotex1840.de: did not receive HSTS header
+rotozen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+rotter-dam.nl: did not receive HSTS header
+rotterdamjazz.info: could not connect to host
+rough.nu: could not connect to host
+roundtheme.com: did not receive HSTS header
+rous.se: could not connect to host
+rouvray.org: could not connect to host
+royal-forest.org: max-age too low: 0
+royalhop.co: could not connect to host
+royalpub.net: did not receive HSTS header
+royalsignaturecruise.com: could not connect to host
+roychan.org: max-age too low: 0
+royzez.com: could not connect to host
+rozalisbengal.ro: did not receive HSTS header
+rozalynne-dawn.ga: could not connect to host
+rozeapp.nl: could not connect to host
+rpasafrica.com: could not connect to host
+rr.in.th: could not connect to host
+rrke.cc: did not receive HSTS header
+rs-devdemo.host: could not connect to host
+rsajeey.info: could not connect to host
+rsampaio.info: did not receive HSTS header
+rsblake.net: could not connect to host
+rsf.io: could not connect to host
+rsldb.com: could not connect to host
+rsmaps.org: could not connect to host
+rtc.fun: could not connect to host
+rubbereggs.ca: could not connect to host
+rubecodeberg.com: could not connect to host
+rubendv.be: could not connect to host
+rubenschulz.nl: could not connect to host
+rubi-ka.net: max-age too low: 0
+ruborr.se: did not receive HSTS header
+rubysecurity.org: did not receive HSTS header
+rubyshop.nl: max-age too low: 604800
+rudeotter.com: did not receive HSTS header
+rue-de-la-vieille.fr: max-age too low: 0
+rugirlfriend.com: could not connect to host
+rugs.ca: did not receive HSTS header
+rugstorene.co.uk: did not receive HSTS header
+ruhr3.de: could not connect to host
+ruig.jp: could not connect to host
+ruitershoponline.nl: did not receive HSTS header
+rumoterra.com.br: could not connect to host
+runawebinar.nl: could not connect to host
+runcarina.com: could not connect to host
+rundumcolumn.xyz: could not connect to host
+runementors.com: could not connect to host
+runhardt.eu: did not receive HSTS header
+runtl.com: did not receive HSTS header
+runtondev.com: did not receive HSTS header
+ruqu.nl: could not connect to host
+rusadmin.biz: did not receive HSTS header
+ruska-modra.cz: did not receive HSTS header
+ruskamodra.cz: did not receive HSTS header
+rusl.me: could not connect to host
+russmarshall.com: could not connect to host
+rustfanatic.com: did not receive HSTS header
+ruudkoot.nl: could not connect to host
+ruxit.com: did not receive HSTS header
+rw-solutions.tech: could not connect to host
+rww.name: could not connect to host
+rxprep.com: did not receive HSTS header
+rxt.social: could not connect to host
+rxv.cc: could not connect to host
+ryansmithphotography.com: did not receive HSTS header
+ryanteck.uk: did not receive HSTS header
+rylin.net: did not receive HSTS header
+ryssland.guide: could not connect to host
+rzegroup.com: could not connect to host
+s-d-v.ch: could not connect to host
+s-rickroll-p.pw: could not connect to host
+s.how: could not connect to host
+s0923.com: could not connect to host
+s1mplescripts.de: did not receive HSTS header
+s3n.se: could not connect to host
+sa.net: could not connect to host
+saabwa.org: did not receive HSTS header
+sabine-forschbach.de: could not connect to host
+sabineforschbach.de: could not connect to host
+sadsu.com: did not receive HSTS header
+safeex.com: did not receive HSTS header
+safejourney.education: could not connect to host
+safelist.eu: did not receive HSTS header
+safematix.com: could not connect to host
+safemovescheme.co.uk: could not connect to host
+saferedirectlink.com: could not connect to host
+safersurfing.eu: did not receive HSTS header
+safetyrisk.net: did not receive HSTS header
+safewings-nh.nl: could not connect to host
+safing.me: did not receive HSTS header
+sagarhandicraft.com: could not connect to host
+sageth.com: max-age too low: 0
+sah3.net: could not connect to host
+saharalondon.com: max-age too low: 0
+saharmassachi.com: could not connect to host
+saigonstar.de: did not receive HSTS header
+sail-nyc.com: did not receive HSTS header
+saint-astier-triathlon.com: did not receive HSTS header
+saintjohnlutheran.church: did not receive HSTS header
+sairai.bid: did not receive HSTS header
+sajdowski.de: could not connect to host
+sakaki.anime.my: max-age too low: 5184000
+sakaserver.com: did not receive HSTS header
+sakib.ninja: did not receive HSTS header
+sakurabuff.com: could not connect to host
+saleslift.pl: did not receive HSTS header
+sallysubs.com: could not connect to host
+salserocafe.com: did not receive HSTS header
+salserototal.com: could not connect to host
+saltedskies.com: could not connect to host
+saltra.online: did not receive HSTS header
+salzamt.tk: could not connect to host
+samaritan.tech: could not connect to host
+samegoal.org: did not receive HSTS header
+sametovymesic.cz: could not connect to host
+saml2.com: could not connect to host
+sampcup.com: could not connect to host
+sampoznay.ru: did not receive HSTS header
+samraskauskas.com: could not connect to host
+samsen.club: could not connect to host
+samsungmobile.it: did not receive HSTS header
+sanael.net: could not connect to host
+sanasalud.org: could not connect to host
+sanatfilan.com: did not receive HSTS header
+sanatrans.com: could not connect to host
+sandviks.com: did not receive HSTS header
+sanguoxiu.com: could not connect to host
+sanhei.ch: did not receive HSTS header
+sanik.my: did not receive HSTS header
+sanissimo.com.mx: max-age too low: 86400
+sanmuding.com: could not connect to host
+sansage.com.br: could not connect to host
+sansdev.com: could not connect to host
+sansemea.com: did not receive HSTS header
+santi.eu: did not receive HSTS header
+santing.net: did not receive HSTS header
+santouri.be: could not connect to host
+saotn.org: did not receive HSTS header
+sarah-beckett-harpist.com: did not receive HSTS header
+sarahsweetlife.com: could not connect to host
+sarahsweger.com: could not connect to host
+sarakas.com: could not connect to host
+saraleebread.com: max-age too low: 86400
+sarangsemutbandung.com: could not connect to host
+sarindia.com: could not connect to host
+sarindia.de: could not connect to host
+sarisonproductions.com: did not receive HSTS header
+sarkarischeme.in: could not connect to host
+sarndipity.com: could not connect to host
+saruwebshop.co.za: could not connect to host
+sat.rent: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+sat7a-riyadh.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+satanichia.moe: could not connect to host
+satmep.com: did not receive HSTS header
+satoshicrypt.com: did not receive HSTS header
+satragreen.com: did not receive HSTS header
+satrent.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+satrent.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+satriyowibowo.my.id: did not receive HSTS header
+satsukii.moe: did not receive HSTS header
+saturne.tk: could not connect to host
+saturngames.co.uk: did not receive HSTS header
+saucyfox.net: did not receive HSTS header
+saudeeconforto.com.br: did not receive HSTS header
+sauerbrey.eu: could not connect to host
+saumon.xyz: could not connect to host
+saunasandstuff.ca: did not receive HSTS header
+saunasandstuff.com: did not receive HSTS header
+sauvagebridge.nl: could not connect to host
+save.gov: could not connect to host
+saveaward.gov: could not connect to host
+savecashindia.com: could not connect to host
+savethedogfishfoundation.org: could not connect to host
+saveyour.biz: could not connect to host
+savingrecipe.com: did not receive HSTS header
+savvysuit.com: did not receive HSTS header
+sawamura-rental.com: did not receive HSTS header
+say-hanabi.com: could not connect to host
+sayhanabi.com: could not connect to host
+sazima.ru: did not receive HSTS header
+sbm.cloud: could not connect to host
+sbobetfun.com: did not receive HSTS header
+sbox-archives.com: could not connect to host
+sby.de: could not connect to host
+sc4le.com: could not connect to host
+scala.click: did not receive HSTS header
+scannabi.com: could not connect to host
+schaafenstrasse.koeln: could not connect to host
+schachburg.de: did not receive HSTS header
+schadegarant.net: could not connect to host
+schatmeester.be: could not connect to host
+schau-rein.co.at: max-age too low: 0
+schauer.so: could not connect to host
+schermreparatierotterdam.nl: did not receive HSTS header
+schmitt.ovh: could not connect to host
+schmitt.ws: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+schnapke.name: could not connect to host
+schnell-abnehmen.tips: did not receive HSTS header
+schnell-gold.com: could not connect to host
+scholl.io: did not receive HSTS header
+schooltrends.co.uk: did not receive HSTS header
+schoop.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+schreiber-netzwerk.eu: did not receive HSTS header
+schrikdraad.net: did not receive HSTS header
+schrodinger.io: could not connect to host
+schroepfglas-versand.de: did not receive HSTS header
+schroettle.com: did not receive HSTS header
+schulterglatzen-altenwalde.de: could not connect to host
+schultzflorists.com: could not connect to host
+schuppentier.org: did not receive HSTS header
+schwarzkopfforyou.de: did not receive HSTS header
+schweiz.guide: could not connect to host
+schweizerbolzonello.net: could not connect to host
+schwetz.net: could not connect to host
+scicasts.com: max-age too low: 7776000
+scienceathome.org: did not receive HSTS header
+sciencebase.gov: did not receive HSTS header
+sciencemonster.co.uk: could not connect to host
+scivillage.com: did not receive HSTS header
+sclgroup.cc: did not receive HSTS header
+scooshonline.co.uk: did not receive HSTS header
+score-savers.com: max-age too low: 10540800
+scores4schools.com: could not connect to host
+scotbirchfield.com: did not receive HSTS header
+scottainslie.me.uk: could not connect to host
+scottdial.com: did not receive HSTS header
+scottferguson.com.au: did not receive HSTS header
+scottnicol.co.uk: could not connect to host
+scourt.info: could not connect to host
+scourt.org.ua: could not connect to host
+scrambl.is: could not connect to host
+scramble.io: did not receive HSTS header
+scrambler.in: could not connect to host
+scrapings.net: could not connect to host
+screencaster.io: did not receive HSTS header
+screenresolution.space: could not connect to host
+screensaversplanet.com: did not receive HSTS header
+scribbleserver.com: could not connect to host
+scribe.systems: could not connect to host
+scrion.com: could not connect to host
+script.google.com: did not receive HSTS header (error ignored - included regardless)
+scriptenforcer.net: could not connect to host
+scripthost.org: could not connect to host
+scriptict.nl: could not connect to host
+scriptjunkie.us: could not connect to host
+scrollstory.com: did not receive HSTS header
+sctm.at: could not connect to host
+sdhmanagementgroup.com: could not connect to host
+sdia.ru: could not connect to host
+sdmoscow.ru: could not connect to host
+sdrobs.com: did not receive HSTS header
+sdsl-speedtest.de: could not connect to host
+se7ensins.com: did not receive HSTS header
+seans.cc: did not receive HSTS header
+seatshare.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+seavancouver.com: could not connect to host
+sebastian-bair.de: could not connect to host
+sebastianhampl.de: could not connect to host
+sebastiensenechal.com: did not receive HSTS header
+sebster.com: did not receive HSTS header
+secandtech.com: could not connect to host
+seceye.cn: could not connect to host
+secitem.de: could not connect to host
+secnet.ga: could not connect to host
+secondary-survivor.com: could not connect to host
+secondary-survivor.help: could not connect to host
+secondary-survivor.net: could not connect to host
+secondarysurvivor.help: could not connect to host
+secondarysurvivorportal.com: could not connect to host
+secondarysurvivorportal.help: could not connect to host
+secondbyte.nl: could not connect to host
+secondpay.nl: could not connect to host
+secondspace.ca: could not connect to host
+secretnation.net: did not receive HSTS header
+sectest.ml: could not connect to host
+sectia22.ro: did not receive HSTS header
+sectun.com: did not receive HSTS header
+secur3.us: did not receive HSTS header
+secure-automotive-cloud.com: could not connect to host
+secure-automotive-cloud.org: could not connect to host
+secure-games.us: could not connect to host
+secure.link: did not receive HSTS header
+securechat4.me: could not connect to host
+securedevelop.net: could not connect to host
+securefuture.nl: did not receive HSTS header
+secureindia.co: could not connect to host
+secureobscure.com: could not connect to host
+secureradio.net: could not connect to host
+securesuisse.ch: could not connect to host
+securita.eu: did not receive HSTS header
+security-carpet.com: could not connect to host
+security-thoughts.org: could not connect to host
+security.google.com: did not receive HSTS header (error ignored - included regardless)
+security.xn--q9jyb4c: could not connect to host
+securityarena.com: could not connect to host
+securitybsides.pl: did not receive HSTS header
+securityglance.com: could not connect to host
+securityinet.biz: did not receive HSTS header
+securityinet.net: did not receive HSTS header
+securityinet.org.il: could not connect to host
+securitysoapbox.com: could not connect to host
+securiviera.ch: did not receive HSTS header
+securon.io: could not connect to host
+securoswiss.ch: could not connect to host
+sedoexpert.nl: could not connect to host
+sedoexperts.nl: could not connect to host
+sedrubal.de: could not connect to host
+sedziapilkarski.pl: did not receive HSTS header
+seedboxers.net: could not connect to host
+seefirm.com: could not connect to host
+seefunk.net: did not receive HSTS header
+seele.ca: could not connect to host
+seen.life: could not connect to host
+sehenderson.com: did not receive HSTS header
+seiko-dojo.com: could not connect to host
+seiler-bad.de: did not receive HSTS header
+seizoushokoyuubangou.com: did not receive HSTS header
+sektor.team: could not connect to host
+selcusters.nl: could not connect to host
+selecadm.name: could not connect to host
+selectary.com: could not connect to host
+selectcertifiedautos.com: did not receive HSTS header
+selectruckscalltrackingreports.com: could not connect to host
+seleondar.ru: could not connect to host
+selfdefenserx.com: did not receive HSTS header
+selfie-france.fr: could not connect to host
+selfserverx.com: could not connect to host
+selldorado.com: could not connect to host
+sellercritic.com: did not receive HSTS header
+sellmoretires.com: could not connect to host
+sello.com: did not receive HSTS header
+sellocdn.com: could not connect to host
+sellservs.co.za: could not connect to host
+semaf.at: max-age too low: 86400
+semantheme.fr: did not receive HSTS header
+semen3325.xyz: could not connect to host
+semenkovich.com: did not receive HSTS header
+semenov.su: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+semps-servers.de: could not connect to host
+semps.de: did not receive HSTS header
+sendash.com: could not connect to host
+sendmeback.de: did not receive HSTS header
+senedirect.com: could not connect to host
+sens2lavie.com: did not receive HSTS header
+senseofnumber.co.uk: did not receive HSTS header
+sensiblemn.org: could not connect to host
+sensibus.com: did not receive HSTS header
+seo-lagniappe.com: did not receive HSTS header
+seobot.com.au: could not connect to host
+seomobo.com: could not connect to host
+seosanantonioinc.com: did not receive HSTS header
+seoscribe.net: could not connect to host
+seowarp.net: did not receive HSTS header
+sep23.ru: did not receive HSTS header
+seq.tf: did not receive HSTS header
+serathius.ovh: could not connect to host
+serbien.guide: could not connect to host
+serenitycreams.com: did not receive HSTS header
+serfdom.io: did not receive HSTS header
+serized.pw: could not connect to host
+servecrypt.com: could not connect to host
+server-essentials.com: could not connect to host
+serverangels.co.uk: did not receive HSTS header
+servercode.ca: did not receive HSTS header
+serverdensity.io: did not receive HSTS header
+servergno.me: did not receive HSTS header
+serverlauget.no: could not connect to host
+servermonkey.nl: could not connect to host
+serverpedia.de: could not connect to host
+servfefe.com: could not connect to host
+servicevie.com: did not receive HSTS header
+servu.de: did not receive HSTS header
+seryo.moe: could not connect to host
+seryo.net: could not connect to host
+seryovpn.com: could not connect to host
+sesha.co.za: could not connect to host
+sessionslogning.dk: could not connect to host
+setphaserstostun.org: could not connect to host
+setuid.de: could not connect to host
+setuid.io: did not receive HSTS header
+sexplicit.co.uk: could not connect to host
+seyahatsagliksigortalari.com: could not connect to host
+seydaozcan.com: did not receive HSTS header
+sfashion.si: did not receive HSTS header
+sfhobbies.com.br: could not connect to host
+sfsltd.com: did not receive HSTS header
+sgcaccounts.co.uk: did not receive HSTS header
+sgovaard.nl: did not receive HSTS header
+sh11.pp.ua: did not receive HSTS header
+sha2017.org: did not receive HSTS header
+shadex.net: could not connect to host
+shadiku.com: could not connect to host
+shadoom.com: did not receive HSTS header
+shadow-socks.net: did not receive HSTS header
+shadow-socks.org: did not receive HSTS header
+shadow-socks.pro: did not receive HSTS header
+shadowguardian507-irl.tk: did not receive HSTS header
+shadowguardian507.tk: did not receive HSTS header
+shadowmorph.info: did not receive HSTS header
+shadowplus.net: could not connect to host
+shadowrocket.net: could not connect to host
+shadowroket.com: did not receive HSTS header
+shadowshocks.net: did not receive HSTS header
+shadowsocks.gift: did not receive HSTS header
+shadowsocks.net: could not connect to host
+shadowsocks.vc: did not receive HSTS header
+shadowsocks.wiki: did not receive HSTS header
+shadowsocksvpn.com: did not receive HSTS header
+shadowsoks.com: could not connect to host
+shadowsu.info: did not receive HSTS header
+shadowsu.top: did not receive HSTS header
+shagi29.ru: did not receive HSTS header
+shahbeat.com: did not receive HSTS header
+shakebox.de: could not connect to host
+shanekoster.net: could not connect to host
+shanesage.com: could not connect to host
+shang-yu.cn: could not connect to host
+shanxiapark.com: could not connect to host
+shaobin.wang: could not connect to host
+shapesedinburgh.co.uk: did not receive HSTS header
+shardsoft.com: could not connect to host
+shareimg.xyz: could not connect to host
+sharejoy.cn: did not receive HSTS header
+sharekey.com: did not receive HSTS header
+sharepass.pw: could not connect to host
+sharepic.xyz: could not connect to host
+sharezen.de: could not connect to host
+sharingcode.com: did not receive HSTS header
+shauncrowley.co.uk: could not connect to host
+shaunwheelhou.se: could not connect to host
+shavegazette.com: did not receive HSTS header
+shavingks.com: could not connect to host
+shawnbsmith.me: did not receive HSTS header
+shawnh.net: could not connect to host
+shellsec.pw: did not receive HSTS header
+shep.co.il: did not receive HSTS header
+sheratan.web.id: max-age too low: 2592000
+shereallyheals.com: did not receive HSTS header
+shervik.ga: could not connect to host
+sheying.tm: could not connect to host
+shg-pornographieabhaengigkeit.de: did not receive HSTS header
+shiatsu-institut.ch: did not receive HSTS header
+shibe.club: could not connect to host
+shiftins.com: could not connect to host
+shiftnrg.org: did not receive HSTS header
+shiftplanning.com: did not receive HSTS header
+shiinko.com: could not connect to host
+shindorei.fr: could not connect to host
+shinebijoux.com.br: could not connect to host
+shinju.moe: could not connect to host
+shiona.xyz: could not connect to host
+shipinsight.com: did not receive HSTS header
+shipmile.com: did not receive HSTS header
+shipping24h.com: did not receive HSTS header
+shirakaba-cc.com: could not connect to host
+shirosaki.org: could not connect to host
+shitfest.info: did not receive HSTS header
+shitposting.life: could not connect to host
+shm-forum.org.uk: could not connect to host
+shocksrv.com: did not receive HSTS header
+shooshosha.com: could not connect to host
+shopherbal.co.za: did not receive HSTS header
+shopods.com: did not receive HSTS header
+shopontarget.com: did not receive HSTS header
+shoppeno5.com: did not receive HSTS header
+shoppingreview.org: could not connect to host
+shoprose.ru: could not connect to host
+shops.neonisi.com: could not connect to host
+short-biography.com: did not receive HSTS header
+shorten.ninja: could not connect to host
+shortr.li: could not connect to host
+shota.party: could not connect to host
+showkeeper.tv: did not receive HSTS header
+showmethemoney.ru: did not receive HSTS header
+shoxmusic.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+shred.ch: could not connect to host
+shredoptics.ch: could not connect to host
+shukatsu-note.com: could not connect to host
+shurita.org: could not connect to host
+shuzicai.cn: could not connect to host
+shv25.se: could not connect to host
+shwongacc.com: could not connect to host
+shymeck.pw: could not connect to host
+shypp.it: could not connect to host
+shyrydan.es: could not connect to host
+siamega.com: could not connect to host
+siammedia.co: could not connect to host
+sianimacion.com: could not connect to host
+sichere-kartenakzeptanz.de: could not connect to host
+siciliadigitale.pro: could not connect to host
+sickfile.com: could not connect to host
+siddhant.me: max-age too low: 0
+siebens.net: could not connect to host
+sifls.com: could not connect to host
+sifreuret.com: could not connect to host
+signoracle.com: could not connect to host
+signosquecombinam.com.br: could not connect to host
+sigterm.no: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+sijimi.cn: could not connect to host
+sikatehtaat.fi: could not connect to host
+sikayetvar.com: did not receive HSTS header
+siku.pro: could not connect to host
+silaslova-ekb.ru: did not receive HSTS header
+silent.live: could not connect to host
+silentcircle.com: did not receive HSTS header
+silentcircle.org: could not connect to host
+silentlink.io: could not connect to host
+silicagelpackets.ca: did not receive HSTS header
+silver-drachenkrieger.de: did not receive HSTS header
+silverhome.ninja: could not connect to host
+silverpvp.com: could not connect to host
+silvistefi.com: could not connect to host
+simbast.com: could not connect to host
+simbihaiti.com: max-age too low: 7889238
+simccorp.com: did not receive HSTS header
+simeon.us: max-age too low: 2592000
+simfri.com: did not receive HSTS header
+simnovo.net: did not receive HSTS header
+simobilklub.si: could not connect to host
+simod.org: could not connect to host
+simon-pokorny.com: did not receive HSTS header
+simon.butcher.name: max-age too low: 2629743
+simongong.net: did not receive HSTS header
+simonsaxon.com: did not receive HSTS header
+simpan.id: did not receive HSTS header
+simpleai.net: max-age too low: 600
+simplefraud.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+simplelearner.com: could not connect to host
+simplepractice.com: did not receive HSTS header
+simplerses.com: could not connect to host
+simplexsupport.com: did not receive HSTS header
+simplixos.org: could not connect to host
+simplyenak.com: did not receive HSTS header
+sims4hub.ga: could not connect to host
+simtin-net.de: did not receive HSTS header
+simyo.nl: did not receive HSTS header
+sin30.net: could not connect to host
+sincai666.com: could not connect to host
+sincron.org: could not connect to host
+sinful.pw: could not connect to host
+sinfulforums.net: could not connect to host
+singul4rity.com: could not connect to host
+sinneserweiterung.de: could not connect to host
+sinosky.org: did not receive HSTS header
+sinsojb.me: did not receive HSTS header
+sinusbot.online: did not receive HSTS header
+sipc.org: did not receive HSTS header
+siqi.wang: could not connect to host
+siriad.com: could not connect to host
+sirius-lee.net: could not connect to host
+siro.gq: did not receive HSTS header
+sistemasespecializados.com: did not receive HSTS header
+sitehost.io: did not receive HSTS header
+sitemaxiphilippe.ch: could not connect to host
+sitennisclub.com: did not receive HSTS header
+siterip.org: could not connect to host
+sites.google.com: did not receive HSTS header (error ignored - included regardless)
+sitesforward.com: did not receive HSTS header
+sitesten.com: did not receive HSTS header
+sittinginoblivion.com: did not receive HSTS header
+sizingservers.be: did not receive HSTS header
+sizzle.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+skandiabanken.no: did not receive HSTS header
+skaraborgsassistans.com: did not receive HSTS header
+skarox.ru: could not connect to host
+ski-insurance.com.au: did not receive HSTS header
+skidstresser.com: could not connect to host
+skiinstructor.services: did not receive HSTS header
+skillproxy.com: could not connect to host
+skillproxy.net: could not connect to host
+skillproxy.org: could not connect to host
+skk.io: could not connect to host
+skoda-clever-lead.de: could not connect to host
+skoda-nurdiebesten.de: did not receive HSTS header
+skoda-service-team-cup.de: did not receive HSTS header
+skotty.io: did not receive HSTS header
+skpdev.net: could not connect to host
+skullhouse.nyc: did not receive HSTS header
+sky-aroma.com: could not connect to host
+skyasker.cn: could not connect to host
+skyasker.com: did not receive HSTS header
+skyflix.me: could not connect to host
+skyline.link: could not connect to host
+skyline.tw: did not receive HSTS header
+skylocker.net: could not connect to host
+skylocker.nl: could not connect to host
+skynethk.com: did not receive HSTS header
+skyoy.com: did not receive HSTS header
+skyrunners.ch: could not connect to host
+skyveo.ml: did not receive HSTS header
+skyway.capital: did not receive HSTS header
+sl1pkn07.wtf: could not connect to host
+slanterns.net: could not connect to host
+slaps.be: could not connect to host
+slash-dev.de: did not receive HSTS header
+slashand.co: could not connect to host
+slashdesign.it: did not receive HSTS header
+slashem.me: did not receive HSTS header
+slattery.co: could not connect to host
+slauber.de: did not receive HSTS header
+sleeklounge.com: did not receive HSTS header
+sleep10.com: could not connect to host
+sleepstar.com.mt: did not receive HSTS header
+slicketl.com: did not receive HSTS header
+slightfuture.click: could not connect to host
+slightfuture.com: did not receive HSTS header
+slix.io: could not connect to host
+slope.haus: could not connect to host
+slovakiana.sk: did not receive HSTS header
+slovoice.org: could not connect to host
+sluplift.com: did not receive HSTS header
+slycurity.de: did not receive HSTS header
+slytech.ch: could not connect to host
+smablo.com: did not receive HSTS header
+smallcdn.rocks: could not connect to host
+smallchat.nl: could not connect to host
+smalldata.tech: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+smallshopit.com: did not receive HSTS header
+smart-mirror.de: did not receive HSTS header
+smart-ov.nl: could not connect to host
+smartbuyelectric.com: could not connect to host
+smartcleaningcenter.nl: did not receive HSTS header
+smartcoin.com.br: could not connect to host
+smarterskies.gov: did not receive HSTS header
+smartfon4you.ru: max-age too low: 0
+smarthomedna.com: did not receive HSTS header
+smartofficesandsmarthomes.com: did not receive HSTS header
+smartphone.continental.com: could not connect to host
+smartrak.co.nz: did not receive HSTS header
+smdev.fr: could not connect to host
+smet.us: could not connect to host
+smexpt.com: did not receive HSTS header
+smileawei.com: did not receive HSTS header
+smimea.com: could not connect to host
+smirkingwhorefromhighgarden.pro: could not connect to host
+smith.is: could not connect to host
+smittix.co.uk: did not receive HSTS header
+smkn1lengkong.sch.id: did not receive HSTS header
+smksi2.com: could not connect to host
+smksultanismail2.com: did not receive HSTS header
+sml.lc: could not connect to host
+smol.cat: did not receive HSTS header
+smove.sg: did not receive HSTS header
+smplix.com: could not connect to host
+smspodmena.ru: did not receive HSTS header
+smtp.bz: did not receive HSTS header
+smuhelper.cn: could not connect to host
+smusg.com: did not receive HSTS header
+smzsq.com: did not receive HSTS header
+snailing.org: could not connect to host
+snakehosting.dk: did not receive HSTS header
+snapworks.net: did not receive HSTS header
+snekchat.moe: could not connect to host
+snelwerk.be: could not connect to host
+sng.my: could not connect to host
+snip.host: could not connect to host
+snippet.host: could not connect to host
+snoozedds.com: max-age too low: 600
+snoqualmiefiber.org: could not connect to host
+snowdy.eu: could not connect to host
+sobabox.ru: could not connect to host
+soboleva-pr.com.ua: could not connect to host
+soccergif.com: could not connect to host
+social-journey.com: could not connect to host
+socialbillboard.com: could not connect to host
+socialcs.xyz: could not connect to host
+socialgrowing.cl: did not receive HSTS header
+socialhead.io: could not connect to host
+socialhub.com: did not receive HSTS header
+socializam.com: did not receive HSTS header
+socialprize.com: could not connect to host
+socialspirit.com.br: did not receive HSTS header
+socialworkout.com: could not connect to host
+socialworkout.net: could not connect to host
+socialworkout.org: could not connect to host
+socialworkout.tv: could not connect to host
+socketize.com: could not connect to host
+sockeye.cc: could not connect to host
+socomponents.co.uk: could not connect to host
+sodacore.com: could not connect to host
+softballsavings.com: did not receive HSTS header
+sogeek.me: could not connect to host
+sogravatas.net.br: could not connect to host
+sohamroy.me: could not connect to host
+sojingle.net: could not connect to host
+sokolka.tv: did not receive HSTS header
+sol-3.de: did not receive HSTS header
+sol.works: did not receive HSTS header
+solarcom.com.br: could not connect to host
+soldbygold.net: did not receive HSTS header
+solentes.com.br: could not connect to host
+solidfuelappliancespares.co.uk: did not receive HSTS header
+solidtuesday.com: could not connect to host
+solidus.systems: did not receive HSTS header
+solinter.com.br: did not receive HSTS header
+soljem.com: did not receive HSTS header
+soll-i.ch: did not receive HSTS header
+solosmusic.xyz: could not connect to host
+solsystems.ru: could not connect to host
+solutive.fi: did not receive HSTS header
+solymar.co: could not connect to host
+some.rip: max-age too low: 6307200
+someshit.xyz: could not connect to host
+something-else.cf: could not connect to host
+somethingnew.xyz: could not connect to host
+sonafe.info: could not connect to host
+sonerezh.bzh: did not receive HSTS header
+sonic.network: did not receive HSTS header
+sonicrainboom.rocks: could not connect to host
+sonyforum.no: did not receive HSTS header
+soobi.org: did not receive HSTS header
+soondy.com: did not receive HSTS header
+soply.com: did not receive HSTS header
+soporte.cc: could not connect to host
+sorensen-online.com: could not connect to host
+sortaweird.net: could not connect to host
+sosaka.ml: could not connect to host
+sosiolog.com: did not receive HSTS header
+sotor.de: did not receive HSTS header
+soucorneteiro.com.br: could not connect to host
+soulema.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+soulfulglamour.uk: could not connect to host
+soundforsound.co.uk: did not receive HSTS header
+sourcelair.com: did not receive HSTS header
+sourcitec.com: did not receive HSTS header
+southcoastswords.com: did not receive HSTS header
+southernjamusa.com: did not receive HSTS header
+southgale.condos: could not connect to host
+southside-crew.club: could not connect to host
+southworcestershiregpservices.co.uk: could not connect to host
+souvik.me: did not receive HSTS header
+souyar.de: could not connect to host
+souyar.net: could not connect to host
+souyar.us: could not connect to host
+sovereignshare.com: could not connect to host
+sown.dyndns.org: could not connect to host
+sowncloud.de: could not connect to host
+soz6.com: did not receive HSTS header
+sp.rw: could not connect to host
+spacedust.xyz: could not connect to host
+spacefish.biz: could not connect to host
+spacehq.org: could not connect to host
+spacemo.com: did not receive HSTS header
+spacountryexplorer.org.au: did not receive HSTS header
+spaggel.nl: did not receive HSTS header
+spamloco.net: did not receive HSTS header
+spangehlassociates.com: did not receive HSTS header
+spanien.guide: could not connect to host
+sparelib.com: max-age too low: 3650
+spark.team: could not connect to host
+sparklingsparklers.com: did not receive HSTS header
+sparmedo.de: did not receive HSTS header
+sparsa.army: could not connect to host
+sparta-trade.com: could not connect to host
+spauted.com: could not connect to host
+spdysync.com: could not connect to host
+specialedesigns.com: could not connect to host
+speculor.net: could not connect to host
+spedition-transport-umzug.de: did not receive HSTS header
+speed-mailer.com: could not connect to host
+speedcounter.net: did not receive HSTS header
+speedy.lt: max-age too low: 0
+speedyprep.com: did not receive HSTS header
+speidel.com.tr: did not receive HSTS header
+spencerbaer.com: could not connect to host
+sperohub.io: could not connect to host
+spha.info: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+sphinx.network: could not connect to host
+spicywombat.com: could not connect to host
+spiegels.nl: could not connect to host
+spielcasinos.com: did not receive HSTS header
+spikeykc.me: did not receive HSTS header
+spillmaker.no: did not receive HSTS header
+spilsbury.io: could not connect to host
+spineandscoliosis.com: did not receive HSTS header
+spirit-dev.net: max-age too low: 0
+spiritfanfics.com: did not receive HSTS header
+spisoggrin.dk: did not receive HSTS header
+spitefultowel.com: did not receive HSTS header
+spititout.it: could not connect to host
+spittersberger.recipes: did not receive HSTS header
+split.is: could not connect to host
+spokonline.com: could not connect to host
+sponsortobias.com: could not connect to host
+sportchirp-internal.azurewebsites.net: did not receive HSTS header
+sporthit.ru: did not receive HSTS header
+sportifik.com: did not receive HSTS header
+sportingoods.com.br: could not connect to host
+sportscollection.com.br: could not connect to host
+sportsmanadvisor.com: could not connect to host
+sportwette.eu: did not receive HSTS header
+spot-events.com: could not connect to host
+spotifyripper.tk: could not connect to host
+spotlightsrule.ddns.net: could not connect to host
+spr.id.au: did not receive HSTS header
+spreadsheets.google.com: did not receive HSTS header (error ignored - included regardless)
+spresso.me: did not receive HSTS header
+sprint.ml: did not receive HSTS header
+sprk.fitness: did not receive HSTS header
+sproutconnections.com: could not connect to host
+sprutech.de: could not connect to host
+spyroszarzonis.com: could not connect to host
+squaddraft.com: could not connect to host
+square.gs: could not connect to host
+squatldf.org: did not receive HSTS header
+squids.space: could not connect to host
+squirtlesbians.net: could not connect to host
+sqzryang.com: could not connect to host
+srcc.fr: could not connect to host
+srevilak.net: did not receive HSTS header
+sritest.io: could not connect to host
+srmaximo.com: could not connect to host
+srna.sk: did not receive HSTS header
+srpdb.com: did not receive HSTS header
+srrr.ca: could not connect to host
+srvonfire.com: could not connect to host
+ss-free.net: could not connect to host
+ss.wtf: could not connect to host
+ssl.panoramio.com: did not receive HSTS header
+ssl.rip: could not connect to host
+ssmato.me: could not connect to host
+ssn1.ru: did not receive HSTS header
+sspanda.com: could not connect to host
+ssworld.ga: could not connect to host
+staack.com: could not connect to host
+stabletoken.com: could not connect to host
+stackfiles.io: could not connect to host
+stadionmanager.com: could not connect to host
+stadjerspasonline.nl: could not connect to host
+stadtbauwerk.at: did not receive HSTS header
+stadtgartenla.com: could not connect to host
+staffjoy.com: did not receive HSTS header
+staffjoystaging.com: could not connect to host
+stahl.xyz: could not connect to host
+stalkerhispano.com: max-age too low: 0
+stalkerteam.pl: did not receive HSTS header
+stalkthe.net: could not connect to host
+stalschermer.nl: could not connect to host
+stamonicatourandtravel.com: could not connect to host
+stamparmakarije.me: could not connect to host
+stanandjerre.org: could not connect to host
+standardssuck.org: did not receive HSTS header
+standingmist.com: did not receive HSTS header
+stannahtrapliften.nl: did not receive HSTS header
+starandshield.com: did not receive HSTS header
+starapple.nl: did not receive HSTS header
+starfeeling.net: could not connect to host
+stargatepartners.com: did not receive HSTS header
+starmusic.ga: did not receive HSTS header
+startuponcloud.com: max-age too low: 2678400
+startupsort.com: did not receive HSTS header
+stash.ai: did not receive HSTS header
+state-sponsored-actors.net: could not connect to host
+statementinsertsforless.com: did not receive HSTS header
+stateofexception.io: could not connect to host
+statgram.me: could not connect to host
+static-assets.io: could not connect to host
+static.hosting: could not connect to host
+static.or.at: did not receive HSTS header
+staticanime.net: could not connect to host
+staticisnoise.com: could not connect to host
+stationaryjourney.com: did not receive HSTS header
+stationcharlie.com: could not connect to host
+stationnementdenuit.ca: did not receive HSTS header
+status-sprueche.de: did not receive HSTS header
+statusbot.io: could not connect to host
+statuschecks.net: could not connect to host
+stavebnice.net: did not receive HSTS header
+stayokhotelscdc-mailing.com: could not connect to host
+stcable.net: did not receive HSTS header
+stcomex.com: did not receive HSTS header
+steampunkrobot.com: did not receive HSTS header
+steelbea.ms: could not connect to host
+steem.io: did not receive HSTS header
+stefanweiser.de: did not receive HSTS header
+steffi-in-australien.com: could not connect to host
+stepbystep3d.com: did not receive HSTS header
+steph-autoecole.ch: did not receive HSTS header
+stephanierxo.com: did not receive HSTS header
+stephanos.me: could not connect to host
+stephenandburns.com: did not receive HSTS header
+stevechekblain.win: could not connect to host
+steven-bennett.com: could not connect to host
+stevenroddis.com: did not receive HSTS header
+stevensheffey.me: did not receive HSTS header
+stevensononthe.net: did not receive HSTS header
+stevenz.net: did not receive HSTS header
+stewartremodelingadvantage.com: could not connect to host
+sticklerjs.org: could not connect to host
+stickswag.cf: could not connect to host
+stig.io: could not connect to host
+stigroom.com: could not connect to host
+stilettomoda.com.br: could not connect to host
+stillblackhat.id: could not connect to host
+stinkytrashhound.com: could not connect to host
+stirlingpoon.net: could not connect to host
+stirlingpoon.xyz: could not connect to host
+stkbn.com: did not receive HSTS header
+stkeverneparishcouncil.org.uk: did not receive HSTS header
+stl.news: did not receive HSTS header
+stmbgr.com: could not connect to host
+stn.me.uk: did not receive HSTS header
+stockseyeserum.com: could not connect to host
+stocktrade.de: could not connect to host
+stoffe-monster.de: did not receive HSTS header
+stoick.me: could not connect to host
+stole-my.bike: could not connect to host
+stole-my.tv: could not connect to host
+stomt.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+stonecutterscommunity.com: could not connect to host
+stonemanbrasil.com.br: could not connect to host
+stopbreakupnow.org: did not receive HSTS header
+stopwoodfin.org: could not connect to host
+storbritannien.guide: could not connect to host
+store-host.com: did not receive HSTS header
+storecove.com: did not receive HSTS header
+storeden.com: did not receive HSTS header
+storefrontify.com: did not receive HSTS header
+storiesofhealth.org: did not receive HSTS header
+storillo.com: did not receive HSTS header
+stormhub.org: could not connect to host
+stormyyd.com: did not receive HSTS header
+stqry.com: did not receive HSTS header
+str0.at: did not receive HSTS header
+strasweb.fr: did not receive HSTS header
+strbt.de: could not connect to host
+strchr.com: did not receive HSTS header
+stream.pub: could not connect to host
+streamingmagazin.de: could not connect to host
+streams.dyndns.org: could not connect to host
+strictlysudo.com: could not connect to host
+strife.tk: could not connect to host
+strila.me: could not connect to host
+strivephysmed.com: did not receive HSTS header
+stroeercrm.de: could not connect to host
+strongest-privacy.com: could not connect to host
+stuartbaxter.co: could not connect to host
+student-scientist.org: did not receive HSTS header
+studentrdh.com: did not receive HSTS header
+studentresearcher.org: did not receive HSTS header
+studentshare.net: max-age too low: 0
+studentskydenik.cz: could not connect to host
+studenttravel.cz: did not receive HSTS header
+studinf.xyz: could not connect to host
+studio-panic.com: did not receive HSTS header
+studiozelden.com: did not receive HSTS header
+studybay.com: did not receive HSTS header
+studydrive.net: did not receive HSTS header
+studyhub.cf: did not receive HSTS header
+stugb.de: did not receive HSTS header
+stupendous.net: could not connect to host
+sturbock.me: did not receive HSTS header
+sturdio.com.br: could not connect to host
+stylenda.com: could not connect to host
+stylle.me: could not connect to host
+subbing.work: could not connect to host
+subdimension.org: did not receive HSTS header
+subeesu.com: could not connect to host
+subhacker.net: did not receive HSTS header
+subsys.no: did not receive HSTS header
+subtitle.rip: could not connect to host
+subwayz.de: did not receive HSTS header
+sudo.im: could not connect to host
+sudo.li: did not receive HSTS header
+sudokian.io: did not receive HSTS header
+sudosu.fr: could not connect to host
+sugarsweetorsour.com: did not receive HSTS header
+suian.or.jp: max-age too low: 86400
+suite73.org: could not connect to host
+suitocracy.com: could not connect to host
+sulek.eu: could not connect to host
+summer.ga: could not connect to host
+summitbankofkc.com: did not receive HSTS header
+sumoatm.com: did not receive HSTS header
+sumoscout.de: could not connect to host
+sun-wellness-online.com.vn: did not receive HSTS header
+suncountrymarine.com: did not receive HSTS header
+suneilpatel.com: could not connect to host
+sunfireshop.com.br: could not connect to host
+sunflyer.cn: did not receive HSTS header
+sungo.wtf: did not receive HSTS header
+sunlandsg.vn: did not receive HSTS header
+sunnyfruit.ru: could not connect to host
+sunshinepress.org: could not connect to host
+sunxchina.com: could not connect to host
+sunyanzi.tk: could not connect to host
+suos.io: could not connect to host
+supcro.com: could not connect to host
+super-erotica.ru: could not connect to host
+super-garciniaslim.com: could not connect to host
+super-radiant-skin.com: could not connect to host
+super-ripped-power.com: could not connect to host
+super-slim-coffee.com: could not connect to host
+superbabysitting.ch: could not connect to host
+superbart.nl: could not connect to host
+superbdistribute.com: could not connect to host
+superbike.tw: could not connect to host
+supercreepsvideo.com: could not connect to host
+supereight.net: did not receive HSTS header
+superiorfloridavacation.com: did not receive HSTS header
+superklima.ro: did not receive HSTS header
+superlandnetwork.de: did not receive HSTS header
+superlentes.com.br: could not connect to host
+supernovabrasil.com.br: did not receive HSTS header
+superpase.com: could not connect to host
+supersalescontest.nl: did not receive HSTS header
+superschnappchen.de: could not connect to host
+supersecurefancydomain.com: could not connect to host
+supertramp-dafonseca.com: did not receive HSTS header
+superuser.fi: could not connect to host
+superwally.org: could not connect to host
+supes.io: did not receive HSTS header
+support4server.de: did not receive HSTS header
+suprlink.net: could not connect to host
+supweb.ovh: did not receive HSTS header
+surasak.io: could not connect to host
+surasak.org: could not connect to host
+surasak.xyz: could not connect to host
+surdam.casa: could not connect to host
+surfeasy.com: did not receive HSTS header
+surfone-leucate.com: did not receive HSTS header
+survivalistplanet.com: could not connect to host
+susconam.org: could not connect to host
+suspiciousdarknet.xyz: could not connect to host
+sussexwebdesigns.com: did not receive HSTS header
+sussexwebdesigns.info: did not receive HSTS header
+sustainability.gov: did not receive HSTS header
+suzukikenichi.com: did not receive HSTS header
+svatba-frantovi.cz: could not connect to host
+svenluijten.com: did not receive HSTS header
+svenskacasino.com: did not receive HSTS header
+svenskaservern.se: could not connect to host
+svetjakonadlani.cz: did not receive HSTS header
+swaggerdile.com: could not connect to host
+swaleacademiestrust.org.uk: max-age too low: 2592000
+swanseapartyhire.co.uk: did not receive HSTS header
+swdatlantico.pt: could not connect to host
+sweetlegs.jp: could not connect to host
+sweetstreats.ca: could not connect to host
+swiggy.com: did not receive HSTS header
+swimming.ca: did not receive HSTS header
+swisstranslate.ch: did not receive HSTS header
+swisstranslate.fr: did not receive HSTS header
+swite.com: did not receive HSTS header
+swmd5c.org: could not connect to host
+swu.party: could not connect to host
+sx3.no: could not connect to host
+sxbk.pw: could not connect to host
+sy-anduril.de: could not connect to host
+syam.cc: could not connect to host
+sydgrabber.tk: could not connect to host
+sykl.us: could not connect to host
+sylvangarden.org: could not connect to host
+sylvanorder.com: could not connect to host
+synackr.com: could not connect to host
+synapticconsulting.co.uk: could not connect to host
+syncappate.com: could not connect to host
+syncclinicalstudy.com: could not connect to host
+syncer.jp: did not receive HSTS header
+syncserve.net: did not receive HSTS header
+syneic.com: did not receive HSTS header
+synergisticsoccer.com: could not connect to host
+syno.gq: could not connect to host
+syntaxoff.com: could not connect to host
+syrocon.ch: could not connect to host
+sysadminstory.com: could not connect to host
+sysdb.io: could not connect to host
+sysgeek.cn: could not connect to host
+syso.name: could not connect to host
+syspen.space: did not receive HSTS header
+sysrq.tech: could not connect to host
+syss.de: did not receive HSTS header
+systemd.me: could not connect to host
+syy.hk: could not connect to host
+szaszm.tk: max-age too low: 0
+t-complex.space: could not connect to host
+t-ken.xyz: could not connect to host
+t-tz.com: could not connect to host
+t0dd.eu: could not connect to host
+t3rror.net: could not connect to host
+t4c-rebirth.com: could not connect to host
+t4x.org: could not connect to host
+taabe.xyz: could not connect to host
+tabelfirme.ro: did not receive HSTS header
+tadigitalstore.com: could not connect to host
+tafoma.com: did not receive HSTS header
+tageau.com: could not connect to host
+taglondon.org: did not receive HSTS header
+tahakomat.cz: could not connect to host
+taichi-jade.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tailify.com: did not receive HSTS header
+tails.com.ar: did not receive HSTS header
+takumi-s.net: did not receive HSTS header
+takusan.ru: could not connect to host
+talentuar.com: did not receive HSTS header
+tales-of-interia.de: could not connect to host
+talheim-records.ca: could not connect to host
+talk.google.com: did not receive HSTS header (error ignored - included regardless)
+talkitup.mx: could not connect to host
+talkitup.online: did not receive HSTS header
+talklifestyle.nl: could not connect to host
+talktwincities.com: could not connect to host
+tallr.se: could not connect to host
+tallshoe.com: could not connect to host
+tamex.xyz: could not connect to host
+tandarts-haarlem.nl: did not receive HSTS header
+tandem-trade.ru: could not connect to host
+tangel.me: could not connect to host
+tangibilizing.com: could not connect to host
+tangyue.date: could not connect to host
+tangzhao.net: could not connect to host
+taniesianie.pl: did not receive HSTS header
+tankfreunde.de: did not receive HSTS header
+tante-bugil.net: could not connect to host
+tantotiempo.de: could not connect to host
+tanze-jetzt.de: could not connect to host
+taotuba.net: did not receive HSTS header
+taozj.org: did not receive HSTS header
+tapfinder.ca: could not connect to host
+tapka.cz: did not receive HSTS header
+tappublisher.com: did not receive HSTS header
+targaryen.house: could not connect to host
+tarhauskielto.fi: could not connect to host
+tartaros.fi: could not connect to host
+tas2580.net: could not connect to host
+taskstats.com: could not connect to host
+taskulu.ir: could not connect to host
+tasmansecurity.com: could not connect to host
+tassup.com: could not connect to host
+tastyyy.co: could not connect to host
+tatilbus.com: did not receive HSTS header
+tatt.io: could not connect to host
+tattvaayoga.com: did not receive HSTS header
+tauchkater.de: could not connect to host
+tavoittaja.fi: did not receive HSTS header
+tavopica.lt: did not receive HSTS header
+taxbench.com: could not connect to host
+taxsnaps.co.nz: did not receive HSTS header
+tazj.in: did not receive HSTS header
+tazz.in: could not connect to host
+tbspace.de: did not receive HSTS header
+tc-bonito.de: did not receive HSTS header
+tcao.info: could not connect to host
+tcby45.xyz: could not connect to host
+tcdw.net: did not receive HSTS header
+tcl.ath.cx: did not receive HSTS header
+tcomms.org: max-age too low: 0
+tcp.expert: did not receive HSTS header
+tcpweb.net: could not connect to host
+tcwebvn.com: could not connect to host
+tdelmas.eu: could not connect to host
+tdelmas.ovh: could not connect to host
+tdsb.cf: could not connect to host
+tdsb.ga: could not connect to host
+tdsb.gq: could not connect to host
+tdsb.ml: could not connect to host
+tdsbhack.cf: could not connect to host
+tdsbhack.ga: could not connect to host
+tdsbhack.gq: could not connect to host
+tdsbhack.ml: could not connect to host
+tdsbhack.tk: could not connect to host
+teachforcanada.ca: did not receive HSTS header
+tealdrones.com: did not receive HSTS header
+team-teasers.com: could not connect to host
+teambeoplay.co.uk: did not receive HSTS header
+teamblueridge.org: could not connect to host
+teamhood.io: did not receive HSTS header
+teampoint.cz: could not connect to host
+teamsocial.co: did not receive HSTS header
+teamup.rocks: did not receive HSTS header
+teamzeus.cz: could not connect to host
+tearoy.faith: could not connect to host
+tebieer.com: could not connect to host
+tech-blog.fr: did not receive HSTS header
+tech-finder.fr: could not connect to host
+tech55i.com: could not connect to host
+techandtux.de: could not connect to host
+techask.it: could not connect to host
+techassist.io: did not receive HSTS header
+techcavern.ml: did not receive HSTS header
+techelements.co: did not receive HSTS header
+techfactslive.com: did not receive HSTS header
+techhipster.net: could not connect to host
+techhub.ml: could not connect to host
+techiehall.com: could not connect to host
+techllage.com: could not connect to host
+techloaner.com: could not connect to host
+techmasters.andover.edu: could not connect to host
+techmatehq.com: could not connect to host
+technogroup.cz: did not receive HSTS header
+technosavvyport.com: did not receive HSTS header
+technotonic.com.au: did not receive HSTS header
+techpit.us: could not connect to host
+techpointed.com: could not connect to host
+techproud.com: did not receive HSTS header
+techreview.link: could not connect to host
+techtoy.store: did not receive HSTS header
+techtraveller.com.au: did not receive HSTS header
+techview.link: did not receive HSTS header
+tecnimotos.com: did not receive HSTS header
+tecnogaming.com: did not receive HSTS header
+tecture.de: did not receive HSTS header
+tedovo.com: did not receive HSTS header
+tedxkmitl.com: could not connect to host
+teehaus-shila.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tefl.io: could not connect to host
+tegelsensanitaironline.nl: did not receive HSTS header
+tehotuotanto.net: did not receive HSTS header
+teknologi.or.id: max-age too low: 36000
+teknotes.co.uk: could not connect to host
+tekshrek.com: did not receive HSTS header
+tektoria.de: could not connect to host
+tel-dithmarschen.de: did not receive HSTS header
+teleallarme.ch: could not connect to host
+telefisk.org: did not receive HSTS header
+telefonnummer.online: could not connect to host
+telefoonnummerinfo.nl: could not connect to host
+telekollektiv.org: could not connect to host
+telescam.com: could not connect to host
+teletechnology.in: did not receive HSTS header
+teletra.ru: could not connect to host
+tellingua.com: did not receive HSTS header
+temasa.net: did not receive HSTS header
+temehu.com: did not receive HSTS header
+tempcraft.net: could not connect to host
+tempo.co: did not receive HSTS header
+tempodecolheita.com.br: could not connect to host
+tendertool.nl: could not connect to host
+tendoryu-aikido.org: did not receive HSTS header
+tenerife-villas.com: did not receive HSTS header
+tengroup.com: max-age too low: 0
+tenispopular.com: could not connect to host
+tenni.xyz: could not connect to host
+tensei-slime.com: did not receive HSTS header
+tensionup.com: could not connect to host
+tentins.com: could not connect to host
+teoleonie.com: did not receive HSTS header
+teos.online: could not connect to host
+terra-x.net: could not connect to host
+terra.by: did not receive HSTS header
+terrax.berlin: could not connect to host
+terrax.info: could not connect to host
+terrax.net: could not connect to host
+teru.com.br: could not connect to host
+test02.dk: did not receive HSTS header
+testandroid.xyz: could not connect to host
+testovaci.ml: could not connect to host
+tetramax.eu: did not receive HSTS header
+tetsai.com: could not connect to host
+teufelsystem.de: could not connect to host
+teulon.eu: could not connect to host
+texte-zur-taufe.de: did not receive HSTS header
+texter.at: did not receive HSTS header
+textoplano.xyz: could not connect to host
+textracer.dk: could not connect to host
+tf2stadium.com: did not receive HSTS header
+tfcoms-sp-tracker-client.azurewebsites.net: could not connect to host
+tffans.com: could not connect to host
+tfl.lu: did not receive HSTS header
+tgr.re: could not connect to host
+th-bl.de: did not receive HSTS header
+th3nd.com: did not receive HSTS header
+thagki9.com: did not receive HSTS header
+thaigirls.xyz: could not connect to host
+thaihostcool.com: did not receive HSTS header
+thailandpropertylisting.com: did not receive HSTS header
+thailandpropertylistings.com: did not receive HSTS header
+thalmann.fr: did not receive HSTS header
+thatvizsla.life: did not receive HSTS header
+the-construct.com: could not connect to host
+the-delta.net.eu.org: could not connect to host
+the-digitale.com: could not connect to host
+the-finance-blog.com: could not connect to host
+the-gist.io: could not connect to host
+the-sky-of-valkyries.com: could not connect to host
+the.ie: did not receive HSTS header
+theamateurs.net: did not receive HSTS header
+theamp.com: did not receive HSTS header
+theater.cf: could not connect to host
+theavenuegallery.com: did not receive HSTS header
+thebakingclass.com: did not receive HSTS header
+thebasementguys.com: could not connect to host
+thebeautifulmusic.net: did not receive HSTS header
+thebeginningisnye.com: could not connect to host
+theberkshirescompany.com: could not connect to host
+thebigfail.net: could not connect to host
+thebrightons.co.uk: did not receive HSTS header
+thebrightons.uk: could not connect to host
+thebrotherswarde.com: could not connect to host
+thecapitalbank.com: did not receive HSTS header
+thecharlestonwaldorf.com: did not receive HSTS header
+thechunk.net: could not connect to host
+theclementinebutchers.com: could not connect to host
+theclubjersey.com: did not receive HSTS header
+thecodeninja.net: did not receive HSTS header
+thecoffeehouse.xyz: could not connect to host
+thecuriousdev.com: did not receive HSTS header
+thedarkartsandcrafts.com: could not connect to host
+thedrop.pw: did not receive HSTS header
+thedystance.com: could not connect to host
+theelitebuzz.com: did not receive HSTS header
+theendofzion.com: did not receive HSTS header
+theepankar.com: could not connect to host
+theescapistswiki.com: could not connect to host
+theeyeopener.com: did not receive HSTS header
+thefarbeyond.com: could not connect to host
+theflowerbasketonline.com: could not connect to host
+thefootballanalyst.com: did not receive HSTS header
+thefox.co: could not connect to host
+thefreebirds.in: could not connect to host
+thefrk.xyz: could not connect to host
+thefrozenfire.com: did not receive HSTS header
+thefutureharrills.com: could not connect to host
+thegamerscamp.com: max-age too low: 0
+thego2swatking.com: could not connect to host
+thegoldregister.co.uk: could not connect to host
+thegreenvpn.com: did not receive HSTS header
+thehiddenbay.eu: could not connect to host
+thehiddenbay.me: could not connect to host
+thehiddenbay.net: could not connect to host
+thehighersideclothing.com: did not receive HSTS header
+thehistory.me: could not connect to host
+thehonorguard.org: did not receive HSTS header
+thehoopsarchive.com: could not connect to host
+thehotfix.net: could not connect to host
+theimagesalon.com: max-age too low: 43200
+theinvisibletrailer.com: could not connect to host
+theitsage.com: did not receive HSTS header
+thejobauction.com: did not receive HSTS header
+thejserver.de: could not connect to host
+thelapine.ca: did not receive HSTS header
+thelostyankee.com: could not connect to host
+themadmechanic.net: could not connect to host
+themanufacturingmarketingagency.com: could not connect to host
+themarble.co: could not connect to host
+themathbehindthe.science: could not connect to host
+themathematician.uk: could not connect to host
+themerchandiser.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+themicrocapital.com: could not connect to host
+themimitoof.fr: did not receive HSTS header
+themoderate.xyz: could not connect to host
+thenextstep.events: could not connect to host
+thenorthschool.org.uk: did not receive HSTS header
+thenrdhrd.nl: could not connect to host
+theodorejones.info: could not connect to host
+thepartywarehouse.co.uk: did not receive HSTS header
+thepcweb.tk: could not connect to host
+thepiratebay.al: could not connect to host
+thepiratebay.poker: could not connect to host
+thepiratebay.tech: could not connect to host
+theprincegame.com: could not connect to host
+theprivacysolution.com: could not connect to host
+thequillmagazine.org: could not connect to host
+therise.ca: max-age too low: 300
+thermique.ch: could not connect to host
+therockawaysny.com: did not receive HSTS header
+thescientists.nl: could not connect to host
+thesearchnerds.co.uk: did not receive HSTS header
+thesecurityteam.net: could not connect to host
+thesehighsandlows.com: could not connect to host
+theserver201.tk: could not connect to host
+theshopally.com: did not receive HSTS header
+theskingym.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+thesplit.is: could not connect to host
+thestack.xyz: could not connect to host
+thestagchorleywood.co.uk: did not receive HSTS header
+thesteins.org: could not connect to host
+thetechnical.me: did not receive HSTS header
+thethirdroad.com: could not connect to host
+thetradinghall.com: could not connect to host
+theurbanyoga.com: did not receive HSTS header
+thevintagenews.com: did not receive HSTS header
+thewallset.com: did not receive HSTS header
+thewebfellas.com: did not receive HSTS header
+theweilai.com: did not receive HSTS header
+theworkingeye.nl: could not connect to host
+thewp.pro: could not connect to host
+thezonders.com: did not receive HSTS header
+thgros.fr: could not connect to host
+thierfreund.de: could not connect to host
+thierryhayoz.ch: could not connect to host
+thinkcash.nl: could not connect to host
+thinkcoding.de: could not connect to host
+thinkcoding.org: could not connect to host
+thinkdo.jp: could not connect to host
+thinkheaddesign.com: did not receive HSTS header
+thinlyveiledcontempt.com: could not connect to host
+thirdpartytrade.com: did not receive HSTS header
+thirty5.net: did not receive HSTS header
+thisisacompletetest.ga: could not connect to host
+thisisforager.com: could not connect to host
+thiswasalreadymyusername.tk: could not connect to host
+thiswebhost.com: did not receive HSTS header
+thkb.net: could not connect to host
+thomas-ferney.fr: did not receive HSTS header
+thomas-gibertie.fr: did not receive HSTS header
+thomasbreads.com: max-age too low: 86400
+thomascloud.ddns.net: could not connect to host
+thomasharvey.me: did not receive HSTS header
+thomaskliszowski.fr: did not receive HSTS header
+thomasmeester.nl: did not receive HSTS header
+thomasnet.fr: could not connect to host
+thomasschweizer.net: could not connect to host
+thompsonfamily.cloud: could not connect to host
+thorncreek.net: did not receive HSTS header
+threv.net: could not connect to host
+thriveapproach.co.uk: did not receive HSTS header
+thrivewellnesshub.co.za: did not receive HSTS header
+throughthelookingglasslens.co.uk: could not connect to host
+thumbtack.com: did not receive HSTS header
+thundercampaign.com: could not connect to host
+ti.blog.br: could not connect to host
+tianxicaipiao.win: could not connect to host
+tianxicp.com: could not connect to host
+tianxing.pro: did not receive HSTS header
+tianxingvpn.pro: could not connect to host
+ticketoplichting.nl: did not receive HSTS header
+tickopa.co.uk: could not connect to host
+tickreport.com: did not receive HSTS header
+ticktock.today: did not receive HSTS header
+tictactux.de: could not connect to host
+tidmore.us: could not connect to host
+tidycustoms.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tiendschuurstraat.nl: could not connect to host
+tiensnet.com: could not connect to host
+tierrarp.com: could not connect to host
+tiffnix.com: could not connect to host
+tightlineproductions.com: did not receive HSTS header
+tikutiku.pl: could not connect to host
+tildebot.com: could not connect to host
+tilient.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tilikum.io: did not receive HSTS header
+tilkah.com.au: did not receive HSTS header
+tillcraft.com: could not connect to host
+timbeilby.com: could not connect to host
+timbuktutimber.com: did not receive HSTS header
+timcamara.com: could not connect to host
+time-river.xyz: could not connect to host
+timeatlas.com: did not receive HSTS header
+timesavingplugins.com: could not connect to host
+timesavingplugins.net: could not connect to host
+timeserver0.de: could not connect to host
+timeserver1.de: could not connect to host
+timeserver2.de: could not connect to host
+timeserver3.de: could not connect to host
+timestamp.io: did not receive HSTS header
+timhjalpen.se: could not connect to host
+timnash.co.uk: max-age too low: 2592000
+timotrans.de: did not receive HSTS header
+timotrans.eu: did not receive HSTS header
+timowi.de: could not connect to host
+timowi.net: could not connect to host
+timschubert.net: max-age too low: 172800
+timvandekamp.nl: did not receive HSTS header
+timwittenberg.com: could not connect to host
+tinchbear.xyz: could not connect to host
+tindewen.net: could not connect to host
+tink.network: could not connect to host
+tintenprofi.de: max-age too low: 6307200
+tipsyk.ru: could not connect to host
+tiredofeating.com: could not connect to host
+tiremoni.ch: did not receive HSTS header
+tirex.media: did not receive HSTS header
+titanlab.de: could not connect to host
+titanleaf.com: could not connect to host
+titouan.co: did not receive HSTS header
+tittarpuls.se: could not connect to host
+titties.ml: could not connect to host
+tjc.wiki: could not connect to host
+tjeckien.guide: could not connect to host
+tkappertjedemetamorfose.nl: could not connect to host
+tkarstens.de: did not receive HSTS header
+tkn.tokyo: could not connect to host
+tkonstantopoulos.tk: could not connect to host
+tlcdn.net: could not connect to host
+tlo.hosting: could not connect to host
+tlo.link: could not connect to host
+tlo.network: could not connect to host
+tls.li: could not connect to host
+tlsbv.nl: did not receive HSTS header
+tlshost.net: could not connect to host
+tm-solutions.eu: could not connect to host
+tmaward.net: could not connect to host
+tmhlive.com: could not connect to host
+tmitchell.io: could not connect to host
+tmprod.com: did not receive HSTS header
+tmtradingmorocco.ma: did not receive HSTS header
+tnb-plattform.de: could not connect to host
+tncnanet.com.br: could not connect to host
+tno.io: could not connect to host
+tnrsca.jp: did not receive HSTS header
+tobaby.com.br: could not connect to host
+tobaccore.eu: could not connect to host
+tobaccore.sk: could not connect to host
+tobias-bielefeld.de: did not receive HSTS header
+tobiasmathes.com: could not connect to host
+tobiasmathes.name: could not connect to host
+tobiasofficial.at: could not connect to host
+tobiassachs.cf: could not connect to host
+tobiassachs.tk: could not connect to host
+todapolitica.com: did not receive HSTS header
+todesschaf.org: could not connect to host
+todo.is: did not receive HSTS header
+todobazar.es: could not connect to host
+todoscomciro.com: did not receive HSTS header
+todosrv.com: could not connect to host
+tofu.im: could not connect to host
+togelonlinecommunity.com: did not receive HSTS header
+toka.sg: did not receive HSTS header
+tokenloan.com: could not connect to host
+tokkee.org: could not connect to host
+tokoindo.top: could not connect to host
+tokoone.com: did not receive HSTS header
+tokotamz.net: could not connect to host
+tokotimbangandigitalmurah.web.id: did not receive HSTS header
+tokoyo.biz: could not connect to host
+tollmanz.com: did not receive HSTS header
+tollsjekk.no: could not connect to host
+tolud.com: did not receive HSTS header
+tom.run: did not receive HSTS header
+tomeara.net: could not connect to host
+tomevans.io: did not receive HSTS header
+tomlankhorst.nl: did not receive HSTS header
+tomli.me: could not connect to host
+tomm.yt: could not connect to host
+tommounsey.com: could not connect to host
+tommsy.com: did not receive HSTS header
+tommyads.com: could not connect to host
+tommyweber.de: did not receive HSTS header
+tomphill.co.uk: could not connect to host
+tonburi.jp: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+toncusters.nl: could not connect to host
+tongmu.me: did not receive HSTS header
+tonyfantjr.com: could not connect to host
+toomanypillows.com: could not connect to host
+tooolroc.org: could not connect to host
+top-stage.net: could not connect to host
+topbestsellerproduct.com: did not receive HSTS header
+topdeskdev.net: could not connect to host
+topdetoxcleanse.com: could not connect to host
+topmarine.se: could not connect to host
+topnewstoday.org: could not connect to host
+topnotchendings.com: could not connect to host
+topnovini.com: did not receive HSTS header
+toppik.com.br: could not connect to host
+topshelfguild.com: could not connect to host
+toptenthebest.com: did not receive HSTS header
+toptranslation.com: did not receive HSTS header
+topyx.com: did not receive HSTS header
+tor2web.org: could not connect to host
+torahanytime.com: did not receive HSTS header
+torchl.it: could not connect to host
+torlock.download: could not connect to host
+torproject.org.uk: could not connect to host
+torrentdownloads.bid: did not receive HSTS header
+torrenttop100.net: did not receive HSTS header
+torrentz.website: could not connect to host
+tortugalife.de: could not connect to host
+torv.rocks: did not receive HSTS header
+tosecure.link: could not connect to host
+toshnix.com: could not connect to host
+toshub.com: could not connect to host
+totalle.com.br: could not connect to host
+totallynotaserver.com: could not connect to host
+totalsystemcare.com: did not receive HSTS header
+totalworkout.fitness: did not receive HSTS header
+totch.de: could not connect to host
+totem-eshop.cz: could not connect to host
+totoro.pub: did not receive HSTS header
+totot.net: could not connect to host
+toucedo.de: could not connect to host
+touch-up-net.com: could not connect to host
+touchbasemail.com: did not receive HSTS header
+touchpointidg.us: could not connect to host
+touchscreen-handy.de: did not receive HSTS header
+touchstonefms.co.uk: did not receive HSTS header
+touchtable.nl: did not receive HSTS header
+touchwoodtrees.com.au: did not receive HSTS header
+tourpeer.com: did not receive HSTS header
+toursandtransfers.it: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+toxicip.com: could not connect to host
+toxme.se: did not receive HSTS header
+toyotamotala.se: could not connect to host
+tpbcdn.com: could not connect to host
+tpblist.xyz: could not connect to host
+tpe-edu.com: could not connect to host
+tpms4u.at: did not receive HSTS header
+tppdebate.org: did not receive HSTS header
+tracetracker.com: did not receive HSTS header
+track.plus: could not connect to host
+trackdays4fun.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tracker-gps.ch: could not connect to host
+tracktivity.com.au: could not connect to host
+trade-smart.ru: could not connect to host
+tradingcentre.com.au: did not receive HSTS header
+tradinghope.com: could not connect to host
+traditional-knowledge.tk: did not receive HSTS header
+trafficquality.org: could not connect to host
+traffictigers.com: max-age too low: 2592000
+traforet.win: could not connect to host
+traindb.nl: did not receive HSTS header
+training4girls.ru: could not connect to host
+traininglist.org: did not receive HSTS header
+trainingproviderresults.gov: could not connect to host
+trainut.com: could not connect to host
+trakfusion.com: could not connect to host
+trance-heal.com: did not receive HSTS header
+trance-heal.de: did not receive HSTS header
+trance-heal.me: did not receive HSTS header
+tranceheal.com: did not receive HSTS header
+tranceheal.de: did not receive HSTS header
+tranceheal.me: did not receive HSTS header
+tranos.de: did not receive HSTS header
+transcendmotor.sg: could not connect to host
+transcriptionwave.com: did not receive HSTS header
+transdirect.com.au: did not receive HSTS header
+transformify.org: did not receive HSTS header
+transl8.eu: did not receive HSTS header
+translate.googleapis.com: did not receive HSTS header (error ignored - included regardless)
+transportal.sk: did not receive HSTS header
+traumhuetten.de: did not receive HSTS header
+travality.ru: could not connect to host
+travel-kuban.ru: did not receive HSTS header
+travelinsightswriter.com: could not connect to host
+travelinsurance.co.nz: did not receive HSTS header
+travotion.com: could not connect to host
+trazosdearte.com: did not receive HSTS header
+treasuredinheritanceministry.com: max-age too low: 2592000
+treatprostatewithhifu.com: could not connect to host
+treeby.net: could not connect to host
+treeremovaljohannesburg.co.za: could not connect to host
+treino.blog.br: could not connect to host
+treker.us: could not connect to host
+trell.co.in: did not receive HSTS header
+trendberry.ru: could not connect to host
+triadwars.com: did not receive HSTS header
+trialmock.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tridimage.com: did not receive HSTS header
+trileg.net: could not connect to host
+trinityaffirmations.com: max-age too low: 0
+trinitycore.org: max-age too low: 2592000
+tripdelta.com: did not receive HSTS header
+tripinsider.club: did not receive HSTS header
+tristanfarkas.one: could not connect to host
+trixies-wish.nz: could not connect to host
+trixy.com.br: could not connect to host
+troi.de: did not receive HSTS header
+trollme.me: could not connect to host
+trollscave.xyz: could not connect to host
+troo.ly: could not connect to host
+true.ink: did not receive HSTS header
+truebred-labradors.com: did not receive HSTS header
+trunkjunk.co: did not receive HSTS header
+trustedinnovators.com: did not receive HSTS header
+trusteecar.com: did not receive HSTS header
+trustmeimfancy.com: could not connect to host
+trybind.com: could not connect to host
+trynowrinkleseyeserum.com: could not connect to host
+tryoneday.co: did not receive HSTS header
+ts2.se: could not connect to host
+ts3.consulting: could not connect to host
+tsaro.io: could not connect to host
+tsdom.net: could not connect to host
+tsecy.com: could not connect to host
+tsgoc.com: did not receive HSTS header
+tsrstore.gq: could not connect to host
+tssouthernpower.com: max-age too low: 0
+tsumegumi.net: could not connect to host
+tsurezurematome.ga: could not connect to host
+tsurimap.com: could not connect to host
+tsutsumi-kogyo.jp: could not connect to host
+ttackmedical.com.br: could not connect to host
+tts.co.nz: did not receive HSTS header
+tuamoronline.com: could not connect to host
+tubbutec.de: did not receive HSTS header
+tubepro.de: did not receive HSTS header
+tubetoon.com: did not receive HSTS header
+tubetooncartoons.com: did not receive HSTS header
+tubex.ga: could not connect to host
+tucidi.net: could not connect to host
+tucker.wales: could not connect to host
+tucnak.eu: could not connect to host
+tunai.id: could not connect to host
+tunca.it: did not receive HSTS header
+tunebitfm.de: could not connect to host
+tupizm.com: could not connect to host
+turkiet.guide: could not connect to host
+turkrock.com: did not receive HSTS header
+turn-sticks.com: could not connect to host
+turnik-67.ru: could not connect to host
+turniker.ru: could not connect to host
+turnsticks.com: could not connect to host
+turtlementors.com: could not connect to host
+tusb.ml: did not receive HSTS header
+tussengelegenwoningverkopen.nl: could not connect to host
+tuthowto.com: did not receive HSTS header
+tutiendaroja.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tutiendarosa.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tuturulianda.com: did not receive HSTS header
+tuvalie.com: could not connect to host
+tuxcall.de: could not connect to host
+tuxhound.org: could not connect to host
+tuxz.net: could not connect to host
+tv.search.yahoo.com: could not connect to host
+tverdohleb.com: could not connect to host
+tvtubeflix.com: did not receive HSTS header
+tvz-materijali.com: could not connect to host
+tw2-tools.ga: could not connect to host
+twarog.cc: could not connect to host
+twee-onder-een-kap-woning-in-alphen-aan-den-rijn-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-brielle-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-de-friese-meren-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-delfzijl-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-leeuwarden-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-pekela-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-rijnwaarden-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-sudwest-fryslan-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-veendam-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-zuidplas-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-zwartewaterland-kopen.nl: could not connect to host
+tweeondereenkapverkopen.nl: could not connect to host
+tweeondereenkapwoningverkopen.nl: could not connect to host
+tweetify.io: could not connect to host
+twelverocks.com: did not receive HSTS header
+twillionmas.com: could not connect to host
+twinkieman.com: could not connect to host
+twinkseason.ca: could not connect to host
+twinkseason.co: could not connect to host
+twinkseason.co.uk: could not connect to host
+twinkseason.net: could not connect to host
+twinkseason.org: could not connect to host
+twinkseason.xyz: could not connect to host
+twiri.net: could not connect to host
+twist.party: could not connect to host
+twittelzie.nl: could not connect to host
+twitter.ax: could not connect to host
+twogo.com: did not receive HSTS header
+twolinepassbrewing.com: could not connect to host
+twolivelife.com: could not connect to host
+twotube.ie: could not connect to host
+tx041cap.org: did not receive HSTS header
+txclimbers.com: could not connect to host
+txcp01.com: did not receive HSTS header
+txcp02.com: did not receive HSTS header
+txf.pw: could not connect to host
+ty2u.com: did not receive HSTS header
+tykoon.com: could not connect to host
+tylerharcourt.com: could not connect to host
+tylian.net: max-age too low: 0
+typeofweb.com: did not receive HSTS header
+typingrevolution.com: did not receive HSTS header
+tyreis.com: did not receive HSTS header
+tyrelius.com: could not connect to host
+tyroproducts.eu: did not receive HSTS header
+tyroremotes.eu: did not receive HSTS header
+tyroremotes.no: did not receive HSTS header
+tyskland.guide: could not connect to host
+tysye.ca: could not connect to host
+tzappa.net: could not connect to host
+tzwe.com: could not connect to host
+u-blox.com: max-age too low: 0
+uadp.pw: did not receive HSTS header
+uber.com.au: did not receive HSTS header
+uberfunction.com: did not receive HSTS header
+ubi.gg: could not connect to host
+ubicloud.de: did not receive HSTS header
+ubicv.com: could not connect to host
+ublox.com: did not receive HSTS header
+uborcare.com: could not connect to host
+ubuntuhot.com: did not receive HSTS header
+uddi.ng: did not receive HSTS header
+uefeng.com: did not receive HSTS header
+uega.net: did not receive HSTS header
+ueu.me: could not connect to host
+ufgaming.com: did not receive HSTS header
+ufotable.uk: could not connect to host
+ugisgutless.com: did not receive HSTS header
+ugo.ninja: could not connect to host
+ugosadventures.com: could not connect to host
+uhm.io: could not connect to host
+ukas.com: did not receive HSTS header
+ukdropshipment.co.uk: did not receive HSTS header
+ukdropshipment.com: did not receive HSTS header
+ukk.dk: did not receive HSTS header
+ukrgadget.com: could not connect to host
+ulabox.cat: did not receive HSTS header
+ulabox.es: did not receive HSTS header
+ullamodaintima.com.br: could not connect to host
+ulmer-schneesport.de: did not receive HSTS header
+ulmo.dk: could not connect to host
+ulti.gq: could not connect to host
+ultimate-garcinia-plus.com: could not connect to host
+ultimate-glow-skin.com: could not connect to host
+ultimate-memoryplus.com: could not connect to host
+ultimate-neuroplus.com: could not connect to host
+ultros.io: did not receive HSTS header
+umaimise.info: did not receive HSTS header
+umgardi.ca: could not connect to host
+umidev.com: did not receive HSTS header
+umie.cc: did not receive HSTS header
+umsapi.com: could not connect to host
+umwandeln-online.de: did not receive HSTS header
+unart.info: could not connect to host
+unbanthe.net: could not connect to host
+unblockat.tk: could not connect to host
+unblocked-networks.org: could not connect to host
+unblocked.date: could not connect to host
+unblocked.faith: could not connect to host
+unblocked.host: could not connect to host
+unblocked.party: could not connect to host
+unblocked.st: did not receive HSTS header
+unblocked.today: could not connect to host
+unblocked.win: did not receive HSTS header
+unblocked.works: could not connect to host
+unblocked.world: could not connect to host
+unblockedall.site: could not connect to host
+unblockerproxy.site: could not connect to host
+unblockerproxy.top: could not connect to host
+unblockmy.party: could not connect to host
+unblockmy.tech: did not receive HSTS header
+unblockmy.xyz: did not receive HSTS header
+unblockmyproxy.site: could not connect to host
+unblockthe.site: did not receive HSTS header
+unblockthe.top: could not connect to host
+unccdesign.club: could not connect to host
+unclegen.xyz: could not connect to host
+under30stravelinsurance.com.au: did not receive HSTS header
+underkin.com: could not connect to host
+unefuite.ch: could not connect to host
+unexpected.nu: could not connect to host
+unfiltered.nyc: could not connect to host
+ungern.guide: could not connect to host
+unhu.fr: could not connect to host
+uni-games.com: could not connect to host
+uni2share.com: could not connect to host
+unicefkaarten.be: did not receive HSTS header
+unicooo.com: could not connect to host
+unicorn.li: could not connect to host
+unifei.edu.br: did not receive HSTS header
+uniformecomgas.com.br: could not connect to host
+uniformehumboldt.com.br: did not receive HSTS header
+unikitty-on-tour.com: could not connect to host
+unionstationapp.com: could not connect to host
+unison.com: did not receive HSTS header
+unisyssecurity.com: did not receive HSTS header
+uniteasia.org: did not receive HSTS header
+unitedcyberdevelopment.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+unitlabs.net: could not connect to host
+unitrade-425.co.za: did not receive HSTS header
+university4industry.com: did not receive HSTS header
+univz.com: could not connect to host
+unixtime.pro: could not connect to host
+unknownbreakup.com: did not receive HSTS header
+unknownphenomena.net: could not connect to host
+unplugg3r.dk: could not connect to host
+unravel.ie: could not connect to host
+unsupervised.ca: did not receive HSTS header
+unsystem.net: could not connect to host
+unwiredbrain.com: could not connect to host
+unwomen.is: did not receive HSTS header
+unyq.me: did not receive HSTS header
+uonstaffhub.com: could not connect to host
+uow.ninja: could not connect to host
+up1.ca: could not connect to host
+upaknship.com: did not receive HSTS header
+upboard.jp: could not connect to host
+upldr.pw: could not connect to host
+uploadbro.com: could not connect to host
+uporoops.com: could not connect to host
+uprotect.it: could not connect to host
+upstats.eu: could not connect to host
+uptic.net: did not receive HSTS header
+ur-lauber.de: did not receive HSTS header
+urandom.eu.org: did not receive HSTS header
+urban-garden.lt: could not connect to host
+urban-garden.lv: could not connect to host
+urbanstylestaging.com: did not receive HSTS header
+urbpic.com: could not connect to host
+urcentral.org: could not connect to host
+urlchomp.com: did not receive HSTS header
+urown.net: could not connect to host
+urphp.com: could not connect to host
+us-immigration.com: did not receive HSTS header
+usaab.org: did not receive HSTS header
+usbirthcertificate.com: could not connect to host
+usbtypeccompliant.com: could not connect to host
+uscitizenship.info: did not receive HSTS header
+uscntalk.com: could not connect to host
+uscp8.com: could not connect to host
+uscurrency.gov: did not receive HSTS header
+used-in.jp: could not connect to host
+user-new.com: did not receive HSTS header
+usercare.com: did not receive HSTS header
+userify.com: max-age too low: 0
+uslab.io: could not connect to host
+usportsgo.com: could not connect to host
+usr.nz: did not receive HSTS header
+ustr.gov: max-age too low: 86400
+utdscanner.com: did not receive HSTS header
+utilitronium-shockwave.com: could not connect to host
+utleieplassen.no: could not connect to host
+utopiagalaxy.space: could not connect to host
+utopian-surgery.com: could not connect to host
+utopianconcept.com: did not receive HSTS header
+utopianhomespa.com: did not receive HSTS header
+utopianrealms.org: did not receive HSTS header
+utopians.dk: did not receive HSTS header
+uttnetgroup.fr: did not receive HSTS header
+utumno.ch: could not connect to host
+utvbloggen.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+uvarov.pw: did not receive HSTS header
+uwesander.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+uwstartups.com: could not connect to host
+uxux.pl: could not connect to host
+uygindir.ml: could not connect to host
+uyym.com: could not connect to host
+uzmandroid.com: did not receive HSTS header
+uzmandroid.net: could not connect to host
+uzmandroid.top: could not connect to host
+v-desk.ga: did not receive HSTS header
+v0rtex.xyz: could not connect to host
+v0tti.com: could not connect to host
+v12.co.uk: did not receive HSTS header
+v2.pw: did not receive HSTS header
+v2ex.us: could not connect to host
+v4s.ro: did not receive HSTS header
+v4veedu.com: could not connect to host
+v7.cl: could not connect to host
+v789xl.com: did not receive HSTS header
+vaaddress.co: could not connect to host
+vaalmarketplace.co.za: did not receive HSTS header
+vacationality.com: could not connect to host
+vacationfund.co: could not connect to host
+vackerbetong.se: could not connect to host
+vacuumreviewcenter.com: did not receive HSTS header
+vaddder.com: could not connect to host
+vadik.me: could not connect to host
+vadodesign.nl: did not receive HSTS header
+vaeplatform.com: could not connect to host
+vaioswolke.xyz: could not connect to host
+valaeris.de: could not connect to host
+valecnatechnika.cz: could not connect to host
+valenhub.com: could not connect to host
+valenhub.es: could not connect to host
+valenscaelum.com: could not connect to host
+valethound.com: could not connect to host
+valhalla-agency.com: max-age too low: 0
+valhallacostarica.com: could not connect to host
+valhallamovement.com: did not receive HSTS header
+valitron.se: did not receive HSTS header
+valkyrja.xyz: could not connect to host
+valleyridgepta.org: could not connect to host
+vallis.net: did not receive HSTS header
+valmagus.com: could not connect to host
+vamoaeturismo.com.br: could not connect to host
+vampirism.eu: could not connect to host
+vanacht.co.za: did not receive HSTS header
+vanajahosting.com: did not receive HSTS header
+vanderkley.it: could not connect to host
+vanderstraeten.dynv6.net: could not connect to host
+vanestack.com: could not connect to host
+vanitas.xyz: could not connect to host
+vanitynailworkz.com: could not connect to host
+vansieleghem.com: could not connect to host
+vapecraftinc.com: did not receive HSTS header
+vapeshopsupply.com: could not connect to host
+varela-electricite.fr: could not connect to host
+vasa-webstranka.sk: did not receive HSTS header
+vasanth.org: could not connect to host
+vayaport.com: could not connect to host
+vbest.net: could not connect to host
+vbhelp.org: did not receive HSTS header
+vbulletin-russia.com: could not connect to host
+vbulletinrussia.com: could not connect to host
+vcdove.com: could not connect to host
+vcr.re: could not connect to host
+vdhco.be: did not receive HSTS header
+veblen.com: did not receive HSTS header
+vechkasov.ru: did not receive HSTS header
+vedatkamer.com: did not receive HSTS header
+vega.dyndns.info: could not connect to host
+veganosonline.com: could not connect to host
+veggiefasting.com: could not connect to host
+veggiesbourg.fr: did not receive HSTS header
+vegis.ro: did not receive HSTS header
+vehent.org: did not receive HSTS header
+vehicleuplift.co.uk: did not receive HSTS header
+velen.io: could not connect to host
+vemokin.net: could not connect to host
+venixplays-stream.ml: could not connect to host
+venmos.com: did not receive HSTS header
+vennet.fr: max-age too low: 0
+venoom.eu: did not receive HSTS header
+venturavwparts.com: could not connect to host
+venturepro.com: did not receive HSTS header
+ventzke.com: did not receive HSTS header
+venzocrm.com: did not receive HSTS header
+verdeandco.co.uk: could not connect to host
+verifiedinvesting.com: did not receive HSTS header
+verifikatorindonesia.com: could not connect to host
+veristor.com: did not receive HSTS header
+vermontcareergateway.org: could not connect to host
+versfin.net: could not connect to host
+versia.ru: did not receive HSTS header
+veryhax.de: could not connect to host
+veryyounglesbians.com: could not connect to host
+vestacp.top: could not connect to host
+vetdnacenter.com: did not receive HSTS header
+veterinaire-cazeres-foucault.fr: could not connect to host
+vethouse.com.ua: did not receive HSTS header
+vetmgmt.com: could not connect to host
+veto.fish: could not connect to host
+vfree.org: could not connect to host
+vgatest.nl: could not connect to host
+vglimg.com: could not connect to host
+vh.net: could not connect to host
+vhost.co.id: could not connect to host
+viabemestar.com.br: could not connect to host
+viadeux.com: did not receive HSTS header
+viasinc.com: did not receive HSTS header
+vicenage.com: could not connect to host
+viceversa.xyz: did not receive HSTS header
+vicianovi.cz: could not connect to host
+victorenxovais.com.br: could not connect to host
+victoriapemberton.com: did not receive HSTS header
+vid.me: did not receive HSTS header
+vidbuchanan.co.uk: did not receive HSTS header
+viddiaz.com: did not receive HSTS header
+videomail.io: did not receive HSTS header
+videomuz.com: could not connect to host
+videorullen.se: could not connect to host
+videotogel.net: did not receive HSTS header
+videoueberwachung-set.de: did not receive HSTS header
+vider.ga: could not connect to host
+vidid.net: did not receive HSTS header
+vidz.ga: could not connect to host
+vietnamchevrolet.net: did not receive HSTS header
+vietnamphotographytours.com: could not connect to host
+vigilo.cf: could not connect to host
+vigilo.ga: could not connect to host
+vijos.org: did not receive HSTS header
+vikasbabyworld.de: could not connect to host
+viktor-machnik.de: could not connect to host
+viktorsvantesson.net: did not receive HSTS header
+vilaydin.com: could not connect to host
+vilight.com.br: could not connect to host
+villacarmela.com.br: did not receive HSTS header
+villenvinkit.com: did not receive HSTS header
+vimeosucks.nyc: could not connect to host
+vinasec.se: could not connect to host
+vinbet.org: could not connect to host
+vinbet000.com: could not connect to host
+vinbet111.com: could not connect to host
+vinbet222.com: could not connect to host
+vinbet333.com: could not connect to host
+vinbet444.com: could not connect to host
+vinbet555.com: could not connect to host
+vinbet666.com: could not connect to host
+vinbet888.com: could not connect to host
+vincentkooijman.at: did not receive HSTS header
+vincentkooijman.nl: could not connect to host
+vinciconps4.it: could not connect to host
+vinesauce.info: could not connect to host
+vinetalk.net: could not connect to host
+viniferawineclub.com: did not receive HSTS header
+vinsetchampagne.fr: did not receive HSTS header
+vintageheartcoffee.com: max-age too low: 0
+vio.no: did not receive HSTS header
+violenceinterrupted.org: did not receive HSTS header
+viosey.com: could not connect to host
+viperdns.com: could not connect to host
+viphospitality.se: could not connect to host
+viplentes.com.br: did not receive HSTS header
+vipmusic.ga: could not connect to host
+viral8.jp: could not connect to host
+virginiacrimeanalysisnetwork.org: did not receive HSTS header
+virtualstrongbox.ca: could not connect to host
+visanhigia.com: could not connect to host
+viserproject.com: did not receive HSTS header
+vision-painting.com: did not receive HSTS header
+visiongamestudios.com: could not connect to host
+visionthroughknowledge.com: could not connect to host
+visiontree.eu: could not connect to host
+visitbroadstairs.com: could not connect to host
+vissanum.com: did not receive HSTS header
+vissersgrootboek.nl: did not receive HSTS header
+vistarait.com: could not connect to host
+visualvotes.co.uk: could not connect to host
+vitagenda.nl: could not connect to host
+vitalita.cz: did not receive HSTS header
+vitalorange.com: max-age too low: 7889238
+vitamaxxi.com.br: could not connect to host
+vitta.me: did not receive HSTS header
+viva-french.com: did not receive HSTS header
+vivasports.com.br: could not connect to host
+vivocloud.com: could not connect to host
+vivremoinscher.fr: did not receive HSTS header
+vizeat.com: did not receive HSTS header
+vlastimilburian.cz: did not receive HSTS header
+vlogge.com: could not connect to host
+vlora.city: could not connect to host
+vm0.eu: could not connect to host
+vmrdev.com: could not connect to host
+voceinveste.com: did not receive HSTS header
+voeux.io: could not connect to host
+vogt.tech: could not connect to host
+voicesuk.co.uk: did not receive HSTS header
+voidi.ca: could not connect to host
+voidserv.net: could not connect to host
+volcain.io: could not connect to host
+volcrado.com: did not receive HSTS header
+volkden.com: could not connect to host
+vomitb.in: did not receive HSTS header
+vonavy-cukor.sk: could not connect to host
+vonavycukor.sk: could not connect to host
+vonterra.us: did not receive HSTS header
+vooreenveiligthuis.nl: did not receive HSTS header
+voorjou.com: did not receive HSTS header
+vorangerie.com: could not connect to host
+vorderklier.de: could not connect to host
+vorlif.org: could not connect to host
+vorodevops.com: could not connect to host
+vortexhobbies.com: did not receive HSTS header
+vosjesweb.nl: could not connect to host
+votresiteweb.ch: could not connect to host
+vowsy.club: did not receive HSTS header
+vox.vg: did not receive HSTS header
+vpip.net: could not connect to host
+vpl.me: did not receive HSTS header
+vpls.co.th: max-age too low: 0
+vpls.com: did not receive HSTS header
+vpls.net: max-age too low: 0
+vplssolutions.com: did not receive HSTS header
+vpn-byen.dk: did not receive HSTS header
+vpn.pics: did not receive HSTS header
+vpnhot.com: could not connect to host
+vps-szerver-berles.hu: could not connect to host
+vpsmojo.com: could not connect to host
+vratny.space: could not connect to host
+vriendenvoordeel.com: did not receive HSTS header
+vrijstaandhuis-in-alphen-aan-den-rijn-kopen.nl: could not connect to host
+vrijstaandhuis-in-brielle-kopen.nl: could not connect to host
+vrijstaandhuis-in-delfzijl-kopen.nl: could not connect to host
+vrijstaandhuis-in-friesland-kopen.nl: could not connect to host
+vrijstaandhuis-in-laren-kopen.nl: could not connect to host
+vrijstaandhuis-in-leeuwarden-kopen.nl: could not connect to host
+vrijstaandhuis-in-veendam-kopen.nl: could not connect to host
+vrijstaandhuis-in-zeeland-kopen.nl: could not connect to host
+vrijstaandhuis-in-zuid-holland-kopen.nl: could not connect to host
+vrijstaandhuis-in-zuidplas-kopen.nl: could not connect to host
+vrijstaandhuis-in-zwartewaterland-kopen.nl: could not connect to host
+vrijstaandhuisverkopen.nl: could not connect to host
+vrobert.fr: could not connect to host
+vrtouring.org: could not connect to host
+vsc-don-stocksport.de: did not receive HSTS header
+vsestiralnie.com: did not receive HSTS header
+vvl.me: did not receive HSTS header
+vxapps.com: could not connect to host
+vxml.club: could not connect to host
+vxstream-sandbox.com: did not receive HSTS header
+vyncke.org: max-age too low: 2678400
+vyvybean.cf: could not connect to host
+vyvygen.com: did not receive HSTS header
+vzk.io: could not connect to host
+w2gshop.com.br: could not connect to host
+w4a.fr: could not connect to host
+w4nvu.org: could not connect to host
+w4xzr.top: could not connect to host
+w4xzr.xyz: could not connect to host
+wabifoggynuts.com: could not connect to host
+wachtwoordencheck.nl: could not connect to host
+wahhoi.net: did not receive HSTS header
+wait.moe: could not connect to host
+waixingrenfuli7.vip: could not connect to host
+wakapp.de: could not connect to host
+wakened.net: did not receive HSTS header
+walkeryoung.ca: could not connect to host
+wallabag.it: did not receive HSTS header
+wallabag.org: did not receive HSTS header
+wallet.google.com: did not receive HSTS header (error ignored - included regardless)
+wallpapers.pub: could not connect to host
+wallsblog.dk: could not connect to host
+walnutgaming.co.uk: could not connect to host
+walterlynnmosley.com: did not receive HSTS header
+wanashi.com: could not connect to host
+wanban.io: could not connect to host
+wanda76.com: could not connect to host
+wanda78.com: could not connect to host
+wanda79.com: could not connect to host
+wanda96.com: could not connect to host
+wanda97.com: could not connect to host
+wanda98.com: could not connect to host
+wangjun.me: did not receive HSTS header
+wangkezun.com: could not connect to host
+wangqiliang.cn: did not receive HSTS header
+wangqiliang.org: did not receive HSTS header
+wangqiliang.xn--fiqs8s: could not connect to host
+wangzuan168.cc: could not connect to host
+wapjt.cn: could not connect to host
+wapt.fr: did not receive HSTS header
+warandpeace.xyz: could not connect to host
+wardsegers.be: did not receive HSTS header
+warehost.de: did not receive HSTS header
+warhistoryonline.com: did not receive HSTS header
+warlions.info: could not connect to host
+warp-radio.com: could not connect to host
+warp-radio.tv: could not connect to host
+warped.com: could not connect to host
+warrencreative.com: did not receive HSTS header
+warsentech.com: could not connect to host
+warsh.moe: did not receive HSTS header
+warumsuchen.at: max-age too low: 0
+watchium.com: did not receive HSTS header
+watchweasel.com: could not connect to host
+waterforlife.net.au: did not receive HSTS header
+waterpoint.com.br: could not connect to host
+watersportmarkt.net: did not receive HSTS header
+watsonhall.uk: could not connect to host
+wave.is: could not connect to host
+wavefloatrooms.com: did not receive HSTS header
+wavefrontsystemstech.com: could not connect to host
+wavesboardshop.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+waxdramatic.com: could not connect to host
+we.serveftp.net: could not connect to host
+wear2work.nl: did not receive HSTS header
+weareincognito.org: could not connect to host
+weaverhairextensions.nl: could not connect to host
+web-industry.fr: could not connect to host
+web-insider.net: could not connect to host
+web-vision.de: did not receive HSTS header
+web4all.fr: did not receive HSTS header
+web4pro.fr: could not connect to host
+webandwords.com.au: could not connect to host
+webanker.sh: did not receive HSTS header
+webapps.directory: could not connect to host
+webart-factory.de: could not connect to host
+webassadors.com: could not connect to host
+webbson.net: could not connect to host
+webbx.se: max-age too low: 2592000
+webcatechism.com: could not connect to host
+webchat.domains: did not receive HSTS header
+webdeflect.com: did not receive HSTS header
+webdesign-kronberg.de: did not receive HSTS header
+webdev.mobi: could not connect to host
+webeau.com: could not connect to host
+webeconomia.it: did not receive HSTS header
+webelement.sk: did not receive HSTS header
+weberjulia.com: could not connect to host
+webfronten.dk: did not receive HSTS header
+webhackspro.com: could not connect to host
+webhosting4.net: did not receive HSTS header
+webhostingpros.ml: could not connect to host
+webies.ro: did not receive HSTS header
+webm.to: could not connect to host
+webmail.mayfirst.org: did not receive HSTS header
+webmaniabr.com: did not receive HSTS header
+webmarketingfestival.it: did not receive HSTS header
+webninja.work: could not connect to host
+webnosql.com: could not connect to host
+webperformance.ru: could not connect to host
+webproject.rocks: could not connect to host
+webproshosting.tk: could not connect to host
+webpublica.pt: could not connect to host
+webrebels.org: could not connect to host
+websandbox.uk: did not receive HSTS header
+websitedesign.bg: did not receive HSTS header
+webspotter.nl: could not connect to host
+webstationservice.fr: could not connect to host
+webstellung.com: did not receive HSTS header
+webstory.xyz: did not receive HSTS header
+webswitch.io: could not connect to host
+webtar.info: could not connect to host
+webtech.com.br: could not connect to host
+webtechgadgetry.com: could not connect to host
+webthings.com.br: could not connect to host
+webtiles.co.uk: could not connect to host
+webuni.hu: did not receive HSTS header
+webveloper.com: max-age too low: 0
+webwork.pw: could not connect to host
+webypass.xyz: could not connect to host
+wecanfindit.co.za: could not connect to host
+wecanvisit.com: could not connect to host
+weddingenvelopes.co.uk: did not receive HSTS header
+weddingibiza.nl: could not connect to host
+weebsr.us: could not connect to host
+weed.ren: could not connect to host
+weekly.fyi: could not connect to host
+wegenaer.nl: could not connect to host
+weiji.ga: could not connect to host
+weiler.xyz: could not connect to host
+weiyuz.com: max-age too low: 6585555
+wejumall.com: could not connect to host
+wekibe.de: could not connect to host
+welby.cat: could not connect to host
+welkers.org: could not connect to host
+wellastore.ru: could not connect to host
+wellcomp.com.br: did not receive HSTS header
+wellies.com.au: max-age too low: 7889238
+wellness.so: could not connect to host
+wellproducedwines.com: did not receive HSTS header
+wellsolveit.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+welpy.com: could not connect to host
+weltentreff.com: could not connect to host
+weltmeisterschaft.net: could not connect to host
+weme.eu: could not connect to host
+wendalyncheng.com: did not receive HSTS header
+wenz.io: did not receive HSTS header
+werdeeintimo.de: did not receive HSTS header
+wereldplanner.nl: could not connect to host
+werhatunsverraten.eu: could not connect to host
+werkenbijkfc.nl: did not receive HSTS header
+werkplaatsoost.nl: did not receive HSTS header
+werkruimtebottendaal.nl: did not receive HSTS header
+wesleyharris.ca: did not receive HSTS header
+wespeakgeek.co.za: could not connect to host
+westendzone.com: max-age too low: 0
+westerhoud.nl: did not receive HSTS header
+westlinwinds.com: did not receive HSTS header
+westsussexconnecttosupport.org: could not connect to host
+wetoxic.com: did not receive HSTS header
+wettbonus.info: did not receive HSTS header
+wettbuero.de: did not receive HSTS header
+wetten.eu: did not receive HSTS header
+wettertoertchen.com: could not connect to host
+wetthost.com: could not connect to host
+wetttipps.com: could not connect to host
+wetttipps.de: could not connect to host
+wevahoo.com: could not connect to host
+wevg.org: could not connect to host
+wevolver.com: did not receive HSTS header
+wewillgo.com: could not connect to host
+wewillgo.org: did not receive HSTS header
+wewlad.me: did not receive HSTS header
+wftda.com: did not receive HSTS header
+wg-tools.de: could not connect to host
+whatnext.limited: did not receive HSTS header
+whats.io: could not connect to host
+whatsstalk.me: could not connect to host
+whatsyouroffer.co.uk: did not receive HSTS header
+when-release.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+whereisjason.com: could not connect to host
+whereismyorigin.cf: could not connect to host
+wheresben.today: could not connect to host
+whilsttraveling.com: could not connect to host
+whisker.network: could not connect to host
+whiskyglazen.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+whitehat.id: could not connect to host
+whiterabbit.org: did not receive HSTS header
+whiterabbitcakery.com: could not connect to host
+whitestagforge.com: did not receive HSTS header
+whitewinterwolf.com: could not connect to host
+whitworth.nyc: could not connect to host
+whoclicks.net: could not connect to host
+whoisapi.online: could not connect to host
+wholebites.com: max-age too low: 7889238
+wholesomeharvestbread.com: max-age too low: 86400
+whoshotya.de: did not receive HSTS header
+whysuck.com: could not connect to host
+wibuw.com: could not connect to host
+wienholding.at: max-age too low: 0
+wieninternational.at: did not receive HSTS header
+wificafehosting.com: did not receive HSTS header
+wifimapa.cz: could not connect to host
+wiiforum.no: did not receive HSTS header
+wiire.me: could not connect to host
+wikiclash.info: could not connect to host
+wikipeter.nl: did not receive HSTS header
+wikisports.eu: could not connect to host
+wildbee.org: could not connect to host
+wilddog.com: did not receive HSTS header
+wildewood.ca: could not connect to host
+wilf1rst.com: could not connect to host
+wilhelm-nathan.de: could not connect to host
+willcipriano.com: could not connect to host
+william.si: did not receive HSTS header
+williamsapiens.com: could not connect to host
+willkommen-fuerstenberg.de: could not connect to host
+willosagiede.com: did not receive HSTS header
+winaes.com: did not receive HSTS header
+winclient.cn: could not connect to host
+windowsforum.com: max-age too low: 0
+winds.cf: could not connect to host
+winecodeavocado.com: could not connect to host
+winfield.me.uk: did not receive HSTS header
+winged.io: could not connect to host
+wingos.net: could not connect to host
+wingumd.net: could not connect to host
+winnersports.co: could not connect to host
+winpack.cf: could not connect to host
+winpack.eu.org: could not connect to host
+winsec.nl: could not connect to host
+winshiplending.com: did not receive HSTS header
+winsufi.biz: could not connect to host
+wintercircle.co: did not receive HSTS header
+wipc.net: could not connect to host
+wipply.com: did not receive HSTS header
+wirc.gr: could not connect to host
+wireframesoftware.com: could not connect to host
+wisak.eu: could not connect to host
+wiseloan.com: did not receive HSTS header
+wishcert.com: could not connect to host
+wishesbee.com: could not connect to host
+wispapp.com: did not receive HSTS header
+wissl.org: could not connect to host
+withgoogle.com: did not receive HSTS header (error ignored - included regardless)
+withmy.beer: could not connect to host
+withustrading.com: could not connect to host
+withyoutube.com: did not receive HSTS header (error ignored - included regardless)
+wittcher.com: could not connect to host
+wittydonut.com: could not connect to host
+witzemaschine.com: did not receive HSTS header
+wiz.biz: could not connect to host
+wizznab.tk: could not connect to host
+wk-cpm.com: could not connect to host
+wlzhiyin.cn: could not connect to host
+wmawri.com: could not connect to host
+wmcuk.net: could not connect to host
+wmfinanz.com: could not connect to host
+wmoda.com.br: could not connect to host
+wnmm.nl: could not connect to host
+wnnc.co.uk: did not receive HSTS header
+wobblylang.org: could not connect to host
+wochenentwicklung.com: did not receive HSTS header
+wodice.com: could not connect to host
+wohnungsbau-ludwigsburg.de: did not receive HSTS header
+woima.fi: max-age too low: 604800
+wolfemg.com: could not connect to host
+wolfenland.net: could not connect to host
+wolfesden.com: could not connect to host
+wolfwings.us: could not connect to host
+womf.org: did not receive HSTS header
+womosale.de: could not connect to host
+wonder.com.mx: max-age too low: 86400
+wonderbooks.club: could not connect to host
+wonderfall.xyz: could not connect to host
+wondy.com: could not connect to host
+woodlandschurch.net: max-age too low: 43200
+woodmafia.com.au: could not connect to host
+woodworkertip.com: did not receive HSTS header
+woomu.me: could not connect to host
+woording.com: could not connect to host
+wootton95.com: could not connect to host
+wooviet.com: could not connect to host
+work-and-jockel.de: did not receive HSTS header
+workemy.com: could not connect to host
+workfone.io: did not receive HSTS header
+workgrouptech.org: could not connect to host
+workingclassmedia.com: did not receive HSTS header
+workpermit.com.vn: could not connect to host
+worldfree4.org: could not connect to host
+worldlist.org: could not connect to host
+worldpeacetechnology.com: could not connect to host
+worldsbeststory.com: did not receive HSTS header
+worldwhisperer.net: could not connect to host
+worshapp.com: could not connect to host
+wow-foederation.de: could not connect to host
+wowapi.org: could not connect to host
+wowinvasion.com: did not receive HSTS header
+wp-fastsearch.de: could not connect to host
+wp-rescue.com.au: did not receive HSTS header
+wp-stack.pro: could not connect to host
+wp6.pw: could not connect to host
+wpblog.com.tw: could not connect to host
+wpcarer.pro: could not connect to host
+wpdublin.com: did not receive HSTS header
+wpfortify.com: did not receive HSTS header
+wphome.org: could not connect to host
+wphostingspot.com: did not receive HSTS header
+wplatin.com: did not receive HSTS header
+wpmetadatastandardsproject.org: could not connect to host
+wpruby.com: did not receive HSTS header
+wpturnedup.com: did not receive HSTS header
+wpunpacked.com: could not connect to host
+wpyecom.es: did not receive HSTS header
+wpzhiku.com: did not receive HSTS header
+wql.zj.cn: did not receive HSTS header
+wrbunderwriting.com: did not receive HSTS header
+wrightdoumawedding.com: could not connect to host
+writeapp.me: did not receive HSTS header
+wrldevelopment.com: did not receive HSTS header
+wrwg.ca: could not connect to host
+wscbiolo.id: did not receive HSTS header
+wsdcap.com: could not connect to host
+wsscompany.com.ve: could not connect to host
+wsup.social: could not connect to host
+wubocong.com: could not connect to host
+wubthecaptain.eu: could not connect to host
+wuchipc.com: could not connect to host
+wuetix.de: max-age too low: 0
+wuhengmin.com: could not connect to host
+wulpi.it: did not receive HSTS header
+wundtherapie-schulung.de: could not connect to host
+wurzelzwerg.net: could not connect to host
+wusx.club: could not connect to host
+wvr-law.de: did not receive HSTS header
+ww2onlineshop.com: did not receive HSTS header
+www-001133.com: could not connect to host
+www-0385.com: could not connect to host
+www-1116.com: did not receive HSTS header
+www-1117.com: could not connect to host
+www-39988.com: did not receive HSTS header
+www-507.net: could not connect to host
+www-68277.com: could not connect to host
+www-746.com: could not connect to host
+www-771122.com: did not receive HSTS header
+www-8003.com: did not receive HSTS header
+www-88599.com: did not receive HSTS header
+www-8887999.com: could not connect to host
+www-9995.com: did not receive HSTS header
+www-djbet.com: did not receive HSTS header
+www-jinshavip.com: could not connect to host
+www.cueup.com: could not connect to host
+www.cyveillance.com: did not receive HSTS header
+www.developer.mydigipass.com: could not connect to host
+www.elanex.biz: did not receive HSTS header
+www.gamesdepartment.co.uk: did not receive HSTS header
+www.gmail.com: did not receive HSTS header (error ignored - included regardless)
+www.googlemail.com: did not receive HSTS header (error ignored - included regardless)
+www.gpo.gov: did not receive HSTS header
+www.greplin.com: could not connect to host
+www.honeybadger.io: did not receive HSTS header
+www.jitsi.org: did not receive HSTS header
+www.ledgerscope.net: could not connect to host
+www.logentries.com: did not receive HSTS header
+www.moneybookers.com: did not receive HSTS header
+www.neonisi.com: could not connect to host
+www.paycheckrecords.com: did not receive HSTS header
+www.re: could not connect to host
+www.rme.li: did not receive HSTS header
+www.sandbox.mydigipass.com: could not connect to host
+www.sb: could not connect to host
+www.surfeasy.com: did not receive HSTS header
+www.viasinc.com: did not receive HSTS header
+www.zenpayroll.com: did not receive HSTS header
+www3.info: did not receive HSTS header
+wxukang.cn: could not connect to host
+wybmabiity.com: could not connect to host
+wygluszanie.eu: did not receive HSTS header
+wyzphoto.nl: did not receive HSTS header
+x-power-detox.com: could not connect to host
+x-ripped-hd.com: could not connect to host
+x23.eu: could not connect to host
+x2c0.net: did not receive HSTS header
+x2w.io: could not connect to host
+x3led.com: could not connect to host
+x509.pub: could not connect to host
+x509.pw: could not connect to host
+xanderweaver.com: did not receive HSTS header
+xandocs.com: could not connect to host
+xat.re: could not connect to host
+xavierbarroso.com: could not connect to host
+xbc.nz: could not connect to host
+xbind.io: could not connect to host
+xchating.com: could not connect to host
+xcoop.me: could not connect to host
+xdd.io: could not connect to host
+xehoivn.vn: did not receive HSTS header
+xellos.ga: could not connect to host
+xellos.ml: could not connect to host
+xenesisziarovky.sk: could not connect to host
+xeonlab.com: could not connect to host
+xeonlab.de: could not connect to host
+xett.com: did not receive HSTS header
+xf-liam.com: did not receive HSTS header
+xfd3.de: did not receive HSTS header
+xfive.de: could not connect to host
+xgusto.com: did not receive HSTS header
+xia100.xyz: could not connect to host
+xiangqiushi.com: did not receive HSTS header
+xianguocy.com: could not connect to host
+xiaody.me: could not connect to host
+xiaolvmu.com: could not connect to host
+xiaolvmu.me: could not connect to host
+xiaoxiao.im: could not connect to host
+ximens.me: could not connect to host
+xinbiji.cn: could not connect to host
+xing.ml: could not connect to host
+xisa.it: could not connect to host
+xivpn.com: could not connect to host
+xiyu.moe: could not connect to host
+xmr.my: could not connect to host
+xmv.cz: could not connect to host
+xn--3lqp21gwna.xn--fiqs8s: could not connect to host
+xn--3lqp21gwna.xn--fiqz9s: could not connect to host
+xn--3lqt7ir4md4tzwa.cn: did not receive HSTS header
+xn--3lqt7ir4md4tzwa.xn--fiqs8s: did not receive HSTS header
+xn--3px.jp: could not connect to host
+xn--4dbjwf8c.cf: could not connect to host
+xn--4dbjwf8c.ga: could not connect to host
+xn--4dbjwf8c.gq: could not connect to host
+xn--4dbjwf8c.ml: could not connect to host
+xn--4dbjwf8c.tk: could not connect to host
+xn--6cv66l79sp0n0ibo7s9ne.xyz: could not connect to host
+xn--7rvz7ku3ppnr.jp: could not connect to host
+xn--7v8h.cf: could not connect to host
+xn--80aaihqncaejjobbu6v.xn--p1ai: did not receive HSTS header
+xn--80ablh1c.online: could not connect to host
+xn--80aocgsfei.xn--p1ai: could not connect to host
+xn--98jm6m.jp: did not receive HSTS header
+xn--9pr52k0p5a.com: did not receive HSTS header
+xn--bstlinser-v2a.com: could not connect to host
+xn--c5w27q.ml: could not connect to host
+xn--datenrettung-mnchen-jbc.com: did not receive HSTS header
+xn--ekr87w7se89ay98ezcs.biz: did not receive HSTS header
+xn--gmq92k.nagoya: did not receive HSTS header
+xn--jobbrse-d1a.de: max-age too low: 0
+xn--jp-6l5cs1yf3ivjsglphyv.net: could not connect to host
+xn--l8j9d2b.jp: did not receive HSTS header
+xn--lgb3a8bcpn.cf: could not connect to host
+xn--lgb3a8bcpn.ga: could not connect to host
+xn--lgb3a8bcpn.gq: could not connect to host
+xn--lgb3a8bcpn.ml: could not connect to host
+xn--ls8hi7a.tk: could not connect to host
+xn--milchaufschumer-test-lzb.de: could not connect to host
+xn--neb-tma3u8u.xyz: could not connect to host
+xn--p8jskj.jp: did not receive HSTS header
+xn--pck4e3a2ex597b4ml.xyz: did not receive HSTS header
+xn--qckqc0nxbyc4cdb4527err7c.biz: did not receive HSTS header
+xn--srenpind-54a.dk: could not connect to host
+xn--t8j2a3042d.xyz: could not connect to host
+xn--u9jy16ncfao19mo8i.nagoya: did not receive HSTS header
+xn--uist1idrju3i.jp: did not receive HSTS header
+xn--w22a.jp: did not receive HSTS header
+xn--wmq.jp: did not receive HSTS header
+xn--xdtx3pfzbiw3ar8e7yedqrhui.com: could not connect to host
+xn--yj8h0m.ws: could not connect to host
+xn--ykrp42k.com: could not connect to host
+xn--yoamomisuasbcn-ynb.com: could not connect to host
+xn--zck9a4b352yuua.jp: did not receive HSTS header
+xobox.me: could not connect to host
+xoda.pw: did not receive HSTS header
+xoffy.com: did not receive HSTS header
+xom.party: could not connect to host
+xombra.com: did not receive HSTS header
+xor-a.net: could not connect to host
+xperiacodes.com: could not connect to host
+xpi.fr: could not connect to host
+xpj.sx: could not connect to host
+xpwn.cz: could not connect to host
+xrp.pw: could not connect to host
+xtom.email: could not connect to host
+xtream-hosting.com: could not connect to host
+xtream-hosting.de: could not connect to host
+xtream-hosting.eu: could not connect to host
+xtreamhosting.eu: could not connect to host
+xtrim.ru: did not receive HSTS header
+xuexb.com: did not receive HSTS header
+xunn.io: did not receive HSTS header
+xuntaosms.com: could not connect to host
+xuwei.de: max-age too low: 0
+xuyh0120.win: did not receive HSTS header
+xwaretech.info: could not connect to host
+xxbase.com: could not connect to host
+xynex.us: could not connect to host
+y-o-w.com: did not receive HSTS header
+y-s.pw: could not connect to host
+y3451.com: could not connect to host
+yabrt.cn: could not connect to host
+yachts-magazine.com: did not receive HSTS header
+yagi2.com: could not connect to host
+yahoo.ax: could not connect to host
+yamamo10.com: could not connect to host
+yameveo.com: did not receive HSTS header
+yanwh.xyz: did not receive HSTS header
+yaporn.tv: did not receive HSTS header
+yarchives.jp: could not connect to host
+yard-fu.com: could not connect to host
+yardbird.us: could not connect to host
+yarnhookup.com: did not receive HSTS header
+yasinaydin.net: did not receive HSTS header
+yasutomonodokoiko.com: did not receive HSTS header
+yaucy.win: could not connect to host
+ycc.wtf: could not connect to host
+ycm2.wtf: could not connect to host
+yd.io: could not connect to host
+ydy.jp: could not connect to host
+yecl.net: did not receive HSTS header
+yello.website: could not connect to host
+yellowcar.website: could not connect to host
+yemekbaz.az: could not connect to host
+yenniferallulli.com: could not connect to host
+yenniferallulli.de: could not connect to host
+yenniferallulli.es: did not receive HSTS header
+yenniferallulli.moda: could not connect to host
+yenniferallulli.nl: could not connect to host
+yesdevnull.net: did not receive HSTS header
+yesfone.com.br: could not connect to host
+yestees.com: did not receive HSTS header
+yetcore.io: could not connect to host
+yffengshi.ml: could not connect to host
+yggdar.ga: could not connect to host
+yhori.xyz: could not connect to host
+yhrd.org: did not receive HSTS header
+yibin0831.com: could not connect to host
+yikzu.cn: could not connect to host
+yin.roma.it: did not receive HSTS header
+ying299.com: could not connect to host
+ying299.net: could not connect to host
+yingsuo.ltd: could not connect to host
+yingyj.com: did not receive HSTS header
+yinhe12.net: did not receive HSTS header
+yippie.nl: could not connect to host
+yizhu.com: could not connect to host
+ylk.io: could not connect to host
+ynode.co: did not receive HSTS header
+ynsn.nl: could not connect to host
+yntongji.com: could not connect to host
+yob.vn: could not connect to host
+yobst.tk: could not connect to host
+yoga-in-aying.de: did not receive HSTS header
+yoga.is-an-engineer.com: could not connect to host
+yogeshbeniwal.com: did not receive HSTS header
+yohanesmario.com: did not receive HSTS header
+yoiyado.info: did not receive HSTS header
+yokeepo.com: max-age too low: 0
+yoloboatrentals.com: did not receive HSTS header
+yoloprod.fr: could not connect to host
+yoloseo.com: could not connect to host
+yomepre.com: could not connect to host
+yopers.com: did not receive HSTS header
+yoru.me: did not receive HSTS header
+yotilabs.com: could not connect to host
+youcaitian.com: did not receive HSTS header
+youcontrol.ru: could not connect to host
+youfencun.com: did not receive HSTS header
+youlog.net: could not connect to host
+youngandunited.nl: did not receive HSTS header
+youon.tokyo: could not connect to host
+yourbapp.ch: could not connect to host
+yourcomputer.expert: did not receive HSTS header
+yourgame.co.il: did not receive HSTS header
+yourhair.net: max-age too low: 518400
+yoursecondphone.co: could not connect to host
+yourstrongbox.com: could not connect to host
+yourznc.com: could not connect to host
+yousite.by: could not connect to host
+youyoulemon.com: did not receive HSTS header
+ypiresia.fr: could not connect to host
+ytcuber.xyz: could not connect to host
+ytvwld.de: did not receive HSTS header
+yu7.jp: did not receive HSTS header
+yudan.com.br: could not connect to host
+yude.ml: could not connect to host
+yufan.me: did not receive HSTS header
+yuhen.ru: did not receive HSTS header
+yukiminami.net: could not connect to host
+yuko.moe: could not connect to host
+yukonrefugees.com: could not connect to host
+yum.beer: could not connect to host
+yum0.cn: could not connect to host
+yummyfamilyrecipes.com: could not connect to host
+yunpan.blue: did not receive HSTS header
+yuntama.xyz: could not connect to host
+yunzhan.io: did not receive HSTS header
+yunzhu.li: did not receive HSTS header
+yunzhu.org: could not connect to host
+yuriykuzmin.com: did not receive HSTS header
+yutabon.com: could not connect to host
+yuushou.com: could not connect to host
+yux.fr: could not connect to host
+yux.io: did not receive HSTS header
+ywei.org: could not connect to host
+ywyz.tech: could not connect to host
+yzal.io: could not connect to host
+z3liff.com: could not connect to host
+z3liff.net: could not connect to host
+zachbolinger.com: could not connect to host
+zadieheimlich.com: did not receive HSTS header
+zakoncontrol.com: did not receive HSTS header
+zamorano.edu: could not connect to host
+zamos.ru: max-age too low: 0
+zaneweb.org: could not connect to host
+zao.fi: could not connect to host
+zaoext.com: could not connect to host
+zaoshanghao-dajia.rhcloud.com: could not connect to host
+zap.yt: did not receive HSTS header
+zarooba.com: could not connect to host
+zavca.com: did not receive HSTS header
+zbasenem.pl: did not receive HSTS header
+zbchen.com: could not connect to host
+zbigniewgalucki.eu: did not receive HSTS header
+zdravotnickasluzba.eu: could not connect to host
+zdrowiepaleo.pl: did not receive HSTS header
+zebbra.ro: did not receive HSTS header
+zebrababy.cn: could not connect to host
+zebry.nl: could not connect to host
+zecrypto.com: could not connect to host
+zeedroom.be: did not receive HSTS header
+zefiris.org: did not receive HSTS header
+zefu.ca: could not connect to host
+zehntner.ch: could not connect to host
+zeitzer-turngala.de: could not connect to host
+zelfmoord.ga: could not connect to host
+zelfstandigemakelaars.net: could not connect to host
+zenghx.tk: could not connect to host
+zenhaiku.com: did not receive HSTS header
+zenpayroll.com: did not receive HSTS header
+zentience.dk: did not receive HSTS header
+zentience.net: did not receive HSTS header
+zentience.org: could not connect to host
+zentraler-kreditausschuss.de: did not receive HSTS header
+zentralwolke.de: did not receive HSTS header
+zenwears.com: could not connect to host
+zera.com.au: could not connect to host
+zerekin.net: did not receive HSTS header
+zero-x-baadf00d.com: could not connect to host
+zeroday.sk: did not receive HSTS header
+zerofox.gq: could not connect to host
+zerolab.org: could not connect to host
+zeroml.ml: could not connect to host
+zerosource.net: could not connect to host
+zerudi.com: did not receive HSTS header
+zeto365.pl: did not receive HSTS header
+zett4.me: did not receive HSTS header
+zeytin.pro: could not connect to host
+zh1.li: could not connect to host
+zhang.wtf: could not connect to host
+zhangfangzhou.com: could not connect to host
+zhangge.net: did not receive HSTS header
+zhangruilin.com: did not receive HSTS header
+zhangsir.net: could not connect to host
+zhaochen.xyz: could not connect to host
+zhaojin97.cn: could not connect to host
+zhendingresources.com: did not receive HSTS header
+zhenmeish.com: could not connect to host
+zhh.in: could not connect to host
+zhihua-lai.com: did not receive HSTS header
+zhiin.net: could not connect to host
+zhikin.com: could not connect to host
+zhoujiashu.com: could not connect to host
+zhuji.com.cn: could not connect to host
+zi0r.com: did not receive HSTS header
+zian.online: could not connect to host
+zicklam.com: could not connect to host
+zifb.in: did not receive HSTS header
+zigcore.com.br: could not connect to host
+zihao.me: did not receive HSTS header
+zikirakhirzaman.com: could not connect to host
+zinc-x.com: did not receive HSTS header
+zinenapse.info: could not connect to host
+zippy-download.com: could not connect to host
+zippy-download.de: could not connect to host
+zirtue.io: could not connect to host
+zivagold.com: did not receive HSTS header
+zivy-ruzenec.cz: did not receive HSTS header
+ziyuanabc.xyz: could not connect to host
+zizoo.com: did not receive HSTS header
+zju.tv: could not connect to host
+zjubtv.com: could not connect to host
+zjutv.com: could not connect to host
+zkillboard.com: did not receive HSTS header
+zking.ga: could not connect to host
+zlcp.com: could not connect to host
+zmsastro.co.za: could not connect to host
+zmy.im: could not connect to host
+znacite.com: did not receive HSTS header
+znd.jp: did not receive HSTS header
+zobraz.cz: could not connect to host
+zocken.com: did not receive HSTS header
+zoe.vc: could not connect to host
+zohar.link: could not connect to host
+zokster.net: could not connect to host
+zolotoy-standart.com.ua: did not receive HSTS header
+zomiac.pp.ua: could not connect to host
+zoneminder.com: did not receive HSTS header
+zoners.si: did not receive HSTS header
+zonky.io: could not connect to host
+zoo24.de: did not receive HSTS header
+zoofaeth.de: did not receive HSTS header
+zoomingin.net: max-age too low: 5184000
+zoommailing.com: did not receive HSTS header
+zoorigin.com: did not receive HSTS header
+zorasvobodova.cz: did not receive HSTS header
+zortium.report: could not connect to host
+zoznamrealit.sk: did not receive HSTS header
+zqhong.com: could not connect to host
+zqjs.tk: could not connect to host
+zqwqz.com: max-age too low: 0
+zrt.io: did not receive HSTS header
+ztan.tk: could not connect to host
+ztcaoll222.cn: did not receive HSTS header
+ztytian.com: did not receive HSTS header
+zubel.it: did not receive HSTS header
+zudomc.me: could not connect to host
+zuehlcke.de: could not connect to host
+zunftmarke.de: did not receive HSTS header
+zuram.net: could not connect to host
+zuviel.space: could not connect to host
+zvncloud.com: did not receive HSTS header
+zwembadheeten.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+zwollemagazine.nl: did not receive HSTS header
+zyf.pw: could not connect to host
+zymbit.com: did not receive HSTS header
+zync.ca: did not receive HSTS header
+zypgr.com: could not connect to host
+zyso.org: could not connect to host
+zzb510.com: did not receive HSTS header
+zzb6688.com: did not receive HSTS header
+zzb8899.com: did not receive HSTS header
+zzw.ca: could not connect to host
diff --git a/security/manager/ssl/nsSTSPreloadList.inc b/security/manager/ssl/nsSTSPreloadList.inc
new file mode 100644
index 000000000..ec59ba0dc
--- /dev/null
+++ b/security/manager/ssl/nsSTSPreloadList.inc
@@ -0,0 +1,62431 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* nsSiteSecurityService.cpp, you shouldn't be #including it.     */
+/*****************************************************************************/
+
+#include <stdint.h>
+const PRTime gPreloadListExpirationTime = INT64_C(1527192147845000);
+
+static const char kSTSHostTable[] = {
+  /* "0.me.uk", true */ '0', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "0005pay.com", true */ '0', '0', '0', '5', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "0010100.net", true */ '0', '0', '1', '0', '1', '0', '0', '.', 'n', 'e', 't', '\0',
+  /* "007-preisvergleich.de", true */ '0', '0', '7', '-', 'p', 'r', 'e', 'i', 's', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "00881919.com", true */ '0', '0', '8', '8', '1', '9', '1', '9', '.', 'c', 'o', 'm', '\0',
+  /* "00f.net", true */ '0', '0', 'f', '.', 'n', 'e', 't', '\0',
+  /* "00wbf.com", true */ '0', '0', 'w', 'b', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "0100dev.com", true */ '0', '1', '0', '0', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "0100dev.nl", true */ '0', '1', '0', '0', 'd', 'e', 'v', '.', 'n', 'l', '\0',
+  /* "01electronica.com.ar", true */ '0', '1', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "01seguridad.com.ar", true */ '0', '1', 's', 'e', 'g', 'u', 'r', 'i', 'd', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "0222.mg", true */ '0', '2', '2', '2', '.', 'm', 'g', '\0',
+  /* "023838.com", true */ '0', '2', '3', '8', '3', '8', '.', 'c', 'o', 'm', '\0',
+  /* "023sec.com", true */ '0', '2', '3', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "03-09-2016.wedding", true */ '0', '3', '-', '0', '9', '-', '2', '0', '1', '6', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "040fitvitality.nl", true */ '0', '4', '0', 'f', 'i', 't', 'v', 'i', 't', 'a', 'l', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "046569.com", true */ '0', '4', '6', '5', '6', '9', '.', 'c', 'o', 'm', '\0',
+  /* "04sun.com", true */ '0', '4', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "050media.nl", true */ '0', '5', '0', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "0513c.com", true */ '0', '5', '1', '3', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "0573wk.com", true */ '0', '5', '7', '3', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "06se.com", true */ '0', '6', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "0au.de", true */ '0', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "0c.eu", true */ '0', 'c', '.', 'e', 'u', '\0',
+  /* "0c3.de", true */ '0', 'c', '3', '.', 'd', 'e', '\0',
+  /* "0cdn.ga", true */ '0', 'c', 'd', 'n', '.', 'g', 'a', '\0',
+  /* "0day.agency", true */ '0', 'd', 'a', 'y', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "0ik.de", true */ '0', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "0iz.net", true */ '0', 'i', 'z', '.', 'n', 'e', 't', '\0',
+  /* "0knowledge.de", true */ '0', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "0paste.com", true */ '0', 'p', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "0wx.cat", true */ '0', 'w', 'x', '.', 'c', 'a', 't', '\0',
+  /* "0wx.es", true */ '0', 'w', 'x', '.', 'e', 's', '\0',
+  /* "0wx.eu", true */ '0', 'w', 'x', '.', 'e', 'u', '\0',
+  /* "0wx.org", true */ '0', 'w', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "0x.cx", true */ '0', 'x', '.', 'c', 'x', '\0',
+  /* "0x.sk", true */ '0', 'x', '.', 's', 'k', '\0',
+  /* "0x00ff00ff.com", true */ '0', 'x', '0', '0', 'f', 'f', '0', '0', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "0x17.de", true */ '0', 'x', '1', '7', '.', 'd', 'e', '\0',
+  /* "0x52.net", true */ '0', 'x', '5', '2', '.', 'n', 'e', 't', '\0',
+  /* "0x539.be", true */ '0', 'x', '5', '3', '9', '.', 'b', 'e', '\0',
+  /* "0x65.net", true */ '0', 'x', '6', '5', '.', 'n', 'e', 't', '\0',
+  /* "0x7d.com", true */ '0', 'x', '7', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "0x7fffffff.net", true */ '0', 'x', '7', 'f', 'f', 'f', 'f', 'f', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "0x90.in", true */ '0', 'x', '9', '0', '.', 'i', 'n', '\0',
+  /* "0x90.io", true */ '0', 'x', '9', '0', '.', 'i', 'o', '\0',
+  /* "0xaa55.me", true */ '0', 'x', 'a', 'a', '5', '5', '.', 'm', 'e', '\0',
+  /* "0xabe.io", true */ '0', 'x', 'a', 'b', 'e', '.', 'i', 'o', '\0',
+  /* "0xacab.org", true */ '0', 'x', 'a', 'c', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "0xcafec0.de", true */ '0', 'x', 'c', 'a', 'f', 'e', 'c', '0', '.', 'd', 'e', '\0',
+  /* "0xda.de", true */ '0', 'x', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "0xdc.io", false */ '0', 'x', 'd', 'c', '.', 'i', 'o', '\0',
+  /* "0xdefaced.de", true */ '0', 'x', 'd', 'e', 'f', 'a', 'c', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "0xee.eu", true */ '0', 'x', 'e', 'e', '.', 'e', 'u', '\0',
+  /* "0xf00.ch", true */ '0', 'x', 'f', '0', '0', '.', 'c', 'h', '\0',
+  /* "0xfc.de", true */ '0', 'x', 'f', 'c', '.', 'd', 'e', '\0',
+  /* "0xn.de", true */ '0', 'x', 'n', '.', 'd', 'e', '\0',
+  /* "0yen.org", true */ '0', 'y', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "1-2-3bounce.co.uk", true */ '1', '-', '2', '-', '3', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "100-downloads.com", true */ '1', '0', '0', '-', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "10000v.ru", true */ '1', '0', '0', '0', '0', 'v', '.', 'r', 'u', '\0',
+  /* "1000hats.com", true */ '1', '0', '0', '0', 'h', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1000minds.com", true */ '1', '0', '0', '0', 'm', 'i', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1000serien.com", true */ '1', '0', '0', '0', 's', 'e', 'r', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "1001.best", true */ '1', '0', '0', '1', '.', 'b', 'e', 's', 't', '\0',
+  /* "1001kerstpakketten.com", false */ '1', '0', '0', '1', 'k', 'e', 'r', 's', 't', 'p', 'a', 'k', 'k', 'e', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "100and1.jp", true */ '1', '0', '0', 'a', 'n', 'd', '1', '.', 'j', 'p', '\0',
+  /* "100kredite.de", true */ '1', '0', '0', 'k', 'r', 'e', 'd', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "100mani.it", true */ '1', '0', '0', 'm', 'a', 'n', 'i', '.', 'i', 't', '\0',
+  /* "100onrainkajino.com", true */ '1', '0', '0', 'o', 'n', 'r', 'a', 'i', 'n', 'k', 'a', 'j', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "100pounds.co.uk", true */ '1', '0', '0', 'p', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "100rembourse.be", true */ '1', '0', '0', 'r', 'e', 'm', 'b', 'o', 'u', 'r', 's', 'e', '.', 'b', 'e', '\0',
+  /* "1011100.com", true */ '1', '0', '1', '1', '1', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "101sauna.kz", true */ '1', '0', '1', 's', 'a', 'u', 'n', 'a', '.', 'k', 'z', '\0',
+  /* "101sauna.ru", true */ '1', '0', '1', 's', 'a', 'u', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "1041263497.rsc.cdn77.org", true */ '1', '0', '4', '1', '2', '6', '3', '4', '9', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1066.io", true */ '1', '0', '6', '6', '.', 'i', 'o', '\0',
+  /* "10gbit.ovh", true */ '1', '0', 'g', 'b', 'i', 't', '.', 'o', 'v', 'h', '\0',
+  /* "10hz.de", true */ '1', '0', 'h', 'z', '.', 'd', 'e', '\0',
+  /* "10og.de", true */ '1', '0', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "10x.ooo", true */ '1', '0', 'x', '.', 'o', 'o', 'o', '\0',
+  /* "1100.so", true */ '1', '1', '0', '0', '.', 's', 'o', '\0',
+  /* "1116pay.com", true */ '1', '1', '1', '6', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "112app.nl", true */ '1', '1', '2', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "112hz.com", true */ '1', '1', '2', 'h', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "11loc.de", true */ '1', '1', 'l', 'o', 'c', '.', 'd', 'e', '\0',
+  /* "11scc.com", true */ '1', '1', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "11thstreetcoffee.com", true */ '1', '1', 't', 'h', 's', 't', 'r', 'e', 'e', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "11urss.com", true */ '1', '1', 'u', 'r', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1212873467.rsc.cdn77.org", true */ '1', '2', '1', '2', '8', '7', '3', '4', '6', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1218641649.rsc.cdn77.org", true */ '1', '2', '1', '8', '6', '4', '1', '6', '4', '9', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "123comparer.fr", true */ '1', '2', '3', 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "123djdrop.com", true */ '1', '2', '3', 'd', 'j', 'd', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "123midterm.com", true */ '1', '2', '3', 'm', 'i', 'd', 't', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "123movies.fyi", true */ '1', '2', '3', 'm', 'o', 'v', 'i', 'e', 's', '.', 'f', 'y', 'i', '\0',
+  /* "123pay.ir", true */ '1', '2', '3', 'p', 'a', 'y', '.', 'i', 'r', '\0',
+  /* "123plons.nl", true */ '1', '2', '3', 'p', 'l', 'o', 'n', 's', '.', 'n', 'l', '\0',
+  /* "123termpapers.com", true */ '1', '2', '3', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "123test.com", true */ '1', '2', '3', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "123test.nl", true */ '1', '2', '3', 't', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "125m125.de", true */ '1', '2', '5', 'm', '1', '2', '5', '.', 'd', 'e', '\0',
+  /* "12vpn.net", true */ '1', '2', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "130.ua", true */ '1', '3', '0', '.', 'u', 'a', '\0',
+  /* "132kv.ch", true */ '1', '3', '2', 'k', 'v', '.', 'c', 'h', '\0',
+  /* "13318522.com", true */ '1', '3', '3', '1', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "1359826938.rsc.cdn77.org", true */ '1', '3', '5', '9', '8', '2', '6', '9', '3', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1395kj.com", true */ '1', '3', '9', '5', 'k', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "1396.net", true */ '1', '3', '9', '6', '.', 'n', 'e', 't', '\0',
+  /* "13th-dover.uk", true */ '1', '3', 't', 'h', '-', 'd', 'o', 'v', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "1453914078.rsc.cdn77.org", true */ '1', '4', '5', '3', '9', '1', '4', '0', '7', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1464424382.rsc.cdn77.org", true */ '1', '4', '6', '4', '4', '2', '4', '3', '8', '2', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "14it.de", true */ '1', '4', 'i', 't', '.', 'd', 'e', '\0',
+  /* "14x3.de", true */ '1', '4', 'x', '3', '.', 'd', 'e', '\0',
+  /* "15-10.com", true */ '1', '5', '-', '1', '0', '.', 'c', 'o', 'm', '\0',
+  /* "1511774230.rsc.cdn77.org", true */ '1', '5', '1', '1', '7', '7', '4', '2', '3', '0', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1590284872.rsc.cdn77.org", true */ '1', '5', '9', '0', '2', '8', '4', '8', '7', '2', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1600esplanade.com", true */ '1', '6', '0', '0', 'e', 's', 'p', 'l', 'a', 'n', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "16164f.com", true */ '1', '6', '1', '6', '4', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "1644091933.rsc.cdn77.org", true */ '1', '6', '4', '4', '0', '9', '1', '9', '3', '3', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "174.net.nz", true */ '1', '7', '4', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "1750studios.com", false */ '1', '7', '5', '0', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "17hats.com", true */ '1', '7', 'h', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1844329061.rsc.cdn77.org", true */ '1', '8', '4', '4', '3', '2', '9', '0', '6', '1', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "188522.com", false */ '1', '8', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "18888msc.com", true */ '1', '8', '8', '8', '8', 'm', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "1888zr.com", true */ '1', '8', '8', '8', 'z', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "188dv.com", true */ '1', '8', '8', 'd', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "189dv.com", true */ '1', '8', '9', 'd', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "18f.gov", true */ '1', '8', 'f', '.', 'g', 'o', 'v', '\0',
+  /* "18f.gsa.gov", false */ '1', '8', 'f', '.', 'g', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "1912x.com", true */ '1', '9', '1', '2', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "19216811.online", true */ '1', '9', '2', '1', '6', '8', '1', '1', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "1921958389.rsc.cdn77.org", true */ '1', '9', '2', '1', '9', '5', '8', '3', '8', '9', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1972969867.rsc.cdn77.org", true */ '1', '9', '7', '2', '9', '6', '9', '8', '6', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1981612088.rsc.cdn77.org", true */ '1', '9', '8', '1', '6', '1', '2', '0', '8', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "19hundert84.de", true */ '1', '9', 'h', 'u', 'n', 'd', 'e', 'r', 't', '8', '4', '.', 'd', 'e', '\0',
+  /* "1a-diamantscheiben.de", true */ '1', 'a', '-', 'd', 'i', 'a', 'm', 'a', 'n', 't', 's', 'c', 'h', 'e', 'i', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "1a-vermessung.at", true */ '1', 'a', '-', 'v', 'e', 'r', 'm', 'e', 's', 's', 'u', 'n', 'g', '.', 'a', 't', '\0',
+  /* "1a-werkstattgeraete.de", true */ '1', 'a', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', 'g', 'e', 'r', 'a', 'e', 't', 'e', '.', 'd', 'e', '\0',
+  /* "1cover.co.nz", true */ '1', 'c', 'o', 'v', 'e', 'r', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "1cover.com.au", true */ '1', 'c', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "1e9.nl", true */ '1', 'e', '9', '.', 'n', 'l', '\0',
+  /* "1er-secours.ch", true */ '1', 'e', 'r', '-', 's', 'e', 'c', 'o', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "1gsoft.com", true */ '1', 'g', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "1hourproofreading.com", true */ '1', 'h', 'o', 'u', 'r', 'p', 'r', 'o', 'o', 'f', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "1it.click", true */ '1', 'i', 't', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "1item.co.il", true */ '1', 'i', 't', 'e', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "1js.de", true */ '1', 'j', 's', '.', 'd', 'e', '\0',
+  /* "1kando.com", false */ '1', 'k', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "1km.ro", true */ '1', 'k', 'm', '.', 'r', 'o', '\0',
+  /* "1kmi.co", true */ '1', 'k', 'm', 'i', '.', 'c', 'o', '\0',
+  /* "1morebounce.co.uk", true */ '1', 'm', 'o', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1nfr.com", false */ '1', 'n', 'f', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "1of16.de", true */ '1', 'o', 'f', '1', '6', '.', 'd', 'e', '\0',
+  /* "1on1on1.de", true */ '1', 'o', 'n', '1', 'o', 'n', '1', '.', 'd', 'e', '\0',
+  /* "1on1on1.tv", true */ '1', 'o', 'n', '1', 'o', 'n', '1', '.', 't', 'v', '\0',
+  /* "1p.ro", false */ '1', 'p', '.', 'r', 'o', '\0',
+  /* "1panorama.ru", true */ '1', 'p', 'a', 'n', 'o', 'r', 'a', 'm', 'a', '.', 'r', 'u', '\0',
+  /* "1para.net", true */ '1', 'p', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "1password.com", true */ '1', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "1pw.ca", true */ '1', 'p', 'w', '.', 'c', 'a', '\0',
+  /* "1px.tv", true */ '1', 'p', 'x', '.', 't', 'v', '\0',
+  /* "1rs.nl", true */ '1', 'r', 's', '.', 'n', 'l', '\0',
+  /* "1scope.com", true */ '1', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "1se2or3.com", true */ '1', 's', 'e', '2', 'o', 'r', '3', '.', 'c', 'o', 'm', '\0',
+  /* "1st-bounce.co.uk", true */ '1', 's', 't', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1st-community.de", true */ '1', 's', 't', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "1st4abounce.co.uk", true */ '1', 's', 't', '4', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stchoicefun.co.uk", true */ '1', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stclassbouncycastles.co.uk", true */ '1', 's', 't', 'c', 'l', 'a', 's', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stforfun.co.uk", true */ '1', 's', 't', 'f', 'o', 'r', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stpeninsulabouncers.co.uk", true */ '1', 's', 't', 'p', 'e', 'n', 'i', 'n', 's', 'u', 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1ststop.co.uk", true */ '1', 's', 't', 's', 't', 'o', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1whw.co.uk", true */ '1', 'w', 'h', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1wirelog.de", true */ '1', 'w', 'i', 'r', 'e', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "1wl.uk", true */ '1', 'w', 'l', '.', 'u', 'k', '\0',
+  /* "2.wtf", true */ '2', '.', 'w', 't', 'f', '\0',
+  /* "2048-spiel.de", true */ '2', '0', '4', '8', '-', 's', 'p', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "2048game.co.uk", true */ '2', '0', '4', '8', 'g', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "208.es", true */ '2', '0', '8', '.', 'e', 's', '\0',
+  /* "20denier.com", true */ '2', '0', 'd', 'e', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "21.co.uk", true */ '2', '1', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "21stnc.com", true */ '2', '1', 's', 't', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "21x9.org", true */ '2', '1', 'x', '9', '.', 'o', 'r', 'g', '\0',
+  /* "22scc.com", true */ '2', '2', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "2333.press", true */ '2', '3', '3', '3', '.', 'p', 'r', 'e', 's', 's', '\0',
+  /* "2333666.xyz", true */ '2', '3', '3', '3', '6', '6', '6', '.', 'x', 'y', 'z', '\0',
+  /* "233abc.com", true */ '2', '3', '3', 'a', 'b', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "233blog.com", true */ '2', '3', '3', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "24-7.jp", true */ '2', '4', '-', '7', '.', 'j', 'p', '\0',
+  /* "246060.ru", true */ '2', '4', '6', '0', '6', '0', '.', 'r', 'u', '\0',
+  /* "247a.co.uk", true */ '2', '4', '7', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "247healthshop.com", true */ '2', '4', '7', 'h', 'e', 'a', 'l', 't', 'h', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "247medplan.com", true */ '2', '4', '7', 'm', 'e', 'd', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "24ip.com", true */ '2', '4', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "24ip.de", true */ '2', '4', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "24ip.fr", true */ '2', '4', 'i', 'p', '.', 'f', 'r', '\0',
+  /* "24kbet.com", true */ '2', '4', 'k', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "256k.me", true */ '2', '5', '6', 'k', '.', 'm', 'e', '\0',
+  /* "256pages.com", true */ '2', '5', '6', 'p', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "25reinyan25.net", true */ '2', '5', 'r', 'e', 'i', 'n', 'y', 'a', 'n', '2', '5', '.', 'n', 'e', 't', '\0',
+  /* "2600edinburgh.org", true */ '2', '6', '0', '0', 'e', 'd', 'i', 'n', 'b', 'u', 'r', 'g', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "2600hq.com", true */ '2', '6', '0', '0', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "263.info", true */ '2', '6', '3', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "27728522.com", true */ '2', '7', '7', '2', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "281180.de", true */ '2', '8', '1', '1', '8', '0', '.', 'd', 'e', '\0',
+  /* "29227.com", true */ '2', '9', '2', '2', '7', '.', 'c', 'o', 'm', '\0',
+  /* "2b3b.com", true */ '2', 'b', '3', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "2bas.nl", true */ '2', 'b', 'a', 's', '.', 'n', 'l', '\0',
+  /* "2bcompany.ch", true */ '2', 'b', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'h', '\0',
+  /* "2bis10.de", true */ '2', 'b', 'i', 's', '1', '0', '.', 'd', 'e', '\0',
+  /* "2bitout.com", true */ '2', 'b', 'i', 't', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "2bouncy.com", true */ '2', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "2c-b.com", true */ '2', 'c', '-', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "2c-d.com", true */ '2', 'c', '-', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "2c-e.com", true */ '2', 'c', '-', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "2c-t-2.com", true */ '2', 'c', '-', 't', '-', '2', '.', 'c', 'o', 'm', '\0',
+  /* "2c-t-7.com", true */ '2', 'c', '-', 't', '-', '7', '.', 'c', 'o', 'm', '\0',
+  /* "2c-t-8.com", true */ '2', 'c', '-', 't', '-', '8', '.', 'c', 'o', 'm', '\0',
+  /* "2cash.ru", true */ '2', 'c', 'a', 's', 'h', '.', 'r', 'u', '\0',
+  /* "2cv-fahrer.de", true */ '2', 'c', 'v', '-', 'f', 'a', 'h', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "2fm.ie", true */ '2', 'f', 'm', '.', 'i', 'e', '\0',
+  /* "2fraud.pro", true */ '2', 'f', 'r', 'a', 'u', 'd', '.', 'p', 'r', 'o', '\0',
+  /* "2gen.com", true */ '2', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "2heartsbookings.co.uk", true */ '2', 'h', 'e', 'a', 'r', 't', 's', 'b', 'o', 'o', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "2hypeenterprises.com", true */ '2', 'h', 'y', 'p', 'e', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "2kgwf.fi", true */ '2', 'k', 'g', 'w', 'f', '.', 'f', 'i', '\0',
+  /* "2krueger.de", true */ '2', 'k', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "2mb.solutions", true */ '2', 'm', 'b', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "2nains.ch", true */ '2', 'n', 'a', 'i', 'n', 's', '.', 'c', 'h', '\0',
+  /* "2nerds1bit.com", true */ '2', 'n', 'e', 'r', 'd', 's', '1', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "2pay.fr", true */ '2', 'p', 'a', 'y', '.', 'f', 'r', '\0',
+  /* "2programmers.net", true */ '2', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "2stv.net", true */ '2', 's', 't', 'v', '.', 'n', 'e', 't', '\0',
+  /* "2ulcceria.nl", true */ '2', 'u', 'l', 'c', 'c', 'e', 'r', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "300m.com", false */ '3', '0', '0', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "30hzcollective.com", true */ '3', '0', 'h', 'z', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "3133780x.com", true */ '3', '1', '3', '3', '7', '8', '0', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "31klabs.com", true */ '3', '1', 'k', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "31tv.ru", true */ '3', '1', 't', 'v', '.', 'r', 'u', '\0',
+  /* "321live.nl", true */ '3', '2', '1', 'l', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "32h.de", true */ '3', '2', 'h', '.', 'd', 'e', '\0',
+  /* "33-km.ru", true */ '3', '3', '-', 'k', 'm', '.', 'r', 'u', '\0',
+  /* "330.net", true */ '3', '3', '0', '.', 'n', 'e', 't', '\0',
+  /* "33445.com", true */ '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "33scc.com", true */ '3', '3', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "3473-wiki.de", true */ '3', '4', '7', '3', '-', 'w', 'i', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "360live.fr", true */ '3', '6', '0', 'l', 'i', 'v', 'e', '.', 'f', 'r', '\0',
+  /* "360woodworking.com", true */ '3', '6', '0', 'w', 'o', 'o', 'd', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "365365.com", true */ '3', '6', '5', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "365beautyworld.com", true */ '3', '6', '5', 'b', 'e', 'a', 'u', 't', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "365daysreview.com", true */ '3', '6', '5', 'd', 'a', 'y', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "365healthworld.com", true */ '3', '6', '5', 'h', 'e', 'a', 'l', 't', 'h', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "365maya.com", true */ '3', '6', '5', 'm', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "365skulls.com", true */ '3', '6', '5', 's', 'k', 'u', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "3778vip.com", true */ '3', '7', '7', '8', 'v', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "379700.com", true */ '3', '7', '9', '7', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "38888msc.com", true */ '3', '8', '8', '8', '8', 'm', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "38blog.com", true */ '3', '8', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "393335.ml", true */ '3', '9', '3', '3', '3', '5', '.', 'm', 'l', '\0',
+  /* "398.info", true */ '3', '9', '8', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "3ags.de", true */ '3', 'a', 'g', 's', '.', 'd', 'e', '\0',
+  /* "3bakayottu.com", true */ '3', 'b', 'a', 'k', 'a', 'y', 'o', 't', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "3c-d.de", true */ '3', 'c', '-', 'd', '.', 'd', 'e', '\0',
+  /* "3chat.org", true */ '3', 'c', 'h', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "3circlefunding.ch", true */ '3', 'c', 'i', 'r', 'c', 'l', 'e', 'f', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "3countiescastlehire.co.uk", true */ '3', 'c', 'o', 'u', 'n', 't', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "3cs.ch", true */ '3', 'c', 's', '.', 'c', 'h', '\0',
+  /* "3dm.audio", true */ '3', 'd', 'm', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "3dmedium.de", true */ '3', 'd', 'm', 'e', 'd', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "3dmusiclab.nl", true */ '3', 'd', 'm', 'u', 's', 'i', 'c', 'l', 'a', 'b', '.', 'n', 'l', '\0',
+  /* "3do3dont.com", true */ '3', 'd', 'o', '3', 'd', 'o', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "3dprintsondemand.eu", true */ '3', 'd', 'p', 'r', 'i', 'n', 't', 's', 'o', 'n', 'd', 'e', 'm', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "3drenaline.com", true */ '3', 'd', 'r', 'e', 'n', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "3haeuserprojekt.org", true */ '3', 'h', 'a', 'e', 'u', 's', 'e', 'r', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'o', 'r', 'g', '\0',
+  /* "3haueserprojekt.org", true */ '3', 'h', 'a', 'u', 'e', 's', 'e', 'r', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'o', 'r', 'g', '\0',
+  /* "3hl0.net", true */ '3', 'h', 'l', '0', '.', 'n', 'e', 't', '\0',
+  /* "3james.com", true */ '3', 'j', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "3logic.ru", true */ '3', 'l', 'o', 'g', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "3mbo.de", true */ '3', 'm', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "3phase.pw", true */ '3', 'p', 'h', 'a', 's', 'e', '.', 'p', 'w', '\0',
+  /* "3plusdesign.gr", true */ '3', 'p', 'l', 'u', 's', 'd', 'e', 's', 'i', 'g', 'n', '.', 'g', 'r', '\0',
+  /* "3queens.cz", true */ '3', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'z', '\0',
+  /* "3queens.io", true */ '3', 'q', 'u', 'e', 'e', 'n', 's', '.', 'i', 'o', '\0',
+  /* "3r.org.uk", true */ '3', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "3s-hosting.de", true */ '3', 's', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "3timegear.com", true */ '3', 't', 'i', 'm', 'e', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "3trees.tk", true */ '3', 't', 'r', 'e', 'e', 's', '.', 't', 'k', '\0',
+  /* "3v4l.org", true */ '3', 'v', '4', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "3weekdietworks.com", true */ '3', 'w', 'e', 'e', 'k', 'd', 'i', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "3xx.link", true */ '3', 'x', 'x', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "4-1-where.com", true */ '4', '-', '1', '-', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "4-it.de", true */ '4', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "403.ch", true */ '4', '0', '3', '.', 'c', 'h', '\0',
+  /* "404forest.com", true */ '4', '0', '4', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "404notfound.com.br", true */ '4', '0', '4', 'n', 'o', 't', 'f', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "4096bit.de", true */ '4', '0', '9', '6', 'b', 'i', 't', '.', 'd', 'e', '\0',
+  /* "41-where.com", true */ '4', '1', '-', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "41199.com", true */ '4', '1', '1', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "411movie.com", true */ '4', '1', '1', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "41where.com", true */ '4', '1', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "420java.com", true */ '4', '2', '0', 'j', 'a', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "42day.info", true */ '4', '2', 'd', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "42entrepreneurs.fr", true */ '4', '2', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "42t.ru", true */ '4', '2', 't', '.', 'r', 'u', '\0',
+  /* "441jj.com", false */ '4', '4', '1', 'j', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "44scc.com", true */ '4', '4', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "4500.co.il", true */ '4', '5', '0', '0', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "491mhz.net", true */ '4', '9', '1', 'm', 'h', 'z', '.', 'n', 'e', 't', '\0',
+  /* "49889.com", true */ '4', '9', '8', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "49948522.com", true */ '4', '9', '9', '4', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "49dollaridahoregisteredagent.com", true */ '4', '9', 'd', 'o', 'l', 'l', 'a', 'r', 'i', 'd', 'a', 'h', 'o', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'a', 'g', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "4baby.com.br", true */ '4', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "4bike.eu", true */ '4', 'b', 'i', 'k', 'e', '.', 'e', 'u', '\0',
+  /* "4dbygg.se", true */ '4', 'd', 'b', 'y', 'g', 'g', '.', 's', 'e', '\0',
+  /* "4decor.org", true */ '4', 'd', 'e', 'c', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "4elements.com", true */ '4', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "4freepress.com", true */ '4', 'f', 'r', 'e', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "4g-server.eu", false */ '4', 'g', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "4garage.com.br", true */ '4', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "4host.ch", true */ '4', 'h', 'o', 's', 't', '.', 'c', 'h', '\0',
+  /* "4hvac.com", true */ '4', 'h', 'v', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "4mm.org", true */ '4', 'm', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "4plebs.moe", true */ '4', 'p', 'l', 'e', 'b', 's', '.', 'm', 'o', 'e', '\0',
+  /* "4project.co.il", true */ '4', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "4share.tv", true */ '4', 's', 'h', 'a', 'r', 'e', '.', 't', 'v', '\0',
+  /* "4sics.se", true */ '4', 's', 'i', 'c', 's', '.', 's', 'e', '\0',
+  /* "4th-ave-studio.com", true */ '4', 't', 'h', '-', 'a', 'v', 'e', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "4u.services", true */ '4', 'u', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "4u2ore.net", true */ '4', 'u', '2', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "4vector.com", true */ '4', 'v', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "4vf.de", true */ '4', 'v', 'f', '.', 'd', 'e', '\0',
+  /* "4winds.pt", true */ '4', 'w', 'i', 'n', 'd', 's', '.', 'p', 't', '\0',
+  /* "4x.fi", true */ '4', 'x', '.', 'f', 'i', '\0',
+  /* "4xlabs.co", true */ '4', 'x', 'l', 'a', 'b', 's', '.', 'c', 'o', '\0',
+  /* "500k.nl", true */ '5', '0', '0', 'k', '.', 'n', 'l', '\0',
+  /* "500p.xyz", true */ '5', '0', '0', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "506pay.com", true */ '5', '0', '6', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "50lakeshore.com", true */ '5', '0', 'l', 'a', 'k', 'e', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "50ma.xyz", true */ '5', '0', 'm', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "50north.de", true */ '5', '0', 'n', 'o', 'r', 't', 'h', '.', 'd', 'e', '\0',
+  /* "50plusnet.nl", true */ '5', '0', 'p', 'l', 'u', 's', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "525.info", true */ '5', '2', '5', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "52kb365.com", true */ '5', '2', 'k', 'b', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "52sykb.com", true */ '5', '2', 's', 'y', 'k', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "5432.cc", true */ '5', '4', '3', '2', '.', 'c', 'c', '\0',
+  /* "54below.com", true */ '5', '4', 'b', 'e', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "5533445.com", true */ '5', '5', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "555xl.com", true */ '5', '5', '5', 'x', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "55scc.com", true */ '5', '5', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "57aromas.com", true */ '5', '7', 'a', 'r', 'o', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5apps.com", true */ '5', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5c1fd0f31022cbc40af9f785847baaf9.space", true */ '5', 'c', '1', 'f', 'd', '0', 'f', '3', '1', '0', '2', '2', 'c', 'b', 'c', '4', '0', 'a', 'f', '9', 'f', '7', '8', '5', '8', '4', '7', 'b', 'a', 'a', 'f', '9', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "5chat.it", true */ '5', 'c', 'h', 'a', 't', '.', 'i', 't', '\0',
+  /* "5crowd.com", true */ '5', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "5francs.com", true */ '5', 'f', 'r', 'a', 'n', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5gb.space", true */ '5', 'g', 'b', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "5h0r7.com", true */ '5', 'h', '0', 'r', '7', '.', 'c', 'o', 'm', '\0',
+  /* "5kraceforals.com", true */ '5', 'k', 'r', 'a', 'c', 'e', 'f', 'o', 'r', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5starbouncycastlehire.co.uk", true */ '5', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "5w5.la", true */ '5', 'w', '5', '.', 'l', 'a', '\0',
+  /* "5y.fi", true */ '5', 'y', '.', 'f', 'i', '\0',
+  /* "62755.com", true */ '6', '2', '7', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "646.io", false */ '6', '4', '6', '.', 'i', 'o', '\0',
+  /* "64bitgaming.de", true */ '6', '4', 'b', 'i', 't', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "6541166.com", true */ '6', '5', '4', '1', '1', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "6542277.com", true */ '6', '5', '4', '2', '2', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "6543399.com", true */ '6', '5', '4', '3', '3', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "6548855.com", true */ '6', '5', '4', '8', '8', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "6548877.com", true */ '6', '5', '4', '8', '8', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "6633445.com", true */ '6', '6', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "6660111.ru", true */ '6', '6', '6', '0', '1', '1', '1', '.', 'r', 'u', '\0',
+  /* "686848.com", true */ '6', '8', '6', '8', '4', '8', '.', 'c', 'o', 'm', '\0',
+  /* "692b8c32.de", true */ '6', '9', '2', 'b', '8', 'c', '3', '2', '.', 'd', 'e', '\0',
+  /* "6969.us", true */ '6', '9', '6', '9', '.', 'u', 's', '\0',
+  /* "69butterfly.com", true */ '6', '9', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "6lo.zgora.pl", true */ '6', 'l', 'o', '.', 'z', 'g', 'o', 'r', 'a', '.', 'p', 'l', '\0',
+  /* "6t-montjoye.org", true */ '6', 't', '-', 'm', 'o', 'n', 't', 'j', 'o', 'y', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "6w6.la", true */ '6', 'w', '6', '.', 'l', 'a', '\0',
+  /* "700.az", true */ '7', '0', '0', '.', 'a', 'z', '\0',
+  /* "7183.org", true */ '7', '1', '8', '3', '.', 'o', 'r', 'g', '\0',
+  /* "724go.com", true */ '7', '2', '4', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "762.ch", true */ '7', '6', '2', '.', 'c', 'h', '\0',
+  /* "771122.tv", true */ '7', '7', '1', '1', '2', '2', '.', 't', 'v', '\0',
+  /* "7733445.com", true */ '7', '7', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "776573.net", true */ '7', '7', '6', '5', '7', '3', '.', 'n', 'e', 't', '\0',
+  /* "777coin.com", true */ '7', '7', '7', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "7careconnect.com", true */ '7', 'c', 'a', 'r', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "7delights.com", true */ '7', 'd', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "7delights.in", true */ '7', 'd', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'i', 'n', '\0',
+  /* "7kicks.com", true */ '7', 'k', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "7links.com.br", true */ '7', 'l', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "7nw.eu", false */ '7', 'n', 'w', '.', 'e', 'u', '\0',
+  /* "7sons.de", true */ '7', 's', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "7thcircledesigns.com", true */ '7', 't', 'h', 'c', 'i', 'r', 'c', 'l', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "7x24servis.com", true */ '7', 'x', '2', '4', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "8003pay.com", true */ '8', '0', '0', '3', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "8522.com", true */ '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "8522club.com", true */ '8', '5', '2', '2', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "8522top.com", true */ '8', '5', '2', '2', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "86metro.ru", true */ '8', '6', 'm', 'e', 't', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "8833445.com", true */ '8', '8', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "888msc.vip", true */ '8', '8', '8', 'm', 's', 'c', '.', 'v', 'i', 'p', '\0',
+  /* "8ack.de", true */ '8', 'a', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "8ackprotect.com", true */ '8', 'a', 'c', 'k', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "8azino777.ru", true */ '8', 'a', 'z', 'i', 'n', 'o', '7', '7', '7', '.', 'r', 'u', '\0',
+  /* "8pecxstudios.com", true */ '8', 'p', 'e', 'c', 'x', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "8svn.com", true */ '8', 's', 'v', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "8t8.eu", true */ '8', 't', '8', '.', 'e', 'u', '\0',
+  /* "8tech.com.hk", true */ '8', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "8thportsmouth.org.uk", true */ '8', 't', 'h', 'p', 'o', 'r', 't', 's', 'm', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "8tuffbeers.com", true */ '8', 't', 'u', 'f', 'f', 'b', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "9118.com", true */ '9', '1', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "91dh.cc", true */ '9', '1', 'd', 'h', '.', 'c', 'c', '\0',
+  /* "91lt.info", true */ '9', '1', 'l', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "91tianmi.com", false */ '9', '1', 't', 'i', 'a', 'n', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "91travel.info", true */ '9', '1', 't', 'r', 'a', 'v', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "92url.com", true */ '9', '2', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "9449-27a1-22a1-e0d9-4237-dd99-e75e-ac85-2f47-9d34.de", true */ '9', '4', '4', '9', '-', '2', '7', 'a', '1', '-', '2', '2', 'a', '1', '-', 'e', '0', 'd', '9', '-', '4', '2', '3', '7', '-', 'd', 'd', '9', '9', '-', 'e', '7', '5', 'e', '-', 'a', 'c', '8', '5', '-', '2', 'f', '4', '7', '-', '9', 'd', '3', '4', '.', 'd', 'e', '\0',
+  /* "94cs.cn", false */ '9', '4', 'c', 's', '.', 'c', 'n', '\0',
+  /* "9500years.com", true */ '9', '5', '0', '0', 'y', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "987987.com", true */ '9', '8', '7', '9', '8', '7', '.', 'c', 'o', 'm', '\0',
+  /* "98laba.com", true */ '9', '8', 'l', 'a', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "98laba.net", true */ '9', '8', 'l', 'a', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "9906753.net", true */ '9', '9', '0', '6', '7', '5', '3', '.', 'n', 'e', 't', '\0',
+  /* "9933445.com", true */ '9', '9', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "99599.fi", true */ '9', '9', '5', '9', '9', '.', 'f', 'i', '\0',
+  /* "99599.net", true */ '9', '9', '5', '9', '9', '.', 'n', 'e', 't', '\0',
+  /* "99998522.com", true */ '9', '9', '9', '9', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "99buffets.com", true */ '9', '9', 'b', 'u', 'f', 'f', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "99rst.org", true */ '9', '9', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "9uelle.jp", true */ '9', 'u', 'e', 'l', 'l', 'e', '.', 'j', 'p', '\0',
+  /* "9vx.org", true */ '9', 'v', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "9yw.me", true */ '9', 'y', 'w', '.', 'm', 'e', '\0',
+  /* "a-1indianawaterproofing.com", true */ 'a', '-', '1', 'i', 'n', 'd', 'i', 'a', 'n', 'a', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "a-allard.be", true */ 'a', '-', 'a', 'l', 'l', 'a', 'r', 'd', '.', 'b', 'e', '\0',
+  /* "a-classinflatables.co.uk", true */ 'a', '-', 'c', 'l', 'a', 's', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "a-intel.com", true */ 'a', '-', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "a-ix.net", true */ 'a', '-', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "a-little-linux-box.at", true */ 'a', '-', 'l', 'i', 't', 't', 'l', 'e', '-', 'l', 'i', 'n', 'u', 'x', '-', 'b', 'o', 'x', '.', 'a', 't', '\0',
+  /* "a-oben.org", true */ 'a', '-', 'o', 'b', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "a-starbouncycastles.co.uk", true */ 'a', '-', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "a1798.com", true */ 'a', '1', '7', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "a1bouncycastlehire.com", true */ 'a', '1', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "a1jumpandbounce.co.uk", true */ 'a', '1', 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "a1scuba.com", true */ 'a', '1', 's', 'c', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "a1scubastore.com", true */ 'a', '1', 's', 'c', 'u', 'b', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "a2a.net", true */ 'a', '2', 'a', '.', 'n', 'e', 't', '\0',
+  /* "a2c-co.net", true */ 'a', '2', 'c', '-', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "a2it.gr", true */ 'a', '2', 'i', 't', '.', 'g', 'r', '\0',
+  /* "a2nutrition.com.au", true */ 'a', '2', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "a7m2.me", true */ 'a', '7', 'm', '2', '.', 'm', 'e', '\0',
+  /* "aa-tour.ru", true */ 'a', 'a', '-', 't', 'o', 'u', 'r', '.', 'r', 'u', '\0',
+  /* "aaapl.com", true */ 'a', 'a', 'a', 'p', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aabanet.com.br", true */ 'a', 'a', 'b', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aagetransport.no", true */ 'a', 'a', 'g', 'e', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'n', 'o', '\0',
+  /* "aalalbayt.com", true */ 'a', 'a', 'l', 'a', 'l', 'b', 'a', 'y', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aalalbayt.net", true */ 'a', 'a', 'l', 'a', 'l', 'b', 'a', 'y', 't', '.', 'n', 'e', 't', '\0',
+  /* "aalstmotors-usedcars.be", true */ 'a', 'a', 'l', 's', 't', 'm', 'o', 't', 'o', 'r', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "aaltocapital.com", true */ 'a', 'a', 'l', 't', 'o', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aamwa.com", true */ 'a', 'a', 'm', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aandeautobody.com", true */ 'a', 'a', 'n', 'd', 'e', 'a', 'u', 't', 'o', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "aandkevents.co.uk", true */ 'a', 'a', 'n', 'd', 'k', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aanmpc.com", true */ 'a', 'a', 'n', 'm', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aaomidi.com", true */ 'a', 'a', 'o', 'm', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "aapas.org.ar", true */ 'a', 'a', 'p', 'a', 's', '.', 'o', 'r', 'g', '.', 'a', 'r', '\0',
+  /* "aardvarksolutions.co.za", true */ 'a', 'a', 'r', 'd', 'v', 'a', 'r', 'k', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "aariefhaafiz.com", true */ 'a', 'a', 'r', 'i', 'e', 'f', 'h', 'a', 'a', 'f', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "aarkue.eu", true */ 'a', 'a', 'r', 'k', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "aaron.xin", true */ 'a', 'a', 'r', 'o', 'n', '.', 'x', 'i', 'n', '\0',
+  /* "aaronhorler.com", true */ 'a', 'a', 'r', 'o', 'n', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "aaronmcguire.me", false */ 'a', 'a', 'r', 'o', 'n', 'm', 'c', 'g', 'u', 'i', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "aaronroyle.com", true */ 'a', 'a', 'r', 'o', 'n', 'r', 'o', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aaronsilber.me", true */ 'a', 'a', 'r', 'o', 'n', 's', 'i', 'l', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "aatf.us", true */ 'a', 'a', 't', 'f', '.', 'u', 's', '\0',
+  /* "aati.info", false */ 'a', 'a', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "abaapplianceservice.com", true */ 'a', 'b', 'a', 'a', 'p', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abacus-events.co.uk", true */ 'a', 'b', 'a', 'c', 'u', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abacusbouncycastle.co.uk", true */ 'a', 'b', 'a', 'c', 'u', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abacustech.co.jp", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "abacustech.net", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "abacustech.org", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "abandonedmines.gov", true */ 'a', 'b', 'a', 'n', 'd', 'o', 'n', 'e', 'd', 'm', 'i', 'n', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "abasky.net", true */ 'a', 'b', 'a', 's', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "abbadabbabouncycastles.co.uk", true */ 'a', 'b', 'b', 'a', 'd', 'a', 'b', 'b', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abbas.ch", true */ 'a', 'b', 'b', 'a', 's', '.', 'c', 'h', '\0',
+  /* "abborsjo.fi", true */ 'a', 'b', 'b', 'o', 'r', 's', 'j', 'o', '.', 'f', 'i', '\0',
+  /* "abbotsparties.co.uk", true */ 'a', 'b', 'b', 'o', 't', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abbottscastles.co.uk", true */ 'a', 'b', 'b', 'o', 't', 't', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abbradar.net", true */ 'a', 'b', 'b', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "abbruch-star.de", true */ 'a', 'b', 'b', 'r', 'u', 'c', 'h', '-', 's', 't', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "abc-rz.de", true */ 'a', 'b', 'c', '-', 'r', 'z', '.', 'd', 'e', '\0',
+  /* "abc.li", true */ 'a', 'b', 'c', '.', 'l', 'i', '\0',
+  /* "abcbouncycastlessurrey.co.uk", true */ 'a', 'b', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abcbouncyfactory.co.uk", true */ 'a', 'b', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abcdef.be", true */ 'a', 'b', 'c', 'd', 'e', 'f', '.', 'b', 'e', '\0',
+  /* "abcdobebe.com", true */ 'a', 'b', 'c', 'd', 'o', 'b', 'e', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abcheck.se", true */ 'a', 'b', 'c', 'h', 'e', 'c', 'k', '.', 's', 'e', '\0',
+  /* "abcpartyhire.com", true */ 'a', 'b', 'c', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abdullah.pw", true */ 'a', 'b', 'd', 'u', 'l', 'l', 'a', 'h', '.', 'p', 'w', '\0',
+  /* "abe-elektro.de", true */ 'a', 'b', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "abe.cloud", false */ 'a', 'b', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "abecodes.net", true */ 'a', 'b', 'e', 'c', 'o', 'd', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "abeestrada.com", false */ 'a', 'b', 'e', 'e', 's', 't', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "abeilles-idapi.fr", true */ 'a', 'b', 'e', 'i', 'l', 'l', 'e', 's', '-', 'i', 'd', 'a', 'p', 'i', '.', 'f', 'r', '\0',
+  /* "abenteuer-ahnenforschung.de", true */ 'a', 'b', 'e', 'n', 't', 'e', 'u', 'e', 'r', '-', 'a', 'h', 'n', 'e', 'n', 'f', 'o', 'r', 's', 'c', 'h', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "abeontech.com", true */ 'a', 'b', 'e', 'o', 'n', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "aberdeencastles.co.uk", true */ 'a', 'b', 'e', 'r', 'd', 'e', 'e', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aberdeenjudo.co.uk", true */ 'a', 'b', 'e', 'r', 'd', 'e', 'e', 'n', 'j', 'u', 'd', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abeus.com", true */ 'a', 'b', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "abhisharma.me", true */ 'a', 'b', 'h', 'i', 's', 'h', 'a', 'r', 'm', 'a', '.', 'm', 'e', '\0',
+  /* "abi-2017.tk", true */ 'a', 'b', 'i', '-', '2', '0', '1', '7', '.', 't', 'k', '\0',
+  /* "abi-fvs.de", true */ 'a', 'b', 'i', '-', 'f', 'v', 's', '.', 'd', 'e', '\0',
+  /* "abiapp.net", true */ 'a', 'b', 'i', 'a', 'p', 'p', '.', 'n', 'e', 't', '\0',
+  /* "abibruce.co.uk", true */ 'a', 'b', 'i', 'b', 'r', 'u', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abidinginhesed.com", true */ 'a', 'b', 'i', 'd', 'i', 'n', 'g', 'i', 'n', 'h', 'e', 's', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "abigisp.com", true */ 'a', 'b', 'i', 'g', 'i', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "abilitycaresoftware.com", true */ 'a', 'b', 'i', 'l', 'i', 't', 'y', 'c', 'a', 'r', 'e', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abilitynet.org.uk", true */ 'a', 'b', 'i', 'l', 'i', 't', 'y', 'n', 'e', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "abilma.com", true */ 'a', 'b', 'i', 'l', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "abilymp06.net", true */ 'a', 'b', 'i', 'l', 'y', 'm', 'p', '0', '6', '.', 'n', 'e', 't', '\0',
+  /* "abimelec.com", true */ 'a', 'b', 'i', 'm', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "abinyah.com", true */ 'a', 'b', 'i', 'n', 'y', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "abiturma.de", true */ 'a', 'b', 'i', 't', 'u', 'r', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "ablak-nyilaszaro.info", true */ 'a', 'b', 'l', 'a', 'k', '-', 'n', 'y', 'i', 'l', 'a', 's', 'z', 'a', 'r', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "abmc.gov", true */ 'a', 'b', 'm', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "abmgood.com", false */ 'a', 'b', 'm', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "abmledger.ca", true */ 'a', 'b', 'm', 'l', 'e', 'd', 'g', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "abmtax.ca", true */ 'a', 'b', 'm', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "abn-consultants.ie", true */ 'a', 'b', 'n', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 't', 's', '.', 'i', 'e', '\0',
+  /* "abnehmen.com", true */ 'a', 'b', 'n', 'e', 'h', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "abnerchou.me", true */ 'a', 'b', 'n', 'e', 'r', 'c', 'h', 'o', 'u', '.', 'm', 'e', '\0',
+  /* "abobuch.de", true */ 'a', 'b', 'o', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "aboces.org", true */ 'a', 'b', 'o', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aboderenovation.co.uk", true */ 'a', 'b', 'o', 'd', 'e', 'r', 'e', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abolicionistas.com", true */ 'a', 'b', 'o', 'l', 'i', 'c', 'i', 'o', 'n', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "abolition.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "abolitionism.ca", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'a', '\0',
+  /* "abolitionism.co.uk", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abolitionism.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionism.in", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'i', 'n', '\0',
+  /* "abolitionism.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "abolitionism.us", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'u', 's', '\0',
+  /* "abolitionist-project.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionist-society.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '-', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionist.ca", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'a', '\0',
+  /* "abolitionist.co.uk", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abolitionist.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionist.in", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'i', 'n', '\0',
+  /* "abolitionist.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "abolitionist.us", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'u', 's', '\0',
+  /* "abolitionistparty.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionistproject.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionistsociety.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionniste.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'n', 'i', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abolizionista.com", true */ 'a', 'b', 'o', 'l', 'i', 'z', 'i', 'o', 'n', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "abosav.com", true */ 'a', 'b', 'o', 's', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "abou.to", false */ 'a', 'b', 'o', 'u', '.', 't', 'o', '\0',
+  /* "abouncycastleman.co.uk", true */ 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aboutassistedliving.org", true */ 'a', 'b', 'o', 'u', 't', 'a', 's', 's', 'i', 's', 't', 'e', 'd', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "abouthrm.nl", true */ 'a', 'b', 'o', 'u', 't', 'h', 'r', 'm', '.', 'n', 'l', '\0',
+  /* "aboutict.nl", true */ 'a', 'b', 'o', 'u', 't', 'i', 'c', 't', '.', 'n', 'l', '\0',
+  /* "aboutlegal.nl", true */ 'a', 'b', 'o', 'u', 't', 'l', 'e', 'g', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "aboutmedia.nl", true */ 'a', 'b', 'o', 'u', 't', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "aboutspice.com", true */ 'a', 'b', 'o', 'u', 't', 's', 'p', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abox-kb.com", true */ 'a', 'b', 'o', 'x', '-', 'k', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "abrakidabra.com.br", true */ 'a', 'b', 'r', 'a', 'k', 'i', 'd', 'a', 'b', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "abrilect.com", true */ 'a', 'b', 'r', 'i', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abseits.org", true */ 'a', 'b', 's', 'e', 'i', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "absolem.cc", true */ 'a', 'b', 's', 'o', 'l', 'e', 'm', '.', 'c', 'c', '\0',
+  /* "absolutelyinflatables.co.uk", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'l', 'y', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "absoluterush.net", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'r', 'u', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "absolutewaterproofingsolutions.com", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "absolutewebdesigns.com", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "abstraction21.com", true */ 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '2', '1', '.', 'c', 'o', 'm', '\0',
+  /* "absynthe-inquisition.fr", true */ 'a', 'b', 's', 'y', 'n', 't', 'h', 'e', '-', 'i', 'n', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "abthorpe.org", true */ 'a', 'b', 't', 'h', 'o', 'r', 'p', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "abulanov.com", true */ 'a', 'b', 'u', 'l', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "abundent.com", true */ 'a', 'b', 'u', 'n', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abuse.fi", true */ 'a', 'b', 'u', 's', 'e', '.', 'f', 'i', '\0',
+  /* "abuse.io", true */ 'a', 'b', 'u', 's', 'e', '.', 'i', 'o', '\0',
+  /* "abvent.net", true */ 'a', 'b', 'v', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "abvlbasketviganello.ch", true */ 'a', 'b', 'v', 'l', 'b', 'a', 's', 'k', 'e', 't', 'v', 'i', 'g', 'a', 'n', 'e', 'l', 'l', 'o', '.', 'c', 'h', '\0',
+  /* "abyssgaming.eu", true */ 'a', 'b', 'y', 's', 's', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "ac-admin.pl", true */ 'a', 'c', '-', 'a', 'd', 'm', 'i', 'n', '.', 'p', 'l', '\0',
+  /* "ac-epmservices.com", true */ 'a', 'c', '-', 'e', 'p', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ac-town.com", true */ 'a', 'c', '-', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ac.milan.it", true */ 'a', 'c', '.', 'm', 'i', 'l', 'a', 'n', '.', 'i', 't', '\0',
+  /* "academicexperts.us", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'c', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'u', 's', '\0',
+  /* "academie-de-police.ch", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', '-', 'd', 'e', '-', 'p', 'o', 'l', 'i', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "academy4.net", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'y', '4', '.', 'n', 'e', 't', '\0',
+  /* "academytv.com.au", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'y', 't', 'v', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "acadianapatios.com", true */ 'a', 'c', 'a', 'd', 'i', 'a', 'n', 'a', 'p', 'a', 't', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "acampar.com.br", true */ 'a', 'c', 'a', 'm', 'p', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "acaonegocios.com.br", true */ 'a', 'c', 'a', 'o', 'n', 'e', 'g', 'o', 'c', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "acara-yoga.de", true */ 'a', 'c', 'a', 'r', 'a', '-', 'y', 'o', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "acat.io", true */ 'a', 'c', 'a', 't', '.', 'i', 'o', '\0',
+  /* "acbrussels-used.be", true */ 'a', 'c', 'b', 'r', 'u', 's', 's', 'e', 'l', 's', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "accbay.com", true */ 'a', 'c', 'c', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "accelaway.com", true */ 'a', 'c', 'c', 'e', 'l', 'a', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "accelerate.network", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "acceleratenetworks.com", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "accelerateyourworld.org", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', 'y', 'o', 'u', 'r', 'w', 'o', 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "accentthailand.com", true */ 'a', 'c', 'c', 'e', 'n', 't', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "accesloges.com", true */ 'a', 'c', 'c', 'e', 's', 'l', 'o', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "accessacab.co.uk", true */ 'a', 'c', 'c', 'e', 's', 's', 'a', 'c', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "accessauto-occasions.be", true */ 'a', 'c', 'c', 'e', 's', 's', 'a', 'u', 't', 'o', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "accessmy.net", true */ 'a', 'c', 'c', 'e', 's', 's', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "accessoripersmartphone.it", true */ 'a', 'c', 'c', 'e', 's', 's', 'o', 'r', 'i', 'p', 'e', 'r', 's', 'm', 'a', 'r', 't', 'p', 'h', 'o', 'n', 'e', '.', 'i', 't', '\0',
+  /* "accolade.com.br", true */ 'a', 'c', 'c', 'o', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "accordiondoor.com", true */ 'a', 'c', 'c', 'o', 'r', 'd', 'i', 'o', 'n', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "accoun.technology", true */ 'a', 'c', 'c', 'o', 'u', 'n', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "accounts.firefox.com", true */ 'a', 'c', 'c', 'o', 'u', 'n', 't', 's', '.', 'f', 'i', 'r', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "accounts.google.com", true */ 'a', 'c', 'c', 'o', 'u', 'n', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "accudraftpaintbooths.com", true */ 'a', 'c', 'c', 'u', 'd', 'r', 'a', 'f', 't', 'p', 'a', 'i', 'n', 't', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', 'm', '\0',
+  /* "accuritconsulting.com", true */ 'a', 'c', 'c', 'u', 'r', 'i', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aceadvisory.biz", true */ 'a', 'c', 'e', 'a', 'd', 'v', 'i', 's', 'o', 'r', 'y', '.', 'b', 'i', 'z', '\0',
+  /* "acecerts.co.uk", true */ 'a', 'c', 'e', 'c', 'e', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acecolleges.edu.au", true */ 'a', 'c', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 's', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0',
+  /* "aceinflatables.com", true */ 'a', 'c', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aceinstituteonline.com", true */ 'a', 'c', 'e', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "acelpb.com", true */ 'a', 'c', 'e', 'l', 'p', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "acemobileforce.com", true */ 'a', 'c', 'e', 'm', 'o', 'b', 'i', 'l', 'e', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "acemypaper.com", true */ 'a', 'c', 'e', 'm', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "acendealuz.com.br", true */ 'a', 'c', 'e', 'n', 'd', 'e', 'a', 'l', 'u', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "acerislaw.com", true */ 'a', 'c', 'e', 'r', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "acessoeducacao.com", true */ 'a', 'c', 'e', 's', 's', 'o', 'e', 'd', 'u', 'c', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "acevik.de", true */ 'a', 'c', 'e', 'v', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "acg.mn", true */ 'a', 'c', 'g', '.', 'm', 'n', '\0',
+  /* "acg18.us", false */ 'a', 'c', 'g', '1', '8', '.', 'u', 's', '\0',
+  /* "achalay.org", true */ 'a', 'c', 'h', 'a', 'l', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "acheconcursos.com.br", true */ 'a', 'c', 'h', 'e', 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "achenar.net", true */ 'a', 'c', 'h', 'e', 'n', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "achow101.com", true */ 'a', 'c', 'h', 'o', 'w', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "achromatisch.de", true */ 'a', 'c', 'h', 'r', 'o', 'm', 'a', 't', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "achterblog.de", true */ 'a', 'c', 'h', 't', 'e', 'r', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "achterstieg.dedyn.io", true */ 'a', 'c', 'h', 't', 'e', 'r', 's', 't', 'i', 'e', 'g', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "achtzehn.eu", true */ 'a', 'c', 'h', 't', 'z', 'e', 'h', 'n', '.', 'e', 'u', '\0',
+  /* "achtzehnterachter.de", true */ 'a', 'c', 'h', 't', 'z', 'e', 'h', 'n', 't', 'e', 'r', 'a', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "acidbin.co", true */ 'a', 'c', 'i', 'd', 'b', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "aciety.com", true */ 'a', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "aciksite.com", true */ 'a', 'c', 'i', 'k', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ackis.duckdns.org", true */ 'a', 'c', 'k', 'i', 's', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "acksoft.fr", true */ 'a', 'c', 'k', 's', 'o', 'f', 't', '.', 'f', 'r', '\0',
+  /* "acksoftdemo.fr", true */ 'a', 'c', 'k', 's', 'o', 'f', 't', 'd', 'e', 'm', 'o', '.', 'f', 'r', '\0',
+  /* "aclu.org", false */ 'a', 'c', 'l', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "acluva.org", false */ 'a', 'c', 'l', 'u', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "acme.beer", true */ 'a', 'c', 'm', 'e', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "acmexyz123.info", true */ 'a', 'c', 'm', 'e', 'x', 'y', 'z', '1', '2', '3', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "acnpacific.com", true */ 'a', 'c', 'n', 'p', 'a', 'c', 'i', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aconnor.xyz", true */ 'a', 'c', 'o', 'n', 'n', 'o', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "acordes.online", true */ 'a', 'c', 'o', 'r', 'd', 'e', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "acorncastles.co.uk", true */ 'a', 'c', 'o', 'r', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acorns.com", true */ 'a', 'c', 'o', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "acourse.io", true */ 'a', 'c', 'o', 'u', 'r', 's', 'e', '.', 'i', 'o', '\0',
+  /* "acousti-tech.com", true */ 'a', 'c', 'o', 'u', 's', 't', 'i', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "acoustique-tardy.com", true */ 'a', 'c', 'o', 'u', 's', 't', 'i', 'q', 'u', 'e', '-', 't', 'a', 'r', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "acperu.ch", true */ 'a', 'c', 'p', 'e', 'r', 'u', '.', 'c', 'h', '\0',
+  /* "acrevalue.com", true */ 'a', 'c', 'r', 'e', 'v', 'a', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "across.ml", true */ 'a', 'c', 'r', 'o', 's', 's', '.', 'm', 'l', '\0',
+  /* "acrylicwifi.com", true */ 'a', 'c', 'r', 'y', 'l', 'i', 'c', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "acs-chantal.com", true */ 'a', 'c', 's', '-', 'c', 'h', 'a', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "acsc.gov.au", true */ 'a', 'c', 's', 'c', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0',
+  /* "acsemb.org", true */ 'a', 'c', 's', 'e', 'm', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "acsihostingsolutions.com", true */ 'a', 'c', 's', 'i', 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "acsports.ca", true */ 'a', 'c', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'a', '\0',
+  /* "actc81.fr", true */ 'a', 'c', 't', 'c', '8', '1', '.', 'f', 'r', '\0',
+  /* "actgruppe.de", true */ 'a', 'c', 't', 'g', 'r', 'u', 'p', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "actilove.ch", true */ 'a', 'c', 't', 'i', 'l', 'o', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "actionlabs.net", true */ 'a', 'c', 't', 'i', 'o', 'n', 'l', 'a', 'b', 's', '.', 'n', 'e', 't', '\0',
+  /* "actionmadagascar.ch", true */ 'a', 'c', 't', 'i', 'o', 'n', 'm', 'a', 'd', 'a', 'g', 'a', 's', 'c', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "actionsack.com", true */ 'a', 'c', 't', 'i', 'o', 'n', 's', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "actiontowingroundrock.com", true */ 'a', 'c', 't', 'i', 'o', 'n', 't', 'o', 'w', 'i', 'n', 'g', 'r', 'o', 'u', 'n', 'd', 'r', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "activatemyiphone.com", true */ 'a', 'c', 't', 'i', 'v', 'a', 't', 'e', 'm', 'y', 'i', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "activateudid.com", true */ 'a', 'c', 't', 'i', 'v', 'a', 't', 'e', 'u', 'd', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "active.hu", false */ 'a', 'c', 't', 'i', 'v', 'e', '.', 'h', 'u', '\0',
+  /* "activehire.co.uk", true */ 'a', 'c', 't', 'i', 'v', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "activeleisure.ie", true */ 'a', 'c', 't', 'i', 'v', 'e', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'i', 'e', '\0',
+  /* "activeworld.net", true */ 'a', 'c', 't', 'i', 'v', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "activitesaintnicaise.org", true */ 'a', 'c', 't', 'i', 'v', 'i', 't', 'e', 's', 'a', 'i', 'n', 't', 'n', 'i', 'c', 'a', 'i', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "activityeventhire.co.uk", true */ 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "actorsroom.com", true */ 'a', 'c', 't', 'o', 'r', 's', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "actserv.co.ke", true */ 'a', 'c', 't', 's', 'e', 'r', 'v', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "actu-film.com", true */ 'a', 'c', 't', 'u', '-', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "acuica.co.uk", false */ 'a', 'c', 'u', 'i', 'c', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acul.me", true */ 'a', 'c', 'u', 'l', '.', 'm', 'e', '\0',
+  /* "acus.gov", true */ 'a', 'c', 'u', 's', '.', 'g', 'o', 'v', '\0',
+  /* "acwcerts.co.uk", true */ 'a', 'c', 'w', 'c', 'e', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acwi.gov", true */ 'a', 'c', 'w', 'i', '.', 'g', 'o', 'v', '\0',
+  /* "ad-disruptio.fr", false */ 'a', 'd', '-', 'd', 'i', 's', 'r', 'u', 'p', 't', 'i', 'o', '.', 'f', 'r', '\0',
+  /* "ad-notam.asia", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'a', 's', 'i', 'a', '\0',
+  /* "ad-notam.ch", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "ad-notam.co.uk", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ad-notam.com", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ad-notam.de", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "ad-notam.fr", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "ad-notam.it", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'i', 't', '\0',
+  /* "ad-notam.pt", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'p', 't', '\0',
+  /* "ad-notam.us", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'u', 's', '\0',
+  /* "ada.gov", true */ 'a', 'd', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "adalis.org", true */ 'a', 'd', 'a', 'l', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "adam-kostecki.de", true */ 'a', 'd', 'a', 'm', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "adam-wilson.me", true */ 'a', 'd', 'a', 'm', '-', 'w', 'i', 'l', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "adamas-magicus.ru", true */ 'a', 'd', 'a', 'm', 'a', 's', '-', 'm', 'a', 'g', 'i', 'c', 'u', 's', '.', 'r', 'u', '\0',
+  /* "adambalogh.net", true */ 'a', 'd', 'a', 'm', 'b', 'a', 'l', 'o', 'g', 'h', '.', 'n', 'e', 't', '\0',
+  /* "adambyers.com", true */ 'a', 'd', 'a', 'm', 'b', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adamek.online", true */ 'a', 'd', 'a', 'm', 'e', 'k', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "adamfontenot.com", true */ 'a', 'd', 'a', 'm', 'f', 'o', 'n', 't', 'e', 'n', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adamh.us", true */ 'a', 'd', 'a', 'm', 'h', '.', 'u', 's', '\0',
+  /* "adamkaminski.com", true */ 'a', 'd', 'a', 'm', 'k', 'a', 'm', 'i', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "adamkostecki.de", true */ 'a', 'd', 'a', 'm', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "adamoutler.com", true */ 'a', 'd', 'a', 'm', 'o', 'u', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "adamradocz.com", true */ 'a', 'd', 'a', 'm', 'r', 'a', 'd', 'o', 'c', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "adams.dk", true */ 'a', 'd', 'a', 'm', 's', '.', 'd', 'k', '\0',
+  /* "adamsbouncycastles.co.uk", true */ 'a', 'd', 'a', 'm', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adamstas.com", true */ 'a', 'd', 'a', 'm', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adamwallington.co.uk", true */ 'a', 'd', 'a', 'm', 'w', 'a', 'l', 'l', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adamwilcox.org", true */ 'a', 'd', 'a', 'm', 'w', 'i', 'l', 'c', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "adapt-elektronik.com", true */ 'a', 'd', 'a', 'p', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "adapt.de", true */ 'a', 'd', 'a', 'p', 't', '.', 'd', 'e', '\0',
+  /* "adapti.de", true */ 'a', 'd', 'a', 'p', 't', 'i', '.', 'd', 'e', '\0',
+  /* "adaptivemechanics.edu.au", true */ 'a', 'd', 'a', 'p', 't', 'i', 'v', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0',
+  /* "adawolfa.cz", true */ 'a', 'd', 'a', 'w', 'o', 'l', 'f', 'a', '.', 'c', 'z', '\0',
+  /* "adayinthelifeof.nl", true */ 'a', 'd', 'a', 'y', 'i', 'n', 't', 'h', 'e', 'l', 'i', 'f', 'e', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "adblock.ovh", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "adblockextreme.com", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adblockextreme.net", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "adblockextreme.org", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "addcrazy.com", true */ 'a', 'd', 'd', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "addeekt.com", true */ 'a', 'd', 'd', 'e', 'e', 'k', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adderall.space", true */ 'a', 'd', 'd', 'e', 'r', 'a', 'l', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "addicional.com", true */ 'a', 'd', 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "addictively.com", true */ 'a', 'd', 'd', 'i', 'c', 't', 'i', 'v', 'e', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "addiko.net", true */ 'a', 'd', 'd', 'i', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "addones.net", true */ 'a', 'd', 'd', 'o', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "addstar.jp", false */ 'a', 'd', 'd', 's', 't', 'a', 'r', '.', 'j', 'p', '\0',
+  /* "addtoany.com", true */ 'a', 'd', 'd', 't', 'o', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "adduono.com", true */ 'a', 'd', 'd', 'u', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "adelaides.com", true */ 'a', 'd', 'e', 'l', 'a', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adelebeals.com", true */ 'a', 'd', 'e', 'l', 'e', 'b', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adelightfulglow.com", true */ 'a', 'd', 'e', 'l', 'i', 'g', 'h', 't', 'f', 'u', 'l', 'g', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "adeline.mobi", true */ 'a', 'd', 'e', 'l', 'i', 'n', 'e', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "adentalsolution.com", true */ 'a', 'd', 'e', 'n', 't', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "adevel.eu", true */ 'a', 'd', 'e', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "adhesivelaundry.co.uk", true */ 'a', 'd', 'h', 'e', 's', 'i', 'v', 'e', 'l', 'a', 'u', 'n', 'd', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adhigamindia.com", true */ 'a', 'd', 'h', 'i', 'g', 'a', 'm', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "adhoc.is", true */ 'a', 'd', 'h', 'o', 'c', '.', 'i', 's', '\0',
+  /* "adigitali.biz", true */ 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "adimaja.com", true */ 'a', 'd', 'i', 'm', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "adinariversloveschool.com", true */ 'a', 'd', 'i', 'n', 'a', 'r', 'i', 'v', 'e', 'r', 's', 'l', 'o', 'v', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "adiponectinsupplement.info", true */ 'a', 'd', 'i', 'p', 'o', 'n', 'e', 'c', 't', 'i', 'n', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "adiponectinsupplement.net", true */ 'a', 'd', 'i', 'p', 'o', 'n', 'e', 'c', 't', 'i', 'n', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "adjagu.org", true */ 'a', 'd', 'j', 'a', 'g', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "adlershop.ch", true */ 'a', 'd', 'l', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "adlerweb.info", true */ 'a', 'd', 'l', 'e', 'r', 'w', 'e', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "adm-sarov.ru", true */ 'a', 'd', 'm', '-', 's', 'a', 'r', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "adme.co.il", true */ 'a', 'd', 'm', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "admin-serv.net", true */ 'a', 'd', 'm', 'i', 'n', '-', 's', 'e', 'r', 'v', '.', 'n', 'e', 't', '\0',
+  /* "admin.fedoraproject.org", true */ 'a', 'd', 'm', 'i', 'n', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "admin.google.com", true */ 'a', 'd', 'm', 'i', 'n', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "admin.stg.fedoraproject.org", true */ 'a', 'd', 'm', 'i', 'n', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "adminforge.de", false */ 'a', 'd', 'm', 'i', 'n', 'f', 'o', 'r', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "administratorserwera.pl", true */ 'a', 'd', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 's', 'e', 'r', 'w', 'e', 'r', 'a', '.', 'p', 'l', '\0',
+  /* "admino.cz", true */ 'a', 'd', 'm', 'i', 'n', 'o', '.', 'c', 'z', '\0',
+  /* "admins.tech", true */ 'a', 'd', 'm', 'i', 'n', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "adminton.eu", true */ 'a', 'd', 'm', 'i', 'n', 't', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "admody.com", true */ 'a', 'd', 'm', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "admongo.gov", true */ 'a', 'd', 'm', 'o', 'n', 'g', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "adnot.am", true */ 'a', 'd', 'n', 'o', 't', '.', 'a', 'm', '\0',
+  /* "adnseguros.es", true */ 'a', 'd', 'n', 's', 'e', 'g', 'u', 'r', 'o', 's', '.', 'e', 's', '\0',
+  /* "adoal.net", true */ 'a', 'd', 'o', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "adonnante.com", true */ 'a', 'd', 'o', 'n', 'n', 'a', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adoptionlink.co.uk", true */ 'a', 'd', 'o', 'p', 't', 'i', 'o', 'n', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adora-illustrations.fr", true */ 'a', 'd', 'o', 'r', 'a', '-', 'i', 'l', 'l', 'u', 's', 't', 'r', 'a', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "adorade.ro", true */ 'a', 'd', 'o', 'r', 'a', 'd', 'e', '.', 'r', 'o', '\0',
+  /* "adorai.tk", true */ 'a', 'd', 'o', 'r', 'a', 'i', '.', 't', 'k', '\0',
+  /* "adorecricket.com", true */ 'a', 'd', 'o', 'r', 'e', 'c', 'r', 'i', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adorewe.com", true */ 'a', 'd', 'o', 'r', 'e', 'w', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adoriasoft.com", false */ 'a', 'd', 'o', 'r', 'i', 'a', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adprospb.com", true */ 'a', 'd', 'p', 'r', 'o', 's', 'p', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "adquisitio.co.uk", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adquisitio.es", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'e', 's', '\0',
+  /* "adquisitio.fr", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'f', 'r', '\0',
+  /* "adquisitio.it", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'i', 't', '\0',
+  /* "adr.gov", true */ 'a', 'd', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "adrafinil.wiki", true */ 'a', 'd', 'r', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "adrenaline-gaming.ru", true */ 'a', 'd', 'r', 'e', 'n', 'a', 'l', 'i', 'n', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "adrianajewelry.my", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'a', 'j', 'e', 'w', 'e', 'l', 'r', 'y', '.', 'm', 'y', '\0',
+  /* "adrianbechtold.de", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'b', 'e', 'c', 'h', 't', 'o', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "adriancitu.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'c', 'i', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "adriancostin.ro", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'c', 'o', 's', 't', 'i', 'n', '.', 'r', 'o', '\0',
+  /* "adrianjensen.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'j', 'e', 'n', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "adrianmejias.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'm', 'e', 'j', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adrienkohlbecker.com", true */ 'a', 'd', 'r', 'i', 'e', 'n', 'k', 'o', 'h', 'l', 'b', 'e', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "adrinet.tk", true */ 'a', 'd', 'r', 'i', 'n', 'e', 't', '.', 't', 'k', '\0',
+  /* "adsbouncycastles.co.uk", true */ 'a', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adtgroup.com", true */ 'a', 'd', 't', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "adurra.com", true */ 'a', 'd', 'u', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aduvi.de", true */ 'a', 'd', 'u', 'v', 'i', '.', 'd', 'e', '\0',
+  /* "advaithnikhi.ml", true */ 'a', 'd', 'v', 'a', 'i', 't', 'h', 'n', 'i', 'k', 'h', 'i', '.', 'm', 'l', '\0',
+  /* "advaithnikhi.tk", true */ 'a', 'd', 'v', 'a', 'i', 't', 'h', 'n', 'i', 'k', 'h', 'i', '.', 't', 'k', '\0',
+  /* "advanced-online.eu", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "advanced-scribes.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '-', 's', 'c', 'r', 'i', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "advanced.info", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "advancedoneroofing.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'o', 'n', 'e', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "advancedplasticsurgerycenter.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "advancedprotectionkey.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "advancedprotectionsecuritykey.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "advancedseotool.it", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 's', 'e', 'o', 't', 'o', 'o', 'l', '.', 'i', 't', '\0',
+  /* "advancedwriters.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'w', 'r', 'i', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "advancis.net", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "advantagehomeexteriors.com", true */ 'a', 'd', 'v', 'a', 'n', 't', 'a', 'g', 'e', 'h', 'o', 'm', 'e', 'e', 'x', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "advara.com", true */ 'a', 'd', 'v', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "advelty.cz", true */ 'a', 'd', 'v', 'e', 'l', 't', 'y', '.', 'c', 'z', '\0',
+  /* "adventistdeploy.org", true */ 'a', 'd', 'v', 'e', 'n', 't', 'i', 's', 't', 'd', 'e', 'p', 'l', 'o', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "advento.bg", true */ 'a', 'd', 'v', 'e', 'n', 't', 'o', '.', 'b', 'g', '\0',
+  /* "adventure-inn.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "adventureally.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "adventureforest.co.nz", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "adventureforest.de", false */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "adventuregamers.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'g', 'a', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adventures.de", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'd', 'e', '\0',
+  /* "adventureswithlillie.ca", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', 'w', 'i', 't', 'h', 'l', 'i', 'l', 'l', 'i', 'e', '.', 'c', 'a', '\0',
+  /* "advocate-europe.eu", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0',
+  /* "advocaten-avocats.be", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', '-', 'a', 'v', 'o', 'c', 'a', 't', 's', '.', 'b', 'e', '\0',
+  /* "advocatenalkmaar.org", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', 'a', 'l', 'k', 'm', 'a', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "advokat-romanov.com", true */ 'a', 'd', 'v', 'o', 'k', 'a', 't', '-', 'r', 'o', 'm', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "adware.pl", true */ 'a', 'd', 'w', 'a', 'r', 'e', '.', 'p', 'l', '\0',
+  /* "adws.io", true */ 'a', 'd', 'w', 's', '.', 'i', 'o', '\0',
+  /* "adxperience.com", true */ 'a', 'd', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adzie.xyz", true */ 'a', 'd', 'z', 'i', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "adzuna.at", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'a', 't', '\0',
+  /* "adzuna.ca", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'a', '\0',
+  /* "adzuna.co.nz", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "adzuna.co.za", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "adzuna.com", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "adzuna.com.au", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "adzuna.com.br", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "adzuna.de", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "adzuna.fr", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'f', 'r', '\0',
+  /* "adzuna.in", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'i', 'n', '\0',
+  /* "adzuna.it", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'i', 't', '\0',
+  /* "adzuna.nl", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'n', 'l', '\0',
+  /* "adzuna.pl", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'p', 'l', '\0',
+  /* "adzuna.ru", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "adzuna.sg", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 's', 'g', '\0',
+  /* "aebian.org", true */ 'a', 'e', 'b', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "aegee-utrecht.nl", true */ 'a', 'e', 'g', 'e', 'e', '-', 'u', 't', 'r', 'e', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "aegisalarm.co.uk", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aegisalarm.com", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "aegisalarms.co.uk", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aegisalarms.com", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aegrel.ee", true */ 'a', 'e', 'g', 'r', 'e', 'l', '.', 'e', 'e', '\0',
+  /* "aehe.us", true */ 'a', 'e', 'h', 'e', '.', 'u', 's', '\0',
+  /* "aelurus.com", true */ 'a', 'e', 'l', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aeon.co", true */ 'a', 'e', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "aeon.wiki", true */ 'a', 'e', 'o', 'n', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "aeradesign.com", true */ 'a', 'e', 'r', 'a', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aerandir.fr", true */ 'a', 'e', 'r', 'a', 'n', 'd', 'i', 'r', '.', 'f', 'r', '\0',
+  /* "aerelon.de", false */ 'a', 'e', 'r', 'e', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "aergia.eu", true */ 'a', 'e', 'r', 'g', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "aerisnetwork.com", true */ 'a', 'e', 'r', 'i', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aero-pioneer.com", true */ 'a', 'e', 'r', 'o', '-', 'p', 'i', 'o', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "aerobotz.com", true */ 'a', 'e', 'r', 'o', 'b', 'o', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "aertel.ie", true */ 'a', 'e', 'r', 't', 'e', 'l', '.', 'i', 'e', '\0',
+  /* "aessencia.com.br", true */ 'a', 'e', 's', 's', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aestheticdr.org", true */ 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 'd', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "aesthetics-blog.com", true */ 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aestore.by", true */ 'a', 'e', 's', 't', 'o', 'r', 'e', '.', 'b', 'y', '\0',
+  /* "aesym.de", true */ 'a', 'e', 's', 'y', 'm', '.', 'd', 'e', '\0',
+  /* "aetherc0r3.eu", true */ 'a', 'e', 't', 'h', 'e', 'r', 'c', '0', 'r', '3', '.', 'e', 'u', '\0',
+  /* "aetoscg.com", true */ 'a', 'e', 't', 'o', 's', 'c', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aetoscg.com.au", true */ 'a', 'e', 't', 'o', 's', 'c', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aextron.com", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aextron.de", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "aextron.org", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "af-internet.nl", true */ 'a', 'f', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "afavre.io", true */ 'a', 'f', 'a', 'v', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "afb24.de", true */ 'a', 'f', 'b', '2', '4', '.', 'd', 'e', '\0',
+  /* "afbeelding.im", true */ 'a', 'f', 'b', 'e', 'e', 'l', 'd', 'i', 'n', 'g', '.', 'i', 'm', '\0',
+  /* "afbeeldinguploaden.nl", true */ 'a', 'f', 'b', 'e', 'e', 'l', 'd', 'i', 'n', 'g', 'u', 'p', 'l', 'o', 'a', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "affichagepub3.com", true */ 'a', 'f', 'f', 'i', 'c', 'h', 'a', 'g', 'e', 'p', 'u', 'b', '3', '.', 'c', 'o', 'm', '\0',
+  /* "affiliateroyale.com", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 'r', 'o', 'y', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "affiliatetest.azurewebsites.net", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 't', 'e', 's', 't', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "affilie.de", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "affinity.vc", true */ 'a', 'f', 'f', 'i', 'n', 'i', 't', 'y', '.', 'v', 'c', '\0',
+  /* "affinitysync.com", true */ 'a', 'f', 'f', 'i', 'n', 'i', 't', 'y', 's', 'y', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "affordableazdivorce.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'a', 'z', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "affordablebouncycastle.co.uk", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "affordablemudjacking.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'm', 'u', 'd', 'j', 'a', 'c', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "affordablepapers.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "affordableracingparts.com.au", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'r', 'a', 'c', 'i', 'n', 'g', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "afghan.dating", true */ 'a', 'f', 'g', 'h', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "afi-business-consulting.com", true */ 'a', 'f', 'i', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aficionados.com.br", true */ 'a', 'f', 'i', 'c', 'i', 'o', 'n', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "afinadoronline.com.br", true */ 'a', 'f', 'i', 'n', 'a', 'd', 'o', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aflamtorrent.com", true */ 'a', 'f', 'l', 'a', 'm', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aflfreebets.com", true */ 'a', 'f', 'l', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aflowershop.ca", true */ 'a', 'f', 'l', 'o', 'w', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'a', '\0',
+  /* "afmt.fr", true */ 'a', 'f', 'm', 't', '.', 'f', 'r', '\0',
+  /* "afmtevents.com", true */ 'a', 'f', 'm', 't', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "afonso.io", true */ 'a', 'f', 'o', 'n', 's', 'o', '.', 'i', 'o', '\0',
+  /* "afp548.com", true */ 'a', 'f', 'p', '5', '4', '8', '.', 'c', 'o', 'm', '\0',
+  /* "afri.cc", true */ 'a', 'f', 'r', 'i', '.', 'c', 'c', '\0',
+  /* "africa.dating", true */ 'a', 'f', 'r', 'i', 'c', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "africanexponent.com", true */ 'a', 'f', 'r', 'i', 'c', 'a', 'n', 'e', 'x', 'p', 'o', 'n', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "africanimpact.com", true */ 'a', 'f', 'r', 'i', 'c', 'a', 'n', 'i', 'm', 'p', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "africatravel.de", true */ 'a', 'f', 'r', 'i', 'c', 'a', 't', 'r', 'a', 'v', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "afrikarl.de", true */ 'a', 'f', 'r', 'i', 'k', 'a', 'r', 'l', '.', 'd', 'e', '\0',
+  /* "afrodigital.uk", true */ 'a', 'f', 'r', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'u', 'k', '\0',
+  /* "after.digital", true */ 'a', 'f', 't', 'e', 'r', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "afterhate.fr", true */ 'a', 'f', 't', 'e', 'r', 'h', 'a', 't', 'e', '.', 'f', 'r', '\0',
+  /* "afuh.de", true */ 'a', 'f', 'u', 'h', '.', 'd', 'e', '\0',
+  /* "afva.net", true */ 'a', 'f', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "ag-websolutions.de", true */ 'a', 'g', '-', 'w', 'e', 'b', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "agalliasis.ch", true */ 'a', 'g', 'a', 'l', 'l', 'i', 'a', 's', 'i', 's', '.', 'c', 'h', '\0',
+  /* "agamsecurity.ch", true */ 'a', 'g', 'a', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'h', '\0',
+  /* "agate.pw", true */ 'a', 'g', 'a', 't', 'e', '.', 'p', 'w', '\0',
+  /* "agdalieso.com.ba", true */ 'a', 'g', 'd', 'a', 'l', 'i', 'e', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'a', '\0',
+  /* "ageg.ca", true */ 'a', 'g', 'e', 'g', '.', 'c', 'a', '\0',
+  /* "agenciadeempregosdourados.com.br", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'd', 'e', 'e', 'm', 'p', 'r', 'e', 'g', 'o', 's', 'd', 'o', 'u', 'r', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "agenciafiscal.pe", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'f', 'i', 's', 'c', 'a', 'l', '.', 'p', 'e', '\0',
+  /* "agenciagriff.com", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'g', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "agencymanager.be", true */ 'a', 'g', 'e', 'n', 'c', 'y', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "agenda-loto.net", false */ 'a', 'g', 'e', 'n', 'd', 'a', '-', 'l', 'o', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "agenda21senden.de", true */ 'a', 'g', 'e', 'n', 'd', 'a', '2', '1', 's', 'e', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "agent-grow.com", true */ 'a', 'g', 'e', 'n', 't', '-', 'g', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "agent6.com.au", true */ 'a', 'g', 'e', 'n', 't', '6', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "agentprocessing.com", true */ 'a', 'g', 'e', 'n', 't', 'p', 'r', 'o', 'c', 'e', 's', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "agfmedia.com", true */ 'a', 'g', 'f', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "agglo-sion.ch", true */ 'a', 'g', 'g', 'l', 'o', '-', 's', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "aggr.pw", true */ 'a', 'g', 'g', 'r', '.', 'p', 'w', '\0',
+  /* "agia.ad", true */ 'a', 'g', 'i', 'a', '.', 'a', 'd', '\0',
+  /* "agiairini.cz", true */ 'a', 'g', 'i', 'a', 'i', 'r', 'i', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "agilebits.com", true */ 'a', 'g', 'i', 'l', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "agilebits.net", false */ 'a', 'g', 'i', 'l', 'e', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "agileecommerce.com.br", true */ 'a', 'g', 'i', 'l', 'e', 'e', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "agileui.com", true */ 'a', 'g', 'i', 'l', 'e', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "agiley.se", true */ 'a', 'g', 'i', 'l', 'e', 'y', '.', 's', 'e', '\0',
+  /* "agilob.net", true */ 'a', 'g', 'i', 'l', 'o', 'b', '.', 'n', 'e', 't', '\0',
+  /* "aging.gov", true */ 'a', 'g', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "agingstop.net", true */ 'a', 'g', 'i', 'n', 'g', 's', 't', 'o', 'p', '.', 'n', 'e', 't', '\0',
+  /* "agoodmind.com", true */ 'a', 'g', 'o', 'o', 'd', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "agoravox.fr", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "agoravox.it", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 'i', 't', '\0',
+  /* "agoravox.tv", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 't', 'v', '\0',
+  /* "agotnes.com", true */ 'a', 'g', 'o', 't', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "agouraelectrical.com", true */ 'a', 'g', 'o', 'u', 'r', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "agourahillselectrical.com", true */ 'a', 'g', 'o', 'u', 'r', 'a', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "agowa.eu", true */ 'a', 'g', 'o', 'w', 'a', '.', 'e', 'u', '\0',
+  /* "agowa338.de", true */ 'a', 'g', 'o', 'w', 'a', '3', '3', '8', '.', 'd', 'e', '\0',
+  /* "agr.asia", true */ 'a', 'g', 'r', '.', 'a', 's', 'i', 'a', '\0',
+  /* "agrarking.com", true */ 'a', 'g', 'r', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "agrarking.de", true */ 'a', 'g', 'r', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "agrarshop4u.de", true */ 'a', 'g', 'r', 'a', 'r', 's', 'h', 'o', 'p', '4', 'u', '.', 'd', 'e', '\0',
+  /* "agrekov.ru", true */ 'a', 'g', 'r', 'e', 'k', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "agreor.com", true */ 'a', 'g', 'r', 'e', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "agricolo.ch", true */ 'a', 'g', 'r', 'i', 'c', 'o', 'l', 'o', '.', 'c', 'h', '\0',
+  /* "agridir.site", true */ 'a', 'g', 'r', 'i', 'd', 'i', 'r', '.', 's', 'i', 't', 'e', '\0',
+  /* "agrikulturchic.com", true */ 'a', 'g', 'r', 'i', 'k', 'u', 'l', 't', 'u', 'r', 'c', 'h', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "agrilinks.org", true */ 'a', 'g', 'r', 'i', 'l', 'i', 'n', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "agrios.de", true */ 'a', 'g', 'r', 'i', 'o', 's', '.', 'd', 'e', '\0',
+  /* "agroglass.com.br", true */ 'a', 'g', 'r', 'o', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "agroline.by", true */ 'a', 'g', 'r', 'o', 'l', 'i', 'n', 'e', '.', 'b', 'y', '\0',
+  /* "agroyard.com.ua", true */ 'a', 'g', 'r', 'o', 'y', 'a', 'r', 'd', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "agsb.ch", true */ 'a', 'g', 's', 'b', '.', 'c', 'h', '\0',
+  /* "agung-furniture.com", true */ 'a', 'g', 'u', 'n', 'g', '-', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "agwa.name", true */ 'a', 'g', 'w', 'a', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ahcpr.gov", false */ 'a', 'h', 'c', 'p', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "ahd.com", false */ 'a', 'h', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ahelos.tk", true */ 'a', 'h', 'e', 'l', 'o', 's', '.', 't', 'k', '\0',
+  /* "aheng.me", true */ 'a', 'h', 'e', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "ahero4all.org", true */ 'a', 'h', 'e', 'r', 'o', '4', 'a', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "ahiru3.com", true */ 'a', 'h', 'i', 'r', 'u', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ahkubiak.ovh", true */ 'a', 'h', 'k', 'u', 'b', 'i', 'a', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "ahlaejaba.com", true */ 'a', 'h', 'l', 'a', 'e', 'j', 'a', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ahlz.sk", true */ 'a', 'h', 'l', 'z', '.', 's', 'k', '\0',
+  /* "ahmad.works", true */ 'a', 'h', 'm', 'a', 'd', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "ahmadly.com", true */ 'a', 'h', 'm', 'a', 'd', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ahmedabadflowermall.com", true */ 'a', 'h', 'm', 'e', 'd', 'a', 'b', 'a', 'd', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ahmedcharles.com", true */ 'a', 'h', 'm', 'e', 'd', 'c', 'h', 'a', 'r', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ahmerjamilkhan.org", true */ 'a', 'h', 'm', 'e', 'r', 'j', 'a', 'm', 'i', 'l', 'k', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "aholic.co", true */ 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', '\0',
+  /* "ahoy.travel", true */ 'a', 'h', 'o', 'y', '.', 't', 'r', 'a', 'v', 'e', 'l', '\0',
+  /* "ahoyconference.com", true */ 'a', 'h', 'o', 'y', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ahrq.gov", false */ 'a', 'h', 'r', 'q', '.', 'g', 'o', 'v', '\0',
+  /* "ahughes03.com", true */ 'a', 'h', 'u', 'g', 'h', 'e', 's', '0', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ahxxm.com", true */ 'a', 'h', 'x', 'x', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ai-english.jp", true */ 'a', 'i', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'j', 'p', '\0',
+  /* "aia.de", true */ 'a', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "aibenzi.com", true */ 'a', 'i', 'b', 'e', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "aicial.co.uk", true */ 'a', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aicial.com", true */ 'a', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aid-web.ch", true */ 'a', 'i', 'd', '-', 'w', 'e', 'b', '.', 'c', 'h', '\0',
+  /* "aide-valais.ch", true */ 'a', 'i', 'd', 'e', '-', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "aiden.link", true */ 'a', 'i', 'd', 'e', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "aidhan.net", true */ 'a', 'i', 'd', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "aie.de", true */ 'a', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "aiesecarad.ro", true */ 'a', 'i', 'e', 's', 'e', 'c', 'a', 'r', 'a', 'd', '.', 'r', 'o', '\0',
+  /* "aiforsocialmedia.com", true */ 'a', 'i', 'f', 'o', 'r', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aigcev.org", true */ 'a', 'i', 'g', 'c', 'e', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "aigenpul.se", true */ 'a', 'i', 'g', 'e', 'n', 'p', 'u', 'l', '.', 's', 'e', '\0',
+  /* "aiida.se", true */ 'a', 'i', 'i', 'd', 'a', '.', 's', 'e', '\0',
+  /* "aijsk.com", true */ 'a', 'i', 'j', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aikenorganics.com", true */ 'a', 'i', 'k', 'e', 'n', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aikenpromotions.com", true */ 'a', 'i', 'k', 'e', 'n', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aikido-club-limburg.de", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'c', 'l', 'u', 'b', '-', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "aikido-linz.at", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "aikido-wels.at", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'w', 'e', 'l', 's', '.', 'a', 't', '\0',
+  /* "aimeeandalec.com", true */ 'a', 'i', 'm', 'e', 'e', 'a', 'n', 'd', 'a', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aimgroup.co.tz", true */ 'a', 'i', 'm', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 't', 'z', '\0',
+  /* "aimotive.com", true */ 'a', 'i', 'm', 'o', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aintevenmad.ch", true */ 'a', 'i', 'n', 't', 'e', 'v', 'e', 'n', 'm', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "aioboot.com", true */ 'a', 'i', 'o', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aiois.com", true */ 'a', 'i', 'o', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aiphyron.com", true */ 'a', 'i', 'p', 'h', 'y', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "air-craftglass.com", true */ 'a', 'i', 'r', '-', 'c', 'r', 'a', 'f', 't', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "air-shots.ch", true */ 'a', 'i', 'r', '-', 's', 'h', 'o', 't', 's', '.', 'c', 'h', '\0',
+  /* "air-we-go.co.uk", true */ 'a', 'i', 'r', '-', 'w', 'e', '-', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "airbly.com", true */ 'a', 'i', 'r', 'b', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "airbnb.com", true */ 'a', 'i', 'r', 'b', 'n', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "airbnbopen.com", true */ 'a', 'i', 'r', 'b', 'n', 'b', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "airborne-inflatables.co.uk", true */ 'a', 'i', 'r', 'b', 'o', 'r', 'n', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "airclass.com", true */ 'a', 'i', 'r', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aircomms.com", true */ 'a', 'i', 'r', 'c', 'o', 'm', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "airductclean.com", false */ 'a', 'i', 'r', 'd', 'u', 'c', 't', 'c', 'l', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "airdur.eu", true */ 'a', 'i', 'r', 'd', 'u', 'r', '.', 'e', 'u', '\0',
+  /* "airedaleterrier.com.br", true */ 'a', 'i', 'r', 'e', 'd', 'a', 'l', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "airetvie.com", true */ 'a', 'i', 'r', 'e', 't', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "airfax.io", true */ 'a', 'i', 'r', 'f', 'a', 'x', '.', 'i', 'o', '\0',
+  /* "airhart.me", true */ 'a', 'i', 'r', 'h', 'a', 'r', 't', '.', 'm', 'e', '\0',
+  /* "airhelp.com", true */ 'a', 'i', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "airicy.com", true */ 'a', 'i', 'r', 'i', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "airmail.cc", true */ 'a', 'i', 'r', 'm', 'a', 'i', 'l', '.', 'c', 'c', '\0',
+  /* "airmaxinflatables.com", true */ 'a', 'i', 'r', 'm', 'a', 'x', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "airnow.gov", true */ 'a', 'i', 'r', 'n', 'o', 'w', '.', 'g', 'o', 'v', '\0',
+  /* "airpbx.com", true */ 'a', 'i', 'r', 'p', 'b', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "airplay-inflatable-hire.co.uk", true */ 'a', 'i', 'r', 'p', 'l', 'a', 'y', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "airplayradio.nl", true */ 'a', 'i', 'r', 'p', 'l', 'a', 'y', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "airportlimototoronto.com", true */ 'a', 'i', 'r', 'p', 'o', 'r', 't', 'l', 'i', 'm', 'o', 't', 'o', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "airpurifierproductsonline.com", true */ 'a', 'i', 'r', 'p', 'u', 'r', 'i', 'f', 'i', 'e', 'r', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "airsoft.ch", true */ 'a', 'i', 'r', 's', 'o', 'f', 't', '.', 'c', 'h', '\0',
+  /* "airtimefranchise.com", true */ 'a', 'i', 'r', 't', 'i', 'm', 'e', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "airvpn.org", true */ 'a', 'i', 'r', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "airvuz.com", true */ 'a', 'i', 'r', 'v', 'u', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "airwegobouncycastles.co.uk", true */ 'a', 'i', 'r', 'w', 'e', 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ais.fashion", true */ 'a', 'i', 's', '.', 'f', 'a', 's', 'h', 'i', 'o', 'n', '\0',
+  /* "aistockcharts.com", true */ 'a', 'i', 's', 't', 'o', 'c', 'k', 'c', 'h', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ait.com.ar", true */ 'a', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "aiticon.com", true */ 'a', 'i', 't', 'i', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aitosoftware.com", true */ 'a', 'i', 't', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aiutodomestico.ch", true */ 'a', 'i', 'u', 't', 'o', 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "aivd.lol", true */ 'a', 'i', 'v', 'd', '.', 'l', 'o', 'l', '\0',
+  /* "aiwdirect.com", true */ 'a', 'i', 'w', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aixxe.net", true */ 'a', 'i', 'x', 'x', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ajapaik.ee", true */ 'a', 'j', 'a', 'p', 'a', 'i', 'k', '.', 'e', 'e', '\0',
+  /* "ajarope.com", true */ 'a', 'j', 'a', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ajbouncycastles.co.uk", true */ 'a', 'j', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ajces.com", true */ 'a', 'j', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ajdiaz.me", true */ 'a', 'j', 'd', 'i', 'a', 'z', '.', 'm', 'e', '\0',
+  /* "ajetaci.cz", true */ 'a', 'j', 'e', 't', 'a', 'c', 'i', '.', 'c', 'z', '\0',
+  /* "ajeventhire.co.uk", true */ 'a', 'j', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ajibot.com", true */ 'a', 'j', 'i', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ajnasz.hu", true */ 'a', 'j', 'n', 'a', 's', 'z', '.', 'h', 'u', '\0',
+  /* "ak-varazdin.hr", true */ 'a', 'k', '-', 'v', 'a', 'r', 'a', 'z', 'd', 'i', 'n', '.', 'h', 'r', '\0',
+  /* "akachanikuji.com", true */ 'a', 'k', 'a', 'c', 'h', 'a', 'n', 'i', 'k', 'u', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "akalashnikov.ru", true */ 'a', 'k', 'a', 'l', 'a', 's', 'h', 'n', 'i', 'k', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "akamon.ac.jp", true */ 'a', 'k', 'a', 'm', 'o', 'n', '.', 'a', 'c', '.', 'j', 'p', '\0',
+  /* "akaoma.com", true */ 'a', 'k', 'a', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "akazakov.info", true */ 'a', 'k', 'a', 'z', 'a', 'k', 'o', 'v', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "akdigitalegesellschaft.de", false */ 'a', 'k', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'g', 'e', 's', 'e', 'l', 'l', 's', 'c', 'h', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "akelius.de", false */ 'a', 'k', 'e', 'l', 'i', 'u', 's', '.', 'd', 'e', '\0',
+  /* "akhilindurti.com", false */ 'a', 'k', 'h', 'i', 'l', 'i', 'n', 'd', 'u', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "akhras.at", true */ 'a', 'k', 'h', 'r', 'a', 's', '.', 'a', 't', '\0',
+  /* "akihito.com", true */ 'a', 'k', 'i', 'h', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "akijo.de", true */ 'a', 'k', 'i', 'j', 'o', '.', 'd', 'e', '\0',
+  /* "akita-boutique.com", true */ 'a', 'k', 'i', 't', 'a', '-', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "akkbouncycastles.co.uk", true */ 'a', 'k', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "akoch.net", true */ 'a', 'k', 'o', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "akostecki.de", true */ 'a', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "akovana.com", true */ 'a', 'k', 'o', 'v', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "akoya.fi", true */ 'a', 'k', 'o', 'y', 'a', '.', 'f', 'i', '\0',
+  /* "akpwebdesign.com", true */ 'a', 'k', 'p', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "akr.io", true */ 'a', 'k', 'r', '.', 'i', 'o', '\0',
+  /* "akritikos.info", true */ 'a', 'k', 'r', 'i', 't', 'i', 'k', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "akropolis-ravensburg.de", true */ 'a', 'k', 'r', 'o', 'p', 'o', 'l', 'i', 's', '-', 'r', 'a', 'v', 'e', 'n', 's', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "akselinurmio.fi", true */ 'a', 'k', 's', 'e', 'l', 'i', 'n', 'u', 'r', 'm', 'i', 'o', '.', 'f', 'i', '\0',
+  /* "aktiv-naturheilmittel.at", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'a', 't', '\0',
+  /* "aktiv-naturheilmittel.ch", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "aktiv-naturheilmittel.de", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "aktivace.eu", true */ 'a', 'k', 't', 'i', 'v', 'a', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "aktivierungscenter.de", true */ 'a', 'k', 't', 'i', 'v', 'i', 'e', 'r', 'u', 'n', 'g', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "akutun.cl", true */ 'a', 'k', 'u', 't', 'u', 'n', '.', 'c', 'l', '\0',
+  /* "akvorrat.at", true */ 'a', 'k', 'v', 'o', 'r', 'r', 'a', 't', '.', 'a', 't', '\0',
+  /* "al3xpro.com", true */ 'a', 'l', '3', 'x', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alaboard.com", true */ 'a', 'l', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aladdinschools.appspot.com", true */ 'a', 'l', 'a', 'd', 'd', 'i', 'n', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alainbaechlerphotography.ch", true */ 'a', 'l', 'a', 'i', 'n', 'b', 'a', 'e', 'c', 'h', 'l', 'e', 'r', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "alainmargot.ch", true */ 'a', 'l', 'a', 'i', 'n', 'm', 'a', 'r', 'g', 'o', 't', '.', 'c', 'h', '\0',
+  /* "alainwolf.ch", true */ 'a', 'l', 'a', 'i', 'n', 'w', 'o', 'l', 'f', '.', 'c', 'h', '\0',
+  /* "alainwolf.net", true */ 'a', 'l', 'a', 'i', 'n', 'w', 'o', 'l', 'f', '.', 'n', 'e', 't', '\0',
+  /* "alamgir.works", true */ 'a', 'l', 'a', 'm', 'g', 'i', 'r', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "alanhuang.name", true */ 'a', 'l', 'a', 'n', 'h', 'u', 'a', 'n', 'g', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "alaninkenya.org", true */ 'a', 'l', 'a', 'n', 'i', 'n', 'k', 'e', 'n', 'y', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "alaricfavier.eu", false */ 'a', 'l', 'a', 'r', 'i', 'c', 'f', 'a', 'v', 'i', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "alarmcomplete.co.uk", true */ 'a', 'l', 'a', 'r', 'm', 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alastairs-place.net", true */ 'a', 'l', 'a', 's', 't', 'a', 'i', 'r', 's', '-', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "alaundeil.xyz", true */ 'a', 'l', 'a', 'u', 'n', 'd', 'e', 'i', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "alaxyjewellers.co.za", true */ 'a', 'l', 'a', 'x', 'y', 'j', 'e', 'w', 'e', 'l', 'l', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "alb-flirt.de", true */ 'a', 'l', 'b', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "albbounce.co.uk", true */ 'a', 'l', 'b', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "albersdruck.de", true */ 'a', 'l', 'b', 'e', 'r', 's', 'd', 'r', 'u', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "albertathome.org", true */ 'a', 'l', 'b', 'e', 'r', 't', 'a', 't', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "albertify.xyz", true */ 'a', 'l', 'b', 'e', 'r', 't', 'i', 'f', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "albion2.org", true */ 'a', 'l', 'b', 'i', 'o', 'n', '2', '.', 'o', 'r', 'g', '\0',
+  /* "alboweb.nl", true */ 'a', 'l', 'b', 'o', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "albuic.tk", true */ 'a', 'l', 'b', 'u', 'i', 'c', '.', 't', 'k', '\0',
+  /* "alca31.com", true */ 'a', 'l', 'c', 'a', '3', '1', '.', 'c', 'o', 'm', '\0',
+  /* "alcatelonetouch.us", true */ 'a', 'l', 'c', 'a', 't', 'e', 'l', 'o', 'n', 'e', 't', 'o', 'u', 'c', 'h', '.', 'u', 's', '\0',
+  /* "alchemia.co.il", true */ 'a', 'l', 'c', 'h', 'e', 'm', 'i', 'a', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "alchimic.ch", true */ 'a', 'l', 'c', 'h', 'i', 'm', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "alcorao.org", true */ 'a', 'l', 'c', 'o', 'r', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "aldes.co.za", true */ 'a', 'l', 'd', 'e', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "aldien.com.br", true */ 'a', 'l', 'd', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aldous-huxley.com", true */ 'a', 'l', 'd', 'o', 'u', 's', '-', 'h', 'u', 'x', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "aleax.me", true */ 'a', 'l', 'e', 'a', 'x', '.', 'm', 'e', '\0',
+  /* "alecpap.com", true */ 'a', 'l', 'e', 'c', 'p', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "alecpapierniak.com", true */ 'a', 'l', 'e', 'c', 'p', 'a', 'p', 'i', 'e', 'r', 'n', 'i', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "alecrust.com", true */ 'a', 'l', 'e', 'c', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aleksejjocic.tk", true */ 'a', 'l', 'e', 'k', 's', 'e', 'j', 'j', 'o', 'c', 'i', 'c', '.', 't', 'k', '\0',
+  /* "aleksib.fi", true */ 'a', 'l', 'e', 'k', 's', 'i', 'b', '.', 'f', 'i', '\0',
+  /* "alela.fr", true */ 'a', 'l', 'e', 'l', 'a', '.', 'f', 'r', '\0',
+  /* "aleph.land", true */ 'a', 'l', 'e', 'p', 'h', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "alertaenlinea.gov", true */ 'a', 'l', 'e', 'r', 't', 'a', 'e', 'n', 'l', 'i', 'n', 'e', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "alertboxx.com", true */ 'a', 'l', 'e', 'r', 't', 'b', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "alertonline.nl", true */ 'a', 'l', 'e', 'r', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "alerts.sg", true */ 'a', 'l', 'e', 'r', 't', 's', '.', 's', 'g', '\0',
+  /* "alertwire.com", true */ 'a', 'l', 'e', 'r', 't', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alessandroonline.com.br", true */ 'a', 'l', 'e', 's', 's', 'a', 'n', 'd', 'r', 'o', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aletm.it", true */ 'a', 'l', 'e', 't', 'm', '.', 'i', 't', '\0',
+  /* "alex-ross.co.uk", true */ 'a', 'l', 'e', 'x', '-', 'r', 'o', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alex97000.de", true */ 'a', 'l', 'e', 'x', '9', '7', '0', '0', '0', '.', 'd', 'e', '\0',
+  /* "alexander-beck.eu", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', '-', 'b', 'e', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "alexandermuetzel.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', 'm', 'u', 'e', 't', 'z', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "alexanderschimpf.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', 's', 'c', 'h', 'i', 'm', 'p', 'f', '.', 'd', 'e', '\0',
+  /* "alexandra-schulze.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'a', '-', 's', 'c', 'h', 'u', 'l', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "alexandre-blond.fr", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'e', '-', 'b', 'l', 'o', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "alexandros.io", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'o', 's', '.', 'i', 'o', '\0',
+  /* "alexbaker.org", true */ 'a', 'l', 'e', 'x', 'b', 'a', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "alexberts.ch", true */ 'a', 'l', 'e', 'x', 'b', 'e', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "alexcoman.com", true */ 'a', 'l', 'e', 'x', 'c', 'o', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "alexdaniel.org", true */ 'a', 'l', 'e', 'x', 'd', 'a', 'n', 'i', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "alexdaulby.com", true */ 'a', 'l', 'e', 'x', 'd', 'a', 'u', 'l', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "alexey-shamara.ru", true */ 'a', 'l', 'e', 'x', 'e', 'y', '-', 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "alexeykopytko.com", true */ 'a', 'l', 'e', 'x', 'e', 'y', 'k', 'o', 'p', 'y', 't', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alexfisherhealth.com.au", true */ 'a', 'l', 'e', 'x', 'f', 'i', 's', 'h', 'e', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "alexgaynor.net", true */ 'a', 'l', 'e', 'x', 'g', 'a', 'y', 'n', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "alexhaydock.co.uk", true */ 'a', 'l', 'e', 'x', 'h', 'a', 'y', 'd', 'o', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alexhd.de", true */ 'a', 'l', 'e', 'x', 'h', 'd', '.', 'd', 'e', '\0',
+  /* "alexisabarca.com", true */ 'a', 'l', 'e', 'x', 'i', 's', 'a', 'b', 'a', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "alexischaussy.xyz", true */ 'a', 'l', 'e', 'x', 'i', 's', 'c', 'h', 'a', 'u', 's', 's', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "alexismeza.com", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "alexismeza.com.mx", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "alexismeza.dk", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'd', 'k', '\0',
+  /* "alexismeza.es", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'e', 's', '\0',
+  /* "alexismeza.nl", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'n', 'l', '\0',
+  /* "alexkott.com", true */ 'a', 'l', 'e', 'x', 'k', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alexmak.net", true */ 'a', 'l', 'e', 'x', 'm', 'a', 'k', '.', 'n', 'e', 't', '\0',
+  /* "alexmerkel.com", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "alexmerkel.me", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "alexmerkel.xyz", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "alexn.org", true */ 'a', 'l', 'e', 'x', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "alexpavel.com", true */ 'a', 'l', 'e', 'x', 'p', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "alexpotter.net", false */ 'a', 'l', 'e', 'x', 'p', 'o', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "alexs.de", true */ 'a', 'l', 'e', 'x', 's', '.', 'd', 'e', '\0',
+  /* "alexsergeyev.com", true */ 'a', 'l', 'e', 'x', 's', 'e', 'r', 'g', 'e', 'y', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "alexsexton.com", true */ 'a', 'l', 'e', 'x', 's', 'e', 'x', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "alextaffe.com", true */ 'a', 'l', 'e', 'x', 't', 'a', 'f', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alextsang.net", true */ 'a', 'l', 'e', 'x', 't', 's', 'a', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "alexvdveen.nl", true */ 'a', 'l', 'e', 'x', 'v', 'd', 'v', 'e', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "alexvetter.de", true */ 'a', 'l', 'e', 'x', 'v', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "alexwardweb.com", true */ 'a', 'l', 'e', 'x', 'w', 'a', 'r', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "alexyang.me", true */ 'a', 'l', 'e', 'x', 'y', 'a', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "alfa-tech.su", true */ 'a', 'l', 'f', 'a', '-', 't', 'e', 'c', 'h', '.', 's', 'u', '\0',
+  /* "alfaperfumes.com.br", true */ 'a', 'l', 'f', 'a', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "alfaponny.se", true */ 'a', 'l', 'f', 'a', 'p', 'o', 'n', 'n', 'y', '.', 's', 'e', '\0',
+  /* "alfirous.com", true */ 'a', 'l', 'f', 'i', 'r', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "algarmatic-automatismos.pt", true */ 'a', 'l', 'g', 'a', 'r', 'm', 'a', 't', 'i', 'c', '-', 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 's', 'm', 'o', 's', '.', 'p', 't', '\0',
+  /* "algebraaec.com", true */ 'a', 'l', 'g', 'e', 'b', 'r', 'a', 'a', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "alghanimcatering.com", true */ 'a', 'l', 'g', 'h', 'a', 'n', 'i', 'm', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "algoentremanos.com", true */ 'a', 'l', 'g', 'o', 'e', 'n', 't', 'r', 'e', 'm', 'a', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "algolia.com", true */ 'a', 'l', 'g', 'o', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aliacraft.net", true */ 'a', 'l', 'i', 'a', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "aliantsoft.pl", true */ 'a', 'l', 'i', 'a', 'n', 't', 's', 'o', 'f', 't', '.', 'p', 'l', '\0',
+  /* "aliaswp.com", true */ 'a', 'l', 'i', 'a', 's', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "alibangash.com", true */ 'a', 'l', 'i', 'b', 'a', 'n', 'g', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "alibip.de", true */ 'a', 'l', 'i', 'b', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "alice-noutore.com", true */ 'a', 'l', 'i', 'c', 'e', '-', 'n', 'o', 'u', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alice.tw", true */ 'a', 'l', 'i', 'c', 'e', '.', 't', 'w', '\0',
+  /* "alicestudio.it", true */ 'a', 'l', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'i', 't', '\0',
+  /* "alicetone.net", true */ 'a', 'l', 'i', 'c', 'e', 't', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "alicialab.org", true */ 'a', 'l', 'i', 'c', 'i', 'a', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "alien.bz", true */ 'a', 'l', 'i', 'e', 'n', '.', 'b', 'z', '\0',
+  /* "alienation.biz", true */ 'a', 'l', 'i', 'e', 'n', 'a', 't', 'i', 'o', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "alienstat.com", true */ 'a', 'l', 'i', 'e', 'n', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alignrs.com", true */ 'a', 'l', 'i', 'g', 'n', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alinasmusicstudio.com", true */ 'a', 'l', 'i', 'n', 'a', 's', 'm', 'u', 's', 'i', 'c', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alinode.com", true */ 'a', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alisonisrealestate.com", true */ 'a', 'l', 'i', 's', 'o', 'n', 'i', 's', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alisonlitchfield.com", true */ 'a', 'l', 'i', 's', 'o', 'n', 'l', 'i', 't', 'c', 'h', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "alistairstowing.com", true */ 'a', 'l', 'i', 's', 't', 'a', 'i', 'r', 's', 't', 'o', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "alisync.com", true */ 'a', 'l', 'i', 's', 'y', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aliwebstore.com", true */ 'a', 'l', 'i', 'w', 'e', 'b', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alix-board.de", true */ 'a', 'l', 'i', 'x', '-', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "alize-theatre.ch", true */ 'a', 'l', 'i', 'z', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "aljammaz.holdings", true */ 'a', 'l', 'j', 'a', 'm', 'm', 'a', 'z', '.', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', '\0',
+  /* "aljaspod.com", true */ 'a', 'l', 'j', 'a', 's', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aljaspod.hu", true */ 'a', 'l', 'j', 'a', 's', 'p', 'o', 'd', '.', 'h', 'u', '\0',
+  /* "aljweb.com", true */ 'a', 'l', 'j', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "alkel.info", true */ 'a', 'l', 'k', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "all-connect.net", false */ 'a', 'l', 'l', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "all-markup-news.com", true */ 'a', 'l', 'l', '-', 'm', 'a', 'r', 'k', 'u', 'p', '-', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "all4hardware4u.de", true */ 'a', 'l', 'l', '4', 'h', 'a', 'r', 'd', 'w', 'a', 'r', 'e', '4', 'u', '.', 'd', 'e', '\0',
+  /* "allaboutbelgaum.com", true */ 'a', 'l', 'l', 'a', 'b', 'o', 'u', 't', 'b', 'e', 'l', 'g', 'a', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "allaboutfunuk.com", true */ 'a', 'l', 'l', 'a', 'b', 'o', 'u', 't', 'f', 'u', 'n', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "allactioneventhire.co.uk", true */ 'a', 'l', 'l', 'a', 'c', 't', 'i', 'o', 'n', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "allamericanmuslim.com", true */ 'a', 'l', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'm', 'u', 's', 'l', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "allamericatrans.com", true */ 'a', 'l', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allangirvan.net", true */ 'a', 'l', 'l', 'a', 'n', 'g', 'i', 'r', 'v', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "allbenjoy.de", true */ 'a', 'l', 'l', 'b', 'e', 'n', 'j', 'o', 'y', '.', 'd', 'e', '\0',
+  /* "allbounceandplay.co.uk", true */ 'a', 'l', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'n', 'd', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "allbouncesurrey.co.uk", true */ 'a', 'l', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "allbusiness.com", true */ 'a', 'l', 'l', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allcapa.org", true */ 'a', 'l', 'l', 'c', 'a', 'p', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "allcarepharmacy.com", true */ 'a', 'l', 'l', 'c', 'a', 'r', 'e', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "allcloud.com", true */ 'a', 'l', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "allcovered.nl", true */ 'a', 'l', 'l', 'c', 'o', 'v', 'e', 'r', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "alldewall.de", true */ 'a', 'l', 'l', 'd', 'e', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "alle.bg", true */ 'a', 'l', 'l', 'e', '.', 'b', 'g', '\0',
+  /* "allemobieleproviders.nl", true */ 'a', 'l', 'l', 'e', 'm', 'o', 'b', 'i', 'e', 'l', 'e', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "allensun.org", true */ 'a', 'l', 'l', 'e', 'n', 's', 'u', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "allesisonline.nl", true */ 'a', 'l', 'l', 'e', 's', 'i', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "alleskomtgoed.org", true */ 'a', 'l', 'l', 'e', 's', 'k', 'o', 'm', 't', 'g', 'o', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "allesrocknroll.de", true */ 'a', 'l', 'l', 'e', 's', 'r', 'o', 'c', 'k', 'n', 'r', 'o', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "allforyou.at", true */ 'a', 'l', 'l', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'a', 't', '\0',
+  /* "allfreelancers.su", true */ 'a', 'l', 'l', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'r', 's', '.', 's', 'u', '\0',
+  /* "alliance-compacts.com", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alliances-faq.de", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 's', '-', 'f', 'a', 'q', '.', 'd', 'e', '\0',
+  /* "alliances-globalsolutions.com", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 's', '-', 'g', 'l', 'o', 'b', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alliedfrozenstorage.com", true */ 'a', 'l', 'l', 'i', 'e', 'd', 'f', 'r', 'o', 'z', 'e', 'n', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "allinagency.com", true */ 'a', 'l', 'l', 'i', 'n', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "allinone-ranking150.com", true */ 'a', 'l', 'l', 'i', 'n', 'o', 'n', 'e', '-', 'r', 'a', 'n', 'k', 'i', 'n', 'g', '1', '5', '0', '.', 'c', 'o', 'm', '\0',
+  /* "allinonecyprus.com", true */ 'a', 'l', 'l', 'i', 'n', 'o', 'n', 'e', 'c', 'y', 'p', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allis.studio", true */ 'a', 'l', 'l', 'i', 's', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "allladyboys.com", true */ 'a', 'l', 'l', 'l', 'a', 'd', 'y', 'b', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allmebel.ru", true */ 'a', 'l', 'l', 'm', 'e', 'b', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "allmend-ru.de", true */ 'a', 'l', 'l', 'm', 'e', 'n', 'd', '-', 'r', 'u', '.', 'd', 'e', '\0',
+  /* "allns.fr", true */ 'a', 'l', 'l', 'n', 's', '.', 'f', 'r', '\0',
+  /* "allo-credit.ch", true */ 'a', 'l', 'l', 'o', '-', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'h', '\0',
+  /* "alloutatl.com", true */ 'a', 'l', 'l', 'o', 'u', 't', 'a', 't', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "alloydevil.nl", true */ 'a', 'l', 'l', 'o', 'y', 'd', 'e', 'v', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "allplayer.tk", true */ 'a', 'l', 'l', 'p', 'l', 'a', 'y', 'e', 'r', '.', 't', 'k', '\0',
+  /* "allpointsblog.com", true */ 'a', 'l', 'l', 'p', 'o', 'i', 'n', 't', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "allproptonline.com", true */ 'a', 'l', 'l', 'p', 'r', 'o', 'p', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "allroundpvp.net", true */ 'a', 'l', 'l', 'r', 'o', 'u', 'n', 'd', 'p', 'v', 'p', '.', 'n', 'e', 't', '\0',
+  /* "allsearch.io", true */ 'a', 'l', 'l', 's', 'e', 'a', 'r', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "allshousedesigns.com", true */ 'a', 'l', 'l', 's', 'h', 'o', 'u', 's', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allstarautokiaparts.com", true */ 'a', 'l', 'l', 's', 't', 'a', 'r', 'a', 'u', 't', 'o', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allstarpartyinflatables.co.uk", true */ 'a', 'l', 'l', 's', 't', 'a', 'r', 'p', 'a', 'r', 't', 'y', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alltheducks.com", true */ 'a', 'l', 'l', 't', 'h', 'e', 'd', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allthethings.co.nz", true */ 'a', 'l', 'l', 't', 'h', 'e', 't', 'h', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "allthings.me", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'm', 'e', '\0',
+  /* "allthingsblogging.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "allthingsfpl.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'f', 'p', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "allthingssquared.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "allthingswild.co.uk", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'w', 'i', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alltubedownload.net", true */ 'a', 'l', 'l', 't', 'u', 'b', 'e', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "allurescarves.com", true */ 'a', 'l', 'l', 'u', 'r', 'e', 's', 'c', 'a', 'r', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alluvion.studio", true */ 'a', 'l', 'l', 'u', 'v', 'i', 'o', 'n', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "almaatlantica.com", true */ 'a', 'l', 'm', 'a', 'a', 't', 'l', 'a', 'n', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "almatinki.com", true */ 'a', 'l', 'm', 'a', 't', 'i', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "almavios.com", true */ 'a', 'l', 'm', 'a', 'v', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "almstrom.org", true */ 'a', 'l', 'm', 's', 't', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "alnitech.com", false */ 'a', 'l', 'n', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "alocato.com", true */ 'a', 'l', 'o', 'c', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alohapartyevents.co.uk", true */ 'a', 'l', 'o', 'h', 'a', 'p', 'a', 'r', 't', 'y', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alpca.org", true */ 'a', 'l', 'p', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "alpe-d-or.dyn-o-saur.com", true */ 'a', 'l', 'p', 'e', '-', 'd', '-', 'o', 'r', '.', 'd', 'y', 'n', '-', 'o', '-', 's', 'a', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "alpencam.com", true */ 'a', 'l', 'p', 'e', 'n', 'c', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "alpencams.com", true */ 'a', 'l', 'p', 'e', 'n', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alpengreis.ch", true */ 'a', 'l', 'p', 'e', 'n', 'g', 'r', 'e', 'i', 's', '.', 'c', 'h', '\0',
+  /* "alpenjuice.com", true */ 'a', 'l', 'p', 'e', 'n', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alpertron.com.ar", true */ 'a', 'l', 'p', 'e', 'r', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "alpha-assistant.com", true */ 'a', 'l', 'p', 'h', 'a', '-', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alpha-force.net", false */ 'a', 'l', 'p', 'h', 'a', '-', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "alpha.ch", true */ 'a', 'l', 'p', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "alpha88uat.com", true */ 'a', 'l', 'p', 'h', 'a', '8', '8', 'u', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alphabetsigns.com", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'e', 't', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alphabouncycastles.co.uk", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alphabrock.cn", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'r', 'o', 'c', 'k', '.', 'c', 'n', '\0',
+  /* "alphachat.net", true */ 'a', 'l', 'p', 'h', 'a', 'c', 'h', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "alphafiduciaryservices.ch", true */ 'a', 'l', 'p', 'h', 'a', 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'r', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'h', '\0',
+  /* "alphahunks.com", true */ 'a', 'l', 'p', 'h', 'a', 'h', 'u', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alphainflatablehire.com", true */ 'a', 'l', 'p', 'h', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alphapengu.in", true */ 'a', 'l', 'p', 'h', 'a', 'p', 'e', 'n', 'g', 'u', '.', 'i', 'n', '\0',
+  /* "alpharotary.com", true */ 'a', 'l', 'p', 'h', 'a', 'r', 'o', 't', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "alphassl.de", true */ 'a', 'l', 'p', 'h', 'a', 's', 's', 'l', '.', 'd', 'e', '\0',
+  /* "alphatrash.de", true */ 'a', 'l', 'p', 'h', 'a', 't', 'r', 'a', 's', 'h', '.', 'd', 'e', '\0',
+  /* "alphera.nl", true */ 'a', 'l', 'p', 'h', 'e', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "alphie.me", true */ 'a', 'l', 'p', 'h', 'i', 'e', '.', 'm', 'e', '\0',
+  /* "alphipneux.fr", true */ 'a', 'l', 'p', 'h', 'i', 'p', 'n', 'e', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "alpineplanet.com", true */ 'a', 'l', 'p', 'i', 'n', 'e', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alpinepubliclibrary.org", true */ 'a', 'l', 'p', 'i', 'n', 'e', 'p', 'u', 'b', 'l', 'i', 'c', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "alpinestarmassage.com", true */ 'a', 'l', 'p', 'i', 'n', 'e', 's', 't', 'a', 'r', 'm', 'a', 's', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alqassam.net", true */ 'a', 'l', 'q', 'a', 's', 's', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "alrait.com", true */ 'a', 'l', 'r', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alroniks.com", true */ 'a', 'l', 'r', 'o', 'n', 'i', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "als-japan.com", true */ 'a', 'l', 's', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "alstroemeria.org", true */ 'a', 'l', 's', 't', 'r', 'o', 'e', 'm', 'e', 'r', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "alt-three.com", true */ 'a', 'l', 't', '-', 't', 'h', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alt.org", true */ 'a', 'l', 't', '.', 'o', 'r', 'g', '\0',
+  /* "altaide.com", true */ 'a', 'l', 't', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "altbinaries.com", true */ 'a', 'l', 't', 'b', 'i', 'n', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "altedirect.com", true */ 'a', 'l', 't', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alter-news.fr", true */ 'a', 'l', 't', 'e', 'r', '-', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "alterbaum.net", true */ 'a', 'l', 't', 'e', 'r', 'b', 'a', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "altercpa.ru", true */ 'a', 'l', 't', 'e', 'r', 'c', 'p', 'a', '.', 'r', 'u', '\0',
+  /* "alternador.com.br", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "alternative.bike", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', '.', 'b', 'i', 'k', 'e', '\0',
+  /* "alternativebit.fr", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 'b', 'i', 't', '.', 'f', 'r', '\0',
+  /* "alternativedev.ca", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 'd', 'e', 'v', '.', 'c', 'a', '\0',
+  /* "alternativet.party", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 't', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "alterspalter.de", true */ 'a', 'l', 't', 'e', 'r', 's', 'p', 'a', 'l', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "altesses.eu", true */ 'a', 'l', 't', 'e', 's', 's', 'e', 's', '.', 'e', 'u', '\0',
+  /* "altestore.com", true */ 'a', 'l', 't', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "altkremsmuensterer.at", true */ 'a', 'l', 't', 'k', 'r', 'e', 'm', 's', 'm', 'u', 'e', 'n', 's', 't', 'e', 'r', 'e', 'r', '.', 'a', 't', '\0',
+  /* "altonblom.com", true */ 'a', 'l', 't', 'o', 'n', 'b', 'l', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "altopartners.com", true */ 'a', 'l', 't', 'o', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "altopia.com", true */ 'a', 'l', 't', 'o', 'p', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "altporn.xyz", true */ 'a', 'l', 't', 'p', 'o', 'r', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "altstipendiaten.de", true */ 'a', 'l', 't', 's', 't', 'i', 'p', 'e', 'n', 'd', 'i', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "alttrackr.com", true */ 'a', 'l', 't', 't', 'r', 'a', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "altunbas.info", true */ 'a', 'l', 't', 'u', 'n', 'b', 'a', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "alumni-kusa.jp", true */ 'a', 'l', 'u', 'm', 'n', 'i', '-', 'k', 'u', 's', 'a', '.', 'j', 'p', '\0',
+  /* "alunonaescola.com.br", true */ 'a', 'l', 'u', 'n', 'o', 'n', 'a', 'e', 's', 'c', 'o', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "alupferd.de", true */ 'a', 'l', 'u', 'p', 'f', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "aluroof.eu", true */ 'a', 'l', 'u', 'r', 'o', 'o', 'f', '.', 'e', 'u', '\0',
+  /* "alvcs.com", true */ 'a', 'l', 'v', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alviano.com", true */ 'a', 'l', 'v', 'i', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alvicom.hu", true */ 'a', 'l', 'v', 'i', 'c', 'o', 'm', '.', 'h', 'u', '\0',
+  /* "alvosec.com", true */ 'a', 'l', 'v', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "alwaysdry.com.au", true */ 'a', 'l', 'w', 'a', 'y', 's', 'd', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "alwayslookingyourbest.com", true */ 'a', 'l', 'w', 'a', 'y', 's', 'l', 'o', 'o', 'k', 'i', 'n', 'g', 'y', 'o', 'u', 'r', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alwaysmine.fi", true */ 'a', 'l', 'w', 'a', 'y', 's', 'm', 'i', 'n', 'e', '.', 'f', 'i', '\0',
+  /* "alyoung.com", true */ 'a', 'l', 'y', 'o', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "alza.at", true */ 'a', 'l', 'z', 'a', '.', 'a', 't', '\0',
+  /* "alza.co.uk", true */ 'a', 'l', 'z', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alza.cz", true */ 'a', 'l', 'z', 'a', '.', 'c', 'z', '\0',
+  /* "alza.de", true */ 'a', 'l', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "alza.hu", true */ 'a', 'l', 'z', 'a', '.', 'h', 'u', '\0',
+  /* "alza.sk", true */ 'a', 'l', 'z', 'a', '.', 's', 'k', '\0',
+  /* "alzashop.com", true */ 'a', 'l', 'z', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "am2s.fr", true */ 'a', 'm', '2', 's', '.', 'f', 'r', '\0',
+  /* "am3.se", true */ 'a', 'm', '3', '.', 's', 'e', '\0',
+  /* "ama.ne.jp", true */ 'a', 'm', 'a', '.', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "amadilo.de", true */ 'a', 'm', 'a', 'd', 'i', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "amadoraslindas.com", true */ 'a', 'm', 'a', 'd', 'o', 'r', 'a', 's', 'l', 'i', 'n', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amadvice.com", true */ 'a', 'm', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amaforro.com", true */ 'a', 'm', 'a', 'f', 'o', 'r', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "amaforums.org", true */ 'a', 'm', 'a', 'f', 'o', 'r', 'u', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "amagdic.com", true */ 'a', 'm', 'a', 'g', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "amagical.net", true */ 'a', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "amalfirock.it", true */ 'a', 'm', 'a', 'l', 'f', 'i', 'r', 'o', 'c', 'k', '.', 'i', 't', '\0',
+  /* "amandasage.ca", true */ 'a', 'm', 'a', 'n', 'd', 'a', 's', 'a', 'g', 'e', '.', 'c', 'a', '\0',
+  /* "amani-kinderdorf.de", true */ 'a', 'm', 'a', 'n', 'i', '-', 'k', 'i', 'n', 'd', 'e', 'r', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "amaranthus.com.ph", true */ 'a', 'm', 'a', 'r', 'a', 'n', 't', 'h', 'u', 's', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "amartinz.at", true */ 'a', 'm', 'a', 'r', 't', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "amateri.com", true */ 'a', 'm', 'a', 't', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "amato.tk", true */ 'a', 'm', 'a', 't', 'o', '.', 't', 'k', '\0',
+  /* "amazili-communication.com", true */ 'a', 'm', 'a', 'z', 'i', 'l', 'i', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "amazing-castles.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amazingbouncycastles.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amazingfloridagulfhomes.com", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'g', 'u', 'l', 'f', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amazinginflatables.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amb.tf", true */ 'a', 'm', 'b', '.', 't', 'f', '\0',
+  /* "amberalert.gov", true */ 'a', 'm', 'b', 'e', 'r', 'a', 'l', 'e', 'r', 't', '.', 'g', 'o', 'v', '\0',
+  /* "amberglowleisure.co.uk", true */ 'a', 'm', 'b', 'e', 'r', 'g', 'l', 'o', 'w', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amberlightleisure.com", true */ 'a', 'm', 'b', 'e', 'r', 'l', 'i', 'g', 'h', 't', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ambholding-usedcars.be", true */ 'a', 'm', 'b', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "ambiancestudio.ro", true */ 'a', 'm', 'b', 'i', 'a', 'n', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'o', '\0',
+  /* "ambiente.one", true */ 'a', 'm', 'b', 'i', 'e', 'n', 't', 'e', '.', 'o', 'n', 'e', '\0',
+  /* "ambiq.nl", true */ 'a', 'm', 'b', 'i', 'q', '.', 'n', 'l', '\0',
+  /* "ambouncyhire.com", true */ 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ambrosius.io", true */ 'a', 'm', 'b', 'r', 'o', 's', 'i', 'u', 's', '.', 'i', 'o', '\0',
+  /* "amcchemical.com", true */ 'a', 'm', 'c', 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "amcfirst.com", true */ 'a', 'm', 'c', 'f', 'i', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "amdouglas.com", true */ 'a', 'm', 'd', 'o', 'u', 'g', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ameego.com", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ameego.it", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'i', 't', '\0',
+  /* "ameego.net", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'n', 'e', 't', '\0',
+  /* "ameego.nl", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "ameego.org", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "amees.me", true */ 'a', 'm', 'e', 'e', 's', '.', 'm', 'e', '\0',
+  /* "amelandadventure.nl", true */ 'a', 'm', 'e', 'l', 'a', 'n', 'd', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "americafamilylawcenter.org", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'f', 'a', 'm', 'i', 'l', 'y', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "american.dating", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "americanbio.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'b', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "americanfoundationbr.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'b', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "americanmediainstitute.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'm', 'e', 'd', 'i', 'a', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "americanoutlawjeepparts.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'o', 'u', 't', 'l', 'a', 'w', 'j', 'e', 'e', 'p', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "americansforcommunitydevelopment.org", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 's', 'f', 'o', 'r', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "americasbasementcontractor.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 's', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "americkykongres.cz", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'k', 'y', 'k', 'o', 'n', 'g', 'r', 'e', 's', '.', 'c', 'z', '\0',
+  /* "amerigroup.com", true */ 'a', 'm', 'e', 'r', 'i', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "amerimarkdirect.com", true */ 'a', 'm', 'e', 'r', 'i', 'm', 'a', 'r', 'k', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "amerimex.cc", true */ 'a', 'm', 'e', 'r', 'i', 'm', 'e', 'x', '.', 'c', 'c', '\0',
+  /* "amesvacuumrepair.com", true */ 'a', 'm', 'e', 's', 'v', 'a', 'c', 'u', 'u', 'm', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "amethystcards.co.uk", true */ 'a', 'm', 'e', 't', 'h', 'y', 's', 't', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amethystdevelopment.co.uk", true */ 'a', 'm', 'e', 't', 'h', 'y', 's', 't', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ameza.co.uk", true */ 'a', 'm', 'e', 'z', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ameza.com.mx", true */ 'a', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "ameza.io", true */ 'a', 'm', 'e', 'z', 'a', '.', 'i', 'o', '\0',
+  /* "ameza.me", true */ 'a', 'm', 'e', 'z', 'a', '.', 'm', 'e', '\0',
+  /* "ameza.net", true */ 'a', 'm', 'e', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "amf.to", true */ 'a', 'm', 'f', '.', 't', 'o', '\0',
+  /* "amg-microwave.com", true */ 'a', 'm', 'g', '-', 'm', 'i', 'c', 'r', 'o', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amh-entertainments.co.uk", true */ 'a', 'm', 'h', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ami-de-bastanes.fr", true */ 'a', 'm', 'i', '-', 'd', 'e', '-', 'b', 'a', 's', 't', 'a', 'n', 'e', 's', '.', 'f', 'r', '\0',
+  /* "amicalecanyon.ch", true */ 'a', 'm', 'i', 'c', 'a', 'l', 'e', 'c', 'a', 'n', 'y', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "amiciidogrescue.org.uk", true */ 'a', 'm', 'i', 'c', 'i', 'i', 'd', 'o', 'g', 'r', 'e', 's', 'c', 'u', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "amicsdelbus.com", true */ 'a', 'm', 'i', 'c', 's', 'd', 'e', 'l', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amihub.com", true */ 'a', 'm', 'i', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "amilum.org", true */ 'a', 'm', 'i', 'l', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "amin.one", true */ 'a', 'm', 'i', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "aminafrance.com", true */ 'a', 'm', 'i', 'n', 'a', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amineptine.com", true */ 'a', 'm', 'i', 'n', 'e', 'p', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amisharingstuff.com", true */ 'a', 'm', 'i', 's', 'h', 'a', 'r', 'i', 'n', 'g', 's', 't', 'u', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "amministratore.biz", true */ 'a', 'm', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "amministratorecondominio.roma.it", true */ 'a', 'm', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 'e', 'c', 'o', 'n', 'd', 'o', 'm', 'i', 'n', 'i', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "amnesy.fr", true */ 'a', 'm', 'n', 'e', 's', 'y', '.', 'f', 'r', '\0',
+  /* "amoozesh98.com", true */ 'a', 'm', 'o', 'o', 'z', 'e', 's', 'h', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "amoozesh98.ir", true */ 'a', 'm', 'o', 'o', 'z', 'e', 's', 'h', '9', '8', '.', 'i', 'r', '\0',
+  /* "amorgos-aegialis.com", true */ 'a', 'm', 'o', 'r', 'g', 'o', 's', '-', 'a', 'e', 'g', 'i', 'a', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amorim.ca", true */ 'a', 'm', 'o', 'r', 'i', 'm', '.', 'c', 'a', '\0',
+  /* "ampersandnbspsemicolon.com", true */ 'a', 'm', 'p', 'e', 'r', 's', 'a', 'n', 'd', 'n', 'b', 's', 'p', 's', 'e', 'm', 'i', 'c', 'o', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "amphetamines.org", true */ 'a', 'm', 'p', 'h', 'e', 't', 'a', 'm', 'i', 'n', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "amphibo.ly", true */ 'a', 'm', 'p', 'h', 'i', 'b', 'o', '.', 'l', 'y', '\0',
+  /* "ampledesigners.com", true */ 'a', 'm', 'p', 'l', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ampleinfographics.com", true */ 'a', 'm', 'p', 'l', 'e', 'i', 'n', 'f', 'o', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ams.co.rs", true */ 'a', 'm', 's', '.', 'c', 'o', '.', 'r', 's', '\0',
+  /* "amsportuk.com", true */ 'a', 'm', 's', 'p', 'o', 'r', 't', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "amsterdamian.com", true */ 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "amtentertainments.co.uk", true */ 'a', 'm', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amuq.net", true */ 'a', 'm', 'u', 'q', '.', 'n', 'e', 't', '\0',
+  /* "amv-crm.ru", true */ 'a', 'm', 'v', '-', 'c', 'r', 'm', '.', 'r', 'u', '\0',
+  /* "amyharrisonline.com", true */ 'a', 'm', 'y', 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amyrussellhair.com", true */ 'a', 'm', 'y', 'r', 'u', 's', 's', 'e', 'l', 'l', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "amyyeung.com", true */ 'a', 'm', 'y', 'y', 'e', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "amzn.rocks", true */ 'a', 'm', 'z', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "anacreon.de", true */ 'a', 'n', 'a', 'c', 'r', 'e', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "anadoluefessk.org", true */ 'a', 'n', 'a', 'd', 'o', 'l', 'u', 'e', 'f', 'e', 's', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "anaethelion.fr", true */ 'a', 'n', 'a', 'e', 't', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "anaiscoachpersonal.es", true */ 'a', 'n', 'a', 'i', 's', 'c', 'o', 'a', 'c', 'h', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', '.', 'e', 's', '\0',
+  /* "anaisypirueta.es", true */ 'a', 'n', 'a', 'i', 's', 'y', 'p', 'i', 'r', 'u', 'e', 't', 'a', '.', 'e', 's', '\0',
+  /* "anajianu.ro", true */ 'a', 'n', 'a', 'j', 'i', 'a', 'n', 'u', '.', 'r', 'o', '\0',
+  /* "anakros.me", false */ 'a', 'n', 'a', 'k', 'r', 'o', 's', '.', 'm', 'e', '\0',
+  /* "analangelsteen.com", true */ 'a', 'n', 'a', 'l', 'a', 'n', 'g', 'e', 'l', 's', 't', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "analgesia.net", true */ 'a', 'n', 'a', 'l', 'g', 'e', 's', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "analpantyhose.org", true */ 'a', 'n', 'a', 'l', 'p', 'a', 'n', 't', 'y', 'h', 'o', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "analteengirls.net", true */ 'a', 'n', 'a', 'l', 't', 'e', 'e', 'n', 'g', 'i', 'r', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "analytics-shop.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "analyticsinmotion.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', 'i', 'n', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "analyticum.at", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'a', 't', '\0',
+  /* "analyticum.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "analyticum.de", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "analyticum.eu", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "analyticum.net", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "ananke.io", true */ 'a', 'n', 'a', 'n', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "anankecosmetics.com", true */ 'a', 'n', 'a', 'n', 'k', 'e', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anantshri.info", true */ 'a', 'n', 'a', 'n', 't', 's', 'h', 'r', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "anarchistischegroepnijmegen.nl", false */ 'a', 'n', 'a', 'r', 'c', 'h', 'i', 's', 't', 'i', 's', 'c', 'h', 'e', 'g', 'r', 'o', 'e', 'p', 'n', 'i', 'j', 'm', 'e', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "anarka.org", true */ 'a', 'n', 'a', 'r', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "anassiriphotography.com", false */ 'a', 'n', 'a', 's', 's', 'i', 'r', 'i', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "anastasia-shamara.ru", true */ 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', '-', 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "anastasiafond.com", true */ 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', 'f', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ancestramil.fr", true */ 'a', 'n', 'c', 'e', 's', 't', 'r', 'a', 'm', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "anchev.net", true */ 'a', 'n', 'c', 'h', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "anchorgrounds.com", true */ 'a', 'n', 'c', 'h', 'o', 'r', 'g', 'r', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anchorinmarinainc.com", true */ 'a', 'n', 'c', 'h', 'o', 'r', 'i', 'n', 'm', 'a', 'r', 'i', 'n', 'a', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "anchovy.nz", false */ 'a', 'n', 'c', 'h', 'o', 'v', 'y', '.', 'n', 'z', '\0',
+  /* "ancient-gates.de", true */ 'a', 'n', 'c', 'i', 'e', 'n', 't', '-', 'g', 'a', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "ancolies-andre.com", true */ 'a', 'n', 'c', 'o', 'l', 'i', 'e', 's', '-', 'a', 'n', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anconaswine.com", true */ 'a', 'n', 'c', 'o', 'n', 'a', 's', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "and-stuff.nl", true */ 'a', 'n', 'd', '-', 's', 't', 'u', 'f', 'f', '.', 'n', 'l', '\0',
+  /* "and.com", true */ 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "andarpersassi.it", true */ 'a', 'n', 'd', 'a', 'r', 'p', 'e', 'r', 's', 'a', 's', 's', 'i', '.', 'i', 't', '\0',
+  /* "andbraiz.com", true */ 'a', 'n', 'd', 'b', 'r', 'a', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "andel.info", true */ 'a', 'n', 'd', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "anders.hamburg", true */ 'a', 'n', 'd', 'e', 'r', 's', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "anderskp.dk", true */ 'a', 'n', 'd', 'e', 'r', 's', 'k', 'p', '.', 'd', 'k', '\0',
+  /* "andersonshatch.com", true */ 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', 's', 'h', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "andisadhdspot.com", true */ 'a', 'n', 'd', 'i', 's', 'a', 'd', 'h', 'd', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "anditi.com", true */ 'a', 'n', 'd', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "andoms.fi", true */ 'a', 'n', 'd', 'o', 'm', 's', '.', 'f', 'i', '\0',
+  /* "andre-otto.com", true */ 'a', 'n', 'd', 'r', 'e', '-', 'o', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "andrea-kiaora.de", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'k', 'i', 'a', 'o', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "andrea-m.me", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'm', '.', 'm', 'e', '\0',
+  /* "andrea-wirthensohn.at", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'w', 'i', 'r', 't', 'h', 'e', 'n', 's', 'o', 'h', 'n', '.', 'a', 't', '\0',
+  /* "andreaboero.it", true */ 'a', 'n', 'd', 'r', 'e', 'a', 'b', 'o', 'e', 'r', 'o', '.', 'i', 't', '\0',
+  /* "andreamcnett.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 'm', 'c', 'n', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andreaseracleous.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'e', 'r', 'a', 'c', 'l', 'e', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "andreasfeusi.ch", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'f', 'e', 'u', 's', 'i', '.', 'c', 'h', '\0',
+  /* "andreaskrasa.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'k', 'r', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "andreasolsson.se", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'o', 'l', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "andrefaber.nl", true */ 'a', 'n', 'd', 'r', 'e', 'f', 'a', 'b', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "andrehansen.de", true */ 'a', 'n', 'd', 'r', 'e', 'h', 'a', 'n', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "andrepicard.de", true */ 'a', 'n', 'd', 'r', 'e', 'p', 'i', 'c', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "andrespaz.com", true */ 'a', 'n', 'd', 'r', 'e', 's', 'p', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "andreundnina.de", true */ 'a', 'n', 'd', 'r', 'e', 'u', 'n', 'd', 'n', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "andrewdavidwong.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'd', 'a', 'v', 'i', 'd', 'w', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "andrewdaws.io", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'd', 'a', 'w', 's', '.', 'i', 'o', '\0',
+  /* "andrewensley.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'e', 'n', 's', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "andrewhowden.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'h', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "andrewimeson.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'i', 'm', 'e', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "andrewin.ru", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "andrewmichaud.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'm', 'i', 'c', 'h', 'a', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "andrewmichaud.me", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'm', 'i', 'c', 'h', 'a', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "andrewpeng.net", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'p', 'e', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "andrewprokos.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'p', 'r', 'o', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "andrewrgoss.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'r', 'g', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "andrewryno.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'r', 'y', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "andrewsun.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "andrewtebert.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 't', 'e', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andrewthelott.net", true */ 'a', 'n', 'd', 'r', 'e', 'w', 't', 'h', 'e', 'l', 'o', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "andrezadnik.com", true */ 'a', 'n', 'd', 'r', 'e', 'z', 'a', 'd', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "andro2id.com", true */ 'a', 'n', 'd', 'r', 'o', '2', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "andro4all.com", true */ 'a', 'n', 'd', 'r', 'o', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "android.re", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'r', 'e', '\0',
+  /* "androide.com", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "androidhry.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'h', 'r', 'y', '.', 'c', 'z', '\0',
+  /* "androidkatalog.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'k', 'a', 't', 'a', 'l', 'o', 'g', '.', 'c', 'z', '\0',
+  /* "androidnovinky.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'n', 'o', 'v', 'i', 'n', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "androidtamer.com", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 't', 'a', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "androidtelefony.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 't', 'e', 'l', 'e', 'f', 'o', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "androidzone.me", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'z', 'o', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "andromedacenter.com", true */ 'a', 'n', 'd', 'r', 'o', 'm', 'e', 'd', 'a', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "andronika.net", true */ 'a', 'n', 'd', 'r', 'o', 'n', 'i', 'k', 'a', '.', 'n', 'e', 't', '\0',
+  /* "androticsdirect.com", true */ 'a', 'n', 'd', 'r', 'o', 't', 'i', 'c', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andruvision.cz", true */ 'a', 'n', 'd', 'r', 'u', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "andsat.org", true */ 'a', 'n', 'd', 's', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "andschwa.com", true */ 'a', 'n', 'd', 's', 'c', 'h', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "andybrett.com", true */ 'a', 'n', 'd', 'y', 'b', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andycrockett.io", true */ 'a', 'n', 'd', 'y', 'c', 'r', 'o', 'c', 'k', 'e', 't', 't', '.', 'i', 'o', '\0',
+  /* "andymoore.info", true */ 'a', 'n', 'd', 'y', 'm', 'o', 'o', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "andyt.eu", true */ 'a', 'n', 'd', 'y', 't', '.', 'e', 'u', '\0',
+  /* "andzia.art.pl", true */ 'a', 'n', 'd', 'z', 'i', 'a', '.', 'a', 'r', 't', '.', 'p', 'l', '\0',
+  /* "anecuni-club.com", true */ 'a', 'n', 'e', 'c', 'u', 'n', 'i', '-', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "anecuni-rec.com", true */ 'a', 'n', 'e', 'c', 'u', 'n', 'i', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "anedot-sandbox.com", true */ 'a', 'n', 'e', 'd', 'o', 't', '-', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "anedot.com", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "anedot.space", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "anedot.xyz", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 'x', 'y', 'z', '\0',
+  /* "anekdotes.com", true */ 'a', 'n', 'e', 'k', 'd', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anendlesssupply.co.uk", true */ 'a', 'n', 'e', 'n', 'd', 'l', 'e', 's', 's', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "anetaben.nl", true */ 'a', 'n', 'e', 't', 'a', 'b', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "anextraordinaryday.net", true */ 'a', 'n', 'e', 'x', 't', 'r', 'a', 'o', 'r', 'd', 'i', 'n', 'a', 'r', 'y', 'd', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "anfenglish.com", true */ 'a', 'n', 'f', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "angel-body.com", true */ 'a', 'n', 'g', 'e', 'l', '-', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "angelic47.com", true */ 'a', 'n', 'g', 'e', 'l', 'i', 'c', '4', '7', '.', 'c', 'o', 'm', '\0',
+  /* "angelinahair.com", true */ 'a', 'n', 'g', 'e', 'l', 'i', 'n', 'a', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "angeloventuri.com", true */ 'a', 'n', 'g', 'e', 'l', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "anginf.de", true */ 'a', 'n', 'g', 'i', 'n', 'f', '.', 'd', 'e', '\0',
+  /* "anglertanke.de", true */ 'a', 'n', 'g', 'l', 'e', 'r', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "anglictina-sojcak.cz", true */ 'a', 'n', 'g', 'l', 'i', 'c', 't', 'i', 'n', 'a', '-', 's', 'o', 'j', 'c', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "anglictinasojcak.cz", true */ 'a', 'n', 'g', 'l', 'i', 'c', 't', 'i', 'n', 'a', 's', 'o', 'j', 'c', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "anglingactive.co.uk", true */ 'a', 'n', 'g', 'l', 'i', 'n', 'g', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "angrapa.ru", true */ 'a', 'n', 'g', 'r', 'a', 'p', 'a', '.', 'r', 'u', '\0',
+  /* "angristan.fr", true */ 'a', 'n', 'g', 'r', 'i', 's', 't', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "angrut.com", true */ 'a', 'n', 'g', 'r', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "angry.im", true */ 'a', 'n', 'g', 'r', 'y', '.', 'i', 'm', '\0',
+  /* "angrysnarl.com", true */ 'a', 'n', 'g', 'r', 'y', 's', 'n', 'a', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "angryteeth.net", true */ 'a', 'n', 'g', 'r', 'y', 't', 'e', 'e', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "angularjs.org", true */ 'a', 'n', 'g', 'u', 'l', 'a', 'r', 'j', 's', '.', 'o', 'r', 'g', '\0',
+  /* "angusmak.com", true */ 'a', 'n', 'g', 'u', 's', 'm', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "anhaffen.lu", true */ 'a', 'n', 'h', 'a', 'f', 'f', 'e', 'n', '.', 'l', 'u', '\0',
+  /* "anim.ee", true */ 'a', 'n', 'i', 'm', '.', 'e', 'e', '\0',
+  /* "animacurse.moe", true */ 'a', 'n', 'i', 'm', 'a', 'c', 'u', 'r', 's', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "animaemundi.be", true */ 'a', 'n', 'i', 'm', 'a', 'e', 'm', 'u', 'n', 'd', 'i', '.', 'b', 'e', '\0',
+  /* "animal-liberation.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', '-', 'l', 'i', 'b', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "animal-rights.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', '-', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "animalistic.io", true */ 'a', 'n', 'i', 'm', 'a', 'l', 'i', 's', 't', 'i', 'c', '.', 'i', 'o', '\0',
+  /* "animalnet.de", false */ 'a', 'n', 'i', 'm', 'a', 'l', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "animalstropic.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', 's', 't', 'r', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "animaltesting.fr", true */ 'a', 'n', 'i', 'm', 'a', 'l', 't', 'e', 's', 't', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "animationsmusicales.ch", true */ 'a', 'n', 'i', 'm', 'a', 't', 'i', 'o', 'n', 's', 'm', 'u', 's', 'i', 'c', 'a', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "anime-culture.com", true */ 'a', 'n', 'i', 'm', 'e', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anime.my", false */ 'a', 'n', 'i', 'm', 'e', '.', 'm', 'y', '\0',
+  /* "anime1.me", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'm', 'e', '\0',
+  /* "anime1.moe", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'm', 'o', 'e', '\0',
+  /* "anime1.pw", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'p', 'w', '\0',
+  /* "anime1.top", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 't', 'o', 'p', '\0',
+  /* "animeai.com", true */ 'a', 'n', 'i', 'm', 'e', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "animefluxxx.com", true */ 'a', 'n', 'i', 'm', 'e', 'f', 'l', 'u', 'x', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "animesharp.com", true */ 'a', 'n', 'i', 'm', 'e', 's', 'h', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "animorphsfanforum.com", true */ 'a', 'n', 'i', 'm', 'o', 'r', 'p', 'h', 's', 'f', 'a', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "anipassion.com", true */ 'a', 'n', 'i', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "anita-mukorom.hu", true */ 'a', 'n', 'i', 't', 'a', '-', 'm', 'u', 'k', 'o', 'r', 'o', 'm', '.', 'h', 'u', '\0',
+  /* "anitaalbersen.nl", true */ 'a', 'n', 'i', 't', 'a', 'a', 'l', 'b', 'e', 'r', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "anitube-nocookie.ch", true */ 'a', 'n', 'i', 't', 'u', 'b', 'e', '-', 'n', 'o', 'c', 'o', 'o', 'k', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "anitube.ch", true */ 'a', 'n', 'i', 't', 'u', 'b', 'e', '.', 'c', 'h', '\0',
+  /* "anivar.net", true */ 'a', 'n', 'i', 'v', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ankarakart.com.tr", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'k', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "ankaraprofesyonelwebtasarim.com", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'p', 'r', 'o', 'f', 'e', 's', 'y', 'o', 'n', 'e', 'l', 'w', 'e', 'b', 't', 'a', 's', 'a', 'r', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ankarauzmanlarnakliyat.com", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'u', 'z', 'm', 'a', 'n', 'l', 'a', 'r', 'n', 'a', 'k', 'l', 'i', 'y', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ankenbrand.me", true */ 'a', 'n', 'k', 'e', 'n', 'b', 'r', 'a', 'n', 'd', '.', 'm', 'e', '\0',
+  /* "ankitha.in", true */ 'a', 'n', 'k', 'i', 't', 'h', 'a', '.', 'i', 'n', '\0',
+  /* "ankiuser.net", true */ 'a', 'n', 'k', 'i', 'u', 's', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ankiweb.net", true */ 'a', 'n', 'k', 'i', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "ankwanoma.com", true */ 'a', 'n', 'k', 'w', 'a', 'n', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "anna.info", true */ 'a', 'n', 'n', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "annaenemma.nl", true */ 'a', 'n', 'n', 'a', 'e', 'n', 'e', 'm', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "annangela.moe", true */ 'a', 'n', 'n', 'a', 'n', 'g', 'e', 'l', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "annarokina.com", true */ 'a', 'n', 'n', 'a', 'r', 'o', 'k', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "annasvapor.se", true */ 'a', 'n', 'n', 'a', 's', 'v', 'a', 'p', 'o', 'r', '.', 's', 'e', '\0',
+  /* "annedaniels.co.uk", true */ 'a', 'n', 'n', 'e', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "annejan.com", true */ 'a', 'n', 'n', 'e', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "annemakeslovelycandles.co.uk", true */ 'a', 'n', 'n', 'e', 'm', 'a', 'k', 'e', 's', 'l', 'o', 'v', 'e', 'l', 'y', 'c', 'a', 'n', 'd', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "annetta.com", true */ 'a', 'n', 'n', 'e', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "annettewindlin.ch", true */ 'a', 'n', 'n', 'e', 't', 't', 'e', 'w', 'i', 'n', 'd', 'l', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "annevankesteren.com", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "annevankesteren.nl", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "annevankesteren.org", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "annicascakes.nl", true */ 'a', 'n', 'n', 'i', 'c', 'a', 's', 'c', 'a', 'k', 'e', 's', '.', 'n', 'l', '\0',
+  /* "anniversary-cruise.com", true */ 'a', 'n', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'y', '-', 'c', 'r', 'u', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "annotate.software", true */ 'a', 'n', 'n', 'o', 't', 'a', 't', 'e', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "annoyingasfuk.com", true */ 'a', 'n', 'n', 'o', 'y', 'i', 'n', 'g', 'a', 's', 'f', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "annrusnak.com", true */ 'a', 'n', 'n', 'r', 'u', 's', 'n', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "annsbouncycastles.com", true */ 'a', 'n', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "annuaire-jcb.com", true */ 'a', 'n', 'n', 'u', 'a', 'i', 'r', 'e', '-', 'j', 'c', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "annuaire-photographe.fr", false */ 'a', 'n', 'n', 'u', 'a', 'i', 'r', 'e', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'f', 'r', '\0',
+  /* "anohana.org", true */ 'a', 'n', 'o', 'h', 'a', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "anojan.com", true */ 'a', 'n', 'o', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "anon-next.de", true */ 'a', 'n', 'o', 'n', '-', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0',
+  /* "anonboards.com", true */ 'a', 'n', 'o', 'n', 'b', 'o', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anoncom.net", true */ 'a', 'n', 'o', 'n', 'c', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "anoneko.com", true */ 'a', 'n', 'o', 'n', 'e', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "anongoth.pl", true */ 'a', 'n', 'o', 'n', 'g', 'o', 't', 'h', '.', 'p', 'l', '\0',
+  /* "anonrea.ch", true */ 'a', 'n', 'o', 'n', 'r', 'e', 'a', '.', 'c', 'h', '\0',
+  /* "anons.fr", true */ 'a', 'n', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "anonukradio.org", true */ 'a', 'n', 'o', 'n', 'u', 'k', 'r', 'a', 'd', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "anonym-surfen.de", true */ 'a', 'n', 'o', 'n', 'y', 'm', '-', 's', 'u', 'r', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "anonyme-spieler.at", true */ 'a', 'n', 'o', 'n', 'y', 'm', 'e', '-', 's', 'p', 'i', 'e', 'l', 'e', 'r', '.', 'a', 't', '\0',
+  /* "another.ch", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "anotherchef.com", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'c', 'h', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "anotherfatgeek.net", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'f', 'a', 't', 'g', 'e', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "anothermanfilm.co.uk", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'm', 'a', 'n', 'f', 'i', 'l', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "anothermilan.net", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'm', 'i', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "anowicki.pl", true */ 'a', 'n', 'o', 'w', 'i', 'c', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "ans-delft.nl", true */ 'a', 'n', 's', '-', 'd', 'e', 'l', 'f', 't', '.', 'n', 'l', '\0',
+  /* "ans-ge.ch", true */ 'a', 'n', 's', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "ansas.eu", true */ 'a', 'n', 's', 'a', 's', '.', 'e', 'u', '\0',
+  /* "ansas.net", true */ 'a', 'n', 's', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "ansdell.net", true */ 'a', 'n', 's', 'd', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "anseo.ninja", true */ 'a', 'n', 's', 'e', 'o', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "ansermet.net", true */ 'a', 'n', 's', 'e', 'r', 'm', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "ansgar-sonntag.de", true */ 'a', 'n', 's', 'g', 'a', 'r', '-', 's', 'o', 'n', 'n', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "ansgarsonntag.de", true */ 'a', 'n', 's', 'g', 'a', 'r', 's', 'o', 'n', 'n', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "anshumanbiswas.com", true */ 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'b', 'i', 's', 'w', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ansichtssache.at", true */ 'a', 'n', 's', 'i', 'c', 'h', 't', 's', 's', 'a', 'c', 'h', 'e', '.', 'a', 't', '\0',
+  /* "ansogning-sg.dk", true */ 'a', 'n', 's', 'o', 'g', 'n', 'i', 'n', 'g', '-', 's', 'g', '.', 'd', 'k', '\0',
+  /* "anstaskforce.gov", true */ 'a', 'n', 's', 't', 'a', 's', 'k', 'f', 'o', 'r', 'c', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "antama.eu", true */ 'a', 'n', 't', 'a', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "antama.nl", true */ 'a', 'n', 't', 'a', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "antarcti.co", true */ 'a', 'n', 't', 'a', 'r', 'c', 't', 'i', '.', 'c', 'o', '\0',
+  /* "antcas.com", true */ 'a', 'n', 't', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "antecim.fr", true */ 'a', 'n', 't', 'e', 'c', 'i', 'm', '.', 'f', 'r', '\0',
+  /* "antenasmundosat.com.br", true */ 'a', 'n', 't', 'e', 'n', 'a', 's', 'm', 'u', 'n', 'd', 'o', 's', 'a', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "antennista.milano.it", true */ 'a', 'n', 't', 'e', 'n', 'n', 'i', 's', 't', 'a', '.', 'm', 'i', 'l', 'a', 'n', 'o', '.', 'i', 't', '\0',
+  /* "antennista.pavia.it", true */ 'a', 'n', 't', 'e', 'n', 'n', 'i', 's', 't', 'a', '.', 'p', 'a', 'v', 'i', 'a', '.', 'i', 't', '\0',
+  /* "anthedesign.fr", true */ 'a', 'n', 't', 'h', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'r', '\0',
+  /* "anthony-rouanet.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', '-', 'r', 'o', 'u', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "anthonyaires.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anthonycarbonaro.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'c', 'a', 'r', 'b', 'o', 'n', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "anthonygaidot.fr", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'g', 'a', 'i', 'd', 'o', 't', '.', 'f', 'r', '\0',
+  /* "anthro.id", true */ 'a', 'n', 't', 'h', 'r', 'o', '.', 'i', 'd', '\0',
+  /* "anthropoid.ca", true */ 'a', 'n', 't', 'h', 'r', 'o', 'p', 'o', 'i', 'd', '.', 'c', 'a', '\0',
+  /* "anti-bible.com", true */ 'a', 'n', 't', 'i', '-', 'b', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anti-radar.org", true */ 'a', 'n', 't', 'i', '-', 'r', 'a', 'd', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "anticopyright.com", true */ 'a', 'n', 't', 'i', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "antihype.space", true */ 'a', 'n', 't', 'i', 'h', 'y', 'p', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "antikvariat.ru", true */ 'a', 'n', 't', 'i', 'k', 'v', 'a', 'r', 'i', 'a', 't', '.', 'r', 'u', '\0',
+  /* "antiled.by", true */ 'a', 'n', 't', 'i', 'l', 'e', 'd', '.', 'b', 'y', '\0',
+  /* "antimine.me", true */ 'a', 'n', 't', 'i', 'm', 'i', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "antipa.ch", true */ 'a', 'n', 't', 'i', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "antipolygraph.org", true */ 'a', 'n', 't', 'i', 'p', 'o', 'l', 'y', 'g', 'r', 'a', 'p', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "antique-pedalcars.ch", true */ 'a', 'n', 't', 'i', 'q', 'u', 'e', '-', 'p', 'e', 'd', 'a', 'l', 'c', 'a', 'r', 's', '.', 'c', 'h', '\0',
+  /* "antirepressionbayarea.com", true */ 'a', 'n', 't', 'i', 'r', 'e', 'p', 'r', 'e', 's', 's', 'i', 'o', 'n', 'b', 'a', 'y', 'a', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "antispeciesism.com", true */ 'a', 'n', 't', 'i', 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "antispeciesist.com", true */ 'a', 'n', 't', 'i', 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "antivirusprotection.reviews", true */ 'a', 'n', 't', 'i', 'v', 'i', 'r', 'u', 's', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "antocom.com", true */ 'a', 'n', 't', 'o', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "antoinebetas.be", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'b', 'e', 't', 'a', 's', '.', 'b', 'e', '\0',
+  /* "antoinedeschenes.com", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'd', 'e', 's', 'c', 'h', 'e', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "antoinemary.com", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'm', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "antonchen.com", true */ 'a', 'n', 't', 'o', 'n', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "antonellabb.eu", true */ 'a', 'n', 't', 'o', 'n', 'e', 'l', 'l', 'a', 'b', 'b', '.', 'e', 'u', '\0',
+  /* "antons.io", true */ 'a', 'n', 't', 'o', 'n', 's', '.', 'i', 'o', '\0',
+  /* "antragsgruen.de", true */ 'a', 'n', 't', 'r', 'a', 'g', 's', 'g', 'r', 'u', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "anulowano.pl", true */ 'a', 'n', 'u', 'l', 'o', 'w', 'a', 'n', 'o', '.', 'p', 'l', '\0',
+  /* "anvartay.com", true */ 'a', 'n', 'v', 'a', 'r', 't', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "anwaltsindex.com", true */ 'a', 'n', 'w', 'a', 'l', 't', 's', 'i', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "anxietyspace.com", true */ 'a', 'n', 'x', 'i', 'e', 't', 'y', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anxiolytics.com", true */ 'a', 'n', 'x', 'i', 'o', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "any.pm", false */ 'a', 'n', 'y', '.', 'p', 'm', '\0',
+  /* "anyfood.fi", true */ 'a', 'n', 'y', 'f', 'o', 'o', 'd', '.', 'f', 'i', '\0',
+  /* "anynode.net", true */ 'a', 'n', 'y', 'n', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "anyon.com", true */ 'a', 'n', 'y', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "anypeer.net", true */ 'a', 'n', 'y', 'p', 'e', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "anyprime.net", true */ 'a', 'n', 'y', 'p', 'r', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "anystack.xyz", true */ 'a', 'n', 'y', 's', 't', 'a', 'c', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "anytonetech.com", true */ 'a', 'n', 'y', 't', 'o', 'n', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "anzeiger.ag", true */ 'a', 'n', 'z', 'e', 'i', 'g', 'e', 'r', '.', 'a', 'g', '\0',
+  /* "ao-dev.com", true */ 'a', 'o', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "ao2.it", true */ 'a', 'o', '2', '.', 'i', 't', '\0',
+  /* "aoku3d.com", true */ 'a', 'o', 'k', 'u', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aolabs.nz", true */ 'a', 'o', 'l', 'a', 'b', 's', '.', 'n', 'z', '\0',
+  /* "aomberg.com", true */ 'a', 'o', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aomonk.com", true */ 'a', 'o', 'm', 'o', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aooobo.com", true */ 'a', 'o', 'o', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "aosc.io", false */ 'a', 'o', 's', 'c', '.', 'i', 'o', '\0',
+  /* "aosus.org", true */ 'a', 'o', 's', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aotearoaleaks.org", true */ 'a', 'o', 't', 'e', 'a', 'r', 'o', 'a', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aovcentrum.nl", true */ 'a', 'o', 'v', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "ap-swiss.ch", true */ 'a', 'p', '-', 's', 'w', 'i', 's', 's', '.', 'c', 'h', '\0',
+  /* "apac-tech.com", true */ 'a', 'p', 'a', 'c', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "apachehaus.de", false */ 'a', 'p', 'a', 'c', 'h', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "apadvantage.com", true */ 'a', 'p', 'a', 'd', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aparaatti.org", true */ 'a', 'p', 'a', 'r', 'a', 'a', 't', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "apartmanicg.me", true */ 'a', 'p', 'a', 'r', 't', 'm', 'a', 'n', 'i', 'c', 'g', '.', 'm', 'e', '\0',
+  /* "apartment-natik.fr", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '-', 'n', 'a', 't', 'i', 'k', '.', 'f', 'r', '\0',
+  /* "apartmentkroatien.at", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'k', 'r', 'o', 'a', 't', 'i', 'e', 'n', '.', 'a', 't', '\0',
+  /* "apartmentregister.com.au", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "apbox.de", true */ 'a', 'p', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "apcemporium.co.uk", true */ 'a', 'p', 'c', 'e', 'm', 'p', 'o', 'r', 'i', 'u', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "apcube.com", true */ 'a', 'p', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apef.ch", true */ 'a', 'p', 'e', 'f', '.', 'c', 'h', '\0',
+  /* "apertis.org", true */ 'a', 'p', 'e', 'r', 't', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aperturesciencelabs.de", true */ 'a', 'p', 'e', 'r', 't', 'u', 'r', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0',
+  /* "apervita.net", true */ 'a', 'p', 'e', 'r', 'v', 'i', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "apexitsolutions.ca", true */ 'a', 'p', 'e', 'x', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'a', '\0',
+  /* "aphelionentertainment.com", true */ 'a', 'p', 'h', 'e', 'l', 'i', 'o', 'n', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aphotrax.eu", true */ 'a', 'p', 'h', 'o', 't', 'r', 'a', 'x', '.', 'e', 'u', '\0',
+  /* "api-connect.com", true */ 'a', 'p', 'i', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "api-geek.com", true */ 'a', 'p', 'i', '-', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "api.intercom.io", true */ 'a', 'p', 'i', '.', 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "api.lookout.com", false */ 'a', 'p', 'i', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "api.recurly.com", true */ 'a', 'p', 'i', '.', 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "api.simple.com", false */ 'a', 'p', 'i', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "api.xero.com", false */ 'a', 'p', 'i', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "apiary.blog", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "apiary.clothing", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "apiary.shop", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'h', 'o', 'p', '\0',
+  /* "apiary.store", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "apiary.supplies", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '\0',
+  /* "apiary.supply", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "apience.com", true */ 'a', 'p', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apila.care", true */ 'a', 'p', 'i', 'l', 'a', '.', 'c', 'a', 'r', 'e', '\0',
+  /* "apila.us", true */ 'a', 'p', 'i', 'l', 'a', '.', 'u', 's', '\0',
+  /* "apiled.io", true */ 'a', 'p', 'i', 'l', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "apio.systems", true */ 'a', 'p', 'i', 'o', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "apis.blue", true */ 'a', 'p', 'i', 's', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "apis.google.com", true */ 'a', 'p', 'i', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apis.moe", true */ 'a', 'p', 'i', 's', '.', 'm', 'o', 'e', '\0',
+  /* "apisyouwonthate.com", true */ 'a', 'p', 'i', 's', 'y', 'o', 'u', 'w', 'o', 'n', 't', 'h', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apk.li", true */ 'a', 'p', 'k', '.', 'l', 'i', '\0',
+  /* "apk4fun.com", true */ 'a', 'p', 'k', '4', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "apl2bits.net", true */ 'a', 'p', 'l', '2', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "aplikaceproandroid.cz", true */ 'a', 'p', 'l', 'i', 'k', 'a', 'c', 'e', 'p', 'r', 'o', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "aplis-online.de", false */ 'a', 'p', 'l', 'i', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "aplpackaging.co.uk", true */ 'a', 'p', 'l', 'p', 'a', 'c', 'k', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aplu.fr", true */ 'a', 'p', 'l', 'u', '.', 'f', 'r', '\0',
+  /* "apmpproject.org", true */ 'a', 'p', 'm', 'p', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "apn-dz.org", true */ 'a', 'p', 'n', '-', 'd', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "apn-einstellungen.de", true */ 'a', 'p', 'n', '-', 'e', 'i', 'n', 's', 't', 'e', 'l', 'l', 'u', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "apoil.org", true */ 'a', 'p', 'o', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "apollyon.work", true */ 'a', 'p', 'o', 'l', 'l', 'y', 'o', 'n', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "apoly.de", true */ 'a', 'p', 'o', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "aporia.io", true */ 'a', 'p', 'o', 'r', 'i', 'a', '.', 'i', 'o', '\0',
+  /* "aposke.com", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aposke.net", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "aposke.org", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "apothes.is", true */ 'a', 'p', 'o', 't', 'h', 'e', 's', '.', 'i', 's', '\0',
+  /* "app-at.work", true */ 'a', 'p', 'p', '-', 'a', 't', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "app.recurly.com", true */ 'a', 'p', 'p', '.', 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "app.simpletax.ca", true */ 'a', 'p', 'p', '.', 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "app.yinxiang.com", false */ 'a', 'p', 'p', '.', 'y', 'i', 'n', 'x', 'i', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "appartement-andrea.at", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', '-', 'a', 'n', 'd', 'r', 'e', 'a', '.', 'a', 't', '\0',
+  /* "appartement-evolene.net", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', '-', 'e', 'v', 'o', 'l', 'e', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "appartementhaus-badria.de", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 'h', 'a', 'u', 's', '-', 'b', 'a', 'd', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "appartementmarsum.nl", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 'm', 'a', 'r', 's', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "appchive.net", true */ 'a', 'p', 'p', 'c', 'h', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "appcoins.io", true */ 'a', 'p', 'p', 'c', 'o', 'i', 'n', 's', '.', 'i', 'o', '\0',
+  /* "appel-aide.ch", true */ 'a', 'p', 'p', 'e', 'l', '-', 'a', 'i', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "appelboomdefilm.nl", true */ 'a', 'p', 'p', 'e', 'l', 'b', 'o', 'o', 'm', 'd', 'e', 'f', 'i', 'l', 'm', '.', 'n', 'l', '\0',
+  /* "appengine.google.com", true */ 'a', 'p', 'p', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apperio.com", true */ 'a', 'p', 'p', 'e', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "appharbor.com", true */ 'a', 'p', 'p', 'h', 'a', 'r', 'b', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "apple-watch-zubehoer.de", true */ 'a', 'p', 'p', 'l', 'e', '-', 'w', 'a', 't', 'c', 'h', '-', 'z', 'u', 'b', 'e', 'h', 'o', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "applejacks-bouncy-castles.co.uk", true */ 'a', 'p', 'p', 'l', 'e', 'j', 'a', 'c', 'k', 's', '-', 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "applelife.ru", true */ 'a', 'p', 'p', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'r', 'u', '\0',
+  /* "applemon.com", true */ 'a', 'p', 'p', 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "appleoosa.com", true */ 'a', 'p', 'p', 'l', 'e', 'o', 'o', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "appleranch.com", true */ 'a', 'p', 'p', 'l', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "applesana.es", true */ 'a', 'p', 'p', 'l', 'e', 's', 'a', 'n', 'a', '.', 'e', 's', '\0',
+  /* "applesencia.com", true */ 'a', 'p', 'p', 'l', 'e', 's', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "applewatch.co.nz", true */ 'a', 'p', 'p', 'l', 'e', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "applian.jp", true */ 'a', 'p', 'p', 'l', 'i', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "apply.eu", true */ 'a', 'p', 'p', 'l', 'y', '.', 'e', 'u', '\0',
+  /* "appmeas.co.uk", true */ 'a', 'p', 'p', 'm', 'e', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "appmobile.io", true */ 'a', 'p', 'p', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "appninjas.com", true */ 'a', 'p', 'p', 'n', 'i', 'n', 'j', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "appointed.at", true */ 'a', 'p', 'p', 'o', 'i', 'n', 't', 'e', 'd', '.', 'a', 't', '\0',
+  /* "apponic.com", true */ 'a', 'p', 'p', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "apponline.com", true */ 'a', 'p', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "approbo.com", true */ 'a', 'p', 'p', 'r', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "approvedtreecare.com", true */ 'a', 'p', 'p', 'r', 'o', 'v', 'e', 'd', 't', 'r', 'e', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apps.co", true */ 'a', 'p', 'p', 's', '.', 'c', 'o', '\0',
+  /* "apps.facebook.com", false */ 'a', 'p', 'p', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "apps.fedoraproject.org", true */ 'a', 'p', 'p', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "apps.stg.fedoraproject.org", true */ 'a', 'p', 'p', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "apps4inter.net", true */ 'a', 'p', 'p', 's', '4', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "appscloudplus.com", true */ 'a', 'p', 'p', 's', 'c', 'l', 'o', 'u', 'd', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "appseccalifornia.org", false */ 'a', 'p', 'p', 's', 'e', 'c', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "appson.co.uk", false */ 'a', 'p', 'p', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "appt.ch", true */ 'a', 'p', 'p', 't', '.', 'c', 'h', '\0',
+  /* "apptomics.com", true */ 'a', 'p', 'p', 't', 'o', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "apptoutou.com", true */ 'a', 'p', 'p', 't', 'o', 'u', 't', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "appuals.com", true */ 'a', 'p', 'p', 'u', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "appui-de-fenetre.fr", true */ 'a', 'p', 'p', 'u', 'i', '-', 'd', 'e', '-', 'f', 'e', 'n', 'e', 't', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "appveyor.com", true */ 'a', 'p', 'p', 'v', 'e', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "appzoojoo.be", true */ 'a', 'p', 'p', 'z', 'o', 'o', 'j', 'o', 'o', '.', 'b', 'e', '\0',
+  /* "aprefix.com", true */ 'a', 'p', 'r', 'e', 'f', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "apretatuercas.es", true */ 'a', 'p', 'r', 'e', 't', 'a', 't', 'u', 'e', 'r', 'c', 'a', 's', '.', 'e', 's', '\0',
+  /* "aprovpn.com", true */ 'a', 'p', 'r', 'o', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aprpullmanportermuseum.org", true */ 'a', 'p', 'r', 'p', 'u', 'l', 'l', 'm', 'a', 'n', 'p', 'o', 'r', 't', 'e', 'r', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "aprr.org", true */ 'a', 'p', 'r', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "aprsdroid.org", true */ 'a', 'p', 'r', 's', 'd', 'r', 'o', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "aprz.de", true */ 'a', 'p', 'r', 'z', '.', 'd', 'e', '\0',
+  /* "apstudynotes.org", true */ 'a', 'p', 's', 't', 'u', 'd', 'y', 'n', 'o', 't', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aptive.co.uk", true */ 'a', 'p', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "apu-board.de", true */ 'a', 'p', 'u', '-', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "apv-ollon.ch", true */ 'a', 'p', 'v', '-', 'o', 'l', 'l', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "aqilacademy.com.au", true */ 'a', 'q', 'i', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aqqrate.com", true */ 'a', 'q', 'q', 'r', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aqsiq.net", true */ 'a', 'q', 's', 'i', 'q', '.', 'n', 'e', 't', '\0',
+  /* "aqua-fitness-nacht.de", true */ 'a', 'q', 'u', 'a', '-', 'f', 'i', 't', 'n', 'e', 's', 's', '-', 'n', 'a', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "aqua-fotowelt.de", true */ 'a', 'q', 'u', 'a', '-', 'f', 'o', 't', 'o', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "aquabar.co.il", true */ 'a', 'q', 'u', 'a', 'b', 'a', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "aquabio.ch", true */ 'a', 'q', 'u', 'a', 'b', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "aquadonis.ch", true */ 'a', 'q', 'u', 'a', 'd', 'o', 'n', 'i', 's', '.', 'c', 'h', '\0',
+  /* "aquahomo.com", true */ 'a', 'q', 'u', 'a', 'h', 'o', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "aqualife.com.gr", true */ 'a', 'q', 'u', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0',
+  /* "aqualifeprojects.com", true */ 'a', 'q', 'u', 'a', 'l', 'i', 'f', 'e', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aquarium-supplement.net", true */ 'a', 'q', 'u', 'a', 'r', 'i', 'u', 'm', '-', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "aquaron.com", true */ 'a', 'q', 'u', 'a', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aquaselect.eu", true */ 'a', 'q', 'u', 'a', 's', 'e', 'l', 'e', 'c', 't', '.', 'e', 'u', '\0',
+  /* "aquatechnologygroup.com", true */ 'a', 'q', 'u', 'a', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "aquaundine.net", true */ 'a', 'q', 'u', 'a', 'u', 'n', 'd', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "aquavitaedayspa.com.au", true */ 'a', 'q', 'u', 'a', 'v', 'i', 't', 'a', 'e', 'd', 'a', 'y', 's', 'p', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aquila.co.uk", true */ 'a', 'q', 'u', 'i', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aquilaguild.com", false */ 'a', 'q', 'u', 'i', 'l', 'a', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aquireceitas.com", true */ 'a', 'q', 'u', 'i', 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aquitainebrasserie.com.au", true */ 'a', 'q', 'u', 'i', 't', 'a', 'i', 'n', 'e', 'b', 'r', 'a', 's', 's', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aquitroc.com", true */ 'a', 'q', 'u', 'i', 't', 'r', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ar-informatique.ch", true */ 'a', 'r', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "ar.al", true */ 'a', 'r', '.', 'a', 'l', '\0',
+  /* "arab.dating", true */ 'a', 'r', 'a', 'b', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "arabsexi.info", true */ 'a', 'r', 'a', 'b', 's', 'e', 'x', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "arachina.com", true */ 'a', 'r', 'a', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "arados.de", true */ 'a', 'r', 'a', 'd', 'o', 's', '.', 'd', 'e', '\0',
+  /* "arai21.net", true */ 'a', 'r', 'a', 'i', '2', '1', '.', 'n', 'e', 't', '\0',
+  /* "araleeniken.com", true */ 'a', 'r', 'a', 'l', 'e', 'e', 'n', 'i', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aramado.com", true */ 'a', 'r', 'a', 'm', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "aramido.de", true */ 'a', 'r', 'a', 'm', 'i', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "aranel.me", true */ 'a', 'r', 'a', 'n', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "aranycsillag.net", true */ 'a', 'r', 'a', 'n', 'y', 'c', 's', 'i', 'l', 'l', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "araratour.com", true */ 'a', 'r', 'a', 'r', 'a', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "araro.ch", true */ 'a', 'r', 'a', 'r', 'o', '.', 'c', 'h', '\0',
+  /* "araseifudousan.com", true */ 'a', 'r', 'a', 's', 'e', 'i', 'f', 'u', 'd', 'o', 'u', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arawaza.biz", true */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "arawaza.com", false */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "arawaza.info", true */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "araxis.com", true */ 'a', 'r', 'a', 'x', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arbeitskreis-asyl-eningen.de", true */ 'a', 'r', 'b', 'e', 'i', 't', 's', 'k', 'r', 'e', 'i', 's', '-', 'a', 's', 'y', 'l', '-', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "arbeitslosenverwaltung.de", true */ 'a', 'r', 'b', 'e', 'i', 't', 's', 'l', 'o', 's', 'e', 'n', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "arbitrarion.com", true */ 'a', 'r', 'b', 'i', 't', 'r', 'a', 'r', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arbitrary.ch", true */ 'a', 'r', 'b', 'i', 't', 'r', 'a', 'r', 'y', '.', 'c', 'h', '\0',
+  /* "arboworks.com", true */ 'a', 'r', 'b', 'o', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arcadiaeng.com", true */ 'a', 'r', 'c', 'a', 'd', 'i', 'a', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "arcaik.net", true */ 'a', 'r', 'c', 'a', 'i', 'k', '.', 'n', 'e', 't', '\0',
+  /* "arcbit.io", true */ 'a', 'r', 'c', 'b', 'i', 't', '.', 'i', 'o', '\0',
+  /* "arcbouncycastles.co.uk", true */ 'a', 'r', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "arcenergy.co.uk", true */ 'a', 'r', 'c', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "archii.ca", true */ 'a', 'r', 'c', 'h', 'i', 'i', '.', 'c', 'a', '\0',
+  /* "archimedicx.com", true */ 'a', 'r', 'c', 'h', 'i', 'm', 'e', 'd', 'i', 'c', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "archined.nl", true */ 'a', 'r', 'c', 'h', 'i', 'n', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "architectdirect.nl", false */ 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'd', 'i', 'r', 'e', 'c', 't', '.', 'n', 'l', '\0',
+  /* "architecte-interieur.be", true */ 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'e', '-', 'i', 'n', 't', 'e', 'r', 'i', 'e', 'u', 'r', '.', 'b', 'e', '\0',
+  /* "archivesdelavieordinaire.ch", true */ 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', 'd', 'e', 'l', 'a', 'v', 'i', 'e', 'o', 'r', 'd', 'i', 'n', 'a', 'i', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "archlinux.de", true */ 'a', 'r', 'c', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "archlinux.org", true */ 'a', 'r', 'c', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "archoit.org", false */ 'a', 'r', 'c', 'h', 'o', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "archsec.info", true */ 'a', 'r', 'c', 'h', 's', 'e', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "arckr.com", true */ 'a', 'r', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "arcobalabs.ca", true */ 'a', 'r', 'c', 'o', 'b', 'a', 'l', 'a', 'b', 's', '.', 'c', 'a', '\0',
+  /* "arctic.gov", true */ 'a', 'r', 'c', 't', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "arcueil-cachan.fr", true */ 'a', 'r', 'c', 'u', 'e', 'i', 'l', '-', 'c', 'a', 'c', 'h', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "arcusnova.de", true */ 'a', 'r', 'c', 'u', 's', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "ardor.noip.me", true */ 'a', 'r', 'd', 'o', 'r', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "ardtrade.ru", true */ 'a', 'r', 'd', 't', 'r', 'a', 'd', 'e', '.', 'r', 'u', '\0',
+  /* "area536.com", true */ 'a', 'r', 'e', 'a', '5', '3', '6', '.', 'c', 'o', 'm', '\0',
+  /* "areaclienti.net", true */ 'a', 'r', 'e', 'a', 'c', 'l', 'i', 'e', 'n', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "areafiftylan.nl", true */ 'a', 'r', 'e', 'a', 'f', 'i', 'f', 't', 'y', 'l', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "areallyneatwebsite.com", true */ 'a', 'r', 'e', 'a', 'l', 'l', 'y', 'n', 'e', 'a', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "areatrend.com", true */ 'a', 'r', 'e', 'a', 't', 'r', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "arendburgers.nl", true */ 'a', 'r', 'e', 'n', 'd', 'b', 'u', 'r', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "arenzanaphotography.com", true */ 'a', 'r', 'e', 'n', 'z', 'a', 'n', 'a', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ares-trading.de", false */ 'a', 'r', 'e', 's', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "arethsu.se", true */ 'a', 'r', 'e', 't', 'h', 's', 'u', '.', 's', 'e', '\0',
+  /* "arfad.ch", true */ 'a', 'r', 'f', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "arg.zone", true */ 'a', 'r', 'g', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "arganaderm.ch", true */ 'a', 'r', 'g', 'a', 'n', 'a', 'd', 'e', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "argb.de", true */ 'a', 'r', 'g', 'b', '.', 'd', 'e', '\0',
+  /* "argekultur.at", true */ 'a', 'r', 'g', 'e', 'k', 'u', 'l', 't', 'u', 'r', '.', 'a', 't', '\0',
+  /* "argot.com", true */ 'a', 'r', 'g', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "argovpay.com", true */ 'a', 'r', 'g', 'o', 'v', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "arian.io", true */ 'a', 'r', 'i', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "ariba.info", true */ 'a', 'r', 'i', 'b', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ariege-pyrenees.net", true */ 'a', 'r', 'i', 'e', 'g', 'e', '-', 'p', 'y', 'r', 'e', 'n', 'e', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "arieswdd.com", true */ 'a', 'r', 'i', 'e', 's', 'w', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "arifp.me", true */ 'a', 'r', 'i', 'f', 'p', '.', 'm', 'e', '\0',
+  /* "arigato-java.download", true */ 'a', 'r', 'i', 'g', 'a', 't', 'o', '-', 'j', 'a', 'v', 'a', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "arijitdg.net", true */ 'a', 'r', 'i', 'j', 'i', 't', 'd', 'g', '.', 'n', 'e', 't', '\0',
+  /* "arikar.eu", true */ 'a', 'r', 'i', 'k', 'a', 'r', '.', 'e', 'u', '\0',
+  /* "arima.co.ke", true */ 'a', 'r', 'i', 'm', 'a', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "arinflatablefun.co.uk", true */ 'a', 'r', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aristilabs.com", true */ 'a', 'r', 'i', 's', 't', 'i', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aristocrates.co", true */ 'a', 'r', 'i', 's', 't', 'o', 'c', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', '\0',
+  /* "aristocratps.com", true */ 'a', 'r', 'i', 's', 't', 'o', 'c', 'r', 'a', 't', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aritec-la.com", true */ 'a', 'r', 'i', 't', 'e', 'c', '-', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "arithxu.com", true */ 'a', 'r', 'i', 't', 'h', 'x', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "arivo.com.br", true */ 'a', 'r', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "arizonaautomobileclub.com", true */ 'a', 'r', 'i', 'z', 'o', 'n', 'a', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "arjandejong.eu", true */ 'a', 'r', 'j', 'a', 'n', 'd', 'e', 'j', 'o', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "arjanvaartjes.net", true */ 'a', 'r', 'j', 'a', 'n', 'v', 'a', 'a', 'r', 't', 'j', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "arjunasdaughter.pub", true */ 'a', 'r', 'j', 'u', 'n', 'a', 's', 'd', 'a', 'u', 'g', 'h', 't', 'e', 'r', '.', 'p', 'u', 'b', '\0',
+  /* "arjweb.co.uk", true */ 'a', 'r', 'j', 'w', 'e', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "arkacrao.org", true */ 'a', 'r', 'k', 'a', 'c', 'r', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "arkaic.dyndns.org", true */ 'a', 'r', 'k', 'a', 'i', 'c', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "arkbyte.com", true */ 'a', 'r', 'k', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "arknodejs.com", true */ 'a', 'r', 'k', 'n', 'o', 'd', 'e', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arlatools.com", true */ 'a', 'r', 'l', 'a', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arlen.tv", true */ 'a', 'r', 'l', 'e', 'n', '.', 't', 'v', '\0',
+  /* "arlenarmageddon.com", true */ 'a', 'r', 'l', 'e', 'n', 'a', 'r', 'm', 'a', 'g', 'e', 'd', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arlet.click", true */ 'a', 'r', 'l', 'e', 't', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "armadaquadrat.com", true */ 'a', 'r', 'm', 'a', 'd', 'a', 'q', 'u', 'a', 'd', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "armandsdiscount.com", true */ 'a', 'r', 'm', 'a', 'n', 'd', 's', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "armarinhovirtual.com.br", true */ 'a', 'r', 'm', 'a', 'r', 'i', 'n', 'h', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "armazemdaminiatura.com.br", true */ 'a', 'r', 'm', 'a', 'z', 'e', 'm', 'd', 'a', 'm', 'i', 'n', 'i', 'a', 't', 'u', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "armeni-jewellery.gr", true */ 'a', 'r', 'm', 'e', 'n', 'i', '-', 'j', 'e', 'w', 'e', 'l', 'l', 'e', 'r', 'y', '.', 'g', 'r', '\0',
+  /* "armil.it", true */ 'a', 'r', 'm', 'i', 'l', '.', 'i', 't', '\0',
+  /* "arminc.tk", true */ 'a', 'r', 'm', 'i', 'n', 'c', '.', 't', 'k', '\0',
+  /* "arminpech.de", true */ 'a', 'r', 'm', 'i', 'n', 'p', 'e', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "armleads.com", true */ 'a', 'r', 'm', 'l', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "armodec.com", true */ 'a', 'r', 'm', 'o', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "armstrongsengineering.com", true */ 'a', 'r', 'm', 's', 't', 'r', 'o', 'n', 'g', 's', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "army24.cz", true */ 'a', 'r', 'm', 'y', '2', '4', '.', 'c', 'z', '\0',
+  /* "armyofbane.com", true */ 'a', 'r', 'm', 'y', 'o', 'f', 'b', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "armyprodej.cz", true */ 'a', 'r', 'm', 'y', 'p', 'r', 'o', 'd', 'e', 'j', '.', 'c', 'z', '\0',
+  /* "arnaudb.net", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'b', '.', 'n', 'e', 't', '\0',
+  /* "arnaudfeld.de", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'f', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "arnaudminable.net", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'm', 'i', 'n', 'a', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "arnesolutions.com", true */ 'a', 'r', 'n', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arniescastles.co.uk", true */ 'a', 'r', 'n', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "arnoldkontz-occasions.lu", true */ 'a', 'r', 'n', 'o', 'l', 'd', 'k', 'o', 'n', 't', 'z', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'l', 'u', '\0',
+  /* "arnor.org", true */ 'a', 'r', 'n', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "arnoudraeven.nl", true */ 'a', 'r', 'n', 'o', 'u', 'd', 'r', 'a', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "arnoudvandalen.nl", true */ 'a', 'r', 'n', 'o', 'u', 'd', 'v', 'a', 'n', 'd', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "arokha.com", true */ 'a', 'r', 'o', 'k', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aroonchande.com", true */ 'a', 'r', 'o', 'o', 'n', 'c', 'h', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "around-the-blog.com", true */ 'a', 'r', 'o', 'u', 'n', 'd', '-', 't', 'h', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "arox.eu", true */ 'a', 'r', 'o', 'x', '.', 'e', 'u', '\0',
+  /* "arqueo-ecuatoriana.ec", true */ 'a', 'r', 'q', 'u', 'e', 'o', '-', 'e', 'c', 'u', 'a', 't', 'o', 'r', 'i', 'a', 'n', 'a', '.', 'e', 'c', '\0',
+  /* "arquitetura.pt", true */ 'a', 'r', 'q', 'u', 'i', 't', 'e', 't', 'u', 'r', 'a', '.', 'p', 't', '\0',
+  /* "arrakis.se", true */ 'a', 'r', 'r', 'a', 'k', 'i', 's', '.', 's', 'e', '\0',
+  /* "arrive.by", true */ 'a', 'r', 'r', 'i', 'v', 'e', '.', 'b', 'y', '\0',
+  /* "arrivedconsulting.com", true */ 'a', 'r', 'r', 'i', 'v', 'e', 'd', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "arrmaforum.com", true */ 'a', 'r', 'r', 'm', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "arrow-analytics.nl", true */ 'a', 'r', 'r', 'o', 'w', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'n', 'l', '\0',
+  /* "arrow-api.nl", true */ 'a', 'r', 'r', 'o', 'w', '-', 'a', 'p', 'i', '.', 'n', 'l', '\0',
+  /* "arrowgrove.com", false */ 'a', 'r', 'r', 'o', 'w', 'g', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "arrowwebprojects.nl", true */ 'a', 'r', 'r', 'o', 'w', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'n', 'l', '\0',
+  /* "arsenal.ru", true */ 'a', 'r', 's', 'e', 'n', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "arsk1.com", true */ 'a', 'r', 's', 'k', '1', '.', 'c', 'o', 'm', '\0',
+  /* "art-et-culture.ch", true */ 'a', 'r', 't', '-', 'e', 't', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "artansoft.com", true */ 'a', 'r', 't', 'a', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "artbytik.ru", true */ 'a', 'r', 't', 'b', 'y', 't', 'i', 'k', '.', 'r', 'u', '\0',
+  /* "artdeco-photo.com", true */ 'a', 'r', 't', 'd', 'e', 'c', 'o', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "artea.ga", true */ 'a', 'r', 't', 'e', 'a', '.', 'g', 'a', '\0',
+  /* "arteaga.me", true */ 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'm', 'e', '\0',
+  /* "artemicroway.com.br", true */ 'a', 'r', 't', 'e', 'm', 'i', 'c', 'r', 'o', 'w', 'a', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "artemis.re", true */ 'a', 'r', 't', 'e', 'm', 'i', 's', '.', 'r', 'e', '\0',
+  /* "arterienundvenen.ch", true */ 'a', 'r', 't', 'e', 'r', 'i', 'e', 'n', 'u', 'n', 'd', 'v', 'e', 'n', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "arteseideias.com.pt", true */ 'a', 'r', 't', 'e', 's', 'e', 'i', 'd', 'e', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'p', 't', '\0',
+  /* "arteshow.ch", true */ 'a', 'r', 't', 'e', 's', 'h', 'o', 'w', '.', 'c', 'h', '\0',
+  /* "arteszr.com", true */ 'a', 'r', 't', 'e', 's', 'z', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "artetrama.com", false */ 'a', 'r', 't', 'e', 't', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "artforum.sk", true */ 'a', 'r', 't', 'f', 'o', 'r', 'u', 'm', '.', 's', 'k', '\0',
+  /* "arthermitage.org", true */ 'a', 'r', 't', 'h', 'e', 'r', 'm', 'i', 't', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "arthur.cn", true */ 'a', 'r', 't', 'h', 'u', 'r', '.', 'c', 'n', '\0',
+  /* "arthurlaw.ca", true */ 'a', 'r', 't', 'h', 'u', 'r', 'l', 'a', 'w', '.', 'c', 'a', '\0',
+  /* "arthurmelo.com", false */ 'a', 'r', 't', 'h', 'u', 'r', 'm', 'e', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "artik.cloud", true */ 'a', 'r', 't', 'i', 'k', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "artimpact.ch", true */ 'a', 'r', 't', 'i', 'm', 'p', 'a', 'c', 't', '.', 'c', 'h', '\0',
+  /* "artioml.net", true */ 'a', 'r', 't', 'i', 'o', 'm', 'l', '.', 'n', 'e', 't', '\0',
+  /* "artionet.ch", true */ 'a', 'r', 't', 'i', 'o', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "artisans-libres.com", true */ 'a', 'r', 't', 'i', 's', 'a', 'n', 's', '-', 'l', 'i', 'b', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "artisphere.ch", true */ 'a', 'r', 't', 'i', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "artlantis.nl", true */ 'a', 'r', 't', 'l', 'a', 'n', 't', 'i', 's', '.', 'n', 'l', '\0',
+  /* "artleading.ru", true */ 'a', 'r', 't', 'l', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "artlego.com", true */ 'a', 'r', 't', 'l', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "artlifeisgood.com", true */ 'a', 'r', 't', 'l', 'i', 'f', 'e', 'i', 's', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "artlogo.biz", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "artlogo.cz", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 'c', 'z', '\0',
+  /* "artlogo.sk", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 's', 'k', '\0',
+  /* "artmaxi.eu", true */ 'a', 'r', 't', 'm', 'a', 'x', 'i', '.', 'e', 'u', '\0',
+  /* "artmoney.com", true */ 'a', 'r', 't', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "artofeyes.nl", true */ 'a', 'r', 't', 'o', 'f', 'e', 'y', 'e', 's', '.', 'n', 'l', '\0',
+  /* "artofwhere.com", true */ 'a', 'r', 't', 'o', 'f', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "artratio.net", true */ 'a', 'r', 't', 'r', 'a', 't', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "artroot.jp", true */ 'a', 'r', 't', 'r', 'o', 'o', 't', '.', 'j', 'p', '\0',
+  /* "artschmidtoptical.com", true */ 'a', 'r', 't', 's', 'c', 'h', 'm', 'i', 'd', 't', 'o', 'p', 't', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "artsinthevalley.net.au", true */ 'a', 'r', 't', 's', 'i', 'n', 't', 'h', 'e', 'v', 'a', 'l', 'l', 'e', 'y', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "artspac.es", true */ 'a', 'r', 't', 's', 'p', 'a', 'c', '.', 'e', 's', '\0',
+  /* "artstopinc.com", true */ 'a', 'r', 't', 's', 't', 'o', 'p', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "arturrossa.de", true */ 'a', 'r', 't', 'u', 'r', 'r', 'o', 's', 's', 'a', '.', 'd', 'e', '\0',
+  /* "arturszalak.com", true */ 'a', 'r', 't', 'u', 'r', 's', 'z', 'a', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "artweby.cz", true */ 'a', 'r', 't', 'w', 'e', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "arty.name", true */ 'a', 'r', 't', 'y', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "arubasunsetbeach.com", true */ 'a', 'r', 'u', 'b', 'a', 's', 'u', 'n', 's', 'e', 't', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "arveron.ch", true */ 'a', 'r', 'v', 'e', 'r', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "arvid.io", true */ 'a', 'r', 'v', 'i', 'd', '.', 'i', 'o', '\0',
+  /* "arvindhariharan.com", true */ 'a', 'r', 'v', 'i', 'n', 'd', 'h', 'a', 'r', 'i', 'h', 'a', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arvindhariharan.me", true */ 'a', 'r', 'v', 'i', 'n', 'd', 'h', 'a', 'r', 'i', 'h', 'a', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "arvutiladu.ee", true */ 'a', 'r', 'v', 'u', 't', 'i', 'l', 'a', 'd', 'u', '.', 'e', 'e', '\0',
+  /* "arw.me", true */ 'a', 'r', 'w', '.', 'm', 'e', '\0',
+  /* "arxell.com", true */ 'a', 'r', 'x', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aryan-nation.com", true */ 'a', 'r', 'y', 'a', 'n', '-', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aryasenna.net", true */ 'a', 'r', 'y', 'a', 's', 'e', 'n', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "arzid.com", true */ 'a', 'r', 'z', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "as200753.com", true */ 'a', 's', '2', '0', '0', '7', '5', '3', '.', 'c', 'o', 'm', '\0',
+  /* "as200753.net", true */ 'a', 's', '2', '0', '0', '7', '5', '3', '.', 'n', 'e', 't', '\0',
+  /* "as44222.net", true */ 'a', 's', '4', '4', '2', '2', '2', '.', 'n', 'e', 't', '\0',
+  /* "asadatec.de", true */ 'a', 's', 'a', 'd', 'a', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "asadzulfahri.com", true */ 'a', 's', 'a', 'd', 'z', 'u', 'l', 'f', 'a', 'h', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "asafilm.co", true */ 'a', 's', 'a', 'f', 'i', 'l', 'm', '.', 'c', 'o', '\0',
+  /* "asafomba.com", true */ 'a', 's', 'a', 'f', 'o', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asana.studio", true */ 'a', 's', 'a', 'n', 'a', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "asandu.eu", true */ 'a', 's', 'a', 'n', 'd', 'u', '.', 'e', 'u', '\0',
+  /* "asanger.biz", true */ 'a', 's', 'a', 'n', 'g', 'e', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "asato-jewelry.com", true */ 'a', 's', 'a', 't', 'o', '-', 'j', 'e', 'w', 'e', 'l', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "asbito.de", true */ 'a', 's', 'b', 'i', 't', 'o', '.', 'd', 'e', '\0',
+  /* "ascension.run", true */ 'a', 's', 'c', 'e', 'n', 's', 'i', 'o', 'n', '.', 'r', 'u', 'n', '\0',
+  /* "ascgathering.com", true */ 'a', 's', 'c', 'g', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ascii.moe", true */ 'a', 's', 'c', 'i', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "asciitable.tips", true */ 'a', 's', 'c', 'i', 'i', 't', 'a', 'b', 'l', 'e', '.', 't', 'i', 'p', 's', '\0',
+  /* "asd.gov.au", true */ 'a', 's', 'd', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0',
+  /* "asdyx.de", true */ 'a', 's', 'd', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "asec01.net", true */ 'a', 's', 'e', 'c', '0', '1', '.', 'n', 'e', 't', '\0',
+  /* "aseith.com", true */ 'a', 's', 'e', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "asepms.com", true */ 'a', 's', 'e', 'p', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aserver.co", true */ 'a', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "asgapps.co.za", true */ 'a', 's', 'g', 'a', 'p', 'p', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "asge-handel.de", true */ 'a', 's', 'g', 'e', '-', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "ashleakunowski.com", true */ 'a', 's', 'h', 'l', 'e', 'a', 'k', 'u', 'n', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ashleyfoley.photography", true */ 'a', 's', 'h', 'l', 'e', 'y', 'f', 'o', 'l', 'e', 'y', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "ashmportfolio.com", true */ 'a', 's', 'h', 'm', 'p', 'o', 'r', 't', 'f', 'o', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ashutoshmishra.org", true */ 'a', 's', 'h', 'u', 't', 'o', 's', 'h', 'm', 'i', 's', 'h', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "asia-gazette.com", true */ 'a', 's', 'i', 'a', '-', 'g', 'a', 'z', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "asia.dating", true */ 'a', 's', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "asialeonding.at", true */ 'a', 's', 'i', 'a', 'l', 'e', 'o', 'n', 'd', 'i', 'n', 'g', '.', 'a', 't', '\0',
+  /* "asianbet77.net", true */ 'a', 's', 'i', 'a', 'n', 'b', 'e', 't', '7', '7', '.', 'n', 'e', 't', '\0',
+  /* "asianshops.net", true */ 'a', 's', 'i', 'a', 'n', 's', 'h', 'o', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "asiesvenezuela.com", true */ 'a', 's', 'i', 'e', 's', 'v', 'e', 'n', 'e', 'z', 'u', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asinetasima.com", true */ 'a', 's', 'i', 'n', 'e', 't', 'a', 's', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asisee.co.il", true */ 'a', 's', 'i', 's', 'e', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "asisee.photography", true */ 'a', 's', 'i', 's', 'e', 'e', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "ask.fedoraproject.org", true */ 'a', 's', 'k', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ask.stg.fedoraproject.org", true */ 'a', 's', 'k', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "askizzy.org.au", true */ 'a', 's', 'k', 'i', 'z', 'z', 'y', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "askkaren.gov", true */ 'a', 's', 'k', 'k', 'a', 'r', 'e', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "askme24.de", true */ 'a', 's', 'k', 'm', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "askv6.net", true */ 'a', 's', 'k', 'v', '6', '.', 'n', 'e', 't', '\0',
+  /* "askwhy.cz", true */ 'a', 's', 'k', 'w', 'h', 'y', '.', 'c', 'z', '\0',
+  /* "askwhy.eu", true */ 'a', 's', 'k', 'w', 'h', 'y', '.', 'e', 'u', '\0',
+  /* "asm-x.com", false */ 'a', 's', 'm', '-', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "asmbsurvey.com", true */ 'a', 's', 'm', 'b', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "asmdz.com", true */ 'a', 's', 'm', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "asoul.tw", true */ 'a', 's', 'o', 'u', 'l', '.', 't', 'w', '\0',
+  /* "aspargesgaarden.no", true */ 'a', 's', 'p', 'a', 'r', 'g', 'e', 's', 'g', 'a', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "aspatrimoine.com", true */ 'a', 's', 'p', 'a', 't', 'r', 'i', 'm', 'o', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "asperti.com", true */ 'a', 's', 'p', 'e', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "asphyxia.su", true */ 'a', 's', 'p', 'h', 'y', 'x', 'i', 'a', '.', 's', 'u', '\0',
+  /* "aspiescentral.com", true */ 'a', 's', 'p', 'i', 'e', 's', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aspires.co.jp", true */ 'a', 's', 'p', 'i', 'r', 'e', 's', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "aspisdata.com", true */ 'a', 's', 'p', 'i', 's', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asr.cloud", true */ 'a', 's', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "asr.li", true */ 'a', 's', 'r', '.', 'l', 'i', '\0',
+  /* "asr.rocks", true */ 'a', 's', 'r', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "asr.solar", true */ 'a', 's', 'r', '.', 's', 'o', 'l', 'a', 'r', '\0',
+  /* "asra.gr", true */ 'a', 's', 'r', 'a', '.', 'g', 'r', '\0',
+  /* "asrob.eu", false */ 'a', 's', 'r', 'o', 'b', '.', 'e', 'u', '\0',
+  /* "asryflorist.com", true */ 'a', 's', 'r', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "assadrivesloirecher.com", true */ 'a', 's', 's', 'a', 'd', 'r', 'i', 'v', 'e', 's', 'l', 'o', 'i', 'r', 'e', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "asseenfromthesidecar.org", true */ 'a', 's', 's', 'e', 'e', 'n', 'f', 'r', 'o', 'm', 't', 'h', 'e', 's', 'i', 'd', 'e', 'c', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "assemble-together.org", true */ 'a', 's', 's', 'e', 'm', 'b', 'l', 'e', '-', 't', 'o', 'g', 'e', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "assempsaibiza.com", true */ 'a', 's', 's', 'e', 'm', 'p', 's', 'a', 'i', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "assertion.de", true */ 'a', 's', 's', 'e', 'r', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "assessoriati.com.br", true */ 'a', 's', 's', 'e', 's', 's', 'o', 'r', 'i', 'a', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "assetict.com", true */ 'a', 's', 's', 'e', 't', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "assetsupervision.com", true */ 'a', 's', 's', 'e', 't', 's', 'u', 'p', 'e', 'r', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "assetvault.co.za", true */ 'a', 's', 's', 'e', 't', 'v', 'a', 'u', 'l', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "assguidesporrentruy.ch", true */ 'a', 's', 's', 'g', 'u', 'i', 'd', 'e', 's', 'p', 'o', 'r', 'r', 'e', 'n', 't', 'r', 'u', 'y', '.', 'c', 'h', '\0',
+  /* "assistance-personnes-agees.ch", true */ 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '-', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 's', '-', 'a', 'g', 'e', 'e', 's', '.', 'c', 'h', '\0',
+  /* "assistcart.com", true */ 'a', 's', 's', 'i', 's', 't', 'c', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "assistenzamicroonde.org", true */ 'a', 's', 's', 'i', 's', 't', 'e', 'n', 'z', 'a', 'm', 'i', 'c', 'r', 'o', 'o', 'n', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "assodigitale.it", true */ 'a', 's', 's', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "assumptionpj.org", true */ 'a', 's', 's', 'u', 'm', 'p', 't', 'i', 'o', 'n', 'p', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "assurancesmons.be", true */ 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', 's', 'm', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "astaninki.com", true */ 'a', 's', 't', 'a', 'n', 'i', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "astarbouncycastles.co.uk", true */ 'a', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "astarmathsandphysics.com", true */ 'a', 's', 't', 'a', 'r', 'm', 'a', 't', 'h', 's', 'a', 'n', 'd', 'p', 'h', 'y', 's', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "astec-informatica.com", true */ 'a', 's', 't', 'e', 'c', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "astengox.com", true */ 'a', 's', 't', 'e', 'n', 'g', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "astenotarili.online", true */ 'a', 's', 't', 'e', 'n', 'o', 't', 'a', 'r', 'i', 'l', 'i', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "astenretail.com", true */ 'a', 's', 't', 'e', 'n', 'r', 'e', 't', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "astraalivankila.net", true */ 'a', 's', 't', 'r', 'a', 'a', 'l', 'i', 'v', 'a', 'n', 'k', 'i', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "astrath.net", true */ 'a', 's', 't', 'r', 'a', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "astronomie-fulda.de", true */ 'a', 's', 't', 'r', 'o', 'n', 'o', 'm', 'i', 'e', '-', 'f', 'u', 'l', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "astroscopy.ch", true */ 'a', 's', 't', 'r', 'o', 's', 'c', 'o', 'p', 'y', '.', 'c', 'h', '\0',
+  /* "astrosnail.pt.eu.org", true */ 'a', 's', 't', 'r', 'o', 's', 'n', 'a', 'i', 'l', '.', 'p', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "astural.org", true */ 'a', 's', 't', 'u', 'r', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "astutikhonda.com", true */ 'a', 's', 't', 'u', 't', 'i', 'k', 'h', 'o', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "astutr.co", true */ 'a', 's', 't', 'u', 't', 'r', '.', 'c', 'o', '\0',
+  /* "asucrews.com", true */ 'a', 's', 'u', 'c', 'r', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "asuhe.cc", true */ 'a', 's', 'u', 'h', 'e', '.', 'c', 'c', '\0',
+  /* "asuhe.win", true */ 'a', 's', 'u', 'h', 'e', '.', 'w', 'i', 'n', '\0',
+  /* "asuka.io", true */ 'a', 's', 'u', 'k', 'a', '.', 'i', 'o', '\0',
+  /* "asun.co", true */ 'a', 's', 'u', 'n', '.', 'c', 'o', '\0',
+  /* "asurepay.cc", true */ 'a', 's', 'u', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'c', '\0',
+  /* "asustreiber.de", true */ 'a', 's', 'u', 's', 't', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "asvsa.ch", true */ 'a', 's', 'v', 's', 'a', '.', 'c', 'h', '\0',
+  /* "async.be", false */ 'a', 's', 'y', 'n', 'c', '.', 'b', 'e', '\0',
+  /* "at.search.yahoo.com", false */ 'a', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "atacadooptico.com.br", true */ 'a', 't', 'a', 'c', 'a', 'd', 'o', 'o', 'p', 't', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ataton.ch", true */ 'a', 't', 'a', 't', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "atc.io", true */ 'a', 't', 'c', '.', 'i', 'o', '\0',
+  /* "atchleyjazz.com", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'j', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "atchleyjazz.org", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'j', 'a', 'z', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "atchleylab.org", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "atcom.cl", true */ 'a', 't', 'c', 'o', 'm', '.', 'c', 'l', '\0',
+  /* "atds.ch", true */ 'a', 't', 'd', 's', '.', 'c', 'h', '\0',
+  /* "atease-salon.jp", true */ 'a', 't', 'e', 'a', 's', 'e', '-', 's', 'a', 'l', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "ateli.com", true */ 'a', 't', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "atelier-coiffure.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'c', 'o', 'i', 'f', 'f', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "atelier-naruby.cz", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'n', 'a', 'r', 'u', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "atelier-viennois-cannes.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'v', 'i', 'e', 'n', 'n', 'o', 'i', 's', '-', 'c', 'a', 'n', 'n', 'e', 's', '.', 'f', 'r', '\0',
+  /* "atelieraphelion.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'a', 'p', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "atelierbw.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'b', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "atelierdefrancais.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "atelierdesflammesnoires.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'd', 'e', 's', 'f', 'l', 'a', 'm', 'm', 'e', 's', 'n', 'o', 'i', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "atelierhupsakee.nl", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'h', 'u', 'p', 's', 'a', 'k', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "ateliernaruby.cz", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'n', 'a', 'r', 'u', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "ateliernihongo.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'n', 'i', 'h', 'o', 'n', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "ateliers-veronese-nantes.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', '-', 'v', 'e', 'r', 'o', 'n', 'e', 's', 'e', '-', 'n', 'a', 'n', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "ateliersantgervasi.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 'a', 'n', 't', 'g', 'e', 'r', 'v', 'a', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "atelierssud.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 's', 'u', 'd', '.', 'c', 'h', '\0',
+  /* "atelierssud.swiss", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 's', 'u', 'd', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "atg.soy", true */ 'a', 't', 'g', '.', 's', 'o', 'y', '\0',
+  /* "atgoetschel.ch", true */ 'a', 't', 'g', 'o', 'e', 't', 's', 'c', 'h', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "atgseed.co.uk", true */ 'a', 't', 'g', 's', 'e', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "atgseed.uk", true */ 'a', 't', 'g', 's', 'e', 'e', 'd', '.', 'u', 'k', '\0',
+  /* "ath0.org", true */ 'a', 't', 'h', '0', '.', 'o', 'r', 'g', '\0',
+  /* "athena-bartholdi.com", true */ 'a', 't', 'h', 'e', 'n', 'a', '-', 'b', 'a', 'r', 't', 'h', 'o', 'l', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "athena-garage.co.uk", true */ 'a', 't', 'h', 'e', 'n', 'a', '-', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "atheoryofchange.com", true */ 'a', 't', 'h', 'e', 'o', 'r', 'y', 'o', 'f', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "athlin.de", true */ 'a', 't', 'h', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "atishchenko.com", true */ 'a', 't', 'i', 's', 'h', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "atisoft.biz", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'b', 'i', 'z', '\0',
+  /* "atisoft.com.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "atisoft.net", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "atisoft.net.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '.', 't', 'r', '\0',
+  /* "atisoft.web.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'w', 'e', 'b', '.', 't', 'r', '\0',
+  /* "atitude.com", true */ 'a', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ativapsicologia.com.br", true */ 'a', 't', 'i', 'v', 'a', 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "atk.me", true */ 'a', 't', 'k', '.', 'm', 'e', '\0',
+  /* "atkdesign.pt", true */ 'a', 't', 'k', 'd', 'e', 's', 'i', 'g', 'n', '.', 'p', 't', '\0',
+  /* "atl-paas.net", true */ 'a', 't', 'l', '-', 'p', 'a', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "atlantahairsurgeon.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 'h', 'a', 'i', 'r', 's', 'u', 'r', 'g', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "atlantareroof.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 'r', 'e', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "atlantaspringroll.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 's', 'p', 'r', 'i', 'n', 'g', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "atlantichomes.com.au", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 'c', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "atlantis-kh.noip.me", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', '-', 'k', 'h', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "atlantischild.hu", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', 'c', 'h', 'i', 'l', 'd', '.', 'h', 'u', '\0',
+  /* "atlantiswaterproofing.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "atlas-5.site", true */ 'a', 't', 'l', 'a', 's', '-', '5', '.', 's', 'i', 't', 'e', '\0',
+  /* "atlas-staging.ml", true */ 'a', 't', 'l', 'a', 's', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'm', 'l', '\0',
+  /* "atlas.co", true */ 'a', 't', 'l', 'a', 's', '.', 'c', 'o', '\0',
+  /* "atlaschiropractic.org", true */ 'a', 't', 'l', 'a', 's', 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 'c', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "atlascultural.com", true */ 'a', 't', 'l', 'a', 's', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "atlasone.us", true */ 'a', 't', 'l', 'a', 's', 'o', 'n', 'e', '.', 'u', 's', '\0',
+  /* "atlassian.io", true */ 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "atlassian.net", true */ 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "atletika.hu", true */ 'a', 't', 'l', 'e', 't', 'i', 'k', 'a', '.', 'h', 'u', '\0',
+  /* "atmocdn.com", true */ 'a', 't', 'm', 'o', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "atnis.com", true */ 'a', 't', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ato4sound.com", true */ 'a', 't', 'o', '4', 's', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "atolm.net", true */ 'a', 't', 'o', 'l', 'm', '.', 'n', 'e', 't', '\0',
+  /* "atom-china.org", true */ 'a', 't', 'o', 'm', '-', 'c', 'h', 'i', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "atom.solutions", true */ 'a', 't', 'o', 'm', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "atom86.net", true */ 'a', 't', 'o', 'm', '8', '6', '.', 'n', 'e', 't', '\0',
+  /* "atombase.org", true */ 'a', 't', 'o', 'm', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "atomic-bounce.com", true */ 'a', 't', 'o', 'm', 'i', 'c', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "atomicbounce.co.uk", true */ 'a', 't', 'o', 'm', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "atomism.com", true */ 'a', 't', 'o', 'm', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "atorcidabrasileira.com.br", true */ 'a', 't', 'o', 'r', 'c', 'i', 'd', 'a', 'b', 'r', 'a', 's', 'i', 'l', 'e', 'i', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "atplonline.co", true */ 'a', 't', 'p', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "atracaosexshop.com.br", true */ 'a', 't', 'r', 'a', 'c', 'a', 'o', 's', 'e', 'x', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "atraining.ru", true */ 'a', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "atraverscugy.ch", true */ 'a', 't', 'r', 'a', 'v', 'e', 'r', 's', 'c', 'u', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "atrevillot.com", true */ 'a', 't', 'r', 'e', 'v', 'i', 'l', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "atrinik.org", true */ 'a', 't', 'r', 'i', 'n', 'i', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "atte.fi", true */ 'a', 't', 't', 'e', '.', 'f', 'i', '\0',
+  /* "attendantdesign.com", true */ 'a', 't', 't', 'e', 'n', 'd', 'a', 'n', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "attilagyorffy.com", true */ 'a', 't', 't', 'i', 'l', 'a', 'g', 'y', 'o', 'r', 'f', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "attilavandervelde.nl", true */ 'a', 't', 't', 'i', 'l', 'a', 'v', 'a', 'n', 'd', 'e', 'r', 'v', 'e', 'l', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "attitudes-bureaux.fr", true */ 'a', 't', 't', 'i', 't', 'u', 'd', 'e', 's', '-', 'b', 'u', 'r', 'e', 'a', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "attogtech.com", true */ 'a', 't', 't', 'o', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "attorney.org.il", true */ 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'o', 'r', 'g', '.', 'i', 'l', '\0',
+  /* "attwood.org", true */ 'a', 't', 't', 'w', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "atulhost.com", true */ 'a', 't', 'u', 'l', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "atviras.lt", false */ 'a', 't', 'v', 'i', 'r', 'a', 's', '.', 'l', 't', '\0',
+  /* "atwonline.org", true */ 'a', 't', 'w', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "atypicom.es", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'e', 's', '\0',
+  /* "atypicom.fr", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "atypicom.it", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'i', 't', '\0',
+  /* "atypicom.pt", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'p', 't', '\0',
+  /* "atzenchefin.de", true */ 'a', 't', 'z', 'e', 'n', 'c', 'h', 'e', 'f', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "au-be.net", true */ 'a', 'u', '-', 'b', 'e', '.', 'n', 'e', 't', '\0',
+  /* "au2pb.org", true */ 'a', 'u', '2', 'p', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "aubergegilly.ch", true */ 'a', 'u', 'b', 'e', 'r', 'g', 'e', 'g', 'i', 'l', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "aubg.org", true */ 'a', 'u', 'b', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "aubio.org", true */ 'a', 'u', 'b', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "aubonmanger.fr", true */ 'a', 'u', 'b', 'o', 'n', 'm', 'a', 'n', 'g', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "aucklandcastles.co.uk", true */ 'a', 'u', 'c', 'k', 'l', 'a', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aucubin.de", true */ 'a', 'u', 'c', 'u', 'b', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "audialbuquerqueparts.com", true */ 'a', 'u', 'd', 'i', 'a', 'l', 'b', 'u', 'q', 'u', 'e', 'r', 'q', 'u', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "audiblox.co.za", true */ 'a', 'u', 'd', 'i', 'b', 'l', 'o', 'x', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "audiense.com", true */ 'a', 'u', 'd', 'i', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "audio-detector.com", true */ 'a', 'u', 'd', 'i', 'o', '-', 'd', 'e', 't', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "audiolibri.org", true */ 'a', 'u', 'd', 'i', 'o', 'l', 'i', 'b', 'r', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "audiophile.ch", true */ 'a', 'u', 'd', 'i', 'o', 'p', 'h', 'i', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "audiorental.net", true */ 'a', 'u', 'd', 'i', 'o', 'r', 'e', 'n', 't', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "audisto.com", true */ 'a', 'u', 'd', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "auditos.com", true */ 'a', 'u', 'd', 'i', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "auditsquare.com", true */ 'a', 'u', 'd', 'i', 't', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auerbach-verlag.de", true */ 'a', 'u', 'e', 'r', 'b', 'a', 'c', 'h', '-', 'v', 'e', 'r', 'l', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "auf-feindgebiet.de", true */ 'a', 'u', 'f', '-', 'f', 'e', 'i', 'n', 'd', 'g', 'e', 'b', 'i', 'e', 't', '.', 'd', 'e', '\0',
+  /* "aufprise.de", true */ 'a', 'u', 'f', 'p', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0',
+  /* "augaware.org", true */ 'a', 'u', 'g', 'a', 'w', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "augen-seite.de", true */ 'a', 'u', 'g', 'e', 'n', '-', 's', 'e', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "augenblicke-blog.de", true */ 'a', 'u', 'g', 'e', 'n', 'b', 'l', 'i', 'c', 'k', 'e', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "augiero.it", true */ 'a', 'u', 'g', 'i', 'e', 'r', 'o', '.', 'i', 't', '\0',
+  /* "augmentable.de", true */ 'a', 'u', 'g', 'm', 'e', 'n', 't', 'a', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "august.black", true */ 'a', 'u', 'g', 'u', 's', 't', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "augustian-life.cz", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'a', 'n', '-', 'l', 'i', 'f', 'e', '.', 'c', 'z', '\0',
+  /* "augustiner-kantorei-erfurt.de", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', 'e', 'r', '-', 'k', 'a', 'n', 't', 'o', 'r', 'e', 'i', '-', 'e', 'r', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "augustiner-kantorei.de", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', 'e', 'r', '-', 'k', 'a', 'n', 't', 'o', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "aukaraoke.su", true */ 'a', 'u', 'k', 'a', 'r', 'a', 'o', 'k', 'e', '.', 's', 'u', '\0',
+  /* "aulaschrank.gq", true */ 'a', 'u', 'l', 'a', 's', 'c', 'h', 'r', 'a', 'n', 'k', '.', 'g', 'q', '\0',
+  /* "aulo.in", false */ 'a', 'u', 'l', 'o', '.', 'i', 'n', '\0',
+  /* "aunali1.com", true */ 'a', 'u', 'n', 'a', 'l', 'i', '1', '.', 'c', 'o', 'm', '\0',
+  /* "auntie-eileens.com.au", true */ 'a', 'u', 'n', 't', 'i', 'e', '-', 'e', 'i', 'l', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "auplidespages.fr", true */ 'a', 'u', 'p', 'l', 'i', 'd', 'e', 's', 'p', 'a', 'g', 'e', 's', '.', 'f', 'r', '\0',
+  /* "aur.rocks", true */ 'a', 'u', 'r', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "aureus.pw", true */ 'a', 'u', 'r', 'e', 'u', 's', '.', 'p', 'w', '\0',
+  /* "auri.ga", true */ 'a', 'u', 'r', 'i', '.', 'g', 'a', '\0',
+  /* "auricblue.com", true */ 'a', 'u', 'r', 'i', 'c', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auriko-games.de", true */ 'a', 'u', 'r', 'i', 'k', 'o', '-', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0',
+  /* "aurora-multimedia.co.uk", true */ 'a', 'u', 'r', 'o', 'r', 'a', '-', 'm', 'u', 'l', 't', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "auroraassociationofrealtors.com", true */ 'a', 'u', 'r', 'o', 'r', 'a', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', 'o', 'f', 'r', 'e', 'a', 'l', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aurorarecordings.com", true */ 'a', 'u', 'r', 'o', 'r', 'a', 'r', 'e', 'c', 'o', 'r', 'd', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aurosa.cz", true */ 'a', 'u', 'r', 'o', 's', 'a', '.', 'c', 'z', '\0',
+  /* "aus-ryugaku.info", true */ 'a', 'u', 's', '-', 'r', 'y', 'u', 'g', 'a', 'k', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "auskunftsbegehren.at", true */ 'a', 'u', 's', 'k', 'u', 'n', 'f', 't', 's', 'b', 'e', 'g', 'e', 'h', 'r', 'e', 'n', '.', 'a', 't', '\0',
+  /* "auslandsjahr-usa.de", false */ 'a', 'u', 's', 'l', 'a', 'n', 'd', 's', 'j', 'a', 'h', 'r', '-', 'u', 's', 'a', '.', 'd', 'e', '\0',
+  /* "ausschreibungen-suedtirol.it", true */ 'a', 'u', 's', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'u', 'n', 'g', 'e', 'n', '-', 's', 'u', 'e', 'd', 't', 'i', 'r', 'o', 'l', '.', 'i', 't', '\0',
+  /* "aussiehq.com.au", true */ 'a', 'u', 's', 's', 'i', 'e', 'h', 'q', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aussieservicedown.com", true */ 'a', 'u', 's', 's', 'i', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "austincardiac.com", true */ 'a', 'u', 's', 't', 'i', 'n', 'c', 'a', 'r', 'd', 'i', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "austinheap.com", true */ 'a', 'u', 's', 't', 'i', 'n', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "austinmobilemechanics.net", true */ 'a', 'u', 's', 't', 'i', 'n', 'm', 'o', 'b', 'i', 'l', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "austinstore.com.br", true */ 'a', 'u', 's', 't', 'i', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "australian.dating", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "australianfreebets.com.au", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', 'n', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "australien-tipps.info", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'e', 'n', '-', 't', 'i', 'p', 'p', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "austromorph.space", true */ 'a', 'u', 's', 't', 'r', 'o', 'm', 'o', 'r', 'p', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "auszeit-lanzarote.com", true */ 'a', 'u', 's', 'z', 'e', 'i', 't', '-', 'l', 'a', 'n', 'z', 'a', 'r', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auszeit.bio", true */ 'a', 'u', 's', 'z', 'e', 'i', 't', '.', 'b', 'i', 'o', '\0',
+  /* "auth.adult", true */ 'a', 'u', 't', 'h', '.', 'a', 'd', 'u', 'l', 't', '\0',
+  /* "authinfo-bestellen.de", true */ 'a', 'u', 't', 'h', 'i', 'n', 'f', 'o', '-', 'b', 'e', 's', 't', 'e', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "author24.biz", true */ 'a', 'u', 't', 'h', 'o', 'r', '2', '4', '.', 'b', 'i', 'z', '\0',
+  /* "authorsguild.in", true */ 'a', 'u', 't', 'h', 'o', 'r', 's', 'g', 'u', 'i', 'l', 'd', '.', 'i', 'n', '\0',
+  /* "autimatisering.nl", true */ 'a', 'u', 't', 'i', 'm', 'a', 't', 'i', 's', 'e', 'r', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "autism-osaka.org", true */ 'a', 'u', 't', 'i', 's', 'm', '-', 'o', 's', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "auto-anleitung.de", true */ 'a', 'u', 't', 'o', '-', 'a', 'n', 'l', 'e', 'i', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "auto-plus.tn", true */ 'a', 'u', 't', 'o', '-', 'p', 'l', 'u', 's', '.', 't', 'n', '\0',
+  /* "autoauctionsohio.com", true */ 'a', 'u', 't', 'o', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'o', 'h', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "autoauctionsvirginia.com", true */ 'a', 'u', 't', 'o', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'v', 'i', 'r', 'g', 'i', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "autobedrijfschalkoort.nl", true */ 'a', 'u', 't', 'o', 'b', 'e', 'd', 'r', 'i', 'j', 'f', 's', 'c', 'h', 'a', 'l', 'k', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "autoclean-plus.ch", true */ 'a', 'u', 't', 'o', 'c', 'l', 'e', 'a', 'n', '-', 'p', 'l', 'u', 's', '.', 'c', 'h', '\0',
+  /* "autocmall.com", true */ 'a', 'u', 't', 'o', 'c', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "autocorner.com", true */ 'a', 'u', 't', 'o', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "autodalmacija.com", true */ 'a', 'u', 't', 'o', 'd', 'a', 'l', 'm', 'a', 'c', 'i', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "autoecoledumontblanc.com", true */ 'a', 'u', 't', 'o', 'e', 'c', 'o', 'l', 'e', 'd', 'u', 'm', 'o', 'n', 't', 'b', 'l', 'a', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "autoentrepreneurinfo.com", true */ 'a', 'u', 't', 'o', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "autoinsurancehavasu.com", true */ 'a', 'u', 't', 'o', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'h', 'a', 'v', 'a', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "autoledky.sk", true */ 'a', 'u', 't', 'o', 'l', 'e', 'd', 'k', 'y', '.', 's', 'k', '\0',
+  /* "automacity.com", true */ 'a', 'u', 't', 'o', 'm', 'a', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "automatethis.com.au", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'e', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "automatic.com", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "automationpro.me", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'o', 'n', 'p', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "automotivegroup-usedcars.be", true */ 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', 'g', 'r', 'o', 'u', 'p', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "automotivemechanic.org", true */ 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "autoosijek.com", true */ 'a', 'u', 't', 'o', 'o', 's', 'i', 'j', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "autoparts.im", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'i', 'm', '\0',
+  /* "autoparts.sh", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 's', 'h', '\0',
+  /* "autoparts.wf", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'w', 'f', '\0',
+  /* "autos-retro-plaisir.com", true */ 'a', 'u', 't', 'o', 's', '-', 'r', 'e', 't', 'r', 'o', '-', 'p', 'l', 'a', 'i', 's', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "autoscuola.roma.it", true */ 'a', 'u', 't', 'o', 's', 'c', 'u', 'o', 'l', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "autoshinka72.ru", true */ 'a', 'u', 't', 'o', 's', 'h', 'i', 'n', 'k', 'a', '7', '2', '.', 'r', 'u', '\0',
+  /* "autoskola.hr", true */ 'a', 'u', 't', 'o', 's', 'k', 'o', 'l', 'a', '.', 'h', 'r', '\0',
+  /* "autoskole.hr", true */ 'a', 'u', 't', 'o', 's', 'k', 'o', 'l', 'e', '.', 'h', 'r', '\0',
+  /* "autostodulky.cz", true */ 'a', 'u', 't', 'o', 's', 't', 'o', 'd', 'u', 'l', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "autotechschool.com", true */ 'a', 'u', 't', 'o', 't', 'e', 'c', 'h', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "autoterminus-used.be", true */ 'a', 'u', 't', 'o', 't', 'e', 'r', 'm', 'i', 'n', 'u', 's', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "autoverzekeringafsluiten.com", true */ 'a', 'u', 't', 'o', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'i', 'n', 'g', 'a', 'f', 's', 'l', 'u', 'i', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "autoxy.it", true */ 'a', 'u', 't', 'o', 'x', 'y', '.', 'i', 't', '\0',
+  /* "autozane.com", true */ 'a', 'u', 't', 'o', 'z', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auvernet.org", true */ 'a', 'u', 'v', 'e', 'r', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "auvious.com", true */ 'a', 'u', 'v', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "auxquatrevents.ch", true */ 'a', 'u', 'x', 'q', 'u', 'a', 't', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "av01.tv", true */ 'a', 'v', '0', '1', '.', 't', 'v', '\0',
+  /* "av163.cc", true */ 'a', 'v', '1', '6', '3', '.', 'c', 'c', '\0',
+  /* "ava-creative.de", false */ 'a', 'v', 'a', '-', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "ava-software.at", true */ 'a', 'v', 'a', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'a', 't', '\0',
+  /* "avaaz.org", true */ 'a', 'v', 'a', 'a', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "avabouncehire.co.uk", true */ 'a', 'v', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "avacariu.me", true */ 'a', 'v', 'a', 'c', 'a', 'r', 'i', 'u', '.', 'm', 'e', '\0',
+  /* "availablecastles.com", true */ 'a', 'v', 'a', 'i', 'l', 'a', 'b', 'l', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "avalon-island.ru", true */ 'a', 'v', 'a', 'l', 'o', 'n', '-', 'i', 's', 'l', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "avalon-studios.de", true */ 'a', 'v', 'a', 'l', 'o', 'n', '-', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'd', 'e', '\0',
+  /* "avanet.ch", true */ 'a', 'v', 'a', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "avanovum.de", true */ 'a', 'v', 'a', 'n', 'o', 'v', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "avaq.fr", true */ 'a', 'v', 'a', 'q', '.', 'f', 'r', '\0',
+  /* "avarty.com", true */ 'a', 'v', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "avarty.net", true */ 'a', 'v', 'a', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "avastantivirus.ro", true */ 'a', 'v', 'a', 's', 't', 'a', 'n', 't', 'i', 'v', 'i', 'r', 'u', 's', '.', 'r', 'o', '\0',
+  /* "avcd.cz", true */ 'a', 'v', 'c', 'd', '.', 'c', 'z', '\0',
+  /* "avdagic.net", true */ 'a', 'v', 'd', 'a', 'g', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "avdh.top", true */ 'a', 'v', 'd', 'h', '.', 't', 'o', 'p', '\0',
+  /* "ave.zone", true */ 'a', 'v', 'e', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "aveapps.com", false */ 'a', 'v', 'e', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "avedesk.org", false */ 'a', 'v', 'e', 'd', 'e', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "aventurische-allianz.de", true */ 'a', 'v', 'e', 'n', 't', 'u', 'r', 'i', 's', 'c', 'h', 'e', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "avenueeyecare.com", true */ 'a', 'v', 'e', 'n', 'u', 'e', 'e', 'y', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "averageinspired.com", true */ 'a', 'v', 'e', 'r', 'a', 'g', 'e', 'i', 'n', 's', 'p', 'i', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "averam.net", true */ 'a', 'v', 'e', 'r', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "averen.co.uk", true */ 'a', 'v', 'e', 'r', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "avg.club", true */ 'a', 'v', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "avi9526.pp.ua", true */ 'a', 'v', 'i', '9', '5', '2', '6', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "aviationstrategy.aero", true */ 'a', 'v', 'i', 'a', 't', 'i', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "avid.blue", true */ 'a', 'v', 'i', 'd', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "aviv.nyc", true */ 'a', 'v', 'i', 'v', '.', 'n', 'y', 'c', '\0',
+  /* "avmemo.com", true */ 'a', 'v', 'm', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "avmo.pw", true */ 'a', 'v', 'm', 'o', '.', 'p', 'w', '\0',
+  /* "avmoo.com", true */ 'a', 'v', 'm', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "avnet.ws", true */ 'a', 'v', 'n', 'e', 't', '.', 'w', 's', '\0',
+  /* "avocode.com", true */ 'a', 'v', 'o', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "avotoma.com", true */ 'a', 'v', 'o', 't', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "avova.de", true */ 'a', 'v', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "avpres.net", true */ 'a', 'v', 'p', 'r', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "avso.pw", true */ 'a', 'v', 's', 'o', '.', 'p', 'w', '\0',
+  /* "avsox.com", true */ 'a', 'v', 's', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "avspot.net", true */ 'a', 'v', 's', 'p', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "avticket.ru", false */ 'a', 'v', 't', 'i', 'c', 'k', 'e', 't', '.', 'r', 'u', '\0',
+  /* "avtoforex.ru", true */ 'a', 'v', 't', 'o', 'f', 'o', 'r', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "avtogara-isperih.com", true */ 'a', 'v', 't', 'o', 'g', 'a', 'r', 'a', '-', 'i', 's', 'p', 'e', 'r', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "avtosept.by", true */ 'a', 'v', 't', 'o', 's', 'e', 'p', 't', '.', 'b', 'y', '\0',
+  /* "avtovokzaly.ru", true */ 'a', 'v', 't', 'o', 'v', 'o', 'k', 'z', 'a', 'l', 'y', '.', 'r', 'u', '\0',
+  /* "avvcorda.com", true */ 'a', 'v', 'v', 'c', 'o', 'r', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "avxo.pw", true */ 'a', 'v', 'x', 'o', '.', 'p', 'w', '\0',
+  /* "awaremi-tai.com", true */ 'a', 'w', 'a', 'r', 'e', 'm', 'i', '-', 't', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "awaro.net", false */ 'a', 'w', 'a', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "awbouncycastlehire.com", true */ 'a', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "awccanadianpharmacy.com", true */ 'a', 'w', 'c', 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "awei.pub", true */ 'a', 'w', 'e', 'i', '.', 'p', 'u', 'b', '\0',
+  /* "awen.me", true */ 'a', 'w', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "awesomebouncycastles.co.uk", true */ 'a', 'w', 'e', 's', 'o', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "awin.la", true */ 'a', 'w', 'i', 'n', '.', 'l', 'a', '\0',
+  /* "awk.tw", true */ 'a', 'w', 'k', '.', 't', 'w', '\0',
+  /* "awksolutions.com", true */ 'a', 'w', 'k', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "awningsaboveus.com", true */ 'a', 'w', 'n', 'i', 'n', 'g', 's', 'a', 'b', 'o', 'v', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "awomaninherprime.com", true */ 'a', 'w', 'o', 'm', 'a', 'n', 'i', 'n', 'h', 'e', 'r', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "awsmdev.de", true */ 'a', 'w', 's', 'm', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "awxg.com", true */ 'a', 'w', 'x', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ax25.org", true */ 'a', 'x', '2', '5', '.', 'o', 'r', 'g', '\0',
+  /* "axel-fischer.net", true */ 'a', 'x', 'e', 'l', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "axelteichmann.net", true */ 'a', 'x', 'e', 'l', 't', 'e', 'i', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "axem.co.jp", true */ 'a', 'x', 'e', 'm', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "axialsports.com", true */ 'a', 'x', 'i', 'a', 'l', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "axiomer.com", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "axiomer.es", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'e', 's', '\0',
+  /* "axiomer.eu", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "axiomer.me", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "axiomer.net", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "axiomer.org", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "axka.com", false */ 'a', 'x', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "axolotlfarm.org", true */ 'a', 'x', 'o', 'l', 'o', 't', 'l', 'f', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "axrec.de", true */ 'a', 'x', 'r', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "axtux.tk", true */ 'a', 'x', 't', 'u', 'x', '.', 't', 'k', '\0',
+  /* "axxial.tk", true */ 'a', 'x', 'x', 'i', 'a', 'l', '.', 't', 'k', '\0',
+  /* "ayatk.com", true */ 'a', 'y', 'a', 't', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aycomba.de", true */ 'a', 'y', 'c', 'o', 'm', 'b', 'a', '.', 'd', 'e', '\0',
+  /* "ayesh.me", true */ 'a', 'y', 'e', 's', 'h', '.', 'm', 'e', '\0',
+  /* "ayesh.win", true */ 'a', 'y', 'e', 's', 'h', '.', 'w', 'i', 'n', '\0',
+  /* "aykutcevik.com", true */ 'a', 'y', 'k', 'u', 't', 'c', 'e', 'v', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aylak.com", true */ 'a', 'y', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aylesburycastlehire.co.uk", true */ 'a', 'y', 'l', 'e', 's', 'b', 'u', 'r', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aymerick.fr", true */ 'a', 'y', 'm', 'e', 'r', 'i', 'c', 'k', '.', 'f', 'r', '\0',
+  /* "aymericlagier.com", true */ 'a', 'y', 'm', 'e', 'r', 'i', 'c', 'l', 'a', 'g', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ayothemes.com", true */ 'a', 'y', 'o', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ayrohq.com", true */ 'a', 'y', 'r', 'o', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "ayrshirebouncycastlehire.co.uk", true */ 'a', 'y', 'r', 's', 'h', 'i', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ayurveda-mantry.com", true */ 'a', 'y', 'u', 'r', 'v', 'e', 'd', 'a', '-', 'm', 'a', 'n', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ayurveda101.com", false */ 'a', 'y', 'u', 'r', 'v', 'e', 'd', 'a', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "az-vinyl-boden.de", true */ 'a', 'z', '-', 'v', 'i', 'n', 'y', 'l', '-', 'b', 'o', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "az.search.yahoo.com", false */ 'a', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "azabani.com", true */ 'a', 'z', 'a', 'b', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "azia.info", true */ 'a', 'z', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "azimut.fr", true */ 'a', 'z', 'i', 'm', 'u', 't', '.', 'f', 'r', '\0',
+  /* "azino777.ru", true */ 'a', 'z', 'i', 'n', 'o', '7', '7', '7', '.', 'r', 'u', '\0',
+  /* "azlk-team.ru", true */ 'a', 'z', 'l', 'k', '-', 't', 'e', 'a', 'm', '.', 'r', 'u', '\0',
+  /* "azort.com", true */ 'a', 'z', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "azrazalea.net", true */ 'a', 'z', 'r', 'a', 'z', 'a', 'l', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "azso.pro", true */ 'a', 'z', 's', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "aztrix.me", true */ 'a', 'z', 't', 'r', 'i', 'x', '.', 'm', 'e', '\0',
+  /* "azu-l.com", true */ 'a', 'z', 'u', '-', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "azu-l.jp", true */ 'a', 'z', 'u', '-', 'l', '.', 'j', 'p', '\0',
+  /* "azun.pl", true */ 'a', 'z', 'u', 'n', '.', 'p', 'l', '\0',
+  /* "azuxul.fr", true */ 'a', 'z', 'u', 'x', 'u', 'l', '.', 'f', 'r', '\0',
+  /* "azzag.co.uk", true */ 'a', 'z', 'z', 'a', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "azzorti.com", true */ 'a', 'z', 'z', 'o', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "b-b-law.com", true */ 'b', '-', 'b', '-', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "b-boom.nl", true */ 'b', '-', 'b', 'o', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "b-cyclesshop.ch", true */ 'b', '-', 'c', 'y', 'c', 'l', 'e', 's', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "b-entropy.com", true */ 'b', '-', 'e', 'n', 't', 'r', 'o', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "b-pi.duckdns.org", true */ 'b', '-', 'p', 'i', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "b-root-force.de", true */ 'b', '-', 'r', 'o', 'o', 't', '-', 'f', 'o', 'r', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "b-services.net", true */ 'b', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "b-ticket.ch", true */ 'b', '-', 't', 'i', 'c', 'k', 'e', 't', '.', 'c', 'h', '\0',
+  /* "b1.work", true */ 'b', '1', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "b1c1l1.com", true */ 'b', '1', 'c', '1', 'l', '1', '.', 'c', 'o', 'm', '\0',
+  /* "b2and.com", false */ 'b', '2', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "b2bmuzikbank.com", true */ 'b', '2', 'b', 'm', 'u', 'z', 'i', 'k', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "b422edu.com", true */ 'b', '4', '2', '2', 'e', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "b4bouncycastles.co.uk", true */ 'b', '4', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "b4z.eu", true */ 'b', '4', 'z', '.', 'e', 'u', '\0',
+  /* "b64.club", true */ 'b', '6', '4', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "b72.net", true */ 'b', '7', '2', '.', 'n', 'e', 't', '\0',
+  /* "b9110.com", true */ 'b', '9', '1', '1', '0', '.', 'c', 'o', 'm', '\0',
+  /* "baalsworld.de", true */ 'b', 'a', 'a', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "baas-becking.biology.utah.edu", true */ 'b', 'a', 'a', 's', '-', 'b', 'e', 'c', 'k', 'i', 'n', 'g', '.', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'u', 't', 'a', 'h', '.', 'e', 'd', 'u', '\0',
+  /* "babacasino.net", true */ 'b', 'a', 'b', 'a', 'c', 'a', 's', 'i', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "babai.ru", true */ 'b', 'a', 'b', 'a', 'i', '.', 'r', 'u', '\0',
+  /* "babarkata.com", true */ 'b', 'a', 'b', 'a', 'r', 'k', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "babeleo.com", true */ 'b', 'a', 'b', 'e', 'l', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "babettelandmesser.de", true */ 'b', 'a', 'b', 'e', 't', 't', 'e', 'l', 'a', 'n', 'd', 'm', 'e', 's', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "baby-digne.com", true */ 'b', 'a', 'b', 'y', '-', 'd', 'i', 'g', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "babyboom.pl", true */ 'b', 'a', 'b', 'y', 'b', 'o', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "babycamapp.com", true */ 'b', 'a', 'b', 'y', 'c', 'a', 'm', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "babyfotograf-schweiz.ch", true */ 'b', 'a', 'b', 'y', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 's', 'c', 'h', 'w', 'e', 'i', 'z', '.', 'c', 'h', '\0',
+  /* "babyliss-pro.com", true */ 'b', 'a', 'b', 'y', 'l', 'i', 's', 's', '-', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "babyliss-pro.net", true */ 'b', 'a', 'b', 'y', 'l', 'i', 's', 's', '-', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "babyphototime.com", true */ 'b', 'a', 'b', 'y', 'p', 'h', 'o', 't', 'o', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "babypibu.com", true */ 'b', 'a', 'b', 'y', 'p', 'i', 'b', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "babystep.tv", true */ 'b', 'a', 'b', 'y', 's', 't', 'e', 'p', '.', 't', 'v', '\0',
+  /* "bacgrouppublishing.com", true */ 'b', 'a', 'c', 'g', 'r', 'o', 'u', 'p', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bacimg.com", true */ 'b', 'a', 'c', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "baciu.ch", true */ 'b', 'a', 'c', 'i', 'u', '.', 'c', 'h', '\0',
+  /* "backeby.eu", true */ 'b', 'a', 'c', 'k', 'e', 'b', 'y', '.', 'e', 'u', '\0',
+  /* "backenmachtgluecklich.de", true */ 'b', 'a', 'c', 'k', 'e', 'n', 'm', 'a', 'c', 'h', 't', 'g', 'l', 'u', 'e', 'c', 'k', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "backgroundz.net", true */ 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', 'z', '.', 'n', 'e', 't', '\0',
+  /* "backlogapp.io", true */ 'b', 'a', 'c', 'k', 'l', 'o', 'g', 'a', 'p', 'p', '.', 'i', 'o', '\0',
+  /* "backmountaingas.com", true */ 'b', 'a', 'c', 'k', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "backpacken.org", true */ 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "backpacker.dating", true */ 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "backscattering.de", true */ 'b', 'a', 'c', 'k', 's', 'c', 'a', 't', 't', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "backschues.com", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "backschues.de", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'd', 'e', '\0',
+  /* "backschues.net", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "backsideverbier.ch", true */ 'b', 'a', 'c', 'k', 's', 'i', 'd', 'e', 'v', 'e', 'r', 'b', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "backterris.com", true */ 'b', 'a', 'c', 'k', 't', 'e', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bacon-monitoring.org", true */ 'b', 'a', 'c', 'o', 'n', '-', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "baconate.com", true */ 'b', 'a', 'c', 'o', 'n', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baconismagic.ca", true */ 'b', 'a', 'c', 'o', 'n', 'i', 's', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'a', '\0',
+  /* "bacontreeconsulting.com", true */ 'b', 'a', 'c', 'o', 'n', 't', 'r', 'e', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bacula.jp", true */ 'b', 'a', 'c', 'u', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "bad.horse", true */ 'b', 'a', 'd', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "badai.at", true */ 'b', 'a', 'd', 'a', 'i', '.', 'a', 't', '\0',
+  /* "badam.co", true */ 'b', 'a', 'd', 'a', 'm', '.', 'c', 'o', '\0',
+  /* "badbee.cc", true */ 'b', 'a', 'd', 'b', 'e', 'e', '.', 'c', 'c', '\0',
+  /* "badf00d.de", true */ 'b', 'a', 'd', 'f', '0', '0', 'd', '.', 'd', 'e', '\0',
+  /* "badges.fedoraproject.org", true */ 'b', 'a', 'd', 'g', 'e', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "badges.stg.fedoraproject.org", true */ 'b', 'a', 'd', 'g', 'e', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "badhusky.com", true */ 'b', 'a', 'd', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "badoo.com", true */ 'b', 'a', 'd', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "badpackets.net", true */ 'b', 'a', 'd', 'p', 'a', 'c', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "badrequest.me", true */ 'b', 'a', 'd', 'r', 'e', 'q', 'u', 'e', 's', 't', '.', 'm', 'e', '\0',
+  /* "badseacoffee.com", true */ 'b', 'a', 'd', 's', 'e', 'a', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baer.im", false */ 'b', 'a', 'e', 'r', '.', 'i', 'm', '\0',
+  /* "baer.one", false */ 'b', 'a', 'e', 'r', '.', 'o', 'n', 'e', '\0',
+  /* "baffinlee.com", true */ 'b', 'a', 'f', 'f', 'i', 'n', 'l', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bag.bg", true */ 'b', 'a', 'g', '.', 'b', 'g', '\0',
+  /* "bagelsbakery.com", false */ 'b', 'a', 'g', 'e', 'l', 's', 'b', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bageluncle.com", true */ 'b', 'a', 'g', 'e', 'l', 'u', 'n', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baggy.me.uk", true */ 'b', 'a', 'g', 'g', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "bagheera.me.uk", true */ 'b', 'a', 'g', 'h', 'e', 'e', 'r', 'a', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "baglu.com", true */ 'b', 'a', 'g', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "bagsofbounce.co.uk", true */ 'b', 'a', 'g', 's', 'o', 'f', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bagspecialist.nl", true */ 'b', 'a', 'g', 's', 'p', 'e', 'c', 'i', 'a', 'l', 'i', 's', 't', '.', 'n', 'l', '\0',
+  /* "bagstage.de", true */ 'b', 'a', 'g', 's', 't', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "bah.im", false */ 'b', 'a', 'h', '.', 'i', 'm', '\0',
+  /* "bahnbonus-praemienwelt.de", true */ 'b', 'a', 'h', 'n', 'b', 'o', 'n', 'u', 's', '-', 'p', 'r', 'a', 'e', 'm', 'i', 'e', 'n', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "baifubao.com", true */ 'b', 'a', 'i', 'f', 'u', 'b', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "baiker.info", true */ 'b', 'a', 'i', 'k', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bailakomigo.com.br", true */ 'b', 'a', 'i', 'l', 'a', 'k', 'o', 'm', 'i', 'g', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "baildonbouncycastles.co.uk", true */ 'b', 'a', 'i', 'l', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "baildonhottubs.co.uk", true */ 'b', 'a', 'i', 'l', 'd', 'o', 'n', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "baileebee.com", true */ 'b', 'a', 'i', 'l', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bairdzhang.com", true */ 'b', 'a', 'i', 'r', 'd', 'z', 'h', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "baitulongbaycruises.com", true */ 'b', 'a', 'i', 't', 'u', 'l', 'o', 'n', 'g', 'b', 'a', 'y', 'c', 'r', 'u', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bajic.ch", true */ 'b', 'a', 'j', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "baka.org.cn", true */ 'b', 'a', 'k', 'a', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0',
+  /* "bakabt.info", true */ 'b', 'a', 'k', 'a', 'b', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bakaproxy.moe", true */ 'b', 'a', 'k', 'a', 'p', 'r', 'o', 'x', 'y', '.', 'm', 'o', 'e', '\0',
+  /* "bakersafari.co", true */ 'b', 'a', 'k', 'e', 'r', 's', 'a', 'f', 'a', 'r', 'i', '.', 'c', 'o', '\0',
+  /* "bakibal.com", true */ 'b', 'a', 'k', 'i', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bakim.li", true */ 'b', 'a', 'k', 'i', 'm', '.', 'l', 'i', '\0',
+  /* "bakkerinjebuurt.be", true */ 'b', 'a', 'k', 'k', 'e', 'r', 'i', 'n', 'j', 'e', 'b', 'u', 'u', 'r', 't', '.', 'b', 'e', '\0',
+  /* "bakongcondo.com", true */ 'b', 'a', 'k', 'o', 'n', 'g', 'c', 'o', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "balade-commune.ch", true */ 'b', 'a', 'l', 'a', 'd', 'e', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "baladecommune.ch", true */ 'b', 'a', 'l', 'a', 'd', 'e', 'c', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "balancascia.com.br", true */ 'b', 'a', 'l', 'a', 'n', 'c', 'a', 's', 'c', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "balancenaturalhealthclinic.ca", true */ 'b', 'a', 'l', 'a', 'n', 'c', 'e', 'n', 'a', 't', 'u', 'r', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'a', '\0',
+  /* "balboa.io", true */ 'b', 'a', 'l', 'b', 'o', 'a', '.', 'i', 'o', '\0',
+  /* "balcaonet.com.br", true */ 'b', 'a', 'l', 'c', 'a', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "balconnr.com", true */ 'b', 'a', 'l', 'c', 'o', 'n', 'n', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "balconsverdun.com", true */ 'b', 'a', 'l', 'c', 'o', 'n', 's', 'v', 'e', 'r', 'd', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "baldur.cc", true */ 'b', 'a', 'l', 'd', 'u', 'r', '.', 'c', 'c', '\0',
+  /* "balicekzdravi.cz", true */ 'b', 'a', 'l', 'i', 'c', 'e', 'k', 'z', 'd', 'r', 'a', 'v', 'i', '.', 'c', 'z', '\0',
+  /* "balidesignshop.com.br", true */ 'b', 'a', 'l', 'i', 'd', 'e', 's', 'i', 'g', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "balikonos.cz", true */ 'b', 'a', 'l', 'i', 'k', 'o', 'n', 'o', 's', '.', 'c', 'z', '\0',
+  /* "balinese.dating", true */ 'b', 'a', 'l', 'i', 'n', 'e', 's', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "balist.es", true */ 'b', 'a', 'l', 'i', 's', 't', '.', 'e', 's', '\0',
+  /* "baliyano.com", true */ 'b', 'a', 'l', 'i', 'y', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "balkonien.org", true */ 'b', 'a', 'l', 'k', 'o', 'n', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ball.holdings", true */ 'b', 'a', 'l', 'l', '.', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', '\0',
+  /* "ballarin.cc", true */ 'b', 'a', 'l', 'l', 'a', 'r', 'i', 'n', '.', 'c', 'c', '\0',
+  /* "ballbusting-cbt.com", true */ 'b', 'a', 'l', 'l', 'b', 'u', 's', 't', 'i', 'n', 'g', '-', 'c', 'b', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ballejaune.com", true */ 'b', 'a', 'l', 'l', 'e', 'j', 'a', 'u', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ballmerpeak.org", true */ 'b', 'a', 'l', 'l', 'm', 'e', 'r', 'p', 'e', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ballonsportclub-erlangen.de", true */ 'b', 'a', 'l', 'l', 'o', 'n', 's', 'p', 'o', 'r', 't', 'c', 'l', 'u', 'b', '-', 'e', 'r', 'l', 'a', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ballotapi.com", true */ 'b', 'a', 'l', 'l', 'o', 't', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ballothero.com", true */ 'b', 'a', 'l', 'l', 'o', 't', 'h', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ballroom.info", true */ 'b', 'a', 'l', 'l', 'r', 'o', 'o', 'm', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bals.org", true */ 'b', 'a', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "balslev.io", true */ 'b', 'a', 'l', 's', 'l', 'e', 'v', '.', 'i', 'o', '\0',
+  /* "bambambaby.com.br", true */ 'b', 'a', 'm', 'b', 'a', 'm', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bananensap.nl", true */ 'b', 'a', 'n', 'a', 'n', 'e', 'n', 's', 'a', 'p', '.', 'n', 'l', '\0',
+  /* "banburybid.com", true */ 'b', 'a', 'n', 'b', 'u', 'r', 'y', 'b', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bancacrs.it", true */ 'b', 'a', 'n', 'c', 'a', 'c', 'r', 's', '.', 'i', 't', '\0',
+  /* "bancoctt.pt", true */ 'b', 'a', 'n', 'c', 'o', 'c', 't', 't', '.', 'p', 't', '\0',
+  /* "bandar303.win", true */ 'b', 'a', 'n', 'd', 'a', 'r', '3', '0', '3', '.', 'w', 'i', 'n', '\0',
+  /* "bandeira1.com.br", true */ 'b', 'a', 'n', 'd', 'e', 'i', 'r', 'a', '1', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bandgap.io", true */ 'b', 'a', 'n', 'd', 'g', 'a', 'p', '.', 'i', 'o', '\0',
+  /* "bandiga.it", true */ 'b', 'a', 'n', 'd', 'i', 'g', 'a', '.', 'i', 't', '\0',
+  /* "bandito.re", true */ 'b', 'a', 'n', 'd', 'i', 't', 'o', '.', 'r', 'e', '\0',
+  /* "bangdream.ga", true */ 'b', 'a', 'n', 'g', 'd', 'r', 'e', 'a', 'm', '.', 'g', 'a', '\0',
+  /* "bangkok-dark-night.com", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', '-', 'd', 'a', 'r', 'k', '-', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bangkok.dating", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bangkokcity.de", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', 'c', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "bank.simple.com", false */ 'b', 'a', 'n', 'k', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bankbranchlocator.com", true */ 'b', 'a', 'n', 'k', 'b', 'r', 'a', 'n', 'c', 'h', 'l', 'o', 'c', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bankcardoffer.com", true */ 'b', 'a', 'n', 'k', 'c', 'a', 'r', 'd', 'o', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bankcircle.co.in", true */ 'b', 'a', 'n', 'k', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "bankersonline.com", true */ 'b', 'a', 'n', 'k', 'e', 'r', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bankfreeoffers.com", true */ 'b', 'a', 'n', 'k', 'f', 'r', 'e', 'e', 'o', 'f', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bankin.com", true */ 'b', 'a', 'n', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bankinter.pt", true */ 'b', 'a', 'n', 'k', 'i', 'n', 't', 'e', 'r', '.', 'p', 't', '\0',
+  /* "bankofdenton.com", true */ 'b', 'a', 'n', 'k', 'o', 'f', 'd', 'e', 'n', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bankofrealty.review", true */ 'b', 'a', 'n', 'k', 'o', 'f', 'r', 'e', 'a', 'l', 't', 'y', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0',
+  /* "banksiaparkcottages.com.au", true */ 'b', 'a', 'n', 'k', 's', 'i', 'a', 'p', 'a', 'r', 'k', 'c', 'o', 't', 't', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bankstownapartments.com.au", true */ 'b', 'a', 'n', 'k', 's', 't', 'o', 'w', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "banned-bitches.tk", true */ 'b', 'a', 'n', 'n', 'e', 'd', '-', 'b', 'i', 't', 'c', 'h', 'e', 's', '.', 't', 'k', '\0',
+  /* "bannermarquees.ie", true */ 'b', 'a', 'n', 'n', 'e', 'r', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'i', 'e', '\0',
+  /* "banoviny.sk", true */ 'b', 'a', 'n', 'o', 'v', 'i', 'n', 'y', '.', 's', 'k', '\0',
+  /* "banri.me", true */ 'b', 'a', 'n', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "banxehoi.com", true */ 'b', 'a', 'n', 'x', 'e', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "baofengtech.com", true */ 'b', 'a', 'o', 'f', 'e', 'n', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "baosuckhoedoisong.net", true */ 'b', 'a', 'o', 's', 'u', 'c', 'k', 'h', 'o', 'e', 'd', 'o', 'i', 's', 'o', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "baptistboard.com", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "baptiste-destombes.fr", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'e', '-', 'd', 'e', 's', 't', 'o', 'm', 'b', 'e', 's', '.', 'f', 'r', '\0',
+  /* "baptiste-peugnez.fr", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'e', '-', 'p', 'e', 'u', 'g', 'n', 'e', 'z', '.', 'f', 'r', '\0',
+  /* "bar-harcourt.com", true */ 'b', 'a', 'r', '-', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "barans2239.com", true */ 'b', 'a', 'r', 'a', 'n', 's', '2', '2', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "barbarafeldman.com", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'a', 'f', 'e', 'l', 'd', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "barbarians.com", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "barbaros.info", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "barbate.fr", true */ 'b', 'a', 'r', 'b', 'a', 't', 'e', '.', 'f', 'r', '\0',
+  /* "barbershop-harmony.org", true */ 'b', 'a', 'r', 'b', 'e', 'r', 's', 'h', 'o', 'p', '-', 'h', 'a', 'r', 'm', 'o', 'n', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "barbosha.ru", true */ 'b', 'a', 'r', 'b', 'o', 's', 'h', 'a', '.', 'r', 'u', '\0',
+  /* "barbu.family", true */ 'b', 'a', 'r', 'b', 'u', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "barburas.com", true */ 'b', 'a', 'r', 'b', 'u', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "barclays.net", true */ 'b', 'a', 'r', 'c', 'l', 'a', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "barcodeberlin.com", true */ 'b', 'a', 'r', 'c', 'o', 'd', 'e', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "barcoderealty.com", true */ 'b', 'a', 'r', 'c', 'o', 'd', 'e', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bardiharborow.com", true */ 'b', 'a', 'r', 'd', 'i', 'h', 'a', 'r', 'b', 'o', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "bardiharborow.tk", true */ 'b', 'a', 'r', 'd', 'i', 'h', 'a', 'r', 'b', 'o', 'r', 'o', 'w', '.', 't', 'k', '\0',
+  /* "bargainmovingcompany.com", true */ 'b', 'a', 'r', 'g', 'a', 'i', 'n', 'm', 'o', 'v', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bariller.fr", true */ 'b', 'a', 'r', 'i', 'l', 'l', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "baripedia.org", true */ 'b', 'a', 'r', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "baris-sagdic.com", true */ 'b', 'a', 'r', 'i', 's', '-', 's', 'a', 'g', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bariseau-mottrie.be", true */ 'b', 'a', 'r', 'i', 's', 'e', 'a', 'u', '-', 'm', 'o', 't', 't', 'r', 'i', 'e', '.', 'b', 'e', '\0',
+  /* "barisi.me", true */ 'b', 'a', 'r', 'i', 's', 'i', '.', 'm', 'e', '\0',
+  /* "bariskaragoz.nl", true */ 'b', 'a', 'r', 'i', 's', 'k', 'a', 'r', 'a', 'g', 'o', 'z', '.', 'n', 'l', '\0',
+  /* "barkerjr.xyz", true */ 'b', 'a', 'r', 'k', 'e', 'r', 'j', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "barlotta.net", true */ 'b', 'a', 'r', 'l', 'o', 't', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "barnabycolby.io", true */ 'b', 'a', 'r', 'n', 'a', 'b', 'y', 'c', 'o', 'l', 'b', 'y', '.', 'i', 'o', '\0',
+  /* "barnrats.com", true */ 'b', 'a', 'r', 'n', 'r', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baropkamp.be", true */ 'b', 'a', 'r', 'o', 'p', 'k', 'a', 'm', 'p', '.', 'b', 'e', '\0',
+  /* "barprive.com", true */ 'b', 'a', 'r', 'p', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "barqo.co", true */ 'b', 'a', 'r', 'q', 'o', '.', 'c', 'o', '\0',
+  /* "barracuda.com.tr", true */ 'b', 'a', 'r', 'r', 'a', 'c', 'u', 'd', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "barrera.io", true */ 'b', 'a', 'r', 'r', 'e', 'r', 'a', '.', 'i', 'o', '\0',
+  /* "barrett.ag", true */ 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'a', 'g', '\0',
+  /* "barriofut.com", true */ 'b', 'a', 'r', 'r', 'i', 'o', 'f', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bars.kh.ua", true */ 'b', 'a', 'r', 's', '.', 'k', 'h', '.', 'u', 'a', '\0',
+  /* "barsashop.com.br", true */ 'b', 'a', 'r', 's', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "barsil.de", true */ 'b', 'a', 'r', 's', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "barslecht.com", true */ 'b', 'a', 'r', 's', 'l', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "barslecht.nl", true */ 'b', 'a', 'r', 's', 'l', 'e', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "barss.io", true */ 'b', 'a', 'r', 's', 's', '.', 'i', 'o', '\0',
+  /* "barta.me", true */ 'b', 'a', 'r', 't', 'a', '.', 'm', 'e', '\0',
+  /* "bartel.ws", true */ 'b', 'a', 'r', 't', 'e', 'l', '.', 'w', 's', '\0',
+  /* "bartelt.name", true */ 'b', 'a', 'r', 't', 'e', 'l', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "bartula.de", true */ 'b', 'a', 'r', 't', 'u', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "bartzutow.xyz", true */ 'b', 'a', 'r', 't', 'z', 'u', 't', 'o', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "baruch.me", true */ 'b', 'a', 'r', 'u', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "bas.co.jp", true */ 'b', 'a', 's', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "bascht.com", true */ 'b', 'a', 's', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "basculasconfiables.com", true */ 'b', 'a', 's', 'c', 'u', 'l', 'a', 's', 'c', 'o', 'n', 'f', 'i', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "base-autonome-durable.com", true */ 'b', 'a', 's', 'e', '-', 'a', 'u', 't', 'o', 'n', 'o', 'm', 'e', '-', 'd', 'u', 'r', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baseballrampage.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 'r', 'a', 'm', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baseballsavings.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baseballwarehouse.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 'w', 'a', 'r', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "basedonline.nl", true */ 'b', 'a', 's', 'e', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "baselang.com", true */ 'b', 'a', 's', 'e', 'l', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "basementdoctor.com", true */ 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'd', 'o', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "basementdoctornorthwest.com", true */ 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'd', 'o', 'c', 't', 'o', 'r', 'n', 'o', 'r', 't', 'h', 'w', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bashc.at", true */ 'b', 'a', 's', 'h', 'c', '.', 'a', 't', '\0',
+  /* "bashstreetband.co.uk", true */ 'b', 'a', 's', 'h', 's', 't', 'r', 'e', 'e', 't', 'b', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "basilicaknights.org", true */ 'b', 'a', 's', 'i', 'l', 'i', 'c', 'a', 'k', 'n', 'i', 'g', 'h', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "basilm.co", true */ 'b', 'a', 's', 'i', 'l', 'm', '.', 'c', 'o', '\0',
+  /* "basketball-brannenburg.de", true */ 'b', 'a', 's', 'k', 'e', 't', 'b', 'a', 'l', 'l', '-', 'b', 'r', 'a', 'n', 'n', 'e', 'n', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "basketsbymaurice.com", true */ 'b', 'a', 's', 'k', 'e', 't', 's', 'b', 'y', 'm', 'a', 'u', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baskettemple.com", true */ 'b', 'a', 's', 'k', 'e', 't', 't', 'e', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "basnieuwenhuizen.nl", true */ 'b', 'a', 's', 'n', 'i', 'e', 'u', 'w', 'e', 'n', 'h', 'u', 'i', 'z', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "basnoslovno.com.ua", true */ 'b', 'a', 's', 'n', 'o', 's', 'l', 'o', 'v', 'n', 'o', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "basnoslovno.ru", true */ 'b', 'a', 's', 'n', 'o', 's', 'l', 'o', 'v', 'n', 'o', '.', 'r', 'u', '\0',
+  /* "bass-pro.ru", true */ 'b', 'a', 's', 's', '-', 'p', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "bassblog.net", true */ 'b', 'a', 's', 's', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "bassment.ph", true */ 'b', 'a', 's', 's', 'm', 'e', 'n', 't', '.', 'p', 'h', '\0',
+  /* "bastelzauberwelt.de", true */ 'b', 'a', 's', 't', 'e', 'l', 'z', 'a', 'u', 'b', 'e', 'r', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "bastianstalder.ch", true */ 'b', 'a', 's', 't', 'i', 'a', 'n', 's', 't', 'a', 'l', 'd', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "bastiv.com", true */ 'b', 'a', 's', 't', 'i', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "bastivmobile.com", true */ 'b', 'a', 's', 't', 'i', 'v', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bastolino.de", true */ 'b', 'a', 's', 't', 'o', 'l', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "basyspro.net", true */ 'b', 'a', 's', 'y', 's', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "bat909.com", true */ 'b', 'a', 't', '9', '0', '9', '.', 'c', 'o', 'm', '\0',
+  /* "batcave.tech", true */ 'b', 'a', 't', 'c', 'a', 'v', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "bati-alu.fr", true */ 'b', 'a', 't', 'i', '-', 'a', 'l', 'u', '.', 'f', 'r', '\0',
+  /* "batiburrillo.net", true */ 'b', 'a', 't', 'i', 'b', 'u', 'r', 'r', 'i', 'l', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "batipresta.ch", true */ 'b', 'a', 't', 'i', 'p', 'r', 'e', 's', 't', 'a', '.', 'c', 'h', '\0',
+  /* "batistareisfloresonline.com.br", true */ 'b', 'a', 't', 'i', 's', 't', 'a', 'r', 'e', 'i', 's', 'f', 'l', 'o', 'r', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "batlab.ch", true */ 'b', 'a', 't', 'l', 'a', 'b', '.', 'c', 'h', '\0',
+  /* "batolis.com", true */ 'b', 'a', 't', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "batonger.com", true */ 'b', 'a', 't', 'o', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "batook.org", true */ 'b', 'a', 't', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "batschu.de", true */ 'b', 'a', 't', 's', 'c', 'h', 'u', '.', 'd', 'e', '\0',
+  /* "batten.eu.org", true */ 'b', 'a', 't', 't', 'e', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "batteryservice.ru", false */ 'b', 'a', 't', 't', 'e', 'r', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'r', 'u', '\0',
+  /* "batterystaple.pw", true */ 'b', 'a', 't', 't', 'e', 'r', 'y', 's', 't', 'a', 'p', 'l', 'e', '.', 'p', 'w', '\0',
+  /* "battle-game.com", true */ 'b', 'a', 't', 't', 'l', 'e', '-', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "battleboxx.com", true */ 'b', 'a', 't', 't', 'l', 'e', 'b', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "battleofthegridiron.com", true */ 'b', 'a', 't', 't', 'l', 'e', 'o', 'f', 't', 'h', 'e', 'g', 'r', 'i', 'd', 'i', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "baugeldspezi.de", true */ 'b', 'a', 'u', 'g', 'e', 'l', 'd', 's', 'p', 'e', 'z', 'i', '.', 'd', 'e', '\0',
+  /* "baugemeinschaftbernstein.de", true */ 'b', 'a', 'u', 'g', 'e', 'm', 'e', 'i', 'n', 's', 'c', 'h', 'a', 'f', 't', 'b', 'e', 'r', 'n', 's', 't', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "baumannfabrice.com", true */ 'b', 'a', 'u', 'm', 'a', 'n', 'n', 'f', 'a', 'b', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bausep.de", true */ 'b', 'a', 'u', 's', 'e', 'p', '.', 'd', 'e', '\0',
+  /* "baustils.com", true */ 'b', 'a', 'u', 's', 't', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bauthier-occasions.be", true */ 'b', 'a', 'u', 't', 'h', 'i', 'e', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "bautied.de", true */ 'b', 'a', 'u', 't', 'i', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "bauunternehmen-herr.de", true */ 'b', 'a', 'u', 'u', 'n', 't', 'e', 'r', 'n', 'e', 'h', 'm', 'e', 'n', '-', 'h', 'e', 'r', 'r', '.', 'd', 'e', '\0',
+  /* "bayareaenergyevents.com", true */ 'b', 'a', 'y', 'a', 'r', 'e', 'a', 'e', 'n', 'e', 'r', 'g', 'y', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baychimo.com", true */ 'b', 'a', 'y', 'c', 'h', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bayden.com", true */ 'b', 'a', 'y', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bayer-stefan.com", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bayer-stefan.de", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "bayer-stefan.eu", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "bayerhazard.de", true */ 'b', 'a', 'y', 'e', 'r', 'h', 'a', 'z', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "bayerstefan.com", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bayerstefan.de", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "bayerstefan.eu", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "bayherbalist.com", true */ 'b', 'a', 'y', 'h', 'e', 'r', 'b', 'a', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bayinstruments.com", true */ 'b', 'a', 'y', 'i', 'n', 's', 't', 'r', 'u', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baymard.com", true */ 'b', 'a', 'y', 'm', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bayrisch-fuer-anfaenger.de", true */ 'b', 'a', 'y', 'r', 'i', 's', 'c', 'h', '-', 'f', 'u', 'e', 'r', '-', 'a', 'n', 'f', 'a', 'e', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "baywatch.io", true */ 'b', 'a', 'y', 'w', 'a', 't', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "bazaarcompass.com", true */ 'b', 'a', 'z', 'a', 'a', 'r', 'c', 'o', 'm', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bazdell.com", false */ 'b', 'a', 'z', 'd', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bazos.at", true */ 'b', 'a', 'z', 'o', 's', '.', 'a', 't', '\0',
+  /* "bazos.cz", true */ 'b', 'a', 'z', 'o', 's', '.', 'c', 'z', '\0',
+  /* "bazos.sk", true */ 'b', 'a', 'z', 'o', 's', '.', 's', 'k', '\0',
+  /* "bazziergraphik.com", true */ 'b', 'a', 'z', 'z', 'i', 'e', 'r', 'g', 'r', 'a', 'p', 'h', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bb37roma.it", true */ 'b', 'b', '3', '7', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "bbcastles.com", true */ 'b', 'b', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bbgeschenke.ch", true */ 'b', 'b', 'g', 'e', 's', 'c', 'h', 'e', 'n', 'k', 'e', '.', 'c', 'h', '\0',
+  /* "bbimarketing.com", true */ 'b', 'b', 'i', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bbkworldwide.jp", true */ 'b', 'b', 'k', 'w', 'o', 'r', 'l', 'd', 'w', 'i', 'd', 'e', '.', 'j', 'p', '\0',
+  /* "bblove.me", true */ 'b', 'b', 'l', 'o', 'v', 'e', '.', 'm', 'e', '\0',
+  /* "bblsa.ch", true */ 'b', 'b', 'l', 's', 'a', '.', 'c', 'h', '\0',
+  /* "bbw-wrestling.com", true */ 'b', 'b', 'w', '-', 'w', 'r', 'e', 's', 't', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bbw.dating", true */ 'b', 'b', 'w', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bbwcs.co.uk", true */ 'b', 'b', 'w', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bbwf.de", true */ 'b', 'b', 'w', 'f', '.', 'd', 'e', '\0',
+  /* "bbwfacesitting.us", true */ 'b', 'b', 'w', 'f', 'a', 'c', 'e', 's', 'i', 't', 't', 'i', 'n', 'g', '.', 'u', 's', '\0',
+  /* "bc-bd.org", true */ 'b', 'c', '-', 'b', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bc-diffusion.com", true */ 'b', 'c', '-', 'd', 'i', 'f', 'f', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bcbulle.ch", true */ 'b', 'c', 'b', 'u', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "bcdonadio.com", true */ 'b', 'c', 'd', 'o', 'n', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bceventhire.co.uk", true */ 'b', 'c', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bch7al.ma", true */ 'b', 'c', 'h', '7', 'a', 'l', '.', 'm', 'a', '\0',
+  /* "bck.me", true */ 'b', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "bclogandtimberbuilders.com", true */ 'b', 'c', 'l', 'o', 'g', 'a', 'n', 'd', 't', 'i', 'm', 'b', 'e', 'r', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bclrk.us", true */ 'b', 'c', 'l', 'r', 'k', '.', 'u', 's', '\0',
+  /* "bcmainland.ca", true */ 'b', 'c', 'm', 'a', 'i', 'n', 'l', 'a', 'n', 'd', '.', 'c', 'a', '\0',
+  /* "bcmguide.com", true */ 'b', 'c', 'm', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bcmhire.co.uk", true */ 'b', 'c', 'm', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bcmlu.org", true */ 'b', 'c', 'm', 'l', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "bcnet.com.hk", true */ 'b', 'c', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "bcpc-ccgpfcheminots.com", true */ 'b', 'c', 'p', 'c', '-', 'c', 'c', 'g', 'p', 'f', 'c', 'h', 'e', 'm', 'i', 'n', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bcrook.com", false */ 'b', 'c', 'r', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bcswampcabins.com", true */ 'b', 'c', 's', 'w', 'a', 'm', 'p', 'c', 'a', 'b', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bda-boulevarddesairs.com", true */ 'b', 'd', 'a', '-', 'b', 'o', 'u', 'l', 'e', 'v', 'a', 'r', 'd', 'd', 'e', 's', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bdd.fi", true */ 'b', 'd', 'd', '.', 'f', 'i', '\0',
+  /* "bdenzer.com", true */ 'b', 'd', 'e', 'n', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bdenzer.xyz", true */ 'b', 'd', 'e', 'n', 'z', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "bdikaros-network.net", true */ 'b', 'd', 'i', 'k', 'a', 'r', 'o', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "be-ka-tec.de", true */ 'b', 'e', '-', 'k', 'a', '-', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "be-webdesign.com", true */ 'b', 'e', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "be.search.yahoo.com", false */ 'b', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "be2cloud.de", true */ 'b', 'e', '2', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "beacinsight.com", true */ 'b', 'e', 'a', 'c', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "beadare.com", true */ 'b', 'e', 'a', 'd', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beagreenbean.co.uk", true */ 'b', 'e', 'a', 'g', 'r', 'e', 'e', 'n', 'b', 'e', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beanjuice.me", true */ 'b', 'e', 'a', 'n', 'j', 'u', 'i', 'c', 'e', '.', 'm', 'e', '\0',
+  /* "beans-one.com", false */ 'b', 'e', 'a', 'n', 's', '-', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beanworks.ca", true */ 'b', 'e', 'a', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'a', '\0',
+  /* "bearcosports.com.br", true */ 'b', 'e', 'a', 'r', 'c', 'o', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bearded.sexy", true */ 'b', 'e', 'a', 'r', 'd', 'e', 'd', '.', 's', 'e', 'x', 'y', '\0',
+  /* "bearingworks.com", true */ 'b', 'e', 'a', 'r', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beastowner.li", true */ 'b', 'e', 'a', 's', 't', 'o', 'w', 'n', 'e', 'r', '.', 'l', 'i', '\0',
+  /* "beatnikbreaks.com", true */ 'b', 'e', 'a', 't', 'n', 'i', 'k', 'b', 'r', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beatrizaebischer.ch", true */ 'b', 'e', 'a', 't', 'r', 'i', 'z', 'a', 'e', 'b', 'i', 's', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "beaute-eternelle.ch", true */ 'b', 'e', 'a', 'u', 't', 'e', '-', 'e', 't', 'e', 'r', 'n', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "beauty-italy.ru", true */ 'b', 'e', 'a', 'u', 't', 'y', '-', 'i', 't', 'a', 'l', 'y', '.', 'r', 'u', '\0',
+  /* "beauty24.de", true */ 'b', 'e', 'a', 'u', 't', 'y', '2', '4', '.', 'd', 'e', '\0',
+  /* "beautybear.dk", true */ 'b', 'e', 'a', 'u', 't', 'y', 'b', 'e', 'a', 'r', '.', 'd', 'k', '\0',
+  /* "beautyevent.fr", true */ 'b', 'e', 'a', 'u', 't', 'y', 'e', 'v', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "beautykat.ru", true */ 'b', 'e', 'a', 'u', 't', 'y', 'k', 'a', 't', '.', 'r', 'u', '\0',
+  /* "bebef.de", true */ 'b', 'e', 'b', 'e', 'f', '.', 'd', 'e', '\0',
+  /* "bebefofuxo.com.br", true */ 'b', 'e', 'b', 'e', 'f', 'o', 'f', 'u', 'x', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bebes.uno", true */ 'b', 'e', 'b', 'e', 's', '.', 'u', 'n', 'o', '\0',
+  /* "bebetrotteur.com", true */ 'b', 'e', 'b', 'e', 't', 'r', 'o', 't', 't', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beccajoshwedding.com", true */ 'b', 'e', 'c', 'c', 'a', 'j', 'o', 's', 'h', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "beckenhamcastles.co.uk", true */ 'b', 'e', 'c', 'k', 'e', 'n', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beckerantiques.com", false */ 'b', 'e', 'c', 'k', 'e', 'r', 'a', 'n', 't', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "becoast.fr", true */ 'b', 'e', 'c', 'o', 'a', 's', 't', '.', 'f', 'r', '\0',
+  /* "becs.ch", true */ 'b', 'e', 'c', 's', '.', 'c', 'h', '\0',
+  /* "becubed.co", true */ 'b', 'e', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', '\0',
+  /* "bedamedia.com", true */ 'b', 'e', 'd', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bedandbreakfast.dk", true */ 'b', 'e', 'd', 'a', 'n', 'd', 'b', 'r', 'e', 'a', 'k', 'f', 'a', 's', 't', '.', 'd', 'k', '\0',
+  /* "bedandbreakfasteuropa.com", true */ 'b', 'e', 'd', 'a', 'n', 'd', 'b', 'r', 'e', 'a', 'k', 'f', 'a', 's', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bedfordnissanparts.com", true */ 'b', 'e', 'd', 'f', 'o', 'r', 'd', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bedlingtonterrier.com.br", true */ 'b', 'e', 'd', 'l', 'i', 'n', 'g', 't', 'o', 'n', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bedouille.com", true */ 'b', 'e', 'd', 'o', 'u', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bedrocklinux.org", true */ 'b', 'e', 'd', 'r', 'o', 'c', 'k', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "bee-line.org.uk", true */ 'b', 'e', 'e', '-', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "bee.clothing", true */ 'b', 'e', 'e', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "bee.supply", true */ 'b', 'e', 'e', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "bee.tools", true */ 'b', 'e', 'e', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "beehive.govt.nz", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "beehive42.com", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'c', 'o', 'm', '\0',
+  /* "beehive42.eu", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'e', 'u', '\0',
+  /* "beehive42.net", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "beehive42.nl", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'n', 'l', '\0',
+  /* "beehive42.org", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'o', 'r', 'g', '\0',
+  /* "beehosting.pro", true */ 'b', 'e', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'p', 'r', 'o', '\0',
+  /* "beekbier.nl", true */ 'b', 'e', 'e', 'k', 'b', 'i', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "beekeeper.blog", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "beekeeper.clothing", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "beekeeper.supplies", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '\0',
+  /* "beekeeper.supply", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "beekeeper.tools", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "beekeeping.clothing", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "beekeeping.tools", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "beeksnetwork.nl", true */ 'b', 'e', 'e', 'k', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "beelen.fr", true */ 'b', 'e', 'e', 'l', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "beercandle.com", true */ 'b', 'e', 'e', 'r', 'c', 'a', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beergazetteer.com", true */ 'b', 'e', 'e', 'r', 'g', 'a', 'z', 'e', 't', 't', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beerians.com", true */ 'b', 'e', 'e', 'r', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beermedlar.com", true */ 'b', 'e', 'e', 'r', 'm', 'e', 'd', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beerradar.no", true */ 'b', 'e', 'e', 'r', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'o', '\0',
+  /* "beerradar.party", true */ 'b', 'e', 'e', 'r', 'r', 'a', 'd', 'a', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "beersandco.ch", true */ 'b', 'e', 'e', 'r', 's', 'a', 'n', 'd', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "beersconf.com", true */ 'b', 'e', 'e', 'r', 's', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "beeswax-orgone.com", true */ 'b', 'e', 'e', 's', 'w', 'a', 'x', '-', 'o', 'r', 'g', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beetgroup.id", true */ 'b', 'e', 'e', 't', 'g', 'r', 'o', 'u', 'p', '.', 'i', 'd', '\0',
+  /* "beethoveninlove.com", true */ 'b', 'e', 'e', 't', 'h', 'o', 'v', 'e', 'n', 'i', 'n', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beetman.net", true */ 'b', 'e', 'e', 't', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "beeutifulparties.co.uk", true */ 'b', 'e', 'e', 'u', 't', 'i', 'f', 'u', 'l', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beexfit.com", true */ 'b', 'e', 'e', 'x', 'f', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "beezkneezcastles.co.uk", true */ 'b', 'e', 'e', 'z', 'k', 'n', 'e', 'e', 'z', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beeznest.com", true */ 'b', 'e', 'e', 'z', 'n', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "befoodsafe.gov", true */ 'b', 'e', 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "beforesunrise.de", true */ 'b', 'e', 'f', 'o', 'r', 'e', 's', 'u', 'n', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0',
+  /* "beframed.ch", true */ 'b', 'e', 'f', 'r', 'a', 'm', 'e', 'd', '.', 'c', 'h', '\0',
+  /* "befundonline.de", true */ 'b', 'e', 'f', 'u', 'n', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "begabungsfoerderung.info", true */ 'b', 'e', 'g', 'a', 'b', 'u', 'n', 'g', 's', 'f', 'o', 'e', 'r', 'd', 'e', 'r', 'u', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "begbie.com", true */ 'b', 'e', 'g', 'b', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beginner.nl", true */ 'b', 'e', 'g', 'i', 'n', 'n', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "behamzdarma.cz", true */ 'b', 'e', 'h', 'a', 'm', 'z', 'd', 'a', 'r', 'm', 'a', '.', 'c', 'z', '\0',
+  /* "behoerden-online-dienste.de", true */ 'b', 'e', 'h', 'o', 'e', 'r', 'd', 'e', 'n', '-', 'o', 'n', 'l', 'i', 'n', 'e', '-', 'd', 'i', 'e', 'n', 's', 't', 'e', '.', 'd', 'e', '\0',
+  /* "beichtgenerator.de", false */ 'b', 'e', 'i', 'c', 'h', 't', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "beijing.dating", true */ 'b', 'e', 'i', 'j', 'i', 'n', 'g', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "beijinglug.club", true */ 'b', 'e', 'i', 'j', 'i', 'n', 'g', 'l', 'u', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "beinad.com", true */ 'b', 'e', 'i', 'n', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "beinad.ru", true */ 'b', 'e', 'i', 'n', 'a', 'd', '.', 'r', 'u', '\0',
+  /* "beingmad.org", true */ 'b', 'e', 'i', 'n', 'g', 'm', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "belacapa.com.br", true */ 'b', 'e', 'l', 'a', 'c', 'a', 'p', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "belanglos.de", true */ 'b', 'e', 'l', 'a', 'n', 'g', 'l', 'o', 's', '.', 'd', 'e', '\0',
+  /* "belani.eu", true */ 'b', 'e', 'l', 'a', 'n', 'i', '.', 'e', 'u', '\0',
+  /* "belarto.be", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'b', 'e', '\0',
+  /* "belarto.de", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'd', 'e', '\0',
+  /* "belarto.es", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'e', 's', '\0',
+  /* "belarto.fr", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'f', 'r', '\0',
+  /* "belarto.it", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'i', 't', '\0',
+  /* "belarto.nl", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'n', 'l', '\0',
+  /* "belarto.pl", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'p', 'l', '\0',
+  /* "belastingdienst-in-beeld.nl", true */ 'b', 'e', 'l', 'a', 's', 't', 'i', 'n', 'g', 'd', 'i', 'e', 'n', 's', 't', '-', 'i', 'n', '-', 'b', 'e', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "belastingmiddeling.nl", true */ 'b', 'e', 'l', 'a', 's', 't', 'i', 'n', 'g', 'm', 'i', 'd', 'd', 'e', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "belcompany.nl", false */ 'b', 'e', 'l', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'n', 'l', '\0',
+  /* "belegit.org", true */ 'b', 'e', 'l', 'e', 'g', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "belfastbounce.co.uk", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "belfastlocks.com", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 'l', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belfasttechservices.co.uk", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "belge.rs", true */ 'b', 'e', 'l', 'g', 'e', '.', 'r', 's', '\0',
+  /* "belgers.com", true */ 'b', 'e', 'l', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belhopro.be", true */ 'b', 'e', 'l', 'h', 'o', 'p', 'r', 'o', '.', 'b', 'e', '\0',
+  /* "belics.com", true */ 'b', 'e', 'l', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belien-tweedehandswagens.be", true */ 'b', 'e', 'l', 'i', 'e', 'n', '-', 't', 'w', 'e', 'e', 'd', 'e', 'h', 'a', 'n', 'd', 's', 'w', 'a', 'g', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "believablebook.com", false */ 'b', 'e', 'l', 'i', 'e', 'v', 'a', 'b', 'l', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bella.network", true */ 'b', 'e', 'l', 'l', 'a', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "belloy.ch", true */ 'b', 'e', 'l', 'l', 'o', 'y', '.', 'c', 'h', '\0',
+  /* "belloy.net", true */ 'b', 'e', 'l', 'l', 'o', 'y', '.', 'n', 'e', 't', '\0',
+  /* "belly-button-piercings.com", true */ 'b', 'e', 'l', 'l', 'y', '-', 'b', 'u', 't', 't', 'o', 'n', '-', 'p', 'i', 'e', 'r', 'c', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belmontgoessolar.org", true */ 'b', 'e', 'l', 'm', 'o', 'n', 't', 'g', 'o', 'e', 's', 's', 'o', 'l', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "belt.black", true */ 'b', 'e', 'l', 't', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "belua.com", true */ 'b', 'e', 'l', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "belvoirbouncycastles.co.uk", true */ 'b', 'e', 'l', 'v', 'o', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bely-mishka.by", true */ 'b', 'e', 'l', 'y', '-', 'm', 'i', 's', 'h', 'k', 'a', '.', 'b', 'y', '\0',
+  /* "belyvly.com", true */ 'b', 'e', 'l', 'y', 'v', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bemsoft.pl", true */ 'b', 'e', 'm', 's', 'o', 'f', 't', '.', 'p', 'l', '\0',
+  /* "bemvindoaolar.com.br", true */ 'b', 'e', 'm', 'v', 'i', 'n', 'd', 'o', 'a', 'o', 'l', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ben-energy.com", false */ 'b', 'e', 'n', '-', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ben-stock.de", true */ 'b', 'e', 'n', '-', 's', 't', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "ben.ninja", true */ 'b', 'e', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "ben2.co.il", true */ 'b', 'e', 'n', '2', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "benabrams.it", true */ 'b', 'e', 'n', 'a', 'b', 'r', 'a', 'm', 's', '.', 'i', 't', '\0',
+  /* "benary.org", true */ 'b', 'e', 'n', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "benbozsa.ca", true */ 'b', 'e', 'n', 'b', 'o', 'z', 's', 'a', '.', 'c', 'a', '\0',
+  /* "benburwell.com", true */ 'b', 'e', 'n', 'b', 'u', 'r', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "benchcast.com", true */ 'b', 'e', 'n', 'c', 'h', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "benchling.com", true */ 'b', 'e', 'n', 'c', 'h', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "benchmarkmonument.com", true */ 'b', 'e', 'n', 'c', 'h', 'm', 'a', 'r', 'k', 'm', 'o', 'n', 'u', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bencorby.com", true */ 'b', 'e', 'n', 'c', 'o', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bendemaree.com", true */ 'b', 'e', 'n', 'd', 'e', 'm', 'a', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bendigoland.com.au", true */ 'b', 'e', 'n', 'd', 'i', 'g', 'o', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bendingtheending.com", true */ 'b', 'e', 'n', 'd', 'i', 'n', 'g', 't', 'h', 'e', 'e', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bendix.co", true */ 'b', 'e', 'n', 'd', 'i', 'x', '.', 'c', 'o', '\0',
+  /* "beneathvt.com", true */ 'b', 'e', 'n', 'e', 'a', 't', 'h', 'v', 't', '.', 'c', 'o', 'm', '\0',
+  /* "benediktdichgans.de", true */ 'b', 'e', 'n', 'e', 'd', 'i', 'k', 't', 'd', 'i', 'c', 'h', 'g', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "benepiscinas.com.br", true */ 'b', 'e', 'n', 'e', 'p', 'i', 's', 'c', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "beneri.se", true */ 'b', 'e', 'n', 'e', 'r', 'i', '.', 's', 'e', '\0',
+  /* "benevita.bio", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'b', 'i', 'o', '\0',
+  /* "benevita.life", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "benevita.live", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "benevita.organic", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'o', 'r', 'g', 'a', 'n', 'i', 'c', '\0',
+  /* "benfairclough.com", true */ 'b', 'e', 'n', 'f', 'a', 'i', 'r', 'c', 'l', 'o', 'u', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bengalurugifts.com", true */ 'b', 'e', 'n', 'g', 'a', 'l', 'u', 'r', 'u', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "benhaney.com", true */ 'b', 'e', 'n', 'h', 'a', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "benhartmann.de", true */ 'b', 'e', 'n', 'h', 'a', 'r', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "benhavenarchives.org", true */ 'b', 'e', 'n', 'h', 'a', 'v', 'e', 'n', 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "benjamin.pe", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', '.', 'p', 'e', '\0',
+  /* "benjaminblack.net", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'b', 'l', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "benjamindietrich.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "benjamindietrich.de", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "benjaminjurke.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'j', 'u', 'r', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "benjaminjurke.net", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'j', 'u', 'r', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "benjaminpiquet.fr", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'p', 'i', 'q', 'u', 'e', 't', '.', 'f', 'r', '\0',
+  /* "benjamins.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "benleemd.com", true */ 'b', 'e', 'n', 'l', 'e', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "benmatthews.com.au", true */ 'b', 'e', 'n', 'm', 'a', 't', 't', 'h', 'e', 'w', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "benmillett.us", false */ 'b', 'e', 'n', 'm', 'i', 'l', 'l', 'e', 't', 't', '.', 'u', 's', '\0',
+  /* "bennettsbouncycastlehire.co.uk", true */ 'b', 'e', 'n', 'n', 'e', 't', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bennettshire.co.uk", true */ 'b', 'e', 'n', 'n', 'e', 't', 't', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "benni1.eu", true */ 'b', 'e', 'n', 'n', 'i', '1', '.', 'e', 'u', '\0',
+  /* "bennierobinson.com", true */ 'b', 'e', 'n', 'n', 'i', 'e', 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bennink.me", true */ 'b', 'e', 'n', 'n', 'i', 'n', 'k', '.', 'm', 'e', '\0',
+  /* "benno.frl", true */ 'b', 'e', 'n', 'n', 'o', '.', 'f', 'r', 'l', '\0',
+  /* "bennygommers.nl", true */ 'b', 'e', 'n', 'n', 'y', 'g', 'o', 'm', 'm', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "bennythink.com", true */ 'b', 'e', 'n', 'n', 'y', 't', 'h', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bensbouncycastles.co.uk", true */ 'b', 'e', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "benschnarr.com", true */ 'b', 'e', 'n', 's', 'c', 'h', 'n', 'a', 'r', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "benscobie.com", true */ 'b', 'e', 'n', 's', 'c', 'o', 'b', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bensinflatables.co.uk", true */ 'b', 'e', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bentertain.de", true */ 'b', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "bentley.blog", true */ 'b', 'e', 'n', 't', 'l', 'e', 'y', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "bentley.link", true */ 'b', 'e', 'n', 't', 'l', 'e', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "bentrask.com", true */ 'b', 'e', 'n', 't', 'r', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "beoordelingen.be", true */ 'b', 'e', 'o', 'o', 'r', 'd', 'e', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "beranovi.com", true */ 'b', 'e', 'r', 'a', 'n', 'o', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "berasavocate.com", true */ 'b', 'e', 'r', 'a', 's', 'a', 'v', 'o', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beraten-entwickeln-steuern.de", true */ 'b', 'e', 'r', 'a', 't', 'e', 'n', '-', 'e', 'n', 't', 'w', 'i', 'c', 'k', 'e', 'l', 'n', '-', 's', 't', 'e', 'u', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "berdaguermontes.eu", true */ 'b', 'e', 'r', 'd', 'a', 'g', 'u', 'e', 'r', 'm', 'o', 'n', 't', 'e', 's', '.', 'e', 'u', '\0',
+  /* "berdu.id", true */ 'b', 'e', 'r', 'd', 'u', '.', 'i', 'd', '\0',
+  /* "bergenhave.nl", true */ 'b', 'e', 'r', 'g', 'e', 'n', 'h', 'a', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "bergevoet-fa.nl", true */ 'b', 'e', 'r', 'g', 'e', 'v', 'o', 'e', 't', '-', 'f', 'a', '.', 'n', 'l', '\0',
+  /* "bergfex.at", true */ 'b', 'e', 'r', 'g', 'f', 'e', 'x', '.', 'a', 't', '\0',
+  /* "bergstoneware.com", true */ 'b', 'e', 'r', 'g', 's', 't', 'o', 'n', 'e', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "berlin-flirt.de", true */ 'b', 'e', 'r', 'l', 'i', 'n', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "berlin-kohlefrei.de", true */ 'b', 'e', 'r', 'l', 'i', 'n', '-', 'k', 'o', 'h', 'l', 'e', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "berlin.dating", true */ 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bermeitinger.eu", true */ 'b', 'e', 'r', 'm', 'e', 'i', 't', 'i', 'n', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "berna.fr", true */ 'b', 'e', 'r', 'n', 'a', '.', 'f', 'r', '\0',
+  /* "bernadetteanderes.ch", true */ 'b', 'e', 'r', 'n', 'a', 'd', 'e', 't', 't', 'e', 'a', 'n', 'd', 'e', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "bernardcontainers.be", true */ 'b', 'e', 'r', 'n', 'a', 'r', 'd', 'c', 'o', 'n', 't', 'a', 'i', 'n', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "bernardfischer.fr", true */ 'b', 'e', 'r', 'n', 'a', 'r', 'd', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "bernat.im", true */ 'b', 'e', 'r', 'n', 'a', 't', '.', 'i', 'm', '\0',
+  /* "bernd-leitner-fotodesign.com", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '-', 'f', 'o', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bernd-leitner-fotodesign.de", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '-', 'f', 'o', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "bernd-leitner.de", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bernhard-seidenspinner.de", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', '-', 's', 'e', 'i', 'd', 'e', 'n', 's', 'p', 'i', 'n', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bernhardkau.de", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'k', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "bernhardluginbuehl.ch", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'c', 'h', '\0',
+  /* "bernhardluginbuehl.com", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "berr.yt", true */ 'b', 'e', 'r', 'r', '.', 'y', 't', '\0',
+  /* "berra.se", true */ 'b', 'e', 'r', 'r', 'a', '.', 's', 'e', '\0',
+  /* "berrus.com", true */ 'b', 'e', 'r', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "berry.cat", true */ 'b', 'e', 'r', 'r', 'y', '.', 'c', 'a', 't', '\0',
+  /* "berrypay.com", true */ 'b', 'e', 'r', 'r', 'y', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "berseb.se", true */ 'b', 'e', 'r', 's', 'e', 'b', '.', 's', 'e', '\0',
+  /* "bersierservices.ch", true */ 'b', 'e', 'r', 's', 'i', 'e', 'r', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'h', '\0',
+  /* "bersotavocats.fr", true */ 'b', 'e', 'r', 's', 'o', 't', 'a', 'v', 'o', 'c', 'a', 't', 's', '.', 'f', 'r', '\0',
+  /* "berst.cz", true */ 'b', 'e', 'r', 's', 't', '.', 'c', 'z', '\0',
+  /* "berthabailey.com", true */ 'b', 'e', 'r', 't', 'h', 'a', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bertholdsson.com", true */ 'b', 'e', 'r', 't', 'h', 'o', 'l', 'd', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bertoliniodontoiatria.it", true */ 'b', 'e', 'r', 't', 'o', 'l', 'i', 'n', 'i', 'o', 'd', 'o', 'n', 't', 'o', 'i', 'a', 't', 'r', 'i', 'a', '.', 'i', 't', '\0',
+  /* "bertrand.bio", true */ 'b', 'e', 'r', 't', 'r', 'a', 'n', 'd', '.', 'b', 'i', 'o', '\0',
+  /* "bertrandkeller.info", true */ 'b', 'e', 'r', 't', 'r', 'a', 'n', 'd', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bertsmithvwparts.com", true */ 'b', 'e', 'r', 't', 's', 'm', 'i', 't', 'h', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beryl.net", true */ 'b', 'e', 'r', 'y', 'l', '.', 'n', 'e', 't', '\0',
+  /* "besb66.club", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "besb66.com", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "besb66.me", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'm', 'e', '\0',
+  /* "besb66.ninja", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "besb66.rocks", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "besb66.us", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'u', 's', '\0',
+  /* "beschriftung-metz.de", true */ 'b', 'e', 's', 'c', 'h', 'r', 'i', 'f', 't', 'u', 'n', 'g', '-', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "beserberg.tk", true */ 'b', 'e', 's', 'e', 'r', 'b', 'e', 'r', 'g', '.', 't', 'k', '\0',
+  /* "bespokestraps.com", true */ 'b', 'e', 's', 'p', 'o', 'k', 'e', 's', 't', 'r', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "best-of-bounce.co.uk", true */ 'b', 'e', 's', 't', '-', 'o', 'f', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "best-wallpaper.net", true */ 'b', 'e', 's', 't', '-', 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "best-wedding-quotes.com", true */ 'b', 'e', 's', 't', '-', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "best10websitebuilders.com", true */ 'b', 'e', 's', 't', '1', '0', 'w', 'e', 'b', 's', 'i', 't', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestbestbitcoin.com", true */ 'b', 'e', 's', 't', 'b', 'e', 's', 't', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bestbonuses.co.uk", true */ 'b', 'e', 's', 't', 'b', 'o', 'n', 'u', 's', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bestbrakes.com", true */ 'b', 'e', 's', 't', 'b', 'r', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestbridal.top", true */ 'b', 'e', 's', 't', 'b', 'r', 'i', 'd', 'a', 'l', '.', 't', 'o', 'p', '\0',
+  /* "bestbyte.com.br", true */ 'b', 'e', 's', 't', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bestessaycheap.com", true */ 'b', 'e', 's', 't', 'e', 's', 's', 'a', 'y', 'c', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bestessayhelp.com", true */ 'b', 'e', 's', 't', 'e', 's', 's', 'a', 'y', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bestgiftever.ca", true */ 'b', 'e', 's', 't', 'g', 'i', 'f', 't', 'e', 'v', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "bestgifts4you.com", true */ 'b', 'e', 's', 't', 'g', 'i', 'f', 't', 's', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "bestlashesandbrows.com", true */ 'b', 'e', 's', 't', 'l', 'a', 's', 'h', 'e', 's', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestlashesandbrows.hu", true */ 'b', 'e', 's', 't', 'l', 'a', 's', 'h', 'e', 's', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 's', '.', 'h', 'u', '\0',
+  /* "bestleftwild.com", true */ 'b', 'e', 's', 't', 'l', 'e', 'f', 't', 'w', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bestmodels.su", true */ 'b', 'e', 's', 't', 'm', 'o', 'd', 'e', 'l', 's', '.', 's', 'u', '\0',
+  /* "bestmotherfucking.website", true */ 'b', 'e', 's', 't', 'm', 'o', 't', 'h', 'e', 'r', 'f', 'u', 'c', 'k', 'i', 'n', 'g', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "bestoliveoils.com", true */ 'b', 'e', 's', 't', 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestpartyhire.com", true */ 'b', 'e', 's', 't', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bestperfumebrands.com", true */ 'b', 'e', 's', 't', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'b', 'r', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestschools.top", true */ 'b', 'e', 's', 't', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 't', 'o', 'p', '\0',
+  /* "bestseries.tv", true */ 'b', 'e', 's', 't', 's', 'e', 'r', 'i', 'e', 's', '.', 't', 'v', '\0',
+  /* "bestwarezone.com", true */ 'b', 'e', 's', 't', 'w', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bestwebsite.gallery", true */ 'b', 'e', 's', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "bet-99.com", true */ 'b', 'e', 't', '-', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "betamint.org", true */ 'b', 'e', 't', 'a', 'm', 'i', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "betaworx.de", true */ 'b', 'e', 't', 'a', 'w', 'o', 'r', 'x', '.', 'd', 'e', '\0',
+  /* "betaworx.eu", true */ 'b', 'e', 't', 'a', 'w', 'o', 'r', 'x', '.', 'e', 'u', '\0',
+  /* "betecnet.de", true */ 'b', 'e', 't', 'e', 'c', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "betformular.com", true */ 'b', 'e', 't', 'f', 'o', 'r', 'm', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "betkoo.com", true */ 'b', 'e', 't', 'k', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "betonmoney.com", true */ 'b', 'e', 't', 'o', 'n', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "betpamm.com", true */ 'b', 'e', 't', 'p', 'a', 'm', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "bets.gg", true */ 'b', 'e', 't', 's', '.', 'g', 'g', '\0',
+  /* "betseybuckheit.com", true */ 'b', 'e', 't', 's', 'e', 'y', 'b', 'u', 'c', 'k', 'h', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "betshoot.com", true */ 'b', 'e', 't', 's', 'h', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "betsonlinefree.com.au", true */ 'b', 'e', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "betsyshilling.com", true */ 'b', 'e', 't', 's', 'y', 's', 'h', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bett1.de", true */ 'b', 'e', 't', 't', '1', '.', 'd', 'e', '\0',
+  /* "better-bounce.co.uk", true */ 'b', 'e', 't', 't', 'e', 'r', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "better.fyi", true */ 'b', 'e', 't', 't', 'e', 'r', '.', 'f', 'y', 'i', '\0',
+  /* "betterbabyshop.com.au", true */ 'b', 'e', 't', 't', 'e', 'r', 'b', 'a', 'b', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bettercrypto.org", true */ 'b', 'e', 't', 't', 'e', 'r', 'c', 'r', 'y', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "betterhelp.com", true */ 'b', 'e', 't', 't', 'e', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "betterna.me", true */ 'b', 'e', 't', 't', 'e', 'r', 'n', 'a', '.', 'm', 'e', '\0',
+  /* "betterscience.org", true */ 'b', 'e', 't', 't', 'e', 'r', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bettertest.it", true */ 'b', 'e', 't', 't', 'e', 'r', 't', 'e', 's', 't', '.', 'i', 't', '\0',
+  /* "betterworldinternational.org", true */ 'b', 'e', 't', 't', 'e', 'r', 'w', 'o', 'r', 'l', 'd', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "bettflaschen.ch", true */ 'b', 'e', 't', 't', 'f', 'l', 'a', 's', 'c', 'h', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "bettingbusiness.ru", true */ 'b', 'e', 't', 't', 'i', 'n', 'g', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'r', 'u', '\0',
+  /* "bettolinokitchen.com", true */ 'b', 'e', 't', 't', 'o', 'l', 'i', 'n', 'o', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bettrlifeapp.com", true */ 'b', 'e', 't', 't', 'r', 'l', 'i', 'f', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "betulashop.ch", true */ 'b', 'e', 't', 'u', 'l', 'a', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "betwalker.com", true */ 'b', 'e', 't', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beulen.email", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "beulen.link", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "beulen.pro", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "bevedo.cz", true */ 'b', 'e', 'v', 'e', 'd', 'o', '.', 'c', 'z', '\0',
+  /* "beveiligingscamerawestland.nl", true */ 'b', 'e', 'v', 'e', 'i', 'l', 'i', 'g', 'i', 'n', 'g', 's', 'c', 'a', 'm', 'e', 'r', 'a', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "beverlyinternational.com", false */ 'b', 'e', 'v', 'e', 'r', 'l', 'y', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bevinco2020.com", true */ 'b', 'e', 'v', 'i', 'n', 'c', 'o', '2', '0', '2', '0', '.', 'c', 'o', 'm', '\0',
+  /* "bevinsco.org", true */ 'b', 'e', 'v', 'i', 'n', 's', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "bevnut.com", true */ 'b', 'e', 'v', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bewegungsfluss.com", true */ 'b', 'e', 'w', 'e', 'g', 'u', 'n', 'g', 's', 'f', 'l', 'u', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bewerbungsfoto-deinfoto.ch", true */ 'b', 'e', 'w', 'e', 'r', 'b', 'u', 'n', 'g', 's', 'f', 'o', 't', 'o', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "bewertet.de", true */ 'b', 'e', 'w', 'e', 'r', 't', 'e', 't', '.', 'd', 'e', '\0',
+  /* "bewonderen.com", true */ 'b', 'e', 'w', 'o', 'n', 'd', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bexit-hosting.nl", true */ 'b', 'e', 'x', 'i', 't', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "bexit-security.eu", true */ 'b', 'e', 'x', 'i', 't', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'e', 'u', '\0',
+  /* "bexit-security.nl", true */ 'b', 'e', 'x', 'i', 't', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "bexit.nl", true */ 'b', 'e', 'x', 'i', 't', '.', 'n', 'l', '\0',
+  /* "bexithosting.nl", true */ 'b', 'e', 'x', 'i', 't', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "bexleycastles.co.uk", true */ 'b', 'e', 'x', 'l', 'e', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beybiz.com", true */ 'b', 'e', 'y', 'b', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "beyond-infinity.org", true */ 'b', 'e', 'y', 'o', 'n', 'd', '-', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "beyond-rational.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', '-', 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "beyondalderaan.net", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'a', 'l', 'd', 'e', 'r', 'a', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "beyondbounce.co.uk", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beyondpricing.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'p', 'r', 'i', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "beyondthecode.io", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'h', 'e', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "beyondtodaymediagroup.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'o', 'd', 'a', 'y', 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "beyondtrust.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "beyondweb.net", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "beyonic.com", true */ 'b', 'e', 'y', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "beyours.be", true */ 'b', 'e', 'y', 'o', 'u', 'r', 's', '.', 'b', 'e', '\0',
+  /* "bez-energie.de", true */ 'b', 'e', 'z', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "bezemkast.nl", true */ 'b', 'e', 'z', 'e', 'm', 'k', 'a', 's', 't', '.', 'n', 'l', '\0',
+  /* "bezoomnyville.com", true */ 'b', 'e', 'z', 'o', 'o', 'm', 'n', 'y', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bezpecnostsiti.cf", true */ 'b', 'e', 'z', 'p', 'e', 'c', 'n', 'o', 's', 't', 's', 'i', 't', 'i', '.', 'c', 'f', '\0',
+  /* "bfam.tv", true */ 'b', 'f', 'a', 'm', '.', 't', 'v', '\0',
+  /* "bfi.wien", false */ 'b', 'f', 'i', '.', 'w', 'i', 'e', 'n', '\0',
+  /* "bft-media.com", true */ 'b', 'f', 't', '-', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bftbradio.com", true */ 'b', 'f', 't', 'b', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bfw-online.de", true */ 'b', 'f', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "bg-sexologia.com", true */ 'b', 'g', '-', 's', 'e', 'x', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bgdaddy.com", true */ 'b', 'g', 'd', 'a', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bgenlisted.com", true */ 'b', 'g', 'e', 'n', 'l', 'i', 's', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bgeo.io", true */ 'b', 'g', 'e', 'o', '.', 'i', 'o', '\0',
+  /* "bgfashion.net", true */ 'b', 'g', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "bghost.xyz", true */ 'b', 'g', 'h', 'o', 's', 't', '.', 'x', 'y', 'z', '\0',
+  /* "bgkoleda.bg", true */ 'b', 'g', 'k', 'o', 'l', 'e', 'd', 'a', '.', 'b', 'g', '\0',
+  /* "bglsingles.de", true */ 'b', 'g', 'l', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0',
+  /* "bgneuesheim.de", true */ 'b', 'g', 'n', 'e', 'u', 'e', 's', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "bgp.space", true */ 'b', 'g', 'p', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "bgr34.cz", true */ 'b', 'g', 'r', '3', '4', '.', 'c', 'z', '\0',
+  /* "bgtgames.com", true */ 'b', 'g', 't', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bharath-g.in", true */ 'b', 'h', 'a', 'r', 'a', 't', 'h', '-', 'g', '.', 'i', 'n', '\0',
+  /* "bhodisoft.com", true */ 'b', 'h', 'o', 'd', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bhost.net", true */ 'b', 'h', 'o', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "bhtelecom.ba", true */ 'b', 'h', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'b', 'a', '\0',
+  /* "bhuntr.com", true */ 'b', 'h', 'u', 'n', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bi.search.yahoo.com", false */ 'b', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "biaggeo.com", true */ 'b', 'i', 'a', 'g', 'g', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bianinapiccanovias.com", true */ 'b', 'i', 'a', 'n', 'i', 'n', 'a', 'p', 'i', 'c', 'c', 'a', 'n', 'o', 'v', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biaoqingfuhao.net", true */ 'b', 'i', 'a', 'o', 'q', 'i', 'n', 'g', 'f', 'u', 'h', 'a', 'o', '.', 'n', 'e', 't', '\0',
+  /* "biaoqingfuhao.org", true */ 'b', 'i', 'a', 'o', 'q', 'i', 'n', 'g', 'f', 'u', 'h', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "biasmath.es", true */ 'b', 'i', 'a', 's', 'm', 'a', 't', 'h', '.', 'e', 's', '\0',
+  /* "biathloncup.ru", true */ 'b', 'i', 'a', 't', 'h', 'l', 'o', 'n', 'c', 'u', 'p', '.', 'r', 'u', '\0',
+  /* "bible.ru", true */ 'b', 'i', 'b', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "bibleonline.ru", true */ 'b', 'i', 'b', 'l', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'u', '\0',
+  /* "bibliaon.com", true */ 'b', 'i', 'b', 'l', 'i', 'a', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "biblio.wiki", true */ 'b', 'i', 'b', 'l', 'i', 'o', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "biblioblog.fr", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'b', 'l', 'o', 'g', '.', 'f', 'r', '\0',
+  /* "bibliomarkt.ch", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'm', 'a', 'r', 'k', 't', '.', 'c', 'h', '\0',
+  /* "biblionaut.net", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'n', 'a', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "bibliotekarien.se", true */ 'b', 'i', 'b', 'l', 'i', 'o', 't', 'e', 'k', 'a', 'r', 'i', 'e', 'n', '.', 's', 'e', '\0',
+  /* "biboumail.fr", true */ 'b', 'i', 'b', 'o', 'u', 'm', 'a', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "bibuch.com", true */ 'b', 'i', 'b', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bicha.net", true */ 'b', 'i', 'c', 'h', 'a', '.', 'n', 'e', 't', '\0',
+  /* "bichines.es", true */ 'b', 'i', 'c', 'h', 'i', 'n', 'e', 's', '.', 'e', 's', '\0',
+  /* "bichonfrise.com.br", true */ 'b', 'i', 'c', 'h', 'o', 'n', 'f', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bichonmaltes.com.br", true */ 'b', 'i', 'c', 'h', 'o', 'n', 'm', 'a', 'l', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bicranial.io", true */ 'b', 'i', 'c', 'r', 'a', 'n', 'i', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "bicycle-events.com", true */ 'b', 'i', 'c', 'y', 'c', 'l', 'e', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biddl.com", true */ 'b', 'i', 'd', 'd', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bidorbuy.co.ke", true */ 'b', 'i', 'd', 'o', 'r', 'b', 'u', 'y', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "biegner-technik.de", true */ 'b', 'i', 'e', 'g', 'n', 'e', 'r', '-', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "bien-etre-sante.info", true */ 'b', 'i', 'e', 'n', '-', 'e', 't', 'r', 'e', '-', 's', 'a', 'n', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bienici.com", true */ 'b', 'i', 'e', 'n', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bienoubien.org", true */ 'b', 'i', 'e', 'n', 'o', 'u', 'b', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "biensenvue.com", true */ 'b', 'i', 'e', 'n', 's', 'e', 'n', 'v', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bier.jp", true */ 'b', 'i', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "bierbaumer.net", true */ 'b', 'i', 'e', 'r', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "biergaizi.info", true */ 'b', 'i', 'e', 'r', 'g', 'a', 'i', 'z', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bierochs.org", true */ 'b', 'i', 'e', 'r', 'o', 'c', 'h', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bieser.ch", true */ 'b', 'i', 'e', 's', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "biester.pro", true */ 'b', 'i', 'e', 's', 't', 'e', 'r', '.', 'p', 'r', 'o', '\0',
+  /* "big-andy.co.uk", true */ 'b', 'i', 'g', '-', 'a', 'n', 'd', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "big-bounce.co.uk", true */ 'b', 'i', 'g', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "big-fluglaerm-hamburg.de", true */ 'b', 'i', 'g', '-', 'f', 'l', 'u', 'g', 'l', 'a', 'e', 'r', 'm', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "bigbluedoor.net", true */ 'b', 'i', 'g', 'b', 'l', 'u', 'e', 'd', 'o', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bigbouncebouncycastles.co.uk", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bigbouncetheory.co.uk", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 't', 'h', 'e', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bigbounceuk.com", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bigclassaction.com", true */ 'b', 'i', 'g', 'c', 'l', 'a', 's', 's', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bigcorporateevents.com", true */ 'b', 'i', 'g', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bigdinosaur.org", true */ 'b', 'i', 'g', 'd', 'i', 'n', 'o', 's', 'a', 'u', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "bigfunbouncycastles.com", true */ 'b', 'i', 'g', 'f', 'u', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biggreenexchange.com", true */ 'b', 'i', 'g', 'g', 'r', 'e', 'e', 'n', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bight.ca", true */ 'b', 'i', 'g', 'h', 't', '.', 'c', 'a', '\0',
+  /* "bigio.com.br", true */ 'b', 'i', 'g', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "biglagoonrentals.com", true */ 'b', 'i', 'g', 'l', 'a', 'g', 'o', 'o', 'n', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bigsisterchannel.com", true */ 'b', 'i', 'g', 's', 'i', 's', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bigskymontanalandforsale.com", true */ 'b', 'i', 'g', 's', 'k', 'y', 'm', 'o', 'n', 't', 'a', 'n', 'a', 'l', 'a', 'n', 'd', 'f', 'o', 'r', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biilo.com", true */ 'b', 'i', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bijoux.com.br", true */ 'b', 'i', 'j', 'o', 'u', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bijouxbrasil.com.br", true */ 'b', 'i', 'j', 'o', 'u', 'x', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bijuteriicualint.ro", true */ 'b', 'i', 'j', 'u', 't', 'e', 'r', 'i', 'i', 'c', 'u', 'a', 'l', 'i', 'n', 't', '.', 'r', 'o', '\0',
+  /* "bike-discount.de", true */ 'b', 'i', 'k', 'e', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'd', 'e', '\0',
+  /* "bike-kurse.ch", true */ 'b', 'i', 'k', 'e', '-', 'k', 'u', 'r', 's', 'e', '.', 'c', 'h', '\0',
+  /* "bike-shack.com", true */ 'b', 'i', 'k', 'e', '-', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bikebay.it", true */ 'b', 'i', 'k', 'e', 'b', 'a', 'y', '.', 'i', 't', '\0',
+  /* "bikehistory.org", true */ 'b', 'i', 'k', 'e', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "bikelifetvkidsquads.co.uk", true */ 'b', 'i', 'k', 'e', 'l', 'i', 'f', 'e', 't', 'v', 'k', 'i', 'd', 's', 'q', 'u', 'a', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "biker.dating", true */ 'b', 'i', 'k', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bikerebel.com", true */ 'b', 'i', 'k', 'e', 'r', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bikeshopitalia.com", true */ 'b', 'i', 'k', 'e', 's', 'h', 'o', 'p', 'i', 't', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bikiniseli.com", true */ 'b', 'i', 'k', 'i', 'n', 'i', 's', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bikkelbroeders.com", false */ 'b', 'i', 'k', 'k', 'e', 'l', 'b', 'r', 'o', 'e', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bikkelbroeders.nl", false */ 'b', 'i', 'k', 'k', 'e', 'l', 'b', 'r', 'o', 'e', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "bilalic.com", true */ 'b', 'i', 'l', 'a', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bilalkilic.de", true */ 'b', 'i', 'l', 'a', 'l', 'k', 'i', 'l', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "bilbayt.com", true */ 'b', 'i', 'l', 'b', 'a', 'y', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bilder-designs.de", true */ 'b', 'i', 'l', 'd', 'e', 'r', '-', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'd', 'e', '\0',
+  /* "bildermachr.de", true */ 'b', 'i', 'l', 'd', 'e', 'r', 'm', 'a', 'c', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "bildschirmflackern.de", true */ 'b', 'i', 'l', 'd', 's', 'c', 'h', 'i', 'r', 'm', 'f', 'l', 'a', 'c', 'k', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "biletru.net", true */ 'b', 'i', 'l', 'e', 't', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "bilgo.com", true */ 'b', 'i', 'l', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bilimoe.com", true */ 'b', 'i', 'l', 'i', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bilke.org", true */ 'b', 'i', 'l', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "billaud.eu.org", true */ 'b', 'i', 'l', 'l', 'a', 'u', 'd', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "billdestler.com", true */ 'b', 'i', 'l', 'l', 'd', 'e', 's', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "billgoldstein.name", true */ 'b', 'i', 'l', 'l', 'g', 'o', 'l', 'd', 's', 't', 'e', 'i', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "billiger-mietwagen.de", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', '-', 'm', 'i', 'e', 't', 'w', 'a', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "billigerfinder.de", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "billigpoker.dk", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'p', 'o', 'k', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "billigssl.dk", true */ 'b', 'i', 'l', 'l', 'i', 'g', 's', 's', 'l', '.', 'd', 'k', '\0',
+  /* "billionairemailinglist.com", true */ 'b', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 'm', 'a', 'i', 'l', 'i', 'n', 'g', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "billionkiaparts.com", true */ 'b', 'i', 'l', 'l', 'i', 'o', 'n', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "billogram.com", true */ 'b', 'i', 'l', 'l', 'o', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "billpro.com", false */ 'b', 'i', 'l', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "billpro.com.au", true */ 'b', 'i', 'l', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "billrhodesbakery.com", true */ 'b', 'i', 'l', 'l', 'r', 'h', 'o', 'd', 'e', 's', 'b', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "billrobinson.io", true */ 'b', 'i', 'l', 'l', 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "billy.pictures", true */ 'b', 'i', 'l', 'l', 'y', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0',
+  /* "billyoh.com", true */ 'b', 'i', 'l', 'l', 'y', 'o', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "billysbouncycastlehire.co.uk", true */ 'b', 'i', 'l', 'l', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bilsho.com", true */ 'b', 'i', 'l', 's', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "biltullen.com", true */ 'b', 'i', 'l', 't', 'u', 'l', 'l', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bimmerlabs.com", true */ 'b', 'i', 'm', 'm', 'e', 'r', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bin95.com", true */ 'b', 'i', 'n', '9', '5', '.', 'c', 'o', 'm', '\0',
+  /* "bina.az", true */ 'b', 'i', 'n', 'a', '.', 'a', 'z', '\0',
+  /* "binarization.com", true */ 'b', 'i', 'n', 'a', 'r', 'i', 'z', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "binaryabstraction.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "binaryapparatus.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'p', 'p', 'a', 'r', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "binaryappdev.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'p', 'p', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "binaryevolved.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'e', 'v', 'o', 'l', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "binarystud.io", true */ 'b', 'i', 'n', 'a', 'r', 'y', 's', 't', 'u', 'd', '.', 'i', 'o', '\0',
+  /* "binding-problem.com", true */ 'b', 'i', 'n', 'd', 'i', 'n', 'g', '-', 'p', 'r', 'o', 'b', 'l', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "binfind.com", true */ 'b', 'i', 'n', 'f', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bing.com", true */ 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bingcheung.org", true */ 'b', 'i', 'n', 'g', 'c', 'h', 'e', 'u', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "bingo-wear.com", true */ 'b', 'i', 'n', 'g', 'o', '-', 'w', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bingobank.org", true */ 'b', 'i', 'n', 'g', 'o', 'b', 'a', 'n', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "bingofriends.com", true */ 'b', 'i', 'n', 'g', 'o', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bingostars.com", true */ 'b', 'i', 'n', 'g', 'o', 's', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "binhex.net", true */ 'b', 'i', 'n', 'h', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "binkconsulting.be", true */ 'b', 'i', 'n', 'k', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "binti.com", true */ 'b', 'i', 'n', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bio-disinfestazione.it", true */ 'b', 'i', 'o', '-', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'i', 't', '\0',
+  /* "biobuttons.ch", true */ 'b', 'i', 'o', 'b', 'u', 't', 't', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "biocrafting.net", true */ 'b', 'i', 'o', 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "biodiagnostiki.clinic", true */ 'b', 'i', 'o', 'd', 'i', 'a', 'g', 'n', 'o', 's', 't', 'i', 'k', 'i', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0',
+  /* "biodieseldata.com", true */ 'b', 'i', 'o', 'd', 'i', 'e', 's', 'e', 'l', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bioemsan.cz", true */ 'b', 'i', 'o', 'e', 'm', 's', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "bioetco.ch", true */ 'b', 'i', 'o', 'e', 't', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "biogecho.ch", true */ 'b', 'i', 'o', 'g', 'e', 'c', 'h', 'o', '.', 'c', 'h', '\0',
+  /* "biogecho.swiss", true */ 'b', 'i', 'o', 'g', 'e', 'c', 'h', 'o', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "biogeniq.ca", true */ 'b', 'i', 'o', 'g', 'e', 'n', 'i', 'q', '.', 'c', 'a', '\0',
+  /* "biohappiness.com", true */ 'b', 'i', 'o', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bioharmony.ca", true */ 'b', 'i', 'o', 'h', 'a', 'r', 'm', 'o', 'n', 'y', '.', 'c', 'a', '\0',
+  /* "biointelligence-explosion.com", true */ 'b', 'i', 'o', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '-', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bioligo.ch", true */ 'b', 'i', 'o', 'l', 'i', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "biolindo.com", false */ 'b', 'i', 'o', 'l', 'i', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "biologis.ch", true */ 'b', 'i', 'o', 'l', 'o', 'g', 'i', 's', '.', 'c', 'h', '\0',
+  /* "biomax-mep.com.br", true */ 'b', 'i', 'o', 'm', 'a', 'x', '-', 'm', 'e', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "biometrics.es", true */ 'b', 'i', 'o', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'e', 's', '\0',
+  /* "biomodra.cz", true */ 'b', 'i', 'o', 'm', 'o', 'd', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "biopreferred.gov", true */ 'b', 'i', 'o', 'p', 'r', 'e', 'f', 'e', 'r', 'r', 'e', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "biopsychiatry.com", true */ 'b', 'i', 'o', 'p', 's', 'y', 'c', 'h', 'i', 'a', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "biosafe.ch", true */ 'b', 'i', 'o', 's', 'a', 'f', 'e', '.', 'c', 'h', '\0',
+  /* "biosbits.org", true */ 'b', 'i', 'o', 's', 'b', 'i', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bioshine.com.sg", true */ 'b', 'i', 'o', 's', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "bioshome.de", true */ 'b', 'i', 'o', 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "biosignalanalytics.com", true */ 'b', 'i', 'o', 's', 'i', 'g', 'n', 'a', 'l', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biospeak.solutions", true */ 'b', 'i', 'o', 's', 'p', 'e', 'a', 'k', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "biosphere.cc", true */ 'b', 'i', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'c', '\0',
+  /* "biotechware.com", true */ 'b', 'i', 'o', 't', 'e', 'c', 'h', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biou.me", true */ 'b', 'i', 'o', 'u', '.', 'm', 'e', '\0',
+  /* "biovalue.eu", true */ 'b', 'i', 'o', 'v', 'a', 'l', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "bipyo.com", true */ 'b', 'i', 'p', 'y', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "birbaumer.li", true */ 'b', 'i', 'r', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'l', 'i', '\0',
+  /* "birchbarkfurniture.ch", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "birchbarkfurniture.com", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "birchbarkfurniture.fr", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "birdbrowser.com", true */ 'b', 'i', 'r', 'd', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "birdfeeder.online", true */ 'b', 'i', 'r', 'd', 'f', 'e', 'e', 'd', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "birdiehosting.nl", true */ 'b', 'i', 'r', 'd', 'i', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "birdymanbestreviews.com", true */ 'b', 'i', 'r', 'd', 'y', 'm', 'a', 'n', 'b', 'e', 's', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "birgit-rydlewski.de", true */ 'b', 'i', 'r', 'g', 'i', 't', '-', 'r', 'y', 'd', 'l', 'e', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "birkengarten.ch", true */ 'b', 'i', 'r', 'k', 'e', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "birkhoff.me", true */ 'b', 'i', 'r', 'k', 'h', 'o', 'f', 'f', '.', 'm', 'e', '\0',
+  /* "birminghamcastlehire.co.uk", true */ 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "birthdaytip.com", true */ 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', 't', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "birthmatters.us", true */ 'b', 'i', 'r', 't', 'h', 'm', 'a', 't', 't', 'e', 'r', 's', '.', 'u', 's', '\0',
+  /* "birzan.org", true */ 'b', 'i', 'r', 'z', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "biscoint.io", true */ 'b', 'i', 's', 'c', 'o', 'i', 'n', 't', '.', 'i', 'o', '\0',
+  /* "bismarck-tb.de", true */ 'b', 'i', 's', 'm', 'a', 'r', 'c', 'k', '-', 't', 'b', '.', 'd', 'e', '\0',
+  /* "bison.co", true */ 'b', 'i', 's', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "bissalama.org", true */ 'b', 'i', 's', 's', 'a', 'l', 'a', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bistrocean.com", true */ 'b', 'i', 's', 't', 'r', 'o', 'c', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "biswas.me", true */ 'b', 'i', 's', 'w', 'a', 's', '.', 'm', 'e', '\0',
+  /* "bit-cloud.de", true */ 'b', 'i', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "bit-rapid.com", true */ 'b', 'i', 't', '-', 'r', 'a', 'p', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bit-sentinel.com", true */ 'b', 'i', 't', '-', 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bit.voyage", true */ 'b', 'i', 't', '.', 'v', 'o', 'y', 'a', 'g', 'e', '\0',
+  /* "bit8.com", true */ 'b', 'i', 't', '8', '.', 'c', 'o', 'm', '\0',
+  /* "bitace.com", true */ 'b', 'i', 't', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitbeans.de", true */ 'b', 'i', 't', 'b', 'e', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "bitbucket.com", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bitbucket.io", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'i', 'o', '\0',
+  /* "bitbucket.org", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "bitburner.de", true */ 'b', 'i', 't', 'b', 'u', 'r', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bitcoin-india.net", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '-', 'i', 'n', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "bitcoin-india.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '-', 'i', 'n', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoin.asia", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'a', 's', 'i', 'a', '\0',
+  /* "bitcoin.ch", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "bitcoin.co.nz", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "bitcoin.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoin.de", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "bitcoin.im", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 'm', '\0',
+  /* "bitcoin.info", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bitcoin.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoin.us", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'u', 's', '\0',
+  /* "bitcoinbitcoin.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoinclashic.ninja", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'c', 'l', 'a', 's', 'h', 'i', 'c', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "bitcoincore.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoinec.info", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'e', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bitcoinhk.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'h', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoinindia.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoinkarlsruhe.de", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'k', 'a', 'r', 'l', 's', 'r', 'u', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "bitcoinrealestate.com.au", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bitcointhefts.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 't', 'h', 'e', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoinx.gr", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'x', '.', 'g', 'r', '\0',
+  /* "bitcoinx.ro", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'x', '.', 'r', 'o', '\0',
+  /* "bitedge.com", true */ 'b', 'i', 't', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitenose.com", true */ 'b', 'i', 't', 'e', 'n', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitex.la", true */ 'b', 'i', 't', 'e', 'x', '.', 'l', 'a', '\0',
+  /* "bitfasching.de", true */ 'b', 'i', 't', 'f', 'a', 's', 'c', 'h', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "bitfehler.net", true */ 'b', 'i', 't', 'f', 'e', 'h', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bitfinder.nl", true */ 'b', 'i', 't', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "bitfuse.net", true */ 'b', 'i', 't', 'f', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bitgo.com", true */ 'b', 'i', 't', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bititrain.com", true */ 'b', 'i', 't', 'i', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bitmain.com.ua", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "bitmainwarranty.com", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bitmainwarranty.com.ua", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "bitmainwarranty.ru", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'r', 'u', '\0',
+  /* "bitmessage.ch", true */ 'b', 'i', 't', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "bitmex.com", true */ 'b', 'i', 't', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bitminter.com", true */ 'b', 'i', 't', 'm', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bitmoe.com", true */ 'b', 'i', 't', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitmon.net", true */ 'b', 'i', 't', 'm', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "bitok.com", true */ 'b', 'i', 't', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bitplay.space", true */ 'b', 'i', 't', 'p', 'l', 'a', 'y', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "bitpod.de", true */ 'b', 'i', 't', 'p', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "bitpoll.de", true */ 'b', 'i', 't', 'p', 'o', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "bitpoll.org", true */ 'b', 'i', 't', 'p', 'o', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "bitpumpe.net", true */ 'b', 'i', 't', 'p', 'u', 'm', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bitref.com", true */ 'b', 'i', 't', 'r', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bitroll.com", true */ 'b', 'i', 't', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bitrush.nl", true */ 'b', 'i', 't', 'r', 'u', 's', 'h', '.', 'n', 'l', '\0',
+  /* "bitsafe.com.my", true */ 'b', 'i', 't', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '.', 'm', 'y', '\0',
+  /* "bitsburg.ru", true */ 'b', 'i', 't', 's', 'b', 'u', 'r', 'g', '.', 'r', 'u', '\0',
+  /* "bitsensor.io", true */ 'b', 'i', 't', 's', 'e', 'n', 's', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "bitshaker.net", true */ 'b', 'i', 't', 's', 'h', 'a', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bitskins.co", true */ 'b', 'i', 't', 's', 'k', 'i', 'n', 's', '.', 'c', 'o', '\0',
+  /* "bitskrieg.net", true */ 'b', 'i', 't', 's', 'k', 'r', 'i', 'e', 'g', '.', 'n', 'e', 't', '\0',
+  /* "bitstorm.nl", true */ 'b', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'n', 'l', '\0',
+  /* "bitstorm.org", true */ 'b', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "bitsum.com", true */ 'b', 'i', 't', 's', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "bitsync.nl", true */ 'b', 'i', 't', 's', 'y', 'n', 'c', '.', 'n', 'l', '\0',
+  /* "bittersweetcandybowl.com", true */ 'b', 'i', 't', 't', 'e', 'r', 's', 'w', 'e', 'e', 't', 'c', 'a', 'n', 'd', 'y', 'b', 'o', 'w', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bittervault.xyz", true */ 'b', 'i', 't', 't', 'e', 'r', 'v', 'a', 'u', 'l', 't', '.', 'x', 'y', 'z', '\0',
+  /* "bittmann.me", false */ 'b', 'i', 't', 't', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0',
+  /* "bittylicious.com", true */ 'b', 'i', 't', 't', 'y', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bituptick.com", true */ 'b', 'i', 't', 'u', 'p', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bitvegas.com", true */ 'b', 'i', 't', 'v', 'e', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bitvest.io", true */ 'b', 'i', 't', 'v', 'e', 's', 't', '.', 'i', 'o', '\0',
+  /* "bitwolk.nl", true */ 'b', 'i', 't', 'w', 'o', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "biurokarier.edu.pl", true */ 'b', 'i', 'u', 'r', 'o', 'k', 'a', 'r', 'i', 'e', 'r', '.', 'e', 'd', 'u', '.', 'p', 'l', '\0',
+  /* "bixservice.com", true */ 'b', 'i', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biyori.moe", true */ 'b', 'i', 'y', 'o', 'r', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "biyou-homme.com", true */ 'b', 'i', 'y', 'o', 'u', '-', 'h', 'o', 'm', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biz4x.com", true */ 'b', 'i', 'z', '4', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bizeau.ch", true */ 'b', 'i', 'z', 'e', 'a', 'u', '.', 'c', 'h', '\0',
+  /* "bizedge.co.nz", true */ 'b', 'i', 'z', 'e', 'd', 'g', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "bizniskatalog.mk", true */ 'b', 'i', 'z', 'n', 'i', 's', 'k', 'a', 't', 'a', 'l', 'o', 'g', '.', 'm', 'k', '\0',
+  /* "biznpro.ru", true */ 'b', 'i', 'z', 'n', 'p', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "bizstarter.cz", true */ 'b', 'i', 'z', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "biztera.com", true */ 'b', 'i', 'z', 't', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "biztok.eu", true */ 'b', 'i', 'z', 't', 'o', 'k', '.', 'e', 'u', '\0',
+  /* "bizzi.tv", true */ 'b', 'i', 'z', 'z', 'i', '.', 't', 'v', '\0',
+  /* "bjarnerest.de", true */ 'b', 'j', 'a', 'r', 'n', 'e', 'r', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "bjornhelmersson.se", true */ 'b', 'j', 'o', 'r', 'n', 'h', 'e', 'l', 'm', 'e', 'r', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "bjornjohansen.no", true */ 'b', 'j', 'o', 'r', 'n', 'j', 'o', 'h', 'a', 'n', 's', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "bjsbouncycastles.com", true */ 'b', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bkentertainments.co.uk", true */ 'b', 'k', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bkhpilates.co.uk", true */ 'b', 'k', 'h', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bkositspartytime.co.uk", true */ 'b', 'k', 'o', 's', 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bl4ckb0x.biz", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'b', 'i', 'z', '\0',
+  /* "bl4ckb0x.com", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bl4ckb0x.de", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'd', 'e', '\0',
+  /* "bl4ckb0x.eu", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'e', 'u', '\0',
+  /* "bl4ckb0x.info", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bl4ckb0x.net", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'n', 'e', 't', '\0',
+  /* "bl4ckb0x.org", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "blablacar.co.uk", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blablacar.com", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blablacar.com.tr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "blablacar.com.ua", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "blablacar.de", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "blablacar.es", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'e', 's', '\0',
+  /* "blablacar.fr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "blablacar.hr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'h', 'r', '\0',
+  /* "blablacar.hu", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'h', 'u', '\0',
+  /* "blablacar.in", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'i', 'n', '\0',
+  /* "blablacar.it", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'i', 't', '\0',
+  /* "blablacar.mx", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'm', 'x', '\0',
+  /* "blablacar.nl", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "blablacar.pl", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'p', 'l', '\0',
+  /* "blablacar.pt", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'p', 't', '\0',
+  /* "blablacar.ro", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 'o', '\0',
+  /* "blablacar.rs", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 's', '\0',
+  /* "blablacar.ru", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 'u', '\0',
+  /* "black-gay-porn.biz", true */ 'b', 'l', 'a', 'c', 'k', '-', 'g', 'a', 'y', '-', 'p', 'o', 'r', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "black-khat.com", true */ 'b', 'l', 'a', 'c', 'k', '-', 'k', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "black-mail.nl", true */ 'b', 'l', 'a', 'c', 'k', '-', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "black.dating", true */ 'b', 'l', 'a', 'c', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "black.host", true */ 'b', 'l', 'a', 'c', 'k', '.', 'h', 'o', 's', 't', '\0',
+  /* "blackandpony.de", true */ 'b', 'l', 'a', 'c', 'k', 'a', 'n', 'd', 'p', 'o', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "blackapron.com.br", true */ 'b', 'l', 'a', 'c', 'k', 'a', 'p', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "blackbag.nl", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "blackbase.de", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "blackberrycentral.com", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'e', 'r', 'r', 'y', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "blackberryforums.be", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'e', 'r', 'r', 'y', 'f', 'o', 'r', 'u', 'm', 's', '.', 'b', 'e', '\0',
+  /* "blackcat.ca", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', '.', 'c', 'a', '\0',
+  /* "blackcatinformatics.ca", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'a', '\0',
+  /* "blackcatinformatics.com", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "blackdesertsp.com", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'e', 's', 'e', 'r', 't', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "blackdotbrewery.com", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'o', 't', 'b', 'r', 'e', 'w', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blackdown.de", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'o', 'w', 'n', '.', 'd', 'e', '\0',
+  /* "blackdragoninc.org", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'r', 'a', 'g', 'o', 'n', 'i', 'n', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "blackedbyte.com", true */ 'b', 'l', 'a', 'c', 'k', 'e', 'd', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blackevent.be", true */ 'b', 'l', 'a', 'c', 'k', 'e', 'v', 'e', 'n', 't', '.', 'b', 'e', '\0',
+  /* "blackgamelp.de", true */ 'b', 'l', 'a', 'c', 'k', 'g', 'a', 'm', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "blackhelicopters.net", true */ 'b', 'l', 'a', 'c', 'k', 'h', 'e', 'l', 'i', 'c', 'o', 'p', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "blackhillsinfosec.com", true */ 'b', 'l', 'a', 'c', 'k', 'h', 'i', 'l', 'l', 's', 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "blackkeg.ca", true */ 'b', 'l', 'a', 'c', 'k', 'k', 'e', 'g', '.', 'c', 'a', '\0',
+  /* "blackl.net", true */ 'b', 'l', 'a', 'c', 'k', 'l', '.', 'n', 'e', 't', '\0',
+  /* "blacklightparty.be", true */ 'b', 'l', 'a', 'c', 'k', 'l', 'i', 'g', 'h', 't', 'p', 'a', 'r', 't', 'y', '.', 'b', 'e', '\0',
+  /* "blackmirror.com.au", true */ 'b', 'l', 'a', 'c', 'k', 'm', 'i', 'r', 'r', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "blackmonday.gr", true */ 'b', 'l', 'a', 'c', 'k', 'm', 'o', 'n', 'd', 'a', 'y', '.', 'g', 'r', '\0',
+  /* "blacknetwork.eu", true */ 'b', 'l', 'a', 'c', 'k', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "blacknova.io", true */ 'b', 'l', 'a', 'c', 'k', 'n', 'o', 'v', 'a', '.', 'i', 'o', '\0',
+  /* "blackonion.com", true */ 'b', 'l', 'a', 'c', 'k', 'o', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "blackpapermoon.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'a', 'p', 'e', 'r', 'm', 'o', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "blackphantom.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'h', 'a', 'n', 't', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "blackphoenix.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "blackscytheconsulting.com", true */ 'b', 'l', 'a', 'c', 'k', 's', 'c', 'y', 't', 'h', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "blackseals.net", true */ 'b', 'l', 'a', 'c', 'k', 's', 'e', 'a', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "blackys-chamber.de", true */ 'b', 'l', 'a', 'c', 'k', 'y', 's', '-', 'c', 'h', 'a', 'm', 'b', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "blaise.io", true */ 'b', 'l', 'a', 'i', 's', 'e', '.', 'i', 'o', '\0',
+  /* "blakecoin.org", true */ 'b', 'l', 'a', 'k', 'e', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "blameomar.com", true */ 'b', 'l', 'a', 'm', 'e', 'o', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blancodent.com", true */ 'b', 'l', 'a', 'n', 'c', 'o', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blankersfamily.com", true */ 'b', 'l', 'a', 'n', 'k', 'e', 'r', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blarg.co", true */ 'b', 'l', 'a', 'r', 'g', '.', 'c', 'o', '\0',
+  /* "blastentertainment.com.au", true */ 'b', 'l', 'a', 's', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "blastersklan.com", true */ 'b', 'l', 'a', 's', 't', 'e', 'r', 's', 'k', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "blastzoneentertainments.co.uk", true */ 'b', 'l', 'a', 's', 't', 'z', 'o', 'n', 'e', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blaudev.es", true */ 'b', 'l', 'a', 'u', 'd', 'e', 'v', '.', 'e', 's', '\0',
+  /* "blauerhunger.de", true */ 'b', 'l', 'a', 'u', 'e', 'r', 'h', 'u', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "blayne.me", true */ 'b', 'l', 'a', 'y', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "blayneallan.com", true */ 'b', 'l', 'a', 'y', 'n', 'e', 'a', 'l', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bleaching-tipps.de", true */ 'b', 'l', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '-', 't', 'i', 'p', 'p', 's', '.', 'd', 'e', '\0',
+  /* "bleche-onlineshop.de", true */ 'b', 'l', 'e', 'c', 'h', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "blechinger.io", true */ 'b', 'l', 'e', 'c', 'h', 'i', 'n', 'g', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "blechpirat.name", true */ 'b', 'l', 'e', 'c', 'h', 'p', 'i', 'r', 'a', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "blechschmidt.saarland", true */ 'b', 'l', 'e', 'c', 'h', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0',
+  /* "bleep.zone", true */ 'b', 'l', 'e', 'e', 'p', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "blenderrecipereviews.com", true */ 'b', 'l', 'e', 'n', 'd', 'e', 'r', 'r', 'e', 'c', 'i', 'p', 'e', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "blendle.com", true */ 'b', 'l', 'e', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blendle.nl", true */ 'b', 'l', 'e', 'n', 'd', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "blendr.com", true */ 'b', 'l', 'e', 'n', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blenneros.net", true */ 'b', 'l', 'e', 'n', 'n', 'e', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "blessedearth.com.au", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "blessedguy.com", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blessedguy.net", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'g', 'u', 'y', '.', 'n', 'e', 't', '\0',
+  /* "blewebprojects.com", true */ 'b', 'l', 'e', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "blichmann.eu", true */ 'b', 'l', 'i', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "blidz.com", true */ 'b', 'l', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "blieque.co.uk", true */ 'b', 'l', 'i', 'e', 'q', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blikund.swedbank.se", true */ 'b', 'l', 'i', 'k', 'u', 'n', 'd', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "blingsparkleshine.com", true */ 'b', 'l', 'i', 'n', 'g', 's', 'p', 'a', 'r', 'k', 'l', 'e', 's', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blink-security.com", true */ 'b', 'l', 'i', 'n', 'k', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blinking.link", true */ 'b', 'l', 'i', 'n', 'k', 'i', 'n', 'g', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "blinkspeed.eu", true */ 'b', 'l', 'i', 'n', 'k', 's', 'p', 'e', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "blio.tk", true */ 'b', 'l', 'i', 'o', '.', 't', 'k', '\0',
+  /* "blissjoe.com", true */ 'b', 'l', 'i', 's', 's', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blissplan.com", true */ 'b', 'l', 'i', 's', 's', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "blivawesome.dk", true */ 'b', 'l', 'i', 'v', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'd', 'k', '\0',
+  /* "blivvektor.dk", true */ 'b', 'l', 'i', 'v', 'v', 'e', 'k', 't', 'o', 'r', '.', 'd', 'k', '\0',
+  /* "blizhost.com", true */ 'b', 'l', 'i', 'z', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blizhost.com.br", true */ 'b', 'l', 'i', 'z', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "blizz.news", true */ 'b', 'l', 'i', 'z', 'z', '.', 'n', 'e', 'w', 's', '\0',
+  /* "blkbx.eu", true */ 'b', 'l', 'k', 'b', 'x', '.', 'e', 'u', '\0',
+  /* "blm.gov", true */ 'b', 'l', 'm', '.', 'g', 'o', 'v', '\0',
+  /* "block-this.com", true */ 'b', 'l', 'o', 'c', 'k', '-', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "block65.com", true */ 'b', 'l', 'o', 'c', 'k', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "blockchain.info", true */ 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "blockchaindaigakko.jp", true */ 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', 'd', 'a', 'i', 'g', 'a', 'k', 'k', 'o', '.', 'j', 'p', '\0',
+  /* "blockified.io", true */ 'b', 'l', 'o', 'c', 'k', 'i', 'f', 'i', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "blockmetry.com", true */ 'b', 'l', 'o', 'c', 'k', 'm', 'e', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blockstream.com", true */ 'b', 'l', 'o', 'c', 'k', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "blockxit.de", true */ 'b', 'l', 'o', 'c', 'k', 'x', 'i', 't', '.', 'd', 'e', '\0',
+  /* "bloemendal.me", true */ 'b', 'l', 'o', 'e', 'm', 'e', 'n', 'd', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "blog-grupom2.es", true */ 'b', 'l', 'o', 'g', '-', 'g', 'r', 'u', 'p', 'o', 'm', '2', '.', 'e', 's', '\0',
+  /* "blog.gov.uk", true */ 'b', 'l', 'o', 'g', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "blog.linode.com", false */ 'b', 'l', 'o', 'g', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blog.lookout.com", false */ 'b', 'l', 'o', 'g', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blogabout.ru", true */ 'b', 'l', 'o', 'g', 'a', 'b', 'o', 'u', 't', '.', 'r', 'u', '\0',
+  /* "blogaid.net", true */ 'b', 'l', 'o', 'g', 'a', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "blogarts.net", true */ 'b', 'l', 'o', 'g', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "blogbooker.com", true */ 'b', 'l', 'o', 'g', 'b', 'o', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blogconcours.net", true */ 'b', 'l', 'o', 'g', 'c', 'o', 'n', 'c', 'o', 'u', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "blogcuaviet.com", true */ 'b', 'l', 'o', 'g', 'c', 'u', 'a', 'v', 'i', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blogdieconomia.it", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'a', '.', 'i', 't', '\0',
+  /* "blogdimoda.com", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "blogdimotori.it", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'm', 'o', 't', 'o', 'r', 'i', '.', 'i', 't', '\0',
+  /* "blogexpert.ca", true */ 'b', 'l', 'o', 'g', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'a', '\0',
+  /* "blogging-life.com", true */ 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bloggingwithchildren.com", true */ 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bloggytalky.com", true */ 'b', 'l', 'o', 'g', 'g', 'y', 't', 'a', 'l', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bloginbeeld.nl", true */ 'b', 'l', 'o', 'g', 'i', 'n', 'b', 'e', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "blogom.at", true */ 'b', 'l', 'o', 'g', 'o', 'm', '.', 'a', 't', '\0',
+  /* "blogpentrusuflet.ro", true */ 'b', 'l', 'o', 'g', 'p', 'e', 'n', 't', 'r', 'u', 's', 'u', 'f', 'l', 'e', 't', '.', 'r', 'o', '\0',
+  /* "blogreen.org", true */ 'b', 'l', 'o', 'g', 'r', 'e', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "blogtroterzy.pl", true */ 'b', 'l', 'o', 'g', 't', 'r', 'o', 't', 'e', 'r', 'z', 'y', '.', 'p', 'l', '\0',
+  /* "bloodsports.org", true */ 'b', 'l', 'o', 'o', 'd', 's', 'p', 'o', 'r', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bloodyexcellent.com", true */ 'b', 'l', 'o', 'o', 'd', 'y', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bloom-avenue.com", true */ 'b', 'l', 'o', 'o', 'm', '-', 'a', 'v', 'e', 'n', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bls-fiduciaire.be", true */ 'b', 'l', 's', '-', 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'i', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "bltc.co.uk", true */ 'b', 'l', 't', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bltc.com", true */ 'b', 'l', 't', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bltc.net", true */ 'b', 'l', 't', 'c', '.', 'n', 'e', 't', '\0',
+  /* "bltc.org", true */ 'b', 'l', 't', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "bltc.org.uk", true */ 'b', 'l', 't', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "blubberladen.de", true */ 'b', 'l', 'u', 'b', 'b', 'e', 'r', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "blue-leaf81.net", true */ 'b', 'l', 'u', 'e', '-', 'l', 'e', 'a', 'f', '8', '1', '.', 'n', 'e', 't', '\0',
+  /* "blue42.net", true */ 'b', 'l', 'u', 'e', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "bluecards.eu", true */ 'b', 'l', 'u', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 'u', '\0',
+  /* "bluechilli.com", true */ 'b', 'l', 'u', 'e', 'c', 'h', 'i', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bluecon.ninja", true */ 'b', 'l', 'u', 'e', 'c', 'o', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "blued.moe", true */ 'b', 'l', 'u', 'e', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "bluefinger.nl", true */ 'b', 'l', 'u', 'e', 'f', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "blueflare.org", true */ 'b', 'l', 'u', 'e', 'f', 'l', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bluefuzz.nl", true */ 'b', 'l', 'u', 'e', 'f', 'u', 'z', 'z', '.', 'n', 'l', '\0',
+  /* "blueimp.net", true */ 'b', 'l', 'u', 'e', 'i', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "blueliquiddesigns.com.au", true */ 'b', 'l', 'u', 'e', 'l', 'i', 'q', 'u', 'i', 'd', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bluemeda.web.id", true */ 'b', 'l', 'u', 'e', 'm', 'e', 'd', 'a', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "bluemoonroleplaying.com", true */ 'b', 'l', 'u', 'e', 'm', 'o', 'o', 'n', 'r', 'o', 'l', 'e', 'p', 'l', 'a', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bluemosh.com", true */ 'b', 'l', 'u', 'e', 'm', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bluenote9.com", true */ 'b', 'l', 'u', 'e', 'n', 'o', 't', 'e', '9', '.', 'c', 'o', 'm', '\0',
+  /* "blueperil.de", true */ 'b', 'l', 'u', 'e', 'p', 'e', 'r', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "bluepoint.foundation", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "bluepoint.institute", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0',
+  /* "bluepoint.one", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'o', 'n', 'e', '\0',
+  /* "bluepostbox.de", true */ 'b', 'l', 'u', 'e', 'p', 'o', 's', 't', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "blues-and-pictures.com", true */ 'b', 'l', 'u', 'e', 's', '-', 'a', 'n', 'd', '-', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bluesecure.com.br", true */ 'b', 'l', 'u', 'e', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bluex.im", true */ 'b', 'l', 'u', 'e', 'x', '.', 'i', 'm', '\0',
+  /* "bluex.info", true */ 'b', 'l', 'u', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bluex.net", true */ 'b', 'l', 'u', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "bluex.org", true */ 'b', 'l', 'u', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "blueyed.eu", true */ 'b', 'l', 'u', 'e', 'y', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "bluezonehealth.co.uk", true */ 'b', 'l', 'u', 'e', 'z', 'o', 'n', 'e', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blumen-binder.ch", true */ 'b', 'l', 'u', 'm', 'e', 'n', '-', 'b', 'i', 'n', 'd', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "blumenfeldart.com", true */ 'b', 'l', 'u', 'm', 'e', 'n', 'f', 'e', 'l', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blumenwiese.xyz", true */ 'b', 'l', 'u', 'm', 'e', 'n', 'w', 'i', 'e', 's', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "blumiges-fischbachtal.de", true */ 'b', 'l', 'u', 'm', 'i', 'g', 'e', 's', '-', 'f', 'i', 's', 'c', 'h', 'b', 'a', 'c', 'h', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "blurringexistence.net", true */ 'b', 'l', 'u', 'r', 'r', 'i', 'n', 'g', 'e', 'x', 'i', 's', 't', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "blusmurf.net", true */ 'b', 'l', 'u', 's', 'm', 'u', 'r', 'f', '.', 'n', 'e', 't', '\0',
+  /* "blutopia.xyz", true */ 'b', 'l', 'u', 't', 'o', 'p', 'i', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "blvdmb.com", true */ 'b', 'l', 'v', 'd', 'm', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "bm-immo.ch", true */ 'b', 'm', '-', 'i', 'm', 'm', 'o', '.', 'c', 'h', '\0',
+  /* "bmet.de", true */ 'b', 'm', 'e', 't', '.', 'd', 'e', '\0',
+  /* "bmoattachments.org", true */ 'b', 'm', 'o', 'a', 't', 't', 'a', 'c', 'h', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bmone.net", true */ 'b', 'm', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bmros.com.ar", true */ 'b', 'm', 'r', 'o', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "bmw-motorradclub-seefeld.de", true */ 'b', 'm', 'w', '-', 'm', 'o', 't', 'o', 'r', 'r', 'a', 'd', 'c', 'l', 'u', 'b', '-', 's', 'e', 'e', 'f', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "bn1digital.co.uk", true */ 'b', 'n', '1', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bnb-buddy.nl", true */ 'b', 'n', 'b', '-', 'b', 'u', 'd', 'd', 'y', '.', 'n', 'l', '\0',
+  /* "bnbsinflatablehire.co.uk", true */ 'b', 'n', 'b', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bngs.pl", true */ 'b', 'n', 'g', 's', '.', 'p', 'l', '\0',
+  /* "bnin.org", true */ 'b', 'n', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "bnjscastles.co.uk", true */ 'b', 'n', 'j', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bnstree.com", true */ 'b', 'n', 's', 't', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bnty.net", true */ 'b', 'n', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "boardgamegeeks.de", true */ 'b', 'o', 'a', 'r', 'd', 'g', 'a', 'm', 'e', 'g', 'e', 'e', 'k', 's', '.', 'd', 'e', '\0',
+  /* "boatme.de", true */ 'b', 'o', 'a', 't', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "bobancoamigo.com", true */ 'b', 'o', 'b', 'a', 'n', 'c', 'o', 'a', 'm', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bobaobei.net", true */ 'b', 'o', 'b', 'a', 'o', 'b', 'e', 'i', '.', 'n', 'e', 't', '\0',
+  /* "bobaobei.org", true */ 'b', 'o', 'b', 'a', 'o', 'b', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "bobazar.com", true */ 'b', 'o', 'b', 'a', 'z', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bobcopeland.com", true */ 'b', 'o', 'b', 'c', 'o', 'p', 'e', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bobep.ru", true */ 'b', 'o', 'b', 'e', 'p', '.', 'r', 'u', '\0',
+  /* "bobiji.com", true */ 'b', 'o', 'b', 'i', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bobisec.cz", true */ 'b', 'o', 'b', 'i', 's', 'e', 'c', '.', 'c', 'z', '\0',
+  /* "bobkoetsier.nl", true */ 'b', 'o', 'b', 'k', 'o', 'e', 't', 's', 'i', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "bobnbouncedublin.ie", true */ 'b', 'o', 'b', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'd', 'u', 'b', 'l', 'i', 'n', '.', 'i', 'e', '\0',
+  /* "boboates.com", true */ 'b', 'o', 'b', 'o', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bobobox.net", true */ 'b', 'o', 'b', 'o', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "boboolo.com", true */ 'b', 'o', 'b', 'o', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bobstronomie.fr", true */ 'b', 'o', 'b', 's', 't', 'r', 'o', 'n', 'o', 'm', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "bocamo.it", true */ 'b', 'o', 'c', 'a', 'm', 'o', '.', 'i', 't', '\0',
+  /* "bochs.info", true */ 'b', 'o', 'c', 'h', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bockenauer.at", true */ 'b', 'o', 'c', 'k', 'e', 'n', 'a', 'u', 'e', 'r', '.', 'a', 't', '\0',
+  /* "bocreation.fr", true */ 'b', 'o', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "bodhi.fedoraproject.org", true */ 'b', 'o', 'd', 'h', 'i', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "bodixite.com", true */ 'b', 'o', 'd', 'i', 'x', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bodsch.com", true */ 'b', 'o', 'd', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bodybuilding.events", true */ 'b', 'o', 'd', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'e', 'v', 'e', 'n', 't', 's', '\0',
+  /* "bodybuildingworld.com", true */ 'b', 'o', 'd', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bodyconshop.com", true */ 'b', 'o', 'd', 'y', 'c', 'o', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bodygearguide.com", true */ 'b', 'o', 'd', 'y', 'g', 'e', 'a', 'r', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bodymusclejournal.com", true */ 'b', 'o', 'd', 'y', 'm', 'u', 's', 'c', 'l', 'e', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bodyworkbymichael.com", true */ 'b', 'o', 'd', 'y', 'w', 'o', 'r', 'k', 'b', 'y', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "boeddhashop.nl", true */ 'b', 'o', 'e', 'd', 'd', 'h', 'a', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "boekenlegger.nl", true */ 'b', 'o', 'e', 'k', 'e', 'n', 'l', 'e', 'g', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "boel073.nl", true */ 'b', 'o', 'e', 'l', '0', '7', '3', '.', 'n', 'l', '\0',
+  /* "boernecancerfonden.dk", true */ 'b', 'o', 'e', 'r', 'n', 'e', 'c', 'a', 'n', 'c', 'e', 'r', 'f', 'o', 'n', 'd', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "bogdanepureanu.ro", true */ 'b', 'o', 'g', 'd', 'a', 'n', 'e', 'p', 'u', 'r', 'e', 'a', 'n', 'u', '.', 'r', 'o', '\0',
+  /* "bogner.sh", true */ 'b', 'o', 'g', 'n', 'e', 'r', '.', 's', 'h', '\0',
+  /* "bogobeats.com", true */ 'b', 'o', 'g', 'o', 'b', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bohan.co", true */ 'b', 'o', 'h', 'a', 'n', '.', 'c', 'o', '\0',
+  /* "bohyn.cz", true */ 'b', 'o', 'h', 'y', 'n', '.', 'c', 'z', '\0',
+  /* "boilesen.com", true */ 'b', 'o', 'i', 'l', 'e', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "boimmobilier.ch", true */ 'b', 'o', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "boincstats.com", true */ 'b', 'o', 'i', 'n', 'c', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "boiseonlinemall.com", true */ 'b', 'o', 'i', 's', 'e', 'o', 'n', 'l', 'i', 'n', 'e', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "boisewaldorf.org", true */ 'b', 'o', 'i', 's', 'e', 'w', 'a', 'l', 'd', 'o', 'r', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "bokeyy.com", true */ 'b', 'o', 'k', 'e', 'y', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "boldmediagroup.com", true */ 'b', 'o', 'l', 'd', 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "boldt-metallbau.de", true */ 'b', 'o', 'l', 'd', 't', '-', 'm', 'e', 't', 'a', 'l', 'l', 'b', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "bolektro.de", true */ 'b', 'o', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "bolivarfm.com.ve", true */ 'b', 'o', 'l', 'i', 'v', 'a', 'r', 'f', 'm', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "bollywood.uno", true */ 'b', 'o', 'l', 'l', 'y', 'w', 'o', 'o', 'd', '.', 'u', 'n', 'o', '\0',
+  /* "bologna-disinfestazioni.it", true */ 'b', 'o', 'l', 'o', 'g', 'n', 'a', '-', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 't', '\0',
+  /* "bolovegna.it", true */ 'b', 'o', 'l', 'o', 'v', 'e', 'g', 'n', 'a', '.', 'i', 't', '\0',
+  /* "bolt.cm", false */ 'b', 'o', 'l', 't', '.', 'c', 'm', '\0',
+  /* "bolte.org", true */ 'b', 'o', 'l', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bomb.codes", true */ 'b', 'o', 'm', 'b', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "bombsquad.studio", true */ 'b', 'o', 'm', 'b', 's', 'q', 'u', 'a', 'd', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "bonaccorso.eu", true */ 'b', 'o', 'n', 'a', 'c', 'c', 'o', 'r', 's', 'o', '.', 'e', 'u', '\0',
+  /* "bonami.cz", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'c', 'z', '\0',
+  /* "bonami.pl", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'p', 'l', '\0',
+  /* "bonami.ro", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'r', 'o', '\0',
+  /* "bonami.sk", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 's', 'k', '\0',
+  /* "bonamihome.ro", true */ 'b', 'o', 'n', 'a', 'm', 'i', 'h', 'o', 'm', 'e', '.', 'r', 'o', '\0',
+  /* "bonbonmania.com", true */ 'b', 'o', 'n', 'b', 'o', 'n', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bondagefetishstore.com", true */ 'b', 'o', 'n', 'd', 'a', 'g', 'e', 'f', 'e', 't', 'i', 's', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bondarenko.dn.ua", true */ 'b', 'o', 'n', 'd', 'a', 'r', 'e', 'n', 'k', 'o', '.', 'd', 'n', '.', 'u', 'a', '\0',
+  /* "bondoer.fr", true */ 'b', 'o', 'n', 'd', 'o', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "bondpro.gov", true */ 'b', 'o', 'n', 'd', 'p', 'r', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "bondskampeerder.nl", true */ 'b', 'o', 'n', 'd', 's', 'k', 'a', 'm', 'p', 'e', 'e', 'r', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "bonesserver.com", true */ 'b', 'o', 'n', 'e', 's', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bonfi.net", true */ 'b', 'o', 'n', 'f', 'i', '.', 'n', 'e', 't', '\0',
+  /* "bonifacius.be", true */ 'b', 'o', 'n', 'i', 'f', 'a', 'c', 'i', 'u', 's', '.', 'b', 'e', '\0',
+  /* "bonigo.de", true */ 'b', 'o', 'n', 'i', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "bonita.com.br", true */ 'b', 'o', 'n', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bonnant-associes.ch", true */ 'b', 'o', 'n', 'n', 'a', 'n', 't', '-', 'a', 's', 's', 'o', 'c', 'i', 'e', 's', '.', 'c', 'h', '\0',
+  /* "bonnant-partners.ch", true */ 'b', 'o', 'n', 'n', 'a', 'n', 't', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "bonnebouffe.fr", true */ 'b', 'o', 'n', 'n', 'e', 'b', 'o', 'u', 'f', 'f', 'e', '.', 'f', 'r', '\0',
+  /* "bonnieradvocaten.nl", true */ 'b', 'o', 'n', 'n', 'i', 'e', 'r', 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "bonnin.fr", true */ 'b', 'o', 'n', 'n', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "bonnsustainabilityportal.de", true */ 'b', 'o', 'n', 'n', 's', 'u', 's', 't', 'a', 'i', 'n', 'a', 'b', 'i', 'l', 'i', 't', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "bonnyprints.at", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'a', 't', '\0',
+  /* "bonnyprints.ch", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "bonnyprints.es", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'e', 's', '\0',
+  /* "bonnyprints.fr", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'f', 'r', '\0',
+  /* "bonprix.co.uk", true */ 'b', 'o', 'n', 'p', 'r', 'i', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bonqoeur.ca", true */ 'b', 'o', 'n', 'q', 'o', 'e', 'u', 'r', '.', 'c', 'a', '\0',
+  /* "bonus-flexi.com", true */ 'b', 'o', 'n', 'u', 's', '-', 'f', 'l', 'e', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "boobox.xyz", true */ 'b', 'o', 'o', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "boodaah.com", true */ 'b', 'o', 'o', 'd', 'a', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "boodmo.com", true */ 'b', 'o', 'o', 'd', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "boogiebouncecastles.co.uk", true */ 'b', 'o', 'o', 'g', 'i', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "book-in-hotel.com", true */ 'b', 'o', 'o', 'k', '-', 'i', 'n', '-', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bookingapp.be", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'p', 'p', '.', 'b', 'e', '\0',
+  /* "bookingapp.nl", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "bookingdeluxesp.com", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'd', 'e', 'l', 'u', 'x', 'e', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bookingready.com", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'r', 'e', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bookluk.com", true */ 'b', 'o', 'o', 'k', 'l', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bookmakersfreebets.com.au", true */ 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bookmein.in", true */ 'b', 'o', 'o', 'k', 'm', 'e', 'i', 'n', '.', 'i', 'n', '\0',
+  /* "bookourdjs.com", true */ 'b', 'o', 'o', 'k', 'o', 'u', 'r', 'd', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bookreport.ga", true */ 'b', 'o', 'o', 'k', 'r', 'e', 'p', 'o', 'r', 't', '.', 'g', 'a', '\0',
+  /* "booktracker-org.appspot.com", true */ 'b', 'o', 'o', 'k', 't', 'r', 'a', 'c', 'k', 'e', 'r', '-', 'o', 'r', 'g', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bookwitty.social", true */ 'b', 'o', 'o', 'k', 'w', 'i', 't', 't', 'y', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "bool.be", true */ 'b', 'o', 'o', 'l', '.', 'b', 'e', '\0',
+  /* "boomersurf.com", true */ 'b', 'o', 'o', 'm', 'e', 'r', 's', 'u', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "boomsaki.com", true */ 'b', 'o', 'o', 'm', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "boomsakis.com", true */ 'b', 'o', 'o', 'm', 's', 'a', 'k', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "boomshelf.com", true */ 'b', 'o', 'o', 'm', 's', 'h', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "boomshelf.org", true */ 'b', 'o', 'o', 'm', 's', 'h', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "boonbox.com", true */ 'b', 'o', 'o', 'n', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "booox.biz", true */ 'b', 'o', 'o', 'o', 'x', '.', 'b', 'i', 'z', '\0',
+  /* "booox.cc", true */ 'b', 'o', 'o', 'o', 'x', '.', 'c', 'c', '\0',
+  /* "booox.info", true */ 'b', 'o', 'o', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "booox.net", true */ 'b', 'o', 'o', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "booox.org", true */ 'b', 'o', 'o', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "booox.pw", true */ 'b', 'o', 'o', 'o', 'x', '.', 'p', 'w', '\0',
+  /* "booq.org", true */ 'b', 'o', 'o', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "booquiz.com", true */ 'b', 'o', 'o', 'q', 'u', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "boosinflatablegames.co.uk", true */ 'b', 'o', 'o', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "booter.es", true */ 'b', 'o', 'o', 't', 'e', 'r', '.', 'e', 's', '\0',
+  /* "booter.pw", true */ 'b', 'o', 'o', 't', 'e', 'r', '.', 'p', 'w', '\0',
+  /* "bootjp.me", false */ 'b', 'o', 'o', 't', 'j', 'p', '.', 'm', 'e', '\0',
+  /* "bopera.co.uk", true */ 'b', 'o', 'p', 'e', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bopp.org", true */ 'b', 'o', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "borahan.net", true */ 'b', 'o', 'r', 'a', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "borg.cloud", true */ 'b', 'o', 'r', 'g', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "boringsmith.com", true */ 'b', 'o', 'r', 'i', 'n', 'g', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "borisavstankovic.rs", true */ 'b', 'o', 'r', 'i', 's', 'a', 'v', 's', 't', 'a', 'n', 'k', 'o', 'v', 'i', 'c', '.', 'r', 's', '\0',
+  /* "borisschapira.com", true */ 'b', 'o', 'r', 'i', 's', 's', 'c', 'h', 'a', 'p', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "born-to-learn.com", true */ 'b', 'o', 'r', 'n', '-', 't', 'o', '-', 'l', 'e', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "born2bounce.co.uk", true */ 'b', 'o', 'r', 'n', '2', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bornandgrazed.com", true */ 'b', 'o', 'r', 'n', 'a', 'n', 'd', 'g', 'r', 'a', 'z', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bornfiber.dk", true */ 'b', 'o', 'r', 'n', 'f', 'i', 'b', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "bornhack.dk", true */ 'b', 'o', 'r', 'n', 'h', 'a', 'c', 'k', '.', 'd', 'k', '\0',
+  /* "borowski.pw", true */ 'b', 'o', 'r', 'o', 'w', 's', 'k', 'i', '.', 'p', 'w', '\0',
+  /* "borrelpartybus.nl", true */ 'b', 'o', 'r', 'r', 'e', 'l', 'p', 'a', 'r', 't', 'y', 'b', 'u', 's', '.', 'n', 'l', '\0',
+  /* "borysek.net", true */ 'b', 'o', 'r', 'y', 's', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "borzoi.com.br", true */ 'b', 'o', 'r', 'z', 'o', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "boscoyacht.ch", true */ 'b', 'o', 's', 'c', 'o', 'y', 'a', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "boss.az", true */ 'b', 'o', 's', 's', '.', 'a', 'z', '\0',
+  /* "bostadsportal.se", true */ 'b', 'o', 's', 't', 'a', 'd', 's', 'p', 'o', 'r', 't', 'a', 'l', '.', 's', 'e', '\0',
+  /* "bosufitness.cz", true */ 'b', 'o', 's', 'u', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'z', '\0',
+  /* "bosun.io", true */ 'b', 'o', 's', 'u', 'n', '.', 'i', 'o', '\0',
+  /* "bosworthdental.co.uk", true */ 'b', 'o', 's', 'w', 'o', 'r', 't', 'h', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "botlab.ch", true */ 'b', 'o', 't', 'l', 'a', 'b', '.', 'c', 'h', '\0',
+  /* "botmanager.pl", true */ 'b', 'o', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "botserver.de", true */ 'b', 'o', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bottaerisposta.net", true */ 'b', 'o', 't', 't', 'a', 'e', 'r', 'i', 's', 'p', 'o', 's', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "bottineauneighborhood.org", true */ 'b', 'o', 't', 't', 'i', 'n', 'e', 'a', 'u', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bottke.berlin", true */ 'b', 'o', 't', 't', 'k', 'e', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "bou.lt", true */ 'b', 'o', 'u', '.', 'l', 't', '\0',
+  /* "bouah.net", true */ 'b', 'o', 'u', 'a', 'h', '.', 'n', 'e', 't', '\0',
+  /* "bouchard-mathieux.com", true */ 'b', 'o', 'u', 'c', 'h', 'a', 'r', 'd', '-', 'm', 'a', 't', 'h', 'i', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bouchonville-knifemaker.com", true */ 'b', 'o', 'u', 'c', 'h', 'o', 'n', 'v', 'i', 'l', 'l', 'e', '-', 'k', 'n', 'i', 'f', 'e', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bouckaert-usedcars.be", true */ 'b', 'o', 'u', 'c', 'k', 'a', 'e', 'r', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "boudah.pl", true */ 'b', 'o', 'u', 'd', 'a', 'h', '.', 'p', 'l', '\0',
+  /* "boueki.jp", true */ 'b', 'o', 'u', 'e', 'k', 'i', '.', 'j', 'p', '\0',
+  /* "boueki.org", true */ 'b', 'o', 'u', 'e', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "bougeret.fr", true */ 'b', 'o', 'u', 'g', 'e', 'r', 'e', 't', '.', 'f', 'r', '\0',
+  /* "bouk.co", true */ 'b', 'o', 'u', 'k', '.', 'c', 'o', '\0',
+  /* "boukoubengo.com", true */ 'b', 'o', 'u', 'k', 'o', 'u', 'b', 'e', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "boulzicourt.fr", true */ 'b', 'o', 'u', 'l', 'z', 'i', 'c', 'o', 'u', 'r', 't', '.', 'f', 'r', '\0',
+  /* "bounce-a-mania.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', '-', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-a-roo.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', '-', 'r', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-abouts.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', 'b', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bounce-n-go.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'n', '-', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-on.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-r-us.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'r', '-', 'u', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-xtreme.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'x', 't', 'r', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce4fun.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce4fun.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'f', 'u', 'n', '.', 'i', 'e', '\0',
+  /* "bounce4kidz.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'k', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "bounce4less.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'l', 'e', 's', 's', '.', 'i', 'e', '\0',
+  /* "bouncea-bout.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', '-', 'b', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bounceaboutandplay.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 'a', 'n', 'd', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceaboutnewark.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 'n', 'e', 'w', 'a', 'r', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceaboutsussex.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncealotcastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncealotnorthwest.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'n', 'o', 'r', 't', 'h', 'w', 'e', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceandwobble.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'n', 'd', 'w', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceapp.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bouncearoundevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'r', 'o', 'u', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncearoundsheffield.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'r', 'o', 'u', 'n', 'd', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceawaycastles.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'w', 'a', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bouncebackcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'a', 'c', 'k', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncebeyondcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'e', 'y', 'o', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncebookings.com.au", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'o', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bouncecrazy.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'r', 'a', 'z', 'y', '.', 'i', 'e', '\0',
+  /* "bouncehighpeak.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'h', 'i', 'g', 'h', 'p', 'e', 'a', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncejumpboston.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'j', 'u', 'm', 'p', 'b', 'o', 's', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncekingdom.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'k', 'i', 'n', 'g', 'd', 'o', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemania.org", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bouncemaniaevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemaniainflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemasters.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemonkeys.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'o', 'n', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncenortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncenpaint.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'p', 'a', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncenslidenortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 's', 'l', 'i', 'd', 'e', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncepartycastles.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'a', 'r', 't', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bounceroosevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'r', 'o', 'o', 's', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncers-bouncycastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncesouthwales.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 's', 'o', 'u', 't', 'h', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncesquad.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 's', 'q', 'u', 'a', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncetasticuk.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 't', 'a', 's', 't', 'i', 'c', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncetheparty.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 't', 'h', 'e', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceunlimited.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncewithbovells.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'w', 'i', 't', 'h', 'b', 'o', 'v', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bouncewrightcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'w', 'r', 'i', 'g', 'h', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncincastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncing4joy.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', '4', 'j', 'o', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbairnsinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'a', 'i', 'r', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbeansinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'e', 'a', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbobsinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'o', 'b', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbuddiesleicester.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'u', 'd', 'd', 'i', 'e', 's', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbuzzybees.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'u', 'z', 'z', 'y', 'b', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncinghigher.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'h', 'i', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingscotland.com", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 's', 'c', 'o', 't', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bouncourseplanner.net", true */ 'b', 'o', 'u', 'n', 'c', 'o', 'u', 'r', 's', 'e', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bouncy-castles-surrey.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '-', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncy-tots.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', '-', 't', 'o', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncybaileys.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'i', 'l', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyball.eu", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', '.', 'e', 'u', '\0',
+  /* "bouncyballs.org", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bouncyballscastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncybouncyboocastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'o', 'o', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastle.net.au", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "bouncycastleandparty.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'a', 'n', 'd', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehire-norwich.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '-', 'n', 'o', 'r', 'w', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastlehire-sheffield.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '-', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehireauckland.co.nz", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'a', 'u', 'c', 'k', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "bouncycastlehirebarnstaple.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'b', 'a', 'r', 'n', 's', 't', 'a', 'p', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirebexley.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'b', 'e', 'x', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirechelmsford.org.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'c', 'h', 'e', 'l', 'm', 's', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirehull.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'h', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehireinglasgow.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'i', 'n', 'g', 'l', 'a', 's', 'g', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirelouth.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'l', 'o', 'u', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiremalvern.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'm', 'a', 'l', 'v', 'e', 'r', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiremedway.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'm', 'e', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastlehireoldham.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'o', 'l', 'd', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirestroud.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 's', 't', 'r', 'o', 'u', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiresurrey.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiretameside.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 't', 'a', 'm', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirewinchester.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'w', 'i', 'n', 'c', 'h', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastleman.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlemangloucestershire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', 'g', 'l', 'o', 'u', 'c', 'e', 's', 't', 'e', 'r', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastleparade.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'p', 'a', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastles.me", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'm', 'e', '\0',
+  /* "bouncycastlesgalway.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'g', 'a', 'l', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastleshire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastleshireleeds.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'h', 'i', 'r', 'e', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesin.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesinderby.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', 'd', 'e', 'r', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesinleeds.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesisleofwight.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 's', 'l', 'e', 'o', 'f', 'w', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesmonaghan.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'm', 'o', 'n', 'a', 'g', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastlesperth.net", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'p', 'e', 'r', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "bouncycastlessheerness.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'h', 'e', 'e', 'r', 'n', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncydays.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyfeet.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'e', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncygiggles.com.au", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'g', 'i', 'g', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bouncyhigher.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyhousecastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'o', 'u', 's', 'e', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyhouses.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncykingdom.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 'd', 'o', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncykings.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncykingsnortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 's', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncymacs.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncymadness.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'd', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bouncyrainbows.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncytime.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncytown.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 't', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncywouncy.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'w', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bound2bounce.co.uk", true */ 'b', 'o', 'u', 'n', 'd', '2', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bountyfactory.io", true */ 'b', 'o', 'u', 'n', 't', 'y', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "bourasse.fr", true */ 'b', 'o', 'u', 'r', 'a', 's', 's', 'e', '.', 'f', 'r', '\0',
+  /* "bourdon.fr.eu.org", true */ 'b', 'o', 'u', 'r', 'd', 'o', 'n', '.', 'f', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "bourhis.info", true */ 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bournefun.co.uk", true */ 'b', 'o', 'u', 'r', 'n', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bourqu.in", true */ 'b', 'o', 'u', 'r', 'q', 'u', '.', 'i', 'n', '\0',
+  /* "bourse-aux-jouets.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'a', 'u', 'x', '-', 'j', 'o', 'u', 'e', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bourse-aux-vetements.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'a', 'u', 'x', '-', 'v', 'e', 't', 'e', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bourse-puericulture.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'p', 'u', 'e', 'r', 'i', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "boutiquedecanetas.com.br", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'd', 'e', 'c', 'a', 'n', 'e', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "boutiquefutebol.com.br", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'f', 'u', 't', 'e', 'b', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "boutiqueguenaelleverdin.com", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'g', 'u', 'e', 'n', 'a', 'e', 'l', 'l', 'e', 'v', 'e', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bouw.live", true */ 'b', 'o', 'u', 'w', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "bouzouks.net", true */ 'b', 'o', 'u', 'z', 'o', 'u', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "bowedwallcrackrepair.com", true */ 'b', 'o', 'w', 'e', 'd', 'w', 'a', 'l', 'l', 'c', 'r', 'a', 'c', 'k', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "boweryandvine.com", true */ 'b', 'o', 'w', 'e', 'r', 'y', 'a', 'n', 'd', 'v', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bowling.com", true */ 'b', 'o', 'w', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bowlsheet.com", false */ 'b', 'o', 'w', 'l', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bownty.be", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'b', 'e', '\0',
+  /* "bownty.co.uk", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bownty.de", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'd', 'e', '\0',
+  /* "bownty.dk", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'd', 'k', '\0',
+  /* "bownty.es", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'e', 's', '\0',
+  /* "bownty.fr", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'f', 'r', '\0',
+  /* "bownty.it", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'i', 't', '\0',
+  /* "bownty.nl", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'n', 'l', '\0',
+  /* "bownty.pt", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'p', 't', '\0',
+  /* "bowntycdn.net", true */ 'b', 'o', 'w', 'n', 't', 'y', 'c', 'd', 'n', '.', 'n', 'e', 't', '\0',
+  /* "boxdevigneron.fr", true */ 'b', 'o', 'x', 'd', 'e', 'v', 'i', 'g', 'n', 'e', 'r', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "boxit.es", true */ 'b', 'o', 'x', 'i', 't', '.', 'e', 's', '\0',
+  /* "boxpirates.to", true */ 'b', 'o', 'x', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 't', 'o', '\0',
+  /* "boxvergelijker.nl", true */ 'b', 'o', 'x', 'v', 'e', 'r', 'g', 'e', 'l', 'i', 'j', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "boxview.com", true */ 'b', 'o', 'x', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "boyhost.cn", true */ 'b', 'o', 'y', 'h', 'o', 's', 't', '.', 'c', 'n', '\0',
+  /* "boypoint.de", true */ 'b', 'o', 'y', 'p', 'o', 'i', 'n', 't', '.', 'd', 'e', '\0',
+  /* "boz.nl", true */ 'b', 'o', 'z', '.', 'n', 'l', '\0',
+  /* "bozemancarpetcleaningservices.com", true */ 'b', 'o', 'z', 'e', 'm', 'a', 'n', 'c', 'a', 'r', 'p', 'e', 't', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bozosbouncycastles.co.uk", true */ 'b', 'o', 'z', 'o', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bpadvisors.eu", true */ 'b', 'p', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'e', 'u', '\0',
+  /* "bpaste.net", true */ 'b', 'p', 'a', 's', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bpastudies.org", true */ 'b', 'p', 'a', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bpo.ovh", true */ 'b', 'p', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "bpol-forum.de", true */ 'b', 'p', 'o', 'l', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "bqp.io", true */ 'b', 'q', 'p', '.', 'i', 'o', '\0',
+  /* "bqr.ch", true */ 'b', 'q', 'r', '.', 'c', 'h', '\0',
+  /* "br.search.yahoo.com", false */ 'b', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "br3in.nl", false */ 'b', 'r', '3', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "braams.nl", true */ 'b', 'r', 'a', 'a', 'm', 's', '.', 'n', 'l', '\0',
+  /* "bracho.xyz", true */ 'b', 'r', 'a', 'c', 'h', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "bracoitaliano.com.br", true */ 'b', 'r', 'a', 'c', 'o', 'i', 't', 'a', 'l', 'i', 'a', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bradbrockmeyer.com", true */ 'b', 'r', 'a', 'd', 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bradfordhottubhire.co.uk", true */ 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', 'h', 'o', 't', 't', 'u', 'b', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bradfordmascots.co.uk", true */ 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', 'm', 'a', 's', 'c', 'o', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bradkovach.com", true */ 'b', 'r', 'a', 'd', 'k', 'o', 'v', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bradler.net", true */ 'b', 'r', 'a', 'd', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bradlinder.org", true */ 'b', 'r', 'a', 'd', 'l', 'i', 'n', 'd', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "bradypatterson.com", true */ 'b', 'r', 'a', 'd', 'y', 'p', 'a', 't', 't', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "braemer-it-consulting.de", true */ 'b', 'r', 'a', 'e', 'm', 'e', 'r', '-', 'i', 't', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "braeunlich-gmbh.com", true */ 'b', 'r', 'a', 'e', 'u', 'n', 'l', 'i', 'c', 'h', '-', 'g', 'm', 'b', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bragaweb.com.br", true */ 'b', 'r', 'a', 'g', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "brahmins.com", true */ 'b', 'r', 'a', 'h', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brahmstaedt.de", true */ 'b', 'r', 'a', 'h', 'm', 's', 't', 'a', 'e', 'd', 't', '.', 'd', 'e', '\0',
+  /* "braiampeguero.xyz", true */ 'b', 'r', 'a', 'i', 'a', 'm', 'p', 'e', 'g', 'u', 'e', 'r', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "brailsford.xyz", true */ 'b', 'r', 'a', 'i', 'l', 's', 'f', 'o', 'r', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "brain-e.co", true */ 'b', 'r', 'a', 'i', 'n', '-', 'e', '.', 'c', 'o', '\0',
+  /* "brain-force.ch", true */ 'b', 'r', 'a', 'i', 'n', '-', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "brainball.fr", true */ 'b', 'r', 'a', 'i', 'n', 'b', 'a', 'l', 'l', '.', 'f', 'r', '\0',
+  /* "brainfork.org", true */ 'b', 'r', 'a', 'i', 'n', 'f', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "brainhub.nl", true */ 'b', 'r', 'a', 'i', 'n', 'h', 'u', 'b', '.', 'n', 'l', '\0',
+  /* "brainlag.org", true */ 'b', 'r', 'a', 'i', 'n', 'l', 'a', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "brainserve.ch", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "brainserve.com", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brainserve.swiss", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "brainster.co", true */ 'b', 'r', 'a', 'i', 'n', 's', 't', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "brainvoyagermusic.com", true */ 'b', 'r', 'a', 'i', 'n', 'v', 'o', 'y', 'a', 'g', 'e', 'r', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "brainwork.space", true */ 'b', 'r', 'a', 'i', 'n', 'w', 'o', 'r', 'k', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "brakemanpro.com", true */ 'b', 'r', 'a', 'k', 'e', 'm', 'a', 'n', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "brakstad.org", true */ 'b', 'r', 'a', 'k', 's', 't', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bralnik.com", true */ 'b', 'r', 'a', 'l', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bramhallsamusements.com", true */ 'b', 'r', 'a', 'm', 'h', 'a', 'l', 'l', 's', 'a', 'm', 'u', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brammingfys.dk", true */ 'b', 'r', 'a', 'm', 'm', 'i', 'n', 'g', 'f', 'y', 's', '.', 'd', 'k', '\0',
+  /* "bramvanaken.be", true */ 'b', 'r', 'a', 'm', 'v', 'a', 'n', 'a', 'k', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "bran.land", true */ 'b', 'r', 'a', 'n', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "bran.soy", true */ 'b', 'r', 'a', 'n', '.', 's', 'o', 'y', '\0',
+  /* "branch-bookkeeper.com", true */ 'b', 'r', 'a', 'n', 'c', 'h', '-', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "brandbil.dk", true */ 'b', 'r', 'a', 'n', 'd', 'b', 'i', 'l', '.', 'd', 'k', '\0',
+  /* "brandbuilderwebsites.com", true */ 'b', 'r', 'a', 'n', 'd', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brandcodeconsulting.com", true */ 'b', 'r', 'a', 'n', 'd', 'c', 'o', 'd', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brandcodestyle.com", true */ 'b', 'r', 'a', 'n', 'd', 'c', 'o', 'd', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brando753.xyz", true */ 'b', 'r', 'a', 'n', 'd', 'o', '7', '5', '3', '.', 'x', 'y', 'z', '\0',
+  /* "brandongomez.me", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'g', 'o', 'm', 'e', 'z', '.', 'm', 'e', '\0',
+  /* "brandonhubbard.com", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'h', 'u', 'b', 'b', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "brandonwalker.me", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "brandstead.com", true */ 'b', 'r', 'a', 'n', 'd', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "brandtrapselfie.nl", true */ 'b', 'r', 'a', 'n', 'd', 't', 'r', 'a', 'p', 's', 'e', 'l', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "brandweertrainingen.nl", true */ 'b', 'r', 'a', 'n', 'd', 'w', 'e', 'e', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "brandweeruitgeest.nl", true */ 'b', 'r', 'a', 'n', 'd', 'w', 'e', 'e', 'r', 'u', 'i', 't', 'g', 'e', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "branw.xyz", true */ 'b', 'r', 'a', 'n', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "brasal.ma", true */ 'b', 'r', 'a', 's', 'a', 'l', '.', 'm', 'a', '\0',
+  /* "brasalcosmetics.com", true */ 'b', 'r', 'a', 's', 'a', 'l', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brashear.me", true */ 'b', 'r', 'a', 's', 'h', 'e', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "brasilbombas.com.br", true */ 'b', 'r', 'a', 's', 'i', 'l', 'b', 'o', 'm', 'b', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "brasserie-mino.fr", true */ 'b', 'r', 'a', 's', 's', 'e', 'r', 'i', 'e', '-', 'm', 'i', 'n', 'o', '.', 'f', 'r', '\0',
+  /* "brasspipedreams.org", true */ 'b', 'r', 'a', 's', 's', 'p', 'i', 'p', 'e', 'd', 'r', 'e', 'a', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bratislava-airport-taxi.com", true */ 'b', 'r', 'a', 't', 'i', 's', 'l', 'a', 'v', 'a', '-', 'a', 'i', 'r', 'p', 'o', 'r', 't', '-', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bratteng.xyz", false */ 'b', 'r', 'a', 't', 't', 'e', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "bratvanov.com", true */ 'b', 'r', 'a', 't', 'v', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "brau-ingenieur.de", true */ 'b', 'r', 'a', 'u', '-', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "braudoktor.de", true */ 'b', 'r', 'a', 'u', 'd', 'o', 'k', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "brauingenieur.de", true */ 'b', 'r', 'a', 'u', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "braunsteinpc.com", true */ 'b', 'r', 'a', 'u', 'n', 's', 't', 'e', 'i', 'n', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "braunwarth.info", true */ 'b', 'r', 'a', 'u', 'n', 'w', 'a', 'r', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "brava.bg", true */ 'b', 'r', 'a', 'v', 'a', '.', 'b', 'g', '\0',
+  /* "brave-foods.ch", true */ 'b', 'r', 'a', 'v', 'e', '-', 'f', 'o', 'o', 'd', 's', '.', 'c', 'h', '\0',
+  /* "brave-foods.com", true */ 'b', 'r', 'a', 'v', 'e', '-', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brave.com", true */ 'b', 'r', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bravehearts.org.au", true */ 'b', 'r', 'a', 'v', 'e', 'h', 'e', 'a', 'r', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "braviskindenjeugd.nl", true */ 'b', 'r', 'a', 'v', 'i', 's', 'k', 'i', 'n', 'd', 'e', 'n', 'j', 'e', 'u', 'g', 'd', '.', 'n', 'l', '\0',
+  /* "bravisziekenhuis.nl", true */ 'b', 'r', 'a', 'v', 'i', 's', 'z', 'i', 'e', 'k', 'e', 'n', 'h', 'u', 'i', 's', '.', 'n', 'l', '\0',
+  /* "brazilian.dating", true */ 'b', 'r', 'a', 'z', 'i', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "brazillens.com", true */ 'b', 'r', 'a', 'z', 'i', 'l', 'l', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brb.city", true */ 'b', 'r', 'b', '.', 'c', 'i', 't', 'y', '\0',
+  /* "brck.nl", true */ 'b', 'r', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "brd.ro", true */ 'b', 'r', 'd', '.', 'r', 'o', '\0',
+  /* "breadandlife.org", true */ 'b', 'r', 'e', 'a', 'd', 'a', 'n', 'd', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "breakingtech.it", true */ 'b', 'r', 'e', 'a', 'k', 'i', 'n', 'g', 't', 'e', 'c', 'h', '.', 'i', 't', '\0',
+  /* "breathedreamgo.com", true */ 'b', 'r', 'e', 'a', 't', 'h', 'e', 'd', 'r', 'e', 'a', 'm', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "brecht.ch", true */ 'b', 'r', 'e', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "breckle.com.ua", true */ 'b', 'r', 'e', 'c', 'k', 'l', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "brecknell.biz", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'b', 'i', 'z', '\0',
+  /* "brecknell.com", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brecknell.info", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "brecknell.name", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "brecknell.net", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "brecknell.org", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "breda.computer", true */ 'b', 'r', 'e', 'd', 'a', '.', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '\0',
+  /* "bredvid.no", true */ 'b', 'r', 'e', 'd', 'v', 'i', 'd', '.', 'n', 'o', '\0',
+  /* "breechdepot.com", false */ 'b', 'r', 'e', 'e', 'c', 'h', 'd', 'e', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "breeethretail.ru", false */ 'b', 'r', 'e', 'e', 'e', 't', 'h', 'r', 'e', 't', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "breest.net", true */ 'b', 'r', 'e', 'e', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "breeswish.org", true */ 'b', 'r', 'e', 'e', 's', 'w', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "breeyn.com", true */ 'b', 'r', 'e', 'e', 'y', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "brefy.com", true */ 'b', 'r', 'e', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brege.org", true */ 'b', 'r', 'e', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bregnedalsystems.dk", true */ 'b', 'r', 'e', 'g', 'n', 'e', 'd', 'a', 'l', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'd', 'k', '\0',
+  /* "breitbild-beamer.de", true */ 'b', 'r', 'e', 'i', 't', 'b', 'i', 'l', 'd', '-', 'b', 'e', 'a', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "brejoc.com", true */ 'b', 'r', 'e', 'j', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bremensaki.com", true */ 'b', 'r', 'e', 'm', 'e', 'n', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "brendanscherer.com", true */ 'b', 'r', 'e', 'n', 'd', 'a', 'n', 's', 'c', 'h', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "brentacampbell.com", true */ 'b', 'r', 'e', 'n', 't', 'a', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brentnewbury.com", true */ 'b', 'r', 'e', 'n', 't', 'n', 'e', 'w', 'b', 'u', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bressier.fr", true */ 'b', 'r', 'e', 's', 's', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "bretcarmichael.com", true */ 'b', 'r', 'e', 't', 'c', 'a', 'r', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brettabel.com", true */ 'b', 'r', 'e', 't', 't', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brettcornwall.com", true */ 'b', 'r', 'e', 't', 't', 'c', 'o', 'r', 'n', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brettelliff.com", true */ 'b', 'r', 'e', 't', 't', 'e', 'l', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bretz-hufer.de", true */ 'b', 'r', 'e', 't', 'z', '-', 'h', 'u', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bretzner.fr", true */ 'b', 'r', 'e', 't', 'z', 'n', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "brevboxar.se", true */ 'b', 'r', 'e', 'v', 'b', 'o', 'x', 'a', 'r', '.', 's', 'e', '\0',
+  /* "brewsouth.com", true */ 'b', 'r', 'e', 'w', 's', 'o', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "brewtrackr.com", true */ 'b', 'r', 'e', 'w', 't', 'r', 'a', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "brfvh24.se", true */ 'b', 'r', 'f', 'v', 'h', '2', '4', '.', 's', 'e', '\0',
+  /* "brgins.com", true */ 'b', 'r', 'g', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brianalaway.com", true */ 'b', 'r', 'i', 'a', 'n', 'a', 'l', 'a', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brianalawayconsulting.com", true */ 'b', 'r', 'i', 'a', 'n', 'a', 'l', 'a', 'w', 'a', 'y', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brianfoshee.com", true */ 'b', 'r', 'i', 'a', 'n', 'f', 'o', 's', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brianlanders.us", true */ 'b', 'r', 'i', 'a', 'n', 'l', 'a', 'n', 'd', 'e', 'r', 's', '.', 'u', 's', '\0',
+  /* "brianmwaters.net", true */ 'b', 'r', 'i', 'a', 'n', 'm', 'w', 'a', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "brianroadifer.com", true */ 'b', 'r', 'i', 'a', 'n', 'r', 'o', 'a', 'd', 'i', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "briansmith.org", true */ 'b', 'r', 'i', 'a', 'n', 's', 'm', 'i', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "briantkatch.com", true */ 'b', 'r', 'i', 'a', 'n', 't', 'k', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "brianwesaala.com", true */ 'b', 'r', 'i', 'a', 'n', 'w', 'e', 's', 'a', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "brickftp.com", true */ 'b', 'r', 'i', 'c', 'k', 'f', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "brickheroes.com", true */ 'b', 'r', 'i', 'c', 'k', 'h', 'e', 'r', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brickvortex.com", true */ 'b', 'r', 'i', 'c', 'k', 'v', 'o', 'r', 't', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "brickwerks.io", true */ 'b', 'r', 'i', 'c', 'k', 'w', 'e', 'r', 'k', 's', '.', 'i', 'o', '\0',
+  /* "bricolajeux.ch", true */ 'b', 'r', 'i', 'c', 'o', 'l', 'a', 'j', 'e', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "brid.gy", false */ 'b', 'r', 'i', 'd', '.', 'g', 'y', '\0',
+  /* "brideandgroomdirect.ie", true */ 'b', 'r', 'i', 'd', 'e', 'a', 'n', 'd', 'g', 'r', 'o', 'o', 'm', 'd', 'i', 'r', 'e', 'c', 't', '.', 'i', 'e', '\0',
+  /* "bridgeglobalmarketing.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'g', 'l', 'o', 'b', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bridgeout.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bridgevest.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bridgingdirectory.com", true */ 'b', 'r', 'i', 'd', 'g', 'i', 'n', 'g', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brie.tech", true */ 'b', 'r', 'i', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "briefhansa.de", true */ 'b', 'r', 'i', 'e', 'f', 'h', 'a', 'n', 's', 'a', '.', 'd', 'e', '\0',
+  /* "brighouse-leisure.co.uk", true */ 'b', 'r', 'i', 'g', 'h', 'o', 'u', 's', 'e', '-', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "brightday.bz", true */ 'b', 'r', 'i', 'g', 'h', 't', 'd', 'a', 'y', '.', 'b', 'z', '\0',
+  /* "brightfuturemadebyme.com", true */ 'b', 'r', 'i', 'g', 'h', 't', 'f', 'u', 't', 'u', 'r', 'e', 'm', 'a', 'd', 'e', 'b', 'y', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brightonbank.com", true */ 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "brightonbouncycastles.net", true */ 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "brigidaarie.com", true */ 'b', 'r', 'i', 'g', 'i', 'd', 'a', 'a', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brilliantbouncyfun.co.uk", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "brilliantdecisionmaking.com", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'd', 'e', 'c', 'i', 's', 'i', 'o', 'n', 'm', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brilliantproductions.co.nz", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "brinkhu.is", true */ 'b', 'r', 'i', 'n', 'k', 'h', 'u', '.', 'i', 's', '\0',
+  /* "brinkmann.one", true */ 'b', 'r', 'i', 'n', 'k', 'm', 'a', 'n', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "brinquedoseducativos.art.br", true */ 'b', 'r', 'i', 'n', 'q', 'u', 'e', 'd', 'o', 's', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'v', 'o', 's', '.', 'a', 'r', 't', '.', 'b', 'r', '\0',
+  /* "brio-shop.ch", true */ 'b', 'r', 'i', 'o', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "brisbanelogistics.com.au", true */ 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bristebein.com", true */ 'b', 'r', 'i', 's', 't', 'e', 'b', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bristolandwestonsuperbounce.com", true */ 'b', 'r', 'i', 's', 't', 'o', 'l', 'a', 'n', 'd', 'w', 'e', 's', 't', 'o', 'n', 's', 'u', 'p', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "britelocate.com", true */ 'b', 'r', 'i', 't', 'e', 'l', 'o', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "britishbeef.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'b', 'e', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "britishbookmakers.co.uk", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "britishgroupsg.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'g', 'r', 'o', 'u', 'p', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "britishmeat.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'm', 'e', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "britishsciencefestival.org", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "britishscienceweek.org", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'w', 'e', 'e', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "britneyclause.com", true */ 'b', 'r', 'i', 't', 'n', 'e', 'y', 'c', 'l', 'a', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "britton-photography.com", true */ 'b', 'r', 'i', 't', 't', 'o', 'n', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brivadois.ovh", true */ 'b', 'r', 'i', 'v', 'a', 'd', 'o', 'i', 's', '.', 'o', 'v', 'h', '\0',
+  /* "brmascots.com", true */ 'b', 'r', 'm', 'a', 's', 'c', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brmsalescommunity.com", true */ 'b', 'r', 'm', 's', 'a', 'l', 'e', 's', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brn.by", true */ 'b', 'r', 'n', '.', 'b', 'y', '\0',
+  /* "bro.hk", true */ 'b', 'r', 'o', '.', 'h', 'k', '\0',
+  /* "broadsheet.com.au", true */ 'b', 'r', 'o', 'a', 'd', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "brockmeyer.net", true */ 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "brockmeyer.org", true */ 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "brodowski.cc", true */ 'b', 'r', 'o', 'd', 'o', 'w', 's', 'k', 'i', '.', 'c', 'c', '\0',
+  /* "broersma.com", true */ 'b', 'r', 'o', 'e', 'r', 's', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "broerweb.nl", true */ 'b', 'r', 'o', 'e', 'r', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "broeselei.at", true */ 'b', 'r', 'o', 'e', 's', 'e', 'l', 'e', 'i', '.', 'a', 't', '\0',
+  /* "brokenhands.io", true */ 'b', 'r', 'o', 'k', 'e', 'n', 'h', 'a', 'n', 'd', 's', '.', 'i', 'o', '\0',
+  /* "brokenjoysticks.net", true */ 'b', 'r', 'o', 'k', 'e', 'n', 'j', 'o', 'y', 's', 't', 'i', 'c', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "brokervalues.com", true */ 'b', 'r', 'o', 'k', 'e', 'r', 'v', 'a', 'l', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brompton-cocktail.com", true */ 'b', 'r', 'o', 'm', 'p', 't', 'o', 'n', '-', 'c', 'o', 'c', 'k', 't', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bronetb2b.com.br", true */ 'b', 'r', 'o', 'n', 'e', 't', 'b', '2', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bronevichok.ru", true */ 'b', 'r', 'o', 'n', 'e', 'v', 'i', 'c', 'h', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "bronwynlewis.com", false */ 'b', 'r', 'o', 'n', 'w', 'y', 'n', 'l', 'e', 'w', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brooke-fan.com", true */ 'b', 'r', 'o', 'o', 'k', 'e', '-', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "brookehatton.com", true */ 'b', 'r', 'o', 'o', 'k', 'e', 'h', 'a', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "brooklynrealestateblog.com", true */ 'b', 'r', 'o', 'o', 'k', 'l', 'y', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brossman.it", true */ 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', '.', 'i', 't', '\0',
+  /* "brossmanit.com", true */ 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "brother-printsmart.nl", true */ 'b', 'r', 'o', 't', 'h', 'e', 'r', '-', 'p', 'r', 'i', 'n', 't', 's', 'm', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "brouillard.ch", true */ 'b', 'r', 'o', 'u', 'i', 'l', 'l', 'a', 'r', 'd', '.', 'c', 'h', '\0',
+  /* "brownfieldstsc.org", true */ 'b', 'r', 'o', 'w', 'n', 'f', 'i', 'e', 'l', 'd', 's', 't', 's', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "brownlawoffice.us", true */ 'b', 'r', 'o', 'w', 'n', 'l', 'a', 'w', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'u', 's', '\0',
+  /* "browsedns.net", true */ 'b', 'r', 'o', 'w', 's', 'e', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "bru6.de", true */ 'b', 'r', 'u', '6', '.', 'd', 'e', '\0',
+  /* "brucemartin.net", true */ 'b', 'r', 'u', 'c', 'e', 'm', 'a', 'r', 't', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "brucemobile.de", true */ 'b', 'r', 'u', 'c', 'e', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "bruck.me", true */ 'b', 'r', 'u', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "bruckner.li", true */ 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'l', 'i', '\0',
+  /* "bruna-cdn.nl", true */ 'b', 'r', 'u', 'n', 'a', '-', 'c', 'd', 'n', '.', 'n', 'l', '\0',
+  /* "brunn.email", true */ 'b', 'r', 'u', 'n', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "brunner.ninja", true */ 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "brunoramos.com", true */ 'b', 'r', 'u', 'n', 'o', 'r', 'a', 'm', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brunoramos.org", true */ 'b', 'r', 'u', 'n', 'o', 'r', 'a', 'm', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "brunosouza.org", true */ 'b', 'r', 'u', 'n', 'o', 's', 'o', 'u', 'z', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bruun.co", true */ 'b', 'r', 'u', 'u', 'n', '.', 'c', 'o', '\0',
+  /* "bryankaplan.com", true */ 'b', 'r', 'y', 'a', 'n', 'k', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bryanquigley.com", true */ 'b', 'r', 'y', 'a', 'n', 'q', 'u', 'i', 'g', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bryanshearer.accountant", true */ 'b', 'r', 'y', 'a', 'n', 's', 'h', 'e', 'a', 'r', 'e', 'r', '.', 'a', 'c', 'c', 'o', 'u', 'n', 't', 'a', 'n', 't', '\0',
+  /* "bs-network.net", true */ 'b', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "bs-security.com", true */ 'b', 's', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bs.sb", true */ 'b', 's', '.', 's', 'b', '\0',
+  /* "bs.to", true */ 'b', 's', '.', 't', 'o', '\0',
+  /* "bsagan.fr", true */ 'b', 's', 'a', 'g', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "bsc-rietz.at", true */ 'b', 's', 'c', '-', 'r', 'i', 'e', 't', 'z', '.', 'a', 't', '\0',
+  /* "bsc01.dyndns.org", true */ 'b', 's', 'c', '0', '1', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bsdfreak.dk", true */ 'b', 's', 'd', 'f', 'r', 'e', 'a', 'k', '.', 'd', 'k', '\0',
+  /* "bsdracing.ca", true */ 'b', 's', 'd', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "bsdug.org", true */ 'b', 's', 'd', 'u', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "bsdunix.xyz", true */ 'b', 's', 'd', 'u', 'n', 'i', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "bsg-aok-muenchen.de", true */ 'b', 's', 'g', '-', 'a', 'o', 'k', '-', 'm', 'u', 'e', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "bsidesf.com", true */ 'b', 's', 'i', 'd', 'e', 's', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bsidesf.org", true */ 'b', 's', 'i', 'd', 'e', 's', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "bsidessf.com", true */ 'b', 's', 'i', 'd', 'e', 's', 's', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bsociabl.com", true */ 'b', 's', 'o', 'c', 'i', 'a', 'b', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bsohoekvanholland.nl", true */ 'b', 's', 'o', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "bsquared.org", true */ 'b', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bstoked.net", true */ 'b', 's', 't', 'o', 'k', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "bsw-solution.de", true */ 'b', 's', 'w', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "bt123.xyz", true */ 'b', 't', '1', '2', '3', '.', 'x', 'y', 'z', '\0',
+  /* "bta.lv", false */ 'b', 't', 'a', '.', 'l', 'v', '\0',
+  /* "btc2secure.com", true */ 'b', 't', 'c', '2', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "btcarmory.com", true */ 'b', 't', 'c', 'a', 'r', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "btcgo.nl", true */ 'b', 't', 'c', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "btcontract.com", true */ 'b', 't', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "btcpop.co", true */ 'b', 't', 'c', 'p', 'o', 'p', '.', 'c', 'o', '\0',
+  /* "btcycle.org", true */ 'b', 't', 'c', 'y', 'c', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "btio.pw", true */ 'b', 't', 'i', 'o', '.', 'p', 'w', '\0',
+  /* "btku.org", true */ 'b', 't', 'k', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "btnissanparts.com", true */ 'b', 't', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "btorrent.xyz", true */ 'b', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'x', 'y', 'z', '\0',
+  /* "btrb.ml", true */ 'b', 't', 'r', 'b', '.', 'm', 'l', '\0',
+  /* "btserv.de", true */ 'b', 't', 's', 'e', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "btsoft.eu", true */ 'b', 't', 's', 'o', 'f', 't', '.', 'e', 'u', '\0',
+  /* "btsow.com", true */ 'b', 't', 's', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "btth.pl", true */ 'b', 't', 't', 'h', '.', 'p', 'l', '\0',
+  /* "btth.tv", true */ 'b', 't', 't', 'h', '.', 't', 'v', '\0',
+  /* "btth.xyz", true */ 'b', 't', 't', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "bubba.cc", true */ 'b', 'u', 'b', 'b', 'a', '.', 'c', 'c', '\0',
+  /* "bubblegumblog.com", true */ 'b', 'u', 'b', 'b', 'l', 'e', 'g', 'u', 'm', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bubblespetspa.com", true */ 'b', 'u', 'b', 'b', 'l', 'e', 's', 'p', 'e', 't', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bubblinghottubs.co.uk", true */ 'b', 'u', 'b', 'b', 'l', 'i', 'n', 'g', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bubblybouncers.co.uk", true */ 'b', 'u', 'b', 'b', 'l', 'y', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bubhub.io", true */ 'b', 'u', 'b', 'h', 'u', 'b', '.', 'i', 'o', '\0',
+  /* "buch-angucken.de", true */ 'b', 'u', 'c', 'h', '-', 'a', 'n', 'g', 'u', 'c', 'k', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "buck.com", true */ 'b', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "buckmulligans.com", true */ 'b', 'u', 'c', 'k', 'm', 'u', 'l', 'l', 'i', 'g', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buckypaper.com", true */ 'b', 'u', 'c', 'k', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "budaev-shop.ru", true */ 'b', 'u', 'd', 'a', 'e', 'v', '-', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0',
+  /* "buddhistische-weisheiten.org", true */ 'b', 'u', 'd', 'd', 'h', 'i', 's', 't', 'i', 's', 'c', 'h', 'e', '-', 'w', 'e', 'i', 's', 'h', 'e', 'i', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "buddie5.com", true */ 'b', 'u', 'd', 'd', 'i', 'e', '5', '.', 'c', 'o', 'm', '\0',
+  /* "buddlycrafts.com", true */ 'b', 'u', 'd', 'd', 'l', 'y', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buddyworks.net", true */ 'b', 'u', 'd', 'd', 'y', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "budeanu.com", true */ 'b', 'u', 'd', 'e', 'a', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "buderus-family.be", true */ 'b', 'u', 'd', 'e', 'r', 'u', 's', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'b', 'e', '\0',
+  /* "budger.nl", true */ 'b', 'u', 'd', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "budgetalk.com", true */ 'b', 'u', 'd', 'g', 'e', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "budgetcastlehire.co.uk", true */ 'b', 'u', 'd', 'g', 'e', 't', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "budgetenergievriendenvoordeel.nl", true */ 'b', 'u', 'd', 'g', 'e', 't', 'e', 'n', 'e', 'r', 'g', 'i', 'e', 'v', 'r', 'i', 'e', 'n', 'd', 'e', 'n', 'v', 'o', 'o', 'r', 'd', 'e', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "budgetlob.gov", true */ 'b', 'u', 'd', 'g', 'e', 't', 'l', 'o', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "budgetlovers.nl", true */ 'b', 'u', 'd', 'g', 'e', 't', 'l', 'o', 'v', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "budgiesballoons.com", true */ 'b', 'u', 'd', 'g', 'i', 'e', 's', 'b', 'a', 'l', 'l', 'o', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "budntod.com", true */ 'b', 'u', 'd', 'n', 't', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "budolfs.de", true */ 'b', 'u', 'd', 'o', 'l', 'f', 's', '.', 'd', 'e', '\0',
+  /* "buehnenbande.ch", false */ 'b', 'u', 'e', 'h', 'n', 'e', 'n', 'b', 'a', 'n', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "bueltge.de", true */ 'b', 'u', 'e', 'l', 't', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "buenotour.ru", true */ 'b', 'u', 'e', 'n', 'o', 't', 'o', 'u', 'r', '.', 'r', 'u', '\0',
+  /* "buergerdialog.net", true */ 'b', 'u', 'e', 'r', 'g', 'e', 'r', 'd', 'i', 'a', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "buergerhaushalt.com", true */ 'b', 'u', 'e', 'r', 'g', 'e', 'r', 'h', 'a', 'u', 's', 'h', 'a', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "buettgens.net", true */ 'b', 'u', 'e', 't', 't', 'g', 'e', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "buffaloautomation.com", true */ 'b', 'u', 'f', 'f', 'a', 'l', 'o', 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "buffalodrinkinggame.beer", true */ 'b', 'u', 'f', 'f', 'a', 'l', 'o', 'd', 'r', 'i', 'n', 'k', 'i', 'n', 'g', 'g', 'a', 'm', 'e', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "buffhack.com", false */ 'b', 'u', 'f', 'f', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bug.blue", true */ 'b', 'u', 'g', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "bugcrowd.com", true */ 'b', 'u', 'g', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bugs.chromium.org", true */ 'b', 'u', 'g', 's', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "bugtrack.co.uk", true */ 'b', 'u', 'g', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bugwie.com", true */ 'b', 'u', 'g', 'w', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bugzil.la", true */ 'b', 'u', 'g', 'z', 'i', 'l', '.', 'l', 'a', '\0',
+  /* "bugzilla.mozilla.org", true */ 'b', 'u', 'g', 'z', 'i', 'l', 'l', 'a', '.', 'm', 'o', 'z', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "buiko.com", true */ 'b', 'u', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "build.chromium.org", true */ 'b', 'u', 'i', 'l', 'd', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "buildbox.io", true */ 'b', 'u', 'i', 'l', 'd', 'b', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "buildbytes.com", true */ 'b', 'u', 'i', 'l', 'd', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "building-cost-estimators.com", true */ 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '-', 'c', 'o', 's', 't', '-', 'e', 's', 't', 'i', 'm', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buildingcostestimators.co.uk", true */ 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 's', 't', 'e', 's', 't', 'i', 'm', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "builditsolutions.net", true */ 'b', 'u', 'i', 'l', 'd', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "buildkite.com", true */ 'b', 'u', 'i', 'l', 'd', 'k', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "buildplease.com", true */ 'b', 'u', 'i', 'l', 'd', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "buildrightbuildingservicesltd.co.uk", true */ 'b', 'u', 'i', 'l', 'd', 'r', 'i', 'g', 'h', 't', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', 'l', 't', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "builtvisible.com", true */ 'b', 'u', 'i', 'l', 't', 'v', 'i', 's', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "builtwith.com", true */ 'b', 'u', 'i', 'l', 't', 'w', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "buka.jp", true */ 'b', 'u', 'k', 'a', '.', 'j', 'p', '\0',
+  /* "bukkenfan.jp", true */ 'b', 'u', 'k', 'k', 'e', 'n', 'f', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "bul3seas.eu", true */ 'b', 'u', 'l', '3', 's', 'e', 'a', 's', '.', 'e', 'u', '\0',
+  /* "bulario.com", true */ 'b', 'u', 'l', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bulbcompare.com", true */ 'b', 'u', 'l', 'b', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bulbgenie.com", true */ 'b', 'u', 'l', 'b', 'g', 'e', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "buldogueingles.com.br", true */ 'b', 'u', 'l', 'd', 'o', 'g', 'u', 'e', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bulkcandystore.com", true */ 'b', 'u', 'l', 'k', 'c', 'a', 'n', 'd', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bulkingtime.com", true */ 'b', 'u', 'l', 'k', 'i', 'n', 'g', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bulktrade.de", true */ 'b', 'u', 'l', 'k', 't', 'r', 'a', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "bulkwholesalesweets.co.uk", true */ 'b', 'u', 'l', 'k', 'w', 'h', 'o', 'l', 'e', 's', 'a', 'l', 'e', 's', 'w', 'e', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bulldog-hosting.de", true */ 'b', 'u', 'l', 'l', 'd', 'o', 'g', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "bulldoghire.co.uk", true */ 'b', 'u', 'l', 'l', 'd', 'o', 'g', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bulledair-savons.ch", true */ 'b', 'u', 'l', 'l', 'e', 'd', 'a', 'i', 'r', '-', 's', 'a', 'v', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "bullettags.com", true */ 'b', 'u', 'l', 'l', 'e', 't', 't', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bullterrier.nu", true */ 'b', 'u', 'l', 'l', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'n', 'u', '\0',
+  /* "bulmastife.com.br", true */ 'b', 'u', 'l', 'm', 'a', 's', 't', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bulwarkhost.com", true */ 'b', 'u', 'l', 'w', 'a', 'r', 'k', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bumshow.ru", true */ 'b', 'u', 'm', 's', 'h', 'o', 'w', '.', 'r', 'u', '\0',
+  /* "bunadarbankinn.is", true */ 'b', 'u', 'n', 'a', 'd', 'a', 'r', 'b', 'a', 'n', 'k', 'i', 'n', 'n', '.', 'i', 's', '\0',
+  /* "bunbun.be", false */ 'b', 'u', 'n', 'b', 'u', 'n', '.', 'b', 'e', '\0',
+  /* "bund-von-theramore.de", true */ 'b', 'u', 'n', 'd', '-', 'v', 'o', 'n', '-', 't', 'h', 'e', 'r', 'a', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "bundaberg.com", true */ 'b', 'u', 'n', 'd', 'a', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bundespolizei-forum.de", true */ 'b', 'u', 'n', 'd', 'e', 's', 'p', 'o', 'l', 'i', 'z', 'e', 'i', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "bunkyo-life.com", true */ 'b', 'u', 'n', 'k', 'y', 'o', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bunny-rabbits.com", true */ 'b', 'u', 'n', 'n', 'y', '-', 'r', 'a', 'b', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bunnyvishal.com", true */ 'b', 'u', 'n', 'n', 'y', 'v', 'i', 's', 'h', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bunzy.ca", true */ 'b', 'u', 'n', 'z', 'y', '.', 'c', 'a', '\0',
+  /* "buonventosbt.eu", true */ 'b', 'u', 'o', 'n', 'v', 'e', 'n', 't', 'o', 's', 'b', 't', '.', 'e', 'u', '\0',
+  /* "bupropion.com", true */ 'b', 'u', 'p', 'r', 'o', 'p', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "burcevo.info", true */ 'b', 'u', 'r', 'c', 'e', 'v', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "burckardtnet.de", true */ 'b', 'u', 'r', 'c', 'k', 'a', 'r', 'd', 't', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "burgers.io", true */ 'b', 'u', 'r', 'g', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "burghardt.pl", true */ 'b', 'u', 'r', 'g', 'h', 'a', 'r', 'd', 't', '.', 'p', 'l', '\0',
+  /* "buri.be", false */ 'b', 'u', 'r', 'i', '.', 'b', 'e', '\0',
+  /* "buricloud.fr", true */ 'b', 'u', 'r', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'f', 'r', '\0',
+  /* "burke.services", true */ 'b', 'u', 'r', 'k', 'e', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "burlapsac.ca", true */ 'b', 'u', 'r', 'l', 'a', 'p', 's', 'a', 'c', '.', 'c', 'a', '\0',
+  /* "burnerfitness.com", true */ 'b', 'u', 'r', 'n', 'e', 'r', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "burnhamonseabouncycastles.co.uk", true */ 'b', 'u', 'r', 'n', 'h', 'a', 'm', 'o', 'n', 's', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "burningbird.net", true */ 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'b', 'i', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "burningflipside.com", false */ 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'f', 'l', 'i', 'p', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "burntfish.com", true */ 'b', 'u', 'r', 'n', 't', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "burnworks.com", true */ 'b', 'u', 'r', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buronwater.com", true */ 'b', 'u', 'r', 'o', 'n', 'w', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "burr.is", true */ 'b', 'u', 'r', 'r', '.', 'i', 's', '\0',
+  /* "burroughsid.com", true */ 'b', 'u', 'r', 'r', 'o', 'u', 'g', 'h', 's', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bursaries-southafrica.co.za", true */ 'b', 'u', 'r', 's', 'a', 'r', 'i', 'e', 's', '-', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "burtrum.family", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "burtrum.me", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'm', 'e', '\0',
+  /* "burtrum.name", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "burtrum.org", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "burzmali.com", true */ 'b', 'u', 'r', 'z', 'm', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "buserror.cn", true */ 'b', 'u', 's', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'n', '\0',
+  /* "bushbaby.com", true */ 'b', 'u', 's', 'h', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bushcraftfriends.com", true */ 'b', 'u', 's', 'h', 'c', 'r', 'a', 'f', 't', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "busindre.com", true */ 'b', 'u', 's', 'i', 'n', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "business-garden.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "business.facebook.com", false */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "businessadviceperth.com.au", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'a', 'd', 'v', 'i', 'c', 'e', 'p', 'e', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "businessamongus.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'a', 'm', 'o', 'n', 'g', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "businesscentermarin.ch", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', 'm', 'a', 'r', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "businessesdirectory.eu", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'e', 's', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'e', 'u', '\0',
+  /* "businessetmarketing.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'e', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "businessimmigration-eu.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '-', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "businessimmigration-eu.ru", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '-', 'e', 'u', '.', 'r', 'u', '\0',
+  /* "bustadice.com", true */ 'b', 'u', 's', 't', 'a', 'd', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bustimes.org", true */ 'b', 'u', 's', 't', 'i', 'm', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bustup-tips.com", true */ 'b', 'u', 's', 't', 'u', 'p', '-', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "butarque.es", true */ 'b', 'u', 't', 'a', 'r', 'q', 'u', 'e', '.', 'e', 's', '\0',
+  /* "buthowdoyoubuygroceries.com", true */ 'b', 'u', 't', 'h', 'o', 'w', 'd', 'o', 'y', 'o', 'u', 'b', 'u', 'y', 'g', 'r', 'o', 'c', 'e', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "butikvip.ru", true */ 'b', 'u', 't', 'i', 'k', 'v', 'i', 'p', '.', 'r', 'u', '\0',
+  /* "butt.repair", true */ 'b', 'u', 't', 't', '.', 'r', 'e', 'p', 'a', 'i', 'r', '\0',
+  /* "buttercupstraining.co.uk", true */ 'b', 'u', 't', 't', 'e', 'r', 'c', 'u', 'p', 's', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "buttermilk.cf", true */ 'b', 'u', 't', 't', 'e', 'r', 'm', 'i', 'l', 'k', '.', 'c', 'f', '\0',
+  /* "buttonline.ch", true */ 'b', 'u', 't', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "buturyu.net", true */ 'b', 'u', 't', 'u', 'r', 'y', 'u', '.', 'n', 'e', 't', '\0',
+  /* "buturyu.org", true */ 'b', 'u', 't', 'u', 'r', 'y', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "buxum-communication.ch", true */ 'b', 'u', 'x', 'u', 'm', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "buy-thing.com", true */ 'b', 'u', 'y', '-', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "buyaccessible.gov", true */ 'b', 'u', 'y', 'a', 'c', 'c', 'e', 's', 's', 'i', 'b', 'l', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "buydesired.com", true */ 'b', 'u', 'y', 'd', 'e', 's', 'i', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "buydissertations.com", true */ 'b', 'u', 'y', 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buyerdocs.com", true */ 'b', 'u', 'y', 'e', 'r', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buyessay.org", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "buyessays.net", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "buyessayscheap.com", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', 's', 'c', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "buyharpoon.com", true */ 'b', 'u', 'y', 'h', 'a', 'r', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "buyinginvestmentproperty.com", true */ 'b', 'u', 'y', 'i', 'n', 'g', 'i', 'n', 'v', 'e', 's', 't', 'm', 'e', 'n', 't', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "buymindhack.com", true */ 'b', 'u', 'y', 'm', 'i', 'n', 'd', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "buypapercheap.net", true */ 'b', 'u', 'y', 'p', 'a', 'p', 'e', 'r', 'c', 'h', 'e', 'a', 'p', '.', 'n', 'e', 't', '\0',
+  /* "buyseo.store", true */ 'b', 'u', 'y', 's', 'e', 'o', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "buytheway.co.za", true */ 'b', 'u', 'y', 't', 'h', 'e', 'w', 'a', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "buzz.tools", true */ 'b', 'u', 'z', 'z', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "buzzconf.io", true */ 'b', 'u', 'z', 'z', 'c', 'o', 'n', 'f', '.', 'i', 'o', '\0',
+  /* "buzzdeck.com", true */ 'b', 'u', 'z', 'z', 'd', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "buzzprint.it", true */ 'b', 'u', 'z', 'z', 'p', 'r', 'i', 'n', 't', '.', 'i', 't', '\0',
+  /* "bvalle.com", true */ 'b', 'v', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bvionline.eu", true */ 'b', 'v', 'i', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "bvl.aero", true */ 'b', 'v', 'l', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "bvv-europe.eu", true */ 'b', 'v', 'v', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0',
+  /* "bw.codes", true */ 'b', 'w', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "bwcscorecard.org", true */ 'b', 'w', 'c', 's', 'c', 'o', 'r', 'e', 'c', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bwh1.net", true */ 'b', 'w', 'h', '1', '.', 'n', 'e', 't', '\0',
+  /* "bwilkinson.co.uk", true */ 'b', 'w', 'i', 'l', 'k', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bws16.de", true */ 'b', 'w', 's', '1', '6', '.', 'd', 'e', '\0',
+  /* "bwwb.nu", true */ 'b', 'w', 'w', 'b', '.', 'n', 'u', '\0',
+  /* "bx-n.de", true */ 'b', 'x', '-', 'n', '.', 'd', 'e', '\0',
+  /* "bxdev.me", true */ 'b', 'x', 'd', 'e', 'v', '.', 'm', 'e', '\0',
+  /* "bxp40.at", true */ 'b', 'x', 'p', '4', '0', '.', 'a', 't', '\0',
+  /* "by1896.com", true */ 'b', 'y', '1', '8', '9', '6', '.', 'c', 'o', 'm', '\0',
+  /* "by1899.com", true */ 'b', 'y', '1', '8', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "by77.com", true */ 'b', 'y', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "by777.com", true */ 'b', 'y', '7', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "byatte.com", true */ 'b', 'y', 'a', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "byeskille.no", true */ 'b', 'y', 'e', 's', 'k', 'i', 'l', 'l', 'e', '.', 'n', 'o', '\0',
+  /* "bygningsregistrering.dk", true */ 'b', 'y', 'g', 'n', 'i', 'n', 'g', 's', 'r', 'e', 'g', 'i', 's', 't', 'r', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'k', '\0',
+  /* "byiu.info", true */ 'b', 'y', 'i', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "byken.cn", true */ 'b', 'y', 'k', 'e', 'n', '.', 'c', 'n', '\0',
+  /* "bymark.co", true */ 'b', 'y', 'm', 'a', 'r', 'k', '.', 'c', 'o', '\0',
+  /* "bymike.co", true */ 'b', 'y', 'm', 'i', 'k', 'e', '.', 'c', 'o', '\0',
+  /* "bynder.com", true */ 'b', 'y', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bypass.sh", true */ 'b', 'y', 'p', 'a', 's', 's', '.', 's', 'h', '\0',
+  /* "byrko.cz", true */ 'b', 'y', 'r', 'k', 'o', '.', 'c', 'z', '\0',
+  /* "byrko.sk", true */ 'b', 'y', 'r', 'k', 'o', '.', 's', 'k', '\0',
+  /* "byronr.com", true */ 'b', 'y', 'r', 'o', 'n', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "byronwade.com", true */ 'b', 'y', 'r', 'o', 'n', 'w', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "byrtz.de", true */ 'b', 'y', 'r', 't', 'z', '.', 'd', 'e', '\0',
+  /* "byte-time.com", true */ 'b', 'y', 't', 'e', '-', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bytearts.net", true */ 'b', 'y', 't', 'e', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "bytebucket.org", true */ 'b', 'y', 't', 'e', 'b', 'u', 'c', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "bytecode.no", true */ 'b', 'y', 't', 'e', 'c', 'o', 'd', 'e', '.', 'n', 'o', '\0',
+  /* "bytejail.com", true */ 'b', 'y', 't', 'e', 'j', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bytema.cz", true */ 'b', 'y', 't', 'e', 'm', 'a', '.', 'c', 'z', '\0',
+  /* "bytema.re", true */ 'b', 'y', 't', 'e', 'm', 'a', '.', 'r', 'e', '\0',
+  /* "byteowls.com", false */ 'b', 'y', 't', 'e', 'o', 'w', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bytes.fyi", true */ 'b', 'y', 't', 'e', 's', '.', 'f', 'y', 'i', '\0',
+  /* "bytesatwork.de", true */ 'b', 'y', 't', 'e', 's', 'a', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "byteshark.org", true */ 'b', 'y', 't', 'e', 's', 'h', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "bytesizedalex.com", true */ 'b', 'y', 't', 'e', 's', 'i', 'z', 'e', 'd', 'a', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bytesofcode.de", true */ 'b', 'y', 't', 'e', 's', 'o', 'f', 'c', 'o', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "bytesunlimited.com", true */ 'b', 'y', 't', 'e', 's', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bytesystems.com", true */ 'b', 'y', 't', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "byteturtle.eu", true */ 'b', 'y', 't', 'e', 't', 'u', 'r', 't', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "bythisverse.com", true */ 'b', 'y', 't', 'h', 'i', 's', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "byvshie.com", true */ 'b', 'y', 'v', 's', 'h', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bziaks.xyz", true */ 'b', 'z', 'i', 'a', 'k', 's', '.', 'x', 'y', 'z', '\0',
+  /* "bzsparks.com", true */ 'b', 'z', 's', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bztech.com.br", true */ 'b', 'z', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bzv-fr.eu", true */ 'b', 'z', 'v', '-', 'f', 'r', '.', 'e', 'u', '\0',
+  /* "c-aeroconsult.com", true */ 'c', '-', 'a', 'e', 'r', 'o', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "c-path.org", true */ 'c', '-', 'p', 'a', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "c-rom.fr", true */ 'c', '-', 'r', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "c-rtx.com", true */ 'c', '-', 'r', 't', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "c-shock.org", true */ 'c', '-', 's', 'h', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "c-webdesign.net", true */ 'c', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'n', 'e', 't', '\0',
+  /* "c-world.co.uk", true */ 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "c.cc", true */ 'c', '.', 'c', 'c', '\0',
+  /* "c2design.it", true */ 'c', '2', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 't', '\0',
+  /* "c2o-library.net", true */ 'c', '2', 'o', '-', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "c2o2.xyz", true */ 'c', '2', 'o', '2', '.', 'x', 'y', 'z', '\0',
+  /* "c3ie.com", true */ 'c', '3', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "c3vo.de", true */ 'c', '3', 'v', 'o', '.', 'd', 'e', '\0',
+  /* "c3w.at", true */ 'c', '3', 'w', '.', 'a', 't', '\0',
+  /* "c4.hk", true */ 'c', '4', '.', 'h', 'k', '\0',
+  /* "c4539.com", true */ 'c', '4', '5', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "c4k3.net", true */ 'c', '4', 'k', '3', '.', 'n', 'e', 't', '\0',
+  /* "c7dn.com", true */ 'c', '7', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ca-key.de", true */ 'c', 'a', '-', 'k', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "ca-terminal-multiservices.fr", true */ 'c', 'a', '-', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '-', 'm', 'u', 'l', 't', 'i', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'f', 'r', '\0',
+  /* "ca.gparent.org", true */ 'c', 'a', '.', 'g', 'p', 'a', 'r', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ca.search.yahoo.com", false */ 'c', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ca5.de", true */ 'c', 'a', '5', '.', 'd', 'e', '\0',
+  /* "caasd.org", true */ 'c', 'a', 'a', 's', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "cabaladada.org", true */ 'c', 'a', 'b', 'a', 'l', 'a', 'd', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cabarave.com", true */ 'c', 'a', 'b', 'a', 'r', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cabforum.org", true */ 'c', 'a', 'b', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "cablemod.com", true */ 'c', 'a', 'b', 'l', 'e', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cablesandkits.com", true */ 'c', 'a', 'b', 'l', 'e', 's', 'a', 'n', 'd', 'k', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cabotfinancial.co.uk", true */ 'c', 'a', 'b', 'o', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cacao-chocolate.com", true */ 'c', 'a', 'c', 'a', 'o', '-', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cacao.supply", true */ 'c', 'a', 'c', 'a', 'o', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "cacaolalina.com", true */ 'c', 'a', 'c', 'a', 'o', 'l', 'a', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cacaumidade.com.br", true */ 'c', 'a', 'c', 'a', 'u', 'm', 'i', 'd', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caceis.bank", true */ 'c', 'a', 'c', 'e', 'i', 's', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "cachetagalong.com", true */ 'c', 'a', 'c', 'h', 'e', 't', 'a', 'g', 'a', 'l', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cachethq.io", true */ 'c', 'a', 'c', 'h', 'e', 't', 'h', 'q', '.', 'i', 'o', '\0',
+  /* "cackette.com", true */ 'c', 'a', 'c', 'k', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cadenadg.gr", true */ 'c', 'a', 'd', 'e', 'n', 'a', 'd', 'g', '.', 'g', 'r', '\0',
+  /* "cadetsge.ch", true */ 'c', 'a', 'd', 'e', 't', 's', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "cadmail.nl", true */ 'c', 'a', 'd', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "cadman.pw", true */ 'c', 'a', 'd', 'm', 'a', 'n', '.', 'p', 'w', '\0',
+  /* "cadooz.com", true */ 'c', 'a', 'd', 'o', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "cadorama.fr", true */ 'c', 'a', 'd', 'o', 'r', 'a', 'm', 'a', '.', 'f', 'r', '\0',
+  /* "cadoth.net", true */ 'c', 'a', 'd', 'o', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "cadsys.net", true */ 'c', 'a', 'd', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "cadusilva.com", true */ 'c', 'a', 'd', 'u', 's', 'i', 'l', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "caerostris.com", true */ 'c', 'a', 'e', 'r', 'o', 's', 't', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "caesarkabalan.com", true */ 'c', 'a', 'e', 's', 'a', 'r', 'k', 'a', 'b', 'a', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cafechesscourt.com", true */ 'c', 'a', 'f', 'e', 'c', 'h', 'e', 's', 's', 'c', 'o', 'u', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cafefresco.pe", true */ 'c', 'a', 'f', 'e', 'f', 'r', 'e', 's', 'c', 'o', '.', 'p', 'e', '\0',
+  /* "cafelandia.net", true */ 'c', 'a', 'f', 'e', 'l', 'a', 'n', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cafeobscura.nl", true */ 'c', 'a', 'f', 'e', 'o', 'b', 's', 'c', 'u', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "caferagazzi.de", true */ 'c', 'a', 'f', 'e', 'r', 'a', 'g', 'a', 'z', 'z', 'i', '.', 'd', 'e', '\0',
+  /* "caffeinatedcode.com", true */ 'c', 'a', 'f', 'f', 'e', 'i', 'n', 'a', 't', 'e', 'd', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cainhosting.com", false */ 'c', 'a', 'i', 'n', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cairnterrier.com.br", true */ 'c', 'a', 'i', 'r', 'n', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cais.de", true */ 'c', 'a', 'i', 's', '.', 'd', 'e', '\0',
+  /* "caitcs.com", true */ 'c', 'a', 'i', 't', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "caizx.com", false */ 'c', 'a', 'i', 'z', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "caja-pdf.es", true */ 'c', 'a', 'j', 'a', '-', 'p', 'd', 'f', '.', 'e', 's', '\0',
+  /* "cajunuk.co.uk", true */ 'c', 'a', 'j', 'u', 'n', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cake-time.co.uk", true */ 'c', 'a', 'k', 'e', '-', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cakestart.net", true */ 'c', 'a', 'k', 'e', 's', 't', 'a', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "caketoindia.com", true */ 'c', 'a', 'k', 'e', 't', 'o', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cakingandbaking.com", true */ 'c', 'a', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'b', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cal.goip.de", true */ 'c', 'a', 'l', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "cal9000.com", true */ 'c', 'a', 'l', '9', '0', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "calaad.net", true */ 'c', 'a', 'l', 'a', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "calabasaselectrical.com", true */ 'c', 'a', 'l', 'a', 'b', 'a', 's', 'a', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "calaborlawnews.com", true */ 'c', 'a', 'l', 'a', 'b', 'o', 'r', 'l', 'a', 'w', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "calafont.cat", true */ 'c', 'a', 'l', 'a', 'f', 'o', 'n', 't', '.', 'c', 'a', 't', '\0',
+  /* "calc.pw", true */ 'c', 'a', 'l', 'c', '.', 'p', 'w', '\0',
+  /* "calculator-imt.com", true */ 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '-', 'i', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "calculator.tf", true */ 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 't', 'f', '\0',
+  /* "calcworkshop.com", true */ 'c', 'a', 'l', 'c', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "caldecotevillagehall.co.uk", true */ 'c', 'a', 'l', 'd', 'e', 'c', 'o', 't', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'h', 'a', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "calebmorris.com", false */ 'c', 'a', 'l', 'e', 'b', 'm', 'o', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "calendarr.com", true */ 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "calendarsnow.com", true */ 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "caletka.cz", true */ 'c', 'a', 'l', 'e', 't', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "calgoty.com", true */ 'c', 'a', 'l', 'g', 'o', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "calibreapp.com", true */ 'c', 'a', 'l', 'i', 'b', 'r', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "calibso.net", true */ 'c', 'a', 'l', 'i', 'b', 's', 'o', '.', 'n', 'e', 't', '\0',
+  /* "caliderumba.com", true */ 'c', 'a', 'l', 'i', 'd', 'e', 'r', 'u', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "calidoinvierno.com", true */ 'c', 'a', 'l', 'i', 'd', 'o', 'i', 'n', 'v', 'i', 'e', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "calixte-concept.fr", true */ 'c', 'a', 'l', 'i', 'x', 't', 'e', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'f', 'r', '\0',
+  /* "call.me", true */ 'c', 'a', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "callear.org", true */ 'c', 'a', 'l', 'l', 'e', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "calleveryday.com", true */ 'c', 'a', 'l', 'l', 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "callhub.io", true */ 'c', 'a', 'l', 'l', 'h', 'u', 'b', '.', 'i', 'o', '\0',
+  /* "callision.com", true */ 'c', 'a', 'l', 'l', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "calltoar.ms", true */ 'c', 'a', 'l', 'l', 't', 'o', 'a', 'r', '.', 'm', 's', '\0',
+  /* "calmtech.com", true */ 'c', 'a', 'l', 'm', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "calories.org", true */ 'c', 'a', 'l', 'o', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "calotte-academy.com", true */ 'c', 'a', 'l', 'o', 't', 't', 'e', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "calvin.my", true */ 'c', 'a', 'l', 'v', 'i', 'n', '.', 'm', 'y', '\0',
+  /* "calypso-tour.net", true */ 'c', 'a', 'l', 'y', 'p', 's', 'o', '-', 't', 'o', 'u', 'r', '.', 'n', 'e', 't', '\0',
+  /* "calyxengineers.com", true */ 'c', 'a', 'l', 'y', 'x', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "calyxinstitute.org", false */ 'c', 'a', 'l', 'y', 'x', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "camaradivisas.com", true */ 'c', 'a', 'm', 'a', 'r', 'a', 'd', 'i', 'v', 'i', 's', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "camaras.uno", true */ 'c', 'a', 'm', 'a', 'r', 'a', 's', '.', 'u', 'n', 'o', '\0',
+  /* "camarilloelectrical.com", true */ 'c', 'a', 'm', 'a', 'r', 'i', 'l', 'l', 'o', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "camaya.net", true */ 'c', 'a', 'm', 'a', 'y', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cambier.org", true */ 'c', 'a', 'm', 'b', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "cambiowatch.ch", true */ 'c', 'a', 'm', 'b', 'i', 'o', 'w', 'a', 't', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "cambodian.dating", true */ 'c', 'a', 'm', 'b', 'o', 'd', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "cambridgebouncers.co.uk", true */ 'c', 'a', 'm', 'b', 'r', 'i', 'd', 'g', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "camconn.cc", true */ 'c', 'a', 'm', 'c', 'o', 'n', 'n', '.', 'c', 'c', '\0',
+  /* "camel2243.com", true */ 'c', 'a', 'm', 'e', 'l', '2', '2', '4', '3', '.', 'c', 'o', 'm', '\0',
+  /* "cameraviva.com.br", true */ 'c', 'a', 'm', 'e', 'r', 'a', 'v', 'i', 'v', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "camerweb.es", true */ 'c', 'a', 'm', 'e', 'r', 'w', 'e', 'b', '.', 'e', 's', '\0',
+  /* "camilomodzz.net", true */ 'c', 'a', 'm', 'i', 'l', 'o', 'm', 'o', 'd', 'z', 'z', '.', 'n', 'e', 't', '\0',
+  /* "camp-pleinsoleil.ch", true */ 'c', 'a', 'm', 'p', '-', 'p', 'l', 'e', 'i', 'n', 's', 'o', 'l', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "camp.co.uk", true */ 'c', 'a', 'm', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "campaign-ad.com", true */ 'c', 'a', 'm', 'p', 'a', 'i', 'g', 'n', '-', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "campaign.gov.uk", true */ 'c', 'a', 'm', 'p', 'a', 'i', 'g', 'n', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "campbrainybunch.com", true */ 'c', 'a', 'm', 'p', 'b', 'r', 'a', 'i', 'n', 'y', 'b', 'u', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "campcambodia.org", true */ 'c', 'a', 'm', 'p', 'c', 'a', 'm', 'b', 'o', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "campcanada.org", true */ 'c', 'a', 'm', 'p', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "campeonatoalemao.com.br", true */ 'c', 'a', 'm', 'p', 'e', 'o', 'n', 'a', 't', 'o', 'a', 'l', 'e', 'm', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "camperdays.de", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'd', 'a', 'y', 's', '.', 'd', 'e', '\0',
+  /* "camperlist.com", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "campermanaustralia.com", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'm', 'a', 'n', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "campertrailerfinance.com.au", true */ 'c', 'a', 'm', 'p', 'e', 'r', 't', 'r', 'a', 'i', 'l', 'e', 'r', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "camperverzekerd.nl", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "campfiretails.org", true */ 'c', 'a', 'm', 'p', 'f', 'i', 'r', 'e', 't', 'a', 'i', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "campfourpaws.com", true */ 'c', 'a', 'm', 'p', 'f', 'o', 'u', 'r', 'p', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "campingdreams.com", true */ 'c', 'a', 'm', 'p', 'i', 'n', 'g', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "campistry.net", true */ 'c', 'a', 'm', 'p', 'i', 's', 't', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "campula.cz", true */ 'c', 'a', 'm', 'p', 'u', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "campus-cybersecurity.team", true */ 'c', 'a', 'm', 'p', 'u', 's', '-', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 't', 'e', 'a', 'm', '\0',
+  /* "campus-finance.com", true */ 'c', 'a', 'm', 'p', 'u', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "campuswire.com", true */ 'c', 'a', 'm', 'p', 'u', 's', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "campwabashi.org", true */ 'c', 'a', 'm', 'p', 'w', 'a', 'b', 'a', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "camsky.de", true */ 'c', 'a', 'm', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "canada-tourisme.ch", true */ 'c', 'a', 'n', 'a', 'd', 'a', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "canadalife.de", true */ 'c', 'a', 'n', 'a', 'd', 'a', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "canadasmotorcycle.ca", true */ 'c', 'a', 'n', 'a', 'd', 'a', 's', 'm', 'o', 't', 'o', 'r', 'c', 'y', 'c', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "canadian.dating", true */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "canadianchristianity.com", false */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "canadiantouristboard.com", true */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 't', 'o', 'u', 'r', 'i', 's', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "canalsidehouse.be", true */ 'c', 'a', 'n', 'a', 'l', 's', 'i', 'd', 'e', 'h', 'o', 'u', 's', 'e', '.', 'b', 'e', '\0',
+  /* "canalsidehouse.com", true */ 'c', 'a', 'n', 'a', 'l', 's', 'i', 'd', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "canarianlegalalliance.com", true */ 'c', 'a', 'n', 'a', 'r', 'i', 'a', 'n', 'l', 'e', 'g', 'a', 'l', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "canarymod.net", false */ 'c', 'a', 'n', 'a', 'r', 'y', 'm', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "cancerdata.nhs.uk", true */ 'c', 'a', 'n', 'c', 'e', 'r', 'd', 'a', 't', 'a', '.', 'n', 'h', 's', '.', 'u', 'k', '\0',
+  /* "candicecity.com", true */ 'c', 'a', 'n', 'd', 'i', 'c', 'e', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "candidasa.com", true */ 'c', 'a', 'n', 'd', 'i', 'd', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "candlcastles.co.uk", true */ 'c', 'a', 'n', 'd', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cando.eu", true */ 'c', 'a', 'n', 'd', 'o', '.', 'e', 'u', '\0',
+  /* "candy-it.de", true */ 'c', 'a', 'n', 'd', 'y', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "candykidsentertainment.co.uk", true */ 'c', 'a', 'n', 'd', 'y', 'k', 'i', 'd', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "candylion.rocks", true */ 'c', 'a', 'n', 'd', 'y', 'l', 'i', 'o', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "candyout.com", true */ 'c', 'a', 'n', 'd', 'y', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "canerkorkmaz.com", true */ 'c', 'a', 'n', 'e', 'r', 'k', 'o', 'r', 'k', 'm', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "canhazip.com", true */ 'c', 'a', 'n', 'h', 'a', 'z', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "canifis.net", true */ 'c', 'a', 'n', 'i', 'f', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "canihavesome.coffee", true */ 'c', 'a', 'n', 'i', 'h', 'a', 'v', 'e', 's', 'o', 'm', 'e', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "canlidoviz.com", true */ 'c', 'a', 'n', 'l', 'i', 'd', 'o', 'v', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "canmipai.com", true */ 'c', 'a', 'n', 'm', 'i', 'p', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cannabis-marijuana.com", true */ 'c', 'a', 'n', 'n', 'a', 'b', 'i', 's', '-', 'm', 'a', 'r', 'i', 'j', 'u', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cannarobotics.com", true */ 'c', 'a', 'n', 'n', 'a', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cannyfoxx.me", true */ 'c', 'a', 'n', 'n', 'y', 'f', 'o', 'x', 'x', '.', 'm', 'e', '\0',
+  /* "canoonic.se", true */ 'c', 'a', 'n', 'o', 'o', 'n', 'i', 'c', '.', 's', 'e', '\0',
+  /* "cantatio.ch", true */ 'c', 'a', 'n', 't', 'a', 't', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "canterberry.cc", true */ 'c', 'a', 'n', 't', 'e', 'r', 'b', 'e', 'r', 'r', 'y', '.', 'c', 'c', '\0',
+  /* "canterburybouncycastlehire.co.uk", true */ 'c', 'a', 'n', 't', 'e', 'r', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cantrack.com", true */ 'c', 'a', 'n', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "canva-dev.com", true */ 'c', 'a', 'n', 'v', 'a', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "canva.com", true */ 'c', 'a', 'n', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "canyoupwn.me", true */ 'c', 'a', 'n', 'y', 'o', 'u', 'p', 'w', 'n', '.', 'm', 'e', '\0',
+  /* "cao.gov", true */ 'c', 'a', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "cao.la", true */ 'c', 'a', 'o', '.', 'l', 'a', '\0',
+  /* "caodecristachines.com.br", true */ 'c', 'a', 'o', 'd', 'e', 'c', 'r', 'i', 's', 't', 'a', 'c', 'h', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caodesantohumberto.com.br", true */ 'c', 'a', 'o', 'd', 'e', 's', 'a', 'n', 't', 'o', 'h', 'u', 'm', 'b', 'e', 'r', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caoyu.info", true */ 'c', 'a', 'o', 'y', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "capacent.is", true */ 'c', 'a', 'p', 'a', 'c', 'e', 'n', 't', '.', 'i', 's', '\0',
+  /* "capachitos.cl", true */ 'c', 'a', 'p', 'a', 'c', 'h', 'i', 't', 'o', 's', '.', 'c', 'l', '\0',
+  /* "capacitacionyautoempleo.com", true */ 'c', 'a', 'p', 'a', 'c', 'i', 't', 'a', 'c', 'i', 'o', 'n', 'y', 'a', 'u', 't', 'o', 'e', 'm', 'p', 'l', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "capekeen.com", true */ 'c', 'a', 'p', 'e', 'k', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "capellidipremoli.com", true */ 'c', 'a', 'p', 'e', 'l', 'l', 'i', 'd', 'i', 'p', 'r', 'e', 'm', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "caphane.com", true */ 'c', 'a', 'p', 'h', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capimlimaoflores.com.br", true */ 'c', 'a', 'p', 'i', 'm', 'l', 'i', 'm', 'a', 'o', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "capitainebaggy.ch", true */ 'c', 'a', 'p', 'i', 't', 'a', 'i', 'n', 'e', 'b', 'a', 'g', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "capital-match.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', '-', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "capitalcap.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'c', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "capitalcollections.org.uk", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "capitalibre.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'i', 'b', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capitalism.party", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'i', 's', 'm', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "capitalonecardservice.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'o', 'n', 'e', 'c', 'a', 'r', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capitalp.jp", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'p', '.', 'j', 'p', '\0',
+  /* "capitalquadatv.org.nz", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'q', 'u', 'a', 'd', 'a', 't', 'v', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "capitaltg.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 't', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "capitolpathways.org", true */ 'c', 'a', 'p', 'i', 't', 'o', 'l', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "caplinbouncycastles.co.uk", true */ 'c', 'a', 'p', 'l', 'i', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "capper.de", true */ 'c', 'a', 'p', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "capriccio.to", true */ 'c', 'a', 'p', 'r', 'i', 'c', 'c', 'i', 'o', '.', 't', 'o', '\0',
+  /* "caprichosdevicky.com", true */ 'c', 'a', 'p', 'r', 'i', 'c', 'h', 'o', 's', 'd', 'e', 'v', 'i', 'c', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "capstansecurity.co.uk", true */ 'c', 'a', 'p', 's', 't', 'a', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "capstansecurity.com", true */ 'c', 'a', 'p', 's', 't', 'a', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "captalize.com", true */ 'c', 'a', 'p', 't', 'a', 'l', 'i', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capturapp.com", false */ 'c', 'a', 'p', 't', 'u', 'r', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "capture-app.com", true */ 'c', 'a', 'p', 't', 'u', 'r', 'e', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "captured-symphonies.com", true */ 'c', 'a', 'p', 't', 'u', 'r', 'e', 'd', '-', 's', 'y', 'm', 'p', 'h', 'o', 'n', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "capuchinox.com", true */ 'c', 'a', 'p', 'u', 'c', 'h', 'i', 'n', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "caputo.com", true */ 'c', 'a', 'p', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "caputodesign.com", true */ 'c', 'a', 'p', 'u', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "car-shop.top", true */ 'c', 'a', 'r', '-', 's', 'h', 'o', 'p', '.', 't', 'o', 'p', '\0',
+  /* "car.info", true */ 'c', 'a', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "car24.de", true */ 'c', 'a', 'r', '2', '4', '.', 'd', 'e', '\0',
+  /* "car24portal.de", true */ 'c', 'a', 'r', '2', '4', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "carauctionnetwork.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionsalabama.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'a', 'l', 'a', 'b', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionscarolina.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'c', 'a', 'r', 'o', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionsgeorgia.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionsillinois.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'i', 'l', 'l', 'i', 'n', 'o', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "carbon-designz.com", true */ 'c', 'a', 'r', 'b', 'o', 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "carbon12.org", true */ 'c', 'a', 'r', 'b', 'o', 'n', '1', '2', '.', 'o', 'r', 'g', '\0',
+  /* "carbon12.software", true */ 'c', 'a', 'r', 'b', 'o', 'n', '1', '2', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "carbonmade.com", false */ 'c', 'a', 'r', 'b', 'o', 'n', 'm', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "carbono.uy", true */ 'c', 'a', 'r', 'b', 'o', 'n', 'o', '.', 'u', 'y', '\0',
+  /* "carck.co.uk", true */ 'c', 'a', 'r', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "carck.uk", true */ 'c', 'a', 'r', 'c', 'k', '.', 'u', 'k', '\0',
+  /* "card-cashing.com", true */ 'c', 'a', 'r', 'd', '-', 'c', 'a', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "carddreams.be", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'b', 'e', '\0',
+  /* "carddreams.de", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'd', 'e', '\0',
+  /* "carddreams.es", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'e', 's', '\0',
+  /* "carddreams.nl", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'n', 'l', '\0',
+  /* "cardelmar.com", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cardelmar.de", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "cardelmar.es", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'e', 's', '\0',
+  /* "cardranking.jp", true */ 'c', 'a', 'r', 'd', 'r', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'j', 'p', '\0',
+  /* "cardrecovery.fr", true */ 'c', 'a', 'r', 'd', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'f', 'r', '\0',
+  /* "cardxl.be", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'b', 'e', '\0',
+  /* "cardxl.de", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'd', 'e', '\0',
+  /* "cardxl.fr", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'f', 'r', '\0',
+  /* "cardxl.nl", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'n', 'l', '\0',
+  /* "care4all.com", true */ 'c', 'a', 'r', 'e', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "careeapp.com", true */ 'c', 'a', 'r', 'e', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "careeroptionscoach.com", true */ 'c', 'a', 'r', 'e', 'e', 'r', 'o', 'p', 't', 'i', 'o', 'n', 's', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "carefour.nl", true */ 'c', 'a', 'r', 'e', 'f', 'o', 'u', 'r', '.', 'n', 'l', '\0',
+  /* "caremad.io", true */ 'c', 'a', 'r', 'e', 'm', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "careplasticsurgery.com", true */ 'c', 'a', 'r', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "caretta.co.uk", true */ 'c', 'a', 'r', 'e', 't', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "carey.bio", true */ 'c', 'a', 'r', 'e', 'y', '.', 'b', 'i', 'o', '\0',
+  /* "carey.li", true */ 'c', 'a', 'r', 'e', 'y', '.', 'l', 'i', '\0',
+  /* "careyshop.cn", true */ 'c', 'a', 'r', 'e', 'y', 's', 'h', 'o', 'p', '.', 'c', 'n', '\0',
+  /* "carezone.com", false */ 'c', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cargobay.net", true */ 'c', 'a', 'r', 'g', 'o', 'b', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "caribbean.dating", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "caribbeanarthritisfoundation.org", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', 'a', 'r', 't', 'h', 'r', 'i', 't', 'i', 's', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "caribbeanexams.com", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', 'e', 'x', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "carif-idf.net", true */ 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "carif-idf.org", true */ 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "carigami.fr", true */ 'c', 'a', 'r', 'i', 'g', 'a', 'm', 'i', '.', 'f', 'r', '\0',
+  /* "carinsurance.es", true */ 'c', 'a', 'r', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'e', 's', '\0',
+  /* "cariocacooking.com", true */ 'c', 'a', 'r', 'i', 'o', 'c', 'a', 'c', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "carisenda.com", true */ 'c', 'a', 'r', 'i', 's', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carlandfaith.com", true */ 'c', 'a', 'r', 'l', 'a', 'n', 'd', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "carlgo11.com", true */ 'c', 'a', 'r', 'l', 'g', 'o', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "carlife-at.jp", true */ 'c', 'a', 'r', 'l', 'i', 'f', 'e', '-', 'a', 't', '.', 'j', 'p', '\0',
+  /* "carlili.fr", true */ 'c', 'a', 'r', 'l', 'i', 'l', 'i', '.', 'f', 'r', '\0',
+  /* "carlingfordapartments.com.au", true */ 'c', 'a', 'r', 'l', 'i', 'n', 'g', 'f', 'o', 'r', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "carlmjohnson.net", true */ 'c', 'a', 'r', 'l', 'm', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "carloshmm.com", true */ 'c', 'a', 'r', 'l', 'o', 's', 'h', 'm', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "carlosjeurissen.com", true */ 'c', 'a', 'r', 'l', 'o', 's', 'j', 'e', 'u', 'r', 'i', 's', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "carlsbouncycastlesandhottubs.co.uk", true */ 'c', 'a', 'r', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'a', 'n', 'd', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "carnaticalifornia.com", true */ 'c', 'a', 'r', 'n', 'a', 't', 'i', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carnet-du-voyageur.com", true */ 'c', 'a', 'r', 'n', 'e', 't', '-', 'd', 'u', '-', 'v', 'o', 'y', 'a', 'g', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "carnildo.com", true */ 'c', 'a', 'r', 'n', 'i', 'l', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "caroes.be", true */ 'c', 'a', 'r', 'o', 'e', 's', '.', 'b', 'e', '\0',
+  /* "carol-lambert.com", true */ 'c', 'a', 'r', 'o', 'l', '-', 'l', 'a', 'm', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "carolcappelletti.com", true */ 'c', 'a', 'r', 'o', 'l', 'c', 'a', 'p', 'p', 'e', 'l', 'l', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "carolcestas.com", true */ 'c', 'a', 'r', 'o', 'l', 'c', 'e', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "caroli.biz", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "caroli.com", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "caroli.info", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "caroli.name", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "caroli.net", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "carolynjoyce.com.au", true */ 'c', 'a', 'r', 'o', 'l', 'y', 'n', 'j', 'o', 'y', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "carrando.com", true */ 'c', 'a', 'r', 'r', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "carrando.de", true */ 'c', 'a', 'r', 'r', 'a', 'n', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "carre-lutz.com", true */ 'c', 'a', 'r', 'r', 'e', '-', 'l', 'u', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "carredejardin.com", true */ 'c', 'a', 'r', 'r', 'e', 'd', 'e', 'j', 'a', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "carriedin.com", true */ 'c', 'a', 'r', 'r', 'i', 'e', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "carrierplatform.com", true */ 'c', 'a', 'r', 'r', 'i', 'e', 'r', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "carringtonrealtygroup.com", true */ 'c', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'r', 'e', 'a', 'l', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "carson-aviation-adventures.com", true */ 'c', 'a', 'r', 's', 'o', 'n', '-', 'a', 'v', 'i', 'a', 't', 'i', 'o', 'n', '-', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "carsten.pw", true */ 'c', 'a', 'r', 's', 't', 'e', 'n', '.', 'p', 'w', '\0',
+  /* "carteirasedistintivos.com.br", true */ 'c', 'a', 'r', 't', 'e', 'i', 'r', 'a', 's', 'e', 'd', 'i', 's', 't', 'i', 'n', 't', 'i', 'v', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cartelcircuit.com", true */ 'c', 'a', 'r', 't', 'e', 'l', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "carterorland.com", true */ 'c', 'a', 'r', 't', 'e', 'r', 'o', 'r', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cartertonscouts.org.nz", true */ 'c', 'a', 'r', 't', 'e', 'r', 't', 'o', 'n', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "cartesentreprises-unicef.fr", true */ 'c', 'a', 'r', 't', 'e', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '-', 'u', 'n', 'i', 'c', 'e', 'f', '.', 'f', 'r', '\0',
+  /* "carthedral.com", true */ 'c', 'a', 'r', 't', 'h', 'e', 'd', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "carto.la", true */ 'c', 'a', 'r', 't', 'o', '.', 'l', 'a', '\0',
+  /* "cartooncastles.ie", true */ 'c', 'a', 'r', 't', 'o', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "cartouche24.eu", true */ 'c', 'a', 'r', 't', 'o', 'u', 'c', 'h', 'e', '2', '4', '.', 'e', 'u', '\0',
+  /* "cartucce24.it", true */ 'c', 'a', 'r', 't', 'u', 'c', 'c', 'e', '2', '4', '.', 'i', 't', '\0',
+  /* "carusorealestate.com", true */ 'c', 'a', 'r', 'u', 's', 'o', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "casa-due-pur.com", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '-', 'p', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "casa-due-pur.de", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '-', 'p', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "casa-due.com", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "casa-mea-inteligenta.ro", true */ 'c', 'a', 's', 'a', '-', 'm', 'e', 'a', '-', 'i', 'n', 't', 'e', 'l', 'i', 'g', 'e', 'n', 't', 'a', '.', 'r', 'o', '\0',
+  /* "casa-su.casa", true */ 'c', 'a', 's', 'a', '-', 's', 'u', '.', 'c', 'a', 's', 'a', '\0',
+  /* "casadoarbitro.com.br", true */ 'c', 'a', 's', 'a', 'd', 'o', 'a', 'r', 'b', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casadowifi.com.br", true */ 'c', 'a', 's', 'a', 'd', 'o', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casajardininsecticidas.com", true */ 'c', 'a', 's', 'a', 'j', 'a', 'r', 'd', 'i', 'n', 'i', 'n', 's', 'e', 'c', 't', 'i', 'c', 'i', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "casalindamex.com", true */ 'c', 'a', 's', 'a', 'l', 'i', 'n', 'd', 'a', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "casamariposaspi.com", true */ 'c', 'a', 's', 'a', 'm', 'a', 'r', 'i', 'p', 'o', 's', 'a', 's', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "casamorelli.com.br", true */ 'c', 'a', 's', 'a', 'm', 'o', 'r', 'e', 'l', 'l', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casapalla.com.br", true */ 'c', 'a', 's', 'a', 'p', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casasuara.com", true */ 'c', 'a', 's', 'a', 's', 'u', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "casasuleletrodomesticos.com.br", true */ 'c', 'a', 's', 'a', 's', 'u', 'l', 'e', 'l', 'e', 't', 'r', 'o', 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casbia.info", true */ 'c', 'a', 's', 'b', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "casbuijs.nl", true */ 'c', 'a', 's', 'b', 'u', 'i', 'j', 's', '.', 'n', 'l', '\0',
+  /* "casburggraaf.com", true */ 'c', 'a', 's', 'b', 'u', 'r', 'g', 'g', 'r', 'a', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "casecurity.org", true */ 'c', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "cash-4x4.com", true */ 'c', 'a', 's', 'h', '-', '4', 'x', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cashati.com", true */ 'c', 'a', 's', 'h', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cashew3d.com", true */ 'c', 'a', 's', 'h', 'e', 'w', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cashfortulsahouses.com", true */ 'c', 'a', 's', 'h', 'f', 'o', 'r', 't', 'u', 'l', 's', 'a', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cashless.fr", true */ 'c', 'a', 's', 'h', 'l', 'e', 's', 's', '.', 'f', 'r', '\0',
+  /* "cashlink.de", true */ 'c', 'a', 's', 'h', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "cashlink.io", true */ 'c', 'a', 's', 'h', 'l', 'i', 'n', 'k', '.', 'i', 'o', '\0',
+  /* "cashlogic.ch", true */ 'c', 'a', 's', 'h', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "cashmaxtexas.com", true */ 'c', 'a', 's', 'h', 'm', 'a', 'x', 't', 'e', 'x', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cashplk.com", true */ 'c', 'a', 's', 'h', 'p', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "casinolegal.pt", true */ 'c', 'a', 's', 'i', 'n', 'o', 'l', 'e', 'g', 'a', 'l', '.', 'p', 't', '\0',
+  /* "casinolistings.com", true */ 'c', 'a', 's', 'i', 'n', 'o', 'l', 'i', 's', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "casjay.cloud", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "casjay.com", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "casjay.info", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "casjay.us", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'u', 's', '\0',
+  /* "casjaygames.com", true */ 'c', 'a', 's', 'j', 'a', 'y', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "casperpanel.com", true */ 'c', 'a', 's', 'p', 'e', 'r', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "caspicards.com", true */ 'c', 'a', 's', 'p', 'i', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cassimo.com", true */ 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "castible.de", true */ 'c', 'a', 's', 't', 'i', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "castlecapers.com.au", true */ 'c', 'a', 's', 't', 'l', 'e', 'c', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "castlecms.io", true */ 'c', 'a', 's', 't', 'l', 'e', 'c', 'm', 's', '.', 'i', 'o', '\0',
+  /* "castlejackpot.com", true */ 'c', 'a', 's', 't', 'l', 'e', 'j', 'a', 'c', 'k', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "castleking.net", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "castlekingdomstockport.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 'd', 'o', 'm', 's', 't', 'o', 'c', 'k', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castlekingkent.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 'k', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castleparty.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castles-in-the-sky.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '-', 'i', 'n', '-', 't', 'h', 'e', '-', 's', 'k', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castles4kidz.com", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '4', 'k', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "castles4rascalsiow.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '4', 'r', 'a', 's', 'c', 'a', 'l', 's', 'i', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castlesrus-kent.com", true */ 'c', 'a', 's', 't', 'l', 'e', 's', 'r', 'u', 's', '-', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "castleswa.com.au", true */ 'c', 'a', 's', 't', 'l', 'e', 's', 'w', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cat-blum.com", true */ 'c', 'a', 't', '-', 'b', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cat-box.de", true */ 'c', 'a', 't', '-', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "cat.net", true */ 'c', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "catalog.beer", true */ 'c', 'a', 't', 'a', 'l', 'o', 'g', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "catalogoreina.com", true */ 'c', 'a', 't', 'a', 'l', 'o', 'g', 'o', 'r', 'e', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "catbold.space", true */ 'c', 'a', 't', 'b', 'o', 'l', 'd', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "catbull.com", true */ 'c', 'a', 't', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "catburton.co.uk", true */ 'c', 'a', 't', 'b', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "catchersgear.com", true */ 'c', 'a', 't', 'c', 'h', 'e', 'r', 's', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "catchfotografie.nl", true */ 'c', 'a', 't', 'c', 'h', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "catchief.com", true */ 'c', 'a', 't', 'c', 'h', 'i', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "catcontent.cloud", true */ 'c', 'a', 't', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "catdecor.ru", true */ 'c', 'a', 't', 'd', 'e', 'c', 'o', 'r', '.', 'r', 'u', '\0',
+  /* "catenacondos.com", true */ 'c', 'a', 't', 'e', 'n', 'a', 'c', 'o', 'n', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "catgirl.me", true */ 'c', 'a', 't', 'g', 'i', 'r', 'l', '.', 'm', 'e', '\0',
+  /* "catgirl.pics", true */ 'c', 'a', 't', 'g', 'i', 'r', 'l', '.', 'p', 'i', 'c', 's', '\0',
+  /* "catharinesomerville.com", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 'n', 'e', 's', 'o', 'm', 'e', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "catharisme.eu", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'e', 'u', '\0',
+  /* "catharisme.net", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "catharisme.org", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "catherineidylle.com", true */ 'c', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'e', 'i', 'd', 'y', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "catherinescastles.co.uk", true */ 'c', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "catholics.dating", true */ 'c', 'a', 't', 'h', 'o', 'l', 'i', 'c', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "cathosa.nl", true */ 'c', 'a', 't', 'h', 'o', 's', 'a', '.', 'n', 'l', '\0',
+  /* "cativa.net", true */ 'c', 'a', 't', 'i', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "catmoose.ca", true */ 'c', 'a', 't', 'm', 'o', 'o', 's', 'e', '.', 'c', 'a', '\0',
+  /* "catnet.dk", false */ 'c', 'a', 't', 'n', 'e', 't', '.', 'd', 'k', '\0',
+  /* "catnmeow.com", true */ 'c', 'a', 't', 'n', 'm', 'e', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "cattivo.nl", false */ 'c', 'a', 't', 't', 'i', 'v', 'o', '.', 'n', 'l', '\0',
+  /* "catuniverse.org", true */ 'c', 'a', 't', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "catveteran.com", true */ 'c', 'a', 't', 'v', 'e', 't', 'e', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "caulfieldeastapartments.com.au", true */ 'c', 'a', 'u', 'l', 'f', 'i', 'e', 'l', 'd', 'e', 'a', 's', 't', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "caulfieldracecourseapartments.com.au", true */ 'c', 'a', 'u', 'l', 'f', 'i', 'e', 'l', 'd', 'r', 'a', 'c', 'e', 'c', 'o', 'u', 'r', 's', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "caulong-ao.net", true */ 'c', 'a', 'u', 'l', 'o', 'n', 'g', '-', 'a', 'o', '.', 'n', 'e', 't', '\0',
+  /* "causae-fincas.es", true */ 'c', 'a', 'u', 's', 'a', 'e', '-', 'f', 'i', 'n', 'c', 'a', 's', '.', 'e', 's', '\0',
+  /* "causae.es", true */ 'c', 'a', 'u', 's', 'a', 'e', '.', 'e', 's', '\0',
+  /* "cav.ac", true */ 'c', 'a', 'v', '.', 'a', 'c', '\0',
+  /* "cavac.at", true */ 'c', 'a', 'v', 'a', 'c', '.', 'a', 't', '\0',
+  /* "cavalierkingcharlesspaniel.com.br", true */ 'c', 'a', 'v', 'a', 'l', 'i', 'e', 'r', 'k', 'i', 'n', 'g', 'c', 'h', 'a', 'r', 'l', 'e', 's', 's', 'p', 'a', 'n', 'i', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cave-reynard.ch", true */ 'c', 'a', 'v', 'e', '-', 'r', 'e', 'y', 'n', 'a', 'r', 'd', '.', 'c', 'h', '\0',
+  /* "cavevinsdefrance.fr", true */ 'c', 'a', 'v', 'e', 'v', 'i', 'n', 's', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "cavzodiaco.com.br", true */ 'c', 'a', 'v', 'z', 'o', 'd', 'i', 'a', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caylercapital.com", true */ 'c', 'a', 'y', 'l', 'e', 'r', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cazaviajes.es", true */ 'c', 'a', 'z', 'a', 'v', 'i', 'a', 'j', 'e', 's', '.', 'e', 's', '\0',
+  /* "cazes.info", true */ 'c', 'a', 'z', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "cbamo.org", true */ 'c', 'b', 'a', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "cbbank.com", true */ 'c', 'b', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cbc-hire.co.uk", true */ 'c', 'b', 'c', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cbd.supply", true */ 'c', 'b', 'd', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "cbdev.de", true */ 'c', 'b', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "cbecrft.net", true */ 'c', 'b', 'e', 'c', 'r', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "cbintermountainrealty.com", true */ 'c', 'b', 'i', 'n', 't', 'e', 'r', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cbr-xml-daily.ru", true */ 'c', 'b', 'r', '-', 'x', 'm', 'l', '-', 'd', 'a', 'i', 'l', 'y', '.', 'r', 'u', '\0',
+  /* "cbw.sh", true */ 'c', 'b', 'w', '.', 's', 'h', '\0',
+  /* "cc-brantomois.fr", true */ 'c', 'c', '-', 'b', 'r', 'a', 'n', 't', 'o', 'm', 'o', 'i', 's', '.', 'f', 'r', '\0',
+  /* "ccac.gov", true */ 'c', 'c', 'a', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "ccayearbook.com", true */ 'c', 'c', 'a', 'y', 'e', 'a', 'r', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ccgn.co", true */ 'c', 'c', 'g', 'n', '.', 'c', 'o', '\0',
+  /* "ccgx.de", true */ 'c', 'c', 'g', 'x', '.', 'd', 'e', '\0',
+  /* "ccja.ro", false */ 'c', 'c', 'j', 'a', '.', 'r', 'o', '\0',
+  /* "ccl-sti.ch", true */ 'c', 'c', 'l', '-', 's', 't', 'i', '.', 'c', 'h', '\0',
+  /* "cctvview.info", true */ 'c', 'c', 't', 'v', 'v', 'i', 'e', 'w', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ccu.io", true */ 'c', 'c', 'u', '.', 'i', 'o', '\0',
+  /* "ccu.plus", true */ 'c', 'c', 'u', '.', 'p', 'l', 'u', 's', '\0',
+  /* "ccv-deutschland.de", true */ 'c', 'c', 'v', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "ccv.ch", true */ 'c', 'c', 'v', '.', 'c', 'h', '\0',
+  /* "ccv.eu", true */ 'c', 'c', 'v', '.', 'e', 'u', '\0',
+  /* "ccv.nl", true */ 'c', 'c', 'v', '.', 'n', 'l', '\0',
+  /* "cd-sport.com", true */ 'c', 'd', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cd.search.yahoo.com", false */ 'c', 'd', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cda-aigle.ch", true */ 'c', 'd', 'a', '-', 'a', 'i', 'g', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "cda-nw.co.uk", true */ 'c', 'd', 'a', '-', 'n', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cdasiaonline.com", true */ 'c', 'd', 'a', 's', 'i', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cdbf.ch", true */ 'c', 'd', 'b', 'f', '.', 'c', 'h', '\0',
+  /* "cdburnerxp.se", true */ 'c', 'd', 'b', 'u', 'r', 'n', 'e', 'r', 'x', 'p', '.', 's', 'e', '\0',
+  /* "cdda.ch", true */ 'c', 'd', 'd', 'a', '.', 'c', 'h', '\0',
+  /* "cdepot.eu", true */ 'c', 'd', 'e', 'p', 'o', 't', '.', 'e', 'u', '\0',
+  /* "cdkeykopen.com", true */ 'c', 'd', 'k', 'e', 'y', 'k', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cdkeyworld.de", true */ 'c', 'd', 'k', 'e', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "cdlcenter.com", true */ 'c', 'd', 'l', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cdmhp.org.nz", true */ 'c', 'd', 'm', 'h', 'p', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "cdmon.tech", true */ 'c', 'd', 'm', 'o', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "cdn6.de", true */ 'c', 'd', 'n', '6', '.', 'd', 'e', '\0',
+  /* "cdnjs.com", true */ 'c', 'd', 'n', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cdns.cloud", true */ 'c', 'd', 'n', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "cdu-wilgersdorf.de", true */ 'c', 'd', 'u', '-', 'w', 'i', 'l', 'g', 'e', 'r', 's', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "ce-pimkie.fr", true */ 'c', 'e', '-', 'p', 'i', 'm', 'k', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "cebz.org", true */ 'c', 'e', 'b', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "ceciliacolombara.com", true */ 'c', 'e', 'c', 'i', 'l', 'i', 'a', 'c', 'o', 'l', 'o', 'm', 'b', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cecilwalker.com.au", true */ 'c', 'e', 'c', 'i', 'l', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cecipu.gob.cl", true */ 'c', 'e', 'c', 'i', 'p', 'u', '.', 'g', 'o', 'b', '.', 'c', 'l', '\0',
+  /* "ced-services.nl", true */ 'c', 'e', 'd', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0',
+  /* "cedriccassimo.ch", true */ 'c', 'e', 'd', 'r', 'i', 'c', 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'h', '\0',
+  /* "cedriccassimo.com", true */ 'c', 'e', 'd', 'r', 'i', 'c', 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ceebee.com", true */ 'c', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cefak.org.br", true */ 'c', 'e', 'f', 'a', 'k', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "ceilingpac.org", true */ 'c', 'e', 'i', 'l', 'i', 'n', 'g', 'p', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "cejhon.cz", false */ 'c', 'e', 'j', 'h', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "cekaja.com", true */ 'c', 'e', 'k', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "celebrityscope.net", true */ 'c', 'e', 'l', 'e', 'b', 'r', 'i', 't', 'y', 's', 'c', 'o', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "celec.gob.ec", false */ 'c', 'e', 'l', 'e', 'c', '.', 'g', 'o', 'b', '.', 'e', 'c', '\0',
+  /* "celiendev.ch", true */ 'c', 'e', 'l', 'i', 'e', 'n', 'd', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "celigo.com", true */ 'c', 'e', 'l', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "celltek-server.de", true */ 'c', 'e', 'l', 'l', 't', 'e', 'k', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "celti.ie.eu.org", true */ 'c', 'e', 'l', 't', 'i', '.', 'i', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "celti.name", true */ 'c', 'e', 'l', 't', 'i', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "cementscience.com", true */ 'c', 'e', 'm', 'e', 'n', 't', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ceml.ch", true */ 'c', 'e', 'm', 'l', '.', 'c', 'h', '\0',
+  /* "cenatorium.pl", true */ 'c', 'e', 'n', 'a', 't', 'o', 'r', 'i', 'u', 'm', '.', 'p', 'l', '\0',
+  /* "censurfridns.dk", true */ 'c', 'e', 'n', 's', 'u', 'r', 'f', 'r', 'i', 'd', 'n', 's', '.', 'd', 'k', '\0',
+  /* "censurfridns.nu", true */ 'c', 'e', 'n', 's', 'u', 'r', 'f', 'r', 'i', 'd', 'n', 's', '.', 'n', 'u', '\0',
+  /* "censys.io", true */ 'c', 'e', 'n', 's', 'y', 's', '.', 'i', 'o', '\0',
+  /* "centaur.de", true */ 'c', 'e', 'n', 't', 'a', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "centennialradon.com", true */ 'c', 'e', 'n', 't', 'e', 'n', 'n', 'i', 'a', 'l', 'r', 'a', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "centerforpolicy.org", true */ 'c', 'e', 'n', 't', 'e', 'r', 'f', 'o', 'r', 'p', 'o', 'l', 'i', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "centerpereezd.ru", false */ 'c', 'e', 'n', 't', 'e', 'r', 'p', 'e', 'r', 'e', 'e', 'z', 'd', '.', 'r', 'u', '\0',
+  /* "centerpoint.ovh", true */ 'c', 'e', 'n', 't', 'e', 'r', 'p', 'o', 'i', 'n', 't', '.', 'o', 'v', 'h', '\0',
+  /* "centillien.com", false */ 'c', 'e', 'n', 't', 'i', 'l', 'l', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "centio.bg", true */ 'c', 'e', 'n', 't', 'i', 'o', '.', 'b', 'g', '\0',
+  /* "centos.tips", true */ 'c', 'e', 'n', 't', 'o', 's', '.', 't', 'i', 'p', 's', '\0',
+  /* "central4.me", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', '4', '.', 'm', 'e', '\0',
+  /* "centralcountiesservices.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'c', 'o', 'u', 'n', 't', 'i', 'e', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "centralfor.me", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'f', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "centralstatecu.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 's', 't', 'a', 't', 'e', 'c', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "centralvoice.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'v', 'o', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "centrationgame.com", true */ 'c', 'e', 'n', 't', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "centredaccueil.fr", true */ 'c', 'e', 'n', 't', 'r', 'e', 'd', 'a', 'c', 'c', 'u', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "centreoeil.ch", true */ 'c', 'e', 'n', 't', 'r', 'e', 'o', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "centricweb.com", true */ 'c', 'e', 'n', 't', 'r', 'i', 'c', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "centrobill.com", true */ 'c', 'e', 'n', 't', 'r', 'o', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "centrojovencuenca.es", true */ 'c', 'e', 'n', 't', 'r', 'o', 'j', 'o', 'v', 'e', 'n', 'c', 'u', 'e', 'n', 'c', 'a', '.', 'e', 's', '\0',
+  /* "centrolavoro.org", true */ 'c', 'e', 'n', 't', 'r', 'o', 'l', 'a', 'v', 'o', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "centrumhodinek.cz", true */ 'c', 'e', 'n', 't', 'r', 'u', 'm', 'h', 'o', 'd', 'i', 'n', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "centruvechisv.ro", true */ 'c', 'e', 'n', 't', 'r', 'u', 'v', 'e', 'c', 'h', 'i', 's', 'v', '.', 'r', 'o', '\0',
+  /* "centurialeonina.com", true */ 'c', 'e', 'n', 't', 'u', 'r', 'i', 'a', 'l', 'e', 'o', 'n', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "centurionunderground.com", true */ 'c', 'e', 'n', 't', 'u', 'r', 'i', 'o', 'n', 'u', 'n', 'd', 'e', 'r', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ceoimon.com", true */ 'c', 'e', 'o', 'i', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ceopedia.org", true */ 'c', 'e', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ceramiya.com", true */ 'c', 'e', 'r', 'a', 'm', 'i', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cerastar.com", true */ 'c', 'e', 'r', 'a', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cerber.us", true */ 'c', 'e', 'r', 'b', 'e', 'r', '.', 'u', 's', '\0',
+  /* "cerebelo.info", true */ 'c', 'e', 'r', 'e', 'b', 'e', 'l', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ceres-corp.org", true */ 'c', 'e', 'r', 'e', 's', '-', 'c', 'o', 'r', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "ceres1.space", true */ 'c', 'e', 'r', 'e', 's', '1', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "cermak.photos", true */ 'c', 'e', 'r', 'm', 'a', 'k', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "cerpa.com.br", true */ 'c', 'e', 'r', 'p', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cerpus-course.com", true */ 'c', 'e', 'r', 'p', 'u', 's', '-', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cerstve-korenie.sk", true */ 'c', 'e', 'r', 's', 't', 'v', 'e', '-', 'k', 'o', 'r', 'e', 'n', 'i', 'e', '.', 's', 'k', '\0',
+  /* "cerstvekorenie.sk", true */ 'c', 'e', 'r', 's', 't', 'v', 'e', 'k', 'o', 'r', 'e', 'n', 'i', 'e', '.', 's', 'k', '\0',
+  /* "cert.or.id", true */ 'c', 'e', 'r', 't', '.', 'o', 'r', '.', 'i', 'd', '\0',
+  /* "certcenter.ch", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "certcenter.co.uk", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "certcenter.com", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "certcenter.de", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "certcenter.fr", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "certible.com", true */ 'c', 'e', 'r', 't', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "certificatedetails.com", true */ 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 'd', 'e', 't', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "certificatetools.com", true */ 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "certly.io", true */ 'c', 'e', 'r', 't', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "certmonitor.com.au", true */ 'c', 'e', 'r', 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "certmonitor.net", true */ 'c', 'e', 'r', 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "certnazionale.it", true */ 'c', 'e', 'r', 't', 'n', 'a', 'z', 'i', 'o', 'n', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "certspotter.com", true */ 'c', 'e', 'r', 't', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "certspotter.org", true */ 'c', 'e', 'r', 't', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ceruleanmainbeach.com.au", true */ 'c', 'e', 'r', 'u', 'l', 'e', 'a', 'n', 'm', 'a', 'i', 'n', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cervejista.com", true */ 'c', 'e', 'r', 'v', 'e', 'j', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cesdb.com", true */ 'c', 'e', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cesipagano.com", true */ 'c', 'e', 's', 'i', 'p', 'a', 'g', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ceso-saco.com", true */ 'c', 'e', 's', 'o', '-', 's', 'a', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cesobaly.cz", true */ 'c', 'e', 's', 'o', 'b', 'a', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "cestasedelicias.com.br", true */ 'c', 'e', 's', 't', 'a', 's', 'e', 'd', 'e', 'l', 'i', 'c', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cestlav.it", true */ 'c', 'e', 's', 't', 'l', 'a', 'v', '.', 'i', 't', '\0',
+  /* "cestunmetier.ch", true */ 'c', 'e', 's', 't', 'u', 'n', 'm', 'e', 't', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "cetamol.com", true */ 'c', 'e', 't', 'a', 'm', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ceu.edu", false */ 'c', 'e', 'u', '.', 'e', 'd', 'u', '\0',
+  /* "cevo.com.hr", true */ 'c', 'e', 'v', 'o', '.', 'c', 'o', 'm', '.', 'h', 'r', '\0',
+  /* "ceyizlikelisleri.com", true */ 'c', 'e', 'y', 'i', 'z', 'l', 'i', 'k', 'e', 'l', 'i', 's', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cf-ide.de", true */ 'c', 'f', '-', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "cfa.gov", true */ 'c', 'f', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "cfan.space", true */ 'c', 'f', 'a', 'n', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "cfh.com", true */ 'c', 'f', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "cfneia.org", true */ 'c', 'f', 'n', 'e', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cfno.org", true */ 'c', 'f', 'n', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "cfo.gov", true */ 'c', 'f', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "cfsh.tk", true */ 'c', 'f', 's', 'h', '.', 't', 'k', '\0',
+  /* "cftcarouge.com", true */ 'c', 'f', 't', 'c', 'a', 'r', 'o', 'u', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cfxdesign.com", true */ 'c', 'f', 'x', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cg-systems.hu", true */ 'c', 'g', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'h', 'u', '\0',
+  /* "cg.search.yahoo.com", false */ 'c', 'g', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cgan.de", true */ 'c', 'g', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "cgan.pw", true */ 'c', 'g', 'a', 'n', '.', 'p', 'w', '\0',
+  /* "cgbassurances.ch", true */ 'c', 'g', 'b', 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', 's', '.', 'c', 'h', '\0',
+  /* "cgbilling.com", true */ 'c', 'g', 'b', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cgcookiemarkets.com", true */ 'c', 'g', 'c', 'o', 'o', 'k', 'i', 'e', 'm', 'a', 'r', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cgsmart.com", true */ 'c', 'g', 's', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ch-laborit.fr", true */ 'c', 'h', '-', 'l', 'a', 'b', 'o', 'r', 'i', 't', '.', 'f', 'r', '\0',
+  /* "ch-sc.de", true */ 'c', 'h', '-', 's', 'c', '.', 'd', 'e', '\0',
+  /* "ch.search.yahoo.com", false */ 'c', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chabaojia.com", true */ 'c', 'h', 'a', 'b', 'a', 'o', 'j', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chabaudparfum.com", true */ 'c', 'h', 'a', 'b', 'a', 'u', 'd', 'p', 'a', 'r', 'f', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "chabert-provence.fr", true */ 'c', 'h', 'a', 'b', 'e', 'r', 't', '-', 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "chad.ch", true */ 'c', 'h', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "chadstoneapartments.com.au", true */ 'c', 'h', 'a', 'd', 's', 't', 'o', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "chaifeng.com", true */ 'c', 'h', 'a', 'i', 'f', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "chainedunion.info", true */ 'c', 'h', 'a', 'i', 'n', 'e', 'd', 'u', 'n', 'i', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "chairinstitute.com", true */ 'c', 'h', 'a', 'i', 'r', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chaisystems.net", true */ 'c', 'h', 'a', 'i', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "chaldeen.pro", true */ 'c', 'h', 'a', 'l', 'd', 'e', 'e', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "chaletdemontagne.org", true */ 'c', 'h', 'a', 'l', 'e', 't', 'd', 'e', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chaletmanager.com", true */ 'c', 'h', 'a', 'l', 'e', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chaletpierrot.ch", true */ 'c', 'h', 'a', 'l', 'e', 't', 'p', 'i', 'e', 'r', 'r', 'o', 't', '.', 'c', 'h', '\0',
+  /* "chaleur.com", true */ 'c', 'h', 'a', 'l', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chalker.io", true */ 'c', 'h', 'a', 'l', 'k', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "chalkfestival.org", false */ 'c', 'h', 'a', 'l', 'k', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "challengeblog.org", true */ 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "chamathellawala.com", true */ 'c', 'h', 'a', 'm', 'a', 't', 'h', 'e', 'l', 'l', 'a', 'w', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chambion.ch", true */ 'c', 'h', 'a', 'm', 'b', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "chameleon-ents.co.uk", true */ 'c', 'h', 'a', 'm', 'e', 'l', 'e', 'o', 'n', '-', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chameth.com", true */ 'c', 'h', 'a', 'm', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "chamilo.org", true */ 'c', 'h', 'a', 'm', 'i', 'l', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "champdogs.co.uk", true */ 'c', 'h', 'a', 'm', 'p', 'd', 'o', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "champdogs.com", true */ 'c', 'h', 'a', 'm', 'p', 'd', 'o', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "champicreuse.fr", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'c', 'r', 'e', 'u', 's', 'e', '.', 'f', 'r', '\0',
+  /* "championcastles.ie", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "champions.co", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 's', '.', 'c', 'o', '\0',
+  /* "championweb.com.au", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "champonthis.de", true */ 'c', 'h', 'a', 'm', 'p', 'o', 'n', 't', 'h', 'i', 's', '.', 'd', 'e', '\0',
+  /* "chancat.blog", false */ 'c', 'h', 'a', 'n', 'c', 'a', 't', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "chandr1000.ga", true */ 'c', 'h', 'a', 'n', 'd', 'r', '1', '0', '0', '0', '.', 'g', 'a', '\0',
+  /* "changecopyright.ru", true */ 'c', 'h', 'a', 'n', 'g', 'e', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'r', 'u', '\0',
+  /* "changesfor.life", true */ 'c', 'h', 'a', 'n', 'g', 'e', 's', 'f', 'o', 'r', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "changethislater.com", true */ 'c', 'h', 'a', 'n', 'g', 'e', 't', 'h', 'i', 's', 'l', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chanissue.com", false */ 'c', 'h', 'a', 'n', 'i', 's', 's', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "channeladam.com", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "channelcards.com", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "channellife.co.nz", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "channellife.com.au", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "channyc.com", true */ 'c', 'h', 'a', 'n', 'n', 'y', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "chanoyu-gakkai.jp", true */ 'c', 'h', 'a', 'n', 'o', 'y', 'u', '-', 'g', 'a', 'k', 'k', 'a', 'i', '.', 'j', 'p', '\0',
+  /* "chantalguggenbuhl.ch", true */ 'c', 'h', 'a', 'n', 't', 'a', 'l', 'g', 'u', 'g', 'g', 'e', 'n', 'b', 'u', 'h', 'l', '.', 'c', 'h', '\0',
+  /* "chanz.com", true */ 'c', 'h', 'a', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "chaos-inc.de", true */ 'c', 'h', 'a', 'o', 's', '-', 'i', 'n', 'c', '.', 'd', 'e', '\0',
+  /* "chaos.run", true */ 'c', 'h', 'a', 'o', 's', '.', 'r', 'u', 'n', '\0',
+  /* "chaoscastles.co.uk", true */ 'c', 'h', 'a', 'o', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chaoschemnitz.de", true */ 'c', 'h', 'a', 'o', 's', 'c', 'h', 'e', 'm', 'n', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "chaosdorf.de", true */ 'c', 'h', 'a', 'o', 's', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "chaosfield.at", true */ 'c', 'h', 'a', 'o', 's', 'f', 'i', 'e', 'l', 'd', '.', 'a', 't', '\0',
+  /* "chaoslab.org", true */ 'c', 'h', 'a', 'o', 's', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "chaospott.de", true */ 'c', 'h', 'a', 'o', 's', 'p', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "chaotichive.com", true */ 'c', 'h', 'a', 'o', 't', 'i', 'c', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chaoticlaw.com", true */ 'c', 'h', 'a', 'o', 't', 'i', 'c', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "chapelfordbouncers.co.uk", true */ 'c', 'h', 'a', 'p', 'e', 'l', 'f', 'o', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chapiteauxduleman.fr", true */ 'c', 'h', 'a', 'p', 'i', 't', 'e', 'a', 'u', 'x', 'd', 'u', 'l', 'e', 'm', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "chaplain.co", true */ 'c', 'h', 'a', 'p', 'l', 'a', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "charakato.com", true */ 'c', 'h', 'a', 'r', 'a', 'k', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "charcoalvenice.com", true */ 'c', 'h', 'a', 'r', 'c', 'o', 'a', 'l', 'v', 'e', 'n', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "charge.co", true */ 'c', 'h', 'a', 'r', 'g', 'e', '.', 'c', 'o', '\0',
+  /* "charitylog.co.uk", true */ 'c', 'h', 'a', 'r', 'i', 't', 'y', 'l', 'o', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "charl.eu", true */ 'c', 'h', 'a', 'r', 'l', '.', 'e', 'u', '\0',
+  /* "charles-darwin.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', '-', 'd', 'a', 'r', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "charlesbwise.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'b', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "charlesjay.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'j', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "charlesrogers.co.uk", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "charlestonfacialplastic.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 't', 'o', 'n', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'l', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "charliedillon.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'd', 'i', 'l', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "charliehr.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'h', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "charlierogers.co.uk", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "charlierogers.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "charlimarie.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'm', 'a', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "charlotte-touati.ch", true */ 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', '-', 't', 'o', 'u', 'a', 't', 'i', '.', 'c', 'h', '\0',
+  /* "charlottesvillegolfcommunities.com", true */ 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', 's', 'v', 'i', 'l', 'l', 'e', 'g', 'o', 'l', 'f', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "charmander.me", true */ 'c', 'h', 'a', 'r', 'm', 'a', 'n', 'd', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "charmingsaul.com", true */ 'c', 'h', 'a', 'r', 'm', 'i', 'n', 'g', 's', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "charmyadesara.com", true */ 'c', 'h', 'a', 'r', 'm', 'y', 'a', 'd', 'e', 's', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "charr.xyz", true */ 'c', 'h', 'a', 'r', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "charta-digitale-vernetzung.de", true */ 'c', 'h', 'a', 'r', 't', 'a', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '-', 'v', 'e', 'r', 'n', 'e', 't', 'z', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "charteroak.org", true */ 'c', 'h', 'a', 'r', 't', 'e', 'r', 'o', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "chartpen.com", true */ 'c', 'h', 'a', 'r', 't', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chartsy.de", true */ 'c', 'h', 'a', 'r', 't', 's', 'y', '.', 'd', 'e', '\0',
+  /* "charuru.moe", true */ 'c', 'h', 'a', 'r', 'u', 'r', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "chasafilli.ch", true */ 'c', 'h', 'a', 's', 'a', 'f', 'i', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "chaseandzoey.de", true */ 'c', 'h', 'a', 's', 'e', 'a', 'n', 'd', 'z', 'o', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "chaseganey.com", true */ 'c', 'h', 'a', 's', 'e', 'g', 'a', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chasing-coins.com", true */ 'c', 'h', 'a', 's', 'i', 'n', 'g', '-', 'c', 'o', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chat-libera.org", true */ 'c', 'h', 'a', 't', '-', 'l', 'i', 'b', 'e', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "chat-senza-registrazione.net", true */ 'c', 'h', 'a', 't', '-', 's', 'e', 'n', 'z', 'a', '-', 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chat.cz", true */ 'c', 'h', 'a', 't', '.', 'c', 'z', '\0',
+  /* "chat40.net", true */ 'c', 'h', 'a', 't', '4', '0', '.', 'n', 'e', 't', '\0',
+  /* "chatbelgie.eu", true */ 'c', 'h', 'a', 't', 'b', 'e', 'l', 'g', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "chatbotclic.com", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 'c', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "chatbotclick.com", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 'c', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chatbots.email", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 's', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "chatbots.systems", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 's', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "chatear.social", true */ 'c', 'h', 'a', 't', 'e', 'a', 'r', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "chateau-belvoir.com", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', '-', 'b', 'e', 'l', 'v', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chateau-de-lisle.fr", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', '-', 'd', 'e', '-', 'l', 'i', 's', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "chateaudestrainchamps.com", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', 'd', 'e', 's', 't', 'r', 'a', 'i', 'n', 'c', 'h', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chatfacile.org", true */ 'c', 'h', 'a', 't', 'f', 'a', 'c', 'i', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chatint.com", true */ 'c', 'h', 'a', 't', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chatitaly.org", true */ 'c', 'h', 'a', 't', 'i', 't', 'a', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "chatme.im", false */ 'c', 'h', 'a', 't', 'm', 'e', '.', 'i', 'm', '\0',
+  /* "chatnbook.com", true */ 'c', 'h', 'a', 't', 'n', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chatnederland.eu", true */ 'c', 'h', 'a', 't', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "chatsworthelectrical.com", true */ 'c', 'h', 'a', 't', 's', 'w', 'o', 'r', 't', 'h', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chatt-gratis.net", true */ 'c', 'h', 'a', 't', 't', '-', 'g', 'r', 'a', 't', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "chatt-gratis.org", true */ 'c', 'h', 'a', 't', 't', '-', 'g', 'r', 'a', 't', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "chattergalerie.eu", true */ 'c', 'h', 'a', 't', 't', 'e', 'r', 'g', 'a', 'l', 'e', 'r', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "chattergallery.com", true */ 'c', 'h', 'a', 't', 't', 'e', 'r', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chatu.io", true */ 'c', 'h', 'a', 't', 'u', '.', 'i', 'o', '\0',
+  /* "chatu.me", true */ 'c', 'h', 'a', 't', 'u', '.', 'm', 'e', '\0',
+  /* "chatucomputers.com", true */ 'c', 'h', 'a', 't', 'u', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chatxp.com", true */ 'c', 'h', 'a', 't', 'x', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chatxsingle.net", true */ 'c', 'h', 'a', 't', 'x', 's', 'i', 'n', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chatxtutti.com", true */ 'c', 'h', 'a', 't', 'x', 't', 'u', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "chatzimanolis.gr", true */ 'c', 'h', 'a', 't', 'z', 'i', 'm', 'a', 'n', 'o', 'l', 'i', 's', '.', 'g', 'r', '\0',
+  /* "chaurocks.com", true */ 'c', 'h', 'a', 'u', 'r', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chaverde.org", true */ 'c', 'h', 'a', 'v', 'e', 'r', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chaz6.com", true */ 'c', 'h', 'a', 'z', '6', '.', 'c', 'o', 'm', '\0',
+  /* "chazalet.fr", true */ 'c', 'h', 'a', 'z', 'a', 'l', 'e', 't', '.', 'f', 'r', '\0',
+  /* "chazay.net", false */ 'c', 'h', 'a', 'z', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "chazgie.se", true */ 'c', 'h', 'a', 'z', 'g', 'i', 'e', '.', 's', 'e', '\0',
+  /* "chbs.me", true */ 'c', 'h', 'b', 's', '.', 'm', 'e', '\0',
+  /* "chch.it", true */ 'c', 'h', 'c', 'h', '.', 'i', 't', '\0',
+  /* "chcsct.com", true */ 'c', 'h', 'c', 's', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chdgaming.xyz", true */ 'c', 'h', 'd', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "cheah.xyz", true */ 'c', 'h', 'e', 'a', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "cheapalarmparts.com.au", true */ 'c', 'h', 'e', 'a', 'p', 'a', 'l', 'a', 'r', 'm', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cheapessay.net", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "cheapestgamecards.at", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'a', 't', '\0',
+  /* "cheapestgamecards.be", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'b', 'e', '\0',
+  /* "cheapestgamecards.co.uk", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheapestgamecards.com", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheapestgamecards.de", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'd', 'e', '\0',
+  /* "cheapestgamecards.fi", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'f', 'i', '\0',
+  /* "cheapestgamecards.fr", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'f', 'r', '\0',
+  /* "cheapestgamecards.nl", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'n', 'l', '\0',
+  /* "cheapestgamecards.no", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'n', 'o', '\0',
+  /* "cheapestgamecards.se", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 's', 'e', '\0',
+  /* "cheapgeekts.com", false */ 'c', 'h', 'e', 'a', 'p', 'g', 'e', 'e', 'k', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheapgoa.com", true */ 'c', 'h', 'e', 'a', 'p', 'g', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cheapiesystems.com", true */ 'c', 'h', 'e', 'a', 'p', 'i', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheapssl.com.tr", true */ 'c', 'h', 'e', 'a', 'p', 's', 's', 'l', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "cheapticket.in", true */ 'c', 'h', 'e', 'a', 'p', 't', 'i', 'c', 'k', 'e', 't', '.', 'i', 'n', '\0',
+  /* "cheapwritinghelp.com", true */ 'c', 'h', 'e', 'a', 'p', 'w', 'r', 'i', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chebwebb.com", true */ 'c', 'h', 'e', 'b', 'w', 'e', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "check.torproject.org", false */ 'c', 'h', 'e', 'c', 'k', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "checkecert.nl", true */ 'c', 'h', 'e', 'c', 'k', 'e', 'c', 'e', 'r', 't', '.', 'n', 'l', '\0',
+  /* "checkmateshoes.com", true */ 'c', 'h', 'e', 'c', 'k', 'm', 'a', 't', 'e', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "checkmatewebsolutions.com", true */ 'c', 'h', 'e', 'c', 'k', 'm', 'a', 't', 'e', 'w', 'e', 'b', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "checkout.google.com", true */ 'c', 'h', 'e', 'c', 'k', 'o', 'u', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "checkpoint-tshirt.com", true */ 'c', 'h', 'e', 'c', 'k', 'p', 'o', 'i', 'n', 't', '-', 't', 's', 'h', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "checktype.com", true */ 'c', 'h', 'e', 'c', 'k', 't', 'y', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "checkui.com", true */ 'c', 'h', 'e', 'c', 'k', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "checkyourmath.com", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "checkyourmeds.com", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'm', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "checkyourprivilege.org", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'p', 'r', 'i', 'v', 'i', 'l', 'e', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "checos.co.uk", true */ 'c', 'h', 'e', 'c', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheddarpayments.com", true */ 'c', 'h', 'e', 'd', 'd', 'a', 'r', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheekycharliessoftplay.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'c', 'h', 'a', 'r', 'l', 'i', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheekylittlerascals.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'l', 'i', 't', 't', 'l', 'e', 'r', 'a', 's', 'c', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheekymonkeysinflatables.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'm', 'o', 'n', 'k', 'e', 'y', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheeseemergency.co.uk", true */ 'c', 'h', 'e', 'e', 's', 'e', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheesypicsbooths.co.uk", true */ 'c', 'h', 'e', 'e', 's', 'y', 'p', 'i', 'c', 's', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheetahwerx.com", true */ 'c', 'h', 'e', 'e', 't', 'a', 'h', 'w', 'e', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cheez.systems", true */ 'c', 'h', 'e', 'e', 'z', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "chehalemgroup.com", true */ 'c', 'h', 'e', 'h', 'a', 'l', 'e', 'm', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chellame.com", true */ 'c', 'h', 'e', 'l', 'l', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chellame.fr", true */ 'c', 'h', 'e', 'l', 'l', 'a', 'm', 'e', '.', 'f', 'r', '\0',
+  /* "chelseafs.co.uk", true */ 'c', 'h', 'e', 'l', 's', 'e', 'a', 'f', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheltenhambounce.co.uk", true */ 'c', 'h', 'e', 'l', 't', 'e', 'n', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheltenhambouncycastles.co.uk", true */ 'c', 'h', 'e', 'l', 't', 'e', 'n', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheltik.ru", true */ 'c', 'h', 'e', 'l', 't', 'i', 'k', '.', 'r', 'u', '\0',
+  /* "chemicalguys-ruhrpott.de", true */ 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', 'g', 'u', 'y', 's', '-', 'r', 'u', 'h', 'r', 'p', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "chenapartment.com", true */ 'c', 'h', 'e', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chengl.com", true */ 'c', 'h', 'e', 'n', 'g', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chengtongled.com", true */ 'c', 'h', 'e', 'n', 'g', 't', 'o', 'n', 'g', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "chenky.com", true */ 'c', 'h', 'e', 'n', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chennien.com", true */ 'c', 'h', 'e', 'n', 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chentianyi.cn", true */ 'c', 'h', 'e', 'n', 't', 'i', 'a', 'n', 'y', 'i', '.', 'c', 'n', '\0',
+  /* "chenzhekl.me", true */ 'c', 'h', 'e', 'n', 'z', 'h', 'e', 'k', 'l', '.', 'm', 'e', '\0',
+  /* "cherevoiture.com", true */ 'c', 'h', 'e', 'r', 'e', 'v', 'o', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cherrett.digital", true */ 'c', 'h', 'e', 'r', 'r', 'e', 't', 't', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "cherrydropscandycarts.co.uk", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'd', 'r', 'o', 'p', 's', 'c', 'a', 'n', 'd', 'y', 'c', 'a', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cherryonit.com", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'o', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cherrywoodtech.com", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'w', 'o', 'o', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "chertseybouncycastles.co.uk", true */ 'c', 'h', 'e', 'r', 't', 's', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chesspoint.ch", true */ 'c', 'h', 'e', 's', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'h', '\0',
+  /* "chessreporter.nl", true */ 'c', 'h', 'e', 's', 's', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "chestnut.cf", true */ 'c', 'h', 'e', 's', 't', 'n', 'u', 't', '.', 'c', 'f', '\0',
+  /* "chevy37.com", true */ 'c', 'h', 'e', 'v', 'y', '3', '7', '.', 'c', 'o', 'm', '\0',
+  /* "chevymotor-occasions.be", true */ 'c', 'h', 'e', 'v', 'y', 'm', 'o', 't', 'o', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "chewey.de", true */ 'c', 'h', 'e', 'w', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "chewey.org", true */ 'c', 'h', 'e', 'w', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "chez-janine.de", true */ 'c', 'h', 'e', 'z', '-', 'j', 'a', 'n', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "chez-oim.org", true */ 'c', 'h', 'e', 'z', '-', 'o', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "chez.moe", true */ 'c', 'h', 'e', 'z', '.', 'm', 'o', 'e', '\0',
+  /* "chfr.search.yahoo.com", false */ 'c', 'h', 'f', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chhory.com", true */ 'c', 'h', 'h', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chhy.at", true */ 'c', 'h', 'h', 'y', '.', 'a', 't', '\0',
+  /* "chiaraiuola.com", false */ 'c', 'h', 'i', 'a', 'r', 'a', 'i', 'u', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chiaramail.com", true */ 'c', 'h', 'i', 'a', 'r', 'a', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chiaseeds24.com", true */ 'c', 'h', 'i', 'a', 's', 'e', 'e', 'd', 's', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "chic-leather.com", true */ 'c', 'h', 'i', 'c', '-', 'l', 'e', 'a', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chicisimo.com", true */ 'c', 'h', 'i', 'c', 'i', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chicolawfirm.com", true */ 'c', 'h', 'i', 'c', 'o', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "chicorycom.net", true */ 'c', 'h', 'i', 'c', 'o', 'r', 'y', 'c', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "chiemgauflirt.de", true */ 'c', 'h', 'i', 'e', 'm', 'g', 'a', 'u', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "chikan-beacon.net", true */ 'c', 'h', 'i', 'k', 'a', 'n', '-', 'b', 'e', 'a', 'c', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "chikory.com", true */ 'c', 'h', 'i', 'k', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "childcounseling.org", true */ 'c', 'h', 'i', 'l', 'd', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "childcustodylegalaid.org", true */ 'c', 'h', 'i', 'l', 'd', 'c', 'u', 's', 't', 'o', 'd', 'y', 'l', 'e', 'g', 'a', 'l', 'a', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "childno.de", true */ 'c', 'h', 'i', 'l', 'd', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "childrenandmedia.org.au", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'a', 'n', 'd', 'm', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "childrenfirstalways.org", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'f', 'i', 'r', 's', 't', 'a', 'l', 'w', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "childreninadversity.gov", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'i', 'n', 'a', 'd', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "childrensentertainmentleicester.co.uk", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "childrenspartiesrus.com", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "childvisitationassistance.org", true */ 'c', 'h', 'i', 'l', 'd', 'v', 'i', 's', 'i', 't', 'a', 't', 'i', 'o', 'n', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chilihosting.eu", true */ 'c', 'h', 'i', 'l', 'i', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "chillebever.nl", true */ 'c', 'h', 'i', 'l', 'l', 'e', 'b', 'e', 'v', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "chima.net", true */ 'c', 'h', 'i', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "chima.us", true */ 'c', 'h', 'i', 'm', 'a', '.', 'u', 's', '\0',
+  /* "chimeratool.com", true */ 'c', 'h', 'i', 'm', 'e', 'r', 'a', 't', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chimpanzee.net", true */ 'c', 'h', 'i', 'm', 'p', 'a', 'n', 'z', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chinacdn.org", true */ 'c', 'h', 'i', 'n', 'a', 'c', 'd', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "chinahighlights.ru", true */ 'c', 'h', 'i', 'n', 'a', 'h', 'i', 'g', 'h', 'l', 'i', 'g', 'h', 't', 's', '.', 'r', 'u', '\0',
+  /* "chinaspaceflight.com", true */ 'c', 'h', 'i', 'n', 'a', 's', 'p', 'a', 'c', 'e', 'f', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chinatrademarkoffice.com", true */ 'c', 'h', 'i', 'n', 'a', 't', 'r', 'a', 'd', 'e', 'm', 'a', 'r', 'k', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chinawhale.com", true */ 'c', 'h', 'i', 'n', 'a', 'w', 'h', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chint.ai", true */ 'c', 'h', 'i', 'n', 't', '.', 'a', 'i', '\0',
+  /* "chinwag.im", true */ 'c', 'h', 'i', 'n', 'w', 'a', 'g', '.', 'i', 'm', '\0',
+  /* "chipcore.com", true */ 'c', 'h', 'i', 'p', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chippy.ch", false */ 'c', 'h', 'i', 'p', 'p', 'y', '.', 'c', 'h', '\0',
+  /* "chiralsoftware.com", true */ 'c', 'h', 'i', 'r', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chireiden.net", true */ 'c', 'h', 'i', 'r', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "chiro-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "chiropraticien-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 't', 'i', 'c', 'i', 'e', 'n', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "chiropratique-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 't', 'i', 'q', 'u', 'e', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "chirosphere.ch", true */ 'c', 'h', 'i', 'r', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "chirpstory.com", true */ 'c', 'h', 'i', 'r', 'p', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chiru.no", true */ 'c', 'h', 'i', 'r', 'u', '.', 'n', 'o', '\0',
+  /* "chisago-isantidfl.com", true */ 'c', 'h', 'i', 's', 'a', 'g', 'o', '-', 'i', 's', 'a', 'n', 't', 'i', 'd', 'f', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chit.search.yahoo.com", false */ 'c', 'h', 'i', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chksite.com", true */ 'c', 'h', 'k', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chloeallison.co.uk", true */ 'c', 'h', 'l', 'o', 'e', 'a', 'l', 'l', 'i', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chloehorler.com", true */ 'c', 'h', 'l', 'o', 'e', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chloescastles.co.uk", true */ 'c', 'h', 'l', 'o', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chmsoft.com.ua", true */ 'c', 'h', 'm', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "chmsoft.ru", true */ 'c', 'h', 'm', 's', 'o', 'f', 't', '.', 'r', 'u', '\0',
+  /* "chmurakotori.ml", true */ 'c', 'h', 'm', 'u', 'r', 'a', 'k', 'o', 't', 'o', 'r', 'i', '.', 'm', 'l', '\0',
+  /* "choc-o-lush.co.uk", true */ 'c', 'h', 'o', 'c', '-', 'o', '-', 'l', 'u', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chocodecor.com.br", true */ 'c', 'h', 'o', 'c', 'o', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "chocolah.com.au", false */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "chocolat-suisse.ch", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', '-', 's', 'u', 'i', 's', 's', 'e', '.', 'c', 'h', '\0',
+  /* "chocolate13tilias.com.br", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '1', '3', 't', 'i', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "chocolatesandhealth.com", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', 's', 'a', 'n', 'd', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "chocolatier-tristan.ch", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'i', 'e', 'r', '-', 't', 'r', 'i', 's', 't', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "chocotough.nl", false */ 'c', 'h', 'o', 'c', 'o', 't', 'o', 'u', 'g', 'h', '.', 'n', 'l', '\0',
+  /* "chocoweb.net", true */ 'c', 'h', 'o', 'c', 'o', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "chodocu.com", true */ 'c', 'h', 'o', 'd', 'o', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "choe.fi", true */ 'c', 'h', 'o', 'e', '.', 'f', 'i', '\0',
+  /* "choisirmonerp.com", true */ 'c', 'h', 'o', 'i', 's', 'i', 'r', 'm', 'o', 'n', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chokladfantasi.net", true */ 'c', 'h', 'o', 'k', 'l', 'a', 'd', 'f', 'a', 'n', 't', 'a', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "chon.io", true */ 'c', 'h', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "chonghe.org", true */ 'c', 'h', 'o', 'n', 'g', 'h', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chook.as", true */ 'c', 'h', 'o', 'o', 'k', '.', 'a', 's', '\0',
+  /* "choosemypc.net", true */ 'c', 'h', 'o', 'o', 's', 'e', 'm', 'y', 'p', 'c', '.', 'n', 'e', 't', '\0',
+  /* "chopperforums.com", true */ 'c', 'h', 'o', 'p', 'p', 'e', 'r', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chorkley.co.uk", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chorkley.com", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chorkley.me", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "chorkley.uk", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'u', 'k', '\0',
+  /* "chorleiterverband.de", true */ 'c', 'h', 'o', 'r', 'l', 'e', 'i', 't', 'e', 'r', 'v', 'e', 'r', 'b', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "chorpinkpoemps.de", true */ 'c', 'h', 'o', 'r', 'p', 'i', 'n', 'k', 'p', 'o', 'e', 'm', 'p', 's', '.', 'd', 'e', '\0',
+  /* "chosenplaintext.org", true */ 'c', 'h', 'o', 's', 'e', 'n', 'p', 'l', 'a', 'i', 'n', 't', 'e', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "chourishi-shigoto.com", true */ 'c', 'h', 'o', 'u', 'r', 'i', 's', 'h', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chowii.com", true */ 'c', 'h', 'o', 'w', 'i', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "chris-edwards.net", true */ 'c', 'h', 'r', 'i', 's', '-', 'e', 'd', 'w', 'a', 'r', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "chrisb.me", true */ 'c', 'h', 'r', 'i', 's', 'b', '.', 'm', 'e', '\0',
+  /* "chrisb.xyz", true */ 'c', 'h', 'r', 'i', 's', 'b', '.', 'x', 'y', 'z', '\0',
+  /* "chrisburnell.com", true */ 'c', 'h', 'r', 'i', 's', 'b', 'u', 'r', 'n', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chriscarey.com", true */ 'c', 'h', 'r', 'i', 's', 'c', 'a', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chriscowley.me.uk", true */ 'c', 'h', 'r', 'i', 's', 'c', 'o', 'w', 'l', 'e', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "chrisdecairos.ca", true */ 'c', 'h', 'r', 'i', 's', 'd', 'e', 'c', 'a', 'i', 'r', 'o', 's', '.', 'c', 'a', '\0',
+  /* "chrisebert.net", true */ 'c', 'h', 'r', 'i', 's', 'e', 'b', 'e', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "chrisfinazzo.com", true */ 'c', 'h', 'r', 'i', 's', 'f', 'i', 'n', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chrisirwin.ca", true */ 'c', 'h', 'r', 'i', 's', 'i', 'r', 'w', 'i', 'n', '.', 'c', 'a', '\0',
+  /* "chrisjean.com", true */ 'c', 'h', 'r', 'i', 's', 'j', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chrismathys.com", true */ 'c', 'h', 'r', 'i', 's', 'm', 'a', 't', 'h', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chrismcclendon.com", true */ 'c', 'h', 'r', 'i', 's', 'm', 'c', 'c', 'l', 'e', 'n', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chrismckee.co.uk", true */ 'c', 'h', 'r', 'i', 's', 'm', 'c', 'k', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chrisnekarda.com", true */ 'c', 'h', 'r', 'i', 's', 'n', 'e', 'k', 'a', 'r', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chrisnicholas.io", true */ 'c', 'h', 'r', 'i', 's', 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', '.', 'i', 'o', '\0',
+  /* "chrispstreet.com", true */ 'c', 'h', 'r', 'i', 's', 'p', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chrisshort.net", false */ 'c', 'h', 'r', 'i', 's', 's', 'h', 'o', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "christadelphiananswers.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'n', 'a', 'n', 's', 'w', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "christadelphians.eu", true */ 'c', 'h', 'r', 'i', 's', 't', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "christchurchbouncycastles.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "christensenplace.us", true */ 'c', 'h', 'r', 'i', 's', 't', 'e', 'n', 's', 'e', 'n', 'p', 'l', 'a', 'c', 'e', '.', 'u', 's', '\0',
+  /* "christiaanconover.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'a', 'n', 'c', 'o', 'n', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "christian-gredig.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'g', 'r', 'e', 'd', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "christian-host.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "christian-liebel.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'l', 'i', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "christianbargon.de", false */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'b', 'a', 'r', 'g', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "christiancleva.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'c', 'l', 'e', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "christianfaq.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'f', 'a', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "christianforums.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "christiangehring.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'g', 'e', 'h', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "christianhospitaltank.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', 't', 'a', 'n', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "christianliebel.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'l', 'i', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "christianpusch.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'p', 'u', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "christians.dating", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "christiansayswords.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'a', 'y', 's', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "christianscholz.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'c', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "christianscholz.eu", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'c', 'h', 'o', 'l', 'z', '.', 'e', 'u', '\0',
+  /* "christiesantiques.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', 's', 'a', 'n', 't', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "christmascard.be", true */ 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', 'c', 'a', 'r', 'd', '.', 'b', 'e', '\0',
+  /* "christmaspartyhire.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "christoph-conrads.name", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', '-', 'c', 'o', 'n', 'r', 'a', 'd', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "christophbartschat.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'b', 'a', 'r', 't', 's', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "christophebarbezat.ch", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'b', 'a', 'r', 'b', 'e', 'z', 'a', 't', '.', 'c', 'h', '\0',
+  /* "christopher-simon.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', '-', 's', 'i', 'm', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "christopherburg.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'b', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "christopherl.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "christopherpritchard.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'p', 'r', 'i', 't', 'c', 'h', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "christophertruncer.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 't', 'r', 'u', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "christophkreileder.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'k', 'r', 'e', 'i', 'l', 'e', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "christophsackl.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 's', 'a', 'c', 'k', 'l', '.', 'd', 'e', '\0',
+  /* "chrisupjohn.xyz", true */ 'c', 'h', 'r', 'i', 's', 'u', 'p', 'j', 'o', 'h', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "chriswarrick.com", true */ 'c', 'h', 'r', 'i', 's', 'w', 'a', 'r', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chriswbarry.com", true */ 'c', 'h', 'r', 'i', 's', 'w', 'b', 'a', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chriswells.io", true */ 'c', 'h', 'r', 'i', 's', 'w', 'e', 'l', 'l', 's', '.', 'i', 'o', '\0',
+  /* "chromaxa.com", true */ 'c', 'h', 'r', 'o', 'm', 'a', 'x', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chrome-devtools-frontend.appspot.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', '-', 'd', 'e', 'v', 't', 'o', 'o', 'l', 's', '-', 'f', 'r', 'o', 'n', 't', 'e', 'n', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chrome.com", false */ 'c', 'h', 'r', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chrome.google.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chromebookchart.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', 'b', 'o', 'o', 'k', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chromebooksforwork.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', 'b', 'o', 'o', 'k', 's', 'f', 'o', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chromiumbugs.appspot.com", true */ 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', 'b', 'u', 'g', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chromiumcodereview.appspot.com", false */ 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chronic101.xyz", true */ 'c', 'h', 'r', 'o', 'n', 'i', 'c', '1', '0', '1', '.', 'x', 'y', 'z', '\0',
+  /* "chroniclesofgeorge.com", true */ 'c', 'h', 'r', 'o', 'n', 'i', 'c', 'l', 'e', 's', 'o', 'f', 'g', 'e', 'o', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chronogram.me", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'g', 'r', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "chronology.no", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'n', 'o', '\0',
+  /* "chronoproject.com", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chronoshop.cz", true */ 'c', 'h', 'r', 'o', 'n', 'o', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "chrpaul.de", true */ 'c', 'h', 'r', 'p', 'a', 'u', 'l', '.', 'd', 'e', '\0',
+  /* "chrstn.eu", true */ 'c', 'h', 'r', 's', 't', 'n', '.', 'e', 'u', '\0',
+  /* "chsh.moe", true */ 'c', 'h', 's', 'h', '.', 'm', 'o', 'e', '\0',
+  /* "chsterz.de", true */ 'c', 'h', 's', 't', 'e', 'r', 'z', '.', 'd', 'e', '\0',
+  /* "chua.family", true */ 'c', 'h', 'u', 'a', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "chuchote-moi.fr", true */ 'c', 'h', 'u', 'c', 'h', 'o', 't', 'e', '-', 'm', 'o', 'i', '.', 'f', 'r', '\0',
+  /* "chuck.ovh", true */ 'c', 'h', 'u', 'c', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "chun.pro", true */ 'c', 'h', 'u', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "chunche.net", true */ 'c', 'h', 'u', 'n', 'c', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chunk.science", true */ 'c', 'h', 'u', 'n', 'k', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0',
+  /* "chupadelfrasco.com", true */ 'c', 'h', 'u', 'p', 'a', 'd', 'e', 'l', 'f', 'r', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "churchlinkpro.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'l', 'i', 'n', 'k', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "churchthemes.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "churchwebcanada.ca", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'w', 'e', 'b', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'a', '\0',
+  /* "churchwebsupport.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'w', 'e', 'b', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chxdf.net", true */ 'c', 'h', 'x', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "chytraauta.cz", true */ 'c', 'h', 'y', 't', 'r', 'a', 'a', 'u', 't', 'a', '.', 'c', 'z', '\0',
+  /* "ci-fo.org", true */ 'c', 'i', '-', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "ci5.me", true */ 'c', 'i', '5', '.', 'm', 'e', '\0',
+  /* "ciancode.com", true */ 'c', 'i', 'a', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cianmawhinney.me", true */ 'c', 'i', 'a', 'n', 'm', 'a', 'w', 'h', 'i', 'n', 'n', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "cianmawhinney.xyz", true */ 'c', 'i', 'a', 'n', 'm', 'a', 'w', 'h', 'i', 'n', 'n', 'e', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "ciansc.com", true */ 'c', 'i', 'a', 'n', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ciat.no", false */ 'c', 'i', 'a', 't', '.', 'n', 'o', '\0',
+  /* "cidadedopoker.com.br", true */ 'c', 'i', 'd', 'a', 'd', 'e', 'd', 'o', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cidbot.com", true */ 'c', 'i', 'd', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ciderclub.com", true */ 'c', 'i', 'd', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cie-theatre-montfaucon.ch", true */ 'c', 'i', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '-', 'm', 'o', 'n', 't', 'f', 'a', 'u', 'c', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "cielbleu.org", true */ 'c', 'i', 'e', 'l', 'b', 'l', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "cielly.com", true */ 'c', 'i', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cifop-numerique.fr", true */ 'c', 'i', 'f', 'o', 'p', '-', 'n', 'u', 'm', 'e', 'r', 'i', 'q', 'u', 'e', '.', 'f', 'r', '\0',
+  /* "cig-dem.com", true */ 'c', 'i', 'g', '-', 'd', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cigar-cartel.com", true */ 'c', 'i', 'g', 'a', 'r', '-', 'c', 'a', 'r', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cigarterminal.com", false */ 'c', 'i', 'g', 'a', 'r', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cigoteket.se", true */ 'c', 'i', 'g', 'o', 't', 'e', 'k', 'e', 't', '.', 's', 'e', '\0',
+  /* "cima-idf.fr", true */ 'c', 'i', 'm', 'a', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "cimballa.com", true */ 'c', 'i', 'm', 'b', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cimfax.com", true */ 'c', 'i', 'm', 'f', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cinafilm.com", true */ 'c', 'i', 'n', 'a', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cine-music.de", true */ 'c', 'i', 'n', 'e', '-', 'm', 'u', 's', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "cine.to", true */ 'c', 'i', 'n', 'e', '.', 't', 'o', '\0',
+  /* "cinefilia.tk", true */ 'c', 'i', 'n', 'e', 'f', 'i', 'l', 'i', 'a', '.', 't', 'k', '\0',
+  /* "cinefilzonen.se", true */ 'c', 'i', 'n', 'e', 'f', 'i', 'l', 'z', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0',
+  /* "cinema5.ru", false */ 'c', 'i', 'n', 'e', 'm', 'a', '5', '.', 'r', 'u', '\0',
+  /* "cinemaclub.co", true */ 'c', 'i', 'n', 'e', 'm', 'a', 'c', 'l', 'u', 'b', '.', 'c', 'o', '\0',
+  /* "cinemysticism.com", true */ 'c', 'i', 'n', 'e', 'm', 'y', 's', 't', 'i', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ciner.is", true */ 'c', 'i', 'n', 'e', 'r', '.', 'i', 's', '\0',
+  /* "cinerama.com.br", true */ 'c', 'i', 'n', 'e', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cinnabon.com", true */ 'c', 'i', 'n', 'n', 'a', 'b', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cinq-elements.com", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cinq-elements.fr", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'f', 'r', '\0',
+  /* "cinq-elements.net", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "cinsects.de", true */ 'c', 'i', 'n', 's', 'e', 'c', 't', 's', '.', 'd', 'e', '\0',
+  /* "cinteo.com", true */ 'c', 'i', 'n', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cinto.cc", true */ 'c', 'i', 'n', 't', 'o', '.', 'c', 'c', '\0',
+  /* "cio.gov", true */ 'c', 'i', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "cioscloud.com", true */ 'c', 'i', 'o', 's', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cip.md", true */ 'c', 'i', 'p', '.', 'm', 'd', '\0',
+  /* "cipartyhire.co.uk", true */ 'c', 'i', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cipher.co.th", true */ 'c', 'i', 'p', 'h', 'e', 'r', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "cipherboy.com", true */ 'c', 'i', 'p', 'h', 'e', 'r', 'b', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cipherli.st", true */ 'c', 'i', 'p', 'h', 'e', 'r', 'l', 'i', '.', 's', 't', '\0',
+  /* "ciphersuite.info", true */ 'c', 'i', 'p', 'h', 'e', 'r', 's', 'u', 'i', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ciphrex.com", true */ 'c', 'i', 'p', 'h', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cipri.com", true */ 'c', 'i', 'p', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cir.is", true */ 'c', 'i', 'r', '.', 'i', 's', '\0',
+  /* "cira.email", true */ 'c', 'i', 'r', 'a', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "circara.com", true */ 'c', 'i', 'r', 'c', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "circlebox.rocks", true */ 'c', 'i', 'r', 'c', 'l', 'e', 'b', 'o', 'x', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "circu.ml", true */ 'c', 'i', 'r', 'c', 'u', '.', 'm', 'l', '\0',
+  /* "cirfi.com", true */ 'c', 'i', 'r', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ciri.com.co", true */ 'c', 'i', 'r', 'i', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "cirope.com", true */ 'c', 'i', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cirrohost.com", true */ 'c', 'i', 'r', 'r', 'o', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cirrus0.de", true */ 'c', 'i', 'r', 'r', 'u', 's', '0', '.', 'd', 'e', '\0',
+  /* "cirugiasplasticas.com.mx", true */ 'c', 'i', 'r', 'u', 'g', 'i', 'a', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "cirujanooral.com", true */ 'c', 'i', 'r', 'u', 'j', 'a', 'n', 'o', 'o', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cirurgicagervasio.com.br", true */ 'c', 'i', 'r', 'u', 'r', 'g', 'i', 'c', 'a', 'g', 'e', 'r', 'v', 'a', 's', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cirurgicalucena.com.br", true */ 'c', 'i', 'r', 'u', 'r', 'g', 'i', 'c', 'a', 'l', 'u', 'c', 'e', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ciscodude.net", true */ 'c', 'i', 's', 'c', 'o', 'd', 'u', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cisoaid.com", true */ 'c', 'i', 's', 'o', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ciss.ltd", true */ 'c', 'i', 's', 's', '.', 'l', 't', 'd', '\0',
+  /* "cisy.me", true */ 'c', 'i', 's', 'y', '.', 'm', 'e', '\0',
+  /* "citationgurus.com", true */ 'c', 'i', 't', 'a', 't', 'i', 'o', 'n', 'g', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "citcuit.in", true */ 'c', 'i', 't', 'c', 'u', 'i', 't', '.', 'i', 'n', '\0',
+  /* "citizen-cam.de", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', '-', 'c', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "citizensbankal.com", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'b', 'a', 'n', 'k', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "citizenscience.gov", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "citizensleague.org", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'l', 'e', 'a', 'g', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "citizenspact.eu", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'p', 'a', 'c', 't', '.', 'e', 'u', '\0',
+  /* "citizing.org", true */ 'c', 'i', 't', 'i', 'z', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "citra-emu.org", true */ 'c', 'i', 't', 'r', 'a', '-', 'e', 'm', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "citrusui.me", true */ 'c', 'i', 't', 'r', 'u', 's', 'u', 'i', '.', 'm', 'e', '\0',
+  /* "cittadesign.com", false */ 'c', 'i', 't', 't', 'a', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "citton.com.br", true */ 'c', 'i', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "citya.com", true */ 'c', 'i', 't', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "citybusexpress.com", true */ 'c', 'i', 't', 'y', 'b', 'u', 's', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "citylights.eu", true */ 'c', 'i', 't', 'y', 'l', 'i', 'g', 'h', 't', 's', '.', 'e', 'u', '\0',
+  /* "citymoobel.ee", true */ 'c', 'i', 't', 'y', 'm', 'o', 'o', 'b', 'e', 'l', '.', 'e', 'e', '\0',
+  /* "cityoftitans.com", true */ 'c', 'i', 't', 'y', 'o', 'f', 't', 'i', 't', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cityoftitansmmo.com", true */ 'c', 'i', 't', 'y', 'o', 'f', 't', 'i', 't', 'a', 'n', 's', 'm', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "citysportapp.com", true */ 'c', 'i', 't', 'y', 's', 'p', 'o', 'r', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cityworksonline.com", true */ 'c', 'i', 't', 'y', 'w', 'o', 'r', 'k', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ciubotaru.tk", true */ 'c', 'i', 'u', 'b', 'o', 't', 'a', 'r', 'u', '.', 't', 'k', '\0',
+  /* "ciuciucadou.ro", true */ 'c', 'i', 'u', 'c', 'i', 'u', 'c', 'a', 'd', 'o', 'u', '.', 'r', 'o', '\0',
+  /* "ciurcasdan.eu", true */ 'c', 'i', 'u', 'r', 'c', 'a', 's', 'd', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "civilg20.org", true */ 'c', 'i', 'v', 'i', 'l', 'g', '2', '0', '.', 'o', 'r', 'g', '\0',
+  /* "civillines.nl", true */ 'c', 'i', 'v', 'i', 'l', 'l', 'i', 'n', 'e', 's', '.', 'n', 'l', '\0',
+  /* "cj-espace-vert.fr", true */ 'c', 'j', '-', 'e', 's', 'p', 'a', 'c', 'e', '-', 'v', 'e', 'r', 't', '.', 'f', 'r', '\0',
+  /* "cj-jackson.com", true */ 'c', 'j', '-', 'j', 'a', 'c', 'k', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cjdpenterprises.com", true */ 'c', 'j', 'd', 'p', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cjdpenterprises.com.au", true */ 'c', 'j', 'd', 'p', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cjessett.com", true */ 'c', 'j', 'e', 's', 's', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cjey.me", true */ 'c', 'j', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "ck.cx", true */ 'c', 'k', '.', 'c', 'x', '\0',
+  /* "ckcameron.net", true */ 'c', 'k', 'c', 'a', 'm', 'e', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ckennelly.com", true */ 'c', 'k', 'e', 'n', 'n', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ckleemann.de", true */ 'c', 'k', 'l', 'e', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "cklie.de", true */ 'c', 'k', 'l', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "ckliemann.com", true */ 'c', 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ckliemann.net", true */ 'c', 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ckostecki.de", true */ 'c', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "cktennis.com", true */ 'c', 'k', 't', 'e', 'n', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cl.search.yahoo.com", false */ 'c', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "claimconnect.com", true */ 'c', 'l', 'a', 'i', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "claimconnect.us", true */ 'c', 'l', 'a', 'i', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'u', 's', '\0',
+  /* "claimnote.com", true */ 'c', 'l', 'a', 'i', 'm', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clairegold.com", true */ 'c', 'l', 'a', 'i', 'r', 'e', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "claireidrac.fr", true */ 'c', 'l', 'a', 'i', 'r', 'e', 'i', 'd', 'r', 'a', 'c', '.', 'f', 'r', '\0',
+  /* "clairescastles.co.uk", true */ 'c', 'l', 'a', 'i', 'r', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clanebouncycastles.com", true */ 'c', 'l', 'a', 'n', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "clanrose.org.uk", true */ 'c', 'l', 'a', 'n', 'r', 'o', 's', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "clanthor.com", true */ 'c', 'l', 'a', 'n', 't', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clanwarz.com", true */ 'c', 'l', 'a', 'n', 'w', 'a', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "clapping-rhymes.com", true */ 'c', 'l', 'a', 'p', 'p', 'i', 'n', 'g', '-', 'r', 'h', 'y', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "claretandbanter.uk", true */ 'c', 'l', 'a', 'r', 'e', 't', 'a', 'n', 'd', 'b', 'a', 'n', 't', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "clarkeaward.com", true */ 'c', 'l', 'a', 'r', 'k', 'e', 'a', 'w', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "clarksgaragedoorrepair.com", true */ 'c', 'l', 'a', 'r', 'k', 's', 'g', 'a', 'r', 'a', 'g', 'e', 'd', 'o', 'o', 'r', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clarkwinkelmann.com", true */ 'c', 'l', 'a', 'r', 'k', 'w', 'i', 'n', 'k', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "clashersrepublic.com", true */ 'c', 'l', 'a', 's', 'h', 'e', 'r', 's', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "class.com.au", true */ 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "classdojo.com", true */ 'c', 'l', 'a', 's', 's', 'd', 'o', 'j', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "classicalpilates.ca", true */ 'c', 'l', 'a', 's', 's', 'i', 'c', 'a', 'l', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "classics.io", true */ 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'i', 'o', '\0',
+  /* "classpoint.cz", true */ 'c', 'l', 'a', 's', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'z', '\0',
+  /* "classteaching.com.au", true */ 'c', 'l', 'a', 's', 's', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "claster.it", true */ 'c', 'l', 'a', 's', 't', 'e', 'r', '.', 'i', 't', '\0',
+  /* "claudia-urio.com", true */ 'c', 'l', 'a', 'u', 'd', 'i', 'a', '-', 'u', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "claudio4.com", true */ 'c', 'l', 'a', 'u', 'd', 'i', 'o', '4', '.', 'c', 'o', 'm', '\0',
+  /* "clauseriksen.net", true */ 'c', 'l', 'a', 'u', 's', 'e', 'r', 'i', 'k', 's', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "clawe.de", true */ 'c', 'l', 'a', 'w', 'e', '.', 'd', 'e', '\0',
+  /* "clayandcottonkirkwood.com", true */ 'c', 'l', 'a', 'y', 'a', 'n', 'd', 'c', 'o', 't', 't', 'o', 'n', 'k', 'i', 'r', 'k', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "claytoncondon.com", true */ 'c', 'l', 'a', 'y', 't', 'o', 'n', 'c', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "claytonstowing.com.au", true */ 'c', 'l', 'a', 'y', 't', 'o', 'n', 's', 't', 'o', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cldly.com", true */ 'c', 'l', 'd', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cleanbeautymarket.com.au", true */ 'c', 'l', 'e', 'a', 'n', 'b', 'e', 'a', 'u', 't', 'y', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cleanbrowsing.org", true */ 'c', 'l', 'e', 'a', 'n', 'b', 'r', 'o', 'w', 's', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "cleancode.club", true */ 'c', 'l', 'e', 'a', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "cleanstar.org", true */ 'c', 'l', 'e', 'a', 'n', 's', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "clear.ml", true */ 'c', 'l', 'e', 'a', 'r', '.', 'm', 'l', '\0',
+  /* "clearance365.co.uk", true */ 'c', 'l', 'e', 'a', 'r', 'a', 'n', 'c', 'e', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clearblueday.co.uk", true */ 'c', 'l', 'e', 'a', 'r', 'b', 'l', 'u', 'e', 'd', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clearip.com", true */ 'c', 'l', 'e', 'a', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "clearkonjac.com", true */ 'c', 'l', 'e', 'a', 'r', 'k', 'o', 'n', 'j', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "clearsettle-admin.com", true */ 'c', 'l', 'e', 'a', 'r', 's', 'e', 't', 't', 'l', 'e', '-', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "clementfevrier.fr", true */ 'c', 'l', 'e', 'm', 'e', 'n', 't', 'f', 'e', 'v', 'r', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "clemovementlaw.com", true */ 'c', 'l', 'e', 'm', 'o', 'v', 'e', 'm', 'e', 'n', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "cles-asso.fr", true */ 'c', 'l', 'e', 's', '-', 'a', 's', 's', 'o', '.', 'f', 'r', '\0',
+  /* "cles.jp", true */ 'c', 'l', 'e', 's', '.', 'j', 'p', '\0',
+  /* "clevelandokla.com", true */ 'c', 'l', 'e', 'v', 'e', 'l', 'a', 'n', 'd', 'o', 'k', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "clevertarget.ru", true */ 'c', 'l', 'e', 'v', 'e', 'r', 't', 'a', 'r', 'g', 'e', 't', '.', 'r', 'u', '\0',
+  /* "cleververmarkten.com", true */ 'c', 'l', 'e', 'v', 'e', 'r', 'v', 'e', 'r', 'm', 'a', 'r', 'k', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cleververmarkten.de", true */ 'c', 'l', 'e', 'v', 'e', 'r', 'v', 'e', 'r', 'm', 'a', 'r', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "clevisto.com", true */ 'c', 'l', 'e', 'v', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cleysense.com", true */ 'c', 'l', 'e', 'y', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clic-music.com", true */ 'c', 'l', 'i', 'c', '-', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "clicecompre.com.br", true */ 'c', 'l', 'i', 'c', 'e', 'c', 'o', 'm', 'p', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "clicheshishalounge.co.uk", true */ 'c', 'l', 'i', 'c', 'h', 'e', 's', 'h', 'i', 's', 'h', 'a', 'l', 'o', 'u', 'n', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "click-licht.de", true */ 'c', 'l', 'i', 'c', 'k', '-', 'l', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "clickclock.cc", true */ 'c', 'l', 'i', 'c', 'k', 'c', 'l', 'o', 'c', 'k', '.', 'c', 'c', '\0',
+  /* "clickenergy.com.au", true */ 'c', 'l', 'i', 'c', 'k', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "clickforclever.com", true */ 'c', 'l', 'i', 'c', 'k', 'f', 'o', 'r', 'c', 'l', 'e', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clickomobile.com", true */ 'c', 'l', 'i', 'c', 'k', 'o', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clickphish.com", true */ 'c', 'l', 'i', 'c', 'k', 'p', 'h', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "clicks.co.za", true */ 'c', 'l', 'i', 'c', 'k', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "clicktenisdemesa.com.br", true */ 'c', 'l', 'i', 'c', 'k', 't', 'e', 'n', 'i', 's', 'd', 'e', 'm', 'e', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "client.coach", true */ 'c', 'l', 'i', 'e', 'n', 't', '.', 'c', 'o', 'a', 'c', 'h', '\0',
+  /* "clientboss.com", true */ 'c', 'l', 'i', 'e', 'n', 't', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "clientsecure.me", true */ 'c', 'l', 'i', 'e', 'n', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "clifflu.net", true */ 'c', 'l', 'i', 'f', 'f', 'l', 'u', '.', 'n', 'e', 't', '\0',
+  /* "climaencusco.com", true */ 'c', 'l', 'i', 'm', 'a', 'e', 'n', 'c', 'u', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "climaprecio.es", true */ 'c', 'l', 'i', 'm', 'a', 'p', 'r', 'e', 'c', 'i', 'o', '.', 'e', 's', '\0',
+  /* "climateinteractive.org", true */ 'c', 'l', 'i', 'm', 'a', 't', 'e', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "climatestew.com", true */ 'c', 'l', 'i', 'm', 'a', 't', 'e', 's', 't', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "clindoeilmontagne.com", true */ 'c', 'l', 'i', 'n', 'd', 'o', 'e', 'i', 'l', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clingout.com", true */ 'c', 'l', 'i', 'n', 'g', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "clinia.ca", true */ 'c', 'l', 'i', 'n', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "clinicadam.com", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "clinicadelogopedia.net", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'd', 'e', 'l', 'o', 'g', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "clinicaltrials.gov", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'l', 't', 'r', 'i', 'a', 'l', 's', '.', 'g', 'o', 'v', '\0',
+  /* "cliniko.com", true */ 'c', 'l', 'i', 'n', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cliniquevethuy.be", true */ 'c', 'l', 'i', 'n', 'i', 'q', 'u', 'e', 'v', 'e', 't', 'h', 'u', 'y', '.', 'b', 'e', '\0',
+  /* "clintonlibrary.gov", true */ 'c', 'l', 'i', 'n', 't', 'o', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "clintonplasticsurgery.com", true */ 'c', 'l', 'i', 'n', 't', 'o', 'n', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "clip.mx", false */ 'c', 'l', 'i', 'p', '.', 'm', 'x', '\0',
+  /* "clipclip.com", true */ 'c', 'l', 'i', 'p', 'c', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "clmde.de", true */ 'c', 'l', 'm', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "clnet.com.au", true */ 'c', 'l', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "clnnet.ch", true */ 'c', 'l', 'n', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "clochix.net", true */ 'c', 'l', 'o', 'c', 'h', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "clockcaster.com", true */ 'c', 'l', 'o', 'c', 'k', 'c', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clockworksms.com", true */ 'c', 'l', 'o', 'c', 'k', 'w', 'o', 'r', 'k', 's', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloghercastles.co.uk", true */ 'c', 'l', 'o', 'g', 'h', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clojurescript.ru", true */ 'c', 'l', 'o', 'j', 'u', 'r', 'e', 's', 'c', 'r', 'i', 'p', 't', '.', 'r', 'u', '\0',
+  /* "cloppenburg-autmobil.com", true */ 'c', 'l', 'o', 'p', 'p', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'a', 'u', 't', 'm', 'o', 'b', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cloppenburg-automobil.com", true */ 'c', 'l', 'o', 'p', 'p', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "clorik.com", true */ 'c', 'l', 'o', 'r', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "close.com", false */ 'c', 'l', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "closeli.cn", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', '.', 'c', 'n', '\0',
+  /* "closeli.com", false */ 'c', 'l', 'o', 's', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "closelinksecurity.co.uk", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', 'n', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "closelinksecurity.com", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', 'n', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "closetemail.com", true */ 'c', 'l', 'o', 's', 'e', 't', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "closingholding.com", true */ 'c', 'l', 'o', 's', 'i', 'n', 'g', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cloturea.fr", true */ 'c', 'l', 'o', 't', 'u', 'r', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "cloud-surfer.net", true */ 'c', 'l', 'o', 'u', 'd', '-', 's', 'u', 'r', 'f', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "cloud.bugatti", true */ 'c', 'l', 'o', 'u', 'd', '.', 'b', 'u', 'g', 'a', 't', 't', 'i', '\0',
+  /* "cloud.fail", true */ 'c', 'l', 'o', 'u', 'd', '.', 'f', 'a', 'i', 'l', '\0',
+  /* "cloud.google.com", true */ 'c', 'l', 'o', 'u', 'd', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloud.gov", true */ 'c', 'l', 'o', 'u', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "cloud2go.de", false */ 'c', 'l', 'o', 'u', 'd', '2', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "cloud9bouncycastlehire.com", true */ 'c', 'l', 'o', 'u', 'd', '9', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloudapps.digital", true */ 'c', 'l', 'o', 'u', 'd', 'a', 'p', 'p', 's', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "cloudbased.info", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'a', 's', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "cloudberlin.goip.de", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "cloudbolin.es", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'o', 'l', 'i', 'n', '.', 'e', 's', '\0',
+  /* "cloudbreaker.de", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'r', 'e', 'a', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "cloudcaprice.net", true */ 'c', 'l', 'o', 'u', 'd', 'c', 'a', 'p', 'r', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cloudcloudcloud.cloud", true */ 'c', 'l', 'o', 'u', 'd', 'c', 'l', 'o', 'u', 'd', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "cloudflare.com", true */ 'c', 'l', 'o', 'u', 'd', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloudflareonazure.com", true */ 'c', 'l', 'o', 'u', 'd', 'f', 'l', 'a', 'r', 'e', 'o', 'n', 'a', 'z', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloudia.org", true */ 'c', 'l', 'o', 'u', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cloudily.com", true */ 'c', 'l', 'o', 'u', 'd', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cloudkit.pro", true */ 'c', 'l', 'o', 'u', 'd', 'k', 'i', 't', '.', 'p', 'r', 'o', '\0',
+  /* "cloudlight.biz", true */ 'c', 'l', 'o', 'u', 'd', 'l', 'i', 'g', 'h', 't', '.', 'b', 'i', 'z', '\0',
+  /* "cloudmigrator365.com", true */ 'c', 'l', 'o', 'u', 'd', 'm', 'i', 'g', 'r', 'a', 't', 'o', 'r', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "cloudnote.cc", true */ 'c', 'l', 'o', 'u', 'd', 'n', 'o', 't', 'e', '.', 'c', 'c', '\0',
+  /* "cloudoptimizedsmb.com", true */ 'c', 'l', 'o', 'u', 'd', 'o', 'p', 't', 'i', 'm', 'i', 'z', 'e', 'd', 's', 'm', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cloudoptimus.com", true */ 'c', 'l', 'o', 'u', 'd', 'o', 'p', 't', 'i', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloudpagesforwork.com", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'a', 'g', 'e', 's', 'f', 'o', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cloudpebble.net", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'e', 'b', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cloudpengu.in", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'e', 'n', 'g', 'u', '.', 'i', 'n', '\0',
+  /* "cloudpipes.com", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'i', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloudsecurityalliance.org", true */ 'c', 'l', 'o', 'u', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "cloudservice.io", true */ 'c', 'l', 'o', 'u', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'o', '\0',
+  /* "cloudsocial.io", true */ 'c', 'l', 'o', 'u', 'd', 's', 'o', 'c', 'i', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "cloudspace-analytics.com", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'a', 'c', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloudspeedy.net", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'e', 'e', 'd', 'y', '.', 'n', 'e', 't', '\0',
+  /* "cloudspire.net", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'i', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cloudteam.de", true */ 'c', 'l', 'o', 'u', 'd', 't', 'e', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "cloudtropia.de", true */ 'c', 'l', 'o', 'u', 'd', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "cloudtskr.com", true */ 'c', 'l', 'o', 'u', 'd', 't', 's', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cloudup.com", true */ 'c', 'l', 'o', 'u', 'd', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cloudwarez.xyz", true */ 'c', 'l', 'o', 'u', 'd', 'w', 'a', 'r', 'e', 'z', '.', 'x', 'y', 'z', '\0',
+  /* "clouz.de", true */ 'c', 'l', 'o', 'u', 'z', '.', 'd', 'e', '\0',
+  /* "cloveros.ga", true */ 'c', 'l', 'o', 'v', 'e', 'r', 'o', 's', '.', 'g', 'a', '\0',
+  /* "clownindeklas.nl", true */ 'c', 'l', 'o', 'w', 'n', 'i', 'n', 'd', 'e', 'k', 'l', 'a', 's', '.', 'n', 'l', '\0',
+  /* "cloxy.com", true */ 'c', 'l', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "clr3.com", true */ 'c', 'l', 'r', '3', '.', 'c', 'o', 'm', '\0',
+  /* "clsimage.com", true */ 'c', 'l', 's', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clsimplex.com", true */ 'c', 'l', 's', 'i', 'm', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "clu-in.org", true */ 'c', 'l', 'u', '-', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "club-is.ru", true */ 'c', 'l', 'u', 'b', '-', 'i', 's', '.', 'r', 'u', '\0',
+  /* "club-reduc.com", true */ 'c', 'l', 'u', 'b', '-', 'r', 'e', 'd', 'u', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "club103.ch", true */ 'c', 'l', 'u', 'b', '1', '0', '3', '.', 'c', 'h', '\0',
+  /* "clubdeslecteurs.net", true */ 'c', 'l', 'u', 'b', 'd', 'e', 's', 'l', 'e', 'c', 't', 'e', 'u', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "clubedalutashop.com", true */ 'c', 'l', 'u', 'b', 'e', 'd', 'a', 'l', 'u', 't', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "clubempleos.com", true */ 'c', 'l', 'u', 'b', 'e', 'm', 'p', 'l', 'e', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "clubeohara.com", true */ 'c', 'l', 'u', 'b', 'e', 'o', 'h', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "clubfamily.de", true */ 'c', 'l', 'u', 'b', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "clubmate.rocks", true */ 'c', 'l', 'u', 'b', 'm', 'a', 't', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "clubmini.jp", true */ 'c', 'l', 'u', 'b', 'm', 'i', 'n', 'i', '.', 'j', 'p', '\0',
+  /* "clubon.space", true */ 'c', 'l', 'u', 'b', 'o', 'n', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "clubscannan.ie", true */ 'c', 'l', 'u', 'b', 's', 'c', 'a', 'n', 'n', 'a', 'n', '.', 'i', 'e', '\0',
+  /* "clueful.ca", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', '.', 'c', 'a', '\0',
+  /* "cluefulca.com", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cluefulca.net", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cluefulca.org", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cluj.apartments", true */ 'c', 'l', 'u', 'j', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0',
+  /* "clusteranalyse.net", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "clusterfuck.nz", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'f', 'u', 'c', 'k', '.', 'n', 'z', '\0',
+  /* "clustermaze.net", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'm', 'a', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "clvs7.com", true */ 'c', 'l', 'v', 's', '7', '.', 'c', 'o', 'm', '\0',
+  /* "cmacacias.ch", true */ 'c', 'm', 'a', 'c', 'a', 'c', 'i', 'a', 's', '.', 'c', 'h', '\0',
+  /* "cmahy.be", true */ 'c', 'm', 'a', 'h', 'y', '.', 'b', 'e', '\0',
+  /* "cmangos.net", true */ 'c', 'm', 'a', 'n', 'g', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "cmcressy.ch", true */ 'c', 'm', 'c', 'r', 'e', 's', 's', 'y', '.', 'c', 'h', '\0',
+  /* "cmdline.org", true */ 'c', 'm', 'd', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "cmfaccounting.com", true */ 'c', 'm', 'f', 'a', 'c', 'c', 'o', 'u', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cmitao.com", true */ 'c', 'm', 'i', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cmlachapelle.ch", true */ 'c', 'm', 'l', 'a', 'c', 'h', 'a', 'p', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "cmlancy.ch", true */ 'c', 'm', 'l', 'a', 'n', 'c', 'y', '.', 'c', 'h', '\0',
+  /* "cmlignon.ch", true */ 'c', 'm', 'l', 'i', 'g', 'n', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "cmn-group.com", true */ 'c', 'm', 'n', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cmn-groupe.com", true */ 'c', 'm', 'n', '-', 'g', 'r', 'o', 'u', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cmngroup.com", true */ 'c', 'm', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cmngroupe.com", true */ 'c', 'm', 'n', 'g', 'r', 'o', 'u', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cmplainpalais.ch", true */ 'c', 'm', 'p', 'l', 'a', 'i', 'n', 'p', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "cmpr.es", true */ 'c', 'm', 'p', 'r', '.', 'e', 's', '\0',
+  /* "cmskeyholding.co.uk", true */ 'c', 'm', 's', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cmskeyholding.com", true */ 'c', 'm', 's', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cmskh.co.uk", true */ 'c', 'm', 's', 'k', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cmusical.es", true */ 'c', 'm', 'u', 's', 'i', 'c', 'a', 'l', '.', 'e', 's', '\0',
+  /* "cmweller.com", true */ 'c', 'm', 'w', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cmylife.nl", true */ 'c', 'm', 'y', 'l', 'i', 'f', 'e', '.', 'n', 'l', '\0',
+  /* "cn.search.yahoo.com", false */ 'c', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cnam-idf.fr", true */ 'c', 'n', 'a', 'm', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "cnam.net", true */ 'c', 'n', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "cnbs.ch", true */ 'c', 'n', 'b', 's', '.', 'c', 'h', '\0',
+  /* "cnc-lehrgang.de", true */ 'c', 'n', 'c', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "cncbazar365.com", true */ 'c', 'n', 'c', 'b', 'a', 'z', 'a', 'r', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "cncfraises.fr", true */ 'c', 'n', 'c', 'f', 'r', 'a', 'i', 's', 'e', 's', '.', 'f', 'r', '\0',
+  /* "cncrans.ch", true */ 'c', 'n', 'c', 'r', 'a', 'n', 's', '.', 'c', 'h', '\0',
+  /* "cnetw.xyz", true */ 'c', 'n', 'e', 't', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "cni-certing.it", true */ 'c', 'n', 'i', '-', 'c', 'e', 'r', 't', 'i', 'n', 'g', '.', 'i', 't', '\0',
+  /* "cnrd.me", true */ 'c', 'n', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "co-factor.ro", true */ 'c', 'o', '-', 'f', 'a', 'c', 't', 'o', 'r', '.', 'r', 'o', '\0',
+  /* "co.search.yahoo.com", false */ 'c', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "co50.com", true */ 'c', 'o', '5', '0', '.', 'c', 'o', 'm', '\0',
+  /* "coachezmoi.ch", true */ 'c', 'o', 'a', 'c', 'h', 'e', 'z', 'm', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "coaching-impulse.ch", true */ 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '-', 'i', 'm', 'p', 'u', 'l', 's', 'e', '.', 'c', 'h', '\0',
+  /* "coachingconsultancy.com", true */ 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coalitionministries.org", true */ 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', 'm', 'i', 'n', 'i', 's', 't', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "coalpointcottage.com", true */ 'c', 'o', 'a', 'l', 'p', 'o', 'i', 'n', 't', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coam.co", true */ 'c', 'o', 'a', 'm', '.', 'c', 'o', '\0',
+  /* "coastline.net.au", true */ 'c', 'o', 'a', 's', 't', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "coatl-industries.com", true */ 'c', 'o', 'a', 't', 'l', '-', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cobalt.io", true */ 'c', 'o', 'b', 'a', 'l', 't', '.', 'i', 'o', '\0',
+  /* "cobaltgp.com", true */ 'c', 'o', 'b', 'a', 'l', 't', 'g', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cobracastles.co.uk", true */ 'c', 'o', 'b', 'r', 'a', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cocaine-import.agency", true */ 'c', 'o', 'c', 'a', 'i', 'n', 'e', '-', 'i', 'm', 'p', 'o', 'r', 't', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "cocaine.ninja", true */ 'c', 'o', 'c', 'a', 'i', 'n', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "cocalc.com", true */ 'c', 'o', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "coccinellaskitchen.com", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "coccinellaskitchen.de", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "coccinellaskitchen.it", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'i', 't', '\0',
+  /* "cocinoyo.com", true */ 'c', 'o', 'c', 'i', 'n', 'o', 'y', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cock.li", true */ 'c', 'o', 'c', 'k', '.', 'l', 'i', '\0',
+  /* "cocker.cc", false */ 'c', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'c', '\0',
+  /* "cockerspanielamericano.com.br", true */ 'c', 'o', 'c', 'k', 'e', 'r', 's', 'p', 'a', 'n', 'i', 'e', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cockerspanielingles.com.br", true */ 'c', 'o', 'c', 'k', 'e', 'r', 's', 'p', 'a', 'n', 'i', 'e', 'l', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "coco-cool.fr", true */ 'c', 'o', 'c', 'o', '-', 'c', 'o', 'o', 'l', '.', 'f', 'r', '\0',
+  /* "coco-line.ch", true */ 'c', 'o', 'c', 'o', '-', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "cocoaheads.at", false */ 'c', 'o', 'c', 'o', 'a', 'h', 'e', 'a', 'd', 's', '.', 'a', 't', '\0',
+  /* "cocoamexico.com", true */ 'c', 'o', 'c', 'o', 'a', 'm', 'e', 'x', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cocodemy.com", true */ 'c', 'o', 'c', 'o', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coconutoil24.com", true */ 'c', 'o', 'c', 'o', 'n', 'u', 't', 'o', 'i', 'l', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cocoscastles.co.uk", true */ 'c', 'o', 'c', 'o', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cocquyt-usedcars.be", true */ 'c', 'o', 'c', 'q', 'u', 'y', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "coda.moe", true */ 'c', 'o', 'd', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "coda.today", true */ 'c', 'o', 'd', 'a', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "coda.world", true */ 'c', 'o', 'd', 'a', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "code-golf.io", true */ 'c', 'o', 'd', 'e', '-', 'g', 'o', 'l', 'f', '.', 'i', 'o', '\0',
+  /* "code-poets.co.uk", true */ 'c', 'o', 'd', 'e', '-', 'p', 'o', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "code-well.com", true */ 'c', 'o', 'd', 'e', '-', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "code.facebook.com", false */ 'c', 'o', 'd', 'e', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "code.fm", true */ 'c', 'o', 'd', 'e', '.', 'f', 'm', '\0',
+  /* "code.google.com", true */ 'c', 'o', 'd', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "code.taxi", true */ 'c', 'o', 'd', 'e', '.', 't', 'a', 'x', 'i', '\0',
+  /* "code67.com", true */ 'c', 'o', 'd', 'e', '6', '7', '.', 'c', 'o', 'm', '\0',
+  /* "codebrahma.com", false */ 'c', 'o', 'd', 'e', 'b', 'r', 'a', 'h', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "codedump.net", true */ 'c', 'o', 'd', 'e', 'd', 'u', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "codeeclipse.com", true */ 'c', 'o', 'd', 'e', 'e', 'c', 'l', 'i', 'p', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "codeferm.com", true */ 'c', 'o', 'd', 'e', 'f', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "codefordus.de", true */ 'c', 'o', 'd', 'e', 'f', 'o', 'r', 'd', 'u', 's', '.', 'd', 'e', '\0',
+  /* "codefordus.nrw", true */ 'c', 'o', 'd', 'e', 'f', 'o', 'r', 'd', 'u', 's', '.', 'n', 'r', 'w', '\0',
+  /* "codefoundry.it", false */ 'c', 'o', 'd', 'e', 'f', 'o', 'u', 'n', 'd', 'r', 'y', '.', 'i', 't', '\0',
+  /* "codeine.co.uk", true */ 'c', 'o', 'd', 'e', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "codeit.guru", true */ 'c', 'o', 'd', 'e', 'i', 't', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "codeit.us", true */ 'c', 'o', 'd', 'e', 'i', 't', '.', 'u', 's', '\0',
+  /* "codenode.io", true */ 'c', 'o', 'd', 'e', 'n', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "codeplay.org", true */ 'c', 'o', 'd', 'e', 'p', 'l', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "codepoints.net", true */ 'c', 'o', 'd', 'e', 'p', 'o', 'i', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "codepref.com", true */ 'c', 'o', 'd', 'e', 'p', 'r', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "codepult.com", true */ 'c', 'o', 'd', 'e', 'p', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "codera.co.uk", true */ 'c', 'o', 'd', 'e', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "codercy.com", true */ 'c', 'o', 'd', 'e', 'r', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "codereview.appspot.com", false */ 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "codereview.chromium.org", false */ 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "coderhangout.com", true */ 'c', 'o', 'd', 'e', 'r', 'h', 'a', 'n', 'g', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coderme.com", true */ 'c', 'o', 'd', 'e', 'r', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "codesplain.in", true */ 'c', 'o', 'd', 'e', 's', 'p', 'l', 'a', 'i', 'n', '.', 'i', 'n', '\0',
+  /* "codesport.io", true */ 'c', 'o', 'd', 'e', 's', 'p', 'o', 'r', 't', '.', 'i', 'o', '\0',
+  /* "codespromo.be", true */ 'c', 'o', 'd', 'e', 's', 'p', 'r', 'o', 'm', 'o', '.', 'b', 'e', '\0',
+  /* "codestudies.net", true */ 'c', 'o', 'd', 'e', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "codesyncro.com", true */ 'c', 'o', 'd', 'e', 's', 'y', 'n', 'c', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "codetripping.net", true */ 'c', 'o', 'd', 'e', 't', 'r', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "codeux.com", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "codeux.info", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "codeux.net", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "codeventure.de", true */ 'c', 'o', 'd', 'e', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "codeversetech.com", true */ 'c', 'o', 'd', 'e', 'v', 'e', 'r', 's', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "codewild.de", true */ 'c', 'o', 'd', 'e', 'w', 'i', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "codeyellow.nl", true */ 'c', 'o', 'd', 'e', 'y', 'e', 'l', 'l', 'o', 'w', '.', 'n', 'l', '\0',
+  /* "codific.eu", true */ 'c', 'o', 'd', 'i', 'f', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "coding.lv", true */ 'c', 'o', 'd', 'i', 'n', 'g', '.', 'l', 'v', '\0',
+  /* "coding.net", true */ 'c', 'o', 'd', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "codingforspeed.com", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'f', 'o', 'r', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "codingfromhell.net", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'f', 'r', 'o', 'm', 'h', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "codingrobots.com", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'r', 'o', 'b', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "codxg.org", true */ 'c', 'o', 'd', 'x', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "codyevanscomputer.com", true */ 'c', 'o', 'd', 'y', 'e', 'v', 'a', 'n', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "codymoniz.com", true */ 'c', 'o', 'd', 'y', 'm', 'o', 'n', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "coffee-mamenoki.jp", true */ 'c', 'o', 'f', 'f', 'e', 'e', '-', 'm', 'a', 'm', 'e', 'n', 'o', 'k', 'i', '.', 'j', 'p', '\0',
+  /* "coffeedino.com", true */ 'c', 'o', 'f', 'f', 'e', 'e', 'd', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "coffeetocode.me", true */ 'c', 'o', 'f', 'f', 'e', 'e', 't', 'o', 'c', 'o', 'd', 'e', '.', 'm', 'e', '\0',
+  /* "cogala.eu", true */ 'c', 'o', 'g', 'a', 'l', 'a', '.', 'e', 'u', '\0',
+  /* "cogent.cc", true */ 'c', 'o', 'g', 'e', 'n', 't', '.', 'c', 'c', '\0',
+  /* "cogilog.com", true */ 'c', 'o', 'g', 'i', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cogitoltd.com", true */ 'c', 'o', 'g', 'i', 't', 'o', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cognitivecomputingconsortium.com", true */ 'c', 'o', 'g', 'n', 'i', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', 'c', 'o', 'n', 's', 'o', 'r', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "coi-verify.com", true */ 'c', 'o', 'i', '-', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coiffeurschnittstelle.ch", true */ 'c', 'o', 'i', 'f', 'f', 'e', 'u', 'r', 's', 'c', 'h', 'n', 'i', 't', 't', 's', 't', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "coigach-assynt.org", true */ 'c', 'o', 'i', 'g', 'a', 'c', 'h', '-', 'a', 's', 's', 'y', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "coimmvest.com", true */ 'c', 'o', 'i', 'm', 'm', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coinapult.com", true */ 'c', 'o', 'i', 'n', 'a', 'p', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coinbase.com", true */ 'c', 'o', 'i', 'n', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coincealed.com", true */ 'c', 'o', 'i', 'n', 'c', 'e', 'a', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "coincoele.com.br", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'e', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "coincoin.eu.org", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'i', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "coincolors.co", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'l', 'o', 'r', 's', '.', 'c', 'o', '\0',
+  /* "coindatabase.net", true */ 'c', 'o', 'i', 'n', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "coinessa.com", true */ 'c', 'o', 'i', 'n', 'e', 's', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "coinflux.com", true */ 'c', 'o', 'i', 'n', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "coingate.com", true */ 'c', 'o', 'i', 'n', 'g', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coinjar-sandbox.com", true */ 'c', 'o', 'i', 'n', 'j', 'a', 'r', '-', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "coinlist.co", false */ 'c', 'o', 'i', 'n', 'l', 'i', 's', 't', '.', 'c', 'o', '\0',
+  /* "coinloan.io", true */ 'c', 'o', 'i', 'n', 'l', 'o', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "coinmewallet.com", true */ 'c', 'o', 'i', 'n', 'm', 'e', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coinpit.io", true */ 'c', 'o', 'i', 'n', 'p', 'i', 't', '.', 'i', 'o', '\0',
+  /* "coisasdaterra.com", true */ 'c', 'o', 'i', 's', 'a', 's', 'd', 'a', 't', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "coisasdemulher.org", true */ 'c', 'o', 'i', 's', 'a', 's', 'd', 'e', 'm', 'u', 'l', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "cojo.eu", true */ 'c', 'o', 'j', 'o', '.', 'e', 'u', '\0',
+  /* "col.la", true */ 'c', 'o', 'l', '.', 'l', 'a', '\0',
+  /* "colaborativa.tv", true */ 'c', 'o', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'a', '.', 't', 'v', '\0',
+  /* "colapsys.net", true */ 'c', 'o', 'l', 'a', 'p', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "colarelli.ch", true */ 'c', 'o', 'l', 'a', 'r', 'e', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "coldawn.com", true */ 'c', 'o', 'l', 'd', 'a', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "coldfff.com", false */ 'c', 'o', 'l', 'd', 'f', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "coldhak.ca", true */ 'c', 'o', 'l', 'd', 'h', 'a', 'k', '.', 'c', 'a', '\0',
+  /* "coldwatericecream.com", true */ 'c', 'o', 'l', 'd', 'w', 'a', 't', 'e', 'r', 'i', 'c', 'e', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "colegiocierp.com.br", true */ 'c', 'o', 'l', 'e', 'g', 'i', 'o', 'c', 'i', 'e', 'r', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "colemak.com", true */ 'c', 'o', 'l', 'e', 'm', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "colengo.com", true */ 'c', 'o', 'l', 'e', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "colibris.xyz", true */ 'c', 'o', 'l', 'i', 'b', 'r', 'i', 's', '.', 'x', 'y', 'z', '\0',
+  /* "colincampbell.me", true */ 'c', 'o', 'l', 'i', 'n', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "colinchartier.com", true */ 'c', 'o', 'l', 'i', 'n', 'c', 'h', 'a', 'r', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "colinstark.ca", true */ 'c', 'o', 'l', 'i', 'n', 's', 't', 'a', 'r', 'k', '.', 'c', 'a', '\0',
+  /* "colisfrais.com", false */ 'c', 'o', 'l', 'i', 's', 'f', 'r', 'a', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "collablynk.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'l', 'y', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "collabora-office.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "collabora.ca", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'a', '\0',
+  /* "collabora.co.kr", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "collabora.co.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "collabora.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "collabora.kr", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'k', 'r', '\0',
+  /* "collabora.ninja", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "collabora.social", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "collabora.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'u', 'k', '\0',
+  /* "collaboracloudsuite.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'c', 'l', 'o', 'u', 'd', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "collaboraoffice.co.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "collaboraoffice.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "collabornation.net", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "collaction.hk", true */ 'c', 'o', 'l', 'l', 'a', 'c', 't', 'i', 'o', 'n', '.', 'h', 'k', '\0',
+  /* "collada.org", true */ 'c', 'o', 'l', 'l', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "collbox.co", true */ 'c', 'o', 'l', 'l', 'b', 'o', 'x', '.', 'c', 'o', '\0',
+  /* "collectdocs.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "collectfood.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "collectiblebeans.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'b', 'l', 'e', 'b', 'e', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "collegepaperworld.com", true */ 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'p', 'a', 'p', 'e', 'r', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "collinel-hossari.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'e', 'l', '-', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "collinelhossari.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'e', 'l', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "collinghammethodist.org.uk", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'g', 'h', 'a', 'm', 'm', 'e', 't', 'h', 'o', 'd', 'i', 's', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "collinmbarrett.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'm', 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "colo-tech.com", true */ 'c', 'o', 'l', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "colombian.dating", true */ 'c', 'o', 'l', 'o', 'm', 'b', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "coloppe.com", true */ 'c', 'o', 'l', 'o', 'p', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coloradolottery.com", true */ 'c', 'o', 'l', 'o', 'r', 'a', 'd', 'o', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coloraid.net", true */ 'c', 'o', 'l', 'o', 'r', 'a', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "colorblindprogramming.com", true */ 'c', 'o', 'l', 'o', 'r', 'b', 'l', 'i', 'n', 'd', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "colorbrush.ru", true */ 'c', 'o', 'l', 'o', 'r', 'b', 'r', 'u', 's', 'h', '.', 'r', 'u', '\0',
+  /* "colorcentertoner.com.br", true */ 'c', 'o', 'l', 'o', 'r', 'c', 'e', 'n', 't', 'e', 'r', 't', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "colorcodedlyrics.com", true */ 'c', 'o', 'l', 'o', 'r', 'c', 'o', 'd', 'e', 'd', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "colorectalcompounding.com", true */ 'c', 'o', 'l', 'o', 'r', 'e', 'c', 't', 'a', 'l', 'c', 'o', 'm', 'p', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "coloringnotebook.com", true */ 'c', 'o', 'l', 'o', 'r', 'i', 'n', 'g', 'n', 'o', 't', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "coloristcafe.com", true */ 'c', 'o', 'l', 'o', 'r', 'i', 's', 't', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "colorlifesupport.com", true */ 'c', 'o', 'l', 'o', 'r', 'l', 'i', 'f', 'e', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "colorsbycarin.com", true */ 'c', 'o', 'l', 'o', 'r', 's', 'b', 'y', 'c', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "colossal-events.co.uk", true */ 'c', 'o', 'l', 'o', 's', 's', 'a', 'l', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "colourfulcastles.co.uk", true */ 'c', 'o', 'l', 'o', 'u', 'r', 'f', 'u', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "colson-occasions.be", true */ 'c', 'o', 'l', 's', 'o', 'n', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "columbuswines.com", true */ 'c', 'o', 'l', 'u', 'm', 'b', 'u', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "colyakootees.com", true */ 'c', 'o', 'l', 'y', 'a', 'k', 'o', 'o', 't', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "com-in.de", true */ 'c', 'o', 'm', '-', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "com.cc", true */ 'c', 'o', 'm', '.', 'c', 'c', '\0',
+  /* "comarkinstruments.net", true */ 'c', 'o', 'm', 'a', 'r', 'k', 'i', 'n', 's', 't', 'r', 'u', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "combron.nl", true */ 'c', 'o', 'm', 'b', 'r', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "comchezmeme.com", true */ 'c', 'o', 'm', 'c', 'h', 'e', 'z', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comcol.nl", true */ 'c', 'o', 'm', 'c', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "comdotgame.com", true */ 'c', 'o', 'm', 'd', 'o', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comdurav.com", true */ 'c', 'o', 'm', 'd', 'u', 'r', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "comefollowme2016.com", true */ 'c', 'o', 'm', 'e', 'f', 'o', 'l', 'l', 'o', 'w', 'm', 'e', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0',
+  /* "comercialtrading.eu", true */ 'c', 'o', 'm', 'e', 'r', 'c', 'i', 'a', 'l', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "comerford.net", true */ 'c', 'o', 'm', 'e', 'r', 'f', 'o', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "comestoarra.com", true */ 'c', 'o', 'm', 'e', 's', 't', 'o', 'a', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cometbot.cf", true */ 'c', 'o', 'm', 'e', 't', 'b', 'o', 't', '.', 'c', 'f', '\0',
+  /* "cometcache.com", true */ 'c', 'o', 'm', 'e', 't', 'c', 'a', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cometonovascotia.ca", true */ 'c', 'o', 'm', 'e', 't', 'o', 'n', 'o', 'v', 'a', 's', 'c', 'o', 't', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "comff.net", true */ 'c', 'o', 'm', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "comfintouch.com", true */ 'c', 'o', 'm', 'f', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "comflores.com.br", true */ 'c', 'o', 'm', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "comfypc.com", true */ 'c', 'o', 'm', 'f', 'y', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "comhack.com", true */ 'c', 'o', 'm', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "comicrelief.com", true */ 'c', 'o', 'm', 'i', 'c', 'r', 'e', 'l', 'i', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "comicspornos.com", true */ 'c', 'o', 'm', 'i', 'c', 's', 'p', 'o', 'r', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "comicwiki.dk", true */ 'c', 'o', 'm', 'i', 'c', 'w', 'i', 'k', 'i', '.', 'd', 'k', '\0',
+  /* "comiq.io", true */ 'c', 'o', 'm', 'i', 'q', '.', 'i', 'o', '\0',
+  /* "comiteaintriathlon.fr", true */ 'c', 'o', 'm', 'i', 't', 'e', 'a', 'i', 'n', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "comm.cx", true */ 'c', 'o', 'm', 'm', '.', 'c', 'x', '\0',
+  /* "commania.co.kr", true */ 'c', 'o', 'm', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "commechezvous.ch", true */ 'c', 'o', 'm', 'm', 'e', 'c', 'h', 'e', 'z', 'v', 'o', 'u', 's', '.', 'c', 'h', '\0',
+  /* "commencepayments.com", true */ 'c', 'o', 'm', 'm', 'e', 'n', 'c', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "commitsandrebases.com", true */ 'c', 'o', 'm', 'm', 'i', 't', 's', 'a', 'n', 'd', 'r', 'e', 'b', 'a', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "common.io", true */ 'c', 'o', 'm', 'm', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "commoncode.com.au", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "commoncode.io", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "commoncore4kids.com", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'r', 'e', '4', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "community-cupboard.org", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '-', 'c', 'u', 'p', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "communityblog.fedoraproject.org", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'b', 'l', 'o', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "communitycodeofconduct.com", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'c', 'o', 'd', 'e', 'o', 'f', 'c', 'o', 'n', 'd', 'u', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "communityflow.info", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'f', 'l', 'o', 'w', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "communote.net", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'o', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "comodesinflamarlashemorroides.org", true */ 'c', 'o', 'm', 'o', 'd', 'e', 's', 'i', 'n', 'f', 'l', 'a', 'm', 'a', 'r', 'l', 'a', 's', 'h', 'e', 'm', 'o', 'r', 'r', 'o', 'i', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "comodo.nl", true */ 'c', 'o', 'm', 'o', 'd', 'o', '.', 'n', 'l', '\0',
+  /* "comodormirmasrapido.com", true */ 'c', 'o', 'm', 'o', 'd', 'o', 'r', 'm', 'i', 'r', 'm', 'a', 's', 'r', 'a', 'p', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "comogene.com", true */ 'c', 'o', 'm', 'o', 'g', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comohacerelamoraunhombrenet.com", true */ 'c', 'o', 'm', 'o', 'h', 'a', 'c', 'e', 'r', 'e', 'l', 'a', 'm', 'o', 'r', 'a', 'u', 'n', 'h', 'o', 'm', 'b', 'r', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "comopuededejardefumar.net", true */ 'c', 'o', 'm', 'o', 'p', 'u', 'e', 'd', 'e', 'd', 'e', 'j', 'a', 'r', 'd', 'e', 'f', 'u', 'm', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "comoquitarlasestriasrapidamente.com", true */ 'c', 'o', 'm', 'o', 'q', 'u', 'i', 't', 'a', 'r', 'l', 'a', 's', 'e', 's', 't', 'r', 'i', 'a', 's', 'r', 'a', 'p', 'i', 'd', 'a', 'm', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comorecuperaratumujerpdf.com", true */ 'c', 'o', 'm', 'o', 'r', 'e', 'c', 'u', 'p', 'e', 'r', 'a', 'r', 'a', 't', 'u', 'm', 'u', 'j', 'e', 'r', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "comp2go.com.au", true */ 'c', 'o', 'm', 'p', '2', 'g', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "compagnia-buffo.de", true */ 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'a', '-', 'b', 'u', 'f', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "compagniemartin.com", true */ 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'e', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "comparatif-moto.fr", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'a', 't', 'i', 'f', '-', 'm', 'o', 't', 'o', '.', 'f', 'r', '\0',
+  /* "compareandrecycle.com", false */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'a', 'n', 'd', 'r', 'e', 'c', 'y', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "compareinsurance.com.au", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "comparesoft.com", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "comparexcloudcenter.com", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'x', 'c', 'l', 'o', 'u', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "compartir.party", true */ 'c', 'o', 'm', 'p', 'a', 'r', 't', 'i', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "compassdirectportal.com", true */ 'c', 'o', 'm', 'p', 'a', 's', 's', 'd', 'i', 'r', 'e', 'c', 't', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "compeuphoria.com", true */ 'c', 'o', 'm', 'p', 'e', 'u', 'p', 'h', 'o', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "comphare.nl", true */ 'c', 'o', 'm', 'p', 'h', 'a', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "compibus.fr", true */ 'c', 'o', 'm', 'p', 'i', 'b', 'u', 's', '.', 'f', 'r', '\0',
+  /* "compilenix.org", true */ 'c', 'o', 'm', 'p', 'i', 'l', 'e', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "completefloorcoverings.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 'f', 'l', 'o', 'o', 'r', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "completesecurityessex.co.uk", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "completesecurityessex.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "completionist.me", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'm', 'e', '\0',
+  /* "complex-organization.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', '-', 'o', 'r', 'g', 'a', 'n', 'i', 'z', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "complexart.ro", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', 'a', 'r', 't', '.', 'r', 'o', '\0',
+  /* "complexsystems.fail", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'f', 'a', 'i', 'l', '\0',
+  /* "compliance-management.ch", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'h', '\0',
+  /* "compliance-systeme.de", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '-', 's', 'y', 's', 't', 'e', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "compliancedictionary.com", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 'd', 'i', 'c', 't', 'i', 'o', 'n', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "compliancerisksoftware.co.uk", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 'r', 'i', 's', 'k', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "compostatebien.com.ar", true */ 'c', 'o', 'm', 'p', 'o', 's', 't', 'a', 't', 'e', 'b', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "compraneta.com", false */ 'c', 'o', 'm', 'p', 'r', 'a', 'n', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "compreautomacao.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'a', 'u', 't', 'o', 'm', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "compredietlight.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'd', 'i', 'e', 't', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "comprefitasadere.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'f', 'i', 't', 'a', 's', 'a', 'd', 'e', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "compubench.com", true */ 'c', 'o', 'm', 'p', 'u', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "compucastell.ch", true */ 'c', 'o', 'm', 'p', 'u', 'c', 'a', 's', 't', 'e', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "compucorner.mx", true */ 'c', 'o', 'm', 'p', 'u', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'm', 'x', '\0',
+  /* "compuplast.cz", true */ 'c', 'o', 'm', 'p', 'u', 'p', 'l', 'a', 's', 't', '.', 'c', 'z', '\0',
+  /* "computehealth.com", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "computer-acquisti.com", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '-', 'a', 'c', 'q', 'u', 'i', 's', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "computeracademy.co.za", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "computerassistance.co.uk", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "computerbase.de", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'b', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "computeremergency.com.au", false */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "computerhilfe-feucht.de", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'h', 'i', 'l', 'f', 'e', '-', 'f', 'e', 'u', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "computernetwerkwestland.nl", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'n', 'e', 't', 'w', 'e', 'r', 'k', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "computerslotopschool.nl", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', 'l', 'o', 't', 'o', 'p', 's', 'c', 'h', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "computersystems.guru", false */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "comssa.org.au", true */ 'c', 'o', 'm', 's', 's', 'a', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "comunidadmontepinar.es", true */ 'c', 'o', 'm', 'u', 'n', 'i', 'd', 'a', 'd', 'm', 'o', 'n', 't', 'e', 'p', 'i', 'n', 'a', 'r', '.', 'e', 's', '\0',
+  /* "comw.cc", true */ 'c', 'o', 'm', 'w', '.', 'c', 'c', '\0',
+  /* "conalcorp.com", true */ 'c', 'o', 'n', 'a', 'l', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "conaudisa.com", false */ 'c', 'o', 'n', 'a', 'u', 'd', 'i', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "concept-web.ch", true */ 'c', 'o', 'n', 'c', 'e', 'p', 't', '-', 'w', 'e', 'b', '.', 'c', 'h', '\0',
+  /* "conceptatelier.de", true */ 'c', 'o', 'n', 'c', 'e', 'p', 't', 'a', 't', 'e', 'l', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "concertengine.com", true */ 'c', 'o', 'n', 'c', 'e', 'r', 't', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "concerto.amsterdam", true */ 'c', 'o', 'n', 'c', 'e', 'r', 't', 'o', '.', 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', '\0',
+  /* "conciliumnotaire.ca", true */ 'c', 'o', 'n', 'c', 'i', 'l', 'i', 'u', 'm', 'n', 'o', 't', 'a', 'i', 'r', 'e', '.', 'c', 'a', '\0',
+  /* "conclave.global", true */ 'c', 'o', 'n', 'c', 'l', 'a', 'v', 'e', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "concretehermit.com", true */ 'c', 'o', 'n', 'c', 'r', 'e', 't', 'e', 'h', 'e', 'r', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "concursopublico.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 'p', 'u', 'b', 'l', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "concursos.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "concursosabertos.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', 'a', 'b', 'e', 'r', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "condecom.com.br", true */ 'c', 'o', 'n', 'd', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "condepenalba.com", false */ 'c', 'o', 'n', 'd', 'e', 'p', 'e', 'n', 'a', 'l', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "condesaelectronics.com", true */ 'c', 'o', 'n', 'd', 'e', 's', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "condosforcash.com", true */ 'c', 'o', 'n', 'd', 'o', 's', 'f', 'o', 'r', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "condroz-motors.be", true */ 'c', 'o', 'n', 'd', 'r', 'o', 'z', '-', 'm', 'o', 't', 'o', 'r', 's', '.', 'b', 'e', '\0',
+  /* "conectalmeria.com", true */ 'c', 'o', 'n', 'e', 'c', 't', 'a', 'l', 'm', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "conejovalleyelectrical.com", true */ 'c', 'o', 'n', 'e', 'j', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "confiancefoundation.org", true */ 'c', 'o', 'n', 'f', 'i', 'a', 'n', 'c', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "confidential.network", true */ 'c', 'o', 'n', 'f', 'i', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "config.schokokeks.org", false */ 'c', 'o', 'n', 'f', 'i', 'g', '.', 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "confiwall.de", true */ 'c', 'o', 'n', 'f', 'i', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "conformax.com.br", true */ 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'a', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "conformist.jp", true */ 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'i', 's', 't', '.', 'j', 'p', '\0',
+  /* "confuddledpenguin.com", true */ 'c', 'o', 'n', 'f', 'u', 'd', 'd', 'l', 'e', 'd', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cong5.net", true */ 'c', 'o', 'n', 'g', '5', '.', 'n', 'e', 't', '\0',
+  /* "congineer.com", true */ 'c', 'o', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "congobunkering.com", true */ 'c', 'o', 'n', 'g', 'o', 'b', 'u', 'n', 'k', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "conkret.ch", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'c', 'h', '\0',
+  /* "conkret.co.uk", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "conkret.de", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'd', 'e', '\0',
+  /* "conkret.eu", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'e', 'u', '\0',
+  /* "conkret.in", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'i', 'n', '\0',
+  /* "conkret.mobi", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "conmedapps.com", true */ 'c', 'o', 'n', 'm', 'e', 'd', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "connect-ed.network", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '-', 'e', 'd', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "connect-me.com", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '-', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "connect.dating", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "connect.facebook.net", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'n', 'e', 't', '\0',
+  /* "connectedcare.md", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'e', 'd', 'c', 'a', 'r', 'e', '.', 'm', 'd', '\0',
+  /* "connectmath.com", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "connectmy.car", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'm', 'y', '.', 'c', 'a', 'r', '\0',
+  /* "connectum.eu", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "connext.de", true */ 'c', 'o', 'n', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0',
+  /* "connorsmith.co", true */ 'c', 'o', 'n', 'n', 'o', 'r', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', '\0',
+  /* "connyduck.at", true */ 'c', 'o', 'n', 'n', 'y', 'd', 'u', 'c', 'k', '.', 'a', 't', '\0',
+  /* "conpins.nl", true */ 'c', 'o', 'n', 'p', 'i', 'n', 's', '.', 'n', 'l', '\0',
+  /* "conrad-kostecki.de", true */ 'c', 'o', 'n', 'r', 'a', 'd', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "conradkostecki.de", true */ 'c', 'o', 'n', 'r', 'a', 'd', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "consciousbrand.co", true */ 'c', 'o', 'n', 's', 'c', 'i', 'o', 'u', 's', 'b', 'r', 'a', 'n', 'd', '.', 'c', 'o', '\0',
+  /* "consejosdehogar.com", true */ 'c', 'o', 'n', 's', 'e', 'j', 'o', 's', 'd', 'e', 'h', 'o', 'g', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "consejosdenutricion.com", true */ 'c', 'o', 'n', 's', 'e', 'j', 'o', 's', 'd', 'e', 'n', 'u', 't', 'r', 'i', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "conservados.com.br", true */ 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "conservatoriesincornwall.com", true */ 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'o', 'r', 'i', 'e', 's', 'i', 'n', 'c', 'o', 'r', 'n', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "consideredgifts.com", true */ 'c', 'o', 'n', 's', 'i', 'd', 'e', 'r', 'e', 'd', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "consilium-vitae.ch", true */ 'c', 'o', 'n', 's', 'i', 'l', 'i', 'u', 'm', '-', 'v', 'i', 't', 'a', 'e', '.', 'c', 'h', '\0',
+  /* "consiliumvitae.ch", true */ 'c', 'o', 'n', 's', 'i', 'l', 'i', 'u', 'm', 'v', 'i', 't', 'a', 'e', '.', 'c', 'h', '\0',
+  /* "consill.com", true */ 'c', 'o', 'n', 's', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "console.ninja", true */ 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "console.rest", true */ 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'r', 'e', 's', 't', '\0',
+  /* "consommateuraverti.com", true */ 'c', 'o', 'n', 's', 'o', 'm', 'm', 'a', 't', 'e', 'u', 'r', 'a', 'v', 'e', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "consonare.de", true */ 'c', 'o', 'n', 's', 'o', 'n', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "constancechen.me", true */ 'c', 'o', 'n', 's', 't', 'a', 'n', 'c', 'e', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "constant-rough.de", true */ 'c', 'o', 'n', 's', 't', 'a', 'n', 't', '-', 'r', 'o', 'u', 'g', 'h', '.', 'd', 'e', '\0',
+  /* "constructionjobs.com", true */ 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 't', 'i', 'o', 'n', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "constructive.men", true */ 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 't', 'i', 'v', 'e', '.', 'm', 'e', 'n', '\0',
+  /* "consul.io", true */ 'c', 'o', 'n', 's', 'u', 'l', '.', 'i', 'o', '\0',
+  /* "consultorcr.net", true */ 'c', 'o', 'n', 's', 'u', 'l', 't', 'o', 'r', 'c', 'r', '.', 'n', 'e', 't', '\0',
+  /* "consultpetkov.com", true */ 'c', 'o', 'n', 's', 'u', 'l', 't', 'p', 'e', 't', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "consumer.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "consumeractionlawgroup.com", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 'a', 'c', 't', 'i', 'o', 'n', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "consumerfiles.com", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "consumersentinel.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "consumidor.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'i', 'd', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "consuwijzer.nl", true */ 'c', 'o', 'n', 's', 'u', 'w', 'i', 'j', 'z', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "content-api-dev.azurewebsites.net", false */ 'c', 'o', 'n', 't', 'e', 'n', 't', '-', 'a', 'p', 'i', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "contentcoms.co.uk", true */ 'c', 'o', 'n', 't', 'e', 'n', 't', 'c', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "contentpass.net", true */ 'c', 'o', 'n', 't', 'e', 'n', 't', 'p', 'a', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "contessa32experience.com", true */ 'c', 'o', 'n', 't', 'e', 's', 's', 'a', '3', '2', 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "contextplatform.com", true */ 'c', 'o', 'n', 't', 'e', 'x', 't', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "continuation.io", true */ 'c', 'o', 'n', 't', 'i', 'n', 'u', 'a', 't', 'i', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "contrabass.net", true */ 'c', 'o', 'n', 't', 'r', 'a', 'b', 'a', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "contractormountain.com", true */ 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "contraspin.co.nz", true */ 'c', 'o', 'n', 't', 'r', 'a', 's', 'p', 'i', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "contratatupoliza.com", true */ 'c', 'o', 'n', 't', 'r', 'a', 't', 'a', 't', 'u', 'p', 'o', 'l', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "contributor.google.com", false */ 'c', 'o', 'n', 't', 'r', 'i', 'b', 'u', 't', 'o', 'r', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "controlarlaansiedad.com", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'a', 'r', 'l', 'a', 'a', 'n', 's', 'i', 'e', 'd', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "controlautocom.com.br", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'a', 'u', 't', 'o', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "controlbooth.com", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'b', 'o', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "controle.net", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "controltickets.com.br", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "contxt-agentur.de", true */ 'c', 'o', 'n', 't', 'x', 't', '-', 'a', 'g', 'e', 'n', 't', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "conv2pdf.com", true */ 'c', 'o', 'n', 'v', '2', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "convergemagazine.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'e', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "convergence.fi", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'e', 'n', 'c', 'e', '.', 'f', 'i', '\0',
+  /* "convergnce.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "conversiones.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 's', 'i', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "convert.im", true */ 'c', 'o', 'n', 'v', 'e', 'r', 't', '.', 'i', 'm', '\0',
+  /* "converter.ml", true */ 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'm', 'l', '\0',
+  /* "convexset.org", true */ 'c', 'o', 'n', 'v', 'e', 'x', 's', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "convocatoriafundacionpepsicomexico.org", false */ 'c', 'o', 'n', 'v', 'o', 'c', 'a', 't', 'o', 'r', 'i', 'a', 'f', 'u', 'n', 'd', 'a', 'c', 'i', 'o', 'n', 'p', 'e', 'p', 's', 'i', 'c', 'o', 'm', 'e', 'x', 'i', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "cooker.fr", true */ 'c', 'o', 'o', 'k', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "cookescastles.co.uk", true */ 'c', 'o', 'o', 'k', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cookicons.co", true */ 'c', 'o', 'o', 'k', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', '\0',
+  /* "cookie4.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cookieandkate.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', 'a', 'n', 'd', 'k', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cookiecrook.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', 'c', 'r', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cookiesoft.de", true */ 'c', 'o', 'o', 'k', 'i', 'e', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "cookiestudies.cf", true */ 'c', 'o', 'o', 'k', 'i', 'e', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'c', 'f', '\0',
+  /* "cookingbazart.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'b', 'a', 'z', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cookingcrusade.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'c', 'r', 'u', 's', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cookinglife.nl", false */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'n', 'l', '\0',
+  /* "cookingreporter.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cookmedical.com", false */ 'c', 'o', 'o', 'k', 'm', 'e', 'd', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cooko.at", true */ 'c', 'o', 'o', 'k', 'o', '.', 'a', 't', '\0',
+  /* "cool-parties.co.uk", true */ 'c', 'o', 'o', 'l', '-', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cool-wallpapers.jp", true */ 'c', 'o', 'o', 'l', '-', 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', 's', '.', 'j', 'p', '\0',
+  /* "cool110.tk", true */ 'c', 'o', 'o', 'l', '1', '1', '0', '.', 't', 'k', '\0',
+  /* "cool110.xyz", true */ 'c', 'o', 'o', 'l', '1', '1', '0', '.', 'x', 'y', 'z', '\0',
+  /* "coolattractions.co.uk", true */ 'c', 'o', 'o', 'l', 'a', 't', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cooldan.com", true */ 'c', 'o', 'o', 'l', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "coole-fete.de", true */ 'c', 'o', 'o', 'l', 'e', '-', 'f', 'e', 't', 'e', '.', 'd', 'e', '\0',
+  /* "coolerssr.space", true */ 'c', 'o', 'o', 'l', 'e', 'r', 's', 's', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "coolgifs.de", true */ 'c', 'o', 'o', 'l', 'g', 'i', 'f', 's', '.', 'd', 'e', '\0',
+  /* "coolkidsbouncycastles.co.uk", true */ 'c', 'o', 'o', 'l', 'k', 'i', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "coolviewthermostat.com", true */ 'c', 'o', 'o', 'l', 'v', 'i', 'e', 'w', 't', 'h', 'e', 'r', 'm', 'o', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coonelnel.net", true */ 'c', 'o', 'o', 'n', 'e', 'l', 'n', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "coopens.com", true */ 'c', 'o', 'o', 'p', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coore.jp", true */ 'c', 'o', 'o', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "coorpacademy.com", true */ 'c', 'o', 'o', 'r', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "copperhead.co", true */ 'c', 'o', 'p', 'p', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'c', 'o', '\0',
+  /* "copperheados.com", true */ 'c', 'o', 'p', 'p', 'e', 'r', 'h', 'e', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coptic-treasures.com", true */ 'c', 'o', 'p', 't', 'i', 'c', '-', 't', 'r', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coptkm.cz", true */ 'c', 'o', 'p', 't', 'k', 'm', '.', 'c', 'z', '\0',
+  /* "copycrafter.net", true */ 'c', 'o', 'p', 'y', 'c', 'r', 'a', 'f', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "copypoison.com", true */ 'c', 'o', 'p', 'y', 'p', 'o', 'i', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "copyright-watch.org", true */ 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '-', 'w', 'a', 't', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "copytrack.com", true */ 'c', 'o', 'p', 'y', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "corbinhesse.com", true */ 'c', 'o', 'r', 'b', 'i', 'n', 'h', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cordeydesign.ch", true */ 'c', 'o', 'r', 'd', 'e', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "cordis.io", true */ 'c', 'o', 'r', 'd', 'i', 's', '.', 'i', 'o', '\0',
+  /* "cordlessdog.com", true */ 'c', 'o', 'r', 'd', 'l', 'e', 's', 's', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "core-concepts.de", true */ 'c', 'o', 'r', 'e', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', 's', '.', 'd', 'e', '\0',
+  /* "core-networks.de", true */ 'c', 'o', 'r', 'e', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "core.org.pt", false */ 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '.', 'p', 't', '\0',
+  /* "coreapm.com", true */ 'c', 'o', 'r', 'e', 'a', 'p', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "coreapm.org", true */ 'c', 'o', 'r', 'e', 'a', 'p', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "corecodec.com", true */ 'c', 'o', 'r', 'e', 'c', 'o', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "coredump.gr", true */ 'c', 'o', 'r', 'e', 'd', 'u', 'm', 'p', '.', 'g', 'r', '\0',
+  /* "coreinfrastructure.org", true */ 'c', 'o', 'r', 'e', 'i', 'n', 'f', 'r', 'a', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "coreless-stretchfilm.com", true */ 'c', 'o', 'r', 'e', 'l', 'e', 's', 's', '-', 's', 't', 'r', 'e', 't', 'c', 'h', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "corepartners.com.ua", true */ 'c', 'o', 'r', 'e', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "coresolutions.ca", true */ 'c', 'o', 'r', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'a', '\0',
+  /* "coresos.com", true */ 'c', 'o', 'r', 'e', 's', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coreum.ca", true */ 'c', 'o', 'r', 'e', 'u', 'm', '.', 'c', 'a', '\0',
+  /* "coreyjmahler.com", true */ 'c', 'o', 'r', 'e', 'y', 'j', 'm', 'a', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "corgi.party", true */ 'c', 'o', 'r', 'g', 'i', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "coribi.com", true */ 'c', 'o', 'r', 'i', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "corisu.co", true */ 'c', 'o', 'r', 'i', 's', 'u', '.', 'c', 'o', '\0',
+  /* "corksoncolumbus.com", true */ 'c', 'o', 'r', 'k', 's', 'o', 'n', 'c', 'o', 'l', 'u', 'm', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "corlija.com", true */ 'c', 'o', 'r', 'l', 'i', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "corlinde.nl", true */ 'c', 'o', 'r', 'l', 'i', 'n', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "corlitocaffe.de", true */ 'c', 'o', 'r', 'l', 'i', 't', 'o', 'c', 'a', 'f', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "cornercircle.co.uk", true */ 'c', 'o', 'r', 'n', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "corniche.com", true */ 'c', 'o', 'r', 'n', 'i', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "corningcu.org", true */ 'c', 'o', 'r', 'n', 'i', 'n', 'g', 'c', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "cornodo.com", true */ 'c', 'o', 'r', 'n', 'o', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "corona-academy.com", true */ 'c', 'o', 'r', 'o', 'n', 'a', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "corpfin.net", true */ 'c', 'o', 'r', 'p', 'f', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "corpio.nl", true */ 'c', 'o', 'r', 'p', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "corpkitnw.com", true */ 'c', 'o', 'r', 'p', 'k', 'i', 't', 'n', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "corporatecomputingsolutions.com", true */ 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "corporateinfluencers.com", true */ 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "corpulant.coffee", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'a', 'n', 't', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "corpulantcoffee.com", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'a', 'n', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "corpulent.coffee", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "corpulentcoffee.com", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'e', 'n', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "correiodovale.com.br", true */ 'c', 'o', 'r', 'r', 'e', 'i', 'o', 'd', 'o', 'v', 'a', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "corrupted.io", true */ 'c', 'o', 'r', 'r', 'u', 'p', 't', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "corsa-b.uk", true */ 'c', 'o', 'r', 's', 'a', '-', 'b', '.', 'u', 'k', '\0',
+  /* "cortexitrecruitment.com", true */ 'c', 'o', 'r', 't', 'e', 'x', 'i', 't', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cortis-consulting.ch", true */ 'c', 'o', 'r', 't', 'i', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "cortisolsupplement.com", true */ 'c', 'o', 'r', 't', 'i', 's', 'o', 'l', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "corvus.eu.org", true */ 'c', 'o', 'r', 'v', 'u', 's', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "coryadum.com", true */ 'c', 'o', 'r', 'y', 'a', 'd', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "corytyburski.com", true */ 'c', 'o', 'r', 'y', 't', 'y', 'b', 'u', 'r', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "corzntin.fr", true */ 'c', 'o', 'r', 'z', 'n', 't', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "cosirex.com", true */ 'c', 'o', 's', 'i', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "coslinker.com", true */ 'c', 'o', 's', 'l', 'i', 'n', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticappraisal.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'a', 'p', 'p', 'r', 'a', 'i', 's', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticasimple.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'a', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticos-naturales.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '-', 'n', 'a', 't', 'u', 'r', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticosnet.com.br", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cosmiatria.pe", true */ 'c', 'o', 's', 'm', 'i', 'a', 't', 'r', 'i', 'a', '.', 'p', 'e', '\0',
+  /* "cosmodacollection.com", true */ 'c', 'o', 's', 'm', 'o', 'd', 'a', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cosmofunnel.com", true */ 'c', 'o', 's', 'm', 'o', 'f', 'u', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cosmoluziluminacion.com", true */ 'c', 'o', 's', 'm', 'o', 'l', 'u', 'z', 'i', 'l', 'u', 'm', 'i', 'n', 'a', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cosmundi.de", true */ 'c', 'o', 's', 'm', 'u', 'n', 'd', 'i', '.', 'd', 'e', '\0',
+  /* "cosni.co", true */ 'c', 'o', 's', 'n', 'i', '.', 'c', 'o', '\0',
+  /* "cospol.ch", true */ 'c', 'o', 's', 'p', 'o', 'l', '.', 'c', 'h', '\0',
+  /* "costa-rica-reisen.ch", true */ 'c', 'o', 's', 't', 'a', '-', 'r', 'i', 'c', 'a', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "costa-rica-reisen.de", true */ 'c', 'o', 's', 't', 'a', '-', 'r', 'i', 'c', 'a', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "costablancavoorjou.com", true */ 'c', 'o', 's', 't', 'a', 'b', 'l', 'a', 'n', 'c', 'a', 'v', 'o', 'o', 'r', 'j', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "costinstefan.eu", true */ 'c', 'o', 's', 't', 'i', 'n', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "costreportdata.com", false */ 'c', 'o', 's', 't', 'r', 'e', 'p', 'o', 'r', 't', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "costulessdirect.com", true */ 'c', 'o', 's', 't', 'u', 'l', 'e', 's', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coteries.com", true */ 'c', 'o', 't', 'e', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cotonea.de", true */ 'c', 'o', 't', 'o', 'n', 'e', 'a', '.', 'd', 'e', '\0',
+  /* "cotonmusic.ch", true */ 'c', 'o', 't', 'o', 'n', 'm', 'u', 's', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "cotta.dk", true */ 'c', 'o', 't', 't', 'a', '.', 'd', 'k', '\0',
+  /* "cotwe-ge.ch", true */ 'c', 'o', 't', 'w', 'e', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "cougar.dating", true */ 'c', 'o', 'u', 'g', 'a', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "counselling.network", true */ 'c', 'o', 'u', 'n', 's', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "counstellor.com", true */ 'c', 'o', 'u', 'n', 's', 't', 'e', 'l', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "counter-team.ch", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', '-', 't', 'e', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "counterglobal.com", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "countermail.com", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "countingto.one", true */ 'c', 'o', 'u', 'n', 't', 'i', 'n', 'g', 't', 'o', '.', 'o', 'n', 'e', '\0',
+  /* "countryattire.com", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'a', 't', 't', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "countrybrewer.com.au", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'b', 'r', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "countryhouseresort.com", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'h', 'o', 'u', 's', 'e', 'r', 'e', 's', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "countryoutlaws.ca", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'o', 'u', 't', 'l', 'a', 'w', 's', '.', 'c', 'a', '\0',
+  /* "countybankdel.com", true */ 'c', 'o', 'u', 'n', 't', 'y', 'b', 'a', 'n', 'k', 'd', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "countyjailinmatesearch.com", true */ 'c', 'o', 'u', 'n', 't', 'y', 'j', 'a', 'i', 'l', 'i', 'n', 'm', 'a', 't', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "coup-dun-soir.ch", true */ 'c', 'o', 'u', 'p', '-', 'd', 'u', 'n', '-', 's', 'o', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "coupe-bordure.com", true */ 'c', 'o', 'u', 'p', 'e', '-', 'b', 'o', 'r', 'd', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "couponcodesme.com", true */ 'c', 'o', 'u', 'p', 'o', 'n', 'c', 'o', 'd', 'e', 's', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cour4g3.me", true */ 'c', 'o', 'u', 'r', '4', 'g', '3', '.', 'm', 'e', '\0',
+  /* "couragefound.org", true */ 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'f', 'o', 'u', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "courageousparentsnetwork.org", true */ 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'o', 'u', 's', 'p', 'a', 'r', 'e', 'n', 't', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "course.pp.ua", true */ 'c', 'o', 'u', 'r', 's', 'e', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "coursera.org", true */ 'c', 'o', 'u', 'r', 's', 'e', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "courses.nl", true */ 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'n', 'l', '\0',
+  /* "courseworkbank.info", true */ 'c', 'o', 'u', 'r', 's', 'e', 'w', 'o', 'r', 'k', 'b', 'a', 'n', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "courtlistener.com", true */ 'c', 'o', 'u', 'r', 't', 'l', 'i', 's', 't', 'e', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cousincouples.com", true */ 'c', 'o', 'u', 's', 'i', 'n', 'c', 'o', 'u', 'p', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "covbounce.co.uk", true */ 'c', 'o', 'v', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cove.sh", true */ 'c', 'o', 'v', 'e', '.', 's', 'h', '\0',
+  /* "covenantoftheriver.org", true */ 'c', 'o', 'v', 'e', 'n', 'a', 'n', 't', 'o', 'f', 't', 'h', 'e', 'r', 'i', 'v', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "covermytrip.com.au", true */ 'c', 'o', 'v', 'e', 'r', 'm', 'y', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "covershousing.nl", true */ 'c', 'o', 'v', 'e', 'r', 's', 'h', 'o', 'u', 's', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "covery.ai", true */ 'c', 'o', 'v', 'e', 'r', 'y', '.', 'a', 'i', '\0',
+  /* "covoiturage.fr", false */ 'c', 'o', 'v', 'o', 'i', 't', 'u', 'r', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "covve.com", true */ 'c', 'o', 'v', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "covybrat.cz", true */ 'c', 'o', 'v', 'y', 'b', 'r', 'a', 't', '.', 'c', 'z', '\0',
+  /* "cowbird.org", true */ 'c', 'o', 'w', 'b', 'i', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "cowboyim.com", true */ 'c', 'o', 'w', 'b', 'o', 'y', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "coweo.cz", true */ 'c', 'o', 'w', 'e', 'o', '.', 'c', 'z', '\0',
+  /* "coworkingmanifesto.com", true */ 'c', 'o', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'm', 'a', 'n', 'i', 'f', 'e', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cozmaadrian.ro", true */ 'c', 'o', 'z', 'm', 'a', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'r', 'o', '\0',
+  /* "cozy.io", true */ 'c', 'o', 'z', 'y', '.', 'i', 'o', '\0',
+  /* "cozycloud.cc", true */ 'c', 'o', 'z', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'c', '\0',
+  /* "cozyeggdesigns.com", true */ 'c', 'o', 'z', 'y', 'e', 'g', 'g', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cpbanq.com", true */ 'c', 'p', 'b', 'a', 'n', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "cpbapremiocaduceo.com.ar", true */ 'c', 'p', 'b', 'a', 'p', 'r', 'e', 'm', 'i', 'o', 'c', 'a', 'd', 'u', 'c', 'e', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "cpcheats.co", true */ 'c', 'p', 'c', 'h', 'e', 'a', 't', 's', '.', 'c', 'o', '\0',
+  /* "cphpvb.net", true */ 'c', 'p', 'h', 'p', 'v', 'b', '.', 'n', 'e', 't', '\0',
+  /* "cplusplus.se", true */ 'c', 'p', 'l', 'u', 's', 'p', 'l', 'u', 's', '.', 's', 'e', '\0',
+  /* "cppan.org", true */ 'c', 'p', 'p', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "cppressinc.com", true */ 'c', 'p', 'p', 'r', 'e', 's', 's', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "cpqcol.gov.co", true */ 'c', 'p', 'q', 'c', 'o', 'l', '.', 'g', 'o', 'v', '.', 'c', 'o', '\0',
+  /* "cprnearme.com", true */ 'c', 'p', 'r', 'n', 'e', 'a', 'r', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cptoon.com", true */ 'c', 'p', 't', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cpvmatch.eu", true */ 'c', 'p', 'v', 'm', 'a', 't', 'c', 'h', '.', 'e', 'u', '\0',
+  /* "cpy.pt", true */ 'c', 'p', 'y', '.', 'p', 't', '\0',
+  /* "cqchome.com", true */ 'c', 'q', 'c', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cqn.ch", true */ 'c', 'q', 'n', '.', 'c', 'h', '\0',
+  /* "cr.search.yahoo.com", false */ 'c', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "crackcat.de", true */ 'c', 'r', 'a', 'c', 'k', 'c', 'a', 't', '.', 'd', 'e', '\0',
+  /* "cracker.in.th", true */ 'c', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "crackle.io", true */ 'c', 'r', 'a', 'c', 'k', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "crackorsquad.in", true */ 'c', 'r', 'a', 'c', 'k', 'o', 'r', 's', 'q', 'u', 'a', 'd', '.', 'i', 'n', '\0',
+  /* "crackstation.net", true */ 'c', 'r', 'a', 'c', 'k', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "cradlepointecm.com", true */ 'c', 'r', 'a', 'd', 'l', 'e', 'p', 'o', 'i', 'n', 't', 'e', 'c', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "craftandbuild.de", true */ 'c', 'r', 'a', 'f', 't', 'a', 'n', 'd', 'b', 'u', 'i', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "craftcms.com", false */ 'c', 'r', 'a', 'f', 't', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "craftcommerce.com", true */ 'c', 'r', 'a', 'f', 't', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "craftination.net", true */ 'c', 'r', 'a', 'f', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "craftinginredlipstick.com", true */ 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', 'i', 'n', 'r', 'e', 'd', 'l', 'i', 'p', 's', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "craftmine.cz", true */ 'c', 'r', 'a', 'f', 't', 'm', 'i', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "craftwmcp.xyz", true */ 'c', 'r', 'a', 'f', 't', 'w', 'm', 'c', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "craftyguy.net", true */ 'c', 'r', 'a', 'f', 't', 'y', 'g', 'u', 'y', '.', 'n', 'e', 't', '\0',
+  /* "craftyphotons.net", true */ 'c', 'r', 'a', 'f', 't', 'y', 'p', 'h', 'o', 't', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "crag.com.tw", true */ 'c', 'r', 'a', 'g', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "craigbates.co.uk", true */ 'c', 'r', 'a', 'i', 'g', 'b', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "craigfrancis.co.uk", true */ 'c', 'r', 'a', 'i', 'g', 'f', 'r', 'a', 'n', 'c', 'i', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "craigrouse.com", true */ 'c', 'r', 'a', 'i', 'g', 'r', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "craigwfox.com", true */ 'c', 'r', 'a', 'i', 'g', 'w', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cralarm.de", true */ 'c', 'r', 'a', 'l', 'a', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "crandall.io", true */ 'c', 'r', 'a', 'n', 'd', 'a', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "cranesafe.com", true */ 'c', 'r', 'a', 'n', 'e', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cranforddental.com", true */ 'c', 'r', 'a', 'n', 'f', 'o', 'r', 'd', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crapouill.es", true */ 'c', 'r', 'a', 'p', 'o', 'u', 'i', 'l', 'l', '.', 'e', 's', '\0',
+  /* "crashsec.com", true */ 'c', 'r', 'a', 's', 'h', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "crawcial.de", true */ 'c', 'r', 'a', 'w', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "crawfordcountytcc.org", true */ 'c', 'r', 'a', 'w', 'f', 'o', 'r', 'd', 'c', 'o', 'u', 'n', 't', 'y', 't', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "crawl.report", true */ 'c', 'r', 'a', 'w', 'l', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "crawleybouncycastles.co.uk", true */ 'c', 'r', 'a', 'w', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crazycastles.ie", true */ 'c', 'r', 'a', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "crazydomains.ae", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'a', 'e', '\0',
+  /* "crazydomains.co.nz", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "crazydomains.co.uk", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crazydomains.com.au", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "crazydomains.in", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'i', 'n', '\0',
+  /* "crazymeeshu.com", true */ 'c', 'r', 'a', 'z', 'y', 'm', 'e', 'e', 's', 'h', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "crazypaul.com", true */ 'c', 'r', 'a', 'z', 'y', 'p', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crbug.com", true */ 'c', 'r', 'b', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "crdmendoza.net", true */ 'c', 'r', 'd', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "crea-etc.net", true */ 'c', 'r', 'e', 'a', '-', 'e', 't', 'c', '.', 'n', 'e', 't', '\0',
+  /* "crea-shops.ch", true */ 'c', 'r', 'e', 'a', '-', 's', 'h', 'o', 'p', 's', '.', 'c', 'h', '\0',
+  /* "crea.bg", true */ 'c', 'r', 'e', 'a', '.', 'b', 'g', '\0',
+  /* "crea.me", true */ 'c', 'r', 'e', 'a', '.', 'm', 'e', '\0',
+  /* "creadstudy.com", true */ 'c', 'r', 'e', 'a', 'd', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "creamcastles.co.uk", true */ 'c', 'r', 'e', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "create-ls.jp", true */ 'c', 'r', 'e', 'a', 't', 'e', '-', 'l', 's', '.', 'j', 'p', '\0',
+  /* "create-together.nl", true */ 'c', 'r', 'e', 'a', 't', 'e', '-', 't', 'o', 'g', 'e', 't', 'h', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "createursdefilms.com", true */ 'c', 'r', 'e', 'a', 't', 'e', 'u', 'r', 's', 'd', 'e', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creation-contemporaine.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '-', 'c', 'o', 'n', 't', 'e', 'm', 'p', 'o', 'r', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "creations-edita.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 's', '-', 'e', 'd', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "creative-coder.de", false */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "creativebites.de", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'b', 'i', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "creativecaptiv.es", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'a', 'p', 't', 'i', 'v', '.', 'e', 's', '\0',
+  /* "creativecommons.cl", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'c', 'l', '\0',
+  /* "creativecommons.gr", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'g', 'r', '\0',
+  /* "creativecommons.org", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "creativedigital.co.nz", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "creativefreedom.ca", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'c', 'a', '\0',
+  /* "creativeink.de", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "creativekkids.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'k', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creativelaw.eu", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'a', 'w', '.', 'e', 'u', '\0',
+  /* "creativeliquid.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'i', 'q', 'u', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "creativesprite.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 's', 'p', 'r', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "creativesurvey.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "creativeweb.biz", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'e', 'b', '.', 'b', 'i', 'z', '\0',
+  /* "creativewolf.net", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'o', 'l', 'f', '.', 'n', 'e', 't', '\0',
+  /* "creativlabor.ch", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'l', 'a', 'b', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "creators-design.com", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "creators.co", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '\0',
+  /* "creators.direct", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '.', 'd', 'i', 'r', 'e', 'c', 't', '\0',
+  /* "credential.eu", true */ 'c', 'r', 'e', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "credex.bg", true */ 'c', 'r', 'e', 'd', 'e', 'x', '.', 'b', 'g', '\0',
+  /* "crediteo.pl", true */ 'c', 'r', 'e', 'd', 'i', 't', 'e', 'o', '.', 'p', 'l', '\0',
+  /* "creditkarma.com", true */ 'c', 'r', 'e', 'd', 'i', 't', 'k', 'a', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "creditos-rapidos.com", true */ 'c', 'r', 'e', 'd', 'i', 't', 'o', 's', '-', 'r', 'a', 'p', 'i', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creditproautos.com", false */ 'c', 'r', 'e', 'd', 'i', 't', 'p', 'r', 'o', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creeks-coworking.com", true */ 'c', 'r', 'e', 'e', 'k', 's', '-', 'c', 'o', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "creep.im", true */ 'c', 'r', 'e', 'e', 'p', '.', 'i', 'm', '\0',
+  /* "creepycraft.nl", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'c', 'r', 'a', 'f', 't', '.', 'n', 'l', '\0',
+  /* "creepypastas.com", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'p', 'a', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creepypastas.net", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'p', 'a', 's', 't', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "creerunsitepro.com", true */ 'c', 'r', 'e', 'e', 'r', 'u', 'n', 's', 'i', 't', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "crefelder.com", true */ 'c', 'r', 'e', 'f', 'e', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "crem.in", true */ 'c', 'r', 'e', 'm', '.', 'i', 'n', '\0',
+  /* "crena.ch", true */ 'c', 'r', 'e', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "crepa.ch", true */ 'c', 'r', 'e', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "crepererum.net", true */ 'c', 'r', 'e', 'p', 'e', 'r', 'e', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "crescent.gr.jp", true */ 'c', 'r', 'e', 's', 'c', 'e', 'n', 't', '.', 'g', 'r', '.', 'j', 'p', '\0',
+  /* "crestasantos.com", true */ 'c', 'r', 'e', 's', 't', 'a', 's', 'a', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cretdupuy.com", true */ 'c', 'r', 'e', 't', 'd', 'u', 'p', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "creusalp.ch", true */ 'c', 'r', 'e', 'u', 's', 'a', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "crewplanner.eu", true */ 'c', 'r', 'e', 'w', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "crge.eu", true */ 'c', 'r', 'g', 'e', '.', 'e', 'u', '\0',
+  /* "crgm.net", true */ 'c', 'r', 'g', 'm', '.', 'n', 'e', 't', '\0',
+  /* "criadorespet.com.br", true */ 'c', 'r', 'i', 'a', 'd', 'o', 'r', 'e', 's', 'p', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "criena.com", true */ 'c', 'r', 'i', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "criena.net", true */ 'c', 'r', 'i', 'e', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "criminal-attorney.ru", true */ 'c', 'r', 'i', 'm', 'i', 'n', 'a', 'l', '-', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'r', 'u', '\0',
+  /* "criminal.enterprises", true */ 'c', 'r', 'i', 'm', 'i', 'n', 'a', 'l', '.', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '\0',
+  /* "crimson.no", true */ 'c', 'r', 'i', 'm', 's', 'o', 'n', '.', 'n', 'o', '\0',
+  /* "crip-usk.ba", true */ 'c', 'r', 'i', 'p', '-', 'u', 's', 'k', '.', 'b', 'a', '\0',
+  /* "crisisactual.com", true */ 'c', 'r', 'i', 's', 'i', 's', 'a', 'c', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crisp.chat", true */ 'c', 'r', 'i', 's', 'p', '.', 'c', 'h', 'a', 't', '\0',
+  /* "crisp.im", true */ 'c', 'r', 'i', 's', 'p', '.', 'i', 'm', '\0',
+  /* "cristarta.com", true */ 'c', 'r', 'i', 's', 't', 'a', 'r', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cristau.org", true */ 'c', 'r', 'i', 's', 't', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "critcola.com", true */ 'c', 'r', 'i', 't', 'c', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "critical.today", false */ 'c', 'r', 'i', 't', 'i', 'c', 'a', 'l', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "criticalsurveys.co.uk", true */ 'c', 'r', 'i', 't', 'i', 'c', 'a', 'l', 's', 'u', 'r', 'v', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crizin.io", true */ 'c', 'r', 'i', 'z', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "crl-autos.com", true */ 'c', 'r', 'l', '-', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crm.onlime.ch", false */ 'c', 'r', 'm', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "croixblanche-haguenau.fr", true */ 'c', 'r', 'o', 'i', 'x', 'b', 'l', 'a', 'n', 'c', 'h', 'e', '-', 'h', 'a', 'g', 'u', 'e', 'n', 'a', 'u', '.', 'f', 'r', '\0',
+  /* "cronix.cc", true */ 'c', 'r', 'o', 'n', 'i', 'x', '.', 'c', 'c', '\0',
+  /* "cronometer.com", true */ 'c', 'r', 'o', 'n', 'o', 'm', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "crop-alert.com", true */ 'c', 'r', 'o', 'p', '-', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "croquette.net", true */ 'c', 'r', 'o', 'q', 'u', 'e', 't', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "crosbug.com", true */ 'c', 'r', 'o', 's', 'b', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cross-led-sign.com", true */ 'c', 'r', 'o', 's', 's', '-', 'l', 'e', 'd', '-', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cross-link.ch", true */ 'c', 'r', 'o', 's', 's', '-', 'l', 'i', 'n', 'k', '.', 'c', 'h', '\0',
+  /* "cross-view.com", true */ 'c', 'r', 'o', 's', 's', '-', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "cross-x.com", true */ 'c', 'r', 'o', 's', 's', '-', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "crossborderreturns.com", true */ 'c', 'r', 'o', 's', 's', 'b', 'o', 'r', 'd', 'e', 'r', 'r', 'e', 't', 'u', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crosscom.ch", true */ 'c', 'r', 'o', 's', 's', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "crossfitblackwater.com", true */ 'c', 'r', 'o', 's', 's', 'f', 'i', 't', 'b', 'l', 'a', 'c', 'k', 'w', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "crossfunctional.com", true */ 'c', 'r', 'o', 's', 's', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crossorig.in", true */ 'c', 'r', 'o', 's', 's', 'o', 'r', 'i', 'g', '.', 'i', 'n', '\0',
+  /* "crosspeakoms.com", true */ 'c', 'r', 'o', 's', 's', 'p', 'e', 'a', 'k', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crosssellguide.com", true */ 'c', 'r', 'o', 's', 's', 's', 'e', 'l', 'l', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "crow.tw", true */ 'c', 'r', 'o', 'w', '.', 't', 'w', '\0',
+  /* "crowdbox.net", true */ 'c', 'r', 'o', 'w', 'd', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "crowdliminal.com", true */ 'c', 'r', 'o', 'w', 'd', 'l', 'i', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crowdsupply.com", true */ 'c', 'r', 'o', 'w', 'd', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "crownbouncycastlehire.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crowncastles.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crownmarqueehire.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "croydonapartments.com.au", true */ 'c', 'r', 'o', 'y', 'd', 'o', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "croydonbouncycastles.co.uk", true */ 'c', 'r', 'o', 'y', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crrev.com", true */ 'c', 'r', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "crstat.ru", true */ 'c', 'r', 's', 't', 'a', 't', '.', 'r', 'u', '\0',
+  /* "crt.sh", true */ 'c', 'r', 't', '.', 's', 'h', '\0',
+  /* "crt2014-2024review.gov", true */ 'c', 'r', 't', '2', '0', '1', '4', '-', '2', '0', '2', '4', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'g', 'o', 'v', '\0',
+  /* "crumbcontrol.com", true */ 'c', 'r', 'u', 'm', 'b', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crunchy.rocks", true */ 'c', 'r', 'u', 'n', 'c', 'h', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "crushroom.com", true */ 'c', 'r', 'u', 's', 'h', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "crustytoothpaste.net", true */ 'c', 'r', 'u', 's', 't', 'y', 't', 'o', 'o', 't', 'h', 'p', 'a', 's', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "crute.me", true */ 'c', 'r', 'u', 't', 'e', '.', 'm', 'e', '\0',
+  /* "cruzeiropedia.org", true */ 'c', 'r', 'u', 'z', 'e', 'i', 'r', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "crvv.me", true */ 'c', 'r', 'v', 'v', '.', 'm', 'e', '\0',
+  /* "cry.nu", false */ 'c', 'r', 'y', '.', 'n', 'u', '\0',
+  /* "cryoit.com", true */ 'c', 'r', 'y', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cryothanasia.com", true */ 'c', 'r', 'y', 'o', 't', 'h', 'a', 'n', 'a', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cryp.no", true */ 'c', 'r', 'y', 'p', '.', 'n', 'o', '\0',
+  /* "crypalert.com", true */ 'c', 'r', 'y', 'p', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "crypt.is-by.us", true */ 'c', 'r', 'y', 'p', 't', '.', 'i', 's', '-', 'b', 'y', '.', 'u', 's', '\0',
+  /* "cryptearth.de", true */ 'c', 'r', 'y', 'p', 't', 'e', 'a', 'r', 't', 'h', '.', 'd', 'e', '\0',
+  /* "crypted.chat", true */ 'c', 'r', 'y', 'p', 't', 'e', 'd', '.', 'c', 'h', 'a', 't', '\0',
+  /* "crypto-armory.com", true */ 'c', 'r', 'y', 'p', 't', 'o', '-', 'a', 'r', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "crypto.cat", false */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'c', 'a', 't', '\0',
+  /* "crypto.graphics", true */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '\0',
+  /* "crypto.is", false */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'i', 's', '\0',
+  /* "cryptobells.com", false */ 'c', 'r', 'y', 'p', 't', 'o', 'b', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cryptobin.co", true */ 'c', 'r', 'y', 'p', 't', 'o', 'b', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "cryptocon.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "cryptofan.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'f', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "cryptography.ch", true */ 'c', 'r', 'y', 'p', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "cryptography.io", true */ 'c', 'r', 'y', 'p', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'i', 'o', '\0',
+  /* "cryptoisnotacrime.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'i', 's', 'n', 'o', 't', 'a', 'c', 'r', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "cryptojourney.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cryptology.ch", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "cryptolosophy.io", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'i', 'o', '\0',
+  /* "cryptolosophy.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "cryptonom.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'n', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "cryptonym.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'n', 'y', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cryptoparty.at", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'a', 't', '\0',
+  /* "cryptoparty.dk", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'd', 'k', '\0',
+  /* "cryptopartyutah.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', 'u', 't', 'a', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "cryptophobia.nl", false */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'h', 'o', 'b', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "cryptorival.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'r', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cryptoseb.pw", true */ 'c', 'r', 'y', 'p', 't', 'o', 's', 'e', 'b', '.', 'p', 'w', '\0',
+  /* "cryptoshot.pw", true */ 'c', 'r', 'y', 'p', 't', 'o', 's', 'h', 'o', 't', '.', 'p', 'w', '\0',
+  /* "cryptract.co", true */ 'c', 'r', 'y', 'p', 't', 'r', 'a', 'c', 't', '.', 'c', 'o', '\0',
+  /* "crystalchandelierservices.com", true */ 'c', 'r', 'y', 's', 't', 'a', 'l', 'c', 'h', 'a', 'n', 'd', 'e', 'l', 'i', 'e', 'r', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crystone.me", true */ 'c', 'r', 'y', 's', 't', 'o', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "cs-colorscreed-betongulve.dk", true */ 'c', 's', '-', 'c', 'o', 'l', 'o', 'r', 's', 'c', 'r', 'e', 'e', 'd', '-', 'b', 'e', 't', 'o', 'n', 'g', 'u', 'l', 'v', 'e', '.', 'd', 'k', '\0',
+  /* "cs2016.ch", true */ 'c', 's', '2', '0', '1', '6', '.', 'c', 'h', '\0',
+  /* "csabg.org", true */ 'c', 's', 'a', 'b', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "csacongress.org", true */ 'c', 's', 'a', 'c', 'o', 'n', 'g', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "csbs.fr", true */ 'c', 's', 'b', 's', '.', 'f', 'r', '\0',
+  /* "cscau.com", true */ 'c', 's', 'c', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "csengle.de", true */ 'c', 's', 'e', 'n', 'g', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "csfd.cz", true */ 'c', 's', 'f', 'd', '.', 'c', 'z', '\0',
+  /* "csfloors.co.uk", true */ 'c', 's', 'f', 'l', 'o', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "csfm.com", true */ 'c', 's', 'f', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "csgo.help", true */ 'c', 's', 'g', 'o', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "csgo.su", true */ 'c', 's', 'g', 'o', '.', 's', 'u', '\0',
+  /* "csgogamers.com", false */ 'c', 's', 'g', 'o', 'g', 'a', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "csgohandouts.com", true */ 'c', 's', 'g', 'o', 'h', 'a', 'n', 'd', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "csgotwister.com", true */ 'c', 's', 'g', 'o', 't', 'w', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "csharpmarc.net", true */ 'c', 's', 'h', 'a', 'r', 'p', 'm', 'a', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "cshopify.com", true */ 'c', 's', 'h', 'o', 'p', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "csilies.de", true */ 'c', 's', 'i', 'l', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "csinterstargeneve.ch", true */ 'c', 's', 'i', 'n', 't', 'e', 'r', 's', 't', 'a', 'r', 'g', 'e', 'n', 'e', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "cskentertainment.co.uk", true */ 'c', 's', 'k', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "csmainframe.com", true */ 'c', 's', 'm', 'a', 'i', 'n', 'f', 'r', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "csokolade.hu", true */ 'c', 's', 'o', 'k', 'o', 'l', 'a', 'd', 'e', '.', 'h', 'u', '\0',
+  /* "csp.ch", true */ 'c', 's', 'p', '.', 'c', 'h', '\0',
+  /* "cspvalidator.org", true */ 'c', 's', 'p', 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "csru.net", true */ 'c', 's', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "css.net", true */ 'c', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "cssai.eu", true */ 'c', 's', 's', 'a', 'i', '.', 'e', 'u', '\0',
+  /* "cssaunion.com", true */ 'c', 's', 's', 'a', 'u', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cstb.ch", true */ 'c', 's', 't', 'b', '.', 'c', 'h', '\0',
+  /* "cstp-marketing.com", true */ 'c', 's', 't', 'p', '-', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ct.search.yahoo.com", false */ 'c', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cthomas.work", true */ 'c', 't', 'h', 'o', 'm', 'a', 's', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "ctliu.com", true */ 'c', 't', 'l', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ctnguyen.de", true */ 'c', 't', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ctnguyen.net", true */ 'c', 't', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ctns.de", true */ 'c', 't', 'n', 's', '.', 'd', 'e', '\0',
+  /* "ctoforhire.com.au", true */ 'c', 't', 'o', 'f', 'o', 'r', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ctomp.io", true */ 'c', 't', 'o', 'm', 'p', '.', 'i', 'o', '\0',
+  /* "ctpe.net", true */ 'c', 't', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ctrld.me", true */ 'c', 't', 'r', 'l', 'd', '.', 'm', 'e', '\0',
+  /* "ctyi.me", true */ 'c', 't', 'y', 'i', '.', 'm', 'e', '\0',
+  /* "cub-bouncingcastles.co.uk", true */ 'c', 'u', 'b', '-', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cube-cloud.com", true */ 'c', 'u', 'b', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cube.de", true */ 'c', 'u', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "cubecraft.net", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "cubecraftstore.com", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cubecraftstore.net", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', 's', 't', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cubekrowd.net", true */ 'c', 'u', 'b', 'e', 'k', 'r', 'o', 'w', 'd', '.', 'n', 'e', 't', '\0',
+  /* "cubela.tech", true */ 'c', 'u', 'b', 'e', 'l', 'a', '.', 't', 'e', 'c', 'h', '\0',
+  /* "cubia.de", true */ 'c', 'u', 'b', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "cubia3.com", true */ 'c', 'u', 'b', 'i', 'a', '3', '.', 'c', 'o', 'm', '\0',
+  /* "cubia4.com", true */ 'c', 'u', 'b', 'i', 'a', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cubile.xyz", true */ 'c', 'u', 'b', 'i', 'l', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "cublick.com", true */ 'c', 'u', 'b', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cubos.io", false */ 'c', 'u', 'b', 'o', 's', '.', 'i', 'o', '\0',
+  /* "cubostecnologia.com", false */ 'c', 'u', 'b', 'o', 's', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cubostecnologia.com.br", false */ 'c', 'u', 'b', 'o', 's', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cubua.com", true */ 'c', 'u', 'b', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cuckoopalace.cn", true */ 'c', 'u', 'c', 'k', 'o', 'o', 'p', 'a', 'l', 'a', 'c', 'e', '.', 'c', 'n', '\0',
+  /* "cuddlecomfort.com", true */ 'c', 'u', 'd', 'd', 'l', 'e', 'c', 'o', 'm', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cuddlingyaks.com", true */ 'c', 'u', 'd', 'd', 'l', 'i', 'n', 'g', 'y', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cuecasonline.com.br", true */ 'c', 'u', 'e', 'c', 'a', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cuentasmutualamr.org.ar", true */ 'c', 'u', 'e', 'n', 't', 'a', 's', 'm', 'u', 't', 'u', 'a', 'l', 'a', 'm', 'r', '.', 'o', 'r', 'g', '.', 'a', 'r', '\0',
+  /* "cuetoems.com", true */ 'c', 'u', 'e', 't', 'o', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cuibonobo.com", true */ 'c', 'u', 'i', 'b', 'o', 'n', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cuisinezest.com", true */ 'c', 'u', 'i', 's', 'i', 'n', 'e', 'z', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cultiv.nl", true */ 'c', 'u', 'l', 't', 'i', 'v', '.', 'n', 'l', '\0',
+  /* "cultivo.bio", true */ 'c', 'u', 'l', 't', 'i', 'v', 'o', '.', 'b', 'i', 'o', '\0',
+  /* "cultofd50.org", true */ 'c', 'u', 'l', 't', 'o', 'f', 'd', '5', '0', '.', 'o', 'r', 'g', '\0',
+  /* "cultofperf.org.uk", true */ 'c', 'u', 'l', 't', 'o', 'f', 'p', 'e', 'r', 'f', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "culture-school.top", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', '-', 's', 'c', 'h', 'o', 'o', 'l', '.', 't', 'o', 'p', '\0',
+  /* "culturedcode.com", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', 'd', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cultureroll.com", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cumparama.com", true */ 'c', 'u', 'm', 'p', 'a', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cuni-cuni-club.com", true */ 'c', 'u', 'n', 'i', '-', 'c', 'u', 'n', 'i', '-', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cuni-rec.com", true */ 'c', 'u', 'n', 'i', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "cuoc.org.uk", true */ 'c', 'u', 'o', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "cuongthach.com", true */ 'c', 'u', 'o', 'n', 'g', 't', 'h', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "cup.al", true */ 'c', 'u', 'p', '.', 'a', 'l', '\0',
+  /* "cupcake.io", true */ 'c', 'u', 'p', 'c', 'a', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "cupcake.is", true */ 'c', 'u', 'p', 'c', 'a', 'k', 'e', '.', 'i', 's', '\0',
+  /* "cupi.co", true */ 'c', 'u', 'p', 'i', '.', 'c', 'o', '\0',
+  /* "cupom.net", true */ 'c', 'u', 'p', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "cuppycakes.fi", true */ 'c', 'u', 'p', 'p', 'y', 'c', 'a', 'k', 'e', 's', '.', 'f', 'i', '\0',
+  /* "curacao-firma.com", true */ 'c', 'u', 'r', 'a', 'c', 'a', 'o', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "curamail.co.uk", true */ 'c', 'u', 'r', 'a', 'm', 'a', 'i', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "curieux.digital", true */ 'c', 'u', 'r', 'i', 'e', 'u', 'x', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "curio-shiki.com", true */ 'c', 'u', 'r', 'i', 'o', '-', 's', 'h', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "curiosity-driven.org", true */ 'c', 'u', 'r', 'i', 'o', 's', 'i', 't', 'y', '-', 'd', 'r', 'i', 'v', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "curiouscat.me", true */ 'c', 'u', 'r', 'i', 'o', 'u', 's', 'c', 'a', 't', '.', 'm', 'e', '\0',
+  /* "curlybracket.co.uk", true */ 'c', 'u', 'r', 'l', 'y', 'b', 'r', 'a', 'c', 'k', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "currency-strength.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 'c', 'y', '-', 's', 't', 'r', 'e', 'n', 'g', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "current.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "currentlystreaming.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 't', 'l', 'y', 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "currynissanmaparts.com", true */ 'c', 'u', 'r', 'r', 'y', 'n', 'i', 's', 's', 'a', 'n', 'm', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cursos.com", true */ 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cursuri-de-actorie.ro", true */ 'c', 'u', 'r', 's', 'u', 'r', 'i', '-', 'd', 'e', '-', 'a', 'c', 't', 'o', 'r', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "curtacircuitos.com.br", false */ 'c', 'u', 'r', 't', 'a', 'c', 'i', 'r', 'c', 'u', 'i', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "curtis-smith.me.uk", true */ 'c', 'u', 'r', 't', 'i', 's', '-', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "curtis-smith.uk", true */ 'c', 'u', 'r', 't', 'i', 's', '-', 's', 'm', 'i', 't', 'h', '.', 'u', 'k', '\0',
+  /* "curtissmith.me.uk", true */ 'c', 'u', 'r', 't', 'i', 's', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "curtissmith.uk", true */ 'c', 'u', 'r', 't', 'i', 's', 's', 'm', 'i', 't', 'h', '.', 'u', 'k', '\0',
+  /* "curveprotect.com", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "curveprotect.cz", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'z', '\0',
+  /* "curveprotect.net", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "curveprotect.org", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "curvesandwords.com", true */ 'c', 'u', 'r', 'v', 'e', 's', 'a', 'n', 'd', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "curvissa.co.uk", true */ 'c', 'u', 'r', 'v', 'i', 's', 's', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "custodyxchange.com", true */ 'c', 'u', 's', 't', 'o', 'd', 'y', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "customd.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "customerbox.ir", true */ 'c', 'u', 's', 't', 'o', 'm', 'e', 'r', 'b', 'o', 'x', '.', 'i', 'r', '\0',
+  /* "customfitmarketing.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'f', 'i', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "customgear.com.au", true */ 'c', 'u', 's', 't', 'o', 'm', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "customizeyourshower.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'y', 'o', 'u', 'r', 's', 'h', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "customizeyoursink.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'y', 'o', 'u', 'r', 's', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "customromlist.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'r', 'o', 'm', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "customshort.link", true */ 'c', 'u', 's', 't', 'o', 'm', 's', 'h', 'o', 'r', 't', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "customwritings.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "customwritingservice.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cutelariafiveladeouro.com.br", true */ 'c', 'u', 't', 'e', 'l', 'a', 'r', 'i', 'a', 'f', 'i', 'v', 'e', 'l', 'a', 'd', 'e', 'o', 'u', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cutephil.com", true */ 'c', 'u', 't', 'e', 'p', 'h', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cutimbo.ovh", true */ 'c', 'u', 't', 'i', 'm', 'b', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "cutner.co", true */ 'c', 'u', 't', 'n', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "cuvva.co", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', '\0',
+  /* "cuvva.co.uk", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cuvva.com", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cuvva.eu", true */ 'c', 'u', 'v', 'v', 'a', '.', 'e', 'u', '\0',
+  /* "cuvva.io", true */ 'c', 'u', 'v', 'v', 'a', '.', 'i', 'o', '\0',
+  /* "cuvva.it", true */ 'c', 'u', 'v', 'v', 'a', '.', 'i', 't', '\0',
+  /* "cuvva.me", true */ 'c', 'u', 'v', 'v', 'a', '.', 'm', 'e', '\0',
+  /* "cuvva.net", true */ 'c', 'u', 'v', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cuvva.org", true */ 'c', 'u', 'v', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cuvva.uk", true */ 'c', 'u', 'v', 'v', 'a', '.', 'u', 'k', '\0',
+  /* "cuvva.us", true */ 'c', 'u', 'v', 'v', 'a', '.', 'u', 's', '\0',
+  /* "cuxpool.club", true */ 'c', 'u', 'x', 'p', 'o', 'o', 'l', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "cve-le-carrousel.ch", true */ 'c', 'v', 'e', '-', 'l', 'e', '-', 'c', 'a', 'r', 'r', 'o', 'u', 's', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "cviip.ca", true */ 'c', 'v', 'i', 'i', 'p', '.', 'c', 'a', '\0',
+  /* "cviip.com", true */ 'c', 'v', 'i', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cvjd.me", true */ 'c', 'v', 'j', 'd', '.', 'm', 'e', '\0',
+  /* "cvl.ch", true */ 'c', 'v', 'l', '.', 'c', 'h', '\0',
+  /* "cvlibrary.co.uk", true */ 'c', 'v', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cvmu.jp", true */ 'c', 'v', 'm', 'u', '.', 'j', 'p', '\0',
+  /* "cvninja.pl", true */ 'c', 'v', 'n', 'i', 'n', 'j', 'a', '.', 'p', 'l', '\0',
+  /* "cvr.dk", true */ 'c', 'v', 'r', '.', 'd', 'k', '\0',
+  /* "cvsoftub.com", true */ 'c', 'v', 's', 'o', 'f', 't', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cvursache.com", true */ 'c', 'v', 'u', 'r', 's', 'a', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cvv.cn", true */ 'c', 'v', 'v', '.', 'c', 'n', '\0',
+  /* "cw.center", true */ 'c', 'w', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "cwagner.me", true */ 'c', 'w', 'a', 'g', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "cwmart.in", true */ 'c', 'w', 'm', 'a', 'r', 't', '.', 'i', 'n', '\0',
+  /* "cwningen.cymru", false */ 'c', 'w', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'c', 'y', 'm', 'r', 'u', '\0',
+  /* "cwrcoding.com", true */ 'c', 'w', 'r', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cy.technology", true */ 'c', 'y', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "cybbh.space", true */ 'c', 'y', 'b', 'b', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "cyber-konzept.de", true */ 'c', 'y', 'b', 'e', 'r', '-', 'k', 'o', 'n', 'z', 'e', 'p', 't', '.', 'd', 'e', '\0',
+  /* "cyber-perikarp.eu", true */ 'c', 'y', 'b', 'e', 'r', '-', 'p', 'e', 'r', 'i', 'k', 'a', 'r', 'p', '.', 'e', 'u', '\0',
+  /* "cyber.cafe", true */ 'c', 'y', 'b', 'e', 'r', '.', 'c', 'a', 'f', 'e', '\0',
+  /* "cybercloud.cc", true */ 'c', 'y', 'b', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'c', '\0',
+  /* "cyberdos.de", true */ 'c', 'y', 'b', 'e', 'r', 'd', 'o', 's', '.', 'd', 'e', '\0',
+  /* "cyberduck.io", true */ 'c', 'y', 'b', 'e', 'r', 'd', 'u', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "cybergrx.com", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cyberguerrilla.info", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "cyberguerrilla.org", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cyberianhusky.com", true */ 'c', 'y', 'b', 'e', 'r', 'i', 'a', 'n', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cyberkov.com", true */ 'c', 'y', 'b', 'e', 'r', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "cyberlightapp.com", true */ 'c', 'y', 'b', 'e', 'r', 'l', 'i', 'g', 'h', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cyberoptic.de", true */ 'c', 'y', 'b', 'e', 'r', 'o', 'p', 't', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "cyberphaze.com", true */ 'c', 'y', 'b', 'e', 'r', 'p', 'h', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cyberprey.com", true */ 'c', 'y', 'b', 'e', 'r', 'p', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cybersecurity.nz", true */ 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'z', '\0',
+  /* "cybersecuritychallenge.be", true */ 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'b', 'e', '\0',
+  /* "cybersins.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cybersmartdefence.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'm', 'a', 'r', 't', 'd', 'e', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cyberspace.community", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "cyberspace.today", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'a', 'c', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "cyberspect.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cyberspect.io", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "cybertorsk.org", true */ 'c', 'y', 'b', 'e', 'r', 't', 'o', 'r', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "cybertu.be", true */ 'c', 'y', 'b', 'e', 'r', 't', 'u', '.', 'b', 'e', '\0',
+  /* "cyberwars.dk", true */ 'c', 'y', 'b', 'e', 'r', 'w', 'a', 'r', 's', '.', 'd', 'k', '\0',
+  /* "cyberwire.nl", true */ 'c', 'y', 'b', 'e', 'r', 'w', 'i', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "cyberxpert.nl", true */ 'c', 'y', 'b', 'e', 'r', 'x', 'p', 'e', 'r', 't', '.', 'n', 'l', '\0',
+  /* "cybozu.cn", true */ 'c', 'y', 'b', 'o', 'z', 'u', '.', 'c', 'n', '\0',
+  /* "cybozu.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "cybozulive-dev.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', 'l', 'i', 'v', 'e', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "cybozulive.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cyclebeads.com", true */ 'c', 'y', 'c', 'l', 'e', 'b', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cyclehackluxembourgcity.lu", true */ 'c', 'y', 'c', 'l', 'e', 'h', 'a', 'c', 'k', 'l', 'u', 'x', 'e', 'm', 'b', 'o', 'u', 'r', 'g', 'c', 'i', 't', 'y', '.', 'l', 'u', '\0',
+  /* "cyclisjumper.gallery", true */ 'c', 'y', 'c', 'l', 'i', 's', 'j', 'u', 'm', 'p', 'e', 'r', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "cyclop-editorial.fr", true */ 'c', 'y', 'c', 'l', 'o', 'p', '-', 'e', 'd', 'i', 't', 'o', 'r', 'i', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "cydetec.com", true */ 'c', 'y', 'd', 'e', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "cyfly.org", true */ 'c', 'y', 'f', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "cygnatus.com", true */ 'c', 'y', 'g', 'n', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cygnius.net", true */ 'c', 'y', 'g', 'n', 'i', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "cyhour.com", true */ 'c', 'y', 'h', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cylindricity.com", true */ 'c', 'y', 'l', 'i', 'n', 'd', 'r', 'i', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cyon.ch", true */ 'c', 'y', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "cype.dedyn.io", true */ 'c', 'y', 'p', 'e', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "cyph.audio", true */ 'c', 'y', 'p', 'h', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "cyph.com", true */ 'c', 'y', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "cyph.healthcare", true */ 'c', 'y', 'p', 'h', '.', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '\0',
+  /* "cyph.im", true */ 'c', 'y', 'p', 'h', '.', 'i', 'm', '\0',
+  /* "cyph.io", true */ 'c', 'y', 'p', 'h', '.', 'i', 'o', '\0',
+  /* "cyph.me", true */ 'c', 'y', 'p', 'h', '.', 'm', 'e', '\0',
+  /* "cyph.video", true */ 'c', 'y', 'p', 'h', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "cyph.ws", true */ 'c', 'y', 'p', 'h', '.', 'w', 's', '\0',
+  /* "cypherpunk.at", true */ 'c', 'y', 'p', 'h', 'e', 'r', 'p', 'u', 'n', 'k', '.', 'a', 't', '\0',
+  /* "cypherpunk.com", true */ 'c', 'y', 'p', 'h', 'e', 'r', 'p', 'u', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cypressinheritancesaga.com", true */ 'c', 'y', 'p', 'r', 'e', 's', 's', 'i', 'n', 'h', 'e', 'r', 'i', 't', 'a', 'n', 'c', 'e', 's', 'a', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cypresslegacy.com", true */ 'c', 'y', 'p', 'r', 'e', 's', 's', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cyprus-company-service.com", true */ 'c', 'y', 'p', 'r', 'u', 's', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cysec.biz", true */ 'c', 'y', 's', 'e', 'c', '.', 'b', 'i', 'z', '\0',
+  /* "cysmo.de", true */ 'c', 'y', 's', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "cytech.com.tr", true */ 'c', 'y', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "cytegic-update-packages.com", true */ 'c', 'y', 't', 'e', 'g', 'i', 'c', '-', 'u', 'p', 'd', 'a', 't', 'e', '-', 'p', 'a', 'c', 'k', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cyumus.com", true */ 'c', 'y', 'u', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "czakey.net", true */ 'c', 'z', 'a', 'k', 'e', 'y', '.', 'n', 'e', 't', '\0',
+  /* "czaw.org", true */ 'c', 'z', 'a', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "czbix.com", true */ 'c', 'z', 'b', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "czc.cz", true */ 'c', 'z', 'c', '.', 'c', 'z', '\0',
+  /* "czechamlp.com", true */ 'c', 'z', 'e', 'c', 'h', 'a', 'm', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "czechvirus.cz", true */ 'c', 'z', 'e', 'c', 'h', 'v', 'i', 'r', 'u', 's', '.', 'c', 'z', '\0',
+  /* "czerno.com", true */ 'c', 'z', 'e', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "czirnich.org", true */ 'c', 'z', 'i', 'r', 'n', 'i', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "czk.mk", true */ 'c', 'z', 'k', '.', 'm', 'k', '\0',
+  /* "d-20.fr", true */ 'd', '-', '2', '0', '.', 'f', 'r', '\0',
+  /* "d-academia.com", true */ 'd', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "d-designerin.de", true */ 'd', '-', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "d-loop.de", true */ 'd', '-', 'l', 'o', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "d-parts24.de", true */ 'd', '-', 'p', 'a', 'r', 't', 's', '2', '4', '.', 'd', 'e', '\0',
+  /* "d-quantum.com", true */ 'd', '-', 'q', 'u', 'a', 'n', 't', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "d-toys.com.ua", true */ 'd', '-', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "d-training.de", true */ 'd', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "d.nf", true */ 'd', '.', 'n', 'f', '\0',
+  /* "d.nr", true */ 'd', '.', 'n', 'r', '\0',
+  /* "d00d.de", true */ 'd', '0', '0', 'd', '.', 'd', 'e', '\0',
+  /* "d0g.cc", true */ 'd', '0', 'g', '.', 'c', 'c', '\0',
+  /* "d0xq.net", true */ 'd', '0', 'x', 'q', '.', 'n', 'e', 't', '\0',
+  /* "d2s.uk", true */ 'd', '2', 's', '.', 'u', 'k', '\0',
+  /* "d3njjcbhbojbot.cloudfront.net", true */ 'd', '3', 'n', 'j', 'j', 'c', 'b', 'h', 'b', 'o', 'j', 'b', 'o', 't', '.', 'c', 'l', 'o', 'u', 'd', 'f', 'r', 'o', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "d3x.pw", true */ 'd', '3', 'x', '.', 'p', 'w', '\0',
+  /* "d3xt3r01.tk", true */ 'd', '3', 'x', 't', '3', 'r', '0', '1', '.', 't', 'k', '\0',
+  /* "d42.no", true */ 'd', '4', '2', '.', 'n', 'o', '\0',
+  /* "d4wson.com", true */ 'd', '4', 'w', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "d4x.de", true */ 'd', '4', 'x', '.', 'd', 'e', '\0',
+  /* "d66.nl", true */ 'd', '6', '6', '.', 'n', 'l', '\0',
+  /* "d8.io", true */ 'd', '8', '.', 'i', 'o', '\0',
+  /* "da-ist-kunst.de", true */ 'd', 'a', '-', 'i', 's', 't', '-', 'k', 'u', 'n', 's', 't', '.', 'd', 'e', '\0',
+  /* "da8.cc", true */ 'd', 'a', '8', '.', 'c', 'c', '\0',
+  /* "daallexx.eu", true */ 'd', 'a', 'a', 'l', 'l', 'e', 'x', 'x', '.', 'e', 'u', '\0',
+  /* "dachb0den.net", true */ 'd', 'a', 'c', 'h', 'b', '0', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dachdecker-ranzenberger.de", true */ 'd', 'a', 'c', 'h', 'd', 'e', 'c', 'k', 'e', 'r', '-', 'r', 'a', 'n', 'z', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dachdeckermeister-egon-weiss.de", true */ 'd', 'a', 'c', 'h', 'd', 'e', 'c', 'k', 'e', 'r', 'm', 'e', 'i', 's', 't', 'e', 'r', '-', 'e', 'g', 'o', 'n', '-', 'w', 'e', 'i', 's', 's', '.', 'd', 'e', '\0',
+  /* "daciaforum.nl", true */ 'd', 'a', 'c', 'i', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "daciamodellen.nl", true */ 'd', 'a', 'c', 'i', 'a', 'm', 'o', 'd', 'e', 'l', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "dado.fr", true */ 'd', 'a', 'd', 'o', '.', 'f', 'r', '\0',
+  /* "dado.me", true */ 'd', 'a', 'd', 'o', '.', 'm', 'e', '\0',
+  /* "dado.virtual.museum", true */ 'd', 'a', 'd', 'o', '.', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'm', 'u', 's', 'e', 'u', 'm', '\0',
+  /* "dadons-laserdiscs.com", true */ 'd', 'a', 'd', 'o', 'n', 's', '-', 'l', 'a', 's', 'e', 'r', 'd', 'i', 's', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dadosch.de", true */ 'd', 'a', 'd', 'o', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "dadrian.io", true */ 'd', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "daduke.org", true */ 'd', 'a', 'd', 'u', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "daemen.org", true */ 'd', 'a', 'e', 'm', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "daemon.xin", true */ 'd', 'a', 'e', 'm', 'o', 'n', '.', 'x', 'i', 'n', '\0',
+  /* "daemwool.ch", true */ 'd', 'a', 'e', 'm', 'w', 'o', 'o', 'l', '.', 'c', 'h', '\0',
+  /* "daevel.fr", true */ 'd', 'a', 'e', 'v', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "dag-hebergement.fr", true */ 'd', 'a', 'g', '-', 'h', 'e', 'b', 'e', 'r', 'g', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "dag-konsult.com", true */ 'd', 'a', 'g', '-', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dahlberg.cologne", true */ 'd', 'a', 'h', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'l', 'o', 'g', 'n', 'e', '\0',
+  /* "dai.top", true */ 'd', 'a', 'i', '.', 't', 'o', 'p', '\0',
+  /* "dailyblogged.com", true */ 'd', 'a', 'i', 'l', 'y', 'b', 'l', 'o', 'g', 'g', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dailybunda.com", true */ 'd', 'a', 'i', 'l', 'y', 'b', 'u', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dailyenglishchallenge.com", true */ 'd', 'a', 'i', 'l', 'y', 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dailyhealthguard.com", true */ 'd', 'a', 'i', 'l', 'y', 'h', 'e', 'a', 'l', 't', 'h', 'g', 'u', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dailykos.com", true */ 'd', 'a', 'i', 'l', 'y', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dailytopix.com", true */ 'd', 'a', 'i', 'l', 'y', 't', 'o', 'p', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "daintymeal.com", true */ 'd', 'a', 'i', 'n', 't', 'y', 'm', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dairyshrine.org", true */ 'd', 'a', 'i', 'r', 'y', 's', 'h', 'r', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "daisidaniels.co.uk", true */ 'd', 'a', 'i', 's', 'i', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "daisy-peanut.com", true */ 'd', 'a', 'i', 's', 'y', '-', 'p', 'e', 'a', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "daisypeanut.com", true */ 'd', 'a', 'i', 's', 'y', 'p', 'e', 'a', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "daiwai.de", false */ 'd', 'a', 'i', 'w', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "daiweihu.com", true */ 'd', 'a', 'i', 'w', 'e', 'i', 'h', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "daiyuu.jp", true */ 'd', 'a', 'i', 'y', 'u', 'u', '.', 'j', 'p', '\0',
+  /* "daknob.net", true */ 'd', 'a', 'k', 'n', 'o', 'b', '.', 'n', 'e', 't', '\0',
+  /* "dakotasilencer.com", true */ 'd', 'a', 'k', 'o', 't', 'a', 's', 'i', 'l', 'e', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "daktarisys.com", true */ 'd', 'a', 'k', 't', 'a', 'r', 'i', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "daladubbeln.se", true */ 'd', 'a', 'l', 'a', 'd', 'u', 'b', 'b', 'e', 'l', 'n', '.', 's', 'e', '\0',
+  /* "dalaran.city", true */ 'd', 'a', 'l', 'a', 'r', 'a', 'n', '.', 'c', 'i', 't', 'y', '\0',
+  /* "dalb.in", true */ 'd', 'a', 'l', 'b', '.', 'i', 'n', '\0',
+  /* "dale-electric.com", true */ 'd', 'a', 'l', 'e', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dalek.co.nz", true */ 'd', 'a', 'l', 'e', 'k', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "dalfiume.it", false */ 'd', 'a', 'l', 'f', 'i', 'u', 'm', 'e', '.', 'i', 't', '\0',
+  /* "dalfsennet.nl", true */ 'd', 'a', 'l', 'f', 's', 'e', 'n', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "dalingk.com", true */ 'd', 'a', 'l', 'i', 'n', 'g', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dallaslu.com", true */ 'd', 'a', 'l', 'l', 'a', 's', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "dallinbryce.com", true */ 'd', 'a', 'l', 'l', 'i', 'n', 'b', 'r', 'y', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dallmeier.net", true */ 'd', 'a', 'l', 'l', 'm', 'e', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dalmatiersheusden.be", true */ 'd', 'a', 'l', 'm', 'a', 't', 'i', 'e', 'r', 's', 'h', 'e', 'u', 's', 'd', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "damaged.org", true */ 'd', 'a', 'm', 'a', 'g', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "damasexpress.com", true */ 'd', 'a', 'm', 'a', 's', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "damedrogy.cz", true */ 'd', 'a', 'm', 'e', 'd', 'r', 'o', 'g', 'y', '.', 'c', 'z', '\0',
+  /* "damicris.ro", true */ 'd', 'a', 'm', 'i', 'c', 'r', 'i', 's', '.', 'r', 'o', '\0',
+  /* "damienoreilly.org", true */ 'd', 'a', 'm', 'i', 'e', 'n', 'o', 'r', 'e', 'i', 'l', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "damip.net", true */ 'd', 'a', 'm', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "dammekens.be", true */ 'd', 'a', 'm', 'm', 'e', 'k', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "damngoodpepper.com", true */ 'd', 'a', 'm', 'n', 'g', 'o', 'o', 'd', 'p', 'e', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dan-informacijske-varnosti.si", true */ 'd', 'a', 'n', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 'c', 'i', 'j', 's', 'k', 'e', '-', 'v', 'a', 'r', 'n', 'o', 's', 't', 'i', '.', 's', 'i', '\0',
+  /* "dan.me.uk", true */ 'd', 'a', 'n', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "dan.org.nz", true */ 'd', 'a', 'n', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "danaketh.com", true */ 'd', 'a', 'n', 'a', 'k', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danamica.dk", true */ 'd', 'a', 'n', 'a', 'm', 'i', 'c', 'a', '.', 'd', 'k', '\0',
+  /* "danandrum.com", true */ 'd', 'a', 'n', 'a', 'n', 'd', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "danarozmarin.com", true */ 'd', 'a', 'n', 'a', 'r', 'o', 'z', 'm', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "danchen.org", true */ 'd', 'a', 'n', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "dancingcubs.co.uk", true */ 'd', 'a', 'n', 'c', 'i', 'n', 'g', 'c', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dandenongroadapartments.com.au", true */ 'd', 'a', 'n', 'd', 'e', 'n', 'o', 'n', 'g', 'r', 'o', 'a', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dandymrsb.com", true */ 'd', 'a', 'n', 'd', 'y', 'm', 'r', 's', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "daneandthepain.com", true */ 'd', 'a', 'n', 'e', 'a', 'n', 'd', 't', 'h', 'e', 'p', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dango.in", true */ 'd', 'a', 'n', 'g', 'o', '.', 'i', 'n', '\0',
+  /* "daniel-baumann.ch", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'b', 'a', 'u', 'm', 'a', 'n', 'n', '.', 'c', 'h', '\0',
+  /* "daniel-du.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "daniel-kulbe.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'k', 'u', 'l', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "daniel-ruf.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'r', 'u', 'f', '.', 'd', 'e', '\0',
+  /* "daniel-seifert.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 's', 'e', 'i', 'f', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "danielalvarez.net", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'a', 'l', 'v', 'a', 'r', 'e', 'z', '.', 'n', 'e', 't', '\0',
+  /* "danielas.boutique", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'a', 's', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0',
+  /* "danielehniss.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'e', 'h', 'n', 'i', 's', 's', '.', 'd', 'e', '\0',
+  /* "danielepestilli.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'e', 'p', 'e', 's', 't', 'i', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "danielhochleitner.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'h', 'o', 'c', 'h', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "danieljamesscott.org", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'j', 'a', 'm', 'e', 's', 's', 'c', 'o', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "danieljireh.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'j', 'i', 'r', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danielkoster.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'k', 'o', 's', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "danielkratz.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'k', 'r', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "danielmarquard.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'a', 'r', 'q', 'u', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "danielmoch.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danielmostertman.com", false */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 's', 't', 'e', 'r', 't', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "danielmostertman.nl", false */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 's', 't', 'e', 'r', 't', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "danielrozenberg.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'r', 'o', 'z', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "danielsblog.org", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "danielschreurs.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 'c', 'h', 'r', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "danielstach.cz", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 't', 'a', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "danielsteiner.net", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 't', 'e', 'i', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "danieltollot.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 't', 'o', 'l', 'l', 'o', 't', '.', 'd', 'e', '\0',
+  /* "danielverlaan.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'v', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "danielvoogsgerd.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'v', 'o', 'o', 'g', 's', 'g', 'e', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "danielzuzevich.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'z', 'u', 'z', 'e', 'v', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danilapisarev.com", true */ 'd', 'a', 'n', 'i', 'l', 'a', 'p', 'i', 's', 'a', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "danjesensky.com", true */ 'd', 'a', 'n', 'j', 'e', 's', 'e', 'n', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dank.ninja", true */ 'd', 'a', 'n', 'k', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "dankim.de", false */ 'd', 'a', 'n', 'k', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "dankredues.com", true */ 'd', 'a', 'n', 'k', 'r', 'e', 'd', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "danla.nl", true */ 'd', 'a', 'n', 'l', 'a', '.', 'n', 'l', '\0',
+  /* "danmaby.com", true */ 'd', 'a', 'n', 'm', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "danmarksbedstefredagsbar.dk", true */ 'd', 'a', 'n', 'm', 'a', 'r', 'k', 's', 'b', 'e', 'd', 's', 't', 'e', 'f', 'r', 'e', 'd', 'a', 'g', 's', 'b', 'a', 'r', '.', 'd', 'k', '\0',
+  /* "danminkevitch.com", true */ 'd', 'a', 'n', 'm', 'i', 'n', 'k', 'e', 'v', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danna-salary.com", true */ 'd', 'a', 'n', 'n', 'a', '-', 's', 'a', 'l', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "danny.fm", true */ 'd', 'a', 'n', 'n', 'y', '.', 'f', 'm', '\0',
+  /* "dannyrohde.de", true */ 'd', 'a', 'n', 'n', 'y', 'r', 'o', 'h', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "dannystevens.co.uk", true */ 'd', 'a', 'n', 'n', 'y', 's', 't', 'e', 'v', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "danonsecurity.com", true */ 'd', 'a', 'n', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "danotage.tv", true */ 'd', 'a', 'n', 'o', 't', 'a', 'g', 'e', '.', 't', 'v', '\0',
+  /* "danova.de", true */ 'd', 'a', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "danoz.net", true */ 'd', 'a', 'n', 'o', 'z', '.', 'n', 'e', 't', '\0',
+  /* "danscomp.com", true */ 'd', 'a', 'n', 's', 'c', 'o', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "danselibre.net", true */ 'd', 'a', 'n', 's', 'e', 'l', 'i', 'b', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "danseressen.nl", true */ 'd', 'a', 'n', 's', 'e', 'r', 'e', 's', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "dansk-skole.de", true */ 'd', 'a', 'n', 's', 'k', '-', 's', 'k', 'o', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "danskoferie.dk", true */ 'd', 'a', 'n', 's', 'k', 'o', 'f', 'e', 'r', 'i', 'e', '.', 'd', 'k', '\0',
+  /* "danskringsporta.be", true */ 'd', 'a', 'n', 's', 'k', 'r', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', '.', 'b', 'e', '\0',
+  /* "dantransports.fr", true */ 'd', 'a', 'n', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 's', '.', 'f', 'r', '\0',
+  /* "danw.io", true */ 'd', 'a', 'n', 'w', '.', 'i', 'o', '\0',
+  /* "danwin1210.me", true */ 'd', 'a', 'n', 'w', 'i', 'n', '1', '2', '1', '0', '.', 'm', 'e', '\0',
+  /* "danyabanya.com", true */ 'd', 'a', 'n', 'y', 'a', 'b', 'a', 'n', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dao.spb.su", true */ 'd', 'a', 'o', '.', 's', 'p', 'b', '.', 's', 'u', '\0',
+  /* "daoro.net", true */ 'd', 'a', 'o', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "daphne.informatik.uni-freiburg.de", true */ 'd', 'a', 'p', 'h', 'n', 'e', '.', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'u', 'n', 'i', '-', 'f', 'r', 'e', 'i', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "dapim.co.il", true */ 'd', 'a', 'p', 'i', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "daplie.com", true */ 'd', 'a', 'p', 'l', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "daracokorilo.com", true */ 'd', 'a', 'r', 'a', 'c', 'o', 'k', 'o', 'r', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "daravk.ch", true */ 'd', 'a', 'r', 'a', 'v', 'k', '.', 'c', 'h', '\0',
+  /* "darbi.org", true */ 'd', 'a', 'r', 'b', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "darbtech.net", true */ 'd', 'a', 'r', 'b', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "darc-mak.de", true */ 'd', 'a', 'r', 'c', '-', 'm', 'a', 'k', '.', 'd', 'e', '\0',
+  /* "darchoods.net", false */ 'd', 'a', 'r', 'c', 'h', 'o', 'o', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "darcymarshall.com", true */ 'd', 'a', 'r', 'c', 'y', 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "daren.com.br", true */ 'd', 'a', 'r', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dareyou.be", true */ 'd', 'a', 'r', 'e', 'y', 'o', 'u', '.', 'b', 'e', '\0',
+  /* "darinkotter.com", true */ 'd', 'a', 'r', 'i', 'n', 'k', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "darioackermann.ch", true */ 'd', 'a', 'r', 'i', 'o', 'a', 'c', 'k', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'c', 'h', '\0',
+  /* "darioturchetti.me", true */ 'd', 'a', 'r', 'i', 'o', 't', 'u', 'r', 'c', 'h', 'e', 't', 't', 'i', '.', 'm', 'e', '\0',
+  /* "darisni.me", true */ 'd', 'a', 'r', 'i', 's', 'n', 'i', '.', 'm', 'e', '\0',
+  /* "dark-infection.de", true */ 'd', 'a', 'r', 'k', '-', 'i', 'n', 'f', 'e', 'c', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "dark-vision.cz", true */ 'd', 'a', 'r', 'k', '-', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "darkcores.net", true */ 'd', 'a', 'r', 'k', 'c', 'o', 'r', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "darkdestiny.ch", true */ 'd', 'a', 'r', 'k', 'd', 'e', 's', 't', 'i', 'n', 'y', '.', 'c', 'h', '\0',
+  /* "darkengine.io", true */ 'd', 'a', 'r', 'k', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'i', 'o', '\0',
+  /* "darkengine.net", true */ 'd', 'a', 'r', 'k', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "darkeststar.org", true */ 'd', 'a', 'r', 'k', 'e', 's', 't', 's', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "darkfire.ch", true */ 'd', 'a', 'r', 'k', 'f', 'i', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "darkishgreen.com", true */ 'd', 'a', 'r', 'k', 'i', 's', 'h', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "darknode.in", true */ 'd', 'a', 'r', 'k', 'n', 'o', 'd', 'e', '.', 'i', 'n', '\0',
+  /* "darkserver.fedoraproject.org", true */ 'd', 'a', 'r', 'k', 's', 'e', 'r', 'v', 'e', 'r', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "darkserver.stg.fedoraproject.org", true */ 'd', 'a', 'r', 'k', 's', 'e', 'r', 'v', 'e', 'r', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "darkshop.nl", true */ 'd', 'a', 'r', 'k', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "darkside.re", true */ 'd', 'a', 'r', 'k', 's', 'i', 'd', 'e', '.', 'r', 'e', '\0',
+  /* "darkspacelab.com", true */ 'd', 'a', 'r', 'k', 's', 'p', 'a', 'c', 'e', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "darktime.ru", true */ 'd', 'a', 'r', 'k', 't', 'i', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "darkwater.info", true */ 'd', 'a', 'r', 'k', 'w', 'a', 't', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "darkx.me", true */ 'd', 'a', 'r', 'k', 'x', '.', 'm', 'e', '\0',
+  /* "darlastudio66.com", true */ 'd', 'a', 'r', 'l', 'a', 's', 't', 'u', 'd', 'i', 'o', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "darom.jp", true */ 'd', 'a', 'r', 'o', 'm', '.', 'j', 'p', '\0',
+  /* "darookee.net", true */ 'd', 'a', 'r', 'o', 'o', 'k', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "daropia.org", true */ 'd', 'a', 'r', 'o', 'p', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "darrenm.net", true */ 'd', 'a', 'r', 'r', 'e', 'n', 'm', '.', 'n', 'e', 't', '\0',
+  /* "darrienworth.com", true */ 'd', 'a', 'r', 'r', 'i', 'e', 'n', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "darshnam.com", true */ 'd', 'a', 'r', 's', 'h', 'n', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dart-tanke.com", true */ 'd', 'a', 'r', 't', '-', 't', 'a', 'n', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dart-tanke.de", true */ 'd', 'a', 'r', 't', '-', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "darth-sonic.de", true */ 'd', 'a', 'r', 't', 'h', '-', 's', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "dartsdon.jp", true */ 'd', 'a', 'r', 't', 's', 'd', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "darwinkel.net", false */ 'd', 'a', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "daryl.moe", true */ 'd', 'a', 'r', 'y', 'l', '.', 'm', 'o', 'e', '\0',
+  /* "darylcumbo.net", true */ 'd', 'a', 'r', 'y', 'l', 'c', 'u', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "das-mediale-haus.de", true */ 'd', 'a', 's', '-', 'm', 'e', 'd', 'i', 'a', 'l', 'e', '-', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "das-sommercamp.de", true */ 'd', 'a', 's', '-', 's', 'o', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', '.', 'd', 'e', '\0',
+  /* "das-tyrol.at", true */ 'd', 'a', 's', '-', 't', 'y', 'r', 'o', 'l', '.', 'a', 't', '\0',
+  /* "dasgeestig.nl", true */ 'd', 'a', 's', 'g', 'e', 'e', 's', 't', 'i', 'g', '.', 'n', 'l', '\0',
+  /* "dashboard.run", true */ 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'r', 'u', 'n', '\0',
+  /* "dashboard.yt", true */ 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'y', 't', '\0',
+  /* "dashlane.com", true */ 'd', 'a', 's', 'h', 'l', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dashnearby.com", true */ 'd', 'a', 's', 'h', 'n', 'e', 'a', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dasinternetluegt.at", true */ 'd', 'a', 's', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'l', 'u', 'e', 'g', 't', '.', 'a', 't', '\0',
+  /* "data-detox.de", true */ 'd', 'a', 't', 'a', '-', 'd', 'e', 't', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "data.gov", true */ 'd', 'a', 't', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "data.govt.nz", true */ 'd', 'a', 't', 'a', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "data.world", true */ 'd', 'a', 't', 'a', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "databeam.de", true */ 'd', 'a', 't', 'a', 'b', 'e', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "databionix.com", true */ 'd', 'a', 't', 'a', 'b', 'i', 'o', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "databutlr.com", true */ 'd', 'a', 't', 'a', 'b', 'u', 't', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "databutlr.net", true */ 'd', 'a', 't', 'a', 'b', 'u', 't', 'l', 'r', '.', 'n', 'e', 't', '\0',
+  /* "datacalle.com", true */ 'd', 'a', 't', 'a', 'c', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datacandy.com", true */ 'd', 'a', 't', 'a', 'c', 'a', 'n', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "datacenternews.asia", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', 'n', 'e', 'w', 's', '.', 'a', 's', 'i', 'a', '\0',
+  /* "datacenternews.co.nz", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', 'n', 'e', 'w', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "datacentrenews.eu", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'r', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0',
+  /* "datacubed.com", true */ 'd', 'a', 't', 'a', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "datadit.hu", true */ 'd', 'a', 't', 'a', 'd', 'i', 't', '.', 'h', 'u', '\0',
+  /* "datadyne.technology", true */ 'd', 'a', 't', 'a', 'd', 'y', 'n', 'e', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "dataformers.at", true */ 'd', 'a', 't', 'a', 'f', 'o', 'r', 'm', 'e', 'r', 's', '.', 'a', 't', '\0',
+  /* "datahove.no", false */ 'd', 'a', 't', 'a', 'h', 'o', 'v', 'e', '.', 'n', 'o', '\0',
+  /* "dataisme.com", true */ 'd', 'a', 't', 'a', 'i', 's', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datajapan.co.jp", true */ 'd', 'a', 't', 'a', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "datakick.org", true */ 'd', 'a', 't', 'a', 'k', 'i', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "datalysis.ch", true */ 'd', 'a', 't', 'a', 'l', 'y', 's', 'i', 's', '.', 'c', 'h', '\0',
+  /* "datamatic.ru", true */ 'd', 'a', 't', 'a', 'm', 'a', 't', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "dataprotectionadvisors.com", true */ 'd', 'a', 't', 'a', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "datapun.ch", true */ 'd', 'a', 't', 'a', 'p', 'u', 'n', '.', 'c', 'h', '\0',
+  /* "datascience.ch", true */ 'd', 'a', 't', 'a', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "datascomemorativas.com.br", true */ 'd', 'a', 't', 'a', 's', 'c', 'o', 'm', 'e', 'm', 'o', 'r', 'a', 't', 'i', 'v', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "datasharesystem.com", true */ 'd', 'a', 't', 'a', 's', 'h', 'a', 'r', 'e', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dataskydd.net", true */ 'd', 'a', 't', 'a', 's', 'k', 'y', 'd', 'd', '.', 'n', 'e', 't', '\0',
+  /* "dataspace.pl", true */ 'd', 'a', 't', 'a', 's', 'p', 'a', 'c', 'e', '.', 'p', 'l', '\0',
+  /* "datastream.re", false */ 'd', 'a', 't', 'a', 's', 't', 'r', 'e', 'a', 'm', '.', 'r', 'e', '\0',
+  /* "dataswamp.org", true */ 'd', 'a', 't', 'a', 's', 'w', 'a', 'm', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "datatekniikka.fi", false */ 'd', 'a', 't', 'a', 't', 'e', 'k', 'n', 'i', 'i', 'k', 'k', 'a', '.', 'f', 'i', '\0',
+  /* "datateknologsektionen.se", true */ 'd', 'a', 't', 'a', 't', 'e', 'k', 'n', 'o', 'l', 'o', 'g', 's', 'e', 'k', 't', 'i', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0',
+  /* "datatree.nl", true */ 'd', 'a', 't', 'a', 't', 'r', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "datatruckers.com", true */ 'd', 'a', 't', 'a', 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "datatruckers.net", true */ 'd', 'a', 't', 'a', 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "datememe.com", true */ 'd', 'a', 't', 'e', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datengrab.xyz", true */ 'd', 'a', 't', 'e', 'n', 'g', 'r', 'a', 'b', '.', 'x', 'y', 'z', '\0',
+  /* "datenlast.de", true */ 'd', 'a', 't', 'e', 'n', 'l', 'a', 's', 't', '.', 'd', 'e', '\0',
+  /* "dateno1.com", true */ 'd', 'a', 't', 'e', 'n', 'o', '1', '.', 'c', 'o', 'm', '\0',
+  /* "datenreiter.org", true */ 'd', 'a', 't', 'e', 'n', 'r', 'e', 'i', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "datenschutz-individuell.de", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', '-', 'i', 'n', 'd', 'i', 'v', 'i', 'd', 'u', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "datenschutzgrundverordnung.de", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 'g', 'r', 'u', 'n', 'd', 'v', 'e', 'r', 'o', 'r', 'd', 'n', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "datenschutzhelden.org", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 'h', 'e', 'l', 'd', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "datenschutztag.org", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 't', 'a', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "datenwerkstatt.net", true */ 'd', 'a', 't', 'e', 'n', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "datewon.net", false */ 'd', 'a', 't', 'e', 'w', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "datine.com.br", true */ 'd', 'a', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "datingticino.ch", true */ 'd', 'a', 't', 'i', 'n', 'g', 't', 'i', 'c', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "datovyaudit.cz", true */ 'd', 'a', 't', 'o', 'v', 'y', 'a', 'u', 'd', 'i', 't', '.', 'c', 'z', '\0',
+  /* "datsound.ru", true */ 'd', 'a', 't', 's', 'o', 'u', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "datsumou-q.com", true */ 'd', 'a', 't', 's', 'u', 'm', 'o', 'u', '-', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "datumou-osusume.com", true */ 'd', 'a', 't', 'u', 'm', 'o', 'u', '-', 'o', 's', 'u', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datumou-recipe.com", true */ 'd', 'a', 't', 'u', 'm', 'o', 'u', '-', 'r', 'e', 'c', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "daubehosting.de", true */ 'd', 'a', 'u', 'b', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "dave-pearce.com", true */ 'd', 'a', 'v', 'e', '-', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "daveaglick.com", true */ 'd', 'a', 'v', 'e', 'a', 'g', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "davecardwell.com", true */ 'd', 'a', 'v', 'e', 'c', 'a', 'r', 'd', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "davelynes.com", true */ 'd', 'a', 'v', 'e', 'l', 'y', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "daveoc64.co.uk", true */ 'd', 'a', 'v', 'e', 'o', 'c', '6', '4', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "davepage.me.uk", true */ 'd', 'a', 'v', 'e', 'p', 'a', 'g', 'e', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "davepearce.com", true */ 'd', 'a', 'v', 'e', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "davescomputertips.com", true */ 'd', 'a', 'v', 'e', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "davesinclair.com.au", true */ 'd', 'a', 'v', 'e', 's', 'i', 'n', 'c', 'l', 'a', 'i', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "davetempleton.com", true */ 'd', 'a', 'v', 'e', 't', 'e', 'm', 'p', 'l', 'e', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "davevelopment.net", true */ 'd', 'a', 'v', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "davewardle.com", true */ 'd', 'a', 'v', 'e', 'w', 'a', 'r', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "david-corry.com", true */ 'd', 'a', 'v', 'i', 'd', '-', 'c', 'o', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "david-pearce.com", true */ 'd', 'a', 'v', 'i', 'd', '-', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "david-schiffmann.de", true */ 'd', 'a', 'v', 'i', 'd', '-', 's', 'c', 'h', 'i', 'f', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "david.kitchen", true */ 'd', 'a', 'v', 'i', 'd', '.', 'k', 'i', 't', 'c', 'h', 'e', 'n', '\0',
+  /* "davidadrian.org", true */ 'd', 'a', 'v', 'i', 'd', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "davidandersson.se", true */ 'd', 'a', 'v', 'i', 'd', 'a', 'n', 'd', 'e', 'r', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "davidcrx.net", true */ 'd', 'a', 'v', 'i', 'd', 'c', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "daviddever.net", true */ 'd', 'a', 'v', 'i', 'd', 'd', 'e', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "davidfrancoeur.com", true */ 'd', 'a', 'v', 'i', 'd', 'f', 'r', 'a', 'n', 'c', 'o', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "davidgouveia.net", true */ 'd', 'a', 'v', 'i', 'd', 'g', 'o', 'u', 'v', 'e', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "davidgow.net", true */ 'd', 'a', 'v', 'i', 'd', 'g', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "davidking.xyz", true */ 'd', 'a', 'v', 'i', 'd', 'k', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "davidlillo.com", true */ 'd', 'a', 'v', 'i', 'd', 'l', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "davidlyness.com", true */ 'd', 'a', 'v', 'i', 'd', 'l', 'y', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "davidmcevoy.org.uk", true */ 'd', 'a', 'v', 'i', 'd', 'm', 'c', 'e', 'v', 'o', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "davidmessenger.co.uk", true */ 'd', 'a', 'v', 'i', 'd', 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "davidnadaski.com", true */ 'd', 'a', 'v', 'i', 'd', 'n', 'a', 'd', 'a', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "davidpearce.com", true */ 'd', 'a', 'v', 'i', 'd', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "davidpearce.org", true */ 'd', 'a', 'v', 'i', 'd', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "davidschadlich.com", true */ 'd', 'a', 'v', 'i', 'd', 's', 'c', 'h', 'a', 'd', 'l', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "davidschlachter.com", true */ 'd', 'a', 'v', 'i', 'd', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "davie3.com", true */ 'd', 'a', 'v', 'i', 'e', '3', '.', 'c', 'o', 'm', '\0',
+  /* "davimun.org", true */ 'd', 'a', 'v', 'i', 'm', 'u', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "davisroi.com", true */ 'd', 'a', 'v', 'i', 's', 'r', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "davo-usedcars.be", true */ 'd', 'a', 'v', 'o', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "davy-server.com", true */ 'd', 'a', 'v', 'y', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "daw.nz", true */ 'd', 'a', 'w', '.', 'n', 'z', '\0',
+  /* "dawnbringer.eu", true */ 'd', 'a', 'w', 'n', 'b', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "dawnbringer.net", true */ 'd', 'a', 'w', 'n', 'b', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dawson-floridavilla.co.uk", true */ 'd', 'a', 'w', 's', 'o', 'n', '-', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "day-peak.com", true */ 'd', 'a', 'y', '-', 'p', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "daylightpirates.org", true */ 'd', 'a', 'y', 'l', 'i', 'g', 'h', 't', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "dayman.net", true */ 'd', 'a', 'y', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "daysoftheyear.com", true */ 'd', 'a', 'y', 's', 'o', 'f', 't', 'h', 'e', 'y', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "db-sanity.com", true */ 'd', 'b', '-', 's', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "db-works.nl", true */ 'd', 'b', '-', 'w', 'o', 'r', 'k', 's', '.', 'n', 'l', '\0',
+  /* "dbapress.org", true */ 'd', 'b', 'a', 'p', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "dbaron.org", true */ 'd', 'b', 'a', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "dbas.cz", true */ 'd', 'b', 'a', 's', '.', 'c', 'z', '\0',
+  /* "dbdc.us", true */ 'd', 'b', 'd', 'c', '.', 'u', 's', '\0',
+  /* "dbentertainment.co.uk", true */ 'd', 'b', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dbgamestudio.com", true */ 'd', 'b', 'g', 'a', 'm', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dblcastles.co.uk", true */ 'd', 'b', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dbldub.net", true */ 'd', 'b', 'l', 'd', 'u', 'b', '.', 'n', 'e', 't', '\0',
+  /* "dblx.io", true */ 'd', 'b', 'l', 'x', '.', 'i', 'o', '\0',
+  /* "dbmteam.com", true */ 'd', 'b', 'm', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dborcard.com", true */ 'd', 'b', 'o', 'r', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dbpkg.com", true */ 'd', 'b', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dbpmedia.se", true */ 'd', 'b', 'p', 'm', 'e', 'd', 'i', 'a', '.', 's', 'e', '\0',
+  /* "dbq.com", true */ 'd', 'b', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "dbrgn.ch", true */ 'd', 'b', 'r', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "dbtsai.com", true */ 'd', 'b', 't', 's', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dbyz.co.uk", true */ 'd', 'b', 'y', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dc-occasies.be", true */ 'd', 'c', '-', 'o', 'c', 'c', 'a', 's', 'i', 'e', 's', '.', 'b', 'e', '\0',
+  /* "dc562.org", true */ 'd', 'c', '5', '6', '2', '.', 'o', 'r', 'g', '\0',
+  /* "dc585.info", true */ 'd', 'c', '5', '8', '5', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dcards.in.th", true */ 'd', 'c', 'a', 'r', 'd', 's', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "dcautomacao.com.br", true */ 'd', 'c', 'a', 'u', 't', 'o', 'm', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dcbouncycastles.co.uk", true */ 'd', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dcc.cat", true */ 'd', 'c', 'c', '.', 'c', 'a', 't', '\0',
+  /* "dcepler.net", true */ 'd', 'c', 'e', 'p', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dchatelain.ch", true */ 'd', 'c', 'h', 'a', 't', 'e', 'l', 'a', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "dchest.org", true */ 'd', 'c', 'h', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "dckd.nl", true */ 'd', 'c', 'k', 'd', '.', 'n', 'l', '\0',
+  /* "dclaisse.fr", true */ 'd', 'c', 'l', 'a', 'i', 's', 's', 'e', '.', 'f', 'r', '\0',
+  /* "dcmt.co", true */ 'd', 'c', 'm', 't', '.', 'c', 'o', '\0',
+  /* "dcrdev.com", true */ 'd', 'c', 'r', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "dd.art.pl", true */ 'd', 'd', '.', 'a', 'r', 't', '.', 'p', 'l', '\0',
+  /* "ddel.de", true */ 'd', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "dden.ca", false */ 'd', 'd', 'e', 'n', '.', 'c', 'a', '\0',
+  /* "ddfreedish.site", false */ 'd', 'd', 'f', 'r', 'e', 'e', 'd', 'i', 's', 'h', '.', 's', 'i', 't', 'e', '\0',
+  /* "ddhosted.com", true */ 'd', 'd', 'h', 'o', 's', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ddmeportal.com", true */ 'd', 'd', 'm', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ddns-anbieter.de", true */ 'd', 'd', 'n', 's', '-', 'a', 'n', 'b', 'i', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ddocu.me", true */ 'd', 'd', 'o', 'c', 'u', '.', 'm', 'e', '\0',
+  /* "ddos-mitigation.co.uk", true */ 'd', 'd', 'o', 's', '-', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ddos-mitigation.info", true */ 'd', 'd', 'o', 's', '-', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ddracepro.net", true */ 'd', 'd', 'r', 'a', 'c', 'e', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "dds.mil", true */ 'd', 'd', 's', '.', 'm', 'i', 'l', '\0',
+  /* "de-mail.info", true */ 'd', 'e', '-', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "de-medici.nl", true */ 'd', 'e', '-', 'm', 'e', 'd', 'i', 'c', 'i', '.', 'n', 'l', '\0',
+  /* "de-rwa.de", true */ 'd', 'e', '-', 'r', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "de-spil.be", true */ 'd', 'e', '-', 's', 'p', 'i', 'l', '.', 'b', 'e', '\0',
+  /* "de.search.yahoo.com", false */ 'd', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "deadbeef.ninja", true */ 'd', 'e', 'a', 'd', 'b', 'e', 'e', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "deadc0de.re", true */ 'd', 'e', 'a', 'd', 'c', '0', 'd', 'e', '.', 'r', 'e', '\0',
+  /* "deadmann.com", true */ 'd', 'e', 'a', 'd', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "deaf.dating", true */ 'd', 'e', 'a', 'f', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "deaf.eu.org", true */ 'd', 'e', 'a', 'f', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "deai-life.biz", true */ 'd', 'e', 'a', 'i', '-', 'l', 'i', 'f', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "deaktualisierung.org", false */ 'd', 'e', 'a', 'k', 't', 'u', 'a', 'l', 'i', 's', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "dealapp.nl", true */ 'd', 'e', 'a', 'l', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "dealbanana.at", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'a', 't', '\0',
+  /* "dealbanana.be", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'b', 'e', '\0',
+  /* "dealbanana.ch", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "dealbanana.co.uk", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dealbanana.com", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dealbanana.de", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "dealbanana.fi", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'f', 'i', '\0',
+  /* "dealbanana.fr", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'f', 'r', '\0',
+  /* "dealbanana.it", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'i', 't', '\0',
+  /* "dealbanana.se", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 's', 'e', '\0',
+  /* "dealcruiser.nl", true */ 'd', 'e', 'a', 'l', 'c', 'r', 'u', 'i', 's', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "dealinflatables.co.uk", true */ 'd', 'e', 'a', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dealpass.no", true */ 'd', 'e', 'a', 'l', 'p', 'a', 's', 's', '.', 'n', 'o', '\0',
+  /* "deamuseum.org", true */ 'd', 'e', 'a', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "deanbank.com", true */ 'd', 'e', 'a', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "deanjerkovich.com", true */ 'd', 'e', 'a', 'n', 'j', 'e', 'r', 'k', 'o', 'v', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "deanmorgan.org", true */ 'd', 'e', 'a', 'n', 'm', 'o', 'r', 'g', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "deano-s.co.uk", true */ 'd', 'e', 'a', 'n', 'o', '-', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deanosplace.net", true */ 'd', 'e', 'a', 'n', 'o', 's', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "deanpearce.net", true */ 'd', 'e', 'a', 'n', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dearfcc.com", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dearfcc.net", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'n', 'e', 't', '\0',
+  /* "dearfcc.org", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "dearnevalleybouncycastles.co.uk", true */ 'd', 'e', 'a', 'r', 'n', 'e', 'v', 'a', 'l', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deathy.ro", true */ 'd', 'e', 'a', 't', 'h', 'y', '.', 'r', 'o', '\0',
+  /* "debie-usedcars.be", true */ 'd', 'e', 'b', 'i', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "debigare.com", true */ 'd', 'e', 'b', 'i', 'g', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "debitoutil.com", true */ 'd', 'e', 'b', 'i', 't', 'o', 'u', 't', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "debitpaie.com", true */ 'd', 'e', 'b', 'i', 't', 'p', 'a', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "deborahmarinelli.eu", true */ 'd', 'e', 'b', 'o', 'r', 'a', 'h', 'm', 'a', 'r', 'i', 'n', 'e', 'l', 'l', 'i', '.', 'e', 'u', '\0',
+  /* "debron-ot.nl", true */ 'd', 'e', 'b', 'r', 'o', 'n', '-', 'o', 't', '.', 'n', 'l', '\0',
+  /* "debrusoft.ch", true */ 'd', 'e', 'b', 'r', 'u', 's', 'o', 'f', 't', '.', 'c', 'h', '\0',
+  /* "debt.com", true */ 'd', 'e', 'b', 't', '.', 'c', 'o', 'm', '\0',
+  /* "debtrecycling.com.au", true */ 'd', 'e', 'b', 't', 'r', 'e', 'c', 'y', 'c', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "debuemon.com", true */ 'd', 'e', 'b', 'u', 'e', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "debuis.nl", true */ 'd', 'e', 'b', 'u', 'i', 's', '.', 'n', 'l', '\0',
+  /* "decalquai.ch", true */ 'd', 'e', 'c', 'a', 'l', 'q', 'u', 'a', 'i', '.', 'c', 'h', '\0',
+  /* "decentralizedweb.net", true */ 'd', 'e', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'i', 'z', 'e', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "dechat.nl", true */ 'd', 'e', 'c', 'h', 'a', 't', '.', 'n', 'l', '\0',
+  /* "decidetreatment.org", true */ 'd', 'e', 'c', 'i', 'd', 'e', 't', 'r', 'e', 'a', 't', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "decock-usedcars.be", true */ 'd', 'e', 'c', 'o', 'c', 'k', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "decodeanddestroy.com", true */ 'd', 'e', 'c', 'o', 'd', 'e', 'a', 'n', 'd', 'd', 'e', 's', 't', 'r', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "decoder.link", true */ 'd', 'e', 'c', 'o', 'd', 'e', 'r', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "decomplify.com", true */ 'd', 'e', 'c', 'o', 'm', 'p', 'l', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "decor-d.com", true */ 'd', 'e', 'c', 'o', 'r', '-', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "decoraid.com", true */ 'd', 'e', 'c', 'o', 'r', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "decoratrix.com", true */ 'd', 'e', 'c', 'o', 'r', 'a', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "decorauvent.ca", true */ 'd', 'e', 'c', 'o', 'r', 'a', 'u', 'v', 'e', 'n', 't', '.', 'c', 'a', '\0',
+  /* "decorestilo.com.br", true */ 'd', 'e', 'c', 'o', 'r', 'e', 's', 't', 'i', 'l', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "decorincasa.com.br", true */ 'd', 'e', 'c', 'o', 'r', 'i', 'n', 'c', 'a', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "decormiernissanparts.com", true */ 'd', 'e', 'c', 'o', 'r', 'm', 'i', 'e', 'r', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "decosoftware.com", true */ 'd', 'e', 'c', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "decrousaz-ceramique.ch", true */ 'd', 'e', 'c', 'r', 'o', 'u', 's', 'a', 'z', '-', 'c', 'e', 'r', 'a', 'm', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "decstasy.de", true */ 'd', 'e', 'c', 's', 't', 'a', 's', 'y', '.', 'd', 'e', '\0',
+  /* "dede.ml", true */ 'd', 'e', 'd', 'e', '.', 'm', 'l', '\0',
+  /* "dedelta.net", true */ 'd', 'e', 'd', 'e', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "dedimax.de", true */ 'd', 'e', 'd', 'i', 'm', 'a', 'x', '.', 'd', 'e', '\0',
+  /* "dedmorozrzn.ru", true */ 'd', 'e', 'd', 'm', 'o', 'r', 'o', 'z', 'r', 'z', 'n', '.', 'r', 'u', '\0',
+  /* "deduijventil.nl", true */ 'd', 'e', 'd', 'u', 'i', 'j', 'v', 'e', 'n', 't', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "dee.pe", true */ 'd', 'e', 'e', '.', 'p', 'e', '\0',
+  /* "dee.su", true */ 'd', 'e', 'e', '.', 's', 'u', '\0',
+  /* "deegeeinflatables.co.uk", true */ 'd', 'e', 'e', 'g', 'e', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deep.club", true */ 'd', 'e', 'e', 'p', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "deeparamaraj.com", true */ 'd', 'e', 'e', 'p', 'a', 'r', 'a', 'm', 'a', 'r', 'a', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "deepbluecrafting.co.uk", true */ 'd', 'e', 'e', 'p', 'b', 'l', 'u', 'e', 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deephill.com", true */ 'd', 'e', 'e', 'p', 'h', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "deepserve.info", true */ 'd', 'e', 'e', 'p', 's', 'e', 'r', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "deepsouthsounds.com", true */ 'd', 'e', 'e', 'p', 's', 'o', 'u', 't', 'h', 's', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "deepvalley.tech", true */ 'd', 'e', 'e', 'p', 'v', 'a', 'l', 'l', 'e', 'y', '.', 't', 'e', 'c', 'h', '\0',
+  /* "deepzz.com", true */ 'd', 'e', 'e', 'p', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "deer.team", true */ 'd', 'e', 'e', 'r', '.', 't', 'e', 'a', 'm', '\0',
+  /* "deezeno.com", true */ 'd', 'e', 'e', 'z', 'e', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "def-pos.ru", true */ 'd', 'e', 'f', '-', 'p', 'o', 's', '.', 'r', 'u', '\0',
+  /* "defcon.org", true */ 'd', 'e', 'f', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "defendas.com", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "defender-pro.com", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'e', 'r', '-', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "defendinnovation.org", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "defero.io", true */ 'd', 'e', 'f', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "defi-metier.com", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "defi-metier.fr", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "defi-metier.org", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "defi-metiers.com", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "defi-metiers.fr", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "defi-metiers.org", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "defimetier.fr", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "defimetier.org", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "defimetiers.com", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "defimetiers.fr", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "deflect.ca", true */ 'd', 'e', 'f', 'l', 'e', 'c', 't', '.', 'c', 'a', '\0',
+  /* "defman.me", true */ 'd', 'e', 'f', 'm', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "defme.eu", true */ 'd', 'e', 'f', 'm', 'e', '.', 'e', 'u', '\0',
+  /* "defont.nl", true */ 'd', 'e', 'f', 'o', 'n', 't', '.', 'n', 'l', '\0',
+  /* "defrax.com", true */ 'd', 'e', 'f', 'r', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "defrax.de", true */ 'd', 'e', 'f', 'r', 'a', 'x', '.', 'd', 'e', '\0',
+  /* "deftek.com", true */ 'd', 'e', 'f', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "deftnerd.com", true */ 'd', 'e', 'f', 't', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "defuse.ca", true */ 'd', 'e', 'f', 'u', 's', 'e', '.', 'c', 'a', '\0',
+  /* "defxing.net", true */ 'd', 'e', 'f', 'x', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "degata.com", true */ 'd', 'e', 'g', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "degeberg.com", true */ 'd', 'e', 'g', 'e', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "degeberg.dk", true */ 'd', 'e', 'g', 'e', 'b', 'e', 'r', 'g', '.', 'd', 'k', '\0',
+  /* "degen-elektrotechnik.de", true */ 'd', 'e', 'g', 'e', 'n', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "degoulet.net", true */ 'd', 'e', 'g', 'o', 'u', 'l', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "degraafschapdierenartsen.nl", true */ 'd', 'e', 'g', 'r', 'a', 'a', 'f', 's', 'c', 'h', 'a', 'p', 'd', 'i', 'e', 'r', 'e', 'n', 'a', 'r', 't', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "degracetechnologie.com", true */ 'd', 'e', 'g', 'r', 'a', 'c', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dehopre.com", true */ 'd', 'e', 'h', 'o', 'p', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dehydrated.de", true */ 'd', 'e', 'h', 'y', 'd', 'r', 'a', 't', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "deidee.nl", true */ 'd', 'e', 'i', 'd', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "deinballon.de", true */ 'd', 'e', 'i', 'n', 'b', 'a', 'l', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "deinewebsite.de", true */ 'd', 'e', 'i', 'n', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "deinfoto.ch", true */ 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "deitti.net", true */ 'd', 'e', 'i', 't', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "dejan.media", true */ 'd', 'e', 'j', 'a', 'n', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "dejandayoff.com", true */ 'd', 'e', 'j', 'a', 'n', 'd', 'a', 'y', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "dejure.org", true */ 'd', 'e', 'j', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "dejw.cz", true */ 'd', 'e', 'j', 'w', '.', 'c', 'z', '\0',
+  /* "dekasiba.com", true */ 'd', 'e', 'k', 'a', 's', 'i', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "delahrzolder.nl", true */ 'd', 'e', 'l', 'a', 'h', 'r', 'z', 'o', 'l', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "delbecqvo.be", true */ 'd', 'e', 'l', 'b', 'e', 'c', 'q', 'v', 'o', '.', 'b', 'e', '\0',
+  /* "delbrouck.ch", true */ 'd', 'e', 'l', 'b', 'r', 'o', 'u', 'c', 'k', '.', 'c', 'h', '\0',
+  /* "deleidscheflesch.nl", true */ 'd', 'e', 'l', 'e', 'i', 'd', 's', 'c', 'h', 'e', 'f', 'l', 'e', 's', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "delfic.org", true */ 'd', 'e', 'l', 'f', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "delhionlinegifts.com", true */ 'd', 'e', 'l', 'h', 'i', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "deliandiver.org", true */ 'd', 'e', 'l', 'i', 'a', 'n', 'd', 'i', 'v', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "deliberatedigital.com", true */ 'd', 'e', 'l', 'i', 'b', 'e', 'r', 'a', 't', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "deliciisanatoase.ro", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'i', 's', 'a', 'n', 'a', 't', 'o', 'a', 's', 'e', '.', 'r', 'o', '\0',
+  /* "deliciousmedia.co.uk", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'o', 'u', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "delicioustable.com", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'o', 'u', 's', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "delitto.top", true */ 'd', 'e', 'l', 'i', 't', 't', 'o', '.', 't', 'o', 'p', '\0',
+  /* "deliver.moe", true */ 'd', 'e', 'l', 'i', 'v', 'e', 'r', '.', 'm', 'o', 'e', '\0',
+  /* "delivery.co.at", true */ 'd', 'e', 'l', 'i', 'v', 'e', 'r', 'y', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "dellipaoli.com", true */ 'd', 'e', 'l', 'l', 'i', 'p', 'a', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "delogo.nl", true */ 'd', 'e', 'l', 'o', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "delphine.dance", true */ 'd', 'e', 'l', 'p', 'h', 'i', 'n', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0',
+  /* "delta-data.ch", true */ 'd', 'e', 'l', 't', 'a', '-', 'd', 'a', 't', 'a', '.', 'c', 'h', '\0',
+  /* "delta-smart.ch", true */ 'd', 'e', 'l', 't', 'a', '-', 's', 'm', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "delta.ru", true */ 'd', 'e', 'l', 't', 'a', '.', 'r', 'u', '\0',
+  /* "delta23.de", true */ 'd', 'e', 'l', 't', 'a', '2', '3', '.', 'd', 'e', '\0',
+  /* "deltaacademy.org", true */ 'd', 'e', 'l', 't', 'a', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "deltadata.ch", true */ 'd', 'e', 'l', 't', 'a', 'd', 'a', 't', 'a', '.', 'c', 'h', '\0',
+  /* "deltasmart.ch", true */ 'd', 'e', 'l', 't', 'a', 's', 'm', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "deltava.org", true */ 'd', 'e', 'l', 't', 'a', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "demandware.com", true */ 'd', 'e', 'm', 'a', 'n', 'd', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "demarche-expresse.com", true */ 'd', 'e', 'm', 'a', 'r', 'c', 'h', 'e', '-', 'e', 'x', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "demarle.ch", true */ 'd', 'e', 'm', 'a', 'r', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "dementiapraecox.de", true */ 'd', 'e', 'm', 'e', 'n', 't', 'i', 'a', 'p', 'r', 'a', 'e', 'c', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "demeyere-usedcars.be", true */ 'd', 'e', 'm', 'e', 'y', 'e', 'r', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "demfloro.ru", true */ 'd', 'e', 'm', 'f', 'l', 'o', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "demijn.nl", true */ 'd', 'e', 'm', 'i', 'j', 'n', '.', 'n', 'l', '\0',
+  /* "demilletech.net", true */ 'd', 'e', 'm', 'i', 'l', 'l', 'e', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "demo.sb", true */ 'd', 'e', 'm', 'o', '.', 's', 'b', '\0',
+  /* "demo.swedbank.se", true */ 'd', 'e', 'm', 'o', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "demo9.ovh", true */ 'd', 'e', 'm', 'o', '9', '.', 'o', 'v', 'h', '\0',
+  /* "democracy.io", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'i', 'o', '\0',
+  /* "democracychronicles.com", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', 'c', 'h', 'r', 'o', 'n', 'i', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "democracyineurope.eu", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', 'i', 'n', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0',
+  /* "democraticdifference.com", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'c', 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "democraziaineuropa.eu", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'z', 'i', 'a', 'i', 'n', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'e', 'u', '\0',
+  /* "demoniak.ch", true */ 'd', 'e', 'm', 'o', 'n', 'i', 'a', 'k', '.', 'c', 'h', '\0',
+  /* "demonwav.com", true */ 'd', 'e', 'm', 'o', 'n', 'w', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "demonwolfdev.com", true */ 'd', 'e', 'm', 'o', 'n', 'w', 'o', 'l', 'f', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "demotivatorbi.ru", true */ 'd', 'e', 'm', 'o', 't', 'i', 'v', 'a', 't', 'o', 'r', 'b', 'i', '.', 'r', 'u', '\0',
+  /* "demuzere.be", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "demuzere.com", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "demuzere.eu", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "demuzere.net", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "demuzere.org", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "denabot.pw", true */ 'd', 'e', 'n', 'a', 'b', 'o', 't', '.', 'p', 'w', '\0',
+  /* "denaehula.com", true */ 'd', 'e', 'n', 'a', 'e', 'h', 'u', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "denardbrewing.com", true */ 'd', 'e', 'n', 'a', 'r', 'd', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dengchangdong.com", true */ 'd', 'e', 'n', 'g', 'c', 'h', 'a', 'n', 'g', 'd', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dengode.eu", true */ 'd', 'e', 'n', 'g', 'o', 'd', 'e', '.', 'e', 'u', '\0',
+  /* "denimio.com", true */ 'd', 'e', 'n', 'i', 'm', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "denimtoday.com", true */ 'd', 'e', 'n', 'i', 'm', 't', 'o', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "denis-martinez.photos", true */ 'd', 'e', 'n', 'i', 's', '-', 'm', 'a', 'r', 't', 'i', 'n', 'e', 'z', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "denisewakeman.com", true */ 'd', 'e', 'n', 'i', 's', 'e', 'w', 'a', 'k', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "denistruffaut.fr", true */ 'd', 'e', 'n', 'i', 's', 't', 'r', 'u', 'f', 'f', 'a', 'u', 't', '.', 'f', 'r', '\0',
+  /* "deniszczuk.pl", true */ 'd', 'e', 'n', 'i', 's', 'z', 'c', 'z', 'u', 'k', '.', 'p', 'l', '\0',
+  /* "dennisang.com", true */ 'd', 'e', 'n', 'n', 'i', 's', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dennisdoes.net", false */ 'd', 'e', 'n', 'n', 'i', 's', 'd', 'o', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "denniskoot.nl", true */ 'd', 'e', 'n', 'n', 'i', 's', 'k', 'o', 'o', 't', '.', 'n', 'l', '\0',
+  /* "dennispotter.eu", true */ 'd', 'e', 'n', 'n', 'i', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "dennisvandenbos.nl", true */ 'd', 'e', 'n', 'n', 'i', 's', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "dennogumi.org", true */ 'd', 'e', 'n', 'n', 'o', 'g', 'u', 'm', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "denous.nl", true */ 'd', 'e', 'n', 'o', 'u', 's', '.', 'n', 'l', '\0',
+  /* "dent.uy", true */ 'd', 'e', 'n', 't', '.', 'u', 'y', '\0',
+  /* "dental-misaki.com", true */ 'd', 'e', 'n', 't', 'a', 'l', '-', 'm', 'i', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dentallaborgeraeteservice.de", true */ 'd', 'e', 'n', 't', 'a', 'l', 'l', 'a', 'b', 'o', 'r', 'g', 'e', 'r', 'a', 'e', 't', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "dentfix.ro", true */ 'd', 'e', 'n', 't', 'f', 'i', 'x', '.', 'r', 'o', '\0',
+  /* "dentistglasgow.com", true */ 'd', 'e', 'n', 't', 'i', 's', 't', 'g', 'l', 'a', 's', 'g', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "dentrassi.de", true */ 'd', 'e', 'n', 't', 'r', 'a', 's', 's', 'i', '.', 'd', 'e', '\0',
+  /* "dentystabirmingham.co.uk", true */ 'd', 'e', 'n', 't', 'y', 's', 't', 'a', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "denverphilharmonic.org", true */ 'd', 'e', 'n', 'v', 'e', 'r', 'p', 'h', 'i', 'l', 'h', 'a', 'r', 'm', 'o', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "deontology.com", true */ 'd', 'e', 'o', 'n', 't', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "depaddestoeltjes.be", true */ 'd', 'e', 'p', 'a', 'd', 'd', 'e', 's', 't', 'o', 'e', 'l', 't', 'j', 'e', 's', '.', 'b', 'e', '\0',
+  /* "depechemode-live.com", true */ 'd', 'e', 'p', 'e', 'c', 'h', 'e', 'm', 'o', 'd', 'e', '-', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "depedshs.com", true */ 'd', 'e', 'p', 'e', 'd', 's', 'h', 's', '.', 'c', 'o', 'm', '\0',
+  /* "depicus.com", true */ 'd', 'e', 'p', 'i', 'c', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "depone.net", true */ 'd', 'e', 'p', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "depotsquarekerrville.com", true */ 'd', 'e', 'p', 'o', 't', 's', 'q', 'u', 'a', 'r', 'e', 'k', 'e', 'r', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "depotter-usedcars.be", true */ 'd', 'e', 'p', 'o', 't', 't', 'e', 'r', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "deprecate.de", true */ 'd', 'e', 'p', 'r', 'e', 'c', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "deprobe.pro", true */ 'd', 'e', 'p', 'r', 'o', 'b', 'e', '.', 'p', 'r', 'o', '\0',
+  /* "depth-co.jp", true */ 'd', 'e', 'p', 't', 'h', '-', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "depthe.gr", true */ 'd', 'e', 'p', 't', 'h', 'e', '.', 'g', 'r', '\0',
+  /* "der-bank-blog.de", true */ 'd', 'e', 'r', '-', 'b', 'a', 'n', 'k', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "der-gardinenmann.de", true */ 'd', 'e', 'r', '-', 'g', 'a', 'r', 'd', 'i', 'n', 'e', 'n', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "der-rudi.eu", true */ 'd', 'e', 'r', '-', 'r', 'u', 'd', 'i', '.', 'e', 'u', '\0',
+  /* "der-stein-fluesterer.de", true */ 'd', 'e', 'r', '-', 's', 't', 'e', 'i', 'n', '-', 'f', 'l', 'u', 'e', 's', 't', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "derattizzazione.name", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "derattizzazioni.biz", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "derattizzazioni.org", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "derbybouncycastles.com", true */ 'd', 'e', 'r', 'b', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "derbyshire-language-scheme.co.uk", true */ 'd', 'e', 'r', 'b', 'y', 's', 'h', 'i', 'r', 'e', '-', 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e', '-', 's', 'c', 'h', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "derdewereldrommelmarkt.nl", true */ 'd', 'e', 'r', 'd', 'e', 'w', 'e', 'r', 'e', 'l', 'd', 'r', 'o', 'm', 'm', 'e', 'l', 'm', 'a', 'r', 'k', 't', '.', 'n', 'l', '\0',
+  /* "derechosdigitales.org", true */ 'd', 'e', 'r', 'e', 'c', 'h', 'o', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "dereferenced.net", true */ 'd', 'e', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "derehamcastles.co.uk", true */ 'd', 'e', 'r', 'e', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "derekkent.com", true */ 'd', 'e', 'r', 'e', 'k', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "derekseaman.com", true */ 'd', 'e', 'r', 'e', 'k', 's', 'e', 'a', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "derekseaman.studio", true */ 'd', 'e', 'r', 'e', 'k', 's', 'e', 'a', 'm', 'a', 'n', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "dergeilstestammderwelt.de", true */ 'd', 'e', 'r', 'g', 'e', 'i', 'l', 's', 't', 'e', 's', 't', 'a', 'm', 'm', 'd', 'e', 'r', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "derhil.de", true */ 'd', 'e', 'r', 'h', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "derive.cc", true */ 'd', 'e', 'r', 'i', 'v', 'e', '.', 'c', 'c', '\0',
+  /* "dermapuur.nl", true */ 'd', 'e', 'r', 'm', 'a', 'p', 'u', 'u', 'r', '.', 'n', 'l', '\0',
+  /* "dermatologie-morges.ch", true */ 'd', 'e', 'r', 'm', 'a', 't', 'o', 'l', 'o', 'g', 'i', 'e', '-', 'm', 'o', 'r', 'g', 'e', 's', '.', 'c', 'h', '\0',
+  /* "dermediq.nl", true */ 'd', 'e', 'r', 'm', 'e', 'd', 'i', 'q', '.', 'n', 'l', '\0',
+  /* "dermot.org.uk", true */ 'd', 'e', 'r', 'm', 'o', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "deroo.org", true */ 'd', 'e', 'r', 'o', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "derp.army", true */ 'd', 'e', 'r', 'p', '.', 'a', 'r', 'm', 'y', '\0',
+  /* "derre.fr", true */ 'd', 'e', 'r', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "derreichesack.com", true */ 'd', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 's', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dersix.com", true */ 'd', 'e', 'r', 's', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dersoundhunter.de", true */ 'd', 'e', 'r', 's', 'o', 'u', 'n', 'd', 'h', 'u', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "derstulle.de", true */ 'd', 'e', 'r', 's', 't', 'u', 'l', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "des-hommes-et-des-clous.com", true */ 'd', 'e', 's', '-', 'h', 'o', 'm', 'm', 'e', 's', '-', 'e', 't', '-', 'd', 'e', 's', '-', 'c', 'l', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "desagaz.com", true */ 'd', 'e', 's', 'a', 'g', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "desarrollowp.com", true */ 'd', 'e', 's', 'a', 'r', 'r', 'o', 'l', 'l', 'o', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "descartes-finance.com", true */ 'd', 'e', 's', 'c', 'a', 'r', 't', 'e', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "desec.io", true */ 'd', 'e', 's', 'e', 'c', '.', 'i', 'o', '\0',
+  /* "desertsounds.org", true */ 'd', 'e', 's', 'e', 'r', 't', 's', 'o', 'u', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "desgenst.ch", true */ 'd', 'e', 's', 'g', 'e', 'n', 's', 't', '.', 'c', 'h', '\0',
+  /* "design-fu.com", true */ 'd', 'e', 's', 'i', 'g', 'n', '-', 'f', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "design-tooning.de", true */ 'd', 'e', 's', 'i', 'g', 'n', '-', 't', 'o', 'o', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "designanyware.com.br", true */ 'd', 'e', 's', 'i', 'g', 'n', 'a', 'n', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "designdevs.eu", true */ 'd', 'e', 's', 'i', 'g', 'n', 'd', 'e', 'v', 's', '.', 'e', 'u', '\0',
+  /* "designed-cybersecurity.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'd', '-', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "designedcybersecurity.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'd', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "designer-drug.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '-', 'd', 'r', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "designgraphic.fr", true */ 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'a', 'p', 'h', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "designhotel-kronjuwel.de", true */ 'd', 'e', 's', 'i', 'g', 'n', 'h', 'o', 't', 'e', 'l', '-', 'k', 'r', 'o', 'n', 'j', 'u', 'w', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "designsbyjanith.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'b', 'y', 'j', 'a', 'n', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "designsbykerrialee.co.uk", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'b', 'y', 'k', 'e', 'r', 'r', 'i', 'a', 'l', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "designskin.ch", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'k', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "designville.cz", true */ 'd', 'e', 's', 'i', 'g', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'z', '\0',
+  /* "designville.sk", true */ 'd', 'e', 's', 'i', 'g', 'n', 'v', 'i', 'l', 'l', 'e', '.', 's', 'k', '\0',
+  /* "desila.jp", true */ 'd', 'e', 's', 'i', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "desktopfx.net", false */ 'd', 'e', 's', 'k', 't', 'o', 'p', 'f', 'x', '.', 'n', 'e', 't', '\0',
+  /* "deskture.com", true */ 'd', 'e', 's', 'k', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "desmaakvanplanten.be", true */ 'd', 'e', 's', 'm', 'a', 'a', 'k', 'v', 'a', 'n', 'p', 'l', 'a', 'n', 't', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "desmo.gg", true */ 'd', 'e', 's', 'm', 'o', '.', 'g', 'g', '\0',
+  /* "despertadoronline.com.es", true */ 'd', 'e', 's', 'p', 'e', 'r', 't', 'a', 'd', 'o', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'e', 's', '\0',
+  /* "desplats.com.ar", true */ 'd', 'e', 's', 'p', 'l', 'a', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "despotika.de", true */ 'd', 'e', 's', 'p', 'o', 't', 'i', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "dessinemoilademocratie.ch", true */ 'd', 'e', 's', 's', 'i', 'n', 'e', 'm', 'o', 'i', 'l', 'a', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "desterman.ru", true */ 'd', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "destileria.net.br", true */ 'd', 'e', 's', 't', 'i', 'l', 'e', 'r', 'i', 'a', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "destinationsofnewyorkstate.com", true */ 'd', 'e', 's', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', 's', 'o', 'f', 'n', 'e', 'w', 'y', 'o', 'r', 'k', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "destinattorneyjohngreene.com", true */ 'd', 'e', 's', 't', 'i', 'n', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 'j', 'o', 'h', 'n', 'g', 'r', 'e', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "desu.ne.jp", true */ 'd', 'e', 's', 'u', '.', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "det-te.ch", true */ 'd', 'e', 't', '-', 't', 'e', '.', 'c', 'h', '\0',
+  /* "detalhecomercio.com.br", true */ 'd', 'e', 't', 'a', 'l', 'h', 'e', 'c', 'o', 'm', 'e', 'r', 'c', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "detalyedesigngroup.com", true */ 'd', 'e', 't', 'a', 'l', 'y', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "detechnologiecooperatie.nl", true */ 'd', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 'c', 'o', 'o', 'p', 'e', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "detectify.com", false */ 'd', 'e', 't', 'e', 'c', 't', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "detekenmuze.nl", true */ 'd', 'e', 't', 'e', 'k', 'e', 'n', 'm', 'u', 'z', 'e', '.', 'n', 'l', '\0',
+  /* "dethemium.com", true */ 'd', 'e', 't', 'h', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dethikiemtra.com", true */ 'd', 'e', 't', 'h', 'i', 'k', 'i', 'e', 'm', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "detoxetmoi.com", true */ 'd', 'e', 't', 'o', 'x', 'e', 't', 'm', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "detoxsinutritie.ro", true */ 'd', 'e', 't', 'o', 'x', 's', 'i', 'n', 'u', 't', 'r', 'i', 't', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "detroit-english.de", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'd', 'e', '\0',
+  /* "detroitstylepizza.com", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', 's', 't', 'y', 'l', 'e', 'p', 'i', 'z', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "detroitzoo.org", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', 'z', 'o', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "detskysad.com", true */ 'd', 'e', 't', 's', 'k', 'y', 's', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "detuinmuze.nl", true */ 'd', 'e', 't', 'u', 'i', 'n', 'm', 'u', 'z', 'e', '.', 'n', 'l', '\0',
+  /* "detype.nl", true */ 'd', 'e', 't', 'y', 'p', 'e', '.', 'n', 'l', '\0',
+  /* "deude.de", true */ 'd', 'e', 'u', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "deurenfabriek.nl", true */ 'd', 'e', 'u', 'r', 'e', 'n', 'f', 'a', 'b', 'r', 'i', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "deusu.de", true */ 'd', 'e', 'u', 's', 'u', '.', 'd', 'e', '\0',
+  /* "deusu.org", true */ 'd', 'e', 'u', 's', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "deutsch-vietnamesisch-dolmetscher.com", true */ 'd', 'e', 'u', 't', 's', 'c', 'h', '-', 'v', 'i', 'e', 't', 'n', 'a', 'm', 'e', 's', 'i', 's', 'c', 'h', '-', 'd', 'o', 'l', 'm', 'e', 't', 's', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "deutschland-dsl.de", true */ 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '-', 'd', 's', 'l', '.', 'd', 'e', '\0',
+  /* "deux.solutions", true */ 'd', 'e', 'u', 'x', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "deuxsol.co", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', '.', 'c', 'o', '\0',
+  /* "deuxsol.com", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "deuxsolutions.com", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dev-brandywineglobal.com", true */ 'd', 'e', 'v', '-', 'b', 'r', 'a', 'n', 'd', 'y', 'w', 'i', 'n', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dev-pulse-mtn.pantheonsite.io", true */ 'd', 'e', 'v', '-', 'p', 'u', 'l', 's', 'e', '-', 'm', 't', 'n', '.', 'p', 'a', 'n', 't', 'h', 'e', 'o', 'n', 's', 'i', 't', 'e', '.', 'i', 'o', '\0',
+  /* "dev-talk.net", true */ 'd', 'e', 'v', '-', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0',
+  /* "devafterdark.com", true */ 'd', 'e', 'v', 'a', 'f', 't', 'e', 'r', 'd', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "devalps.eu", true */ 'd', 'e', 'v', 'a', 'l', 'p', 's', '.', 'e', 'u', '\0',
+  /* "devb.nl", true */ 'd', 'e', 'v', 'b', '.', 'n', 'l', '\0',
+  /* "devcast.io", true */ 'd', 'e', 'v', 'c', 'a', 's', 't', '.', 'i', 'o', '\0',
+  /* "devct.cz", false */ 'd', 'e', 'v', 'c', 't', '.', 'c', 'z', '\0',
+  /* "devcu.com", true */ 'd', 'e', 'v', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "devdesco.com", true */ 'd', 'e', 'v', 'd', 'e', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "devdom.io", true */ 'd', 'e', 'v', 'd', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "devdoodle.net", true */ 'd', 'e', 'v', 'd', 'o', 'o', 'd', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "devel.cz", true */ 'd', 'e', 'v', 'e', 'l', '.', 'c', 'z', '\0',
+  /* "develop.cool", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', '.', 'c', 'o', 'o', 'l', '\0',
+  /* "developer.android.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "developer.mydigipass.com", false */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "developerfair.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "developermail.io", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'i', 'o', '\0',
+  /* "developers.facebook.com", false */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "developfx.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'f', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "developmentaid.org", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 'a', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "developmentsites.melbourne", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', 'i', 't', 'e', 's', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "develux.com", true */ 'd', 'e', 'v', 'e', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "develux.net", true */ 'd', 'e', 'v', 'e', 'l', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "devenney.io", true */ 'd', 'e', 'v', 'e', 'n', 'n', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "devh.de", true */ 'd', 'e', 'v', 'h', '.', 'd', 'e', '\0',
+  /* "devh.net", true */ 'd', 'e', 'v', 'h', '.', 'n', 'e', 't', '\0',
+  /* "deviant.email", true */ 'd', 'e', 'v', 'i', 'a', 'n', 't', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "devillers-occasions.be", true */ 'd', 'e', 'v', 'i', 'l', 'l', 'e', 'r', 's', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "devilshakerz.com", true */ 'd', 'e', 'v', 'i', 'l', 's', 'h', 'a', 'k', 'e', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "deviltracks.net", true */ 'd', 'e', 'v', 'i', 'l', 't', 'r', 'a', 'c', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "devinfo.net", false */ 'd', 'e', 'v', 'i', 'n', 'f', 'o', '.', 'n', 'e', 't', '\0',
+  /* "devisnow.fr", true */ 'd', 'e', 'v', 'i', 's', 'n', 'o', 'w', '.', 'f', 'r', '\0',
+  /* "devjack.de", true */ 'd', 'e', 'v', 'j', 'a', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "devkit.cc", true */ 'd', 'e', 'v', 'k', 'i', 't', '.', 'c', 'c', '\0',
+  /* "devklog.net", true */ 'd', 'e', 'v', 'k', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "devlamvzw.org", true */ 'd', 'e', 'v', 'l', 'a', 'm', 'v', 'z', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "devlatron.net", true */ 'd', 'e', 'v', 'l', 'a', 't', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "devlogr.com", true */ 'd', 'e', 'v', 'l', 'o', 'g', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "devlux.ch", true */ 'd', 'e', 'v', 'l', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "devolution.ws", true */ 'd', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'w', 's', '\0',
+  /* "devonsawatzky.ca", true */ 'd', 'e', 'v', 'o', 'n', 's', 'a', 'w', 'a', 't', 'z', 'k', 'y', '.', 'c', 'a', '\0',
+  /* "devops-survey.com", true */ 'd', 'e', 'v', 'o', 'p', 's', '-', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "devpgsv.com", true */ 'd', 'e', 'v', 'p', 'g', 's', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "devpsy.info", true */ 'd', 'e', 'v', 'p', 's', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "devstaff.gr", true */ 'd', 'e', 'v', 's', 't', 'a', 'f', 'f', '.', 'g', 'r', '\0',
+  /* "devyn.ca", true */ 'd', 'e', 'v', 'y', 'n', '.', 'c', 'a', '\0',
+  /* "devzero.io", true */ 'd', 'e', 'v', 'z', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "dewalch.net", true */ 'd', 'e', 'w', 'a', 'l', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "dewapress.com", true */ 'd', 'e', 'w', 'a', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dexalo.de", true */ 'd', 'e', 'x', 'a', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "dezeregio.nl", true */ 'd', 'e', 'z', 'e', 'r', 'e', 'g', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "dezet-ev.de", true */ 'd', 'e', 'z', 'e', 't', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "dezintranet.com", true */ 'd', 'e', 'z', 'i', 'n', 't', 'r', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dezmembrariromania.ro", true */ 'd', 'e', 'z', 'm', 'e', 'm', 'b', 'r', 'a', 'r', 'i', 'r', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'r', 'o', '\0',
+  /* "dezshop24.de", true */ 'd', 'e', 'z', 's', 'h', 'o', 'p', '2', '4', '.', 'd', 'e', '\0',
+  /* "df1paw.de", true */ 'd', 'f', '1', 'p', 'a', 'w', '.', 'd', 'e', '\0',
+  /* "dfctaiwan.org", true */ 'd', 'f', 'c', 't', 'a', 'i', 'w', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "dfekt.no", true */ 'd', 'f', 'e', 'k', 't', '.', 'n', 'o', '\0',
+  /* "dfektlan.no", true */ 'd', 'f', 'e', 'k', 't', 'l', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "dfixit.com", true */ 'd', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dfl.mn", true */ 'd', 'f', 'l', '.', 'm', 'n', '\0',
+  /* "dflcares.com", true */ 'd', 'f', 'l', 'c', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dfmn.berlin", true */ 'd', 'f', 'm', 'n', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "dfranke.com", true */ 'd', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dgbouncycastlehire.com", true */ 'd', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dgby.org", true */ 'd', 'g', 'b', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "dgeex.eu", true */ 'd', 'g', 'e', 'e', 'x', '.', 'e', 'u', '\0',
+  /* "dgitup.com", true */ 'd', 'g', 'i', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dgportals.co.uk", true */ 'd', 'g', 'p', 'o', 'r', 't', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dgpot.com", true */ 'd', 'g', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dgt-portal.de", true */ 'd', 'g', 't', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "dgx.io", true */ 'd', 'g', 'x', '.', 'i', 'o', '\0',
+  /* "dhautefeuille.eu", true */ 'd', 'h', 'a', 'u', 't', 'e', 'f', 'e', 'u', 'i', 'l', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "dhauwer.nl", true */ 'd', 'h', 'a', 'u', 'w', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "dhconcept.ch", true */ 'd', 'h', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'h', '\0',
+  /* "dheart.net", true */ 'd', 'h', 'e', 'a', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "dhedegaard.dk", true */ 'd', 'h', 'e', 'd', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "dhhs.gov", true */ 'd', 'h', 'h', 's', '.', 'g', 'o', 'v', '\0',
+  /* "dhinflatables.co.uk", true */ 'd', 'h', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dhlcotizadorexpo-qa.azurewebsites.net", true */ 'd', 'h', 'l', 'c', 'o', 't', 'i', 'z', 'a', 'd', 'o', 'r', 'e', 'x', 'p', 'o', '-', 'q', 'a', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "dhlinux.org", true */ 'd', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dhome.at", true */ 'd', 'h', 'o', 'm', 'e', '.', 'a', 't', '\0',
+  /* "dhxxls.com", true */ 'd', 'h', 'x', 'x', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "di2pra.com", true */ 'd', 'i', '2', 'p', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "di2pra.fr", true */ 'd', 'i', '2', 'p', 'r', 'a', '.', 'f', 'r', '\0',
+  /* "diabolic.chat", true */ 'd', 'i', 'a', 'b', 'o', 'l', 'i', 'c', '.', 'c', 'h', 'a', 't', '\0',
+  /* "diadorafitness.es", true */ 'd', 'i', 'a', 'd', 'o', 'r', 'a', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'e', 's', '\0',
+  /* "diadorafitness.it", true */ 'd', 'i', 'a', 'd', 'o', 'r', 'a', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'i', 't', '\0',
+  /* "diagnocentro.cl", true */ 'd', 'i', 'a', 'g', 'n', 'o', 'c', 'e', 'n', 't', 'r', 'o', '.', 'c', 'l', '\0',
+  /* "diagnostix.org", true */ 'd', 'i', 'a', 'g', 'n', 'o', 's', 't', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dialoegue.com", true */ 'd', 'i', 'a', 'l', 'o', 'e', 'g', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diamante.ro", true */ 'd', 'i', 'a', 'm', 'a', 'n', 't', 'e', '.', 'r', 'o', '\0',
+  /* "diamondpkg.org", true */ 'd', 'i', 'a', 'm', 'o', 'n', 'd', 'p', 'k', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "diamondyze.nl", true */ 'd', 'i', 'a', 'm', 'o', 'n', 'd', 'y', 'z', 'e', '.', 'n', 'l', '\0',
+  /* "diamorphine.com", true */ 'd', 'i', 'a', 'm', 'o', 'r', 'p', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diamsmedia.ch", true */ 'd', 'i', 'a', 'm', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "dianefriedli.ch", true */ 'd', 'i', 'a', 'n', 'e', 'f', 'r', 'i', 'e', 'd', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "dianurse.com", true */ 'd', 'i', 'a', 'n', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diare-na-miru.cz", true */ 'd', 'i', 'a', 'r', 'e', '-', 'n', 'a', '-', 'm', 'i', 'r', 'u', '.', 'c', 'z', '\0',
+  /* "diario-egipto.com", true */ 'd', 'i', 'a', 'r', 'i', 'o', '-', 'e', 'g', 'i', 'p', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "diasdasemana.com", true */ 'd', 'i', 'a', 's', 'd', 'a', 's', 'e', 'm', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "diasp.org", true */ 'd', 'i', 'a', 's', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "diasporadialogues.com", true */ 'd', 'i', 'a', 's', 'p', 'o', 'r', 'a', 'd', 'i', 'a', 'l', 'o', 'g', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "diavo.de", true */ 'd', 'i', 'a', 'v', 'o', '.', 'd', 'e', '\0',
+  /* "dibiphp.com", true */ 'd', 'i', 'b', 'i', 'p', 'h', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "diccionarioabierto.com", true */ 'd', 'i', 'c', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'a', 'b', 'i', 'e', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "diccionariodedudas.com", true */ 'd', 'i', 'c', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'd', 'u', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dice.tokyo", true */ 'd', 'i', 'c', 'e', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "dichgans-besserer.de", true */ 'd', 'i', 'c', 'h', 'g', 'a', 'n', 's', '-', 'b', 'e', 's', 's', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dichvudangkygiayphep.com", true */ 'd', 'i', 'c', 'h', 'v', 'u', 'd', 'a', 'n', 'g', 'k', 'y', 'g', 'i', 'a', 'y', 'p', 'h', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dicionario.org", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "dicionariodegirias.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'g', 'i', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionariodelatim.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'l', 'a', 't', 'i', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionariodenomesproprios.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'n', 'o', 'm', 'e', 's', 'p', 'r', 'o', 'p', 'r', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionariodesimbolos.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 's', 'i', 'm', 'b', 'o', 'l', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionarioetimologico.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'e', 't', 'i', 'm', 'o', 'l', 'o', 'g', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dickieslife.com", true */ 'd', 'i', 'c', 'k', 'i', 'e', 's', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dickpics.ru", true */ 'd', 'i', 'c', 'k', 'p', 'i', 'c', 's', '.', 'r', 'u', '\0',
+  /* "dicoding.com", true */ 'd', 'i', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "didacte.com", true */ 'd', 'i', 'd', 'a', 'c', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "didche.net", true */ 'd', 'i', 'd', 'c', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "diddens.de", true */ 'd', 'i', 'd', 'd', 'e', 'n', 's', '.', 'd', 'e', '\0',
+  /* "didikhari.web.id", true */ 'd', 'i', 'd', 'i', 'k', 'h', 'a', 'r', 'i', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "die-besten-weisheiten.de", true */ 'd', 'i', 'e', '-', 'b', 'e', 's', 't', 'e', 'n', '-', 'w', 'e', 'i', 's', 'h', 'e', 'i', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "die-blahuts.de", true */ 'd', 'i', 'e', '-', 'b', 'l', 'a', 'h', 'u', 't', 's', '.', 'd', 'e', '\0',
+  /* "die-borts.ch", true */ 'd', 'i', 'e', '-', 'b', 'o', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "die-gruenen-teufel.de", true */ 'd', 'i', 'e', '-', 'g', 'r', 'u', 'e', 'n', 'e', 'n', '-', 't', 'e', 'u', 'f', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "die-partei-reutlingen.de", true */ 'd', 'i', 'e', '-', 'p', 'a', 'r', 't', 'e', 'i', '-', 'r', 'e', 'u', 't', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "die-sinlosen.de", true */ 'd', 'i', 'e', '-', 's', 'i', 'n', 'l', 'o', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "die-speisekammer-reutlingen.de", true */ 'd', 'i', 'e', '-', 's', 'p', 'e', 'i', 's', 'e', 'k', 'a', 'm', 'm', 'e', 'r', '-', 'r', 'e', 'u', 't', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "diedrich.co", false */ 'd', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '.', 'c', 'o', '\0',
+  /* "diedrich.me", true */ 'd', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "dieecpd.org", true */ 'd', 'i', 'e', 'e', 'c', 'p', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "diegelernten.de", true */ 'd', 'i', 'e', 'g', 'e', 'l', 'e', 'r', 'n', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "diegerbers.de", true */ 'd', 'i', 'e', 'g', 'e', 'r', 'b', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "diegogelin.com", true */ 'd', 'i', 'e', 'g', 'o', 'g', 'e', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "diegorbaquero.com", true */ 'd', 'i', 'e', 'g', 'o', 'r', 'b', 'a', 'q', 'u', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "diehl.io", true */ 'd', 'i', 'e', 'h', 'l', '.', 'i', 'o', '\0',
+  /* "diemattels.at", true */ 'd', 'i', 'e', 'm', 'a', 't', 't', 'e', 'l', 's', '.', 'a', 't', '\0',
+  /* "dienchaninstitute.com", true */ 'd', 'i', 'e', 'n', 'c', 'h', 'a', 'n', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dienstplan.cc", true */ 'd', 'i', 'e', 'n', 's', 't', 'p', 'l', 'a', 'n', '.', 'c', 'c', '\0',
+  /* "dienstplan.one", true */ 'd', 'i', 'e', 'n', 's', 't', 'p', 'l', 'a', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "dierabenmutti.de", true */ 'd', 'i', 'e', 'r', 'a', 'b', 'e', 'n', 'm', 'u', 't', 't', 'i', '.', 'd', 'e', '\0',
+  /* "dierenartsdeconinck.be", true */ 'd', 'i', 'e', 'r', 'e', 'n', 'a', 'r', 't', 's', 'd', 'e', 'c', 'o', 'n', 'i', 'n', 'c', 'k', '.', 'b', 'e', '\0',
+  /* "dieselanimals.lt", true */ 'd', 'i', 'e', 's', 'e', 'l', 'a', 'n', 'i', 'm', 'a', 'l', 's', '.', 'l', 't', '\0',
+  /* "dieselgalleri.com", true */ 'd', 'i', 'e', 's', 'e', 'l', 'g', 'a', 'l', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dietagespresse.com", true */ 'd', 'i', 'e', 't', 'a', 'g', 'e', 's', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dietbrand.eu", true */ 'd', 'i', 'e', 't', 'b', 'r', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "dieti.net", true */ 'd', 'i', 'e', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "dietlin.com", true */ 'd', 'i', 'e', 't', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dietrich.cx", true */ 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'c', 'x', '\0',
+  /* "dieumfrage.com", true */ 'd', 'i', 'e', 'u', 'm', 'f', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diff2html.xyz", true */ 'd', 'i', 'f', 'f', '2', 'h', 't', 'm', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "different.cz", false */ 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', '.', 'c', 'z', '\0',
+  /* "differenta.ro", false */ 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', 'a', '.', 'r', 'o', '\0',
+  /* "diffnow.com", true */ 'd', 'i', 'f', 'f', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "difoosion.com", true */ 'd', 'i', 'f', 'o', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "digcit.org", true */ 'd', 'i', 'g', 'c', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "digdata.de", true */ 'd', 'i', 'g', 'd', 'a', 't', 'a', '.', 'd', 'e', '\0',
+  /* "dighans.com", true */ 'd', 'i', 'g', 'h', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digiarc.net", true */ 'd', 'i', 'g', 'i', 'a', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "digibild.ch", true */ 'd', 'i', 'g', 'i', 'b', 'i', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "digibull.email", true */ 'd', 'i', 'g', 'i', 'b', 'u', 'l', 'l', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "digibull.link", true */ 'd', 'i', 'g', 'i', 'b', 'u', 'l', 'l', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "digicert-support.com", true */ 'd', 'i', 'g', 'i', 'c', 'e', 'r', 't', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "digicert.nl", true */ 'd', 'i', 'g', 'i', 'c', 'e', 'r', 't', '.', 'n', 'l', '\0',
+  /* "digidroom.be", true */ 'd', 'i', 'g', 'i', 'd', 'r', 'o', 'o', 'm', '.', 'b', 'e', '\0',
+  /* "digikol.net", true */ 'd', 'i', 'g', 'i', 'k', 'o', 'l', '.', 'n', 'e', 't', '\0',
+  /* "digilicious.com", true */ 'd', 'i', 'g', 'i', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digimagical.com", true */ 'd', 'i', 'g', 'i', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "digimedia.cd", false */ 'd', 'i', 'g', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'd', '\0',
+  /* "digired.ro", true */ 'd', 'i', 'g', 'i', 'r', 'e', 'd', '.', 'r', 'o', '\0',
+  /* "digital-coach.it", false */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'c', 'o', 'a', 'c', 'h', '.', 'i', 't', '\0',
+  /* "digital-compounds.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'c', 'o', 'm', 'p', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digital-eastside.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'e', 'a', 's', 't', 's', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "digital.gov", false */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "digital1st.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '1', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "digital2web.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '2', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "digitalarchitecture.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "digitalbitbox.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'b', 'i', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "digitalbox.jp", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'b', 'o', 'x', '.', 'j', 'p', '\0',
+  /* "digitalcash.cf", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'a', 's', 'h', '.', 'c', 'f', '\0',
+  /* "digitalcloud.ovh", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "digitalcraftmarketing.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'r', 'a', 'f', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "digitalcreationclass.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digitalcuko.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'u', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "digitaldashboard.gov", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "digitaldatacenter.net", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "digitaldeli.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "digitaldeli.org", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "digitaldeli.tv", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 't', 'v', '\0',
+  /* "digitaldeli.us", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'u', 's', '\0',
+  /* "digitaldeliarchive.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "digitaldem.it", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'm', '.', 'i', 't', '\0',
+  /* "digitalehandtekeningen.nl", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'h', 'a', 'n', 'd', 't', 'e', 'k', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "digitaleoverheid.nl", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'o', 'v', 'e', 'r', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "digitalewelten.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "digitalgov.gov", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'g', 'o', 'v', '.', 'g', 'o', 'v', '\0',
+  /* "digitalimpostor.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'i', 'm', 'p', 'o', 's', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "digitalmarketingindallas.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'i', 'n', 'd', 'a', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digitalrights.center", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "digitalrights.fund", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'f', 'u', 'n', 'd', '\0',
+  /* "digitalrxcloud.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'x', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "digitalsurge.io", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 's', 'u', 'r', 'g', 'e', '.', 'i', 'o', '\0',
+  /* "digitaltechnologies.ltd.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'l', 't', 'd', '.', 'u', 'k', '\0',
+  /* "digitalunite.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'u', 'n', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "digitalwasteland.net", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'w', 'a', 's', 't', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "digitkon.com", true */ 'd', 'i', 'g', 'i', 't', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "digiworks.se", true */ 'd', 'i', 'g', 'i', 'w', 'o', 'r', 'k', 's', '.', 's', 'e', '\0',
+  /* "digminecraft.com", true */ 'd', 'i', 'g', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "digwp.com", true */ 'd', 'i', 'g', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dihesan.com", true */ 'd', 'i', 'h', 'e', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dijkmanmuziek.nl", false */ 'd', 'i', 'j', 'k', 'm', 'a', 'n', 'm', 'u', 'z', 'i', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "dijkmanvandoorn.nl", true */ 'd', 'i', 'j', 'k', 'm', 'a', 'n', 'v', 'a', 'n', 'd', 'o', 'o', 'r', 'n', '.', 'n', 'l', '\0',
+  /* "diju.ch", true */ 'd', 'i', 'j', 'u', '.', 'c', 'h', '\0',
+  /* "dilichen.fr", true */ 'd', 'i', 'l', 'i', 'c', 'h', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "diligo.ch", true */ 'd', 'i', 'l', 'i', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "dillewijnzwapak.nl", true */ 'd', 'i', 'l', 'l', 'e', 'w', 'i', 'j', 'n', 'z', 'w', 'a', 'p', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "dillonkorman.com", true */ 'd', 'i', 'l', 'l', 'o', 'n', 'k', 'o', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dillynbarber.com", true */ 'd', 'i', 'l', 'l', 'y', 'n', 'b', 'a', 'r', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "diluv.com", true */ 'd', 'i', 'l', 'u', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "dimanss47.net", true */ 'd', 'i', 'm', 'a', 'n', 's', 's', '4', '7', '.', 'n', 'e', 't', '\0',
+  /* "dimdom.com.br", true */ 'd', 'i', 'm', 'd', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dime-staging.com", true */ 'd', 'i', 'm', 'e', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dime.io", true */ 'd', 'i', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "dimeponline.com.br", true */ 'd', 'i', 'm', 'e', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dimes.com.tr", true */ 'd', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "dimez.ru", true */ 'd', 'i', 'm', 'e', 'z', '.', 'r', 'u', '\0',
+  /* "din-hkd.jp", true */ 'd', 'i', 'n', '-', 'h', 'k', 'd', '.', 'j', 'p', '\0',
+  /* "dineachook.com.au", true */ 'd', 'i', 'n', 'e', 'a', 'c', 'h', 'o', 'o', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dinepont.fr", true */ 'd', 'i', 'n', 'e', 'p', 'o', 'n', 't', '.', 'f', 'r', '\0',
+  /* "dingcc.com", true */ 'd', 'i', 'n', 'g', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dinge.xyz", true */ 'd', 'i', 'n', 'g', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "dingss.com", true */ 'd', 'i', 'n', 'g', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dinmtb.dk", true */ 'd', 'i', 'n', 'm', 't', 'b', '.', 'd', 'k', '\0',
+  /* "dino.li", true */ 'd', 'i', 'n', 'o', '.', 'l', 'i', '\0',
+  /* "dinotopia.org.uk", true */ 'd', 'i', 'n', 'o', 't', 'o', 'p', 'i', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "dinotv.at", true */ 'd', 'i', 'n', 'o', 't', 'v', '.', 'a', 't', '\0',
+  /* "dintillat.fr", true */ 'd', 'i', 'n', 't', 'i', 'l', 'l', 'a', 't', '.', 'f', 'r', '\0',
+  /* "dintrafic.net", true */ 'd', 'i', 'n', 't', 'r', 'a', 'f', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "dinube.com", true */ 'd', 'i', 'n', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diodeled.com", true */ 'd', 'i', 'o', 'd', 'e', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "diodo.me", true */ 'd', 'i', 'o', 'd', 'o', '.', 'm', 'e', '\0',
+  /* "dionysus.se", true */ 'd', 'i', 'o', 'n', 'y', 's', 'u', 's', '.', 's', 'e', '\0',
+  /* "dipl.io", false */ 'd', 'i', 'p', 'l', '.', 'i', 'o', '\0',
+  /* "dipling.de", true */ 'd', 'i', 'p', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "dipulse.it", true */ 'd', 'i', 'p', 'u', 'l', 's', 'e', '.', 'i', 't', '\0',
+  /* "dir2epub.com", true */ 'd', 'i', 'r', '2', 'e', 'p', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "dir2epub.org", true */ 'd', 'i', 'r', '2', 'e', 'p', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "direct2uk.com", true */ 'd', 'i', 'r', 'e', 'c', 't', '2', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "directebanking.com", true */ 'd', 'i', 'r', 'e', 'c', 't', 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "directinsure.in", true */ 'd', 'i', 'r', 'e', 'c', 't', 'i', 'n', 's', 'u', 'r', 'e', '.', 'i', 'n', '\0',
+  /* "directlinkfunding.co.uk", true */ 'd', 'i', 'r', 'e', 'c', 't', 'l', 'i', 'n', 'k', 'f', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "directme.ga", true */ 'd', 'i', 'r', 'e', 'c', 't', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "directnews.be", true */ 'd', 'i', 'r', 'e', 'c', 't', 'n', 'e', 'w', 's', '.', 'b', 'e', '\0',
+  /* "directorioz.com", true */ 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'i', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "directreal.sk", true */ 'd', 'i', 'r', 'e', 'c', 't', 'r', 'e', 'a', 'l', '.', 's', 'k', '\0',
+  /* "directtwo.solutions", true */ 'd', 'i', 'r', 'e', 'c', 't', 't', 'w', 'o', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "directtwosolutions.org", true */ 'd', 'i', 'r', 'e', 'c', 't', 't', 'w', 'o', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "direwolfsoftware.ca", true */ 'd', 'i', 'r', 'e', 'w', 'o', 'l', 'f', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'a', '\0',
+  /* "dirips.com", true */ 'd', 'i', 'r', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dirk-scheele.de", true */ 'd', 'i', 'r', 'k', '-', 's', 'c', 'h', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "dirko.net", true */ 'd', 'i', 'r', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "dirkwolf.de", true */ 'd', 'i', 'r', 'k', 'w', 'o', 'l', 'f', '.', 'd', 'e', '\0',
+  /* "dirtcraft.ca", true */ 'd', 'i', 'r', 't', 'c', 'r', 'a', 'f', 't', '.', 'c', 'a', '\0',
+  /* "dirtygeek.ovh", true */ 'd', 'i', 'r', 't', 'y', 'g', 'e', 'e', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "disabled.dating", true */ 'd', 'i', 's', 'a', 'b', 'l', 'e', 'd', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "disanteimpianti.com", true */ 'd', 'i', 's', 'a', 'n', 't', 'e', 'i', 'm', 'p', 'i', 'a', 'n', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "disavow.tools", true */ 'd', 'i', 's', 'a', 'v', 'o', 'w', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "disc.uz", true */ 'd', 'i', 's', 'c', '.', 'u', 'z', '\0',
+  /* "discarica.roma.it", true */ 'd', 'i', 's', 'c', 'a', 'r', 'i', 'c', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "discha.net", true */ 'd', 'i', 's', 'c', 'h', 'a', '.', 'n', 'e', 't', '\0',
+  /* "disciples.io", true */ 'd', 'i', 's', 'c', 'i', 'p', 'l', 'e', 's', '.', 'i', 'o', '\0',
+  /* "discipul.nl", true */ 'd', 'i', 's', 'c', 'i', 'p', 'u', 'l', '.', 'n', 'l', '\0',
+  /* "discofitta.com", true */ 'd', 'i', 's', 'c', 'o', 'f', 'i', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "disconformity.net", true */ 'd', 'i', 's', 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "discord-chan.net", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', '-', 'c', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "discordapp.com", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "discordghost.space", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', 'g', 'h', 'o', 's', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "discotek.club", false */ 'd', 'i', 's', 'c', 'o', 't', 'e', 'k', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "discount24.de", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "discountmania.eu", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'm', 'a', 'n', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "discountmetaux.fr", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'm', 'e', 't', 'a', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "discountplush.com", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'p', 'l', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "discover-mercure.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', '-', 'm', 'e', 'r', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "discoverhealthage.com", false */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'h', 'e', 'a', 'l', 't', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "discoveringdocker.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 'd', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "discoverrsv.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'r', 's', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "discoverwellness.center", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "discoveryrom.org", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'y', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "discreet-condooms.nl", true */ 'd', 'i', 's', 'c', 'r', 'e', 'e', 't', '-', 'c', 'o', 'n', 'd', 'o', 'o', 'm', 's', '.', 'n', 'l', '\0',
+  /* "disinclined.org", true */ 'd', 'i', 's', 'i', 'n', 'c', 'l', 'i', 'n', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "disinfesta.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', '.', 'i', 't', '\0',
+  /* "disinfestando.info", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'n', 'd', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "disinfestatori.com", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "disinfestazione.brescia.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'b', 'r', 'e', 's', 'c', 'i', 'a', '.', 'i', 't', '\0',
+  /* "disinfestazione.venezia.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'v', 'e', 'n', 'e', 'z', 'i', 'a', '.', 'i', 't', '\0',
+  /* "disinfestazione24.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '2', '4', '.', 'i', 't', '\0',
+  /* "disinfestazioni-umbria.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '-', 'u', 'm', 'b', 'r', 'i', 'a', '.', 'i', 't', '\0',
+  /* "disinfestazioni.info", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "disinfestazioni.net", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "disinfestazioni.verona.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'v', 'e', 'r', 'o', 'n', 'a', '.', 'i', 't', '\0',
+  /* "disinisharing.com", true */ 'd', 'i', 's', 'i', 'n', 'i', 's', 'h', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "diskbit.com", true */ 'd', 'i', 's', 'k', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "diskbit.nl", true */ 'd', 'i', 's', 'k', 'b', 'i', 't', '.', 'n', 'l', '\0',
+  /* "dismail.de", true */ 'd', 'i', 's', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "disposable.link", true */ 'd', 'i', 's', 'p', 'o', 's', 'a', 'b', 'l', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "disroot.org", true */ 'd', 'i', 's', 'r', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0',
+  /* "disrupters.ch", true */ 'd', 'i', 's', 'r', 'u', 'p', 't', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "dissectcyber.com", true */ 'd', 'i', 's', 's', 'e', 'c', 't', 'c', 'y', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dissertationhelp.com", true */ 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dissidence.ovh", true */ 'd', 'i', 's', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "dist.torproject.org", false */ 'd', 'i', 's', 't', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "distinguishedprisoner.com", true */ 'd', 'i', 's', 't', 'i', 'n', 'g', 'u', 'i', 's', 'h', 'e', 'd', 'p', 'r', 'i', 's', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "distinguishedwindows.co.uk", true */ 'd', 'i', 's', 't', 'i', 'n', 'g', 'u', 'i', 's', 'h', 'e', 'd', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "distribuidoracristal.com.br", true */ 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 'i', 'd', 'o', 'r', 'a', 'c', 'r', 'i', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "distribuidorveterinario.es", true */ 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 'i', 'd', 'o', 'r', 'v', 'e', 't', 'e', 'r', 'i', 'n', 'a', 'r', 'i', 'o', '.', 'e', 's', '\0',
+  /* "distrilogservices.com", true */ 'd', 'i', 's', 't', 'r', 'i', 'l', 'o', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "distro.re", true */ 'd', 'i', 's', 't', 'r', 'o', '.', 'r', 'e', '\0',
+  /* "ditelbat.com", true */ 'd', 'i', 't', 'e', 'l', 'b', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "diti.me", true */ 'd', 'i', 't', 'i', '.', 'm', 'e', '\0',
+  /* "ditisabc.nl", true */ 'd', 'i', 't', 'i', 's', 'a', 'b', 'c', '.', 'n', 'l', '\0',
+  /* "diva.nl", true */ 'd', 'i', 'v', 'a', '.', 'n', 'l', '\0',
+  /* "divcoder.com", true */ 'd', 'i', 'v', 'c', 'o', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "divedowntown.com", true */ 'd', 'i', 'v', 'e', 'd', 'o', 'w', 'n', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "divegearexpress.com", true */ 'd', 'i', 'v', 'e', 'g', 'e', 'a', 'r', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "divegearexpress.com.cn", true */ 'd', 'i', 'v', 'e', 'g', 'e', 'a', 'r', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "diveidc.com", true */ 'd', 'i', 'v', 'e', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "divenwa.com", true */ 'd', 'i', 'v', 'e', 'n', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "diveplan.org", true */ 'd', 'i', 'v', 'e', 'p', 'l', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "divergenz.org", true */ 'd', 'i', 'v', 'e', 'r', 'g', 'e', 'n', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "diversity-spielzeug.de", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '-', 's', 'p', 'i', 'e', 'l', 'z', 'e', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "diversityflags.com", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "diversityflags.com.au", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "diversityflags.nz", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'n', 'z', '\0',
+  /* "divertiagua.com.br", true */ 'd', 'i', 'v', 'e', 'r', 't', 'i', 'a', 'g', 'u', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "divinegames.studio", true */ 'd', 'i', 'v', 'i', 'n', 'e', 'g', 'a', 'm', 'e', 's', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "divingwithnic.com", true */ 'd', 'i', 'v', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "diwei.vip", true */ 'd', 'i', 'w', 'e', 'i', '.', 'v', 'i', 'p', '\0',
+  /* "diybook.at", true */ 'd', 'i', 'y', 'b', 'o', 'o', 'k', '.', 'a', 't', '\0',
+  /* "diycc.org", true */ 'd', 'i', 'y', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "diymediahome.org", true */ 'd', 'i', 'y', 'm', 'e', 'd', 'i', 'a', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "diyosun.com", true */ 'd', 'i', 'y', 'o', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "diz.in.ua", true */ 'd', 'i', 'z', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "dizzythewizard.co.uk", true */ 'd', 'i', 'z', 'z', 'y', 't', 'h', 'e', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dj-x.info", true */ 'd', 'j', '-', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dj3dub.com", true */ 'd', 'j', '3', 'd', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "djangobirthday.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "djangogolf.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "djangoproject.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "djangosnippets.org", true */ 'd', 'j', 'a', 'n', 'g', 'o', 's', 'n', 'i', 'p', 'p', 'e', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "djbbouncycastles.co.uk", true */ 'd', 'j', 'b', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "djc.me", true */ 'd', 'j', 'c', '.', 'm', 'e', '\0',
+  /* "djdavid98.hu", true */ 'd', 'j', 'd', 'a', 'v', 'i', 'd', '9', '8', '.', 'h', 'u', '\0',
+  /* "djipanov.com", true */ 'd', 'j', 'i', 'p', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "djlive.pl", true */ 'd', 'j', 'l', 'i', 'v', 'e', '.', 'p', 'l', '\0',
+  /* "djlnetworks.co.uk", true */ 'd', 'j', 'l', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "djsbouncycastlehire.com", true */ 'd', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "djt-vom-chausseehaus.de", true */ 'd', 'j', 't', '-', 'v', 'o', 'm', '-', 'c', 'h', 'a', 'u', 's', 's', 'e', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "djul.net", true */ 'd', 'j', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "djwaynepryke.com", true */ 'd', 'j', 'w', 'a', 'y', 'n', 'e', 'p', 'r', 'y', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dk.search.yahoo.com", false */ 'd', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dkcomputers.com.au", true */ 'd', 'k', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dkds.us", true */ 'd', 'k', 'd', 's', '.', 'u', 's', '\0',
+  /* "dkn.go.id", false */ 'd', 'k', 'n', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "dl.google.com", true */ 'd', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dlabouncycastlehire.co.uk", true */ 'd', 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dlaspania.pl", true */ 'd', 'l', 'a', 's', 'p', 'a', 'n', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "dlbouncers.co.uk", true */ 'd', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dlde.ru", true */ 'd', 'l', 'd', 'e', '.', 'r', 'u', '\0',
+  /* "dldl.fr", true */ 'd', 'l', 'd', 'l', '.', 'f', 'r', '\0',
+  /* "dlfsymposium.nl", true */ 'd', 'l', 'f', 's', 'y', 'm', 'p', 'o', 's', 'i', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "dlg.im", true */ 'd', 'l', 'g', '.', 'i', 'm', '\0',
+  /* "dll4free.com", true */ 'd', 'l', 'l', '4', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dlld.com", true */ 'd', 'l', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dlrsp.org", true */ 'd', 'l', 'r', 's', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "dlscomputers.com.au", true */ 'd', 'l', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dlunch.net", true */ 'd', 'l', 'u', 'n', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "dlzz.net", true */ 'd', 'l', 'z', 'z', '.', 'n', 'e', 't', '\0',
+  /* "dm.lookout.com", false */ 'd', 'm', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dm4productions.com", true */ 'd', 'm', '4', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dm7ds.de", true */ 'd', 'm', '7', 'd', 's', '.', 'd', 'e', '\0',
+  /* "dmarc.dk", true */ 'd', 'm', 'a', 'r', 'c', '.', 'd', 'k', '\0',
+  /* "dmarketer.com", true */ 'd', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dmcastles.com", true */ 'd', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dmdre.com", true */ 'd', 'm', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dmeevalumate.com", true */ 'd', 'm', 'e', 'e', 'v', 'a', 'l', 'u', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dmenergy.ru", true */ 'd', 'm', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'r', 'u', '\0',
+  /* "dmfd.net", true */ 'd', 'm', 'f', 'd', '.', 'n', 'e', 't', '\0',
+  /* "dmi.es", true */ 'd', 'm', 'i', '.', 'e', 's', '\0',
+  /* "dmlogic.com", true */ 'd', 'm', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dmxledlights.com", true */ 'd', 'm', 'x', 'l', 'e', 'd', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dn3s.me", true */ 'd', 'n', '3', 's', '.', 'm', 'e', '\0',
+  /* "dn42.eu", false */ 'd', 'n', '4', '2', '.', 'e', 'u', '\0',
+  /* "dn42.us", true */ 'd', 'n', '4', '2', '.', 'u', 's', '\0',
+  /* "dna.li", true */ 'd', 'n', 'a', '.', 'l', 'i', '\0',
+  /* "dnc.org.nz", true */ 'd', 'n', 'c', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "dndtools.net", true */ 'd', 'n', 'd', 't', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "dne.lu", true */ 'd', 'n', 'e', '.', 'l', 'u', '\0',
+  /* "dnfc.rocks", true */ 'd', 'n', 'f', 'c', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "dnmaze.com", true */ 'd', 'n', 'm', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dnmlab.it", true */ 'd', 'n', 'm', 'l', 'a', 'b', '.', 'i', 't', '\0',
+  /* "dnplegal.com", true */ 'd', 'n', 'p', 'l', 'e', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dns-control.eu", true */ 'd', 'n', 's', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'e', 'u', '\0',
+  /* "dns-manager.info", true */ 'd', 'n', 's', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dns.google.com", true */ 'd', 'n', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dns8.online", true */ 'd', 'n', 's', '8', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "dnsbird.org", true */ 'd', 'n', 's', 'b', 'i', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "dnscurve.io", true */ 'd', 'n', 's', 'c', 'u', 'r', 'v', 'e', '.', 'i', 'o', '\0',
+  /* "dnshallinta.fi", true */ 'd', 'n', 's', 'h', 'a', 'l', 'l', 'i', 'n', 't', 'a', '.', 'f', 'i', '\0',
+  /* "dnslog.com", true */ 'd', 'n', 's', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dnsman.se", true */ 'd', 'n', 's', 'm', 'a', 'n', '.', 's', 'e', '\0',
+  /* "dnstwister.report", true */ 'd', 'n', 's', 't', 'w', 'i', 's', 't', 'e', 'r', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "do-it.cz", true */ 'd', 'o', '-', 'i', 't', '.', 'c', 'z', '\0',
+  /* "do-prod.com", true */ 'd', 'o', '-', 'p', 'r', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "do.gd", true */ 'd', 'o', '.', 'g', 'd', '\0',
+  /* "do.search.yahoo.com", false */ 'd', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "do13.net", true */ 'd', 'o', '1', '3', '.', 'n', 'e', 't', '\0',
+  /* "do67.de", true */ 'd', 'o', '6', '7', '.', 'd', 'e', '\0',
+  /* "do67.net", true */ 'd', 'o', '6', '7', '.', 'n', 'e', 't', '\0',
+  /* "dobrev.family", true */ 'd', 'o', 'b', 'r', 'e', 'v', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "dobsnet.net", true */ 'd', 'o', 'b', 's', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "doc.python.org", true */ 'd', 'o', 'c', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "doc.to", true */ 'd', 'o', 'c', '.', 't', 'o', '\0',
+  /* "doc8643.com", true */ 'd', 'o', 'c', '8', '6', '4', '3', '.', 'c', 'o', 'm', '\0',
+  /* "docabo.ch", true */ 'd', 'o', 'c', 'a', 'b', 'o', '.', 'c', 'h', '\0',
+  /* "docbox.ch", true */ 'd', 'o', 'c', 'b', 'o', 'x', '.', 'c', 'h', '\0',
+  /* "docemeldoces.com", true */ 'd', 'o', 'c', 'e', 'm', 'e', 'l', 'd', 'o', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dochitaceahlau.ro", true */ 'd', 'o', 'c', 'h', 'i', 't', 'a', 'c', 'e', 'a', 'h', 'l', 'a', 'u', '.', 'r', 'o', '\0',
+  /* "dockerm.com", true */ 'd', 'o', 'c', 'k', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "doclassworks.com", true */ 'd', 'o', 'c', 'l', 'a', 's', 's', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "docline.gov", true */ 'd', 'o', 'c', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "docloh.de", true */ 'd', 'o', 'c', 'l', 'o', 'h', '.', 'd', 'e', '\0',
+  /* "docloudu.info", true */ 'd', 'o', 'c', 'l', 'o', 'u', 'd', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "docplexus.in", true */ 'd', 'o', 'c', 'p', 'l', 'e', 'x', 'u', 's', '.', 'i', 'n', '\0',
+  /* "docs.google.com", false */ 'd', 'o', 'c', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "docs.python.org", true */ 'd', 'o', 'c', 's', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "docs.re", true */ 'd', 'o', 'c', 's', '.', 'r', 'e', '\0',
+  /* "docs.tw", true */ 'd', 'o', 'c', 's', '.', 't', 'w', '\0',
+  /* "docsoc.org.uk", true */ 'd', 'o', 'c', 's', 'o', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "doctafit.com", true */ 'd', 'o', 'c', 't', 'a', 'f', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "doctor-locks.co.uk", true */ 'd', 'o', 'c', 't', 'o', 'r', '-', 'l', 'o', 'c', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "doctor.dating", true */ 'd', 'o', 'c', 't', 'o', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "doctorfox.co.uk", true */ 'd', 'o', 'c', 't', 'o', 'r', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "doctorsonmaps.com", true */ 'd', 'o', 'c', 't', 'o', 'r', 's', 'o', 'n', 'm', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "doctorwho.cz", true */ 'd', 'o', 'c', 't', 'o', 'r', 'w', 'h', 'o', '.', 'c', 'z', '\0',
+  /* "docubox.info", true */ 'd', 'o', 'c', 'u', 'b', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "docucopies.com", true */ 'd', 'o', 'c', 'u', 'c', 'o', 'p', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "documaniatv.com", true */ 'd', 'o', 'c', 'u', 'm', 'a', 'n', 'i', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "documentations-sociales.com", true */ 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'a', 't', 'i', 'o', 'n', 's', '-', 's', 'o', 'c', 'i', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "docupet.com", true */ 'd', 'o', 'c', 'u', 'p', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "doenjoylife.com", true */ 'd', 'o', 'e', 'n', 'j', 'o', 'y', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "does.one", true */ 'd', 'o', 'e', 's', '.', 'o', 'n', 'e', '\0',
+  /* "doesmycodehavebugs.today", true */ 'd', 'o', 'e', 's', 'm', 'y', 'c', 'o', 'd', 'e', 'h', 'a', 'v', 'e', 'b', 'u', 'g', 's', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "doesnotscale.com", false */ 'd', 'o', 'e', 's', 'n', 'o', 't', 's', 'c', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dofuspvp.com", true */ 'd', 'o', 'f', 'u', 's', 'p', 'v', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dog-blum.com", true */ 'd', 'o', 'g', '-', 'b', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dogan.ch", false */ 'd', 'o', 'g', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "dogear.ch", true */ 'd', 'o', 'g', 'e', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "dogft.com", true */ 'd', 'o', 'g', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "doggroomingcourse.com", true */ 'd', 'o', 'g', 'g', 'r', 'o', 'o', 'm', 'i', 'n', 'g', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dogmap.jp", true */ 'd', 'o', 'g', 'm', 'a', 'p', '.', 'j', 'p', '\0',
+  /* "dogoo.com", true */ 'd', 'o', 'g', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dogprograms.net", true */ 'd', 'o', 'g', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "dogworld.com.br", true */ 'd', 'o', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dohanews.co", true */ 'd', 'o', 'h', 'a', 'n', 'e', 'w', 's', '.', 'c', 'o', '\0',
+  /* "dokan-e.com", true */ 'd', 'o', 'k', 'a', 'n', '-', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dokelio-idf.fr", true */ 'd', 'o', 'k', 'e', 'l', 'i', 'o', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "doku-gilde.de", true */ 'd', 'o', 'k', 'u', '-', 'g', 'i', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "dokuboard.com", true */ 'd', 'o', 'k', 'u', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dokuraum.de", true */ 'd', 'o', 'k', 'u', 'r', 'a', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "dolarcanadense.com.br", true */ 'd', 'o', 'l', 'a', 'r', 'c', 'a', 'n', 'a', 'd', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dolcevitatech.education", true */ 'd', 'o', 'l', 'c', 'e', 'v', 'i', 't', 'a', 't', 'e', 'c', 'h', '.', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "dolci-delizie.de", true */ 'd', 'o', 'l', 'c', 'i', '-', 'd', 'e', 'l', 'i', 'z', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "doli.se", true */ 'd', 'o', 'l', 'i', '.', 's', 'e', '\0',
+  /* "dolice.net", true */ 'd', 'o', 'l', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dollemore.com", true */ 'd', 'o', 'l', 'l', 'e', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dolorism.com", true */ 'd', 'o', 'l', 'o', 'r', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dolphin-hosting.com", true */ 'd', 'o', 'l', 'p', 'h', 'i', 'n', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dolphin-it.de", true */ 'd', 'o', 'l', 'p', 'h', 'i', 'n', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "dom-medicina.ru", true */ 'd', 'o', 'm', '-', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "doma.in", true */ 'd', 'o', 'm', 'a', '.', 'i', 'n', '\0',
+  /* "domadillo.com", true */ 'd', 'o', 'm', 'a', 'd', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "domain-ermittlung.de", true */ 'd', 'o', 'm', 'a', 'i', 'n', '-', 'e', 'r', 'm', 'i', 't', 't', 'l', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "domain001.info", true */ 'd', 'o', 'm', 'a', 'i', 'n', '0', '0', '1', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "domainedemiolan.ch", true */ 'd', 'o', 'm', 'a', 'i', 'n', 'e', 'd', 'e', 'm', 'i', 'o', 'l', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "domainexpress.de", false */ 'd', 'o', 'm', 'a', 'i', 'n', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'd', 'e', '\0',
+  /* "domainkauf.de", true */ 'd', 'o', 'm', 'a', 'i', 'n', 'k', 'a', 'u', 'f', '.', 'd', 'e', '\0',
+  /* "domains.google.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "domainsilk.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "domainstaff.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', 't', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "domaxpoker.com", true */ 'd', 'o', 'm', 'a', 'x', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "domenic.me", true */ 'd', 'o', 'm', 'e', 'n', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "domesticcleaners.co.uk", true */ 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "domhaase.me", true */ 'd', 'o', 'm', 'h', 'a', 'a', 's', 'e', '.', 'm', 'e', '\0',
+  /* "domian.cz", true */ 'd', 'o', 'm', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "dominationgame.co.uk", true */ 'd', 'o', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dominicself.co.uk", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'c', 's', 'e', 'l', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dominik-schlueter.de", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'k', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dominikkulaga.pl", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'k', 'k', 'u', 'l', 'a', 'g', 'a', '.', 'p', 'l', '\0',
+  /* "dominioanimal.com.br", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'o', 'a', 'n', 'i', 'm', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dominoknihy.cz", true */ 'd', 'o', 'm', 'i', 'n', 'o', 'k', 'n', 'i', 'h', 'y', '.', 'c', 'z', '\0',
+  /* "dominomatrix.com", true */ 'd', 'o', 'm', 'i', 'n', 'o', 'm', 'a', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dommascate.com.br", true */ 'd', 'o', 'm', 'm', 'a', 's', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "domodeco.fr", true */ 'd', 'o', 'm', 'o', 'd', 'e', 'c', 'o', '.', 'f', 'r', '\0',
+  /* "domodedovo.travel", true */ 'd', 'o', 'm', 'o', 'd', 'e', 'd', 'o', 'v', 'o', '.', 't', 'r', 'a', 'v', 'e', 'l', '\0',
+  /* "domprojects.com", true */ 'd', 'o', 'm', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domscripting.com", true */ 'd', 'o', 'm', 's', 'c', 'r', 'i', 'p', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "domyassignments.com", true */ 'd', 'o', 'm', 'y', 'a', 's', 's', 'i', 'g', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domycasestudy.com", true */ 'd', 'o', 'm', 'y', 'c', 'a', 's', 'e', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "domycoursework.com", true */ 'd', 'o', 'm', 'y', 'c', 'o', 'u', 'r', 's', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "domycreativewritings.com", true */ 'd', 'o', 'm', 'y', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domydissertations.com", true */ 'd', 'o', 'm', 'y', 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domyessay.net", true */ 'd', 'o', 'm', 'y', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "domyessays.com", true */ 'd', 'o', 'm', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domyhomeworks.net", true */ 'd', 'o', 'm', 'y', 'h', 'o', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "domynetwork.com", true */ 'd', 'o', 'm', 'y', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "domypapers.com", true */ 'd', 'o', 'm', 'y', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domyresearchpaper.com", true */ 'd', 'o', 'm', 'y', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "domyreview.net", true */ 'd', 'o', 'm', 'y', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'n', 'e', 't', '\0',
+  /* "domyspeech.com", true */ 'd', 'o', 'm', 'y', 's', 'p', 'e', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "domytermpaper.com", true */ 'd', 'o', 'm', 'y', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "domythesis.net", true */ 'd', 'o', 'm', 'y', 't', 'h', 'e', 's', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "domyzitrka.cz", true */ 'd', 'o', 'm', 'y', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "donabeneko.jp", true */ 'd', 'o', 'n', 'a', 'b', 'e', 'n', 'e', 'k', 'o', '.', 'j', 'p', '\0',
+  /* "donateaday.net", true */ 'd', 'o', 'n', 'a', 't', 'e', 'a', 'd', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "donateway.com", true */ 'd', 'o', 'n', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "donfelino.tk", false */ 'd', 'o', 'n', 'f', 'e', 'l', 'i', 'n', 'o', '.', 't', 'k', '\0',
+  /* "dongkexue.com", true */ 'd', 'o', 'n', 'g', 'k', 'e', 'x', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "donhoward.org", true */ 'd', 'o', 'n', 'h', 'o', 'w', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "donkeytrekkingkefalonia.com", true */ 'd', 'o', 'n', 'k', 'e', 'y', 't', 'r', 'e', 'k', 'k', 'i', 'n', 'g', 'k', 'e', 'f', 'a', 'l', 'o', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "donmaldeamores.com", true */ 'd', 'o', 'n', 'm', 'a', 'l', 'd', 'e', 'a', 'm', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "donnachie.net", true */ 'd', 'o', 'n', 'n', 'a', 'c', 'h', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "donner-reuschel.de", true */ 'd', 'o', 'n', 'n', 'e', 'r', '-', 'r', 'e', 'u', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "donnons.org", false */ 'd', 'o', 'n', 'n', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "donnoval.ru", true */ 'd', 'o', 'n', 'n', 'o', 'v', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "donotcall.gov", true */ 'd', 'o', 'n', 'o', 't', 'c', 'a', 'l', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "donotlink.it", true */ 'd', 'o', 'n', 'o', 't', 'l', 'i', 'n', 'k', '.', 'i', 't', '\0',
+  /* "donotspellitgav.in", true */ 'd', 'o', 'n', 'o', 't', 's', 'p', 'e', 'l', 'l', 'i', 't', 'g', 'a', 'v', '.', 'i', 'n', '\0',
+  /* "donpaginasweb.com", true */ 'd', 'o', 'n', 'p', 'a', 'g', 'i', 'n', 'a', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "donsbach-edv.de", true */ 'd', 'o', 'n', 's', 'b', 'a', 'c', 'h', '-', 'e', 'd', 'v', '.', 'd', 'e', '\0',
+  /* "dont.re", true */ 'd', 'o', 'n', 't', '.', 'r', 'e', '\0',
+  /* "dont.watch", true */ 'd', 'o', 'n', 't', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "dontbubble.me", true */ 'd', 'o', 'n', 't', 'b', 'u', 'b', 'b', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "dontcageus.org", true */ 'd', 'o', 'n', 't', 'c', 'a', 'g', 'e', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "donthedragonwilson.com", true */ 'd', 'o', 'n', 't', 'h', 'e', 'd', 'r', 'a', 'g', 'o', 'n', 'w', 'i', 'l', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dontpayfull.com", true */ 'd', 'o', 'n', 't', 'p', 'a', 'y', 'f', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "donttrust.me", true */ 'd', 'o', 'n', 't', 't', 'r', 'u', 's', 't', '.', 'm', 'e', '\0',
+  /* "donutcompany.co.jp", true */ 'd', 'o', 'n', 'u', 't', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "donzool.es", true */ 'd', 'o', 'n', 'z', 'o', 'o', 'l', '.', 'e', 's', '\0',
+  /* "dooby.fr", true */ 'd', 'o', 'o', 'b', 'y', '.', 'f', 'r', '\0',
+  /* "doodlefinder.de", true */ 'd', 'o', 'o', 'd', 'l', 'e', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dooleylabs.com", true */ 'd', 'o', 'o', 'l', 'e', 'y', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dooleytackaberry.com", true */ 'd', 'o', 'o', 'l', 'e', 'y', 't', 'a', 'c', 'k', 'a', 'b', 'e', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "doomoo.com", true */ 'd', 'o', 'o', 'm', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "doomsworld.com", true */ 'd', 'o', 'o', 'm', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "door.cards", true */ 'd', 'o', 'o', 'r', '.', 'c', 'a', 'r', 'd', 's', '\0',
+  /* "doordecor.bg", true */ 'd', 'o', 'o', 'r', 'd', 'e', 'c', 'o', 'r', '.', 'b', 'g', '\0',
+  /* "doorflow.com", true */ 'd', 'o', 'o', 'r', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "dopesoft.de", true */ 'd', 'o', 'p', 'e', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "dopfer-fenstertechnik.de", true */ 'd', 'o', 'p', 'f', 'e', 'r', '-', 'f', 'e', 'n', 's', 't', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "doppenpost.nl", true */ 'd', 'o', 'p', 'p', 'e', 'n', 'p', 'o', 's', 't', '.', 'n', 'l', '\0',
+  /* "dopply.com", true */ 'd', 'o', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dopravni-modely.cz", true */ 'd', 'o', 'p', 'r', 'a', 'v', 'n', 'i', '-', 'm', 'o', 'd', 'e', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "dopsi.ch", true */ 'd', 'o', 'p', 's', 'i', '.', 'c', 'h', '\0',
+  /* "dora.moe", true */ 'd', 'o', 'r', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "dorfbaeck.at", true */ 'd', 'o', 'r', 'f', 'b', 'a', 'e', 'c', 'k', '.', 'a', 't', '\0',
+  /* "dorfbrunnen.eu", true */ 'd', 'o', 'r', 'f', 'b', 'r', 'u', 'n', 'n', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "doriangirod.ch", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'g', 'i', 'r', 'o', 'd', '.', 'c', 'h', '\0',
+  /* "dorianharmans.nl", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'h', 'a', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "dorianmuthig.com", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'm', 'u', 't', 'h', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dormebebe.com.br", true */ 'd', 'o', 'r', 'm', 'e', 'b', 'e', 'b', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dormiu.com", true */ 'd', 'o', 'r', 'm', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "dormiu.com.br", true */ 'd', 'o', 'r', 'm', 'i', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dorquelle.com", true */ 'd', 'o', 'r', 'q', 'u', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dorsetentertainments.co.uk", true */ 'd', 'o', 'r', 's', 'e', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dorth.nl", true */ 'd', 'o', 'r', 't', 'h', '.', 'n', 'l', '\0',
+  /* "dosenkiwi.at", true */ 'd', 'o', 's', 'e', 'n', 'k', 'i', 'w', 'i', '.', 'a', 't', '\0',
+  /* "dosipe.com", true */ 'd', 'o', 's', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "doska.by", true */ 'd', 'o', 's', 'k', 'a', '.', 'b', 'y', '\0',
+  /* "doska.kz", true */ 'd', 'o', 's', 'k', 'a', '.', 'k', 'z', '\0',
+  /* "doska.ru", true */ 'd', 'o', 's', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "dosomeworks.biz", true */ 'd', 'o', 's', 'o', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'b', 'i', 'z', '\0',
+  /* "dossplumbing.co.za", true */ 'd', 'o', 's', 's', 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "dosvientoselectrical.com", true */ 'd', 'o', 's', 'v', 'i', 'e', 'n', 't', 'o', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dosyauzantisi.com", true */ 'd', 'o', 's', 'y', 'a', 'u', 'z', 'a', 'n', 't', 'i', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dot.ro", true */ 'd', 'o', 't', '.', 'r', 'o', '\0',
+  /* "dotacni-parazit.cz", true */ 'd', 'o', 't', 'a', 'c', 'n', 'i', '-', 'p', 'a', 'r', 'a', 'z', 'i', 't', '.', 'c', 'z', '\0',
+  /* "dotb.dn.ua", false */ 'd', 'o', 't', 'b', '.', 'd', 'n', '.', 'u', 'a', '\0',
+  /* "dotbigbang.com", true */ 'd', 'o', 't', 'b', 'i', 'g', 'b', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dotbox.org", true */ 'd', 'o', 't', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dotbrick.co.th", true */ 'd', 'o', 't', 'b', 'r', 'i', 'c', 'k', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "dotconnor.com", true */ 'd', 'o', 't', 'c', 'o', 'n', 'n', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dotgov.gov", true */ 'd', 'o', 't', 'g', 'o', 'v', '.', 'g', 'o', 'v', '\0',
+  /* "dothebangthingsalon.com", true */ 'd', 'o', 't', 'h', 'e', 'b', 'a', 'n', 'g', 't', 'h', 'i', 'n', 'g', 's', 'a', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dotjs.party", true */ 'd', 'o', 't', 'j', 's', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "dotkniseandroida.cz", true */ 'd', 'o', 't', 'k', 'n', 'i', 's', 'e', 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "dotkod.com", true */ 'd', 'o', 't', 'k', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dotkod.pl", true */ 'd', 'o', 't', 'k', 'o', 'd', '.', 'p', 'l', '\0',
+  /* "dotneko.net", true */ 'd', 'o', 't', 'n', 'e', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "dotnetsandbox.ca", true */ 'd', 'o', 't', 'n', 'e', 't', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'a', '\0',
+  /* "dotphoto.com", true */ 'd', 'o', 't', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dotplex.com", true */ 'd', 'o', 't', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dotplex.de", true */ 'd', 'o', 't', 'p', 'l', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "dotrox.net", true */ 'd', 'o', 't', 'r', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "dotsiam.com", true */ 'd', 'o', 't', 's', 'i', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "douai.me", true */ 'd', 'o', 'u', 'a', 'i', '.', 'm', 'e', '\0',
+  /* "doubleavineyards.com", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'a', 'v', 'i', 'n', 'e', 'y', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "doublefun.net", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'f', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "doubleup.com.au", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'u', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "doucheba.gs", false */ 'd', 'o', 'u', 'c', 'h', 'e', 'b', 'a', '.', 'g', 's', '\0',
+  /* "dougferris.id.au", true */ 'd', 'o', 'u', 'g', 'f', 'e', 'r', 'r', 'i', 's', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "doujinshi.info", true */ 'd', 'o', 'u', 'j', 'i', 'n', 's', 'h', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dounats.com", true */ 'd', 'o', 'u', 'n', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "douzer.de", true */ 'd', 'o', 'u', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dovenzorgmalawi.nl", true */ 'd', 'o', 'v', 'e', 'n', 'z', 'o', 'r', 'g', 'm', 'a', 'l', 'a', 'w', 'i', '.', 'n', 'l', '\0',
+  /* "dovro.de", true */ 'd', 'o', 'v', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "dowc.org", true */ 'd', 'o', 'w', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "downloadaja.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "downloadgamemods.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'g', 'a', 'm', 'e', 'm', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "downloadgram.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "downloadsoftwaregratisan.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'g', 'r', 'a', 't', 'i', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "downtimerobot.com", true */ 'd', 'o', 'w', 'n', 't', 'i', 'm', 'e', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "downtimerobot.nl", true */ 'd', 'o', 'w', 'n', 't', 'i', 'm', 'e', 'r', 'o', 'b', 'o', 't', '.', 'n', 'l', '\0',
+  /* "downtownvernon.com", true */ 'd', 'o', 'w', 'n', 't', 'o', 'w', 'n', 'v', 'e', 'r', 'n', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "doyoucheck.com", false */ 'd', 'o', 'y', 'o', 'u', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "doyouedc.com", true */ 'd', 'o', 'y', 'o', 'u', 'e', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "doyoutax.com", true */ 'd', 'o', 'y', 'o', 'u', 't', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "doypacky.cz", true */ 'd', 'o', 'y', 'p', 'a', 'c', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "dpd.com.pl", true */ 'd', 'p', 'd', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "dperson.net", true */ 'd', 'p', 'e', 'r', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dpfsolutionsfl.com", true */ 'd', 'p', 'f', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', 'f', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dpg.no", true */ 'd', 'p', 'g', '.', 'n', 'o', '\0',
+  /* "dpisecuretests.com", true */ 'd', 'p', 'i', 's', 'e', 'c', 'u', 'r', 'e', 't', 'e', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dprb.biz", true */ 'd', 'p', 'r', 'b', '.', 'b', 'i', 'z', '\0',
+  /* "dprd-wonogirikab.go.id", false */ 'd', 'p', 'r', 'd', '-', 'w', 'o', 'n', 'o', 'g', 'i', 'r', 'i', 'k', 'a', 'b', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "dpwsweeps.co.uk", true */ 'd', 'p', 'w', 's', 'w', 'e', 'e', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dr-schuessler.de", true */ 'd', 'r', '-', 's', 'c', 'h', 'u', 'e', 's', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dr-www.de", true */ 'd', 'r', '-', 'w', 'w', 'w', '.', 'd', 'e', '\0',
+  /* "drabadir.com", true */ 'd', 'r', 'a', 'b', 'a', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "drabben.be", true */ 'd', 'r', 'a', 'b', 'b', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "drabbin.com", true */ 'd', 'r', 'a', 'b', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drabim.org", true */ 'd', 'r', 'a', 'b', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "dracisvet.cz", true */ 'd', 'r', 'a', 'c', 'i', 's', 'v', 'e', 't', '.', 'c', 'z', '\0',
+  /* "dracon.es", true */ 'd', 'r', 'a', 'c', 'o', 'n', '.', 'e', 's', '\0',
+  /* "dracox.com", true */ 'd', 'r', 'a', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "draftguru.com.au", true */ 'd', 'r', 'a', 'f', 't', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drafton.com", true */ 'd', 'r', 'a', 'f', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drageeparadise.fr", true */ 'd', 'r', 'a', 'g', 'e', 'e', 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '.', 'f', 'r', '\0',
+  /* "dragfiles.com", true */ 'd', 'r', 'a', 'g', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dragon-aspect.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'a', 's', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dragon-chem.eu", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'c', 'h', 'e', 'm', '.', 'e', 'u', '\0',
+  /* "dragon-hearts.co.uk", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'h', 'e', 'a', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dragoncave.me", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'c', 'a', 'v', 'e', '.', 'm', 'e', '\0',
+  /* "dragoncityhack.tips", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'c', 'i', 't', 'y', 'h', 'a', 'c', 'k', '.', 't', 'i', 'p', 's', '\0',
+  /* "dragonfly.co.uk", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'f', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dragonheartsrpg.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'h', 'e', 'a', 'r', 't', 's', 'r', 'p', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dragonkin.net", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'k', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dragonprogrammer.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dragonschool.org", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "dragonsunited.at", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'a', 't', '\0',
+  /* "dragonsunited.ch", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'h', '\0',
+  /* "dragonsunited.de", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "dragonsunited.eu", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "dragonsunited.info", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dragonsunited.net", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "dragonsunited.org", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "dragonwork.me", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'w', 'o', 'r', 'k', '.', 'm', 'e', '\0',
+  /* "drahcro.uk", true */ 'd', 'r', 'a', 'h', 'c', 'r', 'o', '.', 'u', 'k', '\0',
+  /* "drakeluce.com", true */ 'd', 'r', 'a', 'k', 'e', 'l', 'u', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "drakenprospero.com", false */ 'd', 'r', 'a', 'k', 'e', 'n', 'p', 'r', 'o', 's', 'p', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "drakfot.se", true */ 'd', 'r', 'a', 'k', 'f', 'o', 't', '.', 's', 'e', '\0',
+  /* "dramaticpeople.com", true */ 'd', 'r', 'a', 'm', 'a', 't', 'i', 'c', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dranderle.com", true */ 'd', 'r', 'a', 'n', 'd', 'e', 'r', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dranek.com", true */ 'd', 'r', 'a', 'n', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "draugr.de", true */ 'd', 'r', 'a', 'u', 'g', 'r', '.', 'd', 'e', '\0',
+  /* "draw.uy", true */ 'd', 'r', 'a', 'w', '.', 'u', 'y', '\0',
+  /* "drawesome.uy", true */ 'd', 'r', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'u', 'y', '\0',
+  /* "drawingcode.net", true */ 'd', 'r', 'a', 'w', 'i', 'n', 'g', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "drbethanybarnes.com", true */ 'd', 'r', 'b', 'e', 't', 'h', 'a', 'n', 'y', 'b', 'a', 'r', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drchristinehatfield.ca", true */ 'd', 'r', 'c', 'h', 'r', 'i', 's', 't', 'i', 'n', 'e', 'h', 'a', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'a', '\0',
+  /* "drchristophepanthier.com", true */ 'd', 'r', 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'p', 'a', 'n', 't', 'h', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "drdavidgilpin.com", true */ 'd', 'r', 'd', 'a', 'v', 'i', 'd', 'g', 'i', 'l', 'p', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drdim.ru", true */ 'd', 'r', 'd', 'i', 'm', '.', 'r', 'u', '\0',
+  /* "drdipilla.com", true */ 'd', 'r', 'd', 'i', 'p', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dreamaholic.club", true */ 'd', 'r', 'e', 'a', 'm', 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "dreamcreator108.com", true */ 'd', 'r', 'e', 'a', 'm', 'c', 'r', 'e', 'a', 't', 'o', 'r', '1', '0', '8', '.', 'c', 'o', 'm', '\0',
+  /* "dreamhack.com", true */ 'd', 'r', 'e', 'a', 'm', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dreamhostremixer.com", true */ 'd', 'r', 'e', 'a', 'm', 'h', 'o', 's', 't', 'r', 'e', 'm', 'i', 'x', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dreamithost.com.au", true */ 'd', 'r', 'e', 'a', 'm', 'i', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dreamlandmagic.com", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'a', 'n', 'd', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dreamlinehost.com", false */ 'd', 'r', 'e', 'a', 'm', 'l', 'i', 'n', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dreamlux.cz", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'u', 'x', '.', 'c', 'z', '\0',
+  /* "dreamlux.sk", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'u', 'x', '.', 's', 'k', '\0',
+  /* "dreamonkey.com", true */ 'd', 'r', 'e', 'a', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dreamtechie.com", true */ 'd', 'r', 'e', 'a', 'm', 't', 'e', 'c', 'h', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "drei01.de", true */ 'd', 'r', 'e', 'i', '0', '1', '.', 'd', 'e', '\0',
+  /* "dreid.org", true */ 'd', 'r', 'e', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "dreiweiden.de", true */ 'd', 'r', 'e', 'i', 'w', 'e', 'i', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "dreizwosechs.de", true */ 'd', 'r', 'e', 'i', 'z', 'w', 'o', 's', 'e', 'c', 'h', 's', '.', 'd', 'e', '\0',
+  /* "dress-cons.com", true */ 'd', 'r', 'e', 's', 's', '-', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drevo-door.cz", true */ 'd', 'r', 'e', 'v', 'o', '-', 'd', 'o', 'o', 'r', '.', 'c', 'z', '\0',
+  /* "drew.beer", true */ 'd', 'r', 'e', 'w', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "drew.red", true */ 'd', 'r', 'e', 'w', '.', 'r', 'e', 'd', '\0',
+  /* "dreweryinc.com", true */ 'd', 'r', 'e', 'w', 'e', 'r', 'y', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "drewsilcock.co.uk", true */ 'd', 'r', 'e', 'w', 's', 'i', 'l', 'c', 'o', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dreyfussplasticsurgery.com", true */ 'd', 'r', 'e', 'y', 'f', 'u', 's', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "drezzy.it", true */ 'd', 'r', 'e', 'z', 'z', 'y', '.', 'i', 't', '\0',
+  /* "drfrey.ch", true */ 'd', 'r', 'f', 'r', 'e', 'y', '.', 'c', 'h', '\0',
+  /* "drgn.no", true */ 'd', 'r', 'g', 'n', '.', 'n', 'o', '\0',
+  /* "drheibel.com", true */ 'd', 'r', 'h', 'e', 'i', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "driftdude.nl", true */ 'd', 'r', 'i', 'f', 't', 'd', 'u', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "drighes.com", true */ 'd', 'r', 'i', 'g', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drillion.net", true */ 'd', 'r', 'i', 'l', 'l', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "drillnation.com.au", true */ 'd', 'r', 'i', 'l', 'l', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drinkplanet.eu", true */ 'd', 'r', 'i', 'n', 'k', 'p', 'l', 'a', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "drino.org", false */ 'd', 'r', 'i', 'n', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "drive.google.com", false */ 'd', 'r', 'i', 'v', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "drive.xyz", true */ 'd', 'r', 'i', 'v', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "driven2shine.eu", true */ 'd', 'r', 'i', 'v', 'e', 'n', '2', 's', 'h', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "drivenes.net", true */ 'd', 'r', 'i', 'v', 'e', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "driver.ru", true */ 'd', 'r', 'i', 'v', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "driver61.com", true */ 'd', 'r', 'i', 'v', 'e', 'r', '6', '1', '.', 'c', 'o', 'm', '\0',
+  /* "driverless.id", true */ 'd', 'r', 'i', 'v', 'e', 'r', 'l', 'e', 's', 's', '.', 'i', 'd', '\0',
+  /* "driverprofiler.co.uk", true */ 'd', 'r', 'i', 'v', 'e', 'r', 'p', 'r', 'o', 'f', 'i', 'l', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "driverscollection.com", true */ 'd', 'r', 'i', 'v', 'e', 'r', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drivewithstatetransit.com.au", true */ 'd', 'r', 'i', 'v', 'e', 'w', 'i', 't', 'h', 's', 't', 'a', 't', 'e', 't', 'r', 'a', 'n', 's', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drivingtestpro.com", true */ 'd', 'r', 'i', 'v', 'i', 'n', 'g', 't', 'e', 's', 't', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "drixn.com", true */ 'd', 'r', 'i', 'x', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drjacquesmalan.com", true */ 'd', 'r', 'j', 'a', 'c', 'q', 'u', 'e', 's', 'm', 'a', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drjenafernandez.com", true */ 'd', 'r', 'j', 'e', 'n', 'a', 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "drjoe.ca", true */ 'd', 'r', 'j', 'o', 'e', '.', 'c', 'a', '\0',
+  /* "drjuanitacollier.com", true */ 'd', 'r', 'j', 'u', 'a', 'n', 'i', 't', 'a', 'c', 'o', 'l', 'l', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "drkhsh.at", true */ 'd', 'r', 'k', 'h', 's', 'h', '.', 'a', 't', '\0',
+  /* "drkmtrx.xyz", true */ 'd', 'r', 'k', 'm', 't', 'r', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "drlangsdon.com", true */ 'd', 'r', 'l', 'a', 'n', 'g', 's', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drlazarina.net", true */ 'd', 'r', 'l', 'a', 'z', 'a', 'r', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "drms.us", true */ 'd', 'r', 'm', 's', '.', 'u', 's', '\0',
+  /* "drobniuch.pl", false */ 'd', 'r', 'o', 'b', 'n', 'i', 'u', 'c', 'h', '.', 'p', 'l', '\0',
+  /* "drogueriaelbarco.com", true */ 'd', 'r', 'o', 'g', 'u', 'e', 'r', 'i', 'a', 'e', 'l', 'b', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "droidapp.nl", true */ 'd', 'r', 'o', 'i', 'd', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "droidgyan.com", true */ 'd', 'r', 'o', 'i', 'd', 'g', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "droidhere.com", true */ 'd', 'r', 'o', 'i', 'd', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "droidim.com", true */ 'd', 'r', 'o', 'i', 'd', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "droidwave.com", true */ 'd', 'r', 'o', 'i', 'd', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "droidwiki.de", true */ 'd', 'r', 'o', 'i', 'd', 'w', 'i', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "droithxn.com", true */ 'd', 'r', 'o', 'i', 't', 'h', 'x', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drone-it.net", true */ 'd', 'r', 'o', 'n', 'e', '-', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "dronebotworkshop.com", true */ 'd', 'r', 'o', 'n', 'e', 'b', 'o', 't', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dronepit.dk", true */ 'd', 'r', 'o', 'n', 'e', 'p', 'i', 't', '.', 'd', 'k', '\0',
+  /* "droni.cz", true */ 'd', 'r', 'o', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "dronografia.es", true */ 'd', 'r', 'o', 'n', 'o', 'g', 'r', 'a', 'f', 'i', 'a', '.', 'e', 's', '\0',
+  /* "dropbox.com", true */ 'd', 'r', 'o', 'p', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dropboxer.net", true */ 'd', 'r', 'o', 'p', 'b', 'o', 'x', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dropshare.cloud", true */ 'd', 'r', 'o', 'p', 's', 'h', 'a', 'r', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "droso.dk", true */ 'd', 'r', 'o', 's', 'o', '.', 'd', 'k', '\0',
+  /* "drown.photography", true */ 'd', 'r', 'o', 'w', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "drpetervoigt.de", true */ 'd', 'r', 'p', 'e', 't', 'e', 'r', 'v', 'o', 'i', 'g', 't', '.', 'd', 'e', '\0',
+  /* "drpico.com.au", true */ 'd', 'r', 'p', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drrr.chat", true */ 'd', 'r', 'r', 'r', '.', 'c', 'h', 'a', 't', '\0',
+  /* "drrr.wiki", true */ 'd', 'r', 'r', 'r', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "drschruefer.de", true */ 'd', 'r', 's', 'c', 'h', 'r', 'u', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "drsturgeonfreitas.com", true */ 'd', 'r', 's', 't', 'u', 'r', 'g', 'e', 'o', 'n', 'f', 'r', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drturner.com.au", true */ 'd', 'r', 't', 'u', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drubn.de", false */ 'd', 'r', 'u', 'b', 'n', '.', 'd', 'e', '\0',
+  /* "drugagodba.si", true */ 'd', 'r', 'u', 'g', 'a', 'g', 'o', 'd', 'b', 'a', '.', 's', 'i', '\0',
+  /* "drumbe.at", true */ 'd', 'r', 'u', 'm', 'b', 'e', '.', 'a', 't', '\0',
+  /* "drummondframing.com", true */ 'd', 'r', 'u', 'm', 'm', 'o', 'n', 'd', 'f', 'r', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "drupal-expert.it", true */ 'd', 'r', 'u', 'p', 'a', 'l', '-', 'e', 'x', 'p', 'e', 'r', 't', '.', 'i', 't', '\0',
+  /* "drupal.org", true */ 'd', 'r', 'u', 'p', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "drupalspb.org", true */ 'd', 'r', 'u', 'p', 'a', 'l', 's', 'p', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "drweissbrot.net", true */ 'd', 'r', 'w', 'e', 'i', 's', 's', 'b', 'r', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "drybasement.com", true */ 'd', 'r', 'y', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "drybasementkansas.com", true */ 'd', 'r', 'y', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'k', 'a', 'n', 's', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drybjed.net", true */ 'd', 'r', 'y', 'b', 'j', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "drycleancoalition.org", true */ 'd', 'r', 'y', 'c', 'l', 'e', 'a', 'n', 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "drycreekphoto.com", true */ 'd', 'r', 'y', 'c', 'r', 'e', 'e', 'k', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ds67.de", true */ 'd', 's', '6', '7', '.', 'd', 'e', '\0',
+  /* "dsancomics.com", true */ 'd', 's', 'a', 'n', 'c', 'o', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dsayce.com", true */ 'd', 's', 'a', 'y', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dsbrowser.com", true */ 'd', 's', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dsebastien.net", true */ 'd', 's', 'e', 'b', 'a', 's', 't', 'i', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dsektionen.se", true */ 'd', 's', 'e', 'k', 't', 'i', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0',
+  /* "dsm5.com", true */ 'd', 's', 'm', '5', '.', 'c', 'o', 'm', '\0',
+  /* "dsol.hu", true */ 'd', 's', 'o', 'l', '.', 'h', 'u', '\0',
+  /* "dssale.com", true */ 'd', 's', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dstamou.de", true */ 'd', 's', 't', 'a', 'm', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "dt27.org", true */ 'd', 't', '2', '7', '.', 'o', 'r', 'g', '\0',
+  /* "dtbouncycastles.co.uk", true */ 'd', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dtdsh.com", true */ 'd', 't', 'd', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "dtechstore.com.br", true */ 'd', 't', 'e', 'c', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dtg-fonds.com", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dtg-fonds.de", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'd', 'e', '\0',
+  /* "dtg-fonds.net", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "dtk-vom-chausseehaus.de", true */ 'd', 't', 'k', '-', 'v', 'o', 'm', '-', 'c', 'h', 'a', 'u', 's', 's', 'e', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "dtnx.eu", true */ 'd', 't', 'n', 'x', '.', 'e', 'u', '\0',
+  /* "dtnx.net", true */ 'd', 't', 'n', 'x', '.', 'n', 'e', 't', '\0',
+  /* "dtnx.org", true */ 'd', 't', 'n', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dtp-mstdn.jp", true */ 'd', 't', 'p', '-', 'm', 's', 't', 'd', 'n', '.', 'j', 'p', '\0',
+  /* "dtuaarsfest.dk", true */ 'd', 't', 'u', 'a', 'a', 'r', 's', 'f', 'e', 's', 't', '.', 'd', 'k', '\0',
+  /* "dtx.sk", true */ 'd', 't', 'x', '.', 's', 'k', '\0',
+  /* "dualascent.com", true */ 'd', 'u', 'a', 'l', 'a', 's', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dualias.xyz", false */ 'd', 'u', 'a', 'l', 'i', 'a', 's', '.', 'x', 'y', 'z', '\0',
+  /* "duan.li", true */ 'd', 'u', 'a', 'n', '.', 'l', 'i', '\0',
+  /* "dubaieveningsafari.com", true */ 'd', 'u', 'b', 'a', 'i', 'e', 'v', 'e', 'n', 'i', 'n', 'g', 's', 'a', 'f', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dublin-traceroute.net", true */ 'd', 'u', 'b', 'l', 'i', 'n', '-', 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dubrovnik-dental.clinic", true */ 'd', 'u', 'b', 'r', 'o', 'v', 'n', 'i', 'k', '-', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0',
+  /* "ducalendars.com", true */ 'd', 'u', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "duckasylum.com", true */ 'd', 'u', 'c', 'k', 'a', 's', 'y', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "duckbase.com", true */ 'd', 'u', 'c', 'k', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "duckduckstart.com", true */ 'd', 'u', 'c', 'k', 'd', 'u', 'c', 'k', 's', 't', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "duckinc.net", true */ 'd', 'u', 'c', 'k', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "duckyubuntu.tk", true */ 'd', 'u', 'c', 'k', 'y', 'u', 'b', 'u', 'n', 't', 'u', '.', 't', 'k', '\0',
+  /* "duernberg.at", true */ 'd', 'u', 'e', 'r', 'n', 'b', 'e', 'r', 'g', '.', 'a', 't', '\0',
+  /* "duesee.org", true */ 'd', 'u', 'e', 's', 'e', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "dufrei.com", true */ 'd', 'u', 'f', 'r', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dugnet.com", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dugnet.io", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'i', 'o', '\0',
+  /* "dugnet.net", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "dugnet.org", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "dugnet.tech", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "dugunedavet.com", true */ 'd', 'u', 'g', 'u', 'n', 'e', 'd', 'a', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "duh.se", true */ 'd', 'u', 'h', '.', 's', 'e', '\0',
+  /* "duijf.info", true */ 'd', 'u', 'i', 'j', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "duijfathome.nl", true */ 'd', 'u', 'i', 'j', 'f', 'a', 't', 'h', 'o', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "duitang.com", true */ 'd', 'u', 'i', 't', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dujsq.com", true */ 'd', 'u', 'j', 's', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "dujsq.top", true */ 'd', 'u', 'j', 's', 'q', '.', 't', 'o', 'p', '\0',
+  /* "dukan-recepty.ru", true */ 'd', 'u', 'k', 'a', 'n', '-', 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'r', 'u', '\0',
+  /* "dukefox.com", true */ 'd', 'u', 'k', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dukegat.de", true */ 'd', 'u', 'k', 'e', 'g', 'a', 't', '.', 'd', 'e', '\0',
+  /* "dukesatqueens.com", true */ 'd', 'u', 'k', 'e', 's', 'a', 't', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dukun.de", true */ 'd', 'u', 'k', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "dulei.si", true */ 'd', 'u', 'l', 'e', 'i', '.', 's', 'i', '\0',
+  /* "dullapp.com", true */ 'd', 'u', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dumax.xyz", true */ 'd', 'u', 'm', 'a', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "dumbeartech.com", true */ 'd', 'u', 'm', 'b', 'e', 'a', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "dumbomove.com.au", true */ 'd', 'u', 'm', 'b', 'o', 'm', 'o', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dumino.bg", true */ 'd', 'u', 'm', 'i', 'n', 'o', '.', 'b', 'g', '\0',
+  /* "dumpsters.com", true */ 'd', 'u', 'm', 'p', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dunableguitars.com", false */ 'd', 'u', 'n', 'a', 'b', 'l', 'e', 'g', 'u', 'i', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dunashoes.com", true */ 'd', 'u', 'n', 'a', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "duncancmt.com", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'c', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "duncanfamilytrust.org", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'f', 'a', 'm', 'i', 'l', 'y', 't', 'r', 'u', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "duncanwinfrey.com", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'w', 'i', 'n', 'f', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dundalkdonnie.com", true */ 'd', 'u', 'n', 'd', 'a', 'l', 'k', 'd', 'o', 'n', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dungeon-bbs.de", true */ 'd', 'u', 'n', 'g', 'e', 'o', 'n', '-', 'b', 'b', 's', '.', 'd', 'e', '\0',
+  /* "dunmanelectric.com", true */ 'd', 'u', 'n', 'm', 'a', 'n', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "duo.com", true */ 'd', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "duoluodeyu.com", true */ 'd', 'u', 'o', 'l', 'u', 'o', 'd', 'e', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "dupisces.com.tw", true */ 'd', 'u', 'p', 'i', 's', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "dupree.co", true */ 'd', 'u', 'p', 'r', 'e', 'e', '.', 'c', 'o', '\0',
+  /* "durdle.com", true */ 'd', 'u', 'r', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dureuil.info", true */ 'd', 'u', 'r', 'e', 'u', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "durexwinkel.nl", true */ 'd', 'u', 'r', 'e', 'x', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "duria.de", true */ 'd', 'u', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "duriaux-dentiste.ch", true */ 'd', 'u', 'r', 'i', 'a', 'u', 'x', '-', 'd', 'e', 'n', 't', 'i', 's', 't', 'e', '.', 'c', 'h', '\0',
+  /* "durys.be", true */ 'd', 'u', 'r', 'y', 's', '.', 'b', 'e', '\0',
+  /* "dusmomente.com", true */ 'd', 'u', 's', 'm', 'o', 'm', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dustri.org", true */ 'd', 'u', 's', 't', 'r', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "dustycloth.com", true */ 'd', 'u', 's', 't', 'y', 'c', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "dustygroove.com", true */ 'd', 'u', 's', 't', 'y', 'g', 'r', 'o', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dustyspokesbnb.ca", true */ 'd', 'u', 's', 't', 'y', 's', 'p', 'o', 'k', 'e', 's', 'b', 'n', 'b', '.', 'c', 'a', '\0',
+  /* "dutch.desi", true */ 'd', 'u', 't', 'c', 'h', '.', 'd', 'e', 's', 'i', '\0',
+  /* "dutch1.nl", true */ 'd', 'u', 't', 'c', 'h', '1', '.', 'n', 'l', '\0',
+  /* "dutchrank.nl", true */ 'd', 'u', 't', 'c', 'h', 'r', 'a', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "dutchweballiance.nl", true */ 'd', 'u', 't', 'c', 'h', 'w', 'e', 'b', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "dutyfreeonboard.com", true */ 'd', 'u', 't', 'y', 'f', 'r', 'e', 'e', 'o', 'n', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "duyao.de", false */ 'd', 'u', 'y', 'a', 'o', '.', 'd', 'e', '\0',
+  /* "dv189.com", true */ 'd', 'v', '1', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "dvbris.co.uk", true */ 'd', 'v', 'b', 'r', 'i', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dvbris.com", true */ 'd', 'v', 'b', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dvdland.com.au", true */ 'd', 'v', 'd', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dvhosting.be", true */ 'd', 'v', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "dvnatura.ch", true */ 'd', 'v', 'n', 'a', 't', 'u', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "dvorupotocnych.sk", true */ 'd', 'v', 'o', 'r', 'u', 'p', 'o', 't', 'o', 'c', 'n', 'y', 'c', 'h', '.', 's', 'k', '\0',
+  /* "dvotx.org", true */ 'd', 'v', 'o', 't', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dvwc.org", true */ 'd', 'v', 'w', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "dvx.cloud", true */ 'd', 'v', 'x', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "dwgf.xyz", true */ 'd', 'w', 'g', 'f', '.', 'x', 'y', 'z', '\0',
+  /* "dworzak.ch", true */ 'd', 'w', 'o', 'r', 'z', 'a', 'k', '.', 'c', 'h', '\0',
+  /* "dwscdv3.com", true */ 'd', 'w', 's', 'c', 'd', 'v', '3', '.', 'c', 'o', 'm', '\0',
+  /* "dwtm.ch", true */ 'd', 'w', 't', 'm', '.', 'c', 'h', '\0',
+  /* "dwworld.co.uk", true */ 'd', 'w', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dxa.io", false */ 'd', 'x', 'a', '.', 'i', 'o', '\0',
+  /* "dxgl.info", true */ 'd', 'x', 'g', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dxm.no-ip.biz", true */ 'd', 'x', 'm', '.', 'n', 'o', '-', 'i', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "dyeager.org", true */ 'd', 'y', 'e', 'a', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "dyktig.as", true */ 'd', 'y', 'k', 't', 'i', 'g', '.', 'a', 's', '\0',
+  /* "dyktig.no", true */ 'd', 'y', 'k', 't', 'i', 'g', '.', 'n', 'o', '\0',
+  /* "dylanboudro.com", true */ 'd', 'y', 'l', 'a', 'n', 'b', 'o', 'u', 'd', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dylankatz.com", true */ 'd', 'y', 'l', 'a', 'n', 'k', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "dylanknoll.ca", true */ 'd', 'y', 'l', 'a', 'n', 'k', 'n', 'o', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "dyn-nserve.net", true */ 'd', 'y', 'n', '-', 'n', 's', 'e', 'r', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dyn.im", true */ 'd', 'y', 'n', '.', 'i', 'm', '\0',
+  /* "dynaloop.net", true */ 'd', 'y', 'n', 'a', 'l', 'o', 'o', 'p', '.', 'n', 'e', 't', '\0',
+  /* "dynamic-networks.be", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'b', 'e', '\0',
+  /* "dynamicnet.net", false */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "dynamics-365.no", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '-', '3', '6', '5', '.', 'n', 'o', '\0',
+  /* "dynamics365.no", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '3', '6', '5', '.', 'n', 'o', '\0',
+  /* "dynamicsnetwork.net", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "dynamictostatic.com", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 't', 'o', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dynamicyou.co.uk", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 'y', 'o', 'u', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dynastic.co", true */ 'd', 'y', 'n', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', '\0',
+  /* "dynn.be", true */ 'd', 'y', 'n', 'n', '.', 'b', 'e', '\0',
+  /* "dynorphin.com", true */ 'd', 'y', 'n', 'o', 'r', 'p', 'h', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dynorphins.com", true */ 'd', 'y', 'n', 'o', 'r', 'p', 'h', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dynts.pro", false */ 'd', 'y', 'n', 't', 's', '.', 'p', 'r', 'o', '\0',
+  /* "dynx.pl", true */ 'd', 'y', 'n', 'x', '.', 'p', 'l', '\0',
+  /* "dyrenesverden.no", true */ 'd', 'y', 'r', 'e', 'n', 'e', 's', 'v', 'e', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "dyrkar.com", true */ 'd', 'y', 'r', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dysthymia.com", true */ 'd', 'y', 's', 't', 'h', 'y', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dyyn.de", true */ 'd', 'y', 'y', 'n', '.', 'd', 'e', '\0',
+  /* "dyz.pw", true */ 'd', 'y', 'z', '.', 'p', 'w', '\0',
+  /* "dzeina.ch", true */ 'd', 'z', 'e', 'i', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "dzet.de", true */ 'd', 'z', 'e', 't', '.', 'd', 'e', '\0',
+  /* "dziekonski.com", true */ 'd', 'z', 'i', 'e', 'k', 'o', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dziurdzia.pl", true */ 'd', 'z', 'i', 'u', 'r', 'd', 'z', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "dzndk.com", true */ 'd', 'z', 'n', 'd', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dzndk.net", true */ 'd', 'z', 'n', 'd', 'k', '.', 'n', 'e', 't', '\0',
+  /* "dzndk.org", true */ 'd', 'z', 'n', 'd', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "dzomo.org", true */ 'd', 'z', 'o', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "dzsula.hu", true */ 'd', 'z', 's', 'u', 'l', 'a', '.', 'h', 'u', '\0',
+  /* "dzyabchenko.com", true */ 'd', 'z', 'y', 'a', 'b', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "e-apack.com.br", true */ 'e', '-', 'a', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "e-briancon.com", true */ 'e', '-', 'b', 'r', 'i', 'a', 'n', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "e-cottage.com.br", true */ 'e', '-', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "e-hon.link", true */ 'e', '-', 'h', 'o', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "e-id.ee", true */ 'e', '-', 'i', 'd', '.', 'e', 'e', '\0',
+  /* "e-kontakti.fi", true */ 'e', '-', 'k', 'o', 'n', 't', 'a', 'k', 't', 'i', '.', 'f', 'i', '\0',
+  /* "e-lambre.com", true */ 'e', '-', 'l', 'a', 'm', 'b', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "e-learningbs.com", true */ 'e', '-', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "e-lifetechnology.com", true */ 'e', '-', 'l', 'i', 'f', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "e-migration.ch", true */ 'e', '-', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "e-standardstore.org", true */ 'e', '-', 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 's', 't', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "e-surveillant.nl", true */ 'e', '-', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "e-teacher.pl", true */ 'e', '-', 't', 'e', 'a', 'c', 'h', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "e-tech-solution.com", true */ 'e', '-', 't', 'e', 'c', 'h', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "e-tmf.org", true */ 'e', '-', 't', 'm', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "e-tresor.at", true */ 'e', '-', 't', 'r', 'e', 's', 'o', 'r', '.', 'a', 't', '\0',
+  /* "e-tune-mt.net", true */ 'e', '-', 't', 'u', 'n', 'e', '-', 'm', 't', '.', 'n', 'e', 't', '\0',
+  /* "e-typ.eu", true */ 'e', '-', 't', 'y', 'p', '.', 'e', 'u', '\0',
+  /* "e-vau.de", true */ 'e', '-', 'v', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "e-worksmedia.com", true */ 'e', '-', 'w', 'o', 'r', 'k', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "e.mail.ru", true */ 'e', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "e024.org", true */ 'e', '0', '2', '4', '.', 'o', 'r', 'g', '\0',
+  /* "e11even.nl", false */ 'e', '1', '1', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "e191.com", true */ 'e', '1', '9', '1', '.', 'c', 'o', 'm', '\0',
+  /* "e2feed.com", true */ 'e', '2', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "e30.ee", true */ 'e', '3', '0', '.', 'e', 'e', '\0',
+  /* "e3kids.com", true */ 'e', '3', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "e3q.de", true */ 'e', '3', 'q', '.', 'd', 'e', '\0',
+  /* "e505.net", true */ 'e', '5', '0', '5', '.', 'n', 'e', 't', '\0',
+  /* "e5tv.hu", true */ 'e', '5', 't', 'v', '.', 'h', 'u', '\0',
+  /* "e64.com", true */ 'e', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "e7d.io", true */ 'e', '7', 'd', '.', 'i', 'o', '\0',
+  /* "e9a.at", true */ 'e', '9', 'a', '.', 'a', 't', '\0',
+  /* "ea2drocks.com", true */ 'e', 'a', '2', 'd', 'r', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ead-italia.it", true */ 'e', 'a', 'd', '-', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "eagle-yard.de", true */ 'e', 'a', 'g', 'l', 'e', '-', 'y', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "eagleindustriesltd.com", true */ 'e', 'a', 'g', 'l', 'e', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eagleridgecampground.com", true */ 'e', 'a', 'g', 'l', 'e', 'r', 'i', 'd', 'g', 'e', 'c', 'a', 'm', 'p', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eaglesecurity.com", true */ 'e', 'a', 'g', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "eagletechz.com.br", true */ 'e', 'a', 'g', 'l', 'e', 't', 'e', 'c', 'h', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "eagleyecs.com", true */ 'e', 'a', 'g', 'l', 'e', 'y', 'e', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eaimty.com", true */ 'e', 'a', 'i', 'm', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ealev.de", true */ 'e', 'a', 'l', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "eames-clayton.us", true */ 'e', 'a', 'm', 'e', 's', '-', 'c', 'l', 'a', 'y', 't', 'o', 'n', '.', 'u', 's', '\0',
+  /* "eapestudioweb.com", true */ 'e', 'a', 'p', 'e', 's', 't', 'u', 'd', 'i', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "earl.org.uk", true */ 'e', 'a', 'r', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "earlyyearshub.com", true */ 'e', 'a', 'r', 'l', 'y', 'y', 'e', 'a', 'r', 's', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "earmarks.gov", true */ 'e', 'a', 'r', 'm', 'a', 'r', 'k', 's', '.', 'g', 'o', 'v', '\0',
+  /* "earn.com", true */ 'e', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "earth-people.org", true */ 'e', 'a', 'r', 't', 'h', '-', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "earticleblog.com", true */ 'e', 'a', 'r', 't', 'i', 'c', 'l', 'e', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "earvinkayonga.com", true */ 'e', 'a', 'r', 'v', 'i', 'n', 'k', 'a', 'y', 'o', 'n', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "easelforart.com", true */ 'e', 'a', 's', 'e', 'l', 'f', 'o', 'r', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eashwar.com", true */ 'e', 'a', 's', 'h', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eason-yang.com", true */ 'e', 'a', 's', 'o', 'n', '-', 'y', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "east-line.su", true */ 'e', 'a', 's', 't', '-', 'l', 'i', 'n', 'e', '.', 's', 'u', '\0',
+  /* "eastarm.net", true */ 'e', 'a', 's', 't', 'a', 'r', 'm', '.', 'n', 'e', 't', '\0',
+  /* "eastcoastbubbleandbounce.co.uk", true */ 'e', 'a', 's', 't', 'c', 'o', 'a', 's', 't', 'b', 'u', 'b', 'b', 'l', 'e', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eastcoastinflatables.co.uk", true */ 'e', 'a', 's', 't', 'c', 'o', 'a', 's', 't', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eastlothianbouncycastles.co.uk", true */ 'e', 'a', 's', 't', 'l', 'o', 't', 'h', 'i', 'a', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eastmanbusinessinstitute.com", true */ 'e', 'a', 's', 't', 'm', 'a', 'n', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eastmontgroup.com", true */ 'e', 'a', 's', 't', 'm', 'o', 'n', 't', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "easy-factures.fr", true */ 'e', 'a', 's', 'y', '-', 'f', 'a', 'c', 't', 'u', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "easy-rpg.org", false */ 'e', 'a', 's', 'y', '-', 'r', 'p', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "easyadsnbanners.tk", false */ 'e', 'a', 's', 'y', 'a', 'd', 's', 'n', 'b', 'a', 'n', 'n', 'e', 'r', 's', '.', 't', 'k', '\0',
+  /* "easycoding.org", true */ 'e', 'a', 's', 'y', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "easyconstat.com", true */ 'e', 'a', 's', 'y', 'c', 'o', 'n', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "easycosmetic.ch", true */ 'e', 'a', 's', 'y', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "easycup.com", true */ 'e', 'a', 's', 'y', 'c', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "easyfiles.ch", true */ 'e', 'a', 's', 'y', 'f', 'i', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "easyhaul.com", true */ 'e', 'a', 's', 'y', 'h', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "easyllc.com", false */ 'e', 'a', 's', 'y', 'l', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "easyocm.hu", true */ 'e', 'a', 's', 'y', 'o', 'c', 'm', '.', 'h', 'u', '\0',
+  /* "easyproperty.com", true */ 'e', 'a', 's', 'y', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "easypv.ch", true */ 'e', 'a', 's', 'y', 'p', 'v', '.', 'c', 'h', '\0',
+  /* "easysimplecrm.com", false */ 'e', 'a', 's', 'y', 's', 'i', 'm', 'p', 'l', 'e', 'c', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "easystore.co", true */ 'e', 'a', 's', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', '\0',
+  /* "eat-sleep-code.com", true */ 'e', 'a', 't', '-', 's', 'l', 'e', 'e', 'p', '-', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eat-the-world.ch", true */ 'e', 'a', 't', '-', 't', 'h', 'e', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "eatery.co.il", true */ 'e', 'a', 't', 'e', 'r', 'y', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "eatlowcarb.de", false */ 'e', 'a', 't', 'l', 'o', 'w', 'c', 'a', 'r', 'b', '.', 'd', 'e', '\0',
+  /* "eaton-works.com", true */ 'e', 'a', 't', 'o', 'n', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eatsleeprepeat.net", true */ 'e', 'a', 't', 's', 'l', 'e', 'e', 'p', 'r', 'e', 'p', 'e', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "eatson.com", true */ 'e', 'a', 't', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "eattherich.us", true */ 'e', 'a', 't', 't', 'h', 'e', 'r', 'i', 'c', 'h', '.', 'u', 's', '\0',
+  /* "eatz.com", true */ 'e', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "eauxdespleiades.ch", true */ 'e', 'a', 'u', 'x', 'd', 'e', 's', 'p', 'l', 'e', 'i', 'a', 'd', 'e', 's', '.', 'c', 'h', '\0',
+  /* "eb-net.de", true */ 'e', 'b', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "eb7.jp", true */ 'e', 'b', '7', '.', 'j', 'p', '\0',
+  /* "ebanking.indovinabank.com.vn", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'i', 'n', 'd', 'o', 'v', 'i', 'n', 'a', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'v', 'n', '\0',
+  /* "ebankingabersicher.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'a', 'b', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "ebankingbutsecure.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'b', 'u', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "ebankingentoutesecurite.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'e', 'n', 't', 'o', 'u', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "ebankingmasicuro.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'm', 'a', 's', 'i', 'c', 'u', 'r', 'o', '.', 'c', 'h', '\0',
+  /* "ebas.ch", true */ 'e', 'b', 'a', 's', '.', 'c', 'h', '\0',
+  /* "ebataw.com", true */ 'e', 'b', 'a', 't', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "ebayinc.com", true */ 'e', 'b', 'a', 'y', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ebaymotorssucks.com", true */ 'e', 'b', 'a', 'y', 'm', 'o', 't', 'o', 'r', 's', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ebermannstadt.de", false */ 'e', 'b', 'e', 'r', 'm', 'a', 'n', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "eboek.info", true */ 'e', 'b', 'o', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ebooki.eu.org", true */ 'e', 'b', 'o', 'o', 'k', 'i', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ebop.ch", true */ 'e', 'b', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "eboyer.com", true */ 'e', 'b', 'o', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ebrnd.de", true */ 'e', 'b', 'r', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "ebrowz.com", true */ 'e', 'b', 'r', 'o', 'w', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "ec-baran.de", true */ 'e', 'c', '-', 'b', 'a', 'r', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "ecchidreams.com", true */ 'e', 'c', 'c', 'h', 'i', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ecco-verde.com", false */ 'e', 'c', 'c', 'o', '-', 'v', 'e', 'r', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eccoviasolutions.com", true */ 'e', 'c', 'c', 'o', 'v', 'i', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eccux.com", true */ 'e', 'c', 'c', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ecelembrou.ovh", true */ 'e', 'c', 'e', 'l', 'e', 'm', 'b', 'r', 'o', 'u', '.', 'o', 'v', 'h', '\0',
+  /* "ecfnorte.com.br", true */ 'e', 'c', 'f', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "echatta.net", true */ 'e', 'c', 'h', 'a', 't', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "echatta.org", true */ 'e', 'c', 'h', 'a', 't', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "echo-security.co", true */ 'e', 'c', 'h', 'o', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '\0',
+  /* "echoactive.com", true */ 'e', 'c', 'h', 'o', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "echoanalytics.com", true */ 'e', 'c', 'h', 'o', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "echodio.com", true */ 'e', 'c', 'h', 'o', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "echofoxtrot.co", true */ 'e', 'c', 'h', 'o', 'f', 'o', 'x', 't', 'r', 'o', 't', '.', 'c', 'o', '\0',
+  /* "echomanchester.net", true */ 'e', 'c', 'h', 'o', 'm', 'a', 'n', 'c', 'h', 'e', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "echopaper.com", true */ 'e', 'c', 'h', 'o', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "echosim.io", true */ 'e', 'c', 'h', 'o', 's', 'i', 'm', '.', 'i', 'o', '\0',
+  /* "echosixmonkey.com", true */ 'e', 'c', 'h', 'o', 's', 'i', 'x', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "echosystem.fr", true */ 'e', 'c', 'h', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'f', 'r', '\0',
+  /* "echoworld.ch", true */ 'e', 'c', 'h', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "ecirtam.net", true */ 'e', 'c', 'i', 'r', 't', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "eckel.co", true */ 'e', 'c', 'k', 'e', 'l', '.', 'c', 'o', '\0',
+  /* "eclipse.ws", true */ 'e', 'c', 'l', 'i', 'p', 's', 'e', '.', 'w', 's', '\0',
+  /* "ecnetworker.com", true */ 'e', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eco-derattizzazione.it", true */ 'e', 'c', 'o', '-', 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'i', 't', '\0',
+  /* "eco-work.it", true */ 'e', 'c', 'o', '-', 'w', 'o', 'r', 'k', '.', 'i', 't', '\0',
+  /* "ecoccinelles.ch", true */ 'e', 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "ecoccinelles.com", true */ 'e', 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ecococon.fr", true */ 'e', 'c', 'o', 'c', 'o', 'c', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "ecodigital.social", true */ 'e', 'c', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "ecogen.com.au", true */ 'e', 'c', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ecogen.net.au", true */ 'e', 'c', 'o', 'g', 'e', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "ecoheatcool.co.uk", true */ 'e', 'c', 'o', 'h', 'e', 'a', 't', 'c', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ecohostingservices.uk", true */ 'e', 'c', 'o', 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'u', 'k', '\0',
+  /* "ecolala.my", true */ 'e', 'c', 'o', 'l', 'a', 'l', 'a', '.', 'm', 'y', '\0',
+  /* "ecole-attalens.ch", true */ 'e', 'c', 'o', 'l', 'e', '-', 'a', 't', 't', 'a', 'l', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "ecole-iaf.fr", true */ 'e', 'c', 'o', 'l', 'e', '-', 'i', 'a', 'f', '.', 'f', 'r', '\0',
+  /* "ecoledusabbat.org", true */ 'e', 'c', 'o', 'l', 'e', 'd', 'u', 's', 'a', 'b', 'b', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ecolemathurincordier.com", true */ 'e', 'c', 'o', 'l', 'e', 'm', 'a', 't', 'h', 'u', 'r', 'i', 'n', 'c', 'o', 'r', 'd', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ecolesrec.ch", true */ 'e', 'c', 'o', 'l', 'e', 's', 'r', 'e', 'c', '.', 'c', 'h', '\0',
+  /* "ecolife-vrn.ru", true */ 'e', 'c', 'o', 'l', 'i', 'f', 'e', '-', 'v', 'r', 'n', '.', 'r', 'u', '\0',
+  /* "ecompen.co.za", true */ 'e', 'c', 'o', 'm', 'p', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "econativa.pt", true */ 'e', 'c', 'o', 'n', 'a', 't', 'i', 'v', 'a', '.', 'p', 't', '\0',
+  /* "economias.pt", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'a', 's', '.', 'p', 't', '\0',
+  /* "economicinclusion.gov", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'c', 'i', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "economiefidu.ch", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 'f', 'i', 'd', 'u', '.', 'c', 'h', '\0',
+  /* "economies.ch", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 's', '.', 'c', 'h', '\0',
+  /* "economy.st", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'y', '.', 's', 't', '\0',
+  /* "econsumer.gov", true */ 'e', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "ecorp.cc", true */ 'e', 'c', 'o', 'r', 'p', '.', 'c', 'c', '\0',
+  /* "ecos-ev.de", true */ 'e', 'c', 'o', 's', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "ecoshare.info", true */ 'e', 'c', 'o', 's', 'h', 'a', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ecoskif.ru", true */ 'e', 'c', 'o', 's', 'k', 'i', 'f', '.', 'r', 'u', '\0',
+  /* "ecosoftconsult.com", true */ 'e', 'c', 'o', 's', 'o', 'f', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ecosound.ch", true */ 'e', 'c', 'o', 's', 'o', 'u', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "ecosystem.atlassian.net", true */ 'e', 'c', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ecoterramedia.com", true */ 'e', 'c', 'o', 't', 'e', 'r', 'r', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ecotruck-pooling.com", true */ 'e', 'c', 'o', 't', 'r', 'u', 'c', 'k', '-', 'p', 'o', 'o', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ecovision.com.br", true */ 'e', 'c', 'o', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ecrandouble.ch", true */ 'e', 'c', 'r', 'a', 'n', 'd', 'o', 'u', 'b', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "ecupcafe.com", false */ 'e', 'c', 'u', 'p', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ed.gs", true */ 'e', 'd', '.', 'g', 's', '\0',
+  /* "edakoe.ru", true */ 'e', 'd', 'a', 'k', 'o', 'e', '.', 'r', 'u', '\0',
+  /* "edd-miles.com", true */ 'e', 'd', 'd', '-', 'm', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eddesign.ch", true */ 'e', 'd', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "eddmil.es", true */ 'e', 'd', 'd', 'm', 'i', 'l', '.', 'e', 's', '\0',
+  /* "edeca.net", true */ 'e', 'd', 'e', 'c', 'a', '.', 'n', 'e', 't', '\0',
+  /* "edenmal.net", true */ 'e', 'd', 'e', 'n', 'm', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "edenvalerubbleremovals.co.za", true */ 'e', 'd', 'e', 'n', 'v', 'a', 'l', 'e', 'r', 'u', 'b', 'b', 'l', 'e', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "edesseglabor.hu", true */ 'e', 'd', 'e', 's', 's', 'e', 'g', 'l', 'a', 'b', 'o', 'r', '.', 'h', 'u', '\0',
+  /* "edge-cloud.net", true */ 'e', 'd', 'g', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "edgeservices.co.uk", true */ 'e', 'd', 'g', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "edgetalk.net", true */ 'e', 'd', 'g', 'e', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0',
+  /* "edhesive.com", true */ 'e', 'd', 'h', 'e', 's', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edholm.pub", true */ 'e', 'd', 'h', 'o', 'l', 'm', '.', 'p', 'u', 'b', '\0',
+  /* "edibarcode.com", true */ 'e', 'd', 'i', 'b', 'a', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edicct.com", true */ 'e', 'd', 'i', 'c', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "edisonchee.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'c', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edisonlee55.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'l', 'e', 'e', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "edisonluiz.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'l', 'u', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "edisonnissanparts.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "edit.yahoo.com", false */ 'e', 'd', 'i', 't', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "edition-bambou.com", true */ 'e', 'd', 'i', 't', 'i', 'o', 'n', '-', 'b', 'a', 'm', 'b', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "edition-sonblom.de", true */ 'e', 'd', 'i', 't', 'i', 'o', 'n', '-', 's', 'o', 'n', 'b', 'l', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "editoraacademiacrista.com.br", true */ 'e', 'd', 'i', 't', 'o', 'r', 'a', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'a', 'c', 'r', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "edlinus.cn", true */ 'e', 'd', 'l', 'i', 'n', 'u', 's', '.', 'c', 'n', '\0',
+  /* "edmundcelis.com", true */ 'e', 'd', 'm', 'u', 'n', 'd', 'c', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "edoss.co.za", true */ 'e', 'd', 'o', 's', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "edp-collaborative.com", true */ 'e', 'd', 'p', '-', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edsm.net", true */ 'e', 'd', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "edstep.com", true */ 'e', 'd', 's', 't', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "edtech-hub.com", true */ 'e', 'd', 't', 'e', 'c', 'h', '-', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "edtechwebb.com", true */ 'e', 'd', 't', 'e', 'c', 'h', 'w', 'e', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "edu6.cloud", true */ 'e', 'd', 'u', '6', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "eduard-dopler.de", true */ 'e', 'd', 'u', 'a', 'r', 'd', '-', 'd', 'o', 'p', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "edubras.com.br", true */ 'e', 'd', 'u', 'b', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "educaid.be", true */ 'e', 'd', 'u', 'c', 'a', 'i', 'd', '.', 'b', 'e', '\0',
+  /* "educationevolving.org", true */ 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'e', 'v', 'o', 'l', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "educationunlimited.com", true */ 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "educator-one.com", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'r', '-', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "educators.co.nz", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "educatoys.com.br", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "educatweb.de", true */ 'e', 'd', 'u', 'c', 'a', 't', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "eductf.org", true */ 'e', 'd', 'u', 'c', 't', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "edudrugs.com", true */ 'e', 'd', 'u', 'd', 'r', 'u', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eduid.se", true */ 'e', 'd', 'u', 'i', 'd', '.', 's', 'e', '\0',
+  /* "edumundo.nl", true */ 'e', 'd', 'u', 'm', 'u', 'n', 'd', 'o', '.', 'n', 'l', '\0',
+  /* "eduroam.no", true */ 'e', 'd', 'u', 'r', 'o', 'a', 'm', '.', 'n', 'o', '\0',
+  /* "edusanjal.com", true */ 'e', 'd', 'u', 's', 'a', 'n', 'j', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "edv-bv.de", true */ 'e', 'd', 'v', '-', 'b', 'v', '.', 'd', 'e', '\0',
+  /* "edv-kohls.de", true */ 'e', 'd', 'v', '-', 'k', 'o', 'h', 'l', 's', '.', 'd', 'e', '\0',
+  /* "edv-lehrgang.de", true */ 'e', 'd', 'v', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "edvmesstec.de", true */ 'e', 'd', 'v', 'm', 'e', 's', 's', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "edwar.do", true */ 'e', 'd', 'w', 'a', 'r', '.', 'd', 'o', '\0',
+  /* "edwards.me.uk", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "edwardsnowden.com", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', 'n', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "edwardspeyer.com", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', 'p', 'e', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "edxg.de", false */ 'e', 'd', 'x', 'g', '.', 'd', 'e', '\0',
+  /* "edyou.eu", true */ 'e', 'd', 'y', 'o', 'u', '.', 'e', 'u', '\0',
+  /* "edzilla.info", true */ 'e', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ee-terminals.com", true */ 'e', 'e', '-', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eeetrust.org", true */ 'e', 'e', 'e', 't', 'r', 'u', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "eellak.gr", true */ 'e', 'e', 'l', 'l', 'a', 'k', '.', 'g', 'r', '\0',
+  /* "eelsden.net", true */ 'e', 'e', 'l', 's', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "eelzak.nl", true */ 'e', 'e', 'l', 'z', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "eeqj.com", true */ 'e', 'e', 'q', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "eer.io", true */ 'e', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "eerlijktransport.nl", true */ 'e', 'e', 'r', 'l', 'i', 'j', 'k', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "eerstejaarsweekend.nl", true */ 'e', 'e', 'r', 's', 't', 'e', 'j', 'a', 'a', 'r', 's', 'w', 'e', 'e', 'k', 'e', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "eery.de", true */ 'e', 'e', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "eewna.org", true */ 'e', 'e', 'w', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "eez.ee", true */ 'e', 'e', 'z', '.', 'e', 'e', '\0',
+  /* "ef-georgia.org", true */ 'e', 'f', '-', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ef.gy", true */ 'e', 'f', '.', 'g', 'y', '\0',
+  /* "efa-football.com", true */ 'e', 'f', 'a', '-', 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "efaas.nl", true */ 'e', 'f', 'a', 'a', 's', '.', 'n', 'l', '\0',
+  /* "efag.com", true */ 'e', 'f', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "efeen.nl", true */ 'e', 'f', 'e', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "eff-bee-eye.de", true */ 'e', 'f', 'f', '-', 'b', 'e', 'e', '-', 'e', 'y', 'e', '.', 'd', 'e', '\0',
+  /* "eff.org", true */ 'e', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "effdocs.com", true */ 'e', 'f', 'f', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "effe.ch", true */ 'e', 'f', 'f', 'e', '.', 'c', 'h', '\0',
+  /* "effective-altruist.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', '-', 'a', 'l', 't', 'r', 'u', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "effectivecoffee.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "effectiveosgi.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'o', 's', 'g', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "effectivepapers.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "effero.net", true */ 'e', 'f', 'f', 'e', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "effex.ru", true */ 'e', 'f', 'f', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "effishiency.com", true */ 'e', 'f', 'f', 'i', 's', 'h', 'i', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "effizienta.ch", true */ 'e', 'f', 'f', 'i', 'z', 'i', 'e', 'n', 't', 'a', '.', 'c', 'h', '\0',
+  /* "efflam.net", true */ 'e', 'f', 'f', 'l', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "eft.boutique", true */ 'e', 'f', 't', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0',
+  /* "egablo.black", true */ 'e', 'g', 'a', 'b', 'l', 'o', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "egami.ch", true */ 'e', 'g', 'a', 'm', 'i', '.', 'c', 'h', '\0',
+  /* "eganassociates.com.au", true */ 'e', 'g', 'a', 'n', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "egarden.it", true */ 'e', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'i', 't', '\0',
+  /* "egb.at", false */ 'e', 'g', 'b', '.', 'a', 't', '\0',
+  /* "egbert.net", true */ 'e', 'g', 'b', 'e', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "egeozcan.com", true */ 'e', 'g', 'e', 'o', 'z', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "egfl.org.uk", true */ 'e', 'g', 'f', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "egg-ortho.ch", true */ 'e', 'g', 'g', '-', 'o', 'r', 't', 'h', 'o', '.', 'c', 'h', '\0',
+  /* "eggblast.com", true */ 'e', 'g', 'g', 'b', 'l', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eggert.org", true */ 'e', 'g', 'g', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "eggplant.today", true */ 'e', 'g', 'g', 'p', 'l', 'a', 'n', 't', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "egiftcards.be", true */ 'e', 'g', 'i', 'f', 't', 'c', 'a', 'r', 'd', 's', '.', 'b', 'e', '\0',
+  /* "eglek.com", true */ 'e', 'g', 'l', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ego4u.com", true */ 'e', 'g', 'o', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ego4u.de", true */ 'e', 'g', 'o', '4', 'u', '.', 'd', 'e', '\0',
+  /* "egoroof.ru", true */ 'e', 'g', 'o', 'r', 'o', 'o', 'f', '.', 'r', 'u', '\0',
+  /* "egov4.ch", true */ 'e', 'g', 'o', 'v', '4', '.', 'c', 'h', '\0',
+  /* "egretail.no", false */ 'e', 'g', 'r', 'e', 't', 'a', 'i', 'l', '.', 'n', 'o', '\0',
+  /* "egumenita.ro", true */ 'e', 'g', 'u', 'm', 'e', 'n', 'i', 't', 'a', '.', 'r', 'o', '\0',
+  /* "egupova.ru", true */ 'e', 'g', 'u', 'p', 'o', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "egw-ceramica.de", true */ 'e', 'g', 'w', '-', 'c', 'e', 'r', 'a', 'm', 'i', 'c', 'a', '.', 'd', 'e', '\0',
+  /* "egweb.tv", true */ 'e', 'g', 'w', 'e', 'b', '.', 't', 'v', '\0',
+  /* "ehaccp.it", true */ 'e', 'h', 'a', 'c', 'c', 'p', '.', 'i', 't', '\0',
+  /* "ehandel.com", true */ 'e', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ehazi.hu", true */ 'e', 'h', 'a', 'z', 'i', '.', 'h', 'u', '\0',
+  /* "ehertz.uk", true */ 'e', 'h', 'e', 'r', 't', 'z', '.', 'u', 'k', '\0',
+  /* "ehipaa.com", true */ 'e', 'h', 'i', 'p', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ehlacademy.org", true */ 'e', 'h', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ehomusicgear.com", true */ 'e', 'h', 'o', 'm', 'u', 's', 'i', 'c', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ehrlichesbier.de", true */ 'e', 'h', 'r', 'l', 'i', 'c', 'h', 'e', 's', 'b', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "eichel.eu", true */ 'e', 'i', 'c', 'h', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "eichornenterprises.com", true */ 'e', 'i', 'c', 'h', 'o', 'r', 'n', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eickemeyer.nl", true */ 'e', 'i', 'c', 'k', 'e', 'm', 'e', 'y', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "eickhof.co", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', '.', 'c', 'o', '\0',
+  /* "eickhof.us", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', '.', 'u', 's', '\0',
+  /* "eickhofcolumbaria.com", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', 'c', 'o', 'l', 'u', 'm', 'b', 'a', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "eidolons.org", true */ 'e', 'i', 'd', 'o', 'l', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "eiga-movie.com", true */ 'e', 'i', 'g', 'a', '-', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eigenbubi.de", true */ 'e', 'i', 'g', 'e', 'n', 'b', 'u', 'b', 'i', '.', 'd', 'e', '\0',
+  /* "eighty-aid.com", true */ 'e', 'i', 'g', 'h', 't', 'y', '-', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eightyfour.ca", true */ 'e', 'i', 'g', 'h', 't', 'y', 'f', 'o', 'u', 'r', '.', 'c', 'a', '\0',
+  /* "eigpropertyauctions.co.uk", true */ 'e', 'i', 'g', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eilhan.com", true */ 'e', 'i', 'l', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "eimacs.com", true */ 'e', 'i', 'm', 'a', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eimanavicius.lt", true */ 'e', 'i', 'm', 'a', 'n', 'a', 'v', 'i', 'c', 'i', 'u', 's', '.', 'l', 't', '\0',
+  /* "einar.io", true */ 'e', 'i', 'n', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "einaros.is", true */ 'e', 'i', 'n', 'a', 'r', 'o', 's', '.', 'i', 's', '\0',
+  /* "einfachbahn.de", true */ 'e', 'i', 'n', 'f', 'a', 'c', 'h', 'b', 'a', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "einfachmaldiefressehalten.de", true */ 'e', 'i', 'n', 'f', 'a', 'c', 'h', 'm', 'a', 'l', 'd', 'i', 'e', 'f', 'r', 'e', 's', 's', 'e', 'h', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "einheft.info", true */ 'e', 'i', 'n', 'h', 'e', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "einheizpreis.de", true */ 'e', 'i', 'n', 'h', 'e', 'i', 'z', 'p', 'r', 'e', 'i', 's', '.', 'd', 'e', '\0',
+  /* "einmonolog.de", true */ 'e', 'i', 'n', 'm', 'o', 'n', 'o', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "einsatzstellenverwaltung.de", true */ 'e', 'i', 'n', 's', 'a', 't', 'z', 's', 't', 'e', 'l', 'l', 'e', 'n', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "einsteinathome.org", true */ 'e', 'i', 'n', 's', 't', 'e', 'i', 'n', 'a', 't', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "eintageinzug.de", true */ 'e', 'i', 'n', 't', 'a', 'g', 'e', 'i', 'n', 'z', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "eintragsservice24.de", true */ 'e', 'i', 'n', 't', 'r', 'a', 'g', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "eipione.com", true */ 'e', 'i', 'p', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eirastudios.co.uk", false */ 'e', 'i', 'r', 'a', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eisaev.ru", true */ 'e', 'i', 's', 'a', 'e', 'v', '.', 'r', 'u', '\0',
+  /* "eit-web.de", false */ 'e', 'i', 't', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "eitler.cx", true */ 'e', 'i', 't', 'l', 'e', 'r', '.', 'c', 'x', '\0',
+  /* "eiyoushi-shigoto.com", true */ 'e', 'i', 'y', 'o', 'u', 's', 'h', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ejdv-anmeldung.de", true */ 'e', 'j', 'd', 'v', '-', 'a', 'n', 'm', 'e', 'l', 'd', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ejeff.org", true */ 'e', 'j', 'e', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "ejgconsultancy.co.uk", true */ 'e', 'j', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ejuicelab.co.uk", true */ 'e', 'j', 'u', 'i', 'c', 'e', 'l', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ejusu.com", true */ 'e', 'j', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ekaigotenshoku.com", true */ 'e', 'k', 'a', 'i', 'g', 'o', 't', 'e', 'n', 's', 'h', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ekd.de", true */ 'e', 'k', 'd', '.', 'd', 'e', '\0',
+  /* "ekedc.com", true */ 'e', 'k', 'e', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ekedp.com", true */ 'e', 'k', 'e', 'd', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "eklepka.com", true */ 'e', 'k', 'l', 'e', 'p', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ekodevices.com", true */ 'e', 'k', 'o', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ekokontakt.cz", true */ 'e', 'k', 'o', 'k', 'o', 'n', 't', 'a', 'k', 't', '.', 'c', 'z', '\0',
+  /* "ekonbenefits.com", true */ 'e', 'k', 'o', 'n', 'b', 'e', 'n', 'e', 'f', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ekong366.com", true */ 'e', 'k', 'o', 'n', 'g', '3', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "ekostecki.de", true */ 'e', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "ekpyroticfrood.net", true */ 'e', 'k', 'p', 'y', 'r', 'o', 't', 'i', 'c', 'f', 'r', 'o', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "eksisozluk.com", true */ 'e', 'k', 's', 'i', 's', 'o', 'z', 'l', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ekuatorial.com", true */ 'e', 'k', 'u', 'a', 't', 'o', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ekzarta.ru", true */ 'e', 'k', 'z', 'a', 'r', 't', 'a', '.', 'r', 'u', '\0',
+  /* "el-cell.com", true */ 'e', 'l', '-', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "el-hossari.com", true */ 'e', 'l', '-', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eladgames.com", true */ 'e', 'l', 'a', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elagplus.com", true */ 'e', 'l', 'a', 'g', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elaon.de", true */ 'e', 'l', 'a', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "elars.de", true */ 'e', 'l', 'a', 'r', 's', '.', 'd', 'e', '\0',
+  /* "elarvee.xyz", true */ 'e', 'l', 'a', 'r', 'v', 'e', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "elaxy-online.de", true */ 'e', 'l', 'a', 'x', 'y', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "elderoost.com", true */ 'e', 'l', 'd', 'e', 'r', 'o', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eldertons.co.uk", true */ 'e', 'l', 'd', 'e', 'r', 't', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eldinhadzic.com", true */ 'e', 'l', 'd', 'i', 'n', 'h', 'a', 'd', 'z', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "eldisagjapi.com", true */ 'e', 'l', 'd', 'i', 's', 'a', 'g', 'j', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eldrid.ge", true */ 'e', 'l', 'd', 'r', 'i', 'd', '.', 'g', 'e', '\0',
+  /* "eldritchfiction.net", true */ 'e', 'l', 'd', 'r', 'i', 't', 'c', 'h', 'f', 'i', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "elearningpilot.com", true */ 'e', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "electionsdatabase.com", true */ 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "electr0sheep.com", true */ 'e', 'l', 'e', 'c', 't', 'r', '0', 's', 'h', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "electragirl.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'a', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "electricalagoura.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'a', 'g', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "electricalcontrolpanels.co.uk", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'p', 'a', 'n', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "electricalfencingedenvale.co.za", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'f', 'e', 'n', 'c', 'i', 'n', 'g', 'e', 'd', 'e', 'n', 'v', 'a', 'l', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "electricgatemotorgermiston.co.za", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'g', 'a', 't', 'e', 'm', 'o', 't', 'o', 'r', 'g', 'e', 'r', 'm', 'i', 's', 't', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "electronic-ignition-system.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', '-', 'i', 'g', 'n', 'i', 't', 'i', 'o', 'n', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "electronicafacil.net", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', 'f', 'a', 'c', 'i', 'l', '.', 'n', 'e', 't', '\0',
+  /* "electronicfasteners.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'f', 'a', 's', 't', 'e', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eled.io", true */ 'e', 'l', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "elefantevoador.com", true */ 'e', 'l', 'e', 'f', 'a', 'n', 't', 'e', 'v', 'o', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eleicoes2014.com.br", true */ 'e', 'l', 'e', 'i', 'c', 'o', 'e', 's', '2', '0', '1', '4', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "elektro-adam.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'a', 'd', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "elektro-collee.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'c', 'o', 'l', 'l', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "elektro-diehm.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'd', 'i', 'e', 'h', 'm', '.', 'd', 'e', '\0',
+  /* "elektro-hammes.net", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'a', 'm', 'm', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "elektro-hofmann-gmbh.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '-', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "elektro-hornetz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'o', 'r', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "elektro-kahlen.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'k', 'a', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "elektro-koehl.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'k', 'o', 'e', 'h', 'l', '.', 'd', 'e', '\0',
+  /* "elektro-liebeskind.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'l', 'i', 'e', 'b', 'e', 's', 'k', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "elektro-metz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "elektro-pfeiffer.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'p', 'f', 'e', 'i', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "elektro-rossbach.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'r', 'o', 's', 's', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "elektro-roth.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'r', 'o', 't', 'h', '.', 'd', 'e', '\0',
+  /* "elektro-stock.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 's', 't', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "elektro-woerdehoff.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'w', 'o', 'e', 'r', 'd', 'e', 'h', 'o', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "elektrobusch.com", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'b', 'u', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "elektrofinke.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'f', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "elektrokarges.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'k', 'a', 'r', 'g', 'e', 's', '.', 'd', 'e', '\0',
+  /* "elektrometz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "elektropost.org", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'p', 'o', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "elemental.software", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "elementalict.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "elementalrobotics.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elementalsoftware.net", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "elementalsoftware.org", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "elementarywave.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'r', 'y', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "elements.guide", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'g', 'u', 'i', 'd', 'e', '\0',
+  /* "elena-baykova.ru", true */ 'e', 'l', 'e', 'n', 'a', '-', 'b', 'a', 'y', 'k', 'o', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "elephants.net", true */ 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "elephpant.cz", true */ 'e', 'l', 'e', 'p', 'h', 'p', 'a', 'n', 't', '.', 'c', 'z', '\0',
+  /* "elepover.com", true */ 'e', 'l', 'e', 'p', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eletesstilus.hu", true */ 'e', 'l', 'e', 't', 'e', 's', 's', 't', 'i', 'l', 'u', 's', '.', 'h', 'u', '\0',
+  /* "eleusis-zur-verschwiegenheit.de", true */ 'e', 'l', 'e', 'u', 's', 'i', 's', '-', 'z', 'u', 'r', '-', 'v', 'e', 'r', 's', 'c', 'h', 'w', 'i', 'e', 'g', 'e', 'n', 'h', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "elevateandprosper.com", true */ 'e', 'l', 'e', 'v', 'a', 't', 'e', 'a', 'n', 'd', 'p', 'r', 'o', 's', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "elexel.ru", true */ 'e', 'l', 'e', 'x', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "elexprimidor.com", true */ 'e', 'l', 'e', 'x', 'p', 'r', 'i', 'm', 'i', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "elgosblanc.com", false */ 'e', 'l', 'g', 'o', 's', 'b', 'l', 'a', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "elguadia.faith", true */ 'e', 'l', 'g', 'u', 'a', 'd', 'i', 'a', '.', 'f', 'a', 'i', 't', 'h', '\0',
+  /* "elhall.pro", true */ 'e', 'l', 'h', 'a', 'l', 'l', '.', 'p', 'r', 'o', '\0',
+  /* "elhall.ru", true */ 'e', 'l', 'h', 'a', 'l', 'l', '.', 'r', 'u', '\0',
+  /* "elhamadimi.com", true */ 'e', 'l', 'h', 'a', 'm', 'a', 'd', 'i', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "elhossari.com", true */ 'e', 'l', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "elias-nicolas.com", true */ 'e', 'l', 'i', 'a', 's', '-', 'n', 'i', 'c', 'o', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elifesciences.org", true */ 'e', 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "eligible.com", true */ 'e', 'l', 'i', 'g', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eligibleapi.com", true */ 'e', 'l', 'i', 'g', 'i', 'b', 'l', 'e', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eligrey.com", true */ 'e', 'l', 'i', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elijahgrey.com", true */ 'e', 'l', 'i', 'j', 'a', 'h', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elinevanhaaften.nl", true */ 'e', 'l', 'i', 'n', 'e', 'v', 'a', 'n', 'h', 'a', 'a', 'f', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "elinvention.ovh", true */ 'e', 'l', 'i', 'n', 'v', 'e', 'n', 't', 'i', 'o', 'n', '.', 'o', 'v', 'h', '\0',
+  /* "eliott.be", false */ 'e', 'l', 'i', 'o', 't', 't', '.', 'b', 'e', '\0',
+  /* "elisa.ee", false */ 'e', 'l', 'i', 's', 'a', '.', 'e', 'e', '\0',
+  /* "elisabeth-kostecki.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "elisabeth-strunz.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', '-', 's', 't', 'r', 'u', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "elisabethkostecki.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "elistor6100.xyz", true */ 'e', 'l', 'i', 's', 't', 'o', 'r', '6', '1', '0', '0', '.', 'x', 'y', 'z', '\0',
+  /* "elite-box.com", true */ 'e', 'l', 'i', 't', 'e', '-', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "elite-box.org", true */ 'e', 'l', 'i', 't', 'e', '-', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "elite12.de", true */ 'e', 'l', 'i', 't', 'e', '1', '2', '.', 'd', 'e', '\0',
+  /* "elitebouncingfun.com", true */ 'e', 'l', 'i', 't', 'e', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "elitegameservers.net", true */ 'e', 'l', 'i', 't', 'e', 'g', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "elitehosting.de", true */ 'e', 'l', 'i', 't', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "elitesensual.com.br", true */ 'e', 'l', 'i', 't', 'e', 's', 'e', 'n', 's', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "elixir.bzh", true */ 'e', 'l', 'i', 'x', 'i', 'r', '.', 'b', 'z', 'h', '\0',
+  /* "eliyah.co.il", true */ 'e', 'l', 'i', 'y', 'a', 'h', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "elizabethbuitrago.com", true */ 'e', 'l', 'i', 'z', 'a', 'b', 'e', 't', 'h', 'b', 'u', 'i', 't', 'r', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "elizabethgreenfield.com", true */ 'e', 'l', 'i', 'z', 'a', 'b', 'e', 't', 'h', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eljef.me", true */ 'e', 'l', 'j', 'e', 'f', '.', 'm', 'e', '\0',
+  /* "ella-kwikmed.com", false */ 'e', 'l', 'l', 'a', '-', 'k', 'w', 'i', 'k', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ellak.gr", true */ 'e', 'l', 'l', 'a', 'k', '.', 'g', 'r', '\0',
+  /* "ellegaard.dk", true */ 'e', 'l', 'l', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "ellemental.me", true */ 'e', 'l', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "ellevit.ch", true */ 'e', 'l', 'l', 'e', 'v', 'i', 't', '.', 'c', 'h', '\0',
+  /* "elliesbouncers.co.uk", true */ 'e', 'l', 'l', 'i', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "elliff.net", true */ 'e', 'l', 'l', 'i', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "elliot.cat", true */ 'e', 'l', 'l', 'i', 'o', 't', '.', 'c', 'a', 't', '\0',
+  /* "elliotgluck.com", true */ 'e', 'l', 'l', 'i', 'o', 't', 'g', 'l', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "elliquiy.com", true */ 'e', 'l', 'l', 'i', 'q', 'u', 'i', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elliriehl.at", true */ 'e', 'l', 'l', 'i', 'r', 'i', 'e', 'h', 'l', '.', 'a', 't', '\0',
+  /* "ellisamusements.co.uk", true */ 'e', 'l', 'l', 'i', 's', 'a', 'm', 'u', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ellisleisure.co.uk", true */ 'e', 'l', 'l', 'i', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ellsinger.me", true */ 'e', 'l', 'l', 's', 'i', 'n', 'g', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "elmermx.ch", true */ 'e', 'l', 'm', 'e', 'r', 'm', 'x', '.', 'c', 'h', '\0',
+  /* "elna-service.com.ua", true */ 'e', 'l', 'n', 'a', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "elnan.do", true */ 'e', 'l', 'n', 'a', 'n', '.', 'd', 'o', '\0',
+  /* "elodieclerc.ch", true */ 'e', 'l', 'o', 'd', 'i', 'e', 'c', 'l', 'e', 'r', 'c', '.', 'c', 'h', '\0',
+  /* "eloge.se", true */ 'e', 'l', 'o', 'g', 'e', '.', 's', 'e', '\0',
+  /* "elosrah.com", true */ 'e', 'l', 'o', 's', 'r', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "elosuite.com", true */ 'e', 'l', 'o', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "elpado.de", true */ 'e', 'l', 'p', 'a', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "elpo.net", true */ 'e', 'l', 'p', 'o', '.', 'n', 'e', 't', '\0',
+  /* "elpoderdelespiritu.org", true */ 'e', 'l', 'p', 'o', 'd', 'e', 'r', 'd', 'e', 'l', 'e', 's', 'p', 'i', 'r', 'i', 't', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "elsensohn.ch", true */ 'e', 'l', 's', 'e', 'n', 's', 'o', 'h', 'n', '.', 'c', 'h', '\0',
+  /* "elsvanderlugt.nl", true */ 'e', 'l', 's', 'v', 'a', 'n', 'd', 'e', 'r', 'l', 'u', 'g', 't', '.', 'n', 'l', '\0',
+  /* "eltagroup.co.uk", true */ 'e', 'l', 't', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eltair.com", true */ 'e', 'l', 't', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eltern-verein.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', '-', 'v', 'e', 'r', 'e', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "elternbeiratswahl.online", true */ 'e', 'l', 't', 'e', 'r', 'n', 'b', 'e', 'i', 'r', 'a', 't', 's', 'w', 'a', 'h', 'l', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "elternforum-birmensdorf.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', 'f', 'o', 'r', 'u', 'm', '-', 'b', 'i', 'r', 'm', 'e', 'n', 's', 'd', 'o', 'r', 'f', '.', 'c', 'h', '\0',
+  /* "elternverein-utzenstorf.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'u', 't', 'z', 'e', 'n', 's', 't', 'o', 'r', 'f', '.', 'c', 'h', '\0',
+  /* "elucron.com", true */ 'e', 'l', 'u', 'c', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "eluhome.de", true */ 'e', 'l', 'u', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "elvidence.com.au", true */ 'e', 'l', 'v', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "elvisripley.com", true */ 'e', 'l', 'v', 'i', 's', 'r', 'i', 'p', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elwave.org", true */ 'e', 'l', 'w', 'a', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "elxsi.de", true */ 'e', 'l', 'x', 's', 'i', '.', 'd', 'e', '\0',
+  /* "elyasweb.com", true */ 'e', 'l', 'y', 'a', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "elyisus.info", true */ 'e', 'l', 'y', 'i', 's', 'u', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "elytronsecurity.com", true */ 'e', 'l', 'y', 't', 'r', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "em-biotek.cz", true */ 'e', 'm', '-', 'b', 'i', 'o', 't', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "emailconfiguration.com", true */ 'e', 'm', 'a', 'i', 'l', 'c', 'o', 'n', 'f', 'i', 'g', 'u', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "emailfuermich.de", true */ 'e', 'm', 'a', 'i', 'l', 'f', 'u', 'e', 'r', 'm', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "emailhunter.co", true */ 'e', 'm', 'a', 'i', 'l', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "emailprivacytester.com", true */ 'e', 'm', 'a', 'i', 'l', 'p', 'r', 'i', 'v', 'a', 'c', 'y', 't', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "emailtools.io", true */ 'e', 'm', 'a', 'i', 'l', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0',
+  /* "emaily.eu", true */ 'e', 'm', 'a', 'i', 'l', 'y', '.', 'e', 'u', '\0',
+  /* "emanuelduss.ch", true */ 'e', 'm', 'a', 'n', 'u', 'e', 'l', 'd', 'u', 's', 's', '.', 'c', 'h', '\0',
+  /* "emanuelemazzotta.com", true */ 'e', 'm', 'a', 'n', 'u', 'e', 'l', 'e', 'm', 'a', 'z', 'z', 'o', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "emavok.eu", true */ 'e', 'm', 'a', 'v', 'o', 'k', '.', 'e', 'u', '\0',
+  /* "embassycargo.eu", true */ 'e', 'm', 'b', 'a', 's', 's', 'y', 'c', 'a', 'r', 'g', 'o', '.', 'e', 'u', '\0',
+  /* "embox.net", true */ 'e', 'm', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "embraceni.org", true */ 'e', 'm', 'b', 'r', 'a', 'c', 'e', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "embroideryexpress.co.uk", true */ 'e', 'm', 'b', 'r', 'o', 'i', 'd', 'e', 'r', 'y', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "emcspotlight.com", true */ 'e', 'm', 'c', 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "emeliefalk.se", true */ 'e', 'm', 'e', 'l', 'i', 'e', 'f', 'a', 'l', 'k', '.', 's', 'e', '\0',
+  /* "emeraldcoastrideshare.com", true */ 'e', 'm', 'e', 'r', 'a', 'l', 'd', 'c', 'o', 'a', 's', 't', 'r', 'i', 'd', 'e', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emeraldonion.org", true */ 'e', 'm', 'e', 'r', 'a', 'l', 'd', 'o', 'n', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "emergencyessay.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "emergencymedicinefoundations.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emergentvisiontec.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 't', 'v', 'i', 's', 'i', 'o', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "emergenzalavoro.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'z', 'a', 'l', 'a', 'v', 'o', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "emero.de", true */ 'e', 'm', 'e', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "emex.ro", true */ 'e', 'm', 'e', 'x', '.', 'r', 'o', '\0',
+  /* "emi-air-comprime.com", true */ 'e', 'm', 'i', '-', 'a', 'i', 'r', '-', 'c', 'o', 'm', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emi.im", true */ 'e', 'm', 'i', '.', 'i', 'm', '\0',
+  /* "emielraaijmakers.nl", true */ 'e', 'm', 'i', 'e', 'l', 'r', 'a', 'a', 'i', 'j', 'm', 'a', 'k', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "emil.click", true */ 'e', 'm', 'i', 'l', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "emilong.com", true */ 'e', 'm', 'i', 'l', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "emilstahl.dk", true */ 'e', 'm', 'i', 'l', 's', 't', 'a', 'h', 'l', '.', 'd', 'k', '\0',
+  /* "emilvarga.com", true */ 'e', 'm', 'i', 'l', 'v', 'a', 'r', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "emilyshepherd.me", true */ 'e', 'm', 'i', 'l', 'y', 's', 'h', 'e', 'p', 'h', 'e', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "eminhuseynov.com", true */ 'e', 'm', 'i', 'n', 'h', 'u', 's', 'e', 'y', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "emirabiz.com", false */ 'e', 'm', 'i', 'r', 'a', 'b', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "emirichardson.com", true */ 'e', 'm', 'i', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "emivauthey.com", true */ 'e', 'm', 'i', 'v', 'a', 'u', 't', 'h', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "emkanrecords.com", true */ 'e', 'm', 'k', 'a', 'n', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emma-o.com", true */ 'e', 'm', 'm', 'a', '-', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "emmagraystore.com", true */ 'e', 'm', 'm', 'a', 'g', 'r', 'a', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emmaliddell.com", true */ 'e', 'm', 'm', 'a', 'l', 'i', 'd', 'd', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "emmanuelle-et-julien.ch", true */ 'e', 'm', 'm', 'a', 'n', 'u', 'e', 'l', 'l', 'e', '-', 'e', 't', '-', 'j', 'u', 'l', 'i', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "emmdy.com", true */ 'e', 'm', 'm', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "emmehair.com", true */ 'e', 'm', 'm', 'e', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "emoji.bzh", true */ 'e', 'm', 'o', 'j', 'i', '.', 'b', 'z', 'h', '\0',
+  /* "emojiengine.com", true */ 'e', 'm', 'o', 'j', 'i', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emolafarm.com", true */ 'e', 'm', 'o', 'l', 'a', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "emond-usedcars.net", true */ 'e', 'm', 'o', 'n', 'd', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "emoticonesjaponeses.com", true */ 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 'e', 's', 'j', 'a', 'p', 'o', 'n', 'e', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emotuit.com", true */ 'e', 'm', 'o', 't', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "empathogen.com", true */ 'e', 'm', 'p', 'a', 't', 'h', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "empathogens.com", true */ 'e', 'm', 'p', 'a', 't', 'h', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "empathy.ca", true */ 'e', 'm', 'p', 'a', 't', 'h', 'y', '.', 'c', 'a', '\0',
+  /* "emperor-penguin.com", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '-', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "emperor-penguins.com", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '-', 'p', 'e', 'n', 'g', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emperor.blog", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "empese.com", true */ 'e', 'm', 'p', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "empire24.co", true */ 'e', 'm', 'p', 'i', 'r', 'e', '2', '4', '.', 'c', 'o', '\0',
+  /* "empireauto-2000.com", true */ 'e', 'm', 'p', 'i', 'r', 'e', 'a', 'u', 't', 'o', '-', '2', '0', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "employer.guru", true */ 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'r', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "employer411.com", true */ 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'r', '4', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "emporiodascalcinhas.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'd', 'a', 's', 'c', 'a', 'l', 'c', 'i', 'n', 'h', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporiodosperfumes.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'd', 'o', 's', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporiopatanegra.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'p', 'a', 't', 'a', 'n', 'e', 'g', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporiovinareal.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'v', 'i', 'n', 'a', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporioviverbem.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'v', 'i', 'v', 'e', 'r', 'b', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "empower.net", true */ 'e', 'm', 'p', 'o', 'w', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "empowerdb.com", true */ 'e', 'm', 'p', 'o', 'w', 'e', 'r', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "emprego.pt", true */ 'e', 'm', 'p', 'r', 'e', 'g', 'o', '.', 'p', 't', '\0',
+  /* "emresaglam.com", true */ 'e', 'm', 'r', 'e', 's', 'a', 'g', 'l', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "emultiagent.pl", true */ 'e', 'm', 'u', 'l', 't', 'i', 'a', 'g', 'e', 'n', 't', '.', 'p', 'l', '\0',
+  /* "emupedia.net", true */ 'e', 'm', 'u', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "emw3.com", true */ 'e', 'm', 'w', '3', '.', 'c', 'o', 'm', '\0',
+  /* "emyr.net", true */ 'e', 'm', 'y', 'r', '.', 'n', 'e', 't', '\0',
+  /* "en-booster.jp", true */ 'e', 'n', '-', 'b', 'o', 'o', 's', 't', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "en-crypt.me", true */ 'e', 'n', '-', 'c', 'r', 'y', 'p', 't', '.', 'm', 'e', '\0',
+  /* "en-maktoob.search.yahoo.com", false */ 'e', 'n', '-', 'm', 'a', 'k', 't', 'o', 'o', 'b', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "en4rab.co.uk", true */ 'e', 'n', '4', 'r', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "enaim.de", true */ 'e', 'n', 'a', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "enamae.net", true */ 'e', 'n', 'a', 'm', 'a', 'e', '.', 'n', 'e', 't', '\0',
+  /* "encadrer-mon-enfant.com", true */ 'e', 'n', 'c', 'a', 'd', 'r', 'e', 'r', '-', 'm', 'o', 'n', '-', 'e', 'n', 'f', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "encfs.win", true */ 'e', 'n', 'c', 'f', 's', '.', 'w', 'i', 'n', '\0',
+  /* "encircleapp.com", true */ 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "encnet.de", true */ 'e', 'n', 'c', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "encode.host", true */ 'e', 'n', 'c', 'o', 'd', 'e', '.', 'h', 'o', 's', 't', '\0',
+  /* "encoderx.uk", true */ 'e', 'n', 'c', 'o', 'd', 'e', 'r', 'x', '.', 'u', 'k', '\0',
+  /* "encouragemarketing.com", true */ 'e', 'n', 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "encredible.de", false */ 'e', 'n', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "encredible.org", false */ 'e', 'n', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "encretplomb.ch", true */ 'e', 'n', 'c', 'r', 'e', 't', 'p', 'l', 'o', 'm', 'b', '.', 'c', 'h', '\0',
+  /* "encryptallthethings.net", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'a', 'l', 'l', 't', 'h', 'e', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "encrypted.google.com", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'e', 'd', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "encryptedaudience.com", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'e', 'd', 'a', 'u', 'd', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "encuentraprecios.es", true */ 'e', 'n', 'c', 'u', 'e', 'n', 't', 'r', 'a', 'p', 'r', 'e', 'c', 'i', 'o', 's', '.', 'e', 's', '\0',
+  /* "endangeredwatch.com", true */ 'e', 'n', 'd', 'a', 'n', 'g', 'e', 'r', 'e', 'd', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "endeal.nl", true */ 'e', 'n', 'd', 'e', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "ender.co.at", true */ 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "endingthedocumentgame.gov", true */ 'e', 'n', 'd', 'i', 'n', 'g', 't', 'h', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'g', 'a', 'm', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "endlessdiy.ca", true */ 'e', 'n', 'd', 'l', 'e', 's', 's', 'd', 'i', 'y', '.', 'c', 'a', '\0',
+  /* "endlessvideo.com", true */ 'e', 'n', 'd', 'l', 'e', 's', 's', 'v', 'i', 'd', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "endofnet.org", true */ 'e', 'n', 'd', 'o', 'f', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "endoftennancycleaning.co.uk", true */ 'e', 'n', 'd', 'o', 'f', 't', 'e', 'n', 'n', 'a', 'n', 'c', 'y', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "endohaus.us", true */ 'e', 'n', 'd', 'o', 'h', 'a', 'u', 's', '.', 'u', 's', '\0',
+  /* "enduranceday.be", true */ 'e', 'n', 'd', 'u', 'r', 'a', 'n', 'c', 'e', 'd', 'a', 'y', '.', 'b', 'e', '\0',
+  /* "endzeit-architekten.com", false */ 'e', 'n', 'd', 'z', 'e', 'i', 't', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'k', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "enemiesoflight.de", true */ 'e', 'n', 'e', 'm', 'i', 'e', 's', 'o', 'f', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0',
+  /* "energie-sante.ch", true */ 'e', 'n', 'e', 'r', 'g', 'i', 'e', '-', 's', 'a', 'n', 't', 'e', '.', 'c', 'h', '\0',
+  /* "energiekeurplus.nl", true */ 'e', 'n', 'e', 'r', 'g', 'i', 'e', 'k', 'e', 'u', 'r', 'p', 'l', 'u', 's', '.', 'n', 'l', '\0',
+  /* "energisammenslutningen.dk", true */ 'e', 'n', 'e', 'r', 'g', 'i', 's', 'a', 'm', 'm', 'e', 'n', 's', 'l', 'u', 't', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "energy-drink-magazin.de", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'd', 'r', 'i', 'n', 'k', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "energy-in-balance.eu", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'i', 'n', '-', 'b', 'a', 'l', 'a', 'n', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "energy-infra.nl", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'i', 'n', 'f', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "energy.eu", true */ 'e', 'n', 'e', 'r', 'g', 'y', '.', 'e', 'u', '\0',
+  /* "energyatlas.com", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'a', 't', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "energyaupair.se", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'a', 'u', 'p', 'a', 'i', 'r', '.', 's', 'e', '\0',
+  /* "energydrinkblog.de", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'd', 'r', 'i', 'n', 'k', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "energyelephant.com", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "energyled.com.br", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'l', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "enersaveapp.org", true */ 'e', 'n', 'e', 'r', 's', 'a', 'v', 'e', 'a', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "enersec.co.uk", true */ 'e', 'n', 'e', 'r', 's', 'e', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "enet-navigator.de", true */ 'e', 'n', 'e', 't', '-', 'n', 'a', 'v', 'i', 'g', 'a', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "enfantsdelarue.ch", true */ 'e', 'n', 'f', 'a', 'n', 't', 's', 'd', 'e', 'l', 'a', 'r', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "enfield-kitchens.co.uk", true */ 'e', 'n', 'f', 'i', 'e', 'l', 'd', '-', 'k', 'i', 't', 'c', 'h', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "enflow.nl", true */ 'e', 'n', 'f', 'l', 'o', 'w', '.', 'n', 'l', '\0',
+  /* "enfoqueseguro.com", true */ 'e', 'n', 'f', 'o', 'q', 'u', 'e', 's', 'e', 'g', 'u', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "enfu.se", true */ 'e', 'n', 'f', 'u', '.', 's', 'e', '\0',
+  /* "engarde.net", true */ 'e', 'n', 'g', 'a', 'r', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "engaugetools.com", true */ 'e', 'n', 'g', 'a', 'u', 'g', 'e', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "engelundlicht.ch", true */ 'e', 'n', 'g', 'e', 'l', 'u', 'n', 'd', 'l', 'i', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "engg.ca", true */ 'e', 'n', 'g', 'g', '.', 'c', 'a', '\0',
+  /* "engineowning.com", true */ 'e', 'n', 'g', 'i', 'n', 'e', 'o', 'w', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "enginepit.com", true */ 'e', 'n', 'g', 'i', 'n', 'e', 'p', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "enginx.net", true */ 'e', 'n', 'g', 'i', 'n', 'x', '.', 'n', 'e', 't', '\0',
+  /* "englerts.de", true */ 'e', 'n', 'g', 'l', 'e', 'r', 't', 's', '.', 'd', 'e', '\0',
+  /* "englishbulgaria.net", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'b', 'u', 'l', 'g', 'a', 'r', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "englishcast.com.br", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "englishclub.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "englishdirectory.de", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "englishforums.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "englishlol.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'l', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "englishstudio.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "engvid.com", true */ 'e', 'n', 'g', 'v', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "enigma.swiss", true */ 'e', 'n', 'i', 'g', 'm', 'a', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "enijew.com", true */ 'e', 'n', 'i', 'j', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "enixgaming.com", true */ 'e', 'n', 'i', 'x', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "enjoyphoneblog.it", true */ 'e', 'n', 'j', 'o', 'y', 'p', 'h', 'o', 'n', 'e', 'b', 'l', 'o', 'g', '.', 'i', 't', '\0',
+  /* "enjoystudio.ro", true */ 'e', 'n', 'j', 'o', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'o', '\0',
+  /* "enlatte.com", true */ 'e', 'n', 'l', 'a', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "enlazaresbueno.cl", true */ 'e', 'n', 'l', 'a', 'z', 'a', 'r', 'e', 's', 'b', 'u', 'e', 'n', 'o', '.', 'c', 'l', '\0',
+  /* "enlighten10x.ga", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', '1', '0', 'x', '.', 'g', 'a', '\0',
+  /* "enlightened.si", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'e', 'd', '.', 's', 'i', '\0',
+  /* "enlightenedhr.com", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'e', 'd', 'h', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "enlightenment.org", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "enloestatebank.com", true */ 'e', 'n', 'l', 'o', 'e', 's', 't', 'a', 't', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ennea-mediation.fr", true */ 'e', 'n', 'n', 'e', 'a', '-', 'm', 'e', 'd', 'i', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "enness.co.uk", true */ 'e', 'n', 'n', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ennori.jp", true */ 'e', 'n', 'n', 'o', 'r', 'i', '.', 'j', 'p', '\0',
+  /* "enoou.com", true */ 'e', 'n', 'o', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "enorekcah.com", true */ 'e', 'n', 'o', 'r', 'e', 'k', 'c', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "enot32.ru", true */ 'e', 'n', 'o', 't', '3', '2', '.', 'r', 'u', '\0',
+  /* "enotecastore.it", true */ 'e', 'n', 'o', 't', 'e', 'c', 'a', 's', 't', 'o', 'r', 'e', '.', 'i', 't', '\0',
+  /* "enquos.com", true */ 'e', 'n', 'q', 'u', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "enriquepiraces.com", true */ 'e', 'n', 'r', 'i', 'q', 'u', 'e', 'p', 'i', 'r', 'a', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "enrollapp.com", true */ 'e', 'n', 'r', 'o', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ensage.io", true */ 'e', 'n', 's', 'a', 'g', 'e', '.', 'i', 'o', '\0',
+  /* "enscosupply.com", true */ 'e', 'n', 's', 'c', 'o', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ensemble-rubato.de", true */ 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '-', 'r', 'u', 'b', 'a', 't', 'o', '.', 'd', 'e', '\0',
+  /* "enskat.de", true */ 'e', 'n', 's', 'k', 'a', 't', '.', 'd', 'e', '\0',
+  /* "enskatson-sippe.de", true */ 'e', 'n', 's', 'k', 'a', 't', 's', 'o', 'n', '-', 's', 'i', 'p', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "ensley.tech", true */ 'e', 'n', 's', 'l', 'e', 'y', '.', 't', 'e', 'c', 'h', '\0',
+  /* "ensons.de", true */ 'e', 'n', 's', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "ensured.com", true */ 'e', 'n', 's', 'u', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ensured.nl", true */ 'e', 'n', 's', 'u', 'r', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "entabe.jp", true */ 'e', 'n', 't', 'a', 'b', 'e', '.', 'j', 'p', '\0',
+  /* "entactogen.com", true */ 'e', 'n', 't', 'a', 'c', 't', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "entactogens.com", true */ 'e', 'n', 't', 'a', 'c', 't', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "entaurus.com", true */ 'e', 'n', 't', 'a', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "enteente.com", true */ 'e', 'n', 't', 'e', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "enterprisechannel.asia", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'a', 's', 'i', 'a', '\0',
+  /* "enterprisey.enterprises", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 'y', '.', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '\0',
+  /* "enterprivacy.com", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "entheogens.com", true */ 'e', 'n', 't', 'h', 'e', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "entrainr.com", true */ 'e', 'n', 't', 'r', 'a', 'i', 'n', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "entrecieletpierres.com", true */ 'e', 'n', 't', 'r', 'e', 'c', 'i', 'e', 'l', 'e', 't', 'p', 'i', 'e', 'r', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "entreprise-toiture-clement.fr", true */ 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '-', 't', 'o', 'i', 't', 'u', 'r', 'e', '-', 'c', 'l', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "entropia.de", false */ 'e', 'n', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "entryboss.cc", true */ 'e', 'n', 't', 'r', 'y', 'b', 'o', 's', 's', '.', 'c', 'c', '\0',
+  /* "entrypoint.sh", true */ 'e', 'n', 't', 'r', 'y', 'p', 'o', 'i', 'n', 't', '.', 's', 'h', '\0',
+  /* "enuchi.jp", true */ 'e', 'n', 'u', 'c', 'h', 'i', '.', 'j', 'p', '\0',
+  /* "envant.co.uk", true */ 'e', 'n', 'v', 'a', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "envelope.co.nz", true */ 'e', 'n', 'v', 'e', 'l', 'o', 'p', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "enveloppenopmaat.nl", true */ 'e', 'n', 'v', 'e', 'l', 'o', 'p', 'p', 'e', 'n', 'o', 'p', 'm', 'a', 'a', 't', '.', 'n', 'l', '\0',
+  /* "envescent.com", true */ 'e', 'n', 'v', 'e', 's', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "enviam.de", true */ 'e', 'n', 'v', 'i', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "enviaya.com.mx", true */ 'e', 'n', 'v', 'i', 'a', 'y', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "environment.ai", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'n', 'm', 'e', 'n', 't', '.', 'a', 'i', '\0',
+  /* "environmentkirklees.org", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'n', 'm', 'e', 'n', 't', 'k', 'i', 'r', 'k', 'l', 'e', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "enviroprobasements.com", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'p', 'r', 'o', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "envoyglobal.com", true */ 'e', 'n', 'v', 'o', 'y', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "eocservices.co.uk", true */ 'e', 'o', 'c', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eoitek.com", true */ 'e', 'o', 'i', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "eolme.ml", true */ 'e', 'o', 'l', 'm', 'e', '.', 'm', 'l', '\0',
+  /* "eonet.cc", true */ 'e', 'o', 'n', 'e', 't', '.', 'c', 'c', '\0',
+  /* "eonhive.com", true */ 'e', 'o', 'n', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eoonglobalresources.jp", true */ 'e', 'o', 'o', 'n', 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'j', 'p', '\0',
+  /* "eopugetsound.org", false */ 'e', 'o', 'p', 'u', 'g', 'e', 't', 's', 'o', 'u', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "epassafe.com", true */ 'e', 'p', 'a', 's', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "epave.paris", true */ 'e', 'p', 'a', 'v', 'e', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "epay.bg", true */ 'e', 'p', 'a', 'y', '.', 'b', 'g', '\0',
+  /* "epaygateway.net", true */ 'e', 'p', 'a', 'y', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "epi.one", true */ 'e', 'p', 'i', '.', 'o', 'n', 'e', '\0',
+  /* "epic-vistas.com", true */ 'e', 'p', 'i', 'c', '-', 'v', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epic-vistas.de", true */ 'e', 'p', 'i', 'c', '-', 'v', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0',
+  /* "epicbouncycastlehirenorwich.co.uk", true */ 'e', 'p', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'n', 'o', 'r', 'w', 'i', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epicbouncycastles.co.uk", true */ 'e', 'p', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epicenter.work", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'e', 'r', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "epicenter.works", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'e', 'r', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "epicentre.works", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'r', 'e', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "epichouse.net", true */ 'e', 'p', 'i', 'c', 'h', 'o', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "epicinflatables.co.uk", true */ 'e', 'p', 'i', 'c', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epickitty.co.uk", true */ 'e', 'p', 'i', 'c', 'k', 'i', 't', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epicpages.com", true */ 'e', 'p', 'i', 'c', 'p', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epicsecure.de", true */ 'e', 'p', 'i', 'c', 's', 'e', 'c', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "epicsoft.de", true */ 'e', 'p', 'i', 'c', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "epicvistas.com", true */ 'e', 'p', 'i', 'c', 'v', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epicvistas.de", true */ 'e', 'p', 'i', 'c', 'v', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0',
+  /* "epicwalnutcreek.com", true */ 'e', 'p', 'i', 'c', 'w', 'a', 'l', 'n', 'u', 't', 'c', 'r', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "epilis.gr", true */ 'e', 'p', 'i', 'l', 'i', 's', '.', 'g', 'r', '\0',
+  /* "epiphyte.network", true */ 'e', 'p', 'i', 'p', 'h', 'y', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "epistas.com", true */ 'e', 'p', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epistas.de", true */ 'e', 'p', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0',
+  /* "epitesz.co", true */ 'e', 'p', 'i', 't', 'e', 's', 'z', '.', 'c', 'o', '\0',
+  /* "epiteugma.com", true */ 'e', 'p', 'i', 't', 'e', 'u', 'g', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "epizentrum.work", true */ 'e', 'p', 'i', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "epizentrum.works", true */ 'e', 'p', 'i', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "epmcentroitalia.it", true */ 'e', 'p', 'm', 'c', 'e', 'n', 't', 'r', 'o', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "epoch.com", true */ 'e', 'p', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "epolitiker.com", true */ 'e', 'p', 'o', 'l', 'i', 't', 'i', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "epos-distributor.co.uk", true */ 'e', 'p', 'o', 's', '-', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposbirmingham.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposbrighton.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposbristol.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'r', 'i', 's', 't', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposcardiff.co.uk", true */ 'e', 'p', 'o', 's', 'c', 'a', 'r', 'd', 'i', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposcloud.net", true */ 'e', 'p', 'o', 's', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "eposkent.co.uk", true */ 'e', 'p', 'o', 's', 'k', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposleeds.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposleicester.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposliverpool.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'i', 'v', 'e', 'r', 'p', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposlondon.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposmidlands.co.uk", true */ 'e', 'p', 'o', 's', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposnewport.co.uk", true */ 'e', 'p', 'o', 's', 'n', 'e', 'w', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposnottingham.co.uk", true */ 'e', 'p', 'o', 's', 'n', 'o', 't', 't', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposreading.co.uk", true */ 'e', 'p', 'o', 's', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposreview.co.uk", true */ 'e', 'p', 'o', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossheffield.co.uk", true */ 'e', 'p', 'o', 's', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossurrey.co.uk", true */ 'e', 'p', 'o', 's', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossussex.co.uk", true */ 'e', 'p', 'o', 's', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposswansea.co.uk", true */ 'e', 'p', 'o', 's', 's', 'w', 'a', 'n', 's', 'e', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossystems.co.uk", true */ 'e', 'p', 'o', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epostplus.li", true */ 'e', 'p', 'o', 's', 't', 'p', 'l', 'u', 's', '.', 'l', 'i', '\0',
+  /* "eposwales.co.uk", true */ 'e', 'p', 'o', 's', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposyork.co.uk", true */ 'e', 'p', 'o', 's', 'y', 'o', 'r', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eppelblei.lu", true */ 'e', 'p', 'p', 'e', 'l', 'b', 'l', 'e', 'i', '.', 'l', 'u', '\0',
+  /* "eppelpress.lu", true */ 'e', 'p', 'p', 'e', 'l', 'p', 'r', 'e', 's', 's', '.', 'l', 'u', '\0',
+  /* "eprofitacademy.com", true */ 'e', 'p', 'r', 'o', 'f', 'i', 't', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "epsilon.dk", true */ 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "epsorting.cz", true */ 'e', 'p', 's', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'z', '\0',
+  /* "epublibre.org", true */ 'e', 'p', 'u', 'b', 'l', 'i', 'b', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "epulsar.ru", true */ 'e', 'p', 'u', 'l', 's', 'a', 'r', '.', 'r', 'u', '\0',
+  /* "eq-serve.com", true */ 'e', 'q', '-', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eqorg.com", true */ 'e', 'q', 'o', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "equalcloud.com", true */ 'e', 'q', 'u', 'a', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "equalparts.eu", true */ 'e', 'q', 'u', 'a', 'l', 'p', 'a', 'r', 't', 's', '.', 'e', 'u', '\0',
+  /* "equidam.com", true */ 'e', 'q', 'u', 'i', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "equinecoaching.ca", true */ 'e', 'q', 'u', 'i', 'n', 'e', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "equinox.io", true */ 'e', 'q', 'u', 'i', 'n', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "equipandoloja.net.br", true */ 'e', 'q', 'u', 'i', 'p', 'a', 'n', 'd', 'o', 'l', 'o', 'j', 'a', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "equipedefrance.tv", true */ 'e', 'q', 'u', 'i', 'p', 'e', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 't', 'v', '\0',
+  /* "equipeferramentas.com.br", true */ 'e', 'q', 'u', 'i', 'p', 'e', 'f', 'e', 'r', 'r', 'a', 'm', 'e', 'n', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "equippers.de", true */ 'e', 'q', 'u', 'i', 'p', 'p', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "equipsupply.com", true */ 'e', 'q', 'u', 'i', 'p', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "er.tl", true */ 'e', 'r', '.', 't', 'l', '\0',
+  /* "erad.fr", true */ 'e', 'r', 'a', 'd', '.', 'f', 'r', '\0',
+  /* "erasmusplusrooms.com", true */ 'e', 'r', 'a', 's', 'm', 'u', 's', 'p', 'l', 'u', 's', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "erath.fr", true */ 'e', 'r', 'a', 't', 'h', '.', 'f', 'r', '\0',
+  /* "erclab.kr", true */ 'e', 'r', 'c', 'l', 'a', 'b', '.', 'k', 'r', '\0',
+  /* "erdethamburgeronsdag.no", true */ 'e', 'r', 'd', 'e', 't', 'h', 'a', 'm', 'b', 'u', 'r', 'g', 'e', 'r', 'o', 'n', 's', 'd', 'a', 'g', '.', 'n', 'o', '\0',
+  /* "ereader.uno", true */ 'e', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'u', 'n', 'o', '\0',
+  /* "erectiepillenwinkel.nl", true */ 'e', 'r', 'e', 'c', 't', 'i', 'e', 'p', 'i', 'l', 'l', 'e', 'n', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "erepublik-deutschland.de", true */ 'e', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'k', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "erethon.com", true */ 'e', 'r', 'e', 't', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "erf-neuilly.com", true */ 'e', 'r', 'f', '-', 'n', 'e', 'u', 'i', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ergo-open.de", true */ 'e', 'r', 'g', 'o', '-', 'o', 'p', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ergobyte.eu", true */ 'e', 'r', 'g', 'o', 'b', 'y', 't', 'e', '.', 'e', 'u', '\0',
+  /* "ergobyte.gr", true */ 'e', 'r', 'g', 'o', 'b', 'y', 't', 'e', '.', 'g', 'r', '\0',
+  /* "ergovita.com.br", true */ 'e', 'r', 'g', 'o', 'v', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ergovitanet.com.br", true */ 'e', 'r', 'g', 'o', 'v', 'i', 't', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "eriador.io", true */ 'e', 'r', 'i', 'a', 'd', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "ericabrahamsen.net", true */ 'e', 'r', 'i', 'c', 'a', 'b', 'r', 'a', 'h', 'a', 'm', 's', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ericairwin.com", true */ 'e', 'r', 'i', 'c', 'a', 'i', 'r', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ericdiao.com", true */ 'e', 'r', 'i', 'c', 'd', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "erichorstmanshof.nl", true */ 'e', 'r', 'i', 'c', 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "ericisaweso.me", true */ 'e', 'r', 'i', 'c', 'i', 's', 'a', 'w', 'e', 's', 'o', '.', 'm', 'e', '\0',
+  /* "ericjohnltd.com", true */ 'e', 'r', 'i', 'c', 'j', 'o', 'h', 'n', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "erick.blog", true */ 'e', 'r', 'i', 'c', 'k', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "ericleuthardt.com", true */ 'e', 'r', 'i', 'c', 'l', 'e', 'u', 't', 'h', 'a', 'r', 'd', 't', '.', 'c', 'o', 'm', '\0',
+  /* "erico.jp", true */ 'e', 'r', 'i', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "ericoc.com", true */ 'e', 'r', 'i', 'c', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ericwie.se", true */ 'e', 'r', 'i', 'c', 'w', 'i', 'e', '.', 's', 'e', '\0',
+  /* "erigrid.eu", true */ 'e', 'r', 'i', 'g', 'r', 'i', 'd', '.', 'e', 'u', '\0',
+  /* "eriix.org", true */ 'e', 'r', 'i', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "erikheemskerk.nl", true */ 'e', 'r', 'i', 'k', 'h', 'e', 'e', 'm', 's', 'k', 'e', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "erikhubers.nl", true */ 'e', 'r', 'i', 'k', 'h', 'u', 'b', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "erikseth.de", true */ 'e', 'r', 'i', 'k', 's', 'e', 't', 'h', '.', 'd', 'e', '\0',
+  /* "erinaceinae.com", true */ 'e', 'r', 'i', 'n', 'a', 'c', 'e', 'i', 'n', 'a', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eriner.me", true */ 'e', 'r', 'i', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "erinn.io", true */ 'e', 'r', 'i', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "erisrenee.com", true */ 'e', 'r', 'i', 's', 'r', 'e', 'n', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "erkaelderbarenaaben.dk", true */ 'e', 'r', 'k', 'a', 'e', 'l', 'd', 'e', 'r', 'b', 'a', 'r', 'e', 'n', 'a', 'a', 'b', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "ernest.ly", true */ 'e', 'r', 'n', 'e', 's', 't', '.', 'l', 'y', '\0',
+  /* "eron.info", true */ 'e', 'r', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "erotic4me.ch", true */ 'e', 'r', 'o', 't', 'i', 'c', '4', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "erotpo.cz", true */ 'e', 'r', 'o', 't', 'p', 'o', '.', 'c', 'z', '\0',
+  /* "erp-band.ru", true */ 'e', 'r', 'p', '-', 'b', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "erp.band", true */ 'e', 'r', 'p', '.', 'b', 'a', 'n', 'd', '\0',
+  /* "erpband.ru", true */ 'e', 'r', 'p', 'b', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "erpcargo.com", false */ 'e', 'r', 'p', 'c', 'a', 'r', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "errietta.me", true */ 'e', 'r', 'r', 'i', 'e', 't', 't', 'a', '.', 'm', 'e', '\0',
+  /* "errlytics.com", true */ 'e', 'r', 'r', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "error418.nl", true */ 'e', 'r', 'r', 'o', 'r', '4', '1', '8', '.', 'n', 'l', '\0',
+  /* "ers35.com", true */ 'e', 'r', 's', '3', '5', '.', 'c', 'o', 'm', '\0',
+  /* "ersa-shop.com", true */ 'e', 'r', 's', 'a', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ershiwo.com", true */ 'e', 'r', 's', 'h', 'i', 'w', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "erstehilfeprodukte.at", true */ 'e', 'r', 's', 't', 'e', 'h', 'i', 'l', 'f', 'e', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'a', 't', '\0',
+  /* "eru.im", true */ 'e', 'r', 'u', '.', 'i', 'm', '\0',
+  /* "erudicia.com", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "erudicia.de", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "erudicia.es", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'e', 's', '\0',
+  /* "erudicia.fr", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'f', 'r', '\0',
+  /* "erudicia.it", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'i', 't', '\0',
+  /* "erudicia.nl", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "erudicia.se", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 's', 'e', '\0',
+  /* "erudicia.uk", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'u', 'k', '\0',
+  /* "erudikum.cz", true */ 'e', 'r', 'u', 'd', 'i', 'k', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "erverydown.ml", true */ 'e', 'r', 'v', 'e', 'r', 'y', 'd', 'o', 'w', 'n', '.', 'm', 'l', '\0',
+  /* "erwanlepape.com", true */ 'e', 'r', 'w', 'a', 'n', 'l', 'e', 'p', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "erwin.saarland", true */ 'e', 'r', 'w', 'i', 'n', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0',
+  /* "erwinschmaeh.ch", true */ 'e', 'r', 'w', 'i', 'n', 's', 'c', 'h', 'm', 'a', 'e', 'h', '.', 'c', 'h', '\0',
+  /* "erythroxylum-coca.com", true */ 'e', 'r', 'y', 't', 'h', 'r', 'o', 'x', 'y', 'l', 'u', 'm', '-', 'c', 'o', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "es-geenen.de", true */ 'e', 's', '-', 'g', 'e', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "es.search.yahoo.com", false */ 'e', 's', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "esaborit.ddns.net", true */ 'e', 's', 'a', 'b', 'o', 'r', 'i', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "esafar.cz", true */ 'e', 's', 'a', 'f', 'a', 'r', '.', 'c', 'z', '\0',
+  /* "esagente.com", true */ 'e', 's', 'a', 'g', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "esailinggear.com", true */ 'e', 's', 'a', 'i', 'l', 'i', 'n', 'g', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "esalesdata.com", true */ 'e', 's', 'a', 'l', 'e', 's', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "esample.info", true */ 'e', 's', 'a', 'm', 'p', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "esb111.net", true */ 'e', 's', 'b', '1', '1', '1', '.', 'n', 'e', 't', '\0',
+  /* "esb112.com", true */ 'e', 's', 'b', '1', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "esb112.net", true */ 'e', 's', 'b', '1', '1', '2', '.', 'n', 'e', 't', '\0',
+  /* "esball.tv", true */ 'e', 's', 'b', 'a', 'l', 'l', '.', 't', 'v', '\0',
+  /* "esball888.net", true */ 'e', 's', 'b', 'a', 'l', 'l', '8', '8', '8', '.', 'n', 'e', 't', '\0',
+  /* "esc.chat", true */ 'e', 's', 'c', '.', 'c', 'h', 'a', 't', '\0',
+  /* "escael.org", true */ 'e', 's', 'c', 'a', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "escapees.com", true */ 'e', 's', 'c', 'a', 'p', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "escapeplaza.de", true */ 'e', 's', 'c', 'a', 'p', 'e', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "escapetalk.nl", true */ 'e', 's', 'c', 'a', 'p', 'e', 't', 'a', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "escargotbistro.com", true */ 'e', 's', 'c', 'a', 'r', 'g', 'o', 't', 'b', 'i', 's', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "escavador.com", true */ 'e', 's', 'c', 'a', 'v', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "esclear.de", true */ 'e', 's', 'c', 'l', 'e', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "escontact.ch", true */ 'e', 's', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'h', '\0',
+  /* "escortdisplay.com", true */ 'e', 's', 'c', 'o', 'r', 't', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "escortmantra.com", true */ 'e', 's', 'c', 'o', 'r', 't', 'm', 'a', 'n', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "escortshotsexy.com", true */ 'e', 's', 'c', 'o', 'r', 't', 's', 'h', 'o', 't', 's', 'e', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "escritoriodearte.com", true */ 'e', 's', 'c', 'r', 'i', 't', 'o', 'r', 'i', 'o', 'd', 'e', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "escueladewordpress.com", true */ 'e', 's', 'c', 'u', 'e', 'l', 'a', 'd', 'e', 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "escxtra.com", true */ 'e', 's', 'c', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "escyr.top", true */ 'e', 's', 'c', 'y', 'r', '.', 't', 'o', 'p', '\0',
+  /* "esdenera.com", true */ 'e', 's', 'd', 'e', 'n', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "esdiscuss.org", true */ 'e', 's', 'd', 'i', 's', 'c', 'u', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "eseth.de", true */ 'e', 's', 'e', 't', 'h', '.', 'd', 'e', '\0',
+  /* "esg-abi2001.de", true */ 'e', 's', 'g', '-', 'a', 'b', 'i', '2', '0', '0', '1', '.', 'd', 'e', '\0',
+  /* "esh.ink", true */ 'e', 's', 'h', '.', 'i', 'n', 'k', '\0',
+  /* "eshepperd.com", true */ 'e', 's', 'h', 'e', 'p', 'p', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eshop-prices.com", true */ 'e', 's', 'h', 'o', 'p', '-', 'p', 'r', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eshtapay.com", true */ 'e', 's', 'h', 't', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "esibun.net", true */ 'e', 's', 'i', 'b', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "esigmbh.de", true */ 'e', 's', 'i', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "esipublications.com", true */ 'e', 's', 'i', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "esite.ch", true */ 'e', 's', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "eskdale.net", true */ 'e', 's', 'k', 'd', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "eskriett.com", true */ 'e', 's', 'k', 'r', 'i', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "esoa.net", true */ 'e', 's', 'o', 'a', '.', 'n', 'e', 't', '\0',
+  /* "esoko.eu", true */ 'e', 's', 'o', 'k', 'o', '.', 'e', 'u', '\0',
+  /* "esolcourses.com", true */ 'e', 's', 'o', 'l', 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "esono.de", true */ 'e', 's', 'o', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "esoterik.link", true */ 'e', 's', 'o', 't', 'e', 'r', 'i', 'k', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "esoterikerforum.de", true */ 'e', 's', 'o', 't', 'e', 'r', 'i', 'k', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "esp-berlin.de", true */ 'e', 's', 'p', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "esp.community", true */ 'e', 's', 'p', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "espace-caen.fr", true */ 'e', 's', 'p', 'a', 'c', 'e', '-', 'c', 'a', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "espace.network", true */ 'e', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "espacetemps.ch", true */ 'e', 's', 'p', 'a', 'c', 'e', 't', 'e', 'm', 'p', 's', '.', 'c', 'h', '\0',
+  /* "espacetheosophie.fr", true */ 'e', 's', 'p', 'a', 'c', 'e', 't', 'h', 'e', 'o', 's', 'o', 'p', 'h', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "espacio-cultural.com", true */ 'e', 's', 'p', 'a', 'c', 'i', 'o', '-', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "espanol.search.yahoo.com", false */ 'e', 's', 'p', 'a', 'n', 'o', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "espanova.com", true */ 'e', 's', 'p', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "espci.fr", true */ 'e', 's', 'p', 'c', 'i', '.', 'f', 'r', '\0',
+  /* "especificosba.com.ar", true */ 'e', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', 'o', 's', 'b', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "espenandersen.no", true */ 'e', 's', 'p', 'e', 'n', 'a', 'n', 'd', 'e', 'r', 's', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "espgg.org", true */ 'e', 's', 'p', 'g', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "esphigmenou.gr", true */ 'e', 's', 'p', 'h', 'i', 'g', 'm', 'e', 'n', 'o', 'u', '.', 'g', 'r', '\0',
+  /* "espigol.org", true */ 'e', 's', 'p', 'i', 'g', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "esports-network.de", true */ 'e', 's', 'p', 'o', 'r', 't', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "espressivo.com.br", true */ 'e', 's', 'p', 'r', 'e', 's', 's', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "esprit-cloture.fr", true */ 'e', 's', 'p', 'r', 'i', 't', '-', 'c', 'l', 'o', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "espritrait.com", true */ 'e', 's', 'p', 'r', 'i', 't', 'r', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "esquirou-trieves.fr", true */ 'e', 's', 'q', 'u', 'i', 'r', 'o', 'u', '-', 't', 'r', 'i', 'e', 'v', 'e', 's', '.', 'f', 'r', '\0',
+  /* "esquisse.fr", true */ 'e', 's', 'q', 'u', 'i', 's', 's', 'e', '.', 'f', 'r', '\0',
+  /* "ess-cert.ru", true */ 'e', 's', 's', '-', 'c', 'e', 'r', 't', '.', 'r', 'u', '\0',
+  /* "essayforsale.net", true */ 'e', 's', 's', 'a', 'y', 'f', 'o', 'r', 's', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "essayhave.com", true */ 'e', 's', 's', 'a', 'y', 'h', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "essaylib.com", true */ 'e', 's', 's', 'a', 'y', 'l', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "essaypro.net", true */ 'e', 's', 's', 'a', 'y', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "essaywriting.biz", true */ 'e', 's', 's', 'a', 'y', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'b', 'i', 'z', '\0',
+  /* "essenceofvitalitydetox.com", true */ 'e', 's', 's', 'e', 'n', 'c', 'e', 'o', 'f', 'v', 'i', 't', 'a', 'l', 'i', 't', 'y', 'd', 'e', 't', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "essencesdeprana.org", true */ 'e', 's', 's', 'e', 'n', 'c', 'e', 's', 'd', 'e', 'p', 'r', 'a', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "essential12.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "essentialoilsimports.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', 'o', 'i', 'l', 's', 'i', 'm', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "essentiel-physique.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'e', 'l', '-', 'p', 'h', 'y', 's', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "esseriumani.com", true */ 'e', 's', 's', 'e', 'r', 'i', 'u', 'm', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "essexcosmeticdentists.co.uk", false */ 'e', 's', 's', 'e', 'x', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'd', 'e', 'n', 't', 'i', 's', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "essite.net", true */ 'e', 's', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "esslm.sk", true */ 'e', 's', 's', 'l', 'm', '.', 's', 'k', '\0',
+  /* "essoduke.org", true */ 'e', 's', 's', 'o', 'd', 'u', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "essplusmed.org", true */ 'e', 's', 's', 'p', 'l', 'u', 's', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "essteebee.ch", true */ 'e', 's', 's', 't', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "estafallando.es", true */ 'e', 's', 't', 'a', 'f', 'a', 'l', 'l', 'a', 'n', 'd', 'o', '.', 'e', 's', '\0',
+  /* "estafallando.mx", true */ 'e', 's', 't', 'a', 'f', 'a', 'l', 'l', 'a', 'n', 'd', 'o', '.', 'm', 'x', '\0',
+  /* "estaleiro.org", true */ 'e', 's', 't', 'a', 'l', 'e', 'i', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "estan.cn", true */ 'e', 's', 't', 'a', 'n', '.', 'c', 'n', '\0',
+  /* "estateczech-eu.ru", true */ 'e', 's', 't', 'a', 't', 'e', 'c', 'z', 'e', 'c', 'h', '-', 'e', 'u', '.', 'r', 'u', '\0',
+  /* "estcequejailaflemme.fr", true */ 'e', 's', 't', 'c', 'e', 'q', 'u', 'e', 'j', 'a', 'i', 'l', 'a', 'f', 'l', 'e', 'm', 'm', 'e', '.', 'f', 'r', '\0',
+  /* "estcequonmetenprodaujourdhui.info", true */ 'e', 's', 't', 'c', 'e', 'q', 'u', 'o', 'n', 'm', 'e', 't', 'e', 'n', 'p', 'r', 'o', 'd', 'a', 'u', 'j', 'o', 'u', 'r', 'd', 'h', 'u', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "esteam.se", true */ 'e', 's', 't', 'e', 'a', 'm', '.', 's', 'e', '\0',
+  /* "estespr.com", true */ 'e', 's', 't', 'e', 's', 'p', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "esteticanorte.com.br", true */ 'e', 's', 't', 'e', 't', 'i', 'c', 'a', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "estilopack-loja.com.br", true */ 'e', 's', 't', 'i', 'l', 'o', 'p', 'a', 'c', 'k', '-', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "estoic.net", true */ 'e', 's', 't', 'o', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "estoniantrade.ee", true */ 'e', 's', 't', 'o', 'n', 'i', 'a', 'n', 't', 'r', 'a', 'd', 'e', '.', 'e', 'e', '\0',
+  /* "estonoentraenelexamen.com", true */ 'e', 's', 't', 'o', 'n', 'o', 'e', 'n', 't', 'r', 'a', 'e', 'n', 'e', 'l', 'e', 'x', 'a', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "estoqueinformatica.com.br", true */ 'e', 's', 't', 'o', 'q', 'u', 'e', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "estrietoit.com", false */ 'e', 's', 't', 'r', 'i', 'e', 't', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eswap.cz", true */ 'e', 's', 'w', 'a', 'p', '.', 'c', 'z', '\0',
+  /* "etaes.eu", true */ 'e', 't', 'a', 'e', 's', '.', 'e', 'u', '\0',
+  /* "etalent.net", true */ 'e', 't', 'a', 'l', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "etaoinwu.win", true */ 'e', 't', 'a', 'o', 'i', 'n', 'w', 'u', '.', 'w', 'i', 'n', '\0',
+  /* "etath.com", true */ 'e', 't', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "etaxi.tn", true */ 'e', 't', 'a', 'x', 'i', '.', 't', 'n', '\0',
+  /* "etccooperative.org", true */ 'e', 't', 'c', 'c', 'o', 'o', 'p', 'e', 'r', 'a', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "eteapparel.com", true */ 'e', 't', 'e', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "eteesheet.com", true */ 'e', 't', 'e', 'e', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "etelej.com", false */ 'e', 't', 'e', 'l', 'e', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "etenendrinken.nu", true */ 'e', 't', 'e', 'n', 'e', 'n', 'd', 'r', 'i', 'n', 'k', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "eternalabyss.int.eu.org", true */ 'e', 't', 'e', 'r', 'n', 'a', 'l', 'a', 'b', 'y', 's', 's', '.', 'i', 'n', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "eternalsymbols.com", true */ 'e', 't', 'e', 'r', 'n', 'a', 'l', 's', 'y', 'm', 'b', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eternit.roma.it", true */ 'e', 't', 'e', 'r', 'n', 'i', 't', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "eth-faucet.net", true */ 'e', 't', 'h', '-', 'f', 'a', 'u', 'c', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "eth0.nl", true */ 'e', 't', 'h', '0', '.', 'n', 'l', '\0',
+  /* "etha.nz", true */ 'e', 't', 'h', 'a', '.', 'n', 'z', '\0',
+  /* "ethack.org", true */ 'e', 't', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ethaligan.fr", true */ 'e', 't', 'h', 'a', 'l', 'i', 'g', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "ethan.pm", true */ 'e', 't', 'h', 'a', 'n', '.', 'p', 'm', '\0',
+  /* "ethanfaust.com", true */ 'e', 't', 'h', 'a', 'n', 'f', 'a', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ethanlew.is", true */ 'e', 't', 'h', 'a', 'n', 'l', 'e', 'w', '.', 'i', 's', '\0',
+  /* "ethercalc.com", true */ 'e', 't', 'h', 'e', 'r', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ethercalc.org", true */ 'e', 't', 'h', 'e', 'r', 'c', 'a', 'l', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "etherpad.nl", true */ 'e', 't', 'h', 'e', 'r', 'p', 'a', 'd', '.', 'n', 'l', '\0',
+  /* "ethicaldata.co.uk", true */ 'e', 't', 'h', 'i', 'c', 'a', 'l', 'd', 'a', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ethicaltek.com", true */ 'e', 't', 'h', 'i', 'c', 'a', 'l', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ethicsburg.gov", true */ 'e', 't', 'h', 'i', 'c', 's', 'b', 'u', 'r', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "ethika.com", true */ 'e', 't', 'h', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ethiopian.dating", true */ 'e', 't', 'h', 'i', 'o', 'p', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "ethitter.com", true */ 'e', 't', 'h', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ethosinfo.com", true */ 'e', 't', 'h', 'o', 's', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "etidni.help", true */ 'e', 't', 'i', 'd', 'n', 'i', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "etienne.cc", true */ 'e', 't', 'i', 'e', 'n', 'n', 'e', '.', 'c', 'c', '\0',
+  /* "etincelle.ml", true */ 'e', 't', 'i', 'n', 'c', 'e', 'l', 'l', 'e', '.', 'm', 'l', '\0',
+  /* "etiquetaunica.com.br", true */ 'e', 't', 'i', 'q', 'u', 'e', 't', 'a', 'u', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "etkaddict.com", true */ 'e', 't', 'k', 'a', 'd', 'd', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "etoile-usedcars.com", true */ 'e', 't', 'o', 'i', 'l', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "etre-soi.ch", true */ 'e', 't', 'r', 'e', '-', 's', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "etre-vivant.fr", true */ 'e', 't', 'r', 'e', '-', 'v', 'i', 'v', 'a', 'n', 't', '.', 'f', 'r', '\0',
+  /* "etudesbibliques.fr", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'f', 'r', '\0',
+  /* "etudesbibliques.net", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "etudesbibliques.org", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "etv.cx", true */ 'e', 't', 'v', '.', 'c', 'x', '\0',
+  /* "etyd.org", true */ 'e', 't', 'y', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "etys.no", true */ 'e', 't', 'y', 's', '.', 'n', 'o', '\0',
+  /* "etzi.myds.me", true */ 'e', 't', 'z', 'i', '.', 'm', 'y', 'd', 's', '.', 'm', 'e', '\0',
+  /* "euchre.us", true */ 'e', 'u', 'c', 'h', 'r', 'e', '.', 'u', 's', '\0',
+  /* "eugenekay.com", true */ 'e', 'u', 'g', 'e', 'n', 'e', 'k', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "eugenetech.org", true */ 'e', 'u', 'g', 'e', 'n', 'e', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "eujuicers.bg", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'b', 'g', '\0',
+  /* "eujuicers.com", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eujuicers.com.hr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'h', 'r', '\0',
+  /* "eujuicers.com.tr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "eujuicers.com.ua", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "eujuicers.cz", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'z', '\0',
+  /* "eujuicers.de", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "eujuicers.es", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "eujuicers.fr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "eujuicers.hu", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'h', 'u', '\0',
+  /* "eujuicers.it", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'i', 't', '\0',
+  /* "eujuicers.pl", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'p', 'l', '\0',
+  /* "eujuicers.pt", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'p', 't', '\0',
+  /* "eujuicers.ro", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 'o', '\0',
+  /* "eujuicers.rs", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 's', '\0',
+  /* "eujuicers.ru", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 'u', '\0',
+  /* "eujuicers.si", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 's', 'i', '\0',
+  /* "eujuicers.sk", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 's', 'k', '\0',
+  /* "eulenleben.de", true */ 'e', 'u', 'l', 'e', 'n', 'l', 'e', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "eung.ga", true */ 'e', 'u', 'n', 'g', '.', 'g', 'a', '\0',
+  /* "eupay.de", true */ 'e', 'u', 'p', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "euph.eu", true */ 'e', 'u', 'p', 'h', '.', 'e', 'u', '\0',
+  /* "eupresidency2018.com", true */ 'e', 'u', 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'y', '2', '0', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "eureka.archi", true */ 'e', 'u', 'r', 'e', 'k', 'a', '.', 'a', 'r', 'c', 'h', 'i', '\0',
+  /* "eurekaarchi.com", true */ 'e', 'u', 'r', 'e', 'k', 'a', 'a', 'r', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eurekaarchitecture.com", true */ 'e', 'u', 'r', 'e', 'k', 'a', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "euroalter.com", true */ 'e', 'u', 'r', 'o', 'a', 'l', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eurocomcompany.cz", true */ 'e', 'u', 'r', 'o', 'c', 'o', 'm', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "europapier.at", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'a', 't', '\0',
+  /* "europapier.ba", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'b', 'a', '\0',
+  /* "europapier.bg", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'b', 'g', '\0',
+  /* "europapier.com", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "europapier.cz", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "europapier.hr", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'h', 'r', '\0',
+  /* "europapier.hu", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'h', 'u', '\0',
+  /* "europapier.net", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "europapier.rs", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'r', 's', '\0',
+  /* "europapier.si", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 's', 'i', '\0',
+  /* "europapier.sk", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 's', 'k', '\0',
+  /* "europapier.ua", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'u', 'a', '\0',
+  /* "europastudien.de", true */ 'e', 'u', 'r', 'o', 'p', 'a', 's', 't', 'u', 'd', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "european-agency.org", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', '-', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "europeantransportmanagement.com", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "europeanwineresource.com", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', 'w', 'i', 'n', 'e', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "europop.com", true */ 'e', 'u', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "eurora.de", true */ 'e', 'u', 'r', 'o', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "euroscot.de", true */ 'e', 'u', 'r', 'o', 's', 'c', 'o', 't', '.', 'd', 'e', '\0',
+  /* "euroshop.or.at", true */ 'e', 'u', 'r', 'o', 's', 'h', 'o', 'p', '.', 'o', 'r', '.', 'a', 't', '\0',
+  /* "eurotime.ua", true */ 'e', 'u', 'r', 'o', 't', 'i', 'm', 'e', '.', 'u', 'a', '\0',
+  /* "eurotramp.com", true */ 'e', 'u', 'r', 'o', 't', 'r', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "eurovision.ie", true */ 'e', 'u', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', '.', 'i', 'e', '\0',
+  /* "eutram.com", true */ 'e', 'u', 't', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "eva.cz", true */ 'e', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "evaartinger.de", true */ 'e', 'v', 'a', 'a', 'r', 't', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "evades.io", true */ 'e', 'v', 'a', 'd', 'e', 's', '.', 'i', 'o', '\0',
+  /* "evailoil.ee", true */ 'e', 'v', 'a', 'i', 'l', 'o', 'i', 'l', '.', 'e', 'e', '\0',
+  /* "evalesc.com", true */ 'e', 'v', 'a', 'l', 'e', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "evanfiddes.com", true */ 'e', 'v', 'a', 'n', 'f', 'i', 'd', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evangelosm.com", true */ 'e', 'v', 'a', 'n', 'g', 'e', 'l', 'o', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "evantage.org", true */ 'e', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "evantageglobal.com", true */ 'e', 'v', 'a', 'n', 't', 'a', 'g', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "evapp.org", true */ 'e', 'v', 'a', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "evasion-energie.com", true */ 'e', 'v', 'a', 's', 'i', 'o', 'n', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "evasioncreole.com", true */ 'e', 'v', 'a', 's', 'i', 'o', 'n', 'c', 'r', 'e', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "evasovova.cz", true */ 'e', 'v', 'a', 's', 'o', 'v', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "eve0s.com", true */ 'e', 'v', 'e', '0', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evegalaxy.net", true */ 'e', 'v', 'e', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'n', 'e', 't', '\0',
+  /* "evelienzorgt.nl", true */ 'e', 'v', 'e', 'l', 'i', 'e', 'n', 'z', 'o', 'r', 'g', 't', '.', 'n', 'l', '\0',
+  /* "evelyndayman.com", true */ 'e', 'v', 'e', 'l', 'y', 'n', 'd', 'a', 'y', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "event4fun.no", true */ 'e', 'v', 'e', 'n', 't', '4', 'f', 'u', 'n', '.', 'n', 'o', '\0',
+  /* "eventaro.com", true */ 'e', 'v', 'e', 'n', 't', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "eventive.org", true */ 'e', 'v', 'e', 'n', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "eventmake.es", true */ 'e', 'v', 'e', 'n', 't', 'm', 'a', 'k', 'e', '.', 'e', 's', '\0',
+  /* "eventosenmendoza.com.ar", true */ 'e', 'v', 'e', 'n', 't', 'o', 's', 'e', 'n', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "events-hire.co.uk", true */ 'e', 'v', 'e', 'n', 't', 's', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ever.sale", true */ 'e', 'v', 'e', 'r', '.', 's', 'a', 'l', 'e', '\0',
+  /* "everain.me", true */ 'e', 'v', 'e', 'r', 'a', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "everfine.com.tw", true */ 'e', 'v', 'e', 'r', 'f', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "evergladesrestoration.gov", true */ 'e', 'v', 'e', 'r', 'g', 'l', 'a', 'd', 'e', 's', 'r', 'e', 's', 't', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "everhome.de", true */ 'e', 'v', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "everling.lu", true */ 'e', 'v', 'e', 'r', 'l', 'i', 'n', 'g', '.', 'l', 'u', '\0',
+  /* "everlong.org", true */ 'e', 'v', 'e', 'r', 'l', 'o', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "evertonarentwe.com", true */ 'e', 'v', 'e', 'r', 't', 'o', 'n', 'a', 'r', 'e', 'n', 't', 'w', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "everwaking.com", false */ 'e', 'v', 'e', 'r', 'w', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "everyarti.st", true */ 'e', 'v', 'e', 'r', 'y', 'a', 'r', 't', 'i', '.', 's', 't', '\0',
+  /* "everybodyhertz.co.uk", true */ 'e', 'v', 'e', 'r', 'y', 'b', 'o', 'd', 'y', 'h', 'e', 'r', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "everyday.eu.org", true */ 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "everydaywot.com", true */ 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', 'w', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "everyex.com", true */ 'e', 'v', 'e', 'r', 'y', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "everygayporn.com", true */ 'e', 'v', 'e', 'r', 'y', 'g', 'a', 'y', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "everymove.org", true */ 'e', 'v', 'e', 'r', 'y', 'm', 'o', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "everytruckjob.com", true */ 'e', 'v', 'e', 'r', 'y', 't', 'r', 'u', 'c', 'k', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "everywhere.cloud", true */ 'e', 'v', 'e', 'r', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "eveshamglass.co.uk", true */ 'e', 'v', 'e', 's', 'h', 'a', 'm', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "evexia.xyz", true */ 'e', 'v', 'e', 'x', 'i', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "evidence-based.review", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', '-', 'b', 'a', 's', 'e', 'd', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0',
+  /* "evidencebased.net", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', 'b', 'a', 's', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "evidenceusa.com.br", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', 'u', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "evilarmy.com", true */ 'e', 'v', 'i', 'l', 'a', 'r', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "evilized.de", true */ 'e', 'v', 'i', 'l', 'i', 'z', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "evilvolcanolairs.com", true */ 'e', 'v', 'i', 'l', 'v', 'o', 'l', 'c', 'a', 'n', 'o', 'l', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evio.com", true */ 'e', 'v', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "evion.nl", true */ 'e', 'v', 'i', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "evlear.com", true */ 'e', 'v', 'l', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "evodation.com", true */ 'e', 'v', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "evodation.org", true */ 'e', 'v', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "evok.com.co", false */ 'e', 'v', 'o', 'k', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "evolutionexpeditions.com", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'e', 'x', 'p', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evolutioninflatables.co.uk", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "evolutionlending.co.uk", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'l', 'e', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "evolutionpets.com", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'p', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evonews.com", true */ 'e', 'v', 'o', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evony.eu", true */ 'e', 'v', 'o', 'n', 'y', '.', 'e', 'u', '\0',
+  /* "evosyn.com", true */ 'e', 'v', 'o', 's', 'y', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "evotec.pl", true */ 'e', 'v', 'o', 't', 'e', 'c', '.', 'p', 'l', '\0',
+  /* "evotec.xyz", true */ 'e', 'v', 'o', 't', 'e', 'c', '.', 'x', 'y', 'z', '\0',
+  /* "evrial.com", true */ 'e', 'v', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "evrica.me", true */ 'e', 'v', 'r', 'i', 'c', 'a', '.', 'm', 'e', '\0',
+  /* "evstatus.com", true */ 'e', 'v', 's', 't', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evtripping.com", true */ 'e', 'v', 't', 'r', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ewanm89.co.uk", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ewanm89.com", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "ewanm89.uk", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'u', 'k', '\0',
+  /* "ewe2.ninja", true */ 'e', 'w', 'e', '2', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "ewie.name", true */ 'e', 'w', 'i', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ewizmo.com", true */ 'e', 'w', 'i', 'z', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "eworksmedia.com", true */ 'e', 'w', 'o', 'r', 'k', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ewout.io", true */ 'e', 'w', 'o', 'u', 't', '.', 'i', 'o', '\0',
+  /* "ewsfeed.com", true */ 'e', 'w', 's', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ewuchuan.com", true */ 'e', 'w', 'u', 'c', 'h', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ewus.de", true */ 'e', 'w', 'u', 's', '.', 'd', 'e', '\0',
+  /* "ewycena.pl", true */ 'e', 'w', 'y', 'c', 'e', 'n', 'a', '.', 'p', 'l', '\0',
+  /* "exactlyinfinite.com", true */ 'e', 'x', 'a', 'c', 't', 'l', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "exactphilosophy.net", true */ 'e', 'x', 'a', 'c', 't', 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'n', 'e', 't', '\0',
+  /* "example.sc", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 's', 'c', '\0',
+  /* "example.wf", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 'w', 'f', '\0',
+  /* "exampleessays.com", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exaplac.com", true */ 'e', 'x', 'a', 'p', 'l', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "exceed.global", true */ 'e', 'x', 'c', 'e', 'e', 'd', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "exceltobarcode.com", true */ 'e', 'x', 'c', 'e', 'l', 't', 'o', 'b', 'a', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "excentos.com", true */ 'e', 'x', 'c', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exceptionalservers.com", true */ 'e', 'x', 'c', 'e', 'p', 't', 'i', 'o', 'n', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "excessamerica.com", true */ 'e', 'x', 'c', 'e', 's', 's', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "exchangecoordinator.com", true */ 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', 'c', 'o', 'o', 'r', 'd', 'i', 'n', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exchangeworks.co", true */ 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '\0',
+  /* "exclusivebouncycastles.co.uk", true */ 'e', 'x', 'c', 'l', 'u', 's', 'i', 'v', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "exdamo.de", true */ 'e', 'x', 'd', 'a', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "exe-boss.tech", true */ 'e', 'x', 'e', '-', 'b', 'o', 's', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "exebouncycastles.co.uk", true */ 'e', 'x', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "exehack.net", true */ 'e', 'x', 'e', 'h', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "exeintel.com", true */ 'e', 'x', 'e', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "exekutori.com", true */ 'e', 'x', 'e', 'k', 'u', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "exembit.com", true */ 'e', 'x', 'e', 'm', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "exemples-de-stands.com", true */ 'e', 'x', 'e', 'm', 'p', 'l', 'e', 's', '-', 'd', 'e', '-', 's', 't', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exeria.de", true */ 'e', 'x', 'e', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "exgaywatch.com", true */ 'e', 'x', 'g', 'a', 'y', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "exgen.io", true */ 'e', 'x', 'g', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "exhalespa.com", true */ 'e', 'x', 'h', 'a', 'l', 'e', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "exhibityour.com", true */ 'e', 'x', 'h', 'i', 'b', 'i', 't', 'y', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exiahost.com", true */ 'e', 'x', 'i', 'a', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "exit9wineandliquor.com", true */ 'e', 'x', 'i', 't', '9', 'w', 'i', 'n', 'e', 'a', 'n', 'd', 'l', 'i', 'q', 'u', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exmoe.com", true */ 'e', 'x', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "exon.io", true */ 'e', 'x', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "exoscale.ch", true */ 'e', 'x', 'o', 's', 'c', 'a', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "exoticads.com", true */ 'e', 'x', 'o', 't', 'i', 'c', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exousiakaidunamis.pw", true */ 'e', 'x', 'o', 'u', 's', 'i', 'a', 'k', 'a', 'i', 'd', 'u', 'n', 'a', 'm', 'i', 's', '.', 'p', 'w', '\0',
+  /* "exp.de", true */ 'e', 'x', 'p', '.', 'd', 'e', '\0',
+  /* "expancio.com", true */ 'e', 'x', 'p', 'a', 'n', 'c', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "expandeco.com", true */ 'e', 'x', 'p', 'a', 'n', 'd', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "expatads.com", true */ 'e', 'x', 'p', 'a', 't', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "expatmortgage.uk", true */ 'e', 'x', 'p', 'a', 't', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'u', 'k', '\0',
+  /* "expatriate.pl", true */ 'e', 'x', 'p', 'a', 't', 'r', 'i', 'a', 't', 'e', '.', 'p', 'l', '\0',
+  /* "expecting.com.br", true */ 'e', 'x', 'p', 'e', 'c', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "experienceoz.com.au", true */ 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', 'o', 'z', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "expert-korovin.ru", true */ 'e', 'x', 'p', 'e', 'r', 't', '-', 'k', 'o', 'r', 'o', 'v', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "expert.cz", true */ 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'z', '\0',
+  /* "experteasy.com.au", true */ 'e', 'x', 'p', 'e', 'r', 't', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "experticon.com", true */ 'e', 'x', 'p', 'e', 'r', 't', 'i', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "experts-en-gestion.fr", true */ 'e', 'x', 'p', 'e', 'r', 't', 's', '-', 'e', 'n', '-', 'g', 'e', 's', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "expertsverts.com", true */ 'e', 'x', 'p', 'e', 'r', 't', 's', 'v', 'e', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "explodie.org", true */ 'e', 'x', 'p', 'l', 'o', 'd', 'i', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "explodingcamera.com", true */ 'e', 'x', 'p', 'l', 'o', 'd', 'i', 'n', 'g', 'c', 'a', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "exploflex.com.br", true */ 'e', 'x', 'p', 'l', 'o', 'f', 'l', 'e', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "exploit.cz", false */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'c', 'z', '\0',
+  /* "exploit.party", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "exploit.ph", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'p', 'h', '\0',
+  /* "exploited.cz", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', 'e', 'd', '.', 'c', 'z', '\0',
+  /* "exploodo.rocks", true */ 'e', 'x', 'p', 'l', 'o', 'o', 'd', 'o', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "exploravacations.in", true */ 'e', 'x', 'p', 'l', 'o', 'r', 'a', 'v', 'a', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'i', 'n', '\0',
+  /* "expo-america.ru", true */ 'e', 'x', 'p', 'o', '-', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'r', 'u', '\0',
+  /* "expo-asia.ru", true */ 'e', 'x', 'p', 'o', '-', 'a', 's', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "expo-europe.ru", true */ 'e', 'x', 'p', 'o', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'r', 'u', '\0',
+  /* "expokohler.com", true */ 'e', 'x', 'p', 'o', 'k', 'o', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exponentialnews.net", true */ 'e', 'x', 'p', 'o', 'n', 'e', 'n', 't', 'i', 'a', 'l', 'n', 'e', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "exporta.cz", true */ 'e', 'x', 'p', 'o', 'r', 't', 'a', '.', 'c', 'z', '\0',
+  /* "expoundite.net", true */ 'e', 'x', 'p', 'o', 'u', 'n', 'd', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "expowerhps.com", true */ 'e', 'x', 'p', 'o', 'w', 'e', 'r', 'h', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "express-shina.ru", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', '-', 's', 'h', 'i', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "express-vpn.com", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', '-', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "expressemotion.net", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "expresshosting.org", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "expressmarket.ru", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'm', 'a', 'r', 'k', 'e', 't', '.', 'r', 'u', '\0',
+  /* "expresstinte.de", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 't', 'i', 'n', 't', 'e', '.', 'd', 'e', '\0',
+  /* "expressvpn.com", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "expresswins.co.uk", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'w', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "expxkcd.com", true */ 'e', 'x', 'p', 'x', 'k', 'c', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "exs.lv", true */ 'e', 'x', 's', '.', 'l', 'v', '\0',
+  /* "exside.com", true */ 'e', 'x', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "extasic.com", true */ 'e', 'x', 't', 'a', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "extendwings.com", true */ 'e', 'x', 't', 'e', 'n', 'd', 'w', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "extensiblewebmanifesto.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 'm', 'a', 'n', 'i', 'f', 'e', 's', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "extensiblewebreportcard.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 'r', 'e', 'p', 'o', 'r', 't', 'c', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "extensiblewebsummit.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 's', 'u', 'm', 'm', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "extensiontree.com", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 't', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "extradesktops.com", false */ 'e', 'x', 't', 'r', 'a', 'd', 'e', 's', 'k', 't', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "extramoney.cash", true */ 'e', 'x', 't', 'r', 'a', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'a', 's', 'h', '\0',
+  /* "extranetpuc.com.br", true */ 'e', 'x', 't', 'r', 'a', 'n', 'e', 't', 'p', 'u', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "extrapagetab.com", true */ 'e', 'x', 't', 'r', 'a', 'p', 'a', 'g', 'e', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "extratorrent.cool", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'o', 'l', '\0',
+  /* "extratorrent.fyi", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'f', 'y', 'i', '\0',
+  /* "extratorrent.red", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'r', 'e', 'd', '\0',
+  /* "extratorrent.world", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "extreme-gaming.de", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "extreme-gaming.us", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'u', 's', '\0',
+  /* "extreme-players.com", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'p', 'l', 'a', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "extreme-players.de", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'p', 'l', 'a', 'y', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "extrememanual.net", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', 'm', 'a', 'n', 'u', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "exvs.org", true */ 'e', 'x', 'v', 's', '.', 'o', 'r', 'g', '\0',
+  /* "exyplis.com", true */ 'e', 'x', 'y', 'p', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eydesignguidelines.com", true */ 'e', 'y', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'u', 'i', 'd', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eyecandy.gr", true */ 'e', 'y', 'e', 'c', 'a', 'n', 'd', 'y', '.', 'g', 'r', '\0',
+  /* "eyeglasses.com", false */ 'e', 'y', 'e', 'g', 'l', 'a', 's', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eyelashconcept.com", true */ 'e', 'y', 'e', 'l', 'a', 's', 'h', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eyeonid.com", true */ 'e', 'y', 'e', 'o', 'n', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eyep.me", true */ 'e', 'y', 'e', 'p', '.', 'm', 'e', '\0',
+  /* "eyes-berg.ch", true */ 'e', 'y', 'e', 's', '-', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "eyes-berg.com", true */ 'e', 'y', 'e', 's', '-', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "eynio.com", true */ 'e', 'y', 'n', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "eyps.net", true */ 'e', 'y', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "ez3d.eu", true */ 'e', 'z', '3', 'd', '.', 'e', 'u', '\0',
+  /* "ezakazivanje.rs", true */ 'e', 'z', 'a', 'k', 'a', 'z', 'i', 'v', 'a', 'n', 'j', 'e', '.', 'r', 's', '\0',
+  /* "ezdog.press", true */ 'e', 'z', 'd', 'o', 'g', '.', 'p', 'r', 'e', 's', 's', '\0',
+  /* "ezequiel-garzon.net", true */ 'e', 'z', 'e', 'q', 'u', 'i', 'e', 'l', '-', 'g', 'a', 'r', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ezgif.com", true */ 'e', 'z', 'g', 'i', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "ezhik-din.ru", true */ 'e', 'z', 'h', 'i', 'k', '-', 'd', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "eznfe.com", true */ 'e', 'z', 'n', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ezorgportaal.nl", true */ 'e', 'z', 'o', 'r', 'g', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "ezwritingservice.com", true */ 'e', 'z', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f-be.com", true */ 'f', '-', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f-droid.org", true */ 'f', '-', 'd', 'r', 'o', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "f-hd.net", true */ 'f', '-', 'h', 'd', '.', 'n', 'e', 't', '\0',
+  /* "f-thie.de", true */ 'f', '-', 't', 'h', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "f00.fr", true */ 'f', '0', '0', '.', 'f', 'r', '\0',
+  /* "f1bigpicture.com", true */ 'f', '1', 'b', 'i', 'g', 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f1classement.com", true */ 'f', '1', 'c', 'l', 'a', 's', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "f1fever.co.uk", true */ 'f', '1', 'f', 'e', 'v', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "f1fever.net", true */ 'f', '1', 'f', 'e', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "f1minute.com", true */ 'f', '1', 'm', 'i', 'n', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f42.net", true */ 'f', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "f43.me", true */ 'f', '4', '3', '.', 'm', 'e', '\0',
+  /* "f5movies.top", true */ 'f', '5', 'm', 'o', 'v', 'i', 'e', 's', '.', 't', 'o', 'p', '\0',
+  /* "f5nu.com", true */ 'f', '5', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "f5w.de", true */ 'f', '5', 'w', '.', 'd', 'e', '\0',
+  /* "f9digital.com", true */ 'f', '9', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fa-works.com", true */ 'f', 'a', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "faber.org.ru", true */ 'f', 'a', 'b', 'e', 'r', '.', 'o', 'r', 'g', '.', 'r', 'u', '\0',
+  /* "faberusa.com", true */ 'f', 'a', 'b', 'e', 'r', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fabian-fingerle.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', '-', 'f', 'i', 'n', 'g', 'e', 'r', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "fabian-koeppen.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', '-', 'k', 'o', 'e', 'p', 'p', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "fabianackle.ch", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'a', 'c', 'k', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "fabianasantiago.com", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'a', 's', 'a', 'n', 't', 'i', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fabianfranke.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "fabienbaker.com", true */ 'f', 'a', 'b', 'i', 'e', 'n', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fabienne-roux.org", true */ 'f', 'a', 'b', 'i', 'e', 'n', 'n', 'e', '-', 'r', 'o', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "fabiobier.com", true */ 'f', 'a', 'b', 'i', 'o', 'b', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fableforge.nl", true */ 'f', 'a', 'b', 'l', 'e', 'f', 'o', 'r', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "fabriceleroux.com", true */ 'f', 'a', 'b', 'r', 'i', 'c', 'e', 'l', 'e', 'r', 'o', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "fabriziorocca.it", true */ 'f', 'a', 'b', 'r', 'i', 'z', 'i', 'o', 'r', 'o', 'c', 'c', 'a', '.', 'i', 't', '\0',
+  /* "fabrysociety.org", true */ 'f', 'a', 'b', 'r', 'y', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "fabse.net", true */ 'f', 'a', 'b', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fabulouslyyouthfulskin.com", true */ 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'l', 'y', 'y', 'o', 'u', 't', 'h', 'f', 'u', 'l', 's', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fabulouslyyouthfulskineyeserum.com", true */ 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'l', 'y', 'y', 'o', 'u', 't', 'h', 'f', 'u', 'l', 's', 'k', 'i', 'n', 'e', 'y', 'e', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "facanabota.com", true */ 'f', 'a', 'c', 'a', 'n', 'a', 'b', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "facanabota.com.br", true */ 'f', 'a', 'c', 'a', 'n', 'a', 'b', 'o', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "facciadastile.it", true */ 'f', 'a', 'c', 'c', 'i', 'a', 'd', 'a', 's', 't', 'i', 'l', 'e', '.', 'i', 't', '\0',
+  /* "facealacrise.fr", true */ 'f', 'a', 'c', 'e', 'a', 'l', 'a', 'c', 'r', 'i', 's', 'e', '.', 'f', 'r', '\0',
+  /* "facebattle.com", true */ 'f', 'a', 'c', 'e', 'b', 'a', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "facebook-atom.appspot.com", true */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '-', 'a', 't', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "facebook.com", false */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "facebooktsukaikata.net", true */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', 't', 's', 'u', 'k', 'a', 'i', 'k', 'a', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "facebylouise.co.uk", true */ 'f', 'a', 'c', 'e', 'b', 'y', 'l', 'o', 'u', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "facepalmsecurity.com", true */ 'f', 'a', 'c', 'e', 'p', 'a', 'l', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "facepunch.org", true */ 'f', 'a', 'c', 'e', 'p', 'u', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "facerepo.com", true */ 'f', 'a', 'c', 'e', 'r', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "facesnf.com", true */ 'f', 'a', 'c', 'e', 's', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "fach-journalist.de", true */ 'f', 'a', 'c', 'h', '-', 'j', 'o', 'u', 'r', 'n', 'a', 'l', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "fachschaft-informatik.de", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "fachschaftslisten.at", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', 's', 'l', 'i', 's', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "fachschaftslisten.org", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', 's', 'l', 'i', 's', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "facialexercising.com", true */ 'f', 'a', 'c', 'i', 'a', 'l', 'e', 'x', 'e', 'r', 'c', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "faciledireto.com.br", true */ 'f', 'a', 'c', 'i', 'l', 'e', 'd', 'i', 'r', 'e', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "facilitiessurvey.org", true */ 'f', 'a', 'c', 'i', 'l', 'i', 't', 'i', 'e', 's', 's', 'u', 'r', 'v', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "factbytefactbox.com", true */ 'f', 'a', 'c', 't', 'b', 'y', 't', 'e', 'f', 'a', 'c', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "factor.cc", false */ 'f', 'a', 'c', 't', 'o', 'r', '.', 'c', 'c', '\0',
+  /* "factorypartsdirect.com", true */ 'f', 'a', 'c', 't', 'o', 'r', 'y', 'p', 'a', 'r', 't', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "factuursturen.be", true */ 'f', 'a', 'c', 't', 'u', 'u', 'r', 's', 't', 'u', 'r', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "factuursturen.nl", true */ 'f', 'a', 'c', 't', 'u', 'u', 'r', 's', 't', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "factys.do", true */ 'f', 'a', 'c', 't', 'y', 's', '.', 'd', 'o', '\0',
+  /* "factys.es", true */ 'f', 'a', 'c', 't', 'y', 's', '.', 'e', 's', '\0',
+  /* "fadednet.com", false */ 'f', 'a', 'd', 'e', 'd', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "faderweb.de", true */ 'f', 'a', 'd', 'e', 'r', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "fads-center.online", true */ 'f', 'a', 'd', 's', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "faehler.de", true */ 'f', 'a', 'e', 'h', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "faeriecakes.be", true */ 'f', 'a', 'e', 'r', 'i', 'e', 'c', 'a', 'k', 'e', 's', '.', 'b', 'e', '\0',
+  /* "fag.wtf", true */ 'f', 'a', 'g', '.', 'w', 't', 'f', '\0',
+  /* "fahrenwal.de", true */ 'f', 'a', 'h', 'r', 'e', 'n', 'w', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "fahrenwalde.de", true */ 'f', 'a', 'h', 'r', 'e', 'n', 'w', 'a', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "fail.coach", true */ 'f', 'a', 'i', 'l', '.', 'c', 'o', 'a', 'c', 'h', '\0',
+  /* "failover.de", true */ 'f', 'a', 'i', 'l', 'o', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "failover.eu", true */ 'f', 'a', 'i', 'l', 'o', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "fairbill.com", true */ 'f', 'a', 'i', 'r', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fairedeseconomies.info", true */ 'f', 'a', 'i', 'r', 'e', 'd', 'e', 's', 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "fairgolfteams.com", true */ 'f', 'a', 'i', 'r', 'g', 'o', 'l', 'f', 't', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fairplay.im", true */ 'f', 'a', 'i', 'r', 'p', 'l', 'a', 'y', '.', 'i', 'm', '\0',
+  /* "fairviewmotel-simcoe.com", true */ 'f', 'a', 'i', 'r', 'v', 'i', 'e', 'w', 'm', 'o', 't', 'e', 'l', '-', 's', 'i', 'm', 'c', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "faithgrowth.com", true */ 'f', 'a', 'i', 't', 'h', 'g', 'r', 'o', 'w', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "faithindemocracy.eu", true */ 'f', 'a', 'i', 't', 'h', 'i', 'n', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'e', 'u', '\0',
+  /* "faithmissionaries.com", true */ 'f', 'a', 'i', 't', 'h', 'm', 'i', 's', 's', 'i', 'o', 'n', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "faixaazul.com", true */ 'f', 'a', 'i', 'x', 'a', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "faizan.net", true */ 'f', 'a', 'i', 'z', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "fakeapple.nl", true */ 'f', 'a', 'k', 'e', 'a', 'p', 'p', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "fakerli.com", true */ 'f', 'a', 'k', 'e', 'r', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fakti.bg", true */ 'f', 'a', 'k', 't', 'i', '.', 'b', 'g', '\0',
+  /* "fakturi.com", true */ 'f', 'a', 'k', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fakturoid.cz", true */ 'f', 'a', 'k', 't', 'u', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "falaowang.com", true */ 'f', 'a', 'l', 'a', 'o', 'w', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "falbros.com", true */ 'f', 'a', 'l', 'b', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "falcibiosystems.org", true */ 'f', 'a', 'l', 'c', 'i', 'b', 'i', 'o', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "falconvintners.com", true */ 'f', 'a', 'l', 'c', 'o', 'n', 'v', 'i', 'n', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "falcoz.co", true */ 'f', 'a', 'l', 'c', 'o', 'z', '.', 'c', 'o', '\0',
+  /* "faldoria.de", true */ 'f', 'a', 'l', 'd', 'o', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "fallenangeldrinks.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fallenangeldrinks.com", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fallenangelspirits.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fallenangelspirits.com", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fallenspirits.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "falsum.net", true */ 'f', 'a', 'l', 's', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "fam-kreibich.de", true */ 'f', 'a', 'm', '-', 'k', 'r', 'e', 'i', 'b', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "fam-stemmer.de", false */ 'f', 'a', 'm', '-', 's', 't', 'e', 'm', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "famcloud.de", true */ 'f', 'a', 'm', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "famdouma.nl", true */ 'f', 'a', 'm', 'd', 'o', 'u', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "fameng.nl", true */ 'f', 'a', 'm', 'e', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "familiaperez.net", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'a', 'p', 'e', 'r', 'e', 'z', '.', 'n', 'e', 't', '\0',
+  /* "familie-kupschke.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'k', 'u', 'p', 's', 'c', 'h', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "familie-leu.ch", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'l', 'e', 'u', '.', 'c', 'h', '\0',
+  /* "familie-monka.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'm', 'o', 'n', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "familie-remke.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'r', 'e', 'm', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "familiegrottendieck.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'g', 'r', 'o', 't', 't', 'e', 'n', 'd', 'i', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "familieholme.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'h', 'o', 'l', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "familjenfrodlund.se", true */ 'f', 'a', 'm', 'i', 'l', 'j', 'e', 'n', 'f', 'r', 'o', 'd', 'l', 'u', 'n', 'd', '.', 's', 'e', '\0',
+  /* "familjenm.se", true */ 'f', 'a', 'm', 'i', 'l', 'j', 'e', 'n', 'm', '.', 's', 'e', '\0',
+  /* "familletouret.fr", true */ 'f', 'a', 'm', 'i', 'l', 'l', 'e', 't', 'o', 'u', 'r', 'e', 't', '.', 'f', 'r', '\0',
+  /* "familylawhotline.org", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'l', 'a', 'w', 'h', 'o', 't', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "familyparties.co.uk", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "familyreal.ru", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'r', 'e', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "familytreehq.com", true */ 'f', 'a', 'm', 'i', 'l', 'y', 't', 'r', 'e', 'e', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "famososnaweb.com", true */ 'f', 'a', 'm', 'o', 's', 'o', 's', 'n', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "famousbirthdays.com", true */ 'f', 'a', 'm', 'o', 'u', 's', 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "famoushostels.com", true */ 'f', 'a', 'm', 'o', 'u', 's', 'h', 'o', 's', 't', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "famvangelder.nl", true */ 'f', 'a', 'm', 'v', 'a', 'n', 'g', 'e', 'l', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "famvsomeren.nl", true */ 'f', 'a', 'm', 'v', 's', 'o', 'm', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "fanboi.ch", true */ 'f', 'a', 'n', 'b', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "fander.it", true */ 'f', 'a', 'n', 'd', 'e', 'r', '.', 'i', 't', '\0',
+  /* "fandler.cz", true */ 'f', 'a', 'n', 'd', 'l', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "fandomservices.com", true */ 'f', 'a', 'n', 'd', 'o', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fanfareunion.ch", true */ 'f', 'a', 'n', 'f', 'a', 'r', 'e', 'u', 'n', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "fangs.ink", true */ 'f', 'a', 'n', 'g', 's', '.', 'i', 'n', 'k', '\0',
+  /* "fanjoe.be", true */ 'f', 'a', 'n', 'j', 'o', 'e', '.', 'b', 'e', '\0',
+  /* "fantasiapainter.com", true */ 'f', 'a', 'n', 't', 'a', 's', 'i', 'a', 'p', 'a', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fantasticcleaners.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantastichandymanmelbourne.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantasticpestcontrolmelbourne.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'p', 'e', 's', 't', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantasycastles.co.uk", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fantasyescortsbirmingham.co.uk", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'e', 's', 'c', 'o', 'r', 't', 's', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fantasypartyhire.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantasyspectrum.com", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 's', 'p', 'e', 'c', 't', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "fantopia.club", true */ 'f', 'a', 'n', 't', 'o', 'p', 'i', 'a', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "fanvoice.com", true */ 'f', 'a', 'n', 'v', 'o', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fanyue123.tk", true */ 'f', 'a', 'n', 'y', 'u', 'e', '1', '2', '3', '.', 't', 'k', '\0',
+  /* "fanz.pro", true */ 'f', 'a', 'n', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "fanzlive.com", true */ 'f', 'a', 'n', 'z', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fap.no", true */ 'f', 'a', 'p', '.', 'n', 'o', '\0',
+  /* "faq.ie", true */ 'f', 'a', 'q', '.', 'i', 'e', '\0',
+  /* "faq.lookout.com", false */ 'f', 'a', 'q', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "fara.gov", true */ 'f', 'a', 'r', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "faraslot8.com", true */ 'f', 'a', 'r', 'a', 's', 'l', 'o', 't', '8', '.', 'c', 'o', 'm', '\0',
+  /* "faraslot8.net", true */ 'f', 'a', 'r', 'a', 's', 'l', 'o', 't', '8', '.', 'n', 'e', 't', '\0',
+  /* "farcecrew.de", true */ 'f', 'a', 'r', 'c', 'e', 'c', 'r', 'e', 'w', '.', 'd', 'e', '\0',
+  /* "farfallapets.com.br", true */ 'f', 'a', 'r', 'f', 'a', 'l', 'l', 'a', 'p', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "farfetchos.com", true */ 'f', 'a', 'r', 'f', 'e', 't', 'c', 'h', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fargtorget.se", true */ 'f', 'a', 'r', 'g', 't', 'o', 'r', 'g', 'e', 't', '.', 's', 'e', '\0',
+  /* "farhadexchange.com", true */ 'f', 'a', 'r', 'h', 'a', 'd', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "farhood.org", true */ 'f', 'a', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "farid.is", true */ 'f', 'a', 'r', 'i', 'd', '.', 'i', 's', '\0',
+  /* "farkas.bz", true */ 'f', 'a', 'r', 'k', 'a', 's', '.', 'b', 'z', '\0',
+  /* "farmacia.pt", true */ 'f', 'a', 'r', 'm', 'a', 'c', 'i', 'a', '.', 'p', 't', '\0',
+  /* "farmacialaboratorio.it", true */ 'f', 'a', 'r', 'm', 'a', 'c', 'i', 'a', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'o', 'r', 'i', 'o', '.', 'i', 't', '\0',
+  /* "farmer.dating", true */ 'f', 'a', 'r', 'm', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "farmkazuto.com", true */ 'f', 'a', 'r', 'm', 'k', 'a', 'z', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "faroes.net", true */ 'f', 'a', 'r', 'o', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "faroes.org", true */ 'f', 'a', 'r', 'o', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "farrel-f.id", true */ 'f', 'a', 'r', 'r', 'e', 'l', '-', 'f', '.', 'i', 'd', '\0',
+  /* "farsil.eu", true */ 'f', 'a', 'r', 's', 'i', 'l', '.', 'e', 'u', '\0',
+  /* "fascia.fit", true */ 'f', 'a', 's', 'c', 'i', 'a', '.', 'f', 'i', 't', '\0',
+  /* "fasdoutreach.ca", true */ 'f', 'a', 's', 'd', 'o', 'u', 't', 'r', 'e', 'a', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "fashion24.de", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', '2', '4', '.', 'd', 'e', '\0',
+  /* "fashion4ever.pl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', '4', 'e', 'v', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "fashiondock.de", false */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'd', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "fashionunited.be", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "fashionunited.cl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'l', '\0',
+  /* "fashionunited.com", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fashionunited.com.ar", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "fashionunited.de", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "fashionunited.fi", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'f', 'i', '\0',
+  /* "fashionunited.hk", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'h', 'k', '\0',
+  /* "fashionunited.hu", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'h', 'u', '\0',
+  /* "fashionunited.ie", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'i', 'e', '\0',
+  /* "fashionunited.lu", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'l', 'u', '\0',
+  /* "fashionunited.mx", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'm', 'x', '\0',
+  /* "fashionunited.nl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "fashionunited.no", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'o', '\0',
+  /* "fashionunited.nz", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'z', '\0',
+  /* "fashionunited.pl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'p', 'l', '\0',
+  /* "fashionunited.se", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 's', 'e', '\0',
+  /* "fashionweekweb.com", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'w', 'e', 'e', 'k', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "faspirits.co.uk", true */ 'f', 'a', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "faspirits.com", true */ 'f', 'a', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fassadenverkleidung24.de", true */ 'f', 'a', 's', 's', 'a', 'd', 'e', 'n', 'v', 'e', 'r', 'k', 'l', 'e', 'i', 'd', 'u', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "fassi-sport.it", true */ 'f', 'a', 's', 's', 'i', '-', 's', 'p', 'o', 'r', 't', '.', 'i', 't', '\0',
+  /* "fastbackmbm.be", true */ 'f', 'a', 's', 't', 'b', 'a', 'c', 'k', 'm', 'b', 'm', '.', 'b', 'e', '\0',
+  /* "fastcommerce.org", true */ 'f', 'a', 's', 't', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fastconfirm.com", true */ 'f', 'a', 's', 't', 'c', 'o', 'n', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "fastforwardthemes.com", true */ 'f', 'a', 's', 't', 'f', 'o', 'r', 'w', 'a', 'r', 'd', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fastmail.com", false */ 'f', 'a', 's', 't', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fastonline.ro", true */ 'f', 'a', 's', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'o', '\0',
+  /* "fastpresence.com", true */ 'f', 'a', 's', 't', 'p', 'r', 'e', 's', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fastrevision.com", true */ 'f', 'a', 's', 't', 'r', 'e', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fastwebsites.com.br", true */ 'f', 'a', 's', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "faszienrollen-info.de", false */ 'f', 'a', 's', 'z', 'i', 'e', 'n', 'r', 'o', 'l', 'l', 'e', 'n', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "fatedata.com", true */ 'f', 'a', 't', 'e', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fathers4equalrights.org", true */ 'f', 'a', 't', 'h', 'e', 'r', 's', '4', 'e', 'q', 'u', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fatidique.com", true */ 'f', 'a', 't', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fatimamoldes.com.br", true */ 'f', 'a', 't', 'i', 'm', 'a', 'm', 'o', 'l', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fatowltees.com", true */ 'f', 'a', 't', 'o', 'w', 'l', 't', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fatox.de", true */ 'f', 'a', 't', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "faucetbox.com", false */ 'f', 'a', 'u', 'c', 'e', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "faulty.equipment", true */ 'f', 'a', 'u', 'l', 't', 'y', '.', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', '\0',
+  /* "fauvettes.be", true */ 'f', 'a', 'u', 'v', 'e', 't', 't', 'e', 's', '.', 'b', 'e', '\0',
+  /* "favorit.club", true */ 'f', 'a', 'v', 'o', 'r', 'i', 't', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "fawkex.me", true */ 'f', 'a', 'w', 'k', 'e', 'x', '.', 'm', 'e', '\0',
+  /* "fawong.com", true */ 'f', 'a', 'w', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "faxite.com", true */ 'f', 'a', 'x', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fb.me", true */ 'f', 'b', '.', 'm', 'e', '\0',
+  /* "fbcdn.net", true */ 'f', 'b', 'c', 'd', 'n', '.', 'n', 'e', 't', '\0',
+  /* "fbcfairburn.com", true */ 'f', 'b', 'c', 'f', 'a', 'i', 'r', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fbcopy.com", true */ 'f', 'b', 'c', 'o', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fbi.pw", true */ 'f', 'b', 'i', '.', 'p', 'w', '\0',
+  /* "fbijobs.gov", true */ 'f', 'b', 'i', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "fbsbx.com", true */ 'f', 'b', 's', 'b', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "fburl.com", true */ 'f', 'b', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fc.media", true */ 'f', 'c', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "fca-tools.com", true */ 'f', 'c', 'a', '-', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fcapartsdb.com", true */ 'f', 'c', 'a', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fcburk.de", true */ 'f', 'c', 'b', 'u', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "fcforum.net", true */ 'f', 'c', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "fcitasc.com", true */ 'f', 'c', 'i', 't', 'a', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "fckd.net", true */ 'f', 'c', 'k', 'd', '.', 'n', 'e', 't', '\0',
+  /* "fcprovadia.com", true */ 'f', 'c', 'p', 'r', 'o', 'v', 'a', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fdevs.ch", true */ 'f', 'd', 'e', 'v', 's', '.', 'c', 'h', '\0',
+  /* "fdlibre.eu", true */ 'f', 'd', 'l', 'i', 'b', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "fdsys.gov", false */ 'f', 'd', 's', 'y', 's', '.', 'g', 'o', 'v', '\0',
+  /* "feac.us", true */ 'f', 'e', 'a', 'c', '.', 'u', 's', '\0',
+  /* "feaden.me", true */ 'f', 'e', 'a', 'd', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "fearghus.org", true */ 'f', 'e', 'a', 'r', 'g', 'h', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fearsomegaming.com", true */ 'f', 'e', 'a', 'r', 's', 'o', 'm', 'e', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "feastr-dev.de", true */ 'f', 'e', 'a', 's', 't', 'r', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "feastr.de", true */ 'f', 'e', 'a', 's', 't', 'r', '.', 'd', 'e', '\0',
+  /* "feastr.io", true */ 'f', 'e', 'a', 's', 't', 'r', '.', 'i', 'o', '\0',
+  /* "featherweightlabs.com", true */ 'f', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'e', 'i', 'g', 'h', 't', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "featuredmen.com", true */ 'f', 'e', 'a', 't', 'u', 'r', 'e', 'd', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fecik.sk", true */ 'f', 'e', 'c', 'i', 'k', '.', 's', 'k', '\0',
+  /* "federalinvestments.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'i', 'n', 'v', 'e', 's', 't', 'm', 'e', 'n', 't', 's', '.', 'g', 'o', 'v', '\0',
+  /* "federaljobs.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "federalreserve.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'r', 'e', 's', 'e', 'r', 'v', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "federicomigliavacca.it", true */ 'f', 'e', 'd', 'e', 'r', 'i', 'c', 'o', 'm', 'i', 'g', 'l', 'i', 'a', 'v', 'a', 'c', 'c', 'a', '.', 'i', 't', '\0',
+  /* "fedinvest.gov", true */ 'f', 'e', 'd', 'i', 'n', 'v', 'e', 's', 't', '.', 'g', 'o', 'v', '\0',
+  /* "fedjobs.gov", true */ 'f', 'e', 'd', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "fedorahosted.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'h', 'o', 's', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "fedoramagazine.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fedorapeople.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fedramp.gov", true */ 'f', 'e', 'd', 'r', 'a', 'm', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "fedrtc.org", true */ 'f', 'e', 'd', 'r', 't', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "fedux.com.ar", true */ 'f', 'e', 'd', 'u', 'x', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "feedbin.com", false */ 'f', 'e', 'e', 'd', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "feedhq.org", true */ 'f', 'e', 'e', 'd', 'h', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "feedkovacs.hu", true */ 'f', 'e', 'e', 'd', 'k', 'o', 'v', 'a', 'c', 's', '.', 'h', 'u', '\0',
+  /* "feedough.com", true */ 'f', 'e', 'e', 'd', 'o', 'u', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "feel.aero", true */ 'f', 'e', 'e', 'l', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "feelgood-workouts.de", true */ 'f', 'e', 'e', 'l', 'g', 'o', 'o', 'd', '-', 'w', 'o', 'r', 'k', 'o', 'u', 't', 's', '.', 'd', 'e', '\0',
+  /* "feeltennis.net", true */ 'f', 'e', 'e', 'l', 't', 'e', 'n', 'n', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "feen.us", true */ 'f', 'e', 'e', 'n', '.', 'u', 's', '\0',
+  /* "fefelovalex.ru", true */ 'f', 'e', 'f', 'e', 'l', 'o', 'v', 'a', 'l', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "fehngarten.de", true */ 'f', 'e', 'h', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "fehnladen.de", true */ 'f', 'e', 'h', 'n', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "feigling.net", true */ 'f', 'e', 'i', 'g', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "feilen.de", true */ 'f', 'e', 'i', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "feisbed.com", true */ 'f', 'e', 'i', 's', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "feisim.com", true */ 'f', 'e', 'i', 's', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "feisim.org", true */ 'f', 'e', 'i', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "feistyduck.com", true */ 'f', 'e', 'i', 's', 't', 'y', 'd', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "feitobrasilcosmeticos.com.br", true */ 'f', 'e', 'i', 't', 'o', 'b', 'r', 'a', 's', 'i', 'l', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fejes.house", true */ 'f', 'e', 'j', 'e', 's', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "feld.design", true */ 'f', 'e', 'l', 'd', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "feld.saarland", true */ 'f', 'e', 'l', 'd', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0',
+  /* "feldhousen.com", true */ 'f', 'e', 'l', 'd', 'h', 'o', 'u', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "felgitscher.xyz", true */ 'f', 'e', 'l', 'g', 'i', 't', 's', 'c', 'h', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "felicifia.org", true */ 'f', 'e', 'l', 'i', 'c', 'i', 'f', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "felistirnavia.sk", true */ 'f', 'e', 'l', 'i', 's', 't', 'i', 'r', 'n', 'a', 'v', 'i', 'a', '.', 's', 'k', '\0',
+  /* "felixbarta.de", true */ 'f', 'e', 'l', 'i', 'x', 'b', 'a', 'r', 't', 'a', '.', 'd', 'e', '\0',
+  /* "felixcrux.com", true */ 'f', 'e', 'l', 'i', 'x', 'c', 'r', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "felixhefner.de", true */ 'f', 'e', 'l', 'i', 'x', 'h', 'e', 'f', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "felixkauer.de", true */ 'f', 'e', 'l', 'i', 'x', 'k', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "felixqu.com", true */ 'f', 'e', 'l', 'i', 'x', 'q', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "felixsanz.com", true */ 'f', 'e', 'l', 'i', 'x', 's', 'a', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "felixseele.de", true */ 'f', 'e', 'l', 'i', 'x', 's', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "felsing.net", true */ 'f', 'e', 'l', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "femanca.com", true */ 'f', 'e', 'm', 'a', 'n', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "femdombbw.com", true */ 'f', 'e', 'm', 'd', 'o', 'm', 'b', 'b', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "feminina.pt", true */ 'f', 'e', 'm', 'i', 'n', 'i', 'n', 'a', '.', 'p', 't', '\0',
+  /* "femradio.es", true */ 'f', 'e', 'm', 'r', 'a', 'd', 'i', 'o', '.', 'e', 's', '\0',
+  /* "femtomind.com", true */ 'f', 'e', 'm', 't', 'o', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fence-stlouis.com", true */ 'f', 'e', 'n', 'c', 'e', '-', 's', 't', 'l', 'o', 'u', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "feng.si", true */ 'f', 'e', 'n', 'g', '.', 's', 'i', '\0',
+  /* "fengyi.tel", true */ 'f', 'e', 'n', 'g', 'y', 'i', '.', 't', 'e', 'l', '\0',
+  /* "fenster-bank.at", true */ 'f', 'e', 'n', 's', 't', 'e', 'r', '-', 'b', 'a', 'n', 'k', '.', 'a', 't', '\0',
+  /* "fenster-bank.de", true */ 'f', 'e', 'n', 's', 't', 'e', 'r', '-', 'b', 'a', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "ferdies.co.za", true */ 'f', 'e', 'r', 'd', 'i', 'e', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "fergusoncastle.com", true */ 'f', 'e', 'r', 'g', 'u', 's', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ferien-netzwerk.de", true */ 'f', 'e', 'r', 'i', 'e', 'n', '-', 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "ferienchalet-wallis.ch", true */ 'f', 'e', 'r', 'i', 'e', 'n', 'c', 'h', 'a', 'l', 'e', 't', '-', 'w', 'a', 'l', 'l', 'i', 's', '.', 'c', 'h', '\0',
+  /* "ferienhaus-polchow-ruegen.de", false */ 'f', 'e', 'r', 'i', 'e', 'n', 'h', 'a', 'u', 's', '-', 'p', 'o', 'l', 'c', 'h', 'o', 'w', '-', 'r', 'u', 'e', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ferienwohnungen-lastminute.de", true */ 'f', 'e', 'r', 'i', 'e', 'n', 'w', 'o', 'h', 'n', 'u', 'n', 'g', 'e', 'n', '-', 'l', 'a', 's', 't', 'm', 'i', 'n', 'u', 't', 'e', '.', 'd', 'e', '\0',
+  /* "fermabel.com.br", true */ 'f', 'e', 'r', 'm', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fernandes.org", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fernandob.com", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fernandobarata.pt", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', 'a', 'r', 'a', 't', 'a', '.', 'p', 't', '\0',
+  /* "fernandobarillas.com", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', 'a', 'r', 'i', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fernandomiguel.net", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'm', 'i', 'g', 'u', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "ferret.zone", true */ 'f', 'e', 'r', 'r', 'e', 't', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "ferreteriaxerez.com", true */ 'f', 'e', 'r', 'r', 'e', 't', 'e', 'r', 'i', 'a', 'x', 'e', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "ferrolatino.ch", true */ 'f', 'e', 'r', 'r', 'o', 'l', 'a', 't', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "ferticare.pt", true */ 'f', 'e', 'r', 't', 'i', 'c', 'a', 'r', 'e', '.', 'p', 't', '\0',
+  /* "fertila.de", true */ 'f', 'e', 'r', 't', 'i', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "festaprylar.se", true */ 'f', 'e', 's', 't', 'a', 'p', 'r', 'y', 'l', 'a', 'r', '.', 's', 'e', '\0',
+  /* "festival-tipps.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '-', 't', 'i', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "festival.house", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "festivaljapon.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', 'j', 'a', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "festivalxdentro.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', 'x', 'd', 'e', 'n', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fetlife.com", true */ 'f', 'e', 't', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fettlaus.de", true */ 'f', 'e', 't', 't', 'l', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "feudalisten.de", true */ 'f', 'e', 'u', 'd', 'a', 'l', 'i', 's', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "feuerwehr-dachaufsetzer.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'd', 'a', 'c', 'h', 'a', 'u', 'f', 's', 'e', 't', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "feuerwehr-illmensee.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'i', 'l', 'l', 'm', 'e', 'n', 's', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "feuerwehr-oberkotzau.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'o', 'b', 'e', 'r', 'k', 'o', 't', 'z', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "feuerwerksmanufaktur.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'r', 'k', 's', 'm', 'a', 'n', 'u', 'f', 'a', 'k', 't', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "feuetgloire.com", true */ 'f', 'e', 'u', 'e', 't', 'g', 'l', 'o', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fewo-thueringer-wald.de", true */ 'f', 'e', 'w', 'o', '-', 't', 'h', 'u', 'e', 'r', 'i', 'n', 'g', 'e', 'r', '-', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "fexco.com", true */ 'f', 'e', 'x', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "feyermedia.de", true */ 'f', 'e', 'y', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "ff-bad-hoehenstadt.de", true */ 'f', 'f', '-', 'b', 'a', 'd', '-', 'h', 'o', 'e', 'h', 'e', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "ff-bg.xyz", true */ 'f', 'f', '-', 'b', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "ff-obersunzing-niedersunzing.de", true */ 'f', 'f', '-', 'o', 'b', 'e', 'r', 's', 'u', 'n', 'z', 'i', 'n', 'g', '-', 'n', 'i', 'e', 'd', 'e', 'r', 's', 'u', 'n', 'z', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ff14-mstdn.xyz", true */ 'f', 'f', '1', '4', '-', 'm', 's', 't', 'd', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "ffbans.org", true */ 'f', 'f', 'b', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ffis.me", true */ 'f', 'f', 'i', 's', '.', 'm', 'e', '\0',
+  /* "ffkoenigsberg.de", true */ 'f', 'f', 'k', 'o', 'e', 'n', 'i', 'g', 's', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "ffl123.com", true */ 'f', 'f', 'l', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ffmradio.de", true */ 'f', 'f', 'm', 'r', 'a', 'd', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "ffprofile.com", true */ 'f', 'f', 'p', 'r', 'o', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ffta.eu", true */ 'f', 'f', 't', 'a', '.', 'e', 'u', '\0',
+  /* "fgequipamentos.com.br", true */ 'f', 'g', 'e', 'q', 'u', 'i', 'p', 'a', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fhcdn.xyz", true */ 'f', 'h', 'c', 'd', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "fhconseil.fr", true */ 'f', 'h', 'c', 'o', 'n', 's', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "fhdhelp.de", false */ 'f', 'h', 'd', 'h', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "fhdhilft.de", false */ 'f', 'h', 'd', 'h', 'i', 'l', 'f', 't', '.', 'd', 'e', '\0',
+  /* "fhfaoig.gov", true */ 'f', 'h', 'f', 'a', 'o', 'i', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "fhg90.com", true */ 'f', 'h', 'g', '9', '0', '.', 'c', 'o', 'm', '\0',
+  /* "fhsseniormens.club", true */ 'f', 'h', 's', 's', 'e', 'n', 'i', 'o', 'r', 'm', 'e', 'n', 's', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "fi-sanki.co.jp", true */ 'f', 'i', '-', 's', 'a', 'n', 'k', 'i', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "fi.google.com", true */ 'f', 'i', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fi.search.yahoo.com", false */ 'f', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fialat.cz", true */ 'f', 'i', 'a', 'l', 'a', 't', '.', 'c', 'z', '\0',
+  /* "fiam.me", true */ 'f', 'i', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "fiareapp.red", false */ 'f', 'i', 'a', 'r', 'e', 'a', 'p', 'p', '.', 'r', 'e', 'd', '\0',
+  /* "fibrasynormasdecolombia.com", true */ 'f', 'i', 'b', 'r', 'a', 's', 'y', 'n', 'o', 'r', 'm', 'a', 's', 'd', 'e', 'c', 'o', 'l', 'o', 'm', 'b', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fickweiler.nl", true */ 'f', 'i', 'c', 'k', 'w', 'e', 'i', 'l', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "ficlab.com", true */ 'f', 'i', 'c', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "ficus.io", true */ 'f', 'i', 'c', 'u', 's', '.', 'i', 'o', '\0',
+  /* "fid-elite.ch", true */ 'f', 'i', 'd', '-', 'e', 'l', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "fid.to", true */ 'f', 'i', 'd', '.', 't', 'o', '\0',
+  /* "fidanza.eu", true */ 'f', 'i', 'd', 'a', 'n', 'z', 'a', '.', 'e', 'u', '\0',
+  /* "fidel.uk", true */ 'f', 'i', 'd', 'e', 'l', '.', 'u', 'k', '\0',
+  /* "fidelapp.com", true */ 'f', 'i', 'd', 'e', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "fidelis-it.ch", true */ 'f', 'i', 'd', 'e', 'l', 'i', 's', '-', 'i', 't', '.', 'c', 'h', '\0',
+  /* "fidelis-it.net", true */ 'f', 'i', 'd', 'e', 'l', 'i', 's', '-', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "fidhouriet.ch", true */ 'f', 'i', 'd', 'h', 'o', 'u', 'r', 'i', 'e', 't', '.', 'c', 'h', '\0',
+  /* "fiduciaire-ratio.ch", true */ 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'i', 'r', 'e', '-', 'r', 'a', 't', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "fieldclockapp.com", true */ 'f', 'i', 'e', 'l', 'd', 'c', 'l', 'o', 'c', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "fieldtalk.co.uk", false */ 'f', 'i', 'e', 'l', 'd', 't', 'a', 'l', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fieldwork-paysage.com", true */ 'f', 'i', 'e', 'l', 'd', 'w', 'o', 'r', 'k', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fierlafijn.net", true */ 'f', 'i', 'e', 'r', 'l', 'a', 'f', 'i', 'j', 'n', '.', 'n', 'e', 't', '\0',
+  /* "fifichachnil.paris", true */ 'f', 'i', 'f', 'i', 'c', 'h', 'a', 'c', 'h', 'n', 'i', 'l', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "fiftynorth.eu", true */ 'f', 'i', 'f', 't', 'y', 'n', 'o', 'r', 't', 'h', '.', 'e', 'u', '\0',
+  /* "fiftyonetielt.be", true */ 'f', 'i', 'f', 't', 'y', 'o', 'n', 'e', 't', 'i', 'e', 'l', 't', '.', 'b', 'e', '\0',
+  /* "figan.cz", true */ 'f', 'i', 'g', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "fight215.com", true */ 'f', 'i', 'g', 'h', 't', '2', '1', '5', '.', 'c', 'o', 'm', '\0',
+  /* "fight215.org", true */ 'f', 'i', 'g', 'h', 't', '2', '1', '5', '.', 'o', 'r', 'g', '\0',
+  /* "figinstitute.org", true */ 'f', 'i', 'g', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "figshare.com", true */ 'f', 'i', 'g', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "figura.cz", true */ 'f', 'i', 'g', 'u', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "figura.im", true */ 'f', 'i', 'g', 'u', 'r', 'a', '.', 'i', 'm', '\0',
+  /* "figurasdelinguagem.com.br", true */ 'f', 'i', 'g', 'u', 'r', 'a', 's', 'd', 'e', 'l', 'i', 'n', 'g', 'u', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fiilr.com", true */ 'f', 'i', 'i', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fiix.io", true */ 'f', 'i', 'i', 'x', '.', 'i', 'o', '\0',
+  /* "fiken.no", true */ 'f', 'i', 'k', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "file-cloud.eu", true */ 'f', 'i', 'l', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'e', 'u', '\0',
+  /* "file-pdf.it", true */ 'f', 'i', 'l', 'e', '-', 'p', 'd', 'f', '.', 'i', 't', '\0',
+  /* "filebox.space", true */ 'f', 'i', 'l', 'e', 'b', 'o', 'x', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "filecopa.com", true */ 'f', 'i', 'l', 'e', 'c', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "filedir.com", false */ 'f', 'i', 'l', 'e', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "filesense.com", true */ 'f', 'i', 'l', 'e', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "filestar.io", true */ 'f', 'i', 'l', 'e', 's', 't', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "filewall.de", true */ 'f', 'i', 'l', 'e', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "filhin.es", true */ 'f', 'i', 'l', 'h', 'i', 'n', '.', 'e', 's', '\0',
+  /* "filhodohomem.com", true */ 'f', 'i', 'l', 'h', 'o', 'd', 'o', 'h', 'o', 'm', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "filhomes.ph", true */ 'f', 'i', 'l', 'h', 'o', 'm', 'e', 's', '.', 'p', 'h', '\0',
+  /* "fili.org", true */ 'f', 'i', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "filingsmadeeasy.com", true */ 'f', 'i', 'l', 'i', 'n', 'g', 's', 'm', 'a', 'd', 'e', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "filip-prochazka.com", true */ 'f', 'i', 'l', 'i', 'p', '-', 'p', 'r', 'o', 'c', 'h', 'a', 'z', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "filippo.io", true */ 'f', 'i', 'l', 'i', 'p', 'p', 'o', '.', 'i', 'o', '\0',
+  /* "filipsebesta.com", true */ 'f', 'i', 'l', 'i', 'p', 's', 'e', 'b', 'e', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "filleritemsindia.com", true */ 'f', 'i', 'l', 'l', 'e', 'r', 'i', 't', 'e', 'm', 's', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fillitupchallenge.eu", true */ 'f', 'i', 'l', 'l', 'i', 't', 'u', 'p', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'e', 'u', '\0',
+  /* "fillmysuitca.se", true */ 'f', 'i', 'l', 'l', 'm', 'y', 's', 'u', 'i', 't', 'c', 'a', '.', 's', 'e', '\0',
+  /* "fillo.sk", true */ 'f', 'i', 'l', 'l', 'o', '.', 's', 'k', '\0',
+  /* "film-tutorial.com", true */ 'f', 'i', 'l', 'm', '-', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "film.photography", true */ 'f', 'i', 'l', 'm', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "film.photos", true */ 'f', 'i', 'l', 'm', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "filmatiporno.xxx", true */ 'f', 'i', 'l', 'm', 'a', 't', 'i', 'p', 'o', 'r', 'n', 'o', '.', 'x', 'x', 'x', '\0',
+  /* "filme-online.eu.com", true */ 'f', 'i', 'l', 'm', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "filme-onlines.com", true */ 'f', 'i', 'l', 'm', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "filmreviewonline.com", true */ 'f', 'i', 'l', 'm', 'r', 'e', 'v', 'i', 'e', 'w', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "filmserver.de", true */ 'f', 'i', 'l', 'm', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "filoo.de", true */ 'f', 'i', 'l', 'o', 'o', '.', 'd', 'e', '\0',
+  /* "filterflasche-kaufen.de", true */ 'f', 'i', 'l', 't', 'e', 'r', 'f', 'l', 'a', 's', 'c', 'h', 'e', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "filterlists.com", true */ 'f', 'i', 'l', 't', 'e', 'r', 'l', 'i', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "finalx.nl", false */ 'f', 'i', 'n', 'a', 'l', 'x', '.', 'n', 'l', '\0',
+  /* "financejobs.ch", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'e', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "financier.io", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "financniexperti.sk", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'n', 'i', 'e', 'x', 'p', 'e', 'r', 't', 'i', '.', 's', 'k', '\0',
+  /* "finch.am", true */ 'f', 'i', 'n', 'c', 'h', '.', 'a', 'm', '\0',
+  /* "find-job-in.com", true */ 'f', 'i', 'n', 'd', '-', 'j', 'o', 'b', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "find-mba.com", true */ 'f', 'i', 'n', 'd', '-', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "findhoustonseniorcare.com", true */ 'f', 'i', 'n', 'd', 'h', 'o', 'u', 's', 't', 'o', 'n', 's', 'e', 'n', 'i', 'o', 'r', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "findingkorea.com", true */ 'f', 'i', 'n', 'd', 'i', 'n', 'g', 'k', 'o', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "finditez.com", true */ 'f', 'i', 'n', 'd', 'i', 't', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "findthatnude.com", true */ 'f', 'i', 'n', 'd', 't', 'h', 'a', 't', 'n', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "findthere.net", true */ 'f', 'i', 'n', 'd', 't', 'h', 'e', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "findyour.diet", true */ 'f', 'i', 'n', 'd', 'y', 'o', 'u', 'r', '.', 'd', 'i', 'e', 't', '\0',
+  /* "findyourvoice.ca", true */ 'f', 'i', 'n', 'd', 'y', 'o', 'u', 'r', 'v', 'o', 'i', 'c', 'e', '.', 'c', 'a', '\0',
+  /* "fine-services.paris", true */ 'f', 'i', 'n', 'e', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "finelovedolls.com", true */ 'f', 'i', 'n', 'e', 'l', 'o', 'v', 'e', 'd', 'o', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "finenet.com.tw", true */ 'f', 'i', 'n', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "finer04.pw", true */ 'f', 'i', 'n', 'e', 'r', '0', '4', '.', 'p', 'w', '\0',
+  /* "finewineonline.com", true */ 'f', 'i', 'n', 'e', 'w', 'i', 'n', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "finfev.de", true */ 'f', 'i', 'n', 'f', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "finflix.net", true */ 'f', 'i', 'n', 'f', 'l', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "finform.ch", true */ 'f', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "fini-de-jouer.ch", true */ 'f', 'i', 'n', 'i', '-', 'd', 'e', '-', 'j', 'o', 'u', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "finisron.in", true */ 'f', 'i', 'n', 'i', 's', 'r', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "finkelstein.fr", true */ 'f', 'i', 'n', 'k', 'e', 'l', 's', 't', 'e', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "finkenberger.org", false */ 'f', 'i', 'n', 'k', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "finn.io", true */ 'f', 'i', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "finnclass.cz", true */ 'f', 'i', 'n', 'n', 'c', 'l', 'a', 's', 's', '.', 'c', 'z', '\0',
+  /* "finneas.net", true */ 'f', 'i', 'n', 'n', 'e', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "finsprings.org", true */ 'f', 'i', 'n', 's', 'p', 'r', 'i', 'n', 'g', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fintandunleavy.com", true */ 'f', 'i', 'n', 't', 'a', 'n', 'd', 'u', 'n', 'l', 'e', 'a', 'v', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "finvantage.com", true */ 'f', 'i', 'n', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fionamcbride.com", true */ 'f', 'i', 'o', 'n', 'a', 'm', 'c', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fiork.com", true */ 'f', 'i', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fioulmarket.fr", true */ 'f', 'i', 'o', 'u', 'l', 'm', 'a', 'r', 'k', 'e', 't', '.', 'f', 'r', '\0',
+  /* "fire-wolf.com", true */ 'f', 'i', 'r', 'e', '-', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "fireandelectrical.co.uk", true */ 'f', 'i', 'r', 'e', 'a', 'n', 'd', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "firebaseio.com", true */ 'f', 'i', 'r', 'e', 'b', 'a', 's', 'e', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "firebirdrangecookers.com", true */ 'f', 'i', 'r', 'e', 'b', 'i', 'r', 'd', 'r', 'a', 'n', 'g', 'e', 'c', 'o', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "firebounty.com", true */ 'f', 'i', 'r', 'e', 'b', 'o', 'u', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fireboxfood.com", true */ 'f', 'i', 'r', 'e', 'b', 'o', 'x', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "firebugmusic.com", true */ 'f', 'i', 'r', 'e', 'b', 'u', 'g', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "firecore.com", true */ 'f', 'i', 'r', 'e', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "firecry.org", true */ 'f', 'i', 'r', 'e', 'c', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "firefart.at", true */ 'f', 'i', 'r', 'e', 'f', 'a', 'r', 't', '.', 'a', 't', '\0',
+  /* "firefighters.dating", true */ 'f', 'i', 'r', 'e', 'f', 'i', 'g', 'h', 't', 'e', 'r', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "firegoby.jp", true */ 'f', 'i', 'r', 'e', 'g', 'o', 'b', 'y', '.', 'j', 'p', '\0',
+  /* "firehost.com", true */ 'f', 'i', 'r', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "fireportal.cz", true */ 'f', 'i', 'r', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'z', '\0',
+  /* "firesofheaven.org", true */ 'f', 'i', 'r', 'e', 's', 'o', 'f', 'h', 'e', 'a', 'v', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "firetotheprisons.org", true */ 'f', 'i', 'r', 'e', 't', 'o', 't', 'h', 'e', 'p', 'r', 'i', 's', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "firevap.org", true */ 'f', 'i', 'r', 'e', 'v', 'a', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "firewallconsultants.com", true */ 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fireworksshowvr.com", true */ 'f', 'i', 'r', 'e', 'w', 'o', 'r', 'k', 's', 's', 'h', 'o', 'w', 'v', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "firma-cerny.cz", true */ 'f', 'i', 'r', 'm', 'a', '-', 'c', 'e', 'r', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "firma-offshore.com", true */ 'f', 'i', 'r', 'm', 'a', '-', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "firmale.com", true */ 'f', 'i', 'r', 'm', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "firmapi.com", true */ 'f', 'i', 'r', 'm', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "first-house.no", true */ 'f', 'i', 'r', 's', 't', '-', 'h', 'o', 'u', 's', 'e', '.', 'n', 'o', '\0',
+  /* "first-time-offender.com", true */ 'f', 'i', 'r', 's', 't', '-', 't', 'i', 'm', 'e', '-', 'o', 'f', 'f', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "first.org", true */ 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "first4it.com", true */ 'f', 'i', 'r', 's', 't', '4', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "firstchoicebouncycastlehire.co.uk", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "firstchoicecandy.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'c', 'a', 'n', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "firstchoicepool.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "firstclasscastles.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'l', 'a', 's', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "firstclassleisure.co.uk", true */ 'f', 'i', 'r', 's', 't', 'c', 'l', 'a', 's', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "firstderm.com", true */ 'f', 'i', 'r', 's', 't', 'd', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "firstfinca.de", true */ 'f', 'i', 'r', 's', 't', 'f', 'i', 'n', 'c', 'a', '.', 'd', 'e', '\0',
+  /* "firstmall.de", true */ 'f', 'i', 'r', 's', 't', 'm', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "firstq.xyz", true */ 'f', 'i', 'r', 's', 't', 'q', '.', 'x', 'y', 'z', '\0',
+  /* "fischer-its.com", false */ 'f', 'i', 's', 'c', 'h', 'e', 'r', '-', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fischer-kundendienst.de", true */ 'f', 'i', 's', 'c', 'h', 'e', 'r', '-', 'k', 'u', 'n', 'd', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '.', 'd', 'e', '\0',
+  /* "fischers.cc", true */ 'f', 'i', 's', 'c', 'h', 'e', 'r', 's', '.', 'c', 'c', '\0',
+  /* "fiscoeconti.it", true */ 'f', 'i', 's', 'c', 'o', 'e', 'c', 'o', 'n', 't', 'i', '.', 'i', 't', '\0',
+  /* "fish-hook.ru", true */ 'f', 'i', 's', 'h', '-', 'h', 'o', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "fish2.me", true */ 'f', 'i', 's', 'h', '2', '.', 'm', 'e', '\0',
+  /* "fishbattle.io", true */ 'f', 'i', 's', 'h', 'b', 'a', 't', 't', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "fishbattle.net", true */ 'f', 'i', 's', 'h', 'b', 'a', 't', 't', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fishermailbox.net", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "fishermansbend.apartments", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0',
+  /* "fishermansbendcorporation.com.au", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fishermansbendtownhouses.com.au", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fishserver.net", true */ 'f', 'i', 's', 'h', 's', 'e', 'r', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "fishtacos.blog", true */ 'f', 'i', 's', 'h', 't', 'a', 'c', 'o', 's', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "fistu.la", true */ 'f', 'i', 's', 't', 'u', '.', 'l', 'a', '\0',
+  /* "fit-4u.ch", true */ 'f', 'i', 't', '-', '4', 'u', '.', 'c', 'h', '\0',
+  /* "fit365.jp", true */ 'f', 'i', 't', '3', '6', '5', '.', 'j', 'p', '\0',
+  /* "fitchannel.com", true */ 'f', 'i', 't', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fitkram.cz", true */ 'f', 'i', 't', 'k', 'r', 'a', 'm', '.', 'c', 'z', '\0',
+  /* "fitness-challenge.co.uk", true */ 'f', 'i', 't', 'n', 'e', 's', 's', '-', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fitness.gov", true */ 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'g', 'o', 'v', '\0',
+  /* "fitseven.ru", true */ 'f', 'i', 't', 's', 'e', 'v', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "fittelo.cz", true */ 'f', 'i', 't', 't', 'e', 'l', 'o', '.', 'c', 'z', '\0',
+  /* "fitzsim.org", true */ 'f', 'i', 't', 'z', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "fiuxy.bz", true */ 'f', 'i', 'u', 'x', 'y', '.', 'b', 'z', '\0',
+  /* "fiuxy.co", true */ 'f', 'i', 'u', 'x', 'y', '.', 'c', 'o', '\0',
+  /* "fiws.net", true */ 'f', 'i', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "fixate.ru", true */ 'f', 'i', 'x', 'a', 't', 'e', '.', 'r', 'u', '\0',
+  /* "fixatom.com", true */ 'f', 'i', 'x', 'a', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "fixeaide.com", true */ 'f', 'i', 'x', 'e', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fixeaider.com", true */ 'f', 'i', 'x', 'e', 'a', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fixel.express", true */ 'f', 'i', 'x', 'e', 'l', '.', 'e', 'x', 'p', 'r', 'e', 's', 's', '\0',
+  /* "fixforce.nl", true */ 'f', 'i', 'x', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "fixhotsauce.com", true */ 'f', 'i', 'x', 'h', 'o', 't', 's', 'a', 'u', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fixmyalarmpanel.co.uk", true */ 'f', 'i', 'x', 'm', 'y', 'a', 'l', 'a', 'r', 'm', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fixmycomputerdude.com", true */ 'f', 'i', 'x', 'm', 'y', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'd', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fixvoltage.ru", true */ 'f', 'i', 'x', 'v', 'o', 'l', 't', 'a', 'g', 'e', '.', 'r', 'u', '\0',
+  /* "fizz.buzz", false */ 'f', 'i', 'z', 'z', '.', 'b', 'u', 'z', 'z', '\0',
+  /* "fj.search.yahoo.com", false */ 'f', 'j', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fj.simple.com", false */ 'f', 'j', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fjharcu.com", true */ 'f', 'j', 'h', 'a', 'r', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "fjugstad.com", true */ 'f', 'j', 'u', 'g', 's', 't', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fkcdn.de", true */ 'f', 'k', 'c', 'd', 'n', '.', 'd', 'e', '\0',
+  /* "fkfev.de", true */ 'f', 'k', 'f', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "fktpm.ru", true */ 'f', 'k', 't', 'p', 'm', '.', 'r', 'u', '\0',
+  /* "flaemig42.de", true */ 'f', 'l', 'a', 'e', 'm', 'i', 'g', '4', '2', '.', 'd', 'e', '\0',
+  /* "flagburningworld.com", true */ 'f', 'l', 'a', 'g', 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flagfic.com", true */ 'f', 'l', 'a', 'g', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "flagshop.jp", true */ 'f', 'l', 'a', 'g', 's', 'h', 'o', 'p', '.', 'j', 'p', '\0',
+  /* "flagspot.net", false */ 'f', 'l', 'a', 'g', 's', 'p', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "flair.co", true */ 'f', 'l', 'a', 'i', 'r', '.', 'c', 'o', '\0',
+  /* "flam.io", true */ 'f', 'l', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "flamer-scene.com", false */ 'f', 'l', 'a', 'm', 'e', 'r', '-', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "flamingcow.tv", true */ 'f', 'l', 'a', 'm', 'i', 'n', 'g', 'c', 'o', 'w', '.', 't', 'v', '\0',
+  /* "flamingkeys.com", true */ 'f', 'l', 'a', 'm', 'i', 'n', 'g', 'k', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flamme-von-anor.de", true */ 'f', 'l', 'a', 'm', 'm', 'e', '-', 'v', 'o', 'n', '-', 'a', 'n', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "flana.com", true */ 'f', 'l', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "flanga.io", true */ 'f', 'l', 'a', 'n', 'g', 'a', '.', 'i', 'o', '\0',
+  /* "flapoverspeed.com", true */ 'f', 'l', 'a', 'p', 'o', 'v', 'e', 'r', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flaretechnologies.io", true */ 'f', 'l', 'a', 'r', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'i', 'o', '\0',
+  /* "flashback.org", true */ 'f', 'l', 'a', 's', 'h', 'b', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "flashgot.net", true */ 'f', 'l', 'a', 's', 'h', 'g', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "flat.io", true */ 'f', 'l', 'a', 't', '.', 'i', 'o', '\0',
+  /* "flatmatehub.com.au", true */ 'f', 'l', 'a', 't', 'm', 'a', 't', 'e', 'h', 'u', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "flatpackmates.co.uk", true */ 'f', 'l', 'a', 't', 'p', 'a', 'c', 'k', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "flauschig.net", true */ 'f', 'l', 'a', 'u', 's', 'c', 'h', 'i', 'g', '.', 'n', 'e', 't', '\0',
+  /* "flavr.be", true */ 'f', 'l', 'a', 'v', 'r', '.', 'b', 'e', '\0',
+  /* "flawlesscowboy.xyz", true */ 'f', 'l', 'a', 'w', 'l', 'e', 's', 's', 'c', 'o', 'w', 'b', 'o', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "fleamarketgoods.com", true */ 'f', 'l', 'e', 'a', 'm', 'a', 'r', 'k', 'e', 't', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fleep.io", true */ 'f', 'l', 'e', 'e', 'p', '.', 'i', 'o', '\0',
+  /* "fleetssl.com", true */ 'f', 'l', 'e', 'e', 't', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "flehm.de", true */ 'f', 'l', 'e', 'h', 'm', '.', 'd', 'e', '\0',
+  /* "fleisch.club", true */ 'f', 'l', 'e', 'i', 's', 'c', 'h', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "flemingtonaudiparts.com", true */ 'f', 'l', 'e', 'm', 'i', 'n', 'g', 't', 'o', 'n', 'a', 'u', 'd', 'i', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fletchto99.com", true */ 'f', 'l', 'e', 't', 'c', 'h', 't', 'o', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "flets-ms.com", true */ 'f', 'l', 'e', 't', 's', '-', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fleurette.me", true */ 'f', 'l', 'e', 'u', 'r', 'e', 't', 't', 'e', '.', 'm', 'e', '\0',
+  /* "fleursdesoleil.fr", true */ 'f', 'l', 'e', 'u', 'r', 's', 'd', 'e', 's', 'o', 'l', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "flexapplications.se", true */ 'f', 'l', 'e', 'x', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 's', 'e', '\0',
+  /* "flexdrukker.nl", true */ 'f', 'l', 'e', 'x', 'd', 'r', 'u', 'k', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "fleximus.org", false */ 'f', 'l', 'e', 'x', 'i', 'm', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "flexinvesting.fi", true */ 'f', 'l', 'e', 'x', 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', '.', 'f', 'i', '\0',
+  /* "flexport.com", true */ 'f', 'l', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "flexstart.me", true */ 'f', 'l', 'e', 'x', 's', 't', 'a', 'r', 't', '.', 'm', 'e', '\0',
+  /* "flextrack.dk", true */ 'f', 'l', 'e', 'x', 't', 'r', 'a', 'c', 'k', '.', 'd', 'k', '\0',
+  /* "fliacuello.com.ar", true */ 'f', 'l', 'i', 'a', 'c', 'u', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "flightdeckfriend.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 'd', 'e', 'c', 'k', 'f', 'r', 'i', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flightmedx.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 'm', 'e', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "flightschoolbooking.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 's', 'c', 'h', 'o', 'o', 'l', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "flightschoolcandidates.gov", true */ 'f', 'l', 'i', 'g', 'h', 't', 's', 'c', 'h', 'o', 'o', 'l', 'c', 'a', 'n', 'd', 'i', 'd', 'a', 't', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "flightzero.cf", true */ 'f', 'l', 'i', 'g', 'h', 't', 'z', 'e', 'r', 'o', '.', 'c', 'f', '\0',
+  /* "fliino.com", true */ 'f', 'l', 'i', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "flikmsg.co", true */ 'f', 'l', 'i', 'k', 'm', 's', 'g', '.', 'c', 'o', '\0',
+  /* "flinch.io", true */ 'f', 'l', 'i', 'n', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "fling.dating", true */ 'f', 'l', 'i', 'n', 'g', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "flipagram.com", false */ 'f', 'l', 'i', 'p', 'a', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "flipneus.net", true */ 'f', 'l', 'i', 'p', 'n', 'e', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "fliptable.org", true */ 'f', 'l', 'i', 'p', 't', 'a', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "flirt-norden.de", true */ 'f', 'l', 'i', 'r', 't', '-', 'n', 'o', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "flirtfaces.de", true */ 'f', 'l', 'i', 'r', 't', 'f', 'a', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "floaternet.com", true */ 'f', 'l', 'o', 'a', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "flocktofedora.org", true */ 'f', 'l', 'o', 'c', 'k', 't', 'o', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "floffi.media", true */ 'f', 'l', 'o', 'f', 'f', 'i', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "flokinet.is", true */ 'f', 'l', 'o', 'k', 'i', 'n', 'e', 't', '.', 'i', 's', '\0',
+  /* "floobits.com", true */ 'f', 'l', 'o', 'o', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flood.io", true */ 'f', 'l', 'o', 'o', 'd', '.', 'i', 'o', '\0',
+  /* "flooringnightmares.com", true */ 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', 'n', 'i', 'g', 'h', 't', 'm', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "floort.net", false */ 'f', 'l', 'o', 'o', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "flopix.net", false */ 'f', 'l', 'o', 'p', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "flopy.club", true */ 'f', 'l', 'o', 'p', 'y', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "florence.uk.net", true */ 'f', 'l', 'o', 'r', 'e', 'n', 'c', 'e', '.', 'u', 'k', '.', 'n', 'e', 't', '\0',
+  /* "florent-tatard.fr", true */ 'f', 'l', 'o', 'r', 'e', 'n', 't', '-', 't', 'a', 't', 'a', 'r', 'd', '.', 'f', 'r', '\0',
+  /* "florentynadawn.co.uk", true */ 'f', 'l', 'o', 'r', 'e', 'n', 't', 'y', 'n', 'a', 'd', 'a', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "florian-bachelet.fr", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 'b', 'a', 'c', 'h', 'e', 'l', 'e', 't', '.', 'f', 'r', '\0',
+  /* "florian-schlachter.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "florian-thie.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 't', 'h', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "floriankarmen.com", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'k', 'a', 'r', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "floriankeller.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "florianmitrea.uk", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'm', 'i', 't', 'r', 'e', 'a', '.', 'u', 'k', '\0',
+  /* "florianschmitt.ca", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 's', 'c', 'h', 'm', 'i', 't', 't', '.', 'c', 'a', '\0',
+  /* "floriantanner.ch", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 't', 'a', 'n', 'n', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "florida-prep.org", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', '-', 'p', 'r', 'e', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "floridaderi.ru", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'd', 'e', 'r', 'i', '.', 'r', 'u', '\0',
+  /* "floridafieros.org", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'f', 'i', 'e', 'r', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "floridahomesinvest.com", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'h', 'o', 'm', 'e', 's', 'i', 'n', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "florinapp.com", true */ 'f', 'l', 'o', 'r', 'i', 'n', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "florinlungu.it", true */ 'f', 'l', 'o', 'r', 'i', 'n', 'l', 'u', 'n', 'g', 'u', '.', 'i', 't', '\0',
+  /* "florismoo.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'm', 'o', 'o', '.', 'n', 'l', '\0',
+  /* "florismouwen.com", false */ 'f', 'l', 'o', 'r', 'i', 's', 'm', 'o', 'u', 'w', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "florispoort.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'p', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "florisvdk.net", true */ 'f', 'l', 'o', 'r', 'i', 's', 'v', 'd', 'k', '.', 'n', 'e', 't', '\0',
+  /* "floriswesterman.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'w', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "flosch.at", false */ 'f', 'l', 'o', 's', 'c', 'h', '.', 'a', 't', '\0',
+  /* "floseed.fr", true */ 'f', 'l', 'o', 's', 'e', 'e', 'd', '.', 'f', 'r', '\0',
+  /* "floskelwolke.de", true */ 'f', 'l', 'o', 's', 'k', 'e', 'l', 'w', 'o', 'l', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "floth.at", true */ 'f', 'l', 'o', 't', 'h', '.', 'a', 't', '\0',
+  /* "flowcom.de", true */ 'f', 'l', 'o', 'w', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "flowerandplant.org", true */ 'f', 'l', 'o', 'w', 'e', 'r', 'a', 'n', 'd', 'p', 'l', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "flowersbylegacy.com", true */ 'f', 'l', 'o', 'w', 'e', 'r', 's', 'b', 'y', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "flowreader.com", true */ 'f', 'l', 'o', 'w', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "flox.io", true */ 'f', 'l', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "floydm.com", true */ 'f', 'l', 'o', 'y', 'd', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "flra.gov", true */ 'f', 'l', 'r', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "flucky.xyz", true */ 'f', 'l', 'u', 'c', 'k', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "flucto.com", true */ 'f', 'l', 'u', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "flue-ducting.co.uk", true */ 'f', 'l', 'u', 'e', '-', 'd', 'u', 'c', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fluffycloud.de", true */ 'f', 'l', 'u', 'f', 'f', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "fluidmeterusa.com", true */ 'f', 'l', 'u', 'i', 'd', 'm', 'e', 't', 'e', 'r', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "flumble.nl", true */ 'f', 'l', 'u', 'm', 'b', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "flunschi.goip.de", true */ 'f', 'l', 'u', 'n', 's', 'c', 'h', 'i', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "fluoxetine.net", true */ 'f', 'l', 'u', 'o', 'x', 'e', 't', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fluteandpianoteaching.co.uk", true */ 'f', 'l', 'u', 't', 'e', 'a', 'n', 'd', 'p', 'i', 'a', 'n', 'o', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "flux.by", true */ 'f', 'l', 'u', 'x', '.', 'b', 'y', '\0',
+  /* "fluxent.de", false */ 'f', 'l', 'u', 'x', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "fluxfingers.net", true */ 'f', 'l', 'u', 'x', 'f', 'i', 'n', 'g', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "fluxforge.com", true */ 'f', 'l', 'u', 'x', 'f', 'o', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fluxoid.com", true */ 'f', 'l', 'u', 'x', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flw365365.com", true */ 'f', 'l', 'w', '3', '6', '5', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "flyawayantennas.com", true */ 'f', 'l', 'y', 'a', 'w', 'a', 'y', 'a', 'n', 't', 'e', 'n', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flyboyfpv.com", true */ 'f', 'l', 'y', 'b', 'o', 'y', 'f', 'p', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "flybunnyfly.dk", true */ 'f', 'l', 'y', 'b', 'u', 'n', 'n', 'y', 'f', 'l', 'y', '.', 'd', 'k', '\0',
+  /* "flygon.pink", true */ 'f', 'l', 'y', 'g', 'o', 'n', '.', 'p', 'i', 'n', 'k', '\0',
+  /* "flyinglocksmiths.com", false */ 'f', 'l', 'y', 'i', 'n', 'g', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flyingpackets.net", true */ 'f', 'l', 'y', 'i', 'n', 'g', 'p', 'a', 'c', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "flyingrub.me", true */ 'f', 'l', 'y', 'i', 'n', 'g', 'r', 'u', 'b', '.', 'm', 'e', '\0',
+  /* "flymns.fr", true */ 'f', 'l', 'y', 'm', 'n', 's', '.', 'f', 'r', '\0',
+  /* "flynn.io", true */ 'f', 'l', 'y', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "flyp.me", true */ 'f', 'l', 'y', 'p', '.', 'm', 'e', '\0',
+  /* "flyserver.co.il", true */ 'f', 'l', 'y', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "flyspace.ga", true */ 'f', 'l', 'y', 's', 'p', 'a', 'c', 'e', '.', 'g', 'a', '\0',
+  /* "flyspace.ml", true */ 'f', 'l', 'y', 's', 'p', 'a', 'c', 'e', '.', 'm', 'l', '\0',
+  /* "flyss.net", true */ 'f', 'l', 'y', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "flyssh.net", true */ 'f', 'l', 'y', 's', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "flyt.online", true */ 'f', 'l', 'y', 't', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "flytoadventures.com", true */ 'f', 'l', 'y', 't', 'o', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fm-cdn.de", true */ 'f', 'm', '-', 'c', 'd', 'n', '.', 'd', 'e', '\0',
+  /* "fm.ie", true */ 'f', 'm', '.', 'i', 'e', '\0',
+  /* "fmapplication.com", true */ 'f', 'm', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fmarchal.fr", true */ 'f', 'm', 'a', 'r', 'c', 'h', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "fmdance.cl", true */ 'f', 'm', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'l', '\0',
+  /* "fmi.gov", true */ 'f', 'm', 'i', '.', 'g', 'o', 'v', '\0',
+  /* "fminsight.net", true */ 'f', 'm', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "fmodoux.biz", true */ 'f', 'm', 'o', 'd', 'o', 'u', 'x', '.', 'b', 'i', 'z', '\0',
+  /* "fmovies.fyi", true */ 'f', 'm', 'o', 'v', 'i', 'e', 's', '.', 'f', 'y', 'i', '\0',
+  /* "fmovies.life", true */ 'f', 'm', 'o', 'v', 'i', 'e', 's', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "fnb-griffinonline.com", true */ 'f', 'n', 'b', '-', 'g', 'r', 'i', 'f', 'f', 'i', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fndout.com", true */ 'f', 'n', 'd', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "fniephaus.com", false */ 'f', 'n', 'i', 'e', 'p', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fnof.ch", true */ 'f', 'n', 'o', 'f', '.', 'c', 'h', '\0',
+  /* "fnordserver.eu", true */ 'f', 'n', 'o', 'r', 'd', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "fnzc.co.nz", true */ 'f', 'n', 'z', 'c', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "foairbus.fr", true */ 'f', 'o', 'a', 'i', 'r', 'b', 'u', 's', '.', 'f', 'r', '\0',
+  /* "foairbussas.fr", true */ 'f', 'o', 'a', 'i', 'r', 'b', 'u', 's', 's', 'a', 's', '.', 'f', 'r', '\0',
+  /* "focanamoda.com.br", true */ 'f', 'o', 'c', 'a', 'n', 'a', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "focusmark.jp", false */ 'f', 'o', 'c', 'u', 's', 'm', 'a', 'r', 'k', '.', 'j', 'p', '\0',
+  /* "focusministries1.org", true */ 'f', 'o', 'c', 'u', 's', 'm', 'i', 'n', 'i', 's', 't', 'r', 'i', 'e', 's', '1', '.', 'o', 'r', 'g', '\0',
+  /* "foej-aktiv.de", true */ 'f', 'o', 'e', 'j', '-', 'a', 'k', 't', 'i', 'v', '.', 'd', 'e', '\0',
+  /* "foej.net", true */ 'f', 'o', 'e', 'j', '.', 'n', 'e', 't', '\0',
+  /* "foerster-kunststoff.de", true */ 'f', 'o', 'e', 'r', 's', 't', 'e', 'r', '-', 'k', 'u', 'n', 's', 't', 's', 't', 'o', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "fognini-depablo.eu", true */ 'f', 'o', 'g', 'n', 'i', 'n', 'i', '-', 'd', 'e', 'p', 'a', 'b', 'l', 'o', '.', 'e', 'u', '\0',
+  /* "foia.gov", true */ 'f', 'o', 'i', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "fojing.com", true */ 'f', 'o', 'j', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fokan.be", true */ 'f', 'o', 'k', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "fokkusu.fi", true */ 'f', 'o', 'k', 'k', 'u', 's', 'u', '.', 'f', 'i', '\0',
+  /* "fol.tf", true */ 'f', 'o', 'l', '.', 't', 'f', '\0',
+  /* "foliekonsulenten.dk", true */ 'f', 'o', 'l', 'i', 'e', 'k', 'o', 'n', 's', 'u', 'l', 'e', 'n', 't', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "foljeton.dk", true */ 'f', 'o', 'l', 'j', 'e', 't', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "folkadelic.de", true */ 'f', 'o', 'l', 'k', 'a', 'd', 'e', 'l', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "folkfests.org", true */ 'f', 'o', 'l', 'k', 'f', 'e', 's', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "follandviolins.com", true */ 'f', 'o', 'l', 'l', 'a', 'n', 'd', 'v', 'i', 'o', 'l', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "followerrocket.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', 'r', 'o', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "followersya.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', 's', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "followthatpage.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 't', 'h', 'a', 't', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "folv.es", true */ 'f', 'o', 'l', 'v', '.', 'e', 's', '\0',
+  /* "fondanastasia.ru", true */ 'f', 'o', 'n', 'd', 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "fondationwiggli.ch", true */ 'f', 'o', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'w', 'i', 'g', 'g', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "fondy.eu", true */ 'f', 'o', 'n', 'd', 'y', '.', 'e', 'u', '\0',
+  /* "fondy.ru", true */ 'f', 'o', 'n', 'd', 'y', '.', 'r', 'u', '\0',
+  /* "fondy.ua", true */ 'f', 'o', 'n', 'd', 'y', '.', 'u', 'a', '\0',
+  /* "foneo.com", true */ 'f', 'o', 'n', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fonga.ch", true */ 'f', 'o', 'n', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "fonolo.com", true */ 'f', 'o', 'n', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fonseguin.ca", true */ 'f', 'o', 'n', 's', 'e', 'g', 'u', 'i', 'n', '.', 'c', 'a', '\0',
+  /* "font-converter.net", true */ 'f', 'o', 'n', 't', '-', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "fontawesome.com", true */ 'f', 'o', 'n', 't', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fonte-trading.com", true */ 'f', 'o', 'n', 't', 'e', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fontein.de", true */ 'f', 'o', 'n', 't', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "fontlibrary.org", true */ 'f', 'o', 'n', 't', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "foo.fo", true */ 'f', 'o', 'o', '.', 'f', 'o', '\0',
+  /* "foo.hamburg", true */ 'f', 'o', 'o', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "foodacademy.capetown", true */ 'f', 'o', 'o', 'd', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'a', 'p', 'e', 't', 'o', 'w', 'n', '\0',
+  /* "foodattitude.ch", true */ 'f', 'o', 'o', 'd', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "foodblogger.club", true */ 'f', 'o', 'o', 'd', 'b', 'l', 'o', 'g', 'g', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "foodev.de", true */ 'f', 'o', 'o', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "foodsafety.gov", true */ 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "foodsafetyjobs.gov", true */ 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', 't', 'y', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "foodserve.in", true */ 'f', 'o', 'o', 'd', 's', 'e', 'r', 'v', 'e', '.', 'i', 'n', '\0',
+  /* "foodsouvenirs.it", true */ 'f', 'o', 'o', 'd', 's', 'o', 'u', 'v', 'e', 'n', 'i', 'r', 's', '.', 'i', 't', '\0',
+  /* "foodwise.marketing", true */ 'f', 'o', 'o', 'd', 'w', 'i', 's', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '\0',
+  /* "foolip.org", true */ 'f', 'o', 'o', 'l', 'i', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "foolwealth.com", true */ 'f', 'o', 'o', 'l', 'w', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "foorack.com", true */ 'f', 'o', 'o', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fooster.io", true */ 'f', 'o', 'o', 's', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "foot.fr", true */ 'f', 'o', 'o', 't', '.', 'f', 'r', '\0',
+  /* "footballforum.de", true */ 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "for.care", true */ 'f', 'o', 'r', '.', 'c', 'a', 'r', 'e', '\0',
+  /* "foray-jero.me", true */ 'f', 'o', 'r', 'a', 'y', '-', 'j', 'e', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "forbiddenhistory.info", true */ 'f', 'o', 'r', 'b', 'i', 'd', 'd', 'e', 'n', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "forbusiness.ca", true */ 'f', 'o', 'r', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'a', '\0',
+  /* "forces.army", true */ 'f', 'o', 'r', 'c', 'e', 's', '.', 'a', 'r', 'm', 'y', '\0',
+  /* "forcewave.com", true */ 'f', 'o', 'r', 'c', 'e', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ford-shop.by", true */ 'f', 'o', 'r', 'd', '-', 's', 'h', 'o', 'p', '.', 'b', 'y', '\0',
+  /* "foreachcode.com", true */ 'f', 'o', 'r', 'e', 'a', 'c', 'h', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "foreclosureattorneyhouston.com", true */ 'f', 'o', 'r', 'e', 'c', 'l', 'o', 's', 'u', 'r', 'e', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 'h', 'o', 'u', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "foregroundweb.com", true */ 'f', 'o', 'r', 'e', 'g', 'r', 'o', 'u', 'n', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "forellenpark.com", true */ 'f', 'o', 'r', 'e', 'l', 'l', 'e', 'n', 'p', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "forento.be", true */ 'f', 'o', 'r', 'e', 'n', 't', 'o', '.', 'b', 'e', '\0',
+  /* "forestraven.net", true */ 'f', 'o', 'r', 'e', 's', 't', 'r', 'a', 'v', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "foreverssl.com", true */ 'f', 'o', 'r', 'e', 'v', 'e', 'r', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "foreversummertime.com", true */ 'f', 'o', 'r', 'e', 'v', 'e', 'r', 's', 'u', 'm', 'm', 'e', 'r', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "forex.ee", true */ 'f', 'o', 'r', 'e', 'x', '.', 'e', 'e', '\0',
+  /* "forexchef.de", true */ 'f', 'o', 'r', 'e', 'x', 'c', 'h', 'e', 'f', '.', 'd', 'e', '\0',
+  /* "forexee.com", true */ 'f', 'o', 'r', 'e', 'x', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "forextimes.ru", false */ 'f', 'o', 'r', 'e', 'x', 't', 'i', 'm', 'e', 's', '.', 'r', 'u', '\0',
+  /* "forge-goerger.eu", true */ 'f', 'o', 'r', 'g', 'e', '-', 'g', 'o', 'e', 'r', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "forglemmigej.net", true */ 'f', 'o', 'r', 'g', 'l', 'e', 'm', 'm', 'i', 'g', 'e', 'j', '.', 'n', 'e', 't', '\0',
+  /* "forgotten-legends.org", true */ 'f', 'o', 'r', 'g', 'o', 't', 't', 'e', 'n', '-', 'l', 'e', 'g', 'e', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "formadmin.com", true */ 'f', 'o', 'r', 'm', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "formaliteo.com", true */ 'f', 'o', 'r', 'm', 'a', 'l', 'i', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "forman.store", true */ 'f', 'o', 'r', 'm', 'a', 'n', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "formapi.io", true */ 'f', 'o', 'r', 'm', 'a', 'p', 'i', '.', 'i', 'o', '\0',
+  /* "format-paysage.ch", true */ 'f', 'o', 'r', 'm', 'a', 't', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "formation-assureur.com", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '-', 'a', 's', 's', 'u', 'r', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "formation-mac.ch", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '-', 'm', 'a', 'c', '.', 'c', 'h', '\0',
+  /* "formationseeker.com", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', 'e', 'e', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "formbetter.com", true */ 'f', 'o', 'r', 'm', 'b', 'e', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "formini.dz", true */ 'f', 'o', 'r', 'm', 'i', 'n', 'i', '.', 'd', 'z', '\0',
+  /* "formkiq.com", true */ 'f', 'o', 'r', 'm', 'k', 'i', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "formula-ot.ru", true */ 'f', 'o', 'r', 'm', 'u', 'l', 'a', '-', 'o', 't', '.', 'r', 'u', '\0',
+  /* "fornoreason.net.au", true */ 'f', 'o', 'r', 'n', 'o', 'r', 'e', 'a', 's', 'o', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "foro.io", false */ 'f', 'o', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "forodeespanol.com", true */ 'f', 'o', 'r', 'o', 'd', 'e', 'e', 's', 'p', 'a', 'n', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "forologikidilosi.com.gr", true */ 'f', 'o', 'r', 'o', 'l', 'o', 'g', 'i', 'k', 'i', 'd', 'i', 'l', 'o', 's', 'i', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0',
+  /* "forourselves.com", true */ 'f', 'o', 'r', 'o', 'u', 'r', 's', 'e', 'l', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "forrestheller.com", true */ 'f', 'o', 'r', 'r', 'e', 's', 't', 'h', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "forro.info", true */ 'f', 'o', 'r', 'r', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "forsakringsarkivet.se", true */ 'f', 'o', 'r', 's', 'a', 'k', 'r', 'i', 'n', 'g', 's', 'a', 'r', 'k', 'i', 'v', 'e', 't', '.', 's', 'e', '\0',
+  /* "forsec.nl", true */ 'f', 'o', 'r', 's', 'e', 'c', '.', 'n', 'l', '\0',
+  /* "forstbetrieb-hennecke.de", true */ 'f', 'o', 'r', 's', 't', 'b', 'e', 't', 'r', 'i', 'e', 'b', '-', 'h', 'e', 'n', 'n', 'e', 'c', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "forstprodukte.de", true */ 'f', 'o', 'r', 's', 't', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'd', 'e', '\0',
+  /* "forteggz.nl", true */ 'f', 'o', 'r', 't', 'e', 'g', 'g', 'z', '.', 'n', 'l', '\0',
+  /* "fortesanshop.it", true */ 'f', 'o', 'r', 't', 'e', 's', 'a', 'n', 's', 'h', 'o', 'p', '.', 'i', 't', '\0',
+  /* "fortnine.ca", true */ 'f', 'o', 'r', 't', 'n', 'i', 'n', 'e', '.', 'c', 'a', '\0',
+  /* "fortran.io", true */ 'f', 'o', 'r', 't', 'r', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "fortress.no", true */ 'f', 'o', 'r', 't', 'r', 'e', 's', 's', '.', 'n', 'o', '\0',
+  /* "fortress.sk", true */ 'f', 'o', 'r', 't', 'r', 'e', 's', 's', '.', 's', 'k', '\0',
+  /* "fortricks.in", true */ 'f', 'o', 'r', 't', 'r', 'i', 'c', 'k', 's', '.', 'i', 'n', '\0',
+  /* "fortuna-s.com", true */ 'f', 'o', 'r', 't', 'u', 'n', 'a', '-', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fortworth.ch", true */ 'f', 'o', 'r', 't', 'w', 'o', 'r', 't', 'h', '.', 'c', 'h', '\0',
+  /* "forty-two.nl", true */ 'f', 'o', 'r', 't', 'y', '-', 't', 'w', 'o', '.', 'n', 'l', '\0',
+  /* "forty8creates.com", true */ 'f', 'o', 'r', 't', 'y', '8', 'c', 'r', 'e', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fortytwo.cloud", true */ 'f', 'o', 'r', 't', 'y', 't', 'w', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "forum-bonn.de", true */ 'f', 'o', 'r', 'u', 'm', '-', 'b', 'o', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "forum-kinozal-tv.appspot.com", true */ 'f', 'o', 'r', 'u', 'm', '-', 'k', 'i', 'n', 'o', 'z', 'a', 'l', '-', 't', 'v', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "forum-kinozal.appspot.com", true */ 'f', 'o', 'r', 'u', 'm', '-', 'k', 'i', 'n', 'o', 'z', 'a', 'l', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "forum.linode.com", false */ 'f', 'o', 'r', 'u', 'm', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "forum3.ru", true */ 'f', 'o', 'r', 'u', 'm', '3', '.', 'r', 'u', '\0',
+  /* "forumvoordemocratie.nl", true */ 'f', 'o', 'r', 'u', 'm', 'v', 'o', 'o', 'r', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "forvisualdesign.com", true */ 'f', 'o', 'r', 'v', 'i', 's', 'u', 'a', 'l', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "forward-fly-fishing.ch", true */ 'f', 'o', 'r', 'w', 'a', 'r', 'd', '-', 'f', 'l', 'y', '-', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "foryouandyourcustomers.com", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'a', 'n', 'd', 'y', 'o', 'u', 'r', 'c', 'u', 's', 't', 'o', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "foryoucosmeticos.com.br", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "foryourhealthybody.com", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'r', 'h', 'e', 'a', 'l', 't', 'h', 'y', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "foscamcanada.com", true */ 'f', 'o', 's', 'c', 'a', 'm', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fosdem.org", true */ 'f', 'o', 's', 'd', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "fossgruppen.se", true */ 'f', 'o', 's', 's', 'g', 'r', 'u', 'p', 'p', 'e', 'n', '.', 's', 'e', '\0',
+  /* "fossilfreeyale.org", true */ 'f', 'o', 's', 's', 'i', 'l', 'f', 'r', 'e', 'e', 'y', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fotella.com", true */ 'f', 'o', 't', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fotikpro.ru", true */ 'f', 'o', 't', 'i', 'k', 'p', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "foto-janvanaefst.nl", true */ 'f', 'o', 't', 'o', '-', 'j', 'a', 'n', 'v', 'a', 'n', 'a', 'e', 'f', 's', 't', '.', 'n', 'l', '\0',
+  /* "foto-leitner.com", true */ 'f', 'o', 't', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "foto-leitner.de", true */ 'f', 'o', 't', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "foto-robitsch.at", true */ 'f', 'o', 't', 'o', '-', 'r', 'o', 'b', 'i', 't', 's', 'c', 'h', '.', 'a', 't', '\0',
+  /* "foto-roma.ru", true */ 'f', 'o', 't', 'o', '-', 'r', 'o', 'm', 'a', '.', 'r', 'u', '\0',
+  /* "foto.by", true */ 'f', 'o', 't', 'o', '.', 'b', 'y', '\0',
+  /* "fotoallerlei.com", true */ 'f', 'o', 't', 'o', 'a', 'l', 'l', 'e', 'r', 'l', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fotografiadellalucerossa.com", true */ 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'a', 'd', 'e', 'l', 'l', 'a', 'l', 'u', 'c', 'e', 'r', 'o', 's', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fotohome.dk", true */ 'f', 'o', 't', 'o', 'h', 'o', 'm', 'e', '.', 'd', 'k', '\0',
+  /* "fotoleitner.com", true */ 'f', 'o', 't', 'o', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fotoleitner.de", true */ 'f', 'o', 't', 'o', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fotostravestisbr.com", true */ 'f', 'o', 't', 'o', 's', 't', 'r', 'a', 'v', 'e', 's', 't', 'i', 's', 'b', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fotostudio-leitner.com", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fotostudio-leitner.de", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fotostudio-schweiz.ch", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 's', 'c', 'h', 'w', 'e', 'i', 'z', '.', 'c', 'h', '\0',
+  /* "fotowettbewerb.co", true */ 'f', 'o', 't', 'o', 'w', 'e', 't', 't', 'b', 'e', 'w', 'e', 'r', 'b', '.', 'c', 'o', '\0',
+  /* "fotowolfy.com", true */ 'f', 'o', 't', 'o', 'w', 'o', 'l', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fougner.co", true */ 'f', 'o', 'u', 'g', 'n', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "found.website", true */ 'f', 'o', 'u', 'n', 'd', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "foundsounds.me", true */ 'f', 'o', 'u', 'n', 'd', 's', 'o', 'u', 'n', 'd', 's', '.', 'm', 'e', '\0',
+  /* "fourdesignstudio.com", true */ 'f', 'o', 'u', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fowlervwparts.com", true */ 'f', 'o', 'w', 'l', 'e', 'r', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "foxbnc.co.uk", true */ 'f', 'o', 'x', 'b', 'n', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "foxdev.co", true */ 'f', 'o', 'x', 'd', 'e', 'v', '.', 'c', 'o', '\0',
+  /* "foxes.no", true */ 'f', 'o', 'x', 'e', 's', '.', 'n', 'o', '\0',
+  /* "foxhound.com.br", true */ 'f', 'o', 'x', 'h', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "foxing.club", true */ 'f', 'o', 'x', 'i', 'n', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "foxmay.co.uk", true */ 'f', 'o', 'x', 'm', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "foxontheinter.net", true */ 'f', 'o', 'x', 'o', 'n', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "foxphotography.ch", true */ 'f', 'o', 'x', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "foxquill.com", true */ 'f', 'o', 'x', 'q', 'u', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "foxterrier.com.br", true */ 'f', 'o', 'x', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fpc.gov", true */ 'f', 'p', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "fpersona.com", true */ 'f', 'p', 'e', 'r', 's', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fpki.sh", true */ 'f', 'p', 'k', 'i', '.', 's', 'h', '\0',
+  /* "fptravelling.com", true */ 'f', 'p', 't', 'r', 'a', 'v', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fpy.cz", true */ 'f', 'p', 'y', '.', 'c', 'z', '\0',
+  /* "fr.search.yahoo.com", false */ 'f', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fr0zenbits.io", true */ 'f', 'r', '0', 'z', 'e', 'n', 'b', 'i', 't', 's', '.', 'i', 'o', '\0',
+  /* "fr33tux.org", true */ 'f', 'r', '3', '3', 't', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "frack.nl", true */ 'f', 'r', 'a', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "fraesentest.de", true */ 'f', 'r', 'a', 'e', 's', 'e', 'n', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "fragmentspuren.de", true */ 'f', 'r', 'a', 'g', 'm', 'e', 'n', 't', 's', 'p', 'u', 'r', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "fragstore.net", true */ 'f', 'r', 'a', 'g', 's', 't', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fraho.eu", true */ 'f', 'r', 'a', 'h', 'o', '.', 'e', 'u', '\0',
+  /* "framapiaf.org", true */ 'f', 'r', 'a', 'm', 'a', 'p', 'i', 'a', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "framedpaws.com", true */ 'f', 'r', 'a', 'm', 'e', 'd', 'p', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fran.cr", true */ 'f', 'r', 'a', 'n', '.', 'c', 'r', '\0',
+  /* "francesca-and-lucas.com", true */ 'f', 'r', 'a', 'n', 'c', 'e', 's', 'c', 'a', '-', 'a', 'n', 'd', '-', 'l', 'u', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "francescopalazzo.com", true */ 'f', 'r', 'a', 'n', 'c', 'e', 's', 'c', 'o', 'p', 'a', 'l', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "franchini.email", true */ 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "franchini.engineer", true */ 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '\0',
+  /* "francisli.net", true */ 'f', 'r', 'a', 'n', 'c', 'i', 's', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "franckgirard.net", true */ 'f', 'r', 'a', 'n', 'c', 'k', 'g', 'i', 'r', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "francois-occasions.be", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "francoiscarrier.com", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', 'c', 'a', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "francoislepage.com", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', 'l', 'e', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "francoz.me", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'z', '.', 'm', 'e', '\0',
+  /* "frandor.co.uk", true */ 'f', 'r', 'a', 'n', 'd', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "frank.fyi", true */ 'f', 'r', 'a', 'n', 'k', '.', 'f', 'y', 'i', '\0',
+  /* "franke-chemie.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', '-', 'c', 'h', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "franken-lehrmittel.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', 'n', '-', 'l', 'e', 'h', 'r', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "frankenlehrmittel.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', 'n', 'l', 'e', 'h', 'r', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "frankhaala.com", true */ 'f', 'r', 'a', 'n', 'k', 'h', 'a', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frankl.in", true */ 'f', 'r', 'a', 'n', 'k', 'l', '.', 'i', 'n', '\0',
+  /* "franklinhua.com", true */ 'f', 'r', 'a', 'n', 'k', 'l', 'i', 'n', 'h', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frankmorrow.com", true */ 'f', 'r', 'a', 'n', 'k', 'm', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "franksiler.com", true */ 'f', 'r', 'a', 'n', 'k', 's', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "frankwei.xyz", true */ 'f', 'r', 'a', 'n', 'k', 'w', 'e', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "frankyan.com", true */ 'f', 'r', 'a', 'n', 'k', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "frantic1048.com", true */ 'f', 'r', 'a', 'n', 't', 'i', 'c', '1', '0', '4', '8', '.', 'c', 'o', 'm', '\0',
+  /* "frantorregrosa.me", true */ 'f', 'r', 'a', 'n', 't', 'o', 'r', 'r', 'e', 'g', 'r', 'o', 's', 'a', '.', 'm', 'e', '\0',
+  /* "frappant.cc", false */ 'f', 'r', 'a', 'p', 'p', 'a', 'n', 't', '.', 'c', 'c', '\0',
+  /* "fraselab.ru", true */ 'f', 'r', 'a', 's', 'e', 'l', 'a', 'b', '.', 'r', 'u', '\0',
+  /* "frasesaniversarios.com.br", true */ 'f', 'r', 'a', 's', 'e', 's', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "frasesdodia.com", true */ 'f', 'r', 'a', 's', 'e', 's', 'd', 'o', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frasesparaface.com.br", true */ 'f', 'r', 'a', 's', 'e', 's', 'p', 'a', 'r', 'a', 'f', 'a', 'c', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "frasesytarjetas.com", true */ 'f', 'r', 'a', 's', 'e', 's', 'y', 't', 'a', 'r', 'j', 'e', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "frasys.cloud", true */ 'f', 'r', 'a', 's', 'y', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "frasys.net", true */ 'f', 'r', 'a', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "frattaroli.org", true */ 'f', 'r', 'a', 't', 't', 'a', 'r', 'o', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "frau-inge.de", true */ 'f', 'r', 'a', 'u', '-', 'i', 'n', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "frau-sucht-bauer.de", true */ 'f', 'r', 'a', 'u', '-', 's', 'u', 'c', 'h', 't', '-', 'b', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fraudmarc.com", true */ 'f', 'r', 'a', 'u', 'd', 'm', 'a', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "frauenarzt-zinke.de", true */ 'f', 'r', 'a', 'u', 'e', 'n', 'a', 'r', 'z', 't', '-', 'z', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "frauenlob.rocks", true */ 'f', 'r', 'a', 'u', 'e', 'n', 'l', 'o', 'b', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "fraurichter.net", true */ 'f', 'r', 'a', 'u', 'r', 'i', 'c', 'h', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "fraye.net", true */ 'f', 'r', 'a', 'y', 'e', '.', 'n', 'e', 't', '\0',
+  /* "frbracch.it", true */ 'f', 'r', 'b', 'r', 'a', 'c', 'c', 'h', '.', 'i', 't', '\0',
+  /* "frdl.ch", true */ 'f', 'r', 'd', 'l', '.', 'c', 'h', '\0',
+  /* "freaksites.dk", true */ 'f', 'r', 'e', 'a', 'k', 's', 'i', 't', 'e', 's', '.', 'd', 'k', '\0',
+  /* "frebi.org", true */ 'f', 'r', 'e', 'b', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "freddysfuncastles.co.uk", true */ 'f', 'r', 'e', 'd', 'd', 'y', 's', 'f', 'u', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "freddythechick.uk", true */ 'f', 'r', 'e', 'd', 'd', 'y', 't', 'h', 'e', 'c', 'h', 'i', 'c', 'k', '.', 'u', 'k', '\0',
+  /* "frederik-braun.com", true */ 'f', 'r', 'e', 'd', 'e', 'r', 'i', 'k', '-', 'b', 'r', 'a', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "frederikschoell.de", false */ 'f', 'r', 'e', 'd', 'e', 'r', 'i', 'k', 's', 'c', 'h', 'o', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "fredloya.com", true */ 'f', 'r', 'e', 'd', 'l', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fredriksslekt.se", true */ 'f', 'r', 'e', 'd', 'r', 'i', 'k', 's', 's', 'l', 'e', 'k', 't', '.', 's', 'e', '\0',
+  /* "fredvoyage.fr", true */ 'f', 'r', 'e', 'd', 'v', 'o', 'y', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "free-your-pc.com", true */ 'f', 'r', 'e', 'e', '-', 'y', 'o', 'u', 'r', '-', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "free.com.tw", true */ 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "free8.xyz", true */ 'f', 'r', 'e', 'e', '8', '.', 'x', 'y', 'z', '\0',
+  /* "freeasinlliure.org", true */ 'f', 'r', 'e', 'e', 'a', 's', 'i', 'n', 'l', 'l', 'i', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "freeassangenow.org", true */ 'f', 'r', 'e', 'e', 'a', 's', 's', 'a', 'n', 'g', 'e', 'n', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "freeasyshop.com", true */ 'f', 'r', 'e', 'e', 'a', 's', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "freebarrettbrown.org", true */ 'f', 'r', 'e', 'e', 'b', 'a', 'r', 'r', 'e', 't', 't', 'b', 'r', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "freeben666.fr", true */ 'f', 'r', 'e', 'e', 'b', 'e', 'n', '6', '6', '6', '.', 'f', 'r', '\0',
+  /* "freebetoffers.co.uk", true */ 'f', 'r', 'e', 'e', 'b', 'e', 't', 'o', 'f', 'f', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "freeblog.me", true */ 'f', 'r', 'e', 'e', 'b', 'l', 'o', 'g', '.', 'm', 'e', '\0',
+  /* "freebookmakerbets.com.au", true */ 'f', 'r', 'e', 'e', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "freebookmakersbetsandbonuses.com.au", true */ 'f', 'r', 'e', 'e', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', 'b', 'e', 't', 's', 'a', 'n', 'd', 'b', 'o', 'n', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "freebus.org", true */ 'f', 'r', 'e', 'e', 'b', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "freecam2cam.site", true */ 'f', 'r', 'e', 'e', 'c', 'a', 'm', '2', 'c', 'a', 'm', '.', 's', 'i', 't', 'e', '\0',
+  /* "freecloud.at", true */ 'f', 'r', 'e', 'e', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0',
+  /* "freedev.cz", true */ 'f', 'r', 'e', 'e', 'd', 'e', 'v', '.', 'c', 'z', '\0',
+  /* "freedom.press", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'p', 'r', 'e', 's', 's', '\0',
+  /* "freedomflotilla.org", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'f', 'l', 'o', 't', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "freedomfrontier.tk", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'f', 'r', 'o', 'n', 't', 'i', 'e', 'r', '.', 't', 'k', '\0',
+  /* "freedomkiaparts.com", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freedomonline.bg", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'b', 'g', '\0',
+  /* "freedomrealtyoftexas.com", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'r', 'e', 'a', 'l', 't', 'y', 'o', 'f', 't', 'e', 'x', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freedomvote.nl", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'v', 'o', 't', 'e', '.', 'n', 'l', '\0',
+  /* "freeexampapers.com", true */ 'f', 'r', 'e', 'e', 'e', 'x', 'a', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freeflightstoitaly.ngo", true */ 'f', 'r', 'e', 'e', 'f', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'i', 't', 'a', 'l', 'y', '.', 'n', 'g', 'o', '\0',
+  /* "freeform4u.de", true */ 'f', 'r', 'e', 'e', 'f', 'o', 'r', 'm', '4', 'u', '.', 'd', 'e', '\0',
+  /* "freegame-mugen.jp", true */ 'f', 'r', 'e', 'e', 'g', 'a', 'm', 'e', '-', 'm', 'u', 'g', 'e', 'n', '.', 'j', 'p', '\0',
+  /* "freegutters.com", true */ 'f', 'r', 'e', 'e', 'g', 'u', 't', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freeinoutboard.com", true */ 'f', 'r', 'e', 'e', 'i', 'n', 'o', 'u', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "freejasongoudlock.org", true */ 'f', 'r', 'e', 'e', 'j', 'a', 's', 'o', 'n', 'g', 'o', 'u', 'd', 'l', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "freejeremy.net", true */ 'f', 'r', 'e', 'e', 'j', 'e', 'r', 'e', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "freela.ch", true */ 'f', 'r', 'e', 'e', 'l', 'a', '.', 'c', 'h', '\0',
+  /* "freelance.boutique", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0',
+  /* "freelance.guide", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'g', 'u', 'i', 'd', 'e', '\0',
+  /* "freelance.nl", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "freelancehunt.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'h', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "freelanceshipping.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 's', 'h', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "freelandinnovation.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'd', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "freelauri.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "freelifer.jp", true */ 'f', 'r', 'e', 'e', 'l', 'i', 'f', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "freemanning.de", true */ 'f', 'r', 'e', 'e', 'm', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "freemans.com", true */ 'f', 'r', 'e', 'e', 'm', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freemedforms.com", true */ 'f', 'r', 'e', 'e', 'm', 'e', 'd', 'f', 'o', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freemyipod.org", true */ 'f', 'r', 'e', 'e', 'm', 'y', 'i', 'p', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "freend.me", false */ 'f', 'r', 'e', 'e', 'n', 'd', '.', 'm', 'e', '\0',
+  /* "freenetproject.org", true */ 'f', 'r', 'e', 'e', 'n', 'e', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "freeonplate.com", true */ 'f', 'r', 'e', 'e', 'o', 'n', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "freergform.org", true */ 'f', 'r', 'e', 'e', 'r', 'g', 'f', 'o', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "freeshell.de", true */ 'f', 'r', 'e', 'e', 's', 'h', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "freesitemapgenerator.com", true */ 'f', 'r', 'e', 'e', 's', 'i', 't', 'e', 'm', 'a', 'p', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "freeslots.guru", true */ 'f', 'r', 'e', 'e', 's', 'l', 'o', 't', 's', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "freesms-online.de", true */ 'f', 'r', 'e', 'e', 's', 'm', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "freesnowden.is", true */ 'f', 'r', 'e', 'e', 's', 'n', 'o', 'w', 'd', 'e', 'n', '.', 'i', 's', '\0',
+  /* "freesolitaire.win", true */ 'f', 'r', 'e', 'e', 's', 'o', 'l', 'i', 't', 'a', 'i', 'r', 'e', '.', 'w', 'i', 'n', '\0',
+  /* "freesounding.com", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "freesounding.ru", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "freesourcestl.org", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', 't', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "freespace.info", true */ 'f', 'r', 'e', 'e', 's', 'p', 'a', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "freethetv.ie", true */ 'f', 'r', 'e', 'e', 't', 'h', 'e', 't', 'v', '.', 'i', 'e', '\0',
+  /* "freetsa.org", true */ 'f', 'r', 'e', 'e', 't', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "freevps.us", true */ 'f', 'r', 'e', 'e', 'v', 'p', 's', '.', 'u', 's', '\0',
+  /* "freeweibo.com", true */ 'f', 'r', 'e', 'e', 'w', 'e', 'i', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "freeyourmusic.com", true */ 'f', 'r', 'e', 'e', 'y', 'o', 'u', 'r', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "freezion.com", true */ 'f', 'r', 'e', 'e', 'z', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "freifahrt.de", true */ 'f', 'r', 'e', 'i', 'f', 'a', 'h', 'r', 't', '.', 'd', 'e', '\0',
+  /* "freifamily.ch", true */ 'f', 'r', 'e', 'i', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "freifunk-burgaltendorf.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'b', 'u', 'r', 'g', 'a', 'l', 't', 'e', 'n', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "freifunk-essen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'e', 's', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freifunk-in-solingen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'i', 'n', '-', 's', 'o', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freifunk-lindlar.net", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'l', 'i', 'n', 'd', 'l', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "freifunk-luenen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'l', 'u', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freifunk-nrw.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'n', 'r', 'w', '.', 'd', 'e', '\0',
+  /* "freifunk-remscheid.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'r', 'e', 'm', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "freimeldungen.de", true */ 'f', 'r', 'e', 'i', 'm', 'e', 'l', 'd', 'u', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freims.cc", true */ 'f', 'r', 'e', 'i', 'm', 's', '.', 'c', 'c', '\0',
+  /* "freiwurst.net", true */ 'f', 'r', 'e', 'i', 'w', 'u', 'r', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "freizeitplaza.de", true */ 'f', 'r', 'e', 'i', 'z', 'e', 'i', 't', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "frenchcreekcog.org", true */ 'f', 'r', 'e', 'n', 'c', 'h', 'c', 'r', 'e', 'e', 'k', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "frenzel.dk", true */ 'f', 'r', 'e', 'n', 'z', 'e', 'l', '.', 'd', 'k', '\0',
+  /* "frequencebanane.ch", true */ 'f', 'r', 'e', 'q', 'u', 'e', 'n', 'c', 'e', 'b', 'a', 'n', 'a', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "fresh-hotel.org", true */ 'f', 'r', 'e', 's', 'h', '-', 'h', 'o', 't', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "fresh-networks.net", true */ 'f', 'r', 'e', 's', 'h', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "fresh.co.il", true */ 'f', 'r', 'e', 's', 'h', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "freshdesigns.de", true */ 'f', 'r', 'e', 's', 'h', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'd', 'e', '\0',
+  /* "freshdns.nl", true */ 'f', 'r', 'e', 's', 'h', 'd', 'n', 's', '.', 'n', 'l', '\0',
+  /* "freshempire.gov", true */ 'f', 'r', 'e', 's', 'h', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "freshmaza.com", true */ 'f', 'r', 'e', 's', 'h', 'm', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "freshmaza.net", true */ 'f', 'r', 'e', 's', 'h', 'm', 'a', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "fretscha.com", true */ 'f', 'r', 'e', 't', 's', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frettboard.com", true */ 'f', 'r', 'e', 't', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fretworksec.com", true */ 'f', 'r', 'e', 't', 'w', 'o', 'r', 'k', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "fribourgviking.net", true */ 'f', 'r', 'i', 'b', 'o', 'u', 'r', 'g', 'v', 'i', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "frickelboxx.de", true */ 'f', 'r', 'i', 'c', 'k', 'e', 'l', 'b', 'o', 'x', 'x', '.', 'd', 'e', '\0',
+  /* "frickelmeister.de", true */ 'f', 'r', 'i', 'c', 'k', 'e', 'l', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fridayfoucoud.ma", true */ 'f', 'r', 'i', 'd', 'a', 'y', 'f', 'o', 'u', 'c', 'o', 'u', 'd', '.', 'm', 'a', '\0',
+  /* "friederes.lu", true */ 'f', 'r', 'i', 'e', 'd', 'e', 'r', 'e', 's', '.', 'l', 'u', '\0',
+  /* "friedrich-foto-art.de", true */ 'f', 'r', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '-', 'f', 'o', 't', 'o', '-', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "friedsamphotography.com", true */ 'f', 'r', 'i', 'e', 'd', 's', 'a', 'm', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "friendlysiberia.com", true */ 'f', 'r', 'i', 'e', 'n', 'd', 'l', 'y', 's', 'i', 'b', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "friends-of-naz.com", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', '-', 'o', 'f', '-', 'n', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "friends24.cz", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', '2', '4', '.', 'c', 'z', '\0',
+  /* "friendship-quotes.co.uk", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', 'h', 'i', 'p', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "friet.org", true */ 'f', 'r', 'i', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "friezy.ru", true */ 'f', 'r', 'i', 'e', 'z', 'y', '.', 'r', 'u', '\0',
+  /* "frigi.ch", true */ 'f', 'r', 'i', 'g', 'i', '.', 'c', 'h', '\0',
+  /* "frigolit.net", true */ 'f', 'r', 'i', 'g', 'o', 'l', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "friller.com.au", true */ 'f', 'r', 'i', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "frillip.com", true */ 'f', 'r', 'i', 'l', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "frinkiac.com", true */ 'f', 'r', 'i', 'n', 'k', 'i', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "frino.de", true */ 'f', 'r', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "frippz.se", true */ 'f', 'r', 'i', 'p', 'p', 'z', '.', 's', 'e', '\0',
+  /* "fritteli.ch", true */ 'f', 'r', 'i', 't', 't', 'e', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "fritzrepair.com", true */ 'f', 'r', 'i', 't', 'z', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "frizo.com", true */ 'f', 'r', 'i', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "frly.de", true */ 'f', 'r', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "frob.nl", true */ 'f', 'r', 'o', 'b', '.', 'n', 'l', '\0',
+  /* "froehlich.it", true */ 'f', 'r', 'o', 'e', 'h', 'l', 'i', 'c', 'h', '.', 'i', 't', '\0',
+  /* "frogatto.com", true */ 'f', 'r', 'o', 'g', 'a', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "frogeye.fr", true */ 'f', 'r', 'o', 'g', 'e', 'y', 'e', '.', 'f', 'r', '\0',
+  /* "froggitt.com", true */ 'f', 'r', 'o', 'g', 'g', 'i', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "frogsonamission.de", true */ 'f', 'r', 'o', 'g', 's', 'o', 'n', 'a', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "froh.co.jp", true */ 'f', 'r', 'o', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "frokenblomma.se", true */ 'f', 'r', 'o', 'k', 'e', 'n', 'b', 'l', 'o', 'm', 'm', 'a', '.', 's', 'e', '\0',
+  /* "frolova.org", true */ 'f', 'r', 'o', 'l', 'o', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "fromix.de", true */ 'f', 'r', 'o', 'm', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "fromscratch.rocks", true */ 'f', 'r', 'o', 'm', 's', 'c', 'r', 'a', 't', 'c', 'h', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "fronteers.nl", false */ 'f', 'r', 'o', 'n', 't', 'e', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "frontline.cloud", true */ 'f', 'r', 'o', 'n', 't', 'l', 'i', 'n', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "frontline6.com", true */ 'f', 'r', 'o', 'n', 't', 'l', 'i', 'n', 'e', '6', '.', 'c', 'o', 'm', '\0',
+  /* "fropky.com", true */ 'f', 'r', 'o', 'p', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "frostbytes.net", true */ 'f', 'r', 'o', 's', 't', 'b', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "frostwarning.com", true */ 'f', 'r', 'o', 's', 't', 'w', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "frothy.coffee", true */ 'f', 'r', 'o', 't', 'h', 'y', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "froufe.com", true */ 'f', 'r', 'o', 'u', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "frozen-geek.net", true */ 'f', 'r', 'o', 'z', 'e', 'n', '-', 'g', 'e', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "frozen-solid.net", true */ 'f', 'r', 'o', 'z', 'e', 'n', '-', 's', 'o', 'l', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "frtn.com", true */ 'f', 'r', 't', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "frtr.gov", true */ 'f', 'r', 't', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "frtrains.com", true */ 'f', 'r', 't', 'r', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fruchthof24.de", true */ 'f', 'r', 'u', 'c', 'h', 't', 'h', 'o', 'f', '2', '4', '.', 'd', 'e', '\0',
+  /* "fruchtikus.net", true */ 'f', 'r', 'u', 'c', 'h', 't', 'i', 'k', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "frugalfamilyhome.com", true */ 'f', 'r', 'u', 'g', 'a', 'l', 'f', 'a', 'm', 'i', 'l', 'y', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "frugalmechanic.com", true */ 'f', 'r', 'u', 'g', 'a', 'l', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "frugro.be", false */ 'f', 'r', 'u', 'g', 'r', 'o', '.', 'b', 'e', '\0',
+  /* "fruition.co.jp", true */ 'f', 'r', 'u', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "frusky.de", true */ 'f', 'r', 'u', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "frydrychit.cz", true */ 'f', 'r', 'y', 'd', 'r', 'y', 'c', 'h', 'i', 't', '.', 'c', 'z', '\0',
+  /* "fs-fitness.eu", true */ 'f', 's', '-', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'e', 'u', '\0',
+  /* "fs-maistadt.de", true */ 'f', 's', '-', 'm', 'a', 'i', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "fsbnh.bank", true */ 'f', 's', 'b', 'n', 'h', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "fsbpaintrock.com", true */ 'f', 's', 'b', 'p', 'a', 'i', 'n', 't', 'r', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fsbturton.com", true */ 'f', 's', 'b', 't', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fsck.cz", true */ 'f', 's', 'c', 'k', '.', 'c', 'z', '\0',
+  /* "fsck.jp", true */ 'f', 's', 'c', 'k', '.', 'j', 'p', '\0',
+  /* "fsckd.com", true */ 'f', 's', 'c', 'k', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fscott.de", true */ 'f', 's', 'c', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "fsf.moe", true */ 'f', 's', 'f', '.', 'm', 'o', 'e', '\0',
+  /* "fsk.fo", true */ 'f', 's', 'k', '.', 'f', 'o', '\0',
+  /* "fsky.info", true */ 'f', 's', 'k', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "fsm2016.org", true */ 'f', 's', 'm', '2', '0', '1', '6', '.', 'o', 'r', 'g', '\0',
+  /* "fsps.ch", true */ 'f', 's', 'p', 's', '.', 'c', 'h', '\0',
+  /* "fstatic.io", true */ 'f', 's', 't', 'a', 't', 'i', 'c', '.', 'i', 'o', '\0',
+  /* "fsvt.ch", true */ 'f', 's', 'v', 't', '.', 'c', 'h', '\0',
+  /* "ftang.de", true */ 'f', 't', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ftc.gov", false */ 'f', 't', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "ftccomplaintassistant.gov", true */ 'f', 't', 'c', 'c', 'o', 'm', 'p', 'l', 'a', 'i', 'n', 't', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "ftcefile.gov", true */ 'f', 't', 'c', 'e', 'f', 'i', 'l', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "ftgho.com", true */ 'f', 't', 'g', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ftng.se", true */ 'f', 't', 'n', 'g', '.', 's', 'e', '\0',
+  /* "ftrsecure.com", true */ 'f', 't', 'r', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fuchsy.com", true */ 'f', 'u', 'c', 'h', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fuckav.ru", true */ 'f', 'u', 'c', 'k', 'a', 'v', '.', 'r', 'u', '\0',
+  /* "fuckcie.com", true */ 'f', 'u', 'c', 'k', 'c', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fucklife.ch", true */ 'f', 'u', 'c', 'k', 'l', 'i', 'f', 'e', '.', 'c', 'h', '\0',
+  /* "fuckyoupaypal.me", true */ 'f', 'u', 'c', 'k', 'y', 'o', 'u', 'p', 'a', 'y', 'p', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "fudanshi.org", true */ 'f', 'u', 'd', 'a', 'n', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "fuechschen.org", true */ 'f', 'u', 'e', 'c', 'h', 's', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "fuelingyourdreams.com", true */ 'f', 'u', 'e', 'l', 'i', 'n', 'g', 'y', 'o', 'u', 'r', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fugamo.de", true */ 'f', 'u', 'g', 'a', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "fuglede.dk", true */ 'f', 'u', 'g', 'l', 'e', 'd', 'e', '.', 'd', 'k', '\0',
+  /* "fuite.ch", true */ 'f', 'u', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "fuites.ch", true */ 'f', 'u', 'i', 't', 'e', 's', '.', 'c', 'h', '\0',
+  /* "fujianshipbuilding.com", true */ 'f', 'u', 'j', 'i', 'a', 'n', 's', 'h', 'i', 'p', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fujiwaraqol.com", true */ 'f', 'u', 'j', 'i', 'w', 'a', 'r', 'a', 'q', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fukakukeiba.com", true */ 'f', 'u', 'k', 'a', 'k', 'u', 'k', 'e', 'i', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fukuoka-cityliner.jp", true */ 'f', 'u', 'k', 'u', 'o', 'k', 'a', '-', 'c', 'i', 't', 'y', 'l', 'i', 'n', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "fukushimacoffee.com", true */ 'f', 'u', 'k', 'u', 's', 'h', 'i', 'm', 'a', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fulgenzis.com", true */ 'f', 'u', 'l', 'g', 'e', 'n', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fuliwang.info", true */ 'f', 'u', 'l', 'i', 'w', 'a', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "fuliwang.us", true */ 'f', 'u', 'l', 'i', 'w', 'a', 'n', 'g', '.', 'u', 's', '\0',
+  /* "fullautomotivo.com.br", true */ 'f', 'u', 'l', 'l', 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fullbundle.com", true */ 'f', 'u', 'l', 'l', 'b', 'u', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fullhub.ru", true */ 'f', 'u', 'l', 'l', 'h', 'u', 'b', '.', 'r', 'u', '\0',
+  /* "fullmatch.net", true */ 'f', 'u', 'l', 'l', 'm', 'a', 't', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "fullstacknotes.com", true */ 'f', 'u', 'l', 'l', 's', 't', 'a', 'c', 'k', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fumblers.ca", true */ 'f', 'u', 'm', 'b', 'l', 'e', 'r', 's', '.', 'c', 'a', '\0',
+  /* "fumerolles.ch", true */ 'f', 'u', 'm', 'e', 'r', 'o', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "fun-bounce.co.uk", true */ 'f', 'u', 'n', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fun-tasia.co.uk", true */ 'f', 'u', 'n', '-', 't', 'a', 's', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fun4kidzbouncycastles.co.uk", true */ 'f', 'u', 'n', '4', 'k', 'i', 'd', 'z', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fun4ubouncycastles.co.uk", true */ 'f', 'u', 'n', '4', 'u', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funandbounce.com", true */ 'f', 'u', 'n', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "funarena.com.ua", true */ 'f', 'u', 'n', 'a', 'r', 'e', 'n', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "funatic.nl", true */ 'f', 'u', 'n', 'a', 't', 'i', 'c', '.', 'n', 'l', '\0',
+  /* "funbouncelincs.co.uk", true */ 'f', 'u', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'l', 'i', 'n', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funchestra.at", false */ 'f', 'u', 'n', 'c', 'h', 'e', 's', 't', 'r', 'a', '.', 'a', 't', '\0',
+  /* "functional.cc", true */ 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'c', '\0',
+  /* "functions-online.com", true */ 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fundacionfranciscofiasco.org", true */ 'f', 'u', 'n', 'd', 'a', 'c', 'i', 'o', 'n', 'f', 'r', 'a', 'n', 'c', 'i', 's', 'c', 'o', 'f', 'i', 'a', 's', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "fundayltd.com", true */ 'f', 'u', 'n', 'd', 'a', 'y', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fundays.nl", true */ 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'n', 'l', '\0',
+  /* "fundchan.com", true */ 'f', 'u', 'n', 'd', 'c', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fundeego.com", true */ 'f', 'u', 'n', 'd', 'e', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "funderburg.me", true */ 'f', 'u', 'n', 'd', 'e', 'r', 'b', 'u', 'r', 'g', '.', 'm', 'e', '\0',
+  /* "fundingempire.com", true */ 'f', 'u', 'n', 'd', 'i', 'n', 'g', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fundort.ch", true */ 'f', 'u', 'n', 'd', 'o', 'r', 't', '.', 'c', 'h', '\0',
+  /* "funfactorleeds.co.uk", true */ 'f', 'u', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funfoodco.co.uk", true */ 'f', 'u', 'n', 'f', 'o', 'o', 'd', 'c', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funfunmstdn.tokyo", true */ 'f', 'u', 'n', 'f', 'u', 'n', 'm', 's', 't', 'd', 'n', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "funhouse-inflatables.co.uk", true */ 'f', 'u', 'n', 'h', 'o', 'u', 's', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funi4u.com", true */ 'f', 'u', 'n', 'i', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "funideas.org", true */ 'f', 'u', 'n', 'i', 'd', 'e', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "funinbeds.org.uk", true */ 'f', 'u', 'n', 'i', 'n', 'b', 'e', 'd', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "funken-networks.de", true */ 'f', 'u', 'n', 'k', 'e', 'n', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "funktionel.co", true */ 'f', 'u', 'n', 'k', 't', 'i', 'o', 'n', 'e', 'l', '.', 'c', 'o', '\0',
+  /* "funnelweb.xyz", true */ 'f', 'u', 'n', 'n', 'e', 'l', 'w', 'e', 'b', '.', 'x', 'y', 'z', '\0',
+  /* "funniestclip.com", true */ 'f', 'u', 'n', 'n', 'i', 'e', 's', 't', 'c', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "funny-joke-pictures.com", true */ 'f', 'u', 'n', 'n', 'y', '-', 'j', 'o', 'k', 'e', '-', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "funnybikini.com", true */ 'f', 'u', 'n', 'n', 'y', 'b', 'i', 'k', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "funoverip.net", true */ 'f', 'u', 'n', 'o', 'v', 'e', 'r', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "funtastic.ie", true */ 'f', 'u', 'n', 't', 'a', 's', 't', 'i', 'c', '.', 'i', 'e', '\0',
+  /* "funtasticinflatablesdurham.co.uk", true */ 'f', 'u', 'n', 't', 'a', 's', 't', 'i', 'c', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'd', 'u', 'r', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtime-inflatables.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtime.kiev.ua", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', '.', 'k', 'i', 'e', 'v', '.', 'u', 'a', '\0',
+  /* "funtimebourne.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtimeentertainment.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtimesbouncycastles.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "furgo.love", true */ 'f', 'u', 'r', 'g', 'o', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "furigana.info", true */ 'f', 'u', 'r', 'i', 'g', 'a', 'n', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "furkancaliskan.com", true */ 'f', 'u', 'r', 'k', 'a', 'n', 'c', 'a', 'l', 'i', 's', 'k', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "furkot.com", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "furkot.de", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'd', 'e', '\0',
+  /* "furkot.es", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'e', 's', '\0',
+  /* "furkot.fr", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'f', 'r', '\0',
+  /* "furkot.it", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'i', 't', '\0',
+  /* "furkot.pl", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'p', 'l', '\0',
+  /* "furlan.co", true */ 'f', 'u', 'r', 'l', 'a', 'n', '.', 'c', 'o', '\0',
+  /* "furnfurs.com", true */ 'f', 'u', 'r', 'n', 'f', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "furnitureconcept.co.uk", true */ 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "furry.agency", true */ 'f', 'u', 'r', 'r', 'y', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "furry.dk", true */ 'f', 'u', 'r', 'r', 'y', '.', 'd', 'k', '\0',
+  /* "furtivelook.com", true */ 'f', 'u', 'r', 't', 'i', 'v', 'e', 'l', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fusa-miyamoto.jp", true */ 'f', 'u', 's', 'a', '-', 'm', 'i', 'y', 'a', 'm', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "fuseos.net", true */ 'f', 'u', 's', 'e', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "fushee.com", true */ 'f', 'u', 's', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fuskator.com", true */ 'f', 'u', 's', 'k', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fussball-xxl.de", true */ 'f', 'u', 's', 's', 'b', 'a', 'l', 'l', '-', 'x', 'x', 'l', '.', 'd', 'e', '\0',
+  /* "fussell.io", true */ 'f', 'u', 's', 's', 'e', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "futbolvivo.tv", true */ 'f', 'u', 't', 'b', 'o', 'l', 'v', 'i', 'v', 'o', '.', 't', 'v', '\0',
+  /* "futrou.com", true */ 'f', 'u', 't', 'r', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "futurefire.de", true */ 'f', 'u', 't', 'u', 'r', 'e', 'f', 'i', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "futurenda.com", true */ 'f', 'u', 't', 'u', 'r', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "futureoceans.org", true */ 'f', 'u', 't', 'u', 'r', 'e', 'o', 'c', 'e', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "futuresonline.com", true */ 'f', 'u', 't', 'u', 'r', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "futurezone.at", true */ 'f', 'u', 't', 'u', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'a', 't', '\0',
+  /* "futuristarchitecture.com", true */ 'f', 'u', 't', 'u', 'r', 'i', 's', 't', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "futurope.com", true */ 'f', 'u', 't', 'u', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fuwafuwa.moe", true */ 'f', 'u', 'w', 'a', 'f', 'u', 'w', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "fuxwerk.de", true */ 'f', 'u', 'x', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "fuyu.moe", true */ 'f', 'u', 'y', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "fuzoku.jp", true */ 'f', 'u', 'z', 'o', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "fuzzing-project.org", true */ 'f', 'u', 'z', 'z', 'i', 'n', 'g', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "fveevaete.com", true */ 'f', 'v', 'e', 'e', 'v', 'a', 'e', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fwdx.net", true */ 'f', 'w', 'd', 'x', '.', 'n', 'e', 't', '\0',
+  /* "fwei.tk", true */ 'f', 'w', 'e', 'i', '.', 't', 'k', '\0',
+  /* "fwest.ovh", true */ 'f', 'w', 'e', 's', 't', '.', 'o', 'v', 'h', '\0',
+  /* "fwest98.ovh", true */ 'f', 'w', 'e', 's', 't', '9', '8', '.', 'o', 'v', 'h', '\0',
+  /* "fwww7.com", true */ 'f', 'w', 'w', 'w', '7', '.', 'c', 'o', 'm', '\0',
+  /* "fx24.uk", true */ 'f', 'x', '2', '4', '.', 'u', 'k', '\0',
+  /* "fx5.de", true */ 'f', 'x', '5', '.', 'd', 'e', '\0',
+  /* "fxgame.online", true */ 'f', 'x', 'g', 'a', 'm', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "fxislamic.com", true */ 'f', 'x', 'i', 's', 'l', 'a', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "fxopen.co.uk", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fxopen.com", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fxopen.com.au", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fxopen.com.br", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fxopen.com.mx", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "fxopen.my", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'm', 'y', '\0',
+  /* "fxopen.ru", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "fxp.co.il", false */ 'f', 'x', 'p', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "fxpig-ib.com", true */ 'f', 'x', 'p', 'i', 'g', '-', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fxtalk.cn", true */ 'f', 'x', 't', 'a', 'l', 'k', '.', 'c', 'n', '\0',
+  /* "fxthai.com", true */ 'f', 'x', 't', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fxtrade-lab.com", true */ 'f', 'x', 't', 'r', 'a', 'd', 'e', '-', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fyn.nl", true */ 'f', 'y', 'n', '.', 'n', 'l', '\0',
+  /* "fysesbjerg.dk", true */ 'f', 'y', 's', 'e', 's', 'b', 'j', 'e', 'r', 'g', '.', 'd', 'k', '\0',
+  /* "fysiotherapieholtenbroek.nl", true */ 'f', 'y', 's', 'i', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', 'h', 'o', 'l', 't', 'e', 'n', 'b', 'r', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "fysiotherapierossum.nl", true */ 'f', 'y', 's', 'i', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', 'r', 'o', 's', 's', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "fysiovdberg.nl", true */ 'f', 'y', 's', 'i', 'o', 'v', 'd', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "fysuite.com", true */ 'f', 'y', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fzbrweb.cz", true */ 'f', 'z', 'b', 'r', 'w', 'e', 'b', '.', 'c', 'z', '\0',
+  /* "fzx750.ru", true */ 'f', 'z', 'x', '7', '5', '0', '.', 'r', 'u', '\0',
+  /* "g-m-w.eu", true */ 'g', '-', 'm', '-', 'w', '.', 'e', 'u', '\0',
+  /* "g-o.pl", true */ 'g', '-', 'o', '.', 'p', 'l', '\0',
+  /* "g-rom.net", true */ 'g', '-', 'r', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "g01.in.ua", true */ 'g', '0', '1', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "g1.ie", true */ 'g', '1', '.', 'i', 'e', '\0',
+  /* "g10e.ch", true */ 'g', '1', '0', 'e', '.', 'c', 'h', '\0',
+  /* "g2-inc.com", false */ 'g', '2', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "g2links.com", true */ 'g', '2', 'l', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "g2pla.net", true */ 'g', '2', 'p', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "g2soft.net", true */ 'g', '2', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "g3dev.ch", true */ 'g', '3', 'd', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "g3rv4.com", true */ 'g', '3', 'r', 'v', '4', '.', 'c', 'o', 'm', '\0',
+  /* "g4w.co", true */ 'g', '4', 'w', '.', 'c', 'o', '\0',
+  /* "gaanbaksho.com.au", true */ 'g', 'a', 'a', 'n', 'b', 'a', 'k', 's', 'h', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gabemack.com", true */ 'g', 'a', 'b', 'e', 'm', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gabethebabetv.com", true */ 'g', 'a', 'b', 'e', 't', 'h', 'e', 'b', 'a', 'b', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "gabrielsimonet.ch", true */ 'g', 'a', 'b', 'r', 'i', 'e', 'l', 's', 'i', 'm', 'o', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "gachter.name", true */ 'g', 'a', 'c', 'h', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "gadabit.pl", true */ 'g', 'a', 'd', 'a', 'b', 'i', 't', '.', 'p', 'l', '\0',
+  /* "gadgethacks.com", true */ 'g', 'a', 'd', 'g', 'e', 't', 'h', 'a', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gaestehaus-monika.com", true */ 'g', 'a', 'e', 's', 't', 'e', 'h', 'a', 'u', 's', '-', 'm', 'o', 'n', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gaflooring.com", true */ 'g', 'a', 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gafunds.com", true */ 'g', 'a', 'f', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gagne-enterprises.com", true */ 'g', 'a', 'g', 'n', 'e', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gagne.tk", true */ 'g', 'a', 'g', 'n', 'e', '.', 't', 'k', '\0',
+  /* "gagnerplusdargent.info", true */ 'g', 'a', 'g', 'n', 'e', 'r', 'p', 'l', 'u', 's', 'd', 'a', 'r', 'g', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gagniard.org", true */ 'g', 'a', 'g', 'n', 'i', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "gagor.pl", true */ 'g', 'a', 'g', 'o', 'r', '.', 'p', 'l', '\0',
+  /* "gagygnole.ch", true */ 'g', 'a', 'g', 'y', 'g', 'n', 'o', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "gaichanh.com", true */ 'g', 'a', 'i', 'c', 'h', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gaichon.com", true */ 'g', 'a', 'i', 'c', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gaines-sodiamex.fr", true */ 'g', 'a', 'i', 'n', 'e', 's', '-', 's', 'o', 'd', 'i', 'a', 'm', 'e', 'x', '.', 'f', 'r', '\0',
+  /* "gaio-automobiles.fr", true */ 'g', 'a', 'i', 'o', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 's', '.', 'f', 'r', '\0',
+  /* "gaireg.de", true */ 'g', 'a', 'i', 'r', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "gajas18.com", true */ 'g', 'a', 'j', 'a', 's', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "gakkainavi-epsilon.jp", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '-', 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "gakkainavi.net", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '.', 'n', 'e', 't', '\0',
+  /* "gakkainavi4.jp", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '4', '.', 'j', 'p', '\0',
+  /* "gaku-architect.com", true */ 'g', 'a', 'k', 'u', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "galactic-crew.org", true */ 'g', 'a', 'l', 'a', 'c', 't', 'i', 'c', '-', 'c', 'r', 'e', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "galak.ch", true */ 'g', 'a', 'l', 'a', 'k', '.', 'c', 'h', '\0',
+  /* "galerieautodirect.com", true */ 'g', 'a', 'l', 'e', 'r', 'i', 'e', 'a', 'u', 't', 'o', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "galeries.photo", true */ 'g', 'a', 'l', 'e', 'r', 'i', 'e', 's', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "galgoafegao.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'a', 'f', 'e', 'g', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "galgoingles.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "galgopersa.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'p', 'e', 'r', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "galileanhome.org", true */ 'g', 'a', 'l', 'i', 'l', 'e', 'a', 'n', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "galileomtz.com", true */ 'g', 'a', 'l', 'i', 'l', 'e', 'o', 'm', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "galinas-blog.de", true */ 'g', 'a', 'l', 'i', 'n', 'a', 's', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "galinos.gr", true */ 'g', 'a', 'l', 'i', 'n', 'o', 's', '.', 'g', 'r', '\0',
+  /* "gallerify.eu", true */ 'g', 'a', 'l', 'l', 'e', 'r', 'i', 'f', 'y', '.', 'e', 'u', '\0',
+  /* "gallicrooster.com", true */ 'g', 'a', 'l', 'l', 'i', 'c', 'r', 'o', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gallun-shop.com", true */ 'g', 'a', 'l', 'l', 'u', 'n', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "galpaoap.com.br", true */ 'g', 'a', 'l', 'p', 'a', 'o', 'a', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gamajo.com", true */ 'g', 'a', 'm', 'a', 'j', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gamberorosso.menu", true */ 'g', 'a', 'm', 'b', 'e', 'r', 'o', 'r', 'o', 's', 's', 'o', '.', 'm', 'e', 'n', 'u', '\0',
+  /* "gambetti.fr", true */ 'g', 'a', 'm', 'b', 'e', 't', 't', 'i', '.', 'f', 'r', '\0',
+  /* "gambit.pro", true */ 'g', 'a', 'm', 'b', 'i', 't', '.', 'p', 'r', 'o', '\0',
+  /* "gambitboard.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gambitnash.co.uk", true */ 'g', 'a', 'm', 'b', 'i', 't', 'n', 'a', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gambitnash.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'n', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gambitprint.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamblersgaming.eu", true */ 'g', 'a', 'm', 'b', 'l', 'e', 'r', 's', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "game-files.net", false */ 'g', 'a', 'm', 'e', '-', 'f', 'i', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "game7.de", true */ 'g', 'a', 'm', 'e', '7', '.', 'd', 'e', '\0',
+  /* "gamebits.net", true */ 'g', 'a', 'm', 'e', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "gamebrott.com", true */ 'g', 'a', 'm', 'e', 'b', 'r', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamecard-shop.nl", true */ 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', '-', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "gameclue.jp", true */ 'g', 'a', 'm', 'e', 'c', 'l', 'u', 'e', '.', 'j', 'p', '\0',
+  /* "gamecollector.be", true */ 'g', 'a', 'm', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'o', 'r', '.', 'b', 'e', '\0',
+  /* "gameconservation.org.uk", true */ 'g', 'a', 'm', 'e', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "gamedevelopers.pl", true */ 'g', 'a', 'm', 'e', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 's', '.', 'p', 'l', '\0',
+  /* "gamegix.com", true */ 'g', 'a', 'm', 'e', 'g', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gameguardian.net", true */ 'g', 'a', 'm', 'e', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "gameisbest.jp", true */ 'g', 'a', 'm', 'e', 'i', 's', 'b', 'e', 's', 't', '.', 'j', 'p', '\0',
+  /* "gamekeepers.cz", true */ 'g', 'a', 'm', 'e', 'k', 'e', 'e', 'p', 'e', 'r', 's', '.', 'c', 'z', '\0',
+  /* "gamekeysuche.de", true */ 'g', 'a', 'm', 'e', 'k', 'e', 'y', 's', 'u', 'c', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "gamenerd.net", true */ 'g', 'a', 'm', 'e', 'n', 'e', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "gameofbay.org", true */ 'g', 'a', 'm', 'e', 'o', 'f', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "gameofpwnz.com", true */ 'g', 'a', 'm', 'e', 'o', 'f', 'p', 'w', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "gamepad.com.br", true */ 'g', 'a', 'm', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gameparagon.info", true */ 'g', 'a', 'm', 'e', 'p', 'a', 'r', 'a', 'g', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gamercredo.com", true */ 'g', 'a', 'm', 'e', 'r', 'c', 'r', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gamercredo.net", true */ 'g', 'a', 'm', 'e', 'r', 'c', 'r', 'e', 'd', 'o', '.', 'n', 'e', 't', '\0',
+  /* "gamerezo.com", true */ 'g', 'a', 'm', 'e', 'r', 'e', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "games4theworld.org", true */ 'g', 'a', 'm', 'e', 's', '4', 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "gameserver-sponsor.me", true */ 'g', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', '-', 's', 'p', 'o', 'n', 's', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "gameshowchallenge.ie", true */ 'g', 'a', 'm', 'e', 's', 'h', 'o', 'w', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'i', 'e', '\0',
+  /* "gamesplanet.com", true */ 'g', 'a', 'm', 'e', 's', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamestats.gg", true */ 'g', 'a', 'm', 'e', 's', 't', 'a', 't', 's', '.', 'g', 'g', '\0',
+  /* "gamhealth.net", true */ 'g', 'a', 'm', 'h', 'e', 'a', 'l', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "gamingexodus.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'e', 'x', 'o', 'd', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gamingrealms.net", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'r', 'e', 'a', 'l', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "gamingreinvented.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'r', 'e', 'i', 'n', 'v', 'e', 'n', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gamingwithcromulent.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'c', 'r', 'o', 'm', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamingzoneservers.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'z', 'o', 'n', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gamishou.fr", true */ 'g', 'a', 'm', 'i', 's', 'h', 'o', 'u', '.', 'f', 'r', '\0',
+  /* "gamoloco.com", true */ 'g', 'a', 'm', 'o', 'l', 'o', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ganado.org", true */ 'g', 'a', 'n', 'a', 'd', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "gancedo.com.es", true */ 'g', 'a', 'n', 'c', 'e', 'd', 'o', '.', 'c', 'o', 'm', '.', 'e', 's', '\0',
+  /* "gandalfservice.com", true */ 'g', 'a', 'n', 'd', 'a', 'l', 'f', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gandalfthefeline.com", true */ 'g', 'a', 'n', 'd', 'a', 'l', 'f', 't', 'h', 'e', 'f', 'e', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gandgliquors.com", true */ 'g', 'a', 'n', 'd', 'g', 'l', 'i', 'q', 'u', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ganhonet.com.br", true */ 'g', 'a', 'n', 'h', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ganztagplus.de", true */ 'g', 'a', 'n', 'z', 't', 'a', 'g', 'p', 'l', 'u', 's', '.', 'd', 'e', '\0',
+  /* "gapdirect.com", true */ 'g', 'a', 'p', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gapfa.org", true */ 'g', 'a', 'p', 'f', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "gaptek.id", false */ 'g', 'a', 'p', 't', 'e', 'k', '.', 'i', 'd', '\0',
+  /* "gar-nich.net", false */ 'g', 'a', 'r', '-', 'n', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "garage-door.pro", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'd', 'o', 'o', 'r', '.', 'p', 'r', 'o', '\0',
+  /* "garage-leone.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'l', 'e', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "garage-meynard.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'm', 'e', 'y', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "garageenginuity.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'e', 'n', 'g', 'i', 'n', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "garagegoossens.be", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'g', 'o', 'o', 's', 's', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "garagemhermetica.org", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'm', 'h', 'e', 'r', 'm', 'e', 't', 'i', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "garagevanhulle-used.be", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'v', 'a', 'n', 'h', 'u', 'l', 'l', 'e', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "garanteasy.com", true */ 'g', 'a', 'r', 'a', 'n', 't', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "garantieabschluss.de", false */ 'g', 'a', 'r', 'a', 'n', 't', 'i', 'e', 'a', 'b', 's', 'c', 'h', 'l', 'u', 's', 's', '.', 'd', 'e', '\0',
+  /* "garbage-juice.com", true */ 'g', 'a', 'r', 'b', 'a', 'g', 'e', '-', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "garciniacambogiareviewed.co", true */ 'g', 'a', 'r', 'c', 'i', 'n', 'i', 'a', 'c', 'a', 'm', 'b', 'o', 'g', 'i', 'a', 'r', 'e', 'v', 'i', 'e', 'w', 'e', 'd', '.', 'c', 'o', '\0',
+  /* "garda-see.mobi", true */ 'g', 'a', 'r', 'd', 'a', '-', 's', 'e', 'e', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "garden-life.org", true */ 'g', 'a', 'r', 'd', 'e', 'n', '-', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "gardencarezone.com", true */ 'g', 'a', 'r', 'd', 'e', 'n', 'c', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gardengameshireuk.com", true */ 'g', 'a', 'r', 'd', 'e', 'n', 'g', 'a', 'm', 'e', 's', 'h', 'i', 'r', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "garderobche.eu", true */ 'g', 'a', 'r', 'd', 'e', 'r', 'o', 'b', 'c', 'h', 'e', '.', 'e', 'u', '\0',
+  /* "gardikagigih.com", true */ 'g', 'a', 'r', 'd', 'i', 'k', 'a', 'g', 'i', 'g', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "garedtech.com", false */ 'g', 'a', 'r', 'e', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "garethrhugh.es", true */ 'g', 'a', 'r', 'e', 't', 'h', 'r', 'h', 'u', 'g', 'h', '.', 'e', 's', '\0',
+  /* "garfieldairlines.net", true */ 'g', 'a', 'r', 'f', 'i', 'e', 'l', 'd', 'a', 'i', 'r', 'l', 'i', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "gargazon.net", true */ 'g', 'a', 'r', 'g', 'a', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "garron.net", true */ 'g', 'a', 'r', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "gartenplanung-brendes.de", true */ 'g', 'a', 'r', 't', 'e', 'n', 'p', 'l', 'a', 'n', 'u', 'n', 'g', '-', 'b', 'r', 'e', 'n', 'd', 'e', 's', '.', 'd', 'e', '\0',
+  /* "garycarmell.com", true */ 'g', 'a', 'r', 'y', 'c', 'a', 'r', 'm', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "garycwaite.com", true */ 'g', 'a', 'r', 'y', 'c', 'w', 'a', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "garyjones.co.uk", true */ 'g', 'a', 'r', 'y', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "garystallman.com", true */ 'g', 'a', 'r', 'y', 's', 't', 'a', 'l', 'l', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "garywhittington.com", true */ 'g', 'a', 'r', 'y', 'w', 'h', 'i', 't', 't', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gastauftritt.net", true */ 'g', 'a', 's', 't', 'a', 'u', 'f', 't', 'r', 'i', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "gastoudererenda.nl", true */ 'g', 'a', 's', 't', 'o', 'u', 'd', 'e', 'r', 'e', 'r', 'e', 'n', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "gate2home.com", true */ 'g', 'a', 't', 'e', '2', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gateaucreation.fr", true */ 'g', 'a', 't', 'e', 'a', 'u', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "gatemoves.com", true */ 'g', 'a', 't', 'e', 'm', 'o', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gatewaybridal.com", true */ 'g', 'a', 't', 'e', 'w', 'a', 'y', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gatewaybronco.com", true */ 'g', 'a', 't', 'e', 'w', 'a', 'y', 'b', 'r', 'o', 'n', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gateworld.fr", true */ 'g', 'a', 't', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'f', 'r', '\0',
+  /* "gatilagata.com.br", true */ 'g', 'a', 't', 'i', 'l', 'a', 'g', 'a', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gatomix.net", true */ 'g', 'a', 't', 'o', 'm', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "gauche.com", true */ 'g', 'a', 'u', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gaussianwaves.com", true */ 'g', 'a', 'u', 's', 's', 'i', 'a', 'n', 'w', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gauthier.dk", true */ 'g', 'a', 'u', 't', 'h', 'i', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "gautvedt.no", true */ 'g', 'a', 'u', 't', 'v', 'e', 'd', 't', '.', 'n', 'o', '\0',
+  /* "gavick.com", false */ 'g', 'a', 'v', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gavins.stream", true */ 'g', 'a', 'v', 'i', 'n', 's', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "gay-sissies.com", true */ 'g', 'a', 'y', '-', 's', 'i', 's', 's', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gaycc.cc", true */ 'g', 'a', 'y', 'c', 'c', '.', 'c', 'c', '\0',
+  /* "gayforgenji.com", true */ 'g', 'a', 'y', 'f', 'o', 'r', 'g', 'e', 'n', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gaysfisting.com", true */ 'g', 'a', 'y', 's', 'f', 'i', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gaytorrent.ru", true */ 'g', 'a', 'y', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'r', 'u', '\0',
+  /* "gayxsite.com", true */ 'g', 'a', 'y', 'x', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gazee.net", true */ 'g', 'a', 'z', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gazellegames.net", false */ 'g', 'a', 'z', 'e', 'l', 'l', 'e', 'g', 'a', 'm', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "gazette.govt.nz", true */ 'g', 'a', 'z', 'e', 't', 't', 'e', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "gazflynn.com", true */ 'g', 'a', 'z', 'f', 'l', 'y', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gbc-radio.nl", true */ 'g', 'b', 'c', '-', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "gbcsummercamps.com", true */ 'g', 'b', 'c', 's', 'u', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gbit.xyz", true */ 'g', 'b', 'i', 't', '.', 'x', 'y', 'z', '\0',
+  /* "gbl.selfip.net", true */ 'g', 'b', 'l', '.', 's', 'e', 'l', 'f', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "gboys.net", true */ 'g', 'b', 'o', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "gc-mc.de", true */ 'g', 'c', '-', 'm', 'c', '.', 'd', 'e', '\0',
+  /* "gc.gy", true */ 'g', 'c', '.', 'g', 'y', '\0',
+  /* "gcbit.dk", true */ 'g', 'c', 'b', 'i', 't', '.', 'd', 'k', '\0',
+  /* "gchp.ie", true */ 'g', 'c', 'h', 'p', '.', 'i', 'e', '\0',
+  /* "gchq.wtf", true */ 'g', 'c', 'h', 'q', '.', 'w', 't', 'f', '\0',
+  /* "gcs-ventures.com", true */ 'g', 'c', 's', '-', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gcsepod.com", true */ 'g', 'c', 's', 'e', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gdax.com", true */ 'g', 'd', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gdb-tutorial.net", true */ 'g', 'd', 'b', '-', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "gdgrzeszow.pl", true */ 'g', 'd', 'g', 'r', 'z', 'e', 's', 'z', 'o', 'w', '.', 'p', 'l', '\0',
+  /* "gdiary.net", true */ 'g', 'd', 'i', 'a', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gdoce.es", false */ 'g', 'd', 'o', 'c', 'e', '.', 'e', 's', '\0',
+  /* "gdutnic.com", true */ 'g', 'd', 'u', 't', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "gdv.me", true */ 'g', 'd', 'v', '.', 'm', 'e', '\0',
+  /* "gdz-spishy.com", true */ 'g', 'd', 'z', '-', 's', 'p', 'i', 's', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gdz.tv", true */ 'g', 'd', 'z', '.', 't', 'v', '\0',
+  /* "ge3k.net", false */ 'g', 'e', '3', 'k', '.', 'n', 'e', 't', '\0',
+  /* "gear-acquisition-syndrome.community", true */ 'g', 'e', 'a', 'r', '-', 'a', 'c', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', 'n', '-', 's', 'y', 'n', 'd', 'r', 'o', 'm', 'e', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "gearev.net", true */ 'g', 'e', 'a', 'r', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "gearfinder.nl", true */ 'g', 'e', 'a', 'r', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "gearset.com", true */ 'g', 'e', 'a', 'r', 's', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "geaskb.nl", true */ 'g', 'e', 'a', 's', 'k', 'b', '.', 'n', 'l', '\0',
+  /* "geass.xyz", true */ 'g', 'e', 'a', 's', 's', '.', 'x', 'y', 'z', '\0',
+  /* "geblitzt.de", true */ 'g', 'e', 'b', 'l', 'i', 't', 'z', 't', '.', 'd', 'e', '\0',
+  /* "geboortestoeltje.com", true */ 'g', 'e', 'b', 'o', 'o', 'r', 't', 'e', 's', 't', 'o', 'e', 'l', 't', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "geborgen-wachsen.de", true */ 'g', 'e', 'b', 'o', 'r', 'g', 'e', 'n', '-', 'w', 'a', 'c', 'h', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gebruikershandleiding.com", true */ 'g', 'e', 'b', 'r', 'u', 'i', 'k', 'e', 'r', 's', 'h', 'a', 'n', 'd', 'l', 'e', 'i', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gecem.org", true */ 'g', 'e', 'c', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "gechr.io", true */ 'g', 'e', 'c', 'h', 'r', '.', 'i', 'o', '\0',
+  /* "gedankenworks.com", true */ 'g', 'e', 'd', 'a', 'n', 'k', 'e', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geder.at", true */ 'g', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "gedlingcastlehire.co.uk", true */ 'g', 'e', 'd', 'l', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gee.is", true */ 'g', 'e', 'e', '.', 'i', 's', '\0',
+  /* "geek-hub.de", true */ 'g', 'e', 'e', 'k', '-', 'h', 'u', 'b', '.', 'd', 'e', '\0',
+  /* "geek.ch", true */ 'g', 'e', 'e', 'k', '.', 'c', 'h', '\0',
+  /* "geekabit.nl", true */ 'g', 'e', 'e', 'k', 'a', 'b', 'i', 't', '.', 'n', 'l', '\0',
+  /* "geekandi.com", true */ 'g', 'e', 'e', 'k', 'a', 'n', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "geekariom.com", true */ 'g', 'e', 'e', 'k', 'a', 'r', 'i', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "geekbundle.org", false */ 'g', 'e', 'e', 'k', 'b', 'u', 'n', 'd', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "geekchimp.com", true */ 'g', 'e', 'e', 'k', 'c', 'h', 'i', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "geekclubbooks.com", true */ 'g', 'e', 'e', 'k', 'c', 'l', 'u', 'b', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geeklair.net", true */ 'g', 'e', 'e', 'k', 'l', 'a', 'i', 'r', '.', 'n', 'e', 't', '\0',
+  /* "geeklan.co.uk", true */ 'g', 'e', 'e', 'k', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "geekles.net", true */ 'g', 'e', 'e', 'k', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "geeknik.com", true */ 'g', 'e', 'e', 'k', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "geekpad.com", true */ 'g', 'e', 'e', 'k', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "geeks.one", true */ 'g', 'e', 'e', 'k', 's', '.', 'o', 'n', 'e', '\0',
+  /* "geekshirts.cz", true */ 'g', 'e', 'e', 'k', 's', 'h', 'i', 'r', 't', 's', '.', 'c', 'z', '\0',
+  /* "geektopia.es", true */ 'g', 'e', 'e', 'k', 't', 'o', 'p', 'i', 'a', '.', 'e', 's', '\0',
+  /* "geekwhack.org", true */ 'g', 'e', 'e', 'k', 'w', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "geekwithabudget.com", true */ 'g', 'e', 'e', 'k', 'w', 'i', 't', 'h', 'a', 'b', 'u', 'd', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "geekwu.org", true */ 'g', 'e', 'e', 'k', 'w', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "geekz.sk", true */ 'g', 'e', 'e', 'k', 'z', '.', 's', 'k', '\0',
+  /* "geekzone.co.nz", true */ 'g', 'e', 'e', 'k', 'z', 'o', 'n', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "geekzone.fr", true */ 'g', 'e', 'e', 'k', 'z', 'o', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "geeq.ch", true */ 'g', 'e', 'e', 'q', '.', 'c', 'h', '\0',
+  /* "geerdsen.net", true */ 'g', 'e', 'e', 'r', 'd', 's', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "geertdegraaf.nl", true */ 'g', 'e', 'e', 'r', 't', 'd', 'e', 'g', 'r', 'a', 'a', 'f', '.', 'n', 'l', '\0',
+  /* "geertswei.nl", true */ 'g', 'e', 'e', 'r', 't', 's', 'w', 'e', 'i', '.', 'n', 'l', '\0',
+  /* "gegeco.ch", true */ 'g', 'e', 'g', 'e', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "geh.li", true */ 'g', 'e', 'h', '.', 'l', 'i', '\0',
+  /* "gehaowu.com", true */ 'g', 'e', 'h', 'a', 'o', 'w', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "gehopft.de", true */ 'g', 'e', 'h', 'o', 'p', 'f', 't', '.', 'd', 'e', '\0',
+  /* "gehreslaw.com", true */ 'g', 'e', 'h', 'r', 'e', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gehrke.in", true */ 'g', 'e', 'h', 'r', 'k', 'e', '.', 'i', 'n', '\0',
+  /* "gehsicht.de", true */ 'g', 'e', 'h', 's', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "geiser-family.ch", true */ 'g', 'e', 'i', 's', 'e', 'r', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "geiser.io", true */ 'g', 'e', 'i', 's', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "gelb-computer.de", true */ 'g', 'e', 'l', 'b', '-', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "geld-im-blick.de", true */ 'g', 'e', 'l', 'd', '-', 'i', 'm', '-', 'b', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "geld24.nl", true */ 'g', 'e', 'l', 'd', '2', '4', '.', 'n', 'l', '\0',
+  /* "geldimblick.de", true */ 'g', 'e', 'l', 'd', 'i', 'm', 'b', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "geldteveel.eu", true */ 'g', 'e', 'l', 'd', 't', 'e', 'v', 'e', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "geleenbeekdal.nl", true */ 'g', 'e', 'l', 'e', 'e', 'n', 'b', 'e', 'e', 'k', 'd', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "geleia-real.com", true */ 'g', 'e', 'l', 'e', 'i', 'a', '-', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gelis.ch", true */ 'g', 'e', 'l', 'i', 's', '.', 'c', 'h', '\0',
+  /* "gelodosul.com.br", true */ 'g', 'e', 'l', 'o', 'd', 'o', 's', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gelog-software.de", false */ 'g', 'e', 'l', 'o', 'g', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "geloofindemocratie.nl", true */ 'g', 'e', 'l', 'o', 'o', 'f', 'i', 'n', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "geluidsstudio.com", true */ 'g', 'e', 'l', 'u', 'i', 'd', 's', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gem-indonesia.net", false */ 'g', 'e', 'm', '-', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "gem-info.fr", true */ 'g', 'e', 'm', '-', 'i', 'n', 'f', 'o', '.', 'f', 'r', '\0',
+  /* "gemeentemolenwaard.nl", true */ 'g', 'e', 'm', 'e', 'e', 'n', 't', 'e', 'm', 'o', 'l', 'e', 'n', 'w', 'a', 'a', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "gemeinfreie-lieder.de", true */ 'g', 'e', 'm', 'e', 'i', 'n', 'f', 'r', 'e', 'i', 'e', '-', 'l', 'i', 'e', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gemini.com", true */ 'g', 'e', 'm', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gemquery.com", true */ 'g', 'e', 'm', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gencmedya.com", true */ 'g', 'e', 'n', 'c', 'm', 'e', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gendrin.com", true */ 'g', 'e', 'n', 'd', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gendundrupa.ch", true */ 'g', 'e', 'n', 'd', 'u', 'n', 'd', 'r', 'u', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "gene-drive.com", true */ 'g', 'e', 'n', 'e', '-', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gene-drives.com", true */ 'g', 'e', 'n', 'e', '-', 'd', 'r', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "genealorand.com", true */ 'g', 'e', 'n', 'e', 'a', 'l', 'o', 'r', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "geneau.net", true */ 'g', 'e', 'n', 'e', 'a', 'u', '.', 'n', 'e', 't', '\0',
+  /* "genehightower.com", true */ 'g', 'e', 'n', 'e', 'h', 'i', 'g', 'h', 't', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "genehome.com.au", true */ 'g', 'e', 'n', 'e', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "genemesservwparts.com", true */ 'g', 'e', 'n', 'e', 'm', 'e', 's', 's', 'e', 'r', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "general-anaesthesia.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'a', 'e', 's', 't', 'h', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "general-anaesthetics.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "general-anesthesia.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'e', 's', 't', 'h', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "generali-worldwide.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'i', '-', 'w', 'o', 'r', 'l', 'd', 'w', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "generalpants.com.au", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'p', 'a', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "generationgoat.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'o', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "generic.cx", true */ 'g', 'e', 'n', 'e', 'r', 'i', 'c', '.', 'c', 'x', '\0',
+  /* "genesiseureka.com", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 'e', 'u', 'r', 'e', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "genesismachina.ca", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 'm', 'a', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'a', '\0',
+  /* "genesistrading.com", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "genetargetsolutions.com.au", true */ 'g', 'e', 'n', 'e', 't', 'a', 'r', 'g', 'e', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "genetidyne.com", true */ 'g', 'e', 'n', 'e', 't', 'i', 'd', 'y', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "geneve-naturisme.ch", true */ 'g', 'e', 'n', 'e', 'v', 'e', '-', 'n', 'a', 't', 'u', 'r', 'i', 's', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "genevoise-entretien.ch", true */ 'g', 'e', 'n', 'e', 'v', 'o', 'i', 's', 'e', '-', 'e', 'n', 't', 'r', 'e', 't', 'i', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "genfaerd.dk", true */ 'g', 'e', 'n', 'f', 'a', 'e', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "genia-life.de", true */ 'g', 'e', 'n', 'i', 'a', '-', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "genie-seiner-generation.de", true */ 'g', 'e', 'n', 'i', 'e', '-', 's', 'e', 'i', 'n', 'e', 'r', '-', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "geniusteacher.in", true */ 'g', 'e', 'n', 'i', 'u', 's', 't', 'e', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'n', '\0',
+  /* "geniuszone.biz", true */ 'g', 'e', 'n', 'i', 'u', 's', 'z', 'o', 'n', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "genneve.com", true */ 'g', 'e', 'n', 'n', 'e', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "genomequestlive.com", true */ 'g', 'e', 'n', 'o', 'm', 'e', 'q', 'u', 'e', 's', 't', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "genoog.com", true */ 'g', 'e', 'n', 'o', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "genosse-einhorn.de", true */ 'g', 'e', 'n', 'o', 's', 's', 'e', '-', 'e', 'i', 'n', 'h', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "gensend.com", true */ 'g', 'e', 'n', 's', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gensenwedding.jp", true */ 'g', 'e', 'n', 's', 'e', 'n', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'j', 'p', '\0',
+  /* "genshiken-itb.org", true */ 'g', 'e', 'n', 's', 'h', 'i', 'k', 'e', 'n', '-', 'i', 't', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "genslerapps.com", true */ 'g', 'e', 'n', 's', 'l', 'e', 'r', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "genslerwisp.com", true */ 'g', 'e', 'n', 's', 'l', 'e', 'r', 'w', 'i', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "gensonline.eu", true */ 'g', 'e', 'n', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "gentianes.ch", true */ 'g', 'e', 'n', 't', 'i', 'a', 'n', 'e', 's', '.', 'c', 'h', '\0',
+  /* "gentoo-blog.de", true */ 'g', 'e', 'n', 't', 'o', 'o', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "genusshotel-riegersburg.at", true */ 'g', 'e', 'n', 'u', 's', 's', 'h', 'o', 't', 'e', 'l', '-', 'r', 'i', 'e', 'g', 'e', 'r', 's', 'b', 'u', 'r', 'g', '.', 'a', 't', '\0',
+  /* "genuxtsg.com", true */ 'g', 'e', 'n', 'u', 'x', 't', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "genxbeats.com", true */ 'g', 'e', 'n', 'x', 'b', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "genxnotes.com", true */ 'g', 'e', 'n', 'x', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geocommunicator.gov", true */ 'g', 'e', 'o', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "geoffanderinmyers.com", true */ 'g', 'e', 'o', 'f', 'f', 'a', 'n', 'd', 'e', 'r', 'i', 'n', 'm', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geoffmyers.com", false */ 'g', 'e', 'o', 'f', 'f', 'm', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geofox.org", true */ 'g', 'e', 'o', 'f', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "geoip.fedoraproject.org", true */ 'g', 'e', 'o', 'i', 'p', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "geoip.stg.fedoraproject.org", true */ 'g', 'e', 'o', 'i', 'p', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "geolad.com", false */ 'g', 'e', 'o', 'l', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "geometra.roma.it", true */ 'g', 'e', 'o', 'm', 'e', 't', 'r', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "geoport.al", true */ 'g', 'e', 'o', 'p', 'o', 'r', 't', '.', 'a', 'l', '\0',
+  /* "george-orwell.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', '-', 'o', 'r', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "georgehalachev.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'h', 'a', 'l', 'a', 'c', 'h', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "georgemaschke.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'm', 'a', 's', 'c', 'h', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "georgemaschke.net", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'm', 'a', 's', 'c', 'h', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "georgiaglassrepair.com", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'a', 'g', 'l', 'a', 's', 's', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "georgiastuartyoga.co.uk", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'a', 's', 't', 'u', 'a', 'r', 't', 'y', 'o', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "georgioskontaxis.com", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "georgioskontaxis.net", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "georgioskontaxis.org", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "georgmayer.eu", true */ 'g', 'e', 'o', 'r', 'g', 'm', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "geoscan.aero", true */ 'g', 'e', 'o', 's', 'c', 'a', 'n', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "geoscope.ch", true */ 'g', 'e', 'o', 's', 'c', 'o', 'p', 'e', '.', 'c', 'h', '\0',
+  /* "geosphereservices.com", true */ 'g', 'e', 'o', 's', 'p', 'h', 'e', 'r', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geotab.com", true */ 'g', 'e', 'o', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "geraintwhite.co.uk", true */ 'g', 'e', 'r', 'a', 'i', 'n', 't', 'w', 'h', 'i', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gerald-zojer.com", true */ 'g', 'e', 'r', 'a', 'l', 'd', '-', 'z', 'o', 'j', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "geraldsonrealty.com", true */ 'g', 'e', 'r', 'a', 'l', 'd', 's', 'o', 'n', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gerardobsd.com", true */ 'g', 'e', 'r', 'a', 'r', 'd', 'o', 'b', 's', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gerardozamudio.mx", true */ 'g', 'e', 'r', 'a', 'r', 'd', 'o', 'z', 'a', 'm', 'u', 'd', 'i', 'o', '.', 'm', 'x', '\0',
+  /* "germandarknes.net", true */ 'g', 'e', 'r', 'm', 'a', 'n', 'd', 'a', 'r', 'k', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "germansoldiers.net", true */ 'g', 'e', 'r', 'm', 'a', 'n', 's', 'o', 'l', 'd', 'i', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "germanssky.de", true */ 'g', 'e', 'r', 'm', 'a', 'n', 's', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "germanticz.de", true */ 'g', 'e', 'r', 'm', 'a', 'n', 't', 'i', 'c', 'z', '.', 'd', 'e', '\0',
+  /* "gernert-server.de", true */ 'g', 'e', 'r', 'n', 'e', 'r', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gero.io", true */ 'g', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "gerritcodereview.com", true */ 'g', 'e', 'r', 'r', 'i', 't', 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gers-authentique.com", true */ 'g', 'e', 'r', 's', '-', 'a', 'u', 't', 'h', 'e', 'n', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gerum.dynv6.net", true */ 'g', 'e', 'r', 'u', 'm', '.', 'd', 'y', 'n', 'v', '6', '.', 'n', 'e', 't', '\0',
+  /* "gerwinvanderkamp.nl", true */ 'g', 'e', 'r', 'w', 'i', 'n', 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'a', 'm', 'p', '.', 'n', 'l', '\0',
+  /* "ges-bo.de", true */ 'g', 'e', 's', '-', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "geschmacksache.online", true */ 'g', 'e', 's', 'c', 'h', 'm', 'a', 'c', 'k', 's', 'a', 'c', 'h', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "geschmackspiloten.de", true */ 'g', 'e', 's', 'c', 'h', 'm', 'a', 'c', 'k', 's', 'p', 'i', 'l', 'o', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "geschwinder.net", true */ 'g', 'e', 's', 'c', 'h', 'w', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "gestormensajeria.com", true */ 'g', 'e', 's', 't', 'o', 'r', 'm', 'e', 'n', 's', 'a', 'j', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "get-asterisk.ru", true */ 'g', 'e', 't', '-', 'a', 's', 't', 'e', 'r', 'i', 's', 'k', '.', 'r', 'u', '\0',
+  /* "get-erp.ru", true */ 'g', 'e', 't', '-', 'e', 'r', 'p', '.', 'r', 'u', '\0',
+  /* "get-it-live.com", true */ 'g', 'e', 't', '-', 'i', 't', '-', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "get-it-live.de", true */ 'g', 'e', 't', '-', 'i', 't', '-', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "get-link.info", true */ 'g', 'e', 't', '-', 'l', 'i', 'n', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "get-on.bid", true */ 'g', 'e', 't', '-', 'o', 'n', '.', 'b', 'i', 'd', '\0',
+  /* "get-refer.com", true */ 'g', 'e', 't', '-', 'r', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "get4x.com", true */ 'g', 'e', 't', '4', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "getbox.me", true */ 'g', 'e', 't', 'b', 'o', 'x', '.', 'm', 'e', '\0',
+  /* "getbutterfly.com", true */ 'g', 'e', 't', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "getcloak.com", false */ 'g', 'e', 't', 'c', 'l', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "getcolq.com", true */ 'g', 'e', 't', 'c', 'o', 'l', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "getdash.io", true */ 'g', 'e', 't', 'd', 'a', 's', 'h', '.', 'i', 'o', '\0',
+  /* "getdigitized.net", true */ 'g', 'e', 't', 'd', 'i', 'g', 'i', 't', 'i', 'z', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "geteckeld.nl", true */ 'g', 'e', 't', 'e', 'c', 'k', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "geterp.ru", true */ 'g', 'e', 't', 'e', 'r', 'p', '.', 'r', 'u', '\0',
+  /* "getfedora.org", true */ 'g', 'e', 't', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "getfirstalert.com", true */ 'g', 'e', 't', 'f', 'i', 'r', 's', 't', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "getfittedstore.com", true */ 'g', 'e', 't', 'f', 'i', 't', 't', 'e', 'd', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getflorence.co.uk", true */ 'g', 'e', 't', 'f', 'l', 'o', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "getfuturama.com", true */ 'g', 'e', 't', 'f', 'u', 't', 'u', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gethow.org", true */ 'g', 'e', 't', 'h', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "gethttpsforfree.com", true */ 'g', 'e', 't', 'h', 't', 't', 'p', 's', 'f', 'o', 'r', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "geti2p.com", true */ 'g', 'e', 't', 'i', '2', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "getidmcc.com", true */ 'g', 'e', 't', 'i', 'd', 'm', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "getitlive.de", true */ 'g', 'e', 't', 'i', 't', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "getitpeople.com", true */ 'g', 'e', 't', 'i', 't', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getmango.com", true */ 'g', 'e', 't', 'm', 'a', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "getmdl.io", true */ 'g', 'e', 't', 'm', 'd', 'l', '.', 'i', 'o', '\0',
+  /* "getmerch.eu", true */ 'g', 'e', 't', 'm', 'e', 'r', 'c', 'h', '.', 'e', 'u', '\0',
+  /* "getnib.com", true */ 'g', 'e', 't', 'n', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "getnikola.com", true */ 'g', 'e', 't', 'n', 'i', 'k', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "geto.ml", true */ 'g', 'e', 't', 'o', '.', 'm', 'l', '\0',
+  /* "getoutofdebt.org", true */ 'g', 'e', 't', 'o', 'u', 't', 'o', 'f', 'd', 'e', 'b', 't', '.', 'o', 'r', 'g', '\0',
+  /* "getpost.online", true */ 'g', 'e', 't', 'p', 'o', 's', 't', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "getpuck.com", true */ 'g', 'e', 't', 'p', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "getrambling.com", true */ 'g', 'e', 't', 'r', 'a', 'm', 'b', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "getresilience.org", true */ 'g', 'e', 't', 'r', 'e', 's', 'i', 'l', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "getsecure.nl", true */ 'g', 'e', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "getsensibill.com", true */ 'g', 'e', 't', 's', 'e', 'n', 's', 'i', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "getsetbounce.co.uk", true */ 'g', 'e', 't', 's', 'e', 't', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "getsetupfile.com", true */ 'g', 'e', 't', 's', 'e', 't', 'u', 'p', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getshifter.io", true */ 'g', 'e', 't', 's', 'h', 'i', 'f', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "getsilknow.com", true */ 'g', 'e', 't', 's', 'i', 'l', 'k', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "getspire.com", true */ 'g', 'e', 't', 's', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getsport.mobi", true */ 'g', 'e', 't', 's', 'p', 'o', 'r', 't', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "getsubs.net", true */ 'g', 'e', 't', 's', 'u', 'b', 's', '.', 'n', 'e', 't', '\0',
+  /* "getswadeshi.com", true */ 'g', 'e', 't', 's', 'w', 'a', 'd', 'e', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "getticker.com", true */ 'g', 'e', 't', 't', 'i', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "getts.ro", true */ 'g', 'e', 't', 't', 's', '.', 'r', 'o', '\0',
+  /* "getupandbounce.co.uk", true */ 'g', 'e', 't', 'u', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "getvdownloader.com", true */ 'g', 'e', 't', 'v', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "getwisdom.io", true */ 'g', 'e', 't', 'w', 'i', 's', 'd', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "getwpd.com", false */ 'g', 'e', 't', 'w', 'p', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "getyeflask.com", true */ 'g', 'e', 't', 'y', 'e', 'f', 'l', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "getyou.onl", true */ 'g', 'e', 't', 'y', 'o', 'u', '.', 'o', 'n', 'l', '\0',
+  /* "getyourlifestraight.com", true */ 'g', 'e', 't', 'y', 'o', 'u', 'r', 'l', 'i', 'f', 'e', 's', 't', 'r', 'a', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "getyourphix.tk", true */ 'g', 'e', 't', 'y', 'o', 'u', 'r', 'p', 'h', 'i', 'x', '.', 't', 'k', '\0',
+  /* "geyduschek.be", true */ 'g', 'e', 'y', 'd', 'u', 's', 'c', 'h', 'e', 'k', '.', 'b', 'e', '\0',
+  /* "gfast.ru", true */ 'g', 'f', 'a', 's', 't', '.', 'r', 'u', '\0',
+  /* "gfcleisure.co.uk", true */ 'g', 'f', 'c', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gfk-kunststoff-luebben.de", true */ 'g', 'f', 'k', '-', 'k', 'u', 'n', 's', 't', 's', 't', 'o', 'f', 'f', '-', 'l', 'u', 'e', 'b', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gflame.de", true */ 'g', 'f', 'l', 'a', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "gflclan.ru", true */ 'g', 'f', 'l', 'c', 'l', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "gforce.ninja", true */ 'g', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "gfoss.eu", true */ 'g', 'f', 'o', 's', 's', '.', 'e', 'u', '\0',
+  /* "gfournier.ca", true */ 'g', 'f', 'o', 'u', 'r', 'n', 'i', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "gfxbench.com", true */ 'g', 'f', 'x', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ggdcpt.com", true */ 'g', 'g', 'd', 'c', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gginin.today", true */ 'g', 'g', 'i', 'n', 'i', 'n', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "ggl-luzern.ch", true */ 'g', 'g', 'l', '-', 'l', 'u', 'z', 'e', 'r', 'n', '.', 'c', 'h', '\0',
+  /* "ggma.co.uk", true */ 'g', 'g', 'm', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ggmmontascale.it", true */ 'g', 'g', 'm', 'm', 'o', 'n', 't', 'a', 's', 'c', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "ggp2.com", true */ 'g', 'g', 'p', '2', '.', 'c', 'o', 'm', '\0',
+  /* "ggs-marschallstrasse.de", true */ 'g', 'g', 's', '-', 'm', 'a', 'r', 's', 'c', 'h', 'a', 'l', 'l', 's', 't', 'r', 'a', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "ggs.jp", true */ 'g', 'g', 's', '.', 'j', 'p', '\0',
+  /* "ggservers.com", true */ 'g', 'g', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ggx.us", true */ 'g', 'g', 'x', '.', 'u', 's', '\0',
+  /* "gh16.com.ar", true */ 'g', 'h', '1', '6', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "gha.st", true */ 'g', 'h', 'a', '.', 's', 't', '\0',
+  /* "ghaglund.se", true */ 'g', 'h', 'a', 'g', 'l', 'u', 'n', 'd', '.', 's', 'e', '\0',
+  /* "ghcif.de", true */ 'g', 'h', 'c', 'i', 'f', '.', 'd', 'e', '\0',
+  /* "ghislainphu.fr", true */ 'g', 'h', 'i', 's', 'l', 'a', 'i', 'n', 'p', 'h', 'u', '.', 'f', 'r', '\0',
+  /* "ghostblog.info", true */ 'g', 'h', 'o', 's', 't', 'b', 'l', 'o', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ghostcir.com", true */ 'g', 'h', 'o', 's', 't', 'c', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ghrelinblocker.info", true */ 'g', 'h', 'r', 'e', 'l', 'i', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ghrelinblocker.org", true */ 'g', 'h', 'r', 'e', 'l', 'i', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "giacomodrago.com", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'd', 'r', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "giacomodrago.it", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'd', 'r', 'a', 'g', 'o', '.', 'i', 't', '\0',
+  /* "giacomopelagatti.it", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'p', 'e', 'l', 'a', 'g', 'a', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "gianproperties.com", true */ 'g', 'i', 'a', 'n', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "giant-panda.com", true */ 'g', 'i', 'a', 'n', 't', '-', 'p', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "giant-powerfit.co.uk", true */ 'g', 'i', 'a', 'n', 't', '-', 'p', 'o', 'w', 'e', 'r', 'f', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "giant-tortoise.com", true */ 'g', 'i', 'a', 'n', 't', '-', 't', 'o', 'r', 't', 'o', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gianttree.de", true */ 'g', 'i', 'a', 'n', 't', 't', 'r', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "giardinaggio.milano.it", true */ 'g', 'i', 'a', 'r', 'd', 'i', 'n', 'a', 'g', 'g', 'i', 'o', '.', 'm', 'i', 'l', 'a', 'n', 'o', '.', 'i', 't', '\0',
+  /* "giardinaggio.napoli.it", true */ 'g', 'i', 'a', 'r', 'd', 'i', 'n', 'a', 'g', 'g', 'i', 'o', '.', 'n', 'a', 'p', 'o', 'l', 'i', '.', 'i', 't', '\0',
+  /* "gibraltar.at", true */ 'g', 'i', 'b', 'r', 'a', 'l', 't', 'a', 'r', '.', 'a', 't', '\0',
+  /* "gichigamigames.com", true */ 'g', 'i', 'c', 'h', 'i', 'g', 'a', 'm', 'i', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "giddyaunt.net", true */ 'g', 'i', 'd', 'd', 'y', 'a', 'u', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "giduv.com", true */ 'g', 'i', 'd', 'u', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "gierds.de", true */ 'g', 'i', 'e', 'r', 'd', 's', '.', 'd', 'e', '\0',
+  /* "giftedconsortium.com", true */ 'g', 'i', 'f', 't', 'e', 'd', 'c', 'o', 'n', 's', 'o', 'r', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "giftking.nl", false */ 'g', 'i', 'f', 't', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "giftmaniabrilhos.com.br", true */ 'g', 'i', 'f', 't', 'm', 'a', 'n', 'i', 'a', 'b', 'r', 'i', 'l', 'h', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gifts365.co.uk", true */ 'g', 'i', 'f', 't', 's', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "giftsn.com.sg", false */ 'g', 'i', 'f', 't', 's', 'n', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "gig.ru", false */ 'g', 'i', 'g', '.', 'r', 'u', '\0',
+  /* "giga.nl", true */ 'g', 'i', 'g', 'a', '.', 'n', 'l', '\0',
+  /* "gigantism.com", true */ 'g', 'i', 'g', 'a', 'n', 't', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "gigawa.lt", true */ 'g', 'i', 'g', 'a', 'w', 'a', '.', 'l', 't', '\0',
+  /* "gigawattz.com", true */ 'g', 'i', 'g', 'a', 'w', 'a', 't', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "giggletotz.co.uk", true */ 'g', 'i', 'g', 'g', 'l', 'e', 't', 'o', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gigiscloud.servebeer.com", true */ 'g', 'i', 'g', 'i', 's', 'c', 'l', 'o', 'u', 'd', '.', 's', 'e', 'r', 'v', 'e', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "giglink.club", true */ 'g', 'i', 'g', 'l', 'i', 'n', 'k', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "gigolodavid.be", true */ 'g', 'i', 'g', 'o', 'l', 'o', 'd', 'a', 'v', 'i', 'd', '.', 'b', 'e', '\0',
+  /* "gigtroll.eu", true */ 'g', 'i', 'g', 't', 'r', 'o', 'l', 'l', '.', 'e', 'u', '\0',
+  /* "gijsbertus.com", true */ 'g', 'i', 'j', 's', 'b', 'e', 'r', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gikovatelojavirtual.com.br", true */ 'g', 'i', 'k', 'o', 'v', 'a', 't', 'e', 'l', 'o', 'j', 'a', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gilangcp.com", true */ 'g', 'i', 'l', 'a', 'n', 'g', 'c', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "gileadpac.com", true */ 'g', 'i', 'l', 'e', 'a', 'd', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "giliamor.com", true */ 'g', 'i', 'l', 'i', 'a', 'm', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gillesdesnoyers.com", true */ 'g', 'i', 'l', 'l', 'e', 's', 'd', 'e', 's', 'n', 'o', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gillesmorelle.com", true */ 'g', 'i', 'l', 'l', 'e', 's', 'm', 'o', 'r', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gillmanandsoame.co.uk", true */ 'g', 'i', 'l', 'l', 'm', 'a', 'n', 'a', 'n', 'd', 's', 'o', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gillyscastles.co.uk", true */ 'g', 'i', 'l', 'l', 'y', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gilmoreid.com.au", true */ 'g', 'i', 'l', 'm', 'o', 'r', 'e', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gilnet.be", true */ 'g', 'i', 'l', 'n', 'e', 't', '.', 'b', 'e', '\0',
+  /* "ginie.de", true */ 'g', 'i', 'n', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "ginionusedcars.be", true */ 'g', 'i', 'n', 'i', 'o', 'n', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "ginja.co.th", true */ 'g', 'i', 'n', 'j', 'a', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "ginkel.com", true */ 'g', 'i', 'n', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ginnegappen.nl", true */ 'g', 'i', 'n', 'n', 'e', 'g', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "ginniemae.gov", true */ 'g', 'i', 'n', 'n', 'i', 'e', 'm', 'a', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "ginzadelunch.jp", true */ 'g', 'i', 'n', 'z', 'a', 'd', 'e', 'l', 'u', 'n', 'c', 'h', '.', 'j', 'p', '\0',
+  /* "giochi-online.ws", true */ 'g', 'i', 'o', 'c', 'h', 'i', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'w', 's', '\0',
+  /* "giochiecodici.it", true */ 'g', 'i', 'o', 'c', 'h', 'i', 'e', 'c', 'o', 'd', 'i', 'c', 'i', '.', 'i', 't', '\0',
+  /* "giochistem.it", true */ 'g', 'i', 'o', 'c', 'h', 'i', 's', 't', 'e', 'm', '.', 'i', 't', '\0',
+  /* "gioielleriamolena.com", true */ 'g', 'i', 'o', 'i', 'e', 'l', 'l', 'e', 'r', 'i', 'a', 'm', 'o', 'l', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gip-carif-idf.net", true */ 'g', 'i', 'p', '-', 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "gip-carif-idf.org", true */ 'g', 'i', 'p', '-', 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "giraffeinflatables.co.uk", true */ 'g', 'i', 'r', 'a', 'f', 'f', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "giraffes.org", true */ 'g', 'i', 'r', 'a', 'f', 'f', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "giri.co", true */ 'g', 'i', 'r', 'i', '.', 'c', 'o', '\0',
+  /* "girlan.net", true */ 'g', 'i', 'r', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "girlsforum.com", true */ 'g', 'i', 'r', 'l', 's', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "girlsgenerationgoods.com", true */ 'g', 'i', 'r', 'l', 's', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "girlsgonesporty.com", true */ 'g', 'i', 'r', 'l', 's', 'g', 'o', 'n', 'e', 's', 'p', 'o', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "girlsnet.work", true */ 'g', 'i', 'r', 'l', 's', 'n', 'e', 't', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "girsa.org", true */ 'g', 'i', 'r', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "girvas.ru", true */ 'g', 'i', 'r', 'v', 'a', 's', '.', 'r', 'u', '\0',
+  /* "gisgov.be", true */ 'g', 'i', 's', 'g', 'o', 'v', '.', 'b', 'e', '\0',
+  /* "gistr.io", true */ 'g', 'i', 's', 't', 'r', '.', 'i', 'o', '\0',
+  /* "git.market", true */ 'g', 'i', 't', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "gitep.org.uk", true */ 'g', 'i', 't', 'e', 'p', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "gitesdeshautescourennes.com", true */ 'g', 'i', 't', 'e', 's', 'd', 'e', 's', 'h', 'a', 'u', 't', 'e', 's', 'c', 'o', 'u', 'r', 'e', 'n', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "github.com", true */ 'g', 'i', 't', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "github.party", false */ 'g', 'i', 't', 'h', 'u', 'b', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "gitla.in", true */ 'g', 'i', 't', 'l', 'a', '.', 'i', 'n', '\0',
+  /* "gitstuff.tk", true */ 'g', 'i', 't', 's', 't', 'u', 'f', 'f', '.', 't', 'k', '\0',
+  /* "gittigidiyor.com", true */ 'g', 'i', 't', 't', 'i', 'g', 'i', 'd', 'i', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gittr.ch", true */ 'g', 'i', 't', 't', 'r', '.', 'c', 'h', '\0',
+  /* "giunchi.net", true */ 'g', 'i', 'u', 'n', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "giuseppemacario.men", true */ 'g', 'i', 'u', 's', 'e', 'p', 'p', 'e', 'm', 'a', 'c', 'a', 'r', 'i', 'o', '.', 'm', 'e', 'n', '\0',
+  /* "givastar.com", true */ 'g', 'i', 'v', 'a', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "giveattheoffice.org", false */ 'g', 'i', 'v', 'e', 'a', 't', 't', 'h', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "giveme.online", true */ 'g', 'i', 'v', 'e', 'm', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "given2.com", true */ 'g', 'i', 'v', 'e', 'n', '2', '.', 'c', 'o', 'm', '\0',
+  /* "giverang.biz", true */ 'g', 'i', 'v', 'e', 'r', 'a', 'n', 'g', '.', 'b', 'i', 'z', '\0',
+  /* "giverang.com", true */ 'g', 'i', 'v', 'e', 'r', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "givesunlight.com", true */ 'g', 'i', 'v', 'e', 's', 'u', 'n', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "givingnexus.org", false */ 'g', 'i', 'v', 'i', 'n', 'g', 'n', 'e', 'x', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "gix.net.pl", true */ 'g', 'i', 'x', '.', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "gixtools.co.uk", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gixtools.com", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gixtools.net", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "gixtools.uk", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'u', 'k', '\0',
+  /* "gizmo.ovh", true */ 'g', 'i', 'z', 'm', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "gj-bochum.de", true */ 'g', 'j', '-', 'b', 'o', 'c', 'h', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "gjcampbell.co.uk", true */ 'g', 'j', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gjengset.com", true */ 'g', 'j', 'e', 'n', 'g', 's', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gjspunk.de", false */ 'g', 'j', 's', 'p', 'u', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "gjung.com", false */ 'g', 'j', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gkralik.eu", true */ 'g', 'k', 'r', 'a', 'l', 'i', 'k', '.', 'e', 'u', '\0',
+  /* "gl.search.yahoo.com", false */ 'g', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gladwellentertainments.co.uk", true */ 'g', 'l', 'a', 'd', 'w', 'e', 'l', 'l', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "glahcks.com", true */ 'g', 'l', 'a', 'h', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "glamguru.co.il", true */ 'g', 'l', 'a', 'm', 'g', 'u', 'r', 'u', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "glamguru.world", true */ 'g', 'l', 'a', 'm', 'g', 'u', 'r', 'u', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "glamour4you.de", true */ 'g', 'l', 'a', 'm', 'o', 'u', 'r', '4', 'y', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "glasen-hardt.de", true */ 'g', 'l', 'a', 's', 'e', 'n', '-', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0',
+  /* "glasfaser-im-hanseviertel.de", true */ 'g', 'l', 'a', 's', 'f', 'a', 's', 'e', 'r', '-', 'i', 'm', '-', 'h', 'a', 'n', 's', 'e', 'v', 'i', 'e', 'r', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "glasgestaltung.biz", true */ 'g', 'l', 'a', 's', 'g', 'e', 's', 't', 'a', 'l', 't', 'u', 'n', 'g', '.', 'b', 'i', 'z', '\0',
+  /* "glass.google.com", true */ 'g', 'l', 'a', 's', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "glasschmuck-millefiori.de", true */ 'g', 'l', 'a', 's', 's', 'c', 'h', 'm', 'u', 'c', 'k', '-', 'm', 'i', 'l', 'l', 'e', 'f', 'i', 'o', 'r', 'i', '.', 'd', 'e', '\0',
+  /* "glavsudexpertiza.ru", true */ 'g', 'l', 'a', 'v', 's', 'u', 'd', 'e', 'x', 'p', 'e', 'r', 't', 'i', 'z', 'a', '.', 'r', 'u', '\0',
+  /* "glazedmag.fr", true */ 'g', 'l', 'a', 'z', 'e', 'd', 'm', 'a', 'g', '.', 'f', 'r', '\0',
+  /* "glcastlekings.co.uk", true */ 'g', 'l', 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gleanview.com", true */ 'g', 'l', 'e', 'a', 'n', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "glencarbide.com", true */ 'g', 'l', 'e', 'n', 'c', 'a', 'r', 'b', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "glendarraghbouncycastles.co.uk", true */ 'g', 'l', 'e', 'n', 'd', 'a', 'r', 'r', 'a', 'g', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "glenhuntlyapartments.com.au", true */ 'g', 'l', 'e', 'n', 'h', 'u', 'n', 't', 'l', 'y', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "glidingshop.cz", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "glidingshop.de", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "glidingshop.eu", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'e', 'u', '\0',
+  /* "glitchsys.com", true */ 'g', 'l', 'i', 't', 'c', 'h', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "glloq.org", true */ 'g', 'l', 'l', 'o', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "glob-coin.com", true */ 'g', 'l', 'o', 'b', '-', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "global-lights.ma", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'l', 'i', 'g', 'h', 't', 's', '.', 'm', 'a', '\0',
+  /* "global-office.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "global-village.koeln", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'v', 'i', 'l', 'l', 'a', 'g', 'e', '.', 'k', 'o', 'e', 'l', 'n', '\0',
+  /* "global.hr", true */ 'g', 'l', 'o', 'b', 'a', 'l', '.', 'h', 'r', '\0',
+  /* "globalchokepoints.org", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'c', 'h', 'o', 'k', 'e', 'p', 'o', 'i', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "globalelite.black", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'e', 'l', 'i', 't', 'e', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "globalgivingtime.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'g', 'i', 'v', 'i', 'n', 'g', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "globalhealth.gov", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "globalhorses.de", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'h', 'o', 'r', 's', 'e', 's', '.', 'd', 'e', '\0',
+  /* "globalinstitutefortraining.org.au", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', 'f', 'o', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "globalisierung-fakten.de", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'i', 's', 'i', 'e', 'r', 'u', 'n', 'g', '-', 'f', 'a', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "globalnewsdaily.cf", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'n', 'e', 'w', 's', 'd', 'a', 'i', 'l', 'y', '.', 'c', 'f', '\0',
+  /* "globalnomadvintage.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'n', 'o', 'm', 'a', 'd', 'v', 'i', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "globalonetechnology.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'o', 'n', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "globalperspectivescanada.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'p', 'e', 'r', 's', 'p', 'e', 'c', 't', 'i', 'v', 'e', 's', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "globalprojetores.com.br", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'p', 'r', 'o', 'j', 'e', 't', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "globalresearchcouncil.org", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'c', 'o', 'u', 'n', 'c', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "globalresistancecorporation.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "globaltennis.ca", true */ 'g', 'l', 'o', 'b', 'a', 'l', 't', 'e', 'n', 'n', 'i', 's', '.', 'c', 'a', '\0',
+  /* "globalventil.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'e', 'n', 't', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "globalvisions-events.ch", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "globalvisions-events.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "globeinform.com", true */ 'g', 'l', 'o', 'b', 'e', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "globuli-info.de", true */ 'g', 'l', 'o', 'b', 'u', 'l', 'i', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "glofox.com", true */ 'g', 'l', 'o', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gloneta.com", false */ 'g', 'l', 'o', 'n', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gloomyspark.com", true */ 'g', 'l', 'o', 'o', 'm', 'y', 's', 'p', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gloomyvancouver.com", true */ 'g', 'l', 'o', 'o', 'm', 'y', 'v', 'a', 'n', 'c', 'o', 'u', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "glossopnorthendafc.co.uk", true */ 'g', 'l', 'o', 's', 's', 'o', 'p', 'n', 'o', 'r', 't', 'h', 'e', 'n', 'd', 'a', 'f', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "glueck-im-norden.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', '-', 'i', 'm', '-', 'n', 'o', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gluecksgriff-taschen.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', 's', 'g', 'r', 'i', 'f', 'f', '-', 't', 'a', 's', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "glueckskindter.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', 's', 'k', 'i', 'n', 'd', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "glyph.ws", true */ 'g', 'l', 'y', 'p', 'h', '.', 'w', 's', '\0',
+  /* "glyxins.com", true */ 'g', 'l', 'y', 'x', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gm.search.yahoo.com", false */ 'g', 'm', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gmail.com", false */ 'g', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gmbh-kiekin.de", true */ 'g', 'm', 'b', 'h', '-', 'k', 'i', 'e', 'k', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "gmc.uy", true */ 'g', 'm', 'c', '.', 'u', 'y', '\0',
+  /* "gmcd.co", true */ 'g', 'm', 'c', 'd', '.', 'c', 'o', '\0',
+  /* "gmdu.net", true */ 'g', 'm', 'd', 'u', '.', 'n', 'e', 't', '\0',
+  /* "gmind.ovh", true */ 'g', 'm', 'i', 'n', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "gmod.de", true */ 'g', 'm', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "gmpark.dk", true */ 'g', 'm', 'p', 'a', 'r', 'k', '.', 'd', 'k', '\0',
+  /* "gmpartsdb.com", true */ 'g', 'm', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "gmta.nl", true */ 'g', 'm', 't', 'a', '.', 'n', 'l', '\0',
+  /* "gmw-hannover.de", true */ 'g', 'm', 'w', '-', 'h', 'a', 'n', 'n', 'o', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gmw-ingenieurbuero.de", true */ 'g', 'm', 'w', '-', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', 'b', 'u', 'e', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "gmx.at", true */ 'g', 'm', 'x', '.', 'a', 't', '\0',
+  /* "gmx.ch", true */ 'g', 'm', 'x', '.', 'c', 'h', '\0',
+  /* "gmx.co.uk", true */ 'g', 'm', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gmx.com", true */ 'g', 'm', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gmx.de", true */ 'g', 'm', 'x', '.', 'd', 'e', '\0',
+  /* "gmx.es", true */ 'g', 'm', 'x', '.', 'e', 's', '\0',
+  /* "gmx.fr", true */ 'g', 'm', 'x', '.', 'f', 'r', '\0',
+  /* "gmx.net", true */ 'g', 'm', 'x', '.', 'n', 'e', 't', '\0',
+  /* "gn00.com", true */ 'g', 'n', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "gnax.jp", true */ 'g', 'n', 'a', 'x', '.', 'j', 'p', '\0',
+  /* "gnetion.com", true */ 'g', 'n', 'e', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gnetwork.eu", true */ 'g', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "gnhub.org", true */ 'g', 'n', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "gnilebein.de", true */ 'g', 'n', 'i', 'l', 'e', 'b', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "gnucashtoqif.us", true */ 'g', 'n', 'u', 'c', 'a', 's', 'h', 't', 'o', 'q', 'i', 'f', '.', 'u', 's', '\0',
+  /* "gnunet.org", true */ 'g', 'n', 'u', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "gnwp.eu", true */ 'g', 'n', 'w', 'p', '.', 'e', 'u', '\0',
+  /* "gnylf.com", true */ 'g', 'n', 'y', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "go-embedded.de", true */ 'g', 'o', '-', 'e', 'm', 'b', 'e', 'd', 'd', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "go-zh.org", true */ 'g', 'o', '-', 'z', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "go.xero.com", false */ 'g', 'o', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "goalbookapp.com", true */ 'g', 'o', 'a', 'l', 'b', 'o', 'o', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "goalongtravels.com", true */ 'g', 'o', 'a', 'l', 'o', 'n', 'g', 't', 'r', 'a', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "goanalyse.co.uk", true */ 'g', 'o', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "goapunks.net", true */ 'g', 'o', 'a', 'p', 'u', 'n', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "goatcloud.com", true */ 'g', 'o', 'a', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gobarrelroll.com", true */ 'g', 'o', 'b', 'a', 'r', 'r', 'e', 'l', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "goblinsatwork.com", true */ 'g', 'o', 'b', 'l', 'i', 'n', 's', 'a', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gobouncy.co.uk", true */ 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gobouncy.com", true */ 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gocardless.com", true */ 'g', 'o', 'c', 'a', 'r', 'd', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gochu.se", true */ 'g', 'o', 'c', 'h', 'u', '.', 's', 'e', '\0',
+  /* "gocleanerslondon.co.uk", true */ 'g', 'o', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "godesigner.ru", true */ 'g', 'o', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "godrive.ga", true */ 'g', 'o', 'd', 'r', 'i', 'v', 'e', '.', 'g', 'a', '\0',
+  /* "godsofhell.com", true */ 'g', 'o', 'd', 's', 'o', 'f', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "godsofhell.de", true */ 'g', 'o', 'd', 's', 'o', 'f', 'h', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "goededoelkerstkaarten.nl", true */ 'g', 'o', 'e', 'd', 'e', 'd', 'o', 'e', 'l', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "goedverzekerd.net", true */ 'g', 'o', 'e', 'd', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "goemail.me", true */ 'g', 'o', 'e', 'm', 'a', 'i', 'l', '.', 'm', 'e', '\0',
+  /* "goerres2014.de", true */ 'g', 'o', 'e', 'r', 'r', 'e', 's', '2', '0', '1', '4', '.', 'd', 'e', '\0',
+  /* "goetemp.de", true */ 'g', 'o', 'e', 't', 'e', 'm', 'p', '.', 'd', 'e', '\0',
+  /* "goffrie.com", true */ 'g', 'o', 'f', 'f', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gofigure.fr", false */ 'g', 'o', 'f', 'i', 'g', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "gofoiayourself.org", true */ 'g', 'o', 'f', 'o', 'i', 'a', 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "gogle-analytics.com", true */ 'g', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gogleapis.com", true */ 'g', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gogoodyear.eu", true */ 'g', 'o', 'g', 'o', 'o', 'd', 'y', 'e', 'a', 'r', '.', 'e', 'u', '\0',
+  /* "gogrow.com", true */ 'g', 'o', 'g', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gogsat.com", true */ 'g', 'o', 'g', 's', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "goguel.org", true */ 'g', 'o', 'g', 'u', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "gohon.org", true */ 'g', 'o', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "gohongi-katakori.com", true */ 'g', 'o', 'h', 'o', 'n', 'g', 'i', '-', 'k', 'a', 't', 'a', 'k', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "goingreen.com.au", true */ 'g', 'o', 'i', 'n', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gokhankesici.com", true */ 'g', 'o', 'k', 'h', 'a', 'n', 'k', 'e', 's', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gokmenguresci.com", true */ 'g', 'o', 'k', 'm', 'e', 'n', 'g', 'u', 'r', 'e', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gold24.ru", true */ 'g', 'o', 'l', 'd', '2', '4', '.', 'r', 'u', '\0',
+  /* "goldcoasthypnotherapyhypnosis.com.au", true */ 'g', 'o', 'l', 'd', 'c', 'o', 'a', 's', 't', 'h', 'y', 'p', 'n', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'h', 'y', 'p', 'n', 'o', 's', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "goldcoaststumpbusters.com", true */ 'g', 'o', 'l', 'd', 'c', 'o', 'a', 's', 't', 's', 't', 'u', 'm', 'p', 'b', 'u', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "goldenbadger.de", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "goldendawnapersonalaffair.com", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'd', 'a', 'w', 'n', 'a', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 'a', 'f', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "goldenhillsoftware.com", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "goldenhost.ca", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'h', 'o', 's', 't', '.', 'c', 'a', '\0',
+  /* "goldenplate.com.sg", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "goldfelt.com", true */ 'g', 'o', 'l', 'd', 'f', 'e', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "goldmark.com.au", true */ 'g', 'o', 'l', 'd', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "goldpreisfinder.at", true */ 'g', 'o', 'l', 'd', 'p', 'r', 'e', 'i', 's', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "goldsecurity.com", true */ 'g', 'o', 'l', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "goldsky.com.au", true */ 'g', 'o', 'l', 'd', 's', 'k', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "golf18network.com", true */ 'g', 'o', 'l', 'f', '1', '8', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "golfburn.com", true */ 'g', 'o', 'l', 'f', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "golfhausmallorca.com", true */ 'g', 'o', 'l', 'f', 'h', 'a', 'u', 's', 'm', 'a', 'l', 'l', 'o', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "golfscape.com", true */ 'g', 'o', 'l', 'f', 's', 'c', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "golik.net.pl", true */ 'g', 'o', 'l', 'i', 'k', '.', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "golser.info", true */ 'g', 'o', 'l', 's', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gomiblog.com", true */ 'g', 'o', 'm', 'i', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gommista.roma.it", true */ 'g', 'o', 'm', 'm', 'i', 's', 't', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "gondawa.com", true */ 'g', 'o', 'n', 'd', 'a', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gongjianwei.com", true */ 'g', 'o', 'n', 'g', 'j', 'i', 'a', 'n', 'w', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gonkar.com", true */ 'g', 'o', 'n', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gonx.dk", true */ 'g', 'o', 'n', 'x', '.', 'd', 'k', '\0',
+  /* "goo.gl", true */ 'g', 'o', 'o', '.', 'g', 'l', '\0',
+  /* "good-tips.pro", true */ 'g', 'o', 'o', 'd', '-', 't', 'i', 'p', 's', '.', 'p', 'r', 'o', '\0',
+  /* "gooday.life", true */ 'g', 'o', 'o', 'd', 'a', 'y', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "gooddomainna.me", true */ 'g', 'o', 'o', 'd', 'd', 'o', 'm', 'a', 'i', 'n', 'n', 'a', '.', 'm', 'e', '\0',
+  /* "goodenough.nz", false */ 'g', 'o', 'o', 'd', 'e', 'n', 'o', 'u', 'g', 'h', '.', 'n', 'z', '\0',
+  /* "goodfeels.net", true */ 'g', 'o', 'o', 'd', 'f', 'e', 'e', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "goodmengroup.de", true */ 'g', 'o', 'o', 'd', 'm', 'e', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0',
+  /* "goods-memo.net", true */ 'g', 'o', 'o', 'd', 's', '-', 'm', 'e', 'm', 'o', '.', 'n', 'e', 't', '\0',
+  /* "goodsex4all.com.br", true */ 'g', 'o', 'o', 'd', 's', 'e', 'x', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "goodvibesblog.com", true */ 'g', 'o', 'o', 'd', 'v', 'i', 'b', 'e', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "goodyearsotn.co.uk", true */ 'g', 'o', 'o', 'd', 'y', 'e', 'a', 'r', 's', 'o', 't', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "google", true */ 'g', 'o', 'o', 'g', 'l', 'e', '\0',
+  /* "google-analytics.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "googleandroid.cz", true */ 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "googlemail.com", false */ 'g', 'o', 'o', 'g', 'l', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "googleplex.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "googlesource.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "goombi.fr", true */ 'g', 'o', 'o', 'm', 'b', 'i', '.', 'f', 'r', '\0',
+  /* "goonersworld.co.uk", true */ 'g', 'o', 'o', 'n', 'e', 'r', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gootax.pro", true */ 'g', 'o', 'o', 't', 'a', 'x', '.', 'p', 'r', 'o', '\0',
+  /* "gopher.tk", true */ 'g', 'o', 'p', 'h', 'e', 'r', '.', 't', 'k', '\0',
+  /* "goproallaccess.com", true */ 'g', 'o', 'p', 'r', 'o', 'a', 'l', 'l', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gorakukai.jp", true */ 'g', 'o', 'r', 'a', 'k', 'u', 'k', 'a', 'i', '.', 'j', 'p', '\0',
+  /* "gordonobrecht.com", true */ 'g', 'o', 'r', 'd', 'o', 'n', 'o', 'b', 'r', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gordonscouts.com.au", true */ 'g', 'o', 'r', 'd', 'o', 'n', 's', 'c', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gorf.chat", true */ 'g', 'o', 'r', 'f', '.', 'c', 'h', 'a', 't', '\0',
+  /* "gorf.club", true */ 'g', 'o', 'r', 'f', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "gorky.media", true */ 'g', 'o', 'r', 'k', 'y', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "gorn.ch", true */ 'g', 'o', 'r', 'n', '.', 'c', 'h', '\0',
+  /* "gorod74.ru", false */ 'g', 'o', 'r', 'o', 'd', '7', '4', '.', 'r', 'u', '\0',
+  /* "gorschenin.com", true */ 'g', 'o', 'r', 's', 'c', 'h', 'e', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gosccs.com", true */ 'g', 'o', 's', 'c', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gosciencegirls.com", true */ 'g', 'o', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "goshawkdb.io", true */ 'g', 'o', 's', 'h', 'a', 'w', 'k', 'd', 'b', '.', 'i', 'o', '\0',
+  /* "goshin-group.co.jp", true */ 'g', 'o', 's', 'h', 'i', 'n', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "gospelfollower.com", true */ 'g', 'o', 's', 'p', 'e', 'l', 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gospelofmark.ch", true */ 'g', 'o', 's', 'p', 'e', 'l', 'o', 'f', 'm', 'a', 'r', 'k', '.', 'c', 'h', '\0',
+  /* "gospelvestcination.de", true */ 'g', 'o', 's', 'p', 'e', 'l', 'v', 'e', 's', 't', 'c', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "gostudy.net", true */ 'g', 'o', 's', 't', 'u', 'd', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gosuland.org", true */ 'g', 'o', 's', 'u', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "gotech.com.eg", false */ 'g', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'e', 'g', '\0',
+  /* "gothamlimo.com", true */ 'g', 'o', 't', 'h', 'a', 'm', 'l', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gothic.dating", true */ 'g', 'o', 't', 'h', 'i', 'c', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "gotirupati.com", false */ 'g', 'o', 't', 'i', 'r', 'u', 'p', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "goto.google.com", true */ 'g', 'o', 't', 'o', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "goto.world", true */ 'g', 'o', 't', 'o', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "gotomi.info", true */ 'g', 'o', 't', 'o', 'm', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gotoxy.at", true */ 'g', 'o', 't', 'o', 'x', 'y', '.', 'a', 't', '\0',
+  /* "goubi.me", true */ 'g', 'o', 'u', 'b', 'i', '.', 'm', 'e', '\0',
+  /* "goudenharynck.be", true */ 'g', 'o', 'u', 'd', 'e', 'n', 'h', 'a', 'r', 'y', 'n', 'c', 'k', '.', 'b', 'e', '\0',
+  /* "gouforit.com", true */ 'g', 'o', 'u', 'f', 'o', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "goukon.ru", true */ 'g', 'o', 'u', 'k', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "gouldcooksey.com", true */ 'g', 'o', 'u', 'l', 'd', 'c', 'o', 'o', 'k', 's', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "goup.co", true */ 'g', 'o', 'u', 'p', '.', 'c', 'o', '\0',
+  /* "goup.com.tr", true */ 'g', 'o', 'u', 'p', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "gouptime.ml", true */ 'g', 'o', 'u', 'p', 't', 'i', 'm', 'e', '.', 'm', 'l', '\0',
+  /* "gourmetfestival.de", true */ 'g', 'o', 'u', 'r', 'm', 'e', 't', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "gouthro-goteborg.se", true */ 'g', 'o', 'u', 't', 'h', 'r', 'o', '-', 'g', 'o', 't', 'e', 'b', 'o', 'r', 'g', '.', 's', 'e', '\0',
+  /* "gov.tc", true */ 'g', 'o', 'v', '.', 't', 'c', '\0',
+  /* "governmentjobs.gov", true */ 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "governorhub.com", true */ 'g', 'o', 'v', 'e', 'r', 'n', 'o', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "govtjobs.blog", true */ 'g', 'o', 'v', 't', 'j', 'o', 'b', 's', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "govtrack.us", true */ 'g', 'o', 'v', 't', 'r', 'a', 'c', 'k', '.', 'u', 's', '\0',
+  /* "gowe.wang", false */ 'g', 'o', 'w', 'e', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "gowildrodeo.co.uk", true */ 'g', 'o', 'w', 'i', 'l', 'd', 'r', 'o', 'd', 'e', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gpalabs.com", true */ 'g', 'p', 'a', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gpcsolutions.fr", true */ 'g', 'p', 'c', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "gpdimaranathasiantar.org", true */ 'g', 'p', 'd', 'i', 'm', 'a', 'r', 'a', 'n', 'a', 't', 'h', 'a', 's', 'i', 'a', 'n', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "gpfclan.de", true */ 'g', 'p', 'f', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "gpio.gq", true */ 'g', 'p', 'i', 'o', '.', 'g', 'q', '\0',
+  /* "gplintegratedit.com", true */ 'g', 'p', 'l', 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gprs.uk.com", true */ 'g', 'p', 'r', 's', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gps.com.br", true */ 'g', 'p', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gpsarena.ro", true */ 'g', 'p', 's', 'a', 'r', 'e', 'n', 'a', '.', 'r', 'o', '\0',
+  /* "gpsfix.cz", true */ 'g', 'p', 's', 'f', 'i', 'x', '.', 'c', 'z', '\0',
+  /* "gpsolarpanels.com", true */ 'g', 'p', 's', 'o', 'l', 'a', 'r', 'p', 'a', 'n', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gpsvideocanada.com", true */ 'g', 'p', 's', 'v', 'i', 'd', 'e', 'o', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gpws.ovh", true */ 'g', 'p', 'w', 's', '.', 'o', 'v', 'h', '\0',
+  /* "gr.search.yahoo.com", false */ 'g', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gra2.com", true */ 'g', 'r', 'a', '2', '.', 'c', 'o', 'm', '\0',
+  /* "graasp.net", false */ 'g', 'r', 'a', 'a', 's', 'p', '.', 'n', 'e', 't', '\0',
+  /* "grabi.ga", true */ 'g', 'r', 'a', 'b', 'i', '.', 'g', 'a', '\0',
+  /* "grace-wan.com", true */ 'g', 'r', 'a', 'c', 'e', '-', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gracedays.org", true */ 'g', 'r', 'a', 'c', 'e', 'd', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "graceful-project.eu", true */ 'g', 'r', 'a', 'c', 'e', 'f', 'u', 'l', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'e', 'u', '\0',
+  /* "gracethrufaith.com", true */ 'g', 'r', 'a', 'c', 'e', 't', 'h', 'r', 'u', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gracetini.com", true */ 'g', 'r', 'a', 'c', 'e', 't', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "graciousmay.com", true */ 'g', 'r', 'a', 'c', 'i', 'o', 'u', 's', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "grademymac.com", true */ 'g', 'r', 'a', 'd', 'e', 'm', 'y', 'm', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "grademypc.com", true */ 'g', 'r', 'a', 'd', 'e', 'm', 'y', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "gradienthosting.co.uk", true */ 'g', 'r', 'a', 'd', 'i', 'e', 'n', 't', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gradients.com", true */ 'g', 'r', 'a', 'd', 'i', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gradualgram.com", true */ 'g', 'r', 'a', 'd', 'u', 'a', 'l', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "graeber.com", true */ 'g', 'r', 'a', 'e', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "graetnew.com", true */ 'g', 'r', 'a', 'e', 't', 'n', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "graf.re", true */ 'g', 'r', 'a', 'f', '.', 'r', 'e', '\0',
+  /* "grafcaps.com", true */ 'g', 'r', 'a', 'f', 'c', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graffen.dk", true */ 'g', 'r', 'a', 'f', 'f', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "grafmurr.de", true */ 'g', 'r', 'a', 'f', 'm', 'u', 'r', 'r', '.', 'd', 'e', '\0',
+  /* "grahamofthewheels.com", true */ 'g', 'r', 'a', 'h', 'a', 'm', 'o', 'f', 't', 'h', 'e', 'w', 'h', 'e', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grailians.com", true */ 'g', 'r', 'a', 'i', 'l', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graingert.co.uk", true */ 'g', 'r', 'a', 'i', 'n', 'g', 'e', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "graliv.net", false */ 'g', 'r', 'a', 'l', 'i', 'v', '.', 'n', 'e', 't', '\0',
+  /* "gramati.com.br", true */ 'g', 'r', 'a', 'm', 'a', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "grammysgrid.com", true */ 'g', 'r', 'a', 'm', 'm', 'y', 's', 'g', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "granary-demo.appspot.com", false */ 'g', 'r', 'a', 'n', 'a', 'r', 'y', '-', 'd', 'e', 'm', 'o', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "grandcapital.cn", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'n', '\0',
+  /* "grandcapital.id", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'i', 'd', '\0',
+  /* "grandcapital.ru", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "grandcastles.co.uk", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "grandchamproofing.com", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'h', 'a', 'm', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grandchene.ch", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'h', 'e', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "grande.coffee", true */ 'g', 'r', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "grandefratellonews.com", true */ 'g', 'r', 'a', 'n', 'd', 'e', 'f', 'r', 'a', 't', 'e', 'l', 'l', 'o', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grandeto.com", true */ 'g', 'r', 'a', 'n', 'd', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "grandjunctionbrewing.com", true */ 'g', 'r', 'a', 'n', 'd', 'j', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grandmasfridge.org", true */ 'g', 'r', 'a', 'n', 'd', 'm', 'a', 's', 'f', 'r', 'i', 'd', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "grandpadusercontent.com", true */ 'g', 'r', 'a', 'n', 'd', 'p', 'a', 'd', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "grandwailea.com", true */ 'g', 'r', 'a', 'n', 'd', 'w', 'a', 'i', 'l', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "grannys-stats.com", true */ 'g', 'r', 'a', 'n', 'n', 'y', 's', '-', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grannyshouse.de", true */ 'g', 'r', 'a', 'n', 'n', 'y', 's', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0',
+  /* "grantcooper.com", true */ 'g', 'r', 'a', 'n', 't', 'c', 'o', 'o', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "grantdb.ca", true */ 'g', 'r', 'a', 'n', 't', 'd', 'b', '.', 'c', 'a', '\0',
+  /* "grantmorrison.net", true */ 'g', 'r', 'a', 'n', 't', 'm', 'o', 'r', 'r', 'i', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "granular.ag", true */ 'g', 'r', 'a', 'n', 'u', 'l', 'a', 'r', '.', 'a', 'g', '\0',
+  /* "graonatural.com.br", true */ 'g', 'r', 'a', 'o', 'n', 'a', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "grapee.jp", true */ 'g', 'r', 'a', 'p', 'e', 'e', '.', 'j', 'p', '\0',
+  /* "grapeintentions.com", true */ 'g', 'r', 'a', 'p', 'e', 'i', 'n', 't', 'e', 'n', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graphcommons.com", true */ 'g', 'r', 'a', 'p', 'h', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graphene.software", true */ 'g', 'r', 'a', 'p', 'h', 'e', 'n', 'e', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "grapholio.net", true */ 'g', 'r', 'a', 'p', 'h', 'o', 'l', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "grasmark.com", true */ 'g', 'r', 'a', 's', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "grassenberg.de", true */ 'g', 'r', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "grasshoppervape.com", true */ 'g', 'r', 'a', 's', 's', 'h', 'o', 'p', 'p', 'e', 'r', 'v', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gratis-lovecheck.de", true */ 'g', 'r', 'a', 't', 'i', 's', '-', 'l', 'o', 'v', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "gratitudeabundancepassion.com", true */ 'g', 'r', 'a', 't', 'i', 't', 'u', 'd', 'e', 'a', 'b', 'u', 'n', 'd', 'a', 'n', 'c', 'e', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "grattan.co.uk", true */ 'g', 'r', 'a', 't', 't', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "graumeier.de", true */ 'g', 'r', 'a', 'u', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gravitascreative.net", true */ 'g', 'r', 'a', 'v', 'i', 't', 'a', 's', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gravitechthai.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'e', 'c', 'h', 't', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gravity-dev.de", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "gravity-inc.net", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', '-', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "gravityformspdfextended.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', 'f', 'o', 'r', 'm', 's', 'p', 'd', 'f', 'e', 'x', 't', 'e', 'n', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gravitypdf.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "grawe-blog.at", true */ 'g', 'r', 'a', 'w', 'e', '-', 'b', 'l', 'o', 'g', '.', 'a', 't', '\0',
+  /* "grayclub.co.il", true */ 'g', 'r', 'a', 'y', 'c', 'l', 'u', 'b', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "grayhatter.com", true */ 'g', 'r', 'a', 'y', 'h', 'a', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "graymalk.in", true */ 'g', 'r', 'a', 'y', 'm', 'a', 'l', 'k', '.', 'i', 'n', '\0',
+  /* "grayowlworks.com", true */ 'g', 'r', 'a', 'y', 'o', 'w', 'l', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grayscale.co", true */ 'g', 'r', 'a', 'y', 's', 'c', 'a', 'l', 'e', '.', 'c', 'o', '\0',
+  /* "grayson.sh", true */ 'g', 'r', 'a', 'y', 's', 'o', 'n', '.', 's', 'h', '\0',
+  /* "graysonsmith.co.uk", true */ 'g', 'r', 'a', 'y', 's', 'o', 'n', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "grc.com", false */ 'g', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "greatfire.org", true */ 'g', 'r', 'e', 'a', 't', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "greatislandarts.ca", true */ 'g', 'r', 'e', 'a', 't', 'i', 's', 'l', 'a', 'n', 'd', 'a', 'r', 't', 's', '.', 'c', 'a', '\0',
+  /* "greatlakeside.de", true */ 'g', 'r', 'e', 'a', 't', 'l', 'a', 'k', 'e', 's', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "greboid.co.uk", true */ 'g', 'r', 'e', 'b', 'o', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "greboid.com", true */ 'g', 'r', 'e', 'b', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "greditsoft.com", true */ 'g', 'r', 'e', 'd', 'i', 't', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "greedbutt.com", true */ 'g', 'r', 'e', 'e', 'd', 'b', 'u', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "greek.dating", true */ 'g', 'r', 'e', 'e', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "green-attitude.be", true */ 'g', 'r', 'e', 'e', 'n', '-', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'b', 'e', '\0',
+  /* "green-care.nl", true */ 'g', 'r', 'e', 'e', 'n', '-', 'c', 'a', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "green-light.cf", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'c', 'f', '\0',
+  /* "green-light.co.nz", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "green-light.ga", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'g', 'a', '\0',
+  /* "green-light.gq", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'g', 'q', '\0',
+  /* "green-light.ml", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'm', 'l', '\0',
+  /* "greenaddress.it", true */ 'g', 'r', 'e', 'e', 'n', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'i', 't', '\0',
+  /* "greencircleplantnursery.com.au", true */ 'g', 'r', 'e', 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'p', 'l', 'a', 'n', 't', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "greencircleplantnursery.net.au", true */ 'g', 'r', 'e', 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'p', 'l', 'a', 'n', 't', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "greenglam.biz", true */ 'g', 'r', 'e', 'e', 'n', 'g', 'l', 'a', 'm', '.', 'b', 'i', 'z', '\0',
+  /* "greengoblindev.com", true */ 'g', 'r', 'e', 'e', 'n', 'g', 'o', 'b', 'l', 'i', 'n', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "greenliquidsystem.com", true */ 'g', 'r', 'e', 'e', 'n', 'l', 'i', 'q', 'u', 'i', 'd', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "greenpartyofnewmilford.org", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'a', 'r', 't', 'y', 'o', 'f', 'n', 'e', 'w', 'm', 'i', 'l', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "greenpeace-magazin.de", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'e', 'a', 'c', 'e', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "greenpeace.berlin", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'e', 'a', 'c', 'e', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "greenroach.ru", true */ 'g', 'r', 'e', 'e', 'n', 'r', 'o', 'a', 'c', 'h', '.', 'r', 'u', '\0',
+  /* "greensdictofslang.com", true */ 'g', 'r', 'e', 'e', 'n', 's', 'd', 'i', 'c', 't', 'o', 'f', 's', 'l', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "greensquare.tk", true */ 'g', 'r', 'e', 'e', 'n', 's', 'q', 'u', 'a', 'r', 'e', '.', 't', 'k', '\0',
+  /* "greenteamtwente.nl", true */ 'g', 'r', 'e', 'e', 'n', 't', 'e', 'a', 'm', 't', 'w', 'e', 'n', 't', 'e', '.', 'n', 'l', '\0',
+  /* "greenville.ag", true */ 'g', 'r', 'e', 'e', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'a', 'g', '\0',
+  /* "greenwithdecor.com", true */ 'g', 'r', 'e', 'e', 'n', 'w', 'i', 't', 'h', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "greg.red", true */ 'g', 'r', 'e', 'g', '.', 'r', 'e', 'd', '\0',
+  /* "greger.me", true */ 'g', 'r', 'e', 'g', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "gregmilton.com", true */ 'g', 'r', 'e', 'g', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gregoirow.be", true */ 'g', 'r', 'e', 'g', 'o', 'i', 'r', 'o', 'w', '.', 'b', 'e', '\0',
+  /* "gregorians.org", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'i', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "gregorkofler.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'k', 'o', 'f', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gregorykelleher.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'k', 'e', 'l', 'l', 'e', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gregoryrealestategroup.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "gregorywiest.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'w', 'i', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "grenadiercorps-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'c', 'o', 'r', 'p', 's', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "grenadiere-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'e', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "grenadierkorps-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'k', 'o', 'r', 'p', 's', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "grenadierkorps.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'k', 'o', 'r', 'p', 's', '.', 'd', 'e', '\0',
+  /* "grendel.no", true */ 'g', 'r', 'e', 'n', 'd', 'e', 'l', '.', 'n', 'o', '\0',
+  /* "grepmaste.rs", true */ 'g', 'r', 'e', 'p', 'm', 'a', 's', 't', 'e', '.', 'r', 's', '\0',
+  /* "grepular.com", true */ 'g', 'r', 'e', 'p', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gresak.io", true */ 'g', 'r', 'e', 's', 'a', 'k', '.', 'i', 'o', '\0',
+  /* "grettogeek.com", true */ 'g', 'r', 'e', 't', 't', 'o', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "greve.xyz", true */ 'g', 'r', 'e', 'v', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "grey.house", true */ 'g', 'r', 'e', 'y', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "greybit.net", true */ 'g', 'r', 'e', 'y', 'b', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "greyhash.se", true */ 'g', 'r', 'e', 'y', 'h', 'a', 's', 'h', '.', 's', 'e', '\0',
+  /* "greysky.me", true */ 'g', 'r', 'e', 'y', 's', 'k', 'y', '.', 'm', 'e', '\0',
+  /* "greyskymedia.com", true */ 'g', 'r', 'e', 'y', 's', 'k', 'y', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "greysolutions.it", true */ 'g', 'r', 'e', 'y', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'i', 't', '\0',
+  /* "greywizard.com", true */ 'g', 'r', 'e', 'y', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "grh.am", true */ 'g', 'r', 'h', '.', 'a', 'm', '\0',
+  /* "grian-bam.at", true */ 'g', 'r', 'i', 'a', 'n', '-', 'b', 'a', 'm', '.', 'a', 't', '\0',
+  /* "gridle.io", true */ 'g', 'r', 'i', 'd', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "grieg-gaarden.no", true */ 'g', 'r', 'i', 'e', 'g', '-', 'g', 'a', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "grieg.com", true */ 'g', 'r', 'i', 'e', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grieg.net", true */ 'g', 'r', 'i', 'e', 'g', '.', 'n', 'e', 't', '\0',
+  /* "grieg.no", true */ 'g', 'r', 'i', 'e', 'g', '.', 'n', 'o', '\0',
+  /* "grieg.org", true */ 'g', 'r', 'i', 'e', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "griegfoundation.no", true */ 'g', 'r', 'i', 'e', 'g', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'n', 'o', '\0',
+  /* "grieglogistics.no", true */ 'g', 'r', 'i', 'e', 'g', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'n', 'o', '\0',
+  /* "griegshipbrokers.com", true */ 'g', 'r', 'i', 'e', 'g', 's', 'h', 'i', 'p', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "griegshipbrokers.no", true */ 'g', 'r', 'i', 'e', 'g', 's', 'h', 'i', 'p', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'n', 'o', '\0',
+  /* "griesser2.de", true */ 'g', 'r', 'i', 'e', 's', 's', 'e', 'r', '2', '.', 'd', 'e', '\0',
+  /* "grillteller42.de", true */ 'g', 'r', 'i', 'l', 'l', 't', 'e', 'l', 'l', 'e', 'r', '4', '2', '.', 'd', 'e', '\0',
+  /* "grimcalc.com", true */ 'g', 'r', 'i', 'm', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "grimm-gastrobedarf.de", true */ 'g', 'r', 'i', 'm', 'm', '-', 'g', 'a', 's', 't', 'r', 'o', 'b', 'e', 'd', 'a', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "grimneko.de", true */ 'g', 'r', 'i', 'm', 'n', 'e', 'k', 'o', '.', 'd', 'e', '\0',
+  /* "grinnellplans.com", true */ 'g', 'r', 'i', 'n', 'n', 'e', 'l', 'l', 'p', 'l', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gripnijmegen.rip", true */ 'g', 'r', 'i', 'p', 'n', 'i', 'j', 'm', 'e', 'g', 'e', 'n', '.', 'r', 'i', 'p', '\0',
+  /* "gritte.ch", true */ 'g', 'r', 'i', 't', 't', 'e', '.', 'c', 'h', '\0',
+  /* "grizzlys.com", true */ 'g', 'r', 'i', 'z', 'z', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grmp.fr", true */ 'g', 'r', 'm', 'p', '.', 'f', 'r', '\0',
+  /* "groben-itsolutions.de", true */ 'g', 'r', 'o', 'b', 'e', 'n', '-', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "grocock.me.uk", true */ 'g', 'r', 'o', 'c', 'o', 'c', 'k', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "groenaquasolutions.nl", true */ 'g', 'r', 'o', 'e', 'n', 'a', 'q', 'u', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'l', '\0',
+  /* "groentefruitzeep.com", true */ 'g', 'r', 'o', 'e', 'n', 't', 'e', 'f', 'r', 'u', 'i', 't', 'z', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "groentefruitzeep.nl", true */ 'g', 'r', 'o', 'e', 'n', 't', 'e', 'f', 'r', 'u', 'i', 't', 'z', 'e', 'e', 'p', '.', 'n', 'l', '\0',
+  /* "groepjam-usedcars.be", true */ 'g', 'r', 'o', 'e', 'p', 'j', 'a', 'm', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "grog.pw", true */ 'g', 'r', 'o', 'g', '.', 'p', 'w', '\0',
+  /* "grokker.com", true */ 'g', 'r', 'o', 'k', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "groklearning.com", true */ 'g', 'r', 'o', 'k', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grolimur.ch", true */ 'g', 'r', 'o', 'l', 'i', 'm', 'u', 'r', '.', 'c', 'h', '\0',
+  /* "gronau-it-cloud-computing.de", true */ 'g', 'r', 'o', 'n', 'a', 'u', '-', 'i', 't', '-', 'c', 'l', 'o', 'u', 'd', '-', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "grondius.com", true */ 'g', 'r', 'o', 'n', 'd', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grootinadvies.nl", true */ 'g', 'r', 'o', 'o', 't', 'i', 'n', 'a', 'd', 'v', 'i', 'e', 's', '.', 'n', 'l', '\0',
+  /* "groovydisk.com", true */ 'g', 'r', 'o', 'o', 'v', 'y', 'd', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "groovygoldfish.org", true */ 'g', 'r', 'o', 'o', 'v', 'y', 'g', 'o', 'l', 'd', 'f', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "gropp.org", true */ 'g', 'r', 'o', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "grossberger-ge.org", true */ 'g', 'r', 'o', 's', 's', 'b', 'e', 'r', 'g', 'e', 'r', '-', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "groszek.pl", true */ 'g', 'r', 'o', 's', 'z', 'e', 'k', '.', 'p', 'l', '\0',
+  /* "groth.im", true */ 'g', 'r', 'o', 't', 'h', '.', 'i', 'm', '\0',
+  /* "groth.xyz", true */ 'g', 'r', 'o', 't', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "grothoff.org", true */ 'g', 'r', 'o', 't', 'h', 'o', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "grouchysysadmin.com", true */ 'g', 'r', 'o', 'u', 'c', 'h', 'y', 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "group4layers.net", true */ 'g', 'r', 'o', 'u', 'p', '4', 'l', 'a', 'y', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "groupe-neurologique-nord.lu", true */ 'g', 'r', 'o', 'u', 'p', 'e', '-', 'n', 'e', 'u', 'r', 'o', 'l', 'o', 'g', 'i', 'q', 'u', 'e', '-', 'n', 'o', 'r', 'd', '.', 'l', 'u', '\0',
+  /* "groupebaillargeon.com", true */ 'g', 'r', 'o', 'u', 'p', 'e', 'b', 'a', 'i', 'l', 'l', 'a', 'r', 'g', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "groupghistelinck-cars.be", true */ 'g', 'r', 'o', 'u', 'p', 'g', 'h', 'i', 's', 't', 'e', 'l', 'i', 'n', 'c', 'k', '-', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "grouphomes.com.au", false */ 'g', 'r', 'o', 'u', 'p', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "groupme.com", true */ 'g', 'r', 'o', 'u', 'p', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "groups.google.com", true */ 'g', 'r', 'o', 'u', 'p', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "growingmetrics.com", true */ 'g', 'r', 'o', 'w', 'i', 'n', 'g', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "growy.ch", true */ 'g', 'r', 'o', 'w', 'y', '.', 'c', 'h', '\0',
+  /* "grsecurity.net", true */ 'g', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gruebebraeu.ch", true */ 'g', 'r', 'u', 'e', 'b', 'e', 'b', 'r', 'a', 'e', 'u', '.', 'c', 'h', '\0',
+  /* "gruelang.org", true */ 'g', 'r', 'u', 'e', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "gruenderlehrstuhl.de", true */ 'g', 'r', 'u', 'e', 'n', 'd', 'e', 'r', 'l', 'e', 'h', 'r', 's', 't', 'u', 'h', 'l', '.', 'd', 'e', '\0',
+  /* "gruene-im-rvr.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', '-', 'i', 'm', '-', 'r', 'v', 'r', '.', 'd', 'e', '\0',
+  /* "gruene-wattenscheid.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', '-', 'w', 'a', 't', 't', 'e', 'n', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "gruenes-wp.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', 's', '-', 'w', 'p', '.', 'd', 'e', '\0',
+  /* "gruenprint.de", true */ 'g', 'r', 'u', 'e', 'n', 'p', 'r', 'i', 'n', 't', '.', 'd', 'e', '\0',
+  /* "grumpy.fr", true */ 'g', 'r', 'u', 'm', 'p', 'y', '.', 'f', 'r', '\0',
+  /* "grunwasser.fr", true */ 'g', 'r', 'u', 'n', 'w', 'a', 's', 's', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "grupomakben.com", true */ 'g', 'r', 'u', 'p', 'o', 'm', 'a', 'k', 'b', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "grupoparco.com", true */ 'g', 'r', 'u', 'p', 'o', 'p', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "grusenmeyer.be", true */ 'g', 'r', 'u', 's', 'e', 'n', 'm', 'e', 'y', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "grusig-geil.ch", true */ 'g', 'r', 'u', 's', 'i', 'g', '-', 'g', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "gruwa.net", true */ 'g', 'r', 'u', 'w', 'a', '.', 'n', 'e', 't', '\0',
+  /* "grytics.com", true */ 'g', 'r', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gs-net.at", true */ 'g', 's', '-', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "gs93.de", true */ 'g', 's', '9', '3', '.', 'd', 'e', '\0',
+  /* "gscloud.xyz", true */ 'g', 's', 'c', 'l', 'o', 'u', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "gsgs.se", true */ 'g', 's', 'g', 's', '.', 's', 'e', '\0',
+  /* "gsi-network.com", true */ 'g', 's', 'i', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gsimagebank.co.uk", true */ 'g', 's', 'i', 'm', 'a', 'g', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gslink.me", true */ 'g', 's', 'l', 'i', 'n', 'k', '.', 'm', 'e', '\0',
+  /* "gsmkungen.com", true */ 'g', 's', 'm', 'k', 'u', 'n', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gsmsecurity.net", true */ 'g', 's', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gsoc.se", true */ 'g', 's', 'o', 'c', '.', 's', 'e', '\0',
+  /* "gsrc.io", true */ 'g', 's', 'r', 'c', '.', 'i', 'o', '\0',
+  /* "gst.name", true */ 'g', 's', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "gst.priv.at", true */ 'g', 's', 't', '.', 'p', 'r', 'i', 'v', '.', 'a', 't', '\0',
+  /* "gt-mp.net", true */ 'g', 't', '-', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "gt-network.de", true */ 'g', 't', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "gta-arabs.com", true */ 'g', 't', 'a', '-', 'a', 'r', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gta5voice.net", true */ 'g', 't', 'a', '5', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gtaforum.nl", true */ 'g', 't', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "gtalife.net", true */ 'g', 't', 'a', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gtchipsi.org", true */ 'g', 't', 'c', 'h', 'i', 'p', 's', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "gtcprojects.com", true */ 'g', 't', 'c', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gtdgo.com", true */ 'g', 't', 'd', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gtmasterclub.it", false */ 'g', 't', 'm', 'a', 's', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'i', 't', '\0',
+  /* "gtmetrix.com", true */ 'g', 't', 'm', 'e', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gtopala.com", true */ 'g', 't', 'o', 'p', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gtour.info", true */ 'g', 't', 'o', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gtravers-basketmaker.co.uk", true */ 'g', 't', 'r', 'a', 'v', 'e', 'r', 's', '-', 'b', 'a', 's', 'k', 'e', 't', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gtts.space", true */ 'g', 't', 't', 's', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "guardian360.nl", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '3', '6', '0', '.', 'n', 'l', '\0',
+  /* "guardianproject.info", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "guardiansoftheearth.org", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', 's', 'o', 'f', 't', 'h', 'e', 'e', 'a', 'r', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "gudini.net", true */ 'g', 'u', 'd', 'i', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "guelo.ch", true */ 'g', 'u', 'e', 'l', 'o', '.', 'c', 'h', '\0',
+  /* "guelphhydropool.com", true */ 'g', 'u', 'e', 'l', 'p', 'h', 'h', 'y', 'd', 'r', 'o', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "guenthereder.at", true */ 'g', 'u', 'e', 'n', 't', 'h', 'e', 'r', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "guerrilla.technology", true */ 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "guesthouse-namaste.com", true */ 'g', 'u', 'e', 's', 't', 'h', 'o', 'u', 's', 'e', '-', 'n', 'a', 'm', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "guevener.de", true */ 'g', 'u', 'e', 'v', 'e', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gueze-ardeche.fr", true */ 'g', 'u', 'e', 'z', 'e', '-', 'a', 'r', 'd', 'e', 'c', 'h', 'e', '.', 'f', 'r', '\0',
+  /* "gueze-sas.fr", true */ 'g', 'u', 'e', 'z', 'e', '-', 's', 'a', 's', '.', 'f', 'r', '\0',
+  /* "gufen.ga", true */ 'g', 'u', 'f', 'e', 'n', '.', 'g', 'a', '\0',
+  /* "guffr.it", true */ 'g', 'u', 'f', 'f', 'r', '.', 'i', 't', '\0',
+  /* "guge.ch", true */ 'g', 'u', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "gugert.net", true */ 'g', 'u', 'g', 'e', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "guhei.net", true */ 'g', 'u', 'h', 'e', 'i', '.', 'n', 'e', 't', '\0',
+  /* "guhenry3.tk", true */ 'g', 'u', 'h', 'e', 'n', 'r', 'y', '3', '.', 't', 'k', '\0',
+  /* "guichet-entreprises.fr", true */ 'g', 'u', 'i', 'c', 'h', 'e', 't', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '.', 'f', 'r', '\0',
+  /* "guichet-qualifications.fr", true */ 'g', 'u', 'i', 'c', 'h', 'e', 't', '-', 'q', 'u', 'a', 'l', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "guid2steamid.com", true */ 'g', 'u', 'i', 'd', '2', 's', 't', 'e', 'a', 'm', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "guid2steamid.pw", true */ 'g', 'u', 'i', 'd', '2', 's', 't', 'e', 'a', 'm', 'i', 'd', '.', 'p', 'w', '\0',
+  /* "guide-peche-cantal.com", true */ 'g', 'u', 'i', 'd', 'e', '-', 'p', 'e', 'c', 'h', 'e', '-', 'c', 'a', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "guidechecking.com", true */ 'g', 'u', 'i', 'd', 'e', 'c', 'h', 'e', 'c', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "guidedselling.net", true */ 'g', 'u', 'i', 'd', 'e', 'd', 's', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "guideo.ch", true */ 'g', 'u', 'i', 'd', 'e', 'o', '.', 'c', 'h', '\0',
+  /* "guides-peche64.com", true */ 'g', 'u', 'i', 'd', 'e', 's', '-', 'p', 'e', 'c', 'h', 'e', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "guidetoiceland.is", false */ 'g', 'u', 'i', 'd', 'e', 't', 'o', 'i', 'c', 'e', 'l', 'a', 'n', 'd', '.', 'i', 's', '\0',
+  /* "guildgearscore.cf", false */ 'g', 'u', 'i', 'l', 'd', 'g', 'e', 'a', 'r', 's', 'c', 'o', 'r', 'e', '.', 'c', 'f', '\0',
+  /* "guildofmusicsupervisors.co.uk", true */ 'g', 'u', 'i', 'l', 'd', 'o', 'f', 'm', 'u', 's', 'i', 'c', 's', 'u', 'p', 'e', 'r', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "guillaume-briand.fr", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', '-', 'b', 'r', 'i', 'a', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "guillaumecote.me", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', 'c', 'o', 't', 'e', '.', 'm', 'e', '\0',
+  /* "guillaumeperrin.io", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', 'p', 'e', 'r', 'r', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "guillemaud.me", false */ 'g', 'u', 'i', 'l', 'l', 'e', 'm', 'a', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "guiltypleasuresroleplaying.com", true */ 'g', 'u', 'i', 'l', 't', 'y', 'p', 'l', 'e', 'a', 's', 'u', 'r', 'e', 's', 'r', 'o', 'l', 'e', 'p', 'l', 'a', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "guim.co.uk", true */ 'g', 'u', 'i', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "guineapigmustach.es", true */ 'g', 'u', 'i', 'n', 'e', 'a', 'p', 'i', 'g', 'm', 'u', 's', 't', 'a', 'c', 'h', '.', 'e', 's', '\0',
+  /* "gulchuk.com", true */ 'g', 'u', 'l', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gulenbase.no", true */ 'g', 'u', 'l', 'e', 'n', 'b', 'a', 's', 'e', '.', 'n', 'o', '\0',
+  /* "gulfstream.ru", true */ 'g', 'u', 'l', 'f', 's', 't', 'r', 'e', 'a', 'm', '.', 'r', 'u', '\0',
+  /* "gulleyperformancecenter.com", true */ 'g', 'u', 'l', 'l', 'e', 'y', 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gulshankumar.net", true */ 'g', 'u', 'l', 's', 'h', 'a', 'n', 'k', 'u', 'm', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "gume4you.com", true */ 'g', 'u', 'm', 'e', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "gumi.ca", true */ 'g', 'u', 'm', 'i', '.', 'c', 'a', '\0',
+  /* "gummibande.noip.me", true */ 'g', 'u', 'm', 'm', 'i', 'b', 'a', 'n', 'd', 'e', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "gunhunter.com", true */ 'g', 'u', 'n', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "guniram.com", true */ 'g', 'u', 'n', 'i', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "gunwatch.co.uk", true */ 'g', 'u', 'n', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "guochang.xyz", true */ 'g', 'u', 'o', 'c', 'h', 'a', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "guoke.com", true */ 'g', 'u', 'o', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "guozeyu.com", true */ 'g', 'u', 'o', 'z', 'e', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "guphi.net", false */ 'g', 'u', 'p', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "gurkan.in", true */ 'g', 'u', 'r', 'k', 'a', 'n', '.', 'i', 'n', '\0',
+  /* "gurmel.ru", true */ 'g', 'u', 'r', 'm', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "gurochan.ch", true */ 'g', 'u', 'r', 'o', 'c', 'h', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "guru-naradi.cz", true */ 'g', 'u', 'r', 'u', '-', 'n', 'a', 'r', 'a', 'd', 'i', '.', 'c', 'z', '\0',
+  /* "gurueffect.com", true */ 'g', 'u', 'r', 'u', 'e', 'f', 'f', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gus.host", true */ 'g', 'u', 's', '.', 'h', 'o', 's', 't', '\0',
+  /* "gustaff.de", true */ 'g', 'u', 's', 't', 'a', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "gustiaux.com", true */ 'g', 'u', 's', 't', 'i', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "guthabenkarten-billiger.de", true */ 'g', 'u', 't', 'h', 'a', 'b', 'e', 'n', 'k', 'a', 'r', 't', 'e', 'n', '-', 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "guts.me", true */ 'g', 'u', 't', 's', '.', 'm', 'e', '\0',
+  /* "gutscheingeiz.de", true */ 'g', 'u', 't', 's', 'c', 'h', 'e', 'i', 'n', 'g', 'e', 'i', 'z', '.', 'd', 'e', '\0',
+  /* "gutuia.blue", true */ 'g', 'u', 't', 'u', 'i', 'a', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "guus-thijssen.nl", true */ 'g', 'u', 'u', 's', '-', 't', 'h', 'i', 'j', 's', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "guusvandewal.nl", true */ 'g', 'u', 'u', 's', 'v', 'a', 'n', 'd', 'e', 'w', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "guvernalternativa.ro", true */ 'g', 'u', 'v', 'e', 'r', 'n', 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'a', '.', 'r', 'o', '\0',
+  /* "guyot-tech.com", true */ 'g', 'u', 'y', 'o', 't', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gv-neumann.de", true */ 'g', 'v', '-', 'n', 'e', 'u', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "gvatas.in", true */ 'g', 'v', 'a', 't', 'a', 's', '.', 'i', 'n', '\0',
+  /* "gveh.de", true */ 'g', 'v', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "gvi-timing.ch", true */ 'g', 'v', 'i', '-', 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "gviedu.com", true */ 'g', 'v', 'i', 'e', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "gvitiming.ch", true */ 'g', 'v', 'i', 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "gvobgyn.ca", true */ 'g', 'v', 'o', 'b', 'g', 'y', 'n', '.', 'c', 'a', '\0',
+  /* "gvt2.com", true */ 'g', 'v', 't', '2', '.', 'c', 'o', 'm', '\0',
+  /* "gvt3.com", true */ 'g', 'v', 't', '3', '.', 'c', 'o', 'm', '\0',
+  /* "gw2treasures.com", true */ 'g', 'w', '2', 't', 'r', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gwa-verwaltung.de", true */ 'g', 'w', 'a', '-', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "gwerder.net", true */ 'g', 'w', 'e', 'r', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "gwhois.org", true */ 'g', 'w', 'h', 'o', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "gwrtech.com", true */ 'g', 'w', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gwsec.co.uk", true */ 'g', 'w', 's', 'e', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gxgx.org", true */ 'g', 'x', 'g', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "gyas.nl", true */ 'g', 'y', 'a', 's', '.', 'n', 'l', '\0',
+  /* "gymagine.ch", true */ 'g', 'y', 'm', 'a', 'g', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "gymhero.me", true */ 'g', 'y', 'm', 'h', 'e', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "gymkirchenfeld.ch", true */ 'g', 'y', 'm', 'k', 'i', 'r', 'c', 'h', 'e', 'n', 'f', 'e', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "gymnaserenens.ch", true */ 'g', 'y', 'm', 'n', 'a', 's', 'e', 'r', 'e', 'n', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "gymnasium-farmsen.de", true */ 'g', 'y', 'm', 'n', 'a', 's', 'i', 'u', 'm', '-', 'f', 'a', 'r', 'm', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gympap.de", true */ 'g', 'y', 'm', 'p', 'a', 'p', '.', 'd', 'e', '\0',
+  /* "gynaecology.co", true */ 'g', 'y', 'n', 'a', 'e', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', '\0',
+  /* "gyoza.beer", false */ 'g', 'y', 'o', 'z', 'a', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "gypsycatdreams.com", true */ 'g', 'y', 'p', 's', 'y', 'c', 'a', 't', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gypsyreel.com", true */ 'g', 'y', 'p', 's', 'y', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gyre.ch", true */ 'g', 'y', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "gyrenens.ch", true */ 'g', 'y', 'r', 'e', 'n', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "gyu-raku.jp", true */ 'g', 'y', 'u', '-', 'r', 'a', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "gz-architekten.de", true */ 'g', 'z', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gz-benz.com", true */ 'g', 'z', '-', 'b', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "gz-bmw.com", true */ 'g', 'z', '-', 'b', 'm', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gza.jp", true */ 'g', 'z', 'a', '.', 'j', 'p', '\0',
+  /* "gzitech.com", true */ 'g', 'z', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gzitech.net", true */ 'g', 'z', 'i', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "gzom.ru", true */ 'g', 'z', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "gzpblog.com", true */ 'g', 'z', 'p', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "h-jo.net", true */ 'h', '-', 'j', 'o', '.', 'n', 'e', 't', '\0',
+  /* "h-suppo.com", true */ 'h', '-', 's', 'u', 'p', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "h001.ru", true */ 'h', '0', '0', '1', '.', 'r', 'u', '\0',
+  /* "h09.eu", true */ 'h', '0', '9', '.', 'e', 'u', '\0',
+  /* "h11.io", true */ 'h', '1', '1', '.', 'i', 'o', '\0',
+  /* "h11.moe", true */ 'h', '1', '1', '.', 'm', 'o', 'e', '\0',
+  /* "h24.org", true */ 'h', '2', '4', '.', 'o', 'r', 'g', '\0',
+  /* "h2s-design.de", true */ 'h', '2', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "h2u.tv", true */ 'h', '2', 'u', '.', 't', 'v', '\0',
+  /* "h3x.jp", true */ 'h', '3', 'x', '.', 'j', 'p', '\0',
+  /* "h3z.jp", true */ 'h', '3', 'z', '.', 'j', 'p', '\0',
+  /* "h404bi.com", false */ 'h', '4', '0', '4', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ha3.eu", true */ 'h', 'a', '3', '.', 'e', 'u', '\0',
+  /* "ha6.ru", true */ 'h', 'a', '6', '.', 'r', 'u', '\0',
+  /* "haarlemsesaxofoonschool.nl", true */ 'h', 'a', 'a', 'r', 'l', 'e', 'm', 's', 'e', 's', 'a', 'x', 'o', 'f', 'o', 'o', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "haavard.me", true */ 'h', 'a', 'a', 'v', 'a', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "haazen.xyz", true */ 'h', 'a', 'a', 'z', 'e', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "habarisoft.com", true */ 'h', 'a', 'b', 'a', 'r', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "habbos.es", true */ 'h', 'a', 'b', 'b', 'o', 's', '.', 'e', 's', '\0',
+  /* "habtium.com", true */ 'h', 'a', 'b', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "habtium.es", true */ 'h', 'a', 'b', 't', 'i', 'u', 'm', '.', 'e', 's', '\0',
+  /* "haccp.roma.it", true */ 'h', 'a', 'c', 'c', 'p', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "hacettepeteknokent.com.tr", true */ 'h', 'a', 'c', 'e', 't', 't', 'e', 'p', 'e', 't', 'e', 'k', 'n', 'o', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "hachre.de", true */ 'h', 'a', 'c', 'h', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "hack.club", true */ 'h', 'a', 'c', 'k', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "hackademix.net", true */ 'h', 'a', 'c', 'k', 'a', 'd', 'e', 'm', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "hackanders.com", true */ 'h', 'a', 'c', 'k', 'a', 'n', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hackbarth.guru", true */ 'h', 'a', 'c', 'k', 'b', 'a', 'r', 't', 'h', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "hackbeil.name", true */ 'h', 'a', 'c', 'k', 'b', 'e', 'i', 'l', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "hackbubble.me", true */ 'h', 'a', 'c', 'k', 'b', 'u', 'b', 'b', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "hackcraft.net", true */ 'h', 'a', 'c', 'k', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "hackenkunjeleren.nl", true */ 'h', 'a', 'c', 'k', 'e', 'n', 'k', 'u', 'n', 'j', 'e', 'l', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "hackenturet.dk", true */ 'h', 'a', 'c', 'k', 'e', 'n', 't', 'u', 'r', 'e', 't', '.', 'd', 'k', '\0',
+  /* "hacker.club", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "hacker.deals", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'd', 'e', 'a', 'l', 's', '\0',
+  /* "hacker.im", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'm', '\0',
+  /* "hacker.one", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'o', 'n', 'e', '\0',
+  /* "hacker.parts", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'p', 'a', 'r', 't', 's', '\0',
+  /* "hacker1.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hacker101.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hackerchai.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'c', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "hackerco.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hackergateway.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hackernet.se", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'n', 'e', 't', '.', 's', 'e', '\0',
+  /* "hackerone-ext-content.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '-', 'e', 'x', 't', '-', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hackerone-user-content.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '-', 'u', 's', 'e', 'r', '-', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hackerone.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hackerone.net", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hackerpoints.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'p', 'o', 'i', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hackerstxt.org", true */ 'h', 'a', 'c', 'k', 'e', 'r', 's', 't', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "hackgins.com", true */ 'h', 'a', 'c', 'k', 'g', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hackingand.coffee", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 'a', 'n', 'd', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "hackingdh.com", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 'd', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hackingsafe.com", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hackmd.io", true */ 'h', 'a', 'c', 'k', 'm', 'd', '.', 'i', 'o', '\0',
+  /* "hackmeplz.com", true */ 'h', 'a', 'c', 'k', 'm', 'e', 'p', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "hacksoc.co.uk", true */ 'h', 'a', 'c', 'k', 's', 'o', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hackthissite.org", true */ 'h', 'a', 'c', 'k', 't', 'h', 'i', 's', 's', 'i', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "hacktivis.me", true */ 'h', 'a', 'c', 'k', 't', 'i', 'v', 'i', 's', '.', 'm', 'e', '\0',
+  /* "hackyourfaceoff.com", true */ 'h', 'a', 'c', 'k', 'y', 'o', 'u', 'r', 'f', 'a', 'c', 'e', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hadaly.fr", true */ 'h', 'a', 'd', 'a', 'l', 'y', '.', 'f', 'r', '\0',
+  /* "hadleighswimmingclub.co.uk", true */ 'h', 'a', 'd', 'l', 'e', 'i', 'g', 'h', 's', 'w', 'i', 'm', 'm', 'i', 'n', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hadouk.in", true */ 'h', 'a', 'd', 'o', 'u', 'k', '.', 'i', 'n', '\0',
+  /* "hadrons.org", true */ 'h', 'a', 'd', 'r', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "haefligermedia.ch", true */ 'h', 'a', 'e', 'f', 'l', 'i', 'g', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "haehnlein.at", true */ 'h', 'a', 'e', 'h', 'n', 'l', 'e', 'i', 'n', '.', 'a', 't', '\0',
+  /* "haens.li", true */ 'h', 'a', 'e', 'n', 's', '.', 'l', 'i', '\0',
+  /* "haerwu.biz", true */ 'h', 'a', 'e', 'r', 'w', 'u', '.', 'b', 'i', 'z', '\0',
+  /* "hafniatimes.com", true */ 'h', 'a', 'f', 'n', 'i', 'a', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "haggeluring.su", true */ 'h', 'a', 'g', 'g', 'e', 'l', 'u', 'r', 'i', 'n', 'g', '.', 's', 'u', '\0',
+  /* "hagueaustralia.com.au", true */ 'h', 'a', 'g', 'u', 'e', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "haha-raku.com", true */ 'h', 'a', 'h', 'a', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "haiboxu.com", true */ 'h', 'a', 'i', 'b', 'o', 'x', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hail2u.net", true */ 'h', 'a', 'i', 'l', '2', 'u', '.', 'n', 'e', 't', '\0',
+  /* "hailer.com", true */ 'h', 'a', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "haircrazy.com", true */ 'h', 'a', 'i', 'r', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hairraisingphotobooths.co.uk", true */ 'h', 'a', 'i', 'r', 'r', 'a', 'i', 's', 'i', 'n', 'g', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hairtonic-lab.com", true */ 'h', 'a', 'i', 'r', 't', 'o', 'n', 'i', 'c', '-', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hajnzic.at", true */ 'h', 'a', 'j', 'n', 'z', 'i', 'c', '.', 'a', 't', '\0',
+  /* "hak5.org", true */ 'h', 'a', 'k', '5', '.', 'o', 'r', 'g', '\0',
+  /* "hakase.kr", true */ 'h', 'a', 'k', 'a', 's', 'e', '.', 'k', 'r', '\0',
+  /* "hakatabijin-mind.com", true */ 'h', 'a', 'k', 'a', 't', 'a', 'b', 'i', 'j', 'i', 'n', '-', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hake.me", true */ 'h', 'a', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "haktec.de", true */ 'h', 'a', 'k', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "hakurei.moe", true */ 'h', 'a', 'k', 'u', 'r', 'e', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "halacs.hu", true */ 'h', 'a', 'l', 'a', 'c', 's', '.', 'h', 'u', '\0',
+  /* "half-logic.eu.org", true */ 'h', 'a', 'l', 'f', '-', 'l', 'o', 'g', 'i', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "halfco.de", true */ 'h', 'a', 'l', 'f', 'c', 'o', '.', 'd', 'e', '\0',
+  /* "halfwaythere.eu", true */ 'h', 'a', 'l', 'f', 'w', 'a', 'y', 't', 'h', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "halitopuroprodutos.com.br", true */ 'h', 'a', 'l', 'i', 't', 'o', 'p', 'u', 'r', 'o', 'p', 'r', 'o', 'd', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "halkirkbouncycastles.co.uk", true */ 'h', 'a', 'l', 'k', 'i', 'r', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hallelujahsoftware.com", true */ 'h', 'a', 'l', 'l', 'e', 'l', 'u', 'j', 'a', 'h', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hallhuber.com", true */ 'h', 'a', 'l', 'l', 'h', 'u', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "halligladen.de", true */ 'h', 'a', 'l', 'l', 'i', 'g', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hallmarkestates.ca", true */ 'h', 'a', 'l', 'l', 'm', 'a', 'r', 'k', 'e', 's', 't', 'a', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "hallucinogen.com", true */ 'h', 'a', 'l', 'l', 'u', 'c', 'i', 'n', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hallucinogens.org", true */ 'h', 'a', 'l', 'l', 'u', 'c', 'i', 'n', 'o', 'g', 'e', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "halo.fr", true */ 'h', 'a', 'l', 'o', '.', 'f', 'r', '\0',
+  /* "halongbaybackpackertour.com", true */ 'h', 'a', 'l', 'o', 'n', 'g', 'b', 'a', 'y', 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "haloobaloo.com", true */ 'h', 'a', 'l', 'o', 'o', 'b', 'a', 'l', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "halta.info", true */ 'h', 'a', 'l', 't', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hamacho-kyudo.com", true */ 'h', 'a', 'm', 'a', 'c', 'h', 'o', '-', 'k', 'y', 'u', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hamali.bg", true */ 'h', 'a', 'm', 'a', 'l', 'i', '.', 'b', 'g', '\0',
+  /* "hamish.ca", true */ 'h', 'a', 'm', 'i', 's', 'h', '.', 'c', 'a', '\0',
+  /* "hamking.tk", true */ 'h', 'a', 'm', 'k', 'i', 'n', 'g', '.', 't', 'k', '\0',
+  /* "hammamsayad.com", true */ 'h', 'a', 'm', 'm', 'a', 'm', 's', 'a', 'y', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hammer-corp.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hammer-schnaps.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 's', 'c', 'h', 'n', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hammer-sms.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 's', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hampl.tv", true */ 'h', 'a', 'm', 'p', 'l', '.', 't', 'v', '\0',
+  /* "hampshiretechservices.co.uk", true */ 'h', 'a', 'm', 'p', 's', 'h', 'i', 'r', 'e', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hamsters-uk.org", true */ 'h', 'a', 'm', 's', 't', 'e', 'r', 's', '-', 'u', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "hana.ondemand.com", true */ 'h', 'a', 'n', 'a', '.', 'o', 'n', 'd', 'e', 'm', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hanakaraku.com", true */ 'h', 'a', 'n', 'a', 'k', 'a', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hanashi.eu", true */ 'h', 'a', 'n', 'a', 's', 'h', 'i', '.', 'e', 'u', '\0',
+  /* "hancatemc.com", true */ 'h', 'a', 'n', 'c', 'a', 't', 'e', 'm', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "handbrake.fr", true */ 'h', 'a', 'n', 'd', 'b', 'r', 'a', 'k', 'e', '.', 'f', 'r', '\0',
+  /* "handcraft.eu.org", true */ 'h', 'a', 'n', 'd', 'c', 'r', 'a', 'f', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "handgelenkbandage-test.de", true */ 'h', 'a', 'n', 'd', 'g', 'e', 'l', 'e', 'n', 'k', 'b', 'a', 'n', 'd', 'a', 'g', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "handinhandfoundation.org.uk", true */ 'h', 'a', 'n', 'd', 'i', 'n', 'h', 'a', 'n', 'd', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "handlecoin.com", true */ 'h', 'a', 'n', 'd', 'l', 'e', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "handmade-workshop.de", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', '-', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "handmadegobelin.com", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', 'g', 'o', 'b', 'e', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "handmadetutorials.ro", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', 's', '.', 'r', 'o', '\0',
+  /* "handycommerce.co", true */ 'h', 'a', 'n', 'd', 'y', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', '\0',
+  /* "handyglas.com", true */ 'h', 'a', 'n', 'd', 'y', 'g', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "handymanlondonplease.co.uk", true */ 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 'l', 'o', 'n', 'd', 'o', 'n', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "handynummer.online", true */ 'h', 'a', 'n', 'd', 'y', 'n', 'u', 'm', 'm', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "handysex.live", true */ 'h', 'a', 'n', 'd', 'y', 's', 'e', 'x', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "handyticket.de", true */ 'h', 'a', 'n', 'd', 'y', 't', 'i', 'c', 'k', 'e', 't', '.', 'd', 'e', '\0',
+  /* "hanfox.co.uk", false */ 'h', 'a', 'n', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hangar.hosting", true */ 'h', 'a', 'n', 'g', 'a', 'r', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "hangcapnach.com", true */ 'h', 'a', 'n', 'g', 'c', 'a', 'p', 'n', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hangouts.google.com", true */ 'h', 'a', 'n', 'g', 'o', 'u', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hangtenseo.com", true */ 'h', 'a', 'n', 'g', 't', 'e', 'n', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hanksservice.com", true */ 'h', 'a', 'n', 'k', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hannah.link", true */ 'h', 'a', 'n', 'n', 'a', 'h', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "hannes-speelgoedencadeautjes.nl", true */ 'h', 'a', 'n', 'n', 'e', 's', '-', 's', 'p', 'e', 'e', 'l', 'g', 'o', 'e', 'd', 'e', 'n', 'c', 'a', 'd', 'e', 'a', 'u', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "hanover.edu", false */ 'h', 'a', 'n', 'o', 'v', 'e', 'r', '.', 'e', 'd', 'u', '\0',
+  /* "hansen.hn", true */ 'h', 'a', 'n', 's', 'e', 'n', '.', 'h', 'n', '\0',
+  /* "hansmund.com", true */ 'h', 'a', 'n', 's', 'm', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hansolrella.com", true */ 'h', 'a', 'n', 's', 'o', 'l', 'r', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hansvaneijsden.com", true */ 'h', 'a', 'n', 's', 'v', 'a', 'n', 'e', 'i', 'j', 's', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hansvaneijsden.nl", true */ 'h', 'a', 'n', 's', 'v', 'a', 'n', 'e', 'i', 'j', 's', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "hantse.com", true */ 'h', 'a', 'n', 't', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hanu.la", true */ 'h', 'a', 'n', 'u', '.', 'l', 'a', '\0',
+  /* "hanxv.pw", true */ 'h', 'a', 'n', 'x', 'v', '.', 'p', 'w', '\0',
+  /* "hanys.xyz", true */ 'h', 'a', 'n', 'y', 's', '.', 'x', 'y', 'z', '\0',
+  /* "hanzubon.jp", true */ 'h', 'a', 'n', 'z', 'u', 'b', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "hao-zhang.com", true */ 'h', 'a', 'o', '-', 'z', 'h', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "haogoodair.ca", true */ 'h', 'a', 'o', 'g', 'o', 'o', 'd', 'a', 'i', 'r', '.', 'c', 'a', '\0',
+  /* "haozhang.org", true */ 'h', 'a', 'o', 'z', 'h', 'a', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "haozi.me", true */ 'h', 'a', 'o', 'z', 'i', '.', 'm', 'e', '\0',
+  /* "hapissl.com", true */ 'h', 'a', 'p', 'i', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hapivm.com", true */ 'h', 'a', 'p', 'i', 'v', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "happyagain.de", true */ 'h', 'a', 'p', 'p', 'y', 'a', 'g', 'a', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "happyagain.se", true */ 'h', 'a', 'p', 'p', 'y', 'a', 'g', 'a', 'i', 'n', '.', 's', 'e', '\0',
+  /* "happyandrelaxeddogs.eu", false */ 'h', 'a', 'p', 'p', 'y', 'a', 'n', 'd', 'r', 'e', 'l', 'a', 'x', 'e', 'd', 'd', 'o', 'g', 's', '.', 'e', 'u', '\0',
+  /* "happybounce.co.uk", true */ 'h', 'a', 'p', 'p', 'y', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "happycarb.de", true */ 'h', 'a', 'p', 'p', 'y', 'c', 'a', 'r', 'b', '.', 'd', 'e', '\0',
+  /* "happycoder.net", false */ 'h', 'a', 'p', 'p', 'y', 'c', 'o', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "happydoq.ch", true */ 'h', 'a', 'p', 'p', 'y', 'd', 'o', 'q', '.', 'c', 'h', '\0',
+  /* "happygadget.me", true */ 'h', 'a', 'p', 'p', 'y', 'g', 'a', 'd', 'g', 'e', 't', '.', 'm', 'e', '\0',
+  /* "happykidscastles.co.uk", true */ 'h', 'a', 'p', 'p', 'y', 'k', 'i', 'd', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "happylifestyle.com", true */ 'h', 'a', 'p', 'p', 'y', 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "happyschnapper.com", true */ 'h', 'a', 'p', 'p', 'y', 's', 'c', 'h', 'n', 'a', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "happyteamlabs.com", true */ 'h', 'a', 'p', 'p', 'y', 't', 'e', 'a', 'm', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "happytiger.eu", true */ 'h', 'a', 'p', 'p', 'y', 't', 'i', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "happyukgo.com", true */ 'h', 'a', 'p', 'p', 'y', 'u', 'k', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hapsfordmill.co.uk", true */ 'h', 'a', 'p', 's', 'f', 'o', 'r', 'd', 'm', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hapvm.com", true */ 'h', 'a', 'p', 'v', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "haqaza.com.br", true */ 'h', 'a', 'q', 'a', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "haraj.com.sa", true */ 'h', 'a', 'r', 'a', 'j', '.', 'c', 'o', 'm', '.', 's', 'a', '\0',
+  /* "harald-d.dyndns.org", true */ 'h', 'a', 'r', 'a', 'l', 'd', '-', 'd', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "harald-pfeiffer.de", true */ 'h', 'a', 'r', 'a', 'l', 'd', '-', 'p', 'f', 'e', 'i', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "harapecorita.com", true */ 'h', 'a', 'r', 'a', 'p', 'e', 'c', 'o', 'r', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "harbor-light.net", true */ 'h', 'a', 'r', 'b', 'o', 'r', '-', 'l', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "hardeman.nu", true */ 'h', 'a', 'r', 'd', 'e', 'm', 'a', 'n', '.', 'n', 'u', '\0',
+  /* "hardenize.com", true */ 'h', 'a', 'r', 'd', 'e', 'n', 'i', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hardergayporn.com", true */ 'h', 'a', 'r', 'd', 'e', 'r', 'g', 'a', 'y', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hardertimes.com", true */ 'h', 'a', 'r', 'd', 'e', 'r', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hardesec.com", true */ 'h', 'a', 'r', 'd', 'e', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hardfalcon.net", true */ 'h', 'a', 'r', 'd', 'f', 'a', 'l', 'c', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "hardforum.com", true */ 'h', 'a', 'r', 'd', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hardh.at", true */ 'h', 'a', 'r', 'd', 'h', '.', 'a', 't', '\0',
+  /* "hardrain980.com", true */ 'h', 'a', 'r', 'd', 'r', 'a', 'i', 'n', '9', '8', '0', '.', 'c', 'o', 'm', '\0',
+  /* "hardtfrieden.de", true */ 'h', 'a', 'r', 'd', 't', 'f', 'r', 'i', 'e', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hardtime.ru", true */ 'h', 'a', 'r', 'd', 't', 'i', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "hardyboyplant.com", true */ 'h', 'a', 'r', 'd', 'y', 'b', 'o', 'y', 'p', 'l', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "haribilalic.com", true */ 'h', 'a', 'r', 'i', 'b', 'i', 'l', 'a', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "harilova.fr", true */ 'h', 'a', 'r', 'i', 'l', 'o', 'v', 'a', '.', 'f', 'r', '\0',
+  /* "hariome.com", true */ 'h', 'a', 'r', 'i', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "haritsa.co.id", true */ 'h', 'a', 'r', 'i', 't', 's', 'a', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "harjitbhogal.com", true */ 'h', 'a', 'r', 'j', 'i', 't', 'b', 'h', 'o', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "harmfarm.nl", true */ 'h', 'a', 'r', 'm', 'f', 'a', 'r', 'm', '.', 'n', 'l', '\0',
+  /* "harmoney.co.nz", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "harmoney.com", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "harmoney.com.au", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "haroldsharpe.com", true */ 'h', 'a', 'r', 'o', 'l', 'd', 's', 'h', 'a', 'r', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "harringtonca.com", true */ 'h', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "harrisonsand.com", false */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "harrisonsdirect.co.uk", true */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harrisonswebsites.com", true */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "harryharrison.co", true */ 'h', 'a', 'r', 'r', 'y', 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "harrymclaren.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 'm', 'c', 'l', 'a', 'r', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harryphoto.fr", true */ 'h', 'a', 'r', 'r', 'y', 'p', 'h', 'o', 't', 'o', '.', 'f', 'r', '\0',
+  /* "harrypottereditor.com", true */ 'h', 'a', 'r', 'r', 'y', 'p', 'o', 't', 't', 'e', 'r', 'e', 'd', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "harrysgardengamehire.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'g', 'a', 'r', 'd', 'e', 'n', 'g', 'a', 'm', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harrysmallbones.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'm', 'a', 'l', 'l', 'b', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harrysqnc.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'q', 'n', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harschnitz.nl", true */ 'h', 'a', 'r', 's', 'c', 'h', 'n', 'i', 't', 'z', '.', 'n', 'l', '\0',
+  /* "hartie95.de", true */ 'h', 'a', 'r', 't', 'i', 'e', '9', '5', '.', 'd', 'e', '\0',
+  /* "hartlep.email", true */ 'h', 'a', 'r', 't', 'l', 'e', 'p', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "harukakikuchi.com", true */ 'h', 'a', 'r', 'u', 'k', 'a', 'k', 'i', 'k', 'u', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "haruue.moe", true */ 'h', 'a', 'r', 'u', 'u', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "harvestapp.com", true */ 'h', 'a', 'r', 'v', 'e', 's', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "harvester.fr", true */ 'h', 'a', 'r', 'v', 'e', 's', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "harveyauzorst.com", true */ 'h', 'a', 'r', 'v', 'e', 'y', 'a', 'u', 'z', 'o', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "harveymilton.com", true */ 'h', 'a', 'r', 'v', 'e', 'y', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "haschrebellen.de", true */ 'h', 'a', 's', 'c', 'h', 'r', 'e', 'b', 'e', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hasdf.de", true */ 'h', 'a', 's', 'd', 'f', '.', 'd', 'e', '\0',
+  /* "haselsteiner.me", true */ 'h', 'a', 's', 'e', 'l', 's', 't', 'e', 'i', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "hash-archive.org", true */ 'h', 'a', 's', 'h', '-', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "hash.works", true */ 'h', 'a', 's', 'h', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "hashcat.net", true */ 'h', 'a', 's', 'h', 'c', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "hashes.org", true */ 'h', 'a', 's', 'h', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hashi.dk", true */ 'h', 'a', 's', 'h', 'i', '.', 'd', 'k', '\0',
+  /* "hashiconf.com", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hashiconf.eu", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'n', 'f', '.', 'e', 'u', '\0',
+  /* "hashicorp.com", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hashimah.ca", true */ 'h', 'a', 's', 'h', 'i', 'm', 'a', 'h', '.', 'c', 'a', '\0',
+  /* "hashinteractive.com", true */ 'h', 'a', 's', 'h', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hashish.net", true */ 'h', 'a', 's', 'h', 'i', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "hashiura.jp", true */ 'h', 'a', 's', 'h', 'i', 'u', 'r', 'a', '.', 'j', 'p', '\0',
+  /* "hashru.nl", true */ 'h', 'a', 's', 'h', 'r', 'u', '.', 'n', 'l', '\0',
+  /* "hashworks.net", true */ 'h', 'a', 's', 'h', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "haskovec.com", true */ 'h', 'a', 's', 'k', 'o', 'v', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hasselbach-dellwig.de", true */ 'h', 'a', 's', 's', 'e', 'l', 'b', 'a', 'c', 'h', '-', 'd', 'e', 'l', 'l', 'w', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "hatarisecurity.co.ke", true */ 'h', 'a', 't', 'a', 'r', 'i', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "hatcherlawgroupnm.com", true */ 'h', 'a', 't', 'c', 'h', 'e', 'r', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', 'n', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hatethe.uk", true */ 'h', 'a', 't', 'e', 't', 'h', 'e', '.', 'u', 'k', '\0',
+  /* "hatisenang.com", false */ 'h', 'a', 't', 'i', 's', 'e', 'n', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hatul.info", true */ 'h', 'a', 't', 'u', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "haucke.xyz", true */ 'h', 'a', 'u', 'c', 'k', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "hauntedfishtank.com", false */ 'h', 'a', 'u', 'n', 't', 'e', 'd', 'f', 'i', 's', 'h', 't', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "hauntedhouserecords.co.uk", true */ 'h', 'a', 'u', 'n', 't', 'e', 'd', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "haus-garten-test.de", true */ 'h', 'a', 'u', 's', '-', 'g', 'a', 'r', 't', 'e', 'n', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "haus-henne.de", true */ 'h', 'a', 'u', 's', '-', 'h', 'e', 'n', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "haushenne.de", true */ 'h', 'a', 'u', 's', 'h', 'e', 'n', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "hausundhof.com", true */ 'h', 'a', 'u', 's', 'u', 'n', 'd', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hausverbrauch.de", true */ 'h', 'a', 'u', 's', 'v', 'e', 'r', 'b', 'r', 'a', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "hautarztzentrum.ch", true */ 'h', 'a', 'u', 't', 'a', 'r', 'z', 't', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "hauteslatitudes.com", true */ 'h', 'a', 'u', 't', 'e', 's', 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "havasuhomepage.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'm', 'e', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "havasuinsurance.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "havasutacohacienda.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 't', 'a', 'c', 'o', 'h', 'a', 'c', 'i', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "haveabounce.co.uk", true */ 'h', 'a', 'v', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "haveforeningen-enghaven.dk", true */ 'h', 'a', 'v', 'e', 'f', 'o', 'r', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '-', 'e', 'n', 'g', 'h', 'a', 'v', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "havefunbiking.com", true */ 'h', 'a', 'v', 'e', 'f', 'u', 'n', 'b', 'i', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "haveibeenpwned.com", true */ 'h', 'a', 'v', 'e', 'i', 'b', 'e', 'e', 'n', 'p', 'w', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "havellab.de", true */ 'h', 'a', 'v', 'e', 'l', 'l', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "havelland-obstler.de", true */ 'h', 'a', 'v', 'e', 'l', 'l', 'a', 'n', 'd', '-', 'o', 'b', 's', 't', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "haven-moon.com", true */ 'h', 'a', 'v', 'e', 'n', '-', 'm', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "haven-staging.cloud", true */ 'h', 'a', 'v', 'e', 'n', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "haven.cloud", true */ 'h', 'a', 'v', 'e', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "hawaya.com", true */ 'h', 'a', 'w', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hawk-la.com", true */ 'h', 'a', 'w', 'k', '-', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hawkeyeinsight.com", true */ 'h', 'a', 'w', 'k', 'e', 'y', 'e', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hawkinsonkiaparts.com", true */ 'h', 'a', 'w', 'k', 'i', 'n', 's', 'o', 'n', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hawkofgeorgia.com", true */ 'h', 'a', 'w', 'k', 'o', 'f', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hawksguild.com", true */ 'h', 'a', 'w', 'k', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "haxdroid.com", true */ 'h', 'a', 'x', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "haxo.nl", false */ 'h', 'a', 'x', 'o', '.', 'n', 'l', '\0',
+  /* "hayai.space", true */ 'h', 'a', 'y', 'a', 'i', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "hayashi-rin.net", true */ 'h', 'a', 'y', 'a', 's', 'h', 'i', '-', 'r', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "hayden.one", true */ 'h', 'a', 'y', 'd', 'e', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "haydenjames.io", true */ 'h', 'a', 'y', 'd', 'e', 'n', 'j', 'a', 'm', 'e', 's', '.', 'i', 'o', '\0',
+  /* "hayfordoleary.com", true */ 'h', 'a', 'y', 'f', 'o', 'r', 'd', 'o', 'l', 'e', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "haynes-davis.com", true */ 'h', 'a', 'y', 'n', 'e', 's', '-', 'd', 'a', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "haz.cat", true */ 'h', 'a', 'z', '.', 'c', 'a', 't', '\0',
+  /* "haze.productions", true */ 'h', 'a', 'z', 'e', '.', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '\0',
+  /* "hazeover.com", true */ 'h', 'a', 'z', 'e', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hb8522.com", true */ 'h', 'b', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hbdesign.work", true */ 'h', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "hbkonsult.com", true */ 'h', 'b', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hboeck.de", true */ 'h', 'b', 'o', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "hbpowell.com", true */ 'h', 'b', 'p', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hcbj.io", true */ 'h', 'c', 'b', 'j', '.', 'i', 'o', '\0',
+  /* "hcfhomelottery.ca", true */ 'h', 'c', 'f', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "hcoe.fi", true */ 'h', 'c', 'o', 'e', '.', 'f', 'i', '\0',
+  /* "hd-gaming.com", true */ 'h', 'd', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hd-offensive.at", false */ 'h', 'd', '-', 'o', 'f', 'f', 'e', 'n', 's', 'i', 'v', 'e', '.', 'a', 't', '\0',
+  /* "hd-only.org", true */ 'h', 'd', '-', 'o', 'n', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "hd-outillage.com", true */ 'h', 'd', '-', 'o', 'u', 't', 'i', 'l', 'l', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hd1tj.org", true */ 'h', 'd', '1', 't', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "hda.me", true */ 'h', 'd', 'a', '.', 'm', 'e', '\0',
+  /* "hdc.cz", true */ 'h', 'd', 'c', '.', 'c', 'z', '\0',
+  /* "hdcenter.cc", true */ 'h', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'c', '\0',
+  /* "hdeaves.uk", true */ 'h', 'd', 'e', 'a', 'v', 'e', 's', '.', 'u', 'k', '\0',
+  /* "hdf.world", true */ 'h', 'd', 'f', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "hdfgroup.org", true */ 'h', 'd', 'f', 'g', 'r', 'o', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "hdguru.com", true */ 'h', 'd', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hdhoang.space", true */ 'h', 'd', 'h', 'o', 'a', 'n', 'g', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "hdrsource.com", true */ 'h', 'd', 'r', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hdrtranscon.com", true */ 'h', 'd', 'r', 't', 'r', 'a', 'n', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hds-lan.de", true */ 'h', 'd', 's', '-', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "hdy.nz", true */ 'h', 'd', 'y', '.', 'n', 'z', '\0',
+  /* "head.org", true */ 'h', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "head.ru", true */ 'h', 'e', 'a', 'd', '.', 'r', 'u', '\0',
+  /* "headjapan.com", true */ 'h', 'e', 'a', 'd', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "headlinepublishing.be", true */ 'h', 'e', 'a', 'd', 'l', 'i', 'n', 'e', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "headshotharp.de", true */ 'h', 'e', 'a', 'd', 's', 'h', 'o', 't', 'h', 'a', 'r', 'p', '.', 'd', 'e', '\0',
+  /* "health-match.com.au", true */ 'h', 'e', 'a', 'l', 't', 'h', '-', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "health-plan-news.com", true */ 'h', 'e', 'a', 'l', 't', 'h', '-', 'p', 'l', 'a', 'n', '-', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "health.graphics", true */ 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '\0',
+  /* "healthcare.gov", false */ 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "healtheals.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "healtheffectsofasbestos.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'f', 'f', 'e', 'c', 't', 's', 'o', 'f', 'a', 's', 'b', 'e', 's', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "healthery.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "healthfoam.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'f', 'o', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "healthiercompany.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'i', 'e', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "healthlabs.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "healthmatchapp.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'm', 'a', 't', 'c', 'h', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "healththoroughfare.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 't', 'h', 'o', 'r', 'o', 'u', 'g', 'h', 'f', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "healthy-map.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'y', '-', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "healthyfitfood.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'y', 'f', 'i', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "heap.zone", true */ 'h', 'e', 'a', 'p', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "hearmeraw.uk", true */ 'h', 'e', 'a', 'r', 'm', 'e', 'r', 'a', 'w', '.', 'u', 'k', '\0',
+  /* "heart.taxi", true */ 'h', 'e', 'a', 'r', 't', '.', 't', 'a', 'x', 'i', '\0',
+  /* "heartbeat24.de", true */ 'h', 'e', 'a', 'r', 't', 'b', 'e', 'a', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "heartgames.pl", true */ 'h', 'e', 'a', 'r', 't', 'g', 'a', 'm', 'e', 's', '.', 'p', 'l', '\0',
+  /* "heartmdinstitute.com", true */ 'h', 'e', 'a', 'r', 't', 'm', 'd', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "heartsucker.com", true */ 'h', 'e', 'a', 'r', 't', 's', 'u', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hearttruth.gov", true */ 'h', 'e', 'a', 'r', 't', 't', 'r', 'u', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "heartview.com.br", true */ 'h', 'e', 'a', 'r', 't', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "heartwoodart.com", true */ 'h', 'e', 'a', 'r', 't', 'w', 'o', 'o', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hearty.blog", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "hearty.cf", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'c', 'f', '\0',
+  /* "hearty.ga", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'g', 'a', '\0',
+  /* "hearty.me", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'm', 'e', '\0',
+  /* "hearty.taipei", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 't', 'a', 'i', 'p', 'e', 'i', '\0',
+  /* "hearty.tech", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 't', 'e', 'c', 'h', '\0',
+  /* "hearty.us", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'u', 's', '\0',
+  /* "heartyapp.com", true */ 'h', 'e', 'a', 'r', 't', 'y', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "heartycraft.com", true */ 'h', 'e', 'a', 'r', 't', 'y', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "heavenlyseals.com", true */ 'h', 'e', 'a', 'v', 'e', 'n', 'l', 'y', 's', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "heavensattic.co.uk", true */ 'h', 'e', 'a', 'v', 'e', 'n', 's', 'a', 't', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "heavensinferno.net", true */ 'h', 'e', 'a', 'v', 'e', 'n', 's', 'i', 'n', 'f', 'e', 'r', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "heavyequipments.org", true */ 'h', 'e', 'a', 'v', 'y', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hebergeurssd.com", true */ 'h', 'e', 'b', 'e', 'r', 'g', 'e', 'u', 'r', 's', 's', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hebikhiv.nl", true */ 'h', 'e', 'b', 'i', 'k', 'h', 'i', 'v', '.', 'n', 'l', '\0',
+  /* "hebriff.com", true */ 'h', 'e', 'b', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hec-espace-entreprise.ch", true */ 'h', 'e', 'c', '-', 'e', 's', 'p', 'a', 'c', 'e', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "hec.global", true */ 'h', 'e', 'c', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "hechamano.es", true */ 'h', 'e', 'c', 'h', 'a', 'm', 'a', 'n', 'o', '.', 'e', 's', '\0',
+  /* "heckelektro.de", true */ 'h', 'e', 'c', 'k', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "heckerundknopp.de", true */ 'h', 'e', 'c', 'k', 'e', 'r', 'u', 'n', 'd', 'k', 'n', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "heckticmedia.com", true */ 'h', 'e', 'c', 'k', 't', 'i', 'c', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hectorj.net", true */ 'h', 'e', 'c', 't', 'o', 'r', 'j', '.', 'n', 'e', 't', '\0',
+  /* "hedgeschool.ie", true */ 'h', 'e', 'd', 'g', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'i', 'e', '\0',
+  /* "hedonism.org", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "hedonistic-imperative.com", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 't', 'i', 'c', '-', 'i', 'm', 'p', 'e', 'r', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hedonistic.org", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "hedonium.com", true */ 'h', 'e', 'd', 'o', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hedweb.co.uk", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hedweb.com", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hedweb.net", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "hedweb.org", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "heeler.blue", true */ 'h', 'e', 'e', 'l', 'e', 'r', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "heeler.red", true */ 'h', 'e', 'e', 'l', 'e', 'r', '.', 'r', 'e', 'd', '\0',
+  /* "heello.es", true */ 'h', 'e', 'e', 'l', 'l', 'o', '.', 'e', 's', '\0',
+  /* "hefengautoparts.com", true */ 'h', 'e', 'f', 'e', 'n', 'g', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "heftkaufen.de", true */ 'h', 'e', 'f', 't', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hegen.com.pl", true */ 'h', 'e', 'g', 'e', 'n', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "hegen.cz", true */ 'h', 'e', 'g', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "hegen.sk", true */ 'h', 'e', 'g', 'e', 'n', '.', 's', 'k', '\0',
+  /* "hegenshop.de", true */ 'h', 'e', 'g', 'e', 'n', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "heh.ee", true */ 'h', 'e', 'h', '.', 'e', 'e', '\0',
+  /* "heha.co", false */ 'h', 'e', 'h', 'a', '.', 'c', 'o', '\0',
+  /* "heiaheia.com", true */ 'h', 'e', 'i', 'a', 'h', 'e', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "heid.ws", true */ 'h', 'e', 'i', 'd', '.', 'w', 's', '\0',
+  /* "heidisheroes.org", true */ 'h', 'e', 'i', 'd', 'i', 's', 'h', 'e', 'r', 'o', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "heikorichter.name", true */ 'h', 'e', 'i', 'k', 'o', 'r', 'i', 'c', 'h', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "heiland.io", true */ 'h', 'e', 'i', 'l', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "heiliger-gral.info", true */ 'h', 'e', 'i', 'l', 'i', 'g', 'e', 'r', '-', 'g', 'r', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "heilpraxis-bgl.de", true */ 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'b', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "heimatverein-eitensheim.de", true */ 'h', 'e', 'i', 'm', 'a', 't', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'e', 'i', 't', 'e', 'n', 's', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "heimonen.eu", true */ 'h', 'e', 'i', 'm', 'o', 'n', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "heimprofis.de", true */ 'h', 'e', 'i', 'm', 'p', 'r', 'o', 'f', 'i', 's', '.', 'd', 'e', '\0',
+  /* "heinpost.nl", false */ 'h', 'e', 'i', 'n', 'p', 'o', 's', 't', '.', 'n', 'l', '\0',
+  /* "heinzelmann.co", true */ 'h', 'e', 'i', 'n', 'z', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', '\0',
+  /* "heissluft-fritteuse.com", true */ 'h', 'e', 'i', 's', 's', 'l', 'u', 'f', 't', '-', 'f', 'r', 'i', 't', 't', 'e', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "heitland-it.de", true */ 'h', 'e', 'i', 't', 'l', 'a', 'n', 'd', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "hekeki.com", true */ 'h', 'e', 'k', 'e', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "helber-it-services.de", true */ 'h', 'e', 'l', 'b', 'e', 'r', '-', 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "helden-spielen.de", true */ 'h', 'e', 'l', 'd', 'e', 'n', '-', 's', 'p', 'i', 'e', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "heldenhalde.de", true */ 'h', 'e', 'l', 'd', 'e', 'n', 'h', 'a', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "heldundsexgott.de", true */ 'h', 'e', 'l', 'd', 'u', 'n', 'd', 's', 'e', 'x', 'g', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "hele.cz", true */ 'h', 'e', 'l', 'e', '.', 'c', 'z', '\0',
+  /* "helenaknowledge.com", true */ 'h', 'e', 'l', 'e', 'n', 'a', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "helenelefauconnier.com", true */ 'h', 'e', 'l', 'e', 'n', 'e', 'l', 'e', 'f', 'a', 'u', 'c', 'o', 'n', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "helenkellersimulator.org", true */ 'h', 'e', 'l', 'e', 'n', 'k', 'e', 'l', 'l', 'e', 'r', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "helichat.de", true */ 'h', 'e', 'l', 'i', 'c', 'h', 'a', 't', '.', 'd', 'e', '\0',
+  /* "helikon.ro", true */ 'h', 'e', 'l', 'i', 'k', 'o', 'n', '.', 'r', 'o', '\0',
+  /* "helioanodyne.eu", true */ 'h', 'e', 'l', 'i', 'o', 'a', 'n', 'o', 'd', 'y', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "helios4.com", true */ 'h', 'e', 'l', 'i', 'o', 's', '4', '.', 'c', 'o', 'm', '\0',
+  /* "heliosnet.com", true */ 'h', 'e', 'l', 'i', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "heliosvoting.org", true */ 'h', 'e', 'l', 'i', 'o', 's', 'v', 'o', 't', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "helix.am", true */ 'h', 'e', 'l', 'i', 'x', '.', 'a', 'm', '\0',
+  /* "helixflight.com", true */ 'h', 'e', 'l', 'i', 'x', 'f', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hell.sh", true */ 'h', 'e', 'l', 'l', '.', 's', 'h', '\0',
+  /* "hellenicaward.com", true */ 'h', 'e', 'l', 'l', 'e', 'n', 'i', 'c', 'a', 'w', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hellersgas.com", true */ 'h', 'e', 'l', 'l', 'e', 'r', 's', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "helles-koepfchen.de", true */ 'h', 'e', 'l', 'l', 'e', 's', '-', 'k', 'o', 'e', 'p', 'f', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hello-nestor.com", true */ 'h', 'e', 'l', 'l', 'o', '-', 'n', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "helloacm.com", true */ 'h', 'e', 'l', 'l', 'o', 'a', 'c', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "helloanselm.com", true */ 'h', 'e', 'l', 'l', 'o', 'a', 'n', 's', 'e', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hellomouse.cf", true */ 'h', 'e', 'l', 'l', 'o', 'm', 'o', 'u', 's', 'e', '.', 'c', 'f', '\0',
+  /* "hellotandem.com", true */ 'h', 'e', 'l', 'l', 'o', 't', 'a', 'n', 'd', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hellothought.net", true */ 'h', 'e', 'l', 'l', 'o', 't', 'h', 'o', 'u', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "help.simpletax.ca", true */ 'h', 'e', 'l', 'p', '.', 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "helpconnect.com.au", true */ 'h', 'e', 'l', 'p', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "helpdebit.com", true */ 'h', 'e', 'l', 'p', 'd', 'e', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "helpfacile.com", true */ 'h', 'e', 'l', 'p', 'f', 'a', 'c', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "helpfixe.com", true */ 'h', 'e', 'l', 'p', 'f', 'i', 'x', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "helpflux.com", true */ 'h', 'e', 'l', 'p', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "helpgerer.com", true */ 'h', 'e', 'l', 'p', 'g', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "helpgoabroad.com", true */ 'h', 'e', 'l', 'p', 'g', 'o', 'a', 'b', 'r', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "helpmij.cf", true */ 'h', 'e', 'l', 'p', 'm', 'i', 'j', '.', 'c', 'f', '\0',
+  /* "helppresta.com", true */ 'h', 'e', 'l', 'p', 'p', 'r', 'e', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "helpstarloja.com.br", true */ 'h', 'e', 'l', 'p', 's', 't', 'a', 'r', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "helsinki.dating", true */ 'h', 'e', 'l', 's', 'i', 'n', 'k', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "helup.com", true */ 'h', 'e', 'l', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "helvella.de", true */ 'h', 'e', 'l', 'v', 'e', 'l', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "hematoonkologia.pl", true */ 'h', 'e', 'm', 'a', 't', 'o', 'o', 'n', 'k', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "hemdal.se", true */ 'h', 'e', 'm', 'd', 'a', 'l', '.', 's', 'e', '\0',
+  /* "hemnet.se", true */ 'h', 'e', 'm', 'n', 'e', 't', '.', 's', 'e', '\0',
+  /* "hen.ne.ke", true */ 'h', 'e', 'n', '.', 'n', 'e', '.', 'k', 'e', '\0',
+  /* "hendric.us", true */ 'h', 'e', 'n', 'd', 'r', 'i', 'c', '.', 'u', 's', '\0',
+  /* "hendrinortier.nl", true */ 'h', 'e', 'n', 'd', 'r', 'i', 'n', 'o', 'r', 't', 'i', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "hendyisaac.com", true */ 'h', 'e', 'n', 'd', 'y', 'i', 's', 'a', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hengelsportdeal.com", true */ 'h', 'e', 'n', 'g', 'e', 'l', 's', 'p', 'o', 'r', 't', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hengstumone.com", true */ 'h', 'e', 'n', 'g', 's', 't', 'u', 'm', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "henhenlu.com", true */ 'h', 'e', 'n', 'h', 'e', 'n', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "henkbrink.com", true */ 'h', 'e', 'n', 'k', 'b', 'r', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "henker.net", true */ 'h', 'e', 'n', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "henkverlinde.com", false */ 'h', 'e', 'n', 'k', 'v', 'e', 'r', 'l', 'i', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "henleybouncycastles.co.uk", true */ 'h', 'e', 'n', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hennadesigns.org", true */ 'h', 'e', 'n', 'n', 'a', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hennecke-forstbetrieb.de", true */ 'h', 'e', 'n', 'n', 'e', 'c', 'k', 'e', '-', 'f', 'o', 'r', 's', 't', 'b', 'e', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "henneke.me", true */ 'h', 'e', 'n', 'n', 'e', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "hennymerkel.com", true */ 'h', 'e', 'n', 'n', 'y', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "henok.eu", true */ 'h', 'e', 'n', 'o', 'k', '.', 'e', 'u', '\0',
+  /* "henriksen.is", true */ 'h', 'e', 'n', 'r', 'i', 'k', 's', 'e', 'n', '.', 'i', 's', '\0',
+  /* "henrikwelk.de", true */ 'h', 'e', 'n', 'r', 'i', 'k', 'w', 'e', 'l', 'k', '.', 'd', 'e', '\0',
+  /* "henrock.net", true */ 'h', 'e', 'n', 'r', 'o', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "henry.gg", true */ 'h', 'e', 'n', 'r', 'y', '.', 'g', 'g', '\0',
+  /* "henryphan.com", false */ 'h', 'e', 'n', 'r', 'y', 'p', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hentschke-bau.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'b', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "hentschke-betonfertigteilwerk.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'b', 'e', 't', 'o', 'n', 'f', 'e', 'r', 't', 'i', 'g', 't', 'e', 'i', 'l', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "hentschke-invest.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'i', 'n', 'v', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "heppler.net", true */ 'h', 'e', 'p', 'p', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "heptafrogs.de", true */ 'h', 'e', 'p', 't', 'a', 'f', 'r', 'o', 'g', 's', '.', 'd', 'e', '\0',
+  /* "hepteract.us", true */ 'h', 'e', 'p', 't', 'e', 'r', 'a', 'c', 't', '.', 'u', 's', '\0',
+  /* "heptner24.de", true */ 'h', 'e', 'p', 't', 'n', 'e', 'r', '2', '4', '.', 'd', 'e', '\0',
+  /* "her25.com", true */ 'h', 'e', 'r', '2', '5', '.', 'c', 'o', 'm', '\0',
+  /* "herbal-id.com", true */ 'h', 'e', 'r', 'b', 'a', 'l', '-', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "herberichfamily.com", true */ 'h', 'e', 'r', 'b', 'e', 'r', 'i', 'c', 'h', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "herbert.io", true */ 'h', 'e', 'r', 'b', 'e', 'r', 't', '.', 'i', 'o', '\0',
+  /* "herbweb.net", true */ 'h', 'e', 'r', 'b', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "herbweb.org", true */ 'h', 'e', 'r', 'b', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "herculex.fi", true */ 'h', 'e', 'r', 'c', 'u', 'l', 'e', 'x', '.', 'f', 'i', '\0',
+  /* "herds.eu", true */ 'h', 'e', 'r', 'd', 's', '.', 'e', 'u', '\0',
+  /* "herdserv.de", true */ 'h', 'e', 'r', 'd', 's', 'e', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "herebedragons.io", true */ 'h', 'e', 'r', 'e', 'b', 'e', 'd', 'r', 'a', 'g', 'o', 'n', 's', '.', 'i', 'o', '\0',
+  /* "herecsrymy.cz", true */ 'h', 'e', 'r', 'e', 'c', 's', 'r', 'y', 'm', 'y', '.', 'c', 'z', '\0',
+  /* "heritagebaptistchurch.com.ph", true */ 'h', 'e', 'r', 'i', 't', 'a', 'g', 'e', 'b', 'a', 'p', 't', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "hermanbrouwer.nl", true */ 'h', 'e', 'r', 'm', 'a', 'n', 'b', 'r', 'o', 'u', 'w', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "hermes-net.de", true */ 'h', 'e', 'r', 'm', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "hermes-servizi.it", true */ 'h', 'e', 'r', 'm', 'e', 's', '-', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0',
+  /* "herndl.org", true */ 'h', 'e', 'r', 'n', 'd', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "herni-kupony.cz", true */ 'h', 'e', 'r', 'n', 'i', '-', 'k', 'u', 'p', 'o', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "herocentral.de", true */ 'h', 'e', 'r', 'o', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "herohirehq.co.uk", true */ 'h', 'e', 'r', 'o', 'h', 'i', 'r', 'e', 'h', 'q', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "heroicpixel.com", true */ 'h', 'e', 'r', 'o', 'i', 'c', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "heroku.com", true */ 'h', 'e', 'r', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "herr-webdesign.de", true */ 'h', 'e', 'r', 'r', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "herrderzeit.de", true */ 'h', 'e', 'r', 'r', 'd', 'e', 'r', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "herringsresidence.be", true */ 'h', 'e', 'r', 'r', 'i', 'n', 'g', 's', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'b', 'e', '\0',
+  /* "herrsmith.com", true */ 'h', 'e', 'r', 'r', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hertsbouncycastles.com", true */ 'h', 'e', 'r', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hertz.bj", true */ 'h', 'e', 'r', 't', 'z', '.', 'b', 'j', '\0',
+  /* "herzig.cc", true */ 'h', 'e', 'r', 'z', 'i', 'g', '.', 'c', 'c', '\0',
+  /* "hesaplama.net", true */ 'h', 'e', 's', 'a', 'p', 'l', 'a', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "hessen-liebe.de", true */ 'h', 'e', 's', 's', 'e', 'n', '-', 'l', 'i', 'e', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "hetene.nl", true */ 'h', 'e', 't', 'e', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "hethely.ch", true */ 'h', 'e', 't', 'h', 'e', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "heute-kaufen.de", true */ 'h', 'e', 'u', 't', 'e', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "heverhagen.rocks", true */ 'h', 'e', 'v', 'e', 'r', 'h', 'a', 'g', 'e', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "hevertonfreitas.com.br", true */ 'h', 'e', 'v', 'e', 'r', 't', 'o', 'n', 'f', 'r', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hex.bz", true */ 'h', 'e', 'x', '.', 'b', 'z', '\0',
+  /* "hexacon.io", true */ 'h', 'e', 'x', 'a', 'c', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "hexagon-e.com", true */ 'h', 'e', 'x', 'a', 'g', 'o', 'n', '-', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hexapt.com", true */ 'h', 'e', 'x', 'a', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hexe.net", true */ 'h', 'e', 'x', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hexed.it", true */ 'h', 'e', 'x', 'e', 'd', '.', 'i', 't', '\0',
+  /* "hexicurity.com", true */ 'h', 'e', 'x', 'i', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hexid.me", true */ 'h', 'e', 'x', 'i', 'd', '.', 'm', 'e', '\0',
+  /* "hexieshe.com", true */ 'h', 'e', 'x', 'i', 'e', 's', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hexo.io", true */ 'h', 'e', 'x', 'o', '.', 'i', 'o', '\0',
+  /* "hexony.com", true */ 'h', 'e', 'x', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hexr.org", true */ 'h', 'e', 'x', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "hexxagon.com", true */ 'h', 'e', 'x', 'x', 'a', 'g', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "heycms.com", false */ 'h', 'e', 'y', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hfbg.nl", true */ 'h', 'f', 'b', 'g', '.', 'n', 'l', '\0',
+  /* "hg.python.org", true */ 'h', 'g', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "hg0088.vip", true */ 'h', 'g', '0', '0', '8', '8', '.', 'v', 'i', 'p', '\0',
+  /* "hg718.com", true */ 'h', 'g', '7', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hg71801.com", true */ 'h', 'g', '7', '1', '8', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71802.com", true */ 'h', 'g', '7', '1', '8', '0', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71803.com", true */ 'h', 'g', '7', '1', '8', '0', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hg71805.com", true */ 'h', 'g', '7', '1', '8', '0', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hg71806.com", true */ 'h', 'g', '7', '1', '8', '0', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hg71807.com", true */ 'h', 'g', '7', '1', '8', '0', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hg71809.com", true */ 'h', 'g', '7', '1', '8', '0', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hg71811.com", true */ 'h', 'g', '7', '1', '8', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71812.com", true */ 'h', 'g', '7', '1', '8', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71813.com", true */ 'h', 'g', '7', '1', '8', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hg71815.com", true */ 'h', 'g', '7', '1', '8', '1', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hg71819.com", true */ 'h', 'g', '7', '1', '8', '1', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hg71822.com", true */ 'h', 'g', '7', '1', '8', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71833.com", true */ 'h', 'g', '7', '1', '8', '3', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hg71835.com", true */ 'h', 'g', '7', '1', '8', '3', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hg71836.com", true */ 'h', 'g', '7', '1', '8', '3', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hg71837.com", true */ 'h', 'g', '7', '1', '8', '3', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hg71839.com", true */ 'h', 'g', '7', '1', '8', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hg71850.com", true */ 'h', 'g', '7', '1', '8', '5', '0', '.', 'c', 'o', 'm', '\0',
+  /* "hg71851.com", true */ 'h', 'g', '7', '1', '8', '5', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71852.com", true */ 'h', 'g', '7', '1', '8', '5', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71856.com", true */ 'h', 'g', '7', '1', '8', '5', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hg71857.com", true */ 'h', 'g', '7', '1', '8', '5', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hg71858.com", true */ 'h', 'g', '7', '1', '8', '5', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hg71860.com", true */ 'h', 'g', '7', '1', '8', '6', '0', '.', 'c', 'o', 'm', '\0',
+  /* "hg71861.com", true */ 'h', 'g', '7', '1', '8', '6', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71863.com", true */ 'h', 'g', '7', '1', '8', '6', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hga8586.com", true */ 'h', 'g', 'a', '8', '5', '8', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hga8587.com", true */ 'h', 'g', 'a', '8', '5', '8', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hga8685.com", true */ 'h', 'g', 'a', '8', '6', '8', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hga8687.com", true */ 'h', 'g', 'a', '8', '6', '8', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hga8689.com", true */ 'h', 'g', 'a', '8', '6', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hga8757.com", true */ 'h', 'g', 'a', '8', '7', '5', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hga8758.com", true */ 'h', 'g', 'a', '8', '7', '5', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hgbet.com", true */ 'h', 'g', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hgfa.fi", true */ 'h', 'g', 'f', 'a', '.', 'f', 'i', '\0',
+  /* "hgw168.com", true */ 'h', 'g', 'w', '1', '6', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hh-medic.com", true */ 'h', 'h', '-', 'm', 'e', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hhgdo.de", true */ 'h', 'h', 'g', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "hhhdb.com", true */ 'h', 'h', 'h', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hhidr.org", true */ 'h', 'h', 'i', 'd', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "hhmmmm.de", true */ 'h', 'h', 'm', 'm', 'm', 'm', '.', 'd', 'e', '\0',
+  /* "hhs.gov", true */ 'h', 'h', 's', '.', 'g', 'o', 'v', '\0',
+  /* "hialatv.com", true */ 'h', 'i', 'a', 'l', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "hiccupsandjuice.co.uk", true */ 'h', 'i', 'c', 'c', 'u', 'p', 's', 'a', 'n', 'd', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hickorywinecellar.com", true */ 'h', 'i', 'c', 'k', 'o', 'r', 'y', 'w', 'i', 'n', 'e', 'c', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hicl.org", true */ 'h', 'i', 'c', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "hicoria.com", true */ 'h', 'i', 'c', 'o', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hidbo.de", true */ 'h', 'i', 'd', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "hiddenhillselectrical.com", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hiddenmalta.net", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'm', 'a', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "hiddenprocess.com", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hideallip.com", true */ 'h', 'i', 'd', 'e', 'a', 'l', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hidedd.com", true */ 'h', 'i', 'd', 'e', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hideouswebsite.com", true */ 'h', 'i', 'd', 'e', 'o', 'u', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hidroshop.com.br", true */ 'h', 'i', 'd', 'r', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hieu.com.au", true */ 'h', 'i', 'e', 'u', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "higgstools.org", true */ 'h', 'i', 'g', 'g', 's', 't', 'o', 'o', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "highland-webcams.com", true */ 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', '-', 'w', 'e', 'b', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "highlandparkcog.org", true */ 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 'p', 'a', 'r', 'k', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "highlatitudestravel.com", true */ 'h', 'i', 'g', 'h', 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "highlegshop.com", true */ 'h', 'i', 'g', 'h', 'l', 'e', 'g', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "highlevelwoodlands.com", true */ 'h', 'i', 'g', 'h', 'l', 'e', 'v', 'e', 'l', 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "highlnk.com", true */ 'h', 'i', 'g', 'h', 'l', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "highspeed-arnsberg.de", true */ 'h', 'i', 'g', 'h', 's', 'p', 'e', 'e', 'd', '-', 'a', 'r', 'n', 's', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "hightechbasementsystems.com", true */ 'h', 'i', 'g', 'h', 't', 'e', 'c', 'h', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hightimes.com", true */ 'h', 'i', 'g', 'h', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "highwaytohoell.de", true */ 'h', 'i', 'g', 'h', 'w', 'a', 'y', 't', 'o', 'h', 'o', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "higilopocht.li", true */ 'h', 'i', 'g', 'i', 'l', 'o', 'p', 'o', 'c', 'h', 't', '.', 'l', 'i', '\0',
+  /* "higp.de", true */ 'h', 'i', 'g', 'p', '.', 'd', 'e', '\0',
+  /* "hijoan.com", true */ 'h', 'i', 'j', 'o', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hik-cloud.com", true */ 'h', 'i', 'k', '-', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hikagestudios.com", true */ 'h', 'i', 'k', 'a', 'g', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hike.pics", true */ 'h', 'i', 'k', 'e', '.', 'p', 'i', 'c', 's', '\0',
+  /* "hikinggearlab.com", true */ 'h', 'i', 'k', 'i', 'n', 'g', 'g', 'e', 'a', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hikingguy.com", true */ 'h', 'i', 'k', 'i', 'n', 'g', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hilahdih.cz", true */ 'h', 'i', 'l', 'a', 'h', 'd', 'i', 'h', '.', 'c', 'z', '\0',
+  /* "hilaolu.com", true */ 'h', 'i', 'l', 'a', 'o', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hilaolu.studio", true */ 'h', 'i', 'l', 'a', 'o', 'l', 'u', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "hilchenba.ch", true */ 'h', 'i', 'l', 'c', 'h', 'e', 'n', 'b', 'a', '.', 'c', 'h', '\0',
+  /* "hilfreiche-server.tips", true */ 'h', 'i', 'l', 'f', 'r', 'e', 'i', 'c', 'h', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 't', 'i', 'p', 's', '\0',
+  /* "hilhorst-uitvaartverzorging.nl", true */ 'h', 'i', 'l', 'h', 'o', 'r', 's', 't', '-', 'u', 'i', 't', 'v', 'a', 'a', 'r', 't', 'v', 'e', 'r', 'z', 'o', 'r', 'g', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hillebrand.io", true */ 'h', 'i', 'l', 'l', 'e', 'b', 'r', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "hillsboroccpa.org", true */ 'h', 'i', 'l', 'l', 's', 'b', 'o', 'r', 'o', 'c', 'c', 'p', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "hilnu.com", true */ 'h', 'i', 'l', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hilti.ee", false */ 'h', 'i', 'l', 't', 'i', '.', 'e', 'e', '\0',
+  /* "hilti.kz", false */ 'h', 'i', 'l', 't', 'i', '.', 'k', 'z', '\0',
+  /* "hilti.lv", false */ 'h', 'i', 'l', 't', 'i', '.', 'l', 'v', '\0',
+  /* "hiltonarubabeachservices.com", true */ 'h', 'i', 'l', 't', 'o', 'n', 'a', 'r', 'u', 'b', 'a', 'b', 'e', 'a', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hiltonhyland.com", true */ 'h', 'i', 'l', 't', 'o', 'n', 'h', 'y', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "himens.com", false */ 'h', 'i', 'm', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hindmanfuneralhomes.com", true */ 'h', 'i', 'n', 'd', 'm', 'a', 'n', 'f', 'u', 'n', 'e', 'r', 'a', 'l', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hingle.me", true */ 'h', 'i', 'n', 'g', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "hinrich.de", true */ 'h', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "hintergrundbewegung.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'g', 'r', 'u', 'n', 'd', 'b', 'e', 'w', 'e', 'g', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "hinterhofbu.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'h', 'o', 'f', 'b', 'u', '.', 'd', 'e', '\0',
+  /* "hinterposemuckel.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'p', 'o', 's', 'e', 'm', 'u', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "hintss.pw", true */ 'h', 'i', 'n', 't', 's', 's', '.', 'p', 'w', '\0',
+  /* "hiphop.ren", true */ 'h', 'i', 'p', 'h', 'o', 'p', '.', 'r', 'e', 'n', '\0',
+  /* "hipi.jp", true */ 'h', 'i', 'p', 'i', '.', 'j', 'p', '\0',
+  /* "hippies.com.br", true */ 'h', 'i', 'p', 'p', 'i', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hippo.ge", true */ 'h', 'i', 'p', 'p', 'o', '.', 'g', 'e', '\0',
+  /* "hippomovers.com", true */ 'h', 'i', 'p', 'p', 'o', 'm', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hippopotamuses.org", true */ 'h', 'i', 'p', 'p', 'o', 'p', 'o', 't', 'a', 'm', 'u', 's', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hips.com", true */ 'h', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hipstercat.fr", true */ 'h', 'i', 'p', 's', 't', 'e', 'r', 'c', 'a', 't', '.', 'f', 'r', '\0',
+  /* "hiqfleet.co.uk", true */ 'h', 'i', 'q', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hiqfranchise.co.uk", true */ 'h', 'i', 'q', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hiqonline.co.uk", true */ 'h', 'i', 'q', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hirake55.com", true */ 'h', 'i', 'r', 'a', 'k', 'e', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hiraku.me", false */ 'h', 'i', 'r', 'a', 'k', 'u', '.', 'm', 'e', '\0',
+  /* "hiratake.xyz", true */ 'h', 'i', 'r', 'a', 't', 'a', 'k', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "hire-a-coder.de", true */ 'h', 'i', 'r', 'e', '-', 'a', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "hireabouncycastle.net", true */ 'h', 'i', 'r', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hiresteve.ca", true */ 'h', 'i', 'r', 'e', 's', 't', 'e', 'v', 'e', '.', 'c', 'a', '\0',
+  /* "hiresuccessstaffing.com", true */ 'h', 'i', 'r', 'e', 's', 'u', 'c', 'c', 'e', 's', 's', 's', 't', 'a', 'f', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hiretech.com", true */ 'h', 'i', 'r', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hirezzportal.com", true */ 'h', 'i', 'r', 'e', 'z', 'z', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hirotaka.org", true */ 'h', 'i', 'r', 'o', 't', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "hirzaconsult.ro", true */ 'h', 'i', 'r', 'z', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'r', 'o', '\0',
+  /* "hisbrucker.net", true */ 'h', 'i', 's', 'b', 'r', 'u', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "hisnet.de", true */ 'h', 'i', 's', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "hispanic.dating", true */ 'h', 'i', 's', 'p', 'a', 'n', 'i', 'c', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "histoire-cite.ch", true */ 'h', 'i', 's', 't', 'o', 'i', 'r', 'e', '-', 'c', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "histoire-theatre.com", true */ 'h', 'i', 's', 't', 'o', 'i', 'r', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "historia-arte.com", true */ 'h', 'i', 's', 't', 'o', 'r', 'i', 'a', '-', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "history.google.com", true */ 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "history.pe", true */ 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'p', 'e', '\0',
+  /* "hiteco.com", true */ 'h', 'i', 't', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hitmanstat.us", true */ 'h', 'i', 't', 'm', 'a', 'n', 's', 't', 'a', 't', '.', 'u', 's', '\0',
+  /* "hitoapi.cc", true */ 'h', 'i', 't', 'o', 'a', 'p', 'i', '.', 'c', 'c', '\0',
+  /* "hitocom.net.br", true */ 'h', 'i', 't', 'o', 'c', 'o', 'm', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "hitter-lauzon.com", true */ 'h', 'i', 't', 't', 'e', 'r', '-', 'l', 'a', 'u', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hitter.family", true */ 'h', 'i', 't', 't', 'e', 'r', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "hitterfamily.com", true */ 'h', 'i', 't', 't', 'e', 'r', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hiv-symptome.de", true */ 'h', 'i', 'v', '-', 's', 'y', 'm', 'p', 't', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "hivatal-info.hu", true */ 'h', 'i', 'v', 'a', 't', 'a', 'l', '-', 'i', 'n', 'f', 'o', '.', 'h', 'u', '\0',
+  /* "hivatalinfo.hu", true */ 'h', 'i', 'v', 'a', 't', 'a', 'l', 'i', 'n', 'f', 'o', '.', 'h', 'u', '\0',
+  /* "hiverlune.net", true */ 'h', 'i', 'v', 'e', 'r', 'l', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hiwiki.tk", true */ 'h', 'i', 'w', 'i', 'k', 'i', '.', 't', 'k', '\0',
+  /* "hiyacar.co.uk", true */ 'h', 'i', 'y', 'a', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hiyuki2578.net", true */ 'h', 'i', 'y', 'u', 'k', 'i', '2', '5', '7', '8', '.', 'n', 'e', 't', '\0',
+  /* "hizzacked.xxx", true */ 'h', 'i', 'z', 'z', 'a', 'c', 'k', 'e', 'd', '.', 'x', 'x', 'x', '\0',
+  /* "hj.rs", true */ 'h', 'j', '.', 'r', 's', '\0',
+  /* "hjartasmarta.se", true */ 'h', 'j', 'a', 'r', 't', 'a', 's', 'm', 'a', 'r', 't', 'a', '.', 's', 'e', '\0',
+  /* "hjes.com.ve", true */ 'h', 'j', 'e', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "hjf-immobilien.de", true */ 'h', 'j', 'f', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hjortland.org", true */ 'h', 'j', 'o', 'r', 't', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "hjw-kunstwerk.de", true */ 'h', 'j', 'w', '-', 'k', 'u', 'n', 's', 't', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "hk.search.yahoo.com", false */ 'h', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hkdobrev.com", true */ 'h', 'k', 'd', 'o', 'b', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "hknet.at", true */ 'h', 'k', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "hkustmbajp.com", true */ 'h', 'k', 'u', 's', 't', 'm', 'b', 'a', 'j', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hl7999.com", true */ 'h', 'l', '7', '9', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hlacosedora.com", true */ 'h', 'l', 'a', 'c', 'o', 's', 'e', 'd', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hlavacek.us", true */ 'h', 'l', 'a', 'v', 'a', 'c', 'e', 'k', '.', 'u', 's', '\0',
+  /* "hledejlevne.cz", true */ 'h', 'l', 'e', 'd', 'e', 'j', 'l', 'e', 'v', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "hledejpravnika.cz", true */ 'h', 'l', 'e', 'd', 'e', 'j', 'p', 'r', 'a', 'v', 'n', 'i', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "hlfh.space", true */ 'h', 'l', 'f', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "hloe0xff.ru", true */ 'h', 'l', 'o', 'e', '0', 'x', 'f', 'f', '.', 'r', 'u', '\0',
+  /* "hlsmandarincentre.com", true */ 'h', 'l', 's', 'm', 'a', 'n', 'd', 'a', 'r', 'i', 'n', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hlucas.de", true */ 'h', 'l', 'u', 'c', 'a', 's', '.', 'd', 'e', '\0',
+  /* "hm1ch.com", true */ 'h', 'm', '1', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hm773.net", true */ 'h', 'm', '7', '7', '3', '.', 'n', 'e', 't', '\0',
+  /* "hmhotelec.com", false */ 'h', 'm', 'h', 'o', 't', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hmoegirl.com", true */ 'h', 'm', 'o', 'e', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hms-waldmann.de", true */ 'h', 'm', 's', '-', 'w', 'a', 'l', 'd', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "hn.search.yahoo.com", false */ 'h', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hoahau.org", true */ 'h', 'o', 'a', 'h', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "hobby-drechselei.de", true */ 'h', 'o', 'b', 'b', 'y', '-', 'd', 'r', 'e', 'c', 'h', 's', 'e', 'l', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "hobby-gamerz-community.de", true */ 'h', 'o', 'b', 'b', 'y', '-', 'g', 'a', 'm', 'e', 'r', 'z', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "hobbyspeed.com", true */ 'h', 'o', 'b', 'b', 'y', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hochhaus.us", true */ 'h', 'o', 'c', 'h', 'h', 'a', 'u', 's', '.', 'u', 's', '\0',
+  /* "hochoukikikiraku.com", true */ 'h', 'o', 'c', 'h', 'o', 'u', 'k', 'i', 'k', 'i', 'k', 'i', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hochzeit-dana-laurens.de", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', '-', 'd', 'a', 'n', 'a', '-', 'l', 'a', 'u', 'r', 'e', 'n', 's', '.', 'd', 'e', '\0',
+  /* "hochzeitsfotograf-deinfoto.ch", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', 's', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "hochzeitshelferlein.de", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', 's', 'h', 'e', 'l', 'f', 'e', 'r', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "hockeyapp.ch", true */ 'h', 'o', 'c', 'k', 'e', 'y', 'a', 'p', 'p', '.', 'c', 'h', '\0',
+  /* "hockeymotion.ch", true */ 'h', 'o', 'c', 'k', 'e', 'y', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "hodgephotography.com", true */ 'h', 'o', 'd', 'g', 'e', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hoe.re", true */ 'h', 'o', 'e', '.', 'r', 'e', '\0',
+  /* "hoeft-autolackierung.de", true */ 'h', 'o', 'e', 'f', 't', '-', 'a', 'u', 't', 'o', 'l', 'a', 'c', 'k', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "hoekvanholland.eu", true */ 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "hoelty.network", true */ 'h', 'o', 'e', 'l', 't', 'y', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "hoesnelwasik.nl", true */ 'h', 'o', 'e', 's', 'n', 'e', 'l', 'w', 'a', 's', 'i', 'k', '.', 'n', 'l', '\0',
+  /* "hoewler.ch", true */ 'h', 'o', 'e', 'w', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "hoezzi.nl", true */ 'h', 'o', 'e', 'z', 'z', 'i', '.', 'n', 'l', '\0',
+  /* "hoffens.se", true */ 'h', 'o', 'f', 'f', 'e', 'n', 's', '.', 's', 'e', '\0',
+  /* "hoflerlawfirm.com", true */ 'h', 'o', 'f', 'l', 'e', 'r', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hogl.dk", true */ 'h', 'o', 'g', 'l', '.', 'd', 'k', '\0',
+  /* "hogrebe.de", true */ 'h', 'o', 'g', 'r', 'e', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "hohnet.com", true */ 'h', 'o', 'h', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hoikuen-now.top", true */ 'h', 'o', 'i', 'k', 'u', 'e', 'n', '-', 'n', 'o', 'w', '.', 't', 'o', 'p', '\0',
+  /* "hoiquanadida.com", true */ 'h', 'o', 'i', 'q', 'u', 'a', 'n', 'a', 'd', 'i', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hoken-wakaru.jp", true */ 'h', 'o', 'k', 'e', 'n', '-', 'w', 'a', 'k', 'a', 'r', 'u', '.', 'j', 'p', '\0',
+  /* "hokieprivacy.org", true */ 'h', 'o', 'k', 'i', 'e', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "hokify.at", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'a', 't', '\0',
+  /* "hokify.ch", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'c', 'h', '\0',
+  /* "hokify.de", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'd', 'e', '\0',
+  /* "hokioisecurity.com", true */ 'h', 'o', 'k', 'i', 'o', 'i', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "holad.de", true */ 'h', 'o', 'l', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "holboxwhalesharktours.com", true */ 'h', 'o', 'l', 'b', 'o', 'x', 'w', 'h', 'a', 'l', 'e', 's', 'h', 'a', 'r', 'k', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "holebedeljek.hu", true */ 'h', 'o', 'l', 'e', 'b', 'e', 'd', 'e', 'l', 'j', 'e', 'k', '.', 'h', 'u', '\0',
+  /* "holidaysportugal.eu", true */ 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "holisticacupuncture.com.au", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'a', 'c', 'u', 'p', 'u', 'n', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "holistichealer.in", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'h', 'e', 'a', 'l', 'e', 'r', '.', 'i', 'n', '\0',
+  /* "holisticon.de", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "hollandguns.com", true */ 'h', 'o', 'l', 'l', 'a', 'n', 'd', 'g', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hollermann.eu", true */ 'h', 'o', 'l', 'l', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "hollo.me", true */ 'h', 'o', 'l', 'l', 'o', '.', 'm', 'e', '\0',
+  /* "hollowrap.com", true */ 'h', 'o', 'l', 'l', 'o', 'w', 'r', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hollyforrest.ca", true */ 'h', 'o', 'l', 'l', 'y', 'f', 'o', 'r', 'r', 'e', 's', 't', '.', 'c', 'a', '\0',
+  /* "hollyforrestphotography.ca", true */ 'h', 'o', 'l', 'l', 'y', 'f', 'o', 'r', 'r', 'e', 's', 't', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'a', '\0',
+  /* "holmesian.org", true */ 'h', 'o', 'l', 'm', 'e', 's', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "holo.ovh", true */ 'h', 'o', 'l', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "holodeck.us", true */ 'h', 'o', 'l', 'o', 'd', 'e', 'c', 'k', '.', 'u', 's', '\0',
+  /* "holofono.com", true */ 'h', 'o', 'l', 'o', 'f', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "holowaty.me", true */ 'h', 'o', 'l', 'o', 'w', 'a', 't', 'y', '.', 'm', 'e', '\0',
+  /* "holoxplor.space", true */ 'h', 'o', 'l', 'o', 'x', 'p', 'l', 'o', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "holvonix.com", true */ 'h', 'o', 'l', 'v', 'o', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "holy-hi.com", true */ 'h', 'o', 'l', 'y', '-', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "holydragoon.jp", true */ 'h', 'o', 'l', 'y', 'd', 'r', 'a', 'g', 'o', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "holygrail.games", true */ 'h', 'o', 'l', 'y', 'g', 'r', 'a', 'i', 'l', '.', 'g', 'a', 'm', 'e', 's', '\0',
+  /* "holyhiphopdatabase.com", true */ 'h', 'o', 'l', 'y', 'h', 'i', 'p', 'h', 'o', 'p', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "holymolycasinos.com", true */ 'h', 'o', 'l', 'y', 'm', 'o', 'l', 'y', 'c', 'a', 's', 'i', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "holytransaction.com", true */ 'h', 'o', 'l', 'y', 't', 'r', 'a', 'n', 's', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "holywhite.com", true */ 'h', 'o', 'l', 'y', 'w', 'h', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "holz.nu", true */ 'h', 'o', 'l', 'z', '.', 'n', 'u', '\0',
+  /* "holzheizer-forum.de", true */ 'h', 'o', 'l', 'z', 'h', 'e', 'i', 'z', 'e', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "holzheizerforum.de", true */ 'h', 'o', 'l', 'z', 'h', 'e', 'i', 'z', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "holzspielzeug-shop.ch", true */ 'h', 'o', 'l', 'z', 's', 'p', 'i', 'e', 'l', 'z', 'e', 'u', 'g', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "holzvergaser-forum.de", true */ 'h', 'o', 'l', 'z', 'v', 'e', 'r', 'g', 'a', 's', 'e', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "homatism.com", true */ 'h', 'o', 'm', 'a', 't', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "home-cloud.online", true */ 'h', 'o', 'm', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "home-coaching.be", true */ 'h', 'o', 'm', 'e', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "home-v.ind.in", true */ 'h', 'o', 'm', 'e', '-', 'v', '.', 'i', 'n', 'd', '.', 'i', 'n', '\0',
+  /* "home-work-jobs.com", true */ 'h', 'o', 'm', 'e', '-', 'w', 'o', 'r', 'k', '-', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "homeautomated.com", true */ 'h', 'o', 'm', 'e', 'a', 'u', 't', 'o', 'm', 'a', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "homebasedsalons.com.au", true */ 'h', 'o', 'm', 'e', 'b', 'a', 's', 'e', 'd', 's', 'a', 'l', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "homebodyalberta.com", true */ 'h', 'o', 'm', 'e', 'b', 'o', 'd', 'y', 'a', 'l', 'b', 'e', 'r', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homecareassociatespa.com", true */ 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homecarpetcleaning.co.uk", true */ 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'p', 'e', 't', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "homecoming.city", true */ 'h', 'o', 'm', 'e', 'c', 'o', 'm', 'i', 'n', 'g', '.', 'c', 'i', 't', 'y', '\0',
+  /* "homefacialpro.com", true */ 'h', 'o', 'm', 'e', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "homegardeningforum.com", true */ 'h', 'o', 'm', 'e', 'g', 'a', 'r', 'd', 'e', 'n', 'i', 'n', 'g', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "homegardenresort.nl", true */ 'h', 'o', 'm', 'e', 'g', 'a', 'r', 'd', 'e', 'n', 'r', 'e', 's', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "homehuntertoronto.com", true */ 'h', 'o', 'm', 'e', 'h', 'u', 'n', 't', 'e', 'r', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "homehunting.pt", true */ 'h', 'o', 'm', 'e', 'h', 'u', 'n', 't', 'i', 'n', 'g', '.', 'p', 't', '\0',
+  /* "homeodynamics.com", true */ 'h', 'o', 'm', 'e', 'o', 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "homeofjones.net", true */ 'h', 'o', 'm', 'e', 'o', 'f', 'j', 'o', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "homeogenium.com", true */ 'h', 'o', 'm', 'e', 'o', 'g', 'e', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "homeownersinsurancenevada.com", true */ 'h', 'o', 'm', 'e', 'o', 'w', 'n', 'e', 'r', 's', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'n', 'e', 'v', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homeownersinsurancenv.com", true */ 'h', 'o', 'm', 'e', 'o', 'w', 'n', 'e', 'r', 's', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'n', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "homeprivate.de", true */ 'h', 'o', 'm', 'e', 'p', 'r', 'i', 'v', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "homeremodelingcontractorsca.com", true */ 'h', 'o', 'm', 'e', 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 'n', 'g', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', 's', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homesandal.com", true */ 'h', 'o', 'm', 'e', 's', 'a', 'n', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "homeseller.com", true */ 'h', 'o', 'm', 'e', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "homesfordinner.ca", true */ 'h', 'o', 'm', 'e', 's', 'f', 'o', 'r', 'd', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "homesteadfarm.org", true */ 'h', 'o', 'm', 'e', 's', 't', 'e', 'a', 'd', 'f', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "homewatt.co.uk", true */ 'h', 'o', 'm', 'e', 'w', 'a', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "homeyou.com", true */ 'h', 'o', 'm', 'e', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "homezhi.com.tw", true */ 'h', 'o', 'm', 'e', 'z', 'h', 'i', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "hommeatoutfaire.be", true */ 'h', 'o', 'm', 'm', 'e', 'a', 't', 'o', 'u', 't', 'f', 'a', 'i', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "homophoni.com", true */ 'h', 'o', 'm', 'o', 'p', 'h', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "hompus.nl", false */ 'h', 'o', 'm', 'p', 'u', 's', '.', 'n', 'l', '\0',
+  /* "honda-centrum.cz", true */ 'h', 'o', 'n', 'd', 'a', '-', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "hondart.cz", true */ 'h', 'o', 'n', 'd', 'a', 'r', 't', '.', 'c', 'z', '\0',
+  /* "hondenoppasfraneker.nl", true */ 'h', 'o', 'n', 'd', 'e', 'n', 'o', 'p', 'p', 'a', 's', 'f', 'r', 'a', 'n', 'e', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "honeybadger.io", false */ 'h', 'o', 'n', 'e', 'y', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "honeybeard.co.uk", true */ 'h', 'o', 'n', 'e', 'y', 'b', 'e', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "honeycome.net", true */ 'h', 'o', 'n', 'e', 'y', 'c', 'o', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "honeyhaw.com", true */ 'h', 'o', 'n', 'e', 'y', 'h', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "honeypot.net", true */ 'h', 'o', 'n', 'e', 'y', 'p', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "hong.io", true */ 'h', 'o', 'n', 'g', '.', 'i', 'o', '\0',
+  /* "honkhonk.net", true */ 'h', 'o', 'n', 'k', 'h', 'o', 'n', 'k', '.', 'n', 'e', 't', '\0',
+  /* "honkion.net", true */ 'h', 'o', 'n', 'k', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "honovere.de", true */ 'h', 'o', 'n', 'o', 'v', 'e', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "hontoir.eu", true */ 'h', 'o', 'n', 't', 'o', 'i', 'r', '.', 'e', 'u', '\0',
+  /* "hoodtrader.com", true */ 'h', 'o', 'o', 'd', 't', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hoofddorp-centraal.nl", true */ 'h', 'o', 'o', 'f', 'd', 'd', 'o', 'r', 'p', '-', 'c', 'e', 'n', 't', 'r', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "hookbin.com", true */ 'h', 'o', 'o', 'k', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hooowl.com", true */ 'h', 'o', 'o', 'o', 'w', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hoopertechnicalsolutions.com", true */ 'h', 'o', 'o', 'p', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hooray.beer", true */ 'h', 'o', 'o', 'r', 'a', 'y', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "hootworld.net", true */ 'h', 'o', 'o', 't', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "hoowhen.cn", true */ 'h', 'o', 'o', 'w', 'h', 'e', 'n', '.', 'c', 'n', '\0',
+  /* "hopconseils.ch", true */ 'h', 'o', 'p', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'c', 'h', '\0',
+  /* "hopconseils.com", true */ 'h', 'o', 'p', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hopewellproperties.co.uk", true */ 'h', 'o', 'p', 'e', 'w', 'e', 'l', 'l', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hopglass.eu", true */ 'h', 'o', 'p', 'g', 'l', 'a', 's', 's', '.', 'e', 'u', '\0',
+  /* "hopglass.net", true */ 'h', 'o', 'p', 'g', 'l', 'a', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "hoplongtech.com", true */ 'h', 'o', 'p', 'l', 'o', 'n', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hopps.me", true */ 'h', 'o', 'p', 'p', 's', '.', 'm', 'e', '\0',
+  /* "hoppyx.com", true */ 'h', 'o', 'p', 'p', 'y', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "horace.li", true */ 'h', 'o', 'r', 'a', 'c', 'e', '.', 'l', 'i', '\0',
+  /* "horaceli.com", true */ 'h', 'o', 'r', 'a', 'c', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "horackova.info", true */ 'h', 'o', 'r', 'a', 'c', 'k', 'o', 'v', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hord.ca", true */ 'h', 'o', 'r', 'd', '.', 'c', 'a', '\0',
+  /* "horeizai.net", true */ 'h', 'o', 'r', 'e', 'i', 'z', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "horisonttimedia.fi", true */ 'h', 'o', 'r', 'i', 's', 'o', 'n', 't', 't', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'f', 'i', '\0',
+  /* "horizonhomes-samui.com", true */ 'h', 'o', 'r', 'i', 'z', 'o', 'n', 'h', 'o', 'm', 'e', 's', '-', 's', 'a', 'm', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "horkel.cf", true */ 'h', 'o', 'r', 'k', 'e', 'l', '.', 'c', 'f', '\0',
+  /* "hornyforhanzo.com", true */ 'h', 'o', 'r', 'n', 'y', 'f', 'o', 'r', 'h', 'a', 'n', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "horodance.dk", true */ 'h', 'o', 'r', 'o', 'd', 'a', 'n', 'c', 'e', '.', 'd', 'k', '\0',
+  /* "horrell.ca", true */ 'h', 'o', 'r', 'r', 'e', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "horrendous-servers.com", true */ 'h', 'o', 'r', 'r', 'e', 'n', 'd', 'o', 'u', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "horror-forum.de", true */ 'h', 'o', 'r', 'r', 'o', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "horsehunter.co.uk", true */ 'h', 'o', 'r', 's', 'e', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "horstmanshof.eu", true */ 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'e', 'u', '\0',
+  /* "hory.me", true */ 'h', 'o', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "horza.org", true */ 'h', 'o', 'r', 'z', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "hoshimaq.com.br", true */ 'h', 'o', 's', 'h', 'i', 'm', 'a', 'q', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hoshimaquinas.com.br", true */ 'h', 'o', 's', 'h', 'i', 'm', 'a', 'q', 'u', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hoshinplan.com", true */ 'h', 'o', 's', 'h', 'i', 'n', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hoshisato.com", true */ 'h', 'o', 's', 'h', 'i', 's', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hosiet.me", true */ 'h', 'o', 's', 'i', 'e', 't', '.', 'm', 'e', '\0',
+  /* "hosmussynergie.nl", false */ 'h', 'o', 's', 'm', 'u', 's', 's', 'y', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "hospitalhomelottery.org", true */ 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "hostadvice.com", true */ 'h', 'o', 's', 't', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hostam.link", true */ 'h', 'o', 's', 't', 'a', 'm', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "hostarea51.com", true */ 'h', 'o', 's', 't', 'a', 'r', 'e', 'a', '5', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hostedbgp.net", true */ 'h', 'o', 's', 't', 'e', 'd', 'b', 'g', 'p', '.', 'n', 'e', 't', '\0',
+  /* "hostedcomments.com", true */ 'h', 'o', 's', 't', 'e', 'd', 'c', 'o', 'm', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hostedtalkgadget.google.com", true */ 'h', 'o', 's', 't', 'e', 'd', 't', 'a', 'l', 'k', 'g', 'a', 'd', 'g', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hostfission.com", true */ 'h', 'o', 's', 't', 'f', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hostgigz.com", true */ 'h', 'o', 's', 't', 'g', 'i', 'g', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "hostingactive.it", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'a', 'c', 't', 'i', 'v', 'e', '.', 'i', 't', '\0',
+  /* "hostingfirst.nl", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'f', 'i', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "hostinghelp.guru", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "hostinginnederland.nl", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'i', 'n', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "hostinglogin.net", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'l', 'o', 'g', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "hostingpunt.be", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'p', 'u', 'n', 't', '.', 'b', 'e', '\0',
+  /* "hostingsolutions.cz", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'z', '\0',
+  /* "hostix.de", true */ 'h', 'o', 's', 't', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "hostma.ma", true */ 'h', 'o', 's', 't', 'm', 'a', '.', 'm', 'a', '\0',
+  /* "hostme.co.il", false */ 'h', 'o', 's', 't', 'm', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "hostmijnpagina.nl", true */ 'h', 'o', 's', 't', 'm', 'i', 'j', 'n', 'p', 'a', 'g', 'i', 'n', 'a', '.', 'n', 'l', '\0',
+  /* "hostmodern.com.au", true */ 'h', 'o', 's', 't', 'm', 'o', 'd', 'e', 'r', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "hosts.cf", true */ 'h', 'o', 's', 't', 's', '.', 'c', 'f', '\0',
+  /* "hostserv.org", true */ 'h', 'o', 's', 't', 's', 'e', 'r', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "hosyaku.gr.jp", true */ 'h', 'o', 's', 'y', 'a', 'k', 'u', '.', 'g', 'r', '.', 'j', 'p', '\0',
+  /* "hot-spa.ch", true */ 'h', 'o', 't', '-', 's', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "hotcandlestick.com", true */ 'h', 'o', 't', 'c', 'a', 'n', 'd', 'l', 'e', 's', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "hotchillibox.co.za", true */ 'h', 'o', 't', 'c', 'h', 'i', 'l', 'l', 'i', 'b', 'o', 'x', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hotchillibox.com", true */ 'h', 'o', 't', 'c', 'h', 'i', 'l', 'l', 'i', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "hotel-huberhof.at", true */ 'h', 'o', 't', 'e', 'l', '-', 'h', 'u', 'b', 'e', 'r', 'h', 'o', 'f', '.', 'a', 't', '\0',
+  /* "hotel-kronjuwel.de", true */ 'h', 'o', 't', 'e', 'l', '-', 'k', 'r', 'o', 'n', 'j', 'u', 'w', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "hotel-le-vaisseau.ch", true */ 'h', 'o', 't', 'e', 'l', '-', 'l', 'e', '-', 'v', 'a', 'i', 's', 's', 'e', 'a', 'u', '.', 'c', 'h', '\0',
+  /* "hotel-pension-sonnalp.eu", true */ 'h', 'o', 't', 'e', 'l', '-', 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 's', 'o', 'n', 'n', 'a', 'l', 'p', '.', 'e', 'u', '\0',
+  /* "hotel-rosner.at", true */ 'h', 'o', 't', 'e', 'l', '-', 'r', 'o', 's', 'n', 'e', 'r', '.', 'a', 't', '\0',
+  /* "hotelflow.com.br", true */ 'h', 'o', 't', 'e', 'l', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hotelident.de", true */ 'h', 'o', 't', 'e', 'l', 'i', 'd', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "hotelmap.com", true */ 'h', 'o', 't', 'e', 'l', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hotelsinformer.com", true */ 'h', 'o', 't', 'e', 'l', 's', 'i', 'n', 'f', 'o', 'r', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hotelvalena.com", true */ 'h', 'o', 't', 'e', 'l', 'v', 'a', 'l', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hothbricks.com", true */ 'h', 'o', 't', 'h', 'b', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hotnewhiphop.com", true */ 'h', 'o', 't', 'n', 'e', 'w', 'h', 'i', 'p', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hoto.us", true */ 'h', 'o', 't', 'o', '.', 'u', 's', '\0',
+  /* "hoton.in", true */ 'h', 'o', 't', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "hotornot.com", true */ 'h', 'o', 't', 'o', 'r', 'n', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hotplate.co.nz", true */ 'h', 'o', 't', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "hotplug.gr", true */ 'h', 'o', 't', 'p', 'l', 'u', 'g', '.', 'g', 'r', '\0',
+  /* "hotpoint-training.com", true */ 'h', 'o', 't', 'p', 'o', 'i', 'n', 't', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hottaro.com", true */ 'h', 'o', 't', 't', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hottestwebcamgirls.org", true */ 'h', 'o', 't', 't', 'e', 's', 't', 'w', 'e', 'b', 'c', 'a', 'm', 'g', 'i', 'r', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hottheme.net", true */ 'h', 'o', 't', 't', 'h', 'e', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hotting.nl", true */ 'h', 'o', 't', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hottubhirenewcastle.co.uk", true */ 'h', 'o', 't', 't', 'u', 'b', 'h', 'i', 'r', 'e', 'n', 'e', 'w', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hottubspasnewcastle.co.uk", true */ 'h', 'o', 't', 't', 'u', 'b', 's', 'p', 'a', 's', 'n', 'e', 'w', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "houdremont-la-courneuve.info", true */ 'h', 'o', 'u', 'd', 'r', 'e', 'm', 'o', 'n', 't', '-', 'l', 'a', '-', 'c', 'o', 'u', 'r', 'n', 'e', 'u', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "houraiteahouse.net", true */ 'h', 'o', 'u', 'r', 'a', 'i', 't', 'e', 'a', 'h', 'o', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "house-of-japan.co.jp", true */ 'h', 'o', 'u', 's', 'e', '-', 'o', 'f', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "house-sparrow.com", true */ 'h', 'o', 'u', 's', 'e', '-', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "houseboydesigns.com", true */ 'h', 'o', 'u', 's', 'e', 'b', 'o', 'y', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "houseinvestor.com", true */ 'h', 'o', 'u', 's', 'e', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "houser.lu", true */ 'h', 'o', 'u', 's', 'e', 'r', '.', 'l', 'u', '\0',
+  /* "housetalk.ru", true */ 'h', 'o', 'u', 's', 'e', 't', 'a', 'l', 'k', '.', 'r', 'u', '\0',
+  /* "houstonapartmentinsiders.com", true */ 'h', 'o', 'u', 's', 't', 'o', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'i', 'n', 's', 'i', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "houstoncreditlaw.com", true */ 'h', 'o', 'u', 's', 't', 'o', 'n', 'c', 'r', 'e', 'd', 'i', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "houtinee.com", true */ 'h', 'o', 'u', 't', 'i', 'n', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "how2fsbo.com", true */ 'h', 'o', 'w', '2', 'f', 's', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "how2play.pl", true */ 'h', 'o', 'w', '2', 'p', 'l', 'a', 'y', '.', 'p', 'l', '\0',
+  /* "howa-n.net", true */ 'h', 'o', 'w', 'a', '-', 'n', '.', 'n', 'e', 't', '\0',
+  /* "howardwatts.co.uk", true */ 'h', 'o', 'w', 'a', 'r', 'd', 'w', 'a', 't', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "howbehealthy.com", true */ 'h', 'o', 'w', 'b', 'e', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "howbigismybuilding.com", true */ 'h', 'o', 'w', 'b', 'i', 'g', 'i', 's', 'm', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "howlongtobeatsteam.com", true */ 'h', 'o', 'w', 'l', 'o', 'n', 'g', 't', 'o', 'b', 'e', 'a', 't', 's', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "howmanymilesfrom.com", true */ 'h', 'o', 'w', 'm', 'a', 'n', 'y', 'm', 'i', 'l', 'e', 's', 'f', 'r', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "howsecureismypassword.net", true */ 'h', 'o', 'w', 's', 'e', 'c', 'u', 'r', 'e', 'i', 's', 'm', 'y', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "howsmyssl.com", true */ 'h', 'o', 'w', 's', 'm', 'y', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "howsmytls.com", true */ 'h', 'o', 'w', 's', 'm', 'y', 't', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "howsyourhealth.org", true */ 'h', 'o', 'w', 's', 'y', 'o', 'u', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "howtofreelance.com", true */ 'h', 'o', 'w', 't', 'o', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "howtogeek.com", true */ 'h', 'o', 'w', 't', 'o', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "howtogeekpro.com", true */ 'h', 'o', 'w', 't', 'o', 'g', 'e', 'e', 'k', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "howtogosolar.org", true */ 'h', 'o', 'w', 't', 'o', 'g', 'o', 's', 'o', 'l', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "howtolaser.com", true */ 'h', 'o', 'w', 't', 'o', 'l', 'a', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hozana.si", false */ 'h', 'o', 'z', 'a', 'n', 'a', '.', 's', 'i', '\0',
+  /* "hp42.de", true */ 'h', 'p', '4', '2', '.', 'd', 'e', '\0',
+  /* "hpac-portal.com", true */ 'h', 'p', 'a', 'c', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hpbn.co", true */ 'h', 'p', 'b', 'n', '.', 'c', 'o', '\0',
+  /* "hpctecnologias.com", true */ 'h', 'p', 'c', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hpeditor.tk", true */ 'h', 'p', 'e', 'd', 'i', 't', 'o', 'r', '.', 't', 'k', '\0',
+  /* "hpisavageforum.com", true */ 'h', 'p', 'i', 's', 'a', 'v', 'a', 'g', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hpkp-faq.de", true */ 'h', 'p', 'k', 'p', '-', 'f', 'a', 'q', '.', 'd', 'e', '\0',
+  /* "hpnow.com.br", true */ 'h', 'p', 'n', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hqq.tv", true */ 'h', 'q', 'q', '.', 't', 'v', '\0',
+  /* "hqwebhosting.tk", false */ 'h', 'q', 'w', 'e', 'b', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 't', 'k', '\0',
+  /* "hr98.xyz", true */ 'h', 'r', '9', '8', '.', 'x', 'y', 'z', '\0',
+  /* "hrabogados.com", true */ 'h', 'r', 'a', 'b', 'o', 'g', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hraesvelg.net", true */ 'h', 'r', 'a', 'e', 's', 'v', 'e', 'l', 'g', '.', 'n', 'e', 't', '\0',
+  /* "hranicka.cz", true */ 'h', 'r', 'a', 'n', 'i', 'c', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "hrbatypes.cz", true */ 'h', 'r', 'b', 'a', 't', 'y', 'p', 'e', 's', '.', 'c', 'z', '\0',
+  /* "hrdns.de", false */ 'h', 'r', 'd', 'n', 's', '.', 'd', 'e', '\0',
+  /* "href.one", true */ 'h', 'r', 'e', 'f', '.', 'o', 'n', 'e', '\0',
+  /* "hreflang.info", true */ 'h', 'r', 'e', 'f', 'l', 'a', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hrfhomelottery.com", true */ 'h', 'r', 'f', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hrjfeedstock.com", true */ 'h', 'r', 'j', 'f', 'e', 'e', 'd', 's', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "hrjfeedstock.org", true */ 'h', 'r', 'j', 'f', 'e', 'e', 'd', 's', 't', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "hrndz.io", true */ 'h', 'r', 'n', 'd', 'z', '.', 'i', 'o', '\0',
+  /* "hrobert.hu", true */ 'h', 'r', 'o', 'b', 'e', 'r', 't', '.', 'h', 'u', '\0',
+  /* "hroling.nl", true */ 'h', 'r', 'o', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hroschyk.cz", true */ 'h', 'r', 'o', 's', 'c', 'h', 'y', 'k', '.', 'c', 'z', '\0',
+  /* "hrtraining.com.au", true */ 'h', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "hs-arbeitsschutz.de", true */ 'h', 's', '-', 'a', 'r', 'b', 'e', 'i', 't', 's', 's', 'c', 'h', 'u', 't', 'z', '.', 'd', 'e', '\0',
+  /* "hs-group.net", true */ 'h', 's', '-', 'g', 'r', 'o', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "hscorp.de", true */ 'h', 's', 'c', 'o', 'r', 'p', '.', 'd', 'e', '\0',
+  /* "hsivonen.com", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hsivonen.fi", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "hsivonen.iki.fi", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'i', 'k', 'i', '.', 'f', 'i', '\0',
+  /* "hsmr.cc", true */ 'h', 's', 'm', 'r', '.', 'c', 'c', '\0',
+  /* "hsr.gov", false */ 'h', 's', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "hsts-preload-test.xyz", true */ 'h', 's', 't', 's', '-', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '-', 't', 'e', 's', 't', '.', 'x', 'y', 'z', '\0',
+  /* "hsts.eu", true */ 'h', 's', 't', 's', '.', 'e', 'u', '\0',
+  /* "hstsfail.appspot.com", true */ 'h', 's', 't', 's', 'f', 'a', 'i', 'l', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hstspreload.appspot.com", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hstspreload.com", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hstspreload.org", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "hszemi.de", true */ 'h', 's', 'z', 'e', 'm', 'i', '.', 'd', 'e', '\0',
+  /* "htaccessbook.com", true */ 'h', 't', 'a', 'c', 'c', 'e', 's', 's', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "htaps.com", true */ 'h', 't', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hte.ovh", true */ 'h', 't', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "htlball.at", true */ 'h', 't', 'l', 'b', 'a', 'l', 'l', '.', 'a', 't', '\0',
+  /* "html5.org", true */ 'h', 't', 'm', 'l', '5', '.', 'o', 'r', 'g', '\0',
+  /* "html5media.info", true */ 'h', 't', 'm', 'l', '5', 'm', 'e', 'd', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "htmlacademy.ru", true */ 'h', 't', 'm', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'r', 'u', '\0',
+  /* "htmlvalidator.com", true */ 'h', 't', 'm', 'l', 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "htmlyse.com", true */ 'h', 't', 'm', 'l', 'y', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "htmue.net", true */ 'h', 't', 'm', 'u', 'e', '.', 'n', 'e', 't', '\0',
+  /* "htmue.org", true */ 'h', 't', 'm', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "htsure.ma", true */ 'h', 't', 's', 'u', 'r', 'e', '.', 'm', 'a', '\0',
+  /* "http2.eu", true */ 'h', 't', 't', 'p', '2', '.', 'e', 'u', '\0',
+  /* "http2.pro", true */ 'h', 't', 't', 'p', '2', '.', 'p', 'r', 'o', '\0',
+  /* "https.jetzt", true */ 'h', 't', 't', 'p', 's', '.', 'j', 'e', 't', 'z', 't', '\0',
+  /* "https4all.org", true */ 'h', 't', 't', 'p', 's', '4', 'a', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "httpsecured.net", true */ 'h', 't', 't', 'p', 's', 'e', 'c', 'u', 'r', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "httpsecurityreport.com", true */ 'h', 't', 't', 'p', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'r', 'e', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "httpsnow.com", true */ 'h', 't', 't', 'p', 's', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "httpsnow.org", true */ 'h', 't', 't', 'p', 's', 'n', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "httpswatch.ca", true */ 'h', 't', 't', 'p', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "httpswatch.com", true */ 'h', 't', 't', 'p', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "httptest.net", true */ 'h', 't', 't', 'p', 't', 'e', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "hu.search.yahoo.com", false */ 'h', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hua-in.com", true */ 'h', 'u', 'a', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "huagati.com", true */ 'h', 'u', 'a', 'g', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "huahinpropertylisting.com", true */ 'h', 'u', 'a', 'h', 'i', 'n', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'l', 'i', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "huang.nu", true */ 'h', 'u', 'a', 'n', 'g', '.', 'n', 'u', '\0',
+  /* "huangguancq.com", true */ 'h', 'u', 'a', 'n', 'g', 'g', 'u', 'a', 'n', 'c', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "huangjingjing.com", true */ 'h', 'u', 'a', 'n', 'g', 'j', 'i', 'n', 'g', 'j', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "huangzenghao.cn", true */ 'h', 'u', 'a', 'n', 'g', 'z', 'e', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'n', '\0',
+  /* "huangzenghao.com", true */ 'h', 'u', 'a', 'n', 'g', 'z', 'e', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "huaxueba.com", true */ 'h', 'u', 'a', 'x', 'u', 'e', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hub385.com", true */ 'h', 'u', 'b', '3', '8', '5', '.', 'c', 'o', 'm', '\0',
+  /* "huberulrich.de", true */ 'h', 'u', 'b', 'e', 'r', 'u', 'l', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "hubok.net", true */ 'h', 'u', 'b', 'o', 'k', '.', 'n', 'e', 't', '\0',
+  /* "huchet.me", true */ 'h', 'u', 'c', 'h', 'e', 't', '.', 'm', 'e', '\0',
+  /* "hudhaifahgoga.co.za", true */ 'h', 'u', 'd', 'h', 'a', 'i', 'f', 'a', 'h', 'g', 'o', 'g', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hudingyuan.cn", true */ 'h', 'u', 'd', 'i', 'n', 'g', 'y', 'u', 'a', 'n', '.', 'c', 'n', '\0',
+  /* "hudrydum.cz", true */ 'h', 'u', 'd', 'r', 'y', 'd', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "huduser.gov", true */ 'h', 'u', 'd', 'u', 's', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "huendeleskopfhuette.de", true */ 'h', 'u', 'e', 'n', 'd', 'e', 'l', 'e', 's', 'k', 'o', 'p', 'f', 'h', 'u', 'e', 't', 't', 'e', '.', 'd', 'e', '\0',
+  /* "huersch.com", true */ 'h', 'u', 'e', 'r', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "huffduffer.com", true */ 'h', 'u', 'f', 'f', 'd', 'u', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hughtodd.ink", true */ 'h', 'u', 'g', 'h', 't', 'o', 'd', 'd', '.', 'i', 'n', 'k', '\0',
+  /* "hugi.is", true */ 'h', 'u', 'g', 'i', '.', 'i', 's', '\0',
+  /* "huglen.info", true */ 'h', 'u', 'g', 'l', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hugofs.com", true */ 'h', 'u', 'g', 'o', 'f', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hugolynx.fr", true */ 'h', 'u', 'g', 'o', 'l', 'y', 'n', 'x', '.', 'f', 'r', '\0',
+  /* "huguesblanchard.paris", true */ 'h', 'u', 'g', 'u', 'e', 's', 'b', 'l', 'a', 'n', 'c', 'h', 'a', 'r', 'd', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "huguesditciles.com", true */ 'h', 'u', 'g', 'u', 'e', 's', 'd', 'i', 't', 'c', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huihui.moe", true */ 'h', 'u', 'i', 'h', 'u', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "huirongis.me", true */ 'h', 'u', 'i', 'r', 'o', 'n', 'g', 'i', 's', '.', 'm', 'e', '\0',
+  /* "huislaw.com", true */ 'h', 'u', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "huissier-vosges.com", true */ 'h', 'u', 'i', 's', 's', 'i', 'e', 'r', '-', 'v', 'o', 's', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huitaodang.com", true */ 'h', 'u', 'i', 't', 'a', 'o', 'd', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hukaloh.com", true */ 'h', 'u', 'k', 'a', 'l', 'o', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hukutuu.com", true */ 'h', 'u', 'k', 'u', 't', 'u', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hulet.tech", true */ 'h', 'u', 'l', 'e', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "hulldevs.net", true */ 'h', 'u', 'l', 'l', 'd', 'e', 'v', 's', '.', 'n', 'e', 't', '\0',
+  /* "hulpbijmarketing.nl", true */ 'h', 'u', 'l', 'p', 'b', 'i', 'j', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hulsoft.co.uk", true */ 'h', 'u', 'l', 's', 'o', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "human-clone.com", true */ 'h', 'u', 'm', 'a', 'n', '-', 'c', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "humanenrich.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 'n', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "humanesources.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "humanexperiments.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 'x', 'p', 'e', 'r', 'i', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "humanity.com", true */ 'h', 'u', 'm', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "humans.io", true */ 'h', 'u', 'm', 'a', 'n', 's', '.', 'i', 'o', '\0',
+  /* "humanzee.com", true */ 'h', 'u', 'm', 'a', 'n', 'z', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "humblebee.at", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'a', 't', '\0',
+  /* "humblebee.be", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'b', 'e', '\0',
+  /* "humblebee.co.in", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "humblebee.com.ph", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "humblebee.cz", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'z', '\0',
+  /* "humblebee.dk", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'd', 'k', '\0',
+  /* "humblebee.es", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'e', 's', '\0',
+  /* "humblebee.eu", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'e', 'u', '\0',
+  /* "humblebee.foundation", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "humblebee.fr", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'f', 'r', '\0',
+  /* "humblebee.gr", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'g', 'r', '\0',
+  /* "humblebee.ie", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'i', 'e', '\0',
+  /* "humblebee.it", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'i', 't', '\0',
+  /* "humblebee.me.uk", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "humblebee.nz", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'n', 'z', '\0',
+  /* "humblebee.pl", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'p', 'l', '\0',
+  /* "humblebee.us", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'u', 's', '\0',
+  /* "humblebeeshop.ca", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', 's', 'h', 'o', 'p', '.', 'c', 'a', '\0',
+  /* "humblebeeshop.com.au", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "hummy.tv", true */ 'h', 'u', 'm', 'm', 'y', '.', 't', 'v', '\0',
+  /* "humpen.se", true */ 'h', 'u', 'm', 'p', 'e', 'n', '.', 's', 'e', '\0',
+  /* "hund.io", true */ 'h', 'u', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "hundeformel.de", true */ 'h', 'u', 'n', 'd', 'e', 'f', 'o', 'r', 'm', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "hundter.com", true */ 'h', 'u', 'n', 'd', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hunter.io", true */ 'h', 'u', 'n', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "huntingdonbouncers.co.uk", true */ 'h', 'u', 'n', 't', 'i', 'n', 'g', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "huntingdonlifesciences.com", true */ 'h', 'u', 'n', 't', 'i', 'n', 'g', 'd', 'o', 'n', 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huongquynh.com", true */ 'h', 'u', 'o', 'n', 'g', 'q', 'u', 'y', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hup.hu", true */ 'h', 'u', 'p', '.', 'h', 'u', '\0',
+  /* "hupp.se", true */ 'h', 'u', 'p', 'p', '.', 's', 'e', '\0',
+  /* "hurd.is", true */ 'h', 'u', 'r', 'd', '.', 'i', 's', '\0',
+  /* "huren.nl", true */ 'h', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "huroji.com", true */ 'h', 'u', 'r', 'o', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "hurricanelabs.com", false */ 'h', 'u', 'r', 'r', 'i', 'c', 'a', 'n', 'e', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "husakbau.at", true */ 'h', 'u', 's', 'a', 'k', 'b', 'a', 'u', '.', 'a', 't', '\0',
+  /* "hushfile.it", true */ 'h', 'u', 's', 'h', 'f', 'i', 'l', 'e', '.', 'i', 't', '\0',
+  /* "husic.net", true */ 'h', 'u', 's', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "husky.xyz", true */ 'h', 'u', 's', 'k', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "huskyduvercors.com", true */ 'h', 'u', 's', 'k', 'y', 'd', 'u', 'v', 'e', 'r', 'c', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huskyinc.us", true */ 'h', 'u', 's', 'k', 'y', 'i', 'n', 'c', '.', 'u', 's', '\0',
+  /* "hussam.eu.org", true */ 'h', 'u', 's', 's', 'a', 'm', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "hustlehope.com", true */ 'h', 'u', 's', 't', 'l', 'e', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hustunique.com", true */ 'h', 'u', 's', 't', 'u', 'n', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "huto.ml", true */ 'h', 'u', 't', 'o', '.', 'm', 'l', '\0',
+  /* "huutonauru.net", true */ 'h', 'u', 'u', 't', 'o', 'n', 'a', 'u', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "huwcbjones.co.uk", true */ 'h', 'u', 'w', 'c', 'b', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "huwcbjones.uk", true */ 'h', 'u', 'w', 'c', 'b', 'j', 'o', 'n', 'e', 's', '.', 'u', 'k', '\0',
+  /* "huxley.net", true */ 'h', 'u', 'x', 'l', 'e', 'y', '.', 'n', 'e', 't', '\0',
+  /* "hvdbox.de", true */ 'h', 'v', 'd', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "hverdagogkink.no", true */ 'h', 'v', 'e', 'r', 'd', 'a', 'g', 'o', 'g', 'k', 'i', 'n', 'k', '.', 'n', 'o', '\0',
+  /* "hvh.no", true */ 'h', 'v', 'h', '.', 'n', 'o', '\0',
+  /* "hvtuananh.com", true */ 'h', 'v', 't', 'u', 'a', 'n', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hwaddress.com", true */ 'h', 'w', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hwag-pb.de", true */ 'h', 'w', 'a', 'g', '-', 'p', 'b', '.', 'd', 'e', '\0',
+  /* "hwcine.com", true */ 'h', 'w', 'c', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hwinfo.com", true */ 'h', 'w', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hwpkasse.de", true */ 'h', 'w', 'p', 'k', 'a', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "hx53.de", true */ 'h', 'x', '5', '3', '.', 'd', 'e', '\0',
+  /* "hxying.com", true */ 'h', 'x', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hybridiyhdistys.fi", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'i', 'y', 'h', 'd', 'i', 's', 't', 'y', 's', '.', 'f', 'i', '\0',
+  /* "hybridklubben.fi", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'k', 'l', 'u', 'b', 'b', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "hybridworx.com", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "hybridworx.de", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'd', 'e', '\0',
+  /* "hybridworx.eu", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'e', 'u', '\0',
+  /* "hybridworx.net", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "hybridworx.org", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "hycken.com", true */ 'h', 'y', 'c', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hyckenberg.com", true */ 'h', 'y', 'c', 'k', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hyderabadonlinegifts.com", true */ 'h', 'y', 'd', 'e', 'r', 'a', 'b', 'a', 'd', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hydra.zone", true */ 'h', 'y', 'd', 'r', 'a', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "hydrasolutions.de", true */ 'h', 'y', 'd', 'r', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "hydroagro.pl", true */ 'h', 'y', 'd', 'r', 'o', 'a', 'g', 'r', 'o', '.', 'p', 'l', '\0',
+  /* "hydrocloud.net", true */ 'h', 'y', 'd', 'r', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "hydronyx.me", true */ 'h', 'y', 'd', 'r', 'o', 'n', 'y', 'x', '.', 'm', 'e', '\0',
+  /* "hydroturbine.info", true */ 'h', 'y', 'd', 'r', 'o', 't', 'u', 'r', 'b', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hydrozone.fr", true */ 'h', 'y', 'd', 'r', 'o', 'z', 'o', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "hyeok.org", true */ 'h', 'y', 'e', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "hygo.com", true */ 'h', 'y', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hyk.me", true */ 'h', 'y', 'k', '.', 'm', 'e', '\0',
+  /* "hylians.com", true */ 'h', 'y', 'l', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hymerscollege.co.uk", true */ 'h', 'y', 'm', 'e', 'r', 's', 'c', 'o', 'l', 'l', 'e', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hynek.me", true */ 'h', 'y', 'n', 'e', 'k', '.', 'm', 'e', '\0',
+  /* "hype.ru", true */ 'h', 'y', 'p', 'e', '.', 'r', 'u', '\0',
+  /* "hypemgmt.com", true */ 'h', 'y', 'p', 'e', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hyper-matrix.org", true */ 'h', 'y', 'p', 'e', 'r', '-', 'm', 'a', 't', 'r', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "hyper-text.org", true */ 'h', 'y', 'p', 'e', 'r', '-', 't', 'e', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "hyperalgesia.com", true */ 'h', 'y', 'p', 'e', 'r', 'a', 'l', 'g', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hyperbolic-mayonnaise-interceptor.ovh", true */ 'h', 'y', 'p', 'e', 'r', 'b', 'o', 'l', 'i', 'c', '-', 'm', 'a', 'y', 'o', 'n', 'n', 'a', 'i', 's', 'e', '-', 'i', 'n', 't', 'e', 'r', 'c', 'e', 'p', 't', 'o', 'r', '.', 'o', 'v', 'h', '\0',
+  /* "hyperion.io", true */ 'h', 'y', 'p', 'e', 'r', 'i', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "hyperreal.biz", true */ 'h', 'y', 'p', 'e', 'r', 'r', 'e', 'a', 'l', '.', 'b', 'i', 'z', '\0',
+  /* "hyperreal.info", true */ 'h', 'y', 'p', 'e', 'r', 'r', 'e', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hypersomnia.com", true */ 'h', 'y', 'p', 'e', 'r', 's', 'o', 'm', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hyperthymia.com", true */ 'h', 'y', 'p', 'e', 'r', 't', 'h', 'y', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hyphen.co.za", true */ 'h', 'y', 'p', 'h', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hyphenpda.co.za", true */ 'h', 'y', 'p', 'h', 'e', 'n', 'p', 'd', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hypotecnicentrum.cz", true */ 'h', 'y', 'p', 'o', 't', 'e', 'c', 'n', 'i', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "hypothecairelening.net", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 'c', 'a', 'i', 'r', 'e', 'l', 'e', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "hypotheekbond.nl", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 'e', 'k', 'b', 'o', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "hypothes.is", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 's', '.', 'i', 's', '\0',
+  /* "hypothyroidmom.com", true */ 'h', 'y', 'p', 'o', 't', 'h', 'y', 'r', 'o', 'i', 'd', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hyvinvointineuvoja.fi", true */ 'h', 'y', 'v', 'i', 'n', 'v', 'o', 'i', 'n', 't', 'i', 'n', 'e', 'u', 'v', 'o', 'j', 'a', '.', 'f', 'i', '\0',
+  /* "i--b.com", true */ 'i', '-', '-', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "i-geld.de", true */ 'i', '-', 'g', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "i-hakul.net", true */ 'i', '-', 'h', 'a', 'k', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "i-meto.com", true */ 'i', '-', 'm', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "i-proswiss.com", true */ 'i', '-', 'p', 'r', 'o', 's', 'w', 'i', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "i-red.info", true */ 'i', '-', 'r', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "i-stats.net", true */ 'i', '-', 's', 't', 'a', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "i-stuff.site", true */ 'i', '-', 's', 't', 'u', 'f', 'f', '.', 's', 'i', 't', 'e', '\0',
+  /* "i-verbi.it", true */ 'i', '-', 'v', 'e', 'r', 'b', 'i', '.', 'i', 't', '\0',
+  /* "i1314.gdn", true */ 'i', '1', '3', '1', '4', '.', 'g', 'd', 'n', '\0',
+  /* "i1place.com", true */ 'i', '1', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "i28s.com", true */ 'i', '2', '8', 's', '.', 'c', 'o', 'm', '\0',
+  /* "i496.eu", true */ 'i', '4', '9', '6', '.', 'e', 'u', '\0',
+  /* "i4m1k0su.com", true */ 'i', '4', 'm', '1', 'k', '0', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "i5y.co.uk", true */ 'i', '5', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "i879.com", true */ 'i', '8', '7', '9', '.', 'c', 'o', 'm', '\0',
+  /* "i95.me", false */ 'i', '9', '5', '.', 'm', 'e', '\0',
+  /* "iaco.li", true */ 'i', 'a', 'c', 'o', '.', 'l', 'i', '\0',
+  /* "iactu.info", true */ 'i', 'a', 'c', 't', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "iaeste.no", true */ 'i', 'a', 'e', 's', 't', 'e', '.', 'n', 'o', '\0',
+  /* "iaeste.or.jp", true */ 'i', 'a', 'e', 's', 't', 'e', '.', 'o', 'r', '.', 'j', 'p', '\0',
+  /* "iainsimms.me", true */ 'i', 'a', 'i', 'n', 's', 'i', 'm', 'm', 's', '.', 'm', 'e', '\0',
+  /* "ialis.me", true */ 'i', 'a', 'l', 'i', 's', '.', 'm', 'e', '\0',
+  /* "iamcarrico.com", true */ 'i', 'a', 'm', 'c', 'a', 'r', 'r', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "iamsoareyou.se", true */ 'i', 'a', 'm', 's', 'o', 'a', 'r', 'e', 'y', 'o', 'u', '.', 's', 'e', '\0',
+  /* "iamtheib.me", true */ 'i', 'a', 'm', 't', 'h', 'e', 'i', 'b', '.', 'm', 'e', '\0',
+  /* "iamusingtheinter.net", true */ 'i', 'a', 'm', 'u', 's', 'i', 'n', 'g', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "iamwoodbeard.com", true */ 'i', 'a', 'm', 'w', 'o', 'o', 'd', 'b', 'e', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ian.sh", true */ 'i', 'a', 'n', '.', 's', 'h', '\0',
+  /* "iandouglasscott.com", true */ 'i', 'a', 'n', 'd', 'o', 'u', 'g', 'l', 'a', 's', 's', 'c', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ianix.com", true */ 'i', 'a', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "iavian.com", true */ 'i', 'a', 'v', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ib-wedler.de", false */ 'i', 'b', '-', 'w', 'e', 'd', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "iba.community", true */ 'i', 'b', 'a', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "ibacktraced.it", true */ 'i', 'b', 'a', 'c', 'k', 't', 'r', 'a', 'c', 'e', 'd', '.', 'i', 't', '\0',
+  /* "ibcmed.org", true */ 'i', 'b', 'c', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "iberiaversicherungen.com", true */ 'i', 'b', 'e', 'r', 'i', 'a', 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ibexcore.com", true */ 'i', 'b', 'e', 'x', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ibin.co", true */ 'i', 'b', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "ibiz.mk", true */ 'i', 'b', 'i', 'z', '.', 'm', 'k', '\0',
+  /* "ibizatopcharter.com", true */ 'i', 'b', 'i', 'z', 'a', 't', 'o', 'p', 'c', 'h', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ibnw.de", true */ 'i', 'b', 'n', 'w', '.', 'd', 'e', '\0',
+  /* "ibox.ovh", true */ 'i', 'b', 'o', 'x', '.', 'o', 'v', 'h', '\0',
+  /* "ibps.blog", true */ 'i', 'b', 'p', 's', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "ibpsrecruitment.co.in", true */ 'i', 'b', 'p', 's', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "ibrainmedicine.org", true */ 'i', 'b', 'r', 'a', 'i', 'n', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ibrom.eu", true */ 'i', 'b', 'r', 'o', 'm', '.', 'e', 'u', '\0',
+  /* "ibron.co", false */ 'i', 'b', 'r', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "ibsafrica.co.za", true */ 'i', 'b', 's', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ibsglobal.co.za", true */ 'i', 'b', 's', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ibwc.gov", true */ 'i', 'b', 'w', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "ic-lighting.com.au", true */ 'i', 'c', '-', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ic3.gov", true */ 'i', 'c', '3', '.', 'g', 'o', 'v', '\0',
+  /* "icafecash.com", true */ 'i', 'c', 'a', 'f', 'e', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "icanhasht.ml", true */ 'i', 'c', 'a', 'n', 'h', 'a', 's', 'h', 't', '.', 'm', 'l', '\0',
+  /* "icarlos.net", true */ 'i', 'c', 'a', 'r', 'l', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "icasnetwork.com", true */ 'i', 'c', 'a', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "icbemp.gov", true */ 'i', 'c', 'b', 'e', 'm', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "iccpublisher.com", true */ 'i', 'c', 'c', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "icebat.dyndns.org", true */ 'i', 'c', 'e', 'b', 'a', 't', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "iceberg.academy", true */ 'i', 'c', 'e', 'b', 'e', 'r', 'g', '.', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '\0',
+  /* "icebound.win", true */ 'i', 'c', 'e', 'b', 'o', 'u', 'n', 'd', '.', 'w', 'i', 'n', '\0',
+  /* "icecars.net", true */ 'i', 'c', 'e', 'c', 'a', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "ich-tanke.de", true */ 'i', 'c', 'h', '-', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "ichasco.com", true */ 'i', 'c', 'h', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ichbinkeinreh.de", true */ 'i', 'c', 'h', 'b', 'i', 'n', 'k', 'e', 'i', 'n', 'r', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "ichmachdas.net", true */ 'i', 'c', 'h', 'm', 'a', 'c', 'h', 'd', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "ichronos.net", true */ 'i', 'c', 'h', 'r', 'o', 'n', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "iclinic.ua", true */ 'i', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'u', 'a', '\0',
+  /* "icmhd.ch", true */ 'i', 'c', 'm', 'h', 'd', '.', 'c', 'h', '\0',
+  /* "icmp2018.org", true */ 'i', 'c', 'm', 'p', '2', '0', '1', '8', '.', 'o', 'r', 'g', '\0',
+  /* "icodeconnect.com", true */ 'i', 'c', 'o', 'd', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "icondoom.nl", true */ 'i', 'c', 'o', 'n', 'd', 'o', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "iconomi.net", true */ 'i', 'c', 'o', 'n', 'o', 'm', 'i', '.', 'n', 'e', 't', '\0',
+  /* "icpc.pp.ua", true */ 'i', 'c', 'p', 'c', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "icpc2016.in.th", true */ 'i', 'c', 'p', 'c', '2', '0', '1', '6', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "icq-project.net", true */ 'i', 'c', 'q', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "icsadviseurs.nl", true */ 'i', 'c', 's', 'a', 'd', 'v', 'i', 's', 'e', 'u', 'r', 's', '.', 'n', 'l', '\0',
+  /* "icsfinomornasco.gov.it", true */ 'i', 'c', 's', 'f', 'i', 'n', 'o', 'm', 'o', 'r', 'n', 'a', 's', 'c', 'o', '.', 'g', 'o', 'v', '.', 'i', 't', '\0',
+  /* "icsfinomornasco.it", true */ 'i', 'c', 's', 'f', 'i', 'n', 'o', 'm', 'o', 'r', 'n', 'a', 's', 'c', 'o', '.', 'i', 't', '\0',
+  /* "ict-concept.nl", false */ 'i', 'c', 't', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'n', 'l', '\0',
+  /* "ict-crew.nl", true */ 'i', 'c', 't', '-', 'c', 'r', 'e', 'w', '.', 'n', 'l', '\0',
+  /* "ict-radar.com", true */ 'i', 'c', 't', '-', 'r', 'a', 'd', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ict-radar.nl", true */ 'i', 'c', 't', '-', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "ictcareer.ch", true */ 'i', 'c', 't', 'c', 'a', 'r', 'e', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "ictinforensics.org", true */ 'i', 'c', 't', 'i', 'n', 'f', 'o', 'r', 'e', 'n', 's', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ictl.eu", true */ 'i', 'c', 't', 'l', '.', 'e', 'u', '\0',
+  /* "ictradar.com", true */ 'i', 'c', 't', 'r', 'a', 'd', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "icyapril.com", true */ 'i', 'c', 'y', 'a', 'p', 'r', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "icymint.me", true */ 'i', 'c', 'y', 'm', 'i', 'n', 't', '.', 'm', 'e', '\0',
+  /* "icys2017.com", true */ 'i', 'c', 'y', 's', '2', '0', '1', '7', '.', 'c', 'o', 'm', '\0',
+  /* "iczc.cz", true */ 'i', 'c', 'z', 'c', '.', 'c', 'z', '\0',
+  /* "id-blog.ch", true */ 'i', 'd', '-', 'b', 'l', 'o', 'g', '.', 'c', 'h', '\0',
+  /* "id.atlassian.com", true */ 'i', 'd', '.', 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "id.mayfirst.org", false */ 'i', 'd', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "id.search.yahoo.com", false */ 'i', 'd', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "id0-rsa.pub", true */ 'i', 'd', '0', '-', 'r', 's', 'a', '.', 'p', 'u', 'b', '\0',
+  /* "id7.fr", true */ 'i', 'd', '7', '.', 'f', 'r', '\0',
+  /* "idaeus.eu", true */ 'i', 'd', 'a', 'e', 'u', 's', '.', 'e', 'u', '\0',
+  /* "idahoansforliberty.net", true */ 'i', 'd', 'a', 'h', 'o', 'a', 'n', 's', 'f', 'o', 'r', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "idaspis.com", true */ 'i', 'd', 'a', 's', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "idatha.de", true */ 'i', 'd', 'a', 't', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "idc-business.be", true */ 'i', 'd', 'c', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'b', 'e', '\0',
+  /* "idconsult.nl", true */ 'i', 'd', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'n', 'l', '\0',
+  /* "iddconnect.com", true */ 'i', 'd', 'd', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iddconnect.org", true */ 'i', 'd', 'd', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "idealinflatablehire.co.uk", true */ 'i', 'd', 'e', 'a', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "idealtruss.com", true */ 'i', 'd', 'e', 'a', 'l', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "idealtruss.com.tw", true */ 'i', 'd', 'e', 'a', 'l', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "idealwhite.space", true */ 'i', 'd', 'e', 'a', 'l', 'w', 'h', 'i', 't', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "ideashop.com", true */ 'i', 'd', 'e', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ideaweb.de", true */ 'i', 'd', 'e', 'a', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "ideaweblab.com", false */ 'i', 'd', 'e', 'a', 'w', 'e', 'b', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "idensys.nl", true */ 'i', 'd', 'e', 'n', 's', 'y', 's', '.', 'n', 'l', '\0',
+  /* "identifyme.net", true */ 'i', 'd', 'e', 'n', 't', 'i', 'f', 'y', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "identity-hash.online", true */ 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '-', 'h', 'a', 's', 'h', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "identitytheft.gov", true */ 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', 't', 'h', 'e', 'f', 't', '.', 'g', 'o', 'v', '\0',
+  /* "idexxpublicationportal.com", true */ 'i', 'd', 'e', 'x', 'x', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "idgard.de", true */ 'i', 'd', 'g', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "idgateway.co.uk", true */ 'i', 'd', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "idhosts.co.id", true */ 'i', 'd', 'h', 'o', 's', 't', 's', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "idid.tk", true */ 'i', 'd', 'i', 'd', '.', 't', 'k', '\0',
+  /* "idiopolis.org", true */ 'i', 'd', 'i', 'o', 'p', 'o', 'l', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "idiotentruppe.de", true */ 'i', 'd', 'i', 'o', 't', 'e', 'n', 't', 'r', 'u', 'p', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "idmanagement.gov", true */ 'i', 'd', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "idmobile.co.uk", true */ 'i', 'd', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "idndx.com", true */ 'i', 'd', 'n', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "idoc24.com", true */ 'i', 'd', 'o', 'c', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "idolf.dk", true */ 'i', 'd', 'o', 'l', 'f', '.', 'd', 'k', '\0',
+  /* "idolish7.fun", true */ 'i', 'd', 'o', 'l', 'i', 's', 'h', '7', '.', 'f', 'u', 'n', '\0',
+  /* "idolshop.dk", true */ 'i', 'd', 'o', 'l', 's', 'h', 'o', 'p', '.', 'd', 'k', '\0',
+  /* "idontplaydarts.com", true */ 'i', 'd', 'o', 'n', 't', 'p', 'l', 'a', 'y', 'd', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "idranktoomuch.coffee", true */ 'i', 'd', 'r', 'a', 'n', 'k', 't', 'o', 'o', 'm', 'u', 'c', 'h', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "idraulico.roma.it", true */ 'i', 'd', 'r', 'a', 'u', 'l', 'i', 'c', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "idrinktoomuch.coffee", true */ 'i', 'd', 'r', 'i', 'n', 'k', 't', 'o', 'o', 'm', 'u', 'c', 'h', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "idrycleaningi.com", true */ 'i', 'd', 'r', 'y', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "idsafe.co.za", true */ 'i', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "idsoccer.com", true */ 'i', 'd', 's', 'o', 'c', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "idtheft.gov", true */ 'i', 'd', 't', 'h', 'e', 'f', 't', '.', 'g', 'o', 'v', '\0',
+  /* "idubaj.cz", true */ 'i', 'd', 'u', 'b', 'a', 'j', '.', 'c', 'z', '\0',
+  /* "idunno.org", true */ 'i', 'd', 'u', 'n', 'n', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "idvl.de", true */ 'i', 'd', 'v', 'l', '.', 'd', 'e', '\0',
+  /* "ie.search.yahoo.com", false */ 'i', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "iea-annex61.org", true */ 'i', 'e', 'a', '-', 'a', 'n', 'n', 'e', 'x', '6', '1', '.', 'o', 'r', 'g', '\0',
+  /* "iec.pe", true */ 'i', 'e', 'c', '.', 'p', 'e', '\0',
+  /* "ieeesb.nl", true */ 'i', 'e', 'e', 'e', 's', 'b', '.', 'n', 'l', '\0',
+  /* "ieeesbe.nl", true */ 'i', 'e', 'e', 'e', 's', 'b', 'e', '.', 'n', 'l', '\0',
+  /* "ieeespmb.org", true */ 'i', 'e', 'e', 'e', 's', 'p', 'm', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "ieji.de", false */ 'i', 'e', 'j', 'i', '.', 'd', 'e', '\0',
+  /* "iemas.azurewebsites.net", true */ 'i', 'e', 'm', 'a', 's', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "ienakanote.com", false */ 'i', 'e', 'n', 'a', 'k', 'a', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ieval.ro", true */ 'i', 'e', 'v', 'a', 'l', '.', 'r', 'o', '\0',
+  /* "iewar.com", true */ 'i', 'e', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "iexpert9.com", true */ 'i', 'e', 'x', 'p', 'e', 'r', 't', '9', '.', 'c', 'o', 'm', '\0',
+  /* "ifamily.top", false */ 'i', 'f', 'a', 'm', 'i', 'l', 'y', '.', 't', 'o', 'p', '\0',
+  /* "ifan.ch", true */ 'i', 'f', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "ifasec.de", false */ 'i', 'f', 'a', 's', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "ifcfg.me", true */ 'i', 'f', 'c', 'f', 'g', '.', 'm', 'e', '\0',
+  /* "ifconfig.co", true */ 'i', 'f', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'c', 'o', '\0',
+  /* "ifelse.io", true */ 'i', 'f', 'e', 'l', 's', 'e', '.', 'i', 'o', '\0',
+  /* "ifengge.cn", true */ 'i', 'f', 'e', 'n', 'g', 'g', 'e', '.', 'c', 'n', '\0',
+  /* "ifightsurveillance.com", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ifightsurveillance.net", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ifightsurveillance.org", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ifixe.ch", true */ 'i', 'f', 'i', 'x', 'e', '.', 'c', 'h', '\0',
+  /* "iflare.de", true */ 'i', 'f', 'l', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "iformbuilder.com", false */ 'i', 'f', 'o', 'r', 'm', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ifort.fr", true */ 'i', 'f', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "ifosep.fr", true */ 'i', 'f', 'o', 's', 'e', 'p', '.', 'f', 'r', '\0',
+  /* "ifsac.org", true */ 'i', 'f', 's', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "ifsclist.com", true */ 'i', 'f', 's', 'c', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ifsr.de", true */ 'i', 'f', 's', 'r', '.', 'd', 'e', '\0',
+  /* "iftrue.de", true */ 'i', 'f', 't', 'r', 'u', 'e', '.', 'd', 'e', '\0',
+  /* "ifxor.com", true */ 'i', 'f', 'x', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ifyou.live", true */ 'i', 'f', 'y', 'o', 'u', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "iga-semi.jp", true */ 'i', 'g', 'a', '-', 's', 'e', 'm', 'i', '.', 'j', 'p', '\0',
+  /* "igamingforums.com", true */ 'i', 'g', 'a', 'm', 'i', 'n', 'g', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "igd.chat", true */ 'i', 'g', 'd', '.', 'c', 'h', 'a', 't', '\0',
+  /* "igglabs.com", true */ 'i', 'g', 'g', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "iggprivate.com", true */ 'i', 'g', 'g', 'p', 'r', 'i', 'v', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "iggsoft.com", true */ 'i', 'g', 'g', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iggsoftware.com", true */ 'i', 'g', 'g', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "igiftcards.de", true */ 'i', 'g', 'i', 'f', 't', 'c', 'a', 'r', 'd', 's', '.', 'd', 'e', '\0',
+  /* "igimusic.com", true */ 'i', 'g', 'i', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "igk.nz", true */ 'i', 'g', 'k', '.', 'n', 'z', '\0',
+  /* "igm-be.ch", true */ 'i', 'g', 'm', '-', 'b', 'e', '.', 'c', 'h', '\0',
+  /* "igmus.org", true */ 'i', 'g', 'm', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ignace72.eu", true */ 'i', 'g', 'n', 'a', 'c', 'e', '7', '2', '.', 'e', 'u', '\0',
+  /* "ignat.by", true */ 'i', 'g', 'n', 'a', 't', '.', 'b', 'y', '\0',
+  /* "ignatovich.by", true */ 'i', 'g', 'n', 'a', 't', 'o', 'v', 'i', 'c', 'h', '.', 'b', 'y', '\0',
+  /* "ignatovich.me", true */ 'i', 'g', 'n', 'a', 't', 'o', 'v', 'i', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "ignet.gov", true */ 'i', 'g', 'n', 'e', 't', '.', 'g', 'o', 'v', '\0',
+  /* "ignitedmindz.in", true */ 'i', 'g', 'n', 'i', 't', 'e', 'd', 'm', 'i', 'n', 'd', 'z', '.', 'i', 'n', '\0',
+  /* "igorw.org", true */ 'i', 'g', 'o', 'r', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "igotoffer.com", false */ 'i', 'g', 'o', 't', 'o', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "igrivi.com", true */ 'i', 'g', 'r', 'i', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "igsmgmt.com", true */ 'i', 'g', 's', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iguana.com.ec", false */ 'i', 'g', 'u', 'a', 'n', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "ih8sn0w.com", true */ 'i', 'h', '8', 's', 'n', '0', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "ihacklabs.com", true */ 'i', 'h', 'a', 'c', 'k', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ihatethissh.it", true */ 'i', 'h', 'a', 't', 'e', 't', 'h', 'i', 's', 's', 'h', '.', 'i', 't', '\0',
+  /* "ihc.im", true */ 'i', 'h', 'c', '.', 'i', 'm', '\0',
+  /* "ihkk.net", true */ 'i', 'h', 'k', 'k', '.', 'n', 'e', 't', '\0',
+  /* "ihollaback.org", true */ 'i', 'h', 'o', 'l', 'l', 'a', 'b', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ihopeit.works", true */ 'i', 'h', 'o', 'p', 'e', 'i', 't', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "ihostup.net", true */ 'i', 'h', 'o', 's', 't', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "ihrhost.com", true */ 'i', 'h', 'r', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iideaz.org", true */ 'i', 'i', 'd', 'e', 'a', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "iilin.com", false */ 'i', 'i', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "iiong.com", false */ 'i', 'i', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "iirii.com", true */ 'i', 'i', 'r', 'i', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "iix.se", true */ 'i', 'i', 'x', '.', 's', 'e', '\0',
+  /* "ijohan.nl", true */ 'i', 'j', 'o', 'h', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "ijsclubtilburg.nl", true */ 'i', 'j', 's', 'c', 'l', 'u', 'b', 't', 'i', 'l', 'b', 'u', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "ijunohana.jp", true */ 'i', 'j', 'u', 'n', 'o', 'h', 'a', 'n', 'a', '.', 'j', 'p', '\0',
+  /* "ik-life.com", true */ 'i', 'k', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ikachalife.com", true */ 'i', 'k', 'a', 'c', 'h', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ikarate.ru", true */ 'i', 'k', 'a', 'r', 'a', 't', 'e', '.', 'r', 'u', '\0',
+  /* "ike.io", true */ 'i', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "ikeacareers.co.uk", true */ 'i', 'k', 'e', 'a', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ikeyless.com", true */ 'i', 'k', 'e', 'y', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ikiler.com", true */ 'i', 'k', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ikinokori-marketing.com", true */ 'i', 'k', 'i', 'n', 'o', 'k', 'o', 'r', 'i', '-', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ikk.me", true */ 'i', 'k', 'k', '.', 'm', 'e', '\0',
+  /* "ikkatsu-satei.jp", true */ 'i', 'k', 'k', 'a', 't', 's', 'u', '-', 's', 'a', 't', 'e', 'i', '.', 'j', 'p', '\0',
+  /* "ikkoku.de", true */ 'i', 'k', 'k', 'o', 'k', 'u', '.', 'd', 'e', '\0',
+  /* "iklive.org", false */ 'i', 'k', 'l', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ikulist.me", true */ 'i', 'k', 'u', 'l', 'i', 's', 't', '.', 'm', 'e', '\0',
+  /* "ikvts.de", true */ 'i', 'k', 'v', 't', 's', '.', 'd', 'e', '\0',
+  /* "ikwilthepiratebay.org", true */ 'i', 'k', 'w', 'i', 'l', 't', 'h', 'e', 'p', 'i', 'r', 'a', 't', 'e', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ila.fi", true */ 'i', 'l', 'a', '.', 'f', 'i', '\0',
+  /* "ilamparas.at", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'a', 't', '\0',
+  /* "ilamparas.co.uk", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ilamparas.com", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ilamparas.com.co", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "ilamparas.com.ve", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "ilamparas.mx", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'm', 'x', '\0',
+  /* "ilard.fr", true */ 'i', 'l', 'a', 'r', 'd', '.', 'f', 'r', '\0',
+  /* "ilazycat.com", true */ 'i', 'l', 'a', 'z', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ildomani.it", true */ 'i', 'l', 'd', 'o', 'm', 'a', 'n', 'i', '.', 'i', 't', '\0',
+  /* "ile-kalorii.pl", true */ 'i', 'l', 'e', '-', 'k', 'a', 'l', 'o', 'r', 'i', 'i', '.', 'p', 'l', '\0',
+  /* "ile-sapporo.jp", true */ 'i', 'l', 'e', '-', 's', 'a', 'p', 'p', 'o', 'r', 'o', '.', 'j', 'p', '\0',
+  /* "ilektronika-farmakeia-online.gr", true */ 'i', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', 'a', '-', 'f', 'a', 'r', 'm', 'a', 'k', 'e', 'i', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'r', '\0',
+  /* "ilhan.name", true */ 'i', 'l', 'h', 'a', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "iligang.cn", true */ 'i', 'l', 'i', 'g', 'a', 'n', 'g', '.', 'c', 'n', '\0',
+  /* "illambias.ch", true */ 'i', 'l', 'l', 'a', 'm', 'b', 'i', 'a', 's', '.', 'c', 'h', '\0',
+  /* "illich.cz", true */ 'i', 'l', 'l', 'i', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "illicitart.ca", true */ 'i', 'l', 'l', 'i', 'c', 'i', 't', 'a', 'r', 't', '.', 'c', 'a', '\0',
+  /* "illjinx.info", true */ 'i', 'l', 'l', 'j', 'i', 'n', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "illorenese.fr", true */ 'i', 'l', 'l', 'o', 'r', 'e', 'n', 'e', 's', 'e', '.', 'f', 'r', '\0',
+  /* "illsley.org", true */ 'i', 'l', 'l', 's', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "illuminationis.com", true */ 'i', 'l', 'l', 'u', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "illusionephemere.com", true */ 'i', 'l', 'l', 'u', 's', 'i', 'o', 'n', 'e', 'p', 'h', 'e', 'm', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "illuxat.com", true */ 'i', 'l', 'l', 'u', 'x', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ilmataat.ee", true */ 'i', 'l', 'm', 'a', 't', 'a', 'a', 't', '.', 'e', 'e', '\0',
+  /* "ilmiobusinessonline.it", true */ 'i', 'l', 'm', 'i', 'o', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'i', 't', '\0',
+  /* "ilmuk.org", true */ 'i', 'l', 'm', 'u', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ilrg.com", true */ 'i', 'l', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "iltec-prom.ru", true */ 'i', 'l', 't', 'e', 'c', '-', 'p', 'r', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "iltec.ru", true */ 'i', 'l', 't', 'e', 'c', '.', 'r', 'u', '\0',
+  /* "iltisim.ch", true */ 'i', 'l', 't', 'i', 's', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "ilweb.es", true */ 'i', 'l', 'w', 'e', 'b', '.', 'e', 's', '\0',
+  /* "ilya.pp.ua", true */ 'i', 'l', 'y', 'a', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "im-c-shop.com", true */ 'i', 'm', '-', 'c', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "im-design.com.ua", true */ 'i', 'm', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "im2net.com", true */ 'i', 'm', '2', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "im66.net", false */ 'i', 'm', '6', '6', '.', 'n', 'e', 't', '\0',
+  /* "ima-tourcoing.fr", true */ 'i', 'm', 'a', '-', 't', 'o', 'u', 'r', 'c', 'o', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "imacs.org", true */ 'i', 'm', 'a', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "imadalin.ro", true */ 'i', 'm', 'a', 'd', 'a', 'l', 'i', 'n', '.', 'r', 'o', '\0',
+  /* "image-drive.de", true */ 'i', 'm', 'a', 'g', 'e', '-', 'd', 'r', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "image.tf", true */ 'i', 'm', 'a', 'g', 'e', '.', 't', 'f', '\0',
+  /* "imagebin.ca", true */ 'i', 'm', 'a', 'g', 'e', 'b', 'i', 'n', '.', 'c', 'a', '\0',
+  /* "imagefu.com", true */ 'i', 'm', 'a', 'g', 'e', 'f', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "imageination.co", true */ 'i', 'm', 'a', 'g', 'e', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "imagerive.ch", true */ 'i', 'm', 'a', 'g', 'e', 'r', 'i', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "imagescostumes.com", true */ 'i', 'm', 'a', 'g', 'e', 's', 'c', 'o', 's', 't', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imaginair.es", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'i', 'r', '.', 'e', 's', '\0',
+  /* "imaginary.ca", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "imaginarymakings.me", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'r', 'y', 'm', 'a', 'k', 'i', 'n', 'g', 's', '.', 'm', 'e', '\0',
+  /* "imagine-programming.com", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'e', '-', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "imaginetricks.com", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'e', 't', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imagr.io", true */ 'i', 'm', 'a', 'g', 'r', '.', 'i', 'o', '\0',
+  /* "imanageproducts.uk", true */ 'i', 'm', 'a', 'n', 'a', 'g', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '.', 'u', 'k', '\0',
+  /* "imanesdeviaje.com", true */ 'i', 'm', 'a', 'n', 'e', 's', 'd', 'e', 'v', 'i', 'a', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imanhearts.com", true */ 'i', 'm', 'a', 'n', 'h', 'e', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imanolbarba.net", true */ 'i', 'm', 'a', 'n', 'o', 'l', 'b', 'a', 'r', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "imanudin.net", true */ 'i', 'm', 'a', 'n', 'u', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "imarkethost.co.uk", true */ 'i', 'm', 'a', 'r', 'k', 'e', 't', 'h', 'o', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "imawhale.com", true */ 'i', 'm', 'a', 'w', 'h', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imbianchino.roma.it", true */ 'i', 'm', 'b', 'i', 'a', 'n', 'c', 'h', 'i', 'n', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "imbrian.org", true */ 'i', 'm', 'b', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "imbushuo.net", true */ 'i', 'm', 'b', 'u', 's', 'h', 'u', 'o', '.', 'n', 'e', 't', '\0',
+  /* "imcsx.co", true */ 'i', 'm', 'c', 's', 'x', '.', 'c', 'o', '\0',
+  /* "imedi.co.uk", true */ 'i', 'm', 'e', 'd', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "imedi.it", true */ 'i', 'm', 'e', 'd', 'i', '.', 'i', 't', '\0',
+  /* "imedikament.de", true */ 'i', 'm', 'e', 'd', 'i', 'k', 'a', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "imeds.pl", true */ 'i', 'm', 'e', 'd', 's', '.', 'p', 'l', '\0',
+  /* "imefuniversitario.org", true */ 'i', 'm', 'e', 'f', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'a', 'r', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "imex-dtp.com", true */ 'i', 'm', 'e', 'x', '-', 'd', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "imforza.com", true */ 'i', 'm', 'f', 'o', 'r', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "imga.ch", true */ 'i', 'm', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "imgaa.com", true */ 'i', 'm', 'g', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "imgg.es", true */ 'i', 'm', 'g', 'g', '.', 'e', 's', '\0',
+  /* "imgul.net", true */ 'i', 'm', 'g', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "imguoguo.com", true */ 'i', 'm', 'g', 'u', 'o', 'g', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "imguploaden.nl", true */ 'i', 'm', 'g', 'u', 'p', 'l', 'o', 'a', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "imi-rhapsody.eu", true */ 'i', 'm', 'i', '-', 'r', 'h', 'a', 'p', 's', 'o', 'd', 'y', '.', 'e', 'u', '\0',
+  /* "imirhil.fr", true */ 'i', 'm', 'i', 'r', 'h', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "imitza.com", true */ 'i', 'm', 'i', 't', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "imjad.cn", true */ 'i', 'm', 'j', 'a', 'd', '.', 'c', 'n', '\0',
+  /* "imjustcreative.com", true */ 'i', 'm', 'j', 'u', 's', 't', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imkerei-freilinger.de", true */ 'i', 'm', 'k', 'e', 'r', 'e', 'i', '-', 'f', 'r', 'e', 'i', 'l', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "imkerverein-moenchswald.de", true */ 'i', 'm', 'k', 'e', 'r', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'm', 'o', 'e', 'n', 'c', 'h', 's', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "imlinan.com", true */ 'i', 'm', 'l', 'i', 'n', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "imlonghao.com", true */ 'i', 'm', 'l', 'o', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "immanuel60.hu", true */ 'i', 'm', 'm', 'a', 'n', 'u', 'e', 'l', '6', '0', '.', 'h', 'u', '\0',
+  /* "immersivewebportal.com", true */ 'i', 'm', 'm', 'e', 'r', 's', 'i', 'v', 'e', 'w', 'e', 'b', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "immigrationdirect.com.au", true */ 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "immo-passion.net", true */ 'i', 'm', 'm', 'o', '-', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "immo-vk.de", true */ 'i', 'm', 'm', 'o', '-', 'v', 'k', '.', 'd', 'e', '\0',
+  /* "immobilien-badlippspringe.de", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 'b', 'a', 'd', 'l', 'i', 'p', 'p', 's', 'p', 'r', 'i', 'n', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "immobilien-wallat.de", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 'w', 'a', 'l', 'l', 'a', 't', '.', 'd', 'e', '\0',
+  /* "immobilier-nice.fr", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '-', 'n', 'i', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "immobilier92.net", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '9', '2', '.', 'n', 'e', 't', '\0',
+  /* "immobiza.com", false */ 'i', 'm', 'm', 'o', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "immortal.run", true */ 'i', 'm', 'm', 'o', 'r', 't', 'a', 'l', '.', 'r', 'u', 'n', '\0',
+  /* "imokuri123.com", true */ 'i', 'm', 'o', 'k', 'u', 'r', 'i', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "imoner.com", true */ 'i', 'm', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "imoner.ga", true */ 'i', 'm', 'o', 'n', 'e', 'r', '.', 'g', 'a', '\0',
+  /* "imouyang.com", true */ 'i', 'm', 'o', 'u', 'y', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "impact.health.nz", true */ 'i', 'm', 'p', 'a', 'c', 't', '.', 'h', 'e', 'a', 'l', 't', 'h', '.', 'n', 'z', '\0',
+  /* "impacter.eu", true */ 'i', 'm', 'p', 'a', 'c', 't', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "impactfestival.be", true */ 'i', 'm', 'p', 'a', 'c', 't', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'b', 'e', '\0',
+  /* "impactpub.ch", true */ 'i', 'm', 'p', 'a', 'c', 't', 'p', 'u', 'b', '.', 'c', 'h', '\0',
+  /* "impakho.com", true */ 'i', 'm', 'p', 'a', 'k', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "impas.se", true */ 'i', 'm', 'p', 'a', 's', '.', 's', 'e', '\0',
+  /* "imperdin.com", true */ 'i', 'm', 'p', 'e', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "imperial-legrand.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', '-', 'l', 'e', 'g', 'r', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "imperialmiami.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', 'm', 'i', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "imperialonlinestore.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imperiumnova.info", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'u', 'm', 'n', 'o', 'v', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "impex.com.bd", true */ 'i', 'm', 'p', 'e', 'x', '.', 'c', 'o', 'm', '.', 'b', 'd', '\0',
+  /* "impiantistica.org", true */ 'i', 'm', 'p', 'i', 'a', 'n', 't', 'i', 's', 't', 'i', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "impotsimple.ca", true */ 'i', 'm', 'p', 'o', 't', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "imppac.de", true */ 'i', 'm', 'p', 'p', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "imprendo.co", true */ 'i', 'm', 'p', 'r', 'e', 'n', 'd', 'o', '.', 'c', 'o', '\0',
+  /* "imprendo.pro", true */ 'i', 'm', 'p', 'r', 'e', 'n', 'd', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "impresa-pulizie.it", true */ 'i', 'm', 'p', 'r', 'e', 's', 'a', '-', 'p', 'u', 'l', 'i', 'z', 'i', 'e', '.', 'i', 't', '\0',
+  /* "improklinikken.dk", true */ 'i', 'm', 'p', 'r', 'o', 'k', 'l', 'i', 'n', 'i', 'k', 'k', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "improvingwp.com", true */ 'i', 'm', 'p', 'r', 'o', 'v', 'i', 'n', 'g', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "impulse-clan.de", true */ 'i', 'm', 'p', 'u', 'l', 's', 'e', '-', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "impulsionsa.com", true */ 'i', 'm', 'p', 'u', 'l', 's', 'i', 'o', 'n', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "impyus.com", true */ 'i', 'm', 'p', 'y', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imququ.com", true */ 'i', 'm', 'q', 'u', 'q', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "imreh.net", true */ 'i', 'm', 'r', 'e', 'h', '.', 'n', 'e', 't', '\0',
+  /* "imrejonk.nl", false */ 'i', 'm', 'r', 'e', 'j', 'o', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "imrunner.com", true */ 'i', 'm', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "imrunner.ru", true */ 'i', 'm', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "ims-sargans.ch", true */ 'i', 'm', 's', '-', 's', 'a', 'r', 'g', 'a', 'n', 's', '.', 'c', 'h', '\0',
+  /* "in-depthoutdoors.com", true */ 'i', 'n', '-', 'd', 'e', 'p', 't', 'h', 'o', 'u', 't', 'd', 'o', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "in-flames.com", true */ 'i', 'n', '-', 'f', 'l', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "in.search.yahoo.com", false */ 'i', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "in.xero.com", false */ 'i', 'n', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "in10tion.com", false */ 'i', 'n', '1', '0', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "inabox.ro", true */ 'i', 'n', 'a', 'b', 'o', 'x', '.', 'r', 'o', '\0',
+  /* "inait.ai", true */ 'i', 'n', 'a', 'i', 't', '.', 'a', 'i', '\0',
+  /* "inandeyes.com", true */ 'i', 'n', 'a', 'n', 'd', 'e', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inanyevent.london", true */ 'i', 'n', 'a', 'n', 'y', 'e', 'v', 'e', 'n', 't', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "inares.org", true */ 'i', 'n', 'a', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "inbitcoin.it", true */ 'i', 'n', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 't', '\0',
+  /* "inbounder.io", true */ 'i', 'n', 'b', 'o', 'u', 'n', 'd', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "inbox-group.com", true */ 'i', 'n', 'b', 'o', 'x', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "inbox.google.com", true */ 'i', 'n', 'b', 'o', 'x', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inboxen.org", true */ 'i', 'n', 'b', 'o', 'x', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "inceptionradionetwork.com", true */ 'i', 'n', 'c', 'e', 'p', 't', 'i', 'o', 'n', 'r', 'a', 'd', 'i', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "inchcape-fleet-autobid.co.uk", true */ 'i', 'n', 'c', 'h', 'c', 'a', 'p', 'e', '-', 'f', 'l', 'e', 'e', 't', '-', 'a', 'u', 't', 'o', 'b', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "includesubdomains.preloaded.test", true */ 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0',
+  /* "includesubdomains2.preloaded.test", true */ 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '2', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0',
+  /* "incommon.io", true */ 'i', 'n', 'c', 'o', 'm', 'm', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "inconcerts.de", true */ 'i', 'n', 'c', 'o', 'n', 'c', 'e', 'r', 't', 's', '.', 'd', 'e', '\0',
+  /* "incontrixsingle.net", true */ 'i', 'n', 'c', 'o', 'n', 't', 'r', 'i', 'x', 's', 'i', 'n', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "incowrimo.org", true */ 'i', 'n', 'c', 'o', 'w', 'r', 'i', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "incparadise.net", true */ 'i', 'n', 'c', 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "incubos.org", true */ 'i', 'n', 'c', 'u', 'b', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ind.ie", true */ 'i', 'n', 'd', '.', 'i', 'e', '\0',
+  /* "indarceky.sk", false */ 'i', 'n', 'd', 'a', 'r', 'c', 'e', 'k', 'y', '.', 's', 'k', '\0',
+  /* "indecipherable.info", true */ 'i', 'n', 'd', 'e', 'c', 'i', 'p', 'h', 'e', 'r', 'a', 'b', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "independencerecovery.com", true */ 'i', 'n', 'd', 'e', 'p', 'e', 'n', 'd', 'e', 'n', 'c', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "independent-operators.com", true */ 'i', 'n', 'd', 'e', 'p', 'e', 'n', 'd', 'e', 'n', 't', '-', 'o', 'p', 'e', 'r', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inderagamono.net", true */ 'i', 'n', 'd', 'e', 'r', 'a', 'g', 'a', 'm', 'o', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "indesit-training.com", true */ 'i', 'n', 'd', 'e', 's', 'i', 't', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "index-games.com", true */ 'i', 'n', 'd', 'e', 'x', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "index-mp3.com", true */ 'i', 'n', 'd', 'e', 'x', '-', 'm', 'p', '3', '.', 'c', 'o', 'm', '\0',
+  /* "indiaflowermall.com", true */ 'i', 'n', 'd', 'i', 'a', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "indian-elephant.com", true */ 'i', 'n', 'd', 'i', 'a', 'n', '-', 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "indianaantlersupply.com", true */ 'i', 'n', 'd', 'i', 'a', 'n', 'a', 'a', 'n', 't', 'l', 'e', 'r', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "indiawise.co.uk", true */ 'i', 'n', 'd', 'i', 'a', 'w', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "indieethos.com", true */ 'i', 'n', 'd', 'i', 'e', 'e', 't', 'h', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "indiegame.space", true */ 'i', 'n', 'd', 'i', 'e', 'g', 'a', 'm', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "indievelopment.nl", true */ 'i', 'n', 'd', 'i', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "indigoinflatables.com", true */ 'i', 'n', 'd', 'i', 'g', 'o', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "indigosakura.com", true */ 'i', 'n', 'd', 'i', 'g', 'o', 's', 'a', 'k', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "indilens.com", true */ 'i', 'n', 'd', 'i', 'l', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inditip.com", true */ 'i', 'n', 'd', 'i', 't', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "indogerman.de", false */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "indogermanstartup.com", true */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "indogermantrade.de", true */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', 't', 'r', 'a', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "indoorplantsexpert.com", true */ 'i', 'n', 'd', 'o', 'o', 'r', 'p', 'l', 'a', 'n', 't', 's', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "indostar303.com", true */ 'i', 'n', 'd', 'o', 's', 't', 'a', 'r', '3', '0', '3', '.', 'c', 'o', 'm', '\0',
+  /* "indovinabank.com.vn", true */ 'i', 'n', 'd', 'o', 'v', 'i', 'n', 'a', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'v', 'n', '\0',
+  /* "indusap.com", true */ 'i', 'n', 'd', 'u', 's', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "indusfastremit-ca.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '-', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "indusfastremit-us.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '-', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "indusfastremit.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "indust.me", true */ 'i', 'n', 'd', 'u', 's', 't', '.', 'm', 'e', '\0',
+  /* "industrialstarter.com", true */ 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'a', 'l', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "indybay.org", true */ 'i', 'n', 'd', 'y', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ineardisplay.com", true */ 'i', 'n', 'e', 'a', 'r', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "inebula.it", true */ 'i', 'n', 'e', 'b', 'u', 'l', 'a', '.', 'i', 't', '\0',
+  /* "ineed.coffee", true */ 'i', 'n', 'e', 'e', 'd', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "inertianetworks.com", true */ 'i', 'n', 'e', 'r', 't', 'i', 'a', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inesta.nl", true */ 'i', 'n', 'e', 's', 't', 'a', '.', 'n', 'l', '\0',
+  /* "inet.se", true */ 'i', 'n', 'e', 't', '.', 's', 'e', '\0',
+  /* "inetpub.cn", true */ 'i', 'n', 'e', 't', 'p', 'u', 'b', '.', 'c', 'n', '\0',
+  /* "inetserver.eu", true */ 'i', 'n', 'e', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "inexlog.fr", true */ 'i', 'n', 'e', 'x', 'l', 'o', 'g', '.', 'f', 'r', '\0',
+  /* "inficom.org", true */ 'i', 'n', 'f', 'i', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "infinether.net", true */ 'i', 'n', 'f', 'i', 'n', 'e', 't', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "infinitegroup.info", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "infinitiofallentownparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'a', 'l', 'l', 'e', 'n', 't', 'o', 'w', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinitiofaugustaparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'a', 'u', 'g', 'u', 's', 't', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinitioflynnwoodparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'l', 'y', 'n', 'n', 'w', 'o', 'o', 'd', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinitiofmarinparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'm', 'a', 'r', 'i', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinity.to", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 't', 'o', '\0',
+  /* "infinitybas.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinityengine.org", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "infinityepos.co.uk", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'e', 'p', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "infirmieredevie.ch", true */ 'i', 'n', 'f', 'i', 'r', 'm', 'i', 'e', 'r', 'e', 'd', 'e', 'v', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "inflatablehire-scotland.co.uk", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '-', 's', 'c', 'o', 't', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "inflatablesny.com", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "inflatamania.com", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "inflexsys.com", true */ 'i', 'n', 'f', 'l', 'e', 'x', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "influencerchampions.com", true */ 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "influo.com", true */ 'i', 'n', 'f', 'l', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "influxus.com", false */ 'i', 'n', 'f', 'l', 'u', 'x', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infmed.com", true */ 'i', 'n', 'f', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "info-bay.com", true */ 'i', 'n', 'f', 'o', '-', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "info-beamer.com", true */ 'i', 'n', 'f', 'o', '-', 'b', 'e', 'a', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "info-d-74.com", true */ 'i', 'n', 'f', 'o', '-', 'd', '-', '7', '4', '.', 'c', 'o', 'm', '\0',
+  /* "info-screen.me", true */ 'i', 'n', 'f', 'o', '-', 's', 'c', 'r', 'e', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "info-screw.com", true */ 'i', 'n', 'f', 'o', '-', 's', 'c', 'r', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "infocity-tech.fr", true */ 'i', 'n', 'f', 'o', 'c', 'i', 't', 'y', '-', 't', 'e', 'c', 'h', '.', 'f', 'r', '\0',
+  /* "infocommsociety.com", true */ 'i', 'n', 'f', 'o', 'c', 'o', 'm', 'm', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "infomegastore.com", true */ 'i', 'n', 'f', 'o', 'm', 'e', 'g', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "infomisto.com", true */ 'i', 'n', 'f', 'o', 'm', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "infopagina.es", true */ 'i', 'n', 'f', 'o', 'p', 'a', 'g', 'i', 'n', 'a', '.', 'e', 's', '\0',
+  /* "infopier.sg", true */ 'i', 'n', 'f', 'o', 'p', 'i', 'e', 'r', '.', 's', 'g', '\0',
+  /* "infopulsa.com", true */ 'i', 'n', 'f', 'o', 'p', 'u', 'l', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "inforisposte.com", true */ 'i', 'n', 'f', 'o', 'r', 'i', 's', 'p', 'o', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "informatiebeveiliging.nl", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'e', 'b', 'e', 'v', 'e', 'i', 'l', 'i', 'g', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "informatik-handwerk.de", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '-', 'h', 'a', 'n', 'd', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "informationrx.org", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 'r', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "informnapalm.org", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'n', 'a', 'p', 'a', 'l', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "infosec.ch", true */ 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'c', 'h', '\0',
+  /* "infosec.exchange", true */ 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '\0',
+  /* "infosenior.ch", true */ 'i', 'n', 'f', 'o', 's', 'e', 'n', 'i', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "infotainworld.com", true */ 'i', 'n', 'f', 'o', 't', 'a', 'i', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "infotolium.com", true */ 'i', 'n', 'f', 'o', 't', 'o', 'l', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "infotune.nl", true */ 'i', 'n', 'f', 'o', 't', 'u', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "infovae-idf.com", true */ 'i', 'n', 'f', 'o', 'v', 'a', 'e', '-', 'i', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "infovision-france.com", true */ 'i', 'n', 'f', 'o', 'v', 'i', 's', 'i', 'o', 'n', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "infoweb.ee", true */ 'i', 'n', 'f', 'o', 'w', 'e', 'b', '.', 'e', 'e', '\0',
+  /* "infra-con.dk", false */ 'i', 'n', 'f', 'r', 'a', '-', 'c', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "infrapirtis.lt", true */ 'i', 'n', 'f', 'r', 'a', 'p', 'i', 'r', 't', 'i', 's', '.', 'l', 't', '\0',
+  /* "ingalabs.hu", true */ 'i', 'n', 'g', 'a', 'l', 'a', 'b', 's', '.', 'h', 'u', '\0',
+  /* "ingalls.run", true */ 'i', 'n', 'g', 'a', 'l', 'l', 's', '.', 'r', 'u', 'n', '\0',
+  /* "ingber.com", true */ 'i', 'n', 'g', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "inge-r.nl", true */ 'i', 'n', 'g', 'e', '-', 'r', '.', 'n', 'l', '\0',
+  /* "ingeeibach.de", true */ 'i', 'n', 'g', 'e', 'e', 'i', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "ingenium.si", true */ 'i', 'n', 'g', 'e', 'n', 'i', 'u', 'm', '.', 's', 'i', '\0',
+  /* "ingenius.ws", true */ 'i', 'n', 'g', 'e', 'n', 'i', 'u', 's', '.', 'w', 's', '\0',
+  /* "ingerhy.com", true */ 'i', 'n', 'g', 'e', 'r', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ingjobs.ch", true */ 'i', 'n', 'g', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "inglesnarede.com.br", true */ 'i', 'n', 'g', 'l', 'e', 's', 'n', 'a', 'r', 'e', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ingo-schlueter.de", true */ 'i', 'n', 'g', 'o', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ingoschlueter.de", true */ 'i', 'n', 'g', 'o', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ingresscode.cn", true */ 'i', 'n', 'g', 'r', 'e', 's', 's', 'c', 'o', 'd', 'e', '.', 'c', 'n', '\0',
+  /* "inhaltsangabe.de", true */ 'i', 'n', 'h', 'a', 'l', 't', 's', 'a', 'n', 'g', 'a', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "inheritestate.com", true */ 'i', 'n', 'h', 'e', 'r', 'i', 't', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inhive.group", true */ 'i', 'n', 'h', 'i', 'v', 'e', '.', 'g', 'r', 'o', 'u', 'p', '\0',
+  /* "inhouseents.co.uk", true */ 'i', 'n', 'h', 'o', 'u', 's', 'e', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "iniiter.com", true */ 'i', 'n', 'i', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "inima.org", true */ 'i', 'n', 'i', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "inios.fr", false */ 'i', 'n', 'i', 'o', 's', '.', 'f', 'r', '\0',
+  /* "inishbofin.ie", true */ 'i', 'n', 'i', 's', 'h', 'b', 'o', 'f', 'i', 'n', '.', 'i', 'e', '\0',
+  /* "initq.net", true */ 'i', 'n', 'i', 't', 'q', '.', 'n', 'e', 't', '\0',
+  /* "initramfs.io", true */ 'i', 'n', 'i', 't', 'r', 'a', 'm', 'f', 's', '.', 'i', 'o', '\0',
+  /* "initrd.net", true */ 'i', 'n', 'i', 't', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "inixal.com", true */ 'i', 'n', 'i', 'x', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "injust.eu.org", true */ 'i', 'n', 'j', 'u', 's', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ink.horse", true */ 'i', 'n', 'k', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "inkable.com.au", true */ 'i', 'n', 'k', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "inkbunny.net", false */ 'i', 'n', 'k', 'b', 'u', 'n', 'n', 'y', '.', 'n', 'e', 't', '\0',
+  /* "inkhor.se", true */ 'i', 'n', 'k', 'h', 'o', 'r', '.', 's', 'e', '\0',
+  /* "inkontriamoci.com", true */ 'i', 'n', 'k', 'o', 'n', 't', 'r', 'i', 'a', 'm', 'o', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "inksay.com", true */ 'i', 'n', 'k', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "inkthemes.com", true */ 'i', 'n', 'k', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inline-sport.cz", true */ 'i', 'n', 'l', 'i', 'n', 'e', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0',
+  /* "inlink.ee", true */ 'i', 'n', 'l', 'i', 'n', 'k', '.', 'e', 'e', '\0',
+  /* "inmaps.xyz", true */ 'i', 'n', 'm', 'a', 'p', 's', '.', 'x', 'y', 'z', '\0',
+  /* "inmateintake.com", true */ 'i', 'n', 'm', 'a', 't', 'e', 'i', 'n', 't', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inme.ga", true */ 'i', 'n', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "inmobillium.fr", true */ 'i', 'n', 'm', 'o', 'b', 'i', 'l', 'l', 'i', 'u', 'm', '.', 'f', 'r', '\0',
+  /* "inmusrv.de", true */ 'i', 'n', 'm', 'u', 's', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "innerfence.com", true */ 'i', 'n', 'n', 'e', 'r', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "innerform.com", true */ 'i', 'n', 'n', 'e', 'r', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "innermostparts.org", true */ 'i', 'n', 'n', 'e', 'r', 'm', 'o', 's', 't', 'p', 'a', 'r', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "innit.be", true */ 'i', 'n', 'n', 'i', 't', '.', 'b', 'e', '\0',
+  /* "innoloop.com", true */ 'i', 'n', 'n', 'o', 'l', 'o', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "innophate-security.com", true */ 'i', 'n', 'n', 'o', 'p', 'h', 'a', 't', 'e', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "innoteil.com", true */ 'i', 'n', 'n', 'o', 't', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "innovamag.ca", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'm', 'a', 'g', '.', 'c', 'a', '\0',
+  /* "innovaptor.at", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'p', 't', 'o', 'r', '.', 'a', 't', '\0',
+  /* "innovaptor.com", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "innovation-workshop.ro", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '-', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'r', 'o', '\0',
+  /* "innovation.gov", false */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "innovativebuildingsolutions.co.za", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'v', 'e', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "innovativeideaz.org", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'v', 'e', 'i', 'd', 'e', 'a', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "innoventure.de", true */ 'i', 'n', 'n', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "innsalzachsingles.de", true */ 'i', 'n', 'n', 's', 'a', 'l', 'z', 'a', 'c', 'h', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0',
+  /* "innwan.com", true */ 'i', 'n', 'n', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "inoa8.com", true */ 'i', 'n', 'o', 'a', '8', '.', 'c', 'o', 'm', '\0',
+  /* "inobun.jp", true */ 'i', 'n', 'o', 'b', 'u', 'n', '.', 'j', 'p', '\0',
+  /* "inorder.website", true */ 'i', 'n', 'o', 'r', 'd', 'e', 'r', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "inovat.ma", true */ 'i', 'n', 'o', 'v', 'a', 't', '.', 'm', 'a', '\0',
+  /* "inovatec.com", true */ 'i', 'n', 'o', 'v', 'a', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "inoxio.de", true */ 'i', 'n', 'o', 'x', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "inpas.co.uk", true */ 'i', 'n', 'p', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ins1gn1a.com", true */ 'i', 'n', 's', '1', 'g', 'n', '1', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "insane.zone", true */ 'i', 'n', 's', 'a', 'n', 'e', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "insblauehinein.nl", true */ 'i', 'n', 's', 'b', 'l', 'a', 'u', 'e', 'h', 'i', 'n', 'e', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "inschrijfformulier.com", true */ 'i', 'n', 's', 'c', 'h', 'r', 'i', 'j', 'f', 'f', 'o', 'r', 'm', 'u', 'l', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "insertcoins.net", true */ 'i', 'n', 's', 'e', 'r', 't', 'c', 'o', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "insgesamt.net", true */ 'i', 'n', 's', 'g', 'e', 's', 'a', 'm', 't', '.', 'n', 'e', 't', '\0',
+  /* "inshapenutrition.com.br", true */ 'i', 'n', 's', 'h', 'a', 'p', 'e', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "insho.fashion", false */ 'i', 'n', 's', 'h', 'o', '.', 'f', 'a', 's', 'h', 'i', 'o', 'n', '\0',
+  /* "insideaudit.com", true */ 'i', 'n', 's', 'i', 'd', 'e', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "insidethefirewall.tk", true */ 'i', 'n', 's', 'i', 'd', 'e', 't', 'h', 'e', 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', '.', 't', 'k', '\0',
+  /* "insightera.co.th", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'e', 'r', 'a', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "insighti.com", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "insighti.eu", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'e', 'u', '\0',
+  /* "insighti.org", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "insighti.sk", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 's', 'k', '\0',
+  /* "insinuator.net", true */ 'i', 'n', 's', 'i', 'n', 'u', 'a', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "insolent.ch", true */ 'i', 'n', 's', 'o', 'l', 'e', 'n', 't', '.', 'c', 'h', '\0',
+  /* "insping.com", true */ 'i', 'n', 's', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "inspirationalquotesuk.co.uk", true */ 'i', 'n', 's', 'p', 'i', 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'q', 'u', 'o', 't', 'e', 's', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "inspired-lua.org", true */ 'i', 'n', 's', 'p', 'i', 'r', 'e', 'd', '-', 'l', 'u', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "insside.net", true */ 'i', 'n', 's', 's', 'i', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "inst.mobi", true */ 'i', 'n', 's', 't', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "instafind.nl", true */ 'i', 'n', 's', 't', 'a', 'f', 'i', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "instagram-atom.appspot.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', '-', 'a', 't', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "instagrammernews.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', 'm', 'e', 'r', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "instagramtweet.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', 't', 'w', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "installgentoo.net", true */ 'i', 'n', 's', 't', 'a', 'l', 'l', 'g', 'e', 'n', 't', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "instant-hack.io", true */ 'i', 'n', 's', 't', 'a', 'n', 't', '-', 'h', 'a', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "instant.io", true */ 'i', 'n', 's', 't', 'a', 'n', 't', '.', 'i', 'o', '\0',
+  /* "instantkhabar.com", true */ 'i', 'n', 's', 't', 'a', 'n', 't', 'k', 'h', 'a', 'b', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "instantsubs.de", true */ 'i', 'n', 's', 't', 'a', 'n', 't', 's', 'u', 'b', 's', '.', 'd', 'e', '\0',
+  /* "instava.cz", true */ 'i', 'n', 's', 't', 'a', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "instawi.com", true */ 'i', 'n', 's', 't', 'a', 'w', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "instela.com", true */ 'i', 'n', 's', 't', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "instelikes.com.br", true */ 'i', 'n', 's', 't', 'e', 'l', 'i', 'k', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "instics.com", true */ 'i', 'n', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "instinctive.io", true */ 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 'i', 'v', 'e', '.', 'i', 'o', '\0',
+  /* "instinctiveads.com", true */ 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 'i', 'v', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "institut-confucius-montpellier.org", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', '-', 'c', 'o', 'n', 'f', 'u', 'c', 'i', 'u', 's', '-', 'm', 'o', 'n', 't', 'p', 'e', 'l', 'l', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "institutmaupertuis.hopto.org", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'm', 'a', 'u', 'p', 'e', 'r', 't', 'u', 'i', 's', '.', 'h', 'o', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "institutulcultural.ro", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'u', 'l', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'r', 'o', '\0',
+  /* "instrumart.ru", false */ 'i', 'n', 's', 't', 'r', 'u', 'm', 'a', 'r', 't', '.', 'r', 'u', '\0',
+  /* "insult.es", true */ 'i', 'n', 's', 'u', 'l', 't', '.', 'e', 's', '\0',
+  /* "int-ext-design.fr", true */ 'i', 'n', 't', '-', 'e', 'x', 't', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'r', '\0',
+  /* "int-ma.in", true */ 'i', 'n', 't', '-', 'm', 'a', '.', 'i', 'n', '\0',
+  /* "intafe.co.jp", true */ 'i', 'n', 't', 'a', 'f', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "intarweb.ca", true */ 'i', 'n', 't', 'a', 'r', 'w', 'e', 'b', '.', 'c', 'a', '\0',
+  /* "integraelchen.de", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'e', 'l', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "integralblue.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'l', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "integralkk.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'l', 'k', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "integratedmedicalonline.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "integrationinc.com", false */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'i', 'o', 'n', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "integraxor.com.tw", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'x', 'o', 'r', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "integrity.gov", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "integrityingovernmentidaho.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', 'i', 'n', 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', 'i', 'd', 'a', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "integrityoklahoma.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "integrogroup.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "integromat.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "intelbet.es", true */ 'i', 'n', 't', 'e', 'l', 'b', 'e', 't', '.', 'e', 's', '\0',
+  /* "intelbet.ro", true */ 'i', 'n', 't', 'e', 'l', 'b', 'e', 't', '.', 'r', 'o', '\0',
+  /* "intellar.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "intellectdynamics.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'e', 'c', 't', 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intelligence-explosion.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '-', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "intellinetixvibration.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'i', 'n', 'e', 't', 'i', 'x', 'v', 'i', 'b', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "intencje.pl", true */ 'i', 'n', 't', 'e', 'n', 'c', 'j', 'e', '.', 'p', 'l', '\0',
+  /* "intensifyrsvp.com.au", true */ 'i', 'n', 't', 'e', 'n', 's', 'i', 'f', 'y', 'r', 's', 'v', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "inter-corporate.com", true */ 'i', 'n', 't', 'e', 'r', '-', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inter-culinarium.com", true */ 'i', 'n', 't', 'e', 'r', '-', 'c', 'u', 'l', 'i', 'n', 'a', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "interaffairs.com", true */ 'i', 'n', 't', 'e', 'r', 'a', 'f', 'f', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "interasistmen.se", true */ 'i', 'n', 't', 'e', 'r', 'a', 's', 'i', 's', 't', 'm', 'e', 'n', '.', 's', 'e', '\0',
+  /* "interchangedesign.com", true */ 'i', 'n', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "interchanges.io", true */ 'i', 'n', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'g', 'e', 's', '.', 'i', 'o', '\0',
+  /* "intercom.com", true */ 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "intercom.io", true */ 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "interessiert-uns.net", true */ 'i', 'n', 't', 'e', 'r', 'e', 's', 's', 'i', 'e', 'r', 't', '-', 'u', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "interfesse.net", true */ 'i', 'n', 't', 'e', 'r', 'f', 'e', 's', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "interfloraservices.co.uk", true */ 'i', 'n', 't', 'e', 'r', 'f', 'l', 'o', 'r', 'a', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "interflores.com.br", true */ 'i', 'n', 't', 'e', 'r', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "interfug.de", true */ 'i', 'n', 't', 'e', 'r', 'f', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "interimages.fr", true */ 'i', 'n', 't', 'e', 'r', 'i', 'm', 'a', 'g', 'e', 's', '.', 'f', 'r', '\0',
+  /* "interiorcheapo.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 'c', 'h', 'e', 'a', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "interiordesignsconcept.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "interisaudit.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 's', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "interlingvo.biz", true */ 'i', 'n', 't', 'e', 'r', 'l', 'i', 'n', 'g', 'v', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "intermax.nl", true */ 'i', 'n', 't', 'e', 'r', 'm', 'a', 'x', '.', 'n', 'l', '\0',
+  /* "intermedinet.nl", true */ 'i', 'n', 't', 'e', 'r', 'm', 'e', 'd', 'i', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "internaluse.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 'l', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "international-arbitration-attorney.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '-', 'a', 'r', 'b', 'i', 't', 'r', 'a', 't', 'i', 'o', 'n', '-', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "internationalfashionjobs.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'f', 'a', 's', 'h', 'i', 'o', 'n', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "internaut.co.za", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 'u', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "internect.co.za", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 'c', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "internetaanbieders.eu", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'a', 'a', 'n', 'b', 'i', 'e', 'd', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "internetbank.swedbank.se", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "internetbugbounty.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'u', 'g', 'b', 'o', 'u', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "internetbugbounty.org", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'u', 'g', 'b', 'o', 'u', 'n', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "internetcom.jp", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'c', 'o', 'm', '.', 'j', 'p', '\0',
+  /* "internethealthreport.org", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'h', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "internethering.de", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "internetinhetbuitengebied.nl", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'i', 'n', 'h', 'e', 't', 'b', 'u', 'i', 't', 'e', 'n', 'g', 'e', 'b', 'i', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "internetmarkets.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'm', 'a', 'r', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "internetofdon.gs", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'f', 'd', 'o', 'n', '.', 'g', 's', '\0',
+  /* "internetoffensive.fail", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'f', 'f', 'e', 'n', 's', 'i', 'v', 'e', '.', 'f', 'a', 'i', 'l', '\0',
+  /* "internetovehazardnihry.cz", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'v', 'e', 'h', 'a', 'z', 'a', 'r', 'd', 'n', 'i', 'h', 'r', 'y', '.', 'c', 'z', '\0',
+  /* "internetstaff.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 's', 't', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "internetzentrale.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'z', 'e', 'n', 't', 'r', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "interociter-enterprises.com", true */ 'i', 'n', 't', 'e', 'r', 'o', 'c', 'i', 't', 'e', 'r', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "interracial.dating", true */ 'i', 'n', 't', 'e', 'r', 'r', 'a', 'c', 'i', 'a', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "interseller.io", true */ 'i', 'n', 't', 'e', 'r', 's', 'e', 'l', 'l', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "intertime.services", true */ 'i', 'n', 't', 'e', 'r', 't', 'i', 'm', 'e', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "interview-suite.com", true */ 'i', 'n', 't', 'e', 'r', 'v', 'i', 'e', 'w', '-', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "interways.de", true */ 'i', 'n', 't', 'e', 'r', 'w', 'a', 'y', 's', '.', 'd', 'e', '\0',
+  /* "intheater.de", true */ 'i', 'n', 't', 'h', 'e', 'a', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "inthepicture.com", true */ 'i', 'n', 't', 'h', 'e', 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inthouse.cloud", true */ 'i', 'n', 't', 'h', 'o', 'u', 's', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "intimastoreatacado.com.br", true */ 'i', 'n', 't', 'i', 'm', 'a', 's', 't', 'o', 'r', 'e', 'a', 't', 'a', 'c', 'a', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "intl-webs.com", true */ 'i', 'n', 't', 'l', '-', 'w', 'e', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intmissioncenter.org", true */ 'i', 'n', 't', 'm', 'i', 's', 's', 'i', 'o', 'n', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "into.technology", true */ 'i', 'n', 't', 'o', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "inton.biz", true */ 'i', 'n', 't', 'o', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "intoparking.com", false */ 'i', 'n', 't', 'o', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "intracom.com", true */ 'i', 'n', 't', 'r', 'a', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "intradayseasonals.com", true */ 'i', 'n', 't', 'r', 'a', 'd', 'a', 'y', 's', 'e', 'a', 's', 'o', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intramanager.co.uk", true */ 'i', 'n', 't', 'r', 'a', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "intramanager.dk", true */ 'i', 'n', 't', 'r', 'a', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "intranetsec-regionra.fr", true */ 'i', 'n', 't', 'r', 'a', 'n', 'e', 't', 's', 'e', 'c', '-', 'r', 'e', 'g', 'i', 'o', 'n', 'r', 'a', '.', 'f', 'r', '\0',
+  /* "intraobes.com", true */ 'i', 'n', 't', 'r', 'a', 'o', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intrasoft.com.au", true */ 'i', 'n', 't', 'r', 'a', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "intraxia.com", true */ 'i', 'n', 't', 'r', 'a', 'x', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "introvertedtravel.space", true */ 'i', 'n', 't', 'r', 'o', 'v', 'e', 'r', 't', 'e', 'd', 't', 'r', 'a', 'v', 'e', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "intune.life", true */ 'i', 'n', 't', 'u', 'n', 'e', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "intux.be", false */ 'i', 'n', 't', 'u', 'x', '.', 'b', 'e', '\0',
+  /* "intvonline.com", true */ 'i', 'n', 't', 'v', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "intxt.net", true */ 'i', 'n', 't', 'x', 't', '.', 'n', 'e', 't', '\0',
+  /* "inusasha.de", true */ 'i', 'n', 'u', 's', 'a', 's', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "inuyasha-petition.tk", true */ 'i', 'n', 'u', 'y', 'a', 's', 'h', 'a', '-', 'p', 'e', 't', 'i', 't', 'i', 'o', 'n', '.', 't', 'k', '\0',
+  /* "invasion.com", true */ 'i', 'n', 'v', 'a', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "invenio.software", true */ 'i', 'n', 'v', 'e', 'n', 'i', 'o', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "inventaire.ch", true */ 'i', 'n', 'v', 'e', 'n', 't', 'a', 'i', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "inventionsteps.com.au", true */ 'i', 'n', 'v', 'e', 'n', 't', 'i', 'o', 'n', 's', 't', 'e', 'p', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "inventix.nl", true */ 'i', 'n', 'v', 'e', 'n', 't', 'i', 'x', '.', 'n', 'l', '\0',
+  /* "inventoryimages.co.uk", true */ 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "inventoryimages.com", true */ 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inventtheworld.com.au", true */ 'i', 'n', 'v', 'e', 'n', 't', 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "investarholding.nl", true */ 'i', 'n', 'v', 'e', 's', 't', 'a', 'r', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "investcountry.com", true */ 'i', 'n', 'v', 'e', 's', 't', 'c', 'o', 'u', 'n', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "investigazionimoretti.it", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'g', 'a', 'z', 'i', 'o', 'n', 'i', 'm', 'o', 'r', 'e', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "investingdiary.cn", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'n', '\0',
+  /* "investingtrader.net", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', 't', 'r', 'a', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "investir.ch", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "investorforms.com", true */ 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', 'f', 'o', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "investpay.ru", true */ 'i', 'n', 'v', 'e', 's', 't', 'p', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "invinsec.com", true */ 'i', 'n', 'v', 'i', 'n', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "invioinc.com", true */ 'i', 'n', 'v', 'i', 'o', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "invis.net", true */ 'i', 'n', 'v', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "invisible-college.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'b', 'l', 'e', '-', 'c', 'o', 'l', 'l', 'e', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invisibles.ch", true */ 'i', 'n', 'v', 'i', 's', 'i', 'b', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "invisionita.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'o', 'n', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "invisiverse.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invitescene.com", true */ 'i', 'n', 'v', 'i', 't', 'e', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invoiced.com", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "invoicefinance.com", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invoicefinance.nl", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "inwestcorp.se", true */ 'i', 'n', 'w', 'e', 's', 't', 'c', 'o', 'r', 'p', '.', 's', 'e', '\0',
+  /* "inzdr.com", true */ 'i', 'n', 'z', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "iobint.com", true */ 'i', 'o', 'b', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iocheck.com", false */ 'i', 'o', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "iodice.org", true */ 'i', 'o', 'd', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "iodu.re", true */ 'i', 'o', 'd', 'u', '.', 'r', 'e', '\0',
+  /* "ioiart.eu", true */ 'i', 'o', 'i', 'a', 'r', 't', '.', 'e', 'u', '\0',
+  /* "iojo.net", true */ 'i', 'o', 'j', 'o', '.', 'n', 'e', 't', '\0',
+  /* "iompost.com", true */ 'i', 'o', 'm', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iomstamps.com", true */ 'i', 'o', 'm', 's', 't', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ionc.ca", true */ 'i', 'o', 'n', 'c', '.', 'c', 'a', '\0',
+  /* "ionlabs.kr", true */ 'i', 'o', 'n', 'l', 'a', 'b', 's', '.', 'k', 'r', '\0',
+  /* "ionx.co.uk", true */ 'i', 'o', 'n', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ioover.net", true */ 'i', 'o', 'o', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ioslo.net", true */ 'i', 'o', 's', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "iosnoops.com", true */ 'i', 'o', 's', 'n', 'o', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "iossifovlab.com", true */ 'i', 'o', 's', 's', 'i', 'f', 'o', 'v', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "iostream.by", true */ 'i', 'o', 's', 't', 'r', 'e', 'a', 'm', '.', 'b', 'y', '\0',
+  /* "iotsms.io", true */ 'i', 'o', 't', 's', 'm', 's', '.', 'i', 'o', '\0',
+  /* "ip-blacklist.net", true */ 'i', 'p', '-', 'b', 'l', 'a', 'c', 'k', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "ip-hahn.de", true */ 'i', 'p', '-', 'h', 'a', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "ip-life.net", true */ 'i', 'p', '-', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ip.sb", true */ 'i', 'p', '.', 's', 'b', '\0',
+  /* "ip2country.info", true */ 'i', 'p', '2', 'c', 'o', 'u', 'n', 't', 'r', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ip3office.com", true */ 'i', 'p', '3', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ip6.li", true */ 'i', 'p', '6', '.', 'l', 'i', '\0',
+  /* "ipal.im", true */ 'i', 'p', 'a', 'l', '.', 'i', 'm', '\0',
+  /* "ipal.name", true */ 'i', 'p', 'a', 'l', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ipal.pl", true */ 'i', 'p', 'a', 'l', '.', 'p', 'l', '\0',
+  /* "ipal.tel", true */ 'i', 'p', 'a', 'l', '.', 't', 'e', 'l', '\0',
+  /* "ipawind.com", true */ 'i', 'p', 'a', 'w', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ipcareers.net", true */ 'i', 'p', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "ipcfg.me", true */ 'i', 'p', 'c', 'f', 'g', '.', 'm', 'e', '\0',
+  /* "ipconsulting.se", true */ 'i', 'p', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 's', 'e', '\0',
+  /* "ipfirebox.de", true */ 'i', 'p', 'f', 'i', 'r', 'e', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "ipfp.pl", true */ 'i', 'p', 'f', 'p', '.', 'p', 'l', '\0',
+  /* "ipfs.ink", true */ 'i', 'p', 'f', 's', '.', 'i', 'n', 'k', '\0',
+  /* "ipfs.io", true */ 'i', 'p', 'f', 's', '.', 'i', 'o', '\0',
+  /* "iphoneunlock.nu", true */ 'i', 'p', 'h', 'o', 'n', 'e', 'u', 'n', 'l', 'o', 'c', 'k', '.', 'n', 'u', '\0',
+  /* "iphonote.com", true */ 'i', 'p', 'h', 'o', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ipintel.io", true */ 'i', 'p', 'i', 'n', 't', 'e', 'l', '.', 'i', 'o', '\0',
+  /* "iplabs.de", true */ 'i', 'p', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0',
+  /* "iplantom.com", true */ 'i', 'p', 'l', 'a', 'n', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ipleak.net", true */ 'i', 'p', 'l', 'e', 'a', 'k', '.', 'n', 'e', 't', '\0',
+  /* "ipledgeonline.org", false */ 'i', 'p', 'l', 'e', 'd', 'g', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "iplog.info", true */ 'i', 'p', 'l', 'o', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ipmonitoring.hu", true */ 'i', 'p', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'h', 'u', '\0',
+  /* "ipmotion.ca", true */ 'i', 'p', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "ipo-times.com", true */ 'i', 'p', 'o', '-', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ipokabu.net", true */ 'i', 'p', 'o', 'k', 'a', 'b', 'u', '.', 'n', 'e', 't', '\0',
+  /* "ipomue.com", false */ 'i', 'p', 'o', 'm', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ipop.gr", true */ 'i', 'p', 'o', 'p', '.', 'g', 'r', '\0',
+  /* "iprim.ru", true */ 'i', 'p', 'r', 'i', 'm', '.', 'r', 'u', '\0',
+  /* "ipsec.pl", true */ 'i', 'p', 's', 'e', 'c', '.', 'p', 'l', '\0',
+  /* "ipsilon-project.org", true */ 'i', 'p', 's', 'i', 'l', 'o', 'n', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ipstream.it", true */ 'i', 'p', 's', 't', 'r', 'e', 'a', 'm', '.', 'i', 't', '\0',
+  /* "ipswitch.com.tw", true */ 'i', 'p', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "ipty.de", true */ 'i', 'p', 't', 'y', '.', 'd', 'e', '\0',
+  /* "ipura.ch", true */ 'i', 'p', 'u', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "ipv4.cf", true */ 'i', 'p', 'v', '4', '.', 'c', 'f', '\0',
+  /* "ipv4.gr", true */ 'i', 'p', 'v', '4', '.', 'g', 'r', '\0',
+  /* "ipv6-adresse.dk", true */ 'i', 'p', 'v', '6', '-', 'a', 'd', 'r', 'e', 's', 's', 'e', '.', 'd', 'k', '\0',
+  /* "ipv6-handbuch.de", true */ 'i', 'p', 'v', '6', '-', 'h', 'a', 'n', 'd', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "ipv6.gr", true */ 'i', 'p', 'v', '6', '.', 'g', 'r', '\0',
+  /* "ipv6vpn.net", true */ 'i', 'p', 'v', '6', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "iqboxy.com", true */ 'i', 'q', 'b', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "iqsmn.org", true */ 'i', 'q', 's', 'm', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ir1s.com", true */ 'i', 'r', '1', 's', '.', 'c', 'o', 'm', '\0',
+  /* "iranianholiday.com", true */ 'i', 'r', 'a', 'n', 'i', 'a', 'n', 'h', 'o', 'l', 'i', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "irayo.net", true */ 'i', 'r', 'a', 'y', 'o', '.', 'n', 'e', 't', '\0',
+  /* "irc-results.com", true */ 'i', 'r', 'c', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ircmett.de", true */ 'i', 'r', 'c', 'm', 'e', 't', 't', '.', 'd', 'e', '\0',
+  /* "iready.ro", true */ 'i', 'r', 'e', 'a', 'd', 'y', '.', 'r', 'o', '\0',
+  /* "ireef.tv", true */ 'i', 'r', 'e', 'e', 'f', '.', 't', 'v', '\0',
+  /* "irenekauer.com", true */ 'i', 'r', 'e', 'n', 'e', 'k', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "irf2.pl", true */ 'i', 'r', 'f', '2', '.', 'p', 'l', '\0',
+  /* "irfan.id", true */ 'i', 'r', 'f', 'a', 'n', '.', 'i', 'd', '\0',
+  /* "irgit.pl", true */ 'i', 'r', 'g', 'i', 't', '.', 'p', 'l', '\0',
+  /* "iridiumbrowser.de", true */ 'i', 'r', 'i', 'd', 'i', 'u', 'm', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "iridiumflare.de", true */ 'i', 'r', 'i', 'd', 'i', 'u', 'm', 'f', 'l', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "iriomote.com", true */ 'i', 'r', 'i', 'o', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "iris-design.info", true */ 'i', 'r', 'i', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "iris-insa.com", true */ 'i', 'r', 'i', 's', '-', 'i', 'n', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "irische-segenswuensche.info", true */ 'i', 'r', 'i', 's', 'c', 'h', 'e', '-', 's', 'e', 'g', 'e', 'n', 's', 'w', 'u', 'e', 'n', 's', 'c', 'h', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "irisdina.de", true */ 'i', 'r', 'i', 's', 'd', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "irish.dating", true */ 'i', 'r', 'i', 's', 'h', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "irishmusic.nu", true */ 'i', 'r', 'i', 's', 'h', 'm', 'u', 's', 'i', 'c', '.', 'n', 'u', '\0',
+  /* "irisjieun.com", true */ 'i', 'r', 'i', 's', 'j', 'i', 'e', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "irland-firma.com", true */ 'i', 'r', 'l', 'a', 'n', 'd', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "irmag.ru", true */ 'i', 'r', 'm', 'a', 'g', '.', 'r', 'u', '\0',
+  /* "irmgard-woelfle.de", true */ 'i', 'r', 'm', 'g', 'a', 'r', 'd', '-', 'w', 'o', 'e', 'l', 'f', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "irmgardkoch.com", true */ 'i', 'r', 'm', 'g', 'a', 'r', 'd', 'k', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "irodorinet.com", true */ 'i', 'r', 'o', 'd', 'o', 'r', 'i', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iroise.ch", true */ 'i', 'r', 'o', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "iron-guard.net", true */ 'i', 'r', 'o', 'n', '-', 'g', 'u', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "ironcarnival.com", true */ 'i', 'r', 'o', 'n', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "irondaleirregulars.com", true */ 'i', 'r', 'o', 'n', 'd', 'a', 'l', 'e', 'i', 'r', 'r', 'e', 'g', 'u', 'l', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ironfistdesign.com", true */ 'i', 'r', 'o', 'n', 'f', 'i', 's', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "irritant.net", true */ 'i', 'r', 'r', 'i', 't', 'a', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "irstaxforumsonline.com", true */ 'i', 'r', 's', 't', 'a', 'x', 'f', 'o', 'r', 'u', 'm', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "iruarts.ch", true */ 'i', 'r', 'u', 'a', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "iruca.co", true */ 'i', 'r', 'u', 'c', 'a', '.', 'c', 'o', '\0',
+  /* "is-sw.net", true */ 'i', 's', '-', 's', 'w', '.', 'n', 'e', 't', '\0',
+  /* "isaackabel.cf", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'c', 'f', '\0',
+  /* "isaackabel.ga", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'g', 'a', '\0',
+  /* "isaackabel.gq", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'g', 'q', '\0',
+  /* "isaackabel.ml", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'm', 'l', '\0',
+  /* "isaackabel.tk", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 't', 'k', '\0',
+  /* "isaackhor.com", true */ 'i', 's', 'a', 'a', 'c', 'k', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "isaacman.tech", true */ 'i', 's', 'a', 'a', 'c', 'm', 'a', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "isaacpartnership.co.uk", true */ 'i', 's', 'a', 'a', 'c', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "isaacpartnership.com", true */ 'i', 's', 'a', 'a', 'c', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "isaacphysics.org", true */ 'i', 's', 'a', 'a', 'c', 'p', 'h', 'y', 's', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "isabelle-delpech.com", true */ 'i', 's', 'a', 'b', 'e', 'l', 'l', 'e', '-', 'd', 'e', 'l', 'p', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "isara.com", true */ 'i', 's', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "isbc-telecom.ru", true */ 'i', 's', 'b', 'c', '-', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "isbengrumpy.com", true */ 'i', 's', 'b', 'e', 'n', 'g', 'r', 'u', 'm', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "iscert.org", true */ 'i', 's', 'c', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "isdn.jp", true */ 'i', 's', 'd', 'n', '.', 'j', 'p', '\0',
+  /* "isdown.cz", true */ 'i', 's', 'd', 'o', 'w', 'n', '.', 'c', 'z', '\0',
+  /* "isecrets.se", true */ 'i', 's', 'e', 'c', 'r', 'e', 't', 's', '.', 's', 'e', '\0',
+  /* "iserv.fr", true */ 'i', 's', 'e', 'r', 'v', '.', 'f', 'r', '\0',
+  /* "iservicio.mx", true */ 'i', 's', 'e', 'r', 'v', 'i', 'c', 'i', 'o', '.', 'm', 'x', '\0',
+  /* "isfriday.com", true */ 'i', 's', 'f', 'r', 'i', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "isgp-studies.com", true */ 'i', 's', 'g', 'p', '-', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ishamf.com", true */ 'i', 's', 'h', 'a', 'm', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "ishiharaken.com", true */ 'i', 's', 'h', 'i', 'h', 'a', 'r', 'a', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ishome.org", true */ 'i', 's', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "isidom.fr", true */ 'i', 's', 'i', 'd', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "isil.fi", true */ 'i', 's', 'i', 'l', '.', 'f', 'i', '\0',
+  /* "isimonbrown.co.uk", true */ 'i', 's', 'i', 'm', 'o', 'n', 'b', 'r', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "isincheck.com", true */ 'i', 's', 'i', 'n', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "isisfighters.info", true */ 'i', 's', 'i', 's', 'f', 'i', 'g', 'h', 't', 'e', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "isistomie.com", true */ 'i', 's', 'i', 's', 't', 'o', 'm', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "isitchristmas.com", true */ 'i', 's', 'i', 't', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "isitcoffeetime.com", true */ 'i', 's', 'i', 't', 'c', 'o', 'f', 'f', 'e', 'e', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "isitdoneyet.gov", true */ 'i', 's', 'i', 't', 'd', 'o', 'n', 'e', 'y', 'e', 't', '.', 'g', 'o', 'v', '\0',
+  /* "isitnuclearwaryet.com", true */ 'i', 's', 'i', 't', 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'w', 'a', 'r', 'y', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "isitup.org", true */ 'i', 's', 'i', 't', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "iskaron.de", true */ 'i', 's', 'k', 'a', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "iskogen.nu", true */ 'i', 's', 'k', 'o', 'g', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "islam.si", true */ 'i', 's', 'l', 'a', 'm', '.', 's', 'i', '\0',
+  /* "islandhosting.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "islandinthenet.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'i', 'n', 't', 'h', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "islandpumpandtank.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'p', 'u', 'm', 'p', 'a', 'n', 'd', 't', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "islazia.fr", true */ 'i', 's', 'l', 'a', 'z', 'i', 'a', '.', 'f', 'r', '\0',
+  /* "isletech.net", true */ 'i', 's', 'l', 'e', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "isliada.org", true */ 'i', 's', 'l', 'i', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ismat.com", true */ 'i', 's', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "isn.cz", true */ 'i', 's', 'n', '.', 'c', 'z', '\0',
+  /* "isntall.us", true */ 'i', 's', 'n', 't', 'a', 'l', 'l', '.', 'u', 's', '\0',
+  /* "isocom.eu", true */ 'i', 's', 'o', 'c', 'o', 'm', '.', 'e', 'u', '\0',
+  /* "isognattori.com", true */ 'i', 's', 'o', 'g', 'n', 'a', 't', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "isolta.com", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "isolta.de", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'd', 'e', '\0',
+  /* "isolta.ee", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'e', 'e', '\0',
+  /* "isolta.lv", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'l', 'v', '\0',
+  /* "isolta.se", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 's', 'e', '\0',
+  /* "isondo.com", true */ 'i', 's', 'o', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "isonet.fr", true */ 'i', 's', 'o', 'n', 'e', 't', '.', 'f', 'r', '\0',
+  /* "isopres.de", true */ 'i', 's', 'o', 'p', 'r', 'e', 's', '.', 'd', 'e', '\0',
+  /* "isoroc-nidzica.pl", true */ 'i', 's', 'o', 'r', 'o', 'c', '-', 'n', 'i', 'd', 'z', 'i', 'c', 'a', '.', 'p', 'l', '\0',
+  /* "isotope.gov", true */ 'i', 's', 'o', 't', 'o', 'p', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "isotopes.gov", true */ 'i', 's', 'o', 't', 'o', 'p', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "isowosi.com", true */ 'i', 's', 'o', 'w', 'o', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ispo.com.tw", true */ 'i', 's', 'p', 'o', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "ispringcloud.ru", true */ 'i', 's', 'p', 'r', 'i', 'n', 'g', 'c', 'l', 'o', 'u', 'd', '.', 'r', 'u', '\0',
+  /* "ispsoft.pro", true */ 'i', 's', 'p', 's', 'o', 'f', 't', '.', 'p', 'r', 'o', '\0',
+  /* "ispweb.es", true */ 'i', 's', 'p', 'w', 'e', 'b', '.', 'e', 's', '\0',
+  /* "isqrl.de", true */ 'i', 's', 'q', 'r', 'l', '.', 'd', 'e', '\0',
+  /* "israelbizreg.com", true */ 'i', 's', 'r', 'a', 'e', 'l', 'b', 'i', 'z', 'r', 'e', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "israkurort.com", true */ 'i', 's', 'r', 'a', 'k', 'u', 'r', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "isreedyintheuk.com", true */ 'i', 's', 'r', 'e', 'e', 'd', 'y', 'i', 'n', 't', 'h', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "issasfrissa.se", true */ 'i', 's', 's', 'a', 's', 'f', 'r', 'i', 's', 's', 'a', '.', 's', 'e', '\0',
+  /* "isscouncil.com", true */ 'i', 's', 's', 'c', 'o', 'u', 'n', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "issforum.org", true */ 'i', 's', 's', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "issio.net", true */ 'i', 's', 's', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "isslshop.com", true */ 'i', 's', 's', 'l', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "issue.watch", true */ 'i', 's', 's', 'u', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "issuesofconcern.in", true */ 'i', 's', 's', 'u', 'e', 's', 'o', 'f', 'c', 'o', 'n', 'c', 'e', 'r', 'n', '.', 'i', 'n', '\0',
+  /* "ist-intim.de", true */ 'i', 's', 't', '-', 'i', 'n', 't', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "istdieweltschonuntergegangen.de", true */ 'i', 's', 't', 'd', 'i', 'e', 'w', 'e', 'l', 't', 's', 'c', 'h', 'o', 'n', 'u', 'n', 't', 'e', 'r', 'g', 'e', 'g', 'a', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "isteinbaby.de", true */ 'i', 's', 't', 'e', 'i', 'n', 'b', 'a', 'b', 'y', '.', 'd', 'e', '\0',
+  /* "istgame.com", true */ 'i', 's', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "istheapplestoredown.com", true */ 'i', 's', 't', 'h', 'e', 'a', 'p', 'p', 'l', 'e', 's', 't', 'o', 'r', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istheapplestoredown.de", true */ 'i', 's', 't', 'h', 'e', 'a', 'p', 'p', 'l', 'e', 's', 't', 'o', 'r', 'e', 'd', 'o', 'w', 'n', '.', 'd', 'e', '\0',
+  /* "isthefieldcontrolsystemdown.com", true */ 'i', 's', 't', 'h', 'e', 'f', 'i', 'e', 'l', 'd', 'c', 'o', 'n', 't', 'r', 'o', 'l', 's', 'y', 's', 't', 'e', 'm', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istheinternetdown.com", true */ 'i', 's', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istherrienstillcoach.com", true */ 'i', 's', 't', 'h', 'e', 'r', 'r', 'i', 'e', 'n', 's', 't', 'i', 'l', 'l', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "istheservicedown.co.uk", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "istheservicedown.com", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istheservicedowncanada.com", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "isthnew.com", true */ 'i', 's', 't', 'h', 'n', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "istore.lt", true */ 'i', 's', 't', 'o', 'r', 'e', '.', 'l', 't', '\0',
+  /* "istorrent.is", true */ 'i', 's', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 's', '\0',
+  /* "istschonsolangeinrente.de", true */ 'i', 's', 't', 's', 'c', 'h', 'o', 'n', 's', 'o', 'l', 'a', 'n', 'g', 'e', 'i', 'n', 'r', 'e', 'n', 't', 'e', '.', 'd', 'e', '\0',
+  /* "istsi.org", true */ 'i', 's', 't', 's', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "isuzupartscenter.com", true */ 'i', 's', 'u', 'z', 'u', 'p', 'a', 'r', 't', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "isv.online", true */ 'i', 's', 'v', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "isvbscriptdead.com", true */ 'i', 's', 'v', 'b', 's', 'c', 'r', 'i', 'p', 't', 'd', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "isyu.xyz", true */ 'i', 's', 'y', 'u', '.', 'x', 'y', 'z', '\0',
+  /* "it-adminio.ru", true */ 'i', 't', '-', 'a', 'd', 'm', 'i', 'n', 'i', 'o', '.', 'r', 'u', '\0',
+  /* "it-fernau.com", true */ 'i', 't', '-', 'f', 'e', 'r', 'n', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "it-jobbank.dk", true */ 'i', 't', '-', 'j', 'o', 'b', 'b', 'a', 'n', 'k', '.', 'd', 'k', '\0',
+  /* "it-kron.de", true */ 'i', 't', '-', 'k', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "it-labor.info", true */ 'i', 't', '-', 'l', 'a', 'b', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "it-rotter.de", true */ 'i', 't', '-', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "it-schamans.de", true */ 'i', 't', '-', 's', 'c', 'h', 'a', 'm', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "it-service24.at", true */ 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'a', 't', '\0',
+  /* "it-service24.ch", true */ 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'c', 'h', '\0',
+  /* "it-shamans.de", true */ 'i', 't', '-', 's', 'h', 'a', 'm', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "it-shamans.eu", true */ 'i', 't', '-', 's', 'h', 'a', 'm', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "it-sysoft.com", true */ 'i', 't', '-', 's', 'y', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "it-world.eu", true */ 'i', 't', '-', 'w', 'o', 'r', 'l', 'd', '.', 'e', 'u', '\0',
+  /* "it.search.yahoo.com", false */ 'i', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "itactiq.com", true */ 'i', 't', 'a', 'c', 't', 'i', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "itactiq.info", true */ 'i', 't', 'a', 'c', 't', 'i', 'q', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ital-gamma.be", true */ 'i', 't', 'a', 'l', '-', 'g', 'a', 'm', 'm', 'a', '.', 'b', 'e', '\0',
+  /* "italia-store.com", true */ 'i', 't', 'a', 'l', 'i', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "italiachegioca.com", true */ 'i', 't', 'a', 'l', 'i', 'a', 'c', 'h', 'e', 'g', 'i', 'o', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "italian.dating", true */ 'i', 't', 'a', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "italianshoemanufacturers.com", true */ 'i', 't', 'a', 'l', 'i', 'a', 'n', 's', 'h', 'o', 'e', 'm', 'a', 'n', 'u', 'f', 'a', 'c', 't', 'u', 'r', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "italyinspires.com", true */ 'i', 't', 'a', 'l', 'y', 'i', 'n', 's', 'p', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itamservices.nl", true */ 'i', 't', 'a', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0',
+  /* "itb-online.co.uk", true */ 'i', 't', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "itbrief.co.nz", true */ 'i', 't', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "itbrief.com.au", true */ 'i', 't', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "itchimes.com", true */ 'i', 't', 'c', 'h', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itchy.nl", true */ 'i', 't', 'c', 'h', 'y', '.', 'n', 'l', '\0',
+  /* "itcko.sk", true */ 'i', 't', 'c', 'k', 'o', '.', 's', 'k', '\0',
+  /* "itdashboard.gov", true */ 'i', 't', 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "itds-consulting.com", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itds-consulting.cz", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'z', '\0',
+  /* "itds-consulting.eu", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "itecor.net", true */ 'i', 't', 'e', 'c', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "iteecafe.hu", true */ 'i', 't', 'e', 'e', 'c', 'a', 'f', 'e', '.', 'h', 'u', '\0',
+  /* "iteha.de", true */ 'i', 't', 'e', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "iteke.ml", true */ 'i', 't', 'e', 'k', 'e', '.', 'm', 'l', '\0',
+  /* "iteke.tk", true */ 'i', 't', 'e', 'k', 'e', '.', 't', 'k', '\0',
+  /* "iteli.eu", true */ 'i', 't', 'e', 'l', 'i', '.', 'e', 'u', '\0',
+  /* "iterader.com", true */ 'i', 't', 'e', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "iterror.co", true */ 'i', 't', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'o', '\0',
+  /* "itfensi.net", true */ 'i', 't', 'f', 'e', 'n', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "itfh.eu", true */ 'i', 't', 'f', 'h', '.', 'e', 'u', '\0',
+  /* "itfix.cz", true */ 'i', 't', 'f', 'i', 'x', '.', 'c', 'z', '\0',
+  /* "itforge.nl", true */ 'i', 't', 'f', 'o', 'r', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "ithenrik.com", true */ 'i', 't', 'h', 'e', 'n', 'r', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "itilo.de", true */ 'i', 't', 'i', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "itiomassagem.com.br", true */ 'i', 't', 'i', 'o', 'm', 'a', 's', 's', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "itis.gov", true */ 'i', 't', 'i', 's', '.', 'g', 'o', 'v', '\0',
+  /* "itis4u.ch", true */ 'i', 't', 'i', 's', '4', 'u', '.', 'c', 'h', '\0',
+  /* "itludens.com", true */ 'i', 't', 'l', 'u', 'd', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itmanie.cz", true */ 'i', 't', 'm', 'a', 'n', 'i', 'e', '.', 'c', 'z', '\0',
+  /* "itneeds.tech", true */ 'i', 't', 'n', 'e', 'e', 'd', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "itnews-bg.com", true */ 'i', 't', 'n', 'e', 'w', 's', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itnota.com", true */ 'i', 't', 'n', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "itochan.jp", true */ 'i', 't', 'o', 'c', 'h', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "itooky.com", true */ 'i', 't', 'o', 'o', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "itpro.ua", true */ 'i', 't', 'p', 'r', 'o', '.', 'u', 'a', '\0',
+  /* "itraveille.fr", true */ 'i', 't', 'r', 'a', 'v', 'e', 'i', 'l', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "itring.pl", false */ 'i', 't', 'r', 'i', 'n', 'g', '.', 'p', 'l', '\0',
+  /* "itruss.com.tw", true */ 'i', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "its-future.com", true */ 'i', 't', 's', '-', 'f', 'u', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "its-gutachten.de", true */ 'i', 't', 's', '-', 'g', 'u', 't', 'a', 'c', 'h', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "its-v.de", true */ 'i', 't', 's', '-', 'v', '.', 'd', 'e', '\0',
+  /* "its4living.com", true */ 'i', 't', 's', '4', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itsabouncything.com", true */ 'i', 't', 's', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itsanicedoor.co.uk", true */ 'i', 't', 's', 'a', 'n', 'i', 'c', 'e', 'd', 'o', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "itsasaja.com", true */ 'i', 't', 's', 'a', 's', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "itsdcdn.com", true */ 'i', 't', 's', 'd', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itsecblog.de", true */ 'i', 't', 's', 'e', 'c', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "itsecguy.com", false */ 'i', 't', 's', 'e', 'c', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "itsevident.com", true */ 'i', 't', 's', 'e', 'v', 'i', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "itsgoingdown.org", true */ 'i', 't', 's', 'g', 'o', 'i', 'n', 'g', 'd', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "itshka.rv.ua", true */ 'i', 't', 's', 'h', 'k', 'a', '.', 'r', 'v', '.', 'u', 'a', '\0',
+  /* "itskayla.com", true */ 'i', 't', 's', 'k', 'a', 'y', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "itsmejohn.org", true */ 'i', 't', 's', 'm', 'e', 'j', 'o', 'h', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "itsmyparty.ie", true */ 'i', 't', 's', 'm', 'y', 'p', 'a', 'r', 't', 'y', '.', 'i', 'e', '\0',
+  /* "itsnotquitethehilton.com", true */ 'i', 't', 's', 'n', 'o', 't', 'q', 'u', 'i', 't', 'e', 't', 'h', 'e', 'h', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itsok.de", true */ 'i', 't', 's', 'o', 'k', '.', 'd', 'e', '\0',
+  /* "itspartytimeonline.co.uk", true */ 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "itspartytimesweetinflations.com", true */ 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 's', 'w', 'e', 'e', 't', 'i', 'n', 'f', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itspersonaltraining.nl", true */ 'i', 't', 's', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "itsryan.com", true */ 'i', 't', 's', 'r', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itsstefan.eu", true */ 'i', 't', 's', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "itstatic.tech", true */ 'i', 't', 's', 't', 'a', 't', 'i', 'c', '.', 't', 'e', 'c', 'h', '\0',
+  /* "itsupport-luzern.ch", true */ 'i', 't', 's', 'u', 'p', 'p', 'o', 'r', 't', '-', 'l', 'u', 'z', 'e', 'r', 'n', '.', 'c', 'h', '\0',
+  /* "itswincer.com", true */ 'i', 't', 's', 'w', 'i', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ittop-gabon.com", true */ 'i', 't', 't', 'o', 'p', '-', 'g', 'a', 'b', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itzap.com.au", true */ 'i', 't', 'z', 'a', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ivanbenito.com", true */ 'i', 'v', 'a', 'n', 'b', 'e', 'n', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ivancacic.com", false */ 'i', 'v', 'a', 'n', 'c', 'a', 'c', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ivanmeade.com", true */ 'i', 'v', 'a', 'n', 'm', 'e', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ivaoru.org", true */ 'i', 'v', 'a', 'o', 'r', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ivfausland.de", true */ 'i', 'v', 'f', 'a', 'u', 's', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "ivfmeds.com", true */ 'i', 'v', 'f', 'm', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ivi-fertilite.fr", true */ 'i', 'v', 'i', '-', 'f', 'e', 'r', 't', 'i', 'l', 'i', 't', 'e', '.', 'f', 'r', '\0',
+  /* "ivi-fruchtbarkeit.de", true */ 'i', 'v', 'i', '-', 'f', 'r', 'u', 'c', 'h', 't', 'b', 'a', 'r', 'k', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "ivi.com.ar", true */ 'i', 'v', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "ivi.com.pa", true */ 'i', 'v', 'i', '.', 'c', 'o', 'm', '.', 'p', 'a', '\0',
+  /* "ivi.mx", true */ 'i', 'v', 'i', '.', 'm', 'x', '\0',
+  /* "ivi.net.br", true */ 'i', 'v', 'i', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "ivi.pt", true */ 'i', 'v', 'i', '.', 'p', 't', '\0',
+  /* "ivinet.cl", true */ 'i', 'v', 'i', 'n', 'e', 't', '.', 'c', 'l', '\0',
+  /* "ivitalia.it", true */ 'i', 'v', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "ivo.co.za", true */ 'i', 'v', 'o', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ivor.io", true */ 'i', 'v', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "ivor.is", true */ 'i', 'v', 'o', 'r', '.', 'i', 's', '\0',
+  /* "ivorvanhese.com", true */ 'i', 'v', 'o', 'r', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ivorvanhese.nl", true */ 'i', 'v', 'o', 'r', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'n', 'l', '\0',
+  /* "ivpn.net", true */ 'i', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ivvl.ru", true */ 'i', 'v', 'v', 'l', '.', 'r', 'u', '\0',
+  /* "ivxv.ee", true */ 'i', 'v', 'x', 'v', '.', 'e', 'e', '\0',
+  /* "ivyshop.com.br", true */ 'i', 'v', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ivystech.com", true */ 'i', 'v', 'y', 's', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "iwader.co.uk", true */ 'i', 'w', 'a', 'd', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "iwalton.com", true */ 'i', 'w', 'a', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "iwell.de", true */ 'i', 'w', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "iwex.swiss", true */ 'i', 'w', 'e', 'x', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "iwizerunek.pl", true */ 'i', 'w', 'i', 'z', 'e', 'r', 'u', 'n', 'e', 'k', '.', 'p', 'l', '\0',
+  /* "iwos.io", true */ 'i', 'w', 'o', 's', '.', 'i', 'o', '\0',
+  /* "iww.me", true */ 'i', 'w', 'w', '.', 'm', 'e', '\0',
+  /* "iww.mx", true */ 'i', 'w', 'w', '.', 'm', 'x', '\0',
+  /* "ixds.org", true */ 'i', 'x', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ixio.cz", true */ 'i', 'x', 'i', 'o', '.', 'c', 'z', '\0',
+  /* "ixnext.de", true */ 'i', 'x', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0',
+  /* "ixquick-proxy.com", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '-', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ixquick.co.uk", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ixquick.com", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ixquick.de", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "ixquick.eu", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "ixquick.fr", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'f', 'r', '\0',
+  /* "ixquick.info", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ixquick.nl", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "iyinolaashafa.com", true */ 'i', 'y', 'i', 'n', 'o', 'l', 'a', 'a', 's', 'h', 'a', 'f', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "iz8mbw.net", true */ 'i', 'z', '8', 'm', 'b', 'w', '.', 'n', 'e', 't', '\0',
+  /* "izevg.ru", true */ 'i', 'z', 'e', 'v', 'g', '.', 'r', 'u', '\0',
+  /* "izodiacsigns.com", true */ 'i', 'z', 'o', 'd', 'i', 'a', 'c', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "izuba.info", true */ 'i', 'z', 'u', 'b', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "izumi.tv", true */ 'i', 'z', 'u', 'm', 'i', '.', 't', 'v', '\0',
+  /* "j-eck.nl", true */ 'j', '-', 'e', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "j-elliott.co.uk", true */ 'j', '-', 'e', 'l', 'l', 'i', 'o', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "j-navi.com", true */ 'j', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "j0m.de", true */ 'j', '0', 'm', '.', 'd', 'e', '\0',
+  /* "j0s.at", true */ 'j', '0', 's', '.', 'a', 't', '\0',
+  /* "j0s.eu", true */ 'j', '0', 's', '.', 'e', 'u', '\0',
+  /* "j15t98j.co.uk", true */ 'j', '1', '5', 't', '9', '8', 'j', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "j2ee.cz", true */ 'j', '2', 'e', 'e', '.', 'c', 'z', '\0',
+  /* "j3e.de", true */ 'j', '3', 'e', '.', 'd', 'e', '\0',
+  /* "j8y.de", true */ 'j', '8', 'y', '.', 'd', 'e', '\0',
+  /* "ja-dyck.de", true */ 'j', 'a', '-', 'd', 'y', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "ja.md", true */ 'j', 'a', '.', 'm', 'd', '\0',
+  /* "jaakkohannikainen.fi", true */ 'j', 'a', 'a', 'k', 'k', 'o', 'h', 'a', 'n', 'n', 'i', 'k', 'a', 'i', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "jaalits.com", true */ 'j', 'a', 'a', 'l', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jaaxypro.com", true */ 'j', 'a', 'a', 'x', 'y', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jaba.hosting", true */ 'j', 'a', 'b', 'a', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "jababu.cz", true */ 'j', 'a', 'b', 'a', 'b', 'u', '.', 'c', 'z', '\0',
+  /* "jabbari.io", true */ 'j', 'a', 'b', 'b', 'a', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "jabbas.eu", true */ 'j', 'a', 'b', 'b', 'a', 's', '.', 'e', 'u', '\0',
+  /* "jabber.at", true */ 'j', 'a', 'b', 'b', 'e', 'r', '.', 'a', 't', '\0',
+  /* "jabberfr.org", true */ 'j', 'a', 'b', 'b', 'e', 'r', 'f', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "jabberzac.org", true */ 'j', 'a', 'b', 'b', 'e', 'r', 'z', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "jaberg-rutschi.ch", true */ 'j', 'a', 'b', 'e', 'r', 'g', '-', 'r', 'u', 't', 's', 'c', 'h', 'i', '.', 'c', 'h', '\0',
+  /* "jabergrutschi.ch", true */ 'j', 'a', 'b', 'e', 'r', 'g', 'r', 'u', 't', 's', 'c', 'h', 'i', '.', 'c', 'h', '\0',
+  /* "jability.ovh", true */ 'j', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'o', 'v', 'h', '\0',
+  /* "jabjab.de", true */ 'j', 'a', 'b', 'j', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "jaccblog.com", true */ 'j', 'a', 'c', 'c', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jacekowski.org", true */ 'j', 'a', 'c', 'e', 'k', 'o', 'w', 's', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "jackdawphoto.co.uk", true */ 'j', 'a', 'c', 'k', 'd', 'a', 'w', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jackdelik.de", true */ 'j', 'a', 'c', 'k', 'd', 'e', 'l', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "jackf.me", true */ 'j', 'a', 'c', 'k', 'f', '.', 'm', 'e', '\0',
+  /* "jackingramnissanparts.com", true */ 'j', 'a', 'c', 'k', 'i', 'n', 'g', 'r', 'a', 'm', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jackpothappy.com", true */ 'j', 'a', 'c', 'k', 'p', 'o', 't', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jackrusselterrier.com.br", true */ 'j', 'a', 'c', 'k', 'r', 'u', 's', 's', 'e', 'l', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jackyliao123.tk", true */ 'j', 'a', 'c', 'k', 'y', 'l', 'i', 'a', 'o', '1', '2', '3', '.', 't', 'k', '\0',
+  /* "jackyyf.com", false */ 'j', 'a', 'c', 'k', 'y', 'y', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jaco.by", true */ 'j', 'a', 'c', 'o', '.', 'b', 'y', '\0',
+  /* "jacobhaug.com", true */ 'j', 'a', 'c', 'o', 'b', 'h', 'a', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jacobi-server.de", true */ 'j', 'a', 'c', 'o', 'b', 'i', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jacobian.org", true */ 'j', 'a', 'c', 'o', 'b', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "jacobphono.com", true */ 'j', 'a', 'c', 'o', 'b', 'p', 'h', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jacuzziprozone.com", true */ 'j', 'a', 'c', 'u', 'z', 'z', 'i', 'p', 'r', 'o', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jadopado.com", true */ 'j', 'a', 'd', 'o', 'p', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jaegerlacke.de", true */ 'j', 'a', 'e', 'g', 'e', 'r', 'l', 'a', 'c', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "jagbouncycastles.co.uk", true */ 'j', 'a', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jagerman.com", true */ 'j', 'a', 'g', 'e', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jaguarlandrover-asse.be", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'l', 'a', 'n', 'd', 'r', 'o', 'v', 'e', 'r', '-', 'a', 's', 's', 'e', '.', 'b', 'e', '\0',
+  /* "jaguarlandrover-occasions.be", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'l', 'a', 'n', 'd', 'r', 'o', 'v', 'e', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "jaguarwong.xyz", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'w', 'o', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "jahanaisamu.com", true */ 'j', 'a', 'h', 'a', 'n', 'a', 'i', 's', 'a', 'm', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jahner.xyz", true */ 'j', 'a', 'h', 'n', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "jahofmann.de", true */ 'j', 'a', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "jailbreakingisnotacrime.org", true */ 'j', 'a', 'i', 'l', 'b', 'r', 'e', 'a', 'k', 'i', 'n', 'g', 'i', 's', 'n', 'o', 't', 'a', 'c', 'r', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "jaispirit.com", false */ 'j', 'a', 'i', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jaitnetworking.com", false */ 'j', 'a', 'i', 't', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jakarta.dating", true */ 'j', 'a', 'k', 'a', 'r', 't', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "jake.eu.org", true */ 'j', 'a', 'k', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "jake.ml", true */ 'j', 'a', 'k', 'e', '.', 'm', 'l', '\0',
+  /* "jake.nom.za", true */ 'j', 'a', 'k', 'e', '.', 'n', 'o', 'm', '.', 'z', 'a', '\0',
+  /* "jakecurtis.de", true */ 'j', 'a', 'k', 'e', 'c', 'u', 'r', 't', 'i', 's', '.', 'd', 'e', '\0',
+  /* "jakeguild.com", true */ 'j', 'a', 'k', 'e', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jakenbake.com", true */ 'j', 'a', 'k', 'e', 'n', 'b', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jakereynolds.co", true */ 'j', 'a', 'k', 'e', 'r', 'e', 'y', 'n', 'o', 'l', 'd', 's', '.', 'c', 'o', '\0',
+  /* "jaketremper.com", true */ 'j', 'a', 'k', 'e', 't', 'r', 'e', 'm', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jakewalker.xyz", true */ 'j', 'a', 'k', 'e', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "jakobejitblokaci.cz", true */ 'j', 'a', 'k', 'o', 'b', 'e', 'j', 'i', 't', 'b', 'l', 'o', 'k', 'a', 'c', 'i', '.', 'c', 'z', '\0',
+  /* "jakobkrigovsky.com", true */ 'j', 'a', 'k', 'o', 'b', 'k', 'r', 'i', 'g', 'o', 'v', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jakobssystems.net", true */ 'j', 'a', 'k', 'o', 'b', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "jakpremyslet.cz", true */ 'j', 'a', 'k', 'p', 'r', 'e', 'm', 'y', 's', 'l', 'e', 't', '.', 'c', 'z', '\0',
+  /* "jaksch.biz", true */ 'j', 'a', 'k', 's', 'c', 'h', '.', 'b', 'i', 'z', '\0',
+  /* "jaksi.io", true */ 'j', 'a', 'k', 's', 'i', '.', 'i', 'o', '\0',
+  /* "jakub-boucek.cz", true */ 'j', 'a', 'k', 'u', 'b', '-', 'b', 'o', 'u', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "jakubboucek.cz", true */ 'j', 'a', 'k', 'u', 'b', 'b', 'o', 'u', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "jakubtopic.cz", true */ 'j', 'a', 'k', 'u', 'b', 't', 'o', 'p', 'i', 'c', '.', 'c', 'z', '\0',
+  /* "jakubvrba.cz", true */ 'j', 'a', 'k', 'u', 'b', 'v', 'r', 'b', 'a', '.', 'c', 'z', '\0',
+  /* "jamaat.hk", true */ 'j', 'a', 'm', 'a', 'a', 't', '.', 'h', 'k', '\0',
+  /* "jamberrynails.co.uk", true */ 'j', 'a', 'm', 'b', 'e', 'r', 'r', 'y', 'n', 'a', 'i', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "james-bell.co.uk", true */ 'j', 'a', 'm', 'e', 's', '-', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "james-loewen.com", true */ 'j', 'a', 'm', 'e', 's', '-', 'l', 'o', 'e', 'w', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jamesachambers.com", true */ 'j', 'a', 'm', 'e', 's', 'a', 'c', 'h', 'a', 'm', 'b', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jamesaimonetti.com", true */ 'j', 'a', 'm', 'e', 's', 'a', 'i', 'm', 'o', 'n', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jamesbillingham.com", true */ 'j', 'a', 'm', 'e', 's', 'b', 'i', 'l', 'l', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jamesbradach.com", false */ 'j', 'a', 'm', 'e', 's', 'b', 'r', 'a', 'd', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jamesdorf.com", true */ 'j', 'a', 'm', 'e', 's', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jamesevans.is", true */ 'j', 'a', 'm', 'e', 's', 'e', 'v', 'a', 'n', 's', '.', 'i', 's', '\0',
+  /* "jamesgreenfield.com", true */ 'j', 'a', 'm', 'e', 's', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jameshemmings.co.uk", true */ 'j', 'a', 'm', 'e', 's', 'h', 'e', 'm', 'm', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jameshost.net", true */ 'j', 'a', 'm', 'e', 's', 'h', 'o', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "jameshunt.us", false */ 'j', 'a', 'm', 'e', 's', 'h', 'u', 'n', 't', '.', 'u', 's', '\0',
+  /* "jamesj.me", true */ 'j', 'a', 'm', 'e', 's', 'j', '.', 'm', 'e', '\0',
+  /* "jamesmarsh.net", true */ 'j', 'a', 'm', 'e', 's', 'm', 'a', 'r', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "jamesmcdonald.com", false */ 'j', 'a', 'm', 'e', 's', 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jamesmilazzo.com", true */ 'j', 'a', 'm', 'e', 's', 'm', 'i', 'l', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jamesmorrison.me", true */ 'j', 'a', 'm', 'e', 's', 'm', 'o', 'r', 'r', 'i', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "jamesrains.com", true */ 'j', 'a', 'm', 'e', 's', 'r', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jamesrussellward.co.uk", true */ 'j', 'a', 'm', 'e', 's', 'r', 'u', 's', 's', 'e', 'l', 'l', 'w', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jamessmith.me.uk", true */ 'j', 'a', 'm', 'e', 's', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "jameswarp.com", true */ 'j', 'a', 'm', 'e', 's', 'w', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "jamhost.org", true */ 'j', 'a', 'm', 'h', 'o', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "jamielinux.com", true */ 'j', 'a', 'm', 'i', 'e', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jamiemagee.co.uk", true */ 'j', 'a', 'm', 'i', 'e', 'm', 'a', 'g', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jamiemagee.dk", true */ 'j', 'a', 'm', 'i', 'e', 'm', 'a', 'g', 'e', 'e', '.', 'd', 'k', '\0',
+  /* "jamiepeters.nl", true */ 'j', 'a', 'm', 'i', 'e', 'p', 'e', 't', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "jamieweb.net", true */ 'j', 'a', 'm', 'i', 'e', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "jammucake.com", true */ 'j', 'a', 'm', 'm', 'u', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jammysplodgers.co.uk", true */ 'j', 'a', 'm', 'm', 'y', 's', 'p', 'l', 'o', 'd', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jamon.ca", true */ 'j', 'a', 'm', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "jamonsilva.com", true */ 'j', 'a', 'm', 'o', 'n', 's', 'i', 'l', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jamstatic.fr", false */ 'j', 'a', 'm', 's', 't', 'a', 't', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "jamyeprice.com", true */ 'j', 'a', 'm', 'y', 'e', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jan-bucher.ch", true */ 'j', 'a', 'n', '-', 'b', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jan-rieger.de", true */ 'j', 'a', 'n', '-', 'r', 'i', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jan-von.de", true */ 'j', 'a', 'n', '-', 'v', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "janada.cz", true */ 'j', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "janaundgeorgsagenja.eu", true */ 'j', 'a', 'n', 'a', 'u', 'n', 'd', 'g', 'e', 'o', 'r', 'g', 's', 'a', 'g', 'e', 'n', 'j', 'a', '.', 'e', 'u', '\0',
+  /* "janduchene.ch", true */ 'j', 'a', 'n', 'd', 'u', 'c', 'h', 'e', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "janehamelgardendesign.co.uk", true */ 'j', 'a', 'n', 'e', 'h', 'a', 'm', 'e', 'l', 'g', 'a', 'r', 'd', 'e', 'n', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jangocloud.tk", true */ 'j', 'a', 'n', 'g', 'o', 'c', 'l', 'o', 'u', 'd', '.', 't', 'k', '\0',
+  /* "janheidler.dynv6.net", true */ 'j', 'a', 'n', 'h', 'e', 'i', 'd', 'l', 'e', 'r', '.', 'd', 'y', 'n', 'v', '6', '.', 'n', 'e', 't', '\0',
+  /* "jani.media", true */ 'j', 'a', 'n', 'i', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "janiat.com", true */ 'j', 'a', 'n', 'i', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "janik.xyz", false */ 'j', 'a', 'n', 'i', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "janjoris.nl", true */ 'j', 'a', 'n', 'j', 'o', 'r', 'i', 's', '.', 'n', 'l', '\0',
+  /* "jankoepsel.com", true */ 'j', 'a', 'n', 'k', 'o', 'e', 'p', 's', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "janmachynka.cz", true */ 'j', 'a', 'n', 'm', 'a', 'c', 'h', 'y', 'n', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "jann.is", true */ 'j', 'a', 'n', 'n', '.', 'i', 's', '\0',
+  /* "jannisfink.de", true */ 'j', 'a', 'n', 'n', 'i', 's', 'f', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "janoberst.com", false */ 'j', 'a', 'n', 'o', 'b', 'e', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "janokacer.sk", true */ 'j', 'a', 'n', 'o', 'k', 'a', 'c', 'e', 'r', '.', 's', 'k', '\0',
+  /* "janosh.com", true */ 'j', 'a', 'n', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "janschaumann.de", true */ 'j', 'a', 'n', 's', 'c', 'h', 'a', 'u', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "janssenwigman.nl", true */ 'j', 'a', 'n', 's', 's', 'e', 'n', 'w', 'i', 'g', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "janverlaan.nl", true */ 'j', 'a', 'n', 'v', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "jaot.info", true */ 'j', 'a', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jap-nope.de", true */ 'j', 'a', 'p', '-', 'n', 'o', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "japan4you.org", true */ 'j', 'a', 'p', 'a', 'n', '4', 'y', 'o', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "japaneseemoticons.org", true */ 'j', 'a', 'p', 'a', 'n', 'e', 's', 'e', 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "japanesenames.biz", true */ 'j', 'a', 'p', 'a', 'n', 'e', 's', 'e', 'n', 'a', 'm', 'e', 's', '.', 'b', 'i', 'z', '\0',
+  /* "japaniac.de", false */ 'j', 'a', 'p', 'a', 'n', 'i', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "japanphilosophy.com", true */ 'j', 'a', 'p', 'a', 'n', 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "japanwatches.xyz", true */ 'j', 'a', 'p', 'a', 'n', 'w', 'a', 't', 'c', 'h', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "jardin-exotique-rennes.fr", true */ 'j', 'a', 'r', 'd', 'i', 'n', '-', 'e', 'x', 'o', 't', 'i', 'q', 'u', 'e', '-', 'r', 'e', 'n', 'n', 'e', 's', '.', 'f', 'r', '\0',
+  /* "jardinderline.ch", true */ 'j', 'a', 'r', 'd', 'i', 'n', 'd', 'e', 'r', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "jardiniersduminotaure.fr", true */ 'j', 'a', 'r', 'd', 'i', 'n', 'i', 'e', 'r', 's', 'd', 'u', 'm', 'i', 'n', 'o', 't', 'a', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "jaredeberle.org", false */ 'j', 'a', 'r', 'e', 'd', 'e', 'b', 'e', 'r', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "jaredfernandez.com", true */ 'j', 'a', 'r', 'e', 'd', 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "jarl.ninja", true */ 'j', 'a', 'r', 'l', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "jarniashop.se", true */ 'j', 'a', 'r', 'n', 'i', 'a', 's', 'h', 'o', 'p', '.', 's', 'e', '\0',
+  /* "jaroku.com", true */ 'j', 'a', 'r', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jarondl.net", true */ 'j', 'a', 'r', 'o', 'n', 'd', 'l', '.', 'n', 'e', 't', '\0',
+  /* "jarrettgraham.com", true */ 'j', 'a', 'r', 'r', 'e', 't', 't', 'g', 'r', 'a', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jarroba.com", true */ 'j', 'a', 'r', 'r', 'o', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jas-team.net", true */ 'j', 'a', 's', '-', 't', 'e', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "jasl.works", true */ 'j', 'a', 's', 'l', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "jasmijnwagenaar.nl", true */ 'j', 'a', 's', 'm', 'i', 'j', 'n', 'w', 'a', 'g', 'e', 'n', 'a', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "jasonamorrow.com", true */ 'j', 'a', 's', 'o', 'n', 'a', 'm', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "jasongerber.ch", true */ 'j', 'a', 's', 'o', 'n', 'g', 'e', 'r', 'b', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jasonian-photo.com", true */ 'j', 'a', 's', 'o', 'n', 'i', 'a', 'n', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jasonmili.online", true */ 'j', 'a', 's', 'o', 'n', 'm', 'i', 'l', 'i', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "jasonradin.com", true */ 'j', 'a', 's', 'o', 'n', 'r', 'a', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jasonsansone.com", true */ 'j', 'a', 's', 'o', 'n', 's', 'a', 'n', 's', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jasonwindholz.com", true */ 'j', 'a', 's', 'o', 'n', 'w', 'i', 'n', 'd', 'h', 'o', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "jasperhammink.com", true */ 'j', 'a', 's', 'p', 'e', 'r', 'h', 'a', 'm', 'm', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jasperhuttenmedia.com", true */ 'j', 'a', 's', 'p', 'e', 'r', 'h', 'u', 't', 't', 'e', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "javalestari.com", true */ 'j', 'a', 'v', 'a', 'l', 'e', 's', 't', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "javamilk.com", true */ 'j', 'a', 'v', 'a', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "javfree.me", true */ 'j', 'a', 'v', 'f', 'r', 'e', 'e', '.', 'm', 'e', '\0',
+  /* "jawn.ca", true */ 'j', 'a', 'w', 'n', '.', 'c', 'a', '\0',
+  /* "jawnelodzkie.org.pl", true */ 'j', 'a', 'w', 'n', 'e', 'l', 'o', 'd', 'z', 'k', 'i', 'e', '.', 'o', 'r', 'g', '.', 'p', 'l', '\0',
+  /* "jaxageto.de", true */ 'j', 'a', 'x', 'a', 'g', 'e', 't', 'o', '.', 'd', 'e', '\0',
+  /* "jaycouture.com", true */ 'j', 'a', 'y', 'c', 'o', 'u', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jayf.de", true */ 'j', 'a', 'y', 'f', '.', 'd', 'e', '\0',
+  /* "jayfreestone.com", true */ 'j', 'a', 'y', 'f', 'r', 'e', 'e', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jayharris.ca", true */ 'j', 'a', 'y', 'h', 'a', 'r', 'r', 'i', 's', '.', 'c', 'a', '\0',
+  /* "jaymecd.rocks", true */ 'j', 'a', 'y', 'm', 'e', 'c', 'd', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "jaytx.com", true */ 'j', 'a', 'y', 't', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jayxon.com", true */ 'j', 'a', 'y', 'x', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jayxu.com", true */ 'j', 'a', 'y', 'x', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jazz-alliance.com", true */ 'j', 'a', 'z', 'z', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jazz-alliance.org", true */ 'j', 'a', 'z', 'z', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "jazzanet.com", true */ 'j', 'a', 'z', 'z', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jazzinutrecht.info", true */ 'j', 'a', 'z', 'z', 'i', 'n', 'u', 't', 'r', 'e', 'c', 'h', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jazzncheese.com", true */ 'j', 'a', 'z', 'z', 'n', 'c', 'h', 'e', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jazzy.id.au", true */ 'j', 'a', 'z', 'z', 'y', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "jazzy.pro", true */ 'j', 'a', 'z', 'z', 'y', '.', 'p', 'r', 'o', '\0',
+  /* "jazzysumi.com", true */ 'j', 'a', 'z', 'z', 'y', 's', 'u', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jbbd.fr", true */ 'j', 'b', 'b', 'd', '.', 'f', 'r', '\0',
+  /* "jbradaric.me", true */ 'j', 'b', 'r', 'a', 'd', 'a', 'r', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "jbs-jardins.ch", true */ 'j', 'b', 's', '-', 'j', 'a', 'r', 'd', 'i', 'n', 's', '.', 'c', 'h', '\0',
+  /* "jbsinternational.com", true */ 'j', 'b', 's', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jbt-stl.com", true */ 'j', 'b', 't', '-', 's', 't', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jcaicedo.com", true */ 'j', 'c', 'a', 'i', 'c', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jcaicedo.tk", true */ 'j', 'c', 'a', 'i', 'c', 'e', 'd', 'o', '.', 't', 'k', '\0',
+  /* "jcwodan.nl", true */ 'j', 'c', 'w', 'o', 'd', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "jcyz.cf", true */ 'j', 'c', 'y', 'z', '.', 'c', 'f', '\0',
+  /* "jd-group.co.uk", true */ 'j', 'd', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jd1.de", true */ 'j', 'd', '1', '.', 'd', 'e', '\0',
+  /* "jdassets.com", true */ 'j', 'd', 'a', 's', 's', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jdc.io", true */ 'j', 'd', 'c', '.', 'i', 'o', '\0',
+  /* "jdcdirectsales.com", true */ 'j', 'd', 'c', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jdcdirectsales.com.ph", true */ 'j', 'd', 'c', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "jdcgroup.com.ph", true */ 'j', 'd', 'c', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "jdh8.org", true */ 'j', 'd', 'h', '8', '.', 'o', 'r', 'g', '\0',
+  /* "jdheysupplies.co.uk", true */ 'j', 'd', 'h', 'e', 'y', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jdjohnsonmedia.com", true */ 'j', 'd', 'j', 'o', 'h', 'n', 's', 'o', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jdncr.com", true */ 'j', 'd', 'n', 'c', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jdoi.pw", true */ 'j', 'd', 'o', 'i', '.', 'p', 'w', '\0',
+  /* "jdoiron.me", true */ 'j', 'd', 'o', 'i', 'r', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "jdpleisure.co.uk", true */ 'j', 'd', 'p', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jdscastlehire.co.uk", true */ 'j', 'd', 's', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jdsf.tk", true */ 'j', 'd', 's', 'f', '.', 't', 'k', '\0',
+  /* "jdtic.com", true */ 'j', 'd', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "jdubya.info", true */ 'j', 'd', 'u', 'b', 'y', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "je-vends.fr", true */ 'j', 'e', '-', 'v', 'e', 'n', 'd', 's', '.', 'f', 'r', '\0',
+  /* "je2050.de", true */ 'j', 'e', '2', '0', '5', '0', '.', 'd', 'e', '\0',
+  /* "jean-remy.ch", true */ 'j', 'e', 'a', 'n', '-', 'r', 'e', 'm', 'y', '.', 'c', 'h', '\0',
+  /* "jeancardeno.com", true */ 'j', 'e', 'a', 'n', 'c', 'a', 'r', 'd', 'e', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jeandanielfaessler.ch", true */ 'j', 'e', 'a', 'n', 'd', 'a', 'n', 'i', 'e', 'l', 'f', 'a', 'e', 's', 's', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jeankygourmet.com", true */ 'j', 'e', 'a', 'n', 'k', 'y', 'g', 'o', 'u', 'r', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeanmarieayer.ch", true */ 'j', 'e', 'a', 'n', 'm', 'a', 'r', 'i', 'e', 'a', 'y', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jeannecalment.com", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'c', 'a', 'l', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeannelucienne.fr", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'l', 'u', 'c', 'i', 'e', 'n', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "jeanneret-combustibles.ch", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'r', 'e', 't', '-', 'c', 'o', 'm', 'b', 'u', 's', 't', 'i', 'b', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "jec-dekrone.be", true */ 'j', 'e', 'c', '-', 'd', 'e', 'k', 'r', 'o', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "jedepannetonordi.fr", true */ 'j', 'e', 'd', 'e', 'p', 'a', 'n', 'n', 'e', 't', 'o', 'n', 'o', 'r', 'd', 'i', '.', 'f', 'r', '\0',
+  /* "jedidiah.eu", true */ 'j', 'e', 'd', 'i', 'd', 'i', 'a', 'h', '.', 'e', 'u', '\0',
+  /* "jedipedia.net", true */ 'j', 'e', 'd', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "jediweb.com.au", true */ 'j', 'e', 'd', 'i', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jedwarddurrett.com", true */ 'j', 'e', 'd', 'w', 'a', 'r', 'd', 'd', 'u', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeec.ist", true */ 'j', 'e', 'e', 'c', '.', 'i', 's', 't', '\0',
+  /* "jeepmafia.com", true */ 'j', 'e', 'e', 'p', 'm', 'a', 'f', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jeff.forsale", true */ 'j', 'e', 'f', 'f', '.', 'f', 'o', 'r', 's', 'a', 'l', 'e', '\0',
+  /* "jeff.is", true */ 'j', 'e', 'f', 'f', '.', 'i', 's', '\0',
+  /* "jeffanderson.me", true */ 'j', 'e', 'f', 'f', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "jeffcasavant.com", false */ 'j', 'e', 'f', 'f', 'c', 'a', 's', 'a', 'v', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeffersonregan.co.uk", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jeffersonregan.com", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jeffersonregan.net", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "jeffhuxley.com", true */ 'j', 'e', 'f', 'f', 'h', 'u', 'x', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jeffmcneill.com", true */ 'j', 'e', 'f', 'f', 'm', 'c', 'n', 'e', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jeffri.me", true */ 'j', 'e', 'f', 'f', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "jeffsanders.com", true */ 'j', 'e', 'f', 'f', 's', 'a', 'n', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jefftickle.com", true */ 'j', 'e', 'f', 'f', 't', 'i', 'c', 'k', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jefrydco.id", true */ 'j', 'e', 'f', 'r', 'y', 'd', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "jekhar.com", true */ 'j', 'e', 'k', 'h', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jekkt.com", true */ 'j', 'e', 'k', 'k', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jelena-adeli.com", true */ 'j', 'e', 'l', 'e', 'n', 'a', '-', 'a', 'd', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jelewa.de", true */ 'j', 'e', 'l', 'e', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "jell.ie", true */ 'j', 'e', 'l', 'l', '.', 'i', 'e', '\0',
+  /* "jelleglebbeek.com", true */ 'j', 'e', 'l', 'l', 'e', 'g', 'l', 'e', 'b', 'b', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jelly.cz", true */ 'j', 'e', 'l', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "jellybeanbooks.com.au", true */ 'j', 'e', 'l', 'l', 'y', 'b', 'e', 'a', 'n', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jelmer.co.uk", true */ 'j', 'e', 'l', 'm', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jelmer.uk", true */ 'j', 'e', 'l', 'm', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "jemangeducheval.com", true */ 'j', 'e', 'm', 'a', 'n', 'g', 'e', 'd', 'u', 'c', 'h', 'e', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jembatankarir.com", true */ 'j', 'e', 'm', 'b', 'a', 't', 'a', 'n', 'k', 'a', 'r', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jemoticons.com", true */ 'j', 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jena.space", true */ 'j', 'e', 'n', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "jennedebleser.com", false */ 'j', 'e', 'n', 'n', 'e', 'd', 'e', 'b', 'l', 'e', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jennifersauer.nl", true */ 'j', 'e', 'n', 'n', 'i', 'f', 'e', 'r', 's', 'a', 'u', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "jennybeaned.com", true */ 'j', 'e', 'n', 'n', 'y', 'b', 'e', 'a', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jennythebaker.com", true */ 'j', 'e', 'n', 'n', 'y', 't', 'h', 'e', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jenolson.net", true */ 'j', 'e', 'n', 'o', 'l', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "jenprace.cz", true */ 'j', 'e', 'n', 'p', 'r', 'a', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "jensrex.dk", true */ 'j', 'e', 'n', 's', 'r', 'e', 'x', '.', 'd', 'k', '\0',
+  /* "jepertinger-itconsulting.de", true */ 'j', 'e', 'p', 'e', 'r', 't', 'i', 'n', 'g', 'e', 'r', '-', 'i', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "jeproteste.info", true */ 'j', 'e', 'p', 'r', 'o', 't', 'e', 's', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jeremiahbenes.com", true */ 'j', 'e', 'r', 'e', 'm', 'i', 'a', 'h', 'b', 'e', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jeremy-chen.org", true */ 'j', 'e', 'r', 'e', 'm', 'y', '-', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "jeremy.hu", true */ 'j', 'e', 'r', 'e', 'm', 'y', '.', 'h', 'u', '\0',
+  /* "jeremybentham.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'b', 'e', 'n', 't', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jeremycantu.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'c', 'a', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jeremycrews.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'c', 'r', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jeremyness.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jermann.biz", true */ 'j', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "jerodslay.com", false */ 'j', 'e', 'r', 'o', 'd', 's', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jeroendeneef.com", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'd', 'e', 'n', 'e', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jeroenensanne.wedding", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'e', 'n', 's', 'a', 'n', 'n', 'e', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "jeroenvanderwal.nl", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'v', 'a', 'n', 'd', 'e', 'r', 'w', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "jerrypau.ca", true */ 'j', 'e', 'r', 'r', 'y', 'p', 'a', 'u', '.', 'c', 'a', '\0',
+  /* "jerryyu.ca", true */ 'j', 'e', 'r', 'r', 'y', 'y', 'u', '.', 'c', 'a', '\0',
+  /* "jerseybikehire.co.uk", true */ 'j', 'e', 'r', 's', 'e', 'y', 'b', 'i', 'k', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jerseyjumpingbeans.co.uk", true */ 'j', 'e', 'r', 's', 'e', 'y', 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'b', 'e', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jerseylvi2013.org", true */ 'j', 'e', 'r', 's', 'e', 'y', 'l', 'v', 'i', '2', '0', '1', '3', '.', 'o', 'r', 'g', '\0',
+  /* "jesse3.com", true */ 'j', 'e', 's', 's', 'e', '3', '.', 'c', 'o', 'm', '\0',
+  /* "jesseerbach.com", true */ 'j', 'e', 's', 's', 'e', 'e', 'r', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jessekaufman.com", true */ 'j', 'e', 's', 's', 'e', 'k', 'a', 'u', 'f', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jessesjumpingcastles.co.uk", true */ 'j', 'e', 's', 's', 'e', 's', 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jessevictors.com", true */ 'j', 'e', 's', 's', 'e', 'v', 'i', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jessgranger.com", true */ 'j', 'e', 's', 's', 'g', 'r', 'a', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jesters-court.net", true */ 'j', 'e', 's', 't', 'e', 'r', 's', '-', 'c', 'o', 'u', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "jesuisadmin.fr", true */ 'j', 'e', 's', 'u', 'i', 's', 'a', 'd', 'm', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "jesuslucas.com", true */ 'j', 'e', 's', 'u', 's', 'l', 'u', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jet-stream.fr", true */ 'j', 'e', 't', '-', 's', 't', 'r', 'e', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "jetbbs.com", true */ 'j', 'e', 't', 'b', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jetkittens.co.uk", true */ 'j', 'e', 't', 'k', 'i', 't', 't', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jetmirshatri.com", true */ 'j', 'e', 't', 'm', 'i', 'r', 's', 'h', 'a', 't', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jetsetboyz.net", true */ 'j', 'e', 't', 's', 'e', 't', 'b', 'o', 'y', 'z', '.', 'n', 'e', 't', '\0',
+  /* "jetsieswerda.nl", true */ 'j', 'e', 't', 's', 'i', 'e', 's', 'w', 'e', 'r', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "jetwhiz.com", true */ 'j', 'e', 't', 'w', 'h', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "jetzt-elektromobil.de", true */ 'j', 'e', 't', 'z', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'm', 'o', 'b', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "jeugdkans.nl", true */ 'j', 'e', 'u', 'g', 'd', 'k', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "jeuxetcodes.fr", true */ 'j', 'e', 'u', 'x', 'e', 't', 'c', 'o', 'd', 'e', 's', '.', 'f', 'r', '\0',
+  /* "jeva.nl", true */ 'j', 'e', 'v', 'a', '.', 'n', 'l', '\0',
+  /* "jevisite.ca", true */ 'j', 'e', 'v', 'i', 's', 'i', 't', 'e', '.', 'c', 'a', '\0',
+  /* "jeweet.net", true */ 'j', 'e', 'w', 'e', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "jewishboyscouts.com", true */ 'j', 'e', 'w', 'i', 's', 'h', 'b', 'o', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jez.nl", true */ 'j', 'e', 'z', '.', 'n', 'l', '\0',
+  /* "jf-projects.de", false */ 'j', 'f', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'd', 'e', '\0',
+  /* "jfmhero.me", true */ 'j', 'f', 'm', 'h', 'e', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "jfr.im", true */ 'j', 'f', 'r', '.', 'i', 'm', '\0',
+  /* "jfreitag.de", true */ 'j', 'f', 'r', 'e', 'i', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "jgid.de", true */ 'j', 'g', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "jgke.fi", true */ 'j', 'g', 'k', 'e', '.', 'f', 'i', '\0',
+  /* "jgwb.de", true */ 'j', 'g', 'w', 'b', '.', 'd', 'e', '\0',
+  /* "jgwb.eu", true */ 'j', 'g', 'w', 'b', '.', 'e', 'u', '\0',
+  /* "jhalderm.com", true */ 'j', 'h', 'a', 'l', 'd', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jhaveri.net", true */ 'j', 'h', 'a', 'v', 'e', 'r', 'i', '.', 'n', 'e', 't', '\0',
+  /* "jhcommunitysports.co.uk", true */ 'j', 'h', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jhe.li", true */ 'j', 'h', 'e', '.', 'l', 'i', '\0',
+  /* "jhermsmeier.de", true */ 'j', 'h', 'e', 'r', 'm', 's', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jhollandtranslations.com", true */ 'j', 'h', 'o', 'l', 'l', 'a', 'n', 'd', 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jhuang.me", true */ 'j', 'h', 'u', 'a', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "jhwestover.com", true */ 'j', 'h', 'w', 'e', 's', 't', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jianjia.io", false */ 'j', 'i', 'a', 'n', 'j', 'i', 'a', '.', 'i', 'o', '\0',
+  /* "jianyuan.pro", true */ 'j', 'i', 'a', 'n', 'y', 'u', 'a', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "jichi.io", true */ 'j', 'i', 'c', 'h', 'i', '.', 'i', 'o', '\0',
+  /* "jie.dance", true */ 'j', 'i', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0',
+  /* "jigsawdevelopments.com", true */ 'j', 'i', 'g', 's', 'a', 'w', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jimbraaten.com", true */ 'j', 'i', 'm', 'b', 'r', 'a', 'a', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jimbutlerkiaparts.com", true */ 'j', 'i', 'm', 'b', 'u', 't', 'l', 'e', 'r', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jimdorf.com", true */ 'j', 'i', 'm', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jimmycai.com", true */ 'j', 'i', 'm', 'm', 'y', 'c', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jimmycn.com", true */ 'j', 'i', 'm', 'm', 'y', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jimmynelson.com", true */ 'j', 'i', 'm', 'm', 'y', 'n', 'e', 'l', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jimmyroura.ch", true */ 'j', 'i', 'm', 'm', 'y', 'r', 'o', 'u', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "jimshaver.net", true */ 'j', 'i', 'm', 's', 'h', 'a', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "jimslop.nl", true */ 'j', 'i', 'm', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "jinancy.fr", true */ 'j', 'i', 'n', 'a', 'n', 'c', 'y', '.', 'f', 'r', '\0',
+  /* "jinanshen.com", true */ 'j', 'i', 'n', 'a', 'n', 's', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jinbo123.com", false */ 'j', 'i', 'n', 'b', 'o', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "jinbowiki.org", true */ 'j', 'i', 'n', 'b', 'o', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "jing.su", true */ 'j', 'i', 'n', 'g', '.', 's', 'u', '\0',
+  /* "jingjo.com.au", true */ 'j', 'i', 'n', 'g', 'j', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jinja.ai", true */ 'j', 'i', 'n', 'j', 'a', '.', 'a', 'i', '\0',
+  /* "jinkuru.net", true */ 'j', 'i', 'n', 'k', 'u', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "jinliming.ml", true */ 'j', 'i', 'n', 'l', 'i', 'm', 'i', 'n', 'g', '.', 'm', 'l', '\0',
+  /* "jino-jossy.appspot.com", true */ 'j', 'i', 'n', 'o', '-', 'j', 'o', 's', 's', 'y', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jinshuju.net", true */ 'j', 'i', 'n', 's', 'h', 'u', 'j', 'u', '.', 'n', 'e', 't', '\0',
+  /* "jiogo.com", true */ 'j', 'i', 'o', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jira.com", true */ 'j', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jirav.com", true */ 'j', 'i', 'r', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "jiripudil.cz", true */ 'j', 'i', 'r', 'i', 'p', 'u', 'd', 'i', 'l', '.', 'c', 'z', '\0',
+  /* "jiveiaktivno.bg", true */ 'j', 'i', 'v', 'e', 'i', 'a', 'k', 't', 'i', 'v', 'n', 'o', '.', 'b', 'g', '\0',
+  /* "jixun.moe", true */ 'j', 'i', 'x', 'u', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "jiyusu.com", true */ 'j', 'i', 'y', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jiyuu-ni.com", true */ 'j', 'i', 'y', 'u', 'u', '-', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jiyuu-ni.net", true */ 'j', 'i', 'y', 'u', 'u', '-', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "jjj.blog", true */ 'j', 'j', 'j', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "jjspartyhire.co.uk", true */ 'j', 'j', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jjspartytime.co.uk", true */ 'j', 'j', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jjvanoorschot.nl", true */ 'j', 'j', 'v', 'a', 'n', 'o', 'o', 'r', 's', 'c', 'h', 'o', 't', '.', 'n', 'l', '\0',
+  /* "jk-entertainment.biz", true */ 'j', 'k', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'b', 'i', 'z', '\0',
+  /* "jkchocolate.com", true */ 'j', 'k', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jkest.cc", true */ 'j', 'k', 'e', 's', 't', '.', 'c', 'c', '\0',
+  /* "jkinteriorspa.com", true */ 'j', 'k', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jkirsche.com", true */ 'j', 'k', 'i', 'r', 's', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jkng.eu", true */ 'j', 'k', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "jkrippen.com", true */ 'j', 'k', 'r', 'i', 'p', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jlhmedia.com", true */ 'j', 'l', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jlkhosting.com", true */ 'j', 'l', 'k', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jlponsetto.com", true */ 'j', 'l', 'p', 'o', 'n', 's', 'e', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jlr-luxembourg.com", true */ 'j', 'l', 'r', '-', 'l', 'u', 'x', 'e', 'm', 'b', 'o', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jltctech.com", true */ 'j', 'l', 't', 'c', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jm-bea.net", true */ 'j', 'm', '-', 'b', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "jmalarcon.es", true */ 'j', 'm', 'a', 'l', 'a', 'r', 'c', 'o', 'n', '.', 'e', 's', '\0',
+  /* "jmarciniak.it", true */ 'j', 'm', 'a', 'r', 'c', 'i', 'n', 'i', 'a', 'k', '.', 'i', 't', '\0',
+  /* "jmb.lc", true */ 'j', 'm', 'b', '.', 'l', 'c', '\0',
+  /* "jmcashngold.com.au", true */ 'j', 'm', 'c', 'a', 's', 'h', 'n', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jmcleaning.services", true */ 'j', 'm', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "jmedved.com", true */ 'j', 'm', 'e', 'd', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jmentertainment.co.uk", true */ 'j', 'm', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jmk.hu", true */ 'j', 'm', 'k', '.', 'h', 'u', '\0',
+  /* "jmotion.co.uk", true */ 'j', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jmpb.hu", true */ 'j', 'm', 'p', 'b', '.', 'h', 'u', '\0',
+  /* "jmpmotorsport.co.uk", true */ 'j', 'm', 'p', 'm', 'o', 't', 'o', 'r', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jmsolodesigns.com", true */ 'j', 'm', 's', 'o', 'l', 'o', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jmssg.jp", true */ 'j', 'm', 's', 's', 'g', '.', 'j', 'p', '\0',
+  /* "jmvbmx.ch", true */ 'j', 'm', 'v', 'b', 'm', 'x', '.', 'c', 'h', '\0',
+  /* "jmvdigital.com", true */ 'j', 'm', 'v', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jncde.de", true */ 'j', 'n', 'c', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "jncie.de", true */ 'j', 'n', 'c', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "jncie.eu", true */ 'j', 'n', 'c', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "jncip.de", true */ 'j', 'n', 'c', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "jnjdj.com", true */ 'j', 'n', 'j', 'd', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "jnm-art.com", true */ 'j', 'n', 'm', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "joa-ebert.com", true */ 'j', 'o', 'a', '-', 'e', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "joaosampaio.com.br", true */ 'j', 'o', 'a', 'o', 's', 'a', 'm', 'p', 'a', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "joaquimgoliveira.pt", true */ 'j', 'o', 'a', 'q', 'u', 'i', 'm', 'g', 'o', 'l', 'i', 'v', 'e', 'i', 'r', 'a', '.', 'p', 't', '\0',
+  /* "job-offer.de", true */ 'j', 'o', 'b', '-', 'o', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jobbkk.com", true */ 'j', 'o', 'b', 'b', 'k', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jobbsafari.no", true */ 'j', 'o', 'b', 'b', 's', 'a', 'f', 'a', 'r', 'i', '.', 'n', 'o', '\0',
+  /* "jobbsafari.se", true */ 'j', 'o', 'b', 'b', 's', 'a', 'f', 'a', 'r', 'i', '.', 's', 'e', '\0',
+  /* "jobindex.dk", true */ 'j', 'o', 'b', 'i', 'n', 'd', 'e', 'x', '.', 'd', 'k', '\0',
+  /* "joblife.co.za", true */ 'j', 'o', 'b', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "jobmob.co.il", true */ 'j', 'o', 'b', 'm', 'o', 'b', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "jobs-in-tech.com", true */ 'j', 'o', 'b', 's', '-', 'i', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jobs.at", true */ 'j', 'o', 'b', 's', '.', 'a', 't', '\0',
+  /* "jobs.ch", true */ 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "jobs4sales.ch", true */ 'j', 'o', 'b', 's', '4', 's', 'a', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "jobseekeritalia.it", true */ 'j', 'o', 'b', 's', 'e', 'e', 'k', 'e', 'r', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "jobsuchmaschine.ch", true */ 'j', 'o', 'b', 's', 'u', 'c', 'h', 'm', 'a', 's', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "jobtestprep.de", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'd', 'e', '\0',
+  /* "jobtestprep.dk", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'd', 'k', '\0',
+  /* "jobtestprep.fr", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'f', 'r', '\0',
+  /* "jobtestprep.it", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'i', 't', '\0',
+  /* "jobtestprep.nl", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'n', 'l', '\0',
+  /* "jobtestprep.se", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 's', 'e', '\0',
+  /* "jobwinner.ch", true */ 'j', 'o', 'b', 'w', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jobzninja.com", true */ 'j', 'o', 'b', 'z', 'n', 'i', 'n', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jodel.ninja", true */ 'j', 'o', 'd', 'e', 'l', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "jodlajodla.si", true */ 'j', 'o', 'd', 'l', 'a', 'j', 'o', 'd', 'l', 'a', '.', 's', 'i', '\0',
+  /* "joduska.me", true */ 'j', 'o', 'd', 'u', 's', 'k', 'a', '.', 'm', 'e', '\0',
+  /* "jodyboucher.com", true */ 'j', 'o', 'd', 'y', 'b', 'o', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "joe-pagan.com", true */ 'j', 'o', 'e', '-', 'p', 'a', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "joe262.com", true */ 'j', 'o', 'e', '2', '6', '2', '.', 'c', 'o', 'm', '\0',
+  /* "joearodriguez.com", true */ 'j', 'o', 'e', 'a', 'r', 'o', 'd', 'r', 'i', 'g', 'u', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "joedavison.me", true */ 'j', 'o', 'e', 'd', 'a', 'v', 'i', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "joedinardo.com", true */ 'j', 'o', 'e', 'd', 'i', 'n', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "joedoyle.us", true */ 'j', 'o', 'e', 'd', 'o', 'y', 'l', 'e', '.', 'u', 's', '\0',
+  /* "joedroll.com", true */ 'j', 'o', 'e', 'd', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "joehenry.co.uk", true */ 'j', 'o', 'e', 'h', 'e', 'n', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joelcoustrain.com", true */ 'j', 'o', 'e', 'l', 'c', 'o', 'u', 's', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "joeldrapper.com", true */ 'j', 'o', 'e', 'l', 'd', 'r', 'a', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "joelfries.com", true */ 'j', 'o', 'e', 'l', 'f', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "joelj.org", true */ 'j', 'o', 'e', 'l', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "joelle.me", true */ 'j', 'o', 'e', 'l', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "joelleandpeter.co.uk", true */ 'j', 'o', 'e', 'l', 'l', 'e', 'a', 'n', 'd', 'p', 'e', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joellimberg.com", true */ 'j', 'o', 'e', 'l', 'l', 'i', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "joellombardo.com", true */ 'j', 'o', 'e', 'l', 'l', 'o', 'm', 'b', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "joelmarkhamphotography.com.au", true */ 'j', 'o', 'e', 'l', 'm', 'a', 'r', 'k', 'h', 'a', 'm', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "joelmunch.com", true */ 'j', 'o', 'e', 'l', 'm', 'u', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "joepitt.co.uk", false */ 'j', 'o', 'e', 'p', 'i', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joerg-wellpott.de", true */ 'j', 'o', 'e', 'r', 'g', '-', 'w', 'e', 'l', 'l', 'p', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "joerss.at", true */ 'j', 'o', 'e', 'r', 's', 's', '.', 'a', 't', '\0',
+  /* "joespaintingpgh.com", true */ 'j', 'o', 'e', 's', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'p', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "joestead.codes", true */ 'j', 'o', 'e', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "joetyson.me", true */ 'j', 'o', 'e', 't', 'y', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "joeysmith.com", true */ 'j', 'o', 'e', 'y', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jogi-server.de", true */ 'j', 'o', 'g', 'i', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jogorama.com.br", false */ 'j', 'o', 'g', 'o', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "johanbissemattsson.se", false */ 'j', 'o', 'h', 'a', 'n', 'b', 'i', 's', 's', 'e', 'm', 'a', 't', 't', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "johand.io", true */ 'j', 'o', 'h', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "johanli.com", true */ 'j', 'o', 'h', 'a', 'n', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "johannaojanen.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'a', 'o', 'j', 'a', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "johannes-bauer.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '-', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "johannes-zinke.de", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '-', 'z', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "johannes.io", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '.', 'i', 'o', '\0',
+  /* "johannes.wtf", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '.', 'w', 't', 'f', '\0',
+  /* "johannespichler.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', 'p', 'i', 'c', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "johnbeil.com", true */ 'j', 'o', 'h', 'n', 'b', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "johnblackbourn.com", true */ 'j', 'o', 'h', 'n', 'b', 'l', 'a', 'c', 'k', 'b', 'o', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "johndball.com", true */ 'j', 'o', 'h', 'n', 'd', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "johnfulgenzi.com", true */ 'j', 'o', 'h', 'n', 'f', 'u', 'l', 'g', 'e', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "johngallias.com", true */ 'j', 'o', 'h', 'n', 'g', 'a', 'l', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "johnguant.com", true */ 'j', 'o', 'h', 'n', 'g', 'u', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "johnkastler.net", true */ 'j', 'o', 'h', 'n', 'k', 'a', 's', 't', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "johnmalloneemd.com", false */ 'j', 'o', 'h', 'n', 'm', 'a', 'l', 'l', 'o', 'n', 'e', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "johnmcintosh.pro", true */ 'j', 'o', 'h', 'n', 'm', 'c', 'i', 'n', 't', 'o', 's', 'h', '.', 'p', 'r', 'o', '\0',
+  /* "johnmh.me", true */ 'j', 'o', 'h', 'n', 'm', 'h', '.', 'm', 'e', '\0',
+  /* "johnmichel.org", true */ 'j', 'o', 'h', 'n', 'm', 'i', 'c', 'h', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "johnmorganpartnership.co.uk", true */ 'j', 'o', 'h', 'n', 'm', 'o', 'r', 'g', 'a', 'n', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "johnnybet.com", true */ 'j', 'o', 'h', 'n', 'n', 'y', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "johnnybsecure.com", true */ 'j', 'o', 'h', 'n', 'n', 'y', 'b', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "johnroach.io", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'a', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "johnroberts.me", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'b', 'e', 'r', 't', 's', '.', 'm', 'e', '\0',
+  /* "johnrockefeller.net", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'c', 'k', 'e', 'f', 'e', 'l', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "johnsegovia.com", true */ 'j', 'o', 'h', 'n', 's', 'e', 'g', 'o', 'v', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "johnsiu.com", true */ 'j', 'o', 'h', 'n', 's', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "johntomasowa.com", true */ 'j', 'o', 'h', 'n', 't', 'o', 'm', 'a', 's', 'o', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "johnvanhese.nl", true */ 'j', 'o', 'h', 'n', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'n', 'l', '\0',
+  /* "joi-dhl.ch", true */ 'j', 'o', 'i', '-', 'd', 'h', 'l', '.', 'c', 'h', '\0',
+  /* "jojosplaycentreandcafeteria.co.uk", true */ 'j', 'o', 'j', 'o', 's', 'p', 'l', 'a', 'y', 'c', 'e', 'n', 't', 'r', 'e', 'a', 'n', 'd', 'c', 'a', 'f', 'e', 't', 'e', 'r', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jokedalderup.nl", true */ 'j', 'o', 'k', 'e', 'd', 'a', 'l', 'd', 'e', 'r', 'u', 'p', '.', 'n', 'l', '\0',
+  /* "joker.menu", true */ 'j', 'o', 'k', 'e', 'r', '.', 'm', 'e', 'n', 'u', '\0',
+  /* "jokerice.co.uk", true */ 'j', 'o', 'k', 'e', 'r', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jokescoff.com", true */ 'j', 'o', 'k', 'e', 's', 'c', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jokewignand.nl", true */ 'j', 'o', 'k', 'e', 'w', 'i', 'g', 'n', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "joliettech.com", true */ 'j', 'o', 'l', 'i', 'e', 't', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jollausers.de", true */ 'j', 'o', 'l', 'l', 'a', 'u', 's', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "jollykidswobbleworld.co.uk", true */ 'j', 'o', 'l', 'l', 'y', 'k', 'i', 'd', 's', 'w', 'o', 'b', 'b', 'l', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jomo.tv", true */ 'j', 'o', 'm', 'o', '.', 't', 'v', '\0',
+  /* "jomp16.tk", true */ 'j', 'o', 'm', 'p', '1', '6', '.', 't', 'k', '\0',
+  /* "jonandnoraswedding.com", true */ 'j', 'o', 'n', 'a', 'n', 'd', 'n', 'o', 'r', 'a', 's', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jonarcher.info", true */ 'j', 'o', 'n', 'a', 'r', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jonas-thelemann.de", true */ 'j', 'o', 'n', 'a', 's', '-', 't', 'h', 'e', 'l', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "jonas-wenk.de", true */ 'j', 'o', 'n', 'a', 's', '-', 'w', 'e', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "jonaskjodt.com", true */ 'j', 'o', 'n', 'a', 's', 'k', 'j', 'o', 'd', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jonaswitmer.ch", true */ 'j', 'o', 'n', 'a', 's', 'w', 'i', 't', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jonathan-apps.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', '-', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonathancarter.org", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'c', 'a', 'r', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "jonathandowning.uk", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'd', 'o', 'w', 'n', 'i', 'n', 'g', '.', 'u', 'k', '\0',
+  /* "jonathandupree.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'd', 'u', 'p', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jonathanmassacand.ch", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'm', 'a', 's', 's', 'a', 'c', 'a', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "jonathanschle.de", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 's', 'c', 'h', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "jonathanwisdom.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'w', 'i', 's', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jondarby.com", true */ 'j', 'o', 'n', 'd', 'a', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jondevin.com", true */ 'j', 'o', 'n', 'd', 'e', 'v', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jonesborostatebank.com", false */ 'j', 'o', 'n', 'e', 's', 'b', 'o', 'r', 'o', 's', 't', 'a', 't', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jonferwerda.net", true */ 'j', 'o', 'n', 'f', 'e', 'r', 'w', 'e', 'r', 'd', 'a', '.', 'n', 'e', 't', '\0',
+  /* "jonfor.net", true */ 'j', 'o', 'n', 'f', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "jongbloed.nl", true */ 'j', 'o', 'n', 'g', 'b', 'l', 'o', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "jongcs.com", true */ 'j', 'o', 'n', 'g', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonilar.com", true */ 'j', 'o', 'n', 'i', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jonirrings.com", true */ 'j', 'o', 'n', 'i', 'r', 'r', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonkermedia.nl", true */ 'j', 'o', 'n', 'k', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "jonlabelle.com", true */ 'j', 'o', 'n', 'l', 'a', 'b', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jonnybarnes.uk", true */ 'j', 'o', 'n', 'n', 'y', 'b', 'a', 'r', 'n', 'e', 's', '.', 'u', 'k', '\0',
+  /* "jonnystoten.com", true */ 'j', 'o', 'n', 'n', 'y', 's', 't', 'o', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jonoalderson.com", true */ 'j', 'o', 'n', 'o', 'a', 'l', 'd', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jonpads.com", true */ 'j', 'o', 'n', 'p', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonpavelich.com", true */ 'j', 'o', 'n', 'p', 'a', 'v', 'e', 'l', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jons.org", true */ 'j', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "jonscaife.com", true */ 'j', 'o', 'n', 's', 'c', 'a', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jooksuratas.ee", true */ 'j', 'o', 'o', 'k', 's', 'u', 'r', 'a', 't', 'a', 's', '.', 'e', 'e', '\0',
+  /* "joomlant.org", true */ 'j', 'o', 'o', 'm', 'l', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "joostrijneveld.nl", true */ 'j', 'o', 'o', 's', 't', 'r', 'i', 'j', 'n', 'e', 'v', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "joostvanderlaan.nl", true */ 'j', 'o', 'o', 's', 't', 'v', 'a', 'n', 'd', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "jopl.org", true */ 'j', 'o', 'p', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "jopsens.de", true */ 'j', 'o', 'p', 's', 'e', 'n', 's', '.', 'd', 'e', '\0',
+  /* "joran.org", true */ 'j', 'o', 'r', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "jordankmportal.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 'k', 'm', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jordans.co.uk", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jordanscorporatelaw.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "jordanstrustcompany.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', 't', 'r', 'u', 's', 't', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jorisdalderup.nl", true */ 'j', 'o', 'r', 'i', 's', 'd', 'a', 'l', 'd', 'e', 'r', 'u', 'p', '.', 'n', 'l', '\0',
+  /* "jornadasciberdefensa2016.es", true */ 'j', 'o', 'r', 'n', 'a', 'd', 'a', 's', 'c', 'i', 'b', 'e', 'r', 'd', 'e', 'f', 'e', 'n', 's', 'a', '2', '0', '1', '6', '.', 'e', 's', '\0',
+  /* "jornalalerta.com.br", true */ 'j', 'o', 'r', 'n', 'a', 'l', 'a', 'l', 'e', 'r', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jorovik.com", true */ 'j', 'o', 'r', 'o', 'v', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jorrit.info", true */ 'j', 'o', 'r', 'r', 'i', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "josc.com.au", true */ 'j', 'o', 's', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "joscares.com", true */ 'j', 'o', 's', 'c', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jose.eti.br", true */ 'j', 'o', 's', 'e', '.', 'e', 't', 'i', '.', 'b', 'r', '\0',
+  /* "joseetesser.nl", true */ 'j', 'o', 's', 'e', 'e', 't', 'e', 's', 's', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "josef-lotz.de", true */ 'j', 'o', 's', 'e', 'f', '-', 'l', 'o', 't', 'z', '.', 'd', 'e', '\0',
+  /* "josefjanosec.com", true */ 'j', 'o', 's', 'e', 'f', 'j', 'a', 'n', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "josefottosson.se", true */ 'j', 'o', 's', 'e', 'f', 'o', 't', 't', 'o', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "josegerber.ch", true */ 'j', 'o', 's', 'e', 'g', 'e', 'r', 'b', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "josemikkola.fi", true */ 'j', 'o', 's', 'e', 'm', 'i', 'k', 'k', 'o', 'l', 'a', '.', 'f', 'i', '\0',
+  /* "josepbel.com", true */ 'j', 'o', 's', 'e', 'p', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "josephre.es", true */ 'j', 'o', 's', 'e', 'p', 'h', 'r', 'e', '.', 'e', 's', '\0',
+  /* "josephsniderman.com", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "josephsniderman.net", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "josephsniderman.org", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "josephv.website", true */ 'j', 'o', 's', 'e', 'p', 'h', 'v', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "josericaurte.com", true */ 'j', 'o', 's', 'e', 'r', 'i', 'c', 'a', 'u', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "joshgrancell.com", true */ 'j', 'o', 's', 'h', 'g', 'r', 'a', 'n', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "joshharkema.com", true */ 'j', 'o', 's', 'h', 'h', 'a', 'r', 'k', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "joshharmon.me", true */ 'j', 'o', 's', 'h', 'h', 'a', 'r', 'm', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "joshlovephotography.co.uk", true */ 'j', 'o', 's', 'h', 'l', 'o', 'v', 'e', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joshpanter.com", true */ 'j', 'o', 's', 'h', 'p', 'a', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "joshrickert.com", true */ 'j', 'o', 's', 'h', 'r', 'i', 'c', 'k', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "joshschmelzle.com", true */ 'j', 'o', 's', 'h', 's', 'c', 'h', 'm', 'e', 'l', 'z', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "joshtriplett.org", true */ 'j', 'o', 's', 'h', 't', 'r', 'i', 'p', 'l', 'e', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "joshua-kuepper.de", true */ 'j', 'o', 's', 'h', 'u', 'a', '-', 'k', 'u', 'e', 'p', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "joshuajohnson.ca", true */ 'j', 'o', 's', 'h', 'u', 'a', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "joshuarogers.net", true */ 'j', 'o', 's', 'h', 'u', 'a', 'r', 'o', 'g', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "josoansi.de", true */ 'j', 'o', 's', 'o', 'a', 'n', 's', 'i', '.', 'd', 'e', '\0',
+  /* "joto.de", true */ 'j', 'o', 't', 'o', '.', 'd', 'e', '\0',
+  /* "jouetspetitechanson.com", true */ 'j', 'o', 'u', 'e', 't', 's', 'p', 'e', 't', 'i', 't', 'e', 'c', 'h', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "journeyfriday.rocks", true */ 'j', 'o', 'u', 'r', 'n', 'e', 'y', 'f', 'r', 'i', 'd', 'a', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "journeytomastery.net", true */ 'j', 'o', 'u', 'r', 'n', 'e', 'y', 't', 'o', 'm', 'a', 's', 't', 'e', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "jovani.com", false */ 'j', 'o', 'v', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "joviam.com", true */ 'j', 'o', 'v', 'i', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jovic.hamburg", true */ 'j', 'o', 'v', 'i', 'c', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "joworld.net", true */ 'j', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "joyful.house", true */ 'j', 'o', 'y', 'f', 'u', 'l', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "joyfulexpressions.gallery", true */ 'j', 'o', 'y', 'f', 'u', 'l', 'e', 'x', 'p', 'r', 'e', 's', 's', 'i', 'o', 'n', 's', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "joyofcookingandbaking.com", true */ 'j', 'o', 'y', 'o', 'f', 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'b', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jpcrochetapparel.com", true */ 'j', 'p', 'c', 'r', 'o', 'c', 'h', 'e', 't', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jpdeharenne.be", true */ 'j', 'p', 'd', 'e', 'h', 'a', 'r', 'e', 'n', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "jpeg.io", true */ 'j', 'p', 'e', 'g', '.', 'i', 'o', '\0',
+  /* "jpgangbang.com", true */ 'j', 'p', 'g', 'a', 'n', 'g', 'b', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jphandjob.com", true */ 'j', 'p', 'h', 'a', 'n', 'd', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "jplesbian.com", true */ 'j', 'p', 'l', 'e', 's', 'b', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jpmelos.com", true */ 'j', 'p', 'm', 'e', 'l', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jpmelos.com.br", true */ 'j', 'p', 'm', 'e', 'l', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jpod.cc", true */ 'j', 'p', 'o', 'd', '.', 'c', 'c', '\0',
+  /* "jproxx.com", true */ 'j', 'p', 'r', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jps-selection.co.uk", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jps-selection.com", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jps-selection.eu", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "jpshop.ru", true */ 'j', 'p', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0',
+  /* "jpsinflatables.co.uk", true */ 'j', 'p', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jpslconsulting.ca", true */ 'j', 'p', 's', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "jr5devdoug.xyz", true */ 'j', 'r', '5', 'd', 'e', 'v', 'd', 'o', 'u', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "jr5devdouglas.xyz", true */ 'j', 'r', '5', 'd', 'e', 'v', 'd', 'o', 'u', 'g', 'l', 'a', 's', '.', 'x', 'y', 'z', '\0',
+  /* "jr5proxdoug.xyz", true */ 'j', 'r', '5', 'p', 'r', 'o', 'x', 'd', 'o', 'u', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "jrc9.ca", true */ 'j', 'r', 'c', '9', '.', 'c', 'a', '\0',
+  /* "jreb.nl", true */ 'j', 'r', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "jreinert.com", true */ 'j', 'r', 'e', 'i', 'n', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jross.me", true */ 'j', 'r', 'o', 's', 's', '.', 'm', 'e', '\0',
+  /* "jrtapsell.co.uk", true */ 'j', 'r', 't', 'a', 'p', 's', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jrxpress.com", true */ 'j', 'r', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "js-online.net", false */ 'j', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "jschoi.org", true */ 'j', 's', 'c', 'h', 'o', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "jschumacher.info", true */ 'j', 's', 'c', 'h', 'u', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jsd-cog.org", true */ 'j', 's', 'd', '-', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "jsent.co.uk", true */ 'j', 's', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jsevilleja.org", true */ 'j', 's', 'e', 'v', 'i', 'l', 'l', 'e', 'j', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "jskier.com", false */ 'j', 's', 'k', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jskoelliken.ch", true */ 'j', 's', 'k', 'o', 'e', 'l', 'l', 'i', 'k', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "jslidong.top", true */ 'j', 's', 'l', 'i', 'd', 'o', 'n', 'g', '.', 't', 'o', 'p', '\0',
+  /* "jsmetallerie.fr", true */ 'j', 's', 'm', 'e', 't', 'a', 'l', 'l', 'e', 'r', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "json-viewer.com", true */ 'j', 's', 'o', 'n', '-', 'v', 'i', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jstelecom.com.br", true */ 'j', 's', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jsteward.moe", true */ 'j', 's', 't', 'e', 'w', 'a', 'r', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "jstore.ch", true */ 'j', 's', 't', 'o', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "jsvr.tk", true */ 'j', 's', 'v', 'r', '.', 't', 'k', '\0',
+  /* "jtcat.com", true */ 'j', 't', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jthackery.com", false */ 'j', 't', 'h', 'a', 'c', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jts3servermod.com", true */ 'j', 't', 's', '3', 's', 'e', 'r', 'v', 'e', 'r', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jtslay.com", true */ 'j', 't', 's', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jtwp470.net", false */ 'j', 't', 'w', 'p', '4', '7', '0', '.', 'n', 'e', 't', '\0',
+  /* "ju1ro.de", true */ 'j', 'u', '1', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "juan23.edu.uy", true */ 'j', 'u', 'a', 'n', '2', '3', '.', 'e', 'd', 'u', '.', 'u', 'y', '\0',
+  /* "juanhub.com", true */ 'j', 'u', 'a', 'n', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "juanmaguitar.com", true */ 'j', 'u', 'a', 'n', 'm', 'a', 'g', 'u', 'i', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "juanxt.ddns.net", true */ 'j', 'u', 'a', 'n', 'x', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "jubileum.online", true */ 'j', 'u', 'b', 'i', 'l', 'e', 'u', 'm', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "juch.cc", true */ 'j', 'u', 'c', 'h', '.', 'c', 'c', '\0',
+  /* "juchheim-methode.de", true */ 'j', 'u', 'c', 'h', 'h', 'e', 'i', 'm', '-', 'm', 'e', 't', 'h', 'o', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "juchit.at", true */ 'j', 'u', 'c', 'h', 'i', 't', '.', 'a', 't', '\0',
+  /* "judc-ge.ch", true */ 'j', 'u', 'd', 'c', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "judoprodeti.cz", true */ 'j', 'u', 'd', 'o', 'p', 'r', 'o', 'd', 'e', 't', 'i', '.', 'c', 'z', '\0',
+  /* "juegosycodigos.es", true */ 'j', 'u', 'e', 'g', 'o', 's', 'y', 'c', 'o', 'd', 'i', 'g', 'o', 's', '.', 'e', 's', '\0',
+  /* "juegosycodigos.mx", true */ 'j', 'u', 'e', 'g', 'o', 's', 'y', 'c', 'o', 'd', 'i', 'g', 'o', 's', '.', 'm', 'x', '\0',
+  /* "juergen-elbert.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', '-', 'e', 'l', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "juergenhecht.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 'h', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "juergenspecht.com", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 's', 'p', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "juergenspecht.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 's', 'p', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "jugendsuenden.info", true */ 'j', 'u', 'g', 'e', 'n', 'd', 's', 'u', 'e', 'n', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jugh.de", true */ 'j', 'u', 'g', 'h', '.', 'd', 'e', '\0',
+  /* "juhakoho.com", true */ 'j', 'u', 'h', 'a', 'k', 'o', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "juice.codes", true */ 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "juiced.gs", true */ 'j', 'u', 'i', 'c', 'e', 'd', '.', 'g', 's', '\0',
+  /* "juku-info.top", true */ 'j', 'u', 'k', 'u', '-', 'i', 'n', 'f', 'o', '.', 't', 'o', 'p', '\0',
+  /* "juku-wing.jp", true */ 'j', 'u', 'k', 'u', '-', 'w', 'i', 'n', 'g', '.', 'j', 'p', '\0',
+  /* "julegoerke.de", true */ 'j', 'u', 'l', 'e', 'g', 'o', 'e', 'r', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "julenlanda.com", true */ 'j', 'u', 'l', 'e', 'n', 'l', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "julian-weigle.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', '-', 'w', 'e', 'i', 'g', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "juliangonggrijp.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'g', 'o', 'n', 'g', 'g', 'r', 'i', 'j', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "julianickel.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'i', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "julianmeyer.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "juliansimioni.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 's', 'i', 'm', 'i', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "julianskitchen.ch", true */ 'j', 'u', 'l', 'i', 'a', 'n', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "julianvmodesto.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'v', 'm', 'o', 'd', 'e', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "julianwallmeroth.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'w', 'a', 'l', 'l', 'm', 'e', 'r', 'o', 't', 'h', '.', 'd', 'e', '\0',
+  /* "julianweigle.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'w', 'e', 'i', 'g', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "julianxhokaxhiu.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'x', 'h', 'o', 'k', 'a', 'x', 'h', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "julibear.com", true */ 'j', 'u', 'l', 'i', 'b', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "julico.nl", true */ 'j', 'u', 'l', 'i', 'c', 'o', '.', 'n', 'l', '\0',
+  /* "julie-and-stevens-wedding.com", true */ 'j', 'u', 'l', 'i', 'e', '-', 'a', 'n', 'd', '-', 's', 't', 'e', 'v', 'e', 'n', 's', '-', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "juliedecubber.com", true */ 'j', 'u', 'l', 'i', 'e', 'd', 'e', 'c', 'u', 'b', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "juliekoubova.net", true */ 'j', 'u', 'l', 'i', 'e', 'k', 'o', 'u', 'b', 'o', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "juliemaurel.fr", true */ 'j', 'u', 'l', 'i', 'e', 'm', 'a', 'u', 'r', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "julienc.io", true */ 'j', 'u', 'l', 'i', 'e', 'n', 'c', '.', 'i', 'o', '\0',
+  /* "julienpaterne.com", true */ 'j', 'u', 'l', 'i', 'e', 'n', 'p', 'a', 't', 'e', 'r', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "julientartarin.com", true */ 'j', 'u', 'l', 'i', 'e', 'n', 't', 'a', 'r', 't', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "julio.jamil.nom.br", true */ 'j', 'u', 'l', 'i', 'o', '.', 'j', 'a', 'm', 'i', 'l', '.', 'n', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "juls.cloud", true */ 'j', 'u', 'l', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "jultube.de", true */ 'j', 'u', 'l', 't', 'u', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "jumba.com.au", true */ 'j', 'u', 'm', 'b', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jumboquid.co.uk", true */ 'j', 'u', 'm', 'b', 'o', 'q', 'u', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jump-zone.co.uk", true */ 'j', 'u', 'm', 'p', '-', 'z', 'o', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jump.bg", false */ 'j', 'u', 'm', 'p', '.', 'b', 'g', '\0',
+  /* "jump.wtf", true */ 'j', 'u', 'm', 'p', '.', 'w', 't', 'f', '\0',
+  /* "jump4funinflatables.co.uk", true */ 'j', 'u', 'm', 'p', '4', 'f', 'u', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpandbounce.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpandjivechildrensparties.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'j', 'i', 'v', 'e', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumparoundbouncycastles.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'u', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumparoundreading.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'u', 'n', 'd', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumparty.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpeasy.com.au", true */ 'j', 'u', 'm', 'p', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jumperoos.co.uk", true */ 'j', 'u', 'm', 'p', 'e', 'r', 'o', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpin-jax.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', '-', 'j', 'a', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpinchat.com", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jumpingbee.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'b', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpingcastlesonline.com.au", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jumpingjacksbouncycastles.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'j', 'a', 'c', 'k', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpinjaes.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'j', 'a', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpinmonkeys.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'm', 'o', 'n', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpman-iphone-design.de", true */ 'j', 'u', 'm', 'p', 'm', 'a', 'n', '-', 'i', 'p', 'h', 'o', 'n', 'e', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "jumpnplay.co.uk", true */ 'j', 'u', 'm', 'p', 'n', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "junespina.com", true */ 'j', 'u', 'n', 'e', 's', 'p', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "junethack.net", true */ 'j', 'u', 'n', 'e', 't', 'h', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "jungaa.fr", true */ 'j', 'u', 'n', 'g', 'a', 'a', '.', 'f', 'r', '\0',
+  /* "jungesforumkonstanz.de", true */ 'j', 'u', 'n', 'g', 'e', 's', 'f', 'o', 'r', 'u', 'm', 'k', 'o', 'n', 's', 't', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "jungleculture.co.za", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "jungleducks.ca", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'd', 'u', 'c', 'k', 's', '.', 'c', 'a', '\0',
+  /* "junglejackscastles.co.uk", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'j', 'a', 'c', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "junglist.org", true */ 'j', 'u', 'n', 'g', 'l', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "juni.io", true */ 'j', 'u', 'n', 'i', '.', 'i', 'o', '\0',
+  /* "juniperroots.ca", true */ 'j', 'u', 'n', 'i', 'p', 'e', 'r', 'r', 'o', 'o', 't', 's', '.', 'c', 'a', '\0',
+  /* "juniwalk.cz", true */ 'j', 'u', 'n', 'i', 'w', 'a', 'l', 'k', '.', 'c', 'z', '\0',
+  /* "junkdrome.org", true */ 'j', 'u', 'n', 'k', 'd', 'r', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "junqueiropolis.com", true */ 'j', 'u', 'n', 'q', 'u', 'e', 'i', 'r', 'o', 'p', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jurassicbarkharrogate.co.uk", true */ 'j', 'u', 'r', 'a', 's', 's', 'i', 'c', 'b', 'a', 'r', 'k', 'h', 'a', 'r', 'r', 'o', 'g', 'a', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jurassicgolf.nl", true */ 'j', 'u', 'r', 'a', 's', 's', 'i', 'c', 'g', 'o', 'l', 'f', '.', 'n', 'l', '\0',
+  /* "juridoc.com.br", true */ 'j', 'u', 'r', 'i', 'd', 'o', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "juristeo.com", true */ 'j', 'u', 'r', 'i', 's', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jurke.com", true */ 'j', 'u', 'r', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jurko.cz", true */ 'j', 'u', 'r', 'k', 'o', '.', 'c', 'z', '\0',
+  /* "jurriaan.ninja", true */ 'j', 'u', 'r', 'r', 'i', 'a', 'a', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "just-a-clanpage.de", true */ 'j', 'u', 's', 't', '-', 'a', '-', 'c', 'l', 'a', 'n', 'p', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "just2trade.com", true */ 'j', 'u', 's', 't', '2', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "justanothercompany.name", true */ 'j', 'u', 's', 't', 'a', 'n', 'o', 't', 'h', 'e', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "justbelieverecovery.com", true */ 'j', 'u', 's', 't', 'b', 'e', 'l', 'i', 'e', 'v', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "justbookexcursions.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 'e', 'x', 'c', 'u', 'r', 's', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "justbookhotels.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 'h', 'o', 't', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "justbooktransfers.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "justboom.co", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "justbouncecastles.co.uk", true */ 'j', 'u', 's', 't', 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "justchunks.net", true */ 'j', 'u', 's', 't', 'c', 'h', 'u', 'n', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "justgalak.com", true */ 'j', 'u', 's', 't', 'g', 'a', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "justgalak.org", true */ 'j', 'u', 's', 't', 'g', 'a', 'l', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "justice.gov", false */ 'j', 'u', 's', 't', 'i', 'c', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "justice4assange.com", true */ 'j', 'u', 's', 't', 'i', 'c', 'e', '4', 'a', 's', 's', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "justinellingwood.com", true */ 'j', 'u', 's', 't', 'i', 'n', 'e', 'l', 'l', 'i', 'n', 'g', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "justinho.com", true */ 'j', 'u', 's', 't', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "justinstandring.com", true */ 'j', 'u', 's', 't', 'i', 'n', 's', 't', 'a', 'n', 'd', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "justnu.se", false */ 'j', 'u', 's', 't', 'n', 'u', '.', 's', 'e', '\0',
+  /* "justpaste.it", true */ 'j', 'u', 's', 't', 'p', 'a', 's', 't', 'e', '.', 'i', 't', '\0',
+  /* "justupdate.me", true */ 'j', 'u', 's', 't', 'u', 'p', 'd', 'a', 't', 'e', '.', 'm', 'e', '\0',
+  /* "justyy.com", true */ 'j', 'u', 's', 't', 'y', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "juszkiewicz.com.pl", true */ 'j', 'u', 's', 'z', 'k', 'i', 'e', 'w', 'i', 'c', 'z', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "jutlander-netbank.dk", true */ 'j', 'u', 't', 'l', 'a', 'n', 'd', 'e', 'r', '-', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'd', 'k', '\0',
+  /* "jutlander.dk", true */ 'j', 'u', 't', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "juventusclublugano.ch", true */ 'j', 'u', 'v', 'e', 'n', 't', 'u', 's', 'c', 'l', 'u', 'b', 'l', 'u', 'g', 'a', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "juwelierstoopman.nl", true */ 'j', 'u', 'w', 'e', 'l', 'i', 'e', 'r', 's', 't', 'o', 'o', 'p', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "juzgalo.com", true */ 'j', 'u', 'z', 'g', 'a', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jva-wuerzburg.de", true */ 'j', 'v', 'a', '-', 'w', 'u', 'e', 'r', 'z', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "jvanerp.nl", true */ 'j', 'v', 'a', 'n', 'e', 'r', 'p', '.', 'n', 'l', '\0',
+  /* "jvbouncycastlehire.co.uk", true */ 'j', 'v', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jvn.com", false */ 'j', 'v', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jvphotoboothhire.co.uk", true */ 'j', 'v', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jvwdev.nl", true */ 'j', 'v', 'w', 'd', 'e', 'v', '.', 'n', 'l', '\0',
+  /* "jwatt.org", true */ 'j', 'w', 'a', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "jwe.nl", true */ 'j', 'w', 'e', '.', 'n', 'l', '\0',
+  /* "jwilsson.com", true */ 'j', 'w', 'i', 'l', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jwjwjw.com", true */ 'j', 'w', 'j', 'w', 'j', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "jwnotifier.org", true */ 'j', 'w', 'n', 'o', 't', 'i', 'f', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "jwolt-lx.com", true */ 'j', 'w', 'o', 'l', 't', '-', 'l', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jwschuepfheim.ch", true */ 'j', 'w', 's', 'c', 'h', 'u', 'e', 'p', 'f', 'h', 'e', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "jxir.de", true */ 'j', 'x', 'i', 'r', '.', 'd', 'e', '\0',
+  /* "jyggen.com", true */ 'j', 'y', 'g', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jyoti-fairworks.org", true */ 'j', 'y', 'o', 't', 'i', '-', 'f', 'a', 'i', 'r', 'w', 'o', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "jzbk.org", true */ 'j', 'z', 'b', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "k-homes.net", true */ 'k', '-', 'h', 'o', 'm', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "k-netz.de", true */ 'k', '-', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "k-pan.com", true */ 'k', '-', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "k-pture.com", true */ 'k', '-', 'p', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "k-scr.me", true */ 'k', '-', 's', 'c', 'r', '.', 'm', 'e', '\0',
+  /* "k-tube.com", true */ 'k', '-', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "k258059.net", true */ 'k', '2', '5', '8', '0', '5', '9', '.', 'n', 'e', 't', '\0',
+  /* "k2mts.org", true */ 'k', '2', 'm', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "k82.org", true */ 'k', '8', '2', '.', 'o', 'r', 'g', '\0',
+  /* "k8r.eu", true */ 'k', '8', 'r', '.', 'e', 'u', '\0',
+  /* "k9swx.com", true */ 'k', '9', 's', 'w', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "kaamoscreations.com", true */ 'k', 'a', 'a', 'm', 'o', 's', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaanduman.com", true */ 'k', 'a', 'a', 'n', 'd', 'u', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kaangenc.me", true */ 'k', 'a', 'a', 'n', 'g', 'e', 'n', 'c', '.', 'm', 'e', '\0',
+  /* "kaatha-kamrater.se", true */ 'k', 'a', 'a', 't', 'h', 'a', '-', 'k', 'a', 'm', 'r', 'a', 't', 'e', 'r', '.', 's', 'e', '\0',
+  /* "kab-s.de", true */ 'k', 'a', 'b', '-', 's', '.', 'd', 'e', '\0',
+  /* "kabashop.com.br", true */ 'k', 'a', 'b', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "kabat-fans.cz", false */ 'k', 'a', 'b', 'a', 't', '-', 'f', 'a', 'n', 's', '.', 'c', 'z', '\0',
+  /* "kabeltv.co.nz", true */ 'k', 'a', 'b', 'e', 'l', 't', 'v', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "kabeuchi.com", true */ 'k', 'a', 'b', 'e', 'u', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kaboom.pw", true */ 'k', 'a', 'b', 'o', 'o', 'm', '.', 'p', 'w', '\0',
+  /* "kabu-abc.com", true */ 'k', 'a', 'b', 'u', '-', 'a', 'b', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kabus.org", true */ 'k', 'a', 'b', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kachlikova2.cz", true */ 'k', 'a', 'c', 'h', 'l', 'i', 'k', 'o', 'v', 'a', '2', '.', 'c', 'z', '\0',
+  /* "kack.website", true */ 'k', 'a', 'c', 'k', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "kadhambam.in", true */ 'k', 'a', 'd', 'h', 'a', 'm', 'b', 'a', 'm', '.', 'i', 'n', '\0',
+  /* "kadmec.com", true */ 'k', 'a', 'd', 'm', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kaffeekrone.de", true */ 'k', 'a', 'f', 'f', 'e', 'e', 'k', 'r', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "kafoom.de", true */ 'k', 'a', 'f', 'o', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "kaheim.de", false */ 'k', 'a', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "kai-ratzeburg.de", true */ 'k', 'a', 'i', '-', 'r', 'a', 't', 'z', 'e', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "kaigojj.com", true */ 'k', 'a', 'i', 'g', 'o', 'j', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "kaika-hms.de", true */ 'k', 'a', 'i', 'k', 'a', '-', 'h', 'm', 's', '.', 'd', 'e', '\0',
+  /* "kaileymslusser.com", true */ 'k', 'a', 'i', 'l', 'e', 'y', 'm', 's', 'l', 'u', 's', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kainetsoft.com", true */ 'k', 'a', 'i', 'n', 'e', 't', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kainz.bayern", true */ 'k', 'a', 'i', 'n', 'z', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "kainz.be", true */ 'k', 'a', 'i', 'n', 'z', '.', 'b', 'e', '\0',
+  /* "kairion.de", true */ 'k', 'a', 'i', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "kaisakura.net", true */ 'k', 'a', 'i', 's', 'a', 'k', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kaisev.net", true */ 'k', 'a', 'i', 's', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "kaiusaltd.com", true */ 'k', 'a', 'i', 'u', 's', 'a', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kaizenreporting.com", true */ 'k', 'a', 'i', 'z', 'e', 'n', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kaizeronion.com", true */ 'k', 'a', 'i', 'z', 'e', 'r', 'o', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kajak.land", true */ 'k', 'a', 'j', 'a', 'k', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "kajlovo.cz", true */ 'k', 'a', 'j', 'l', 'o', 'v', 'o', '.', 'c', 'z', '\0',
+  /* "kaka.farm", true */ 'k', 'a', 'k', 'a', '.', 'f', 'a', 'r', 'm', '\0',
+  /* "kakao-karten.de", true */ 'k', 'a', 'k', 'a', 'o', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kakaomilchkuh.de", true */ 'k', 'a', 'k', 'a', 'o', 'm', 'i', 'l', 'c', 'h', 'k', 'u', 'h', '.', 'd', 'e', '\0',
+  /* "kakaravaara.fi", true */ 'k', 'a', 'k', 'a', 'r', 'a', 'v', 'a', 'a', 'r', 'a', '.', 'f', 'i', '\0',
+  /* "kakie-gobocha.jp", true */ 'k', 'a', 'k', 'i', 'e', '-', 'g', 'o', 'b', 'o', 'c', 'h', 'a', '.', 'j', 'p', '\0',
+  /* "kakie-kolesa.ru", true */ 'k', 'a', 'k', 'i', 'e', '-', 'k', 'o', 'l', 'e', 's', 'a', '.', 'r', 'u', '\0',
+  /* "kakolightingmuseum.or.jp", true */ 'k', 'a', 'k', 'o', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', '.', 'j', 'p', '\0',
+  /* "kakoo-media.nl", true */ 'k', 'a', 'k', 'o', 'o', '-', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "kakoo.nl", true */ 'k', 'a', 'k', 'o', 'o', '.', 'n', 'l', '\0',
+  /* "kakoomedia.nl", true */ 'k', 'a', 'k', 'o', 'o', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "kalastus.com", true */ 'k', 'a', 'l', 'a', 's', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaleidoscope.co.uk", true */ 'k', 'a', 'l', 'e', 'i', 'd', 'o', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kalender.com", true */ 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kalender.goip.de", true */ 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "kalevlamps.co.uk", true */ 'k', 'a', 'l', 'e', 'v', 'l', 'a', 'm', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kaliaa.fi", true */ 'k', 'a', 'l', 'i', 'a', 'a', '.', 'f', 'i', '\0',
+  /* "kalian.cz", true */ 'k', 'a', 'l', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "kalifornien-tourismus.de", true */ 'k', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'e', 'n', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'u', 's', '.', 'd', 'e', '\0',
+  /* "kall.is", true */ 'k', 'a', 'l', 'l', '.', 'i', 's', '\0',
+  /* "kallies-net.de", true */ 'k', 'a', 'l', 'l', 'i', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "kalmar.com", true */ 'k', 'a', 'l', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kalsbouncies.com", true */ 'k', 'a', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaltenbrunner.it", true */ 'k', 'a', 'l', 't', 'e', 'n', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'i', 't', '\0',
+  /* "kalterersee.ch", true */ 'k', 'a', 'l', 't', 'e', 'r', 'e', 'r', 's', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "kamalame.co", true */ 'k', 'a', 'm', 'a', 'l', 'a', 'm', 'e', '.', 'c', 'o', '\0',
+  /* "kamikaichimaru.com", true */ 'k', 'a', 'm', 'i', 'k', 'a', 'i', 'c', 'h', 'i', 'm', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kamikatse.net", true */ 'k', 'a', 'm', 'i', 'k', 'a', 't', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kamixa.se", true */ 'k', 'a', 'm', 'i', 'x', 'a', '.', 's', 'e', '\0',
+  /* "kana.me", true */ 'k', 'a', 'n', 'a', '.', 'm', 'e', '\0',
+  /* "kanaete-uranai.com", true */ 'k', 'a', 'n', 'a', 'e', 't', 'e', '-', 'u', 'r', 'a', 'n', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kanagawachuo-hospital.jp", true */ 'k', 'a', 'n', 'a', 'g', 'a', 'w', 'a', 'c', 'h', 'u', 'o', '-', 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', '.', 'j', 'p', '\0',
+  /* "kanal-schaefer.de", true */ 'k', 'a', 'n', 'a', 'l', '-', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "kanal-tv-haensch.de", true */ 'k', 'a', 'n', 'a', 'l', '-', 't', 'v', '-', 'h', 'a', 'e', 'n', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kanar.nl", true */ 'k', 'a', 'n', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "kancolle.me", true */ 'k', 'a', 'n', 'c', 'o', 'l', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "kandalife.com", true */ 'k', 'a', 'n', 'd', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kandec.co.jp", true */ 'k', 'a', 'n', 'd', 'e', 'c', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "kanecastles.com", true */ 'k', 'a', 'n', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kanehusky.com", true */ 'k', 'a', 'n', 'e', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kangaroo-bouncycastle.co.uk", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kangarooislandholidayaccommodation.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'i', 's', 'l', 'a', 'n', 'd', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 'a', 'c', 'c', 'o', 'm', 'm', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangaroojacks.co.uk", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'j', 'a', 'c', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kangaroos.org", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kangaroovalleykayaks.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'k', 'a', 'y', 'a', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangaroovalleymuseum.com", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'm', 'u', 's', 'e', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "kangaroovalleyolives.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'o', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangaroovalleyshow.org.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 's', 'h', 'o', 'w', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "kangaroovalleywoodcrafts.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'w', 'o', 'o', 'd', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangkai.me", true */ 'k', 'a', 'n', 'g', 'k', 'a', 'i', '.', 'm', 'e', '\0',
+  /* "kangooroule.fr", true */ 'k', 'a', 'n', 'g', 'o', 'o', 'r', 'o', 'u', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "kanis.ag", true */ 'k', 'a', 'n', 'i', 's', '.', 'a', 'g', '\0',
+  /* "kankimaru.com", true */ 'k', 'a', 'n', 'k', 'i', 'm', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kanmitao.com", true */ 'k', 'a', 'n', 'm', 'i', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kanna.cf", true */ 'k', 'a', 'n', 'n', 'a', '.', 'c', 'f', '\0',
+  /* "kannchen.de", true */ 'k', 'a', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kanotijd.nl", true */ 'k', 'a', 'n', 'o', 't', 'i', 'j', 'd', '.', 'n', 'l', '\0',
+  /* "kansaiyamamoto.jp", true */ 'k', 'a', 'n', 's', 'a', 'i', 'y', 'a', 'm', 'a', 'm', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "kantankye.nl", true */ 'k', 'a', 'n', 't', 'a', 'n', 'k', 'y', 'e', '.', 'n', 'l', '\0',
+  /* "kantanmt.com", true */ 'k', 'a', 'n', 't', 'a', 'n', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kantorad.io", true */ 'k', 'a', 'n', 't', 'o', 'r', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "kantorkita.net", true */ 'k', 'a', 'n', 't', 'o', 'r', 'k', 'i', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kantorosobisty.pl", true */ 'k', 'a', 'n', 't', 'o', 'r', 'o', 's', 'o', 'b', 'i', 's', 't', 'y', '.', 'p', 'l', '\0',
+  /* "kanuvu.de", true */ 'k', 'a', 'n', 'u', 'v', 'u', '.', 'd', 'e', '\0',
+  /* "kanzashi.com", true */ 'k', 'a', 'n', 'z', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kanzlei-sixt.de", true */ 'k', 'a', 'n', 'z', 'l', 'e', 'i', '-', 's', 'i', 'x', 't', '.', 'd', 'e', '\0',
+  /* "kanzshop.com", true */ 'k', 'a', 'n', 'z', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kaomojis.net", true */ 'k', 'a', 'o', 'm', 'o', 'j', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "kap-genial.de", true */ 'k', 'a', 'p', '-', 'g', 'e', 'n', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "kapiorr.duckdns.org", true */ 'k', 'a', 'p', 'i', 'o', 'r', 'r', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kappit.dk", true */ 'k', 'a', 'p', 'p', 'i', 't', '.', 'd', 'k', '\0',
+  /* "kapseli.net", true */ 'k', 'a', 'p', 's', 'e', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "kaptadata.com", true */ 'k', 'a', 'p', 't', 'a', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kaptamedia.com", true */ 'k', 'a', 'p', 't', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kara-fabian.com", true */ 'k', 'a', 'r', 'a', '-', 'f', 'a', 'b', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "karabas.com", true */ 'k', 'a', 'r', 'a', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "karabijnhaken.nl", false */ 'k', 'a', 'r', 'a', 'b', 'i', 'j', 'n', 'h', 'a', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "karachi.dating", true */ 'k', 'a', 'r', 'a', 'c', 'h', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "karamomo.net", true */ 'k', 'a', 'r', 'a', 'm', 'o', 'm', 'o', '.', 'n', 'e', 't', '\0',
+  /* "karanjthakkar.com", true */ 'k', 'a', 'r', 'a', 'n', 'j', 't', 'h', 'a', 'k', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "karasik.by", true */ 'k', 'a', 'r', 'a', 's', 'i', 'k', '.', 'b', 'y', '\0',
+  /* "karateka.org", true */ 'k', 'a', 'r', 'a', 't', 'e', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "karateka.ru", true */ 'k', 'a', 'r', 'a', 't', 'e', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "karatorian.org", true */ 'k', 'a', 'r', 'a', 't', 'o', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kardize24.pl", true */ 'k', 'a', 'r', 'd', 'i', 'z', 'e', '2', '4', '.', 'p', 'l', '\0',
+  /* "karguine.in", true */ 'k', 'a', 'r', 'g', 'u', 'i', 'n', 'e', '.', 'i', 'n', '\0',
+  /* "karhm.com", true */ 'k', 'a', 'r', 'h', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "karhukamera.com", true */ 'k', 'a', 'r', 'h', 'u', 'k', 'a', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "karina.gd", true */ 'k', 'a', 'r', 'i', 'n', 'a', '.', 'g', 'd', '\0',
+  /* "karit.nz", true */ 'k', 'a', 'r', 'i', 't', '.', 'n', 'z', '\0',
+  /* "karjala-ski.ru", true */ 'k', 'a', 'r', 'j', 'a', 'l', 'a', '-', 's', 'k', 'i', '.', 'r', 'u', '\0',
+  /* "karlbowden.com", true */ 'k', 'a', 'r', 'l', 'b', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "karlis-kavacis.id.lv", true */ 'k', 'a', 'r', 'l', 'i', 's', '-', 'k', 'a', 'v', 'a', 'c', 'i', 's', '.', 'i', 'd', '.', 'l', 'v', '\0',
+  /* "karlsmithmn.org", true */ 'k', 'a', 'r', 'l', 's', 'm', 'i', 't', 'h', 'm', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "karlstabo.se", true */ 'k', 'a', 'r', 'l', 's', 't', 'a', 'b', 'o', '.', 's', 'e', '\0',
+  /* "karlzotter.com", true */ 'k', 'a', 'r', 'l', 'z', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "karmaassurance.ca", true */ 'k', 'a', 'r', 'm', 'a', 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'a', '\0',
+  /* "karmabaker.com", true */ 'k', 'a', 'r', 'm', 'a', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "karmaflux.com", true */ 'k', 'a', 'r', 'm', 'a', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "karmainsurance.ca", true */ 'k', 'a', 'r', 'm', 'a', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'a', '\0',
+  /* "karmaplatform.com", true */ 'k', 'a', 'r', 'm', 'a', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "karmaspa.se", true */ 'k', 'a', 'r', 'm', 'a', 's', 'p', 'a', '.', 's', 'e', '\0',
+  /* "karmic.com", true */ 'k', 'a', 'r', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "karn.nu", true */ 'k', 'a', 'r', 'n', '.', 'n', 'u', '\0',
+  /* "karneid.info", true */ 'k', 'a', 'r', 'n', 'e', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "karpanhellas.com", false */ 'k', 'a', 'r', 'p', 'a', 'n', 'h', 'e', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kartacha.com", true */ 'k', 'a', 'r', 't', 'a', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kartec.com", true */ 'k', 'a', 'r', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kartonmodellbau.org", true */ 'k', 'a', 'r', 't', 'o', 'n', 'm', 'o', 'd', 'e', 'l', 'l', 'b', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kasadara.com", true */ 'k', 'a', 's', 'a', 'd', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kasei.im", true */ 'k', 'a', 's', 'e', 'i', '.', 'i', 'm', '\0',
+  /* "kashis.com.au", true */ 'k', 'a', 's', 'h', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kashmirobserver.net", true */ 'k', 'a', 's', 'h', 'm', 'i', 'r', 'o', 'b', 's', 'e', 'r', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "kasilag.me", false */ 'k', 'a', 's', 'i', 'l', 'a', 'g', '.', 'm', 'e', '\0',
+  /* "kasko.io", true */ 'k', 'a', 's', 'k', 'o', '.', 'i', 'o', '\0',
+  /* "kasnoffskinclinic.com", true */ 'k', 'a', 's', 'n', 'o', 'f', 'f', 's', 'k', 'i', 'n', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kassa.at", true */ 'k', 'a', 's', 's', 'a', '.', 'a', 't', '\0',
+  /* "kastankaoffice.cz", true */ 'k', 'a', 's', 't', 'a', 'n', 'k', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "kastelruth.biz", true */ 'k', 'a', 's', 't', 'e', 'l', 'r', 'u', 't', 'h', '.', 'b', 'i', 'z', '\0',
+  /* "kat.al", true */ 'k', 'a', 't', '.', 'a', 'l', '\0',
+  /* "katalogbutikker.dk", true */ 'k', 'a', 't', 'a', 'l', 'o', 'g', 'b', 'u', 't', 'i', 'k', 'k', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "katata-kango.ac.jp", true */ 'k', 'a', 't', 'a', 't', 'a', '-', 'k', 'a', 'n', 'g', 'o', '.', 'a', 'c', '.', 'j', 'p', '\0',
+  /* "katedra.de", true */ 'k', 'a', 't', 'e', 'd', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "kateduggan.net", true */ 'k', 'a', 't', 'e', 'd', 'u', 'g', 'g', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kateenzenauer.com", true */ 'k', 'a', 't', 'e', 'e', 'n', 'z', 'e', 'n', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "katekligys.com", true */ 'k', 'a', 't', 'e', 'k', 'l', 'i', 'g', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "katemarsh.com", true */ 'k', 'a', 't', 'e', 'm', 'a', 'r', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "katericke.com", true */ 'k', 'a', 't', 'e', 'r', 'i', 'c', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kathardt.de", true */ 'k', 'a', 't', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0',
+  /* "kathegiraldo.com", true */ 'k', 'a', 't', 'h', 'e', 'g', 'i', 'r', 'a', 'l', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kati-raumplaner.de", true */ 'k', 'a', 't', 'i', '-', 'r', 'a', 'u', 'm', 'p', 'l', 'a', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "katiechai.xyz", true */ 'k', 'a', 't', 'i', 'e', 'c', 'h', 'a', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "katieskandy.co.uk", true */ 'k', 'a', 't', 'i', 'e', 's', 'k', 'a', 'n', 'd', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "katieskastles.co.uk", true */ 'k', 'a', 't', 'i', 'e', 's', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "katja-nikolic-design.de", true */ 'k', 'a', 't', 'j', 'a', '-', 'n', 'i', 'k', 'o', 'l', 'i', 'c', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "katka.info", true */ 'k', 'a', 't', 'k', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "katnunn.co.uk", true */ 'k', 'a', 't', 'n', 'u', 'n', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kato-yane.com", true */ 'k', 'a', 't', 'o', '-', 'y', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "katscastles.co.uk", true */ 'k', 'a', 't', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kattelans.eu", true */ 'k', 'a', 't', 't', 'e', 'l', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "kattenfun.be", true */ 'k', 'a', 't', 't', 'e', 'n', 'f', 'u', 'n', '.', 'b', 'e', '\0',
+  /* "kattenfun.nl", true */ 'k', 'a', 't', 't', 'e', 'n', 'f', 'u', 'n', '.', 'n', 'l', '\0',
+  /* "katyl.info", false */ 'k', 'a', 't', 'y', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "katzspeech.com", true */ 'k', 'a', 't', 'z', 's', 'p', 'e', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "kau-boys.com", true */ 'k', 'a', 'u', '-', 'b', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kau-boys.de", true */ 'k', 'a', 'u', '-', 'b', 'o', 'y', 's', '.', 'd', 'e', '\0',
+  /* "kaufberatung.community", true */ 'k', 'a', 'u', 'f', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "kauperwood.ovh", true */ 'k', 'a', 'u', 'p', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "kausta.me", true */ 'k', 'a', 'u', 's', 't', 'a', '.', 'm', 'e', '\0',
+  /* "kavik.no", true */ 'k', 'a', 'v', 'i', 'k', '.', 'n', 'o', '\0',
+  /* "kavovary-kava.cz", true */ 'k', 'a', 'v', 'o', 'v', 'a', 'r', 'y', '-', 'k', 'a', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "kawaiii.link", true */ 'k', 'a', 'w', 'a', 'i', 'i', 'i', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "kaweus.de", true */ 'k', 'a', 'w', 'e', 'u', 's', '.', 'd', 'e', '\0',
+  /* "kayakabovegroundswimmingpools.com", true */ 'k', 'a', 'y', 'a', 'k', 'a', 'b', 'o', 'v', 'e', 'g', 'r', 'o', 'u', 'n', 'd', 's', 'w', 'i', 'm', 'm', 'i', 'n', 'g', 'p', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaydan.io", true */ 'k', 'a', 'y', 'd', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "kayipmurekkep.com", true */ 'k', 'a', 'y', 'i', 'p', 'm', 'u', 'r', 'e', 'k', 'k', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kayleen.net", true */ 'k', 'a', 'y', 'l', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kaylyn.ink", false */ 'k', 'a', 'y', 'l', 'y', 'n', '.', 'i', 'n', 'k', '\0',
+  /* "kayon.cf", true */ 'k', 'a', 'y', 'o', 'n', '.', 'c', 'f', '\0',
+  /* "kayscs.com", true */ 'k', 'a', 'y', 's', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaysis.gov.tr", true */ 'k', 'a', 'y', 's', 'i', 's', '.', 'g', 'o', 'v', '.', 't', 'r', '\0',
+  /* "kazamasion.com", true */ 'k', 'a', 'z', 'a', 'm', 'a', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kazandaemon.ru", true */ 'k', 'a', 'z', 'a', 'n', 'd', 'a', 'e', 'm', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "kazenojiyu.fr", true */ 'k', 'a', 'z', 'e', 'n', 'o', 'j', 'i', 'y', 'u', '.', 'f', 'r', '\0',
+  /* "kazu.click", true */ 'k', 'a', 'z', 'u', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "kazuhirohigashi.com", true */ 'k', 'a', 'z', 'u', 'h', 'i', 'r', 'o', 'h', 'i', 'g', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kazumi.ro", true */ 'k', 'a', 'z', 'u', 'm', 'i', '.', 'r', 'o', '\0',
+  /* "kazy111.info", true */ 'k', 'a', 'z', 'y', '1', '1', '1', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "kb3.net", true */ 'k', 'b', '3', '.', 'n', 'e', 't', '\0',
+  /* "kba-online.de", true */ 'k', 'b', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "kbb-ev.de", true */ 'k', 'b', 'b', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "kbbouncycastlehire.co.uk", true */ 'k', 'b', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kbcequitas.hu", true */ 'k', 'b', 'c', 'e', 'q', 'u', 'i', 't', 'a', 's', '.', 'h', 'u', '\0',
+  /* "kbfl.org", true */ 'k', 'b', 'f', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "kbit.dk", true */ 'k', 'b', 'i', 't', '.', 'd', 'k', '\0',
+  /* "kbjorklu.com", true */ 'k', 'b', 'j', 'o', 'r', 'k', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kbleventhire.co.uk", true */ 'k', 'b', 'l', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kc-holzfaeller.de", true */ 'k', 'c', '-', 'h', 'o', 'l', 'z', 'f', 'a', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "kc5mpk.com", true */ 'k', 'c', '5', 'm', 'p', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kcolford.com", true */ 'k', 'c', 'o', 'l', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kcore.org", true */ 'k', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "kcptun.com", true */ 'k', 'c', 'p', 't', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kcsordparticipation.org", true */ 'k', 'c', 's', 'o', 'r', 'd', 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kd.net.nz", true */ 'k', 'd', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "kdex.de", true */ 'k', 'd', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "kdw.cloud", true */ 'k', 'd', 'w', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "kdyby.org", true */ 'k', 'd', 'y', 'b', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ke7tlf.us", true */ 'k', 'e', '7', 't', 'l', 'f', '.', 'u', 's', '\0',
+  /* "keakon.net", true */ 'k', 'e', 'a', 'k', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "keaneokelley.com", true */ 'k', 'e', 'a', 'n', 'e', 'o', 'k', 'e', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kearney.io", true */ 'k', 'e', 'a', 'r', 'n', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "keartanddesign.com", true */ 'k', 'e', 'a', 'r', 't', 'a', 'n', 'd', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "keaysmillwork.com", true */ 'k', 'e', 'a', 'y', 's', 'm', 'i', 'l', 'l', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "keb.com.au", true */ 'k', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "keb.net.au", true */ 'k', 'e', 'b', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "kedarastudios.com", true */ 'k', 'e', 'd', 'a', 'r', 'a', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kedibizworx.com", true */ 'k', 'e', 'd', 'i', 'b', 'i', 'z', 'w', 'o', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "keechain.io", true */ 'k', 'e', 'e', 'c', 'h', 'a', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "keeleysam.com", true */ 'k', 'e', 'e', 'l', 'e', 'y', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "keepa.com", true */ 'k', 'e', 'e', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "keeperapp.com", true */ 'k', 'e', 'e', 'p', 'e', 'r', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "keeperklan.com", false */ 'k', 'e', 'e', 'p', 'e', 'r', 'k', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "keepersecurity.com", true */ 'k', 'e', 'e', 'p', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "keepiteasy.eu", true */ 'k', 'e', 'e', 'p', 'i', 't', 'e', 'a', 's', 'y', '.', 'e', 'u', '\0',
+  /* "keeweb.info", true */ 'k', 'e', 'e', 'w', 'e', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "keezin.ga", true */ 'k', 'e', 'e', 'z', 'i', 'n', '.', 'g', 'a', '\0',
+  /* "keganthorrez.com", true */ 'k', 'e', 'g', 'a', 'n', 't', 'h', 'o', 'r', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "kehlenbach.net", true */ 'k', 'e', 'h', 'l', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "keifel.de", true */ 'k', 'e', 'i', 'f', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kein-design.de", true */ 'k', 'e', 'i', 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "kein-fidget-spinner-werden.de", true */ 'k', 'e', 'i', 'n', '-', 'f', 'i', 'd', 'g', 'e', 't', '-', 's', 'p', 'i', 'n', 'n', 'e', 'r', '-', 'w', 'e', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "keinanung.nl", true */ 'k', 'e', 'i', 'n', 'a', 'n', 'u', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "keinefilterblase.de", true */ 'k', 'e', 'i', 'n', 'e', 'f', 'i', 'l', 't', 'e', 'r', 'b', 'l', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "keisaku.org", true */ 'k', 'e', 'i', 's', 'a', 'k', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "keishiando.com", true */ 'k', 'e', 'i', 's', 'h', 'i', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "keithws.net", true */ 'k', 'e', 'i', 't', 'h', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "keke-shop.ch", true */ 'k', 'e', 'k', 'e', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "kekku.li", true */ 'k', 'e', 'k', 'k', 'u', '.', 'l', 'i', '\0',
+  /* "keksi.io", true */ 'k', 'e', 'k', 's', 'i', '.', 'i', 'o', '\0',
+  /* "kekz.org", true */ 'k', 'e', 'k', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "kela.jp", true */ 'k', 'e', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "keldan.fo", true */ 'k', 'e', 'l', 'd', 'a', 'n', '.', 'f', 'o', '\0',
+  /* "kelgtermans-usedcars.be", true */ 'k', 'e', 'l', 'g', 't', 'e', 'r', 'm', 'a', 'n', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "kellyandantony.com", true */ 'k', 'e', 'l', 'l', 'y', 'a', 'n', 'd', 'a', 'n', 't', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kellygrenard.com", true */ 'k', 'e', 'l', 'l', 'y', 'g', 'r', 'e', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kellyskastles.co.uk", true */ 'k', 'e', 'l', 'l', 'y', 's', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kelmarsafety.com", true */ 'k', 'e', 'l', 'm', 'a', 'r', 's', 'a', 'f', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kempkens.io", true */ 'k', 'e', 'm', 'p', 'k', 'e', 'n', 's', '.', 'i', 'o', '\0',
+  /* "kemptown.co.uk", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kemptown.com", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kemptown.net", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ken-electric.com.br", true */ 'k', 'e', 'n', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ken.fm", true */ 'k', 'e', 'n', '.', 'f', 'm', '\0',
+  /* "kenalsworld.com", true */ 'k', 'e', 'n', 'a', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kenderbeton-magyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'b', 'e', 't', 'o', 'n', '-', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kenderbetonmagyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'b', 'e', 't', 'o', 'n', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kenderhaz-magyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'h', 'a', 'z', '-', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kenderhazmagyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'h', 'a', 'z', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kendra.io", true */ 'k', 'e', 'n', 'd', 'r', 'a', '.', 'i', 'o', '\0',
+  /* "kendu.si", true */ 'k', 'e', 'n', 'd', 'u', '.', 's', 'i', '\0',
+  /* "kengilmour.com", true */ 'k', 'e', 'n', 'g', 'i', 'l', 'm', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kenguntokku.jp", true */ 'k', 'e', 'n', 'g', 'u', 'n', 't', 'o', 'k', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "kennedy.ie", true */ 'k', 'e', 'n', 'n', 'e', 'd', 'y', '.', 'i', 'e', '\0',
+  /* "kenners.org", true */ 'k', 'e', 'n', 'n', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kennethaasan.no", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'a', 'a', 's', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "kennethferguson.com", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'f', 'e', 'r', 'g', 'u', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kennethlim.me", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'l', 'i', 'm', '.', 'm', 'e', '\0',
+  /* "kenneths.org", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kenny-peck.com", true */ 'k', 'e', 'n', 'n', 'y', '-', 'p', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "keno.im", true */ 'k', 'e', 'n', 'o', '.', 'i', 'm', '\0',
+  /* "kenoschwalb.com", true */ 'k', 'e', 'n', 'o', 's', 'c', 'h', 'w', 'a', 'l', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "kenrogers.co", false */ 'k', 'e', 'n', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '\0',
+  /* "kens.pics", true */ 'k', 'e', 'n', 's', '.', 'p', 'i', 'c', 's', '\0',
+  /* "kensbouncycastles.co.uk", true */ 'k', 'e', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kentec.net", true */ 'k', 'e', 'n', 't', 'e', 'c', '.', 'n', 'e', 't', '\0',
+  /* "kenterlis.gr", true */ 'k', 'e', 'n', 't', 'e', 'r', 'l', 'i', 's', '.', 'g', 'r', '\0',
+  /* "keops-spine.fr", true */ 'k', 'e', 'o', 'p', 's', '-', 's', 'p', 'i', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "keops-spine.us", true */ 'k', 'e', 'o', 'p', 's', '-', 's', 'p', 'i', 'n', 'e', '.', 'u', 's', '\0',
+  /* "kepler-seminar.de", true */ 'k', 'e', 'p', 'l', 'e', 'r', '-', 's', 'e', 'm', 'i', 'n', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "kerebro.com", true */ 'k', 'e', 'r', 'e', 'b', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kerem.xyz", true */ 'k', 'e', 'r', 'e', 'm', '.', 'x', 'y', 'z', '\0',
+  /* "kerforhome.com", true */ 'k', 'e', 'r', 'f', 'o', 'r', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kerijacoby.com", true */ 'k', 'e', 'r', 'i', 'j', 'a', 'c', 'o', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kermadec.com", true */ 'k', 'e', 'r', 'm', 'a', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kernel-error.de", true */ 'k', 'e', 'r', 'n', 'e', 'l', '-', 'e', 'r', 'r', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "kernelpanics.nl", true */ 'k', 'e', 'r', 'n', 'e', 'l', 'p', 'a', 'n', 'i', 'c', 's', '.', 'n', 'l', '\0',
+  /* "kerrfrequencycombs.org", true */ 'k', 'e', 'r', 'r', 'f', 'r', 'e', 'q', 'u', 'e', 'n', 'c', 'y', 'c', 'o', 'm', 'b', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kerstkaart.nl", true */ 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "kerus.net", true */ 'k', 'e', 'r', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "keshausconsulting.com", true */ 'k', 'e', 's', 'h', 'a', 'u', 's', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kessel-runners.com", true */ 'k', 'e', 's', 's', 'e', 'l', '-', 'r', 'u', 'n', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kesslerwine.com", true */ 'k', 'e', 's', 's', 'l', 'e', 'r', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kesteren.com", true */ 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kesteren.org", true */ 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ketamine.co.uk", true */ 'k', 'e', 't', 'a', 'm', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ketosecology.co.uk", true */ 'k', 'e', 't', 'o', 's', 'e', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kettner.com", true */ 'k', 'e', 't', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ketty-voyance.com", true */ 'k', 'e', 't', 't', 'y', '-', 'v', 'o', 'y', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kevinapease.com", true */ 'k', 'e', 'v', 'i', 'n', 'a', 'p', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kevinbusse.de", true */ 'k', 'e', 'v', 'i', 'n', 'b', 'u', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "kevincox.ca", false */ 'k', 'e', 'v', 'i', 'n', 'c', 'o', 'x', '.', 'c', 'a', '\0',
+  /* "kevinfoley.cc", true */ 'k', 'e', 'v', 'i', 'n', 'f', 'o', 'l', 'e', 'y', '.', 'c', 'c', '\0',
+  /* "kevinfoley.org", true */ 'k', 'e', 'v', 'i', 'n', 'f', 'o', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "kevinhill.nl", true */ 'k', 'e', 'v', 'i', 'n', 'h', 'i', 'l', 'l', '.', 'n', 'l', '\0',
+  /* "kevinkla.es", true */ 'k', 'e', 'v', 'i', 'n', 'k', 'l', 'a', '.', 'e', 's', '\0',
+  /* "kevinlocke.name", true */ 'k', 'e', 'v', 'i', 'n', 'l', 'o', 'c', 'k', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "kevinmeijer.nl", true */ 'k', 'e', 'v', 'i', 'n', 'm', 'e', 'i', 'j', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "kevinmorssink.nl", true */ 'k', 'e', 'v', 'i', 'n', 'm', 'o', 'r', 's', 's', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "kevinpirnie.com", true */ 'k', 'e', 'v', 'i', 'n', 'p', 'i', 'r', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kevinratcliff.com", true */ 'k', 'e', 'v', 'i', 'n', 'r', 'a', 't', 'c', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "kevinroebert.de", true */ 'k', 'e', 'v', 'i', 'n', 'r', 'o', 'e', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "kevlar.pw", true */ 'k', 'e', 'v', 'l', 'a', 'r', '.', 'p', 'w', '\0',
+  /* "kevyn.lu", true */ 'k', 'e', 'v', 'y', 'n', '.', 'l', 'u', '\0',
+  /* "kewego.co.uk", true */ 'k', 'e', 'w', 'e', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "keybase.io", true */ 'k', 'e', 'y', 'b', 'a', 's', 'e', '.', 'i', 'o', '\0',
+  /* "keybored.me", true */ 'k', 'e', 'y', 'b', 'o', 'r', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "keycdn.com", true */ 'k', 'e', 'y', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "keycenter.com.br", true */ 'k', 'e', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "keycontainers.co.za", true */ 'k', 'e', 'y', 'c', 'o', 'n', 't', 'a', 'i', 'n', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "keyerror.com", true */ 'k', 'e', 'y', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "keyholdingservices.co.uk", true */ 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "keyihao.cn", true */ 'k', 'e', 'y', 'i', 'h', 'a', 'o', '.', 'c', 'n', '\0',
+  /* "keyinfo.io", true */ 'k', 'e', 'y', 'i', 'n', 'f', 'o', '.', 'i', 'o', '\0',
+  /* "keypersonins.com", true */ 'k', 'e', 'y', 'p', 'e', 'r', 's', 'o', 'n', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "keys.fedoraproject.org", true */ 'k', 'e', 'y', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "keystoneok.com", true */ 'k', 'e', 'y', 's', 't', 'o', 'n', 'e', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "keysupport.org", true */ 'k', 'e', 'y', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "kf7joz.com", true */ 'k', 'f', '7', 'j', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "kfv-kiel.de", false */ 'k', 'f', 'v', '-', 'k', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kfz-hantschel.de", true */ 'k', 'f', 'z', '-', 'h', 'a', 'n', 't', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kgnk.ru", true */ 'k', 'g', 'n', 'k', '.', 'r', 'u', '\0',
+  /* "khanovaskola.cz", true */ 'k', 'h', 'a', 'n', 'o', 'v', 'a', 's', 'k', 'o', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "khas.co.uk", true */ 'k', 'h', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "khasiatmanfaat.com", true */ 'k', 'h', 'a', 's', 'i', 'a', 't', 'm', 'a', 'n', 'f', 'a', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kheshtar.pl", true */ 'k', 'h', 'e', 's', 'h', 't', 'a', 'r', '.', 'p', 'l', '\0',
+  /* "khetzal.info", true */ 'k', 'h', 'e', 't', 'z', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "khipu.com", true */ 'k', 'h', 'i', 'p', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "khlee.net", true */ 'k', 'h', 'l', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "khmath.com", true */ 'k', 'h', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "khmb.ru", true */ 'k', 'h', 'm', 'b', '.', 'r', 'u', '\0',
+  /* "khoury-dulla.ch", true */ 'k', 'h', 'o', 'u', 'r', 'y', '-', 'd', 'u', 'l', 'l', 'a', '.', 'c', 'h', '\0',
+  /* "khs1994.com", true */ 'k', 'h', 's', '1', '9', '9', '4', '.', 'c', 'o', 'm', '\0',
+  /* "kiadoapartman.hu", true */ 'k', 'i', 'a', 'd', 'o', 'a', 'p', 'a', 'r', 't', 'm', 'a', 'n', '.', 'h', 'u', '\0',
+  /* "kiahoriane.com", true */ 'k', 'i', 'a', 'h', 'o', 'r', 'i', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kiano.net", true */ 'k', 'i', 'a', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "kiapartscenter.net", true */ 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "kiapartsdepartment.com", true */ 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', 'd', 'e', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kiapps.ovh", true */ 'k', 'i', 'a', 'p', 'p', 's', '.', 'o', 'v', 'h', '\0',
+  /* "kibibit.net", true */ 'k', 'i', 'b', 'i', 'b', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "kibriscicek.net", true */ 'k', 'i', 'b', 'r', 'i', 's', 'c', 'i', 'c', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "kick-in.nl", true */ 'k', 'i', 'c', 'k', '-', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "kickasscanadians.ca", true */ 'k', 'i', 'c', 'k', 'a', 's', 's', 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 's', '.', 'c', 'a', '\0',
+  /* "kickedmycat.com", true */ 'k', 'i', 'c', 'k', 'e', 'd', 'm', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kickerplaza.nl", true */ 'k', 'i', 'c', 'k', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'n', 'l', '\0',
+  /* "kiddyboom.ua", true */ 'k', 'i', 'd', 'd', 'y', 'b', 'o', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "kids-at-home.ch", true */ 'k', 'i', 'd', 's', '-', 'a', 't', '-', 'h', 'o', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "kids-castles.com", true */ 'k', 'i', 'd', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kidsforsavingearth.org", true */ 'k', 'i', 'd', 's', 'f', 'o', 'r', 's', 'a', 'v', 'i', 'n', 'g', 'e', 'a', 'r', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "kidsinwoods-interfacesouth.org", true */ 'k', 'i', 'd', 's', 'i', 'n', 'w', 'o', 'o', 'd', 's', '-', 'i', 'n', 't', 'e', 'r', 'f', 'a', 'c', 'e', 's', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "kidsmark.net", true */ 'k', 'i', 'd', 's', 'm', 'a', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "kidsneversleep.com", true */ 'k', 'i', 'd', 's', 'n', 'e', 'v', 'e', 'r', 's', 'l', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kidsplay-plymouth.co.uk", true */ 'k', 'i', 'd', 's', 'p', 'l', 'a', 'y', '-', 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kidsplaybouncycastles.co.uk", true */ 'k', 'i', 'd', 's', 'p', 'l', 'a', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kidswallstickers.com.au", true */ 'k', 'i', 'd', 's', 'w', 'a', 'l', 'l', 's', 't', 'i', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kidtoyshop.ru", true */ 'k', 'i', 'd', 't', 'o', 'y', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0',
+  /* "kidzpartiesllp.co.uk", true */ 'k', 'i', 'd', 'z', 'p', 'a', 'r', 't', 'i', 'e', 's', 'l', 'l', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kidzsmile.co.uk", true */ 'k', 'i', 'd', 'z', 's', 'm', 'i', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kiebel.de", true */ 'k', 'i', 'e', 'b', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kiefer-networks.de", true */ 'k', 'i', 'e', 'f', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "kiehls.pt", true */ 'k', 'i', 'e', 'h', 'l', 's', '.', 'p', 't', '\0',
+  /* "kiekin.org", true */ 'k', 'i', 'e', 'k', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kiekko.pro", true */ 'k', 'i', 'e', 'k', 'k', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "kiel-kind.de", true */ 'k', 'i', 'e', 'l', '-', 'k', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "kielderweather.org.uk", true */ 'k', 'i', 'e', 'l', 'd', 'e', 'r', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "kienlen.org", true */ 'k', 'i', 'e', 'n', 'l', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kiesuwkerstkaart.nl", true */ 'k', 'i', 'e', 's', 'u', 'w', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "kiffmarks.com", true */ 'k', 'i', 'f', 'f', 'm', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kigmbh.com", true */ 'k', 'i', 'g', 'm', 'b', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "kikbb.com", true */ 'k', 'i', 'k', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "kiki-voice.jp", true */ 'k', 'i', 'k', 'i', '-', 'v', 'o', 'i', 'c', 'e', '.', 'j', 'p', '\0',
+  /* "kiku.pw", true */ 'k', 'i', 'k', 'u', '.', 'p', 'w', '\0',
+  /* "kikuzuki.org", true */ 'k', 'i', 'k', 'u', 'z', 'u', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "kilerd.me", true */ 'k', 'i', 'l', 'e', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "kilianvalkhof.com", true */ 'k', 'i', 'l', 'i', 'a', 'n', 'v', 'a', 'l', 'k', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "kill-paff.com", true */ 'k', 'i', 'l', 'l', '-', 'p', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "killaraapartments.com.au", true */ 'k', 'i', 'l', 'l', 'a', 'r', 'a', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "killerit.in", true */ 'k', 'i', 'l', 'l', 'e', 'r', 'i', 't', '.', 'i', 'n', '\0',
+  /* "killerrobots.com", true */ 'k', 'i', 'l', 'l', 'e', 'r', 'r', 'o', 'b', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "killymoonbouncycastles.com", true */ 'k', 'i', 'l', 'l', 'y', 'm', 'o', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kilobyte22.de", true */ 'k', 'i', 'l', 'o', 'b', 'y', 't', 'e', '2', '2', '.', 'd', 'e', '\0',
+  /* "kilogram.nl", true */ 'k', 'i', 'l', 'o', 'g', 'r', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "kilometertje.nl", true */ 'k', 'i', 'l', 'o', 'm', 'e', 't', 'e', 'r', 't', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "kimamass.com", true */ 'k', 'i', 'm', 'a', 'm', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kimiris.com", true */ 'k', 'i', 'm', 'i', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kimisia.net", true */ 'k', 'i', 'm', 'i', 's', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kimmel.com", true */ 'k', 'i', 'm', 'm', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kimmel.in", true */ 'k', 'i', 'm', 'm', 'e', 'l', '.', 'i', 'n', '\0',
+  /* "kimoota.net", false */ 'k', 'i', 'm', 'o', 'o', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kimotodental.com", true */ 'k', 'i', 'm', 'o', 't', 'o', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kimscrazeecastles.co.uk", true */ 'k', 'i', 'm', 's', 'c', 'r', 'a', 'z', 'e', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kimsufi-jordi.tk", true */ 'k', 'i', 'm', 's', 'u', 'f', 'i', '-', 'j', 'o', 'r', 'd', 'i', '.', 't', 'k', '\0',
+  /* "kin.pet", true */ 'k', 'i', 'n', '.', 'p', 'e', 't', '\0',
+  /* "kinderbasar-luhe.de", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'b', 'a', 's', 'a', 'r', '-', 'l', 'u', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "kinderbuecher-kostenlos.de", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'b', 'u', 'e', 'c', 'h', 'e', 'r', '-', 'k', 'o', 's', 't', 'e', 'n', 'l', 'o', 's', '.', 'd', 'e', '\0',
+  /* "kinderopvangengeltjes.nl", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'o', 'p', 'v', 'a', 'n', 'g', 'e', 'n', 'g', 'e', 'l', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "kindleworth.com", true */ 'k', 'i', 'n', 'd', 'l', 'e', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "kinepolis-studio.be", true */ 'k', 'i', 'n', 'e', 'p', 'o', 'l', 'i', 's', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'b', 'e', '\0',
+  /* "kinetiq.com", true */ 'k', 'i', 'n', 'e', 't', 'i', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "kineto.space", true */ 'k', 'i', 'n', 'e', 't', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "king-henris-castles.co.uk", true */ 'k', 'i', 'n', 'g', '-', 'h', 'e', 'n', 'r', 'i', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "king-of-the-castles.com", true */ 'k', 'i', 'n', 'g', '-', 'o', 'f', '-', 't', 'h', 'e', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kingant.net", true */ 'k', 'i', 'n', 'g', 'a', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "kinganywhere.eu", true */ 'k', 'i', 'n', 'g', 'a', 'n', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "kingdomcrc.org", true */ 'k', 'i', 'n', 'g', 'd', 'o', 'm', 'c', 'r', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "kingiescastles.co.uk", true */ 'k', 'i', 'n', 'g', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kinglaksa.com", false */ 'k', 'i', 'n', 'g', 'l', 'a', 'k', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kingofshooting.com", true */ 'k', 'i', 'n', 'g', 'o', 'f', 's', 'h', 'o', 'o', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kingofthecastlecoventry.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 'c', 'o', 'v', 'e', 'n', 't', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingofthecastlesentertainments.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingofthecastlesouthwales.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'o', 'u', 't', 'h', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingofthecastlesrhyl.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'r', 'h', 'y', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingpincages.com", true */ 'k', 'i', 'n', 'g', 'p', 'i', 'n', 'c', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kingqueen.org.uk", true */ 'k', 'i', 'n', 'g', 'q', 'u', 'e', 'e', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "kingstclinic.com", true */ 'k', 'i', 'n', 'g', 's', 't', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kingtecservices.com", true */ 'k', 'i', 'n', 'g', 't', 'e', 'c', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kini24.ru", true */ 'k', 'i', 'n', 'i', '2', '4', '.', 'r', 'u', '\0',
+  /* "kinkenonline.com", true */ 'k', 'i', 'n', 'k', 'e', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kinmunity.com", true */ 'k', 'i', 'n', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kinnikinnick.com", true */ 'k', 'i', 'n', 'n', 'i', 'k', 'i', 'n', 'n', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kinocheck.de", true */ 'k', 'i', 'n', 'o', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kinohled.cz", true */ 'k', 'i', 'n', 'o', 'h', 'l', 'e', 'd', '.', 'c', 'z', '\0',
+  /* "kinomoto.me", true */ 'k', 'i', 'n', 'o', 'm', 'o', 't', 'o', '.', 'm', 'e', '\0',
+  /* "kinomoto.ovh", true */ 'k', 'i', 'n', 'o', 'm', 'o', 't', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "kinow.com", true */ 'k', 'i', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "kinozal-tv.appspot.com", true */ 'k', 'i', 'n', 'o', 'z', 'a', 'l', '-', 't', 'v', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kinsights.com", false */ 'k', 'i', 'n', 's', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kinsmenhomelottery.com", true */ 'k', 'i', 'n', 's', 'm', 'e', 'n', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kintawifi.com", false */ 'k', 'i', 'n', 't', 'a', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kintone.com", true */ 'k', 'i', 'n', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kintore.tv", true */ 'k', 'i', 'n', 't', 'o', 'r', 'e', '.', 't', 'v', '\0',
+  /* "kintzingerfilm.de", true */ 'k', 'i', 'n', 't', 'z', 'i', 'n', 'g', 'e', 'r', 'f', 'i', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "kiocloud.com", true */ 'k', 'i', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kionetworks.es", true */ 'k', 'i', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'e', 's', '\0',
+  /* "kippenbart.gq", true */ 'k', 'i', 'p', 'p', 'e', 'n', 'b', 'a', 'r', 't', '.', 'g', 'q', '\0',
+  /* "kipriakipita.gr", true */ 'k', 'i', 'p', 'r', 'i', 'a', 'k', 'i', 'p', 'i', 't', 'a', '.', 'g', 'r', '\0',
+  /* "kiraboshi.xyz", true */ 'k', 'i', 'r', 'a', 'b', 'o', 's', 'h', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "kiragameforum.net", true */ 'k', 'i', 'r', 'a', 'g', 'a', 'm', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "kiraku.co", true */ 'k', 'i', 'r', 'a', 'k', 'u', '.', 'c', 'o', '\0',
+  /* "kirbear.com", true */ 'k', 'i', 'r', 'b', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kirche-dortmund-ost.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', '-', 'd', 'o', 'r', 't', 'm', 'u', 'n', 'd', '-', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "kirchen-im-web.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', 'n', '-', 'i', 'm', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "kirchengemeinde-markt-erlbach.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', 'n', 'g', 'e', 'm', 'e', 'i', 'n', 'd', 'e', '-', 'm', 'a', 'r', 'k', 't', '-', 'e', 'r', 'l', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kircp.com", true */ 'k', 'i', 'r', 'c', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kirei.se", true */ 'k', 'i', 'r', 'e', 'i', '.', 's', 'e', '\0',
+  /* "kirig.ph", false */ 'k', 'i', 'r', 'i', 'g', '.', 'p', 'h', '\0',
+  /* "kirillpokrovsky.de", true */ 'k', 'i', 'r', 'i', 'l', 'l', 'p', 'o', 'k', 'r', 'o', 'v', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "kirinas.com", true */ 'k', 'i', 'r', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kirkovsky.com", true */ 'k', 'i', 'r', 'k', 'o', 'v', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kirrie.pe.kr", true */ 'k', 'i', 'r', 'r', 'i', 'e', '.', 'p', 'e', '.', 'k', 'r', '\0',
+  /* "kirsch-gestaltung.de", true */ 'k', 'i', 'r', 's', 'c', 'h', '-', 'g', 'e', 's', 't', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "kirschbaum.me", true */ 'k', 'i', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', '.', 'm', 'e', '\0',
+  /* "kirstenbos.ca", true */ 'k', 'i', 'r', 's', 't', 'e', 'n', 'b', 'o', 's', '.', 'c', 'a', '\0',
+  /* "kirstin-peters.de", true */ 'k', 'i', 'r', 's', 't', 'i', 'n', '-', 'p', 'e', 't', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "kis-toitoidixi.de", true */ 'k', 'i', 's', '-', 't', 'o', 'i', 't', 'o', 'i', 'd', 'i', 'x', 'i', '.', 'd', 'e', '\0',
+  /* "kisallatorvos.hu", true */ 'k', 'i', 's', 'a', 'l', 'l', 'a', 't', 'o', 'r', 'v', 'o', 's', '.', 'h', 'u', '\0',
+  /* "kisiselveri.com", true */ 'k', 'i', 's', 'i', 's', 'e', 'l', 'v', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kissflow.com", true */ 'k', 'i', 's', 's', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "kissgyms.com", true */ 'k', 'i', 's', 's', 'g', 'y', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kisskiss.ch", true */ 'k', 'i', 's', 's', 'k', 'i', 's', 's', '.', 'c', 'h', '\0',
+  /* "kisstube.tv", true */ 'k', 'i', 's', 's', 't', 'u', 'b', 'e', '.', 't', 'v', '\0',
+  /* "kitbag.com.au", true */ 'k', 'i', 't', 'b', 'a', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kitchen-profi.by", true */ 'k', 'i', 't', 'c', 'h', 'e', 'n', '-', 'p', 'r', 'o', 'f', 'i', '.', 'b', 'y', '\0',
+  /* "kitchen-profi.com.ua", true */ 'k', 'i', 't', 'c', 'h', 'e', 'n', '-', 'p', 'r', 'o', 'f', 'i', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "kiteadventure.nl", true */ 'k', 'i', 't', 'e', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "kitegarage.eu", true */ 'k', 'i', 't', 'e', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'e', 'u', '\0',
+  /* "kiteschoolamsterdam.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "kiteschooledam.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'e', 'd', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "kiteschoolijmuiden.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'i', 'j', 'm', 'u', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "kiteschoolkatwijk.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'k', 'a', 't', 'w', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "kiteschoolnoordwijk.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'n', 'o', 'o', 'r', 'd', 'w', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "kiteschoolschellinkhout.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 's', 'c', 'h', 'e', 'l', 'l', 'i', 'n', 'k', 'h', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "kiteschoolwijkaanzee.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'w', 'i', 'j', 'k', 'a', 'a', 'n', 'z', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "kiteschoolzandvoort.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'z', 'a', 'n', 'd', 'v', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "kittmedia.com", true */ 'k', 'i', 't', 't', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kittpress.com", true */ 'k', 'i', 't', 't', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kittyhacker101.tk", true */ 'k', 'i', 't', 't', 'y', 'h', 'a', 'c', 'k', 'e', 'r', '1', '0', '1', '.', 't', 'k', '\0',
+  /* "kiwi.digital", true */ 'k', 'i', 'w', 'i', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "kiwi.global", true */ 'k', 'i', 'w', 'i', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "kiwico.com", true */ 'k', 'i', 'w', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kiwipayment.com", true */ 'k', 'i', 'w', 'i', 'p', 'a', 'y', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kiwipayments.com", true */ 'k', 'i', 'w', 'i', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kiwiplace.com", true */ 'k', 'i', 'w', 'i', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kj-prince.com", true */ 'k', 'j', '-', 'p', 'r', 'i', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kjaer.io", true */ 'k', 'j', 'a', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "kjarni.cc", true */ 'k', 'j', 'a', 'r', 'n', 'i', '.', 'c', 'c', '\0',
+  /* "kjarrval.is", true */ 'k', 'j', 'a', 'r', 'r', 'v', 'a', 'l', '.', 'i', 's', '\0',
+  /* "kjellner.com", true */ 'k', 'j', 'e', 'l', 'l', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kjellvn.net", true */ 'k', 'j', 'e', 'l', 'l', 'v', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kk-neudorf-duissern.de", false */ 'k', 'k', '-', 'n', 'e', 'u', 'd', 'o', 'r', 'f', '-', 'd', 'u', 'i', 's', 's', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "kkaefer.com", true */ 'k', 'k', 'a', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kkaufmann.de", false */ 'k', 'k', 'a', 'u', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "kki.org", true */ 'k', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "kkovacs.eu", true */ 'k', 'k', 'o', 'v', 'a', 'c', 's', '.', 'e', 'u', '\0',
+  /* "kks-karlstadt.de", true */ 'k', 'k', 's', '-', 'k', 'a', 'r', 'l', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "kksg.com", true */ 'k', 'k', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kkyy.me", true */ 'k', 'k', 'y', 'y', '.', 'm', 'e', '\0',
+  /* "kkzxak47.com", true */ 'k', 'k', 'z', 'x', 'a', 'k', '4', '7', '.', 'c', 'o', 'm', '\0',
+  /* "kl-diaetist.dk", true */ 'k', 'l', '-', 'd', 'i', 'a', 'e', 't', 'i', 's', 't', '.', 'd', 'k', '\0',
+  /* "klaim.us", true */ 'k', 'l', 'a', 'i', 'm', '.', 'u', 's', '\0',
+  /* "klamathrestoration.gov", true */ 'k', 'l', 'a', 'm', 'a', 't', 'h', 'r', 'e', 's', 't', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "klanggut.at", true */ 'k', 'l', 'a', 'n', 'g', 'g', 'u', 't', '.', 'a', 't', '\0',
+  /* "klares-licht.de", true */ 'k', 'l', 'a', 'r', 'e', 's', '-', 'l', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "klarika.com", true */ 'k', 'l', 'a', 'r', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "klarmobil-empfehlen.de", true */ 'k', 'l', 'a', 'r', 'm', 'o', 'b', 'i', 'l', '-', 'e', 'm', 'p', 'f', 'e', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "klasfauseweh.de", true */ 'k', 'l', 'a', 's', 'f', 'a', 'u', 's', 'e', 'w', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "klatschreime.de", true */ 'k', 'l', 'a', 't', 's', 'c', 'h', 'r', 'e', 'i', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "klausbrinch.dk", true */ 'k', 'l', 'a', 'u', 's', 'b', 'r', 'i', 'n', 'c', 'h', '.', 'd', 'k', '\0',
+  /* "klausimas.lt", true */ 'k', 'l', 'a', 'u', 's', 'i', 'm', 'a', 's', '.', 'l', 't', '\0',
+  /* "klaver.it", true */ 'k', 'l', 'a', 'v', 'e', 'r', '.', 'i', 't', '\0',
+  /* "klaw.xyz", true */ 'k', 'l', 'a', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "kle.cz", true */ 'k', 'l', 'e', '.', 'c', 'z', '\0',
+  /* "kleaning.by", true */ 'k', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'b', 'y', '\0',
+  /* "kleberstoff.xyz", true */ 'k', 'l', 'e', 'b', 'e', 'r', 's', 't', 'o', 'f', 'f', '.', 'x', 'y', 'z', '\0',
+  /* "klebetape.de", true */ 'k', 'l', 'e', 'b', 'e', 't', 'a', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "kledingrekken.nl", true */ 'k', 'l', 'e', 'd', 'i', 'n', 'g', 'r', 'e', 'k', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "kleidertauschpartys.de", true */ 'k', 'l', 'e', 'i', 'd', 'e', 'r', 't', 'a', 'u', 's', 'c', 'h', 'p', 'a', 'r', 't', 'y', 's', '.', 'd', 'e', '\0',
+  /* "kleine-dingen.nl", true */ 'k', 'l', 'e', 'i', 'n', 'e', '-', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "kleineanfragen.de", true */ 'k', 'l', 'e', 'i', 'n', 'e', 'a', 'n', 'f', 'r', 'a', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kleinfein.co", true */ 'k', 'l', 'e', 'i', 'n', 'f', 'e', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "kleinholding.com", true */ 'k', 'l', 'e', 'i', 'n', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kleinreich.de", true */ 'k', 'l', 'e', 'i', 'n', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kleinserienproduktion.com", true */ 'k', 'l', 'e', 'i', 'n', 's', 'e', 'r', 'i', 'e', 'n', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kleinsys.com", true */ 'k', 'l', 'e', 'i', 'n', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kleteckova.cz", true */ 'k', 'l', 'e', 't', 'e', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "klickstdu.com", true */ 'k', 'l', 'i', 'c', 'k', 's', 't', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kliemann.me", true */ 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0',
+  /* "klif1.nl", true */ 'k', 'l', 'i', 'f', '1', '.', 'n', 'l', '\0',
+  /* "klimaloven.no", true */ 'k', 'l', 'i', 'm', 'a', 'l', 'o', 'v', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "klimapartner.de", true */ 'k', 'l', 'i', 'm', 'a', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "klimapartner.net", true */ 'k', 'l', 'i', 'm', 'a', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "klimchuk.by", true */ 'k', 'l', 'i', 'm', 'c', 'h', 'u', 'k', '.', 'b', 'y', '\0',
+  /* "klimchuk.com", true */ 'k', 'l', 'i', 'm', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "klinikac.co.id", false */ 'k', 'l', 'i', 'n', 'i', 'k', 'a', 'c', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "klinkerstreet.com.ua", true */ 'k', 'l', 'i', 'n', 'k', 'e', 'r', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "klinknetz.de", true */ 'k', 'l', 'i', 'n', 'k', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "klm-huisjes.nl", true */ 'k', 'l', 'm', '-', 'h', 'u', 'i', 's', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "klmhouses.com", true */ 'k', 'l', 'm', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "klocker-ausserlechner.com", true */ 'k', 'l', 'o', 'c', 'k', 'e', 'r', '-', 'a', 'u', 's', 's', 'e', 'r', 'l', 'e', 'c', 'h', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kloia.com", true */ 'k', 'l', 'o', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "klosko.net", true */ 'k', 'l', 'o', 's', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "klotz-labs.com", true */ 'k', 'l', 'o', 't', 'z', '-', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kls-agency.com.ua", true */ 'k', 'l', 's', '-', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "klssn.com", true */ 'k', 'l', 's', 's', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kluck.me", true */ 'k', 'l', 'u', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "klugemedia.de", true */ 'k', 'l', 'u', 'g', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "klustekeningen.nl", true */ 'k', 'l', 'u', 's', 't', 'e', 'k', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "klustermedia.com", true */ 'k', 'l', 'u', 's', 't', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "klva.cz", true */ 'k', 'l', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "km-net.pl", true */ 'k', 'm', '-', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "kmashworth.co.uk", true */ 'k', 'm', 'a', 's', 'h', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kmkz.jp", true */ 'k', 'm', 'k', 'z', '.', 'j', 'p', '\0',
+  /* "kmsci.com.ph", true */ 'k', 'm', 's', 'c', 'i', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "kn007.net", true */ 'k', 'n', '0', '0', '7', '.', 'n', 'e', 't', '\0',
+  /* "knaake.net", true */ 'k', 'n', 'a', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "knab-networks.com", true */ 'k', 'n', 'a', 'b', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "knapp.noip.me", true */ 'k', 'n', 'a', 'p', 'p', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "knarcraft.net", true */ 'k', 'n', 'a', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "kncg.pw", true */ 'k', 'n', 'c', 'g', '.', 'p', 'w', '\0',
+  /* "kneblinghausen.de", true */ 'k', 'n', 'e', 'b', 'l', 'i', 'n', 'g', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "knegten-agilis.com", true */ 'k', 'n', 'e', 'g', 't', 'e', 'n', '-', 'a', 'g', 'i', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "knep.me", true */ 'k', 'n', 'e', 'p', '.', 'm', 'e', '\0',
+  /* "kngk-azs.ru", true */ 'k', 'n', 'g', 'k', '-', 'a', 'z', 's', '.', 'r', 'u', '\0',
+  /* "kngk-group.ru", true */ 'k', 'n', 'g', 'k', '-', 'g', 'r', 'o', 'u', 'p', '.', 'r', 'u', '\0',
+  /* "kngk-transavto.ru", true */ 'k', 'n', 'g', 'k', '-', 't', 'r', 'a', 'n', 's', 'a', 'v', 't', 'o', '.', 'r', 'u', '\0',
+  /* "kngk.org", true */ 'k', 'n', 'g', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "kngkng.com", true */ 'k', 'n', 'g', 'k', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kniga.market", true */ 'k', 'n', 'i', 'g', 'a', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "knight-industries.org", true */ 'k', 'n', 'i', 'g', 'h', 't', '-', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "knightsblog.de", true */ 'k', 'n', 'i', 'g', 'h', 't', 's', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "knightsbridge.net", true */ 'k', 'n', 'i', 'g', 'h', 't', 's', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "knip.ch", true */ 'k', 'n', 'i', 'p', '.', 'c', 'h', '\0',
+  /* "kniwweler.com", true */ 'k', 'n', 'i', 'w', 'w', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "knnet.ch", true */ 'k', 'n', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "knot-store.com", true */ 'k', 'n', 'o', 't', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "knowledgehook.com", true */ 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', 'h', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "knowlevillagecc.co.uk", true */ 'k', 'n', 'o', 'w', 'l', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'c', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "knthost.com", true */ 'k', 'n', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "knurps.de", true */ 'k', 'n', 'u', 'r', 'p', 's', '.', 'd', 'e', '\0',
+  /* "knutur.is", true */ 'k', 'n', 'u', 't', 'u', 'r', '.', 'i', 's', '\0',
+  /* "knygos.lt", true */ 'k', 'n', 'y', 'g', 'o', 's', '.', 'l', 't', '\0',
+  /* "ko-sys.com", true */ 'k', 'o', '-', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ko.si", true */ 'k', 'o', '.', 's', 'i', '\0',
+  /* "koalapress.fr", true */ 'k', 'o', 'a', 'l', 'a', 'p', 'r', 'e', 's', 's', '.', 'f', 'r', '\0',
+  /* "koalas.org", true */ 'k', 'o', 'a', 'l', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kobezda.net", true */ 'k', 'o', 'b', 'e', 'z', 'd', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kobieta.guru", true */ 'k', 'o', 'b', 'i', 'e', 't', 'a', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "kobofarm.com", true */ 'k', 'o', 'b', 'o', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "koboldcraft.ch", true */ 'k', 'o', 'b', 'o', 'l', 'd', 'c', 'r', 'a', 'f', 't', '.', 'c', 'h', '\0',
+  /* "kobolya.hu", true */ 'k', 'o', 'b', 'o', 'l', 'y', 'a', '.', 'h', 'u', '\0',
+  /* "kodak-ism.com", true */ 'k', 'o', 'd', 'a', 'k', '-', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "kodden.com.br", true */ 'k', 'o', 'd', 'd', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "kode-it.de", true */ 'k', 'o', 'd', 'e', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "kode.ch", true */ 'k', 'o', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "koebbes.de", true */ 'k', 'o', 'e', 'b', 'b', 'e', 's', '.', 'd', 'e', '\0',
+  /* "koelbli.ch", true */ 'k', 'o', 'e', 'l', 'b', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "koelnmafia.de", true */ 'k', 'o', 'e', 'l', 'n', 'm', 'a', 'f', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "koenen-bau.de", true */ 'k', 'o', 'e', 'n', 'e', 'n', '-', 'b', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "koenigsbrunner-tafel.de", true */ 'k', 'o', 'e', 'n', 'i', 'g', 's', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '-', 't', 'a', 'f', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "koerper-wie-seele.de", false */ 'k', 'o', 'e', 'r', 'p', 'e', 'r', '-', 'w', 'i', 'e', '-', 's', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "koertner-muth.com", true */ 'k', 'o', 'e', 'r', 't', 'n', 'e', 'r', '-', 'm', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "koertner-muth.de", true */ 'k', 'o', 'e', 'r', 't', 'n', 'e', 'r', '-', 'm', 'u', 't', 'h', '.', 'd', 'e', '\0',
+  /* "koethen-markt.de", true */ 'k', 'o', 'e', 't', 'h', 'e', 'n', '-', 'm', 'a', 'r', 'k', 't', '.', 'd', 'e', '\0',
+  /* "koetjesenkanker.nl", true */ 'k', 'o', 'e', 't', 'j', 'e', 's', 'e', 'n', 'k', 'a', 'n', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "kofler.info", true */ 'k', 'o', 'f', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "kogak.ninja", true */ 'k', 'o', 'g', 'a', 'k', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "kogi.fr", true */ 'k', 'o', 'g', 'i', '.', 'f', 'r', '\0',
+  /* "kogro.de", true */ 'k', 'o', 'g', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "kogudesi.com", true */ 'k', 'o', 'g', 'u', 'd', 'e', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "koha.be", true */ 'k', 'o', 'h', 'a', '.', 'b', 'e', '\0',
+  /* "kohlistkool.tk", true */ 'k', 'o', 'h', 'l', 'i', 's', 't', 'k', 'o', 'o', 'l', '.', 't', 'k', '\0',
+  /* "koho.fi", true */ 'k', 'o', 'h', 'o', '.', 'f', 'i', '\0',
+  /* "kohsandra.com", true */ 'k', 'o', 'h', 's', 'a', 'n', 'd', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "koi-sama.net", true */ 'k', 'o', 'i', '-', 's', 'a', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "koifish.org", true */ 'k', 'o', 'i', 'f', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "kokensupport.com", true */ 'k', 'o', 'k', 'e', 'n', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "koketteriet.se", true */ 'k', 'o', 'k', 'e', 't', 't', 'e', 'r', 'i', 'e', 't', '.', 's', 'e', '\0',
+  /* "kokumoto.com", true */ 'k', 'o', 'k', 'u', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "koldanews.com", true */ 'k', 'o', 'l', 'd', 'a', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kolin.org", true */ 'k', 'o', 'l', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kolizaskrap.bg", true */ 'k', 'o', 'l', 'i', 'z', 'a', 's', 'k', 'r', 'a', 'p', '.', 'b', 'g', '\0',
+  /* "kolja-engelmann.de", true */ 'k', 'o', 'l', 'j', 'a', '-', 'e', 'n', 'g', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "kolkataflowermall.com", true */ 'k', 'o', 'l', 'k', 'a', 't', 'a', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kollect.ie", true */ 'k', 'o', 'l', 'l', 'e', 'c', 't', '.', 'i', 'e', '\0',
+  /* "kollega.it", true */ 'k', 'o', 'l', 'l', 'e', 'g', 'a', '.', 'i', 't', '\0',
+  /* "kolmann.at", true */ 'k', 'o', 'l', 'm', 'a', 'n', 'n', '.', 'a', 't', '\0',
+  /* "kolmann.eu", true */ 'k', 'o', 'l', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "koluke.co", true */ 'k', 'o', 'l', 'u', 'k', 'e', '.', 'c', 'o', '\0',
+  /* "koluke.com", true */ 'k', 'o', 'l', 'u', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "komandakovalchuk.com", false */ 'k', 'o', 'm', 'a', 'n', 'd', 'a', 'k', 'o', 'v', 'a', 'l', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "komicloud.com", true */ 'k', 'o', 'm', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "komidoc.com", true */ 'k', 'o', 'm', 'i', 'd', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kominfo.go.id", true */ 'k', 'o', 'm', 'i', 'n', 'f', 'o', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "kominfo.net", true */ 'k', 'o', 'm', 'i', 'n', 'f', 'o', '.', 'n', 'e', 't', '\0',
+  /* "kominki-sauny.pl", true */ 'k', 'o', 'm', 'i', 'n', 'k', 'i', '-', 's', 'a', 'u', 'n', 'y', '.', 'p', 'l', '\0',
+  /* "komintek.ru", true */ 'k', 'o', 'm', 'i', 'n', 't', 'e', 'k', '.', 'r', 'u', '\0',
+  /* "komischkeszeug.de", true */ 'k', 'o', 'm', 'i', 's', 'c', 'h', 'k', 'e', 's', 'z', 'e', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "kommune42.org", true */ 'k', 'o', 'm', 'm', 'u', 'n', 'e', '4', '2', '.', 'o', 'r', 'g', '\0',
+  /* "komoju.com", true */ 'k', 'o', 'm', 'o', 'j', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "komok.co.uk", true */ 'k', 'o', 'm', 'o', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kompetenzkurs.de", true */ 'k', 'o', 'm', 'p', 'e', 't', 'e', 'n', 'z', 'k', 'u', 'r', 's', '.', 'd', 'e', '\0',
+  /* "kon-sil.de", true */ 'k', 'o', 'n', '-', 's', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "kondi.net", true */ 'k', 'o', 'n', 'd', 'i', '.', 'n', 'e', 't', '\0',
+  /* "kondou-butsudan.com", true */ 'k', 'o', 'n', 'd', 'o', 'u', '-', 'b', 'u', 't', 's', 'u', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kongar.org", true */ 'k', 'o', 'n', 'g', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "koniecfica.sk", true */ 'k', 'o', 'n', 'i', 'e', 'c', 'f', 'i', 'c', 'a', '.', 's', 'k', '\0',
+  /* "konijntjes.nl", true */ 'k', 'o', 'n', 'i', 'j', 'n', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "konings.it", true */ 'k', 'o', 'n', 'i', 'n', 'g', 's', '.', 'i', 't', '\0',
+  /* "koningskwartiertje.nl", true */ 'k', 'o', 'n', 'i', 'n', 'g', 's', 'k', 'w', 'a', 'r', 't', 'i', 'e', 'r', 't', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "konklone.com", true */ 'k', 'o', 'n', 'k', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "konkurs.ba", true */ 'k', 'o', 'n', 'k', 'u', 'r', 's', '.', 'b', 'a', '\0',
+  /* "konoe.studio", true */ 'k', 'o', 'n', 'o', 'e', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "konosuke.jp", true */ 'k', 'o', 'n', 'o', 's', 'u', 'k', 'e', '.', 'j', 'p', '\0',
+  /* "konsertoversikt.no", true */ 'k', 'o', 'n', 's', 'e', 'r', 't', 'o', 'v', 'e', 'r', 's', 'i', 'k', 't', '.', 'n', 'o', '\0',
+  /* "konst.se", true */ 'k', 'o', 'n', 's', 't', '.', 's', 'e', '\0',
+  /* "kontakthuman.hu", true */ 'k', 'o', 'n', 't', 'a', 'k', 't', 'h', 'u', 'm', 'a', 'n', '.', 'h', 'u', '\0',
+  /* "kontaxis.org", true */ 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kontorhaus-schlachte.de", true */ 'k', 'o', 'n', 't', 'o', 'r', 'h', 'a', 'u', 's', '-', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', '.', 'd', 'e', '\0',
+  /* "konyalian.com", true */ 'k', 'o', 'n', 'y', 'a', 'l', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "konzertheld.de", true */ 'k', 'o', 'n', 'z', 'e', 'r', 't', 'h', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "koodimasin.ee", true */ 'k', 'o', 'o', 'd', 'i', 'm', 'a', 's', 'i', 'n', '.', 'e', 'e', '\0',
+  /* "koolikatsed.ee", true */ 'k', 'o', 'o', 'l', 'i', 'k', 'a', 't', 's', 'e', 'd', '.', 'e', 'e', '\0',
+  /* "kooponline.eu", true */ 'k', 'o', 'o', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "koot.nl", true */ 'k', 'o', 'o', 't', '.', 'n', 'l', '\0',
+  /* "kopfkrieg.org", true */ 'k', 'o', 'p', 'f', 'k', 'r', 'i', 'e', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "koptev.ru", true */ 'k', 'o', 'p', 't', 'e', 'v', '.', 'r', 'u', '\0',
+  /* "kopteva.ru", true */ 'k', 'o', 'p', 't', 'e', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "kopular.com", true */ 'k', 'o', 'p', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kopykatz.org", false */ 'k', 'o', 'p', 'y', 'k', 'a', 't', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "korea.dating", true */ 'k', 'o', 'r', 'e', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "koreaboo.com", true */ 'k', 'o', 'r', 'e', 'a', 'b', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "koretech.nl", true */ 'k', 'o', 'r', 'e', 't', 'e', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "korinar.com", true */ 'k', 'o', 'r', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "korobi.io", true */ 'k', 'o', 'r', 'o', 'b', 'i', '.', 'i', 'o', '\0',
+  /* "korobkovsky.ru", true */ 'k', 'o', 'r', 'o', 'b', 'k', 'o', 'v', 's', 'k', 'y', '.', 'r', 'u', '\0',
+  /* "korono.de", true */ 'k', 'o', 'r', 'o', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "korosiprogram.hu", true */ 'k', 'o', 'r', 'o', 's', 'i', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'h', 'u', '\0',
+  /* "korp.fr", true */ 'k', 'o', 'r', 'p', '.', 'f', 'r', '\0',
+  /* "korrelzout.nl", true */ 'k', 'o', 'r', 'r', 'e', 'l', 'z', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "kortgebyr.dk", true */ 'k', 'o', 'r', 't', 'g', 'e', 'b', 'y', 'r', '.', 'd', 'k', '\0',
+  /* "koryfi.com", true */ 'k', 'o', 'r', 'y', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kosaki.moe", true */ 'k', 'o', 's', 'a', 'k', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "koscielniak-nieruchomosci.pl", true */ 'k', 'o', 's', 'c', 'i', 'e', 'l', 'n', 'i', 'a', 'k', '-', 'n', 'i', 'e', 'r', 'u', 'c', 'h', 'o', 'm', 'o', 's', 'c', 'i', '.', 'p', 'l', '\0',
+  /* "kosho.org", true */ 'k', 'o', 's', 'h', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kosmetik-grothe.de", true */ 'k', 'o', 's', 'm', 'e', 't', 'i', 'k', '-', 'g', 'r', 'o', 't', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "kostecki.com", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kostecki.org", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "kostecki.tel", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 't', 'e', 'l', '\0',
+  /* "kostya.net", false */ 'k', 'o', 's', 't', 'y', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kostya.ws", true */ 'k', 'o', 's', 't', 'y', 'a', '.', 'w', 's', '\0',
+  /* "kotausaha.com", true */ 'k', 'o', 't', 'a', 'u', 's', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kotelezobiztositas.eu", true */ 'k', 'o', 't', 'e', 'l', 'e', 'z', 'o', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'e', 'u', '\0',
+  /* "kotilinkki.fi", true */ 'k', 'o', 't', 'i', 'l', 'i', 'n', 'k', 'k', 'i', '.', 'f', 'i', '\0',
+  /* "kotitesti.fi", true */ 'k', 'o', 't', 'i', 't', 'e', 's', 't', 'i', '.', 'f', 'i', '\0',
+  /* "kotomei.moe", true */ 'k', 'o', 't', 'o', 'm', 'e', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "kotori.love", true */ 'k', 'o', 't', 'o', 'r', 'i', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "kottur.is", true */ 'k', 'o', 't', 't', 'u', 'r', '.', 'i', 's', '\0',
+  /* "koumuwin.com", true */ 'k', 'o', 'u', 'm', 'u', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "koushinjo.org", true */ 'k', 'o', 'u', 's', 'h', 'i', 'n', 'j', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kov.space", true */ 'k', 'o', 'v', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "kovaldo.ru", true */ 'k', 'o', 'v', 'a', 'l', 'd', 'o', '.', 'r', 'u', '\0',
+  /* "kovals.sk", true */ 'k', 'o', 'v', 'a', 'l', 's', '.', 's', 'k', '\0',
+  /* "kovnsk.net", true */ 'k', 'o', 'v', 'n', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "kovspace.com", true */ 'k', 'o', 'v', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kowalmik.tk", true */ 'k', 'o', 'w', 'a', 'l', 'm', 'i', 'k', '.', 't', 'k', '\0',
+  /* "kowarschick.de", true */ 'k', 'o', 'w', 'a', 'r', 's', 'c', 'h', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kowshiksundararajan.com", true */ 'k', 'o', 'w', 's', 'h', 'i', 'k', 's', 'u', 'n', 'd', 'a', 'r', 'a', 'r', 'a', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "koyaanis.com", true */ 'k', 'o', 'y', 'a', 'a', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kozuch.biz", true */ 'k', 'o', 'z', 'u', 'c', 'h', '.', 'b', 'i', 'z', '\0',
+  /* "kpebetka.net", true */ 'k', 'p', 'e', 'b', 'e', 't', 'k', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kpfanworld.com", true */ 'k', 'p', 'f', 'a', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kpinvest.eu", true */ 'k', 'p', 'i', 'n', 'v', 'e', 's', 't', '.', 'e', 'u', '\0',
+  /* "kplasticsurgery.com", true */ 'k', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kplnet.net", true */ 'k', 'p', 'l', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "kpmgpublications.ie", true */ 'k', 'p', 'm', 'g', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'i', 'e', '\0',
+  /* "kpn-dnssec.com", true */ 'k', 'p', 'n', '-', 'd', 'n', 's', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kpop.re", true */ 'k', 'p', 'o', 'p', '.', 'r', 'e', '\0',
+  /* "kpumuk.info", true */ 'k', 'p', 'u', 'm', 'u', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "kpvpn.com", true */ 'k', 'p', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kpx1.de", true */ 'k', 'p', 'x', '1', '.', 'd', 'e', '\0',
+  /* "kr.search.yahoo.com", false */ 'k', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "krachtinverbinding.nl", true */ 'k', 'r', 'a', 'c', 'h', 't', 'i', 'n', 'v', 'e', 'r', 'b', 'i', 'n', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "kradalby.no", true */ 'k', 'r', 'a', 'd', 'a', 'l', 'b', 'y', '.', 'n', 'o', '\0',
+  /* "kraft.blog", true */ 'k', 'r', 'a', 'f', 't', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "kraft.im", true */ 'k', 'r', 'a', 'f', 't', '.', 'i', 'm', '\0',
+  /* "krag.be", true */ 'k', 'r', 'a', 'g', '.', 'b', 'e', '\0',
+  /* "kraga.sk", true */ 'k', 'r', 'a', 'g', 'a', '.', 's', 'k', '\0',
+  /* "kraiwan.com", true */ 'k', 'r', 'a', 'i', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kraiwon.com", true */ 'k', 'r', 'a', 'i', 'w', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kraken.io", true */ 'k', 'r', 'a', 'k', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "kralik.io", true */ 'k', 'r', 'a', 'l', 'i', 'k', '.', 'i', 'o', '\0',
+  /* "kralovstvimap.cz", true */ 'k', 'r', 'a', 'l', 'o', 'v', 's', 't', 'v', 'i', 'm', 'a', 'p', '.', 'c', 'z', '\0',
+  /* "kram.nz", true */ 'k', 'r', 'a', 'm', '.', 'n', 'z', '\0',
+  /* "krambeutel.de", true */ 'k', 'r', 'a', 'm', 'b', 'e', 'u', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kramsj.uk", true */ 'k', 'r', 'a', 'm', 's', 'j', '.', 'u', 'k', '\0',
+  /* "krang.org.uk", true */ 'k', 'r', 'a', 'n', 'g', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "krasavchik.by", true */ 'k', 'r', 'a', 's', 'a', 'v', 'c', 'h', 'i', 'k', '.', 'b', 'y', '\0',
+  /* "krasota.ru", false */ 'k', 'r', 'a', 's', 'o', 't', 'a', '.', 'r', 'u', '\0',
+  /* "krasovsky.me", true */ 'k', 'r', 'a', 's', 'o', 'v', 's', 'k', 'y', '.', 'm', 'e', '\0',
+  /* "krautomat.com", true */ 'k', 'r', 'a', 'u', 't', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kraynik.com", true */ 'k', 'r', 'a', 'y', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "krazykastles.co.uk", true */ 'k', 'r', 'a', 'z', 'y', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krazykoolkastles.com", true */ 'k', 'r', 'a', 'z', 'y', 'k', 'o', 'o', 'l', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "krazyphotobooths.co.uk", true */ 'k', 'r', 'a', 'z', 'y', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krc.link", true */ 'k', 'r', 'c', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "kreationnext.com", true */ 'k', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'n', 'e', 'x', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kreativelabs.ch", true */ 'k', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'a', 'b', 's', '.', 'c', 'h', '\0',
+  /* "kreativstrecke.de", true */ 'k', 'r', 'e', 'a', 't', 'i', 'v', 's', 't', 'r', 'e', 'c', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "kredit-abzocke.com", true */ 'k', 'r', 'e', 'd', 'i', 't', '-', 'a', 'b', 'z', 'o', 'c', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kredite24.de", true */ 'k', 'r', 'e', 'd', 'i', 't', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "kreditkacs.cz", true */ 'k', 'r', 'e', 'd', 'i', 't', 'k', 'a', 'c', 's', '.', 'c', 'z', '\0',
+  /* "kreen.org", true */ 'k', 'r', 'e', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kremalicious.com", true */ 'k', 'r', 'e', 'm', 'a', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kretschmann.consulting", true */ 'k', 'r', 'e', 't', 's', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "kreuzpfadfinder.de", true */ 'k', 'r', 'e', 'u', 'z', 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "kreza.de", true */ 'k', 'r', 'e', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "kriechel.de", true */ 'k', 'r', 'i', 'e', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kriegskindernothilfe.de", true */ 'k', 'r', 'i', 'e', 'g', 's', 'k', 'i', 'n', 'd', 'e', 'r', 'n', 'o', 't', 'h', 'i', 'l', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "krinetzki.de", true */ 'k', 'r', 'i', 'n', 'e', 't', 'z', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "krislamoureux.com", true */ 'k', 'r', 'i', 's', 'l', 'a', 'm', 'o', 'u', 'r', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "krismurray.co.uk", true */ 'k', 'r', 'i', 's', 'm', 'u', 'r', 'r', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krisstarkey.co.uk", true */ 'k', 'r', 'i', 's', 's', 't', 'a', 'r', 'k', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krist.club", true */ 'k', 'r', 'i', 's', 't', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "kristikala.nl", true */ 'k', 'r', 'i', 's', 't', 'i', 'k', 'a', 'l', 'a', '.', 'n', 'l', '\0',
+  /* "kristinbailey.com", true */ 'k', 'r', 'i', 's', 't', 'i', 'n', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kristofdv.be", true */ 'k', 'r', 'i', 's', 't', 'o', 'f', 'd', 'v', '.', 'b', 'e', '\0',
+  /* "krizek.cc", true */ 'k', 'r', 'i', 'z', 'e', 'k', '.', 'c', 'c', '\0',
+  /* "krizevci.info", true */ 'k', 'r', 'i', 'z', 'e', 'v', 'c', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "krmeni.cz", true */ 'k', 'r', 'm', 'e', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "krokedil.se", true */ 'k', 'r', 'o', 'k', 'e', 'd', 'i', 'l', '.', 's', 'e', '\0',
+  /* "krokodent.de", true */ 'k', 'r', 'o', 'k', 'o', 'd', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "kromamoveis.com.br", true */ 'k', 'r', 'o', 'm', 'a', 'm', 'o', 'v', 'e', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "kromonos.net", true */ 'k', 'r', 'o', 'm', 'o', 'n', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "kronaw.it", true */ 'k', 'r', 'o', 'n', 'a', 'w', '.', 'i', 't', '\0',
+  /* "krony.de", true */ 'k', 'r', 'o', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "kroon.email", true */ 'k', 'r', 'o', 'o', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "kropkait.pl", true */ 'k', 'r', 'o', 'p', 'k', 'a', 'i', 't', '.', 'p', 'l', '\0',
+  /* "krsn.de", true */ 'k', 'r', 's', 'n', '.', 'd', 'e', '\0',
+  /* "krugermillions.org", true */ 'k', 'r', 'u', 'g', 'e', 'r', 'm', 'i', 'l', 'l', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "krugoval.hr", true */ 'k', 'r', 'u', 'g', 'o', 'v', 'a', 'l', '.', 'h', 'r', '\0',
+  /* "kruin.net", true */ 'k', 'r', 'u', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kruisselbrink.com", true */ 'k', 'r', 'u', 'i', 's', 's', 'e', 'l', 'b', 'r', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kruk.co", true */ 'k', 'r', 'u', 'k', '.', 'c', 'o', '\0',
+  /* "krumberconsulting.com", true */ 'k', 'r', 'u', 'm', 'b', 'e', 'r', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "krupa.net.pl", false */ 'k', 'r', 'u', 'p', 'a', '.', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "krutka.cz", true */ 'k', 'r', 'u', 't', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "kruu.de", true */ 'k', 'r', 'u', 'u', '.', 'd', 'e', '\0',
+  /* "kry.no", true */ 'k', 'r', 'y', '.', 'n', 'o', '\0',
+  /* "kry.se", true */ 'k', 'r', 'y', '.', 's', 'e', '\0',
+  /* "kryglik.com", true */ 'k', 'r', 'y', 'g', 'l', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "krypsys.com", true */ 'k', 'r', 'y', 'p', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "krypt.com", true */ 'k', 'r', 'y', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kryptera.se", true */ 'k', 'r', 'y', 'p', 't', 'e', 'r', 'a', '.', 's', 'e', '\0',
+  /* "kryx.de", true */ 'k', 'r', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "ks-watch.de", true */ 'k', 's', '-', 'w', 'a', 't', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kschv-rdeck.de", true */ 'k', 's', 'c', 'h', 'v', '-', 'r', 'd', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kshlm.in", true */ 'k', 's', 'h', 'l', 'm', '.', 'i', 'n', '\0',
+  /* "kspg.tv", true */ 'k', 's', 'p', 'g', '.', 't', 'v', '\0',
+  /* "kswcosmetics.com", true */ 'k', 's', 'w', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ktbnetbank.com", true */ 'k', 't', 'b', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kthnxbai.xyz", true */ 'k', 't', 'h', 'n', 'x', 'b', 'a', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "kts-thueringen.de", true */ 'k', 't', 's', '-', 't', 'h', 'u', 'e', 'r', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ktsee.eu.org", true */ 'k', 't', 's', 'e', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ktw.lv", true */ 'k', 't', 'w', '.', 'l', 'v', '\0',
+  /* "ku.io", true */ 'k', 'u', '.', 'i', 'o', '\0',
+  /* "kualo.co.uk", true */ 'k', 'u', 'a', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kualo.com", true */ 'k', 'u', 'a', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kualo.in", true */ 'k', 'u', 'a', 'l', 'o', '.', 'i', 'n', '\0',
+  /* "kuaza.com", true */ 'k', 'u', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kub.hr", true */ 'k', 'u', 'b', '.', 'h', 'r', '\0',
+  /* "kubik-rubik.de", false */ 'k', 'u', 'b', 'i', 'k', '-', 'r', 'u', 'b', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "kubiwa.net", true */ 'k', 'u', 'b', 'i', 'w', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kubkprf.ru", true */ 'k', 'u', 'b', 'k', 'p', 'r', 'f', '.', 'r', 'u', '\0',
+  /* "kuchenschock.de", true */ 'k', 'u', 'c', 'h', 'e', 'n', 's', 'c', 'h', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kuchentraum.eu", true */ 'k', 'u', 'c', 'h', 'e', 'n', 't', 'r', 'a', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "kucheryavenkovn.ru", true */ 'k', 'u', 'c', 'h', 'e', 'r', 'y', 'a', 'v', 'e', 'n', 'k', 'o', 'v', 'n', '.', 'r', 'u', '\0',
+  /* "kucnibudzet.com", true */ 'k', 'u', 'c', 'n', 'i', 'b', 'u', 'd', 'z', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kueche-co.de", true */ 'k', 'u', 'e', 'c', 'h', 'e', '-', 'c', 'o', '.', 'd', 'e', '\0',
+  /* "kuechenprofi-group.de", true */ 'k', 'u', 'e', 'c', 'h', 'e', 'n', 'p', 'r', 'o', 'f', 'i', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0',
+  /* "kuehndel.org", true */ 'k', 'u', 'e', 'h', 'n', 'd', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "kuehnel-bs.de", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '-', 'b', 's', '.', 'd', 'e', '\0',
+  /* "kuehnel-online.eu", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "kuehnel.org", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "kuemmerlin.eu", true */ 'k', 'u', 'e', 'm', 'm', 'e', 'r', 'l', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "kuemmling.eu", true */ 'k', 'u', 'e', 'm', 'm', 'l', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "kuhn-elektrotechnik.de", true */ 'k', 'u', 'h', 'n', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "kujadin.de", true */ 'k', 'u', 'j', 'a', 'd', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "kukal.cz", true */ 'k', 'u', 'k', 'a', 'l', '.', 'c', 'z', '\0',
+  /* "kuketz-blog.de", true */ 'k', 'u', 'k', 'e', 't', 'z', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "kuketz-security.de", true */ 'k', 'u', 'k', 'e', 't', 'z', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "kulde.net", true */ 'k', 'u', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kulivps.com", true */ 'k', 'u', 'l', 'i', 'v', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kuma.es", true */ 'k', 'u', 'm', 'a', '.', 'e', 's', '\0',
+  /* "kumachan.biz", true */ 'k', 'u', 'm', 'a', 'c', 'h', 'a', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "kumalog.com", true */ 'k', 'u', 'm', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kumasanda.jp", true */ 'k', 'u', 'm', 'a', 's', 'a', 'n', 'd', 'a', '.', 'j', 'p', '\0',
+  /* "kundenerreichen.com", true */ 'k', 'u', 'n', 'd', 'e', 'n', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kundenerreichen.de", true */ 'k', 'u', 'n', 'd', 'e', 'n', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kundo.se", true */ 'k', 'u', 'n', 'd', 'o', '.', 's', 'e', '\0',
+  /* "kungerkueken.de", true */ 'k', 'u', 'n', 'g', 'e', 'r', 'k', 'u', 'e', 'k', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kunstundunrat.de", true */ 'k', 'u', 'n', 's', 't', 'u', 'n', 'd', 'u', 'n', 'r', 'a', 't', '.', 'd', 'e', '\0',
+  /* "kuoruan.com", true */ 'k', 'u', 'o', 'r', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kupferstichshop.com", true */ 'k', 'u', 'p', 'f', 'e', 'r', 's', 't', 'i', 'c', 'h', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kupid.com", true */ 'k', 'u', 'p', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kupiec.eu.org", true */ 'k', 'u', 'p', 'i', 'e', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kupimlot.ru", true */ 'k', 'u', 'p', 'i', 'm', 'l', 'o', 't', '.', 'r', 'u', '\0',
+  /* "kuponrazzi.com", true */ 'k', 'u', 'p', 'o', 'n', 'r', 'a', 'z', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kuponydoher.cz", true */ 'k', 'u', 'p', 'o', 'n', 'y', 'd', 'o', 'h', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "kupschke.net", true */ 'k', 'u', 'p', 's', 'c', 'h', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kurashino-mall.com", true */ 'k', 'u', 'r', 'a', 's', 'h', 'i', 'n', 'o', '-', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kurofuku.me", true */ 'k', 'u', 'r', 'o', 'f', 'u', 'k', 'u', '.', 'm', 'e', '\0',
+  /* "kuroisalva.xyz", false */ 'k', 'u', 'r', 'o', 'i', 's', 'a', 'l', 'v', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "kurona.ga", true */ 'k', 'u', 'r', 'o', 'n', 'a', '.', 'g', 'a', '\0',
+  /* "kuronekogaro.com", true */ 'k', 'u', 'r', 'o', 'n', 'e', 'k', 'o', 'g', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kurrietv.nl", true */ 'k', 'u', 'r', 'r', 'i', 'e', 't', 'v', '.', 'n', 'l', '\0',
+  /* "kurschies.de", true */ 'k', 'u', 'r', 's', 'c', 'h', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "kursprogramisty.pl", true */ 'k', 'u', 'r', 's', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'i', 's', 't', 'y', '.', 'p', 'l', '\0',
+  /* "kurswahl-online.de", true */ 'k', 'u', 'r', 's', 'w', 'a', 'h', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "kurtschlatzer.com", true */ 'k', 'u', 'r', 't', 's', 'c', 'h', 'l', 'a', 't', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kuruppa.xyz", true */ 'k', 'u', 'r', 'u', 'p', 'p', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "kuschku.de", true */ 'k', 'u', 's', 'c', 'h', 'k', 'u', '.', 'd', 'e', '\0',
+  /* "kusdaryanto.web.id", true */ 'k', 'u', 's', 'd', 'a', 'r', 'y', 'a', 'n', 't', 'o', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "kushtikidsparties.co.uk", true */ 'k', 'u', 's', 'h', 't', 'i', 'k', 'i', 'd', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kusochi.eu", true */ 'k', 'u', 's', 'o', 'c', 'h', 'i', '.', 'e', 'u', '\0',
+  /* "kutinsoft.com", true */ 'k', 'u', 't', 'i', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kutny.cz", true */ 'k', 'u', 't', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "kutsankaplan.com", true */ 'k', 'u', 't', 's', 'a', 'n', 'k', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kutukupret.com", true */ 'k', 'u', 't', 'u', 'k', 'u', 'p', 'r', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kutus.ee", true */ 'k', 'u', 't', 'u', 's', '.', 'e', 'e', '\0',
+  /* "kuwago.io", true */ 'k', 'u', 'w', 'a', 'g', 'o', '.', 'i', 'o', '\0',
+  /* "kuzbass-pwl.ru", true */ 'k', 'u', 'z', 'b', 'a', 's', 's', '-', 'p', 'w', 'l', '.', 'r', 'u', '\0',
+  /* "kvalita-1a.cz", true */ 'k', 'v', 'a', 'l', 'i', 't', 'a', '-', '1', 'a', '.', 'c', 'z', '\0',
+  /* "kvalitnitesneni.cz", true */ 'k', 'v', 'a', 'l', 'i', 't', 'n', 'i', 't', 'e', 's', 'n', 'e', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "kvcc.com.au", true */ 'k', 'v', 'c', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kvetinymilt.cz", true */ 'k', 'v', 'e', 't', 'i', 'n', 'y', 'm', 'i', 'l', 't', '.', 'c', 'z', '\0',
+  /* "kvhile.com", true */ 'k', 'v', 'h', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kvilt.dk", true */ 'k', 'v', 'i', 'l', 't', '.', 'd', 'k', '\0',
+  /* "kvn.tf", true */ 'k', 'v', 'n', '.', 't', 'f', '\0',
+  /* "kvpc.com.au", true */ 'k', 'v', 'p', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kwat.chat", true */ 'k', 'w', 'a', 't', '.', 'c', 'h', 'a', 't', '\0',
+  /* "kwbresidential.com", true */ 'k', 'w', 'b', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kwcolville.com", true */ 'k', 'w', 'c', 'o', 'l', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kwedo.com", true */ 'k', 'w', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kwidz.fr", true */ 'k', 'w', 'i', 'd', 'z', '.', 'f', 'r', '\0',
+  /* "kwipi.com", true */ 'k', 'w', 'i', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kwmr.me", true */ 'k', 'w', 'm', 'r', '.', 'm', 'e', '\0',
+  /* "kwok.cc", true */ 'k', 'w', 'o', 'k', '.', 'c', 'c', '\0',
+  /* "kwyxz.org", true */ 'k', 'w', 'y', 'x', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "kxah35.com", true */ 'k', 'x', 'a', 'h', '3', '5', '.', 'c', 'o', 'm', '\0',
+  /* "kxnrl.com", true */ 'k', 'x', 'n', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kyberna.xyz", true */ 'k', 'y', 'b', 'e', 'r', 'n', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "kybi.sk", true */ 'k', 'y', 'b', 'i', '.', 's', 'k', '\0',
+  /* "kydara.com", true */ 'k', 'y', 'd', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kykoonn.net", true */ 'k', 'y', 'k', 'o', 'o', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kyledrake.net", true */ 'k', 'y', 'l', 'e', 'd', 'r', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kylejohnson.io", true */ 'k', 'y', 'l', 'e', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "kylelaker.com", true */ 'k', 'y', 'l', 'e', 'l', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kylerwood.com", true */ 'k', 'y', 'l', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kylescastles.co.uk", true */ 'k', 'y', 'l', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kyliehunt.com", true */ 'k', 'y', 'l', 'i', 'e', 'h', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kylinj.com", false */ 'k', 'y', 'l', 'i', 'n', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "kymo.org", true */ 'k', 'y', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kynaston.org.uk", true */ 'k', 'y', 'n', 'a', 's', 't', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "kynastonwedding.co.uk", true */ 'k', 'y', 'n', 'a', 's', 't', 'o', 'n', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kyoko.org", true */ 'k', 'y', 'o', 'k', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kyonagashima.com", true */ 'k', 'y', 'o', 'n', 'a', 'g', 'a', 's', 'h', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kyosaku.org", true */ 'k', 'y', 'o', 's', 'a', 'k', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kyoto-k9.com", true */ 'k', 'y', 'o', 't', 'o', '-', 'k', '9', '.', 'c', 'o', 'm', '\0',
+  /* "kyoto-mic.com", true */ 'k', 'y', 'o', 't', 'o', '-', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kyoto-tomikawa.jp", true */ 'k', 'y', 'o', 't', 'o', '-', 't', 'o', 'm', 'i', 'k', 'a', 'w', 'a', '.', 'j', 'p', '\0',
+  /* "kyoto-tomoshibi.jp", true */ 'k', 'y', 'o', 't', 'o', '-', 't', 'o', 'm', 'o', 's', 'h', 'i', 'b', 'i', '.', 'j', 'p', '\0',
+  /* "kyras-castles.co.uk", true */ 'k', 'y', 'r', 'a', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kyunyuki.com", true */ 'k', 'y', 'u', 'n', 'y', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kyusyu.org", true */ 'k', 'y', 'u', 's', 'y', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kyy.me", true */ 'k', 'y', 'y', '.', 'm', 'e', '\0',
+  /* "kz.search.yahoo.com", false */ 'k', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kzsdabas.hu", true */ 'k', 'z', 's', 'd', 'a', 'b', 'a', 's', '.', 'h', 'u', '\0',
+  /* "l-lab.org", true */ 'l', '-', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "l0re.com", true */ 'l', '0', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "l4n-clan.de", true */ 'l', '4', 'n', '-', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "l7plumbing.com.au", true */ 'l', '7', 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "l7world.com", true */ 'l', '7', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "la-baldosa.fr", true */ 'l', 'a', '-', 'b', 'a', 'l', 'd', 'o', 's', 'a', '.', 'f', 'r', '\0',
+  /* "la-cave-a-nodo.fr", true */ 'l', 'a', '-', 'c', 'a', 'v', 'e', '-', 'a', '-', 'n', 'o', 'd', 'o', '.', 'f', 'r', '\0',
+  /* "la-ganiere.com", true */ 'l', 'a', '-', 'g', 'a', 'n', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "la-maison.ch", true */ 'l', 'a', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "la-maison.eu", true */ 'l', 'a', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "la-petite-entreprise.com", true */ 'l', 'a', '-', 'p', 'e', 't', 'i', 't', 'e', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "la-tourmaline.ch", true */ 'l', 'a', '-', 't', 'o', 'u', 'r', 'm', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "laassari.me", true */ 'l', 'a', 'a', 's', 's', 'a', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "laatikko.io", true */ 'l', 'a', 'a', 't', 'i', 'k', 'k', 'o', '.', 'i', 'o', '\0',
+  /* "labande-annonce.fr", true */ 'l', 'a', 'b', 'a', 'n', 'd', 'e', '-', 'a', 'n', 'n', 'o', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "labcoat.jp", true */ 'l', 'a', 'b', 'c', 'o', 'a', 't', '.', 'j', 'p', '\0',
+  /* "labelleza.com.br", true */ 'l', 'a', 'b', 'e', 'l', 'l', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "labfox.de", true */ 'l', 'a', 'b', 'f', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "labiblioafronebrulepas.com", true */ 'l', 'a', 'b', 'i', 'b', 'l', 'i', 'o', 'a', 'f', 'r', 'o', 'n', 'e', 'b', 'r', 'u', 'l', 'e', 'p', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "labobooks.com", true */ 'l', 'a', 'b', 'o', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "laboiteanem.fr", true */ 'l', 'a', 'b', 'o', 'i', 't', 'e', 'a', 'n', 'e', 'm', '.', 'f', 'r', '\0',
+  /* "labouncycastlehire.co.uk", true */ 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "labourreedevergheas.fr", true */ 'l', 'a', 'b', 'o', 'u', 'r', 'r', 'e', 'e', 'd', 'e', 'v', 'e', 'r', 'g', 'h', 'e', 'a', 's', '.', 'f', 'r', '\0',
+  /* "laboxfaitsoncinema.com", true */ 'l', 'a', 'b', 'o', 'x', 'f', 'a', 'i', 't', 's', 'o', 'n', 'c', 'i', 'n', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "labradorpuppiesforsalebyregisteredlabradorbreeders.com", false */ 'l', 'a', 'b', 'r', 'a', 'd', 'o', 'r', 'p', 'u', 'p', 'p', 'i', 'e', 's', 'f', 'o', 'r', 's', 'a', 'l', 'e', 'b', 'y', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'l', 'a', 'b', 'r', 'a', 'd', 'o', 'r', 'b', 'r', 'e', 'e', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lacaveducinquantenaire.com", true */ 'l', 'a', 'c', 'a', 'v', 'e', 'd', 'u', 'c', 'i', 'n', 'q', 'u', 'a', 'n', 't', 'e', 'n', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lacetsroses.ch", true */ 'l', 'a', 'c', 'e', 't', 's', 'r', 'o', 's', 'e', 's', '.', 'c', 'h', '\0',
+  /* "lachainedesentrepreneurs.fr", true */ 'l', 'a', 'c', 'h', 'a', 'i', 'n', 'e', 'd', 'e', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "lachawoj.de", true */ 'l', 'a', 'c', 'h', 'a', 'w', 'o', 'j', '.', 'd', 'e', '\0',
+  /* "lachlan.com", true */ 'l', 'a', 'c', 'h', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lacicloud.net", true */ 'l', 'a', 'c', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "lacigf.org", true */ 'l', 'a', 'c', 'i', 'g', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "laclaque.ch", true */ 'l', 'a', 'c', 'l', 'a', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "lacledelareussite.com", true */ 'l', 'a', 'c', 'l', 'e', 'd', 'e', 'l', 'a', 'r', 'e', 'u', 's', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lacledeslan.com", false */ 'l', 'a', 'c', 'l', 'e', 'd', 'e', 's', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lacledor.ch", true */ 'l', 'a', 'c', 'l', 'e', 'd', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "laclefdor.ch", true */ 'l', 'a', 'c', 'l', 'e', 'f', 'd', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "lacliniquefinanciere.com", true */ 'l', 'a', 'c', 'l', 'i', 'n', 'i', 'q', 'u', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lacuevadechauvet.com", true */ 'l', 'a', 'c', 'u', 'e', 'v', 'a', 'd', 'e', 'c', 'h', 'a', 'u', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lacyc3.eu", true */ 'l', 'a', 'c', 'y', 'c', '3', '.', 'e', 'u', '\0',
+  /* "ladbroke.net", true */ 'l', 'a', 'd', 'b', 'r', 'o', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lady-2.jp", true */ 'l', 'a', 'd', 'y', '-', '2', '.', 'j', 'p', '\0',
+  /* "ladybugjam.com", true */ 'l', 'a', 'd', 'y', 'b', 'u', 'g', 'j', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "laextra.mx", true */ 'l', 'a', 'e', 'x', 't', 'r', 'a', '.', 'm', 'x', '\0',
+  /* "lafayette-rushford.com", true */ 'l', 'a', 'f', 'a', 'y', 'e', 't', 't', 'e', '-', 'r', 'u', 's', 'h', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lafeemam.fr", true */ 'l', 'a', 'f', 'e', 'e', 'm', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "lafema.de", true */ 'l', 'a', 'f', 'e', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "lafillepolyvalente.ca", true */ 'l', 'a', 'f', 'i', 'l', 'l', 'e', 'p', 'o', 'l', 'y', 'v', 'a', 'l', 'e', 'n', 't', 'e', '.', 'c', 'a', '\0',
+  /* "lafillepolyvalente.com", true */ 'l', 'a', 'f', 'i', 'l', 'l', 'e', 'p', 'o', 'l', 'y', 'v', 'a', 'l', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lafka.org", true */ 'l', 'a', 'f', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "lafkor.de", true */ 'l', 'a', 'f', 'k', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "laflash.com", true */ 'l', 'a', 'f', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "laforetenchantee.ch", true */ 'l', 'a', 'f', 'o', 'r', 'e', 't', 'e', 'n', 'c', 'h', 'a', 'n', 't', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "lafosseobservatoire.be", true */ 'l', 'a', 'f', 'o', 's', 's', 'e', 'o', 'b', 's', 'e', 'r', 'v', 'a', 't', 'o', 'i', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "lafr4nc3.net", true */ 'l', 'a', 'f', 'r', '4', 'n', 'c', '3', '.', 'n', 'e', 't', '\0',
+  /* "lag-gbr.gq", true */ 'l', 'a', 'g', '-', 'g', 'b', 'r', '.', 'g', 'q', '\0',
+  /* "lagarderob.ru", false */ 'l', 'a', 'g', 'a', 'r', 'd', 'e', 'r', 'o', 'b', '.', 'r', 'u', '\0',
+  /* "lagazzettadigitale.it", true */ 'l', 'a', 'g', 'a', 'z', 'z', 'e', 't', 't', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "lagerauftrag.info", true */ 'l', 'a', 'g', 'e', 'r', 'a', 'u', 'f', 't', 'r', 'a', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "laglab.org", true */ 'l', 'a', 'g', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "laguiadelvaron.com", true */ 'l', 'a', 'g', 'u', 'i', 'a', 'd', 'e', 'l', 'v', 'a', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "laguinguette.fr", true */ 'l', 'a', 'g', 'u', 'i', 'n', 'g', 'u', 'e', 't', 't', 'e', '.', 'f', 'r', '\0',
+  /* "lahora.com.ec", true */ 'l', 'a', 'h', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "laindonleisure.co.uk", true */ 'l', 'a', 'i', 'n', 'd', 'o', 'n', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lajijonencadebarbera.com", true */ 'l', 'a', 'j', 'i', 'j', 'o', 'n', 'e', 'n', 'c', 'a', 'd', 'e', 'b', 'a', 'r', 'b', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lak-berlin.de", true */ 'l', 'a', 'k', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "lakatrop.com", true */ 'l', 'a', 'k', 'a', 't', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lakedavid.com.au", true */ 'l', 'a', 'k', 'e', 'd', 'a', 'v', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lakefrontlittleelm.com", true */ 'l', 'a', 'k', 'e', 'f', 'r', 'o', 'n', 't', 'l', 'i', 't', 't', 'l', 'e', 'e', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasucityhomebuyerscredit.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'c', 'i', 't', 'y', 'h', 'o', 'm', 'e', 'b', 'u', 'y', 'e', 'r', 's', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasucitynews.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'c', 'i', 't', 'y', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuhomebuyercredit.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'm', 'e', 'b', 'u', 'y', 'e', 'r', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuhouserentals.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuhouses.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuwebsites.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakesherwoodelectrical.com", true */ 'l', 'a', 'k', 'e', 's', 'h', 'e', 'r', 'w', 'o', 'o', 'd', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lakhesis.net", true */ 'l', 'a', 'k', 'h', 'e', 's', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "lakonia.com.br", true */ 'l', 'a', 'k', 'o', 'n', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lalaya.fr", true */ 'l', 'a', 'l', 'a', 'y', 'a', '.', 'f', 'r', '\0',
+  /* "laled.ch", true */ 'l', 'a', 'l', 'e', 'd', '.', 'c', 'h', '\0',
+  /* "laltroweb.it", true */ 'l', 'a', 'l', 't', 'r', 'o', 'w', 'e', 'b', '.', 'i', 't', '\0',
+  /* "lalyre-corcelles.ch", true */ 'l', 'a', 'l', 'y', 'r', 'e', '-', 'c', 'o', 'r', 'c', 'e', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "lamakat.de", true */ 'l', 'a', 'm', 'a', 'k', 'a', 't', '.', 'd', 'e', '\0',
+  /* "lamapoll.de", true */ 'l', 'a', 'm', 'a', 'p', 'o', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "lamarieealhonneur.com", true */ 'l', 'a', 'm', 'a', 'r', 'i', 'e', 'e', 'a', 'l', 'h', 'o', 'n', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lambauer.com", true */ 'l', 'a', 'm', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lamiaposta.email", false */ 'l', 'a', 'm', 'i', 'a', 'p', 'o', 's', 't', 'a', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "laminine.info", true */ 'l', 'a', 'm', 'i', 'n', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lampegiganten.dk", true */ 'l', 'a', 'm', 'p', 'e', 'g', 'i', 'g', 'a', 'n', 't', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "lampegiganten.no", true */ 'l', 'a', 'm', 'p', 'e', 'g', 'i', 'g', 'a', 'n', 't', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "lampen24.be", true */ 'l', 'a', 'm', 'p', 'e', 'n', '2', '4', '.', 'b', 'e', '\0',
+  /* "lampenwelt.at", true */ 'l', 'a', 'm', 'p', 'e', 'n', 'w', 'e', 'l', 't', '.', 'a', 't', '\0',
+  /* "lampenwelt.ch", true */ 'l', 'a', 'm', 'p', 'e', 'n', 'w', 'e', 'l', 't', '.', 'c', 'h', '\0',
+  /* "lan2k.org", true */ 'l', 'a', 'n', '2', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "lana.swedbank.se", true */ 'l', 'a', 'n', 'a', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "lanbroa.eu", true */ 'l', 'a', 'n', 'b', 'r', 'o', 'a', '.', 'e', 'u', '\0',
+  /* "lanbyte.se", true */ 'l', 'a', 'n', 'b', 'y', 't', 'e', '.', 's', 'e', '\0',
+  /* "lancejames.com", true */ 'l', 'a', 'n', 'c', 'e', 'j', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lancelafontaine.com", true */ 'l', 'a', 'n', 'c', 'e', 'l', 'a', 'f', 'o', 'n', 't', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lanceyip.com", true */ 'l', 'a', 'n', 'c', 'e', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lancork.net", true */ 'l', 'a', 'n', 'c', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "lancyvbc.ch", true */ 'l', 'a', 'n', 'c', 'y', 'v', 'b', 'c', '.', 'c', 'h', '\0',
+  /* "land.nrw", false */ 'l', 'a', 'n', 'd', '.', 'n', 'r', 'w', '\0',
+  /* "landflair-magazin.de", true */ 'l', 'a', 'n', 'd', 'f', 'l', 'a', 'i', 'r', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "landhaus-christmann.de", true */ 'l', 'a', 'n', 'd', 'h', 'a', 'u', 's', '-', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "landinfo.no", true */ 'l', 'a', 'n', 'd', 'i', 'n', 'f', 'o', '.', 'n', 'o', '\0',
+  /* "landofelves.net", true */ 'l', 'a', 'n', 'd', 'o', 'f', 'e', 'l', 'v', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "landyparts.nl", true */ 'l', 'a', 'n', 'd', 'y', 'p', 'a', 'r', 't', 's', '.', 'n', 'l', '\0',
+  /* "lanetix.com", true */ 'l', 'a', 'n', 'e', 't', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lang-php.com", true */ 'l', 'a', 'n', 'g', '-', 'p', 'h', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "langatang.com", true */ 'l', 'a', 'n', 'g', 'a', 't', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "langbein.org", true */ 'l', 'a', 'n', 'g', 'b', 'e', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "langguth.io", true */ 'l', 'a', 'n', 'g', 'g', 'u', 't', 'h', '.', 'i', 'o', '\0',
+  /* "langkahteduh.com", true */ 'l', 'a', 'n', 'g', 'k', 'a', 'h', 't', 'e', 'd', 'u', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "langly.fr", false */ 'l', 'a', 'n', 'g', 'l', 'y', '.', 'f', 'r', '\0',
+  /* "languageterminal.com", true */ 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "langworth.com", true */ 'l', 'a', 'n', 'g', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lanna.io", true */ 'l', 'a', 'n', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "lannainnovation.com", true */ 'l', 'a', 'n', 'n', 'a', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lanre.org", true */ 'l', 'a', 'n', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "lanroamer.de", true */ 'l', 'a', 'n', 'r', 'o', 'a', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lansechensilu.com", true */ 'l', 'a', 'n', 's', 'e', 'c', 'h', 'e', 'n', 's', 'i', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "lanternalauth.com", true */ 'l', 'a', 'n', 't', 'e', 'r', 'n', 'a', 'l', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lantian.pub", true */ 'l', 'a', 'n', 't', 'i', 'a', 'n', '.', 'p', 'u', 'b', '\0',
+  /* "lanturtle.com", true */ 'l', 'a', 'n', 't', 'u', 'r', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lanuovariviera.it", true */ 'l', 'a', 'n', 'u', 'o', 'v', 'a', 'r', 'i', 'v', 'i', 'e', 'r', 'a', '.', 'i', 't', '\0',
+  /* "lanyang.tk", true */ 'l', 'a', 'n', 'y', 'a', 'n', 'g', '.', 't', 'k', '\0',
+  /* "lanzamientovirtual.es", true */ 'l', 'a', 'n', 'z', 'a', 'm', 'i', 'e', 'n', 't', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'e', 's', '\0',
+  /* "lanzarote-online.info", true */ 'l', 'a', 'n', 'z', 'a', 'r', 'o', 't', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "laos.dating", true */ 'l', 'a', 'o', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "laospage.com", true */ 'l', 'a', 'o', 's', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laozhu.me", true */ 'l', 'a', 'o', 'z', 'h', 'u', '.', 'm', 'e', '\0',
+  /* "lapassiondutrading.com", true */ 'l', 'a', 'p', 'a', 's', 's', 'i', 'o', 'n', 'd', 'u', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lapetition.be", true */ 'l', 'a', 'p', 'e', 't', 'i', 't', 'i', 'o', 'n', '.', 'b', 'e', '\0',
+  /* "lapidge.net", true */ 'l', 'a', 'p', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "laplanetebleue.com", true */ 'l', 'a', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'b', 'l', 'e', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lapolla.com", true */ 'l', 'a', 'p', 'o', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lapotagere.ch", true */ 'l', 'a', 'p', 'o', 't', 'a', 'g', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "lapparente-aise.ch", true */ 'l', 'a', 'p', 'p', 'a', 'r', 'e', 'n', 't', 'e', '-', 'a', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "laracode.eu", true */ 'l', 'a', 'r', 'a', 'c', 'o', 'd', 'e', '.', 'e', 'u', '\0',
+  /* "laraeph.com", true */ 'l', 'a', 'r', 'a', 'e', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "laraigneedusoir.com", true */ 'l', 'a', 'r', 'a', 'i', 'g', 'n', 'e', 'e', 'd', 'u', 's', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "laranara.se", true */ 'l', 'a', 'r', 'a', 'n', 'a', 'r', 'a', '.', 's', 'e', '\0',
+  /* "laraveldirectory.com", true */ 'l', 'a', 'r', 'a', 'v', 'e', 'l', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lareclame.fr", true */ 'l', 'a', 'r', 'e', 'c', 'l', 'a', 'm', 'e', '.', 'f', 'r', '\0',
+  /* "larepublicacultural.es", true */ 'l', 'a', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'e', 's', '\0',
+  /* "largescaleforums.com", true */ 'l', 'a', 'r', 'g', 'e', 's', 'c', 'a', 'l', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "largeviewer.com", true */ 'l', 'a', 'r', 'g', 'e', 'v', 'i', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lariscus.eu", true */ 'l', 'a', 'r', 'i', 's', 'c', 'u', 's', '.', 'e', 'u', '\0',
+  /* "larondinedisinfestazione.com", true */ 'l', 'a', 'r', 'o', 'n', 'd', 'i', 'n', 'e', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "larptreff.de", true */ 'l', 'a', 'r', 'p', 't', 'r', 'e', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "larraz.es", true */ 'l', 'a', 'r', 'r', 'a', 'z', '.', 'e', 's', '\0',
+  /* "larrysalibra.com", true */ 'l', 'a', 'r', 'r', 'y', 's', 'a', 'l', 'i', 'b', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lars-ewald.com", true */ 'l', 'a', 'r', 's', '-', 'e', 'w', 'a', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lars-mense.de", true */ 'l', 'a', 'r', 's', '-', 'm', 'e', 'n', 's', 'e', '.', 'd', 'e', '\0',
+  /* "lars.cloud", true */ 'l', 'a', 'r', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "larsbauer.xyz", true */ 'l', 'a', 'r', 's', 'b', 'a', 'u', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "larsklene.nl", true */ 'l', 'a', 'r', 's', 'k', 'l', 'e', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "larsklint.com", true */ 'l', 'a', 'r', 's', 'k', 'l', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "larsmerke.de", true */ 'l', 'a', 'r', 's', 'm', 'e', 'r', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "laruga.co.uk", true */ 'l', 'a', 'r', 'u', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lasalle.wa.edu.au", true */ 'l', 'a', 's', 'a', 'l', 'l', 'e', '.', 'w', 'a', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0',
+  /* "lasarmas.com", true */ 'l', 'a', 's', 'a', 'r', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lascana.co.uk", true */ 'l', 'a', 's', 'c', 'a', 'n', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lasereyess.net", true */ 'l', 'a', 's', 'e', 'r', 'e', 'y', 'e', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "laserpc.net", true */ 'l', 'a', 's', 'e', 'r', 'p', 'c', '.', 'n', 'e', 't', '\0',
+  /* "laserplaza.de", true */ 'l', 'a', 's', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "laserplaza.net", true */ 'l', 'a', 's', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "lasertechsolutions.com", true */ 'l', 'a', 's', 'e', 'r', 't', 'e', 'c', 'h', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lask.in", true */ 'l', 'a', 's', 'k', '.', 'i', 'n', '\0',
+  /* "laskas.pl", true */ 'l', 'a', 's', 'k', 'a', 's', '.', 'p', 'l', '\0',
+  /* "lasnaves.com", true */ 'l', 'a', 's', 'n', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "laspequenassemillas.com", true */ 'l', 'a', 's', 'p', 'e', 'q', 'u', 'e', 'n', 'a', 's', 's', 'e', 'm', 'i', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lasrecetasdeguada.com", true */ 'l', 'a', 's', 'r', 'e', 'c', 'e', 't', 'a', 's', 'd', 'e', 'g', 'u', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lasse-it.dk", true */ 'l', 'a', 's', 's', 'e', '-', 'i', 't', '.', 'd', 'k', '\0',
+  /* "lasseleegaard.com", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lasseleegaard.dk", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "lasseleegaard.net", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "lasseleegaard.org", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "lasst-uns-beten.de", true */ 'l', 'a', 's', 's', 't', '-', 'u', 'n', 's', '-', 'b', 'e', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lastchancetraveler.com", true */ 'l', 'a', 's', 't', 'c', 'h', 'a', 'n', 'c', 'e', 't', 'r', 'a', 'v', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lastharo.com", true */ 'l', 'a', 's', 't', 'h', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lastpass.com", false */ 'l', 'a', 's', 't', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lastrada-minden.de", true */ 'l', 'a', 's', 't', 'r', 'a', 'd', 'a', '-', 'm', 'i', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lastweekinaws.com", true */ 'l', 'a', 's', 't', 'w', 'e', 'e', 'k', 'i', 'n', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lasuzefc.fr", true */ 'l', 'a', 's', 'u', 'z', 'e', 'f', 'c', '.', 'f', 'r', '\0',
+  /* "lat.sk", true */ 'l', 'a', 't', '.', 's', 'k', '\0',
+  /* "latabledebry.be", true */ 'l', 'a', 't', 'a', 'b', 'l', 'e', 'd', 'e', 'b', 'r', 'y', '.', 'b', 'e', '\0',
+  /* "latabledemontebello.com", true */ 'l', 'a', 't', 'a', 'b', 'l', 'e', 'd', 'e', 'm', 'o', 'n', 't', 'e', 'b', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "latamarissiere.eu", true */ 'l', 'a', 't', 'a', 'm', 'a', 'r', 'i', 's', 's', 'i', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "late.am", true */ 'l', 'a', 't', 'e', '.', 'a', 'm', '\0',
+  /* "latecnosfera.com", true */ 'l', 'a', 't', 'e', 'c', 'n', 'o', 's', 'f', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lateliercantaldeco.fr", true */ 'l', 'a', 't', 'e', 'l', 'i', 'e', 'r', 'c', 'a', 'n', 't', 'a', 'l', 'd', 'e', 'c', 'o', '.', 'f', 'r', '\0',
+  /* "latemodern.com", true */ 'l', 'a', 't', 'e', 'm', 'o', 'd', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "latenitefilms.com", false */ 'l', 'a', 't', 'e', 'n', 'i', 't', 'e', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lateralsecurity.com", true */ 'l', 'a', 't', 'e', 'r', 'a', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "latestdeals.co.uk", true */ 'l', 'a', 't', 'e', 's', 't', 'd', 'e', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "latetrain.cn", true */ 'l', 'a', 't', 'e', 't', 'r', 'a', 'i', 'n', '.', 'c', 'n', '\0',
+  /* "lathen-wahn.de", true */ 'l', 'a', 't', 'h', 'e', 'n', '-', 'w', 'a', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "latino.dating", true */ 'l', 'a', 't', 'i', 'n', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "latinphone.com", true */ 'l', 'a', 't', 'i', 'n', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "latitude42technology.com", true */ 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', '4', '2', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "latitudesign.com", true */ 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "latour-managedcare.ch", true */ 'l', 'a', 't', 'o', 'u', 'r', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'd', 'c', 'a', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "latremebunda.com", true */ 'l', 'a', 't', 'r', 'e', 'm', 'e', 'b', 'u', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "latrine.cz", true */ 'l', 'a', 't', 'r', 'i', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "latterdaybride.com", true */ 'l', 'a', 't', 't', 'e', 'r', 'd', 'a', 'y', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lattyware.co.uk", true */ 'l', 'a', 't', 't', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lattyware.com", true */ 'l', 'a', 't', 't', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laubacher.io", true */ 'l', 'a', 'u', 'b', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "lauchundei.at", true */ 'l', 'a', 'u', 'c', 'h', 'u', 'n', 'd', 'e', 'i', '.', 'a', 't', '\0',
+  /* "laufcampus.com", true */ 'l', 'a', 'u', 'f', 'c', 'a', 'm', 'p', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "laufpix.de", true */ 'l', 'a', 'u', 'f', 'p', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "laufseminare-laufreisen.com", true */ 'l', 'a', 'u', 'f', 's', 'e', 'm', 'i', 'n', 'a', 'r', 'e', '-', 'l', 'a', 'u', 'f', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lauftrainer-ausbildung.com", true */ 'l', 'a', 'u', 'f', 't', 'r', 'a', 'i', 'n', 'e', 'r', '-', 'a', 'u', 's', 'b', 'i', 'l', 'd', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lauftreff-himmelgeist.de", true */ 'l', 'a', 'u', 'f', 't', 'r', 'e', 'f', 'f', '-', 'h', 'i', 'm', 'm', 'e', 'l', 'g', 'e', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "laughinggrapepublishing.com", true */ 'l', 'a', 'u', 'g', 'h', 'i', 'n', 'g', 'g', 'r', 'a', 'p', 'e', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "laukstein.com", true */ 'l', 'a', 'u', 'k', 's', 't', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "launchpad-app2.com", true */ 'l', 'a', 'u', 'n', 'c', 'h', 'p', 'a', 'd', '-', 'a', 'p', 'p', '2', '.', 'c', 'o', 'm', '\0',
+  /* "lauraandwill.wedding", true */ 'l', 'a', 'u', 'r', 'a', 'a', 'n', 'd', 'w', 'i', 'l', 'l', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "laurakashiwase.com", true */ 'l', 'a', 'u', 'r', 'a', 'k', 'a', 's', 'h', 'i', 'w', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laurasplacefamilysupport.org.au", true */ 'l', 'a', 'u', 'r', 'a', 's', 'p', 'l', 'a', 'c', 'e', 'f', 'a', 'm', 'i', 'l', 'y', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "laurelblack.com", true */ 'l', 'a', 'u', 'r', 'e', 'l', 'b', 'l', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "laurelspaandlash.com", true */ 'l', 'a', 'u', 'r', 'e', 'l', 's', 'p', 'a', 'a', 'n', 'd', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "laurenlobue.com", true */ 'l', 'a', 'u', 'r', 'e', 'n', 'l', 'o', 'b', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laurent-e-levy.com", true */ 'l', 'a', 'u', 'r', 'e', 'n', 't', '-', 'e', '-', 'l', 'e', 'v', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lauriuc.sk", true */ 'l', 'a', 'u', 'r', 'i', 'u', 'c', '.', 's', 'k', '\0',
+  /* "lausannedentiste.ch", true */ 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', 'd', 'e', 'n', 't', 'i', 's', 't', 'e', '.', 'c', 'h', '\0',
+  /* "lausannelovers.ch", true */ 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', 'l', 'o', 'v', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "laussat.de", true */ 'l', 'a', 'u', 's', 's', 'a', 't', '.', 'd', 'e', '\0',
+  /* "lauzon-hitter.com", true */ 'l', 'a', 'u', 'z', 'o', 'n', '-', 'h', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lavabit.no", true */ 'l', 'a', 'v', 'a', 'b', 'i', 't', '.', 'n', 'o', '\0',
+  /* "lavalite.de", true */ 'l', 'a', 'v', 'a', 'l', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "lavamob.com", true */ 'l', 'a', 'v', 'a', 'm', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "lavaux.lv", true */ 'l', 'a', 'v', 'a', 'u', 'x', '.', 'l', 'v', '\0',
+  /* "lavenderx.org", true */ 'l', 'a', 'v', 'e', 'n', 'd', 'e', 'r', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "laviedalex.ovh", true */ 'l', 'a', 'v', 'i', 'e', 'd', 'a', 'l', 'e', 'x', '.', 'o', 'v', 'h', '\0',
+  /* "lavita.de", true */ 'l', 'a', 'v', 'i', 't', 'a', '.', 'd', 'e', '\0',
+  /* "lavitrine-une-collection.be", true */ 'l', 'a', 'v', 'i', 't', 'r', 'i', 'n', 'e', '-', 'u', 'n', 'e', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'b', 'e', '\0',
+  /* "lavolte.net", true */ 'l', 'a', 'v', 'o', 'l', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lavval.com", false */ 'l', 'a', 'v', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "law-peters.de", true */ 'l', 'a', 'w', '-', 'p', 'e', 't', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "lawformt.com", true */ 'l', 'a', 'w', 'f', 'o', 'r', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lawn-seeds.com", true */ 'l', 'a', 'w', 'n', '-', 's', 'e', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lawnuk.com", true */ 'l', 'a', 'w', 'n', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lawrence-institute.com", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', '-', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lawrenceberg.nl", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "lawrencemurgatroyd.com", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', 'm', 'u', 'r', 'g', 'a', 't', 'r', 'o', 'y', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "laylo.nl", true */ 'l', 'a', 'y', 'l', 'o', '.', 'n', 'l', '\0',
+  /* "laymans911.info", true */ 'l', 'a', 'y', 'm', 'a', 'n', 's', '9', '1', '1', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "layoutsatzunddruck.de", true */ 'l', 'a', 'y', 'o', 'u', 't', 's', 'a', 't', 'z', 'u', 'n', 'd', 'd', 'r', 'u', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "lazerus.net", true */ 'l', 'a', 'z', 'e', 'r', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "lazowik.pl", true */ 'l', 'a', 'z', 'o', 'w', 'i', 'k', '.', 'p', 'l', '\0',
+  /* "lazurit.com", true */ 'l', 'a', 'z', 'u', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lazyboston.com", true */ 'l', 'a', 'z', 'y', 'b', 'o', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lazyclock.com", true */ 'l', 'a', 'z', 'y', 'c', 'l', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lazyframe.com", true */ 'l', 'a', 'z', 'y', 'f', 'r', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lazytux.de", true */ 'l', 'a', 'z', 'y', 't', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "lazytux.org", true */ 'l', 'a', 'z', 'y', 't', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "lb-toner.de", true */ 'l', 'b', '-', 't', 'o', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lbayer.com", true */ 'l', 'b', 'a', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lbc.gr", true */ 'l', 'b', 'c', '.', 'g', 'r', '\0',
+  /* "lbgconsultores.com", true */ 'l', 'b', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lbihrhelpdesk.com", true */ 'l', 'b', 'i', 'h', 'r', 'h', 'e', 'l', 'p', 'd', 'e', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lbls.me", true */ 'l', 'b', 'l', 's', '.', 'm', 'e', '\0',
+  /* "lbphacker.pw", true */ 'l', 'b', 'p', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'p', 'w', '\0',
+  /* "lbrlh.tk", true */ 'l', 'b', 'r', 'l', 'h', '.', 't', 'k', '\0',
+  /* "lbrli.tk", true */ 'l', 'b', 'r', 'l', 'i', '.', 't', 'k', '\0',
+  /* "lbs-logics.com", true */ 'l', 'b', 's', '-', 'l', 'o', 'g', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lca-pv.de", true */ 'l', 'c', 'a', '-', 'p', 'v', '.', 'd', 'e', '\0',
+  /* "lce-events.com", true */ 'l', 'c', 'e', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lcht.ch", false */ 'l', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "lclarkpdx.com", true */ 'l', 'c', 'l', 'a', 'r', 'k', 'p', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ld-begunjscica.si", true */ 'l', 'd', '-', 'b', 'e', 'g', 'u', 'n', 'j', 's', 'c', 'i', 'c', 'a', '.', 's', 'i', '\0',
+  /* "ldc.com.br", false */ 'l', 'd', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "le-bar.org", true */ 'l', 'e', '-', 'b', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "le-blog.ch", true */ 'l', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'h', '\0',
+  /* "le-controle-parental.fr", true */ 'l', 'e', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'e', '-', 'p', 'a', 'r', 'e', 'n', 't', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "le-creux-du-van.ch", true */ 'l', 'e', '-', 'c', 'r', 'e', 'u', 'x', '-', 'd', 'u', '-', 'v', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "le-dev.de", false */ 'l', 'e', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "le-h.de", true */ 'l', 'e', '-', 'h', '.', 'd', 'e', '\0',
+  /* "le-hosting.de", true */ 'l', 'e', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "le-page.info", true */ 'l', 'e', '-', 'p', 'a', 'g', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "le-palantir.com", true */ 'l', 'e', '-', 'p', 'a', 'l', 'a', 'n', 't', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "le-traiteur-parisien.fr", true */ 'l', 'e', '-', 't', 'r', 'a', 'i', 't', 'e', 'u', 'r', '-', 'p', 'a', 'r', 'i', 's', 'i', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "le0.me", true */ 'l', 'e', '0', '.', 'm', 'e', '\0',
+  /* "le130rb.com", true */ 'l', 'e', '1', '3', '0', 'r', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "le23.fr", true */ 'l', 'e', '2', '3', '.', 'f', 'r', '\0',
+  /* "le42mars.fr", true */ 'l', 'e', '4', '2', 'm', 'a', 'r', 's', '.', 'f', 'r', '\0',
+  /* "leadbox.cz", true */ 'l', 'e', 'a', 'd', 'b', 'o', 'x', '.', 'c', 'z', '\0',
+  /* "leadgenie.me", true */ 'l', 'e', 'a', 'd', 'g', 'e', 'n', 'i', 'e', '.', 'm', 'e', '\0',
+  /* "leadingsalons.com", true */ 'l', 'e', 'a', 'd', 'i', 'n', 'g', 's', 'a', 'l', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "leafandseed.co.uk", true */ 'l', 'e', 'a', 'f', 'a', 'n', 'd', 's', 'e', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leafans.tk", true */ 'l', 'e', 'a', 'f', 'a', 'n', 's', '.', 't', 'k', '\0',
+  /* "leafinote.com", true */ 'l', 'e', 'a', 'f', 'i', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leakedminecraft.net", true */ 'l', 'e', 'a', 'k', 'e', 'd', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "leakforums.net", true */ 'l', 'e', 'a', 'k', 'f', 'o', 'r', 'u', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "leakreporter.net", true */ 'l', 'e', 'a', 'k', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "leaks.directory", true */ 'l', 'e', 'a', 'k', 's', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "leanclub.org", true */ 'l', 'e', 'a', 'n', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "leandre.cn", true */ 'l', 'e', 'a', 'n', 'd', 'r', 'e', '.', 'c', 'n', '\0',
+  /* "leanplando.com", true */ 'l', 'e', 'a', 'n', 'p', 'l', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "leaodarodesia.com.br", true */ 'l', 'e', 'a', 'o', 'd', 'a', 'r', 'o', 'd', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "leap-it.be", true */ 'l', 'e', 'a', 'p', '-', 'i', 't', '.', 'b', 'e', '\0',
+  /* "leapandjump.co.uk", true */ 'l', 'e', 'a', 'p', 'a', 'n', 'd', 'j', 'u', 'm', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "learn-smart.uk", true */ 'l', 'e', 'a', 'r', 'n', '-', 's', 'm', 'a', 'r', 't', '.', 'u', 'k', '\0',
+  /* "learnedhacker.com", true */ 'l', 'e', 'a', 'r', 'n', 'e', 'd', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "learnerdriving.com", false */ 'l', 'e', 'a', 'r', 'n', 'e', 'r', 'd', 'r', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "learnflakes.net", true */ 'l', 'e', 'a', 'r', 'n', 'f', 'l', 'a', 'k', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "learningis1.st", true */ 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'i', 's', '1', '.', 's', 't', '\0',
+  /* "learninglaw.com", true */ 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "learnpianogreece.com", true */ 'l', 'e', 'a', 'r', 'n', 'p', 'i', 'a', 'n', 'o', 'g', 'r', 'e', 'e', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "learnplayground.com", true */ 'l', 'e', 'a', 'r', 'n', 'p', 'l', 'a', 'y', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "learntube.cz", true */ 'l', 'e', 'a', 'r', 'n', 't', 'u', 'b', 'e', '.', 'c', 'z', '\0',
+  /* "leaseit24.com", true */ 'l', 'e', 'a', 's', 'e', 'i', 't', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "leaseit24.de", true */ 'l', 'e', 'a', 's', 'e', 'i', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "leasit.at", true */ 'l', 'e', 'a', 's', 'i', 't', '.', 'a', 't', '\0',
+  /* "leasit.de", true */ 'l', 'e', 'a', 's', 'i', 't', '.', 'd', 'e', '\0',
+  /* "leatherfurnitureexpo.com", true */ 'l', 'e', 'a', 't', 'h', 'e', 'r', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', 'e', 'x', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "leatherwood.nl", true */ 'l', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'n', 'l', '\0',
+  /* "leavesofchangeweekly.org", true */ 'l', 'e', 'a', 'v', 'e', 's', 'o', 'f', 'c', 'h', 'a', 'n', 'g', 'e', 'w', 'e', 'e', 'k', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "lebanesearmy.gov.lb", true */ 'l', 'e', 'b', 'a', 'n', 'e', 's', 'e', 'a', 'r', 'm', 'y', '.', 'g', 'o', 'v', '.', 'l', 'b', '\0',
+  /* "lebarbatruc.com", true */ 'l', 'e', 'b', 'a', 'r', 'b', 'a', 't', 'r', 'u', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lebarmy.gov.lb", true */ 'l', 'e', 'b', 'a', 'r', 'm', 'y', '.', 'g', 'o', 'v', '.', 'l', 'b', '\0',
+  /* "lebens-fluss.at", true */ 'l', 'e', 'b', 'e', 'n', 's', '-', 'f', 'l', 'u', 's', 's', '.', 'a', 't', '\0',
+  /* "lebihan.pl", true */ 'l', 'e', 'b', 'i', 'h', 'a', 'n', '.', 'p', 'l', '\0',
+  /* "leblanc.io", true */ 'l', 'e', 'b', 'l', 'a', 'n', 'c', '.', 'i', 'o', '\0',
+  /* "lebosse.me", true */ 'l', 'e', 'b', 'o', 's', 's', 'e', '.', 'm', 'e', '\0',
+  /* "lebourgeo.is", true */ 'l', 'e', 'b', 'o', 'u', 'r', 'g', 'e', 'o', '.', 'i', 's', '\0',
+  /* "lechaudrondupertuis.ch", true */ 'l', 'e', 'c', 'h', 'a', 'u', 'd', 'r', 'o', 'n', 'd', 'u', 'p', 'e', 'r', 't', 'u', 'i', 's', '.', 'c', 'h', '\0',
+  /* "lechiennoir.net", true */ 'l', 'e', 'c', 'h', 'i', 'e', 'n', 'n', 'o', 'i', 'r', '.', 'n', 'e', 't', '\0',
+  /* "leclaire.com.br", true */ 'l', 'e', 'c', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ledecologie.com.br", true */ 'l', 'e', 'd', 'e', 'c', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ledeguisement.com", true */ 'l', 'e', 'd', 'e', 'g', 'u', 'i', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ledhouse.sk", true */ 'l', 'e', 'd', 'h', 'o', 'u', 's', 'e', '.', 's', 'k', '\0',
+  /* "ledzom.ru", false */ 'l', 'e', 'd', 'z', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "lee-fuller.co.uk", true */ 'l', 'e', 'e', '-', 'f', 'u', 'l', 'l', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leebiblestudycenter.co.uk", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leebiblestudycenter.com", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "leebiblestudycentre.co.uk", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leebiblestudycentre.com", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leech360.com", true */ 'l', 'e', 'e', 'c', 'h', '3', '6', '0', '.', 'c', 'o', 'm', '\0',
+  /* "leeclemens.net", true */ 'l', 'e', 'e', 'c', 'l', 'e', 'm', 'e', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "leedev.org", true */ 'l', 'e', 'e', 'd', 'e', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "leelou.wedding", true */ 'l', 'e', 'e', 'l', 'o', 'u', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "leere.me", true */ 'l', 'e', 'e', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "leerkotte.eu", true */ 'l', 'e', 'e', 'r', 'k', 'o', 't', 't', 'e', '.', 'e', 'u', '\0',
+  /* "leerliga.de", true */ 'l', 'e', 'e', 'r', 'l', 'i', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "leertipp.de", true */ 'l', 'e', 'e', 'r', 't', 'i', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "leesilvey.com", true */ 'l', 'e', 'e', 's', 'i', 'l', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "leet2.com", true */ 'l', 'e', 'e', 't', '2', '.', 'c', 'o', 'm', '\0',
+  /* "leetcode.com", true */ 'l', 'e', 'e', 't', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leetcode.net", true */ 'l', 'e', 'e', 't', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "leetgamers.asia", true */ 'l', 'e', 'e', 't', 'g', 'a', 'm', 'e', 'r', 's', '.', 'a', 's', 'i', 'a', '\0',
+  /* "leetsaber.com", true */ 'l', 'e', 'e', 't', 's', 'a', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "leevealdc.com", true */ 'l', 'e', 'e', 'v', 'e', 'a', 'l', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lefebvristes.com", true */ 'l', 'e', 'f', 'e', 'b', 'v', 'r', 'i', 's', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lefebvristes.fr", true */ 'l', 'e', 'f', 'e', 'b', 'v', 'r', 'i', 's', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "leflibustier.ru", true */ 'l', 'e', 'f', 'l', 'i', 'b', 'u', 's', 't', 'i', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "lefonddeloeil.com", true */ 'l', 'e', 'f', 'o', 'n', 'd', 'd', 'e', 'l', 'o', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "leftclick.cloud", true */ 'l', 'e', 'f', 't', 'c', 'l', 'i', 'c', 'k', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "leftclick.eu", true */ 'l', 'e', 'f', 't', 'c', 'l', 'i', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "lega-dental.com", true */ 'l', 'e', 'g', 'a', '-', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "legadental.com", true */ 'l', 'e', 'g', 'a', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "legalcontrol.info", true */ 'l', 'e', 'g', 'a', 'l', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "legalrobot-uat.com", true */ 'l', 'e', 'g', 'a', 'l', 'r', 'o', 'b', 'o', 't', '-', 'u', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "legalrobot.com", true */ 'l', 'e', 'g', 'a', 'l', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "legaltip.eu", true */ 'l', 'e', 'g', 'a', 'l', 't', 'i', 'p', '.', 'e', 'u', '\0',
+  /* "legatofmrc.fr", true */ 'l', 'e', 'g', 'a', 't', 'o', 'f', 'm', 'r', 'c', '.', 'f', 'r', '\0',
+  /* "legendary.camera", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'a', 'r', 'y', '.', 'c', 'a', 'm', 'e', 'r', 'a', '\0',
+  /* "legendesdechine.ch", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'e', 's', 'd', 'e', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "legendofkrystal.com", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'o', 'f', 'k', 'r', 'y', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "legends-game.ru", false */ 'l', 'e', 'g', 'e', 'n', 'd', 's', '-', 'g', 'a', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "legible.es", true */ 'l', 'e', 'g', 'i', 'b', 'l', 'e', '.', 'e', 's', '\0',
+  /* "legiscontabilidade.com.br", true */ 'l', 'e', 'g', 'i', 's', 'c', 'o', 'n', 't', 'a', 'b', 'i', 'l', 'i', 'd', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "legit.nz", true */ 'l', 'e', 'g', 'i', 't', '.', 'n', 'z', '\0',
+  /* "legjobblogo.hu", true */ 'l', 'e', 'g', 'j', 'o', 'b', 'b', 'l', 'o', 'g', 'o', '.', 'h', 'u', '\0',
+  /* "legland.fr", true */ 'l', 'e', 'g', 'l', 'a', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "legoutdesplantes.be", true */ 'l', 'e', 'g', 'o', 'u', 't', 'd', 'e', 's', 'p', 'l', 'a', 'n', 't', 'e', 's', '.', 'b', 'e', '\0',
+  /* "legumefederation.org", true */ 'l', 'e', 'g', 'u', 'm', 'e', 'f', 'e', 'd', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "legumeinfo.org", true */ 'l', 'e', 'g', 'u', 'm', 'e', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "lehighmathcircle.org", true */ 'l', 'e', 'h', 'i', 'g', 'h', 'm', 'a', 't', 'h', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "leibniz-remscheid.de", false */ 'l', 'e', 'i', 'b', 'n', 'i', 'z', '-', 'r', 'e', 'm', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "leideninternationalreview.com", true */ 'l', 'e', 'i', 'd', 'e', 'n', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "leifdreizler.com", false */ 'l', 'e', 'i', 'f', 'd', 'r', 'e', 'i', 'z', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "leigh.life", true */ 'l', 'e', 'i', 'g', 'h', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "leilautourdumon.de", true */ 'l', 'e', 'i', 'l', 'a', 'u', 't', 'o', 'u', 'r', 'd', 'u', 'm', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "leilonorte.com", true */ 'l', 'e', 'i', 'l', 'o', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leiming.co", true */ 'l', 'e', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "leinfelder.in", true */ 'l', 'e', 'i', 'n', 'f', 'e', 'l', 'd', 'e', 'r', '.', 'i', 'n', '\0',
+  /* "leipzig.photo", true */ 'l', 'e', 'i', 'p', 'z', 'i', 'g', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "leipziger-triathlon.de", true */ 'l', 'e', 'i', 'p', 'z', 'i', 'g', 'e', 'r', '-', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "leisure-blog.com", true */ 'l', 'e', 'i', 's', 'u', 'r', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "leisure-supplies-show.co.uk", true */ 'l', 'e', 'i', 's', 'u', 'r', 'e', '-', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '-', 's', 'h', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leition.com", true */ 'l', 'e', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "leitionusercontent.com", true */ 'l', 'e', 'i', 't', 'i', 'o', 'n', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lejardindesmesanges.fr", true */ 'l', 'e', 'j', 'a', 'r', 'd', 'i', 'n', 'd', 'e', 's', 'm', 'e', 's', 'a', 'n', 'g', 'e', 's', '.', 'f', 'r', '\0',
+  /* "lel.ovh", true */ 'l', 'e', 'l', '.', 'o', 'v', 'h', '\0',
+  /* "lelehei.com", true */ 'l', 'e', 'l', 'e', 'h', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lelubre.info", true */ 'l', 'e', 'l', 'u', 'b', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lemarcheelagrandeguerra.it", true */ 'l', 'e', 'm', 'a', 'r', 'c', 'h', 'e', 'e', 'l', 'a', 'g', 'r', 'a', 'n', 'd', 'e', 'g', 'u', 'e', 'r', 'r', 'a', '.', 'i', 't', '\0',
+  /* "lemni.top", true */ 'l', 'e', 'm', 'n', 'i', '.', 't', 'o', 'p', '\0',
+  /* "lemoine.at", true */ 'l', 'e', 'm', 'o', 'i', 'n', 'e', '.', 'a', 't', '\0',
+  /* "lemon.co", true */ 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "lemondrops.xyz", true */ 'l', 'e', 'm', 'o', 'n', 'd', 'r', 'o', 'p', 's', '.', 'x', 'y', 'z', '\0',
+  /* "lemonop.com", true */ 'l', 'e', 'm', 'o', 'n', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lemonrockbiketours.com", true */ 'l', 'e', 'm', 'o', 'n', 'r', 'o', 'c', 'k', 'b', 'i', 'k', 'e', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lemuslimpost.com", true */ 'l', 'e', 'm', 'u', 's', 'l', 'i', 'm', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lenagroben.de", true */ 'l', 'e', 'n', 'a', 'g', 'r', 'o', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lence.net", true */ 'l', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lenguajedeprogramacion.com", true */ 'l', 'e', 'n', 'g', 'u', 'a', 'j', 'e', 'd', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'a', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lengzzz.com", true */ 'l', 'e', 'n', 'g', 'z', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "lenidh.de", true */ 'l', 'e', 'n', 'i', 'd', 'h', '.', 'd', 'e', '\0',
+  /* "leninalbertop.com.ve", true */ 'l', 'e', 'n', 'i', 'n', 'a', 'l', 'b', 'e', 'r', 't', 'o', 'p', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "lenkunz.me", true */ 'l', 'e', 'n', 'k', 'u', 'n', 'z', '.', 'm', 'e', '\0',
+  /* "lennier.info", true */ 'l', 'e', 'n', 'n', 'i', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lennyfaces.net", true */ 'l', 'e', 'n', 'n', 'y', 'f', 'a', 'c', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "lennyobez.be", true */ 'l', 'e', 'n', 'n', 'y', 'o', 'b', 'e', 'z', '.', 'b', 'e', '\0',
+  /* "lenr-forum.com", true */ 'l', 'e', 'n', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lensdoctor.com", true */ 'l', 'e', 'n', 's', 'd', 'o', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lenspirations.com", true */ 'l', 'e', 'n', 's', 'p', 'i', 'r', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lensual.space", true */ 'l', 'e', 'n', 's', 'u', 'a', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "lenuagebauche.org", true */ 'l', 'e', 'n', 'u', 'a', 'g', 'e', 'b', 'a', 'u', 'c', 'h', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "lenyip.com", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lenyip.me", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "lenyip.works", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "lenzw.de", true */ 'l', 'e', 'n', 'z', 'w', '.', 'd', 'e', '\0',
+  /* "leoandpeto.com", true */ 'l', 'e', 'o', 'a', 'n', 'd', 'p', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "leodaniels.com", true */ 'l', 'e', 'o', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "leola.cz", true */ 'l', 'e', 'o', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "leola.sk", true */ 'l', 'e', 'o', 'l', 'a', '.', 's', 'k', '\0',
+  /* "leominstercu.com", false */ 'l', 'e', 'o', 'm', 'i', 'n', 's', 't', 'e', 'r', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "leon-tech.com", true */ 'l', 'e', 'o', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "leon.net", true */ 'l', 'e', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "leonard.io", false */ 'l', 'e', 'o', 'n', 'a', 'r', 'd', '.', 'i', 'o', '\0',
+  /* "leonax.net", true */ 'l', 'e', 'o', 'n', 'a', 'x', '.', 'n', 'e', 't', '\0',
+  /* "leondenard.com", true */ 'l', 'e', 'o', 'n', 'd', 'e', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "leonklingele.de", true */ 'l', 'e', 'o', 'n', 'k', 'l', 'i', 'n', 'g', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "leopoldina.net", true */ 'l', 'e', 'o', 'p', 'o', 'l', 'd', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "leowkahman.com", true */ 'l', 'e', 'o', 'w', 'k', 'a', 'h', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lep.gov", true */ 'l', 'e', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "lepenetapeti.com", true */ 'l', 'e', 'p', 'e', 'n', 'e', 't', 'a', 'p', 'e', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lepiquillo.fr", true */ 'l', 'e', 'p', 'i', 'q', 'u', 'i', 'l', 'l', 'o', '.', 'f', 'r', '\0',
+  /* "leponton-lorient.fr", true */ 'l', 'e', 'p', 'o', 'n', 't', 'o', 'n', '-', 'l', 'o', 'r', 'i', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "leprado.com", true */ 'l', 'e', 'p', 'r', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lepsos.com", true */ 'l', 'e', 'p', 's', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lereporter.ma", true */ 'l', 'e', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'm', 'a', '\0',
+  /* "leretour.ch", true */ 'l', 'e', 'r', 'e', 't', 'o', 'u', 'r', '.', 'c', 'h', '\0',
+  /* "lerku.com", true */ 'l', 'e', 'r', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "lernenamsee.ch", true */ 'l', 'e', 'r', 'n', 'e', 'n', 'a', 'm', 's', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "lernerspersonalinjury.ca", true */ 'l', 'e', 'r', 'n', 'e', 'r', 's', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 'i', 'n', 'j', 'u', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "lernorteuropa.com", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lernorteuropa.de", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'd', 'e', '\0',
+  /* "lernorteuropa.eu", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'e', 'u', '\0',
+  /* "lernplattform-akademie.de", true */ 'l', 'e', 'r', 'n', 'p', 'l', 'a', 't', 't', 'f', 'o', 'r', 'm', '-', 'a', 'k', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "lerp.me", true */ 'l', 'e', 'r', 'p', '.', 'm', 'e', '\0',
+  /* "les-ateliers-de-melineo.be", true */ 'l', 'e', 's', '-', 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', '-', 'd', 'e', '-', 'm', 'e', 'l', 'i', 'n', 'e', 'o', '.', 'b', 'e', '\0',
+  /* "les-pingouins.com", true */ 'l', 'e', 's', '-', 'p', 'i', 'n', 'g', 'o', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesancheslibres.fr", true */ 'l', 'e', 's', 'a', 'n', 'c', 'h', 'e', 's', 'l', 'i', 'b', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "lesarts.com", true */ 'l', 'e', 's', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesberger.ch", true */ 'l', 'e', 's', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "lesbiansslaves.com", true */ 'l', 'e', 's', 'b', 'i', 'a', 'n', 's', 's', 'l', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesbofight.com", true */ 'l', 'e', 's', 'b', 'o', 'f', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "leseditionsbraquage.com", true */ 'l', 'e', 's', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', 'b', 'r', 'a', 'q', 'u', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lesformations.net", true */ 'l', 'e', 's', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "lesgoodnews.fr", true */ 'l', 'e', 's', 'g', 'o', 'o', 'd', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "leshervelines.com", true */ 'l', 'e', 's', 'h', 'e', 'r', 'v', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesjardinsdubanchet.fr", true */ 'l', 'e', 's', 'j', 'a', 'r', 'd', 'i', 'n', 's', 'd', 'u', 'b', 'a', 'n', 'c', 'h', 'e', 't', '.', 'f', 'r', '\0',
+  /* "lesmamy.ch", true */ 'l', 'e', 's', 'm', 'a', 'm', 'y', '.', 'c', 'h', '\0',
+  /* "lesmontagne.net", true */ 'l', 'e', 's', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lesnet.co.uk", true */ 'l', 'e', 's', 'n', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lespagesweb.ch", true */ 'l', 'e', 's', 'p', 'a', 'g', 'e', 's', 'w', 'e', 'b', '.', 'c', 'h', '\0',
+  /* "lespecialiste-pradelexcellence.com", true */ 'l', 'e', 's', 'p', 'e', 'c', 'i', 'a', 'l', 'i', 's', 't', 'e', '-', 'p', 'r', 'a', 'd', 'e', 'l', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lesplatanes.ch", true */ 'l', 'e', 's', 'p', 'l', 'a', 't', 'a', 'n', 'e', 's', '.', 'c', 'h', '\0',
+  /* "lesquatredauphins.fr", true */ 'l', 'e', 's', 'q', 'u', 'a', 't', 'r', 'e', 'd', 'a', 'u', 'p', 'h', 'i', 'n', 's', '.', 'f', 'r', '\0',
+  /* "lesscloud.com", true */ 'l', 'e', 's', 's', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lessing.consulting", true */ 'l', 'e', 's', 's', 'i', 'n', 'g', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "lessis.moe", true */ 'l', 'e', 's', 's', 'i', 's', '.', 'm', 'o', 'e', '\0',
+  /* "lesterrassesdusoleil.ch", true */ 'l', 'e', 's', 't', 'e', 'r', 'r', 'a', 's', 's', 'e', 's', 'd', 'u', 's', 'o', 'l', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "lesyndicat.info", true */ 'l', 'e', 's', 'y', 'n', 'd', 'i', 'c', 'a', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "let-go.cc", true */ 'l', 'e', 't', '-', 'g', 'o', '.', 'c', 'c', '\0',
+  /* "letemps.ch", true */ 'l', 'e', 't', 'e', 'm', 'p', 's', '.', 'c', 'h', '\0',
+  /* "lets-bounce.com", true */ 'l', 'e', 't', 's', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lets-go-acoustic.de", true */ 'l', 'e', 't', 's', '-', 'g', 'o', '-', 'a', 'c', 'o', 'u', 's', 't', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "lets-ktai.jp", true */ 'l', 'e', 't', 's', '-', 'k', 't', 'a', 'i', '.', 'j', 'p', '\0',
+  /* "lets.ninja", true */ 'l', 'e', 't', 's', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "lets.nu", true */ 'l', 'e', 't', 's', '.', 'n', 'u', '\0',
+  /* "letsbounceuk.com", true */ 'l', 'e', 't', 's', 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "letsencrypt-for-cpanel.com", true */ 'l', 'e', 't', 's', 'e', 'n', 'c', 'r', 'y', 'p', 't', '-', 'f', 'o', 'r', '-', 'c', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "letsgame.nl", true */ 'l', 'e', 't', 's', 'g', 'a', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "letsgetchecked.com", true */ 'l', 'e', 't', 's', 'g', 'e', 't', 'c', 'h', 'e', 'c', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "letsgetintouch.com", true */ 'l', 'e', 't', 's', 'g', 'e', 't', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "letsgowhilewereyoung.com", true */ 'l', 'e', 't', 's', 'g', 'o', 'w', 'h', 'i', 'l', 'e', 'w', 'e', 'r', 'e', 'y', 'o', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "letspartyrugby.co.uk", true */ 'l', 'e', 't', 's', 'p', 'a', 'r', 't', 'y', 'r', 'u', 'g', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "letstalkcounseling.com", true */ 'l', 'e', 't', 's', 't', 'a', 'l', 'k', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "letterbox-online.de", true */ 'l', 'e', 't', 't', 'e', 'r', 'b', 'o', 'x', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "letterdance.de", true */ 'l', 'e', 't', 't', 'e', 'r', 'd', 'a', 'n', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "letteringinstitute.com", true */ 'l', 'e', 't', 't', 'e', 'r', 'i', 'n', 'g', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lettersblogatory.com", true */ 'l', 'e', 't', 't', 'e', 'r', 's', 'b', 'l', 'o', 'g', 'a', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lettland-firma.com", true */ 'l', 'e', 't', 't', 'l', 'a', 'n', 'd', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lettori.club", true */ 'l', 'e', 't', 't', 'o', 'r', 'i', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "leuenhagen.com", true */ 'l', 'e', 'u', 'e', 'n', 'h', 'a', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "leuthardtfamily.com", true */ 'l', 'e', 'u', 't', 'h', 'a', 'r', 'd', 't', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "levans.fr", true */ 'l', 'e', 'v', 'a', 'n', 's', '.', 'f', 'r', '\0',
+  /* "levanscatering.com", true */ 'l', 'e', 'v', 'a', 'n', 's', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "leveluprails.com", true */ 'l', 'e', 'v', 'e', 'l', 'u', 'p', 'r', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "levelupwear.com", true */ 'l', 'e', 'v', 'e', 'l', 'u', 'p', 'w', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "levendwater.org", true */ 'l', 'e', 'v', 'e', 'n', 'd', 'w', 'a', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "levensbron.nl", true */ 'l', 'e', 'v', 'e', 'n', 's', 'b', 'r', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "leverj.io", true */ 'l', 'e', 'v', 'e', 'r', 'j', '.', 'i', 'o', '\0',
+  /* "levermann.eu", true */ 'l', 'e', 'v', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "levindesalpes.fr", false */ 'l', 'e', 'v', 'i', 'n', 'd', 'e', 's', 'a', 'l', 'p', 'e', 's', '.', 'f', 'r', '\0',
+  /* "levinus.de", true */ 'l', 'e', 'v', 'i', 'n', 'u', 's', '.', 'd', 'e', '\0',
+  /* "lew.im", true */ 'l', 'e', 'w', '.', 'i', 'm', '\0',
+  /* "lewdawson.com", true */ 'l', 'e', 'w', 'd', 'a', 'w', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lewis.li", true */ 'l', 'e', 'w', 'i', 's', '.', 'l', 'i', '\0',
+  /* "lewisdatasecurity.com", true */ 'l', 'e', 'w', 'i', 's', 'd', 'a', 't', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lewislaw.com", true */ 'l', 'e', 'w', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "lewisllewellyn.me", true */ 'l', 'e', 'w', 'i', 's', 'l', 'l', 'e', 'w', 'e', 'l', 'l', 'y', 'n', '.', 'm', 'e', '\0',
+  /* "lewisseals.com", true */ 'l', 'e', 'w', 'i', 's', 's', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lexico.pt", true */ 'l', 'e', 'x', 'i', 'c', 'o', '.', 'p', 't', '\0',
+  /* "lexicography.online", true */ 'l', 'e', 'x', 'i', 'c', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "lexiphanic.co.uk", true */ 'l', 'e', 'x', 'i', 'p', 'h', 'a', 'n', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lexpartsofac.com", true */ 'l', 'e', 'x', 'p', 'a', 'r', 't', 's', 'o', 'f', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lexway.pk", true */ 'l', 'e', 'x', 'w', 'a', 'y', '.', 'p', 'k', '\0',
+  /* "lexxyn.nl", true */ 'l', 'e', 'x', 'x', 'y', 'n', '.', 'n', 'l', '\0',
+  /* "lezard-com.fr", true */ 'l', 'e', 'z', 'a', 'r', 'd', '-', 'c', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "lfashion.eu", true */ 'l', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "lfgss.com", true */ 'l', 'f', 'g', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lfrconseil.com", true */ 'l', 'f', 'r', 'c', 'o', 'n', 's', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lgbt.io", true */ 'l', 'g', 'b', 't', '.', 'i', 'o', '\0',
+  /* "lghfinancialstrategy.ch", true */ 'l', 'g', 'h', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "lgpecasoriginais.com.br", true */ 'l', 'g', 'p', 'e', 'c', 'a', 's', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lgsg.us", true */ 'l', 'g', 's', 'g', '.', 'u', 's', '\0',
+  /* "lhalbert.xyz", true */ 'l', 'h', 'a', 'l', 'b', 'e', 'r', 't', '.', 'x', 'y', 'z', '\0',
+  /* "lhasaapso.com.br", true */ 'l', 'h', 'a', 's', 'a', 'a', 'p', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lhconsult.tk", false */ 'l', 'h', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 't', 'k', '\0',
+  /* "lheinrich.com", true */ 'l', 'h', 'e', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lheinrich.de", true */ 'l', 'h', 'e', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "lhost.su", true */ 'l', 'h', 'o', 's', 't', '.', 's', 'u', '\0',
+  /* "li-ke.co.jp", true */ 'l', 'i', '-', 'k', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "li.search.yahoo.com", false */ 'l', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "liangbp.com", true */ 'l', 'i', 'a', 'n', 'g', 'b', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lianwen.kim", true */ 'l', 'i', 'a', 'n', 'w', 'e', 'n', '.', 'k', 'i', 'm', '\0',
+  /* "lianye1.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '1', '.', 'c', 'c', '\0',
+  /* "lianye2.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '2', '.', 'c', 'c', '\0',
+  /* "lianye3.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '3', '.', 'c', 'c', '\0',
+  /* "lianye4.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '4', '.', 'c', 'c', '\0',
+  /* "lianye5.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '5', '.', 'c', 'c', '\0',
+  /* "lianye6.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '6', '.', 'c', 'c', '\0',
+  /* "liaozheqi.cn", true */ 'l', 'i', 'a', 'o', 'z', 'h', 'e', 'q', 'i', '.', 'c', 'n', '\0',
+  /* "liaronce.win", true */ 'l', 'i', 'a', 'r', 'o', 'n', 'c', 'e', '.', 'w', 'i', 'n', '\0',
+  /* "lib64.net", true */ 'l', 'i', 'b', '6', '4', '.', 'n', 'e', 't', '\0',
+  /* "libbitcoin.org", true */ 'l', 'i', 'b', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "libble.eu", true */ 'l', 'i', 'b', 'b', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "libdeer.so", true */ 'l', 'i', 'b', 'd', 'e', 'e', 'r', '.', 's', 'o', '\0',
+  /* "liberapay.com", true */ 'l', 'i', 'b', 'e', 'r', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "libmpq.org", true */ 'l', 'i', 'b', 'm', 'p', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "librairie-asie.com", true */ 'l', 'i', 'b', 'r', 'a', 'i', 'r', 'i', 'e', '-', 'a', 's', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "library-quest.com", true */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', '-', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "libraryextension.com", true */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "libraryfreedomproject.org", false */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "librazy.org", true */ 'l', 'i', 'b', 'r', 'a', 'z', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "libre.university", true */ 'l', 'i', 'b', 'r', 'e', '.', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '\0',
+  /* "libreboot.org", true */ 'l', 'i', 'b', 'r', 'e', 'b', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0',
+  /* "librebox.de", true */ 'l', 'i', 'b', 'r', 'e', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "librelamp.com", true */ 'l', 'i', 'b', 'r', 'e', 'l', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "libremail.nl", true */ 'l', 'i', 'b', 'r', 'e', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "librends.org", true */ 'l', 'i', 'b', 'r', 'e', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "libreoffice-from-collabora.com", true */ 'l', 'i', 'b', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '-', 'f', 'r', 'o', 'm', '-', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "libreofficefromcollabora.com", true */ 'l', 'i', 'b', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', 'f', 'r', 'o', 'm', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "librervac.org", true */ 'l', 'i', 'b', 'r', 'e', 'r', 'v', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "librisulibri.it", true */ 'l', 'i', 'b', 'r', 'i', 's', 'u', 'l', 'i', 'b', 'r', 'i', '.', 'i', 't', '\0',
+  /* "libscode.com", false */ 'l', 'i', 'b', 's', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "libskia.so", true */ 'l', 'i', 'b', 's', 'k', 'i', 'a', '.', 's', 'o', '\0',
+  /* "libsodium.org", true */ 'l', 'i', 'b', 's', 'o', 'd', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "libstock.si", true */ 'l', 'i', 'b', 's', 't', 'o', 'c', 'k', '.', 's', 'i', '\0',
+  /* "licence-registry.com", true */ 'l', 'i', 'c', 'e', 'n', 'c', 'e', '-', 'r', 'e', 'g', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "liceserv.com", true */ 'l', 'i', 'c', 'e', 's', 'e', 'r', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "lichess.org", true */ 'l', 'i', 'c', 'h', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "lichtspot.de", true */ 'l', 'i', 'c', 'h', 't', 's', 'p', 'o', 't', '.', 'd', 'e', '\0',
+  /* "lichttraeumer.de", true */ 'l', 'i', 'c', 'h', 't', 't', 'r', 'a', 'e', 'u', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lickmypussy.us", true */ 'l', 'i', 'c', 'k', 'm', 'y', 'p', 'u', 's', 's', 'y', '.', 'u', 's', '\0',
+  /* "lickthesalt.com", true */ 'l', 'i', 'c', 'k', 't', 'h', 'e', 's', 'a', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lidavidm.me", true */ 'l', 'i', 'd', 'a', 'v', 'i', 'd', 'm', '.', 'm', 'e', '\0',
+  /* "lidel.org", true */ 'l', 'i', 'd', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "liderwalut.pl", false */ 'l', 'i', 'd', 'e', 'r', 'w', 'a', 'l', 'u', 't', '.', 'p', 'l', '\0',
+  /* "lidl-gewinnspiel.de", true */ 'l', 'i', 'd', 'l', '-', 'g', 'e', 'w', 'i', 'n', 'n', 's', 'p', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "lidl-holidays.com", true */ 'l', 'i', 'd', 'l', '-', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lidl-menubox.ch", true */ 'l', 'i', 'd', 'l', '-', 'm', 'e', 'n', 'u', 'b', 'o', 'x', '.', 'c', 'h', '\0',
+  /* "lidl-selection.at", true */ 'l', 'i', 'd', 'l', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'a', 't', '\0',
+  /* "lidl-shop.be", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'b', 'e', '\0',
+  /* "lidl-shop.cz", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "lidl-shop.nl", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "lidl-tour.ro", true */ 'l', 'i', 'd', 'l', '-', 't', 'o', 'u', 'r', '.', 'r', 'o', '\0',
+  /* "lidlovajogurteka.si", true */ 'l', 'i', 'd', 'l', 'o', 'v', 'a', 'j', 'o', 'g', 'u', 'r', 't', 'e', 'k', 'a', '.', 's', 'i', '\0',
+  /* "lidogr.com", true */ 'l', 'i', 'd', 'o', 'g', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lidong.me", true */ 'l', 'i', 'd', 'o', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "lidow.eu", true */ 'l', 'i', 'd', 'o', 'w', '.', 'e', 'u', '\0',
+  /* "liduan.com", true */ 'l', 'i', 'd', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "liduan.net", true */ 'l', 'i', 'd', 'u', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "liebel.org", true */ 'l', 'i', 'e', 'b', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "lied8.eu", true */ 'l', 'i', 'e', 'd', '8', '.', 'e', 'u', '\0',
+  /* "liehuojun.com", true */ 'l', 'i', 'e', 'h', 'u', 'o', 'j', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lifanov.com", true */ 'l', 'i', 'f', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "lifebetweenlives.com.au", true */ 'l', 'i', 'f', 'e', 'b', 'e', 't', 'w', 'e', 'e', 'n', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lifecism.com", true */ 'l', 'i', 'f', 'e', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lifeinhex.com", true */ 'l', 'i', 'f', 'e', 'i', 'n', 'h', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lifekiss.ru", true */ 'l', 'i', 'f', 'e', 'k', 'i', 's', 's', '.', 'r', 'u', '\0',
+  /* "lifemarque.co.uk", true */ 'l', 'i', 'f', 'e', 'm', 'a', 'r', 'q', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lifematenutrition.com", true */ 'l', 'i', 'f', 'e', 'm', 'a', 't', 'e', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lifemstyle.com", true */ 'l', 'i', 'f', 'e', 'm', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lifenexto.com", true */ 'l', 'i', 'f', 'e', 'n', 'e', 'x', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lifeqa.net", true */ 'l', 'i', 'f', 'e', 'q', 'a', '.', 'n', 'e', 't', '\0',
+  /* "lifequotes-uk.co.uk", true */ 'l', 'i', 'f', 'e', 'q', 'u', 'o', 't', 'e', 's', '-', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lifesafety.com.br", true */ 'l', 'i', 'f', 'e', 's', 'a', 'f', 'e', 't', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lifescience-japan.com", true */ 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lifestylefinancial.ca", true */ 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'a', '\0',
+  /* "lifeventure.co.uk", true */ 'l', 'i', 'f', 'e', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lifi.digital", true */ 'l', 'i', 'f', 'i', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "lifi.is", true */ 'l', 'i', 'f', 'i', '.', 'i', 's', '\0',
+  /* "liftie.info", true */ 'l', 'i', 'f', 't', 'i', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "light.mail.ru", true */ 'l', 'i', 'g', 'h', 't', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "lightcloud.com", true */ 'l', 'i', 'g', 'h', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lighting-centres.co.uk", true */ 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '-', 'c', 'e', 'n', 't', 'r', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lightme.us", true */ 'l', 'i', 'g', 'h', 't', 'm', 'e', '.', 'u', 's', '\0',
+  /* "lightpics.net", true */ 'l', 'i', 'g', 'h', 't', 'p', 'i', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "lights.co.uk", true */ 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lightspeed.com", false */ 'l', 'i', 'g', 'h', 't', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lighttp.com", true */ 'l', 'i', 'g', 'h', 't', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lightupcollective.co.uk", true */ 'l', 'i', 'g', 'h', 't', 'u', 'p', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lignemalin.com", true */ 'l', 'i', 'g', 'n', 'e', 'm', 'a', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lignenet.com", true */ 'l', 'i', 'g', 'n', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lignoma.com", true */ 'l', 'i', 'g', 'n', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ligonier.com", true */ 'l', 'i', 'g', 'o', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lihaul.dnsalias.net", true */ 'l', 'i', 'h', 'a', 'u', 'l', '.', 'd', 'n', 's', 'a', 'l', 'i', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "lijero.co", true */ 'l', 'i', 'j', 'e', 'r', 'o', '.', 'c', 'o', '\0',
+  /* "likc.me", true */ 'l', 'i', 'k', 'c', '.', 'm', 'e', '\0',
+  /* "likeablehub.com", true */ 'l', 'i', 'k', 'e', 'a', 'b', 'l', 'e', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "likeabox.de", true */ 'l', 'i', 'k', 'e', 'a', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "likeaross.com", false */ 'l', 'i', 'k', 'e', 'a', 'r', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "likegeeks.com", true */ 'l', 'i', 'k', 'e', 'g', 'e', 'e', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "likehifi.de", true */ 'l', 'i', 'k', 'e', 'h', 'i', 'f', 'i', '.', 'd', 'e', '\0',
+  /* "likemovies.de", true */ 'l', 'i', 'k', 'e', 'm', 'o', 'v', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "likenewhearing.com.au", true */ 'l', 'i', 'k', 'e', 'n', 'e', 'w', 'h', 'e', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lilaccakeboutique.com", true */ 'l', 'i', 'l', 'a', 'c', 'c', 'a', 'k', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lilapmedia.com", true */ 'l', 'i', 'l', 'a', 'p', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "liliang13.com", true */ 'l', 'i', 'l', 'i', 'a', 'n', 'g', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "lilismartinis.com", true */ 'l', 'i', 'l', 'i', 's', 'm', 'a', 'r', 't', 'i', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lily-bearing.com", true */ 'l', 'i', 'l', 'y', '-', 'b', 'e', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lily-inn.com", true */ 'l', 'i', 'l', 'y', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lilyfarmfreshskincare.com", true */ 'l', 'i', 'l', 'y', 'f', 'a', 'r', 'm', 'f', 'r', 'e', 's', 'h', 's', 'k', 'i', 'n', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lilygreen.co.za", true */ 'l', 'i', 'l', 'y', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "lilysbouncycastles.com", true */ 'l', 'i', 'l', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limawi.io", true */ 'l', 'i', 'm', 'a', 'w', 'i', '.', 'i', 'o', '\0',
+  /* "limberg.me", true */ 'l', 'i', 'm', 'b', 'e', 'r', 'g', '.', 'm', 'e', '\0',
+  /* "limeburst.net", true */ 'l', 'i', 'm', 'e', 'b', 'u', 'r', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "limeres.com", true */ 'l', 'i', 'm', 'e', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limereslaw.com", true */ 'l', 'i', 'm', 'e', 'r', 'e', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "limitededitioncomputers.com", true */ 'l', 'i', 'm', 'i', 't', 'e', 'd', 'e', 'd', 'i', 't', 'i', 'o', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limitededitionsolutions.com", true */ 'l', 'i', 'm', 'i', 't', 'e', 'd', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limix.com", false */ 'l', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "limoairporttoronto.net", true */ 'l', 'i', 'm', 'o', 'a', 'i', 'r', 'p', 'o', 'r', 't', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "limousineservicezurich.com", true */ 'l', 'i', 'm', 'o', 'u', 's', 'i', 'n', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'z', 'u', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "limpid.nl", true */ 'l', 'i', 'm', 'p', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "limules.ch", true */ 'l', 'i', 'm', 'u', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "limunana.com", true */ 'l', 'i', 'm', 'u', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lin.fi", true */ 'l', 'i', 'n', '.', 'f', 'i', '\0',
+  /* "linan.blog", true */ 'l', 'i', 'n', 'a', 'n', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "lincdavis.com", true */ 'l', 'i', 'n', 'c', 'd', 'a', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lincsbouncycastlehire.co.uk", true */ 'l', 'i', 'n', 'c', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "linden.me", true */ 'l', 'i', 'n', 'd', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "lindeskar.se", true */ 'l', 'i', 'n', 'd', 'e', 's', 'k', 'a', 'r', '.', 's', 'e', '\0',
+  /* "lindo.ru", true */ 'l', 'i', 'n', 'd', 'o', '.', 'r', 'u', '\0',
+  /* "lindon.pw", true */ 'l', 'i', 'n', 'd', 'o', 'n', '.', 'p', 'w', '\0',
+  /* "lindsayanderson.com", true */ 'l', 'i', 'n', 'd', 's', 'a', 'y', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lindskogen.se", true */ 'l', 'i', 'n', 'd', 's', 'k', 'o', 'g', 'e', 'n', '.', 's', 'e', '\0',
+  /* "lindy.co", true */ 'l', 'i', 'n', 'd', 'y', '.', 'c', 'o', '\0',
+  /* "line.co.nz", true */ 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "linearaudio.net", true */ 'l', 'i', 'n', 'e', 'a', 'r', 'a', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "linearaudio.nl", true */ 'l', 'i', 'n', 'e', 'a', 'r', 'a', 'u', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "lineauniformes.com.br", true */ 'l', 'i', 'n', 'e', 'a', 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "linernotekids.com", true */ 'l', 'i', 'n', 'e', 'r', 'n', 'o', 't', 'e', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lingerie.com.br", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lingerielovers.com.br", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', 'l', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lingeriesilhouette.com", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', 's', 'i', 'l', 'h', 'o', 'u', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lingotaxi.com", true */ 'l', 'i', 'n', 'g', 'o', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lingting.vip", true */ 'l', 'i', 'n', 'g', 't', 'i', 'n', 'g', '.', 'v', 'i', 'p', '\0',
+  /* "linguamilla.com", true */ 'l', 'i', 'n', 'g', 'u', 'a', 'm', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lingvo-svoboda.ru", true */ 'l', 'i', 'n', 'g', 'v', 'o', '-', 's', 'v', 'o', 'b', 'o', 'd', 'a', '.', 'r', 'u', '\0',
+  /* "link-sanitizer.com", true */ 'l', 'i', 'n', 'k', '-', 's', 'a', 'n', 'i', 't', 'i', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "linkedinbackground.com", true */ 'l', 'i', 'n', 'k', 'e', 'd', 'i', 'n', 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "linkenheil.org", true */ 'l', 'i', 'n', 'k', 'e', 'n', 'h', 'e', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "linklocker.co", true */ 'l', 'i', 'n', 'k', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "linkmaker.co.uk", true */ 'l', 'i', 'n', 'k', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "linkmauve.fr", true */ 'l', 'i', 'n', 'k', 'm', 'a', 'u', 'v', 'e', '.', 'f', 'r', '\0',
+  /* "linkonaut.net", true */ 'l', 'i', 'n', 'k', 'o', 'n', 'a', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "linky.tk", true */ 'l', 'i', 'n', 'k', 'y', '.', 't', 'k', '\0',
+  /* "linkycat.com", true */ 'l', 'i', 'n', 'k', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "linode.com", false */ 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "linost.com", true */ 'l', 'i', 'n', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "linostassi.net", true */ 'l', 'i', 'n', 'o', 's', 't', 'a', 's', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "linpx.com", true */ 'l', 'i', 'n', 'p', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "linqhost.nl", true */ 'l', 'i', 'n', 'q', 'h', 'o', 's', 't', '.', 'n', 'l', '\0',
+  /* "linss.com", true */ 'l', 'i', 'n', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lintmx.com", true */ 'l', 'i', 'n', 't', 'm', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "linux-florida.com", true */ 'l', 'i', 'n', 'u', 'x', '-', 'f', 'l', 'o', 'r', 'i', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "linux-mint-czech.cz", true */ 'l', 'i', 'n', 'u', 'x', '-', 'm', 'i', 'n', 't', '-', 'c', 'z', 'e', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "linux-vme.org", true */ 'l', 'i', 'n', 'u', 'x', '-', 'v', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "linux.army", true */ 'l', 'i', 'n', 'u', 'x', '.', 'a', 'r', 'm', 'y', '\0',
+  /* "linux.cn", true */ 'l', 'i', 'n', 'u', 'x', '.', 'c', 'n', '\0',
+  /* "linux.conf.au", true */ 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'n', 'f', '.', 'a', 'u', '\0',
+  /* "linux.fi", true */ 'l', 'i', 'n', 'u', 'x', '.', 'f', 'i', '\0',
+  /* "linux3.org", true */ 'l', 'i', 'n', 'u', 'x', '3', '.', 'o', 'r', 'g', '\0',
+  /* "linuxbabe.com", false */ 'l', 'i', 'n', 'u', 'x', 'b', 'a', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "linuxbierwanderung.com", true */ 'l', 'i', 'n', 'u', 'x', 'b', 'i', 'e', 'r', 'w', 'a', 'n', 'd', 'e', 'r', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "linuxchick.se", true */ 'l', 'i', 'n', 'u', 'x', 'c', 'h', 'i', 'c', 'k', '.', 's', 'e', '\0',
+  /* "linuxcommand.ru", true */ 'l', 'i', 'n', 'u', 'x', 'c', 'o', 'm', 'm', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "linuxdays.cz", true */ 'l', 'i', 'n', 'u', 'x', 'd', 'a', 'y', 's', '.', 'c', 'z', '\0',
+  /* "linuxforum.ch", true */ 'l', 'i', 'n', 'u', 'x', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "linuxhostsupport.com", true */ 'l', 'i', 'n', 'u', 'x', 'h', 'o', 's', 't', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "linuxiuvat.de", true */ 'l', 'i', 'n', 'u', 'x', 'i', 'u', 'v', 'a', 't', '.', 'd', 'e', '\0',
+  /* "linuxlounge.net", true */ 'l', 'i', 'n', 'u', 'x', 'l', 'o', 'u', 'n', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "linuxproperties.com", true */ 'l', 'i', 'n', 'u', 'x', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "linvx.org", true */ 'l', 'i', 'n', 'v', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "linx.li", true */ 'l', 'i', 'n', 'x', '.', 'l', 'i', '\0',
+  /* "linx.net", true */ 'l', 'i', 'n', 'x', '.', 'n', 'e', 't', '\0',
+  /* "linxmind.eu", true */ 'l', 'i', 'n', 'x', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "linzgau.de", true */ 'l', 'i', 'n', 'z', 'g', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "lionlyrics.com", true */ 'l', 'i', 'o', 'n', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lionsdeal.com", true */ 'l', 'i', 'o', 'n', 's', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lipartydepot.com", true */ 'l', 'i', 'p', 'a', 'r', 't', 'y', 'd', 'e', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lipex.com", true */ 'l', 'i', 'p', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lipo.lol", true */ 'l', 'i', 'p', 'o', '.', 'l', 'o', 'l', '\0',
+  /* "lipoabaltimore.org", true */ 'l', 'i', 'p', 'o', 'a', 'b', 'a', 'l', 't', 'i', 'm', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "liqd.net", true */ 'l', 'i', 'q', 'd', '.', 'n', 'e', 't', '\0',
+  /* "liquid.cz", true */ 'l', 'i', 'q', 'u', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "liquidhost.co", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'h', 'o', 's', 't', '.', 'c', 'o', '\0',
+  /* "liquidinternet.co", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'o', '\0',
+  /* "liquidradio.pro", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'r', 'a', 'd', 'i', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "lirion.de", true */ 'l', 'i', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "liris-beautywelt.de", true */ 'l', 'i', 'r', 'i', 's', '-', 'b', 'e', 'a', 'u', 't', 'y', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "lirlandais.ch", true */ 'l', 'i', 'r', 'l', 'a', 'n', 'd', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "lirnberger.com", true */ 'l', 'i', 'r', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lisamccorrie.com", true */ 'l', 'i', 's', 'a', 'm', 'c', 'c', 'o', 'r', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lisamortimore.com", true */ 'l', 'i', 's', 'a', 'm', 'o', 'r', 't', 'i', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lisburnhottubnbounce.co.uk", true */ 'l', 'i', 's', 'b', 'u', 'r', 'n', 'h', 'o', 't', 't', 'u', 'b', 'n', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "liskgdt.net", true */ 'l', 'i', 's', 'k', 'g', 'd', 't', '.', 'n', 'e', 't', '\0',
+  /* "lislan.org.uk", true */ 'l', 'i', 's', 'l', 'a', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "lisowski-development.com", true */ 'l', 'i', 's', 'o', 'w', 's', 'k', 'i', '-', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lisowski-photography.com", true */ 'l', 'i', 's', 'o', 'w', 's', 'k', 'i', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "listahu.org", true */ 'l', 'i', 's', 't', 'a', 'h', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "listen.dk", true */ 'l', 'i', 's', 't', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "lister-kirchweg.de", true */ 'l', 'i', 's', 't', 'e', 'r', '-', 'k', 'i', 'r', 'c', 'h', 'w', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "listminut.be", true */ 'l', 'i', 's', 't', 'm', 'i', 'n', 'u', 't', '.', 'b', 'e', '\0',
+  /* "lists.fedoraproject.org", true */ 'l', 'i', 's', 't', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "lists.mayfirst.org", false */ 'l', 'i', 's', 't', 's', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "lists.stg.fedoraproject.org", true */ 'l', 'i', 's', 't', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "litchidova.nl", true */ 'l', 'i', 't', 'c', 'h', 'i', 'd', 'o', 'v', 'a', '.', 'n', 'l', '\0',
+  /* "litcomphonors.com", true */ 'l', 'i', 't', 'c', 'o', 'm', 'p', 'h', 'o', 'n', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "litebits.com", true */ 'l', 'i', 't', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "litemind.com", true */ 'l', 'i', 't', 'e', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "litevault.net", true */ 'l', 'i', 't', 'e', 'v', 'a', 'u', 'l', 't', '.', 'n', 'e', 't', '\0',
+  /* "litfin.name", true */ 'l', 'i', 't', 'f', 'i', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "lithan.com", true */ 'l', 'i', 't', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lithesalar.se", true */ 'l', 'i', 't', 'h', 'e', 's', 'a', 'l', 'a', 'r', '.', 's', 'e', '\0',
+  /* "lithianissaneugeneparts.com", true */ 'l', 'i', 't', 'h', 'i', 'a', 'n', 'i', 's', 's', 'a', 'n', 'e', 'u', 'g', 'e', 'n', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "litsovet.com", true */ 'l', 'i', 't', 's', 'o', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "little-cake.com", true */ 'l', 'i', 't', 't', 'l', 'e', '-', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "littledisney.ro", true */ 'l', 'i', 't', 't', 'l', 'e', 'd', 'i', 's', 'n', 'e', 'y', '.', 'r', 'o', '\0',
+  /* "littlefairy.no", true */ 'l', 'i', 't', 't', 'l', 'e', 'f', 'a', 'i', 'r', 'y', '.', 'n', 'o', '\0',
+  /* "littlefamilyadventure.com", true */ 'l', 'i', 't', 't', 'l', 'e', 'f', 'a', 'm', 'i', 'l', 'y', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "littlejumpers.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'j', 'u', 'm', 'p', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littlelife.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littlenina.nz", false */ 'l', 'i', 't', 't', 'l', 'e', 'n', 'i', 'n', 'a', '.', 'n', 'z', '\0',
+  /* "littlepigcreek.com.au", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'i', 'g', 'c', 'r', 'e', 'e', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "littlepincha.fr", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'i', 'n', 'c', 'h', 'a', '.', 'f', 'r', '\0',
+  /* "littleprincessandmascotparties.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'r', 'i', 'n', 'c', 'e', 's', 's', 'a', 'n', 'd', 'm', 'a', 's', 'c', 'o', 't', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littlescallywagsplay.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 's', 'c', 'a', 'l', 'l', 'y', 'w', 'a', 'g', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littleswitch.co.jp", true */ 'l', 'i', 't', 't', 'l', 'e', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "littlewatcher.com", true */ 'l', 'i', 't', 't', 'l', 'e', 'w', 'a', 't', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "litvideoserver.de", true */ 'l', 'i', 't', 'v', 'i', 'd', 'e', 'o', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "litz.ca", true */ 'l', 'i', 't', 'z', '.', 'c', 'a', '\0',
+  /* "litzenberger.ca", true */ 'l', 'i', 't', 'z', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "liuboznaiko.eu", true */ 'l', 'i', 'u', 'b', 'o', 'z', 'n', 'a', 'i', 'k', 'o', '.', 'e', 'u', '\0',
+  /* "liud.im", true */ 'l', 'i', 'u', 'd', '.', 'i', 'm', '\0',
+  /* "liudon.org", true */ 'l', 'i', 'u', 'd', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "liul.in", true */ 'l', 'i', 'u', 'l', '.', 'i', 'n', '\0',
+  /* "liushuyu.tk", true */ 'l', 'i', 'u', 's', 'h', 'u', 'y', 'u', '.', 't', 'k', '\0',
+  /* "liv3ly.com", true */ 'l', 'i', 'v', '3', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "livebetterwith.com", true */ 'l', 'i', 'v', 'e', 'b', 'e', 't', 't', 'e', 'r', 'w', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "livecards.co.uk", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "livecards.es", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 's', '\0',
+  /* "livecards.eu", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 'u', '\0',
+  /* "livecards.it", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'i', 't', '\0',
+  /* "livedesign.at", true */ 'l', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'a', 't', '\0',
+  /* "livedesign24.de", true */ 'l', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '2', '4', '.', 'd', 'e', '\0',
+  /* "liveflightapp.com", true */ 'l', 'i', 'v', 'e', 'f', 'l', 'i', 'g', 'h', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "liveforspeed.se", true */ 'l', 'i', 'v', 'e', 'f', 'o', 'r', 's', 'p', 'e', 'e', 'd', '.', 's', 'e', '\0',
+  /* "livejasmin.dk", true */ 'l', 'i', 'v', 'e', 'j', 'a', 's', 'm', 'i', 'n', '.', 'd', 'k', '\0',
+  /* "livekaarten.be", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "livekaarten.nl", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "livekarten.at", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "livekarten.de", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "livekort.com", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "livekort.dk", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "livekort.no", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'n', 'o', '\0',
+  /* "livekort.se", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 's', 'e', '\0',
+  /* "livekortti.com", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "livekortti.fi", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', 't', 'i', '.', 'f', 'i', '\0',
+  /* "livelexi.com", true */ 'l', 'i', 'v', 'e', 'l', 'e', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "livepaperhelp.com", true */ 'l', 'i', 'v', 'e', 'p', 'a', 'p', 'e', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "livepath.ch", true */ 'l', 'i', 'v', 'e', 'p', 'a', 't', 'h', '.', 'c', 'h', '\0',
+  /* "liveperformersmeeting.net", true */ 'l', 'i', 'v', 'e', 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'e', 'r', 's', 'm', 'e', 'e', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "liveregistratie.nl", true */ 'l', 'i', 'v', 'e', 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "livesearch-fukuoka.com", true */ 'l', 'i', 'v', 'e', 's', 'e', 'a', 'r', 'c', 'h', '-', 'f', 'u', 'k', 'u', 'o', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "livesure.com", true */ 'l', 'i', 'v', 'e', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "livi.co", true */ 'l', 'i', 'v', 'i', '.', 'c', 'o', '\0',
+  /* "living-space.co.nz", true */ 'l', 'i', 'v', 'i', 'n', 'g', '-', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "living24.de", true */ 'l', 'i', 'v', 'i', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "livingforreal.com", true */ 'l', 'i', 'v', 'i', 'n', 'g', 'f', 'o', 'r', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "livingworduk.org", true */ 'l', 'i', 'v', 'i', 'n', 'g', 'w', 'o', 'r', 'd', 'u', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "livnev.me", true */ 'l', 'i', 'v', 'n', 'e', 'v', '.', 'm', 'e', '\0',
+  /* "livnev.xyz", true */ 'l', 'i', 'v', 'n', 'e', 'v', '.', 'x', 'y', 'z', '\0',
+  /* "livolett.de", true */ 'l', 'i', 'v', 'o', 'l', 'e', 't', 't', '.', 'd', 'e', '\0',
+  /* "livrariacoad.com.br", true */ 'l', 'i', 'v', 'r', 'a', 'r', 'i', 'a', 'c', 'o', 'a', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "livroseuniformes.com.br", true */ 'l', 'i', 'v', 'r', 'o', 's', 'e', 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lixtick.com", true */ 'l', 'i', 'x', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "liyin.date", true */ 'l', 'i', 'y', 'i', 'n', '.', 'd', 'a', 't', 'e', '\0',
+  /* "liyinjia.com", true */ 'l', 'i', 'y', 'i', 'n', 'j', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lizardsystems.com", true */ 'l', 'i', 'z', 'a', 'r', 'd', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lizhi.io", true */ 'l', 'i', 'z', 'h', 'i', '.', 'i', 'o', '\0',
+  /* "lizzythepooch.com", true */ 'l', 'i', 'z', 'z', 'y', 't', 'h', 'e', 'p', 'o', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ljason.cn", true */ 'l', 'j', 'a', 's', 'o', 'n', '.', 'c', 'n', '\0',
+  /* "ljs.io", true */ 'l', 'j', 's', '.', 'i', 'o', '\0',
+  /* "lknw.de", true */ 'l', 'k', 'n', 'w', '.', 'd', 'e', '\0',
+  /* "lkummer.cz", true */ 'l', 'k', 'u', 'm', 'm', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "llamacuba.com", true */ 'l', 'l', 'a', 'm', 'a', 'c', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "llm-guide.com", true */ 'l', 'l', 'm', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lloyd-day.me", true */ 'l', 'l', 'o', 'y', 'd', '-', 'd', 'a', 'y', '.', 'm', 'e', '\0',
+  /* "llslb.com", true */ 'l', 'l', 's', 'l', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "lm-pumpen.de", false */ 'l', 'm', '-', 'p', 'u', 'm', 'p', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lmcm.io", true */ 'l', 'm', 'c', 'm', '.', 'i', 'o', '\0',
+  /* "lmddgtfy.net", true */ 'l', 'm', 'd', 'd', 'g', 't', 'f', 'y', '.', 'n', 'e', 't', '\0',
+  /* "lmerza.com", true */ 'l', 'm', 'e', 'r', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lmintlcx.com", true */ 'l', 'm', 'i', 'n', 't', 'l', 'c', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lmmtfy.io", true */ 'l', 'm', 'm', 't', 'f', 'y', '.', 'i', 'o', '\0',
+  /* "lmsptfy.com", true */ 'l', 'm', 's', 'p', 't', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lmtm.eu", true */ 'l', 'm', 't', 'm', '.', 'e', 'u', '\0',
+  /* "ln.io", true */ 'l', 'n', '.', 'i', 'o', '\0',
+  /* "lnhequipmentltd.com", true */ 'l', 'n', 'h', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lnoldan.com", true */ 'l', 'n', 'o', 'l', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lntu.org", true */ 'l', 'n', 't', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "lnx.li", true */ 'l', 'n', 'x', '.', 'l', 'i', '\0',
+  /* "load-ev.de", true */ 'l', 'o', 'a', 'd', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "loadlow.me", true */ 'l', 'o', 'a', 'd', 'l', 'o', 'w', '.', 'm', 'e', '\0',
+  /* "loadwallet.com", true */ 'l', 'o', 'a', 'd', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "loanaway.ca", true */ 'l', 'o', 'a', 'n', 'a', 'w', 'a', 'y', '.', 'c', 'a', '\0',
+  /* "loancompare.co.za", true */ 'l', 'o', 'a', 'n', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "loandolphin.com.au", true */ 'l', 'o', 'a', 'n', 'd', 'o', 'l', 'p', 'h', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "loanmatch.sg", true */ 'l', 'o', 'a', 'n', 'm', 'a', 't', 'c', 'h', '.', 's', 'g', '\0',
+  /* "loanstreet.nl", true */ 'l', 'o', 'a', 'n', 's', 't', 'r', 'e', 'e', 't', '.', 'n', 'l', '\0',
+  /* "lobin21.com", true */ 'l', 'o', 'b', 'i', 'n', '2', '1', '.', 'c', 'o', 'm', '\0',
+  /* "lobivia.de", true */ 'l', 'o', 'b', 'i', 'v', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "lobsangstudio.com", true */ 'l', 'o', 'b', 's', 'a', 'n', 'g', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "locais.org", true */ 'l', 'o', 'c', 'a', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "local360.net", true */ 'l', 'o', 'c', 'a', 'l', '3', '6', '0', '.', 'n', 'e', 't', '\0',
+  /* "localbandz.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'a', 'n', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "localbitcoins.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'i', 't', 'c', 'o', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "localblock.co.za", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'l', 'o', 'c', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "localbouncycastle.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "localdecor.com.br", true */ 'l', 'o', 'c', 'a', 'l', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "localhorst.xyz", true */ 'l', 'o', 'c', 'a', 'l', 'h', 'o', 'r', 's', 't', '.', 'x', 'y', 'z', '\0',
+  /* "localspot.pl", true */ 'l', 'o', 'c', 'a', 'l', 's', 'p', 'o', 't', '.', 'p', 'l', '\0',
+  /* "locapos.com", true */ 'l', 'o', 'c', 'a', 'p', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "locatorplus.gov", true */ 'l', 'o', 'c', 'a', 't', 'o', 'r', 'p', 'l', 'u', 's', '.', 'g', 'o', 'v', '\0',
+  /* "locauxrama.fr", true */ 'l', 'o', 'c', 'a', 'u', 'x', 'r', 'a', 'm', 'a', '.', 'f', 'r', '\0',
+  /* "locchat.com", true */ 'l', 'o', 'c', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "locker.email", true */ 'l', 'o', 'c', 'k', 'e', 'r', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "lockify.com", true */ 'l', 'o', 'c', 'k', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lockpick.nl", true */ 'l', 'o', 'c', 'k', 'p', 'i', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "lockpicks.se", true */ 'l', 'o', 'c', 'k', 'p', 'i', 'c', 'k', 's', '.', 's', 'e', '\0',
+  /* "lockr.io", true */ 'l', 'o', 'c', 'k', 'r', '.', 'i', 'o', '\0',
+  /* "locksport.org.nz", true */ 'l', 'o', 'c', 'k', 's', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "locomore.com", true */ 'l', 'o', 'c', 'o', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lodash.com", false */ 'l', 'o', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lodgesdureynou.fr", true */ 'l', 'o', 'd', 'g', 'e', 's', 'd', 'u', 'r', 'e', 'y', 'n', 'o', 'u', '.', 'f', 'r', '\0',
+  /* "loeildansledoigt.fr", true */ 'l', 'o', 'e', 'i', 'l', 'd', 'a', 'n', 's', 'l', 'e', 'd', 'o', 'i', 'g', 't', '.', 'f', 'r', '\0',
+  /* "loenshotel.de", true */ 'l', 'o', 'e', 'n', 's', 'h', 'o', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "loew.de", true */ 'l', 'o', 'e', 'w', '.', 'd', 'e', '\0',
+  /* "lofttravel.com", true */ 'l', 'o', 'f', 't', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "log.my", false */ 'l', 'o', 'g', '.', 'm', 'y', '\0',
+  /* "logaldeveloper.com", true */ 'l', 'o', 'g', 'a', 'l', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "loganmarchione.com", true */ 'l', 'o', 'g', 'a', 'n', 'm', 'a', 'r', 'c', 'h', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "loganparkneighborhood.org", true */ 'l', 'o', 'g', 'a', 'n', 'p', 'a', 'r', 'k', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "logbook.ch", true */ 'l', 'o', 'g', 'b', 'o', 'o', 'k', '.', 'c', 'h', '\0',
+  /* "logbot.info", true */ 'l', 'o', 'g', 'b', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "logement-saisonnier.com", true */ 'l', 'o', 'g', 'e', 'm', 'e', 'n', 't', '-', 's', 'a', 'i', 's', 'o', 'n', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "logement.com", true */ 'l', 'o', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "logentries.com", false */ 'l', 'o', 'g', 'e', 'n', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "logfile.at", true */ 'l', 'o', 'g', 'f', 'i', 'l', 'e', '.', 'a', 't', '\0',
+  /* "logfile.ch", true */ 'l', 'o', 'g', 'f', 'i', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "logicchen.com", true */ 'l', 'o', 'g', 'i', 'c', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "logiciel-entreprise-seurann.fr", true */ 'l', 'o', 'g', 'i', 'c', 'i', 'e', 'l', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '-', 's', 'e', 'u', 'r', 'a', 'n', 'n', '.', 'f', 'r', '\0',
+  /* "logicio.ch", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "logicio.de", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "logicio.net", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "logicsale.com", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "logicsale.de", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "logicsale.fr", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "logicsale.it", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "login.corp.google.com", true */ 'l', 'o', 'g', 'i', 'n', '.', 'c', 'o', 'r', 'p', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "login.gov", false */ 'l', 'o', 'g', 'i', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "login.launchpad.net", true */ 'l', 'o', 'g', 'i', 'n', '.', 'l', 'a', 'u', 'n', 'c', 'h', 'p', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "login.sapo.pt", true */ 'l', 'o', 'g', 'i', 'n', '.', 's', 'a', 'p', 'o', '.', 'p', 't', '\0',
+  /* "login.ubuntu.com", true */ 'l', 'o', 'g', 'i', 'n', '.', 'u', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "login.xero.com", false */ 'l', 'o', 'g', 'i', 'n', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "login.yahoo.com", false */ 'l', 'o', 'g', 'i', 'n', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "logitank.net", true */ 'l', 'o', 'g', 'i', 't', 'a', 'n', 'k', '.', 'n', 'e', 't', '\0',
+  /* "logitel.de", true */ 'l', 'o', 'g', 'i', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "logojoes.net", true */ 'l', 'o', 'g', 'o', 'j', 'o', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "logopaediereinhard.de", true */ 'l', 'o', 'g', 'o', 'p', 'a', 'e', 'd', 'i', 'e', 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "logopedistalanni.it", true */ 'l', 'o', 'g', 'o', 'p', 'e', 'd', 'i', 's', 't', 'a', 'l', 'a', 'n', 'n', 'i', '.', 'i', 't', '\0',
+  /* "logophiliapress.com", true */ 'l', 'o', 'g', 'o', 'p', 'h', 'i', 'l', 'i', 'a', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "logopoeia.com", true */ 'l', 'o', 'g', 'o', 'p', 'o', 'e', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "logostock.jp", true */ 'l', 'o', 'g', 'o', 's', 't', 'o', 'c', 'k', '.', 'j', 'p', '\0',
+  /* "lohanaflores.com.br", true */ 'l', 'o', 'h', 'a', 'n', 'a', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "loichot.ch", true */ 'l', 'o', 'i', 'c', 'h', 'o', 't', '.', 'c', 'h', '\0',
+  /* "lojadamimo.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'a', 'm', 'i', 'm', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadanidrea.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'a', 'n', 'i', 'd', 'r', 'e', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadewhisky.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'e', 'w', 'h', 'i', 's', 'k', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadoarcomprimido.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'o', 'a', 'r', 'c', 'o', 'm', 'p', 'r', 'i', 'm', 'i', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadoprazer.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'o', 'p', 'r', 'a', 'z', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojafazendoarte.com.br", true */ 'l', 'o', 'j', 'a', 'f', 'a', 'z', 'e', 'n', 'd', 'o', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojafilipaper.com.br", true */ 'l', 'o', 'j', 'a', 'f', 'i', 'l', 'i', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojamagicalx.com", true */ 'l', 'o', 'j', 'a', 'm', 'a', 'g', 'i', 'c', 'a', 'l', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lojamascate.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'a', 's', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojamoleco.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'o', 'l', 'e', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojamulticapmais.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'u', 'l', 't', 'i', 'c', 'a', 'p', 'm', 'a', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojaprimemed.com.br", true */ 'l', 'o', 'j', 'a', 'p', 'r', 'i', 'm', 'e', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojaprojetoagua.com.br", true */ 'l', 'o', 'j', 'a', 'p', 'r', 'o', 'j', 'e', 't', 'o', 'a', 'g', 'u', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojaterrazul.com.br", true */ 'l', 'o', 'j', 'a', 't', 'e', 'r', 'r', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojavirtualfct.com.br", true */ 'l', 'o', 'j', 'a', 'v', 'i', 'r', 't', 'u', 'a', 'l', 'f', 'c', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojavisamed.com.br", true */ 'l', 'o', 'j', 'a', 'v', 'i', 's', 'a', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojix.com", true */ 'l', 'o', 'j', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lojj.pt", true */ 'l', 'o', 'j', 'j', '.', 'p', 't', '\0',
+  /* "lokaal.org", true */ 'l', 'o', 'k', 'a', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "lolcorp.pl", true */ 'l', 'o', 'l', 'c', 'o', 'r', 'p', '.', 'p', 'l', '\0',
+  /* "lolcow.farm", true */ 'l', 'o', 'l', 'c', 'o', 'w', '.', 'f', 'a', 'r', 'm', '\0',
+  /* "lolhax.org", true */ 'l', 'o', 'l', 'h', 'a', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "loli.net", true */ 'l', 'o', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "loli.pet", true */ 'l', 'o', 'l', 'i', '.', 'p', 'e', 't', '\0',
+  /* "loli.world", true */ 'l', 'o', 'l', 'i', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "lolibrary.org", true */ 'l', 'o', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "lolicon.eu", true */ 'l', 'o', 'l', 'i', 'c', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "lolicon.info", true */ 'l', 'o', 'l', 'i', 'c', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lolis.stream", true */ 'l', 'o', 'l', 'i', 's', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "lolkot.ru", true */ 'l', 'o', 'l', 'k', 'o', 't', '.', 'r', 'u', '\0',
+  /* "lollaconcept.com.br", true */ 'l', 'o', 'l', 'l', 'a', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lolnames.gg", true */ 'l', 'o', 'l', 'n', 'a', 'm', 'e', 's', '.', 'g', 'g', '\0',
+  /* "lolpatrol.de", true */ 'l', 'o', 'l', 'p', 'a', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "lolpatrol.wtf", true */ 'l', 'o', 'l', 'p', 'a', 't', 'r', 'o', 'l', '.', 'w', 't', 'f', '\0',
+  /* "loma.ml", true */ 'l', 'o', 'm', 'a', '.', 'm', 'l', '\0',
+  /* "lommyfleet.com", true */ 'l', 'o', 'm', 'm', 'y', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lon-so.com", true */ 'l', 'o', 'n', '-', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lona.io", true */ 'l', 'o', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "lonal.com", true */ 'l', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lonasdigital.com", true */ 'l', 'o', 'n', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lonbali.com", true */ 'l', 'o', 'n', 'b', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "london.dating", true */ 'l', 'o', 'n', 'd', 'o', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "londongynaecologist.co", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'g', 'y', 'n', 'a', 'e', 'c', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', '\0',
+  /* "londonkan.jp", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'k', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "londonkeyholdingcompany.co.uk", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "londonseedcentre.co.uk", true */ 'l', 'o', 'n', 'd', 'o', 'n', 's', 'e', 'e', 'd', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lone-gunman.be", true */ 'l', 'o', 'n', 'e', '-', 'g', 'u', 'n', 'm', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "lonelytweets.com", true */ 'l', 'o', 'n', 'e', 'l', 'y', 't', 'w', 'e', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lonesomecosmonaut.com", true */ 'l', 'o', 'n', 'e', 's', 'o', 'm', 'e', 'c', 'o', 's', 'm', 'o', 'n', 'a', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "longhaircareforum.com", true */ 'l', 'o', 'n', 'g', 'h', 'a', 'i', 'r', 'c', 'a', 'r', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "longhorn-imports.com", true */ 'l', 'o', 'n', 'g', 'h', 'o', 'r', 'n', '-', 'i', 'm', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "longhorn.id.au", true */ 'l', 'o', 'n', 'g', 'h', 'o', 'r', 'n', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "longstride.net", true */ 'l', 'o', 'n', 'g', 's', 't', 'r', 'i', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lonniec.com", true */ 'l', 'o', 'n', 'n', 'i', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "look.co.il", true */ 'l', 'o', 'o', 'k', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "looka.ch", true */ 'l', 'o', 'o', 'k', 'a', '.', 'c', 'h', '\0',
+  /* "looka.photo", true */ 'l', 'o', 'o', 'k', 'a', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "lookagain.co.uk", true */ 'l', 'o', 'o', 'k', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lookart.ch", true */ 'l', 'o', 'o', 'k', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "lookasik.eu", true */ 'l', 'o', 'o', 'k', 'a', 's', 'i', 'k', '.', 'e', 'u', '\0',
+  /* "lookastic.co.uk", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lookastic.com", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lookastic.de", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "lookastic.es", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'e', 's', '\0',
+  /* "lookastic.fr", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "lookastic.mx", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'm', 'x', '\0',
+  /* "lookastic.ru", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "lookbetweenthelines.com", true */ 'l', 'o', 'o', 'k', 'b', 'e', 't', 'w', 'e', 'e', 'n', 't', 'h', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lookyman.net", true */ 'l', 'o', 'o', 'k', 'y', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "loom.no", true */ 'l', 'o', 'o', 'm', '.', 'n', 'o', '\0',
+  /* "looneymooney.com", true */ 'l', 'o', 'o', 'n', 'e', 'y', 'm', 'o', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "loony.info", true */ 'l', 'o', 'o', 'n', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "loophost.com.br", false */ 'l', 'o', 'o', 'p', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "loopower.com", true */ 'l', 'o', 'o', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "loopstart.org", true */ 'l', 'o', 'o', 'p', 's', 't', 'a', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "loovto.net", true */ 'l', 'o', 'o', 'v', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "loperetti.ch", true */ 'l', 'o', 'p', 'e', 'r', 'e', 't', 't', 'i', '.', 'c', 'h', '\0',
+  /* "loqu8.com", true */ 'l', 'o', 'q', 'u', '8', '.', 'c', 'o', 'm', '\0',
+  /* "lordgun.com", true */ 'l', 'o', 'r', 'd', 'g', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lordofthebrick.com", true */ 'l', 'o', 'r', 'd', 'o', 'f', 't', 'h', 'e', 'b', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lore.azurewebsites.net", true */ 'l', 'o', 'r', 'e', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "lorenadumitrascu.ro", true */ 'l', 'o', 'r', 'e', 'n', 'a', 'd', 'u', 'm', 'i', 't', 'r', 'a', 's', 'c', 'u', '.', 'r', 'o', '\0',
+  /* "loritaboegl.de", true */ 'l', 'o', 'r', 'i', 't', 'a', 'b', 'o', 'e', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "losless.fr", true */ 'l', 'o', 's', 'l', 'e', 's', 's', '.', 'f', 'r', '\0',
+  /* "loss.no", true */ 'l', 'o', 's', 's', '.', 'n', 'o', '\0',
+  /* "lost.host", true */ 'l', 'o', 's', 't', '.', 'h', 'o', 's', 't', '\0',
+  /* "lostandcash.com", true */ 'l', 'o', 's', 't', 'a', 'n', 'd', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lostarq.com", true */ 'l', 'o', 's', 't', 'a', 'r', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "lostingames.de", true */ 'l', 'o', 's', 't', 'i', 'n', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0',
+  /* "lostkeys.co.uk", true */ 'l', 'o', 's', 't', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lostserver.com", true */ 'l', 'o', 's', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lostwithdan.com", true */ 'l', 'o', 's', 't', 'w', 'i', 't', 'h', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "loteks.de", true */ 'l', 'o', 't', 'e', 'k', 's', '.', 'd', 'e', '\0',
+  /* "lothlorien.ca", true */ 'l', 'o', 't', 'h', 'l', 'o', 'r', 'i', 'e', 'n', '.', 'c', 'a', '\0',
+  /* "lottosonline.com", true */ 'l', 'o', 't', 't', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lottospielen24.org", false */ 'l', 'o', 't', 't', 'o', 's', 'p', 'i', 'e', 'l', 'e', 'n', '2', '4', '.', 'o', 'r', 'g', '\0',
+  /* "lotuscloud.de", true */ 'l', 'o', 't', 'u', 's', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "lotw.de", true */ 'l', 'o', 't', 'w', '.', 'd', 'e', '\0',
+  /* "lotz.li", true */ 'l', 'o', 't', 'z', '.', 'l', 'i', '\0',
+  /* "lou.lt", true */ 'l', 'o', 'u', '.', 'l', 't', '\0',
+  /* "louange-reconvilier.ch", true */ 'l', 'o', 'u', 'a', 'n', 'g', 'e', '-', 'r', 'e', 'c', 'o', 'n', 'v', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "loucanfixit.com", true */ 'l', 'o', 'u', 'c', 'a', 'n', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "louisvillecarguys.com", true */ 'l', 'o', 'u', 'i', 's', 'v', 'i', 'l', 'l', 'e', 'c', 'a', 'r', 'g', 'u', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "louisvillevmug.info", true */ 'l', 'o', 'u', 'i', 's', 'v', 'i', 'l', 'l', 'e', 'v', 'm', 'u', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "loune.net", true */ 'l', 'o', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "love-schna.jp", true */ 'l', 'o', 'v', 'e', '-', 's', 'c', 'h', 'n', 'a', '.', 'j', 'p', '\0',
+  /* "love4taylor.eu.org", true */ 'l', 'o', 'v', 'e', '4', 't', 'a', 'y', 'l', 'o', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "love4taylor.me", true */ 'l', 'o', 'v', 'e', '4', 't', 'a', 'y', 'l', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "loveandadoreboutique.com", true */ 'l', 'o', 'v', 'e', 'a', 'n', 'd', 'a', 'd', 'o', 'r', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "loveislandgames.com", true */ 'l', 'o', 'v', 'e', 'i', 's', 'l', 'a', 'n', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "loveismore.de", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "loveismore.es", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'e', 's', '\0',
+  /* "loveismore.eu", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "loveismore.fr", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "loveismore.it", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'i', 't', '\0',
+  /* "loveismore.org", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "loveismore.pl", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'p', 'l', '\0',
+  /* "loveismore.ru", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'r', 'u', '\0',
+  /* "loveismore.sk", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 's', 'k', '\0',
+  /* "loveisourweapon.com", true */ 'l', 'o', 'v', 'e', 'i', 's', 'o', 'u', 'r', 'w', 'e', 'a', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lovelens.ch", true */ 'l', 'o', 'v', 'e', 'l', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "lovelens.li", true */ 'l', 'o', 'v', 'e', 'l', 'e', 'n', 's', '.', 'l', 'i', '\0',
+  /* "lovelive-anime.tk", true */ 'l', 'o', 'v', 'e', 'l', 'i', 'v', 'e', '-', 'a', 'n', 'i', 'm', 'e', '.', 't', 'k', '\0',
+  /* "lovelive.us", true */ 'l', 'o', 'v', 'e', 'l', 'i', 'v', 'e', '.', 'u', 's', '\0',
+  /* "lovemomiji.com", true */ 'l', 'o', 'v', 'e', 'm', 'o', 'm', 'i', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lovemysafetynet.com", true */ 'l', 'o', 'v', 'e', 'm', 'y', 's', 'a', 'f', 'e', 't', 'y', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lovenwishes.com", true */ 'l', 'o', 'v', 'e', 'n', 'w', 'i', 's', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "loveph.one", true */ 'l', 'o', 'v', 'e', 'p', 'h', '.', 'o', 'n', 'e', '\0',
+  /* "lover-bg.com", true */ 'l', 'o', 'v', 'e', 'r', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "loveread-ec.appspot.com", true */ 'l', 'o', 'v', 'e', 'r', 'e', 'a', 'd', '-', 'e', 'c', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "loverepublic.ru", true */ 'l', 'o', 'v', 'e', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "lovesmagical.com", true */ 'l', 'o', 'v', 'e', 's', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lovesupremefestival.com", true */ 'l', 'o', 'v', 'e', 's', 'u', 'p', 'r', 'e', 'm', 'e', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lovetravel360.com", true */ 'l', 'o', 'v', 'e', 't', 'r', 'a', 'v', 'e', 'l', '3', '6', '0', '.', 'c', 'o', 'm', '\0',
+  /* "loveyounastya.com", true */ 'l', 'o', 'v', 'e', 'y', 'o', 'u', 'n', 'a', 's', 't', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "loveysa.ch", true */ 'l', 'o', 'v', 'e', 'y', 's', 'a', '.', 'c', 'h', '\0',
+  /* "lovg.ren", true */ 'l', 'o', 'v', 'g', '.', 'r', 'e', 'n', '\0',
+  /* "lovingearth.co", true */ 'l', 'o', 'v', 'i', 'n', 'g', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', '\0',
+  /* "lovizaim.ru", true */ 'l', 'o', 'v', 'i', 'z', 'a', 'i', 'm', '.', 'r', 'u', '\0',
+  /* "low-diets.com", true */ 'l', 'o', 'w', '-', 'd', 'i', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lowcostwire.com.au", true */ 'l', 'o', 'w', 'c', 'o', 's', 't', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lowmagnitude.com", true */ 'l', 'o', 'w', 'm', 'a', 'g', 'n', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lowsec.space", true */ 'l', 'o', 'w', 's', 'e', 'c', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "lowsidetna.com", true */ 'l', 'o', 'w', 's', 'i', 'd', 'e', 't', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lowson.ca", true */ 'l', 'o', 'w', 's', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "loyaleco.it", true */ 'l', 'o', 'y', 'a', 'l', 'e', 'c', 'o', '.', 'i', 't', '\0',
+  /* "lp-support.nl", true */ 'l', 'p', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "lpacademy.com.br", true */ 'l', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lpbk-bethel.de", false */ 'l', 'p', 'b', 'k', '-', 'b', 'e', 't', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "lpm-uk.com", true */ 'l', 'p', 'm', '-', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lpt-nebreziny.eu", true */ 'l', 'p', 't', '-', 'n', 'e', 'b', 'r', 'e', 'z', 'i', 'n', 'y', '.', 'e', 'u', '\0',
+  /* "lra-cloud.de", true */ 'l', 'r', 'a', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "lrssystems.com", true */ 'l', 'r', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ls-alarm.de", true */ 'l', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "ls-rp.es", true */ 'l', 's', '-', 'r', 'p', '.', 'e', 's', '\0',
+  /* "lsc-dillingen.de", true */ 'l', 's', 'c', '-', 'd', 'i', 'l', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lsc.gov", true */ 'l', 's', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "lsquo.com", true */ 'l', 's', 'q', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lstma.com", true */ 'l', 's', 't', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lsvih.com", true */ 'l', 's', 'v', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lsys.ac", true */ 'l', 's', 'y', 's', '.', 'a', 'c', '\0',
+  /* "lszj.com", true */ 'l', 's', 'z', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "lt.search.yahoo.com", false */ 'l', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ltba.org", true */ 'l', 't', 'b', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ltecode.com", true */ 'l', 't', 'e', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ltls.org", true */ 'l', 't', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ltn-tom-morel.fr", true */ 'l', 't', 'n', '-', 't', 'o', 'm', '-', 'm', 'o', 'r', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "lu.search.yahoo.com", false */ 'l', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "luav.org", true */ 'l', 'u', 'a', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "lubar.me", true */ 'l', 'u', 'b', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "lubbockyounglawyers.org", true */ 'l', 'u', 'b', 'b', 'o', 'c', 'k', 'y', 'o', 'u', 'n', 'g', 'l', 'a', 'w', 'y', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "lubomirkazakov.com", true */ 'l', 'u', 'b', 'o', 'm', 'i', 'r', 'k', 'a', 'z', 'a', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "lubot.net", false */ 'l', 'u', 'b', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "luc-oberson.ch", true */ 'l', 'u', 'c', '-', 'o', 'b', 'e', 'r', 's', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "luca.swiss", true */ 'l', 'u', 'c', 'a', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "lucakrebs.de", true */ 'l', 'u', 'c', 'a', 'k', 'r', 'e', 'b', 's', '.', 'd', 'e', '\0',
+  /* "lucasantarella.com", true */ 'l', 'u', 'c', 'a', 's', 'a', 'n', 't', 'a', 'r', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lucascantor.com", true */ 'l', 'u', 'c', 'a', 's', 'c', 'a', 'n', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lucasem.com", true */ 'l', 'u', 'c', 'a', 's', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lucasgaland.com", true */ 'l', 'u', 'c', 'a', 's', 'g', 'a', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lucasgymnastics.com", true */ 'l', 'u', 'c', 'a', 's', 'g', 'y', 'm', 'n', 'a', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lucassoler.com.ar", true */ 'l', 'u', 'c', 'a', 's', 's', 'o', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "luce.life", true */ 'l', 'u', 'c', 'e', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "luchscheider.de", false */ 'l', 'u', 'c', 'h', 's', 'c', 'h', 'e', 'i', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lucid-light.de", true */ 'l', 'u', 'c', 'i', 'd', '-', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0',
+  /* "lucidframeworks.com", true */ 'l', 'u', 'c', 'i', 'd', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lucidlight.de", true */ 'l', 'u', 'c', 'i', 'd', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0',
+  /* "lucidlogs.com", true */ 'l', 'u', 'c', 'i', 'd', 'l', 'o', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lucidoccult.com", true */ 'l', 'u', 'c', 'i', 'd', 'o', 'c', 'c', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lucielavickova.com", true */ 'l', 'u', 'c', 'i', 'e', 'l', 'a', 'v', 'i', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "luckycastles.co.uk", true */ 'l', 'u', 'c', 'k', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "luckyfrog.hk", true */ 'l', 'u', 'c', 'k', 'y', 'f', 'r', 'o', 'g', '.', 'h', 'k', '\0',
+  /* "luckystarfishing.com", true */ 'l', 'u', 'c', 'k', 'y', 's', 't', 'a', 'r', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lucy.science", true */ 'l', 'u', 'c', 'y', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0',
+  /* "lucysan.net", true */ 'l', 'u', 'c', 'y', 's', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ludikovsky.name", true */ 'l', 'u', 'd', 'i', 'k', 'o', 'v', 's', 'k', 'y', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ludwig.im", true */ 'l', 'u', 'd', 'w', 'i', 'g', '.', 'i', 'm', '\0',
+  /* "ludwiggrill.de", true */ 'l', 'u', 'd', 'w', 'i', 'g', 'g', 'r', 'i', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "ludwigpro.net", true */ 'l', 'u', 'd', 'w', 'i', 'g', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "luehne.de", true */ 'l', 'u', 'e', 'h', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "luelistan.net", true */ 'l', 'u', 'e', 'l', 'i', 's', 't', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "luenwarneke.com", true */ 'l', 'u', 'e', 'n', 'w', 'a', 'r', 'n', 'e', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "luffyhair.com", true */ 'l', 'u', 'f', 'f', 'y', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "luftbild-siegerland.de", true */ 'l', 'u', 'f', 't', 'b', 'i', 'l', 'd', '-', 's', 'i', 'e', 'g', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "luftreiniger.biz", true */ 'l', 'u', 'f', 't', 'r', 'e', 'i', 'n', 'i', 'g', 'e', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "luganskservers.net", true */ 'l', 'u', 'g', 'a', 'n', 's', 'k', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "lugbb.org", true */ 'l', 'u', 'g', 'b', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "luginbuehl.be", true */ 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'b', 'e', '\0',
+  /* "luginbuehl.eu", true */ 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'e', 'u', '\0',
+  /* "lugui.in", true */ 'l', 'u', 'g', 'u', 'i', '.', 'i', 'n', '\0',
+  /* "luiscapelo.info", true */ 'l', 'u', 'i', 's', 'c', 'a', 'p', 'e', 'l', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "luisgf.es", true */ 'l', 'u', 'i', 's', 'g', 'f', '.', 'e', 's', '\0',
+  /* "luismaier.de", true */ 'l', 'u', 'i', 's', 'm', 'a', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "luisv.me", true */ 'l', 'u', 'i', 's', 'v', '.', 'm', 'e', '\0',
+  /* "luisyr.com", true */ 'l', 'u', 'i', 's', 'y', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "luizkowalski.net", true */ 'l', 'u', 'i', 'z', 'k', 'o', 'w', 'a', 'l', 's', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "luk.earth", true */ 'l', 'u', 'k', '.', 'e', 'a', 'r', 't', 'h', '\0',
+  /* "luk.photo", true */ 'l', 'u', 'k', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "lukas-oppermann.de", true */ 'l', 'u', 'k', 'a', 's', '-', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "lukas-schauer.de", true */ 'l', 'u', 'k', 'a', 's', '-', 's', 'c', 'h', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lukas.im", true */ 'l', 'u', 'k', 'a', 's', '.', 'i', 'm', '\0',
+  /* "lukas2511.de", true */ 'l', 'u', 'k', 'a', 's', '2', '5', '1', '1', '.', 'd', 'e', '\0',
+  /* "lukasberan.com", true */ 'l', 'u', 'k', 'a', 's', 'b', 'e', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lukasberan.cz", true */ 'l', 'u', 'k', 'a', 's', 'b', 'e', 'r', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "lukasfunk.com", true */ 'l', 'u', 'k', 'a', 's', 'f', 'u', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lukasoppermann.com", true */ 'l', 'u', 'k', 'a', 's', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lukasoppermann.de", true */ 'l', 'u', 'k', 'a', 's', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "lukasschauer.de", true */ 'l', 'u', 'k', 'a', 's', 's', 'c', 'h', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lukasschick.de", false */ 'l', 'u', 'k', 'a', 's', 's', 'c', 'h', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "lukaszorn.de", true */ 'l', 'u', 'k', 'a', 's', 'z', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "lukatz.de", true */ 'l', 'u', 'k', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "luke.ch", true */ 'l', 'u', 'k', 'e', '.', 'c', 'h', '\0',
+  /* "lukeistschuld.de", true */ 'l', 'u', 'k', 'e', 'i', 's', 't', 's', 'c', 'h', 'u', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "lukeng.net", true */ 'l', 'u', 'k', 'e', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "lukesbouncycastlehire.com", true */ 'l', 'u', 'k', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lukestebbing.com", true */ 'l', 'u', 'k', 'e', 's', 't', 'e', 'b', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lukmanulhakim.id", true */ 'l', 'u', 'k', 'm', 'a', 'n', 'u', 'l', 'h', 'a', 'k', 'i', 'm', '.', 'i', 'd', '\0',
+  /* "lukull-pizza.de", true */ 'l', 'u', 'k', 'u', 'l', 'l', '-', 'p', 'i', 'z', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "lumer.tech", true */ 'l', 'u', 'm', 'e', 'r', '.', 't', 'e', 'c', 'h', '\0',
+  /* "lumiere.com", true */ 'l', 'u', 'm', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "luminancy.com", true */ 'l', 'u', 'm', 'i', 'n', 'a', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lunafag.ru", true */ 'l', 'u', 'n', 'a', 'f', 'a', 'g', '.', 'r', 'u', '\0',
+  /* "lunakit.org", true */ 'l', 'u', 'n', 'a', 'k', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "lunapps.com", true */ 'l', 'u', 'n', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lunar6.ch", true */ 'l', 'u', 'n', 'a', 'r', '6', '.', 'c', 'h', '\0',
+  /* "lunarshark.com", true */ 'l', 'u', 'n', 'a', 'r', 's', 'h', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lunarsoft.net", true */ 'l', 'u', 'n', 'a', 'r', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "lunartail.nl", true */ 'l', 'u', 'n', 'a', 'r', 't', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "lunasqu.ee", true */ 'l', 'u', 'n', 'a', 's', 'q', 'u', '.', 'e', 'e', '\0',
+  /* "lunchbunch.me", true */ 'l', 'u', 'n', 'c', 'h', 'b', 'u', 'n', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "lune-indigo.ch", true */ 'l', 'u', 'n', 'e', '-', 'i', 'n', 'd', 'i', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "lungdoc.us", false */ 'l', 'u', 'n', 'g', 'd', 'o', 'c', '.', 'u', 's', '\0',
+  /* "lunidea.ch", true */ 'l', 'u', 'n', 'i', 'd', 'e', 'a', '.', 'c', 'h', '\0',
+  /* "lunidea.com", true */ 'l', 'u', 'n', 'i', 'd', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lunight.ml", true */ 'l', 'u', 'n', 'i', 'g', 'h', 't', '.', 'm', 'l', '\0',
+  /* "lunis.net", true */ 'l', 'u', 'n', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "lunix.io", true */ 'l', 'u', 'n', 'i', 'x', '.', 'i', 'o', '\0',
+  /* "lunorian.is", true */ 'l', 'u', 'n', 'o', 'r', 'i', 'a', 'n', '.', 'i', 's', '\0',
+  /* "luoe.me", true */ 'l', 'u', 'o', 'e', '.', 'm', 'e', '\0',
+  /* "luoh.cc", true */ 'l', 'u', 'o', 'h', '.', 'c', 'c', '\0',
+  /* "luoh.me", true */ 'l', 'u', 'o', 'h', '.', 'm', 'e', '\0',
+  /* "luohua.im", true */ 'l', 'u', 'o', 'h', 'u', 'a', '.', 'i', 'm', '\0',
+  /* "luolikong.vip", true */ 'l', 'u', 'o', 'l', 'i', 'k', 'o', 'n', 'g', '.', 'v', 'i', 'p', '\0',
+  /* "luongvu.com", true */ 'l', 'u', 'o', 'n', 'g', 'v', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "lupinencyclopedia.com", true */ 'l', 'u', 'p', 'i', 'n', 'e', 'n', 'c', 'y', 'c', 'l', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "luso-livros.net", true */ 'l', 'u', 's', 'o', '-', 'l', 'i', 'v', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "lusteniny.cz", false */ 'l', 'u', 's', 't', 'e', 'n', 'i', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "lustige-zitate.com", true */ 'l', 'u', 's', 't', 'i', 'g', 'e', '-', 'z', 'i', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lustin.fr", true */ 'l', 'u', 's', 't', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "lustrum.ch", true */ 'l', 'u', 's', 't', 'r', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "lusynth.com", true */ 'l', 'u', 's', 'y', 'n', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lutizi.com", false */ 'l', 'u', 't', 'i', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lutoma.org", true */ 'l', 'u', 't', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "luukdebruincv.nl", true */ 'l', 'u', 'u', 'k', 'd', 'e', 'b', 'r', 'u', 'i', 'n', 'c', 'v', '.', 'n', 'l', '\0',
+  /* "luukklene.nl", true */ 'l', 'u', 'u', 'k', 'k', 'l', 'e', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "luuppi.fi", true */ 'l', 'u', 'u', 'p', 'p', 'i', '.', 'f', 'i', '\0',
+  /* "luvare.com", true */ 'l', 'u', 'v', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "luvbridal.com.au", true */ 'l', 'u', 'v', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "luxcraft.eng.br", true */ 'l', 'u', 'x', 'c', 'r', 'a', 'f', 't', '.', 'e', 'n', 'g', '.', 'b', 'r', '\0',
+  /* "luxe-it.co.uk", true */ 'l', 'u', 'x', 'e', '-', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "luxescreenprotector.nl", true */ 'l', 'u', 'x', 'e', 's', 'c', 'r', 'e', 'e', 'n', 'p', 'r', 'o', 't', 'e', 'c', 't', 'o', 'r', '.', 'n', 'l', '\0',
+  /* "luxsci.com", true */ 'l', 'u', 'x', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "luxuryweddingsindonesia.com", true */ 'l', 'u', 'x', 'u', 'r', 'y', 'w', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "luxusnivoucher.cz", true */ 'l', 'u', 'x', 'u', 's', 'n', 'i', 'v', 'o', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "luxusnyvoucher.sk", true */ 'l', 'u', 'x', 'u', 's', 'n', 'y', 'v', 'o', 'u', 'c', 'h', 'e', 'r', '.', 's', 'k', '\0',
+  /* "luxvacuos.net", true */ 'l', 'u', 'x', 'v', 'a', 'c', 'u', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "luxwatch.com", true */ 'l', 'u', 'x', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "luzat.com", true */ 'l', 'u', 'z', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lv.search.yahoo.com", false */ 'l', 'v', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lv0.it", true */ 'l', 'v', '0', '.', 'i', 't', '\0',
+  /* "lv5.top", true */ 'l', 'v', '5', '.', 't', 'o', 'p', '\0',
+  /* "lvrsystems.com", true */ 'l', 'v', 'r', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lwl.moe", true */ 'l', 'w', 'l', '.', 'm', 'o', 'e', '\0',
+  /* "lwl12.com", true */ 'l', 'w', 'l', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "lycee-saintjoseph-mesnieres.fr", true */ 'l', 'y', 'c', 'e', 'e', '-', 's', 'a', 'i', 'n', 't', 'j', 'o', 's', 'e', 'p', 'h', '-', 'm', 'e', 's', 'n', 'i', 'e', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "lydudlejning.net", true */ 'l', 'y', 'd', 'u', 'd', 'l', 'e', 'j', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "lyfbits.com", true */ 'l', 'y', 'f', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lylares.com", true */ 'l', 'y', 'l', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lynero.dk", true */ 'l', 'y', 'n', 'e', 'r', 'o', '.', 'd', 'k', '\0',
+  /* "lyness.io", true */ 'l', 'y', 'n', 'e', 's', 's', '.', 'i', 'o', '\0',
+  /* "lyngvaer.no", true */ 'l', 'y', 'n', 'g', 'v', 'a', 'e', 'r', '.', 'n', 'o', '\0',
+  /* "lynkos.com", true */ 'l', 'y', 'n', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lynnlaytonnissanparts.com", true */ 'l', 'y', 'n', 'n', 'l', 'a', 'y', 't', 'o', 'n', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lynnmosher.com", true */ 'l', 'y', 'n', 'n', 'm', 'o', 's', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lynthium.com", true */ 'l', 'y', 'n', 't', 'h', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lynx.nl", true */ 'l', 'y', 'n', 'x', '.', 'n', 'l', '\0',
+  /* "lynxbroker.de", true */ 'l', 'y', 'n', 'x', 'b', 'r', 'o', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lynxpro.nl", true */ 'l', 'y', 'n', 'x', 'p', 'r', 'o', '.', 'n', 'l', '\0',
+  /* "lyon-interactive.com", true */ 'l', 'y', 'o', 'n', '-', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lyon-synergie.com", true */ 'l', 'y', 'o', 'n', '-', 's', 'y', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lyoness.digital", true */ 'l', 'y', 'o', 'n', 'e', 's', 's', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "lyonl.com", true */ 'l', 'y', 'o', 'n', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lyricfm.ie", true */ 'l', 'y', 'r', 'i', 'c', 'f', 'm', '.', 'i', 'e', '\0',
+  /* "lys.ch", true */ 'l', 'y', 's', '.', 'c', 'h', '\0',
+  /* "lysergion.com", true */ 'l', 'y', 's', 'e', 'r', 'g', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lyst.co.uk", true */ 'l', 'y', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lyx.dk", true */ 'l', 'y', 'x', '.', 'd', 'k', '\0',
+  /* "lz.sb", true */ 'l', 'z', '.', 's', 'b', '\0',
+  /* "m-22.com", true */ 'm', '-', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "m-edmondson.co.uk", true */ 'm', '-', 'e', 'd', 'm', 'o', 'n', 'd', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "m-generator.com", true */ 'm', '-', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "m-idea.jp", true */ 'm', '-', 'i', 'd', 'e', 'a', '.', 'j', 'p', '\0',
+  /* "m-kleinert.de", false */ 'm', '-', 'k', 'l', 'e', 'i', 'n', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "m-mail.fr", true */ 'm', '-', 'm', 'a', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "m-orthodontic.com", true */ 'm', '-', 'o', 'r', 't', 'h', 'o', 'd', 'o', 'n', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "m-plan.com", true */ 'm', '-', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "m-ses.fr", true */ 'm', '-', 's', 'e', 's', '.', 'f', 'r', '\0',
+  /* "m.facebook.com", true */ 'm', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "m.mail.ru", true */ 'm', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "m.me", true */ 'm', '.', 'm', 'e', '\0',
+  /* "m0t0k1ch1.com", true */ 'm', '0', 't', '0', 'k', '1', 'c', 'h', '1', '.', 'c', 'o', 'm', '\0',
+  /* "m132.eu", true */ 'm', '1', '3', '2', '.', 'e', 'u', '\0',
+  /* "m2epro.com", true */ 'm', '2', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "m2os.com", true */ 'm', '2', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "m4rcus.de", true */ 'm', '4', 'r', 'c', 'u', 's', '.', 'd', 'e', '\0',
+  /* "ma-eir.nl", true */ 'm', 'a', '-', 'e', 'i', 'r', '.', 'n', 'l', '\0',
+  /* "ma-plancha.ch", true */ 'm', 'a', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "ma2t.com", true */ 'm', 'a', '2', 't', '.', 'c', 'o', 'm', '\0',
+  /* "maartenderaedemaeker.be", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'd', 'e', 'r', 'a', 'e', 'd', 'e', 'm', 'a', 'e', 'k', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "maartenprovo.be", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'p', 'r', 'o', 'v', 'o', '.', 'b', 'e', '\0',
+  /* "maartenvandekamp.nl", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'v', 'a', 'n', 'd', 'e', 'k', 'a', 'm', 'p', '.', 'n', 'l', '\0',
+  /* "maaya.jp", true */ 'm', 'a', 'a', 'y', 'a', '.', 'j', 'p', '\0',
+  /* "mabankonline.com", true */ 'm', 'a', 'b', 'a', 'n', 'k', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mabulledu.net", true */ 'm', 'a', 'b', 'u', 'l', 'l', 'e', 'd', 'u', '.', 'n', 'e', 't', '\0',
+  /* "mac-i-tea.ch", true */ 'm', 'a', 'c', '-', 'i', '-', 't', 'e', 'a', '.', 'c', 'h', '\0',
+  /* "mac-world.pl", true */ 'm', 'a', 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'p', 'l', '\0',
+  /* "mac1.net", true */ 'm', 'a', 'c', '1', '.', 'n', 'e', 't', '\0',
+  /* "macandtonic.com", true */ 'm', 'a', 'c', 'a', 'n', 'd', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "macaque.io", false */ 'm', 'a', 'c', 'a', 'q', 'u', 'e', '.', 'i', 'o', '\0',
+  /* "macaw.nl", true */ 'm', 'a', 'c', 'a', 'w', '.', 'n', 'l', '\0',
+  /* "macaws.org", true */ 'm', 'a', 'c', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "maceinturecuir.com", true */ 'm', 'a', 'c', 'e', 'i', 'n', 't', 'u', 'r', 'e', 'c', 'u', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maces-net.de", true */ 'm', 'a', 'c', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "mach-politik.ch", true */ 'm', 'a', 'c', 'h', '-', 'p', 'o', 'l', 'i', 't', 'i', 'k', '.', 'c', 'h', '\0',
+  /* "macha.cloud", true */ 'm', 'a', 'c', 'h', 'a', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "machbach.com", true */ 'm', 'a', 'c', 'h', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "machbach.net", true */ 'm', 'a', 'c', 'h', 'b', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "machetewp.com", true */ 'm', 'a', 'c', 'h', 'e', 't', 'e', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "machikka.com", false */ 'm', 'a', 'c', 'h', 'i', 'k', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "machineryhouse.com.au", false */ 'm', 'a', 'c', 'h', 'i', 'n', 'e', 'r', 'y', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "macht-elektro.de", true */ 'm', 'a', 'c', 'h', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "machtweb.de", true */ 'm', 'a', 'c', 'h', 't', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "maciespartyhire.co.uk", true */ 'm', 'a', 'c', 'i', 'e', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "macker.io", true */ 'm', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "mackey7.net", true */ 'm', 'a', 'c', 'k', 'e', 'y', '7', '.', 'n', 'e', 't', '\0',
+  /* "maclemon.at", true */ 'm', 'a', 'c', 'l', 'e', 'm', 'o', 'n', '.', 'a', 't', '\0',
+  /* "macleod.io", true */ 'm', 'a', 'c', 'l', 'e', 'o', 'd', '.', 'i', 'o', '\0',
+  /* "macnemo.de", true */ 'm', 'a', 'c', 'n', 'e', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "macnetwork.eu", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "macnetwork.fr", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'f', 'r', '\0',
+  /* "macnetwork.net", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "maco.org.uk", true */ 'm', 'a', 'c', 'o', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "maconnerie-dcs.ch", true */ 'm', 'a', 'c', 'o', 'n', 'n', 'e', 'r', 'i', 'e', '-', 'd', 'c', 's', '.', 'c', 'h', '\0',
+  /* "macosxfilerecovery.com", true */ 'm', 'a', 'c', 'o', 's', 'x', 'f', 'i', 'l', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "macoun.de", true */ 'm', 'a', 'c', 'o', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "macstore.pe", true */ 'm', 'a', 'c', 's', 't', 'o', 'r', 'e', '.', 'p', 'e', '\0',
+  /* "mactools.com.co", true */ 'm', 'a', 'c', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "madae.nl", true */ 'm', 'a', 'd', 'a', 'e', '.', 'n', 'l', '\0',
+  /* "madbin.com", true */ 'm', 'a', 'd', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "madbouncycastles.co.uk", true */ 'm', 'a', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "madcatdesign.de", true */ 'm', 'a', 'd', 'c', 'a', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "maddi.biz", true */ 'm', 'a', 'd', 'd', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "made-in-earth.co.jp", true */ 'm', 'a', 'd', 'e', '-', 'i', 'n', '-', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "madebyshore.com", true */ 'm', 'a', 'd', 'e', 'b', 'y', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "madeglobal.com", true */ 'm', 'a', 'd', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "madeinchezmoi.net", true */ 'm', 'a', 'd', 'e', 'i', 'n', 'c', 'h', 'e', 'z', 'm', 'o', 'i', '.', 'n', 'e', 't', '\0',
+  /* "madeinstudio3.com", true */ 'm', 'a', 'd', 'e', 'i', 'n', 's', 't', 'u', 'd', 'i', 'o', '3', '.', 'c', 'o', 'm', '\0',
+  /* "madeitwor.se", true */ 'm', 'a', 'd', 'e', 'i', 't', 'w', 'o', 'r', '.', 's', 'e', '\0',
+  /* "mademoiselledemargaux.com", true */ 'm', 'a', 'd', 'e', 'm', 'o', 'i', 's', 'e', 'l', 'l', 'e', 'd', 'e', 'm', 'a', 'r', 'g', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "mader.jp", true */ 'm', 'a', 'd', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "madesurveying.co.uk", true */ 'm', 'a', 'd', 'e', 's', 'u', 'r', 'v', 'e', 'y', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "madin.ru", true */ 'm', 'a', 'd', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "madirc.net", true */ 'm', 'a', 'd', 'i', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "madmar.ee", true */ 'm', 'a', 'd', 'm', 'a', 'r', '.', 'e', 'e', '\0',
+  /* "madnetwork.org", true */ 'm', 'a', 'd', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "madoka.nu", true */ 'm', 'a', 'd', 'o', 'k', 'a', '.', 'n', 'u', '\0',
+  /* "madokami.net", true */ 'm', 'a', 'd', 'o', 'k', 'a', 'm', 'i', '.', 'n', 'e', 't', '\0',
+  /* "madrants.net", true */ 'm', 'a', 'd', 'r', 'a', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "madreacqua.org", true */ 'm', 'a', 'd', 'r', 'e', 'a', 'c', 'q', 'u', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "madtec.de", true */ 'm', 'a', 'd', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "mae-berlinistanbul.com", true */ 'm', 'a', 'e', '-', 'b', 'e', 'r', 'l', 'i', 'n', 'i', 's', 't', 'a', 'n', 'b', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "maedchenflohmarkt.at", true */ 'm', 'a', 'e', 'd', 'c', 'h', 'e', 'n', 'f', 'l', 'o', 'h', 'm', 'a', 'r', 'k', 't', '.', 'a', 't', '\0',
+  /* "maedchenflohmarkt.de", true */ 'm', 'a', 'e', 'd', 'c', 'h', 'e', 'n', 'f', 'l', 'o', 'h', 'm', 'a', 'r', 'k', 't', '.', 'd', 'e', '\0',
+  /* "maelstrom.ninja", true */ 'm', 'a', 'e', 'l', 's', 't', 'r', 'o', 'm', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "maeplasticsurgery.com", true */ 'm', 'a', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "maestrano.com", true */ 'm', 'a', 'e', 's', 't', 'r', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maff.co.uk", true */ 'm', 'a', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "maff.scot", false */ 'm', 'a', 'f', 'f', '.', 's', 'c', 'o', 't', '\0',
+  /* "mafia.network", true */ 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "mafiaforum.de", true */ 'm', 'a', 'f', 'i', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "mafiapenguin.club", true */ 'm', 'a', 'f', 'i', 'a', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "mafiasi.de", true */ 'm', 'a', 'f', 'i', 'a', 's', 'i', '.', 'd', 'e', '\0',
+  /* "magasindejouets.com", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 'd', 'e', 'j', 'o', 'u', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "magasinsalledebain.be", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', '.', 'b', 'e', '\0',
+  /* "magasinsalledebain.fr", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "magasinsalledebains.be", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', 's', '.', 'b', 'e', '\0',
+  /* "magasinsalledebains.fr", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', 's', '.', 'f', 'r', '\0',
+  /* "magazinedabeleza.net", true */ 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', 'd', 'a', 'b', 'e', 'l', 'e', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "magazinedotreino.com.br", true */ 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', 'd', 'o', 't', 'r', 'e', 'i', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "magdic.eu", true */ 'm', 'a', 'g', 'd', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "magebankin.com", true */ 'm', 'a', 'g', 'e', 'b', 'a', 'n', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "magenbrot.net", false */ 'm', 'a', 'g', 'e', 'n', 'b', 'r', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "magenda.sk", true */ 'm', 'a', 'g', 'e', 'n', 'd', 'a', '.', 's', 'k', '\0',
+  /* "magentaize.net", true */ 'm', 'a', 'g', 'e', 'n', 't', 'a', 'i', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "magentapinkinteriors.co.uk", true */ 'm', 'a', 'g', 'e', 'n', 't', 'a', 'p', 'i', 'n', 'k', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "magi.systems", true */ 'm', 'a', 'g', 'i', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "magicball.co", true */ 'm', 'a', 'g', 'i', 'c', 'b', 'a', 'l', 'l', '.', 'c', 'o', '\0',
+  /* "magicdaysomagh.co.uk", true */ 'm', 'a', 'g', 'i', 'c', 'd', 'a', 'y', 's', 'o', 'm', 'a', 'g', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "magickmoments.co.uk", true */ 'm', 'a', 'g', 'i', 'c', 'k', 'm', 'o', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "magiclen.org", true */ 'm', 'a', 'g', 'i', 'c', 'l', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "magicspaceninjapirates.de", true */ 'm', 'a', 'g', 'i', 'c', 's', 'p', 'a', 'c', 'e', 'n', 'i', 'n', 'j', 'a', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "magictable.com", true */ 'm', 'a', 'g', 'i', 'c', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "magilio.com", true */ 'm', 'a', 'g', 'i', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "magnatronic.com.br", true */ 'm', 'a', 'g', 'n', 'a', 't', 'r', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "magneticattraction.com.au", true */ 'm', 'a', 'g', 'n', 'e', 't', 'i', 'c', 'a', 't', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "magnets.jp", true */ 'm', 'a', 'g', 'n', 'e', 't', 's', '.', 'j', 'p', '\0',
+  /* "magnettracker.com", true */ 'm', 'a', 'g', 'n', 'e', 't', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "magnificentdata.com", true */ 'm', 'a', 'g', 'n', 'i', 'f', 'i', 'c', 'e', 'n', 't', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "magnoliadoulas.com", true */ 'm', 'a', 'g', 'n', 'o', 'l', 'i', 'a', 'd', 'o', 'u', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "magnoliastrong.com", true */ 'm', 'a', 'g', 'n', 'o', 'l', 'i', 'a', 's', 't', 'r', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "magwin.co.uk", true */ 'm', 'a', 'g', 'w', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mahai.me", true */ 'm', 'a', 'h', 'a', 'i', '.', 'm', 'e', '\0',
+  /* "mahansexcavating.com", true */ 'm', 'a', 'h', 'a', 'n', 's', 'e', 'x', 'c', 'a', 'v', 'a', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mahatmayoga.org", true */ 'm', 'a', 'h', 'a', 't', 'm', 'a', 'y', 'o', 'g', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "mahefa.co.uk", true */ 'm', 'a', 'h', 'e', 'f', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mahjong.org", true */ 'm', 'a', 'h', 'j', 'o', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "mahrer.net", true */ 'm', 'a', 'h', 'r', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "maiaimobiliare.ro", true */ 'm', 'a', 'i', 'a', 'i', 'm', 'o', 'b', 'i', 'l', 'i', 'a', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "maiebanatulfruncea.com", true */ 'm', 'a', 'i', 'e', 'b', 'a', 'n', 'a', 't', 'u', 'l', 'f', 'r', 'u', 'n', 'c', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mail-rotter.de", true */ 'm', 'a', 'i', 'l', '-', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mail-settings.google.com", true */ 'm', 'a', 'i', 'l', '-', 's', 'e', 't', 't', 'i', 'n', 'g', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mail.com", true */ 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mail.de", true */ 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "mail.google.com", true */ 'm', 'a', 'i', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mail.yahoo.com", false */ 'm', 'a', 'i', 'l', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mail4geek.com", true */ 'm', 'a', 'i', 'l', '4', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mail4you.in", true */ 'm', 'a', 'i', 'l', '4', 'y', 'o', 'u', '.', 'i', 'n', '\0',
+  /* "mailbox.mg", true */ 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'm', 'g', '\0',
+  /* "mailbox.org", true */ 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "mailer-dot.de", true */ 'm', 'a', 'i', 'l', 'e', 'r', '-', 'd', 'o', 't', '.', 'd', 'e', '\0',
+  /* "mailfence.com", true */ 'm', 'a', 'i', 'l', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mailflank.com", true */ 'm', 'a', 'i', 'l', 'f', 'l', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mailinabox.email", true */ 'm', 'a', 'i', 'l', 'i', 'n', 'a', 'b', 'o', 'x', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "mailjet.tech", true */ 'm', 'a', 'i', 'l', 'j', 'e', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "maillady-susume.com", true */ 'm', 'a', 'i', 'l', 'l', 'a', 'd', 'y', '-', 's', 'u', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mailmag.net", true */ 'm', 'a', 'i', 'l', 'm', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "mailpenny.com", true */ 'm', 'a', 'i', 'l', 'p', 'e', 'n', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mailto.space", true */ 'm', 'a', 'i', 'l', 't', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "main-unit.com", true */ 'm', 'a', 'i', 'n', '-', 'u', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mainechiro.com", true */ 'm', 'a', 'i', 'n', 'e', 'c', 'h', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mainframeserver.space", true */ 'm', 'a', 'i', 'n', 'f', 'r', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "mainlined.org", true */ 'm', 'a', 'i', 'n', 'l', 'i', 'n', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "mainston.com", true */ 'm', 'a', 'i', 'n', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mainzelmaennchen.net", true */ 'm', 'a', 'i', 'n', 'z', 'e', 'l', 'm', 'a', 'e', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "maisgasolina.com", true */ 'm', 'a', 'i', 's', 'g', 'a', 's', 'o', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "maispa.com", true */ 'm', 'a', 'i', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "maisretorno.com", true */ 'm', 'a', 'i', 's', 'r', 'e', 't', 'o', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maisvitaminas.com.br", true */ 'm', 'a', 'i', 's', 'v', 'i', 't', 'a', 'm', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "maitrechaton.fr", true */ 'm', 'a', 'i', 't', 'r', 'e', 'c', 'h', 'a', 't', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "maitrise-orthopedique.com", true */ 'm', 'a', 'i', 't', 'r', 'i', 's', 'e', '-', 'o', 'r', 't', 'h', 'o', 'p', 'e', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "majahoidja.ee", true */ 'm', 'a', 'j', 'a', 'h', 'o', 'i', 'd', 'j', 'a', '.', 'e', 'e', '\0',
+  /* "majaweb.cz", true */ 'm', 'a', 'j', 'a', 'w', 'e', 'b', '.', 'c', 'z', '\0',
+  /* "majemedia.com", true */ 'm', 'a', 'j', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "majid.info", true */ 'm', 'a', 'j', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "majkyto.cz", true */ 'm', 'a', 'j', 'k', 'y', 't', 'o', '.', 'c', 'z', '\0',
+  /* "makaleci.com", true */ 'm', 'a', 'k', 'a', 'l', 'e', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "makeaboldmove.com", true */ 'm', 'a', 'k', 'e', 'a', 'b', 'o', 'l', 'd', 'm', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "makedin.net", true */ 'm', 'a', 'k', 'e', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "makeit-so.de", false */ 'm', 'a', 'k', 'e', 'i', 't', '-', 's', 'o', '.', 'd', 'e', '\0',
+  /* "makem-bounce.co.uk", true */ 'm', 'a', 'k', 'e', 'm', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "makemejob.com", true */ 'm', 'a', 'k', 'e', 'm', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "makenaiyo-fx.com", true */ 'm', 'a', 'k', 'e', 'n', 'a', 'i', 'y', 'o', '-', 'f', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "makeuplove.nl", true */ 'm', 'a', 'k', 'e', 'u', 'p', 'l', 'o', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "makeyourlaws.org", true */ 'm', 'a', 'k', 'e', 'y', 'o', 'u', 'r', 'l', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "makinen.ru", true */ 'm', 'a', 'k', 'i', 'n', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "makino.games", true */ 'm', 'a', 'k', 'i', 'n', 'o', '.', 'g', 'a', 'm', 'e', 's', '\0',
+  /* "makkusu.photo", true */ 'm', 'a', 'k', 'k', 'u', 's', 'u', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "makowitz.cz", true */ 'm', 'a', 'k', 'o', 'w', 'i', 't', 'z', '.', 'c', 'z', '\0',
+  /* "maktoob.search.yahoo.com", false */ 'm', 'a', 'k', 't', 'o', 'o', 'b', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maku.edu.tr", true */ 'm', 'a', 'k', 'u', '.', 'e', 'd', 'u', '.', 't', 'r', '\0',
+  /* "malachiteauth.com", true */ 'm', 'a', 'l', 'a', 'c', 'h', 'i', 't', 'e', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "malamutedoalasca.com.br", true */ 'm', 'a', 'l', 'a', 'm', 'u', 't', 'e', 'd', 'o', 'a', 'l', 'a', 's', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "malash.me", true */ 'm', 'a', 'l', 'a', 's', 'h', '.', 'm', 'e', '\0',
+  /* "malasuk.com", true */ 'm', 'a', 'l', 'a', 's', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "malaysia.search.yahoo.com", false */ 'm', 'a', 'l', 'a', 'y', 's', 'i', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "malaysian.dating", true */ 'm', 'a', 'l', 'a', 'y', 's', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "maldives.cx", true */ 'm', 'a', 'l', 'd', 'i', 'v', 'e', 's', '.', 'c', 'x', '\0',
+  /* "malenyflorist.com.au", true */ 'm', 'a', 'l', 'e', 'n', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "maliar.fr", true */ 'm', 'a', 'l', 'i', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "malibuelectrical.com", true */ 'm', 'a', 'l', 'i', 'b', 'u', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "malik.id", true */ 'm', 'a', 'l', 'i', 'k', '.', 'i', 'd', '\0',
+  /* "malikussa.id", true */ 'm', 'a', 'l', 'i', 'k', 'u', 's', 's', 'a', '.', 'i', 'd', '\0',
+  /* "malikussaid.com", true */ 'm', 'a', 'l', 'i', 'k', 'u', 's', 's', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "malinator.net", false */ 'm', 'a', 'l', 'i', 'n', 'a', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "malinheadview.ie", true */ 'm', 'a', 'l', 'i', 'n', 'h', 'e', 'a', 'd', 'v', 'i', 'e', 'w', '.', 'i', 'e', '\0',
+  /* "maliskovik.si", true */ 'm', 'a', 'l', 'i', 's', 'k', 'o', 'v', 'i', 'k', '.', 's', 'i', '\0',
+  /* "maljaars-fotografie.nl", true */ 'm', 'a', 'l', 'j', 'a', 'a', 'r', 's', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "malkaso.com.ua", true */ 'm', 'a', 'l', 'k', 'a', 's', 'o', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "mall.cz", true */ 'm', 'a', 'l', 'l', '.', 'c', 'z', '\0',
+  /* "mall.hr", true */ 'm', 'a', 'l', 'l', '.', 'h', 'r', '\0',
+  /* "mall.hu", true */ 'm', 'a', 'l', 'l', '.', 'h', 'u', '\0',
+  /* "mall.pl", true */ 'm', 'a', 'l', 'l', '.', 'p', 'l', '\0',
+  /* "mall.sk", true */ 'm', 'a', 'l', 'l', '.', 's', 'k', '\0',
+  /* "mallach.net", true */ 'm', 'a', 'l', 'l', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "mallhonda.com", true */ 'm', 'a', 'l', 'l', 'h', 'o', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mallner.me", true */ 'm', 'a', 'l', 'l', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "mallonline.com.br", true */ 'm', 'a', 'l', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "malmoesport.se", true */ 'm', 'a', 'l', 'm', 'o', 'e', 's', 'p', 'o', 'r', 't', '.', 's', 'e', '\0',
+  /* "malnex.de", true */ 'm', 'a', 'l', 'n', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "malta-firma.com", true */ 'm', 'a', 'l', 't', 'a', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "malte-kiefer.de", true */ 'm', 'a', 'l', 't', 'e', '-', 'k', 'i', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "malvy.kiev.ua", true */ 'm', 'a', 'l', 'v', 'y', '.', 'k', 'i', 'e', 'v', '.', 'u', 'a', '\0',
+  /* "malware.watch", true */ 'm', 'a', 'l', 'w', 'a', 'r', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "malwarekillers.com", true */ 'm', 'a', 'l', 'w', 'a', 'r', 'e', 'k', 'i', 'l', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "maly.cz", true */ 'm', 'a', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "maly.io", true */ 'm', 'a', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "malyshata.com", true */ 'm', 'a', 'l', 'y', 's', 'h', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "malysvet.net", true */ 'm', 'a', 'l', 'y', 's', 'v', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "mamacobaby.com", true */ 'm', 'a', 'm', 'a', 'c', 'o', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mamadea.be", true */ 'm', 'a', 'm', 'a', 'd', 'e', 'a', '.', 'b', 'e', '\0',
+  /* "mamadoma.com.ua", true */ 'm', 'a', 'm', 'a', 'd', 'o', 'm', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "mamanecesitaungintonic.com", true */ 'm', 'a', 'm', 'a', 'n', 'e', 'c', 'e', 's', 'i', 't', 'a', 'u', 'n', 'g', 'i', 'n', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "mamastore.eu", true */ 'm', 'a', 'm', 'a', 's', 't', 'o', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "mamiecouscous.com", true */ 'm', 'a', 'm', 'i', 'e', 'c', 'o', 'u', 's', 'c', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mammals.net", true */ 'm', 'a', 'm', 'm', 'a', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "mammaw.com", true */ 'm', 'a', 'm', 'm', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "mammeitalianeavienna.com", true */ 'm', 'a', 'm', 'm', 'e', 'i', 't', 'a', 'l', 'i', 'a', 'n', 'e', 'a', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mammooc.org", true */ 'm', 'a', 'm', 'm', 'o', 'o', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mamospienas.lt", true */ 'm', 'a', 'm', 'o', 's', 'p', 'i', 'e', 'n', 'a', 's', '.', 'l', 't', '\0',
+  /* "mamot.fr", false */ 'm', 'a', 'm', 'o', 't', '.', 'f', 'r', '\0',
+  /* "mamout.xyz", true */ 'm', 'a', 'm', 'o', 'u', 't', '.', 'x', 'y', 'z', '\0',
+  /* "man3s.jp", true */ 'm', 'a', 'n', '3', 's', '.', 'j', 'p', '\0',
+  /* "manage.cm", true */ 'm', 'a', 'n', 'a', 'g', 'e', '.', 'c', 'm', '\0',
+  /* "manage4all.de", true */ 'm', 'a', 'n', 'a', 'g', 'e', '4', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "management-companie.ro", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "management-ethics.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "managementboek.nl", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', 'b', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "managementfeedback.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', 'f', 'e', 'e', 'd', 'b', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "manageprojects.com", false */ 'm', 'a', 'n', 'a', 'g', 'e', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "manager-efficacement.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'r', '-', 'e', 'f', 'f', 'i', 'c', 'a', 'c', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "manager.linode.com", false */ 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "managewp.org", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'w', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "manalu.cz", true */ 'm', 'a', 'n', 'a', 'l', 'u', '.', 'c', 'z', '\0',
+  /* "manatees.net", true */ 'm', 'a', 'n', 'a', 't', 'e', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "manav-it.de", true */ 'm', 'a', 'n', 'a', 'v', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "manavgabhawala.com", true */ 'm', 'a', 'n', 'a', 'v', 'g', 'a', 'b', 'h', 'a', 'w', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "manawill.jp", true */ 'm', 'a', 'n', 'a', 'w', 'i', 'l', 'l', '.', 'j', 'p', '\0',
+  /* "mandala-ausmalbilder.de", true */ 'm', 'a', 'n', 'd', 'a', 'l', 'a', '-', 'a', 'u', 's', 'm', 'a', 'l', 'b', 'i', 'l', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mandcbouncycastlehire.co.uk", true */ 'm', 'a', 'n', 'd', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mandm.servebeer.com", true */ 'm', 'a', 'n', 'd', 'm', '.', 's', 'e', 'r', 'v', 'e', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "manesht.ir", true */ 'm', 'a', 'n', 'e', 's', 'h', 't', '.', 'i', 'r', '\0',
+  /* "manfredgruber.net", true */ 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "manfredimatteo.com", true */ 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'i', 'm', 'a', 't', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mangaristica.com", true */ 'm', 'a', 'n', 'g', 'a', 'r', 'i', 's', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "manhattanchoralensemble.org", true */ 'm', 'a', 'n', 'h', 'a', 't', 't', 'a', 'n', 'c', 'h', 'o', 'r', 'a', 'l', 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "manhole.club", true */ 'm', 'a', 'n', 'h', 'o', 'l', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "manicbouncycastles.co.uk", true */ 'm', 'a', 'n', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "manicode.com", true */ 'm', 'a', 'n', 'i', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maniorpedi.com", true */ 'm', 'a', 'n', 'i', 'o', 'r', 'p', 'e', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "maniosglass.gr", true */ 'm', 'a', 'n', 'i', 'o', 's', 'g', 'l', 'a', 's', 's', '.', 'g', 'r', '\0',
+  /* "manipil.ch", true */ 'm', 'a', 'n', 'i', 'p', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "manja-und-martin.de", true */ 'm', 'a', 'n', 'j', 'a', '-', 'u', 'n', 'd', '-', 'm', 'a', 'r', 't', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "manjaro.ru", true */ 'm', 'a', 'n', 'j', 'a', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "mankans.com", true */ 'm', 'a', 'n', 'k', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "manneguiden.no", true */ 'm', 'a', 'n', 'n', 'e', 'g', 'u', 'i', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "mannford.com", true */ 'm', 'a', 'n', 'n', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mannheimbloggt.tk", true */ 'm', 'a', 'n', 'n', 'h', 'e', 'i', 'm', 'b', 'l', 'o', 'g', 'g', 't', '.', 't', 'k', '\0',
+  /* "manns-solutions.co.uk", true */ 'm', 'a', 'n', 'n', 's', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mannschafft.ch", true */ 'm', 'a', 'n', 'n', 's', 'c', 'h', 'a', 'f', 'f', 't', '.', 'c', 'h', '\0',
+  /* "manoirdecontres.com", true */ 'm', 'a', 'n', 'o', 'i', 'r', 'd', 'e', 'c', 'o', 'n', 't', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "manojsharan.me", true */ 'm', 'a', 'n', 'o', 'j', 's', 'h', 'a', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "manova.cz", true */ 'm', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "manowarus.com", true */ 'm', 'a', 'n', 'o', 'w', 'a', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mansdell.net", true */ 'm', 'a', 'n', 's', 'd', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "mantor.org", false */ 'm', 'a', 'n', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "manualscollection.com", true */ 'm', 'a', 'n', 'u', 'a', 'l', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "manuel-herrmann.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', '-', 'h', 'e', 'r', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "manuel-schefczyk.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "manueldopheide.com", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'd', 'o', 'p', 'h', 'e', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "manueli.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'i', '.', 'd', 'e', '\0',
+  /* "manuelrueger.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "manufacturing.gov", true */ 'm', 'a', 'n', 'u', 'f', 'a', 'c', 't', 'u', 'r', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "manuscript.com", true */ 'm', 'a', 'n', 'u', 's', 'c', 'r', 'i', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "manutd.org.np", true */ 'm', 'a', 'n', 'u', 't', 'd', '.', 'o', 'r', 'g', '.', 'n', 'p', '\0',
+  /* "manuth.life", true */ 'm', 'a', 'n', 'u', 't', 'h', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "manutrol.com.br", true */ 'm', 'a', 'n', 'u', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "manwithavan.co.uk", true */ 'm', 'a', 'n', 'w', 'i', 't', 'h', 'a', 'v', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "manyetikboya.com", true */ 'm', 'a', 'n', 'y', 'e', 't', 'i', 'k', 'b', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "manyiu.com", true */ 'm', 'a', 'n', 'y', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "manyue.org", true */ 'm', 'a', 'n', 'y', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "maomihz.com", true */ 'm', 'a', 'o', 'm', 'i', 'h', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "maone.net", true */ 'm', 'a', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "maorseo.com", true */ 'm', 'a', 'o', 'r', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maosensanguentadasdejesus.net", true */ 'm', 'a', 'o', 's', 'e', 'n', 's', 'a', 'n', 'g', 'u', 'e', 'n', 't', 'a', 'd', 'a', 's', 'd', 'e', 'j', 'e', 's', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "maowtm.org", true */ 'm', 'a', 'o', 'w', 't', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "maozedong.red", true */ 'm', 'a', 'o', 'z', 'e', 'd', 'o', 'n', 'g', '.', 'r', 'e', 'd', '\0',
+  /* "map4erfurt.de", true */ 'm', 'a', 'p', '4', 'e', 'r', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "map4jena.de", true */ 'm', 'a', 'p', '4', 'j', 'e', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "mapasmundi.com.br", true */ 'm', 'a', 'p', 'a', 's', 'm', 'u', 'n', 'd', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mapblender.com", true */ 'm', 'a', 'p', 'b', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maplanetebeaute.fr", true */ 'm', 'a', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'b', 'e', 'a', 'u', 't', 'e', '.', 'f', 'r', '\0',
+  /* "maplenorth.co", true */ 'm', 'a', 'p', 'l', 'e', 'n', 'o', 'r', 't', 'h', '.', 'c', 'o', '\0',
+  /* "mapletime.com", true */ 'm', 'a', 'p', 'l', 'e', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maquettage.com", true */ 'm', 'a', 'q', 'u', 'e', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maquillage-permanent-tatoo.com", true */ 'm', 'a', 'q', 'u', 'i', 'l', 'l', 'a', 'g', 'e', '-', 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 't', '-', 't', 'a', 't', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maquinariaspesadas.org", true */ 'm', 'a', 'q', 'u', 'i', 'n', 'a', 'r', 'i', 'a', 's', 'p', 'e', 's', 'a', 'd', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "marabumadrid.com", false */ 'm', 'a', 'r', 'a', 'b', 'u', 'm', 'a', 'd', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "marakovits.net", true */ 'm', 'a', 'r', 'a', 'k', 'o', 'v', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "marble.com", true */ 'm', 'a', 'r', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "marbogardenlidkoping.se", true */ 'm', 'a', 'r', 'b', 'o', 'g', 'a', 'r', 'd', 'e', 'n', 'l', 'i', 'd', 'k', 'o', 'p', 'i', 'n', 'g', '.', 's', 'e', '\0',
+  /* "marc-schlagenhauf.de", true */ 'm', 'a', 'r', 'c', '-', 's', 'c', 'h', 'l', 'a', 'g', 'e', 'n', 'h', 'a', 'u', 'f', '.', 'd', 'e', '\0',
+  /* "marcaudefroy.com", true */ 'm', 'a', 'r', 'c', 'a', 'u', 'd', 'e', 'f', 'r', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "marcbuehlmann.com", true */ 'm', 'a', 'r', 'c', 'b', 'u', 'e', 'h', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marcdorka.de", true */ 'm', 'a', 'r', 'c', 'd', 'o', 'r', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "marceau.ovh", true */ 'm', 'a', 'r', 'c', 'e', 'a', 'u', '.', 'o', 'v', 'h', '\0',
+  /* "marcel-preuss.de", true */ 'm', 'a', 'r', 'c', 'e', 'l', '-', 'p', 'r', 'e', 'u', 's', 's', '.', 'd', 'e', '\0',
+  /* "marcelinofranchini.com", true */ 'm', 'a', 'r', 'c', 'e', 'l', 'i', 'n', 'o', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "marcelpreuss.de", true */ 'm', 'a', 'r', 'c', 'e', 'l', 'p', 'r', 'e', 'u', 's', 's', '.', 'd', 'e', '\0',
+  /* "marcelsiegert.com", true */ 'm', 'a', 'r', 'c', 'e', 'l', 's', 'i', 'e', 'g', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marcgoertz.de", true */ 'm', 'a', 'r', 'c', 'g', 'o', 'e', 'r', 't', 'z', '.', 'd', 'e', '\0',
+  /* "marche-contre-monsanto.ch", true */ 'm', 'a', 'r', 'c', 'h', 'e', '-', 'c', 'o', 'n', 't', 'r', 'e', '-', 'm', 'o', 'n', 's', 'a', 'n', 't', 'o', '.', 'c', 'h', '\0',
+  /* "marciaimportados.com.br", true */ 'm', 'a', 'r', 'c', 'i', 'a', 'i', 'm', 'p', 'o', 'r', 't', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "marcianoandtopazio.com", true */ 'm', 'a', 'r', 'c', 'i', 'a', 'n', 'o', 'a', 'n', 'd', 't', 'o', 'p', 'a', 'z', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "marco-kretz.de", true */ 'm', 'a', 'r', 'c', 'o', '-', 'k', 'r', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "marco-polo-reisen.com", true */ 'm', 'a', 'r', 'c', 'o', '-', 'p', 'o', 'l', 'o', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marcocasoni.com", true */ 'm', 'a', 'r', 'c', 'o', 'c', 'a', 's', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "marcohager.de", true */ 'm', 'a', 'r', 'c', 'o', 'h', 'a', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "marcoherten.com", true */ 'm', 'a', 'r', 'c', 'o', 'h', 'e', 'r', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marcoslater.com", true */ 'm', 'a', 'r', 'c', 'o', 's', 'l', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "marcuskoh.com", true */ 'm', 'a', 'r', 'c', 'u', 's', 'k', 'o', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "marcusstafford.com", true */ 'm', 'a', 'r', 'c', 'u', 's', 's', 't', 'a', 'f', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "marek.su", true */ 'm', 'a', 'r', 'e', 'k', '.', 's', 'u', '\0',
+  /* "mareklecian.cz", true */ 'm', 'a', 'r', 'e', 'k', 'l', 'e', 'c', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "margagriesser.de", true */ 'm', 'a', 'r', 'g', 'a', 'g', 'r', 'i', 'e', 's', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "margan.ch", true */ 'm', 'a', 'r', 'g', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "margecommunication.com", true */ 'm', 'a', 'r', 'g', 'e', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "margo-co.ch", true */ 'm', 'a', 'r', 'g', 'o', '-', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "margotlondon.co.uk", true */ 'm', 'a', 'r', 'g', 'o', 't', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mariacristinadoces.com.br", true */ 'm', 'a', 'r', 'i', 'a', 'c', 'r', 'i', 's', 't', 'i', 'n', 'a', 'd', 'o', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mariage-photo.ch", true */ 'm', 'a', 'r', 'i', 'a', 'g', 'e', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "marianatherapy.com", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'a', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "marianhoenscheid.de", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'h', 'o', 'e', 'n', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "mariannenan.nl", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'n', 'e', 'n', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "marianwehlus.de", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'w', 'e', 'h', 'l', 'u', 's', '.', 'd', 'e', '\0',
+  /* "mariaolesen.dk", true */ 'm', 'a', 'r', 'i', 'a', 'o', 'l', 'e', 's', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "marie.club", true */ 'm', 'a', 'r', 'i', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "mariehane.com", true */ 'm', 'a', 'r', 'i', 'e', 'h', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mariemiramont.fr", true */ 'm', 'a', 'r', 'i', 'e', 'm', 'i', 'r', 'a', 'm', 'o', 'n', 't', '.', 'f', 'r', '\0',
+  /* "marikafranke.de", true */ 'm', 'a', 'r', 'i', 'k', 'a', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "marilynmartin.com.au", true */ 'm', 'a', 'r', 'i', 'l', 'y', 'n', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "marilynstreats.com", true */ 'm', 'a', 'r', 'i', 'l', 'y', 'n', 's', 't', 'r', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marin-business-center.ch", true */ 'm', 'a', 'r', 'i', 'n', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "marin-tullet.com", true */ 'm', 'a', 'r', 'i', 'n', '-', 't', 'u', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marinazarza.es", true */ 'm', 'a', 'r', 'i', 'n', 'a', 'z', 'a', 'r', 'z', 'a', '.', 'e', 's', '\0',
+  /* "marinbusinesscenter.ch", true */ 'm', 'a', 'r', 'i', 'n', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "marine.gov", true */ 'm', 'a', 'r', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "marinekaplama.com", true */ 'm', 'a', 'r', 'i', 'n', 'e', 'k', 'a', 'p', 'l', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "marines-shop.com", true */ 'm', 'a', 'r', 'i', 'n', 'e', 's', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mario.party", false */ 'm', 'a', 'r', 'i', 'o', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "marioabela.com", true */ 'm', 'a', 'r', 'i', 'o', 'a', 'b', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mariogeckler.de", true */ 'm', 'a', 'r', 'i', 'o', 'g', 'e', 'c', 'k', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mariposah.ch", true */ 'm', 'a', 'r', 'i', 'p', 'o', 's', 'a', 'h', '.', 'c', 'h', '\0',
+  /* "marisamorby.com", true */ 'm', 'a', 'r', 'i', 's', 'a', 'm', 'o', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "maritim.go.id", false */ 'm', 'a', 'r', 'i', 't', 'i', 'm', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "mariushubatschek.de", true */ 'm', 'a', 'r', 'i', 'u', 's', 'h', 'u', 'b', 'a', 't', 's', 'c', 'h', 'e', 'k', '.', 'd', 'e', '\0',
+  /* "mariusschulte.de", true */ 'm', 'a', 'r', 'i', 'u', 's', 's', 'c', 'h', 'u', 'l', 't', 'e', '.', 'd', 'e', '\0',
+  /* "mariviolin.com", true */ 'm', 'a', 'r', 'i', 'v', 'i', 'o', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marix.ro", true */ 'm', 'a', 'r', 'i', 'x', '.', 'r', 'o', '\0',
+  /* "marjoleindens.be", true */ 'm', 'a', 'r', 'j', 'o', 'l', 'e', 'i', 'n', 'd', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "mark-a-hydrant.com", true */ 'm', 'a', 'r', 'k', '-', 'a', '-', 'h', 'y', 'd', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mark-semmler.de", true */ 'm', 'a', 'r', 'k', '-', 's', 'e', 'm', 'm', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "markepps.com", true */ 'm', 'a', 'r', 'k', 'e', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "market.android.com", true */ 'm', 'a', 'r', 'k', 'e', 't', '.', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "marketgot.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'g', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marketing-advertising.eu", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '-', 'a', 'd', 'v', 'e', 'r', 't', 'i', 's', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "marketing.limited", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'l', 'i', 'm', 'i', 't', 'e', 'd', '\0',
+  /* "marketingvirtuales.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'v', 'i', 'r', 't', 'u', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marketio.co", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'o', '.', 'c', 'o', '\0',
+  /* "marketizare.ro", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'z', 'a', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "marketnsight.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "markhaehnel.de", true */ 'm', 'a', 'r', 'k', 'h', 'a', 'e', 'h', 'n', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "markido.com", true */ 'm', 'a', 'r', 'k', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "markitzeroday.com", true */ 'm', 'a', 'r', 'k', 'i', 't', 'z', 'e', 'r', 'o', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "markoh.co.uk", true */ 'm', 'a', 'r', 'k', 'o', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "markom.rs", true */ 'm', 'a', 'r', 'k', 'o', 'm', '.', 'r', 's', '\0',
+  /* "markow.io", true */ 'm', 'a', 'r', 'k', 'o', 'w', '.', 'i', 'o', '\0',
+  /* "markprof.ru", true */ 'm', 'a', 'r', 'k', 'p', 'r', 'o', 'f', '.', 'r', 'u', '\0',
+  /* "markrego.com", true */ 'm', 'a', 'r', 'k', 'r', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "markri.nl", false */ 'm', 'a', 'r', 'k', 'r', 'i', '.', 'n', 'l', '\0',
+  /* "markridgwell.com", true */ 'm', 'a', 'r', 'k', 'r', 'i', 'd', 'g', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "markridgwellcom.appspot.com", true */ 'm', 'a', 'r', 'k', 'r', 'i', 'd', 'g', 'w', 'e', 'l', 'l', 'c', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "markscastles.co.uk", true */ 'm', 'a', 'r', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "marksouthall.com", true */ 'm', 'a', 'r', 'k', 's', 'o', 'u', 't', 'h', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "markspres.org", true */ 'm', 'a', 'r', 'k', 's', 'p', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "markt-heiligenstadt.de", false */ 'm', 'a', 'r', 'k', 't', '-', 'h', 'e', 'i', 'l', 'i', 'g', 'e', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "marktcontact.com", true */ 'm', 'a', 'r', 'k', 't', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marktissink.nl", true */ 'm', 'a', 'r', 'k', 't', 'i', 's', 's', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "markup-ua.com", true */ 'm', 'a', 'r', 'k', 'u', 'p', '-', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "markus-dev.com", true */ 'm', 'a', 'r', 'k', 'u', 's', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "markus-ullmann.de", true */ 'm', 'a', 'r', 'k', 'u', 's', '-', 'u', 'l', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "markus.design", true */ 'm', 'a', 'r', 'k', 'u', 's', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "markusehrlicher.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'e', 'h', 'r', 'l', 'i', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "markusgran.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'g', 'r', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "markuskeppeler.no-ip.biz", true */ 'm', 'a', 'r', 'k', 'u', 's', 'k', 'e', 'p', 'p', 'e', 'l', 'e', 'r', '.', 'n', 'o', '-', 'i', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "markusueberallassetmanagement.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'u', 'e', 'b', 'e', 'r', 'a', 'l', 'l', 'a', 's', 's', 'e', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "markusueberallconsulting.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'u', 'e', 'b', 'e', 'r', 'a', 'l', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "marl.fr", true */ 'm', 'a', 'r', 'l', '.', 'f', 'r', '\0',
+  /* "marlen.cz", true */ 'm', 'a', 'r', 'l', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "marlonlosurdopictures.com", true */ 'm', 'a', 'r', 'l', 'o', 'n', 'l', 'o', 's', 'u', 'r', 'd', 'o', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marlonschultz.de", true */ 'm', 'a', 'r', 'l', 'o', 'n', 's', 'c', 'h', 'u', 'l', 't', 'z', '.', 'd', 'e', '\0',
+  /* "marlosoft.net", true */ 'm', 'a', 'r', 'l', 'o', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "marmolesromero.com", true */ 'm', 'a', 'r', 'm', 'o', 'l', 'e', 's', 'r', 'o', 'm', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "marmotte.love", true */ 'm', 'a', 'r', 'm', 'o', 't', 't', 'e', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "maroc-bivouac.com", true */ 'm', 'a', 'r', 'o', 'c', '-', 'b', 'i', 'v', 'o', 'u', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "marocemploi.co", true */ 'm', 'a', 'r', 'o', 'c', 'e', 'm', 'p', 'l', 'o', 'i', '.', 'c', 'o', '\0',
+  /* "marocmail.ma", true */ 'm', 'a', 'r', 'o', 'c', 'm', 'a', 'i', 'l', '.', 'm', 'a', '\0',
+  /* "marqperso.ch", true */ 'm', 'a', 'r', 'q', 'p', 'e', 'r', 's', 'o', '.', 'c', 'h', '\0',
+  /* "marquepersonnelle.ch", true */ 'm', 'a', 'r', 'q', 'u', 'e', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "marqueswines.co.uk", true */ 'm', 'a', 'r', 'q', 'u', 'e', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "marrai.de", true */ 'm', 'a', 'r', 'r', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "marriage-shrine.jp", true */ 'm', 'a', 'r', 'r', 'i', 'a', 'g', 'e', '-', 's', 'h', 'r', 'i', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "marrickvilleapartments.com.au", true */ 'm', 'a', 'r', 'r', 'i', 'c', 'k', 'v', 'i', 'l', 'l', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "marsanvet.com", true */ 'm', 'a', 'r', 's', 'a', 'n', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marsatapp.com", true */ 'm', 'a', 'r', 's', 'a', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "marsble.com", true */ 'm', 'a', 'r', 's', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "marshallscastles.com", true */ 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marshmallow.co", true */ 'm', 'a', 'r', 's', 'h', 'm', 'a', 'l', 'l', 'o', 'w', '.', 'c', 'o', '\0',
+  /* "martelange.ovh", true */ 'm', 'a', 'r', 't', 'e', 'l', 'a', 'n', 'g', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "marten-buer.de", true */ 'm', 'a', 'r', 't', 'e', 'n', '-', 'b', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "martensmxservice.nl", true */ 'm', 'a', 'r', 't', 'e', 'n', 's', 'm', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "marti201.ga", true */ 'm', 'a', 'r', 't', 'i', '2', '0', '1', '.', 'g', 'a', '\0',
+  /* "martide.com", true */ 'm', 'a', 'r', 't', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "martiestrimsalon.nl", true */ 'm', 'a', 'r', 't', 'i', 'e', 's', 't', 'r', 'i', 'm', 's', 'a', 'l', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "martijn.site", true */ 'm', 'a', 'r', 't', 'i', 'j', 'n', '.', 's', 'i', 't', 'e', '\0',
+  /* "martin-arend.de", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 'a', 'r', 'e', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "martin-mattel.com", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 'm', 'a', 't', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "martin-smith.info", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 's', 'm', 'i', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "martine.nu", true */ 'm', 'a', 'r', 't', 'i', 'n', 'e', '.', 'n', 'u', '\0',
+  /* "martingansler.de", true */ 'm', 'a', 'r', 't', 'i', 'n', 'g', 'a', 'n', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "martinkup.cz", true */ 'm', 'a', 'r', 't', 'i', 'n', 'k', 'u', 'p', '.', 'c', 'z', '\0',
+  /* "martinkus.eu", true */ 'm', 'a', 'r', 't', 'i', 'n', 'k', 'u', 's', '.', 'e', 'u', '\0',
+  /* "martinmuc.de", true */ 'm', 'a', 'r', 't', 'i', 'n', 'm', 'u', 'c', '.', 'd', 'e', '\0',
+  /* "martins.im", true */ 'm', 'a', 'r', 't', 'i', 'n', 's', '.', 'i', 'm', '\0',
+  /* "martinsfamilyappliance.com", true */ 'm', 'a', 'r', 't', 'i', 'n', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'a', 'p', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "martonmihaly.hu", true */ 'm', 'a', 'r', 't', 'o', 'n', 'm', 'i', 'h', 'a', 'l', 'y', '.', 'h', 'u', '\0',
+  /* "maru-life.com", true */ 'm', 'a', 'r', 'u', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maruhoi.com", true */ 'm', 'a', 'r', 'u', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "marvinkeller.de", true */ 'm', 'a', 'r', 'v', 'i', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "maryeclark.com", true */ 'm', 'a', 'r', 'y', 'e', 'c', 'l', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "maryjruggles.com", true */ 'm', 'a', 'r', 'y', 'j', 'r', 'u', 'g', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marykatrinaphotography.com", true */ 'm', 'a', 'r', 'y', 'k', 'a', 't', 'r', 'i', 'n', 'a', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "masa-hou.com", true */ 'm', 'a', 's', 'a', '-', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mascosolutions.com", true */ 'm', 'a', 's', 'c', 'o', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "maservant.net", true */ 'm', 'a', 's', 'e', 'r', 'v', 'a', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "mashandco.it", true */ 'm', 'a', 's', 'h', 'a', 'n', 'd', 'c', 'o', '.', 'i', 't', '\0',
+  /* "mashandco.tv", true */ 'm', 'a', 's', 'h', 'a', 'n', 'd', 'c', 'o', '.', 't', 'v', '\0',
+  /* "mashek.net", true */ 'm', 'a', 's', 'h', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "masiniunelte.store.ro", true */ 'm', 'a', 's', 'i', 'n', 'i', 'u', 'n', 'e', 'l', 't', 'e', '.', 's', 't', 'o', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "masiul.is", true */ 'm', 'a', 's', 'i', 'u', 'l', '.', 'i', 's', '\0',
+  /* "maskinkultur.com", true */ 'm', 'a', 's', 'k', 'i', 'n', 'k', 'u', 'l', 't', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maslife365.com", true */ 'm', 'a', 's', 'l', 'i', 'f', 'e', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "massage-vitalite.fr", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', '-', 'v', 'i', 't', 'a', 'l', 'i', 't', 'e', '.', 'f', 'r', '\0',
+  /* "massage4u.net", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', '4', 'u', '.', 'n', 'e', 't', '\0',
+  /* "massagecupping.com", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', 'c', 'u', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "massdrop.com", true */ 'm', 'a', 's', 's', 'd', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "masse.org", true */ 'm', 'a', 's', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "massflix.com", true */ 'm', 'a', 's', 's', 'f', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "masshiro.blog", true */ 'm', 'a', 's', 's', 'h', 'i', 'r', 'o', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "massoni.pl", true */ 'm', 'a', 's', 's', 'o', 'n', 'i', '.', 'p', 'l', '\0',
+  /* "massotherapeutique.com", true */ 'm', 'a', 's', 's', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'e', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "masta.ch", true */ 'm', 'a', 's', 't', 'a', '.', 'c', 'h', '\0',
+  /* "mastah.fr", true */ 'm', 'a', 's', 't', 'a', 'h', '.', 'f', 'r', '\0',
+  /* "mastd.fr", true */ 'm', 'a', 's', 't', 'd', '.', 'f', 'r', '\0',
+  /* "mastd.me", false */ 'm', 'a', 's', 't', 'd', '.', 'm', 'e', '\0',
+  /* "mastd.onl", true */ 'm', 'a', 's', 't', 'd', '.', 'o', 'n', 'l', '\0',
+  /* "mastellone.us", true */ 'm', 'a', 's', 't', 'e', 'l', 'l', 'o', 'n', 'e', '.', 'u', 's', '\0',
+  /* "master-net.org", true */ 'm', 'a', 's', 't', 'e', 'r', '-', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mastercardpac.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'c', 'a', 'r', 'd', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "masterdemolitioninc.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'd', 'e', 'm', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "masterdigitale.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "masterhaus.bg", true */ 'm', 'a', 's', 't', 'e', 'r', 'h', 'a', 'u', 's', '.', 'b', 'g', '\0',
+  /* "masterhelenaroma.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'h', 'e', 'l', 'e', 'n', 'a', 'r', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "masterofallscience.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'o', 'f', 'a', 'l', 'l', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "masterpc.co.uk", true */ 'm', 'a', 's', 't', 'e', 'r', 'p', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "masterplc.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'p', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "masters.black", true */ 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "mastersthesiswriting.com", true */ 'm', 'a', 's', 't', 'e', 'r', 's', 't', 'h', 'e', 's', 'i', 's', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "masterstuff.de", true */ 'm', 'a', 's', 't', 'e', 'r', 's', 't', 'u', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "mastiffingles.com.br", true */ 'm', 'a', 's', 't', 'i', 'f', 'f', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "masto.io", true */ 'm', 'a', 's', 't', 'o', '.', 'i', 'o', '\0',
+  /* "mastodon.at", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'a', 't', '\0',
+  /* "mastodon.blue", false */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "mastodon.co.nz", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "mastodon.fun", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'f', 'u', 'n', '\0',
+  /* "mastodon.host", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'h', 'o', 's', 't', '\0',
+  /* "mastodon.org.uk", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "mastodon.rocks", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "mastodon.top", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 't', 'o', 'p', '\0',
+  /* "mat99.dk", true */ 'm', 'a', 't', '9', '9', '.', 'd', 'k', '\0',
+  /* "matanz.de", true */ 'm', 'a', 't', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "matatabimix.com", true */ 'm', 'a', 't', 'a', 't', 'a', 'b', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "match.audio", true */ 'm', 'a', 't', 'c', 'h', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "matcha-iga.jp", true */ 'm', 'a', 't', 'c', 'h', 'a', '-', 'i', 'g', 'a', '.', 'j', 'p', '\0',
+  /* "matchatea24.com", true */ 'm', 'a', 't', 'c', 'h', 'a', 't', 'e', 'a', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "matchboxdesigngroup.com", true */ 'm', 'a', 't', 'c', 'h', 'b', 'o', 'x', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "matel.org", true */ 'm', 'a', 't', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "materiaischiquinho.com.br", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'i', 's', 'c', 'h', 'i', 'q', 'u', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "material-world-fuyouhin.com", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', '-', 'w', 'o', 'r', 'l', 'd', '-', 'f', 'u', 'y', 'o', 'u', 'h', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "materialism.com", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "materialyinzynierskie.pl", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'y', 'i', 'n', 'z', 'y', 'n', 'i', 'e', 'r', 's', 'k', 'i', 'e', '.', 'p', 'l', '\0',
+  /* "maternum.com", true */ 'm', 'a', 't', 'e', 'r', 'n', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mathalexservice.info", true */ 'm', 'a', 't', 'h', 'a', 'l', 'e', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mathembedded.com", true */ 'm', 'a', 't', 'h', 'e', 'm', 'b', 'e', 'd', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "matheo-schefczyk.de", true */ 'm', 'a', 't', 'h', 'e', 'o', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "mathhire.org", true */ 'm', 'a', 't', 'h', 'h', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mathias.re", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', '.', 'r', 'e', '\0',
+  /* "mathiasbynens.be", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', 'b', 'y', 'n', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "mathiasgarbe.de", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', 'g', 'a', 'r', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "mathieuguimond.com", true */ 'm', 'a', 't', 'h', 'i', 'e', 'u', 'g', 'u', 'i', 'm', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mathieui.net", true */ 'm', 'a', 't', 'h', 'i', 'e', 'u', 'i', '.', 'n', 'e', 't', '\0',
+  /* "maths.network", true */ 'm', 'a', 't', 'h', 's', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "mathspace.co", true */ 'm', 'a', 't', 'h', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', '\0',
+  /* "matildajaneclothing.com", true */ 'm', 'a', 't', 'i', 'l', 'd', 'a', 'j', 'a', 'n', 'e', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "matjaz.it", true */ 'm', 'a', 't', 'j', 'a', 'z', '.', 'i', 't', '\0',
+  /* "matlabjo.ir", true */ 'm', 'a', 't', 'l', 'a', 'b', 'j', 'o', '.', 'i', 'r', '\0',
+  /* "matlss.com", true */ 'm', 'a', 't', 'l', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "matomeathena.com", true */ 'm', 'a', 't', 'o', 'm', 'e', 'a', 't', 'h', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "matoutepetiteboutique.com", true */ 'm', 'a', 't', 'o', 'u', 't', 'e', 'p', 'e', 't', 'i', 't', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "matriterie-sdv.ro", true */ 'm', 'a', 't', 'r', 'i', 't', 'e', 'r', 'i', 'e', '-', 's', 'd', 'v', '.', 'r', 'o', '\0',
+  /* "matrix.ac", false */ 'm', 'a', 't', 'r', 'i', 'x', '.', 'a', 'c', '\0',
+  /* "matrixmedia.ro", true */ 'm', 'a', 't', 'r', 'i', 'x', 'm', 'e', 'd', 'i', 'a', '.', 'r', 'o', '\0',
+  /* "matrixreq.com", true */ 'm', 'a', 't', 'r', 'i', 'x', 'r', 'e', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "matsu-semi.com", true */ 'm', 'a', 't', 's', 'u', '-', 's', 'e', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mattandyana.com", true */ 'm', 'a', 't', 't', 'a', 'n', 'd', 'y', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mattbsg.xyz", true */ 'm', 'a', 't', 't', 'b', 's', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "mattcarr.net", false */ 'm', 'a', 't', 't', 'c', 'a', 'r', 'r', '.', 'n', 'e', 't', '\0',
+  /* "mattcoles.io", true */ 'm', 'a', 't', 't', 'c', 'o', 'l', 'e', 's', '.', 'i', 'o', '\0',
+  /* "matteomarescotti.it", true */ 'm', 'a', 't', 't', 'e', 'o', 'm', 'a', 'r', 'e', 's', 'c', 'o', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "mattferderer.com", true */ 'm', 'a', 't', 't', 'f', 'e', 'r', 'd', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mattfin.ch", true */ 'm', 'a', 't', 't', 'f', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "mattforster.ca", true */ 'm', 'a', 't', 't', 'f', 'o', 'r', 's', 't', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "matthecat.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "matthew-carson.info", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', '-', 'c', 'a', 'r', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "matthewemes.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "matthewfells.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'f', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "matthewgallagher.co.uk", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'g', 'a', 'l', 'l', 'a', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "matthewkenny.co.uk", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'k', 'e', 'n', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "matthewohare.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'o', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "matthey.nl", true */ 'm', 'a', 't', 't', 'h', 'e', 'y', '.', 'n', 'l', '\0',
+  /* "matthi.coffee", true */ 'm', 'a', 't', 't', 'h', 'i', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "matthias-muenzner.de", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', '-', 'm', 'u', 'e', 'n', 'z', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "matthiasadler.info", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 'a', 'd', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "matthiasott.com", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "matthiasschwab.de", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 's', 'c', 'h', 'w', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "matthieuschlosser.fr", true */ 'm', 'a', 't', 't', 'h', 'i', 'e', 'u', 's', 'c', 'h', 'l', 'o', 's', 's', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "matthijssen.info", true */ 'm', 'a', 't', 't', 'h', 'i', 'j', 's', 's', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mattisam.com", true */ 'm', 'a', 't', 't', 'i', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mattmccutchen.net", true */ 'm', 'a', 't', 't', 'm', 'c', 'c', 'u', 't', 'c', 'h', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mattonline.me", true */ 'm', 'a', 't', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "mattwservices.co.uk", true */ 'm', 'a', 't', 't', 'w', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "matviet.vn", true */ 'm', 'a', 't', 'v', 'i', 'e', 't', '.', 'v', 'n', '\0',
+  /* "matze.co", true */ 'm', 'a', 't', 'z', 'e', '.', 'c', 'o', '\0',
+  /* "mauldincookfence.com", true */ 'm', 'a', 'u', 'l', 'd', 'i', 'n', 'c', 'o', 'o', 'k', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mauriciog.com.ar", false */ 'm', 'a', 'u', 'r', 'i', 'c', 'i', 'o', 'g', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "mauricioghiorzi.com.ar", false */ 'm', 'a', 'u', 'r', 'i', 'c', 'i', 'o', 'g', 'h', 'i', 'o', 'r', 'z', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "maury-moteurs.com", true */ 'm', 'a', 'u', 'r', 'y', '-', 'm', 'o', 't', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mavenclinic.com", true */ 'm', 'a', 'v', 'e', 'n', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "mavensecurity.com", true */ 'm', 'a', 'v', 'e', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "maveris.com", true */ 'm', 'a', 'v', 'e', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mawidabp.com", true */ 'm', 'a', 'w', 'i', 'd', 'a', 'b', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mawidaca.com", true */ 'm', 'a', 'w', 'i', 'd', 'a', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "max-moeglich.de", true */ 'm', 'a', 'x', '-', 'm', 'o', 'e', 'g', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "max-went.pl", true */ 'm', 'a', 'x', '-', 'w', 'e', 'n', 't', '.', 'p', 'l', '\0',
+  /* "max.gov", true */ 'm', 'a', 'x', '.', 'g', 'o', 'v', '\0',
+  /* "maxbruckner.de", true */ 'm', 'a', 'x', 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "maxbruckner.org", true */ 'm', 'a', 'x', 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "maxbytes.nl", false */ 'm', 'a', 'x', 'b', 'y', 't', 'e', 's', '.', 'n', 'l', '\0',
+  /* "maxchan.info", true */ 'm', 'a', 'x', 'c', 'h', 'a', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "maxdev72.freeboxos.fr", true */ 'm', 'a', 'x', 'd', 'e', 'v', '7', '2', '.', 'f', 'r', 'e', 'e', 'b', 'o', 'x', 'o', 's', '.', 'f', 'r', '\0',
+  /* "maxfox.me", true */ 'm', 'a', 'x', 'f', 'o', 'x', '.', 'm', 'e', '\0',
+  /* "maxhamon.ovh", true */ 'm', 'a', 'x', 'h', 'a', 'm', 'o', 'n', '.', 'o', 'v', 'h', '\0',
+  /* "maxhoechtl.at", true */ 'm', 'a', 'x', 'h', 'o', 'e', 'c', 'h', 't', 'l', '.', 'a', 't', '\0',
+  /* "maxhorvath.com", true */ 'm', 'a', 'x', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "maxibanki.ovh", true */ 'm', 'a', 'x', 'i', 'b', 'a', 'n', 'k', 'i', '.', 'o', 'v', 'h', '\0',
+  /* "maxicore.co.za", true */ 'm', 'a', 'x', 'i', 'c', 'o', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "maxima.at", true */ 'm', 'a', 'x', 'i', 'm', 'a', '.', 'a', 't', '\0',
+  /* "maximdeboiserie.be", true */ 'm', 'a', 'x', 'i', 'm', 'd', 'e', 'b', 'o', 'i', 's', 'e', 'r', 'i', 'e', '.', 'b', 'e', '\0',
+  /* "maximdens.be", true */ 'm', 'a', 'x', 'i', 'm', 'd', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "maximeferon.fr", true */ 'm', 'a', 'x', 'i', 'm', 'e', 'f', 'e', 'r', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "maximelouet.me", true */ 'm', 'a', 'x', 'i', 'm', 'e', 'l', 'o', 'u', 'e', 't', '.', 'm', 'e', '\0',
+  /* "maximilian-graf.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', '-', 'g', 'r', 'a', 'f', '.', 'd', 'e', '\0',
+  /* "maximilian-greger.com", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', '-', 'g', 'r', 'e', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maximiliankaul.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', 'k', 'a', 'u', 'l', '.', 'd', 'e', '\0',
+  /* "maximiliankrieg.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', 'k', 'r', 'i', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "maxims-travel.com", true */ 'm', 'a', 'x', 'i', 'm', 's', '-', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "maxipcalls.com", true */ 'm', 'a', 'x', 'i', 'p', 'c', 'a', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "maxisito.it", true */ 'm', 'a', 'x', 'i', 's', 'i', 't', 'o', '.', 'i', 't', '\0',
+  /* "maxkaul.de", true */ 'm', 'a', 'x', 'k', 'a', 'u', 'l', '.', 'd', 'e', '\0',
+  /* "maxmilton.com", true */ 'm', 'a', 'x', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "maxrandolph.com", true */ 'm', 'a', 'x', 'r', 'a', 'n', 'd', 'o', 'l', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "maxtruxa.com", true */ 'm', 'a', 'x', 't', 'r', 'u', 'x', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "maxwaellenergie.de", true */ 'm', 'a', 'x', 'w', 'a', 'e', 'l', 'l', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "maxwell-english.co.jp", false */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "maxwellflynn.com", true */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', 'f', 'l', 'y', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "maxwellmoore.co.uk", true */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', 'm', 'o', 'o', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "may24.tw", true */ 'm', 'a', 'y', '2', '4', '.', 't', 'w', '\0',
+  /* "mayavi.co.in", true */ 'm', 'a', 'y', 'a', 'v', 'i', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "maybeul.com", true */ 'm', 'a', 'y', 'b', 'e', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "maydex.info", true */ 'm', 'a', 'y', 'd', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mayerbrownllz.com", true */ 'm', 'a', 'y', 'e', 'r', 'b', 'r', 'o', 'w', 'n', 'l', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mayomarquees.com", true */ 'm', 'a', 'y', 'o', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mayopartyhire.com", true */ 'm', 'a', 'y', 'o', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mayoristassexshop.com", true */ 'm', 'a', 'y', 'o', 'r', 'i', 's', 't', 'a', 's', 's', 'e', 'x', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "maypolevilla.co.uk", true */ 'm', 'a', 'y', 'p', 'o', 'l', 'e', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mayrhofer.eu.org", true */ 'm', 'a', 'y', 'r', 'h', 'o', 'f', 'e', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "mazda-mps.de", true */ 'm', 'a', 'z', 'd', 'a', '-', 'm', 'p', 's', '.', 'd', 'e', '\0',
+  /* "mazda-thermote.com", true */ 'm', 'a', 'z', 'd', 'a', '-', 't', 'h', 'e', 'r', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mazda626.net", true */ 'm', 'a', 'z', 'd', 'a', '6', '2', '6', '.', 'n', 'e', 't', '\0',
+  /* "maze.fr", true */ 'm', 'a', 'z', 'e', '.', 'f', 'r', '\0',
+  /* "mazternet.ru", true */ 'm', 'a', 'z', 't', 'e', 'r', 'n', 'e', 't', '.', 'r', 'u', '\0',
+  /* "mazzotta.me", true */ 'm', 'a', 'z', 'z', 'o', 't', 't', 'a', '.', 'm', 'e', '\0',
+  /* "mbaestlein.de", true */ 'm', 'b', 'a', 'e', 's', 't', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "mbainflatables.co.uk", true */ 'm', 'b', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mbardot.com", true */ 'm', 'b', 'a', 'r', 'd', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mbasic.facebook.com", false */ 'm', 'b', 'a', 's', 'i', 'c', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mbcars.be", true */ 'm', 'b', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "mbeo.ch", true */ 'm', 'b', 'e', 'o', '.', 'c', 'h', '\0',
+  /* "mbilker.us", true */ 'm', 'b', 'i', 'l', 'k', 'e', 'r', '.', 'u', 's', '\0',
+  /* "mbinf.de", false */ 'm', 'b', 'i', 'n', 'f', '.', 'd', 'e', '\0',
+  /* "mbinformatik.de", false */ 'm', 'b', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "mbits.solutions", true */ 'm', 'b', 'i', 't', 's', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "mblankhorst.nl", true */ 'm', 'b', 'l', 'a', 'n', 'k', 'h', 'o', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "mble.mg", true */ 'm', 'b', 'l', 'e', '.', 'm', 'g', '\0',
+  /* "mbp.banking.co.at", false */ 'm', 'b', 'p', '.', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "mbr-net.de", true */ 'm', 'b', 'r', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "mbrooks.info", true */ 'm', 'b', 'r', 'o', 'o', 'k', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mbs-journey.com", true */ 'm', 'b', 's', '-', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mburns.duckdns.org", true */ 'm', 'b', 'u', 'r', 'n', 's', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mbweir.com", true */ 'm', 'b', 'w', 'e', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mc-venture.net", false */ 'm', 'c', '-', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mcadmin.net", true */ 'm', 'c', 'a', 'd', 'm', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mcatnnlo.org", true */ 'm', 'c', 'a', 't', 'n', 'n', 'l', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "mccordworks.com", true */ 'm', 'c', 'c', 'o', 'r', 'd', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mccrackon.com", true */ 'm', 'c', 'c', 'r', 'a', 'c', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mcdermottautomotive.com", true */ 'm', 'c', 'd', 'e', 'r', 'm', 'o', 't', 't', 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mcdona1d.me", true */ 'm', 'c', 'd', 'o', 'n', 'a', '1', 'd', '.', 'm', 'e', '\0',
+  /* "mcdonalds.be", true */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 's', '.', 'b', 'e', '\0',
+  /* "mcdonalds.design", true */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 's', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "mcdonaldwhsl.com", false */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 'w', 'h', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mce.eu", true */ 'm', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "mce.nyc", true */ 'm', 'c', 'e', '.', 'n', 'y', 'c', '\0',
+  /* "mce55.eu", true */ 'm', 'c', 'e', '5', '5', '.', 'e', 'u', '\0',
+  /* "mcea-hld.jp", true */ 'm', 'c', 'e', 'a', '-', 'h', 'l', 'd', '.', 'j', 'p', '\0',
+  /* "mceconferencecentre.eu", true */ 'm', 'c', 'e', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "mcfedries.com", true */ 'm', 'c', 'f', 'e', 'd', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mcgarderen.nl", true */ 'm', 'c', 'g', 'a', 'r', 'd', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "mcgavocknissanwichitaparts.com", true */ 'm', 'c', 'g', 'a', 'v', 'o', 'c', 'k', 'n', 'i', 's', 's', 'a', 'n', 'w', 'i', 'c', 'h', 'i', 't', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mcgovernance.com", true */ 'm', 'c', 'g', 'o', 'v', 'e', 'r', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mchopkins.net", true */ 'm', 'c', 'h', 'o', 'p', 'k', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "mchristopher.com", true */ 'm', 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mcideas.tk", true */ 'm', 'c', 'i', 'd', 'e', 'a', 's', '.', 't', 'k', '\0',
+  /* "mcjackk77.com", true */ 'm', 'c', 'j', 'a', 'c', 'k', 'k', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "mckenry.net", true */ 'm', 'c', 'k', 'e', 'n', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "mckernan.in", true */ 'm', 'c', 'k', 'e', 'r', 'n', 'a', 'n', '.', 'i', 'n', '\0',
+  /* "mckinley.school", true */ 'm', 'c', 'k', 'i', 'n', 'l', 'e', 'y', '.', 's', 'c', 'h', 'o', 'o', 'l', '\0',
+  /* "mckinleytk.com", true */ 'm', 'c', 'k', 'i', 'n', 'l', 'e', 'y', 't', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mcl.gg", true */ 'm', 'c', 'l', '.', 'g', 'g', '\0',
+  /* "mclinflatables.co.uk", true */ 'm', 'c', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mcmillanskiclub.com.au", true */ 'm', 'c', 'm', 'i', 'l', 'l', 'a', 'n', 's', 'k', 'i', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mcneill.io", true */ 'm', 'c', 'n', 'e', 'i', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "mcnext.net", true */ 'm', 'c', 'n', 'e', 'x', 't', '.', 'n', 'e', 't', '\0',
+  /* "mcpart.land", true */ 'm', 'c', 'p', 'a', 'r', 't', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "mcrn.jp", true */ 'm', 'c', 'r', 'n', '.', 'j', 'p', '\0',
+  /* "mcsinflatables.co.uk", true */ 'm', 'c', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mcsniper.co", true */ 'm', 'c', 's', 'n', 'i', 'p', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "mcuong.tk", false */ 'm', 'c', 'u', 'o', 'n', 'g', '.', 't', 'k', '\0',
+  /* "mcynews.com", true */ 'm', 'c', 'y', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mcyukon.com", true */ 'm', 'c', 'y', 'u', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "md5file.com", true */ 'm', 'd', '5', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "md5hashing.net", true */ 'm', 'd', '5', 'h', 'a', 's', 'h', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "mdbouncycastlehirelondon.co.uk", true */ 'm', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mdcloudpracticesolutions.com", true */ 'm', 'd', 'c', 'l', 'o', 'u', 'd', 'p', 'r', 'a', 'c', 't', 'i', 'c', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mdcloudps.com", true */ 'm', 'd', 'c', 'l', 'o', 'u', 'd', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mdek.at", true */ 'm', 'd', 'e', 'k', '.', 'a', 't', '\0',
+  /* "mdewendt.de", true */ 'm', 'd', 'e', 'w', 'e', 'n', 'd', 't', '.', 'd', 'e', '\0',
+  /* "mdf-bis.com", true */ 'm', 'd', 'f', '-', 'b', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mdiv.pl", true */ 'm', 'd', 'i', 'v', '.', 'p', 'l', '\0',
+  /* "mdma.net", true */ 'm', 'd', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "mdmed.clinic", true */ 'm', 'd', 'm', 'e', 'd', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0',
+  /* "mdoering.de", true */ 'm', 'd', 'o', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "mdosch.de", true */ 'm', 'd', 'o', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "mdpraha.cz", true */ 'm', 'd', 'p', 'r', 'a', 'h', 'a', '.', 'c', 'z', '\0',
+  /* "mdsave.com", true */ 'm', 'd', 's', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mdwftw.com", true */ 'm', 'd', 'w', 'f', 't', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "mdx.no", true */ 'm', 'd', 'x', '.', 'n', 'o', '\0',
+  /* "mdxdave.de", true */ 'm', 'd', 'x', 'd', 'a', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "mdxn.org", true */ 'm', 'd', 'x', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "me-center.com", true */ 'm', 'e', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "me-groups.com", true */ 'm', 'e', '-', 'g', 'r', 'o', 'u', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "me.net.nz", true */ 'm', 'e', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "meadowviewfarms.org", true */ 'm', 'e', 'a', 'd', 'o', 'w', 'v', 'i', 'e', 'w', 'f', 'a', 'r', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mealgoo.com", true */ 'm', 'e', 'a', 'l', 'g', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mealz.com", false */ 'm', 'e', 'a', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "meany.xyz", true */ 'm', 'e', 'a', 'n', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "meap.xyz", true */ 'm', 'e', 'a', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "measuretwice.com", true */ 'm', 'e', 'a', 's', 'u', 'r', 'e', 't', 'w', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "measureyourpenis.today", true */ 'm', 'e', 'a', 's', 'u', 'r', 'e', 'y', 'o', 'u', 'r', 'p', 'e', 'n', 'i', 's', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "meat.org.uk", true */ 'm', 'e', 'a', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "mecanicoautomotriz.org", true */ 'm', 'e', 'c', 'a', 'n', 'i', 'c', 'o', 'a', 'u', 't', 'o', 'm', 'o', 't', 'r', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "mechanixdirect.co.uk", false */ 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'x', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mechanus.io", true */ 'm', 'e', 'c', 'h', 'a', 'n', 'u', 's', '.', 'i', 'o', '\0',
+  /* "med-otzyv.ru", true */ 'm', 'e', 'd', '-', 'o', 't', 'z', 'y', 'v', '.', 'r', 'u', '\0',
+  /* "medba.se", true */ 'm', 'e', 'd', 'b', 'a', '.', 's', 'e', '\0',
+  /* "medcir.com.br", true */ 'm', 'e', 'd', 'c', 'i', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "medcrowd.com", true */ 'm', 'e', 'd', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "meddelare.com", true */ 'm', 'e', 'd', 'd', 'e', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meddigital.com", true */ 'm', 'e', 'd', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "medeinos.lt", true */ 'm', 'e', 'd', 'e', 'i', 'n', 'o', 's', '.', 'l', 't', '\0',
+  /* "medexpress.co.uk", true */ 'm', 'e', 'd', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "medi-link.co.il", true */ 'm', 'e', 'd', 'i', '-', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "media-access.online", true */ 'm', 'e', 'd', 'i', 'a', '-', 'a', 'c', 'c', 'e', 's', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "media-courses.com", true */ 'm', 'e', 'd', 'i', 'a', '-', 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "media-credit.eu", true */ 'm', 'e', 'd', 'i', 'a', '-', 'c', 'r', 'e', 'd', 'i', 't', '.', 'e', 'u', '\0',
+  /* "media-instance.ru", true */ 'm', 'e', 'd', 'i', 'a', '-', 'i', 'n', 's', 't', 'a', 'n', 'c', 'e', '.', 'r', 'u', '\0',
+  /* "media-pi.com", true */ 'm', 'e', 'd', 'i', 'a', '-', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mediaarea.net", true */ 'm', 'e', 'd', 'i', 'a', 'a', 'r', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "mediablaster.com", true */ 'm', 'e', 'd', 'i', 'a', 'b', 'l', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mediaburst.co.uk", true */ 'm', 'e', 'd', 'i', 'a', 'b', 'u', 'r', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mediadex.be", true */ 'm', 'e', 'd', 'i', 'a', 'd', 'e', 'x', '.', 'b', 'e', '\0',
+  /* "mediaexpert.fr", true */ 'm', 'e', 'd', 'i', 'a', 'e', 'x', 'p', 'e', 'r', 't', '.', 'f', 'r', '\0',
+  /* "mediafocus.biz", true */ 'm', 'e', 'd', 'i', 'a', 'f', 'o', 'c', 'u', 's', '.', 'b', 'i', 'z', '\0',
+  /* "mediagenic.ch", true */ 'm', 'e', 'd', 'i', 'a', 'g', 'e', 'n', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "mediagrand.net", true */ 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'a', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "mediajurnal.com", true */ 'm', 'e', 'd', 'i', 'a', 'j', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "medialab.nrw", true */ 'm', 'e', 'd', 'i', 'a', 'l', 'a', 'b', '.', 'n', 'r', 'w', '\0',
+  /* "mediamarkt.pl", true */ 'm', 'e', 'd', 'i', 'a', 'm', 'a', 'r', 'k', 't', '.', 'p', 'l', '\0',
+  /* "mediapart.fr", true */ 'm', 'e', 'd', 'i', 'a', 'p', 'a', 'r', 't', '.', 'f', 'r', '\0',
+  /* "mediaselection.eu", true */ 'm', 'e', 'd', 'i', 'a', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "mediastorm.us", true */ 'm', 'e', 'd', 'i', 'a', 's', 't', 'o', 'r', 'm', '.', 'u', 's', '\0',
+  /* "mediationculturelleclp.ch", true */ 'm', 'e', 'd', 'i', 'a', 't', 'i', 'o', 'n', 'c', 'u', 'l', 't', 'u', 'r', 'e', 'l', 'l', 'e', 'c', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "mediatorzy.waw.pl", true */ 'm', 'e', 'd', 'i', 'a', 't', 'o', 'r', 'z', 'y', '.', 'w', 'a', 'w', '.', 'p', 'l', '\0',
+  /* "mediawiki.org", true */ 'm', 'e', 'd', 'i', 'a', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "mediawin.pl", true */ 'm', 'e', 'd', 'i', 'a', 'w', 'i', 'n', '.', 'p', 'l', '\0',
+  /* "medic-world.com", true */ 'm', 'e', 'd', 'i', 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "medicalcountermeasures.gov", true */ 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'c', 'o', 'u', 'n', 't', 'e', 'r', 'm', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "medicinesfast.com", false */ 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', 's', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "medicinia.com.br", true */ 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "medicocompetente.it", true */ 'm', 'e', 'd', 'i', 'c', 'o', 'c', 'o', 'm', 'p', 'e', 't', 'e', 'n', 't', 'e', '.', 'i', 't', '\0',
+  /* "medicoresponde.com.br", true */ 'm', 'e', 'd', 'i', 'c', 'o', 'r', 'e', 's', 'p', 'o', 'n', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "medifab.online", true */ 'm', 'e', 'd', 'i', 'f', 'a', 'b', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "medifi.com", true */ 'm', 'e', 'd', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "medireport.fr", true */ 'm', 'e', 'd', 'i', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "medium.com", true */ 'm', 'e', 'd', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mediumraw.org", true */ 'm', 'e', 'd', 'i', 'u', 'm', 'r', 'a', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "medlineplus.gov", true */ 'm', 'e', 'd', 'l', 'i', 'n', 'e', 'p', 'l', 'u', 's', '.', 'g', 'o', 'v', '\0',
+  /* "medo64.com", true */ 'm', 'e', 'd', 'o', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "medovea.ru", true */ 'm', 'e', 'd', 'o', 'v', 'e', 'a', '.', 'r', 'u', '\0',
+  /* "medpics.com", true */ 'm', 'e', 'd', 'p', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "medstreaming.com", true */ 'm', 'e', 'd', 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "medtalents.ch", true */ 'm', 'e', 'd', 't', 'a', 'l', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "medtankers.management", true */ 'm', 'e', 'd', 't', 'a', 'n', 'k', 'e', 'r', 's', '.', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '\0',
+  /* "medtehnika.ua", true */ 'm', 'e', 'd', 't', 'e', 'h', 'n', 'i', 'k', 'a', '.', 'u', 'a', '\0',
+  /* "medusa.wtf", true */ 'm', 'e', 'd', 'u', 's', 'a', '.', 'w', 't', 'f', '\0',
+  /* "meduza.io", true */ 'm', 'e', 'd', 'u', 'z', 'a', '.', 'i', 'o', '\0',
+  /* "medwaybouncycastlehire.co.uk", true */ 'm', 'e', 'd', 'w', 'a', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "medyotan.ga", true */ 'm', 'e', 'd', 'y', 'o', 't', 'a', 'n', '.', 'g', 'a', '\0',
+  /* "meedoenhartvanwestbrabant.nl", true */ 'm', 'e', 'e', 'd', 'o', 'e', 'n', 'h', 'a', 'r', 't', 'v', 'a', 'n', 'w', 'e', 's', 't', 'b', 'r', 'a', 'b', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "meehle.com", true */ 'm', 'e', 'e', 'h', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meerutcake.com", true */ 'm', 'e', 'e', 'r', 'u', 't', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meet.google.com", true */ 'm', 'e', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meetbot.fedoraproject.org", true */ 'm', 'e', 'e', 't', 'b', 'o', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "meetingfriends.ch", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'h', '\0',
+  /* "meetingmanage.nl", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'm', 'a', 'n', 'a', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "meetingmanager.ovh", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'o', 'v', 'h', '\0',
+  /* "meetings2.com", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 's', '2', '.', 'c', 'o', 'm', '\0',
+  /* "meetmibaby.co.uk", true */ 'm', 'e', 'e', 't', 'm', 'i', 'b', 'a', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "meetmygoods.com", true */ 'm', 'e', 'e', 't', 'm', 'y', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "meeusen-usedcars.be", true */ 'm', 'e', 'e', 'u', 's', 'e', 'n', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "meeztertom.nl", true */ 'm', 'e', 'e', 'z', 't', 'e', 'r', 't', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "meg-a-bounce.co.uk", true */ 'm', 'e', 'g', '-', 'a', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mega-feeling.de", true */ 'm', 'e', 'g', 'a', '-', 'f', 'e', 'e', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "mega.co.nz", true */ 'm', 'e', 'g', 'a', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "mega.nz", true */ 'm', 'e', 'g', 'a', '.', 'n', 'z', '\0',
+  /* "mega.online", true */ 'm', 'e', 'g', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "megablogging.org", true */ 'm', 'e', 'g', 'a', 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "megabounce.co.uk", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "megabounceni.co.uk", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "megabouncingcastles.com", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "megadrol.com", true */ 'm', 'e', 'g', 'a', 'd', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "megaflix.nl", true */ 'm', 'e', 'g', 'a', 'f', 'l', 'i', 'x', '.', 'n', 'l', '\0',
+  /* "megagifs.de", true */ 'm', 'e', 'g', 'a', 'g', 'i', 'f', 's', '.', 'd', 'e', '\0',
+  /* "megainflatables.co.uk", true */ 'm', 'e', 'g', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "megamarkey.de", true */ 'm', 'e', 'g', 'a', 'm', 'a', 'r', 'k', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "megamisja.pl", true */ 'm', 'e', 'g', 'a', 'm', 'i', 's', 'j', 'a', '.', 'p', 'l', '\0',
+  /* "meganandmarc.us", true */ 'm', 'e', 'g', 'a', 'n', 'a', 'n', 'd', 'm', 'a', 'r', 'c', '.', 'u', 's', '\0',
+  /* "meganreel.com", true */ 'm', 'e', 'g', 'a', 'n', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "megapixel.cz", true */ 'm', 'e', 'g', 'a', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'z', '\0',
+  /* "megaplan.cz", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "megaplan.ru", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "megaplonk.com", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'o', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "megasslstore.com", true */ 'm', 'e', 'g', 'a', 's', 's', 'l', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "megaxchange.com", true */ 'm', 'e', 'g', 'a', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "megumico.net", true */ 'm', 'e', 'g', 'u', 'm', 'i', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mehalick.com", true */ 'm', 'e', 'h', 'a', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mehhh.xyz", true */ 'm', 'e', 'h', 'h', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "mehmetakif.edu.tr", true */ 'm', 'e', 'h', 'm', 'e', 't', 'a', 'k', 'i', 'f', '.', 'e', 'd', 'u', '.', 't', 'r', '\0',
+  /* "mehmetince.net", true */ 'm', 'e', 'h', 'm', 'e', 't', 'i', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mehostdd.com", false */ 'm', 'e', 'h', 'o', 's', 't', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mehr-schulferien.de", true */ 'm', 'e', 'h', 'r', '-', 's', 'c', 'h', 'u', 'l', 'f', 'e', 'r', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mehrleben.at", true */ 'm', 'e', 'h', 'r', 'l', 'e', 'b', 'e', 'n', '.', 'a', 't', '\0',
+  /* "mehrwert.de", true */ 'm', 'e', 'h', 'r', 'w', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "meierhofer.net", true */ 'm', 'e', 'i', 'e', 'r', 'h', 'o', 'f', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "meiju.video", true */ 'm', 'e', 'i', 'j', 'u', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "meikan.moe", true */ 'm', 'e', 'i', 'k', 'a', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "meillard-auto-ecole.ch", true */ 'm', 'e', 'i', 'l', 'l', 'a', 'r', 'd', '-', 'a', 'u', 't', 'o', '-', 'e', 'c', 'o', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "meilleur.info", true */ 'm', 'e', 'i', 'l', 'l', 'e', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mein-muehlhausen.bayern", true */ 'm', 'e', 'i', 'n', '-', 'm', 'u', 'e', 'h', 'l', 'h', 'a', 'u', 's', 'e', 'n', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "mein-webportal.de", true */ 'm', 'e', 'i', 'n', '-', 'w', 'e', 'b', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "meinbetriebsrat24.de", true */ 'm', 'e', 'i', 'n', 'b', 'e', 't', 'r', 'i', 'e', 'b', 's', 'r', 'a', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "meincenter-meinemeinung.de", true */ 'm', 'e', 'i', 'n', 'c', 'e', 'n', 't', 'e', 'r', '-', 'm', 'e', 'i', 'n', 'e', 'm', 'e', 'i', 'n', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "meincoach.at", true */ 'm', 'e', 'i', 'n', 'c', 'o', 'a', 'c', 'h', '.', 'a', 't', '\0',
+  /* "meine-email-im.net", true */ 'm', 'e', 'i', 'n', 'e', '-', 'e', 'm', 'a', 'i', 'l', '-', 'i', 'm', '.', 'n', 'e', 't', '\0',
+  /* "meine-immofinanzierung.de", true */ 'm', 'e', 'i', 'n', 'e', '-', 'i', 'm', 'm', 'o', 'f', 'i', 'n', 'a', 'n', 'z', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "meine-plancha.ch", true */ 'm', 'e', 'i', 'n', 'e', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "meinezwangsversteigerung.de", true */ 'm', 'e', 'i', 'n', 'e', 'z', 'w', 'a', 'n', 'g', 's', 'v', 'e', 'r', 's', 't', 'e', 'i', 'g', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "meinstartinsleben.com", true */ 'm', 'e', 'i', 'n', 's', 't', 'a', 'r', 't', 'i', 'n', 's', 'l', 'e', 'b', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "meinstartinsleben.de", true */ 'm', 'e', 'i', 'n', 's', 't', 'a', 'r', 't', 'i', 'n', 's', 'l', 'e', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "meinv.asia", true */ 'm', 'e', 'i', 'n', 'v', '.', 'a', 's', 'i', 'a', '\0',
+  /* "meiqia.cn", true */ 'm', 'e', 'i', 'q', 'i', 'a', '.', 'c', 'n', '\0',
+  /* "meiqia.com", true */ 'm', 'e', 'i', 'q', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "meisterritter.de", true */ 'm', 'e', 'i', 's', 't', 'e', 'r', 'r', 'i', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "meizufans.eu", true */ 'm', 'e', 'i', 'z', 'u', 'f', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "mekongeye.com", true */ 'm', 'e', 'k', 'o', 'n', 'g', 'e', 'y', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "melakaltenegger.at", true */ 'm', 'e', 'l', 'a', 'k', 'a', 'l', 't', 'e', 'n', 'e', 'g', 'g', 'e', 'r', '.', 'a', 't', '\0',
+  /* "melaniebernhardt.com", true */ 'm', 'e', 'l', 'a', 'n', 'i', 'e', 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 't', '.', 'c', 'o', 'm', '\0',
+  /* "melaniegruber.de", true */ 'm', 'e', 'l', 'a', 'n', 'i', 'e', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "melbourne.dating", true */ 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "melbourneapartments.website", true */ 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "melchizedek-forum.de", true */ 'm', 'e', 'l', 'c', 'h', 'i', 'z', 'e', 'd', 'e', 'k', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "meldcode-assistent.nl", true */ 'm', 'e', 'l', 'd', 'c', 'o', 'd', 'e', '-', 'a', 's', 's', 'i', 's', 't', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "melearning.university", false */ 'm', 'e', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '\0',
+  /* "meledia.com", false */ 'm', 'e', 'l', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "melenchatsmelenchiens.fr", true */ 'm', 'e', 'l', 'e', 'n', 'c', 'h', 'a', 't', 's', 'm', 'e', 'l', 'e', 'n', 'c', 'h', 'i', 'e', 'n', 's', '.', 'f', 'r', '\0',
+  /* "melerpaine.com", true */ 'm', 'e', 'l', 'e', 'r', 'p', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "melf.nl", true */ 'm', 'e', 'l', 'f', '.', 'n', 'l', '\0',
+  /* "melhoresdominios.com", true */ 'm', 'e', 'l', 'h', 'o', 'r', 'e', 's', 'd', 'o', 'm', 'i', 'n', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "melhoresmarcasdenotebook.com.br", true */ 'm', 'e', 'l', 'h', 'o', 'r', 'e', 's', 'm', 'a', 'r', 'c', 'a', 's', 'd', 'e', 'n', 'o', 't', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "melikoff.es", true */ 'm', 'e', 'l', 'i', 'k', 'o', 'f', 'f', '.', 'e', 's', '\0',
+  /* "melina-schefczyk.de", true */ 'm', 'e', 'l', 'i', 'n', 'a', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "melissaadkins.com", true */ 'm', 'e', 'l', 'i', 's', 's', 'a', 'a', 'd', 'k', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "melitopol.co.ua", false */ 'm', 'e', 'l', 'i', 't', 'o', 'p', 'o', 'l', '.', 'c', 'o', '.', 'u', 'a', '\0',
+  /* "melnessgroup.com", true */ 'm', 'e', 'l', 'n', 'e', 's', 's', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "melnikov.ch", true */ 'm', 'e', 'l', 'n', 'i', 'k', 'o', 'v', '.', 'c', 'h', '\0',
+  /* "melodic.com.au", true */ 'm', 'e', 'l', 'o', 'd', 'i', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "melodiouscode.net", true */ 'm', 'e', 'l', 'o', 'd', 'i', 'o', 'u', 's', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "melodrom.de", true */ 'm', 'e', 'l', 'o', 'd', 'r', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "melody-lyrics.com", true */ 'm', 'e', 'l', 'o', 'd', 'y', '-', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "melted.me", true */ 'm', 'e', 'l', 't', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "meltzow.net", true */ 'm', 'e', 'l', 't', 'z', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "melvinlammerts.nl", true */ 'm', 'e', 'l', 'v', 'i', 'n', 'l', 'a', 'm', 'm', 'e', 'r', 't', 's', '.', 'n', 'l', '\0',
+  /* "members-only-shopping.com", true */ 'm', 'e', 'm', 'b', 'e', 'r', 's', '-', 'o', 'n', 'l', 'y', '-', 's', 'h', 'o', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "members.nearlyfreespeech.net", false */ 'm', 'e', 'm', 'b', 'e', 'r', 's', '.', 'n', 'e', 'a', 'r', 'l', 'y', 'f', 'r', 'e', 'e', 's', 'p', 'e', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "memdoc.org", true */ 'm', 'e', 'm', 'd', 'o', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "meme-photostudio.com.tw", true */ 'm', 'e', 'm', 'e', '-', 'p', 'h', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "meme.fi", true */ 'm', 'e', 'm', 'e', '.', 'f', 'i', '\0',
+  /* "meme.institute", true */ 'm', 'e', 'm', 'e', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0',
+  /* "memepasmal.net", true */ 'm', 'e', 'm', 'e', 'p', 'a', 's', 'm', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "memepasmal.org", true */ 'm', 'e', 'm', 'e', 'p', 'a', 's', 'm', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "memetrash.co.uk", true */ 'm', 'e', 'm', 'e', 't', 'r', 'a', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "memfrob.org", true */ 'm', 'e', 'm', 'f', 'r', 'o', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "memiux.com", true */ 'm', 'e', 'm', 'i', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "memo-linux.com", true */ 'm', 'e', 'm', 'o', '-', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "memoire-resistance-ariege.fr", true */ 'm', 'e', 'm', 'o', 'i', 'r', 'e', '-', 'r', 'e', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '-', 'a', 'r', 'i', 'e', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "memorycards.ie", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'c', 'a', 'r', 'd', 's', '.', 'i', 'e', '\0',
+  /* "memoryex.net", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "memorygame.io", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'g', 'a', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "menanwc.org", true */ 'm', 'e', 'n', 'a', 'n', 'w', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "menaraannonces.com", true */ 'm', 'e', 'n', 'a', 'r', 'a', 'a', 'n', 'n', 'o', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "menden.com", true */ 'm', 'e', 'n', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mendipbouncycastles.co.uk", true */ 'm', 'e', 'n', 'd', 'i', 'p', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mendy.jp", true */ 'm', 'e', 'n', 'd', 'y', '.', 'j', 'p', '\0',
+  /* "menielias.com", true */ 'm', 'e', 'n', 'i', 'e', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "menole.com", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "menole.de", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "menole.net", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mensachterdepatient.nl", true */ 'm', 'e', 'n', 's', 'a', 'c', 'h', 't', 'e', 'r', 'd', 'e', 'p', 'a', 't', 'i', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "mensagemaniversario.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'm', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensagemdaluz.com", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'm', 'd', 'a', 'l', 'u', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mensagensaniversario.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensagensdeconforto.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'd', 'e', 'c', 'o', 'n', 'f', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensagensperfeitas.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'p', 'e', 'r', 'f', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensch-peter.me", true */ 'm', 'e', 'n', 's', 'c', 'h', '-', 'p', 'e', 't', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "mentalhealth.gov", true */ 'm', 'e', 'n', 't', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "mentalhealthmn.org", true */ 'm', 'e', 'n', 't', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', 'm', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mentaltraining-fuer-musiker.ch", true */ 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'f', 'u', 'e', 'r', '-', 'm', 'u', 's', 'i', 'k', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "mentiq.az", true */ 'm', 'e', 'n', 't', 'i', 'q', '.', 'a', 'z', '\0',
+  /* "mentorithm.com", true */ 'm', 'e', 'n', 't', 'o', 'r', 'i', 't', 'h', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mentz.info", true */ 'm', 'e', 'n', 't', 'z', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "menuonlineordering.com", true */ 'm', 'e', 'n', 'u', 'o', 'n', 'l', 'i', 'n', 'e', 'o', 'r', 'd', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "menzel-motors.com", true */ 'm', 'e', 'n', 'z', 'e', 'l', '-', 'm', 'o', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "menzietti.it", true */ 'm', 'e', 'n', 'z', 'i', 'e', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "mephedrone.org", true */ 'm', 'e', 'p', 'h', 'e', 'd', 'r', 'o', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "meransuedtirol.com", true */ 'm', 'e', 'r', 'a', 'n', 's', 'u', 'e', 'd', 't', 'i', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mercadobitcoin.com.br", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mercadobitcoin.net", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mercadoleal.com.br", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'l', 'e', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mercadopago.com", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'p', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mercamaris.es", true */ 'm', 'e', 'r', 'c', 'a', 'm', 'a', 'r', 'i', 's', '.', 'e', 's', '\0',
+  /* "mercedes-benz.io", true */ 'm', 'e', 'r', 'c', 'e', 'd', 'e', 's', '-', 'b', 'e', 'n', 'z', '.', 'i', 'o', '\0',
+  /* "mercedes-ig.de", true */ 'm', 'e', 'r', 'c', 'e', 'd', 'e', 's', '-', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "mercury-studio.com", true */ 'm', 'e', 'r', 'c', 'u', 'r', 'y', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mercuryamericas.com", false */ 'm', 'e', 'r', 'c', 'u', 'r', 'y', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "meremeti-online.gr", true */ 'm', 'e', 'r', 'e', 'm', 'e', 't', 'i', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'r', '\0',
+  /* "meridianstore.com.br", true */ 'm', 'e', 'r', 'i', 'd', 'i', 'a', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "merimatka.fi", true */ 'm', 'e', 'r', 'i', 'm', 'a', 't', 'k', 'a', '.', 'f', 'i', '\0',
+  /* "merkel.me", true */ 'm', 'e', 'r', 'k', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "merlet.eu", true */ 'm', 'e', 'r', 'l', 'e', 't', '.', 'e', 'u', '\0',
+  /* "merojob.com", true */ 'm', 'e', 'r', 'o', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "meronberry.jp", true */ 'm', 'e', 'r', 'o', 'n', 'b', 'e', 'r', 'r', 'y', '.', 'j', 'p', '\0',
+  /* "mertak.cz", true */ 'm', 'e', 'r', 't', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "mertarauh.com", true */ 'm', 'e', 'r', 't', 'a', 'r', 'a', 'u', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mertcangokgoz.com", true */ 'm', 'e', 'r', 't', 'c', 'a', 'n', 'g', 'o', 'k', 'g', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "meruri.com", true */ 'm', 'e', 'r', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mes-finances.be", true */ 'm', 'e', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', 's', '.', 'b', 'e', '\0',
+  /* "mes10doigts.ovh", true */ 'm', 'e', 's', '1', '0', 'd', 'o', 'i', 'g', 't', 's', '.', 'o', 'v', 'h', '\0',
+  /* "mescaline.com", true */ 'm', 'e', 's', 'c', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mescaline.org", true */ 'm', 'e', 's', 'c', 'a', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mesh.gov", true */ 'm', 'e', 's', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "meshok.ru", false */ 'm', 'e', 's', 'h', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "meshotes.com", true */ 'm', 'e', 's', 'h', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mesicka.com", true */ 'm', 'e', 's', 'i', 'c', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "messagescelestes-archives.ca", true */ 'm', 'e', 's', 's', 'a', 'g', 'e', 's', 'c', 'e', 'l', 'e', 's', 't', 'e', 's', '-', 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', '.', 'c', 'a', '\0',
+  /* "messagescelestes.ca", true */ 'm', 'e', 's', 's', 'a', 'g', 'e', 's', 'c', 'e', 'l', 'e', 's', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "messenger.com", false */ 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "messer24.ch", true */ 'm', 'e', 's', 's', 'e', 'r', '2', '4', '.', 'c', 'h', '\0',
+  /* "messymom.com", true */ 'm', 'e', 's', 's', 'y', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mestazitrka.cz", true */ 'm', 'e', 's', 't', 'a', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "mestr.es", true */ 'm', 'e', 's', 't', 'r', '.', 'e', 's', '\0',
+  /* "mesvt.com", true */ 'm', 'e', 's', 'v', 't', '.', 'c', 'o', 'm', '\0',
+  /* "meta-db.com", true */ 'm', 'e', 't', 'a', '-', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "meta.sc", true */ 'm', 'e', 't', 'a', '.', 's', 'c', '\0',
+  /* "metachris.com", true */ 'm', 'e', 't', 'a', 'c', 'h', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "metacoda.com", true */ 'm', 'e', 't', 'a', 'c', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "metacode.biz", true */ 'm', 'e', 't', 'a', 'c', 'o', 'd', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "metadatawiki.com", true */ 'm', 'e', 't', 'a', 'd', 'a', 't', 'a', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "metaether.net", true */ 'm', 'e', 't', 'a', 'e', 't', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "metalsculpture.co.uk", true */ 'm', 'e', 't', 'a', 'l', 's', 'c', 'u', 'l', 'p', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "metalu.ch", true */ 'm', 'e', 't', 'a', 'l', 'u', '.', 'c', 'h', '\0',
+  /* "metapeen.nl", true */ 'm', 'e', 't', 'a', 'p', 'e', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "metasquare.com.au", true */ 'm', 'e', 't', 'a', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "metasquare.nyc", true */ 'm', 'e', 't', 'a', 's', 'q', 'u', 'a', 'r', 'e', '.', 'n', 'y', 'c', '\0',
+  /* "meteenonline.nl", true */ 'm', 'e', 't', 'e', 'e', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "meteo-parc.com", true */ 'm', 'e', 't', 'e', 'o', '-', 'p', 'a', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "meteobox.co", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'c', 'o', '\0',
+  /* "meteobox.cz", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'c', 'z', '\0',
+  /* "meteobox.de", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "meteobox.es", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'e', 's', '\0',
+  /* "meteobox.fr", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "meteobox.mx", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'm', 'x', '\0',
+  /* "meteobox.pl", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'p', 'l', '\0',
+  /* "meteobox.sk", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 's', 'k', '\0',
+  /* "meteorapp.space", true */ 'm', 'e', 't', 'e', 'o', 'r', 'a', 'p', 'p', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "meteosmit.it", true */ 'm', 'e', 't', 'e', 'o', 's', 'm', 'i', 't', '.', 'i', 't', '\0',
+  /* "meterhost.com", true */ 'm', 'e', 't', 'e', 'r', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "methamphetamine.co.uk", true */ 'm', 'e', 't', 'h', 'a', 'm', 'p', 'h', 'e', 't', 'a', 'm', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "methylone.com", true */ 'm', 'e', 't', 'h', 'y', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "metikam.pl", true */ 'm', 'e', 't', 'i', 'k', 'a', 'm', '.', 'p', 'l', '\0',
+  /* "metin2sepeti.com", true */ 'm', 'e', 't', 'i', 'n', '2', 's', 'e', 'p', 'e', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "metroairvirtual.com", true */ 'm', 'e', 't', 'r', 'o', 'a', 'i', 'r', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "metrobriefs.com", true */ 'm', 'e', 't', 'r', 'o', 'b', 'r', 'i', 'e', 'f', 's', '.', 'c', 'o', 'm', '\0',
+  /* "metrolush.com", true */ 'm', 'e', 't', 'r', 'o', 'l', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "metronaut.de", true */ 'm', 'e', 't', 'r', 'o', 'n', 'a', 'u', 't', '.', 'd', 'e', '\0',
+  /* "metropop.ch", true */ 'm', 'e', 't', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "metsasta.com", true */ 'm', 'e', 't', 's', 'a', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "meu-smartphone.com", true */ 'm', 'e', 'u', '-', 's', 'm', 'a', 'r', 't', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meu-solutions.com", true */ 'm', 'e', 'u', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "meulike.us", true */ 'm', 'e', 'u', 'l', 'i', 'k', 'e', '.', 'u', 's', '\0',
+  /* "meupedido.online", true */ 'm', 'e', 'u', 'p', 'e', 'd', 'i', 'd', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "meusigno.com", true */ 'm', 'e', 'u', 's', 'i', 'g', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mevo.xyz", true */ 'm', 'e', 'v', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "mevs.cz", true */ 'm', 'e', 'v', 's', '.', 'c', 'z', '\0',
+  /* "mexican.dating", true */ 'm', 'e', 'x', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "mexicanjokes.net", true */ 'm', 'e', 'x', 'i', 'c', 'a', 'n', 'j', 'o', 'k', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "mexicom.org", true */ 'm', 'e', 'x', 'i', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "mf-fischer.de", true */ 'm', 'f', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mfgod.com", false */ 'm', 'f', 'g', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mflodin.se", true */ 'm', 'f', 'l', 'o', 'd', 'i', 'n', '.', 's', 'e', '\0',
+  /* "mfrsgb45.org", true */ 'm', 'f', 'r', 's', 'g', 'b', '4', '5', '.', 'o', 'r', 'g', '\0',
+  /* "mft.global", true */ 'm', 'f', 't', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "mfxbe.de", true */ 'm', 'f', 'x', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "mghiorzi.com.ar", false */ 'm', 'g', 'h', 'i', 'o', 'r', 'z', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "mgknet.com", true */ 'm', 'g', 'k', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mgoessel.de", true */ 'm', 'g', 'o', 'e', 's', 's', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "mgrossklaus.de", true */ 'm', 'g', 'r', 'o', 's', 's', 'k', 'l', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "mgrt.net", true */ 'm', 'g', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "mgsisk.com", true */ 'm', 'g', 's', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mhalfter.de", true */ 'm', 'h', 'a', 'l', 'f', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mhatlaw.com", true */ 'm', 'h', 'a', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "mheistermann.de", true */ 'm', 'h', 'e', 'i', 's', 't', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "mhermans.nl", true */ 'm', 'h', 'e', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "mhi.web.id", true */ 'm', 'h', 'i', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "mhmfoundationrepair.com", true */ 'm', 'h', 'm', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mi-beratung.de", true */ 'm', 'i', '-', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "mi-so-ji.com", true */ 'm', 'i', '-', 's', 'o', '-', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mi80.com", true */ 'm', 'i', '8', '0', '.', 'c', 'o', 'm', '\0',
+  /* "mia.ac", true */ 'm', 'i', 'a', '.', 'a', 'c', '\0',
+  /* "mia.to", true */ 'm', 'i', 'a', '.', 't', 'o', '\0',
+  /* "miagexport.com", true */ 'm', 'i', 'a', 'g', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "miamicityballet.org", true */ 'm', 'i', 'a', 'm', 'i', 'c', 'i', 't', 'y', 'b', 'a', 'l', 'l', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "miaoubox.com", true */ 'm', 'i', 'a', 'o', 'u', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "miaowo.org", true */ 'm', 'i', 'a', 'o', 'w', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "miasarafina.de", true */ 'm', 'i', 'a', 's', 'a', 'r', 'a', 'f', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "miboulot.com", true */ 'm', 'i', 'b', 'o', 'u', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "micado-software.com", true */ 'm', 'i', 'c', 'a', 'd', 'o', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "micaiahparker.com", true */ 'm', 'i', 'c', 'a', 'i', 'a', 'h', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "micalodeal.ch", true */ 'm', 'i', 'c', 'a', 'l', 'o', 'd', 'e', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "micasamgmt.com", false */ 'm', 'i', 'c', 'a', 's', 'a', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "micbase.com", true */ 'm', 'i', 'c', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "michael-rigart.be", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 'r', 'i', 'g', 'a', 'r', 't', '.', 'b', 'e', '\0',
+  /* "michael-schefczyk.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "michael-schilling.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 'c', 'h', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "michael-steinhauer.eu", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 't', 'e', 'i', 'n', 'h', 'a', 'u', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "michaelasawyer.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'a', 's', 'a', 'w', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michaelcullen.name", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'c', 'u', 'l', 'l', 'e', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "michaeleichorn.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'e', 'i', 'c', 'h', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "michaelizquierdo.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'i', 'z', 'q', 'u', 'i', 'e', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "michaeljdennis.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'j', 'd', 'e', 'n', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "michaelkuchta.me", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'k', 'u', 'c', 'h', 't', 'a', '.', 'm', 'e', '\0',
+  /* "michaelleibundgut.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'l', 'e', 'i', 'b', 'u', 'n', 'd', 'g', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "michaelpfrommer.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'p', 'f', 'r', 'o', 'm', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "michaelpfrommer.pub", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'p', 'f', 'r', 'o', 'm', 'm', 'e', 'r', '.', 'p', 'u', 'b', '\0',
+  /* "michaelrigart.be", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'r', 'i', 'g', 'a', 'r', 't', '.', 'b', 'e', '\0',
+  /* "michaelschubert.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 's', 'c', 'h', 'u', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "michaelsweater.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 's', 'w', 'e', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michaeltaboada.me", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'a', 'b', 'o', 'a', 'd', 'a', '.', 'm', 'e', '\0',
+  /* "michaeltroger.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'r', 'o', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michaeltruskowski.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'r', 'u', 's', 'k', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "michaelzomer.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'z', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michal-spacek.com", true */ 'm', 'i', 'c', 'h', 'a', 'l', '-', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "michal-spacek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', '-', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "michalkral.tk", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'k', 'r', 'a', 'l', '.', 't', 'k', '\0',
+  /* "michalspacek.com", true */ 'm', 'i', 'c', 'h', 'a', 'l', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "michalspacek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "michalvasicek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'v', 'a', 's', 'i', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "michalwiglasz.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'w', 'i', 'g', 'l', 'a', 's', 'z', '.', 'c', 'z', '\0',
+  /* "michasfahrschule.com", true */ 'm', 'i', 'c', 'h', 'a', 's', 'f', 'a', 'h', 'r', 's', 'c', 'h', 'u', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "michel-wein.de", true */ 'm', 'i', 'c', 'h', 'e', 'l', '-', 'w', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "michel.pt", true */ 'm', 'i', 'c', 'h', 'e', 'l', '.', 'p', 't', '\0',
+  /* "michelledonelan.co.uk", true */ 'm', 'i', 'c', 'h', 'e', 'l', 'l', 'e', 'd', 'o', 'n', 'e', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "michiganunionoptout.com", true */ 'm', 'i', 'c', 'h', 'i', 'g', 'a', 'n', 'u', 'n', 'i', 'o', 'n', 'o', 'p', 't', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "michmexguides.com.mx", true */ 'm', 'i', 'c', 'h', 'm', 'e', 'x', 'g', 'u', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "michu.pl", true */ 'm', 'i', 'c', 'h', 'u', '.', 'p', 'l', '\0',
+  /* "mico.world", true */ 'm', 'i', 'c', 'o', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "miconcinemas.com", true */ 'm', 'i', 'c', 'o', 'n', 'c', 'i', 'n', 'e', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "micr.io", true */ 'm', 'i', 'c', 'r', '.', 'i', 'o', '\0',
+  /* "micr0lab.org", true */ 'm', 'i', 'c', 'r', '0', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "microbiote-insectes-vecteurs.group", true */ 'm', 'i', 'c', 'r', 'o', 'b', 'i', 'o', 't', 'e', '-', 'i', 'n', 's', 'e', 'c', 't', 'e', 's', '-', 'v', 'e', 'c', 't', 'e', 'u', 'r', 's', '.', 'g', 'r', 'o', 'u', 'p', '\0',
+  /* "microblading.pe", true */ 'm', 'i', 'c', 'r', 'o', 'b', 'l', 'a', 'd', 'i', 'n', 'g', '.', 'p', 'e', '\0',
+  /* "microco.sm", true */ 'm', 'i', 'c', 'r', 'o', 'c', 'o', '.', 's', 'm', '\0',
+  /* "microcomploja.com.br", true */ 'm', 'i', 'c', 'r', 'o', 'c', 'o', 'm', 'p', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "microdesic.com", true */ 'm', 'i', 'c', 'r', 'o', 'd', 'e', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "microdots.de", true */ 'm', 'i', 'c', 'r', 'o', 'd', 'o', 't', 's', '.', 'd', 'e', '\0',
+  /* "microlinks.org", true */ 'm', 'i', 'c', 'r', 'o', 'l', 'i', 'n', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "microlog.org", true */ 'm', 'i', 'c', 'r', 'o', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "micromata.de", true */ 'm', 'i', 'c', 'r', 'o', 'm', 'a', 't', 'a', '.', 'd', 'e', '\0',
+  /* "microsoftaffiliates.azurewebsites.net", true */ 'm', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 's', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "microvb.com", true */ 'm', 'i', 'c', 'r', 'o', 'v', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "midair.io", true */ 'm', 'i', 'd', 'a', 'i', 'r', '.', 'i', 'o', '\0',
+  /* "midlandgate.de", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 'g', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "midlandleisuresales.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 'l', 'e', 'i', 's', 'u', 'r', 'e', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "midlandsfundays.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "midlandsphotobooths.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "midlgx.com", true */ 'm', 'i', 'd', 'l', 'g', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "midnight-visions.de", true */ 'm', 'i', 'd', 'n', 'i', 'g', 'h', 't', '-', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "midnightmechanism.com", true */ 'm', 'i', 'd', 'n', 'i', 'g', 'h', 't', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "midterm.us", true */ 'm', 'i', 'd', 't', 'e', 'r', 'm', '.', 'u', 's', '\0',
+  /* "midtowndentistry.com", true */ 'm', 'i', 'd', 't', 'o', 'w', 'n', 'd', 'e', 'n', 't', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "midwestbloggers.org", true */ 'm', 'i', 'd', 'w', 'e', 's', 't', 'b', 'l', 'o', 'g', 'g', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "midweststructuralrepair.com", true */ 'm', 'i', 'd', 'w', 'e', 's', 't', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'a', 'l', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mieterschutzkartei.de", true */ 'm', 'i', 'e', 't', 'e', 'r', 's', 'c', 'h', 'u', 't', 'z', 'k', 'a', 'r', 't', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "mieuxgrandir.ch", true */ 'm', 'i', 'e', 'u', 'x', 'g', 'r', 'a', 'n', 'd', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "miffy.me", true */ 'm', 'i', 'f', 'f', 'y', '.', 'm', 'e', '\0',
+  /* "mig5.net", true */ 'm', 'i', 'g', '5', '.', 'n', 'e', 't', '\0',
+  /* "miggy.org", true */ 'm', 'i', 'g', 'g', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "mightymillionsraffle.com", true */ 'm', 'i', 'g', 'h', 't', 'y', 'm', 'i', 'l', 'l', 'i', 'o', 'n', 's', 'r', 'a', 'f', 'f', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "miguel.pw", true */ 'm', 'i', 'g', 'u', 'e', 'l', '.', 'p', 'w', '\0',
+  /* "migueldemoura.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'd', 'e', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "migueldominguez.ch", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'd', 'o', 'm', 'i', 'n', 'g', 'u', 'e', 'z', '.', 'c', 'h', '\0',
+  /* "miguelgfierro.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'g', 'f', 'i', 'e', 'r', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "miguelmartinez.ch", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'a', 'r', 't', 'i', 'n', 'e', 'z', '.', 'c', 'h', '\0',
+  /* "miguelmenendez.pro", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'e', 'n', 'e', 'n', 'd', 'e', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "miguelmoura.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "miguia.tv", true */ 'm', 'i', 'g', 'u', 'i', 'a', '.', 't', 'v', '\0',
+  /* "mihnea.net", true */ 'm', 'i', 'h', 'n', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "mijn-financien.be", true */ 'm', 'i', 'j', 'n', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "mijnkerstkaarten.be", true */ 'm', 'i', 'j', 'n', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "mijnreisoverzicht.nl", true */ 'm', 'i', 'j', 'n', 'r', 'e', 'i', 's', 'o', 'v', 'e', 'r', 'z', 'i', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "mijnsite.ovh", true */ 'm', 'i', 'j', 'n', 's', 'i', 't', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "mijnstembureau.nl", true */ 'm', 'i', 'j', 'n', 's', 't', 'e', 'm', 'b', 'u', 'r', 'e', 'a', 'u', '.', 'n', 'l', '\0',
+  /* "mijntransacties.nl", true */ 'm', 'i', 'j', 'n', 't', 'r', 'a', 'n', 's', 'a', 'c', 't', 'i', 'e', 's', '.', 'n', 'l', '\0',
+  /* "mika.cat", true */ 'm', 'i', 'k', 'a', '.', 'c', 'a', 't', '\0',
+  /* "mika.moe", true */ 'm', 'i', 'k', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "mikadoe.nl", true */ 'm', 'i', 'k', 'a', 'd', 'o', 'e', '.', 'n', 'l', '\0',
+  /* "mikaela.info", true */ 'm', 'i', 'k', 'a', 'e', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mikakalevi.com", true */ 'm', 'i', 'k', 'a', 'k', 'a', 'l', 'e', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mikalikes.men", true */ 'm', 'i', 'k', 'a', 'l', 'i', 'k', 'e', 's', '.', 'm', 'e', 'n', '\0',
+  /* "mike-bland.com", true */ 'm', 'i', 'k', 'e', '-', 'b', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mike2k.de", true */ 'm', 'i', 'k', 'e', '2', 'k', '.', 'd', 'e', '\0',
+  /* "mikebelanger.ca", true */ 'm', 'i', 'k', 'e', 'b', 'e', 'l', 'a', 'n', 'g', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "mikecb.org", true */ 'm', 'i', 'k', 'e', 'c', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "mikegarnett.co.uk", true */ 'm', 'i', 'k', 'e', 'g', 'a', 'r', 'n', 'e', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mikegerwitz.com", true */ 'm', 'i', 'k', 'e', 'g', 'e', 'r', 'w', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mikehamburg.com", true */ 'm', 'i', 'k', 'e', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mikerichards.photography", true */ 'm', 'i', 'k', 'e', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "mikes.tk", true */ 'm', 'i', 'k', 'e', 's', '.', 't', 'k', '\0',
+  /* "miketabor.com", true */ 'm', 'i', 'k', 'e', 't', 'a', 'b', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "miketheuer.com", true */ 'm', 'i', 'k', 'e', 't', 'h', 'e', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mikevesch.com", true */ 'm', 'i', 'k', 'e', 'v', 'e', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mikewest.org", true */ 'm', 'i', 'k', 'e', 'w', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mikewillia.ms", true */ 'm', 'i', 'k', 'e', 'w', 'i', 'l', 'l', 'i', 'a', '.', 'm', 's', '\0',
+  /* "mikeybailey.org", true */ 'm', 'i', 'k', 'e', 'y', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "mikhlevich.ru", true */ 'm', 'i', 'k', 'h', 'l', 'e', 'v', 'i', 'c', 'h', '.', 'r', 'u', '\0',
+  /* "miki.it", true */ 'm', 'i', 'k', 'i', '.', 'i', 't', '\0',
+  /* "mikkelvej.dk", true */ 'm', 'i', 'k', 'k', 'e', 'l', 'v', 'e', 'j', '.', 'd', 'k', '\0',
+  /* "miklcct.com", true */ 'm', 'i', 'k', 'l', 'c', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "miknight.com", true */ 'm', 'i', 'k', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mikonmaa.fi", true */ 'm', 'i', 'k', 'o', 'n', 'm', 'a', 'a', '.', 'f', 'i', '\0',
+  /* "mikori.sk", true */ 'm', 'i', 'k', 'o', 'r', 'i', '.', 's', 'k', '\0',
+  /* "mikro-inwestycje.co.uk", true */ 'm', 'i', 'k', 'r', 'o', '-', 'i', 'n', 'w', 'e', 's', 't', 'y', 'c', 'j', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mikrom.cz", false */ 'm', 'i', 'k', 'r', 'o', 'm', '.', 'c', 'z', '\0',
+  /* "mikropixel.de", true */ 'm', 'i', 'k', 'r', 'o', 'p', 'i', 'x', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "mikroskeem.eu", true */ 'm', 'i', 'k', 'r', 'o', 's', 'k', 'e', 'e', 'm', '.', 'e', 'u', '\0',
+  /* "mil-spec.ch", true */ 'm', 'i', 'l', '-', 's', 'p', 'e', 'c', '.', 'c', 'h', '\0',
+  /* "mil0.com", true */ 'm', 'i', 'l', '0', '.', 'c', 'o', 'm', '\0',
+  /* "milahendri.com", true */ 'm', 'i', 'l', 'a', 'h', 'e', 'n', 'd', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "milcahsmusings.com", true */ 'm', 'i', 'l', 'c', 'a', 'h', 's', 'm', 'u', 's', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mileme.com", true */ 'm', 'i', 'l', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "milenaria.es", true */ 'm', 'i', 'l', 'e', 'n', 'a', 'r', 'i', 'a', '.', 'e', 's', '\0',
+  /* "milesapart.dating", true */ 'm', 'i', 'l', 'e', 's', 'a', 'p', 'a', 'r', 't', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "milhoazul.com.br", true */ 'm', 'i', 'l', 'h', 'o', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "milionshop.sk", true */ 'm', 'i', 'l', 'i', 'o', 'n', 's', 'h', 'o', 'p', '.', 's', 'k', '\0',
+  /* "militaryconsumer.gov", true */ 'm', 'i', 'l', 'i', 't', 'a', 'r', 'y', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "milkingit.co.uk", true */ 'm', 'i', 'l', 'k', 'i', 'n', 'g', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "milktea.info", true */ 'm', 'i', 'l', 'k', 't', 'e', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "millanova.wedding", false */ 'm', 'i', 'l', 'l', 'a', 'n', 'o', 'v', 'a', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "milldyke.com", true */ 'm', 'i', 'l', 'l', 'd', 'y', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "milldyke.nl", true */ 'm', 'i', 'l', 'l', 'd', 'y', 'k', 'e', '.', 'n', 'l', '\0',
+  /* "millefleurs.eu", true */ 'm', 'i', 'l', 'l', 'e', 'f', 'l', 'e', 'u', 'r', 's', '.', 'e', 'u', '\0',
+  /* "millhousenchurch.com", true */ 'm', 'i', 'l', 'l', 'h', 'o', 'u', 's', 'e', 'n', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "millionairessecrets.com", true */ 'm', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 's', 's', 'e', 'c', 'r', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "millistream.com", true */ 'm', 'i', 'l', 'l', 'i', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "millstep.de", true */ 'm', 'i', 'l', 'l', 's', 't', 'e', 'p', '.', 'd', 'e', '\0',
+  /* "milonga.tips", true */ 'm', 'i', 'l', 'o', 'n', 'g', 'a', '.', 't', 'i', 'p', 's', '\0',
+  /* "mim.properties", true */ 'm', 'i', 'm', '.', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '\0',
+  /* "mimbeim.com", true */ 'm', 'i', 'm', 'b', 'e', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mimemo.io", true */ 'm', 'i', 'm', 'e', 'm', 'o', '.', 'i', 'o', '\0',
+  /* "mimeo.digital", true */ 'm', 'i', 'm', 'e', 'o', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "mimithedog.com", true */ 'm', 'i', 'm', 'i', 't', 'h', 'e', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mimobile.website", true */ 'm', 'i', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "mimocad.io", true */ 'm', 'i', 'm', 'o', 'c', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "mimovrste.com", true */ 'm', 'i', 'm', 'o', 'v', 'r', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "min-sky.no", true */ 'm', 'i', 'n', '-', 's', 'k', 'y', '.', 'n', 'o', '\0',
+  /* "minacssas.com", true */ 'm', 'i', 'n', 'a', 'c', 's', 's', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "minakov.pro", true */ 'm', 'i', 'n', 'a', 'k', 'o', 'v', '.', 'p', 'r', 'o', '\0',
+  /* "minami.xyz", true */ 'm', 'i', 'n', 'a', 'm', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "minamo.io", true */ 'm', 'i', 'n', 'a', 'm', 'o', '.', 'i', 'o', '\0',
+  /* "minantavla.se", true */ 'm', 'i', 'n', 'a', 'n', 't', 'a', 'v', 'l', 'a', '.', 's', 'e', '\0',
+  /* "minaprine.com", true */ 'm', 'i', 'n', 'a', 'p', 'r', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mind-box.ch", true */ 'm', 'i', 'n', 'd', '-', 'b', 'o', 'x', '.', 'c', 'h', '\0',
+  /* "mind-hochschul-netzwerk.de", true */ 'm', 'i', 'n', 'd', '-', 'h', 'o', 'c', 'h', 's', 'c', 'h', 'u', 'l', '-', 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "mind-moves.es", true */ 'm', 'i', 'n', 'd', '-', 'm', 'o', 'v', 'e', 's', '.', 'e', 's', '\0',
+  /* "mindbodycontinuum.com", true */ 'm', 'i', 'n', 'd', 'b', 'o', 'd', 'y', 'c', 'o', 'n', 't', 'i', 'n', 'u', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mindbodytherapymn.com", true */ 'm', 'i', 'n', 'd', 'b', 'o', 'd', 'y', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'm', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mindcoding.ro", true */ 'm', 'i', 'n', 'd', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'r', 'o', '\0',
+  /* "mindercasso.nl", true */ 'm', 'i', 'n', 'd', 'e', 'r', 'c', 'a', 's', 's', 'o', '.', 'n', 'l', '\0',
+  /* "mindleaking.org", true */ 'm', 'i', 'n', 'd', 'l', 'e', 'a', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "mindoktor.se", false */ 'm', 'i', 'n', 'd', 'o', 'k', 't', 'o', 'r', '.', 's', 'e', '\0',
+  /* "mindorbs.com", true */ 'm', 'i', 'n', 'd', 'o', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mindturbo.com", true */ 'm', 'i', 'n', 'd', 't', 'u', 'r', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mindwerks.net", true */ 'm', 'i', 'n', 'd', 'w', 'e', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "mindwork.space", true */ 'm', 'i', 'n', 'd', 'w', 'o', 'r', 'k', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "mine260309.me", true */ 'm', 'i', 'n', 'e', '2', '6', '0', '3', '0', '9', '.', 'm', 'e', '\0',
+  /* "minebier.dk", true */ 'm', 'i', 'n', 'e', 'b', 'i', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "minecraft-forum.eu", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '-', 'f', 'o', 'r', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "minecraft-server.eu", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "minecraftforum.de", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "minecraftforum.ovh", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'v', 'h', '\0',
+  /* "minecrell.net", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "minei.me", true */ 'm', 'i', 'n', 'e', 'i', '.', 'm', 'e', '\0',
+  /* "minenash.com", true */ 'm', 'i', 'n', 'e', 'n', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "minepay.net", true */ 'm', 'i', 'n', 'e', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "minepic.org", true */ 'm', 'i', 'n', 'e', 'p', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "minepod.fr", true */ 'm', 'i', 'n', 'e', 'p', 'o', 'd', '.', 'f', 'r', '\0',
+  /* "minerstat.com", true */ 'm', 'i', 'n', 'e', 'r', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "minesouls.fr", true */ 'm', 'i', 'n', 'e', 's', 'o', 'u', 'l', 's', '.', 'f', 'r', '\0',
+  /* "minez-nightswatch.com", false */ 'm', 'i', 'n', 'e', 'z', '-', 'n', 'i', 'g', 'h', 't', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "minf3-games.de", true */ 'm', 'i', 'n', 'f', '3', '-', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0',
+  /* "mingram.net", true */ 'm', 'i', 'n', 'g', 'r', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "mingwah.ch", true */ 'm', 'i', 'n', 'g', 'w', 'a', 'h', '.', 'c', 'h', '\0',
+  /* "minhanossasenhora.com.br", true */ 'm', 'i', 'n', 'h', 'a', 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mini2.fi", true */ 'm', 'i', 'n', 'i', '2', '.', 'f', 'i', '\0',
+  /* "minigames.com", true */ 'm', 'i', 'n', 'i', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "minigolf-reisinger.com", true */ 'm', 'i', 'n', 'i', 'g', 'o', 'l', 'f', '-', 'r', 'e', 'i', 's', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "minigolfandgames.co.uk", true */ 'm', 'i', 'n', 'i', 'g', 'o', 'l', 'f', 'a', 'n', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "minikidz.es", true */ 'm', 'i', 'n', 'i', 'k', 'i', 'd', 'z', '.', 'e', 's', '\0',
+  /* "minikneet.com", true */ 'm', 'i', 'n', 'i', 'k', 'n', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "minilions.fr", true */ 'm', 'i', 'n', 'i', 'l', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "minimaltimer.com", true */ 'm', 'i', 'n', 'i', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "minimayhemsoftplay.co.uk", true */ 'm', 'i', 'n', 'i', 'm', 'a', 'y', 'h', 'e', 'm', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "minimbah.com.au", true */ 'm', 'i', 'n', 'i', 'm', 'b', 'a', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "minimvc.com", true */ 'm', 'i', 'n', 'i', 'm', 'v', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "minipainting.net", true */ 'm', 'i', 'n', 'i', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "miniskipper.at", true */ 'm', 'i', 'n', 'i', 's', 'k', 'i', 'p', 'p', 'e', 'r', '.', 'a', 't', '\0',
+  /* "minitrucktalk.com", true */ 'm', 'i', 'n', 'i', 't', 'r', 'u', 'c', 'k', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "minkymoon.jp", true */ 'm', 'i', 'n', 'k', 'y', 'm', 'o', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "minnesotakinkyyouth.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'k', 'i', 'n', 'k', 'y', 'y', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "minnesotamathcorps.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'm', 'a', 't', 'h', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "minnesotareadingcorps.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'r', 'e', 'a', 'd', 'i', 'n', 'g', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "minnit.chat", true */ 'm', 'i', 'n', 'n', 'i', 't', '.', 'c', 'h', 'a', 't', '\0',
+  /* "minor.news", true */ 'm', 'i', 'n', 'o', 'r', '.', 'n', 'e', 'w', 's', '\0',
+  /* "minorshadows.net", true */ 'm', 'i', 'n', 'o', 'r', 's', 'h', 'a', 'd', 'o', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "minpingvin.dk", true */ 'm', 'i', 'n', 'p', 'i', 'n', 'g', 'v', 'i', 'n', '.', 'd', 'k', '\0',
+  /* "minschuns.ch", true */ 'm', 'i', 'n', 's', 'c', 'h', 'u', 'n', 's', '.', 'c', 'h', '\0',
+  /* "mintclass.com", true */ 'm', 'i', 'n', 't', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "minto.cc", true */ 'm', 'i', 'n', 't', 'o', '.', 'c', 'c', '\0',
+  /* "mintosherbs.com", true */ 'm', 'i', 'n', 't', 'o', 's', 'h', 'e', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mintrak2.com", true */ 'm', 'i', 'n', 't', 'r', 'a', 'k', '2', '.', 'c', 'o', 'm', '\0',
+  /* "minube.co.cr", true */ 'm', 'i', 'n', 'u', 'b', 'e', '.', 'c', 'o', '.', 'c', 'r', '\0',
+  /* "minux.info", true */ 'm', 'i', 'n', 'u', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mipapo.de", true */ 'm', 'i', 'p', 'a', 'p', 'o', '.', 'd', 'e', '\0',
+  /* "mipiaci.co.nz", false */ 'm', 'i', 'p', 'i', 'a', 'c', 'i', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "mipiaci.com.au", false */ 'm', 'i', 'p', 'i', 'a', 'c', 'i', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mipla.ch", true */ 'm', 'i', 'p', 'l', 'a', '.', 'c', 'h', '\0',
+  /* "mipymesenlinea.com", true */ 'm', 'i', 'p', 'y', 'm', 'e', 's', 'e', 'n', 'l', 'i', 'n', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mir.pe", true */ 'm', 'i', 'r', '.', 'p', 'e', '\0',
+  /* "miraheze.org", true */ 'm', 'i', 'r', 'a', 'h', 'e', 'z', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "miraidenshi.com", true */ 'm', 'i', 'r', 'a', 'i', 'd', 'e', 'n', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mirch.com", true */ 'm', 'i', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mirco-grams.de", true */ 'm', 'i', 'r', 'c', 'o', '-', 'g', 'r', 'a', 'm', 's', '.', 'd', 'e', '\0',
+  /* "mireiaseuba.com", true */ 'm', 'i', 'r', 'e', 'i', 'a', 's', 'e', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mireillewendling.com.br", true */ 'm', 'i', 'r', 'e', 'i', 'l', 'l', 'e', 'w', 'e', 'n', 'd', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mireservaonline.es", true */ 'm', 'i', 'r', 'e', 's', 'e', 'r', 'v', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 's', '\0',
+  /* "mirkofranz.de", true */ 'm', 'i', 'r', 'k', 'o', 'f', 'r', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "mirodasilva.be", true */ 'm', 'i', 'r', 'o', 'd', 'a', 's', 'i', 'l', 'v', 'a', '.', 'b', 'e', '\0',
+  /* "mironet.cz", true */ 'm', 'i', 'r', 'o', 'n', 'e', 't', '.', 'c', 'z', '\0',
+  /* "mirshak.com", true */ 'm', 'i', 'r', 's', 'h', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mirtes.cz", true */ 'm', 'i', 'r', 't', 'e', 's', '.', 'c', 'z', '\0',
+  /* "mirtouf.fr", true */ 'm', 'i', 'r', 't', 'o', 'u', 'f', '.', 'f', 'r', '\0',
+  /* "miruc.co", true */ 'm', 'i', 'r', 'u', 'c', '.', 'c', 'o', '\0',
+  /* "mirucon.com", true */ 'm', 'i', 'r', 'u', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "misakiya.co.jp", true */ 'm', 'i', 's', 'a', 'k', 'i', 'y', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "misclick.nl", true */ 'm', 'i', 's', 'c', 'l', 'i', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "misconfigured.io", true */ 'm', 'i', 's', 'c', 'o', 'n', 'f', 'i', 'g', 'u', 'r', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "miscreant.me", true */ 'm', 'i', 's', 'c', 'r', 'e', 'a', 'n', 't', '.', 'm', 'e', '\0',
+  /* "misericordiasegrate.org", true */ 'm', 'i', 's', 'e', 'r', 'i', 'c', 'o', 'r', 'd', 'i', 'a', 's', 'e', 'g', 'r', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mishkovskyi.net", true */ 'm', 'i', 's', 'h', 'k', 'o', 'v', 's', 'k', 'y', 'i', '.', 'n', 'e', 't', '\0',
+  /* "miskatonic.org", true */ 'm', 'i', 's', 'k', 'a', 't', 'o', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "misoji-resist.com", true */ 'm', 'i', 's', 'o', 'j', 'i', '-', 'r', 'e', 's', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "misrv.com", true */ 'm', 'i', 's', 'r', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "miss-inventory.co.uk", true */ 'm', 'i', 's', 's', '-', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "miss-platinum.net", true */ 'm', 'i', 's', 's', '-', 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "miss.com.tw", true */ 'm', 'i', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "missdream.org", true */ 'm', 'i', 's', 's', 'd', 'r', 'e', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "misseguf.dk", true */ 'm', 'i', 's', 's', 'e', 'g', 'u', 'f', '.', 'd', 'k', '\0',
+  /* "missguidedus.com", true */ 'm', 'i', 's', 's', 'g', 'u', 'i', 'd', 'e', 'd', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mission-orange.de", true */ 'm', 'i', 's', 's', 'i', 'o', 'n', '-', 'o', 'r', 'a', 'n', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "missionsgemeinde.de", true */ 'm', 'i', 's', 's', 'i', 'o', 'n', 's', 'g', 'e', 'm', 'e', 'i', 'n', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "missip.nl", true */ 'm', 'i', 's', 's', 'i', 'p', '.', 'n', 'l', '\0',
+  /* "missjoias.com.br", true */ 'm', 'i', 's', 's', 'j', 'o', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "misskey.xyz", true */ 'm', 'i', 's', 's', 'k', 'e', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "missoy.me", true */ 'm', 'i', 's', 's', 'o', 'y', '.', 'm', 'e', '\0',
+  /* "misssex.de", true */ 'm', 'i', 's', 's', 's', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "missualready.com", true */ 'm', 'i', 's', 's', 'u', 'a', 'l', 'r', 'e', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "missycosmeticos.com.br", true */ 'm', 'i', 's', 's', 'y', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mistacms.com", true */ 'm', 'i', 's', 't', 'a', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mister-cooks.fr", true */ 'm', 'i', 's', 't', 'e', 'r', '-', 'c', 'o', 'o', 'k', 's', '.', 'f', 'r', '\0',
+  /* "mistreaded.com", true */ 'm', 'i', 's', 't', 'r', 'e', 'a', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mistybox.com", true */ 'm', 'i', 's', 't', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "misupport.dk", true */ 'm', 'i', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "misura.re", true */ 'm', 'i', 's', 'u', 'r', 'a', '.', 'r', 'e', '\0',
+  /* "misuzu.moe", true */ 'm', 'i', 's', 'u', 'z', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "mit-uns.org", true */ 'm', 'i', 't', '-', 'u', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mita.me", true */ 'm', 'i', 't', 'a', '.', 'm', 'e', '\0',
+  /* "mitaines.ch", true */ 'm', 'i', 't', 'a', 'i', 'n', 'e', 's', '.', 'c', 'h', '\0',
+  /* "mitchellhandymanservices.co.uk", true */ 'm', 'i', 't', 'c', 'h', 'e', 'l', 'l', 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "miticobikes.com", true */ 'm', 'i', 't', 'i', 'c', 'o', 'b', 'i', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mitior.net", true */ 'm', 'i', 't', 'i', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "mitnetz-gas.de", true */ 'm', 'i', 't', 'n', 'e', 't', 'z', '-', 'g', 'a', 's', '.', 'd', 'e', '\0',
+  /* "mitnetz-strom.de", true */ 'm', 'i', 't', 'n', 'e', 't', 'z', '-', 's', 't', 'r', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "mitrax.com.br", true */ 'm', 'i', 't', 'r', 'a', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mitrecaasd.org", true */ 'm', 'i', 't', 'r', 'e', 'c', 'a', 'a', 's', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "mitremai.org", true */ 'm', 'i', 't', 'r', 'e', 'm', 'a', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "mitrostudios.com", true */ 'm', 'i', 't', 'r', 'o', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mitsign.com", true */ 'm', 'i', 't', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mitsu-szene.de", true */ 'm', 'i', 't', 's', 'u', '-', 's', 'z', 'e', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "mitsukabose.com", true */ 'm', 'i', 't', 's', 'u', 'k', 'a', 'b', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mittagonggardencentre.com.au", true */ 'm', 'i', 't', 't', 'a', 'g', 'o', 'n', 'g', 'g', 'a', 'r', 'd', 'e', 'n', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mittagonghomestead.com.au", true */ 'm', 'i', 't', 't', 'a', 'g', 'o', 'n', 'g', 'h', 'o', 'm', 'e', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mittelunsachlich.de", true */ 'm', 'i', 't', 't', 'e', 'l', 'u', 'n', 's', 'a', 'c', 'h', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "mittenofficesystems.com", true */ 'm', 'i', 't', 't', 'e', 'n', 'o', 'f', 'f', 'i', 'c', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mitzpettel.com", true */ 'm', 'i', 't', 'z', 'p', 'e', 't', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "miui-germany.de", true */ 'm', 'i', 'u', 'i', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "miukimodafeminina.com", true */ 'm', 'i', 'u', 'k', 'i', 'm', 'o', 'd', 'a', 'f', 'e', 'm', 'i', 'n', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mivzakim.net", true */ 'm', 'i', 'v', 'z', 'a', 'k', 'i', 'm', '.', 'n', 'e', 't', '\0',
+  /* "mixnshake.com", true */ 'm', 'i', 'x', 'n', 's', 'h', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mixposure.com", true */ 'm', 'i', 'x', 'p', 'o', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mixtape.moe", true */ 'm', 'i', 'x', 't', 'a', 'p', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "miya.io", true */ 'm', 'i', 'y', 'a', '.', 'i', 'o', '\0',
+  /* "miyako-kyoto.jp", true */ 'm', 'i', 'y', 'a', 'k', 'o', '-', 'k', 'y', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "miyatore.com", true */ 'm', 'i', 'y', 'a', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "miyoshi-kikaku.co.jp", true */ 'm', 'i', 'y', 'o', 's', 'h', 'i', '-', 'k', 'i', 'k', 'a', 'k', 'u', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "miyoshi-kikaku.com", true */ 'm', 'i', 'y', 'o', 's', 'h', 'i', '-', 'k', 'i', 'k', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "miyugirls.com", true */ 'm', 'i', 'y', 'u', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mizipack.com", true */ 'm', 'i', 'z', 'i', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mizque.ch", true */ 'm', 'i', 'z', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "mizumax.me", true */ 'm', 'i', 'z', 'u', 'm', 'a', 'x', '.', 'm', 'e', '\0',
+  /* "mj420.com", true */ 'm', 'j', '4', '2', '0', '.', 'c', 'o', 'm', '\0',
+  /* "mjacobson.net", true */ 'm', 'j', 'a', 'c', 'o', 'b', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mjanja.ch", true */ 'm', 'j', 'a', 'n', 'j', 'a', '.', 'c', 'h', '\0',
+  /* "mjasm.org", true */ 'm', 'j', 'a', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "mjec.net", true */ 'm', 'j', 'e', 'c', '.', 'n', 'e', 't', '\0',
+  /* "mjlaurindo.pt", true */ 'm', 'j', 'l', 'a', 'u', 'r', 'i', 'n', 'd', 'o', '.', 'p', 't', '\0',
+  /* "mjmnagy.info", true */ 'm', 'j', 'm', 'n', 'a', 'g', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mk89.de", true */ 'm', 'k', '8', '9', '.', 'd', 'e', '\0',
+  /* "mkacg.com", true */ 'm', 'k', 'a', 'c', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mkaciuba.com", true */ 'm', 'k', 'a', 'c', 'i', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mkakh.com", true */ 'm', 'k', 'a', 'k', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mkakh.xyz", true */ 'm', 'k', 'a', 'k', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "mkasu.org", true */ 'm', 'k', 'a', 's', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "mkbouncycastles.co.uk", true */ 'm', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mkbouncyhire.co.uk", true */ 'm', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mkcert.org", true */ 'm', 'k', 'c', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mkd.mk", true */ 'm', 'k', 'd', '.', 'm', 'k', '\0',
+  /* "mkes.com", true */ 'm', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mkhsoft.eu", true */ 'm', 'k', 'h', 's', 'o', 'f', 't', '.', 'e', 'u', '\0',
+  /* "mkimage.com", true */ 'm', 'k', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mklpedia.de", true */ 'm', 'k', 'l', 'p', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "mkoppmann.at", true */ 'm', 'k', 'o', 'p', 'p', 'm', 'a', 'n', 'n', '.', 'a', 't', '\0',
+  /* "mkp-deutschland.de", true */ 'm', 'k', 'p', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "mkpef.org", true */ 'm', 'k', 'p', 'e', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "mkplay.io", true */ 'm', 'k', 'p', 'l', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "mksac.co.uk", true */ 'm', 'k', 's', 'a', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mkse.com", true */ 'm', 'k', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mkset.ru", true */ 'm', 'k', 's', 'e', 't', '.', 'r', 'u', '\0',
+  /* "mktdigital.info", true */ 'm', 'k', 't', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mktemp.org", true */ 'm', 'k', 't', 'e', 'm', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "mkuznets.com", true */ 'm', 'k', 'u', 'z', 'n', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mkw.st", true */ 'm', 'k', 'w', '.', 's', 't', '\0',
+  /* "mlcambiental.com.br", true */ 'm', 'l', 'c', 'a', 'm', 'b', 'i', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mlcnfriends.com", true */ 'm', 'l', 'c', 'n', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mlemay.com", true */ 'm', 'l', 'e', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mlrslateroofing.com.au", true */ 'm', 'l', 'r', 's', 'l', 'a', 't', 'e', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mlsrv.de", true */ 'm', 'l', 's', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "mlundberg.se", true */ 'm', 'l', 'u', 'n', 'd', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0',
+  /* "mlvbphotography.com", true */ 'm', 'l', 'v', 'b', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mm13.at", true */ 'm', 'm', '1', '3', '.', 'a', 't', '\0',
+  /* "mm404.com", true */ 'm', 'm', '4', '0', '4', '.', 'c', 'o', 'm', '\0',
+  /* "mma-acareporting.com", true */ 'm', 'm', 'a', '-', 'a', 'c', 'a', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mmalisz.com", true */ 'm', 'm', 'a', 'l', 'i', 's', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mmbb.org", true */ 'm', 'm', 'b', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "mmcc.pe", true */ 'm', 'm', 'c', 'c', '.', 'p', 'e', '\0',
+  /* "mmilog.hu", true */ 'm', 'm', 'i', 'l', 'o', 'g', '.', 'h', 'u', '\0',
+  /* "mmin.us", false */ 'm', 'm', 'i', 'n', '.', 'u', 's', '\0',
+  /* "mmmarco.com", true */ 'm', 'm', 'm', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mmogah.com", true */ 'm', 'm', 'o', 'g', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mmonit.com", true */ 'm', 'm', 'o', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mmt.my", true */ 'm', 'm', 't', '.', 'm', 'y', '\0',
+  /* "mmucha.de", true */ 'm', 'm', 'u', 'c', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "mncloud.de", true */ 'm', 'n', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "mncr.nl", true */ 'm', 'n', 'c', 'r', '.', 'n', 'l', '\0',
+  /* "mnd.sc", true */ 'm', 'n', 'd', '.', 's', 'c', '\0',
+  /* "mne.moe", true */ 'm', 'n', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "mnec.io", true */ 'm', 'n', 'e', 'c', '.', 'i', 'o', '\0',
+  /* "mnedc.org", true */ 'm', 'n', 'e', 'd', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mneeb.de", true */ 'm', 'n', 'e', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "mnguyen.io", true */ 'm', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "mnitro.com", true */ 'm', 'n', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mnium.de", true */ 'm', 'n', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "mnsure.org", true */ 'm', 'n', 's', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mnt-tech.fr", true */ 'm', 'n', 't', '-', 't', 'e', 'c', 'h', '.', 'f', 'r', '\0',
+  /* "mnt9.de", true */ 'm', 'n', 't', '9', '.', 'd', 'e', '\0',
+  /* "mo.nl", true */ 'm', 'o', '.', 'n', 'l', '\0',
+  /* "moa.moe", true */ 'm', 'o', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "mobal.com", true */ 'm', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mobeforlife.com", true */ 'm', 'o', 'b', 'e', 'f', 'o', 'r', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mobidea.com", true */ 'm', 'o', 'b', 'i', 'd', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mobifinans.ru", true */ 'm', 'o', 'b', 'i', 'f', 'i', 'n', 'a', 'n', 's', '.', 'r', 'u', '\0',
+  /* "mobil-bei-uns.de", true */ 'm', 'o', 'b', 'i', 'l', '-', 'b', 'e', 'i', '-', 'u', 'n', 's', '.', 'd', 'e', '\0',
+  /* "mobilcom-debitel-empfehlen.de", true */ 'm', 'o', 'b', 'i', 'l', 'c', 'o', 'm', '-', 'd', 'e', 'b', 'i', 't', 'e', 'l', '-', 'e', 'm', 'p', 'f', 'e', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mobilcom-debitel.de", true */ 'm', 'o', 'b', 'i', 'l', 'c', 'o', 'm', '-', 'd', 'e', 'b', 'i', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "mobile.united.com", false */ 'm', 'o', 'b', 'i', 'l', 'e', '.', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mobile.usaa.com", false */ 'm', 'o', 'b', 'i', 'l', 'e', '.', 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mobileread.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'r', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mobileritelushi.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'r', 'i', 't', 'e', 'l', 'u', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mobilesector.de", true */ 'm', 'o', 'b', 'i', 'l', 'e', 's', 'e', 'c', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "mobiletraff.co", true */ 'm', 'o', 'b', 'i', 'l', 'e', 't', 'r', 'a', 'f', 'f', '.', 'c', 'o', '\0',
+  /* "mobilewikiserver.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'w', 'i', 'k', 'i', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mobilinnov.it", true */ 'm', 'o', 'b', 'i', 'l', 'i', 'n', 'n', 'o', 'v', '.', 'i', 't', '\0',
+  /* "mobilisation-generale.org", true */ 'm', 'o', 'b', 'i', 'l', 'i', 's', 'a', 't', 'i', 'o', 'n', '-', 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mobility-events.ch", true */ 'm', 'o', 'b', 'i', 'l', 'i', 't', 'y', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "mobilux.lv", true */ 'm', 'o', 'b', 'i', 'l', 'u', 'x', '.', 'l', 'v', '\0',
+  /* "mobio.net", true */ 'm', 'o', 'b', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mobisaar-cloud.de", true */ 'm', 'o', 'b', 'i', 's', 'a', 'a', 'r', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "mobobe.com", true */ 'm', 'o', 'b', 'o', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mobsender.com", true */ 'm', 'o', 'b', 's', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mobycoders.com", true */ 'm', 'o', 'b', 'y', 'c', 'o', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mocarps.hk", true */ 'm', 'o', 'c', 'a', 'r', 'p', 's', '.', 'h', 'k', '\0',
+  /* "mochanstore.com", true */ 'm', 'o', 'c', 'h', 'a', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mochoko.com", true */ 'm', 'o', 'c', 'h', 'o', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "modaexecutiva.com.br", true */ 'm', 'o', 'd', 'a', 'e', 'x', 'e', 'c', 'u', 't', 'i', 'v', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "modafinil.com", true */ 'm', 'o', 'd', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "modafinil.wiki", true */ 'm', 'o', 'd', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "modafo.com", true */ 'm', 'o', 'd', 'a', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "modalogi.com", true */ 'm', 'o', 'd', 'a', 'l', 'o', 'g', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "modcasts.video", true */ 'm', 'o', 'd', 'c', 'a', 's', 't', 's', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "modcentral.pw", true */ 'm', 'o', 'd', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'p', 'w', '\0',
+  /* "mode-hautnah.de", true */ 'm', 'o', 'd', 'e', '-', 'h', 'a', 'u', 't', 'n', 'a', 'h', '.', 'd', 'e', '\0',
+  /* "mode-individuell.de", true */ 'm', 'o', 'd', 'e', '-', 'i', 'n', 'd', 'i', 'v', 'i', 'd', 'u', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "modecaso.com", true */ 'm', 'o', 'd', 'e', 'c', 'a', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "modehaus-marionk.de", true */ 'm', 'o', 'd', 'e', 'h', 'a', 'u', 's', '-', 'm', 'a', 'r', 'i', 'o', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "modelcase.co.jp", false */ 'm', 'o', 'd', 'e', 'l', 'c', 'a', 's', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "modelcube.com", true */ 'm', 'o', 'd', 'e', 'l', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "modelservis.cz", true */ 'm', 'o', 'd', 'e', 'l', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'z', '\0',
+  /* "modemaille.com", true */ 'm', 'o', 'd', 'e', 'm', 'a', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "modeportaal.nl", true */ 'm', 'o', 'd', 'e', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "moderatoren.org", true */ 'm', 'o', 'd', 'e', 'r', 'a', 't', 'o', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "moderatorenpool.org", true */ 'm', 'o', 'd', 'e', 'r', 'a', 't', 'o', 'r', 'e', 'n', 'p', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "modernapprenticeships.org", true */ 'm', 'o', 'd', 'e', 'r', 'n', 'a', 'p', 'p', 'r', 'e', 'n', 't', 'i', 'c', 'e', 's', 'h', 'i', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "modernibytovytextil.cz", true */ 'm', 'o', 'd', 'e', 'r', 'n', 'i', 'b', 'y', 't', 'o', 'v', 'y', 't', 'e', 'x', 't', 'i', 'l', '.', 'c', 'z', '\0',
+  /* "modifiedmind.com", true */ 'm', 'o', 'd', 'i', 'f', 'i', 'e', 'd', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "modistry.com", true */ 'm', 'o', 'd', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "modistryusercontent.com", true */ 'm', 'o', 'd', 'i', 's', 't', 'r', 'y', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "modmountain.com", true */ 'm', 'o', 'd', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "module.market", true */ 'm', 'o', 'd', 'u', 'l', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "moe.pe", true */ 'm', 'o', 'e', '.', 'p', 'e', '\0',
+  /* "moechel.com", true */ 'm', 'o', 'e', 'c', 'h', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "moefactory.com", true */ 'm', 'o', 'e', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "moefi.xyz", true */ 'm', 'o', 'e', 'f', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "moehrke.cc", true */ 'm', 'o', 'e', 'h', 'r', 'k', 'e', '.', 'c', 'c', '\0',
+  /* "moellers.systems", true */ 'm', 'o', 'e', 'l', 'l', 'e', 'r', 's', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "moetrack.com", true */ 'm', 'o', 'e', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mofohome.dyndns.org", true */ 'm', 'o', 'f', 'o', 'h', 'o', 'm', 'e', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "moha-swiss.com", true */ 'm', 'o', 'h', 'a', '-', 's', 'w', 'i', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mohanmekap.com", true */ 'm', 'o', 'h', 'a', 'n', 'm', 'e', 'k', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mohio.co.nz", true */ 'm', 'o', 'h', 'i', 'o', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "moin.jp", true */ 'm', 'o', 'i', 'n', '.', 'j', 'p', '\0',
+  /* "moipourtoit.ch", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'c', 'h', '\0',
+  /* "moipourtoit.com", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "moipourtoit.org", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mojaknjiznica.com", false */ 'm', 'o', 'j', 'a', 'k', 'n', 'j', 'i', 'z', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mojapraca.sk", true */ 'm', 'o', 'j', 'a', 'p', 'r', 'a', 'c', 'a', '.', 's', 'k', '\0',
+  /* "mojavenissanofbarstowparts.com", true */ 'm', 'o', 'j', 'a', 'v', 'e', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'b', 'a', 'r', 's', 't', 'o', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mojeco2.cz", true */ 'm', 'o', 'j', 'e', 'c', 'o', '2', '.', 'c', 'z', '\0',
+  /* "mojefedora.cz", true */ 'm', 'o', 'j', 'e', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "mojefilmy.xyz", true */ 'm', 'o', 'j', 'e', 'f', 'i', 'l', 'm', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "mojilitygroup.com", true */ 'm', 'o', 'j', 'i', 'l', 'i', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mojnet.eu", true */ 'm', 'o', 'j', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "mojnet.net", true */ 'm', 'o', 'j', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "mojoco.co.za", true */ 'm', 'o', 'j', 'o', 'c', 'o', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "mojzis.com", true */ 'm', 'o', 'j', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mojzis.cz", true */ 'm', 'o', 'j', 'z', 'i', 's', '.', 'c', 'z', '\0',
+  /* "mojzisova.com", true */ 'm', 'o', 'j', 'z', 'i', 's', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mokadev.com", true */ 'm', 'o', 'k', 'a', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "mokeedev.review", true */ 'm', 'o', 'k', 'e', 'e', 'd', 'e', 'v', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0',
+  /* "mokhtarmial.com", false */ 'm', 'o', 'k', 'h', 't', 'a', 'r', 'm', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mokote.com", true */ 'm', 'o', 'k', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mokum-organics.com", true */ 'm', 'o', 'k', 'u', 'm', '-', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "molb.org", true */ 'm', 'o', 'l', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "molecularbiosystems.org", true */ 'm', 'o', 'l', 'e', 'c', 'u', 'l', 'a', 'r', 'b', 'i', 'o', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "molinero.xyz", true */ 'm', 'o', 'l', 'i', 'n', 'e', 'r', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "molti.hu", true */ 'm', 'o', 'l', 't', 'i', '.', 'h', 'u', '\0',
+  /* "molunerfinn.com", true */ 'm', 'o', 'l', 'u', 'n', 'e', 'r', 'f', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "molwick.com", true */ 'm', 'o', 'l', 'w', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "momentumdash.com", true */ 'm', 'o', 'm', 'e', 'n', 't', 'u', 'm', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "momirfarooq.com", true */ 'm', 'o', 'm', 'i', 'r', 'f', 'a', 'r', 'o', 'o', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "momozeit.de", true */ 'm', 'o', 'm', 'o', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "momstableonline.com", true */ 'm', 'o', 'm', 's', 't', 'a', 'b', 'l', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "momut.org", true */ 'm', 'o', 'm', 'u', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mon-agenda.org", false */ 'm', 'o', 'n', '-', 'a', 'g', 'e', 'n', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "mon-partage.fr", true */ 'm', 'o', 'n', '-', 'p', 'a', 'r', 't', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "mon-trafic.com", true */ 'm', 'o', 'n', '-', 't', 'r', 'a', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "mon22.ch", true */ 'm', 'o', 'n', '2', '2', '.', 'c', 'h', '\0',
+  /* "mona-antenna.com", true */ 'm', 'o', 'n', 'a', '-', 'a', 'n', 't', 'e', 'n', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mona-dress.com", true */ 'm', 'o', 'n', 'a', '-', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monachatdeco.com", true */ 'm', 'o', 'n', 'a', 'c', 'h', 'a', 't', 'd', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "monalisa.wtf", true */ 'm', 'o', 'n', 'a', 'l', 'i', 's', 'a', '.', 'w', 't', 'f', '\0',
+  /* "monbudget.org", true */ 'm', 'o', 'n', 'b', 'u', 'd', 'g', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "moncoach.ch", true */ 'm', 'o', 'n', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "mondedesnovels.com", true */ 'm', 'o', 'n', 'd', 'e', 'd', 'e', 's', 'n', 'o', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mondedie.fr", true */ 'm', 'o', 'n', 'd', 'e', 'd', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "mondial-movers.nl", true */ 'm', 'o', 'n', 'd', 'i', 'a', 'l', '-', 'm', 'o', 'v', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "mondo-it.ch", true */ 'm', 'o', 'n', 'd', 'o', '-', 'i', 't', '.', 'c', 'h', '\0',
+  /* "moneychangersoftware.com", true */ 'm', 'o', 'n', 'e', 'y', 'c', 'h', 'a', 'n', 'g', 'e', 'r', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moneygo.se", true */ 'm', 'o', 'n', 'e', 'y', 'g', 'o', '.', 's', 'e', '\0',
+  /* "moneyhouse.de", true */ 'm', 'o', 'n', 'e', 'y', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0',
+  /* "moneytoday.se", true */ 'm', 'o', 'n', 'e', 'y', 't', 'o', 'd', 'a', 'y', '.', 's', 'e', '\0',
+  /* "monique.io", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', '.', 'i', 'o', '\0',
+  /* "moniquedekermadec.com", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', 'd', 'e', 'k', 'e', 'r', 'm', 'a', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "moniquemunhoz.com.br", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', 'm', 'u', 'n', 'h', 'o', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "monitman.solutions", true */ 'm', 'o', 'n', 'i', 't', 'm', 'a', 'n', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "monitoring.kalisz.pl", true */ 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'k', 'a', 'l', 'i', 's', 'z', '.', 'p', 'l', '\0',
+  /* "monitzer.com", true */ 'm', 'o', 'n', 'i', 't', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "monix.io", true */ 'm', 'o', 'n', 'i', 'x', '.', 'i', 'o', '\0',
+  /* "monkeydust.net", true */ 'm', 'o', 'n', 'k', 'e', 'y', 'd', 'u', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "monkeyhill.us", true */ 'm', 'o', 'n', 'k', 'e', 'y', 'h', 'i', 'l', 'l', '.', 'u', 's', '\0',
+  /* "monkeytek.ca", true */ 'm', 'o', 'n', 'k', 'e', 'y', 't', 'e', 'k', '.', 'c', 'a', '\0',
+  /* "monloyer.quebec", true */ 'm', 'o', 'n', 'l', 'o', 'y', 'e', 'r', '.', 'q', 'u', 'e', 'b', 'e', 'c', '\0',
+  /* "monnyonle.hu", true */ 'm', 'o', 'n', 'n', 'y', 'o', 'n', 'l', 'e', '.', 'h', 'u', '\0',
+  /* "monobank.no", true */ 'm', 'o', 'n', 'o', 'b', 'a', 'n', 'k', '.', 'n', 'o', '\0',
+  /* "monochrometoys.com", true */ 'm', 'o', 'n', 'o', 'c', 'h', 'r', 'o', 'm', 'e', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monodukuri.com", true */ 'm', 'o', 'n', 'o', 'd', 'u', 'k', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "monokoo.com", true */ 'm', 'o', 'n', 'o', 'k', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "monolithapps.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monolithindustries.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monolithinteractive.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "monoseis-monotica.gr", true */ 'm', 'o', 'n', 'o', 's', 'e', 'i', 's', '-', 'm', 'o', 'n', 'o', 't', 'i', 'c', 'a', '.', 'g', 'r', '\0',
+  /* "monothesis.com", true */ 'm', 'o', 'n', 'o', 't', 'h', 'e', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monotsuku.com", true */ 'm', 'o', 'n', 'o', 't', 's', 'u', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "monpc-pro.fr", true */ 'm', 'o', 'n', 'p', 'c', '-', 'p', 'r', 'o', '.', 'f', 'r', '\0',
+  /* "monpermismoto.com", true */ 'm', 'o', 'n', 'p', 'e', 'r', 'm', 'i', 's', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "monpermisvoiture.com", true */ 'm', 'o', 'n', 'p', 'e', 'r', 'm', 'i', 's', 'v', 'o', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "monpetitforfait.com", true */ 'm', 'o', 'n', 'p', 'e', 't', 'i', 't', 'f', 'o', 'r', 'f', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "monpetitmobile.com", true */ 'm', 'o', 'n', 'p', 'e', 't', 'i', 't', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "monsieurbureau.com", true */ 'm', 'o', 'n', 's', 'i', 'e', 'u', 'r', 'b', 'u', 'r', 'e', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "monsieursavon.ch", true */ 'm', 'o', 'n', 's', 'i', 'e', 'u', 'r', 's', 'a', 'v', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "monstermashentertainments.co.uk", true */ 'm', 'o', 'n', 's', 't', 'e', 'r', 'm', 'a', 's', 'h', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "montage-kaika.de", true */ 'm', 'o', 'n', 't', 'a', 'g', 'e', '-', 'k', 'a', 'i', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "montagne-tendance.ch", true */ 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '-', 't', 'e', 'n', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "montanana.com", true */ 'm', 'o', 'n', 't', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "montand.com", true */ 'm', 'o', 'n', 't', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "montarfotoaki.com", true */ 'm', 'o', 'n', 't', 'a', 'r', 'f', 'o', 't', 'o', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "montas.io", true */ 'm', 'o', 'n', 't', 'a', 's', '.', 'i', 'o', '\0',
+  /* "montazer.net", true */ 'm', 'o', 'n', 't', 'a', 'z', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "montenero.pl", true */ 'm', 'o', 'n', 't', 'e', 'n', 'e', 'r', 'o', '.', 'p', 'l', '\0',
+  /* "monteurzimmerfrei.de", true */ 'm', 'o', 'n', 't', 'e', 'u', 'r', 'z', 'i', 'm', 'm', 'e', 'r', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "montopolis.com", true */ 'm', 'o', 'n', 't', 'o', 'p', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "montpreveyres.ch", true */ 'm', 'o', 'n', 't', 'p', 'r', 'e', 'v', 'e', 'y', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "montsaintaignan.fr", true */ 'm', 'o', 'n', 't', 's', 'a', 'i', 'n', 't', 'a', 'i', 'g', 'n', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "montychristie.com", true */ 'm', 'o', 'n', 't', 'y', 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moo.la", true */ 'm', 'o', 'o', '.', 'l', 'a', '\0',
+  /* "moobo.co.jp", true */ 'm', 'o', 'o', 'b', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "moodfoods.com", true */ 'm', 'o', 'o', 'd', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "moodifiers.com", true */ 'm', 'o', 'o', 'd', 'i', 'f', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "moodzshop.com", true */ 'm', 'o', 'o', 'd', 'z', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "moojp.co.jp", true */ 'm', 'o', 'o', 'j', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "moonagic.com", true */ 'm', 'o', 'o', 'n', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "moonchart.co.uk", true */ 'm', 'o', 'o', 'n', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moondrop.org", true */ 'm', 'o', 'o', 'n', 'd', 'r', 'o', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "moonkin.eu", true */ 'm', 'o', 'o', 'n', 'k', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "moonmelo.com", true */ 'm', 'o', 'o', 'n', 'm', 'e', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "moonraptor.co.uk", true */ 'm', 'o', 'o', 'n', 'r', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moonraptor.com", true */ 'm', 'o', 'o', 'n', 'r', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "moonrhythm.info", true */ 'm', 'o', 'o', 'n', 'r', 'h', 'y', 't', 'h', 'm', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "moonrhythm.io", true */ 'm', 'o', 'o', 'n', 'r', 'h', 'y', 't', 'h', 'm', '.', 'i', 'o', '\0',
+  /* "moonshyne.org", true */ 'm', 'o', 'o', 'n', 's', 'h', 'y', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "moonvpn.org", true */ 'm', 'o', 'o', 'n', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "moorewelliver.com", true */ 'm', 'o', 'o', 'r', 'e', 'w', 'e', 'l', 'l', 'i', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "moorfunevents.co.uk", true */ 'm', 'o', 'o', 'r', 'f', 'u', 'n', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moorparkelectrical.com", true */ 'm', 'o', 'o', 'r', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mooselook.de", true */ 'm', 'o', 'o', 's', 'e', 'l', 'o', 'o', 'k', '.', 'd', 'e', '\0',
+  /* "moovablestorage.com", true */ 'm', 'o', 'o', 'v', 'a', 'b', 'l', 'e', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moparcraft.net", true */ 'm', 'o', 'p', 'a', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "moparisthebest.com", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "moparisthebest.net", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "moparisthebest.org", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "moparscape.net", true */ 'm', 'o', 'p', 'a', 'r', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mopedreifen.de", true */ 'm', 'o', 'p', 'e', 'd', 'r', 'e', 'i', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mople71.cz", true */ 'm', 'o', 'p', 'l', 'e', '7', '1', '.', 'c', 'z', '\0',
+  /* "moppeleinhorn.de", true */ 'm', 'o', 'p', 'p', 'e', 'l', 'e', 'i', 'n', 'h', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "moppy.org", true */ 'm', 'o', 'p', 'p', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "morbatex.com", true */ 'm', 'o', 'r', 'b', 'a', 't', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "morbitzer.de", false */ 'm', 'o', 'r', 'b', 'i', 't', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "morbotron.com", true */ 'm', 'o', 'r', 'b', 'o', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "morchino.ch", true */ 'm', 'o', 'r', 'c', 'h', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "morchstore.com", true */ 'm', 'o', 'r', 'c', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mordor.io", false */ 'm', 'o', 'r', 'd', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "moreapp.co.uk", true */ 'm', 'o', 'r', 'e', 'a', 'p', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "morenci.ch", true */ 'm', 'o', 'r', 'e', 'n', 'c', 'i', '.', 'c', 'h', '\0',
+  /* "morepay.cn", true */ 'm', 'o', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'n', '\0',
+  /* "moreserviceleads.com", true */ 'm', 'o', 'r', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'l', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "morespacestorage.com.au", true */ 'm', 'o', 'r', 'e', 's', 'p', 'a', 'c', 'e', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "moresw.com", true */ 'm', 'o', 'r', 'e', 's', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "morganino.eu", true */ 'm', 'o', 'r', 'g', 'a', 'n', 'i', 'n', 'o', '.', 'e', 'u', '\0',
+  /* "morganino.it", true */ 'm', 'o', 'r', 'g', 'a', 'n', 'i', 'n', 'o', '.', 'i', 't', '\0',
+  /* "morgansleisure.co.uk", true */ 'm', 'o', 'r', 'g', 'a', 'n', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moritz-baestlein.de", true */ 'm', 'o', 'r', 'i', 't', 'z', '-', 'b', 'a', 'e', 's', 't', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "moritztremmel.de", true */ 'm', 'o', 'r', 'i', 't', 'z', 't', 'r', 'e', 'm', 'm', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "moriz.de", true */ 'm', 'o', 'r', 'i', 'z', '.', 'd', 'e', '\0',
+  /* "moriz.net", true */ 'm', 'o', 'r', 'i', 'z', '.', 'n', 'e', 't', '\0',
+  /* "morphy2k.io", true */ 'm', 'o', 'r', 'p', 'h', 'y', '2', 'k', '.', 'i', 'o', '\0',
+  /* "morteruelo.net", true */ 'm', 'o', 'r', 't', 'e', 'r', 'u', 'e', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mortgagecalculator.biz", true */ 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "mortis.eu", true */ 'm', 'o', 'r', 't', 'i', 's', '.', 'e', 'u', '\0',
+  /* "mosaic-design.ru", true */ 'm', 'o', 's', 'a', 'i', 'c', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'r', 'u', '\0',
+  /* "mosaicadvisors.com", true */ 'm', 'o', 's', 'a', 'i', 'c', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "moscow.dating", true */ 'm', 'o', 's', 'c', 'o', 'w', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "mosfet.cz", true */ 'm', 'o', 's', 'f', 'e', 't', '.', 'c', 'z', '\0',
+  /* "moshwire.com", true */ 'm', 'o', 's', 'h', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mosin.org", true */ 'm', 'o', 's', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "moskeedieren.nl", true */ 'm', 'o', 's', 'k', 'e', 'e', 'd', 'i', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "moso.io", true */ 'm', 'o', 's', 'o', '.', 'i', 'o', '\0',
+  /* "mosos.de", true */ 'm', 'o', 's', 'o', 's', '.', 'd', 'e', '\0',
+  /* "mosscade.com", true */ 'm', 'o', 's', 's', 'c', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mosstier.com", true */ 'm', 'o', 's', 's', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mostlyharmless.at", true */ 'm', 'o', 's', 't', 'l', 'y', 'h', 'a', 'r', 'm', 'l', 'e', 's', 's', '.', 'a', 't', '\0',
+  /* "mostlyinfinite.com", true */ 'm', 'o', 's', 't', 'l', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mostlyoverhead.com", true */ 'm', 'o', 's', 't', 'l', 'y', 'o', 'v', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "motd.ch", true */ 'm', 'o', 't', 'd', '.', 'c', 'h', '\0',
+  /* "moteksystems.com", true */ 'm', 'o', 't', 'e', 'k', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "motezazer.fr", true */ 'm', 'o', 't', 'e', 'z', 'a', 'z', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "motherboard.services", true */ 'm', 'o', 't', 'h', 'e', 'r', 'b', 'o', 'a', 'r', 'd', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "mothereff.in", false */ 'm', 'o', 't', 'h', 'e', 'r', 'e', 'f', 'f', '.', 'i', 'n', '\0',
+  /* "motionless.nl", true */ 'm', 'o', 't', 'i', 'o', 'n', 'l', 'e', 's', 's', '.', 'n', 'l', '\0',
+  /* "motohell.com", true */ 'm', 'o', 't', 'o', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "motojato.com.br", true */ 'm', 'o', 't', 'o', 'j', 'a', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "motonauticaibiza.com", true */ 'm', 'o', 't', 'o', 'n', 'a', 'u', 't', 'i', 'c', 'a', 'i', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "motorcheck.ie", true */ 'm', 'o', 't', 'o', 'r', 'c', 'h', 'e', 'c', 'k', '.', 'i', 'e', '\0',
+  /* "motoroilinfo.com", true */ 'm', 'o', 't', 'o', 'r', 'o', 'i', 'l', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "motorpointarenacardiff.co.uk", true */ 'm', 'o', 't', 'o', 'r', 'p', 'o', 'i', 'n', 't', 'a', 'r', 'e', 'n', 'a', 'c', 'a', 'r', 'd', 'i', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "motorring.ru", true */ 'm', 'o', 't', 'o', 'r', 'r', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "motorsplus.com", true */ 'm', 'o', 't', 'o', 'r', 's', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "motoryachtclub-radolfzell.de", true */ 'm', 'o', 't', 'o', 'r', 'y', 'a', 'c', 'h', 't', 'c', 'l', 'u', 'b', '-', 'r', 'a', 'd', 'o', 'l', 'f', 'z', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "motosikletevi.com", true */ 'm', 'o', 't', 'o', 's', 'i', 'k', 'l', 'e', 't', 'e', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "motostorie.blog", false */ 'm', 'o', 't', 'o', 's', 't', 'o', 'r', 'i', 'e', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "motransportinfo.com", true */ 'm', 'o', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mottomortgage.com", true */ 'm', 'o', 't', 't', 'o', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moube.fr", true */ 'm', 'o', 'u', 'b', 'e', '.', 'f', 'r', '\0',
+  /* "moulinaparoles.ca", true */ 'm', 'o', 'u', 'l', 'i', 'n', 'a', 'p', 'a', 'r', 'o', 'l', 'e', 's', '.', 'c', 'a', '\0',
+  /* "moumaobuchiyu.com", true */ 'm', 'o', 'u', 'm', 'a', 'o', 'b', 'u', 'c', 'h', 'i', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mountain-rock.ru", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '-', 'r', 'o', 'c', 'k', '.', 'r', 'u', '\0',
+  /* "mountainactivitysection.org.uk", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', 's', 'e', 'c', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "mountainroseherbs.com", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'r', 'o', 's', 'e', 'h', 'e', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mountfarmer.de", true */ 'm', 'o', 'u', 'n', 't', 'f', 'a', 'r', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "moveek.com", true */ 'm', 'o', 'v', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "moveisfit.com.br", true */ 'm', 'o', 'v', 'e', 'i', 's', 'f', 'i', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "moveltix.net", true */ 'm', 'o', 'v', 'e', 'l', 't', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "movember.com", false */ 'm', 'o', 'v', 'e', 'm', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "movepin.com", true */ 'm', 'o', 'v', 'e', 'p', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "movie-cross.net", true */ 'm', 'o', 'v', 'i', 'e', '-', 'c', 'r', 'o', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "movie-infos.net", true */ 'm', 'o', 'v', 'i', 'e', '-', 'i', 'n', 'f', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "movie4k.fyi", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', '.', 'f', 'y', 'i', '\0',
+  /* "movie4k.life", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "movie4kto.site", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', 't', 'o', '.', 's', 'i', 't', 'e', '\0',
+  /* "movie4kto.stream", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', 't', 'o', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "moviedeposit.com", true */ 'm', 'o', 'v', 'i', 'e', 'd', 'e', 'p', 'o', 's', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "moviefreeze.com", true */ 'm', 'o', 'v', 'i', 'e', 'f', 'r', 'e', 'e', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "movieguys.org", true */ 'm', 'o', 'v', 'i', 'e', 'g', 'u', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "movienang.com", true */ 'm', 'o', 'v', 'i', 'e', 'n', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "moviepilot.com", true */ 'm', 'o', 'v', 'i', 'e', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "movil.uno", true */ 'm', 'o', 'v', 'i', 'l', '.', 'u', 'n', 'o', '\0',
+  /* "movinglogistics.nl", false */ 'm', 'o', 'v', 'i', 'n', 'g', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'n', 'l', '\0',
+  /* "movingoklahoma.org", true */ 'm', 'o', 'v', 'i', 'n', 'g', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "movingtohttps.com", true */ 'm', 'o', 'v', 'i', 'n', 'g', 't', 'o', 'h', 't', 't', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "movlib.org", true */ 'm', 'o', 'v', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "moyer.pub", true */ 'm', 'o', 'y', 'e', 'r', '.', 'p', 'u', 'b', '\0',
+  /* "moylen.eu", true */ 'm', 'o', 'y', 'l', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "moyoo.net", true */ 'm', 'o', 'y', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mozilla.cz", true */ 'm', 'o', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "mozillians.org", true */ 'm', 'o', 'z', 'i', 'l', 'l', 'i', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mozzez.de", true */ 'm', 'o', 'z', 'z', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "mp3gratuiti.com", true */ 'm', 'p', '3', 'g', 'r', 'a', 't', 'u', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mpc-hc.org", true */ 'm', 'p', 'c', '-', 'h', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mpcompliance.com", true */ 'm', 'p', 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mpe.org", true */ 'm', 'p', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mpetroff.net", true */ 'm', 'p', 'e', 't', 'r', 'o', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "mpg-universal.com", true */ 'm', 'p', 'g', '-', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mpg.ovh", true */ 'm', 'p', 'g', '.', 'o', 'v', 'h', '\0',
+  /* "mpi-sa.fr", true */ 'm', 'p', 'i', '-', 's', 'a', '.', 'f', 'r', '\0',
+  /* "mpintaamalabanna.it", true */ 'm', 'p', 'i', 'n', 't', 'a', 'a', 'm', 'a', 'l', 'a', 'b', 'a', 'n', 'n', 'a', '.', 'i', 't', '\0',
+  /* "mplanetphl.fr", true */ 'm', 'p', 'l', 'a', 'n', 'e', 't', 'p', 'h', 'l', '.', 'f', 'r', '\0',
+  /* "mplant.io", true */ 'm', 'p', 'l', 'a', 'n', 't', '.', 'i', 'o', '\0',
+  /* "mplicka.cz", true */ 'm', 'p', 'l', 'i', 'c', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "mplusm.eu", true */ 'm', 'p', 'l', 'u', 's', 'm', '.', 'e', 'u', '\0',
+  /* "mpn.poker", true */ 'm', 'p', 'n', '.', 'p', 'o', 'k', 'e', 'r', '\0',
+  /* "mpnpokertour.com", true */ 'm', 'p', 'n', 'p', 'o', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mpodraza.pl", true */ 'm', 'p', 'o', 'd', 'r', 'a', 'z', 'a', '.', 'p', 'l', '\0',
+  /* "mpreserver.com", true */ 'm', 'p', 'r', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mpsgarage.com.au", true */ 'm', 'p', 's', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mpsoundcraft.com", true */ 'm', 'p', 's', 'o', 'u', 'n', 'd', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mpy.ovh", true */ 'm', 'p', 'y', '.', 'o', 'v', 'h', '\0',
+  /* "mr-anderson.org", true */ 'm', 'r', '-', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mr-labo.jp", true */ 'm', 'r', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "mr-nachhilfe.de", true */ 'm', 'r', '-', 'n', 'a', 'c', 'h', 'h', 'i', 'l', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "mr-wolf.nl", true */ 'm', 'r', '-', 'w', 'o', 'l', 'f', '.', 'n', 'l', '\0',
+  /* "mrbmafrica.com", true */ 'm', 'r', 'b', 'm', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mrbounce.com", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mrbouncescrazycastles.co.uk", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 's', 'c', 'r', 'a', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mrbouncycastle.com", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mrca-sharp.com", true */ 'm', 'r', 'c', 'a', '-', 's', 'h', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mrcoolevents.com", true */ 'm', 'r', 'c', 'o', 'o', 'l', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mrd.ninja", true */ 'm', 'r', 'd', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "mrdayman.com", true */ 'm', 'r', 'd', 'a', 'y', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mrdleisure.co.uk", true */ 'm', 'r', 'd', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mrevolution.eu", true */ 'm', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "mrinalpurohit.in", true */ 'm', 'r', 'i', 'n', 'a', 'l', 'p', 'u', 'r', 'o', 'h', 'i', 't', '.', 'i', 'n', '\0',
+  /* "mrkapowski.com", true */ 'm', 'r', 'k', 'a', 'p', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mrketolocksmith.com", true */ 'm', 'r', 'k', 'e', 't', 'o', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mrleonardo.com", true */ 'm', 'r', 'l', 'e', 'o', 'n', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mrmoregame.de", true */ 'm', 'r', 'm', 'o', 'r', 'e', 'g', 'a', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "mrnh.de", true */ 'm', 'r', 'n', 'h', '.', 'd', 'e', '\0',
+  /* "mrnh.tk", true */ 'm', 'r', 'n', 'h', '.', 't', 'k', '\0',
+  /* "mrpropop.com", true */ 'm', 'r', 'p', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mrs-labo.jp", true */ 'm', 'r', 's', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "mrserge.lv", true */ 'm', 'r', 's', 'e', 'r', 'g', 'e', '.', 'l', 'v', '\0',
+  /* "mrsk.me", true */ 'm', 'r', 's', 'k', '.', 'm', 'e', '\0',
+  /* "mrstat.co.uk", true */ 'm', 'r', 's', 't', 'a', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mrx.one", true */ 'm', 'r', 'x', '.', 'o', 'n', 'e', '\0',
+  /* "ms-alternativ.de", true */ 'm', 's', '-', 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', '.', 'd', 'e', '\0',
+  /* "ms-host.fr", true */ 'm', 's', '-', 'h', 'o', 's', 't', '.', 'f', 'r', '\0',
+  /* "msa-aesch.ch", true */ 'm', 's', 'a', '-', 'a', 'e', 's', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "mscc.mu", true */ 'm', 's', 'c', 'c', '.', 'm', 'u', '\0',
+  /* "mscc.org", true */ 'm', 's', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mscenter.cf", true */ 'm', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'f', '\0',
+  /* "msch.pw", true */ 'm', 's', 'c', 'h', '.', 'p', 'w', '\0',
+  /* "mschuessler.org", true */ 'm', 's', 'c', 'h', 'u', 'e', 's', 's', 'l', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "msebera.cz", true */ 'm', 's', 'e', 'b', 'e', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "msh100.uk", true */ 'm', 's', 'h', '1', '0', '0', '.', 'u', 'k', '\0',
+  /* "mshemailmarketer.com.au", true */ 'm', 's', 'h', 'e', 'm', 'a', 'i', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "msi-zlin.cz", true */ 'm', 's', 'i', '-', 'z', 'l', 'i', 'n', '.', 'c', 'z', '\0',
+  /* "msiegmund.com", true */ 'm', 's', 'i', 'e', 'g', 'm', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "msmails.de", true */ 'm', 's', 'm', 'a', 'i', 'l', 's', '.', 'd', 'e', '\0',
+  /* "msnr.net", true */ 'm', 's', 'n', 'r', '.', 'n', 'e', 't', '\0',
+  /* "msp66.de", true */ 'm', 's', 'p', '6', '6', '.', 'd', 'e', '\0',
+  /* "mspnocsupport.com", true */ 'm', 's', 'p', 'n', 'o', 'c', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "msquadrat.de", true */ 'm', 's', 'q', 'u', 'a', 'd', 'r', 'a', 't', '.', 'd', 'e', '\0',
+  /* "mssys.de", true */ 'm', 's', 's', 'y', 's', '.', 'd', 'e', '\0',
+  /* "mstdn.blue", true */ 'm', 's', 't', 'd', 'n', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "mstdn.club", true */ 'm', 's', 't', 'd', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "mstdn.fr", true */ 'm', 's', 't', 'd', 'n', '.', 'f', 'r', '\0',
+  /* "mstdn.io", true */ 'm', 's', 't', 'd', 'n', '.', 'i', 'o', '\0',
+  /* "mstdn.nl", true */ 'm', 's', 't', 'd', 'n', '.', 'n', 'l', '\0',
+  /* "mstdn.onl", true */ 'm', 's', 't', 'd', 'n', '.', 'o', 'n', 'l', '\0',
+  /* "mstiles92.com", true */ 'm', 's', 't', 'i', 'l', 'e', 's', '9', '2', '.', 'c', 'o', 'm', '\0',
+  /* "msuess.me", true */ 'm', 's', 'u', 'e', 's', 's', '.', 'm', 'e', '\0',
+  /* "msuna.net", true */ 'm', 's', 'u', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "msv-limpezas.pt", true */ 'm', 's', 'v', '-', 'l', 'i', 'm', 'p', 'e', 'z', 'a', 's', '.', 'p', 't', '\0',
+  /* "msx.org", true */ 'm', 's', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "msz-fotografie.de", true */ 'm', 's', 'z', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "mszavodumiru.cz", true */ 'm', 's', 'z', 'a', 'v', 'o', 'd', 'u', 'm', 'i', 'r', 'u', '.', 'c', 'z', '\0',
+  /* "mt.search.yahoo.com", false */ 'm', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mt2414.com", true */ 'm', 't', '2', '4', '1', '4', '.', 'c', 'o', 'm', '\0',
+  /* "mtasa.com", true */ 'm', 't', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mtau.com", true */ 'm', 't', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mtb.wtf", true */ 'm', 't', 'b', '.', 'w', 't', 'f', '\0',
+  /* "mtcq.jp", true */ 'm', 't', 'c', 'q', '.', 'j', 'p', '\0',
+  /* "mtd.ovh", true */ 'm', 't', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "mtfgnettoyage.fr", true */ 'm', 't', 'f', 'g', 'n', 'e', 't', 't', 'o', 'y', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "mtg-tutor.de", true */ 'm', 't', 'g', '-', 't', 'u', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "mthode.org", true */ 'm', 't', 'h', 'o', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mths.be", false */ 'm', 't', 'h', 's', '.', 'b', 'e', '\0',
+  /* "mticareportal.com", true */ 'm', 't', 'i', 'c', 'a', 'r', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mtirc.co", true */ 'm', 't', 'i', 'r', 'c', '.', 'c', 'o', '\0',
+  /* "mtnz.co.za", true */ 'm', 't', 'n', 'z', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "mtouch.facebook.com", false */ 'm', 't', 'o', 'u', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mtr.md", true */ 'm', 't', 'r', '.', 'm', 'd', '\0',
+  /* "mtrock.ru", true */ 'm', 't', 'r', 'o', 'c', 'k', '.', 'r', 'u', '\0',
+  /* "mts-energia.eu", true */ 'm', 't', 's', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "mts-server.com", true */ 'm', 't', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mtsolar.es", true */ 'm', 't', 's', 'o', 'l', 'a', 'r', '.', 'e', 's', '\0',
+  /* "mu.search.yahoo.com", false */ 'm', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "muabannhanh.com", false */ 'm', 'u', 'a', 'b', 'a', 'n', 'n', 'h', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "muahahahaha.co.uk", true */ 'm', 'u', 'a', 'h', 'a', 'h', 'a', 'h', 'a', 'h', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mubiflex.nl", true */ 'm', 'u', 'b', 'i', 'f', 'l', 'e', 'x', '.', 'n', 'l', '\0',
+  /* "muchohentai.com", true */ 'm', 'u', 'c', 'h', 'o', 'h', 'e', 'n', 't', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "muckingabout.eu", true */ 'm', 'u', 'c', 'k', 'i', 'n', 'g', 'a', 'b', 'o', 'u', 't', '.', 'e', 'u', '\0',
+  /* "mucmail.de", true */ 'm', 'u', 'c', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "mudcrab.us", false */ 'm', 'u', 'd', 'c', 'r', 'a', 'b', '.', 'u', 's', '\0',
+  /* "muehlemann.net", true */ 'm', 'u', 'e', 'h', 'l', 'e', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "muellapp.com", true */ 'm', 'u', 'e', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "muenchberger.com", true */ 'm', 'u', 'e', 'n', 'c', 'h', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "muenzubi.de", true */ 'm', 'u', 'e', 'n', 'z', 'u', 'b', 'i', '.', 'd', 'e', '\0',
+  /* "muffet.pw", true */ 'm', 'u', 'f', 'f', 'e', 't', '.', 'p', 'w', '\0',
+  /* "muga.space", true */ 'm', 'u', 'g', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "muguayuan.com", true */ 'm', 'u', 'g', 'u', 'a', 'y', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "muh.io", true */ 'm', 'u', 'h', '.', 'i', 'o', '\0',
+  /* "muk-kobetsu.com", true */ 'm', 'u', 'k', '-', 'k', 'o', 'b', 'e', 't', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mukka.ch", true */ 'm', 'u', 'k', 'k', 'a', '.', 'c', 'h', '\0',
+  /* "mulaccosmetics.com", true */ 'm', 'u', 'l', 'a', 'c', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mulaisehat.com", true */ 'm', 'u', 'l', 'a', 'i', 's', 'e', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mulej.net", true */ 'm', 'u', 'l', 'e', 'j', '.', 'n', 'e', 't', '\0',
+  /* "mulheres18.com", true */ 'm', 'u', 'l', 'h', 'e', 'r', 'e', 's', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "mulherportuguesa.com", true */ 'm', 'u', 'l', 'h', 'e', 'r', 'p', 'o', 'r', 't', 'u', 'g', 'u', 'e', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "muling.lu", true */ 'm', 'u', 'l', 'i', 'n', 'g', '.', 'l', 'u', '\0',
+  /* "mullens-usedcars.be", true */ 'm', 'u', 'l', 'l', 'e', 'n', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "multi-vpn.biz", true */ 'm', 'u', 'l', 't', 'i', '-', 'v', 'p', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "multibase.pt", true */ 'm', 'u', 'l', 't', 'i', 'b', 'a', 's', 'e', '.', 'p', 't', '\0',
+  /* "multibit.org", true */ 'm', 'u', 'l', 't', 'i', 'b', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "multibomasm.com.br", true */ 'm', 'u', 'l', 't', 'i', 'b', 'o', 'm', 'a', 's', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "multicomhost.com", true */ 'm', 'u', 'l', 't', 'i', 'c', 'o', 'm', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "multigamecard.com", true */ 'm', 'u', 'l', 't', 'i', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "multigeist.de", true */ 'm', 'u', 'l', 't', 'i', 'g', 'e', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "multikalender.de", false */ 'm', 'u', 'l', 't', 'i', 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "multimail.work", true */ 'm', 'u', 'l', 't', 'i', 'm', 'a', 'i', 'l', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "multimedia-pool.com", true */ 'm', 'u', 'l', 't', 'i', 'm', 'e', 'd', 'i', 'a', '-', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "multiplayernow.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'a', 'y', 'e', 'r', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "multipleservers.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "multiplexcy.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'e', 'x', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "multirep.ch", true */ 'm', 'u', 'l', 't', 'i', 'r', 'e', 'p', '.', 'c', 'h', '\0',
+  /* "multitek.no", true */ 'm', 'u', 'l', 't', 'i', 't', 'e', 'k', '.', 'n', 'o', '\0',
+  /* "multitheftauto.com", true */ 'm', 'u', 'l', 't', 'i', 't', 'h', 'e', 'f', 't', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "multivpn.cn.com", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "multivpn.com.de", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "multivpn.com.ua", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "multivpn.fr", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'f', 'r', '\0',
+  /* "multiworldsoftware.com", true */ 'm', 'u', 'l', 't', 'i', 'w', 'o', 'r', 'l', 'd', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "multrier.fr", true */ 'm', 'u', 'l', 't', 'r', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "mumbaionlinegifts.com", true */ 'm', 'u', 'm', 'b', 'a', 'i', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mumei.space", true */ 'm', 'u', 'm', 'e', 'i', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "mumolabs.com", true */ 'm', 'u', 'm', 'o', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "munchcorp.com", true */ 'm', 'u', 'n', 'c', 'h', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mundoadulto.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'd', 'u', 'l', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundoalpha.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundoarabe.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'r', 'a', 'b', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundodasmensagens.com", true */ 'm', 'u', 'n', 'd', 'o', 'd', 'a', 's', 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mundokinderland.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'k', 'i', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundolarraz.es", true */ 'm', 'u', 'n', 'd', 'o', 'l', 'a', 'r', 'r', 'a', 'z', '.', 'e', 's', '\0',
+  /* "mundschenk.at", true */ 'm', 'u', 'n', 'd', 's', 'c', 'h', 'e', 'n', 'k', '.', 'a', 't', '\0',
+  /* "mundtec.com.br", true */ 'm', 'u', 'n', 'd', 't', 'e', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "munirajiwa.com", true */ 'm', 'u', 'n', 'i', 'r', 'a', 'j', 'i', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "munki.org", true */ 'm', 'u', 'n', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "munkibuilds.org", true */ 'm', 'u', 'n', 'k', 'i', 'b', 'u', 'i', 'l', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "munpanel.com", true */ 'm', 'u', 'n', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "munrabi.com", true */ 'm', 'u', 'n', 'r', 'a', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "muqu.co", true */ 'm', 'u', 'q', 'u', '.', 'c', 'o', '\0',
+  /* "mur-vegetal-interieur.fr", true */ 'm', 'u', 'r', '-', 'v', 'e', 'g', 'e', 't', 'a', 'l', '-', 'i', 'n', 't', 'e', 'r', 'i', 'e', 'u', 'r', '.', 'f', 'r', '\0',
+  /* "murakami-sah.com", true */ 'm', 'u', 'r', 'a', 'k', 'a', 'm', 'i', '-', 's', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "murdercube.com", true */ 'm', 'u', 'r', 'd', 'e', 'r', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "murfy.kiwi", true */ 'm', 'u', 'r', 'f', 'y', '.', 'k', 'i', 'w', 'i', '\0',
+  /* "murfy.nz", true */ 'm', 'u', 'r', 'f', 'y', '.', 'n', 'z', '\0',
+  /* "murgi.de", true */ 'm', 'u', 'r', 'g', 'i', '.', 'd', 'e', '\0',
+  /* "murmel.it", false */ 'm', 'u', 'r', 'm', 'e', 'l', '.', 'i', 't', '\0',
+  /* "murof.com.br", true */ 'm', 'u', 'r', 'o', 'f', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "murraycoin.org", true */ 'm', 'u', 'r', 'r', 'a', 'y', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mursu.directory", true */ 'm', 'u', 'r', 's', 'u', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "muscle-tg.com", true */ 'm', 'u', 's', 'c', 'l', 'e', '-', 't', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "muscleangels.com", true */ 'm', 'u', 's', 'c', 'l', 'e', 'a', 'n', 'g', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "musclecarresearch.com", true */ 'm', 'u', 's', 'c', 'l', 'e', 'c', 'a', 'r', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "muscolinomusic.com", true */ 'm', 'u', 's', 'c', 'o', 'l', 'i', 'n', 'o', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "musearchengine.com", true */ 'm', 'u', 's', 'e', 'a', 'r', 'c', 'h', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "musehelix.com", true */ 'm', 'u', 's', 'e', 'h', 'e', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "muses-success.info", true */ 'm', 'u', 's', 'e', 's', '-', 's', 'u', 'c', 'c', 'e', 's', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "museumstreak.com", true */ 'm', 'u', 's', 'e', 'u', 'm', 's', 't', 'r', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mush-room.co.jp", true */ 'm', 'u', 's', 'h', '-', 'r', 'o', 'o', 'm', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "mushikabu.net", true */ 'm', 'u', 's', 'h', 'i', 'k', 'a', 'b', 'u', '.', 'n', 'e', 't', '\0',
+  /* "music-is-my-life.de", true */ 'm', 'u', 's', 'i', 'c', '-', 'i', 's', '-', 'm', 'y', '-', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "music-project.eu", true */ 'm', 'u', 's', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'e', 'u', '\0',
+  /* "music.amazon.com", true */ 'm', 'u', 's', 'i', 'c', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "musicalive.nl", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "musicall.com", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "musicalschwarzenburg.ch", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'n', 'b', 'u', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "musicchris.de", true */ 'm', 'u', 's', 'i', 'c', 'c', 'h', 'r', 'i', 's', '.', 'd', 'e', '\0',
+  /* "musicgamegalaxy.de", true */ 'm', 'u', 's', 'i', 'c', 'g', 'a', 'm', 'e', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'd', 'e', '\0',
+  /* "musician.dating", true */ 'm', 'u', 's', 'i', 'c', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "musickhouseleveling.com", true */ 'm', 'u', 's', 'i', 'c', 'k', 'h', 'o', 'u', 's', 'e', 'l', 'e', 'v', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "musicschoolonline.com", true */ 'm', 'u', 's', 'i', 'c', 's', 'c', 'h', 'o', 'o', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "musicstore.de", false */ 'm', 'u', 's', 'i', 'c', 's', 't', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "musicwear.cz", true */ 'm', 'u', 's', 'i', 'c', 'w', 'e', 'a', 'r', '.', 'c', 'z', '\0',
+  /* "musik-mentaltraining.ch", true */ 'm', 'u', 's', 'i', 'k', '-', 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "musikverein-elten.de", true */ 'm', 'u', 's', 'i', 'k', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "musketonhaken.nl", false */ 'm', 'u', 's', 'k', 'e', 't', 'o', 'n', 'h', 'a', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "muslim.singles", true */ 'm', 'u', 's', 'l', 'i', 'm', '.', 's', 'i', 'n', 'g', 'l', 'e', 's', '\0',
+  /* "musmann.io", true */ 'm', 'u', 's', 'm', 'a', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "muspla.com", true */ 'm', 'u', 's', 'p', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "muspla.com.br", true */ 'm', 'u', 's', 'p', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "musselsblog.com", true */ 'm', 'u', 's', 's', 'e', 'l', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mustard.co.uk", true */ 'm', 'u', 's', 't', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mustasj.no", true */ 'm', 'u', 's', 't', 'a', 's', 'j', '.', 'n', 'o', '\0',
+  /* "musthavesforreal.com", true */ 'm', 'u', 's', 't', 'h', 'a', 'v', 'e', 's', 'f', 'o', 'r', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mutantmonkey.in", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'i', 'n', '\0',
+  /* "mutantmonkey.info", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mutantmonkey.sexy", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 's', 'e', 'x', 'y', '\0',
+  /* "mutuals.cool", true */ 'm', 'u', 't', 'u', 'a', 'l', 's', '.', 'c', 'o', 'o', 'l', '\0',
+  /* "mutuelle.fr", true */ 'm', 'u', 't', 'u', 'e', 'l', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "muusika.fun", true */ 'm', 'u', 'u', 's', 'i', 'k', 'a', '.', 'f', 'u', 'n', '\0',
+  /* "muusikoiden.net", true */ 'm', 'u', 'u', 's', 'i', 'k', 'o', 'i', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "muwatenraqamy.org", true */ 'm', 'u', 'w', 'a', 't', 'e', 'n', 'r', 'a', 'q', 'a', 'm', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "muzi.cz", true */ 'm', 'u', 'z', 'i', '.', 'c', 'z', '\0',
+  /* "mv-wohnen.de", true */ 'm', 'v', '-', 'w', 'o', 'h', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mvandek.nl", true */ 'm', 'v', 'a', 'n', 'd', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "mvbits.com", true */ 'm', 'v', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mvno.io", true */ 'm', 'v', 'n', 'o', '.', 'i', 'o', '\0',
+  /* "mvp-stars.com", true */ 'm', 'v', 'p', '-', 's', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mw.search.yahoo.com", false */ 'm', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mwainc.org", true */ 'm', 'w', 'a', 'i', 'n', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mware-staging.azurewebsites.net", true */ 'm', 'w', 'a', 'r', 'e', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "mwavuli.co.ke", true */ 'm', 'w', 'a', 'v', 'u', 'l', 'i', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "mwba.org", true */ 'm', 'w', 'b', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "mwe.st", true */ 'm', 'w', 'e', '.', 's', 't', '\0',
+  /* "mwtdev.se", true */ 'm', 'w', 't', 'd', 'e', 'v', '.', 's', 'e', '\0',
+  /* "mww.moe", true */ 'm', 'w', 'w', '.', 'm', 'o', 'e', '\0',
+  /* "mx.org.ua", true */ 'm', 'x', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "mx.search.yahoo.com", false */ 'm', 'x', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mx5international.com", true */ 'm', 'x', '5', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mxawei.cn", true */ 'm', 'x', 'a', 'w', 'e', 'i', '.', 'c', 'n', '\0',
+  /* "mxihan.xyz", true */ 'm', 'x', 'i', 'h', 'a', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "mxlife.org", true */ 'm', 'x', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mxp.tw", true */ 'm', 'x', 'p', '.', 't', 'w', '\0',
+  /* "my-cdn.de", true */ 'm', 'y', '-', 'c', 'd', 'n', '.', 'd', 'e', '\0',
+  /* "my-contract.ch", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'c', 'h', '\0',
+  /* "my-contract.info", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "my-contract.net", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "my-dick.ru", true */ 'm', 'y', '-', 'd', 'i', 'c', 'k', '.', 'r', 'u', '\0',
+  /* "my-dns.co.il", true */ 'm', 'y', '-', 'd', 'n', 's', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "my-ebook.es", true */ 'm', 'y', '-', 'e', 'b', 'o', 'o', 'k', '.', 'e', 's', '\0',
+  /* "my-floor.com", true */ 'm', 'y', '-', 'f', 'l', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "my-host.ovh", true */ 'm', 'y', '-', 'h', 'o', 's', 't', '.', 'o', 'v', 'h', '\0',
+  /* "my-hps.de", true */ 'm', 'y', '-', 'h', 'p', 's', '.', 'd', 'e', '\0',
+  /* "my-ip.work", true */ 'm', 'y', '-', 'i', 'p', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "my-pawnshop.com.ua", false */ 'm', 'y', '-', 'p', 'a', 'w', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "my-plancha.ch", true */ 'm', 'y', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "my-static-demo-808795.c.cdn77.org", true */ 'm', 'y', '-', 's', 't', 'a', 't', 'i', 'c', '-', 'd', 'e', 'm', 'o', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "my-static-live-808795.c.cdn77.org", true */ 'm', 'y', '-', 's', 't', 'a', 't', 'i', 'c', '-', 'l', 'i', 'v', 'e', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "my-voice.nl", false */ 'm', 'y', '-', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "my.onlime.ch", false */ 'm', 'y', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "my.usa.gov", false */ 'm', 'y', '.', 'u', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "my.xero.com", false */ 'm', 'y', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "myaccount.google.com", false */ 'm', 'y', 'a', 'c', 'c', 'o', 'u', 'n', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myactivity.google.com", true */ 'm', 'y', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myadself.com", true */ 'm', 'y', 'a', 'd', 's', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "myaggic.com", true */ 'm', 'y', 'a', 'g', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "myalliancechurch.com", true */ 'm', 'y', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "myamend.com", true */ 'm', 'y', 'a', 'm', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "myamity.info", true */ 'm', 'y', 'a', 'm', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "myanimelist.net", true */ 'm', 'y', 'a', 'n', 'i', 'm', 'e', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "myapexcard.com", true */ 'm', 'y', 'a', 'p', 'e', 'x', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "myartsjournal.com", true */ 'm', 'y', 'a', 'r', 't', 's', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mybb.com", true */ 'm', 'y', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "mybb.de", true */ 'm', 'y', 'b', 'b', '.', 'd', 'e', '\0',
+  /* "mybboard.pl", true */ 'm', 'y', 'b', 'b', 'o', 'a', 'r', 'd', '.', 'p', 'l', '\0',
+  /* "mybicc.org", true */ 'm', 'y', 'b', 'i', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "myblockchain.cloud", true */ 'm', 'y', 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "mybloggedlife.com", true */ 'm', 'y', 'b', 'l', 'o', 'g', 'g', 'e', 'd', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mybon.at", false */ 'm', 'y', 'b', 'o', 'n', '.', 'a', 't', '\0',
+  /* "mycard.moe", true */ 'm', 'y', 'c', 'a', 'r', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "mycieokien.info", false */ 'm', 'y', 'c', 'i', 'e', 'o', 'k', 'i', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mycircleworks.com", true */ 'm', 'y', 'c', 'i', 'r', 'c', 'l', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myclinicalstudybuddy.com", true */ 'm', 'y', 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'l', 's', 't', 'u', 'd', 'y', 'b', 'u', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mycloud-system.com", true */ 'm', 'y', 'c', 'l', 'o', 'u', 'd', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mycofairtrade.com", true */ 'm', 'y', 'c', 'o', 'f', 'a', 'i', 'r', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mycompanion.cz", true */ 'm', 'y', 'c', 'o', 'm', 'p', 'a', 'n', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "myconan.net", true */ 'm', 'y', 'c', 'o', 'n', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "myconsulting.ch", true */ 'm', 'y', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "mycontrolmonitor.com", true */ 'm', 'y', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mycr.eu", true */ 'm', 'y', 'c', 'r', '.', 'e', 'u', '\0',
+  /* "mycreativeartsconsulting.com", true */ 'm', 'y', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'a', 'r', 't', 's', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mycreditcardcenter.com", true */ 'm', 'y', 'c', 'r', 'e', 'd', 'i', 't', 'c', 'a', 'r', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mycrypnet.io", true */ 'm', 'y', 'c', 'r', 'y', 'p', 'n', 'e', 't', '.', 'i', 'o', '\0',
+  /* "mycrystalgrove.com", true */ 'm', 'y', 'c', 'r', 'y', 's', 't', 'a', 'l', 'g', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mycustomwriting.com", true */ 'm', 'y', 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mydarkstar.net", true */ 'm', 'y', 'd', 'a', 'r', 'k', 's', 't', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "myday.eu.com", true */ 'm', 'y', 'd', 'a', 'y', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mydaywebapp.com", true */ 'm', 'y', 'd', 'a', 'y', 'w', 'e', 'b', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mydebian.in.ua", true */ 'm', 'y', 'd', 'e', 'b', 'i', 'a', 'n', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "mydevolo.com", true */ 'm', 'y', 'd', 'e', 'v', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mydevolo.de", true */ 'm', 'y', 'd', 'e', 'v', 'o', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "mydigitalweek.com", true */ 'm', 'y', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'w', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mydjsongbook.com", true */ 'm', 'y', 'd', 'j', 's', 'o', 'n', 'g', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mydocserve.com", true */ 'm', 'y', 'd', 'o', 'c', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mydreamlifelab.com", true */ 'm', 'y', 'd', 'r', 'e', 'a', 'm', 'l', 'i', 'f', 'e', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "myeberspaecher.com", true */ 'm', 'y', 'e', 'b', 'e', 'r', 's', 'p', 'a', 'e', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myeffect.today", true */ 'm', 'y', 'e', 'f', 'f', 'e', 'c', 't', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "myepass.bg", true */ 'm', 'y', 'e', 'p', 'a', 's', 's', '.', 'b', 'g', '\0',
+  /* "myepass.de", true */ 'm', 'y', 'e', 'p', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "myfantasysportstalk.com", true */ 'm', 'y', 'f', 'a', 'n', 't', 'a', 's', 'y', 's', 'p', 'o', 'r', 't', 's', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "myfedloan.org", true */ 'm', 'y', 'f', 'e', 'd', 'l', 'o', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "myfirenet.com", true */ 'm', 'y', 'f', 'i', 'r', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "myfloridadeferredcomp.com", true */ 'm', 'y', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'd', 'e', 'f', 'e', 'r', 'r', 'e', 'd', 'c', 'o', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "myforfaitmobile.com", true */ 'm', 'y', 'f', 'o', 'r', 'f', 'a', 'i', 't', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myfreemp3.click", true */ 'm', 'y', 'f', 'r', 'e', 'e', 'm', 'p', '3', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "myfrenchtattoo.fr", true */ 'm', 'y', 'f', 'r', 'e', 'n', 'c', 'h', 't', 'a', 't', 't', 'o', 'o', '.', 'f', 'r', '\0',
+  /* "myfunworld.de", true */ 'm', 'y', 'f', 'u', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "myg21.com", true */ 'm', 'y', 'g', '2', '1', '.', 'c', 'o', 'm', '\0',
+  /* "mygadgetguardian.lookout.com", false */ 'm', 'y', 'g', 'a', 'd', 'g', 'e', 't', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mygalgame.com", true */ 'm', 'y', 'g', 'a', 'l', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mygallery.homelinux.net", true */ 'm', 'y', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'h', 'o', 'm', 'e', 'l', 'i', 'n', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "mygaysitges.com", true */ 'm', 'y', 'g', 'a', 'y', 's', 'i', 't', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mygeneral.org", true */ 'm', 'y', 'g', 'e', 'n', 'e', 'r', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "mygeotrip.com", true */ 'm', 'y', 'g', 'e', 'o', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mygoldennetwork.com", true */ 'm', 'y', 'g', 'o', 'l', 'd', 'e', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mygpsite.com", true */ 'm', 'y', 'g', 'p', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mygreatjob.eu", true */ 'm', 'y', 'g', 'r', 'e', 'a', 't', 'j', 'o', 'b', '.', 'e', 'u', '\0',
+  /* "mygreatjobs.de", true */ 'm', 'y', 'g', 'r', 'e', 'a', 't', 'j', 'o', 'b', 's', '.', 'd', 'e', '\0',
+  /* "mygretchen.de", true */ 'm', 'y', 'g', 'r', 'e', 't', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mygrotto.org", true */ 'm', 'y', 'g', 'r', 'o', 't', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "mygymer.ch", true */ 'm', 'y', 'g', 'y', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "myhatsuden.jp", true */ 'm', 'y', 'h', 'a', 't', 's', 'u', 'd', 'e', 'n', '.', 'j', 'p', '\0',
+  /* "myhealthreviews.com", true */ 'm', 'y', 'h', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myhostname.net", true */ 'm', 'y', 'h', 'o', 's', 't', 'n', 'a', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "myimds.com", true */ 'm', 'y', 'i', 'm', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myimmitracker.com", true */ 'm', 'y', 'i', 'm', 'm', 'i', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myjumparoo.co.uk", true */ 'm', 'y', 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "myki.co", true */ 'm', 'y', 'k', 'i', '.', 'c', 'o', '\0',
+  /* "mykontool.de", true */ 'm', 'y', 'k', 'o', 'n', 't', 'o', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "mylatestnews.org", true */ 'm', 'y', 'l', 'a', 't', 'e', 's', 't', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mylawyer.be", true */ 'm', 'y', 'l', 'a', 'w', 'y', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "myleanfactory.de", true */ 'm', 'y', 'l', 'e', 'a', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "mylene-chandelier.me", true */ 'm', 'y', 'l', 'e', 'n', 'e', '-', 'c', 'h', 'a', 'n', 'd', 'e', 'l', 'i', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "mylifeabundant.com", true */ 'm', 'y', 'l', 'i', 'f', 'e', 'a', 'b', 'u', 'n', 'd', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mylighthost.com", true */ 'm', 'y', 'l', 'i', 'g', 'h', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "myliveupdates.com", true */ 'm', 'y', 'l', 'i', 'v', 'e', 'u', 'p', 'd', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mylocalsearch.co.uk", true */ 'm', 'y', 'l', 'o', 'c', 'a', 'l', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mylookout.com", false */ 'm', 'y', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mymadina.com", true */ 'm', 'y', 'm', 'a', 'd', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mymb.pm", true */ 'm', 'y', 'm', 'b', '.', 'p', 'm', '\0',
+  /* "mymed.de", true */ 'm', 'y', 'm', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "mymed.eu", true */ 'm', 'y', 'm', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "mymommyworld.com", true */ 'm', 'y', 'm', 'o', 'm', 'm', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mymotor.nl", true */ 'm', 'y', 'm', 'o', 't', 'o', 'r', '.', 'n', 'l', '\0',
+  /* "mymp3singer.co", true */ 'm', 'y', 'm', 'p', '3', 's', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "mymp3singer.net", true */ 'm', 'y', 'm', 'p', '3', 's', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "myms.eu", true */ 'm', 'y', 'm', 's', '.', 'e', 'u', '\0',
+  /* "mymsr.de", true */ 'm', 'y', 'm', 's', 'r', '.', 'd', 'e', '\0',
+  /* "mymun.net", true */ 'm', 'y', 'm', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mymx.lu", true */ 'm', 'y', 'm', 'x', '.', 'l', 'u', '\0',
+  /* "myna.go.jp", true */ 'm', 'y', 'n', 'a', '.', 'g', 'o', '.', 'j', 'p', '\0',
+  /* "myndcommunication.com", true */ 'm', 'y', 'n', 'd', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mynext.events", true */ 'm', 'y', 'n', 'e', 'x', 't', '.', 'e', 'v', 'e', 'n', 't', 's', '\0',
+  /* "mynn.io", true */ 'm', 'y', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "mynook.info", true */ 'm', 'y', 'n', 'o', 'o', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mynortherngarden.com", true */ 'm', 'y', 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "myon.info", true */ 'm', 'y', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "myonline.hu", true */ 'm', 'y', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'h', 'u', '\0',
+  /* "myonlinedating.club", true */ 'm', 'y', 'o', 'n', 'l', 'i', 'n', 'e', 'd', 'a', 't', 'i', 'n', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "myoptumhealthcomplexmedical.com", true */ 'm', 'y', 'o', 'p', 't', 'u', 'm', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'o', 'm', 'p', 'l', 'e', 'x', 'm', 'e', 'd', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "myoptumhealthparentsteps.com", true */ 'm', 'y', 'o', 'p', 't', 'u', 'm', 'h', 'e', 'a', 'l', 't', 'h', 'p', 'a', 'r', 'e', 'n', 't', 's', 't', 'e', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myoueb.fr", true */ 'm', 'y', 'o', 'u', 'e', 'b', '.', 'f', 'r', '\0',
+  /* "myoukochou.com", true */ 'm', 'y', 'o', 'u', 'k', 'o', 'c', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "myownconference.com", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myownconference.com.ua", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "myownconference.de", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "myownconference.es", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'e', 's', '\0',
+  /* "myownconference.fr", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "myownconference.lt", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'l', 't', '\0',
+  /* "myownconference.lv", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'l', 'v', '\0',
+  /* "myownconference.pl", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'p', 'l', '\0',
+  /* "myownconference.pt", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'p', 't', '\0',
+  /* "myownconference.ru", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'r', 'u', '\0',
+  /* "myowndisk.com", true */ 'm', 'y', 'o', 'w', 'n', 'd', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "myowndisk.net", true */ 'm', 'y', 'o', 'w', 'n', 'd', 'i', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "myownwebinar.com", true */ 'm', 'y', 'o', 'w', 'n', 'w', 'e', 'b', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mypanier.com", true */ 'm', 'y', 'p', 'a', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mypaperwriter.com", true */ 'm', 'y', 'p', 'a', 'p', 'e', 'r', 'w', 'r', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mypayoffloan.com", true */ 'm', 'y', 'p', 'a', 'y', 'o', 'f', 'f', 'l', 'o', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "myperfumecollection.com", true */ 'm', 'y', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mypillcard.com", true */ 'm', 'y', 'p', 'i', 'l', 'l', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "myplaceonline.com", true */ 'm', 'y', 'p', 'l', 'a', 'c', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mypress.mx", true */ 'm', 'y', 'p', 'r', 'e', 's', 's', '.', 'm', 'x', '\0',
+  /* "myprintcard.de", true */ 'm', 'y', 'p', 'r', 'i', 'n', 't', 'c', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "myproblog.com", true */ 'm', 'y', 'p', 'r', 'o', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "myptsite.com", true */ 'm', 'y', 'p', 't', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mypup.nl", true */ 'm', 'y', 'p', 'u', 'p', '.', 'n', 'l', '\0',
+  /* "myrandomtips.com", true */ 'm', 'y', 'r', 'a', 'n', 'd', 'o', 'm', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myranicol.com", true */ 'm', 'y', 'r', 'a', 'n', 'i', 'c', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "myrealestatemate.com.au", true */ 'm', 'y', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "myrekber.co.id", true */ 'm', 'y', 'r', 'e', 'k', 'b', 'e', 'r', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "myrent.quebec", true */ 'm', 'y', 'r', 'e', 'n', 't', '.', 'q', 'u', 'e', 'b', 'e', 'c', '\0',
+  /* "myresearchapp.com", true */ 'm', 'y', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "myriadof.com", true */ 'm', 'y', 'r', 'i', 'a', 'd', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "myrig.com", true */ 'm', 'y', 'r', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "myrig.com.ua", true */ 'm', 'y', 'r', 'i', 'g', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "myrig.io", true */ 'm', 'y', 'r', 'i', 'g', '.', 'i', 'o', '\0',
+  /* "myrig.ru", true */ 'm', 'y', 'r', 'i', 'g', '.', 'r', 'u', '\0',
+  /* "myrotvorets.center", true */ 'm', 'y', 'r', 'o', 't', 'v', 'o', 'r', 'e', 't', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "myruststats.com", true */ 'm', 'y', 'r', 'u', 's', 't', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myschoolphoto.org", true */ 'm', 'y', 's', 'c', 'h', 'o', 'o', 'l', 'p', 'h', 'o', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "myseatime.com", true */ 'm', 'y', 's', 'e', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myself5.de", true */ 'm', 'y', 's', 'e', 'l', 'f', '5', '.', 'd', 'e', '\0',
+  /* "mysignal.com", true */ 'm', 'y', 's', 'i', 'g', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mysize-condooms.nl", true */ 'm', 'y', 's', 'i', 'z', 'e', '-', 'c', 'o', 'n', 'd', 'o', 'o', 'm', 's', '.', 'n', 'l', '\0',
+  /* "mysmelly.com", true */ 'm', 'y', 's', 'm', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mysocialporn.com", true */ 'm', 'y', 's', 'o', 'c', 'i', 'a', 'l', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mysocrat.com", true */ 'm', 'y', 's', 'o', 'c', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mysoundtalks.com", false */ 'm', 'y', 's', 'o', 'u', 'n', 'd', 't', 'a', 'l', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myspicer.com", true */ 'm', 'y', 's', 'p', 'i', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mysqldump-secure.org", true */ 'm', 'y', 's', 'q', 'l', 'd', 'u', 'm', 'p', '-', 's', 'e', 'c', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "myssl.com", true */ 'm', 'y', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mystatus24.com", true */ 'm', 'y', 's', 't', 'a', 't', 'u', 's', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "mysteriouscode.io", true */ 'm', 'y', 's', 't', 'e', 'r', 'i', 'o', 'u', 's', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "mysterymind.ch", true */ 'm', 'y', 's', 't', 'e', 'r', 'y', 'm', 'i', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "mysterysear.ch", true */ 'm', 'y', 's', 't', 'e', 'r', 'y', 's', 'e', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "mystic-welten.de", true */ 'm', 'y', 's', 't', 'i', 'c', '-', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mystickphysick.com", true */ 'm', 'y', 's', 't', 'i', 'c', 'k', 'p', 'h', 'y', 's', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mysticplumes.com", true */ 'm', 'y', 's', 't', 'i', 'c', 'p', 'l', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mystorymonster.com", true */ 'm', 'y', 's', 't', 'o', 'r', 'y', 'm', 'o', 'n', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mystown.org", true */ 'm', 'y', 's', 't', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mystudy.me", true */ 'm', 'y', 's', 't', 'u', 'd', 'y', '.', 'm', 'e', '\0',
+  /* "mystudycart.com", true */ 'm', 'y', 's', 't', 'u', 'd', 'y', 'c', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mysupboard.de", true */ 'm', 'y', 's', 'u', 'p', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "myswissmailaddress.com", true */ 'm', 'y', 's', 'w', 'i', 's', 's', 'm', 'a', 'i', 'l', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mytc.fr", true */ 'm', 'y', 't', 'c', '.', 'f', 'r', '\0',
+  /* "mythengay.ch", true */ 'm', 'y', 't', 'h', 'e', 'n', 'g', 'a', 'y', '.', 'c', 'h', '\0',
+  /* "mythicdelirium.com", true */ 'm', 'y', 't', 'h', 'i', 'c', 'd', 'e', 'l', 'i', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mytraiteurs.com", true */ 'm', 'y', 't', 'r', 'a', 'i', 't', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mytripcar.co.uk", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mytripcar.com", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mytripcar.de", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "mytripcar.es", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'e', 's', '\0',
+  /* "mytripcar.fr", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "mytruecare.org", true */ 'm', 'y', 't', 'r', 'u', 'e', 'c', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mytty.net", true */ 'm', 'y', 't', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "myulog.net", true */ 'm', 'y', 'u', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "myupdatestar.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myupdatestudio.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "myupdatesystems.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myusagepayments.com", true */ 'm', 'y', 'u', 's', 'a', 'g', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myvacompany.com", true */ 'm', 'y', 'v', 'a', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "myvirtualserver.com", true */ 'm', 'y', 'v', 'i', 'r', 't', 'u', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myvoipnews.com", true */ 'm', 'y', 'v', 'o', 'i', 'p', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myvpl.com", true */ 'm', 'y', 'v', 'p', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mywari.com", true */ 'm', 'y', 'w', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mywebinar.io", true */ 'm', 'y', 'w', 'e', 'b', 'i', 'n', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "myworkinfo.com", false */ 'm', 'y', 'w', 'o', 'r', 'k', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "myworth.com.au", true */ 'm', 'y', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "myzina.cz", false */ 'm', 'y', 'z', 'i', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "mz-mz.net", true */ 'm', 'z', '-', 'm', 'z', '.', 'n', 'e', 't', '\0',
+  /* "mzh.io", true */ 'm', 'z', 'h', '.', 'i', 'o', '\0',
+  /* "mziulu.me", false */ 'm', 'z', 'i', 'u', 'l', 'u', '.', 'm', 'e', '\0',
+  /* "mzorn.photography", true */ 'm', 'z', 'o', 'r', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "n-design.de", true */ 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "n-kanazawa.jp", true */ 'n', '-', 'k', 'a', 'n', 'a', 'z', 'a', 'w', 'a', '.', 'j', 'p', '\0',
+  /* "n-m.lu", true */ 'n', '-', 'm', '.', 'l', 'u', '\0',
+  /* "n-pix.com", false */ 'n', '-', 'p', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "n-soft.info", true */ 'n', '-', 's', 'o', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "n-un.de", true */ 'n', '-', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "n0paste.tk", false */ 'n', '0', 'p', 'a', 's', 't', 'e', '.', 't', 'k', '\0',
+  /* "n26.com", true */ 'n', '2', '6', '.', 'c', 'o', 'm', '\0',
+  /* "n2servers.com", true */ 'n', '2', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "n3twork.net", true */ 'n', '3', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "n4v.eu", true */ 'n', '4', 'v', '.', 'e', 'u', '\0',
+  /* "n6a.net", true */ 'n', '6', 'a', '.', 'n', 'e', 't', '\0',
+  /* "na.hn", true */ 'n', 'a', '.', 'h', 'n', '\0',
+  /* "naam.me", true */ 'n', 'a', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "nabaleka.com", true */ 'n', 'a', 'b', 'a', 'l', 'e', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nabankco.com", true */ 'n', 'a', 'b', 'a', 'n', 'k', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nachsendeauftrag.net", true */ 'n', 'a', 'c', 'h', 's', 'e', 'n', 'd', 'e', 'a', 'u', 'f', 't', 'r', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "nachsenden.info", true */ 'n', 'a', 'c', 'h', 's', 'e', 'n', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nachtmuziek.info", true */ 'n', 'a', 'c', 'h', 't', 'm', 'u', 'z', 'i', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nacin.com", true */ 'n', 'a', 'c', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nacktwanderfreunde.de", true */ 'n', 'a', 'c', 'k', 't', 'w', 'a', 'n', 'd', 'e', 'r', 'f', 'r', 'e', 'u', 'n', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "nacyklo.cz", true */ 'n', 'a', 'c', 'y', 'k', 'l', 'o', '.', 'c', 'z', '\0',
+  /* "nadaquenosepas.com", true */ 'n', 'a', 'd', 'a', 'q', 'u', 'e', 'n', 'o', 's', 'e', 'p', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nadejeproninu.cz", true */ 'n', 'a', 'd', 'e', 'j', 'e', 'p', 'r', 'o', 'n', 'i', 'n', 'u', '.', 'c', 'z', '\0',
+  /* "nadelholzkulturen.de", true */ 'n', 'a', 'd', 'e', 'l', 'h', 'o', 'l', 'z', 'k', 'u', 'l', 't', 'u', 'r', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "nadine-chaudier.net", true */ 'n', 'a', 'd', 'i', 'n', 'e', '-', 'c', 'h', 'a', 'u', 'd', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "nadyaolcer.fr", true */ 'n', 'a', 'd', 'y', 'a', 'o', 'l', 'c', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "nafod.net", true */ 'n', 'a', 'f', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "naga-semi.com", true */ 'n', 'a', 'g', 'a', '-', 's', 'e', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nagaragem.com.br", true */ 'n', 'a', 'g', 'a', 'r', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nagashi.ma", true */ 'n', 'a', 'g', 'a', 's', 'h', 'i', '.', 'm', 'a', '\0',
+  /* "nagaya.biz", true */ 'n', 'a', 'g', 'a', 'y', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "nagb.gov", true */ 'n', 'a', 'g', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "nagb.org", true */ 'n', 'a', 'g', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "nagel-dentaltechnik.de", true */ 'n', 'a', 'g', 'e', 'l', '-', 'd', 'e', 'n', 't', 'a', 'l', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "nagelfam.com", true */ 'n', 'a', 'g', 'e', 'l', 'f', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "naggie.net", true */ 'n', 'a', 'g', 'g', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "nah.nz", true */ 'n', 'a', 'h', '.', 'n', 'z', '\0',
+  /* "nah.re", true */ 'n', 'a', 'h', '.', 'r', 'e', '\0',
+  /* "nahura.com", true */ 'n', 'a', 'h', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "naiaspa.fr", true */ 'n', 'a', 'i', 'a', 's', 'p', 'a', '.', 'f', 'r', '\0',
+  /* "nailattitude.ch", true */ 'n', 'a', 'i', 'l', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "nailchiodo.com", true */ 'n', 'a', 'i', 'l', 'c', 'h', 'i', 'o', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nailsalon-aztplus.com", true */ 'n', 'a', 'i', 'l', 's', 'a', 'l', 'o', 'n', '-', 'a', 'z', 't', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nairobibusinessreview.com", true */ 'n', 'a', 'i', 'r', 'o', 'b', 'i', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "nakama.tv", true */ 'n', 'a', 'k', 'a', 'm', 'a', '.', 't', 'v', '\0',
+  /* "nakandya.com", true */ 'n', 'a', 'k', 'a', 'n', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nakanishi-paint.com", true */ 'n', 'a', 'k', 'a', 'n', 'i', 's', 'h', 'i', '-', 'p', 'a', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nakedalarmclock.me", true */ 'n', 'a', 'k', 'e', 'd', 'a', 'l', 'a', 'r', 'm', 'c', 'l', 'o', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "nakedfacts.co.uk", false */ 'n', 'a', 'k', 'e', 'd', 'f', 'a', 'c', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nakedtruthbeauty.com", true */ 'n', 'a', 'k', 'e', 'd', 't', 'r', 'u', 't', 'h', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nakhonidc.com", true */ 'n', 'a', 'k', 'h', 'o', 'n', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nakliyatsirketi.biz.tr", true */ 'n', 'a', 'k', 'l', 'i', 'y', 'a', 't', 's', 'i', 'r', 'k', 'e', 't', 'i', '.', 'b', 'i', 'z', '.', 't', 'r', '\0',
+  /* "nako.no", true */ 'n', 'a', 'k', 'o', '.', 'n', 'o', '\0',
+  /* "nalao-company.com", true */ 'n', 'a', 'l', 'a', 'o', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nalepky-na-zed.cz", true */ 'n', 'a', 'l', 'e', 'p', 'k', 'y', '-', 'n', 'a', '-', 'z', 'e', 'd', '.', 'c', 'z', '\0',
+  /* "nalepte.cz", true */ 'n', 'a', 'l', 'e', 'p', 't', 'e', '.', 'c', 'z', '\0',
+  /* "nalexandru.xyz", true */ 'n', 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'u', '.', 'x', 'y', 'z', '\0',
+  /* "nalukfitness.com.br", true */ 'n', 'a', 'l', 'u', 'k', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "namaleaks.com", false */ 'n', 'a', 'm', 'a', 'l', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "namazvakitleri.com.tr", true */ 'n', 'a', 'm', 'a', 'z', 'v', 'a', 'k', 'i', 't', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "namegrep.com", true */ 'n', 'a', 'm', 'e', 'g', 'r', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "nameid.org", true */ 'n', 'a', 'm', 'e', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "namepros.com", true */ 'n', 'a', 'm', 'e', 'p', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "namereel.com", true */ 'n', 'a', 'm', 'e', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "namethatporn.com", true */ 'n', 'a', 'm', 'e', 't', 'h', 'a', 't', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nametiles.co", true */ 'n', 'a', 'm', 'e', 't', 'i', 'l', 'e', 's', '.', 'c', 'o', '\0',
+  /* "namikawatetsuji.jp", true */ 'n', 'a', 'm', 'i', 'k', 'a', 'w', 'a', 't', 'e', 't', 's', 'u', 'j', 'i', '.', 'j', 'p', '\0',
+  /* "naminam.de", true */ 'n', 'a', 'm', 'i', 'n', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "namrs.net", true */ 'n', 'a', 'm', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "namu.moe", true */ 'n', 'a', 'm', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "namu.wiki", true */ 'n', 'a', 'm', 'u', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "nanami.moe", true */ 'n', 'a', 'n', 'a', 'm', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "nanarose.ch", true */ 'n', 'a', 'n', 'a', 'r', 'o', 's', 'e', '.', 'c', 'h', '\0',
+  /* "nanch.com", true */ 'n', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nanderson.me", true */ 'n', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "nanfangstone.com", true */ 'n', 'a', 'n', 'f', 'a', 'n', 'g', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nani.io", true */ 'n', 'a', 'n', 'i', '.', 'i', 'o', '\0',
+  /* "nankiseamansclub.com", true */ 'n', 'a', 'n', 'k', 'i', 's', 'e', 'a', 'm', 'a', 'n', 's', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "nanogi.ga", true */ 'n', 'a', 'n', 'o', 'g', 'i', '.', 'g', 'a', '\0',
+  /* "nanotechnologist.com", true */ 'n', 'a', 'n', 'o', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nanovolt.nl", true */ 'n', 'a', 'n', 'o', 'v', 'o', 'l', 't', '.', 'n', 'l', '\0',
+  /* "nanpuyue.com", true */ 'n', 'a', 'n', 'p', 'u', 'y', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nanubo.com", true */ 'n', 'a', 'n', 'u', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nanubo.de", true */ 'n', 'a', 'n', 'u', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "naoar.com", true */ 'n', 'a', 'o', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "naotone.com", true */ 'n', 'a', 'o', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "napcae.de", true */ 'n', 'a', 'p', 'c', 'a', 'e', '.', 'd', 'e', '\0',
+  /* "napisynapomniky.cz", true */ 'n', 'a', 'p', 'i', 's', 'y', 'n', 'a', 'p', 'o', 'm', 'n', 'i', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "napolinissanctparts.com", true */ 'n', 'a', 'p', 'o', 'l', 'i', 'n', 'i', 's', 's', 'a', 'n', 'c', 't', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "narach.com", true */ 'n', 'a', 'r', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "narada.com.ua", true */ 'n', 'a', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "naralogics.com", true */ 'n', 'a', 'r', 'a', 'l', 'o', 'g', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "narazaka.net", true */ 'n', 'a', 'r', 'a', 'z', 'a', 'k', 'a', '.', 'n', 'e', 't', '\0',
+  /* "narfation.org", true */ 'n', 'a', 'r', 'f', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nargele.eu", true */ 'n', 'a', 'r', 'g', 'e', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "nargileh.nl", true */ 'n', 'a', 'r', 'g', 'i', 'l', 'e', 'h', '.', 'n', 'l', '\0',
+  /* "narindal.ch", true */ 'n', 'a', 'r', 'i', 'n', 'd', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "narko.space", true */ 'n', 'a', 'r', 'k', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "narmos.ch", true */ 'n', 'a', 'r', 'm', 'o', 's', '.', 'c', 'h', '\0',
+  /* "naro.se", true */ 'n', 'a', 'r', 'o', '.', 's', 'e', '\0',
+  /* "naroska.name", true */ 'n', 'a', 'r', 'o', 's', 'k', 'a', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "narrativasdigitais.pt", true */ 'n', 'a', 'r', 'r', 'a', 't', 'i', 'v', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'i', 's', '.', 'p', 't', '\0',
+  /* "narthollis.net", false */ 'n', 'a', 'r', 't', 'h', 'o', 'l', 'l', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "nasarawanewsonline.com", true */ 'n', 'a', 's', 'a', 'r', 'a', 'w', 'a', 'n', 'e', 'w', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nasbi.pl", true */ 'n', 'a', 's', 'b', 'i', '.', 'p', 'l', '\0',
+  /* "nasbnation.com", true */ 'n', 'a', 's', 'b', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nascher.org", false */ 'n', 'a', 's', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "nasmocopati.com", true */ 'n', 'a', 's', 'm', 'o', 'c', 'o', 'p', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nasrsolar.com", true */ 'n', 'a', 's', 'r', 's', 'o', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nassi.me", true */ 'n', 'a', 's', 's', 'i', '.', 'm', 'e', '\0',
+  /* "nastoletni.pl", true */ 'n', 'a', 's', 't', 'o', 'l', 'e', 't', 'n', 'i', '.', 'p', 'l', '\0',
+  /* "nastysclaw.com", true */ 'n', 'a', 's', 't', 'y', 's', 'c', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "nataldigital.com", true */ 'n', 'a', 't', 'a', 'l', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nataliedawnhanson.com", true */ 'n', 'a', 't', 'a', 'l', 'i', 'e', 'd', 'a', 'w', 'n', 'h', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "natalydanilova.com", true */ 'n', 'a', 't', 'a', 'l', 'y', 'd', 'a', 'n', 'i', 'l', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "natanaelys.com", false */ 'n', 'a', 't', 'a', 'n', 'a', 'e', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "natation-nsh.com", true */ 'n', 'a', 't', 'a', 't', 'i', 'o', 'n', '-', 'n', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "natatorium.org", true */ 'n', 'a', 't', 'a', 't', 'o', 'r', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "natchmatch.com", true */ 'n', 'a', 't', 'c', 'h', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nate.sh", true */ 'n', 'a', 't', 'e', '.', 's', 'h', '\0',
+  /* "natecraun.net", true */ 'n', 'a', 't', 'e', 'c', 'r', 'a', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "natenom.com", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "natenom.de", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "natenom.name", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "nathaliebaron.ch", true */ 'n', 'a', 't', 'h', 'a', 'l', 'i', 'e', 'b', 'a', 'r', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "nathaliebaroncoaching.ch", true */ 'n', 'a', 't', 'h', 'a', 'l', 'i', 'e', 'b', 'a', 'r', 'o', 'n', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "nathan.io", true */ 'n', 'a', 't', 'h', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "nathankonopinski.com", true */ 'n', 'a', 't', 'h', 'a', 'n', 'k', 'o', 'n', 'o', 'p', 'i', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nathansmetana.com", true */ 'n', 'a', 't', 'h', 'a', 'n', 's', 'm', 'e', 't', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nathumarket.com.br", true */ 'n', 'a', 't', 'h', 'u', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nationalcentereg.org", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'e', 'n', 't', 'e', 'r', 'e', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "nationalcprfoundation.com", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'p', 'r', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nationalcrimecheck.com.au", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'r', 'i', 'm', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "nationalmap.gov", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'm', 'a', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "nationalpriorities.org", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'p', 'r', 'i', 'o', 'r', 'i', 't', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nationaltaxprep.com", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 't', 'a', 'x', 'p', 'r', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "natives-team.ch", true */ 'n', 'a', 't', 'i', 'v', 'e', 's', '-', 't', 'e', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "nativs.ch", true */ 'n', 'a', 't', 'i', 'v', 's', '.', 'c', 'h', '\0',
+  /* "natlec.com", true */ 'n', 'a', 't', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "natsumihoshino.com", true */ 'n', 'a', 't', 's', 'u', 'm', 'i', 'h', 'o', 's', 'h', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "natur-udvar.hu", true */ 'n', 'a', 't', 'u', 'r', '-', 'u', 'd', 'v', 'a', 'r', '.', 'h', 'u', '\0',
+  /* "naturalcommission.com", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 'c', 'o', 'm', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "naturalkitchen.co.uk", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "naturalspacesdomes.com", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 's', 'p', 'a', 'c', 'e', 's', 'd', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "naturaum.de", true */ 'n', 'a', 't', 'u', 'r', 'a', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "natureflo.net", true */ 'n', 'a', 't', 'u', 'r', 'e', 'f', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "naturesorganichaven.com", true */ 'n', 'a', 't', 'u', 'r', 'e', 's', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "naturheilpraxis-orlowsky.de", true */ 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'o', 'r', 'l', 'o', 'w', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "naturheilpraxis-p-grote.de", true */ 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'p', '-', 'g', 'r', 'o', 't', 'e', '.', 'd', 'e', '\0',
+  /* "naturline.com", true */ 'n', 'a', 't', 'u', 'r', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "naturtint.co.uk", true */ 'n', 'a', 't', 'u', 'r', 't', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "natusvita.com.br", true */ 'n', 'a', 't', 'u', 's', 'v', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "natuterra.com.br", true */ 'n', 'a', 't', 'u', 't', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "naude.co", false */ 'n', 'a', 'u', 'd', 'e', '.', 'c', 'o', '\0',
+  /* "naughty.audio", true */ 'n', 'a', 'u', 'g', 'h', 't', 'y', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "nautiljon.com", true */ 'n', 'a', 'u', 't', 'i', 'l', 'j', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nautsch.de", true */ 'n', 'a', 'u', 't', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "navdeep.ca", true */ 'n', 'a', 'v', 'd', 'e', 'e', 'p', '.', 'c', 'a', '\0',
+  /* "navenlle.com", false */ 'n', 'a', 'v', 'e', 'n', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "naviaddress.io", false */ 'n', 'a', 'v', 'i', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'i', 'o', '\0',
+  /* "navigate-it-services.de", false */ 'n', 'a', 'v', 'i', 'g', 'a', 't', 'e', '-', 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "naviteq.eu", true */ 'n', 'a', 'v', 'i', 't', 'e', 'q', '.', 'e', 'u', '\0',
+  /* "navitime.me", true */ 'n', 'a', 'v', 'i', 't', 'i', 'm', 'e', '.', 'm', 'e', '\0',
+  /* "navstevnik.sk", true */ 'n', 'a', 'v', 's', 't', 'e', 'v', 'n', 'i', 'k', '.', 's', 'k', '\0',
+  /* "navycs.com", true */ 'n', 'a', 'v', 'y', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nawir.de", true */ 'n', 'a', 'w', 'i', 'r', '.', 'd', 'e', '\0',
+  /* "nawroth.info", true */ 'n', 'a', 'w', 'r', 'o', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nayahe.ru", true */ 'n', 'a', 'y', 'a', 'h', 'e', '.', 'r', 'u', '\0',
+  /* "nayanaas.com", true */ 'n', 'a', 'y', 'a', 'n', 'a', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nazevfirmy.cz", true */ 'n', 'a', 'z', 'e', 'v', 'f', 'i', 'r', 'm', 'y', '.', 'c', 'z', '\0',
+  /* "nb.zone", true */ 'n', 'b', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "nb6.de", true */ 'n', 'b', '6', '.', 'd', 'e', '\0',
+  /* "nba-2k.com", true */ 'n', 'b', 'a', '-', '2', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nba.christmas", true */ 'n', 'b', 'a', '.', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', '\0',
+  /* "nba.com.de", true */ 'n', 'b', 'a', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "nba.de.com", true */ 'n', 'b', 'a', '.', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nba.download", true */ 'n', 'b', 'a', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "nba.gd", true */ 'n', 'b', 'a', '.', 'g', 'd', '\0',
+  /* "nba.gs", true */ 'n', 'b', 'a', '.', 'g', 's', '\0',
+  /* "nba.gy", true */ 'n', 'b', 'a', '.', 'g', 'y', '\0',
+  /* "nba.hosting", true */ 'n', 'b', 'a', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "nba.im", true */ 'n', 'b', 'a', '.', 'i', 'm', '\0',
+  /* "nba.live", true */ 'n', 'b', 'a', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "nba.lu", true */ 'n', 'b', 'a', '.', 'l', 'u', '\0',
+  /* "nba.moe", true */ 'n', 'b', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "nba.trade", true */ 'n', 'b', 'a', '.', 't', 'r', 'a', 'd', 'e', '\0',
+  /* "nba.vc", true */ 'n', 'b', 'a', '.', 'v', 'c', '\0',
+  /* "nba.vg", true */ 'n', 'b', 'a', '.', 'v', 'g', '\0',
+  /* "nba2.com", true */ 'n', 'b', 'a', '2', '.', 'c', 'o', 'm', '\0',
+  /* "nba2k.blog", true */ 'n', 'b', 'a', '2', 'k', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "nba2k.cc", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'c', '\0',
+  /* "nba2k.cn", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'n', '\0',
+  /* "nba2k.co", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'o', '\0',
+  /* "nba2k.com.cn", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "nba2k.download", true */ 'n', 'b', 'a', '2', 'k', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "nba2k.live", true */ 'n', 'b', 'a', '2', 'k', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "nba2k.net", true */ 'n', 'b', 'a', '2', 'k', '.', 'n', 'e', 't', '\0',
+  /* "nba2k.online", true */ 'n', 'b', 'a', '2', 'k', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "nba2k.tw", true */ 'n', 'b', 'a', '2', 'k', '.', 't', 'w', '\0',
+  /* "nba2kcn.com", true */ 'n', 'b', 'a', '2', 'k', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kmods.com", true */ 'n', 'b', 'a', '2', 'k', 'm', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kmt.com", true */ 'n', 'b', 'a', '2', 'k', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kmy.team", true */ 'n', 'b', 'a', '2', 'k', 'm', 'y', '.', 't', 'e', 'a', 'm', '\0',
+  /* "nba2kol.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nba2konline.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nba2konlinex.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'n', 'l', 'i', 'n', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kqq.com", true */ 'n', 'b', 'a', '2', 'k', 'q', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kx.com", true */ 'n', 'b', 'a', '2', 'k', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nbadancers.com", true */ 'n', 'b', 'a', 'd', 'a', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nbade.com", true */ 'n', 'b', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nbafile.com", true */ 'n', 'b', 'a', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nbagirls.com", true */ 'n', 'b', 'a', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nbaim.com", true */ 'n', 'b', 'a', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "nbaimg.com", true */ 'n', 'b', 'a', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nbalive.cn", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', '.', 'c', 'n', '\0',
+  /* "nbalivecn.com", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nbalivex.com", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nbari.com", true */ 'n', 'b', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nbask.com", true */ 'n', 'b', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nbasky.com", true */ 'n', 'b', 'a', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nbaspot.com", true */ 'n', 'b', 'a', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nbavc.com", true */ 'n', 'b', 'a', 'v', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nbavg.com", true */ 'n', 'b', 'a', 'v', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nbayouxi.com", true */ 'n', 'b', 'a', 'y', 'o', 'u', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nbl.org.tw", true */ 'n', 'b', 'l', '.', 'o', 'r', 'g', '.', 't', 'w', '\0',
+  /* "nbp.com.pk", true */ 'n', 'b', 'p', '.', 'c', 'o', 'm', '.', 'p', 'k', '\0',
+  /* "nbrii.com", true */ 'n', 'b', 'r', 'i', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nbriresearch.com", true */ 'n', 'b', 'r', 'i', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nbrown.us", true */ 'n', 'b', 'r', 'o', 'w', 'n', '.', 'u', 's', '\0',
+  /* "nbtparse.org", true */ 'n', 'b', 't', 'p', 'a', 'r', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nbur.co.uk", true */ 'n', 'b', 'u', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nc99.co", true */ 'n', 'c', '9', '9', '.', 'c', 'o', '\0',
+  /* "ncamarquee.co.uk", true */ 'n', 'c', 'a', 'm', 'a', 'r', 'q', 'u', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ncands.net", true */ 'n', 'c', 'a', 'n', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "ncaq.net", true */ 'n', 'c', 'a', 'q', '.', 'n', 'e', 't', '\0',
+  /* "ncc-qualityandsafety.org", true */ 'n', 'c', 'c', '-', 'q', 'u', 'a', 'l', 'i', 't', 'y', 'a', 'n', 'd', 's', 'a', 'f', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ncconsumer.org", true */ 'n', 'c', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ncea.net.au", true */ 'n', 'c', 'e', 'a', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "nchangfong.com", true */ 'n', 'c', 'h', 'a', 'n', 'g', 'f', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nchristo.com", true */ 'n', 'c', 'h', 'r', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nclvle.co.uk", true */ 'n', 'c', 'l', 'v', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ncpw.gov", true */ 'n', 'c', 'p', 'w', '.', 'g', 'o', 'v', '\0',
+  /* "ncrmnt.org", true */ 'n', 'c', 'r', 'm', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ncsccs.com", true */ 'n', 'c', 's', 'c', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ncstep.org", true */ 'n', 'c', 's', 't', 'e', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "ndarville.com", true */ 'n', 'd', 'a', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ndbt.com", true */ 'n', 'd', 'b', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ndcpolipak.com", true */ 'n', 'd', 'c', 'p', 'o', 'l', 'i', 'p', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ndeoffshore.com", true */ 'n', 'd', 'e', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nder.be", true */ 'n', 'd', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "ndmath.club", true */ 'n', 'd', 'm', 'a', 't', 'h', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "ndpbrn-research.org", true */ 'n', 'd', 'p', 'b', 'r', 'n', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "ndtblog.com", true */ 'n', 'd', 't', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ndy.sex", true */ 'n', 'd', 'y', '.', 's', 'e', 'x', '\0',
+  /* "ne-on.org", true */ 'n', 'e', '-', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ne1home.dyndns.org", true */ 'n', 'e', '1', 'h', 'o', 'm', 'e', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "neap.io", true */ 'n', 'e', 'a', 'p', '.', 'i', 'o', '\0',
+  /* "nearby.in.th", true */ 'n', 'e', 'a', 'r', 'b', 'y', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "neartothesky.com", true */ 'n', 'e', 'a', 'r', 't', 'o', 't', 'h', 'e', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "neatous.cz", true */ 'n', 'e', 'a', 't', 'o', 'u', 's', '.', 'c', 'z', '\0',
+  /* "neatous.net", true */ 'n', 'e', 'a', 't', 'o', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "neave.tv", true */ 'n', 'e', 'a', 'v', 'e', '.', 't', 'v', '\0',
+  /* "neba.io", true */ 'n', 'e', 'b', 'a', '.', 'i', 'o', '\0',
+  /* "nebelheim.de", true */ 'n', 'e', 'b', 'e', 'l', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "nebra.io", true */ 'n', 'e', 'b', 'r', 'a', '.', 'i', 'o', '\0',
+  /* "nebul.at", true */ 'n', 'e', 'b', 'u', 'l', '.', 'a', 't', '\0',
+  /* "nebulae.co", true */ 'n', 'e', 'b', 'u', 'l', 'a', 'e', '.', 'c', 'o', '\0',
+  /* "nebuluxcapital.com", true */ 'n', 'e', 'b', 'u', 'l', 'u', 'x', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "necesitodinero.org", true */ 'n', 'e', 'c', 'e', 's', 'i', 't', 'o', 'd', 'i', 'n', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "necessaryandproportionate.net", true */ 'n', 'e', 'c', 'e', 's', 's', 'a', 'r', 'y', 'a', 'n', 'd', 'p', 'r', 'o', 'p', 'o', 'r', 't', 'i', 'o', 'n', 'a', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "necessaryandproportionate.org", true */ 'n', 'e', 'c', 'e', 's', 's', 'a', 'r', 'y', 'a', 'n', 'd', 'p', 'r', 'o', 'p', 'o', 'r', 't', 'i', 'o', 'n', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "necormansir.com", true */ 'n', 'e', 'c', 'o', 'r', 'm', 'a', 'n', 's', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nectarleaf.com", true */ 'n', 'e', 'c', 't', 'a', 'r', 'l', 'e', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "nedcdata.org", true */ 'n', 'e', 'd', 'c', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "nedim-accueil.fr", true */ 'n', 'e', 'd', 'i', 'm', '-', 'a', 'c', 'c', 'u', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "nediyor.com", true */ 'n', 'e', 'd', 'i', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nedlinin.com", true */ 'n', 'e', 'd', 'l', 'i', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nedraconsult.ru", true */ 'n', 'e', 'd', 'r', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'r', 'u', '\0',
+  /* "neecist.org", true */ 'n', 'e', 'e', 'c', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "needle.net.nz", true */ 'n', 'e', 'e', 'd', 'l', 'e', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "needle.nz", true */ 'n', 'e', 'e', 'd', 'l', 'e', '.', 'n', 'z', '\0',
+  /* "needstyle.ru", true */ 'n', 'e', 'e', 'd', 's', 't', 'y', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "neeerd.org", true */ 'n', 'e', 'e', 'e', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "neel.ch", true */ 'n', 'e', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "neemzy.org", true */ 'n', 'e', 'e', 'm', 'z', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "neet-investor.biz", true */ 'n', 'e', 'e', 't', '-', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "nefertitis.cz", true */ 'n', 'e', 'f', 'e', 'r', 't', 'i', 't', 'i', 's', '.', 'c', 'z', '\0',
+  /* "neftebitum-kngk.ru", true */ 'n', 'e', 'f', 't', 'e', 'b', 'i', 't', 'u', 'm', '-', 'k', 'n', 'g', 'k', '.', 'r', 'u', '\0',
+  /* "neg9.org", false */ 'n', 'e', 'g', '9', '.', 'o', 'r', 'g', '\0',
+  /* "negai.moe", true */ 'n', 'e', 'g', 'a', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "neglecteddiseases.gov", true */ 'n', 'e', 'g', 'l', 'e', 'c', 't', 'e', 'd', 'd', 'i', 's', 'e', 'a', 's', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "negraelinda.com", true */ 'n', 'e', 'g', 'r', 'a', 'e', 'l', 'i', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nehoupat.cz", true */ 'n', 'e', 'h', 'o', 'u', 'p', 'a', 't', '.', 'c', 'z', '\0',
+  /* "neillans.co.uk", true */ 'n', 'e', 'i', 'l', 'l', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "neillans.com", true */ 'n', 'e', 'i', 'l', 'l', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neilwynne.com", true */ 'n', 'e', 'i', 'l', 'w', 'y', 'n', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neio.uk", true */ 'n', 'e', 'i', 'o', '.', 'u', 'k', '\0',
+  /* "neko-nyan-nuko.com", true */ 'n', 'e', 'k', 'o', '-', 'n', 'y', 'a', 'n', '-', 'n', 'u', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "neko-nyan.org", true */ 'n', 'e', 'k', 'o', '-', 'n', 'y', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "neko.li", true */ 'n', 'e', 'k', 'o', '.', 'l', 'i', '\0',
+  /* "neko.ml", true */ 'n', 'e', 'k', 'o', '.', 'm', 'l', '\0',
+  /* "nekodex.net", true */ 'n', 'e', 'k', 'o', 'd', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "nekoku.io", true */ 'n', 'e', 'k', 'o', 'k', 'u', '.', 'i', 'o', '\0',
+  /* "nekolove.jp", true */ 'n', 'e', 'k', 'o', 'l', 'o', 'v', 'e', '.', 'j', 'p', '\0',
+  /* "nekomimi.pl", true */ 'n', 'e', 'k', 'o', 'm', 'i', 'm', 'i', '.', 'p', 'l', '\0',
+  /* "nekosc.com", true */ 'n', 'e', 'k', 'o', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nekowa.moe", true */ 'n', 'e', 'k', 'o', 'w', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "nelhage.com", true */ 'n', 'e', 'l', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nella-project.org", true */ 'n', 'e', 'l', 'l', 'a', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "nella.io", true */ 'n', 'e', 'l', 'l', 'a', '.', 'i', 'o', '\0',
+  /* "nellacms.com", true */ 'n', 'e', 'l', 'l', 'a', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nellacms.org", true */ 'n', 'e', 'l', 'l', 'a', 'c', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nellafw.org", true */ 'n', 'e', 'l', 'l', 'a', 'f', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "nellen.it", true */ 'n', 'e', 'l', 'l', 'e', 'n', '.', 'i', 't', '\0',
+  /* "nemcd.com", true */ 'n', 'e', 'm', 'c', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "nemecl.eu", true */ 'n', 'e', 'm', 'e', 'c', 'l', '.', 'e', 'u', '\0',
+  /* "nemez.net", true */ 'n', 'e', 'm', 'e', 'z', '.', 'n', 'e', 't', '\0',
+  /* "nemo.run", true */ 'n', 'e', 'm', 'o', '.', 'r', 'u', 'n', '\0',
+  /* "nemopan.com", true */ 'n', 'e', 'm', 'o', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nemumu.com", true */ 'n', 'e', 'm', 'u', 'm', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nemunai.re", true */ 'n', 'e', 'm', 'u', 'n', 'a', 'i', '.', 'r', 'e', '\0',
+  /* "neo2shyalien.eu", false */ 'n', 'e', 'o', '2', 's', 'h', 'y', 'a', 'l', 'i', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "neobits.nl", true */ 'n', 'e', 'o', 'b', 'i', 't', 's', '.', 'n', 'l', '\0',
+  /* "neocities.org", true */ 'n', 'e', 'o', 'c', 'i', 't', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "neoclick.io", true */ 'n', 'e', 'o', 'c', 'l', 'i', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "neojo.org", true */ 'n', 'e', 'o', 'j', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "neokobe.city", true */ 'n', 'e', 'o', 'k', 'o', 'b', 'e', '.', 'c', 'i', 't', 'y', '\0',
+  /* "neolaudia.es", true */ 'n', 'e', 'o', 'l', 'a', 'u', 'd', 'i', 'a', '.', 'e', 's', '\0',
+  /* "neons.org", true */ 'n', 'e', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "neophilus.net", true */ 'n', 'e', 'o', 'p', 'h', 'i', 'l', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "neosdesignstudio.co.uk", true */ 'n', 'e', 'o', 's', 'd', 'e', 's', 'i', 'g', 'n', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "neostralis.com", true */ 'n', 'e', 'o', 's', 't', 'r', 'a', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neowlan.net", true */ 'n', 'e', 'o', 'w', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "neoxcrf.com", true */ 'n', 'e', 'o', 'x', 'c', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "neoz.com.br", true */ 'n', 'e', 'o', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nepal-evolution.org", true */ 'n', 'e', 'p', 'a', 'l', '-', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nephelion.org", true */ 'n', 'e', 'p', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nephos.xyz", true */ 'n', 'e', 'p', 'h', 'o', 's', '.', 'x', 'y', 'z', '\0',
+  /* "nepovolenainternetovahazardnihra.cz", true */ 'n', 'e', 'p', 'o', 'v', 'o', 'l', 'e', 'n', 'a', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'v', 'a', 'h', 'a', 'z', 'a', 'r', 'd', 'n', 'i', 'h', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "nercp.org.uk", true */ 'n', 'e', 'r', 'c', 'p', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "nerdjokes.de", true */ 'n', 'e', 'r', 'd', 'j', 'o', 'k', 'e', 's', '.', 'd', 'e', '\0',
+  /* "nerdmind.de", true */ 'n', 'e', 'r', 'd', 'm', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "nerdoutstudios.tv", true */ 'n', 'e', 'r', 'd', 'o', 'u', 't', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 't', 'v', '\0',
+  /* "nerdpol.ch", true */ 'n', 'e', 'r', 'd', 'p', 'o', 'l', '.', 'c', 'h', '\0',
+  /* "nerds-gegen-stephan.de", true */ 'n', 'e', 'r', 'd', 's', '-', 'g', 'e', 'g', 'e', 'n', '-', 's', 't', 'e', 'p', 'h', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "nerds.company", false */ 'n', 'e', 'r', 'd', 's', '.', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '\0',
+  /* "nerdtime.de", true */ 'n', 'e', 'r', 'd', 't', 'i', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "nerdydev.net", true */ 'n', 'e', 'r', 'd', 'y', 'd', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "nerot.eu", true */ 'n', 'e', 'r', 'o', 't', '.', 'e', 'u', '\0',
+  /* "nerull7.info", true */ 'n', 'e', 'r', 'u', 'l', 'l', '7', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nerven.se", false */ 'n', 'e', 'r', 'v', 'e', 'n', '.', 's', 'e', '\0',
+  /* "nesantuoka.lt", true */ 'n', 'e', 's', 'a', 'n', 't', 'u', 'o', 'k', 'a', '.', 'l', 't', '\0',
+  /* "nesolabs.com", true */ 'n', 'e', 's', 'o', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nesolabs.de", true */ 'n', 'e', 's', 'o', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0',
+  /* "nesterov.pw", true */ 'n', 'e', 's', 't', 'e', 'r', 'o', 'v', '.', 'p', 'w', '\0',
+  /* "nestor.nu", true */ 'n', 'e', 's', 't', 'o', 'r', '.', 'n', 'u', '\0',
+  /* "neswec.org.uk", true */ 'n', 'e', 's', 'w', 'e', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "net-safe.info", true */ 'n', 'e', 't', '-', 's', 'a', 'f', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "net4visions.at", true */ 'n', 'e', 't', '4', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'a', 't', '\0',
+  /* "net4visions.de", true */ 'n', 'e', 't', '4', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "netamia.com", true */ 'n', 'e', 't', 'a', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "netapps.de", true */ 'n', 'e', 't', 'a', 'p', 'p', 's', '.', 'd', 'e', '\0',
+  /* "netba.net", true */ 'n', 'e', 't', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "netbank.com.au", true */ 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "netbears.com", true */ 'n', 'e', 't', 'b', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netbears.ro", true */ 'n', 'e', 't', 'b', 'e', 'a', 'r', 's', '.', 'r', 'o', '\0',
+  /* "netbows.com", true */ 'n', 'e', 't', 'b', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netbows.es", true */ 'n', 'e', 't', 'b', 'o', 'w', 's', '.', 'e', 's', '\0',
+  /* "netbulls.io", true */ 'n', 'e', 't', 'b', 'u', 'l', 'l', 's', '.', 'i', 'o', '\0',
+  /* "netbuzz.ru", true */ 'n', 'e', 't', 'b', 'u', 'z', 'z', '.', 'r', 'u', '\0',
+  /* "netconnect.at", true */ 'n', 'e', 't', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'a', 't', '\0',
+  /* "netcoolusers.org", true */ 'n', 'e', 't', 'c', 'o', 'o', 'l', 'u', 's', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "netde.jp", true */ 'n', 'e', 't', 'd', 'e', '.', 'j', 'p', '\0',
+  /* "netdego.jp", true */ 'n', 'e', 't', 'd', 'e', 'g', 'o', '.', 'j', 'p', '\0',
+  /* "netdex.co", true */ 'n', 'e', 't', 'd', 'e', 'x', '.', 'c', 'o', '\0',
+  /* "netducks.com", true */ 'n', 'e', 't', 'd', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netducks.space", true */ 'n', 'e', 't', 'd', 'u', 'c', 'k', 's', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "netera.se", true */ 'n', 'e', 't', 'e', 'r', 'a', '.', 's', 'e', '\0',
+  /* "netfabb.com", true */ 'n', 'e', 't', 'f', 'a', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "netfs.pl", false */ 'n', 'e', 't', 'f', 's', '.', 'p', 'l', '\0',
+  /* "netfxharmonics.com", true */ 'n', 'e', 't', 'f', 'x', 'h', 'a', 'r', 'm', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netguide.co.nz", true */ 'n', 'e', 't', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "nethackwiki.com", true */ 'n', 'e', 't', 'h', 'a', 'c', 'k', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nethruster.com", true */ 'n', 'e', 't', 'h', 'r', 'u', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nethunter.top", true */ 'n', 'e', 't', 'h', 'u', 'n', 't', 'e', 'r', '.', 't', 'o', 'p', '\0',
+  /* "netki.com", true */ 'n', 'e', 't', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "netlentes.com.br", true */ 'n', 'e', 't', 'l', 'e', 'n', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "netlocal.ru", true */ 'n', 'e', 't', 'l', 'o', 'c', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "netmagicas.com.br", true */ 'n', 'e', 't', 'm', 'a', 'g', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "netmeister.org", true */ 'n', 'e', 't', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "netnik.de", true */ 'n', 'e', 't', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "netnodes.net", true */ 'n', 'e', 't', 'n', 'o', 'd', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "netrelay.email", true */ 'n', 'e', 't', 'r', 'e', 'l', 'a', 'y', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "netrider.net.au", false */ 'n', 'e', 't', 'r', 'i', 'd', 'e', 'r', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "netronix.be", true */ 'n', 'e', 't', 'r', 'o', 'n', 'i', 'x', '.', 'b', 'e', '\0',
+  /* "netscaler.expert", true */ 'n', 'e', 't', 's', 'c', 'a', 'l', 'e', 'r', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0',
+  /* "netsight.org", true */ 'n', 'e', 't', 's', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "netsigna.de", true */ 'n', 'e', 't', 's', 'i', 'g', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "netsite.dk", true */ 'n', 'e', 't', 's', 'i', 't', 'e', '.', 'd', 'k', '\0',
+  /* "netsoins.org", true */ 'n', 'e', 't', 's', 'o', 'i', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "netsparker.com", false */ 'n', 'e', 't', 's', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "netsystems.pro", true */ 'n', 'e', 't', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'p', 'r', 'o', '\0',
+  /* "nette.org", true */ 'n', 'e', 't', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nettia.fi", true */ 'n', 'e', 't', 't', 'i', 'a', '.', 'f', 'i', '\0',
+  /* "netto-service.ch", true */ 'n', 'e', 't', 't', 'o', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "nettools.link", true */ 'n', 'e', 't', 't', 'o', 'o', 'l', 's', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "nettopower.dk", true */ 'n', 'e', 't', 't', 'o', 'p', 'o', 'w', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "nettplusultra-rhone.fr", true */ 'n', 'e', 't', 't', 'p', 'l', 'u', 's', 'u', 'l', 't', 'r', 'a', '-', 'r', 'h', 'o', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "nettx.co.uk", true */ 'n', 'e', 't', 't', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "netulo.com", true */ 'n', 'e', 't', 'u', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "netvizura.co.uk", true */ 'n', 'e', 't', 'v', 'i', 'z', 'u', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "netwarc.eu", true */ 'n', 'e', 't', 'w', 'a', 'r', 'c', '.', 'e', 'u', '\0',
+  /* "netwarc.nl", true */ 'n', 'e', 't', 'w', 'a', 'r', 'c', '.', 'n', 'l', '\0',
+  /* "netweaver.uk", true */ 'n', 'e', 't', 'w', 'e', 'a', 'v', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "netwerkmanager.nl", false */ 'n', 'e', 't', 'w', 'e', 'r', 'k', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "network-notes.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', '-', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "network23.nl", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', '2', '3', '.', 'n', 'l', '\0',
+  /* "networkersdiary.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'e', 'r', 's', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "networking4all.com", false */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "networkingnexus.net", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'n', 'e', 'x', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "networkingphoenix.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "networkmarketingpro.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "networkposting.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'p', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "networth.at", true */ 'n', 'e', 't', 'w', 'o', 'r', 't', 'h', '.', 'a', 't', '\0',
+  /* "netzfrauen.org", true */ 'n', 'e', 't', 'z', 'f', 'r', 'a', 'u', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "netzspielplatz.de", true */ 'n', 'e', 't', 'z', 's', 'p', 'i', 'e', 'l', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "netzwerkwerk.de", true */ 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "neuch.info", true */ 'n', 'e', 'u', 'c', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "neuflizeobc.net", true */ 'n', 'e', 'u', 'f', 'l', 'i', 'z', 'e', 'o', 'b', 'c', '.', 'n', 'e', 't', '\0',
+  /* "neuhaus-city.de", true */ 'n', 'e', 'u', 'h', 'a', 'u', 's', '-', 'c', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "neurabyte.com", true */ 'n', 'e', 'u', 'r', 'a', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neurexcellence.com", true */ 'n', 'e', 'u', 'r', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neurobiology.com", true */ 'n', 'e', 'u', 'r', 'o', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "neurochip.com", true */ 'n', 'e', 'u', 'r', 'o', 'c', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "neurocny.cloud", true */ 'n', 'e', 'u', 'r', 'o', 'c', 'n', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "neuroethics.com", true */ 'n', 'e', 'u', 'r', 'o', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neurogroove.info", true */ 'n', 'e', 'u', 'r', 'o', 'g', 'r', 'o', 'o', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "neuronasdigitales.com", true */ 'n', 'e', 'u', 'r', 'o', 'n', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neuropharmacology.com", true */ 'n', 'e', 'u', 'r', 'o', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "neurotransmitter.net", true */ 'n', 'e', 'u', 'r', 'o', 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "neutralox.com", false */ 'n', 'e', 'u', 't', 'r', 'a', 'l', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "neutralvehicle.com", true */ 'n', 'e', 'u', 't', 'r', 'a', 'l', 'v', 'e', 'h', 'i', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neuwal.com", true */ 'n', 'e', 'u', 'w', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "neverwetturkey.com", true */ 'n', 'e', 'v', 'e', 'r', 'w', 'e', 't', 't', 'u', 'r', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nevntech.com", true */ 'n', 'e', 'v', 'n', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nevolution.me", true */ 'n', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "nevoxo.com", true */ 'n', 'e', 'v', 'o', 'x', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "new-black-order.com", true */ 'n', 'e', 'w', '-', 'b', 'l', 'a', 'c', 'k', '-', 'o', 'r', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "new-ms.com", true */ 'n', 'e', 'w', '-', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "new-process.ch", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'h', '\0',
+  /* "new-process.com", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "new-process.de", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'd', 'e', '\0',
+  /* "new-process.eu", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'e', 'u', '\0',
+  /* "new.travel.pl", true */ 'n', 'e', 'w', '.', 't', 'r', 'a', 'v', 'e', 'l', '.', 'p', 'l', '\0',
+  /* "newaccess.ch", true */ 'n', 'e', 'w', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'h', '\0',
+  /* "newantiagingcreams.com", true */ 'n', 'e', 'w', 'a', 'n', 't', 'i', 'a', 'g', 'i', 'n', 'g', 'c', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "newbietech.cn", true */ 'n', 'e', 'w', 'b', 'i', 'e', 't', 'e', 'c', 'h', '.', 'c', 'n', '\0',
+  /* "newbownerton.xyz", true */ 'n', 'e', 'w', 'b', 'o', 'w', 'n', 'e', 'r', 't', 'o', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "newburybouncycastles.co.uk", true */ 'n', 'e', 'w', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "newburyparkelectrical.com", true */ 'n', 'e', 'w', 'b', 'u', 'r', 'y', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "newcitygas.ca", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 'g', 'a', 's', '.', 'c', 'a', '\0',
+  /* "newcityinfo.ch", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "newcitystudio.ch", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "newcreamforface.com", true */ 'n', 'e', 'w', 'c', 'r', 'e', 'a', 'm', 'f', 'o', 'r', 'f', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "newday.host", true */ 'n', 'e', 'w', 'd', 'a', 'y', '.', 'h', 'o', 's', 't', '\0',
+  /* "newfacialbeautycream.com", true */ 'n', 'e', 'w', 'f', 'a', 'c', 'i', 'a', 'l', 'b', 'e', 'a', 'u', 't', 'y', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "newfiepedia.ca", true */ 'n', 'e', 'w', 'f', 'i', 'e', 'p', 'e', 'd', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "newgrowbook.com", true */ 'n', 'e', 'w', 'g', 'r', 'o', 'w', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "newguidance.ch", true */ 'n', 'e', 'w', 'g', 'u', 'i', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "newind.info", true */ 'n', 'e', 'w', 'i', 'n', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "newizv.ru", true */ 'n', 'e', 'w', 'i', 'z', 'v', '.', 'r', 'u', '\0',
+  /* "newjianzhi.com", true */ 'n', 'e', 'w', 'j', 'i', 'a', 'n', 'z', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "newknd.com", true */ 'n', 'e', 'w', 'k', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "newline.online", true */ 'n', 'e', 'w', 'l', 'i', 'n', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "newmarketbouncycastlehire.co.uk", true */ 'n', 'e', 'w', 'm', 'a', 'r', 'k', 'e', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "newmed.com.br", true */ 'n', 'e', 'w', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "newmediaone.net", true */ 'n', 'e', 'w', 'm', 'e', 'd', 'i', 'a', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "newmovements.net", true */ 'n', 'e', 'w', 'm', 'o', 'v', 'e', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "newodesign.com", true */ 'n', 'e', 'w', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "newpathintegratedtherapy.com", true */ 'n', 'e', 'w', 'p', 'a', 't', 'h', 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "news47ell.com", true */ 'n', 'e', 'w', 's', '4', '7', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "newsa2.com", true */ 'n', 'e', 'w', 's', 'a', '2', '.', 'c', 'o', 'm', '\0',
+  /* "newserumforskin.com", true */ 'n', 'e', 'w', 's', 'e', 'r', 'u', 'm', 'f', 'o', 'r', 's', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "newsmotor.info", true */ 'n', 'e', 'w', 's', 'm', 'o', 't', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "newspsychology.com", true */ 'n', 'e', 'w', 's', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "newsquantified.com", true */ 'n', 'e', 'w', 's', 'q', 'u', 'a', 'n', 't', 'i', 'f', 'i', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "newstone-tech.com", true */ 'n', 'e', 'w', 's', 't', 'o', 'n', 'e', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "newsyslog.org", true */ 'n', 'e', 'w', 's', 'y', 's', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "newtnote.com", true */ 'n', 'e', 'w', 't', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "newtonhaus.com", true */ 'n', 'e', 'w', 't', 'o', 'n', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "newtrackon.com", true */ 'n', 'e', 'w', 't', 'r', 'a', 'c', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nex.sx", true */ 'n', 'e', 'x', '.', 's', 'x', '\0',
+  /* "nexicafiles.com", true */ 'n', 'e', 'x', 'i', 'c', 'a', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nexlab.org", true */ 'n', 'e', 'x', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "next-taxi.ru", true */ 'n', 'e', 'x', 't', '-', 't', 'a', 'x', 'i', '.', 'r', 'u', '\0',
+  /* "next24.io", true */ 'n', 'e', 'x', 't', '2', '4', '.', 'i', 'o', '\0',
+  /* "nextads.ch", true */ 'n', 'e', 'x', 't', 'a', 'd', 's', '.', 'c', 'h', '\0',
+  /* "nextcairn.com", true */ 'n', 'e', 'x', 't', 'c', 'a', 'i', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nextcloud.com", true */ 'n', 'e', 'x', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "nextcloud.li", true */ 'n', 'e', 'x', 't', 'c', 'l', 'o', 'u', 'd', '.', 'l', 'i', '\0',
+  /* "nextend.net", true */ 'n', 'e', 'x', 't', 'e', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "nextend.org", true */ 'n', 'e', 'x', 't', 'e', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "nextgen.sk", true */ 'n', 'e', 'x', 't', 'g', 'e', 'n', '.', 's', 'k', '\0',
+  /* "nextgencel.com", true */ 'n', 'e', 'x', 't', 'g', 'e', 'n', 'c', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nexthop.co.jp", true */ 'n', 'e', 'x', 't', 'h', 'o', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "nexthop.jp", true */ 'n', 'e', 'x', 't', 'h', 'o', 'p', '.', 'j', 'p', '\0',
+  /* "nextmbta.com", true */ 'n', 'e', 'x', 't', 'm', 'b', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nextnowagency.com", true */ 'n', 'e', 'x', 't', 'n', 'o', 'w', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nextrobotics.de", true */ 'n', 'e', 'x', 't', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'd', 'e', '\0',
+  /* "nextshutter.com", true */ 'n', 'e', 'x', 't', 's', 'h', 'u', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nexus-exit.de", true */ 'n', 'e', 'x', 'u', 's', '-', 'e', 'x', 'i', 't', '.', 'd', 'e', '\0',
+  /* "nexus-vienna.at", true */ 'n', 'e', 'x', 'u', 's', '-', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0',
+  /* "nexusconnectinternational.eu", true */ 'n', 'e', 'x', 'u', 's', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "nexxus-sistemas.net.br", true */ 'n', 'e', 'x', 'x', 'u', 's', '-', 's', 'i', 's', 't', 'e', 'm', 'a', 's', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "neyer-lorenz.de", true */ 'n', 'e', 'y', 'e', 'r', '-', 'l', 'o', 'r', 'e', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "nezrouge-est-vaudois.ch", true */ 'n', 'e', 'z', 'r', 'o', 'u', 'g', 'e', '-', 'e', 's', 't', '-', 'v', 'a', 'u', 'd', 'o', 'i', 's', '.', 'c', 'h', '\0',
+  /* "nezrouge-geneve.ch", true */ 'n', 'e', 'z', 'r', 'o', 'u', 'g', 'e', '-', 'g', 'e', 'n', 'e', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "nf9q.com", true */ 'n', 'f', '9', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "nfe-elektro.de", true */ 'n', 'f', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "nfhome.be", true */ 'n', 'f', 'h', 'o', 'm', 'e', '.', 'b', 'e', '\0',
+  /* "nfir.nl", true */ 'n', 'f', 'i', 'r', '.', 'n', 'l', '\0',
+  /* "nfl.dedyn.io", true */ 'n', 'f', 'l', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "nfl.duckdns.org", true */ 'n', 'f', 'l', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nfls.io", true */ 'n', 'f', 'l', 's', '.', 'i', 'o', '\0',
+  /* "nframe.io", true */ 'n', 'f', 'r', 'a', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "nfrost.me", true */ 'n', 'f', 'r', 'o', 's', 't', '.', 'm', 'e', '\0',
+  /* "nfsec.pl", true */ 'n', 'f', 's', 'e', 'c', '.', 'p', 'l', '\0',
+  /* "nfz.moe", true */ 'n', 'f', 'z', '.', 'm', 'o', 'e', '\0',
+  /* "ng-firewall.com", true */ 'n', 'g', '-', 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ngasembaru.com", true */ 'n', 'g', 'a', 's', 'e', 'm', 'b', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nghe.net", true */ 'n', 'g', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ngiemboon.net", true */ 'n', 'g', 'i', 'e', 'm', 'b', 'o', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "nginxyii.tk", true */ 'n', 'g', 'i', 'n', 'x', 'y', 'i', 'i', '.', 't', 'k', '\0',
+  /* "ngndn.jp", true */ 'n', 'g', 'n', 'd', 'n', '.', 'j', 'p', '\0',
+  /* "ngocuong.net", true */ 'n', 'g', 'o', 'c', 'u', 'o', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "ngvf.de", true */ 'n', 'g', 'v', 'f', '.', 'd', 'e', '\0',
+  /* "ngxpkg.com", true */ 'n', 'g', 'x', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nhccnews.org", true */ 'n', 'h', 'c', 'c', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nhimf.org", true */ 'n', 'h', 'i', 'm', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "nhliberty.org", true */ 'n', 'h', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "nhome.ba", true */ 'n', 'h', 'o', 'm', 'e', '.', 'b', 'a', '\0',
+  /* "nhus.de", true */ 'n', 'h', 'u', 's', '.', 'd', 'e', '\0',
+  /* "ni-mate.com", true */ 'n', 'i', '-', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ni.search.yahoo.com", false */ 'n', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "niadd.com", true */ 'n', 'i', 'a', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "niagara.ru", false */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "niagarafalls.ca", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 'f', 'a', 'l', 'l', 's', '.', 'c', 'a', '\0',
+  /* "niagarafallsmuseums.ca", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 'f', 'a', 'l', 'l', 's', 'm', 'u', 's', 'e', 'u', 'm', 's', '.', 'c', 'a', '\0',
+  /* "niagaraschoice.org", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 's', 'c', 'h', 'o', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nibb13.tech", true */ 'n', 'i', 'b', 'b', '1', '3', '.', 't', 'e', 'c', 'h', '\0',
+  /* "nic.gov", true */ 'n', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "niceb5y.net", false */ 'n', 'i', 'c', 'e', 'b', '5', 'y', '.', 'n', 'e', 't', '\0',
+  /* "niceguyit.biz", true */ 'n', 'i', 'c', 'e', 'g', 'u', 'y', 'i', 't', '.', 'b', 'i', 'z', '\0',
+  /* "nicestudio.co.il", false */ 'n', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "nichijou.com", true */ 'n', 'i', 'c', 'h', 'i', 'j', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nicholaspruss.com", true */ 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', 'p', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nicholasquigley.com", true */ 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', 'q', 'u', 'i', 'g', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nichteinschalten.de", false */ 'n', 'i', 'c', 'h', 't', 'e', 'i', 'n', 's', 'c', 'h', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "nichthelfer.de", true */ 'n', 'i', 'c', 'h', 't', 'h', 'e', 'l', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "nicic.gov", true */ 'n', 'i', 'c', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "nickcleans.co.uk", true */ 'n', 'i', 'c', 'k', 'c', 'l', 'e', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nickcraver.com", true */ 'n', 'i', 'c', 'k', 'c', 'r', 'a', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nickdekruijk.nl", true */ 'n', 'i', 'c', 'k', 'd', 'e', 'k', 'r', 'u', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "nickguyver.com", true */ 'n', 'i', 'c', 'k', 'g', 'u', 'y', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nickloose.de", true */ 'n', 'i', 'c', 'k', 'l', 'o', 'o', 's', 'e', '.', 'd', 'e', '\0',
+  /* "nickmorri.com", true */ 'n', 'i', 'c', 'k', 'm', 'o', 'r', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nickrickard.co.uk", true */ 'n', 'i', 'c', 'k', 'r', 'i', 'c', 'k', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nickserve.com", true */ 'n', 'i', 'c', 'k', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nickstories.de", true */ 'n', 'i', 'c', 'k', 's', 't', 'o', 'r', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "niclasreich.de", true */ 'n', 'i', 'c', 'l', 'a', 's', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "nicn.me", true */ 'n', 'i', 'c', 'n', '.', 'm', 'e', '\0',
+  /* "nicocourts.com", true */ 'n', 'i', 'c', 'o', 'c', 'o', 'u', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nicoknibbe.nl", true */ 'n', 'i', 'c', 'o', 'k', 'n', 'i', 'b', 'b', 'e', '.', 'n', 'l', '\0',
+  /* "nicolaeiotcu.ro", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'e', 'i', 'o', 't', 'c', 'u', '.', 'r', 'o', '\0',
+  /* "nicolaelmer.ch", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'e', 'l', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "nicolajanedesigns.co.uk", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'j', 'a', 'n', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nicolas-dumermuth.com", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'd', 'u', 'm', 'e', 'r', 'm', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nicolas-hoffmann.net", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'h', 'o', 'f', 'f', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "nicolas-hoizey.com", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'h', 'o', 'i', 'z', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nicolasiung.me", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'i', 'u', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "nicolasklotz.de", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'k', 'l', 'o', 't', 'z', '.', 'd', 'e', '\0',
+  /* "nicolaszambetti.ch", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'z', 'a', 'm', 'b', 'e', 't', 't', 'i', '.', 'c', 'h', '\0',
+  /* "nicolaw.uk", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'w', '.', 'u', 'k', '\0',
+  /* "nicoleoquendo.com", true */ 'n', 'i', 'c', 'o', 'l', 'e', 'o', 'q', 'u', 'e', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nicul.in", true */ 'n', 'i', 'c', 'u', 'l', '.', 'i', 'n', '\0',
+  /* "nidro.de", true */ 'n', 'i', 'd', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "nidsuber.ch", true */ 'n', 'i', 'd', 's', 'u', 'b', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "niederohmig.de", true */ 'n', 'i', 'e', 'd', 'e', 'r', 'o', 'h', 'm', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "niedersetz.de", true */ 'n', 'i', 'e', 'd', 'e', 'r', 's', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "niehage.name", true */ 'n', 'i', 'e', 'h', 'a', 'g', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "nielshoogenhout.be", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'b', 'e', '\0',
+  /* "nielshoogenhout.eu", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'e', 'u', '\0',
+  /* "nielshoogenhout.nl", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "nien.cf", true */ 'n', 'i', 'e', 'n', '.', 'c', 'f', '\0',
+  /* "nien.co", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', '\0',
+  /* "nien.com", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nien.com.tw", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "nien.eu.org", true */ 'n', 'i', 'e', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "nien.gq", true */ 'n', 'i', 'e', 'n', '.', 'g', 'q', '\0',
+  /* "nien.org", true */ 'n', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nien.taipei", true */ 'n', 'i', 'e', 'n', '.', 't', 'a', 'i', 'p', 'e', 'i', '\0',
+  /* "nien.tk", true */ 'n', 'i', 'e', 'n', '.', 't', 'k', '\0',
+  /* "nienkeslop.nl", true */ 'n', 'i', 'e', 'n', 'k', 'e', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "nierenpraxis-dr-merkel.de", true */ 'n', 'i', 'e', 'r', 'e', 'n', 'p', 'r', 'a', 'x', 'i', 's', '-', 'd', 'r', '-', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "nierenpraxis-merkel.de", true */ 'n', 'i', 'e', 'r', 'e', 'n', 'p', 'r', 'a', 'x', 'i', 's', '-', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "nieselregen.com", false */ 'n', 'i', 'e', 's', 'e', 'l', 'r', 'e', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "niess.space", true */ 'n', 'i', 'e', 's', 's', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "niesstar.com", true */ 'n', 'i', 'e', 's', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nietzsche.com", true */ 'n', 'i', 'e', 't', 'z', 's', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nieuwsoverijssel.nl", true */ 'n', 'i', 'e', 'u', 'w', 's', 'o', 'v', 'e', 'r', 'i', 'j', 's', 's', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "niftiestsoftware.com", true */ 'n', 'i', 'f', 't', 'i', 'e', 's', 't', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nifume.com", true */ 'n', 'i', 'f', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nigelwakefield.com", true */ 'n', 'i', 'g', 'e', 'l', 'w', 'a', 'k', 'e', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "nigensha.co.jp", true */ 'n', 'i', 'g', 'e', 'n', 's', 'h', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "niggemeier.cc", true */ 'n', 'i', 'g', 'g', 'e', 'm', 'e', 'i', 'e', 'r', '.', 'c', 'c', '\0',
+  /* "nigger.racing", true */ 'n', 'i', 'g', 'g', 'e', 'r', '.', 'r', 'a', 'c', 'i', 'n', 'g', '\0',
+  /* "night2stay.cn", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'c', 'n', '\0',
+  /* "night2stay.com", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "night2stay.de", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "night2stay.fr", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'f', 'r', '\0',
+  /* "night2stay.ru", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "nightbutterflies.com", true */ 'n', 'i', 'g', 'h', 't', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nightfirec.at", true */ 'n', 'i', 'g', 'h', 't', 'f', 'i', 'r', 'e', 'c', '.', 'a', 't', '\0',
+  /* "nightfirecat.com", true */ 'n', 'i', 'g', 'h', 't', 'f', 'i', 'r', 'e', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nightmoose.org", true */ 'n', 'i', 'g', 'h', 't', 'm', 'o', 'o', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nightwinds.tk", true */ 'n', 'i', 'g', 'h', 't', 'w', 'i', 'n', 'd', 's', '.', 't', 'k', '\0',
+  /* "nihon-no-sake.net", true */ 'n', 'i', 'h', 'o', 'n', '-', 'n', 'o', '-', 's', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "nihseniorhealth.gov", false */ 'n', 'i', 'h', 's', 'e', 'n', 'i', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "nijiero-ch.com", false */ 'n', 'i', 'j', 'i', 'e', 'r', 'o', '-', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nijikata.com", true */ 'n', 'i', 'j', 'i', 'k', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nijm.nl", true */ 'n', 'i', 'j', 'm', '.', 'n', 'l', '\0',
+  /* "nikandcara.com", true */ 'n', 'i', 'k', 'a', 'n', 'd', 'c', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nikao-tech.com", true */ 'n', 'i', 'k', 'a', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nikavandenbos.nl", true */ 'n', 'i', 'k', 'a', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "nikimix.com", true */ 'n', 'i', 'k', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nikkila.me", true */ 'n', 'i', 'k', 'k', 'i', 'l', 'a', '.', 'm', 'e', '\0',
+  /* "niklas.pw", true */ 'n', 'i', 'k', 'l', 'a', 's', '.', 'p', 'w', '\0',
+  /* "niklasbabel.com", true */ 'n', 'i', 'k', 'l', 'a', 's', 'b', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nikobradshaw.com", true */ 'n', 'i', 'k', 'o', 'b', 'r', 'a', 'd', 's', 'h', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "nikolasgrottendieck.com", true */ 'n', 'i', 'k', 'o', 'l', 'a', 's', 'g', 'r', 'o', 't', 't', 'e', 'n', 'd', 'i', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nikomo.fi", false */ 'n', 'i', 'k', 'o', 'm', 'o', '.', 'f', 'i', '\0',
+  /* "nikz.in", true */ 'n', 'i', 'k', 'z', '.', 'i', 'n', '\0',
+  /* "nil.gs", true */ 'n', 'i', 'l', '.', 'g', 's', '\0',
+  /* "nilrem.org", true */ 'n', 'i', 'l', 'r', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "nimeshjm.com", true */ 'n', 'i', 'm', 'e', 's', 'h', 'j', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ninaforever.com", true */ 'n', 'i', 'n', 'a', 'f', 'o', 'r', 'e', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ninarinaldi.com.br", true */ 'n', 'i', 'n', 'a', 'r', 'i', 'n', 'a', 'l', 'd', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ninaundandre.de", true */ 'n', 'i', 'n', 'a', 'u', 'n', 'd', 'a', 'n', 'd', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "ninchat.com", true */ 'n', 'i', 'n', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ninebennink.com", true */ 'n', 'i', 'n', 'e', 'b', 'e', 'n', 'n', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ninebytes.xyz", true */ 'n', 'i', 'n', 'e', 'b', 'y', 't', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "ninespec.com", true */ 'n', 'i', 'n', 'e', 's', 'p', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ninetaillabs.com", true */ 'n', 'i', 'n', 'e', 't', 'a', 'i', 'l', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ninetaillabs.xyz", true */ 'n', 'i', 'n', 'e', 't', 'a', 'i', 'l', 'l', 'a', 'b', 's', '.', 'x', 'y', 'z', '\0',
+  /* "ninfora.com", true */ 'n', 'i', 'n', 'f', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ning.so", true */ 'n', 'i', 'n', 'g', '.', 's', 'o', '\0',
+  /* "ninja-galerie.de", true */ 'n', 'i', 'n', 'j', 'a', '-', 'g', 'a', 'l', 'e', 'r', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "ninofink.com", true */ 'n', 'i', 'n', 'o', 'f', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nintendoforum.no", true */ 'n', 'i', 'n', 't', 'e', 'n', 'd', 'o', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'o', '\0',
+  /* "ninthfloor.org", true */ 'n', 'i', 'n', 't', 'h', 'f', 'l', 'o', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ninux.ch", false */ 'n', 'i', 'n', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "nipax.cz", true */ 'n', 'i', 'p', 'a', 'x', '.', 'c', 'z', '\0',
+  /* "nipe-systems.de", true */ 'n', 'i', 'p', 'e', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'd', 'e', '\0',
+  /* "nippon-oku.com", true */ 'n', 'i', 'p', 'p', 'o', 'n', '-', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nippon.fr", true */ 'n', 'i', 'p', 'p', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "nirna.io", true */ 'n', 'i', 'r', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "nirudo.me", true */ 'n', 'i', 'r', 'u', 'd', 'o', '.', 'm', 'e', '\0',
+  /* "nirvanashop.com", true */ 'n', 'i', 'r', 'v', 'a', 'n', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "nishaswonderland.be", true */ 'n', 'i', 's', 'h', 'a', 's', 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'b', 'e', '\0',
+  /* "nishaswonderland.nl", true */ 'n', 'i', 's', 'h', 'a', 's', 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "nishisbma.com", true */ 'n', 'i', 's', 'h', 'i', 's', 'b', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nissanofbismarckparts.com", true */ 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'b', 'i', 's', 'm', 'a', 'r', 'c', 'k', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nitaonline.org", true */ 'n', 'i', 't', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nitifilter.com", true */ 'n', 'i', 't', 'i', 'f', 'i', 'l', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nitrix.me", true */ 'n', 'i', 't', 'r', 'i', 'x', '.', 'm', 'e', '\0',
+  /* "nitrokey.com", true */ 'n', 'i', 't', 'r', 'o', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nitropanel.com", true */ 'n', 'i', 't', 'r', 'o', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nitropur.com", true */ 'n', 'i', 't', 'r', 'o', 'p', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nitropur.de", true */ 'n', 'i', 't', 'r', 'o', 'p', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "nitrous-networks.com", true */ 'n', 'i', 't', 'r', 'o', 'u', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "niu.moe", true */ 'n', 'i', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "nivi.ca", true */ 'n', 'i', 'v', 'i', '.', 'c', 'a', '\0',
+  /* "nix.black", true */ 'n', 'i', 'x', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "nix.org.ua", false */ 'n', 'i', 'x', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "nixonlibrary.gov", true */ 'n', 'i', 'x', 'o', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "niyawe.de", true */ 'n', 'i', 'y', 'a', 'w', 'e', '.', 'd', 'e', '\0',
+  /* "nja.id.au", true */ 'n', 'j', 'a', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "njguardtraining.com", true */ 'n', 'j', 'g', 'u', 'a', 'r', 'd', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "njpjanssen.nl", true */ 'n', 'j', 'p', 'j', 'a', 'n', 's', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "nkinka.de", true */ 'n', 'k', 'i', 'n', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "nkp-media.de", true */ 'n', 'k', 'p', '-', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "nl-ix.net", true */ 'n', 'l', '-', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "nl.search.yahoo.com", false */ 'n', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nlap.ca", true */ 'n', 'l', 'a', 'p', '.', 'c', 'a', '\0',
+  /* "nlbewustgezond.nl", true */ 'n', 'l', 'b', 'e', 'w', 'u', 's', 't', 'g', 'e', 'z', 'o', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "nlegall.fr", true */ 'n', 'l', 'e', 'g', 'a', 'l', 'l', '.', 'f', 'r', '\0',
+  /* "nlfant.eu", true */ 'n', 'l', 'f', 'a', 'n', 't', '.', 'e', 'u', '\0',
+  /* "nlm.gov", true */ 'n', 'l', 'm', '.', 'g', 'o', 'v', '\0',
+  /* "nlrb.gov", true */ 'n', 'l', 'r', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "nlt.by", false */ 'n', 'l', 't', '.', 'b', 'y', '\0',
+  /* "nmd.so", true */ 'n', 'm', 'd', '.', 's', 'o', '\0',
+  /* "nmnd.de", true */ 'n', 'm', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "nmsnj.com", true */ 'n', 'm', 's', 'n', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "nn.cz", true */ 'n', 'n', '.', 'c', 'z', '\0',
+  /* "nna774.net", true */ 'n', 'n', 'a', '7', '7', '4', '.', 'n', 'e', 't', '\0',
+  /* "nnqc.nl", true */ 'n', 'n', 'q', 'c', '.', 'n', 'l', '\0',
+  /* "no-xice.com", true */ 'n', 'o', '-', 'x', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "no.search.yahoo.com", false */ 'n', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "noagendahr.org", true */ 'n', 'o', 'a', 'g', 'e', 'n', 'd', 'a', 'h', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "nobleparkapartments.com.au", true */ 'n', 'o', 'b', 'l', 'e', 'p', 'a', 'r', 'k', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "nobly.de", true */ 'n', 'o', 'b', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "noc.org", true */ 'n', 'o', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "noc.wang", true */ 'n', 'o', 'c', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "nocit.dk", true */ 'n', 'o', 'c', 'i', 't', '.', 'd', 'k', '\0',
+  /* "nocs.cn", true */ 'n', 'o', 'c', 's', '.', 'c', 'n', '\0',
+  /* "nodari.com.ar", true */ 'n', 'o', 'd', 'a', 'r', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "nodariweb.com.ar", true */ 'n', 'o', 'd', 'a', 'r', 'i', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "nodecompat.com", true */ 'n', 'o', 'd', 'e', 'c', 'o', 'm', 'p', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nodefiles.com", true */ 'n', 'o', 'd', 'e', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nodefoo.com", true */ 'n', 'o', 'd', 'e', 'f', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nodejs.de", true */ 'n', 'o', 'd', 'e', 'j', 's', '.', 'd', 'e', '\0',
+  /* "nodelia.com", true */ 'n', 'o', 'd', 'e', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nodepositcasinouk.com", true */ 'n', 'o', 'd', 'e', 'p', 'o', 's', 'i', 't', 'c', 'a', 's', 'i', 'n', 'o', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nodesturut.cl", true */ 'n', 'o', 'd', 'e', 's', 't', 'u', 'r', 'u', 't', '.', 'c', 'l', '\0',
+  /* "nodum.io", true */ 'n', 'o', 'd', 'u', 'm', '.', 'i', 'o', '\0',
+  /* "noeatnosleep.me", true */ 'n', 'o', 'e', 'a', 't', 'n', 'o', 's', 'l', 'e', 'e', 'p', '.', 'm', 'e', '\0',
+  /* "noedidacticos.com", true */ 'n', 'o', 'e', 'd', 'i', 'd', 'a', 'c', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noegoph.com", true */ 'n', 'o', 'e', 'g', 'o', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "noellabo.jp", true */ 'n', 'o', 'e', 'l', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "noematic.space", true */ 'n', 'o', 'e', 'm', 'a', 't', 'i', 'c', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "noemax.com", true */ 'n', 'o', 'e', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "noesberts-weidmoos.de", true */ 'n', 'o', 'e', 's', 'b', 'e', 'r', 't', 's', '-', 'w', 'e', 'i', 'd', 'm', 'o', 'o', 's', '.', 'd', 'e', '\0',
+  /* "noexec.org", true */ 'n', 'o', 'e', 'x', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "noez.de", true */ 'n', 'o', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "nofrillsdns.com", true */ 'n', 'o', 'f', 'r', 'i', 'l', 'l', 's', 'd', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noglobalwarrants.org", true */ 'n', 'o', 'g', 'l', 'o', 'b', 'a', 'l', 'w', 'a', 'r', 'r', 'a', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nohats.ca", true */ 'n', 'o', 'h', 'a', 't', 's', '.', 'c', 'a', '\0',
+  /* "nohkan.fr", true */ 'n', 'o', 'h', 'k', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "nohm.eu", true */ 'n', 'o', 'h', 'm', '.', 'e', 'u', '\0',
+  /* "nohttps.org", true */ 'n', 'o', 'h', 't', 't', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nohup.se", true */ 'n', 'o', 'h', 'u', 'p', '.', 's', 'e', '\0',
+  /* "nohup.xyz", true */ 'n', 'o', 'h', 'u', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "noincludesubdomains.preloaded.test", false */ 'n', 'o', 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0',
+  /* "noisebridge.social", true */ 'n', 'o', 'i', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "noisetrap.cz", true */ 'n', 'o', 'i', 's', 'e', 't', 'r', 'a', 'p', '.', 'c', 'z', '\0',
+  /* "noisky.cn", true */ 'n', 'o', 'i', 's', 'k', 'y', '.', 'c', 'n', '\0',
+  /* "noisyfox.cn", true */ 'n', 'o', 'i', 's', 'y', 'f', 'o', 'x', '.', 'c', 'n', '\0',
+  /* "nojestorget.se", true */ 'n', 'o', 'j', 'e', 's', 't', 'o', 'r', 'g', 'e', 't', '.', 's', 'e', '\0',
+  /* "nojok.es", true */ 'n', 'o', 'j', 'o', 'k', '.', 'e', 's', '\0',
+  /* "nokono.com", true */ 'n', 'o', 'k', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nolaviz.org", true */ 'n', 'o', 'l', 'a', 'v', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "noma-film.com", true */ 'n', 'o', 'm', 'a', '-', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "nomadproject.io", true */ 'n', 'o', 'm', 'a', 'd', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "nomesbiblicos.com", true */ 'n', 'o', 'm', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nomial.co.uk", true */ 'n', 'o', 'm', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nomifensine.com", true */ 'n', 'o', 'm', 'i', 'f', 'e', 'n', 's', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nomsy.net", true */ 'n', 'o', 'm', 's', 'y', '.', 'n', 'e', 't', '\0',
+  /* "noname-ev.de", true */ 'n', 'o', 'n', 'a', 'm', 'e', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "noncombatant.org", true */ 'n', 'o', 'n', 'c', 'o', 'm', 'b', 'a', 't', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "noob-box.net", true */ 'n', 'o', 'o', 'b', '-', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "noobunbox.net", true */ 'n', 'o', 'o', 'b', 'u', 'n', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "noodles.net.nz", true */ 'n', 'o', 'o', 'd', 'l', 'e', 's', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "noodleyum.com", true */ 'n', 'o', 'o', 'd', 'l', 'e', 'y', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "noodweer.be", true */ 'n', 'o', 'o', 'd', 'w', 'e', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "noon-entertainments.com", true */ 'n', 'o', 'o', 'n', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noop.ch", true */ 'n', 'o', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "noordsee.de", true */ 'n', 'o', 'o', 'r', 'd', 's', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "noorsolidarity.com", true */ 'n', 'o', 'o', 'r', 's', 'o', 'l', 'i', 'd', 'a', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nootropic.com", true */ 'n', 'o', 'o', 't', 'r', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "noovell.com", true */ 'n', 'o', 'o', 'v', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nopaste.xyz", true */ 'n', 'o', 'p', 'a', 's', 't', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "nopaynocure.com", true */ 'n', 'o', 'p', 'a', 'y', 'n', 'o', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nord-sud.be", true */ 'n', 'o', 'r', 'd', '-', 's', 'u', 'd', '.', 'b', 'e', '\0',
+  /* "nordakademie.de", true */ 'n', 'o', 'r', 'd', 'a', 'k', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "nordic-survival.de", true */ 'n', 'o', 'r', 'd', 'i', 'c', '-', 's', 'u', 'r', 'v', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "nordiccasinocommunity.com", true */ 'n', 'o', 'r', 'd', 'i', 'c', 'c', 'a', 's', 'i', 'n', 'o', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nordinfo.fi", true */ 'n', 'o', 'r', 'd', 'i', 'n', 'f', 'o', '.', 'f', 'i', '\0',
+  /* "nordmoregatebilklubb.com", true */ 'n', 'o', 'r', 'd', 'm', 'o', 'r', 'e', 'g', 'a', 't', 'e', 'b', 'i', 'l', 'k', 'l', 'u', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "nordnetz-hamburg.de", true */ 'n', 'o', 'r', 'd', 'n', 'e', 't', 'z', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "nordor.homeip.net", true */ 'n', 'o', 'r', 'd', 'o', 'r', '.', 'h', 'o', 'm', 'e', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "nordwaldzendo.de", true */ 'n', 'o', 'r', 'd', 'w', 'a', 'l', 'd', 'z', 'e', 'n', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "noref.tk", true */ 'n', 'o', 'r', 'e', 'f', '.', 't', 'k', '\0',
+  /* "noreply.mx", true */ 'n', 'o', 'r', 'e', 'p', 'l', 'y', '.', 'm', 'x', '\0',
+  /* "normaculta.com.br", true */ 'n', 'o', 'r', 'm', 'a', 'c', 'u', 'l', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "normalady.com", true */ 'n', 'o', 'r', 'm', 'a', 'l', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "norman-preusser-gmbh.de", true */ 'n', 'o', 'r', 'm', 'a', 'n', '-', 'p', 'r', 'e', 'u', 's', 's', 'e', 'r', '-', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "normanbauer.com", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "normandgascon.com", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'd', 'g', 'a', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "normankranich.de", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'k', 'r', 'a', 'n', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "norrkemi.se", true */ 'n', 'o', 'r', 'r', 'k', 'e', 'm', 'i', '.', 's', 'e', '\0',
+  /* "norrliden.de", true */ 'n', 'o', 'r', 'r', 'l', 'i', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "norskpensjon.no", true */ 'n', 'o', 'r', 's', 'k', 'p', 'e', 'n', 's', 'j', 'o', 'n', '.', 'n', 'o', '\0',
+  /* "north.supply", true */ 'n', 'o', 'r', 't', 'h', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "northatlantalaw.net", true */ 'n', 'o', 'r', 't', 'h', 'a', 't', 'l', 'a', 'n', 't', 'a', 'l', 'a', 'w', '.', 'n', 'e', 't', '\0',
+  /* "northbrisbaneapartments.com.au", true */ 'n', 'o', 'r', 't', 'h', 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "northconsulting.fr", true */ 'n', 'o', 'r', 't', 'h', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "northcountykiaparts.com", true */ 'n', 'o', 'r', 't', 'h', 'c', 'o', 'u', 'n', 't', 'y', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "northdevonbouncycastles.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'd', 'e', 'v', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "northeastcdc.org", true */ 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', 'c', 'd', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "northeastrodeo.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', 'r', 'o', 'd', 'e', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "northern-lakes.com", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', '-', 'l', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "northernhamsterclub.com", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'h', 'a', 'm', 's', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "northernmuscle.ca", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'm', 'u', 's', 'c', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "northernselfstorage.co.za", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 's', 'e', 'l', 'f', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "northfieldyarn.com", true */ 'n', 'o', 'r', 't', 'h', 'f', 'i', 'e', 'l', 'd', 'y', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "northpennvwparts.com", true */ 'n', 'o', 'r', 't', 'h', 'p', 'e', 'n', 'n', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "northpole.dance", true */ 'n', 'o', 'r', 't', 'h', 'p', 'o', 'l', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0',
+  /* "northridgeelectrical.com", true */ 'n', 'o', 'r', 't', 'h', 'r', 'i', 'd', 'g', 'e', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "northumbriagames.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'u', 'm', 'b', 'r', 'i', 'a', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "northwoodsfish.com", true */ 'n', 'o', 'r', 't', 'h', 'w', 'o', 'o', 'd', 's', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nos-medias.fr", true */ 'n', 'o', 's', '-', 'm', 'e', 'd', 'i', 'a', 's', '.', 'f', 'r', '\0',
+  /* "nos-oignons.net", true */ 'n', 'o', 's', '-', 'o', 'i', 'g', 'n', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "noscript.net", true */ 'n', 'o', 's', 'c', 'r', 'i', 'p', 't', '.', 'n', 'e', 't', '\0',
+  /* "nosfermiers.com", true */ 'n', 'o', 's', 'f', 'e', 'r', 'm', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noslite.nl", true */ 'n', 'o', 's', 'l', 'i', 't', 'e', '.', 'n', 'l', '\0',
+  /* "nospoint.cz", true */ 'n', 'o', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'z', '\0',
+  /* "nossasenhora.net", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "nossasenhoradaconceicao.com.br", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', 'd', 'a', 'c', 'o', 'n', 'c', 'e', 'i', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nossasenhoradodesterro.com.br", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', 'd', 'o', 'd', 'e', 's', 't', 'e', 'r', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nostraforma.com", false */ 'n', 'o', 's', 't', 'r', 'a', 'f', 'o', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "noswap.com", true */ 'n', 'o', 's', 'w', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "nosyu.pe.kr", true */ 'n', 'o', 's', 'y', 'u', '.', 'p', 'e', '.', 'k', 'r', '\0',
+  /* "not-a.link", true */ 'n', 'o', 't', '-', 'a', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "nota-web.com", true */ 'n', 'o', 't', 'a', '-', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "nota.moe", true */ 'n', 'o', 't', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "notablog.xyz", true */ 'n', 'o', 't', 'a', 'b', 'l', 'o', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "notabug.org", true */ 'n', 'o', 't', 'a', 'b', 'u', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "notadd.com", true */ 'n', 'o', 't', 'a', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "notadd.store", true */ 'n', 'o', 't', 'a', 'd', 'd', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "notalone.gov", true */ 'n', 'o', 't', 'a', 'l', 'o', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "notar-glagowski.com", true */ 'n', 'o', 't', 'a', 'r', '-', 'g', 'l', 'a', 'g', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "notar-glagowski.de", true */ 'n', 'o', 't', 'a', 'r', '-', 'g', 'l', 'a', 'g', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "notar-peikert.com", true */ 'n', 'o', 't', 'a', 'r', '-', 'p', 'e', 'i', 'k', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "notarvysocina.cz", true */ 'n', 'o', 't', 'a', 'r', 'v', 'y', 's', 'o', 'c', 'i', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "notbolaget.se", true */ 'n', 'o', 't', 'b', 'o', 'l', 'a', 'g', 'e', 't', '.', 's', 'e', '\0',
+  /* "notboring.co.uk", true */ 'n', 'o', 't', 'b', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "notcompletelycorrect.com", true */ 'n', 'o', 't', 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 'l', 'y', 'c', 'o', 'r', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "notdienstreform-nordrhein.de", true */ 'n', 'o', 't', 'd', 'i', 'e', 'n', 's', 't', 'r', 'e', 'f', 'o', 'r', 'm', '-', 'n', 'o', 'r', 'd', 'r', 'h', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "noticiasdehumor.com", true */ 'n', 'o', 't', 'i', 'c', 'i', 'a', 's', 'd', 'e', 'h', 'u', 'm', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "notificami.com", true */ 'n', 'o', 't', 'i', 'f', 'i', 'c', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "notify.moe", true */ 'n', 'o', 't', 'i', 'f', 'y', '.', 'm', 'o', 'e', '\0',
+  /* "notinglife.com", true */ 'n', 'o', 't', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "notjustvacs.com", true */ 'n', 'o', 't', 'j', 'u', 's', 't', 'v', 'a', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "notnize.net", true */ 'n', 'o', 't', 'n', 'i', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "notnl.com", true */ 'n', 'o', 't', 'n', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "notoriousdev.com", true */ 'n', 'o', 't', 'o', 'r', 'i', 'o', 'u', 's', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "notrecourrier.net", true */ 'n', 'o', 't', 'r', 'e', 'c', 'o', 'u', 'r', 'r', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "nottres.com", true */ 'n', 'o', 't', 't', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "notypiesni.sk", false */ 'n', 'o', 't', 'y', 'p', 'i', 'e', 's', 'n', 'i', '.', 's', 'k', '\0',
+  /* "noudjalink.nl", true */ 'n', 'o', 'u', 'd', 'j', 'a', 'l', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "nouma.fr", true */ 'n', 'o', 'u', 'm', 'a', '.', 'f', 'r', '\0',
+  /* "nova-dess.ch", true */ 'n', 'o', 'v', 'a', '-', 'd', 'e', 's', 's', '.', 'c', 'h', '\0',
+  /* "nova-wd.org.uk", true */ 'n', 'o', 'v', 'a', '-', 'w', 'd', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "nova.live", true */ 'n', 'o', 'v', 'a', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "novabench.com", true */ 'n', 'o', 'v', 'a', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "novacoast.com", false */ 'n', 'o', 'v', 'a', 'c', 'o', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "novadermis.es", true */ 'n', 'o', 'v', 'a', 'd', 'e', 'r', 'm', 'i', 's', '.', 'e', 's', '\0',
+  /* "novafreixo.pt", true */ 'n', 'o', 'v', 'a', 'f', 'r', 'e', 'i', 'x', 'o', '.', 'p', 't', '\0',
+  /* "novaopcaofestas.com.br", true */ 'n', 'o', 'v', 'a', 'o', 'p', 'c', 'a', 'o', 'f', 'e', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "novawave.ca", true */ 'n', 'o', 'v', 'a', 'w', 'a', 'v', 'e', '.', 'c', 'a', '\0',
+  /* "nove.city", true */ 'n', 'o', 'v', 'e', '.', 'c', 'i', 't', 'y', '\0',
+  /* "noveciti.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "novecity.cloud", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "novecity.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "novecity.info", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "novecity.it", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'i', 't', '\0',
+  /* "novecity.org", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "novecitymail.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "novelfeed.com", true */ 'n', 'o', 'v', 'e', 'l', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "novelinglife.net", true */ 'n', 'o', 'v', 'e', 'l', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "novelvyretraite.fr", true */ 'n', 'o', 'v', 'e', 'l', 'v', 'y', 'r', 'e', 't', 'r', 'a', 'i', 't', 'e', '.', 'f', 'r', '\0',
+  /* "novfishing.ru", true */ 'n', 'o', 'v', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "novilaw.com", true */ 'n', 'o', 'v', 'i', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "novinhabucetuda.com", true */ 'n', 'o', 'v', 'i', 'n', 'h', 'a', 'b', 'u', 'c', 'e', 't', 'u', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "novoresume.com", false */ 'n', 'o', 'v', 'o', 'r', 'e', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nowcost.com", true */ 'n', 'o', 'w', 'c', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nowhere.dk", true */ 'n', 'o', 'w', 'h', 'e', 'r', 'e', '.', 'd', 'k', '\0',
+  /* "nowlas.org", true */ 'n', 'o', 'w', 'l', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nowloading.co", true */ 'n', 'o', 'w', 'l', 'o', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "noxlogic.nl", true */ 'n', 'o', 'x', 'l', 'o', 'g', 'i', 'c', '.', 'n', 'l', '\0',
+  /* "noyocenter.org", true */ 'n', 'o', 'y', 'o', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "np.search.yahoo.com", false */ 'n', 'p', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "npath.de", true */ 'n', 'p', 'a', 't', 'h', '.', 'd', 'e', '\0',
+  /* "npm.li", true */ 'n', 'p', 'm', '.', 'l', 'i', '\0',
+  /* "npmcdn.com", true */ 'n', 'p', 'm', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "npw.net", true */ 'n', 'p', 'w', '.', 'n', 'e', 't', '\0',
+  /* "nqesh.com", true */ 'n', 'q', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nrd.li", true */ 'n', 'r', 'd', '.', 'l', 'i', '\0',
+  /* "nrdstd.io", true */ 'n', 'r', 'd', 's', 't', 'd', '.', 'i', 'o', '\0',
+  /* "nrev.ch", true */ 'n', 'r', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "nrkn.fr", true */ 'n', 'r', 'k', 'n', '.', 'f', 'r', '\0',
+  /* "ns-frontier.com", true */ 'n', 's', '-', 'f', 'r', 'o', 'n', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ns2servers.pw", true */ 'n', 's', '2', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'p', 'w', '\0',
+  /* "nsa.lol", true */ 'n', 's', 'a', '.', 'l', 'o', 'l', '\0',
+  /* "nsa.wtf", true */ 'n', 's', 'a', '.', 'w', 't', 'f', '\0',
+  /* "nsboston.org", true */ 'n', 's', 'b', 'o', 's', 't', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nsboutique.com", true */ 'n', 's', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nscnet.jp", true */ 'n', 's', 'c', 'n', 'e', 't', '.', 'j', 'p', '\0',
+  /* "nsellier.fr", true */ 'n', 's', 'e', 'l', 'l', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "nsfw-story.com", true */ 'n', 's', 'f', 'w', '-', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nshost.ro", true */ 'n', 's', 'h', 'o', 's', 't', '.', 'r', 'o', '\0',
+  /* "nsm.ee", true */ 'n', 's', 'm', '.', 'e', 'e', '\0',
+  /* "nsm.stat.no", true */ 'n', 's', 'm', '.', 's', 't', 'a', 't', '.', 'n', 'o', '\0',
+  /* "nso.ie", true */ 'n', 's', 'o', '.', 'i', 'e', '\0',
+  /* "nsp.ua", true */ 'n', 's', 'p', '.', 'u', 'a', '\0',
+  /* "nspeaks.com", true */ 'n', 's', 'p', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nst-maroc.com", true */ 'n', 's', 't', '-', 'm', 'a', 'r', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nstd.net", true */ 'n', 's', 't', 'd', '.', 'n', 'e', 't', '\0',
+  /* "nstremsdoerfer.ovh", true */ 'n', 's', 't', 'r', 'e', 'm', 's', 'd', 'o', 'e', 'r', 'f', 'e', 'r', '.', 'o', 'v', 'h', '\0',
+  /* "nsure.us", true */ 'n', 's', 'u', 'r', 'e', '.', 'u', 's', '\0',
+  /* "nsworks.com", true */ 'n', 's', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ntotten.com", true */ 'n', 't', 'o', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ntppool.org", true */ 'n', 't', 'p', 'p', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "ntx360grad-fallakte.de", true */ 'n', 't', 'x', '3', '6', '0', 'g', 'r', 'a', 'd', '-', 'f', 'a', 'l', 'l', 'a', 'k', 't', 'e', '.', 'd', 'e', '\0',
+  /* "ntzwrk.org", true */ 'n', 't', 'z', 'w', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "nu-pogodi.net", true */ 'n', 'u', '-', 'p', 'o', 'g', 'o', 'd', 'i', '.', 'n', 'e', 't', '\0',
+  /* "nu3tion.com", true */ 'n', 'u', '3', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nu3tion.cz", true */ 'n', 'u', '3', 't', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "nuacht.ie", true */ 'n', 'u', 'a', 'c', 'h', 't', '.', 'i', 'e', '\0',
+  /* "nuamooreaindonesia.com", true */ 'n', 'u', 'a', 'm', 'o', 'o', 'r', 'e', 'a', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nubella.com.au", true */ 'n', 'u', 'b', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "nubu.at", true */ 'n', 'u', 'b', 'u', '.', 'a', 't', '\0',
+  /* "nuclear-crimes.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', '-', 'c', 'r', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nuclearcat.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nuclearcrimes.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'r', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nuclearcrimes1.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'r', 'i', 'm', 'e', 's', '1', '.', 'c', 'o', 'm', '\0',
+  /* "nucleuscore.org", true */ 'n', 'u', 'c', 'l', 'e', 'u', 's', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nudestpics.com", true */ 'n', 'u', 'd', 'e', 's', 't', 'p', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nuel.cl", true */ 'n', 'u', 'e', 'l', '.', 'c', 'l', '\0',
+  /* "nuevaimagenpublicidad.es", true */ 'n', 'u', 'e', 'v', 'a', 'i', 'm', 'a', 'g', 'e', 'n', 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'd', 'a', 'd', '.', 'e', 's', '\0',
+  /* "null-life.com", true */ 'n', 'u', 'l', 'l', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nullday.de", true */ 'n', 'u', 'l', 'l', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "nullpointer.io", true */ 'n', 'u', 'l', 'l', 'p', 'o', 'i', 'n', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "nullroute.com", true */ 'n', 'u', 'l', 'l', 'r', 'o', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nulltime.net", true */ 'n', 'u', 'l', 'l', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "numarasorgulama.tel", true */ 'n', 'u', 'm', 'a', 'r', 'a', 's', 'o', 'r', 'g', 'u', 'l', 'a', 'm', 'a', '.', 't', 'e', 'l', '\0',
+  /* "numatic.co.uk", true */ 'n', 'u', 'm', 'a', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "number.me", true */ 'n', 'u', 'm', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "numbercult.net", true */ 'n', 'u', 'm', 'b', 'e', 'r', 'c', 'u', 'l', 't', '.', 'n', 'e', 't', '\0',
+  /* "numberoneshoes.co.nz", false */ 'n', 'u', 'm', 'b', 'e', 'r', 'o', 'n', 'e', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "numberzero.org", true */ 'n', 'u', 'm', 'b', 'e', 'r', 'z', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "numerik-games.ch", true */ 'n', 'u', 'm', 'e', 'r', 'i', 'k', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'h', '\0',
+  /* "numero-aleatorio.com", true */ 'n', 'u', 'm', 'e', 'r', 'o', '-', 'a', 'l', 'e', 'a', 't', 'o', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "numero1.ch", true */ 'n', 'u', 'm', 'e', 'r', 'o', '1', '.', 'c', 'h', '\0',
+  /* "numerossanos.com.ar", true */ 'n', 'u', 'm', 'e', 'r', 'o', 's', 's', 'a', 'n', 'o', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "numis.tech", true */ 'n', 'u', 'm', 'i', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "numm.fr", true */ 'n', 'u', 'm', 'm', '.', 'f', 'r', '\0',
+  /* "numwave.nl", true */ 'n', 'u', 'm', 'w', 'a', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "nunnenmacher.net", true */ 'n', 'u', 'n', 'n', 'e', 'n', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "nunomoura.com", true */ 'n', 'u', 'n', 'o', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nuos.org", true */ 'n', 'u', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nupef.org.br", true */ 'n', 'u', 'p', 'e', 'f', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "nuquery.com", true */ 'n', 'u', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nursejj.com", true */ 'n', 'u', 'r', 's', 'e', 'j', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "nurses.dating", true */ 'n', 'u', 'r', 's', 'e', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "nuryahan.com.br", true */ 'n', 'u', 'r', 'y', 'a', 'h', 'a', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nusku.biz", true */ 'n', 'u', 's', 'k', 'u', '.', 'b', 'i', 'z', '\0',
+  /* "nussadoclub.org", true */ 'n', 'u', 's', 's', 'a', 'd', 'o', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "nutikell.com", true */ 'n', 'u', 't', 'i', 'k', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nutleyeducationalfoundation.org", true */ 'n', 'u', 't', 'l', 'e', 'y', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nutleyef.org", true */ 'n', 'u', 't', 'l', 'e', 'y', 'e', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "nutonic-sports.com", true */ 'n', 'u', 't', 'o', 'n', 'i', 'c', '-', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nutri-spec.me", true */ 'n', 'u', 't', 'r', 'i', '-', 's', 'p', 'e', 'c', '.', 'm', 'e', '\0',
+  /* "nutrienti.eu", false */ 'n', 'u', 't', 'r', 'i', 'e', 'n', 't', 'i', '.', 'e', 'u', '\0',
+  /* "nutrifyyourself.com", true */ 'n', 'u', 't', 'r', 'i', 'f', 'y', 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "nutripedia.gr", true */ 'n', 'u', 't', 'r', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'g', 'r', '\0',
+  /* "nutrivisa.com.br", true */ 'n', 'u', 't', 'r', 'i', 'v', 'i', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nuvechtdal.nl", true */ 'n', 'u', 'v', 'e', 'c', 'h', 't', 'd', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "nuvini.com", true */ 'n', 'u', 'v', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nuxer.fr", true */ 'n', 'u', 'x', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "nvlop.xyz", true */ 'n', 'v', 'l', 'o', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "nvq.nl", true */ 'n', 'v', 'q', '.', 'n', 'l', '\0',
+  /* "nvr.bz", true */ 'n', 'v', 'r', '.', 'b', 'z', '\0',
+  /* "nwerc.party", true */ 'n', 'w', 'e', 'r', 'c', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "nwgh.org", false */ 'n', 'w', 'g', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "nwk1.com", true */ 'n', 'w', 'k', '1', '.', 'c', 'o', 'm', '\0',
+  /* "nwra.com", true */ 'n', 'w', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nwwc.dk", true */ 'n', 'w', 'w', 'c', '.', 'd', 'k', '\0',
+  /* "nwwnetwork.net", true */ 'n', 'w', 'w', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "nxinfo.ch", true */ 'n', 'x', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "nyan.it", true */ 'n', 'y', 'a', 'n', '.', 'i', 't', '\0',
+  /* "nyanco.space", true */ 'n', 'y', 'a', 'n', 'c', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "nyantec.com", true */ 'n', 'y', 'a', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nycoyote.org", true */ 'n', 'y', 'c', 'o', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nydnxs.com", true */ 'n', 'y', 'd', 'n', 'x', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nyffo.com", true */ 'n', 'y', 'f', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nyiad.edu", true */ 'n', 'y', 'i', 'a', 'd', '.', 'e', 'd', 'u', '\0',
+  /* "nyip.co.uk", true */ 'n', 'y', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nyip.edu", true */ 'n', 'y', 'i', 'p', '.', 'e', 'd', 'u', '\0',
+  /* "nyloc.de", true */ 'n', 'y', 'l', 'o', 'c', '.', 'd', 'e', '\0',
+  /* "nylonfeetporn.com", true */ 'n', 'y', 'l', 'o', 'n', 'f', 'e', 'e', 't', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nymphetomania.net", true */ 'n', 'y', 'm', 'p', 'h', 'e', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "nynex.net", true */ 'n', 'y', 'n', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "nyphox.ovh", true */ 'n', 'y', 'p', 'h', 'o', 'x', '.', 'o', 'v', 'h', '\0',
+  /* "nyronet.de", false */ 'n', 'y', 'r', 'o', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "nys-hk.com", true */ 'n', 'y', 's', '-', 'h', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nystudio107.com", true */ 'n', 'y', 's', 't', 'u', 'd', 'i', 'o', '1', '0', '7', '.', 'c', 'o', 'm', '\0',
+  /* "nyyu.tk", true */ 'n', 'y', 'y', 'u', '.', 't', 'k', '\0',
+  /* "nzb.cat", false */ 'n', 'z', 'b', '.', 'c', 'a', 't', '\0',
+  /* "nzstudy.ac.nz", true */ 'n', 'z', 's', 't', 'u', 'd', 'y', '.', 'a', 'c', '.', 'n', 'z', '\0',
+  /* "o-loska.cz", true */ 'o', '-', 'l', 'o', 's', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "o-sp.com", true */ 'o', '-', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "o2careers.co.uk", true */ 'o', '2', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "o3.wf", true */ 'o', '3', '.', 'w', 'f', '\0',
+  /* "o3wallet.com", true */ 'o', '3', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "o6asan.com", true */ 'o', '6', 'a', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "oaic.gov.au", true */ 'o', 'a', 'i', 'c', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0',
+  /* "oakington.info", true */ 'o', 'a', 'k', 'i', 'n', 'g', 't', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "oakparkelectrical.com", true */ 'o', 'a', 'k', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "oaksbloom.com", true */ 'o', 'a', 'k', 's', 'b', 'l', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "oakslighting.co.uk", true */ 'o', 'a', 'k', 's', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oasis-conference.org.nz", true */ 'o', 'a', 's', 'i', 's', '-', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "oasisdabeleza.com.br", true */ 'o', 'a', 's', 'i', 's', 'd', 'a', 'b', 'e', 'l', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "oatberry.me", false */ 'o', 'a', 't', 'b', 'e', 'r', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "oauth-dropins.appspot.com", false */ 'o', 'a', 'u', 't', 'h', '-', 'd', 'r', 'o', 'p', 'i', 'n', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "obamalibrary.gov", true */ 'o', 'b', 'a', 'm', 'a', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "oberhofdrinks.com", true */ 'o', 'b', 'e', 'r', 'h', 'o', 'f', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "oberhofjuice.com", true */ 'o', 'b', 'e', 'r', 'h', 'o', 'f', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "obermeiers.eu", true */ 'o', 'b', 'e', 'r', 'm', 'e', 'i', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "oberoi.de", true */ 'o', 'b', 'e', 'r', 'o', 'i', '.', 'd', 'e', '\0',
+  /* "obfuscate.xyz", true */ 'o', 'b', 'f', 'u', 's', 'c', 'a', 't', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "obg-global.com", true */ 'o', 'b', 'g', '-', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "object.earth", true */ 'o', 'b', 'j', 'e', 'c', 't', '.', 'e', 'a', 'r', 't', 'h', '\0',
+  /* "objectif-terre.ch", true */ 'o', 'b', 'j', 'e', 'c', 't', 'i', 'f', '-', 't', 'e', 'r', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "objekt-textil.ch", true */ 'o', 'b', 'j', 'e', 'k', 't', '-', 't', 'e', 'x', 't', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "oblast45.ru", false */ 'o', 'b', 'l', 'a', 's', 't', '4', '5', '.', 'r', 'u', '\0',
+  /* "oblikdom.pro", true */ 'o', 'b', 'l', 'i', 'k', 'd', 'o', 'm', '.', 'p', 'r', 'o', '\0',
+  /* "oblikdom.ru", true */ 'o', 'b', 'l', 'i', 'k', 'd', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "oblondata.io", true */ 'o', 'b', 'l', 'o', 'n', 'd', 'a', 't', 'a', '.', 'i', 'o', '\0',
+  /* "obrienlab.com", true */ 'o', 'b', 'r', 'i', 'e', 'n', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "obscur.us", true */ 'o', 'b', 's', 'c', 'u', 'r', '.', 'u', 's', '\0',
+  /* "observatory.se", true */ 'o', 'b', 's', 'e', 'r', 'v', 'a', 't', 'o', 'r', 'y', '.', 's', 'e', '\0',
+  /* "obsidianirc.net", true */ 'o', 'b', 's', 'i', 'd', 'i', 'a', 'n', 'i', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "obsproject.com", true */ 'o', 'b', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "obtima.org", true */ 'o', 'b', 't', 'i', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "obud.cz", true */ 'o', 'b', 'u', 'd', '.', 'c', 'z', '\0',
+  /* "obyvateleceska.cz", true */ 'o', 'b', 'y', 'v', 'a', 't', 'e', 'l', 'e', 'c', 'e', 's', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "oc-minecraft.com", true */ 'o', 'c', '-', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oc-sa.ch", true */ 'o', 'c', '-', 's', 'a', '.', 'c', 'h', '\0',
+  /* "ocad.com.au", true */ 'o', 'c', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ocapic.com", true */ 'o', 'c', 'a', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "occasion-impro.com", true */ 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', '-', 'i', 'm', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "occentus.net", true */ 'o', 'c', 'c', 'e', 'n', 't', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "occmon.net", true */ 'o', 'c', 'c', 'm', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ocd2016.com", true */ 'o', 'c', 'd', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0',
+  /* "oceandns.eu", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'e', 'u', '\0',
+  /* "oceandns.net", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "oceandns.nl", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'n', 'l', '\0',
+  /* "oceanvisuals.com", true */ 'o', 'c', 'e', 'a', 'n', 'v', 'i', 's', 'u', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ocelot.help", true */ 'o', 'c', 'e', 'l', 'o', 't', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "ocenovani-inspekce.cz", true */ 'o', 'c', 'e', 'n', 'o', 'v', 'a', 'n', 'i', '-', 'i', 'n', 's', 'p', 'e', 'k', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "ocf.io", true */ 'o', 'c', 'f', '.', 'i', 'o', '\0',
+  /* "ocg-card.com", true */ 'o', 'c', 'g', '-', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ochsundjunior.ch", true */ 'o', 'c', 'h', 's', 'u', 'n', 'd', 'j', 'u', 'n', 'i', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "ocim.ch", true */ 'o', 'c', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "ockendenhemming.co.uk", true */ 'o', 'c', 'k', 'e', 'n', 'd', 'e', 'n', 'h', 'e', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ocloud.fr", true */ 'o', 'c', 'l', 'o', 'u', 'd', '.', 'f', 'r', '\0',
+  /* "ocolere.ch", true */ 'o', 'c', 'o', 'l', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "ocotg.com", true */ 'o', 'c', 'o', 't', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ocrn.nl", true */ 'o', 'c', 'r', 'n', '.', 'n', 'l', '\0',
+  /* "ocsigroup.fr", true */ 'o', 'c', 's', 'i', 'g', 'r', 'o', 'u', 'p', '.', 'f', 'r', '\0',
+  /* "ocsr.nl", true */ 'o', 'c', 's', 'r', '.', 'n', 'l', '\0',
+  /* "octal.es", true */ 'o', 'c', 't', 'a', 'l', '.', 'e', 's', '\0',
+  /* "octanio.com", true */ 'o', 'c', 't', 'a', 'n', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "octav.name", false */ 'o', 'c', 't', 'a', 'v', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "octod.tk", true */ 'o', 'c', 't', 'o', 'd', '.', 't', 'k', '\0',
+  /* "octofox.de", true */ 'o', 'c', 't', 'o', 'f', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "octohedralpvp.tk", true */ 'o', 'c', 't', 'o', 'h', 'e', 'd', 'r', 'a', 'l', 'p', 'v', 'p', '.', 't', 'k', '\0',
+  /* "octolopagon.games", true */ 'o', 'c', 't', 'o', 'l', 'o', 'p', 'a', 'g', 'o', 'n', '.', 'g', 'a', 'm', 'e', 's', '\0',
+  /* "octopus-agents.com", true */ 'o', 'c', 't', 'o', 'p', 'u', 's', '-', 'a', 'g', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "octosniff.net", true */ 'o', 'c', 't', 'o', 's', 'n', 'i', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "octosys.net", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "octosys.org", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "octosys.ru", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'r', 'u', '\0',
+  /* "octothorpe.club", true */ 'o', 'c', 't', 'o', 't', 'h', 'o', 'r', 'p', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "octothorpe.ninja", true */ 'o', 'c', 't', 'o', 't', 'h', 'o', 'r', 'p', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "oddnumber.ca", true */ 'o', 'd', 'd', 'n', 'u', 'm', 'b', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "oddsandevens.ca", true */ 'o', 'd', 'd', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 's', '.', 'c', 'a', '\0',
+  /* "oddsandevensbookkeeping.ca", true */ 'o', 'd', 'd', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 's', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "oddtime.net", true */ 'o', 'd', 'd', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "odensc.me", true */ 'o', 'd', 'e', 'n', 's', 'c', '.', 'm', 'e', '\0',
+  /* "odifi.com", true */ 'o', 'd', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "odoo.co.th", false */ 'o', 'd', 'o', 'o', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "odtu.lu", true */ 'o', 'd', 't', 'u', '.', 'l', 'u', '\0',
+  /* "oducs.org", true */ 'o', 'd', 'u', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "odysseyconservationtrust.com", true */ 'o', 'd', 'y', 's', 's', 'e', 'y', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', 't', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "odysseyofthemind.eu", true */ 'o', 'd', 'y', 's', 's', 'e', 'y', 'o', 'f', 't', 'h', 'e', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "odzyskaniedomeny.pl", true */ 'o', 'd', 'z', 'y', 's', 'k', 'a', 'n', 'i', 'e', 'd', 'o', 'm', 'e', 'n', 'y', '.', 'p', 'l', '\0',
+  /* "oec-music.com", true */ 'o', 'e', 'c', '-', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oeh.ac.at", true */ 'o', 'e', 'h', '.', 'a', 'c', '.', 'a', 't', '\0',
+  /* "oeko-bundesfreiwilligendienst-sh.de", true */ 'o', 'e', 'k', 'o', '-', 'b', 'u', 'n', 'd', 'e', 's', 'f', 'r', 'e', 'i', 'w', 'i', 'l', 'l', 'i', 'g', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '-', 's', 'h', '.', 'd', 'e', '\0',
+  /* "oeko-bundesfreiwilligendienst.de", true */ 'o', 'e', 'k', 'o', '-', 'b', 'u', 'n', 'd', 'e', 's', 'f', 'r', 'e', 'i', 'w', 'i', 'l', 'l', 'i', 'g', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '.', 'd', 'e', '\0',
+  /* "oeko-jahr-jubilaeum.de", true */ 'o', 'e', 'k', 'o', '-', 'j', 'a', 'h', 'r', '-', 'j', 'u', 'b', 'i', 'l', 'a', 'e', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "oeko-jahr.de", true */ 'o', 'e', 'k', 'o', '-', 'j', 'a', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "oelsner.net", true */ 'o', 'e', 'l', 's', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "oemwolf.com", true */ 'o', 'e', 'm', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "ofcampuslausanne.ch", true */ 'o', 'f', 'c', 'a', 'm', 'p', 'u', 's', 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "ofcss.com", true */ 'o', 'f', 'c', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ofda.gov", true */ 'o', 'f', 'd', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "offbyinfinity.com", true */ 'o', 'f', 'f', 'b', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "offenekommune.de", true */ 'o', 'f', 'f', 'e', 'n', 'e', 'k', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "offersgame.com", true */ 'o', 'f', 'f', 'e', 'r', 's', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "offgames.io", true */ 'o', 'f', 'f', 'g', 'a', 'm', 'e', 's', '.', 'i', 'o', '\0',
+  /* "office-de-tourisme.net", false */ 'o', 'f', 'f', 'i', 'c', 'e', '-', 'd', 'e', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "office-morimoto.com", true */ 'o', 'f', 'f', 'i', 'c', 'e', '-', 'm', 'o', 'r', 'i', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "officefundays.co.uk", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "officemovepro.com", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'm', 'o', 'v', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "officeprint.co.th", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "officiants.wedding", false */ 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'n', 't', 's', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "officium.tech", true */ 'o', 'f', 'f', 'i', 'c', 'i', 'u', 'm', '.', 't', 'e', 'c', 'h', '\0',
+  /* "offroadeq.com", true */ 'o', 'f', 'f', 'r', 'o', 'a', 'd', 'e', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "offshoot.rentals", true */ 'o', 'f', 'f', 's', 'h', 'o', 'o', 't', '.', 'r', 'e', 'n', 't', 'a', 'l', 's', '\0',
+  /* "offtherails.ie", true */ 'o', 'f', 'f', 't', 'h', 'e', 'r', 'a', 'i', 'l', 's', '.', 'i', 'e', '\0',
+  /* "ofggolf.com", true */ 'o', 'f', 'g', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "oflow.me", true */ 'o', 'f', 'l', 'o', 'w', '.', 'm', 'e', '\0',
+  /* "oftamedic.com", true */ 'o', 'f', 't', 'a', 'm', 'e', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oftn.org", true */ 'o', 'f', 't', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oge.ch", true */ 'o', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "oggw.us", true */ 'o', 'g', 'g', 'w', '.', 'u', 's', '\0',
+  /* "ogis.gov", true */ 'o', 'g', 'i', 's', '.', 'g', 'o', 'v', '\0',
+  /* "ogkw.de", true */ 'o', 'g', 'k', 'w', '.', 'd', 'e', '\0',
+  /* "oglen.ca", true */ 'o', 'g', 'l', 'e', 'n', '.', 'c', 'a', '\0',
+  /* "ogocare.com", true */ 'o', 'g', 'o', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ogrodywstudniach.pl", true */ 'o', 'g', 'r', 'o', 'd', 'y', 'w', 's', 't', 'u', 'd', 'n', 'i', 'a', 'c', 'h', '.', 'p', 'l', '\0',
+  /* "oguya.ch", true */ 'o', 'g', 'u', 'y', 'a', '.', 'c', 'h', '\0',
+  /* "oh14.de", true */ 'o', 'h', '1', '4', '.', 'd', 'e', '\0',
+  /* "ohadsoft.com", true */ 'o', 'h', 'a', 'd', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ohai.su", true */ 'o', 'h', 'a', 'i', '.', 's', 'u', '\0',
+  /* "ohayosoro.me", true */ 'o', 'h', 'a', 'y', 'o', 's', 'o', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "ohchouette.com", true */ 'o', 'h', 'c', 'h', 'o', 'u', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ohd.dk", true */ 'o', 'h', 'd', '.', 'd', 'k', '\0',
+  /* "oheila.com", true */ 'o', 'h', 'e', 'i', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ohhdeertrade.com", true */ 'o', 'h', 'h', 'd', 'e', 'e', 'r', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ohiohealthfortune100.com", true */ 'o', 'h', 'i', 'o', 'h', 'e', 'a', 'l', 't', 'h', 'f', 'o', 'r', 't', 'u', 'n', 'e', '1', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "ohling.org", true */ 'o', 'h', 'l', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "ohma.ga", true */ 'o', 'h', 'm', 'a', '.', 'g', 'a', '\0',
+  /* "ohnemusik.com", true */ 'o', 'h', 'n', 'e', 'm', 'u', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ohreally.de", true */ 'o', 'h', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "ohsohairy.co.uk", true */ 'o', 'h', 's', 'o', 'h', 'a', 'i', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oilpaintingsonly.com", true */ 'o', 'i', 'l', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 's', 'o', 'n', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "oinky.ddns.net", true */ 'o', 'i', 'n', 'k', 'y', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "ojaioliveoil.com", true */ 'o', 'j', 'a', 'i', 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ojdip.net", true */ 'o', 'j', 'd', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "ojomovies.com", true */ 'o', 'j', 'o', 'm', 'o', 'v', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ojp.gov", true */ 'o', 'j', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "okad-center.de", true */ 'o', 'k', 'a', 'd', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "okad.de", true */ 'o', 'k', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "okad.eu", true */ 'o', 'k', 'a', 'd', '.', 'e', 'u', '\0',
+  /* "okakuro.org", true */ 'o', 'k', 'a', 'k', 'u', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "okanaganrailtrail.ca", true */ 'o', 'k', 'a', 'n', 'a', 'g', 'a', 'n', 'r', 'a', 'i', 'l', 't', 'r', 'a', 'i', 'l', '.', 'c', 'a', '\0',
+  /* "okay.cf", true */ 'o', 'k', 'a', 'y', '.', 'c', 'f', '\0',
+  /* "okay.coffee", true */ 'o', 'k', 'a', 'y', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "okaz.de", true */ 'o', 'k', 'a', 'z', '.', 'd', 'e', '\0',
+  /* "okburrito.com", true */ 'o', 'k', 'b', 'u', 'r', 'r', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "okchicas.com", true */ 'o', 'k', 'c', 'h', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "okchousebuyer.com", true */ 'o', 'k', 'c', 'h', 'o', 'u', 's', 'e', 'b', 'u', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "okeeferanch.ca", true */ 'o', 'k', 'e', 'e', 'f', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "okhrana.agency", true */ 'o', 'k', 'h', 'r', 'a', 'n', 'a', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "okib.ca", true */ 'o', 'k', 'i', 'b', '.', 'c', 'a', '\0',
+  /* "okin-jp.net", true */ 'o', 'k', 'i', 'n', '-', 'j', 'p', '.', 'n', 'e', 't', '\0',
+  /* "oklahomamoversassociation.org", true */ 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', 'm', 'o', 'v', 'e', 'r', 's', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oklahomanotepro.com", true */ 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', 'n', 'o', 't', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "okmx.de", false */ 'o', 'k', 'm', 'x', '.', 'd', 'e', '\0',
+  /* "okonetwork.org.uk", true */ 'o', 'k', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "oktime.cz", true */ 'o', 'k', 't', 'i', 'm', 'e', '.', 'c', 'z', '\0',
+  /* "oktoberfeststore.nl", true */ 'o', 'k', 't', 'o', 'b', 'e', 'r', 'f', 'e', 's', 't', 's', 't', 'o', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "oktomus.com", true */ 'o', 'k', 't', 'o', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "okusiassociates.com", true */ 'o', 'k', 'u', 's', 'i', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "olasouris.com", true */ 'o', 'l', 'a', 's', 'o', 'u', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "olback.net", true */ 'o', 'l', 'b', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "oldandyounglesbians.us", true */ 'o', 'l', 'd', 'a', 'n', 'd', 'y', 'o', 'u', 'n', 'g', 'l', 'e', 's', 'b', 'i', 'a', 'n', 's', '.', 'u', 's', '\0',
+  /* "oldbrookinflatables.co.uk", true */ 'o', 'l', 'd', 'b', 'r', 'o', 'o', 'k', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oldbrookmarqueehire.co.uk", true */ 'o', 'l', 'd', 'b', 'r', 'o', 'o', 'k', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oldchaphome.nl", true */ 'o', 'l', 'd', 'c', 'h', 'a', 'p', 'h', 'o', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "oldenglishsheepdog.com.br", true */ 'o', 'l', 'd', 'e', 'n', 'g', 'l', 'i', 's', 'h', 's', 'h', 'e', 'e', 'p', 'd', 'o', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "oldking.net", true */ 'o', 'l', 'd', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "oldtimer-trifft-flugplatz.de", true */ 'o', 'l', 'd', 't', 'i', 'm', 'e', 'r', '-', 't', 'r', 'i', 'f', 'f', 't', '-', 'f', 'l', 'u', 'g', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "olegon.ru", true */ 'o', 'l', 'e', 'g', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "olegs.be", true */ 'o', 'l', 'e', 'g', 's', '.', 'b', 'e', '\0',
+  /* "oleksii.name", true */ 'o', 'l', 'e', 'k', 's', 'i', 'i', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "oleodecopayba.com.br", true */ 'o', 'l', 'e', 'o', 'd', 'e', 'c', 'o', 'p', 'a', 'y', 'b', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "olgiati.org", true */ 'o', 'l', 'g', 'i', 'a', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "olightstore.com", true */ 'o', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "olightstore.ro", true */ 'o', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "oliode.tk", true */ 'o', 'l', 'i', 'o', 'd', 'e', '.', 't', 'k', '\0',
+  /* "oliveoiltest.com", true */ 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oliveoiltimes.com", true */ 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "oliveraiedelabastideblanche.fr", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'a', 'i', 'e', 'd', 'e', 'l', 'a', 'b', 'a', 's', 't', 'i', 'd', 'e', 'b', 'l', 'a', 'n', 'c', 'h', 'e', '.', 'f', 'r', '\0',
+  /* "oliverfaircliff.com", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'f', 'a', 'i', 'r', 'c', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "olivernaraki.com", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'n', 'a', 'r', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "oliverniebuhr.de", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'n', 'i', 'e', 'b', 'u', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "olivierberardphotographe.com", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'b', 'e', 'r', 'a', 'r', 'd', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "olivierlemoal.fr", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'l', 'e', 'm', 'o', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "olivierpieters.be", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'p', 'i', 'e', 't', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "olivlabs.com", true */ 'o', 'l', 'i', 'v', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "olizeite.ch", true */ 'o', 'l', 'i', 'z', 'e', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "ollie.io", true */ 'o', 'l', 'l', 'i', 'e', '.', 'i', 'o', '\0',
+  /* "ollies.cloud", true */ 'o', 'l', 'l', 'i', 'e', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "olliespage.com", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "olliespage.net", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "olliespage.uk", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'u', 'k', '\0',
+  /* "ollning.com", true */ 'o', 'l', 'l', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "olmari.fi", true */ 'o', 'l', 'm', 'a', 'r', 'i', '.', 'f', 'i', '\0',
+  /* "olmsted.io", true */ 'o', 'l', 'm', 's', 't', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "olygazoo.com", true */ 'o', 'l', 'y', 'g', 'a', 'z', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "olymp-arts.world", true */ 'o', 'l', 'y', 'm', 'p', '-', 'a', 'r', 't', 's', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "olympe-transport.fr", true */ 'o', 'l', 'y', 'm', 'p', 'e', '-', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "olympiads.ca", true */ 'o', 'l', 'y', 'm', 'p', 'i', 'a', 'd', 's', '.', 'c', 'a', '\0',
+  /* "olympic-research.com", true */ 'o', 'l', 'y', 'm', 'p', 'i', 'c', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "om1.com", true */ 'o', 'm', '1', '.', 'c', 'o', 'm', '\0',
+  /* "omanko.porn", true */ 'o', 'm', 'a', 'n', 'k', 'o', '.', 'p', 'o', 'r', 'n', '\0',
+  /* "omarh.net", true */ 'o', 'm', 'a', 'r', 'h', '.', 'n', 'e', 't', '\0',
+  /* "omegahosting.net", true */ 'o', 'm', 'e', 'g', 'a', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "omertabeyond.com", true */ 'o', 'm', 'e', 'r', 't', 'a', 'b', 'e', 'y', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "omertabeyond.net", true */ 'o', 'm', 'e', 'r', 't', 'a', 'b', 'e', 'y', 'o', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "ometepeislandinfo.com", true */ 'o', 'm', 'e', 't', 'e', 'p', 'e', 'i', 's', 'l', 'a', 'n', 'd', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "omf.link", true */ 'o', 'm', 'f', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "omgbouncycastlehire.co.uk", true */ 'o', 'm', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "omi-news.fr", true */ 'o', 'm', 'i', '-', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "omifind.com", true */ 'o', 'm', 'i', 'f', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "omise.co", true */ 'o', 'm', 'i', 's', 'e', '.', 'c', 'o', '\0',
+  /* "omitech.co.uk", true */ 'o', 'm', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ommahpost.com", true */ 'o', 'm', 'm', 'a', 'h', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "omniasl.com", true */ 'o', 'm', 'n', 'i', 'a', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "omniatv.com", true */ 'o', 'm', 'n', 'i', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "omnienviro.com", false */ 'o', 'm', 'n', 'i', 'e', 'n', 'v', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "omnienviro.com.au", false */ 'o', 'm', 'n', 'i', 'e', 'n', 'v', 'i', 'r', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "omniscimus.net", false */ 'o', 'm', 'n', 'i', 's', 'c', 'i', 'm', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "omnisiens.se", true */ 'o', 'm', 'n', 'i', 's', 'i', 'e', 'n', 's', '.', 's', 'e', '\0',
+  /* "omnitrack.org", true */ 'o', 'm', 'n', 'i', 't', 'r', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "omniverse.ru", true */ 'o', 'm', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'r', 'u', '\0',
+  /* "omorashi.org", true */ 'o', 'm', 'o', 'r', 'a', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "omoteura.com", true */ 'o', 'm', 'o', 't', 'e', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "omranic.com", true */ 'o', 'm', 'r', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "omronwellness.com", true */ 'o', 'm', 'r', 'o', 'n', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "omsdieppe.fr", true */ 'o', 'm', 's', 'd', 'i', 'e', 'p', 'p', 'e', '.', 'f', 'r', '\0',
+  /* "omyogarishikesh.com", true */ 'o', 'm', 'y', 'o', 'g', 'a', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "on-te.ch", true */ 'o', 'n', '-', 't', 'e', '.', 'c', 'h', '\0',
+  /* "on-tech.co.uk", true */ 'o', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ona.io", true */ 'o', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "onaboat.se", true */ 'o', 'n', 'a', 'b', 'o', 'a', 't', '.', 's', 'e', '\0',
+  /* "onarto.com", true */ 'o', 'n', 'a', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "onceuponarainbow.co.uk", true */ 'o', 'n', 'c', 'e', 'u', 'p', 'o', 'n', 'a', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oncf.asso.fr", true */ 'o', 'n', 'c', 'f', '.', 'a', 's', 's', 'o', '.', 'f', 'r', '\0',
+  /* "oncodedesign.com", true */ 'o', 'n', 'c', 'o', 'd', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ond-inc.com", true */ 'o', 'n', 'd', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ondrej.org", true */ 'o', 'n', 'd', 'r', 'e', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "one-resource.com", true */ 'o', 'n', 'e', '-', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "one-s.co.jp", true */ 'o', 'n', 'e', '-', 's', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "one-tab.com", true */ 'o', 'n', 'e', '-', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "one2edit.com", true */ 'o', 'n', 'e', '2', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oneazcu.com", false */ 'o', 'n', 'e', 'a', 'z', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "onebigcow.com", true */ 'o', 'n', 'e', 'b', 'i', 'g', 'c', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "oneclic.ch", true */ 'o', 'n', 'e', 'c', 'l', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "oneclickonejob.com", true */ 'o', 'n', 'e', 'c', 'l', 'i', 'c', 'k', 'o', 'n', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "onedot.nl", true */ 'o', 'n', 'e', 'd', 'o', 't', '.', 'n', 'l', '\0',
+  /* "onedottwelve.co.jp", true */ 'o', 'n', 'e', 'd', 'o', 't', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "onedottwelve.com", true */ 'o', 'n', 'e', 'd', 'o', 't', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onedrive.com", true */ 'o', 'n', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onedrive.live.com", false */ 'o', 'n', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onee3.org", true */ 'o', 'n', 'e', 'e', '3', '.', 'o', 'r', 'g', '\0',
+  /* "onefour.ga", false */ 'o', 'n', 'e', 'f', 'o', 'u', 'r', '.', 'g', 'a', '\0',
+  /* "onelawsuit.com", true */ 'o', 'n', 'e', 'l', 'a', 'w', 's', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "onemid.net", true */ 'o', 'n', 'e', 'm', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "onemoonmedia.de", true */ 'o', 'n', 'e', 'm', 'o', 'o', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "oneononeonone.de", true */ 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "oneononeonone.tv", true */ 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', '.', 't', 'v', '\0',
+  /* "onepointzero.com", true */ 'o', 'n', 'e', 'p', 'o', 'i', 'n', 't', 'z', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "onestepfootcare.com", true */ 'o', 'n', 'e', 's', 't', 'e', 'p', 'f', 'o', 'o', 't', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onestopcastles.co.uk", true */ 'o', 'n', 'e', 's', 't', 'o', 'p', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "onetech.it", true */ 'o', 'n', 'e', 't', 'e', 'c', 'h', '.', 'i', 't', '\0',
+  /* "onetime.info", true */ 'o', 'n', 'e', 't', 'i', 'm', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "oneway.ga", true */ 'o', 'n', 'e', 'w', 'a', 'y', '.', 'g', 'a', '\0',
+  /* "onewaymail.com", true */ 'o', 'n', 'e', 'w', 'a', 'y', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "oneweb.hu", true */ 'o', 'n', 'e', 'w', 'e', 'b', '.', 'h', 'u', '\0',
+  /* "onfarma.it", true */ 'o', 'n', 'f', 'a', 'r', 'm', 'a', '.', 'i', 't', '\0',
+  /* "onguardonline.gov", true */ 'o', 'n', 'g', 'u', 'a', 'r', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "onhub1.com", true */ 'o', 'n', 'h', 'u', 'b', '1', '.', 'c', 'o', 'm', '\0',
+  /* "onionscan.org", true */ 'o', 'n', 'i', 'o', 'n', 's', 'c', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oniria.ch", true */ 'o', 'n', 'i', 'r', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "onix.eu.com", true */ 'o', 'n', 'i', 'x', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "onixcco.com.br", true */ 'o', 'n', 'i', 'x', 'c', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "onlfait.ch", true */ 'o', 'n', 'l', 'f', 'a', 'i', 't', '.', 'c', 'h', '\0',
+  /* "online-bouwmaterialen.nl", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'b', 'o', 'u', 'w', 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "online-consulting-corp.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '-', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "online-consulting-corp.fr", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '-', 'c', 'o', 'r', 'p', '.', 'f', 'r', '\0',
+  /* "online-eikaiwa-guide.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'e', 'i', 'k', 'a', 'i', 'w', 'a', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "online-results.dk", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'd', 'k', '\0',
+  /* "online-scene.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "online.marketing", true */ 'o', 'n', 'l', 'i', 'n', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '\0',
+  /* "online.swedbank.se", true */ 'o', 'n', 'l', 'i', 'n', 'e', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "online24.pt", true */ 'o', 'n', 'l', 'i', 'n', 'e', '2', '4', '.', 'p', 't', '\0',
+  /* "onlinebizdirect.com", false */ 'o', 'n', 'l', 'i', 'n', 'e', 'b', 'i', 'z', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "onlinecasino.vlaanderen", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'a', 's', 'i', 'n', 'o', '.', 'v', 'l', 'a', 'a', 'n', 'd', 'e', 'r', 'e', 'n', '\0',
+  /* "onlinecasinobluebook.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'a', 's', 'i', 'n', 'o', 'b', 'l', 'u', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "onlinecensorship.org", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'e', 'n', 's', 'o', 'r', 's', 'h', 'i', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "onlinecollegeessay.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "onlinefashion.it", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'i', 't', '\0',
+  /* "onlinelegalmarketing.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'e', 'g', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "onlinelegalmedia.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'e', 'g', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "onlinelighting.com.au", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "onlinemarketingtraining.co.uk", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "onlinepokerspelen.be", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'p', 'o', 'k', 'e', 'r', 's', 'p', 'e', 'l', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "onlinerollout.de", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'r', 'o', 'l', 'l', 'o', 'u', 't', '.', 'd', 'e', '\0',
+  /* "onlinestoreninjas.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 's', 't', 'o', 'r', 'e', 'n', 'i', 'n', 'j', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "onlineth.com", false */ 'o', 'n', 'l', 'i', 'n', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "onlinetravelmoney.co.uk", true */ 'o', 'n', 'l', 'i', 'n', 'e', 't', 'r', 'a', 'v', 'e', 'l', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "onlineweblearning.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'w', 'e', 'b', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "onlylebanon.net", true */ 'o', 'n', 'l', 'y', 'l', 'e', 'b', 'a', 'n', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "onmaps.de", true */ 'o', 'n', 'm', 'a', 'p', 's', '.', 'd', 'e', '\0',
+  /* "onmarketbookbuilds.com", true */ 'o', 'n', 'm', 'a', 'r', 'k', 'e', 't', 'b', 'o', 'o', 'k', 'b', 'u', 'i', 'l', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "onmyoji.biz", true */ 'o', 'n', 'm', 'y', 'o', 'j', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "onnee.ch", true */ 'o', 'n', 'n', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "ono.es", true */ 'o', 'n', 'o', '.', 'e', 's', '\0',
+  /* "ononpay.com", true */ 'o', 'n', 'o', 'n', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "onpay.io", true */ 'o', 'n', 'p', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "onqproductions.com", true */ 'o', 'n', 'q', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "onrr.gov", true */ 'o', 'n', 'r', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "ons.ca", true */ 'o', 'n', 's', '.', 'c', 'a', '\0',
+  /* "onsennuie.fr", true */ 'o', 'n', 's', 'e', 'n', 'n', 'u', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "onshuistrust.co.za", true */ 'o', 'n', 's', 'h', 'u', 'i', 's', 't', 'r', 'u', 's', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "onsite4u.de", true */ 'o', 'n', 's', 'i', 't', 'e', '4', 'u', '.', 'd', 'e', '\0',
+  /* "ontdekhetzelf.nu", true */ 'o', 'n', 't', 'd', 'e', 'k', 'h', 'e', 't', 'z', 'e', 'l', 'f', '.', 'n', 'u', '\0',
+  /* "onthe.network", true */ 'o', 'n', 't', 'h', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "ontheboard.com", true */ 'o', 'n', 't', 'h', 'e', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "onthebriteside.com", true */ 'o', 'n', 't', 'h', 'e', 'b', 'r', 'i', 't', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onthecheap.store", true */ 'o', 'n', 't', 'h', 'e', 'c', 'h', 'e', 'a', 'p', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "ontheten.org", true */ 'o', 'n', 't', 'h', 'e', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "onvey.io", true */ 'o', 'n', 'v', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "onviga.de", true */ 'o', 'n', 'v', 'i', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "onvirt.de", true */ 'o', 'n', 'v', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "onvori.com", true */ 'o', 'n', 'v', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "onvori.de", true */ 'o', 'n', 'v', 'o', 'r', 'i', '.', 'd', 'e', '\0',
+  /* "onwie.com", true */ 'o', 'n', 'w', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onysix.net", true */ 'o', 'n', 'y', 's', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "onyxfireinc.com", true */ 'o', 'n', 'y', 'x', 'f', 'i', 'r', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oodlessoftplay.co.uk", true */ 'o', 'o', 'd', 'l', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oogartsennet.nl", true */ 'o', 'o', 'g', 'a', 'r', 't', 's', 'e', 'n', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "ooharttemplates.com", true */ 'o', 'o', 'h', 'a', 'r', 't', 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ooonja.de", true */ 'o', 'o', 'o', 'n', 'j', 'a', '.', 'd', 'e', '\0',
+  /* "oopsis.com", true */ 'o', 'o', 'p', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ooyo.be", true */ 'o', 'o', 'y', 'o', '.', 'b', 'e', '\0',
+  /* "op11.co.uk", true */ 'o', 'p', '1', '1', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oparl.org", true */ 'o', 'p', 'a', 'r', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "opatut.de", true */ 'o', 'p', 'a', 't', 'u', 't', '.', 'd', 'e', '\0',
+  /* "opcaobolsas.com.br", true */ 'o', 'p', 'c', 'a', 'o', 'b', 'o', 'l', 's', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "opcenter.de", true */ 'o', 'p', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ope.ee", true */ 'o', 'p', 'e', '.', 'e', 'e', '\0',
+  /* "open-bs.com", true */ 'o', 'p', 'e', 'n', '-', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "open-bs.ru", true */ 'o', 'p', 'e', 'n', '-', 'b', 's', '.', 'r', 'u', '\0',
+  /* "open-desk.org", true */ 'o', 'p', 'e', 'n', '-', 'd', 'e', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "open-freax.fr", true */ 'o', 'p', 'e', 'n', '-', 'f', 'r', 'e', 'a', 'x', '.', 'f', 'r', '\0',
+  /* "open-future.be", true */ 'o', 'p', 'e', 'n', '-', 'f', 'u', 't', 'u', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "open-infrastructure.net", true */ 'o', 'p', 'e', 'n', '-', 'i', 'n', 'f', 'r', 'a', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "open-letters.de", true */ 'o', 'p', 'e', 'n', '-', 'l', 'e', 't', 't', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "open-mesh.org", true */ 'o', 'p', 'e', 'n', '-', 'm', 'e', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "open-sauce-recipes.co.uk", true */ 'o', 'p', 'e', 'n', '-', 's', 'a', 'u', 'c', 'e', '-', 'r', 'e', 'c', 'i', 'p', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "open-source.gr", true */ 'o', 'p', 'e', 'n', '-', 's', 'o', 'u', 'r', 'c', 'e', '.', 'g', 'r', '\0',
+  /* "open.gl", true */ 'o', 'p', 'e', 'n', '.', 'g', 'l', '\0',
+  /* "openacademies.com", true */ 'o', 'p', 'e', 'n', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "openacte.ch", true */ 'o', 'p', 'e', 'n', 'a', 'c', 't', 'e', '.', 'c', 'h', '\0',
+  /* "openblox.org", true */ 'o', 'p', 'e', 'n', 'b', 'l', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "openbsd.id", true */ 'o', 'p', 'e', 'n', 'b', 's', 'd', '.', 'i', 'd', '\0',
+  /* "opencad.io", true */ 'o', 'p', 'e', 'n', 'c', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "opencircuit.nl", true */ 'o', 'p', 'e', 'n', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'n', 'l', '\0',
+  /* "opencluster.at", true */ 'o', 'p', 'e', 'n', 'c', 'l', 'u', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "openconnect.com.au", true */ 'o', 'p', 'e', 'n', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "opendataincubator.eu", true */ 'o', 'p', 'e', 'n', 'd', 'a', 't', 'a', 'i', 'n', 'c', 'u', 'b', 'a', 't', 'o', 'r', '.', 'e', 'u', '\0',
+  /* "opendecide.com", true */ 'o', 'p', 'e', 'n', 'd', 'e', 'c', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "openevic.info", true */ 'o', 'p', 'e', 'n', 'e', 'v', 'i', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "openfir.st", true */ 'o', 'p', 'e', 'n', 'f', 'i', 'r', '.', 's', 't', '\0',
+  /* "openfitapi-falke.azurewebsites.net", true */ 'o', 'p', 'e', 'n', 'f', 'i', 't', 'a', 'p', 'i', '-', 'f', 'a', 'l', 'k', 'e', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "opengg.me", true */ 'o', 'p', 'e', 'n', 'g', 'g', '.', 'm', 'e', '\0',
+  /* "openings.ninja", true */ 'o', 'p', 'e', 'n', 'i', 'n', 'g', 's', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "openintelligence.uk", true */ 'o', 'p', 'e', 'n', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'u', 'k', '\0',
+  /* "openiocdb.com", true */ 'o', 'p', 'e', 'n', 'i', 'o', 'c', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "openitforum.pl", true */ 'o', 'p', 'e', 'n', 'i', 't', 'f', 'o', 'r', 'u', 'm', '.', 'p', 'l', '\0',
+  /* "openkim.org", true */ 'o', 'p', 'e', 'n', 'k', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "openkvk.nl", true */ 'o', 'p', 'e', 'n', 'k', 'v', 'k', '.', 'n', 'l', '\0',
+  /* "openmirrors.cf", true */ 'o', 'p', 'e', 'n', 'm', 'i', 'r', 'r', 'o', 'r', 's', '.', 'c', 'f', '\0',
+  /* "opennippon.com", true */ 'o', 'p', 'e', 'n', 'n', 'i', 'p', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "opennippon.ru", true */ 'o', 'p', 'e', 'n', 'n', 'i', 'p', 'p', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "openpictures.ch", true */ 'o', 'p', 'e', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "openquery.com.au", true */ 'o', 'p', 'e', 'n', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "openrainbow.com", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "openrainbow.net", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "openrainbow.org", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "openrealestate.co", true */ 'o', 'p', 'e', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', '\0',
+  /* "openresty.com", true */ 'o', 'p', 'e', 'n', 'r', 'e', 's', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "openrtv.com", true */ 'o', 'p', 'e', 'n', 'r', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "opensource-cms.nl", true */ 'o', 'p', 'e', 'n', 's', 'o', 'u', 'r', 'c', 'e', '-', 'c', 'm', 's', '.', 'n', 'l', '\0',
+  /* "opensourcedmind.eu", true */ 'o', 'p', 'e', 'n', 's', 'o', 'u', 'r', 'c', 'e', 'd', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "openspa.webhop.info", true */ 'o', 'p', 'e', 'n', 's', 'p', 'a', '.', 'w', 'e', 'b', 'h', 'o', 'p', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "openssl.org", true */ 'o', 'p', 'e', 'n', 's', 's', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "openstem.com.au", true */ 'o', 'p', 'e', 'n', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "openstreetmap.is", true */ 'o', 'p', 'e', 'n', 's', 't', 'r', 'e', 'e', 't', 'm', 'a', 'p', '.', 'i', 's', '\0',
+  /* "opentexon.com", true */ 'o', 'p', 'e', 'n', 't', 'e', 'x', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "opentrack.info", true */ 'o', 'p', 'e', 'n', 't', 'r', 'a', 'c', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "opentrash.org", true */ 'o', 'p', 'e', 'n', 't', 'r', 'a', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "openverse.com", true */ 'o', 'p', 'e', 'n', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "openvz.org", true */ 'o', 'p', 'e', 'n', 'v', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "openwaveguide.de", true */ 'o', 'p', 'e', 'n', 'w', 'a', 'v', 'e', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "openwifi.gr", true */ 'o', 'p', 'e', 'n', 'w', 'i', 'f', 'i', '.', 'g', 'r', '\0',
+  /* "openwireless.org", true */ 'o', 'p', 'e', 'n', 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "operad.fr", true */ 'o', 'p', 'e', 'r', 'a', 'd', '.', 'f', 'r', '\0',
+  /* "opfin.com", true */ 'o', 'p', 'f', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "opiates.ca", true */ 'o', 'p', 'i', 'a', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "opiates.net", true */ 'o', 'p', 'i', 'a', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "opic.gov", true */ 'o', 'p', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "opin.me", true */ 'o', 'p', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "opinion8td.com", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', '8', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "opinionicentrifuga.it", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', 'i', 'c', 'e', 'n', 't', 'r', 'i', 'f', 'u', 'g', 'a', '.', 'i', 't', '\0',
+  /* "opinionipannolini.it", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', 'i', 'p', 'a', 'n', 'n', 'o', 'l', 'i', 'n', 'i', '.', 'i', 't', '\0',
+  /* "opioids.co.uk", true */ 'o', 'p', 'i', 'o', 'i', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "opioids.com", true */ 'o', 'p', 'i', 'o', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "oplop.appspot.com", true */ 'o', 'p', 'l', 'o', 'p', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oportho.com.br", true */ 'o', 'p', 'o', 'r', 't', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "opp.ag", true */ 'o', 'p', 'p', '.', 'a', 'g', '\0',
+  /* "oppaiti.me", true */ 'o', 'p', 'p', 'a', 'i', 't', 'i', '.', 'm', 'e', '\0',
+  /* "oppejoud.ee", true */ 'o', 'p', 'p', 'e', 'j', 'o', 'u', 'd', '.', 'e', 'e', '\0',
+  /* "opportunis.me", true */ 'o', 'p', 'p', 'o', 'r', 't', 'u', 'n', 'i', 's', '.', 'm', 'e', '\0',
+  /* "opportunitycorps.org", true */ 'o', 'p', 'p', 'o', 'r', 't', 'u', 'n', 'i', 't', 'y', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "opposer.me", true */ 'o', 'p', 'p', 'o', 's', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "opq.pw", true */ 'o', 'p', 'q', '.', 'p', 'w', '\0',
+  /* "oprbox.com", true */ 'o', 'p', 'r', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "oprechtgezegd.nl", true */ 'o', 'p', 'r', 'e', 'c', 'h', 't', 'g', 'e', 'z', 'e', 'g', 'd', '.', 'n', 'l', '\0',
+  /* "opryshok.com", true */ 'o', 'p', 'r', 'y', 's', 'h', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "opsmate.com", false */ 'o', 'p', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "opsnotepad.com", true */ 'o', 'p', 's', 'n', 'o', 't', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "opticaltest.com", true */ 'o', 'p', 't', 'i', 'c', 'a', 'l', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "optiekzien.nl", true */ 'o', 'p', 't', 'i', 'e', 'k', 'z', 'i', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "optik-trosdorff.de", true */ 'o', 'p', 't', 'i', 'k', '-', 't', 'r', 'o', 's', 'd', 'o', 'r', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "optimalsetup.com", true */ 'o', 'p', 't', 'i', 'm', 'a', 'l', 's', 'e', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "optimisedlabs.com", true */ 'o', 'p', 't', 'i', 'm', 'i', 's', 'e', 'd', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "optimist.bg", true */ 'o', 'p', 't', 'i', 'm', 'i', 's', 't', '.', 'b', 'g', '\0',
+  /* "optimumwebdesigns.com", true */ 'o', 'p', 't', 'i', 'm', 'u', 'm', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "optimus.io", true */ 'o', 'p', 't', 'i', 'm', 'u', 's', '.', 'i', 'o', '\0',
+  /* "optimuscrime.net", true */ 'o', 'p', 't', 'i', 'm', 'u', 's', 'c', 'r', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "optisure.de", true */ 'o', 'p', 't', 'i', 's', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "optmos.at", true */ 'o', 'p', 't', 'm', 'o', 's', '.', 'a', 't', '\0',
+  /* "optoutday.de", true */ 'o', 'p', 't', 'o', 'u', 't', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "opunch.org", true */ 'o', 'p', 'u', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "opus-codium.fr", true */ 'o', 'p', 'u', 's', '-', 'c', 'o', 'd', 'i', 'u', 'm', '.', 'f', 'r', '\0',
+  /* "orang-utans.com", true */ 'o', 'r', 'a', 'n', 'g', '-', 'u', 't', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "orangecomputers.com", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "orangefinanse.com.pl", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'f', 'i', 'n', 'a', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "orangejetpack.com", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'j', 'e', 't', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "orangenbaum.at", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'n', 'b', 'a', 'u', 'm', '.', 'a', 't', '\0',
+  /* "oranges.tokyo", true */ 'o', 'r', 'a', 'n', 'g', 'e', 's', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "orangetravel.eu", true */ 'o', 'r', 'a', 'n', 'g', 'e', 't', 'r', 'a', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "orangutan-appeal.org.uk", true */ 'o', 'r', 'a', 'n', 'g', 'u', 't', 'a', 'n', '-', 'a', 'p', 'p', 'e', 'a', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "oranic.com", true */ 'o', 'r', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "orcahq.com", true */ 'o', 'r', 'c', 'a', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "orcamoney.com", true */ 'o', 'r', 'c', 'a', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "orchideenettoyage.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 'e', 'e', 'n', 'e', 't', 't', 'o', 'y', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "orchidlive.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "orchidsforum.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 's', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "orchidspaper.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 's', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "orcsnet.com", true */ 'o', 'r', 'c', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "orderessay.net", true */ 'o', 'r', 'd', 'e', 'r', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "ordernow.at", true */ 'o', 'r', 'd', 'e', 'r', 'n', 'o', 'w', '.', 'a', 't', '\0',
+  /* "orderswift.com", true */ 'o', 'r', 'd', 'e', 'r', 's', 'w', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ordr.mobi", true */ 'o', 'r', 'd', 'r', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "oref-idf.com", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "oref-idf.net", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "oref-idf.org", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "oreka.online", true */ 'o', 'r', 'e', 'k', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "oreshinya.xyz", true */ 'o', 'r', 'e', 's', 'h', 'i', 'n', 'y', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "oreto.de", true */ 'o', 'r', 'e', 't', 'o', '.', 'd', 'e', '\0',
+  /* "orf-digitalsatkarte.at", false */ 'o', 'r', 'f', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', 's', 'a', 't', 'k', 'a', 'r', 't', 'e', '.', 'a', 't', '\0',
+  /* "orf-kartentausch.at", false */ 'o', 'r', 'f', '-', 'k', 'a', 'r', 't', 'e', 'n', 't', 'a', 'u', 's', 'c', 'h', '.', 'a', 't', '\0',
+  /* "orfeo-engineering.ch", true */ 'o', 'r', 'f', 'e', 'o', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "organica.co.za", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "organicae.com", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'a', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "organisatieteam.nl", true */ 'o', 'r', 'g', 'a', 'n', 'i', 's', 'a', 't', 'i', 'e', 't', 'e', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "organix.ma", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'x', '.', 'm', 'a', '\0',
+  /* "orgasmium.com", true */ 'o', 'r', 'g', 'a', 's', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "orhideous.name", true */ 'o', 'r', 'h', 'i', 'd', 'e', 'o', 'u', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "orians.eu", true */ 'o', 'r', 'i', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "oribia.net", true */ 'o', 'r', 'i', 'b', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "oricejoc.com", false */ 'o', 'r', 'i', 'c', 'e', 'j', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "orientalart.nl", true */ 'o', 'r', 'i', 'e', 'n', 't', 'a', 'l', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "origami.to", true */ 'o', 'r', 'i', 'g', 'a', 'm', 'i', '.', 't', 'o', '\0',
+  /* "origamika.com", true */ 'o', 'r', 'i', 'g', 'a', 'm', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "originalniknihy.cz", true */ 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 'n', 'i', 'k', 'n', 'i', 'h', 'y', '.', 'c', 'z', '\0',
+  /* "orimex-mebel.ru", true */ 'o', 'r', 'i', 'm', 'e', 'x', '-', 'm', 'e', 'b', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "orion-universe.com", true */ 'o', 'r', 'i', 'o', 'n', '-', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "oriongames.eu", true */ 'o', 'r', 'i', 'o', 'n', 'g', 'a', 'm', 'e', 's', '.', 'e', 'u', '\0',
+  /* "orkestar-krizevci.hr", true */ 'o', 'r', 'k', 'e', 's', 't', 'a', 'r', '-', 'k', 'r', 'i', 'z', 'e', 'v', 'c', 'i', '.', 'h', 'r', '\0',
+  /* "orlandoprojects.com", true */ 'o', 'r', 'l', 'a', 'n', 'd', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "orleika.io", true */ 'o', 'r', 'l', 'e', 'i', 'k', 'a', '.', 'i', 'o', '\0',
+  /* "orlives.de", false */ 'o', 'r', 'l', 'i', 'v', 'e', 's', '.', 'd', 'e', '\0',
+  /* "ormer.nl", true */ 'o', 'r', 'm', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "orovillelaw.com", true */ 'o', 'r', 'o', 'v', 'i', 'l', 'l', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "orro.ro", true */ 'o', 'r', 'r', 'o', '.', 'r', 'o', '\0',
+  /* "orrs.de", true */ 'o', 'r', 'r', 's', '.', 'd', 'e', '\0',
+  /* "ortho-graz.at", true */ 'o', 'r', 't', 'h', 'o', '-', 'g', 'r', 'a', 'z', '.', 'a', 't', '\0',
+  /* "orthodontiste-geneve-docteur-rioux.com", true */ 'o', 'r', 't', 'h', 'o', 'd', 'o', 'n', 't', 'i', 's', 't', 'e', '-', 'g', 'e', 'n', 'e', 'v', 'e', '-', 'd', 'o', 'c', 't', 'e', 'u', 'r', '-', 'r', 'i', 'o', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "orthotictransfers.com", true */ 'o', 'r', 't', 'h', 'o', 't', 'i', 'c', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ortlepp.eu", true */ 'o', 'r', 't', 'l', 'e', 'p', 'p', '.', 'e', 'u', '\0',
+  /* "orui.com.br", true */ 'o', 'r', 'u', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "orwell1984.today", true */ 'o', 'r', 'w', 'e', 'l', 'l', '1', '9', '8', '4', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "orz.uno", true */ 'o', 'r', 'z', '.', 'u', 'n', 'o', '\0',
+  /* "os-chrome.ru", true */ 'o', 's', '-', 'c', 'h', 'r', 'o', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "os-s.net", true */ 'o', 's', '-', 's', '.', 'n', 'e', 't', '\0',
+  /* "os24.cz", true */ 'o', 's', '2', '4', '.', 'c', 'z', '\0',
+  /* "osacrypt.studio", true */ 'o', 's', 'a', 'c', 'r', 'y', 'p', 't', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "osaka-fukushi.jp", true */ 'o', 's', 'a', 'k', 'a', '-', 'f', 'u', 'k', 'u', 's', 'h', 'i', '.', 'j', 'p', '\0',
+  /* "osakeannit.fi", true */ 'o', 's', 'a', 'k', 'e', 'a', 'n', 'n', 'i', 't', '.', 'f', 'i', '\0',
+  /* "osao.org", true */ 'o', 's', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "osbi.pl", true */ 'o', 's', 'b', 'i', '.', 'p', 'l', '\0',
+  /* "osborneinn.com", true */ 'o', 's', 'b', 'o', 'r', 'n', 'e', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "osburn.com", true */ 'o', 's', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "oscamp.eu", true */ 'o', 's', 'c', 'a', 'm', 'p', '.', 'e', 'u', '\0',
+  /* "oscarvk.ch", true */ 'o', 's', 'c', 'a', 'r', 'v', 'k', '.', 'c', 'h', '\0',
+  /* "osereso.tn", true */ 'o', 's', 'e', 'r', 'e', 's', 'o', '.', 't', 'n', '\0',
+  /* "oses.mobi", true */ 'o', 's', 'e', 's', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "osha-kimi.com", true */ 'o', 's', 'h', 'a', '-', 'k', 'i', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "oshanko.de", true */ 'o', 's', 'h', 'a', 'n', 'k', 'o', '.', 'd', 'e', '\0',
+  /* "oshayr.com", true */ 'o', 's', 'h', 'a', 'y', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "oshell.me", true */ 'o', 's', 'h', 'e', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "oshinagaki.jp", true */ 'o', 's', 'h', 'i', 'n', 'a', 'g', 'a', 'k', 'i', '.', 'j', 'p', '\0',
+  /* "oshrc.gov", true */ 'o', 's', 'h', 'r', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "oskrba.net", true */ 'o', 's', 'k', 'r', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "oskuro.net", true */ 'o', 's', 'k', 'u', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "oslinux.net", true */ 'o', 's', 'l', 'i', 'n', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "osm.is", true */ 'o', 's', 'm', '.', 'i', 's', '\0',
+  /* "osmosis.org", true */ 'o', 's', 'm', 'o', 's', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ospree.me", true */ 'o', 's', 'p', 'r', 'e', 'e', '.', 'm', 'e', '\0',
+  /* "osquery.io", true */ 'o', 's', 'q', 'u', 'e', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "ostan-collections.net", true */ 'o', 's', 't', 'a', 'n', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "osterkraenzchen.de", true */ 'o', 's', 't', 'e', 'r', 'k', 'r', 'a', 'e', 'n', 'z', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ostr.io", true */ 'o', 's', 't', 'r', '.', 'i', 'o', '\0',
+  /* "ostrov8.com", true */ 'o', 's', 't', 'r', 'o', 'v', '8', '.', 'c', 'o', 'm', '\0',
+  /* "osusume-houhou.com", true */ 'o', 's', 'u', 's', 'u', 'm', 'e', '-', 'h', 'o', 'u', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "oswalds.co.uk", true */ 'o', 's', 'w', 'a', 'l', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oswaldsmillaudio.com", true */ 'o', 's', 'w', 'a', 'l', 'd', 's', 'm', 'i', 'l', 'l', 'a', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "oswbouncycastles.co.uk", true */ 'o', 's', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "osx86spain.com", true */ 'o', 's', 'x', '8', '6', 's', 'p', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "osxentwicklerforum.de", true */ 'o', 's', 'x', 'e', 'n', 't', 'w', 'i', 'c', 'k', 'l', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "oszri.hu", true */ 'o', 's', 'z', 'r', 'i', '.', 'h', 'u', '\0',
+  /* "otako.pl", true */ 'o', 't', 'a', 'k', 'o', '.', 'p', 'l', '\0',
+  /* "otakubox.de", true */ 'o', 't', 'a', 'k', 'u', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "otakurepublic.com", true */ 'o', 't', 'a', 'k', 'u', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "otakurumi.de", true */ 'o', 't', 'a', 'k', 'u', 'r', 'u', 'm', 'i', '.', 'd', 'e', '\0',
+  /* "otchecker.com", true */ 'o', 't', 'c', 'h', 'e', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "otellio.com", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "otellio.de", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "otellio.it", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'i', 't', '\0',
+  /* "oticasaopaulo.com.br", true */ 'o', 't', 'i', 'c', 'a', 's', 'a', 'o', 'p', 'a', 'u', 'l', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "oticasvisao.net.br", true */ 'o', 't', 'i', 'c', 'a', 's', 'v', 'i', 's', 'a', 'o', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "otmns.net", true */ 'o', 't', 'm', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "otorrino.pt", true */ 'o', 't', 'o', 'r', 'r', 'i', 'n', 'o', '.', 'p', 't', '\0',
+  /* "otoy.com", true */ 'o', 't', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "otoya.space", true */ 'o', 't', 'o', 'y', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "otpsmart.com.ua", true */ 'o', 't', 'p', 's', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "otr.ie", true */ 'o', 't', 'r', '.', 'i', 'e', '\0',
+  /* "otrm.de", true */ 'o', 't', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "ottoproject.io", true */ 'o', 't', 't', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "otvaracie-hodiny.sk", true */ 'o', 't', 'v', 'a', 'r', 'a', 'c', 'i', 'e', '-', 'h', 'o', 'd', 'i', 'n', 'y', '.', 's', 'k', '\0',
+  /* "otya.me", true */ 'o', 't', 'y', 'a', '.', 'm', 'e', '\0',
+  /* "ouaibe.qc.ca", true */ 'o', 'u', 'a', 'i', 'b', 'e', '.', 'q', 'c', '.', 'c', 'a', '\0',
+  /* "ouestsolutions.com", true */ 'o', 'u', 'e', 's', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ouimoove.com", true */ 'o', 'u', 'i', 'm', 'o', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "oulunjujutsu.com", true */ 'o', 'u', 'l', 'u', 'n', 'j', 'u', 'j', 'u', 't', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ourai.ws", true */ 'o', 'u', 'r', 'a', 'i', '.', 'w', 's', '\0',
+  /* "ourcloud.at", true */ 'o', 'u', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0',
+  /* "ourcodinglives.com", true */ 'o', 'u', 'r', 'c', 'o', 'd', 'i', 'n', 'g', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ourevents.net", true */ 'o', 'u', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "ourwedding.xyz", true */ 'o', 'u', 'r', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "outdoorfurniture.ie", true */ 'o', 'u', 't', 'd', 'o', 'o', 'r', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'i', 'e', '\0',
+  /* "outdoorimagingportal.com", true */ 'o', 'u', 't', 'd', 'o', 'o', 'r', 'i', 'm', 'a', 'g', 'i', 'n', 'g', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "outerlimitsdigital.com", true */ 'o', 'u', 't', 'e', 'r', 'l', 'i', 'm', 'i', 't', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "outgress.com", true */ 'o', 'u', 't', 'g', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "outka.xyz", true */ 'o', 'u', 't', 'k', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "outline.ski", true */ 'o', 'u', 't', 'l', 'i', 'n', 'e', '.', 's', 'k', 'i', '\0',
+  /* "outlookonthedesktop.com", true */ 'o', 'u', 't', 'l', 'o', 'o', 'k', 'o', 'n', 't', 'h', 'e', 'd', 'e', 's', 'k', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "outofcontrol.ca", true */ 'o', 'u', 't', 'o', 'f', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'a', '\0',
+  /* "outpostinfo.com", true */ 'o', 'u', 't', 'p', 'o', 's', 't', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "outsideconnections.com", true */ 'o', 'u', 't', 's', 'i', 'd', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "overalglas.nl", true */ 'o', 'v', 'e', 'r', 'a', 'l', 'g', 'l', 'a', 's', '.', 'n', 'l', '\0',
+  /* "overclockers.ge", true */ 'o', 'v', 'e', 'r', 'c', 'l', 'o', 'c', 'k', 'e', 'r', 's', '.', 'g', 'e', '\0',
+  /* "overdrive-usedcars.be", true */ 'o', 'v', 'e', 'r', 'd', 'r', 'i', 'v', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "overkillshop.com", true */ 'o', 'v', 'e', 'r', 'k', 'i', 'l', 'l', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "overseamusic.de", true */ 'o', 'v', 'e', 'r', 's', 'e', 'a', 'm', 'u', 's', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "oversight.garden", true */ 'o', 'v', 'e', 'r', 's', 'i', 'g', 'h', 't', '.', 'g', 'a', 'r', 'd', 'e', 'n', '\0',
+  /* "oversight.gov", true */ 'o', 'v', 'e', 'r', 's', 'i', 'g', 'h', 't', '.', 'g', 'o', 'v', '\0',
+  /* "overstap.deals", true */ 'o', 'v', 'e', 'r', 's', 't', 'a', 'p', '.', 'd', 'e', 'a', 'l', 's', '\0',
+  /* "overstappen.nl", true */ 'o', 'v', 'e', 'r', 's', 't', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "overstemmen.nl", true */ 'o', 'v', 'e', 'r', 's', 't', 'e', 'm', 'm', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "overstockpromote.com", true */ 'o', 'v', 'e', 'r', 's', 't', 'o', 'c', 'k', 'p', 'r', 'o', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "overthecloud.it", true */ 'o', 'v', 'e', 'r', 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', '.', 'i', 't', '\0',
+  /* "overthinkingit.com", true */ 'o', 'v', 'e', 'r', 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "overture.london", true */ 'o', 'v', 'e', 'r', 't', 'u', 'r', 'e', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "ovnrain.com", true */ 'o', 'v', 'n', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ovpn.to", true */ 'o', 'v', 'p', 'n', '.', 't', 'o', '\0',
+  /* "owapi.net", true */ 'o', 'w', 'a', 'p', 'i', '.', 'n', 'e', 't', '\0',
+  /* "owennelson.co.uk", true */ 'o', 'w', 'e', 'n', 'n', 'e', 'l', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "owensmith.website", true */ 'o', 'w', 'e', 'n', 's', 'm', 'i', 't', 'h', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "owl-stat.ch", true */ 'o', 'w', 'l', '-', 's', 't', 'a', 't', '.', 'c', 'h', '\0',
+  /* "owl.net", true */ 'o', 'w', 'l', '.', 'n', 'e', 't', '\0',
+  /* "owlishmedia.com", true */ 'o', 'w', 'l', 'i', 's', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "own3d.ch", true */ 'o', 'w', 'n', '3', 'd', '.', 'c', 'h', '\0',
+  /* "ownc.at", true */ 'o', 'w', 'n', 'c', '.', 'a', 't', '\0',
+  /* "owngeek.com", true */ 'o', 'w', 'n', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ownit.se", false */ 'o', 'w', 'n', 'i', 't', '.', 's', 'e', '\0',
+  /* "ownmay.com", true */ 'o', 'w', 'n', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ownspec.com", true */ 'o', 'w', 'n', 's', 'p', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oxanababy.com", true */ 'o', 'x', 'a', 'n', 'a', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "oxborrow.ca", true */ 'o', 'x', 'b', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'a', '\0',
+  /* "oxelie.com", true */ 'o', 'x', 'e', 'l', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "oxytocin.org", true */ 'o', 'x', 'y', 't', 'o', 'c', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oyesunn.com", true */ 'o', 'y', 'e', 's', 'u', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "oyoony.de", true */ 'o', 'y', 'o', 'o', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "oyosoft.fr", true */ 'o', 'y', 'o', 's', 'o', 'f', 't', '.', 'f', 'r', '\0',
+  /* "ozark.be", true */ 'o', 'z', 'a', 'r', 'k', '.', 'b', 'e', '\0',
+  /* "oznamovacipovinnost.cz", true */ 'o', 'z', 'n', 'a', 'm', 'o', 'v', 'a', 'c', 'i', 'p', 'o', 'v', 'i', 'n', 'n', 'o', 's', 't', '.', 'c', 'z', '\0',
+  /* "ozonitron.com", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ozonitron.de", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "ozonitron.eu", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "ozonytron.com", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ozonytron.de", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "ozonytron.eu", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "ozvolvo.org", true */ 'o', 'z', 'v', 'o', 'l', 'v', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "p-pc.de", true */ 'p', '-', 'p', 'c', '.', 'd', 'e', '\0',
+  /* "p-s-b.com", true */ 'p', '-', 's', '-', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "p1984.nl", false */ 'p', '1', '9', '8', '4', '.', 'n', 'l', '\0',
+  /* "p1ratrulezzz.me", true */ 'p', '1', 'r', 'a', 't', 'r', 'u', 'l', 'e', 'z', 'z', 'z', '.', 'm', 'e', '\0',
+  /* "p22.co", true */ 'p', '2', '2', '.', 'c', 'o', '\0',
+  /* "p3ter.fr", true */ 'p', '3', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "p4chivtac.com", true */ 'p', '4', 'c', 'h', 'i', 'v', 't', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pa-w.de", true */ 'p', 'a', '-', 'w', '.', 'd', 'e', '\0',
+  /* "pa.search.yahoo.com", false */ 'p', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paarberatung-hn.de", true */ 'p', 'a', 'a', 'r', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '-', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "paazmaya.fi", true */ 'p', 'a', 'a', 'z', 'm', 'a', 'y', 'a', '.', 'f', 'i', '\0',
+  /* "pabloartea.ga", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', '.', 'g', 'a', '\0',
+  /* "pabloarteaga.co.uk", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pabloarteaga.com", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pabloarteaga.es", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'e', 's', '\0',
+  /* "pabloarteaga.me", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'm', 'e', '\0',
+  /* "pabloarteaga.net", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pabloarteaga.tech", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 't', 'e', 'c', 'h', '\0',
+  /* "pabloarteaga.uk", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'u', 'k', '\0',
+  /* "pabuzo.vn", true */ 'p', 'a', 'b', 'u', 'z', 'o', '.', 'v', 'n', '\0',
+  /* "pacco.com.br", true */ 'p', 'a', 'c', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pace.car", true */ 'p', 'a', 'c', 'e', '.', 'c', 'a', 'r', '\0',
+  /* "pacelink.de", true */ 'p', 'a', 'c', 'e', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "pacificpalisadeselectrical.com", true */ 'p', 'a', 'c', 'i', 'f', 'i', 'c', 'p', 'a', 'l', 'i', 's', 'a', 'd', 'e', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pacifictilkin-occasions.be", true */ 'p', 'a', 'c', 'i', 'f', 'i', 'c', 't', 'i', 'l', 'k', 'i', 'n', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "packagingproject.management", true */ 'p', 'a', 'c', 'k', 'a', 'g', 'i', 'n', 'g', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '\0',
+  /* "packagist.org", false */ 'p', 'a', 'c', 'k', 'a', 'g', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "packaware.com", true */ 'p', 'a', 'c', 'k', 'a', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "packer.io", true */ 'p', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "packetapp.ru", true */ 'p', 'a', 'c', 'k', 'e', 't', 'a', 'p', 'p', '.', 'r', 'u', '\0',
+  /* "packetcrash.net", true */ 'p', 'a', 'c', 'k', 'e', 't', 'c', 'r', 'a', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "packetlinux.com", true */ 'p', 'a', 'c', 'k', 'e', 't', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "pacoda.de", false */ 'p', 'a', 'c', 'o', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "pactf-flag-4boxdpa21ogonzkcrs9p.com", true */ 'p', 'a', 'c', 't', 'f', '-', 'f', 'l', 'a', 'g', '-', '4', 'b', 'o', 'x', 'd', 'p', 'a', '2', '1', 'o', 'g', 'o', 'n', 'z', 'k', 'c', 'r', 's', '9', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pactf.com", true */ 'p', 'a', 'c', 't', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "paddy.rocks", true */ 'p', 'a', 'd', 'd', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "padianda.com", true */ 'p', 'a', 'd', 'i', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "padovani.de", true */ 'p', 'a', 'd', 'o', 'v', 'a', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "padrepio.in", true */ 'p', 'a', 'd', 'r', 'e', 'p', 'i', 'o', '.', 'i', 'n', '\0',
+  /* "paducaheic.com", true */ 'p', 'a', 'd', 'u', 'c', 'a', 'h', 'e', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "padzilla.com", true */ 'p', 'a', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "paedlink.ca", true */ 'p', 'a', 'e', 'd', 'l', 'i', 'n', 'k', '.', 'c', 'a', '\0',
+  /* "paf-events.ch", true */ 'p', 'a', 'f', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "pagalworld.la", true */ 'p', 'a', 'g', 'a', 'l', 'w', 'o', 'r', 'l', 'd', '.', 'l', 'a', '\0',
+  /* "pagalworld.me", true */ 'p', 'a', 'g', 'a', 'l', 'w', 'o', 'r', 'l', 'd', '.', 'm', 'e', '\0',
+  /* "page-builders.com", true */ 'p', 'a', 'g', 'e', '-', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pageantsnews.com", false */ 'p', 'a', 'g', 'e', 'a', 'n', 't', 's', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignhub.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignpro.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignshop.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignweb.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "pagefulloflies.io", true */ 'p', 'a', 'g', 'e', 'f', 'u', 'l', 'l', 'o', 'f', 'l', 'i', 'e', 's', '.', 'i', 'o', '\0',
+  /* "pages-tocaven.com", true */ 'p', 'a', 'g', 'e', 's', '-', 't', 'o', 'c', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pagewizz.com", false */ 'p', 'a', 'g', 'e', 'w', 'i', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pagiamtzis.com", true */ 'p', 'a', 'g', 'i', 'a', 'm', 't', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pagina.com.mx", true */ 'p', 'a', 'g', 'i', 'n', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "paginapolitica.ro", true */ 'p', 'a', 'g', 'i', 'n', 'a', 'p', 'o', 'l', 'i', 't', 'i', 'c', 'a', '.', 'r', 'o', '\0',
+  /* "pagure.io", true */ 'p', 'a', 'g', 'u', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "pagure.org", true */ 'p', 'a', 'g', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pahae.de", true */ 'p', 'a', 'h', 'a', 'e', '.', 'd', 'e', '\0',
+  /* "pahealthbilling.com", true */ 'p', 'a', 'h', 'e', 'a', 'l', 't', 'h', 'b', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "paindata.dk", true */ 'p', 'a', 'i', 'n', 'd', 'a', 't', 'a', '.', 'd', 'k', '\0',
+  /* "painefamily.co.uk", true */ 'p', 'a', 'i', 'n', 'e', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "painlessproperty.co.uk", true */ 'p', 'a', 'i', 'n', 'l', 'e', 's', 's', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "painosso.org", true */ 'p', 'a', 'i', 'n', 'o', 's', 's', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "paint-it.pink", true */ 'p', 'a', 'i', 'n', 't', '-', 'i', 't', '.', 'p', 'i', 'n', 'k', '\0',
+  /* "paipuman.jp", true */ 'p', 'a', 'i', 'p', 'u', 'm', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "paizinhovirgula.com", true */ 'p', 'a', 'i', 'z', 'i', 'n', 'h', 'o', 'v', 'i', 'r', 'g', 'u', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pajadam.me", true */ 'p', 'a', 'j', 'a', 'd', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "pajuvuo.fi", true */ 'p', 'a', 'j', 'u', 'v', 'u', 'o', '.', 'f', 'i', '\0',
+  /* "paketkreditsuzuki.com", true */ 'p', 'a', 'k', 'e', 't', 'k', 'r', 'e', 'd', 'i', 't', 's', 'u', 'z', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "paketwatch.de", true */ 'p', 'a', 'k', 'e', 't', 'w', 'a', 't', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "pakistani.dating", true */ 'p', 'a', 'k', 'i', 's', 't', 'a', 'n', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "pakitow.fr", true */ 'p', 'a', 'k', 'i', 't', 'o', 'w', '.', 'f', 'r', '\0',
+  /* "pakke.de", true */ 'p', 'a', 'k', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "pakremit.com", true */ 'p', 'a', 'k', 'r', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "paktolos.net", true */ 'p', 'a', 'k', 't', 'o', 'l', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "palabr.as", true */ 'p', 'a', 'l', 'a', 'b', 'r', '.', 'a', 's', '\0',
+  /* "palapadev.com", true */ 'p', 'a', 'l', 'a', 'p', 'a', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "palatin.at", true */ 'p', 'a', 'l', 'a', 't', 'i', 'n', '.', 'a', 't', '\0',
+  /* "palationtrade.com", true */ 'p', 'a', 'l', 'a', 't', 'i', 'o', 'n', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "palava.tv", true */ 'p', 'a', 'l', 'a', 'v', 'a', '.', 't', 'v', '\0',
+  /* "palavatv.com", true */ 'p', 'a', 'l', 'a', 'v', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "paleosquawk.com", true */ 'p', 'a', 'l', 'e', 'o', 's', 'q', 'u', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "palletflow.com", true */ 'p', 'a', 'l', 'l', 'e', 't', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "palli.ch", true */ 'p', 'a', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "palmavile.us", true */ 'p', 'a', 'l', 'm', 'a', 'v', 'i', 'l', 'e', '.', 'u', 's', '\0',
+  /* "palmaville.com", true */ 'p', 'a', 'l', 'm', 'a', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pamaniqu.nl", true */ 'p', 'a', 'm', 'a', 'n', 'i', 'q', 'u', '.', 'n', 'l', '\0',
+  /* "pamatv.hk", true */ 'p', 'a', 'm', 'a', 't', 'v', '.', 'h', 'k', '\0',
+  /* "pan.digital", true */ 'p', 'a', 'n', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "panaxis.ch", true */ 'p', 'a', 'n', 'a', 'x', 'i', 's', '.', 'c', 'h', '\0',
+  /* "panda-community.com", true */ 'p', 'a', 'n', 'd', 'a', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "panda.tf", true */ 'p', 'a', 'n', 'd', 'a', '.', 't', 'f', '\0',
+  /* "pandemicflu.gov", true */ 'p', 'a', 'n', 'd', 'e', 'm', 'i', 'c', 'f', 'l', 'u', '.', 'g', 'o', 'v', '\0',
+  /* "pandoraflora.com", true */ 'p', 'a', 'n', 'd', 'o', 'r', 'a', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pandymic.com", true */ 'p', 'a', 'n', 'd', 'y', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "paneldewelopera.pl", true */ 'p', 'a', 'n', 'e', 'l', 'd', 'e', 'w', 'e', 'l', 'o', 'p', 'e', 'r', 'a', '.', 'p', 'l', '\0',
+  /* "paneu.de", true */ 'p', 'a', 'n', 'e', 'u', '.', 'd', 'e', '\0',
+  /* "panier-legumes.bio", true */ 'p', 'a', 'n', 'i', 'e', 'r', '-', 'l', 'e', 'g', 'u', 'm', 'e', 's', '.', 'b', 'i', 'o', '\0',
+  /* "panj.ws", true */ 'p', 'a', 'n', 'j', '.', 'w', 's', '\0',
+  /* "panmetro.com", true */ 'p', 'a', 'n', 'm', 'e', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "panoti.com", false */ 'p', 'a', 'n', 'o', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "panoxadrez.com.br", true */ 'p', 'a', 'n', 'o', 'x', 'a', 'd', 'r', 'e', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "panpsychism.com", true */ 'p', 'a', 'n', 'p', 's', 'y', 'c', 'h', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "panpsychist.com", true */ 'p', 'a', 'n', 'p', 's', 'y', 'c', 'h', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pantallasled.com.mx", true */ 'p', 'a', 'n', 't', 'a', 'l', 'l', 'a', 's', 'l', 'e', 'd', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "pantallasled.mx", true */ 'p', 'a', 'n', 't', 'a', 'l', 'l', 'a', 's', 'l', 'e', 'd', '.', 'm', 'x', '\0',
+  /* "panthur.com.au", false */ 'p', 'a', 'n', 't', 'h', 'u', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pantographe.info", true */ 'p', 'a', 'n', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pantou.org", false */ 'p', 'a', 'n', 't', 'o', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "panzer72.ru", true */ 'p', 'a', 'n', 'z', 'e', 'r', '7', '2', '.', 'r', 'u', '\0',
+  /* "pap.la", false */ 'p', 'a', 'p', '.', 'l', 'a', '\0',
+  /* "papa-webzeit.de", true */ 'p', 'a', 'p', 'a', '-', 'w', 'e', 'b', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "papadopoulos.me", true */ 'p', 'a', 'p', 'a', 'd', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'm', 'e', '\0',
+  /* "papakatsu-life.com", true */ 'p', 'a', 'p', 'a', 'k', 'a', 't', 's', 'u', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "papatest24.de", true */ 'p', 'a', 'p', 'a', 't', 'e', 's', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "papayame.com", true */ 'p', 'a', 'p', 'a', 'y', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "papayapythons.com", true */ 'p', 'a', 'p', 'a', 'y', 'a', 'p', 'y', 't', 'h', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "paper-republic.org", true */ 'p', 'a', 'p', 'e', 'r', '-', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "paperhaven.com.au", true */ 'p', 'a', 'p', 'e', 'r', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "paperhoney.by", true */ 'p', 'a', 'p', 'e', 'r', 'h', 'o', 'n', 'e', 'y', '.', 'b', 'y', '\0',
+  /* "papermasters.com", true */ 'p', 'a', 'p', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "papersmart.net", true */ 'p', 'a', 'p', 'e', 'r', 's', 'm', 'a', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "papertracker.net", true */ 'p', 'a', 'p', 'e', 'r', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "paperturn.com", true */ 'p', 'a', 'p', 'e', 'r', 't', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "paperwork.co.za", true */ 'p', 'a', 'p', 'e', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "paperwritinghelp.net", true */ 'p', 'a', 'p', 'e', 'r', 'w', 'r', 'i', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'n', 'e', 't', '\0',
+  /* "paprikas.fr", true */ 'p', 'a', 'p', 'r', 'i', 'k', 'a', 's', '.', 'f', 'r', '\0',
+  /* "paraborsa.net", true */ 'p', 'a', 'r', 'a', 'b', 'o', 'r', 's', 'a', '.', 'n', 'e', 't', '\0',
+  /* "parachute70.com", true */ 'p', 'a', 'r', 'a', 'c', 'h', 'u', 't', 'e', '7', '0', '.', 'c', 'o', 'm', '\0',
+  /* "paradiesgirls.ch", true */ 'p', 'a', 'r', 'a', 'd', 'i', 'e', 's', 'g', 'i', 'r', 'l', 's', '.', 'c', 'h', '\0',
+  /* "paradigi.com.br", true */ 'p', 'a', 'r', 'a', 'd', 'i', 'g', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "paradise-engineer.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "paradise-engineering.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "paradise-engineers.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "paradiselost.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', 'l', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "paradisenazarene.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', 'n', 'a', 'z', 'a', 'r', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paradoxdesigns.org", true */ 'p', 'a', 'r', 'a', 'd', 'o', 'x', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "paragon.edu", true */ 'p', 'a', 'r', 'a', 'g', 'o', 'n', '.', 'e', 'd', 'u', '\0',
+  /* "paragonie.com", false */ 'p', 'a', 'r', 'a', 'g', 'o', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paragreen.net", true */ 'p', 'a', 'r', 'a', 'g', 'r', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "parakranov.ru", true */ 'p', 'a', 'r', 'a', 'k', 'r', 'a', 'n', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "paranoidmode.com", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paranoidpenguin.net", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "paranoxer.hu", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'x', 'e', 'r', '.', 'h', 'u', '\0',
+  /* "parasitologyclub.org", true */ 'p', 'a', 'r', 'a', 's', 'i', 't', 'o', 'l', 'o', 'g', 'y', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "paratlan.hu", true */ 'p', 'a', 'r', 'a', 't', 'l', 'a', 'n', '.', 'h', 'u', '\0',
+  /* "paratxt.org", true */ 'p', 'a', 'r', 'a', 't', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "parcelbroker.co.uk", true */ 'p', 'a', 'r', 'c', 'e', 'l', 'b', 'r', 'o', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "parchcraftaustralia.com", true */ 'p', 'a', 'r', 'c', 'h', 'c', 'r', 'a', 'f', 't', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "parckwart.de", true */ 'p', 'a', 'r', 'c', 'k', 'w', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "parcon.it", true */ 'p', 'a', 'r', 'c', 'o', 'n', '.', 'i', 't', '\0',
+  /* "parentheseardenne.be", true */ 'p', 'a', 'r', 'e', 'n', 't', 'h', 'e', 's', 'e', 'a', 'r', 'd', 'e', 'n', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "parentinterview.com", true */ 'p', 'a', 'r', 'e', 'n', 't', 'i', 'n', 't', 'e', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "parentsintouch.co.uk", true */ 'p', 'a', 'r', 'e', 'n', 't', 's', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pariga.co.uk", true */ 'p', 'a', 'r', 'i', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "parisescortgirls.com", true */ 'p', 'a', 'r', 'i', 's', 'e', 's', 'c', 'o', 'r', 't', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "parisfranceparking.com", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "parisfranceparking.de", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "parisfranceparking.fr", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "parisfranceparking.nl", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "parishome.jp", true */ 'p', 'a', 'r', 'i', 's', 'h', 'o', 'm', 'e', '.', 'j', 'p', '\0',
+  /* "parkingpoint.co.uk", true */ 'p', 'a', 'r', 'k', 'i', 'n', 'g', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "parksubaruoemparts.com", true */ 'p', 'a', 'r', 'k', 's', 'u', 'b', 'a', 'r', 'u', 'o', 'e', 'm', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "parkviewmotorcompany.com", true */ 'p', 'a', 'r', 'k', 'v', 'i', 'e', 'w', 'm', 'o', 't', 'o', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "parkwayminyan.org", true */ 'p', 'a', 'r', 'k', 'w', 'a', 'y', 'm', 'i', 'n', 'y', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "parlamento.gub.uy", true */ 'p', 'a', 'r', 'l', 'a', 'm', 'e', 'n', 't', 'o', '.', 'g', 'u', 'b', '.', 'u', 'y', '\0',
+  /* "parleamonluc.fr", true */ 'p', 'a', 'r', 'l', 'e', 'a', 'm', 'o', 'n', 'l', 'u', 'c', '.', 'f', 'r', '\0',
+  /* "parleu2016.nl", true */ 'p', 'a', 'r', 'l', 'e', 'u', '2', '0', '1', '6', '.', 'n', 'l', '\0',
+  /* "parolu.io", true */ 'p', 'a', 'r', 'o', 'l', 'u', '.', 'i', 'o', '\0',
+  /* "parquettista.roma.it", true */ 'p', 'a', 'r', 'q', 'u', 'e', 't', 't', 'i', 's', 't', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "parsemail.org", true */ 'p', 'a', 'r', 's', 'e', 'm', 'a', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "parser.nu", true */ 'p', 'a', 'r', 's', 'e', 'r', '.', 'n', 'u', '\0',
+  /* "parsonsfamilyhomes.com", true */ 'p', 'a', 'r', 's', 'o', 'n', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "partecipa.tn.it", true */ 'p', 'a', 'r', 't', 'e', 'c', 'i', 'p', 'a', '.', 't', 'n', '.', 'i', 't', '\0',
+  /* "parthkolekar.me", true */ 'p', 'a', 'r', 't', 'h', 'k', 'o', 'l', 'e', 'k', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "participatorybudgeting.de", true */ 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'o', 'r', 'y', 'b', 'u', 'd', 'g', 'e', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "participatorybudgeting.info", true */ 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'o', 'r', 'y', 'b', 'u', 'd', 'g', 'e', 't', 'i', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "partijtjevoordevrijheid.nl", false */ 'p', 'a', 'r', 't', 'i', 'j', 't', 'j', 'e', 'v', 'o', 'o', 'r', 'd', 'e', 'v', 'r', 'i', 'j', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "partner.sh", true */ 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 's', 'h', '\0',
+  /* "partnerbeam.com", true */ 'p', 'a', 'r', 't', 'n', 'e', 'r', 'b', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "partou.de", true */ 'p', 'a', 'r', 't', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "partridge.tech", true */ 'p', 'a', 'r', 't', 'r', 'i', 'd', 'g', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "parts4phone.com", true */ 'p', 'a', 'r', 't', 's', '4', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "partsestore.com", true */ 'p', 'a', 'r', 't', 's', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "party-and-play.co.uk", true */ 'p', 'a', 'r', 't', 'y', '-', 'a', 'n', 'd', '-', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "party-calendar.net", true */ 'p', 'a', 'r', 't', 'y', '-', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "party-kneipe-bar.com", true */ 'p', 'a', 'r', 't', 'y', '-', 'k', 'n', 'e', 'i', 'p', 'e', '-', 'b', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "party-time-inflatables-durham.co.uk", true */ 'p', 'a', 'r', 't', 'y', '-', 't', 'i', 'm', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '-', 'd', 'u', 'r', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partybounceplay.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partycentrumdebinnenhof.nl", true */ 'p', 'a', 'r', 't', 'y', 'c', 'e', 'n', 't', 'r', 'u', 'm', 'd', 'e', 'b', 'i', 'n', 'n', 'e', 'n', 'h', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "partycentrumopenhuis.nl", true */ 'p', 'a', 'r', 't', 'y', 'c', 'e', 'n', 't', 'r', 'u', 'm', 'o', 'p', 'e', 'n', 'h', 'u', 'i', 's', '.', 'n', 'l', '\0',
+  /* "partyhireisleofwight.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', 'i', 's', 'l', 'e', 'o', 'f', 'w', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyhireliverpool.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', 'l', 'i', 'v', 'e', 'r', 'p', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyrocksbounce.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'r', 'o', 'c', 'k', 's', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyschnaps.com", true */ 'p', 'a', 'r', 't', 'y', 's', 'c', 'h', 'n', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "partyspaces.co.uk", true */ 'p', 'a', 'r', 't', 'y', 's', 'p', 'a', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partytime-uk.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '-', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partytimeltd.ie", true */ 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 'l', 't', 'd', '.', 'i', 'e', '\0',
+  /* "partytownireland.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'o', 'w', 'n', 'i', 'r', 'e', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partytownmarquees.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'o', 'w', 'n', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyvan.io", true */ 'p', 'a', 'r', 't', 'y', 'v', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "partyzone.ie", true */ 'p', 'a', 'r', 't', 'y', 'z', 'o', 'n', 'e', '.', 'i', 'e', '\0',
+  /* "parvaneh.fr", true */ 'p', 'a', 'r', 'v', 'a', 'n', 'e', 'h', '.', 'f', 'r', '\0',
+  /* "pasadenapooch.org", true */ 'p', 'a', 's', 'a', 'd', 'e', 'n', 'a', 'p', 'o', 'o', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "pasadenasandwichcompany.com", true */ 'p', 'a', 's', 'a', 'd', 'e', 'n', 'a', 's', 'a', 'n', 'd', 'w', 'i', 'c', 'h', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pasarella.eu", true */ 'p', 'a', 's', 'a', 'r', 'e', 'l', 'l', 'a', '.', 'e', 'u', '\0',
+  /* "pascal-bourhis.com", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pascal-bourhis.net", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "pascal-kannchen.de", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'k', 'a', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "pascal-wittmann.de", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'w', 'i', 't', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "pascaline-jouis.fr", true */ 'p', 'a', 's', 'c', 'a', 'l', 'i', 'n', 'e', '-', 'j', 'o', 'u', 'i', 's', '.', 'f', 'r', '\0',
+  /* "pascalleguern.com", true */ 'p', 'a', 's', 'c', 'a', 'l', 'l', 'e', 'g', 'u', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pascalmathis.com", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pascalmathis.me", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'm', 'e', '\0',
+  /* "pascalmathis.net", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "pascalspoerri.ch", false */ 'p', 'a', 's', 'c', 'a', 'l', 's', 'p', 'o', 'e', 'r', 'r', 'i', '.', 'c', 'h', '\0',
+  /* "pass.org.my", true */ 'p', 'a', 's', 's', '.', 'o', 'r', 'g', '.', 'm', 'y', '\0',
+  /* "passfoto-deinfoto.ch", true */ 'p', 'a', 's', 's', 'f', 'o', 't', 'o', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "passieposse.nl", true */ 'p', 'a', 's', 's', 'i', 'e', 'p', 'o', 's', 's', 'e', '.', 'n', 'l', '\0',
+  /* "passionatefoodie.co.uk", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'a', 't', 'e', 'f', 'o', 'o', 'd', 'i', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "passionatehorsemanship.com", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'a', 't', 'e', 'h', 'o', 'r', 's', 'e', 'm', 'a', 'n', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "passionpictures.eu", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'e', 'u', '\0',
+  /* "passions-art.com", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 's', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "passphrase.today", true */ 'p', 'a', 's', 's', 'p', 'h', 'r', 'a', 's', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "passpilot.co.uk", true */ 'p', 'a', 's', 's', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "passport.yandex.by", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'b', 'y', '\0',
+  /* "passport.yandex.com", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "passport.yandex.com.tr", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "passport.yandex.kz", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'k', 'z', '\0',
+  /* "passport.yandex.ru", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "passport.yandex.ua", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'u', 'a', '\0',
+  /* "passports.govt.nz", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', 's', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "passthepopcorn.me", true */ 'p', 'a', 's', 's', 't', 'h', 'e', 'p', 'o', 'p', 'c', 'o', 'r', 'n', '.', 'm', 'e', '\0',
+  /* "passvau.lt", true */ 'p', 'a', 's', 's', 'v', 'a', 'u', '.', 'l', 't', '\0',
+  /* "passwd.one", true */ 'p', 'a', 's', 's', 'w', 'd', '.', 'o', 'n', 'e', '\0',
+  /* "passwd.org", true */ 'p', 'a', 's', 's', 'w', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "password-checker.de", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '-', 'c', 'h', 'e', 'c', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "password.codes", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "password.consulting", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "password.work", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "passwordhashing.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 'h', 'a', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "passwordkeeperbooks.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 'k', 'e', 'e', 'p', 'e', 'r', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "passwords.google.com", false */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "passwordscon.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "passwordscon.org", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "passwordsecurity.info", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "passworks.io", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'k', 's', '.', 'i', 'o', '\0',
+  /* "pasta-factory.co.il", true */ 'p', 'a', 's', 't', 'a', '-', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "pastaenprosecco.nl", true */ 'p', 'a', 's', 't', 'a', 'e', 'n', 'p', 'r', 'o', 's', 'e', 'c', 'c', 'o', '.', 'n', 'l', '\0',
+  /* "paste.fedoraproject.org", true */ 'p', 'a', 's', 't', 'e', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pastebin.co.za", true */ 'p', 'a', 's', 't', 'e', 'b', 'i', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "pasternok.org", true */ 'p', 'a', 's', 't', 'e', 'r', 'n', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "pasteros.io", true */ 'p', 'a', 's', 't', 'e', 'r', 'o', 's', '.', 'i', 'o', '\0',
+  /* "pastoral-verbund.de", true */ 'p', 'a', 's', 't', 'o', 'r', 'a', 'l', '-', 'v', 'e', 'r', 'b', 'u', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "pastorbelgagroenendael.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'b', 'e', 'l', 'g', 'a', 'g', 'r', 'o', 'e', 'n', 'e', 'n', 'd', 'a', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastorcanadense.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'c', 'a', 'n', 'a', 'd', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastordocaucaso.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'd', 'o', 'c', 'a', 'u', 'c', 'a', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastormaremanoabruzes.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'm', 'a', 'r', 'e', 'm', 'a', 'n', 'o', 'a', 'b', 'r', 'u', 'z', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastorsuico.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 's', 'u', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pasztor.at", true */ 'p', 'a', 's', 'z', 't', 'o', 'r', '.', 'a', 't', '\0',
+  /* "patadanabouca.pw", true */ 'p', 'a', 't', 'a', 'd', 'a', 'n', 'a', 'b', 'o', 'u', 'c', 'a', '.', 'p', 'w', '\0',
+  /* "pataterosviajeros.com", true */ 'p', 'a', 't', 'a', 't', 'e', 'r', 'o', 's', 'v', 'i', 'a', 'j', 'e', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "patbatesremodeling.com", false */ 'p', 'a', 't', 'b', 'a', 't', 'e', 's', 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "patdorf.com", true */ 'p', 'a', 't', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "patechmasters.com", true */ 'p', 'a', 't', 'e', 'c', 'h', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "patentfamily.de", true */ 'p', 'a', 't', 'e', 'n', 't', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "paterno-gaming.com", true */ 'p', 'a', 't', 'e', 'r', 'n', 'o', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pathagoras.com", true */ 'p', 'a', 't', 'h', 'a', 'g', 'o', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pathwaystoresilience.org", true */ 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', 't', 'o', 'r', 'e', 's', 'i', 'l', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pathwaytofaith.com", true */ 'p', 'a', 't', 'h', 'w', 'a', 'y', 't', 'o', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "patikabiztositas.hu", true */ 'p', 'a', 't', 'i', 'k', 'a', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'h', 'u', '\0',
+  /* "patouille-et-gribouille.fr", true */ 'p', 'a', 't', 'o', 'u', 'i', 'l', 'l', 'e', '-', 'e', 't', '-', 'g', 'r', 'i', 'b', 'o', 'u', 'i', 'l', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "patralos.at", false */ 'p', 'a', 't', 'r', 'a', 'l', 'o', 's', '.', 'a', 't', '\0',
+  /* "patriaco.net", true */ 'p', 'a', 't', 'r', 'i', 'a', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "patric-lenhart.de", true */ 'p', 'a', 't', 'r', 'i', 'c', '-', 'l', 'e', 'n', 'h', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "patrick-othmer.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '-', 'o', 't', 'h', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "patrick-robrecht.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '-', 'r', 'o', 'b', 'r', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "patrick.dark.name", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '.', 'd', 'a', 'r', 'k', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "patrickaudley.ca", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'a', '\0',
+  /* "patrickaudley.com", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "patrickbrosi.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'b', 'r', 'o', 's', 'i', '.', 'd', 'e', '\0',
+  /* "patrickschneider.me", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 's', 'c', 'h', 'n', 'e', 'i', 'd', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "patriksima.cz", true */ 'p', 'a', 't', 'r', 'i', 'k', 's', 'i', 'm', 'a', '.', 'c', 'z', '\0',
+  /* "patriksimek.cz", true */ 'p', 'a', 't', 'r', 'i', 'k', 's', 'i', 'm', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "patrz.eu", true */ 'p', 'a', 't', 'r', 'z', '.', 'e', 'u', '\0',
+  /* "patsyforyou.ch", true */ 'p', 'a', 't', 's', 'y', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'c', 'h', '\0',
+  /* "patsytoforyou.ch", true */ 'p', 'a', 't', 's', 'y', 't', 'o', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'c', 'h', '\0',
+  /* "pattuka.com", true */ 'p', 'a', 't', 't', 'u', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pattyliao.com", true */ 'p', 'a', 't', 't', 'y', 'l', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paudley.ca", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'a', '\0',
+  /* "paudley.com", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "paudley.org", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "paul-bronski.de", true */ 'p', 'a', 'u', 'l', '-', 'b', 'r', 'o', 'n', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "paul.reviews", true */ 'p', 'a', 'u', 'l', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "pauladamsmith.com", true */ 'p', 'a', 'u', 'l', 'a', 'd', 'a', 'm', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "paulbakaus.com", true */ 'p', 'a', 'u', 'l', 'b', 'a', 'k', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "paulbdelaat.nl", true */ 'p', 'a', 'u', 'l', 'b', 'd', 'e', 'l', 'a', 'a', 't', '.', 'n', 'l', '\0',
+  /* "paulchen.at", true */ 'p', 'a', 'u', 'l', 'c', 'h', 'e', 'n', '.', 'a', 't', '\0',
+  /* "pauldcox.com", true */ 'p', 'a', 'u', 'l', 'd', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "paulerhof.com", true */ 'p', 'a', 'u', 'l', 'e', 'r', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "paulinewesterman.nl", true */ 'p', 'a', 'u', 'l', 'i', 'n', 'e', 'w', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "paulomonteiro.pt", true */ 'p', 'a', 'u', 'l', 'o', 'm', 'o', 'n', 't', 'e', 'i', 'r', 'o', '.', 'p', 't', '\0',
+  /* "paulov.com", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "paulov.info", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "paulov.ru", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "paulpetersen.dk", true */ 'p', 'a', 'u', 'l', 'p', 'e', 't', 'e', 'r', 's', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "paulrobertlloyd.com", true */ 'p', 'a', 'u', 'l', 'r', 'o', 'b', 'e', 'r', 't', 'l', 'l', 'o', 'y', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "paulrotter.de", true */ 'p', 'a', 'u', 'l', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "paulschreiber.com", true */ 'p', 'a', 'u', 'l', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "paulscustomauto.com", true */ 'p', 'a', 'u', 'l', 's', 'c', 'u', 's', 't', 'o', 'm', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paulswartz.net", true */ 'p', 'a', 'u', 'l', 's', 'w', 'a', 'r', 't', 'z', '.', 'n', 'e', 't', '\0',
+  /* "paultibbetts.uk", true */ 'p', 'a', 'u', 'l', 't', 'i', 'b', 'b', 'e', 't', 't', 's', '.', 'u', 'k', '\0',
+  /* "paulus-foto.pl", true */ 'p', 'a', 'u', 'l', 'u', 's', '-', 'f', 'o', 't', 'o', '.', 'p', 'l', '\0',
+  /* "paulward.net", true */ 'p', 'a', 'u', 'l', 'w', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "paulwatabe.com", true */ 'p', 'a', 'u', 'l', 'w', 'a', 't', 'a', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pauspam.net", true */ 'p', 'a', 'u', 's', 'p', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "pautadiaria.com", true */ 'p', 'a', 'u', 't', 'a', 'd', 'i', 'a', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pavando.com", true */ 'p', 'a', 'v', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paveljanda.com", true */ 'p', 'a', 'v', 'e', 'l', 'j', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pavelrebrov.com", true */ 'p', 'a', 'v', 'e', 'l', 'r', 'e', 'b', 'r', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "paw.cloud", true */ 'p', 'a', 'w', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "paw.pt", true */ 'p', 'a', 'w', '.', 'p', 't', '\0',
+  /* "pawel-international.com", true */ 'p', 'a', 'w', 'e', 'l', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pawelnazaruk.com", true */ 'p', 'a', 'w', 'e', 'l', 'n', 'a', 'z', 'a', 'r', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "pawsomebox.co.uk", true */ 'p', 'a', 'w', 's', 'o', 'm', 'e', 'b', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pawsr.us", true */ 'p', 'a', 'w', 's', 'r', '.', 'u', 's', '\0',
+  /* "pay.ubuntu.com", true */ 'p', 'a', 'y', '.', 'u', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pay8522.com", true */ 'p', 'a', 'y', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "payboy.biz", true */ 'p', 'a', 'y', 'b', 'o', 'y', '.', 'b', 'i', 'z', '\0',
+  /* "payboy.rocks", true */ 'p', 'a', 'y', 'b', 'o', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "paybro.eu", true */ 'p', 'a', 'y', 'b', 'r', 'o', '.', 'e', 'u', '\0',
+  /* "payclixpayments.com", true */ 'p', 'a', 'y', 'c', 'l', 'i', 'x', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "payfazz.com", true */ 'p', 'a', 'y', 'f', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "paylike.io", true */ 'p', 'a', 'y', 'l', 'i', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "payload.tech", true */ 'p', 'a', 'y', 'l', 'o', 'a', 'd', '.', 't', 'e', 'c', 'h', '\0',
+  /* "payloc.io", true */ 'p', 'a', 'y', 'l', 'o', 'c', '.', 'i', 'o', '\0',
+  /* "payme.uz", true */ 'p', 'a', 'y', 'm', 'e', '.', 'u', 'z', '\0',
+  /* "payment-network.com", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "paymentaccuracy.gov", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', 'a', 'c', 'c', 'u', 'r', 'a', 'c', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "payments.google.com", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paymerang.com", true */ 'p', 'a', 'y', 'm', 'e', 'r', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "paymill.com", true */ 'p', 'a', 'y', 'm', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "paymill.de", true */ 'p', 'a', 'y', 'm', 'i', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "payoff.com", true */ 'p', 'a', 'y', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "paypal.com", false */ 'p', 'a', 'y', 'p', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "paypaq.com", true */ 'p', 'a', 'y', 'p', 'a', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "paypro.nl", false */ 'p', 'a', 'y', 'p', 'r', 'o', '.', 'n', 'l', '\0',
+  /* "payroll.xero.com", false */ 'p', 'a', 'y', 'r', 'o', 'l', 'l', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "payrollhive.com", true */ 'p', 'a', 'y', 'r', 'o', 'l', 'l', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paysera.com", false */ 'p', 'a', 'y', 's', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "payslipview.com", true */ 'p', 'a', 'y', 's', 'l', 'i', 'p', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "payssaintgilles.fr", true */ 'p', 'a', 'y', 's', 's', 'a', 'i', 'n', 't', 'g', 'i', 'l', 'l', 'e', 's', '.', 'f', 'r', '\0',
+  /* "paystack.com", true */ 'p', 'a', 'y', 's', 't', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "paytm.in", true */ 'p', 'a', 'y', 't', 'm', '.', 'i', 'n', '\0',
+  /* "payupay.ru", true */ 'p', 'a', 'y', 'u', 'p', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "payzang.com", true */ 'p', 'a', 'y', 'z', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pback.se", true */ 'p', 'b', 'a', 'c', 'k', '.', 's', 'e', '\0',
+  /* "pbcknd.ml", true */ 'p', 'b', 'c', 'k', 'n', 'd', '.', 'm', 'l', '\0',
+  /* "pbosquet.com", true */ 'p', 'b', 'o', 's', 'q', 'u', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pbourhis.me", true */ 'p', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'm', 'e', '\0',
+  /* "pbqs.site", true */ 'p', 'b', 'q', 's', '.', 's', 'i', 't', 'e', '\0',
+  /* "pbraunschdash.com", true */ 'p', 'b', 'r', 'a', 'u', 'n', 's', 'c', 'h', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "pbreen.co.uk", true */ 'p', 'b', 'r', 'e', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pbrumby.com", true */ 'p', 'b', 'r', 'u', 'm', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pbscreens.com", true */ 'p', 'b', 's', 'c', 'r', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pbytes.com", true */ 'p', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pbz.im", true */ 'p', 'b', 'z', '.', 'i', 'm', '\0',
+  /* "pc-rescue.me", true */ 'p', 'c', '-', 'r', 'e', 's', 'c', 'u', 'e', '.', 'm', 'e', '\0',
+  /* "pc-tweak.de", true */ 'p', 'c', '-', 't', 'w', 'e', 'a', 'k', '.', 'd', 'e', '\0',
+  /* "pcbricole.fr", true */ 'p', 'c', 'b', 'r', 'i', 'c', 'o', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "pccentral.nl", true */ 'p', 'c', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "pcel.com", true */ 'p', 'c', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pcf92.fr", true */ 'p', 'c', 'f', '9', '2', '.', 'f', 'r', '\0',
+  /* "pcfeuerwehr.de", true */ 'p', 'c', 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "pcforum.sk", true */ 'p', 'c', 'f', 'o', 'r', 'u', 'm', '.', 's', 'k', '\0',
+  /* "pcgamingfreaks.at", true */ 'p', 'c', 'g', 'a', 'm', 'i', 'n', 'g', 'f', 'r', 'e', 'a', 'k', 's', '.', 'a', 't', '\0',
+  /* "pchelpforum.net", true */ 'p', 'c', 'h', 'e', 'l', 'p', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "pciconcursos.com.br", true */ 'p', 'c', 'i', 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pcipac.com", true */ 'p', 'c', 'i', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pclaeuft.de", true */ 'p', 'c', 'l', 'a', 'e', 'u', 'f', 't', '.', 'd', 'e', '\0',
+  /* "pclob.gov", false */ 'p', 'c', 'l', 'o', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "pcloud.com", true */ 'p', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pcmkrembangan.or.id", true */ 'p', 'c', 'm', 'k', 'r', 'e', 'm', 'b', 'a', 'n', 'g', 'a', 'n', '.', 'o', 'r', '.', 'i', 'd', '\0',
+  /* "pcnotdienst-oldenburg-rastede.de", true */ 'p', 'c', 'n', 'o', 't', 'd', 'i', 'e', 'n', 's', 't', '-', 'o', 'l', 'd', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'r', 'a', 's', 't', 'e', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "pcrypt.org", true */ 'p', 'c', 'r', 'y', 'p', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pctonic.net", true */ 'p', 'c', 't', 'o', 'n', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "pctrouble.net", true */ 'p', 'c', 't', 'r', 'o', 'u', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "pcxserver.com", false */ 'p', 'c', 'x', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pdfconvert.me", true */ 'p', 'd', 'f', 'c', 'o', 'n', 'v', 'e', 'r', 't', '.', 'm', 'e', '\0',
+  /* "pdfmint.com", true */ 'p', 'd', 'f', 'm', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pdfresizer.com", true */ 'p', 'd', 'f', 'r', 'e', 's', 'i', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pdox.net", true */ 'p', 'd', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "pdthings.net", true */ 'p', 'd', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "pe.search.yahoo.com", false */ 'p', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "peak-careers.com", true */ 'p', 'e', 'a', 'k', '-', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "peaksloth.com", true */ 'p', 'e', 'a', 'k', 's', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "peanutbase.org", true */ 'p', 'e', 'a', 'n', 'u', 't', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "peanutproductionsnyc.com", true */ 'p', 'e', 'a', 'n', 'u', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', 'n', 'y', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pearbloom.com", true */ 'p', 'e', 'a', 'r', 'b', 'l', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "pebbles.net.in", true */ 'p', 'e', 'b', 'b', 'l', 'e', 's', '.', 'n', 'e', 't', '.', 'i', 'n', '\0',
+  /* "pecker-johnson.com", true */ 'p', 'e', 'c', 'k', 'e', 'r', '-', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pecot.fr", true */ 'p', 'e', 'c', 'o', 't', '.', 'f', 'r', '\0',
+  /* "pedicurean.nl", true */ 'p', 'e', 'd', 'i', 'c', 'u', 'r', 'e', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "pedicureduiven.nl", true */ 'p', 'e', 'd', 'i', 'c', 'u', 'r', 'e', 'd', 'u', 'i', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "pedidamanosevilla.com", true */ 'p', 'e', 'd', 'i', 'd', 'a', 'm', 'a', 'n', 'o', 's', 'e', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pedimoda.com.br", true */ 'p', 'e', 'd', 'i', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pedrosaurus.com", true */ 'p', 'e', 'd', 'r', 'o', 's', 'a', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pedrosluiter.nl", true */ 'p', 'e', 'd', 'r', 'o', 's', 'l', 'u', 'i', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "pedroventura.com", false */ 'p', 'e', 'd', 'r', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "peeekaaabooo.com", true */ 'p', 'e', 'e', 'e', 'k', 'a', 'a', 'a', 'b', 'o', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "peekier.com", true */ 'p', 'e', 'e', 'k', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "peep.gq", true */ 'p', 'e', 'e', 'p', '.', 'g', 'q', '\0',
+  /* "peercraft.at", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'a', 't', '\0',
+  /* "peercraft.be", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'b', 'e', '\0',
+  /* "peercraft.biz", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'b', 'i', 'z', '\0',
+  /* "peercraft.ch", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'h', '\0',
+  /* "peercraft.cn", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'n', '\0',
+  /* "peercraft.co.uk", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "peercraft.com", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "peercraft.de", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "peercraft.dk", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'd', 'k', '\0',
+  /* "peercraft.es", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'e', 's', '\0',
+  /* "peercraft.eu", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'e', 'u', '\0',
+  /* "peercraft.fr", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'f', 'r', '\0',
+  /* "peercraft.info", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "peercraft.it", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'i', 't', '\0',
+  /* "peercraft.net", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "peercraft.nl", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'l', '\0',
+  /* "peercraft.org", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'o', 'r', 'g', '\0',
+  /* "peercraft.pl", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'p', 'l', '\0',
+  /* "peercraft.pt", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'p', 't', '\0',
+  /* "peercraft.se", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 's', 'e', '\0',
+  /* "peercraft.us", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'u', 's', '\0',
+  /* "peerless.ae", true */ 'p', 'e', 'e', 'r', 'l', 'e', 's', 's', '.', 'a', 'e', '\0',
+  /* "peername.com", true */ 'p', 'e', 'e', 'r', 'n', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "peervpn.net", true */ 'p', 'e', 'e', 'r', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "peetah.com", true */ 'p', 'e', 'e', 't', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "peeters.io", true */ 'p', 'e', 'e', 't', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "peg.nu", true */ 'p', 'e', 'g', '.', 'n', 'u', '\0',
+  /* "pegas-studio.net", true */ 'p', 'e', 'g', 'a', 's', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "pehapkari.cz", true */ 'p', 'e', 'h', 'a', 'p', 'k', 'a', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "peifi.de", false */ 'p', 'e', 'i', 'f', 'i', '.', 'd', 'e', '\0',
+  /* "peippo.at", true */ 'p', 'e', 'i', 'p', 'p', 'o', '.', 'a', 't', '\0',
+  /* "pekkapleppanen.fi", true */ 'p', 'e', 'k', 'k', 'a', 'p', 'l', 'e', 'p', 'p', 'a', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "pekoe.se", true */ 'p', 'e', 'k', 'o', 'e', '.', 's', 'e', '\0',
+  /* "pelanucto.cz", true */ 'p', 'e', 'l', 'a', 'n', 'u', 'c', 't', 'o', '.', 'c', 'z', '\0',
+  /* "pelican.ie", true */ 'p', 'e', 'l', 'i', 'c', 'a', 'n', '.', 'i', 'e', '\0',
+  /* "pelletsprice.com", true */ 'p', 'e', 'l', 'l', 'e', 't', 's', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pelopogrund.com", true */ 'p', 'e', 'l', 'o', 'p', 'o', 'g', 'r', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pelopoplot.com", true */ 'p', 'e', 'l', 'o', 'p', 'o', 'p', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pemagrid.org", true */ 'p', 'e', 'm', 'a', 'g', 'r', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "penaugustin.com", true */ 'p', 'e', 'n', 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pencepay.com", true */ 'p', 'e', 'n', 'c', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pencillab.cn", true */ 'p', 'e', 'n', 'c', 'i', 'l', 'l', 'a', 'b', '.', 'c', 'n', '\0',
+  /* "penetrationstest.se", true */ 'p', 'e', 'n', 'e', 't', 'r', 'a', 't', 'i', 'o', 'n', 's', 't', 'e', 's', 't', '.', 's', 'e', '\0',
+  /* "penfold.fr", true */ 'p', 'e', 'n', 'f', 'o', 'l', 'd', '.', 'f', 'r', '\0',
+  /* "pengi.me", true */ 'p', 'e', 'n', 'g', 'i', '.', 'm', 'e', '\0',
+  /* "pennergold.net", true */ 'p', 'e', 'n', 'n', 'e', 'r', 'g', 'o', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "pennyapp.io", true */ 'p', 'e', 'n', 'n', 'y', 'a', 'p', 'p', '.', 'i', 'o', '\0',
+  /* "pennyparkerpaper.com", true */ 'p', 'e', 'n', 'n', 'y', 'p', 'a', 'r', 'k', 'e', 'r', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "penrithapartments.com.au", true */ 'p', 'e', 'n', 'r', 'i', 't', 'h', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pensacolawinterfest.org", true */ 'p', 'e', 'n', 's', 'a', 'c', 'o', 'l', 'a', 'w', 'i', 'n', 't', 'e', 'r', 'f', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pensador.com", true */ 'p', 'e', 'n', 's', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pensador.info", true */ 'p', 'e', 'n', 's', 'a', 'd', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pensioenfonds-ey.nl", true */ 'p', 'e', 'n', 's', 'i', 'o', 'e', 'n', 'f', 'o', 'n', 'd', 's', '-', 'e', 'y', '.', 'n', 'l', '\0',
+  /* "pension-veldzigt.nl", true */ 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 'v', 'e', 'l', 'd', 'z', 'i', 'g', 't', '.', 'n', 'l', '\0',
+  /* "pension-waldesruh.de", true */ 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 'w', 'a', 'l', 'd', 'e', 's', 'r', 'u', 'h', '.', 'd', 'e', '\0',
+  /* "pensiunealido.ro", true */ 'p', 'e', 'n', 's', 'i', 'u', 'n', 'e', 'a', 'l', 'i', 'd', 'o', '.', 'r', 'o', '\0',
+  /* "pentandra.com", true */ 'p', 'e', 'n', 't', 'a', 'n', 'd', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pentest.blog", true */ 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "pentest.nl", true */ 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "pentesterlab.com", true */ 'p', 'e', 'n', 't', 'e', 's', 't', 'e', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "penticton.photography", true */ 'p', 'e', 'n', 't', 'i', 'c', 't', 'o', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "penz.media", true */ 'p', 'e', 'n', 'z', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "peoplelikemeapp.com", true */ 'p', 'e', 'o', 'p', 'l', 'e', 'l', 'i', 'k', 'e', 'm', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "peoplesbankal.com", true */ 'p', 'e', 'o', 'p', 'l', 'e', 's', 'b', 'a', 'n', 'k', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pepemodelismo.com.br", true */ 'p', 'e', 'p', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 's', 'm', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "peplog.nl", true */ 'p', 'e', 'p', 'l', 'o', 'g', '.', 'n', 'l', '\0',
+  /* "pepwaterproofing.com", true */ 'p', 'e', 'p', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "per-pedes.at", true */ 'p', 'e', 'r', '-', 'p', 'e', 'd', 'e', 's', '.', 'a', 't', '\0',
+  /* "pera.gs", true */ 'p', 'e', 'r', 'a', '.', 'g', 's', '\0',
+  /* "peraparker.cz", true */ 'p', 'e', 'r', 'a', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "percolate.com", true */ 'p', 'e', 'r', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "percraft.com", true */ 'p', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "percy.io", true */ 'p', 'e', 'r', 'c', 'y', '.', 'i', 'o', '\0',
+  /* "perd.re", true */ 'p', 'e', 'r', 'd', '.', 'r', 'e', '\0',
+  /* "perecraft.com", true */ 'p', 'e', 'r', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pereuda.com", true */ 'p', 'e', 'r', 'e', 'u', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "perezdecastro.org", true */ 'p', 'e', 'r', 'e', 'z', 'd', 'e', 'c', 'a', 's', 't', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "perfect.in.th", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "perfectbalance.tech", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'b', 'a', 'l', 'a', 'n', 'c', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "perfectcloud.org", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "perfectionunite.com", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "perfectoparty.co.uk", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "perfectsnap.co.uk", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 's', 'n', 'a', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "perfektesgewicht.com", true */ 'p', 'e', 'r', 'f', 'e', 'k', 't', 'e', 's', 'g', 'e', 'w', 'i', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "perfektesgewicht.de", true */ 'p', 'e', 'r', 'f', 'e', 'k', 't', 'e', 's', 'g', 'e', 'w', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "performancesantafe.org", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'n', 'c', 'e', 's', 'a', 'n', 't', 'a', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "performaride.com.au", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "performetric.net", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'e', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "perfumeaz.com", true */ 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "perfumes.com.br", true */ 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "periodismoactual.com", true */ 'p', 'e', 'r', 'i', 'o', 'd', 'i', 's', 'm', 'o', 'a', 'c', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "periscope.tv", true */ 'p', 'e', 'r', 'i', 's', 'c', 'o', 'p', 'e', '.', 't', 'v', '\0',
+  /* "perishablepress.com", true */ 'p', 'e', 'r', 'i', 's', 'h', 'a', 'b', 'l', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "perm-jur.ch", true */ 'p', 'e', 'r', 'm', '-', 'j', 'u', 'r', '.', 'c', 'h', '\0',
+  /* "perm-juridique.ch", true */ 'p', 'e', 'r', 'm', '-', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "perm4.com", true */ 'p', 'e', 'r', 'm', '4', '.', 'c', 'o', 'm', '\0',
+  /* "permanence-juridique.com", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', '-', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "permanencejuridique-ge.ch", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "permanencejuridique.com", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "perniciousgames.com", true */ 'p', 'e', 'r', 'n', 'i', 'c', 'i', 'o', 'u', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "peromsik.com", true */ 'p', 'e', 'r', 'o', 'm', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "perot.me", true */ 'p', 'e', 'r', 'o', 't', '.', 'm', 'e', '\0',
+  /* "perpetualemotion.com", true */ 'p', 'e', 'r', 'p', 'e', 't', 'u', 'a', 'l', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "perrau.lt", true */ 'p', 'e', 'r', 'r', 'a', 'u', '.', 'l', 't', '\0',
+  /* "perrone.co", true */ 'p', 'e', 'r', 'r', 'o', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "perroquet-passion.ch", true */ 'p', 'e', 'r', 'r', 'o', 'q', 'u', 'e', 't', '-', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "personal-genome.com", true */ 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', '-', 'g', 'e', 'n', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "personcar.com.br", true */ 'p', 'e', 'r', 's', 'o', 'n', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "personnedisparue.fr", true */ 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 'd', 'i', 's', 'p', 'a', 'r', 'u', 'e', '.', 'f', 'r', '\0',
+  /* "perspectivum.com", true */ 'p', 'e', 'r', 's', 'p', 'e', 'c', 't', 'i', 'v', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "perspektivwechsel-coaching.de", true */ 'p', 'e', 'r', 's', 'p', 'e', 'k', 't', 'i', 'v', 'w', 'e', 'c', 'h', 's', 'e', 'l', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "persson.im", true */ 'p', 'e', 'r', 's', 's', 'o', 'n', '.', 'i', 'm', '\0',
+  /* "persson.me", true */ 'p', 'e', 'r', 's', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "perucasestoril.com.br", true */ 'p', 'e', 'r', 'u', 'c', 'a', 's', 'e', 's', 't', 'o', 'r', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pervacio.hu", true */ 'p', 'e', 'r', 'v', 'a', 'c', 'i', 'o', '.', 'h', 'u', '\0',
+  /* "perzeidi.hr", true */ 'p', 'e', 'r', 'z', 'e', 'i', 'd', 'i', '.', 'h', 'r', '\0',
+  /* "pestici.de", true */ 'p', 'e', 's', 't', 'i', 'c', 'i', '.', 'd', 'e', '\0',
+  /* "pet-hotel-mura.net", true */ 'p', 'e', 't', '-', 'h', 'o', 't', 'e', 'l', '-', 'm', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pet-life.top", true */ 'p', 'e', 't', '-', 'l', 'i', 'f', 'e', '.', 't', 'o', 'p', '\0',
+  /* "petabits.de", true */ 'p', 'e', 't', 'a', 'b', 'i', 't', 's', '.', 'd', 'e', '\0',
+  /* "petangen.se", true */ 'p', 'e', 't', 'a', 'n', 'g', 'e', 'n', '.', 's', 'e', '\0',
+  /* "petcarvers.com", true */ 'p', 'e', 't', 'c', 'a', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "petelew.is", true */ 'p', 'e', 't', 'e', 'l', 'e', 'w', '.', 'i', 's', '\0',
+  /* "peter.org.ua", true */ 'p', 'e', 't', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "peterandjoelle.co.uk", true */ 'p', 'e', 't', 'e', 'r', 'a', 'n', 'd', 'j', 'o', 'e', 'l', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "peterboers.info", true */ 'p', 'e', 't', 'e', 'r', 'b', 'o', 'e', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "peterdavehello.org", true */ 'p', 'e', 't', 'e', 'r', 'd', 'a', 'v', 'e', 'h', 'e', 'l', 'l', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "peterfolta.net", true */ 'p', 'e', 't', 'e', 'r', 'f', 'o', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "peterhuetz.at", true */ 'p', 'e', 't', 'e', 'r', 'h', 'u', 'e', 't', 'z', '.', 'a', 't', '\0',
+  /* "peterhuetz.com", true */ 'p', 'e', 't', 'e', 'r', 'h', 'u', 'e', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "peterjohnson.io", true */ 'p', 'e', 't', 'e', 'r', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "peterlew.is", true */ 'p', 'e', 't', 'e', 'r', 'l', 'e', 'w', '.', 'i', 's', '\0',
+  /* "peternagy.ie", true */ 'p', 'e', 't', 'e', 'r', 'n', 'a', 'g', 'y', '.', 'i', 'e', '\0',
+  /* "petersontoscano.com", true */ 'p', 'e', 't', 'e', 'r', 's', 'o', 'n', 't', 'o', 's', 'c', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pethelpers.org", true */ 'p', 'e', 't', 'h', 'e', 'l', 'p', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "petite-maison.ch", true */ 'p', 'e', 't', 'i', 't', 'e', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "petitsfrenchies.com", true */ 'p', 'e', 't', 'i', 't', 's', 'f', 'r', 'e', 'n', 'c', 'h', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "petja.me", false */ 'p', 'e', 't', 'j', 'a', '.', 'm', 'e', '\0',
+  /* "petko.me", true */ 'p', 'e', 't', 'k', 'o', '.', 'm', 'e', '\0',
+  /* "petlife.vet", true */ 'p', 'e', 't', 'l', 'i', 'f', 'e', '.', 'v', 'e', 't', '\0',
+  /* "petmall.bg", true */ 'p', 'e', 't', 'm', 'a', 'l', 'l', '.', 'b', 'g', '\0',
+  /* "petofiprogram.hu", true */ 'p', 'e', 't', 'o', 'f', 'i', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'h', 'u', '\0',
+  /* "petplus.com", true */ 'p', 'e', 't', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "petpost.co.nz", false */ 'p', 'e', 't', 'p', 'o', 's', 't', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "petrachuk.ru", true */ 'p', 'e', 't', 'r', 'a', 'c', 'h', 'u', 'k', '.', 'r', 'u', '\0',
+  /* "petrasestakova.cz", true */ 'p', 'e', 't', 'r', 'a', 's', 'e', 's', 't', 'a', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "petroscand.eu", true */ 'p', 'e', 't', 'r', 'o', 's', 'c', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "petruzz.net", true */ 'p', 'e', 't', 'r', 'u', 'z', 'z', '.', 'n', 'e', 't', '\0',
+  /* "pettitcoat.com", true */ 'p', 'e', 't', 't', 'i', 't', 'c', 'o', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "petwall.info", true */ 'p', 'e', 't', 'w', 'a', 'l', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "peuterspeelzaalhoekvanholland.nl", true */ 'p', 'e', 'u', 't', 'e', 'r', 's', 'p', 'e', 'e', 'l', 'z', 'a', 'a', 'l', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "pex.digital", true */ 'p', 'e', 'x', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "peyote.com", true */ 'p', 'e', 'y', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "peyote.org", true */ 'p', 'e', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pfa.or.jp", true */ 'p', 'f', 'a', '.', 'o', 'r', '.', 'j', 'p', '\0',
+  /* "pfadfinder-aurich.de", true */ 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '-', 'a', 'u', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "pfadfinder-grossauheim.de", true */ 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '-', 'g', 'r', 'o', 's', 's', 'a', 'u', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "pfarchimedes-pensioen123.nl", true */ 'p', 'f', 'a', 'r', 'c', 'h', 'i', 'm', 'e', 'd', 'e', 's', '-', 'p', 'e', 'n', 's', 'i', 'o', 'e', 'n', '1', '2', '3', '.', 'n', 'l', '\0',
+  /* "pfd-nz.com", false */ 'p', 'f', 'd', '-', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pferdeeinstreu-kaufen.com", true */ 'p', 'f', 'e', 'r', 'd', 'e', 'e', 'i', 'n', 's', 't', 'r', 'e', 'u', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pfeuffer-elektro.de", true */ 'p', 'f', 'e', 'u', 'f', 'f', 'e', 'r', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "pfft.net", true */ 'p', 'f', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "pfmeasure.com", true */ 'p', 'f', 'm', 'e', 'a', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pfo.io", true */ 'p', 'f', 'o', '.', 'i', 'o', '\0',
+  /* "pfolta.net", true */ 'p', 'f', 'o', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pfudor.tk", true */ 'p', 'f', 'u', 'd', 'o', 'r', '.', 't', 'k', '\0',
+  /* "pg-forum.de", true */ 'p', 'g', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "pgmann.cf", true */ 'p', 'g', 'm', 'a', 'n', 'n', '.', 'c', 'f', '\0',
+  /* "pgnetwork.net", true */ 'p', 'g', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "pgpmail.cc", true */ 'p', 'g', 'p', 'm', 'a', 'i', 'l', '.', 'c', 'c', '\0',
+  /* "pgregg.com", false */ 'p', 'g', 'r', 'e', 'g', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ph-blog.de", true */ 'p', 'h', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "ph.search.yahoo.com", false */ 'p', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phantasie.cc", true */ 'p', 'h', 'a', 'n', 't', 'a', 's', 'i', 'e', '.', 'c', 'c', '\0',
+  /* "phantastikon.de", true */ 'p', 'h', 'a', 'n', 't', 'a', 's', 't', 'i', 'k', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "pharma-display.com", true */ 'p', 'h', 'a', 'r', 'm', 'a', '-', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pharmaabsoluta.com.br", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'a', 'b', 's', 'o', 'l', 'u', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pharmaboard.de", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "pharmaboard.org", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "pharmacieplusfm.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'i', 'e', 'p', 'l', 'u', 's', 'f', 'm', '.', 'c', 'h', '\0',
+  /* "pharmafoto.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "pharmaphoto.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'p', 'h', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "pharmapolitics.com", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'p', 'o', 'l', 'i', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pharynks.com", true */ 'p', 'h', 'a', 'r', 'y', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phasme-2016.com", true */ 'p', 'h', 'a', 's', 'm', 'e', '-', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0',
+  /* "phcimages.com", true */ 'p', 'h', 'c', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phcmembers.com", true */ 'p', 'h', 'c', 'm', 'e', 'm', 'b', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phcnetworks.net", true */ 'p', 'h', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "phcorner.net", true */ 'p', 'h', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "phdhub.it", true */ 'p', 'h', 'd', 'h', 'u', 'b', '.', 'i', 't', '\0',
+  /* "phelx.de", true */ 'p', 'h', 'e', 'l', 'x', '.', 'd', 'e', '\0',
+  /* "phenomeno-porto.com", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', '-', 'p', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phenomeno.nl", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', '.', 'n', 'l', '\0',
+  /* "phenomenoporto.com", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', 'p', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phenomenoporto.nl", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', 'p', 'o', 'r', 't', 'o', '.', 'n', 'l', '\0',
+  /* "phget.com", true */ 'p', 'h', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "phi-works.com", true */ 'p', 'h', 'i', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phialo.de", true */ 'p', 'h', 'i', 'a', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "phil-phillies.com", true */ 'p', 'h', 'i', 'l', '-', 'p', 'h', 'i', 'l', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "philadelphia.com.mx", true */ 'p', 'h', 'i', 'l', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "philadelphiadancefoundation.org", true */ 'p', 'h', 'i', 'l', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'd', 'a', 'n', 'c', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "philia-sa.com", true */ 'p', 'h', 'i', 'l', 'i', 'a', '-', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "philipdb.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "philipkohn.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'k', 'o', 'h', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "philipmordue.co.uk", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'm', 'o', 'r', 'd', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "philippbirkholz.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'b', 'i', 'r', 'k', 'h', 'o', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "philippbirkholz.de", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'b', 'i', 'r', 'k', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "philippe-mignotte.fr", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', '-', 'm', 'i', 'g', 'n', 'o', 't', 't', 'e', '.', 'f', 'r', '\0',
+  /* "philippebonnard.fr", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', 'b', 'o', 'n', 'n', 'a', 'r', 'd', '.', 'f', 'r', '\0',
+  /* "philipperoose.be", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', 'r', 'o', 'o', 's', 'e', '.', 'b', 'e', '\0',
+  /* "philippheenen.de", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'h', 'e', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "philippkeschl.at", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'k', 'e', 's', 'c', 'h', 'l', '.', 'a', 't', '\0',
+  /* "phillipgoldfarb.com", true */ 'p', 'h', 'i', 'l', 'l', 'i', 'p', 'g', 'o', 'l', 'd', 'f', 'a', 'r', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "phillippi.me", true */ 'p', 'h', 'i', 'l', 'l', 'i', 'p', 'p', 'i', '.', 'm', 'e', '\0',
+  /* "phillprice.com", true */ 'p', 'h', 'i', 'l', 'l', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "philonas.net", true */ 'p', 'h', 'i', 'l', 'o', 'n', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "philosoftware.com.br", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "philosopherswool.com", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'e', 'r', 's', 'w', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "philosophyguides.org", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', 'g', 'u', 'i', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "philphonic.de", true */ 'p', 'h', 'i', 'l', 'p', 'h', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "philsturgeon.uk", true */ 'p', 'h', 'i', 'l', 's', 't', 'u', 'r', 'g', 'e', 'o', 'n', '.', 'u', 'k', '\0',
+  /* "philux.ch", true */ 'p', 'h', 'i', 'l', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "phippsreporting.com", true */ 'p', 'h', 'i', 'p', 'p', 's', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "phishingusertraining.com", true */ 'p', 'h', 'i', 's', 'h', 'i', 'n', 'g', 'u', 's', 'e', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "phocean.net", true */ 'p', 'h', 'o', 'c', 'e', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "phoenix.dj", true */ 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'd', 'j', '\0',
+  /* "phoenixlogan.com", true */ 'p', 'h', 'o', 'e', 'n', 'i', 'x', 'l', 'o', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "phone-service-center.de", true */ 'p', 'h', 'o', 'n', 'e', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "phood.be", true */ 'p', 'h', 'o', 'o', 'd', '.', 'b', 'e', '\0',
+  /* "phormance.com", true */ 'p', 'h', 'o', 'r', 'm', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phosagro.biz", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "phosagro.com", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phosagro.ru", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "photistic.org", true */ 'p', 'h', 'o', 't', 'i', 's', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "photo-livesearch.com", true */ 'p', 'h', 'o', 't', 'o', '-', 'l', 'i', 'v', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "photo-paysage.com", true */ 'p', 'h', 'o', 't', 'o', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "photo.org.il", true */ 'p', 'h', 'o', 't', 'o', '.', 'o', 'r', 'g', '.', 'i', 'l', '\0',
+  /* "photoancestry.com", true */ 'p', 'h', 'o', 't', 'o', 'a', 'n', 'c', 'e', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "photoartelle.com", true */ 'p', 'h', 'o', 't', 'o', 'a', 'r', 't', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "photodeal.fr", true */ 'p', 'h', 'o', 't', 'o', 'd', 'e', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "photographe-reims.com", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '-', 'r', 'e', 'i', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "photographyforchange.com", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', 'f', 'o', 'r', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "photographyforchange.org", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', 'f', 'o', 'r', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "photolium.net", true */ 'p', 'h', 'o', 't', 'o', 'l', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "photomodelcasting.com", true */ 'p', 'h', 'o', 't', 'o', 'm', 'o', 'd', 'e', 'l', 'c', 'a', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "photon.sh", true */ 'p', 'h', 'o', 't', 'o', 'n', '.', 's', 'h', '\0',
+  /* "phototravel.uk", true */ 'p', 'h', 'o', 't', 'o', 't', 'r', 'a', 'v', 'e', 'l', '.', 'u', 'k', '\0',
+  /* "phototrio.com", true */ 'p', 'h', 'o', 't', 'o', 't', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phoxmeh.com", true */ 'p', 'h', 'o', 'x', 'm', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "php-tuning.de", true */ 'p', 'h', 'p', '-', 't', 'u', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "phparcade.com", true */ 'p', 'h', 'p', 'a', 'r', 'c', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phpartners.org", true */ 'p', 'h', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "phpbbchinese.com", true */ 'p', 'h', 'p', 'b', 'b', 'c', 'h', 'i', 'n', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phpdistribution.com", true */ 'p', 'h', 'p', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "phpdorset.co.uk", true */ 'p', 'h', 'p', 'd', 'o', 'r', 's', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "phpkari.cz", true */ 'p', 'h', 'p', 'k', 'a', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "phpliteadmin.org", true */ 'p', 'h', 'p', 'l', 'i', 't', 'e', 'a', 'd', 'm', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "phpmyadmin.net", true */ 'p', 'h', 'p', 'm', 'y', 'a', 'd', 'm', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "phpprime.com", true */ 'p', 'h', 'p', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phpsecure.info", true */ 'p', 'h', 'p', 's', 'e', 'c', 'u', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "phra.gs", true */ 'p', 'h', 'r', 'a', '.', 'g', 's', '\0',
+  /* "phrive.space", true */ 'p', 'h', 'r', 'i', 'v', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "phryanjr.com", false */ 'p', 'h', 'r', 'y', 'a', 'n', 'j', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "phryneas.de", true */ 'p', 'h', 'r', 'y', 'n', 'e', 'a', 's', '.', 'd', 'e', '\0',
+  /* "phuket-idc.com", true */ 'p', 'h', 'u', 'k', 'e', 't', '-', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "phuket-idc.de", true */ 'p', 'h', 'u', 'k', 'e', 't', '-', 'i', 'd', 'c', '.', 'd', 'e', '\0',
+  /* "phunehehe.net", true */ 'p', 'h', 'u', 'n', 'e', 'h', 'e', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "phuong.faith", true */ 'p', 'h', 'u', 'o', 'n', 'g', '.', 'f', 'a', 'i', 't', 'h', '\0',
+  /* "phurl.de", true */ 'p', 'h', 'u', 'r', 'l', '.', 'd', 'e', '\0',
+  /* "phurl.io", true */ 'p', 'h', 'u', 'r', 'l', '.', 'i', 'o', '\0',
+  /* "phus.lu", true */ 'p', 'h', 'u', 's', '.', 'l', 'u', '\0',
+  /* "physicalism.com", true */ 'p', 'h', 'y', 's', 'i', 'c', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "physicalist.com", true */ 'p', 'h', 'y', 's', 'i', 'c', 'a', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "physiovesenaz.ch", true */ 'p', 'h', 'y', 's', 'i', 'o', 'v', 'e', 's', 'e', 'n', 'a', 'z', '.', 'c', 'h', '\0',
+  /* "pi-control.de", true */ 'p', 'i', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "pi-dash.com", true */ 'p', 'i', '-', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "pi-supply.com", true */ 'p', 'i', '-', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pianetaottica.com", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pianetaottica.info", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pianetaottica.it", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'i', 't', '\0',
+  /* "pianetatatuaggi.it", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 't', 'a', 't', 'u', 'a', 'g', 'g', 'i', '.', 'i', 't', '\0',
+  /* "piatabrasil.com.br", true */ 'p', 'i', 'a', 't', 'a', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "piatanoua.md", true */ 'p', 'i', 'a', 't', 'a', 'n', 'o', 'u', 'a', '.', 'm', 'd', '\0',
+  /* "pic.gov", true */ 'p', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "pic.sr", true */ 'p', 'i', 'c', '.', 's', 'r', '\0',
+  /* "pic2map.com", true */ 'p', 'i', 'c', '2', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "piccirello.com", true */ 'p', 'i', 'c', 'c', 'i', 'r', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "piccolo-parties.co.uk", true */ 'p', 'i', 'c', 'c', 'o', 'l', 'o', '-', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pickme.nl", true */ 'p', 'i', 'c', 'k', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "pickormix.co.uk", true */ 'p', 'i', 'c', 'k', 'o', 'r', 'm', 'i', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "picksin.club", true */ 'p', 'i', 'c', 'k', 's', 'i', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "piclect.com", true */ 'p', 'i', 'c', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "picoauto.com", true */ 'p', 'i', 'c', 'o', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "picone.com.au", true */ 'p', 'i', 'c', 'o', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "piconepress.com", true */ 'p', 'i', 'c', 'o', 'n', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "picotech.com", true */ 'p', 'i', 'c', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "picotronic.de", true */ 'p', 'i', 'c', 'o', 't', 'r', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "picsandtours.com", true */ 'p', 'i', 'c', 's', 'a', 'n', 'd', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "picster.at", true */ 'p', 'i', 'c', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "picsto.re", true */ 'p', 'i', 'c', 's', 't', 'o', '.', 'r', 'e', '\0',
+  /* "pictr.nl", true */ 'p', 'i', 'c', 't', 'r', '.', 'n', 'l', '\0',
+  /* "picture.team", true */ 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 't', 'e', 'a', 'm', '\0',
+  /* "picturingjordan.com", true */ 'p', 'i', 'c', 't', 'u', 'r', 'i', 'n', 'g', 'j', 'o', 'r', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pidginhost.com", true */ 'p', 'i', 'd', 'g', 'i', 'n', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pidjipi.com", true */ 'p', 'i', 'd', 'j', 'i', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "pieceofme.be", false */ 'p', 'i', 'e', 'c', 'e', 'o', 'f', 'm', 'e', '.', 'b', 'e', '\0',
+  /* "piedfeed.com", true */ 'p', 'i', 'e', 'd', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pieinsurance.com", true */ 'p', 'i', 'e', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "piekacz.co.uk", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "piekacz.eu.org", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "piekacz.net", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'n', 'e', 't', '\0',
+  /* "piekacz.tel", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 't', 'e', 'l', '\0',
+  /* "piem.org", true */ 'p', 'i', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "pieperhome.de", true */ 'p', 'i', 'e', 'p', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "pieq.eu", true */ 'p', 'i', 'e', 'q', '.', 'e', 'u', '\0',
+  /* "pieq.eu.org", true */ 'p', 'i', 'e', 'q', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pier28.com", true */ 'p', 'i', 'e', 'r', '2', '8', '.', 'c', 'o', 'm', '\0',
+  /* "piercing-store.com", true */ 'p', 'i', 'e', 'r', 'c', 'i', 'n', 'g', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "piercraft.com", true */ 'p', 'i', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pierre-denoblens.net", true */ 'p', 'i', 'e', 'r', 'r', 'e', '-', 'd', 'e', 'n', 'o', 'b', 'l', 'e', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "pierre-schmitz.com", true */ 'p', 'i', 'e', 'r', 'r', 'e', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pierrefv.com", true */ 'p', 'i', 'e', 'r', 'r', 'e', 'f', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pietawittermans.nl", true */ 'p', 'i', 'e', 't', 'a', 'w', 'i', 't', 't', 'e', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "pietechsf.com", true */ 'p', 'i', 'e', 't', 'e', 'c', 'h', 's', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "pieterbos.nl", true */ 'p', 'i', 'e', 't', 'e', 'r', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "pietz.uk", true */ 'p', 'i', 'e', 't', 'z', '.', 'u', 'k', '\0',
+  /* "pigritia.de", true */ 'p', 'i', 'g', 'r', 'i', 't', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "piils.fr", true */ 'p', 'i', 'i', 'l', 's', '.', 'f', 'r', '\0',
+  /* "pijuice.com", true */ 'p', 'i', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pik.bzh", true */ 'p', 'i', 'k', '.', 'b', 'z', 'h', '\0',
+  /* "pikeitservices.com.au", true */ 'p', 'i', 'k', 'e', 'i', 't', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pikmy.com", true */ 'p', 'i', 'k', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pilani.ch", true */ 'p', 'i', 'l', 'a', 'n', 'i', '.', 'c', 'h', '\0',
+  /* "pileofgarbage.net", true */ 'p', 'i', 'l', 'e', 'o', 'f', 'g', 'a', 'r', 'b', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "piliszek.net", true */ 'p', 'i', 'l', 'i', 's', 'z', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "pill.id", true */ 'p', 'i', 'l', 'l', '.', 'i', 'd', '\0',
+  /* "pimhaarsma.nl", true */ 'p', 'i', 'm', 'h', 'a', 'a', 'r', 's', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "pimhaarsmamedia.nl", true */ 'p', 'i', 'm', 'h', 'a', 'a', 'r', 's', 'm', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "pimpmyperf.fr", true */ 'p', 'i', 'm', 'p', 'm', 'y', 'p', 'e', 'r', 'f', '.', 'f', 'r', '\0',
+  /* "pin.net.au", true */ 'p', 'i', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "pinceaux.org", true */ 'p', 'i', 'n', 'c', 'e', 'a', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "pincha.com.tw", false */ 'p', 'i', 'n', 'c', 'h', 'a', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "pincodeit.com", true */ 'p', 'i', 'n', 'c', 'o', 'd', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pindanutjes.be", false */ 'p', 'i', 'n', 'd', 'a', 'n', 'u', 't', 'j', 'e', 's', '.', 'b', 'e', '\0',
+  /* "pinemountainnursery.com.au", true */ 'p', 'i', 'n', 'e', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pinemountbaptistchurch.org", true */ 'p', 'i', 'n', 'e', 'm', 'o', 'u', 'n', 't', 'b', 'a', 'p', 't', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "pinesandneedles.com", true */ 'p', 'i', 'n', 'e', 's', 'a', 'n', 'd', 'n', 'e', 'e', 'd', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pingworks.com", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pingworks.de", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "pingworks.eu", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'e', 'u', '\0',
+  /* "pingworks.net", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "pinhadigital.com", true */ 'p', 'i', 'n', 'h', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pinimg.com", true */ 'p', 'i', 'n', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pinkapple.com", true */ 'p', 'i', 'n', 'k', 'a', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pinkbike.com", true */ 'p', 'i', 'n', 'k', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pinkcasino.co.uk", true */ 'p', 'i', 'n', 'k', 'c', 'a', 's', 'i', 'n', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinkfis.ch", true */ 'p', 'i', 'n', 'k', 'f', 'i', 's', '.', 'c', 'h', '\0',
+  /* "pinkhq.com", true */ 'p', 'i', 'n', 'k', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "pinkinked.com", true */ 'p', 'i', 'n', 'k', 'i', 'n', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pinkladyapples.co.uk", true */ 'p', 'i', 'n', 'k', 'l', 'a', 'd', 'y', 'a', 'p', 'p', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinklecfest.org", true */ 'p', 'i', 'n', 'k', 'l', 'e', 'c', 'f', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pinnaclelife.co.nz", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "pinnaclelife.nz", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'n', 'z', '\0',
+  /* "pinnacles.com", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pinoyonlinetv.com", true */ 'p', 'i', 'n', 'o', 'y', 'o', 'n', 'l', 'i', 'n', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pinpayments.com", true */ 'p', 'i', 'n', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pinpointengineer.co.uk", true */ 'p', 'i', 'n', 'p', 'o', 'i', 'n', 't', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinscher.com.br", true */ 'p', 'i', 'n', 's', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pinterest.at", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'a', 't', '\0',
+  /* "pinterest.co.uk", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinterest.com", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pinterest.de", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "pinterest.engineering", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "pinterest.ie", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'i', 'e', '\0',
+  /* "pinterest.info", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pinterest.jp", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'j', 'p', '\0',
+  /* "pipenny.net", true */ 'p', 'i', 'p', 'e', 'n', 'n', 'y', '.', 'n', 'e', 't', '\0',
+  /* "piranil.com", true */ 'p', 'i', 'r', 'a', 'n', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pirate.trade", true */ 'p', 'i', 'r', 'a', 't', 'e', '.', 't', 'r', 'a', 'd', 'e', '\0',
+  /* "pirateahoy.eu", true */ 'p', 'i', 'r', 'a', 't', 'e', 'a', 'h', 'o', 'y', '.', 'e', 'u', '\0',
+  /* "piratebayproxy.tf", true */ 'p', 'i', 'r', 'a', 't', 'e', 'b', 'a', 'y', 'p', 'r', 'o', 'x', 'y', '.', 't', 'f', '\0',
+  /* "piraten-basel.ch", true */ 'p', 'i', 'r', 'a', 't', 'e', 'n', '-', 'b', 'a', 's', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "piraten-bv-nord.de", true */ 'p', 'i', 'r', 'a', 't', 'e', 'n', '-', 'b', 'v', '-', 'n', 'o', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "piratepay.io", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "piratepay.ir", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'a', 'y', '.', 'i', 'r', '\0',
+  /* "pirateproxy.cam", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'a', 'm', '\0',
+  /* "pirateproxy.cat", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'a', 't', '\0',
+  /* "pirateproxy.cc", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'c', '\0',
+  /* "pirateproxy.ist", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'i', 's', 't', '\0',
+  /* "pirateproxy.la", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'l', 'a', '\0',
+  /* "pirateproxy.one", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "pirateproxy.pl", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'l', '\0',
+  /* "pirateproxy.pw", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'w', '\0',
+  /* "pirateproxy.red", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'r', 'e', 'd', '\0',
+  /* "pirateproxy.tf", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 't', 'f', '\0',
+  /* "pirateproxy.tv", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 't', 'v', '\0',
+  /* "piratesforums.co", true */ 'p', 'i', 'r', 'a', 't', 'e', 's', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', '\0',
+  /* "pires.ovh", true */ 'p', 'i', 'r', 'e', 's', '.', 'o', 'v', 'h', '\0',
+  /* "pirganj24.com", true */ 'p', 'i', 'r', 'g', 'a', 'n', 'j', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "pirman.es", true */ 'p', 'i', 'r', 'm', 'a', 'n', '.', 'e', 's', '\0',
+  /* "pirxpilot.me", true */ 'p', 'i', 'r', 'x', 'p', 'i', 'l', 'o', 't', '.', 'm', 'e', '\0',
+  /* "piseach.be", true */ 'p', 'i', 's', 'e', 'a', 'c', 'h', '.', 'b', 'e', '\0',
+  /* "pissblau.com", true */ 'p', 'i', 's', 's', 'b', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pissflaps.co.uk", true */ 'p', 'i', 's', 's', 'f', 'l', 'a', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pisupp.ly", true */ 'p', 'i', 's', 'u', 'p', 'p', '.', 'l', 'y', '\0',
+  /* "pitchpinecapital.com", true */ 'p', 'i', 't', 'c', 'h', 'p', 'i', 'n', 'e', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pitfire.io", true */ 'p', 'i', 't', 'f', 'i', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "pitot-rs.org", true */ 'p', 'i', 't', 'o', 't', '-', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "pitsstop.nu", true */ 'p', 'i', 't', 's', 's', 't', 'o', 'p', '.', 'n', 'u', '\0',
+  /* "pittaya.com", true */ 'p', 'i', 't', 't', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pittmantraffic.co.uk", true */ 'p', 'i', 't', 't', 'm', 'a', 'n', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pivotaltracker.com", true */ 'p', 'i', 'v', 'o', 't', 'a', 'l', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pivotanimation.org", true */ 'p', 'i', 'v', 'o', 't', 'a', 'n', 'i', 'm', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "pix5.de", true */ 'p', 'i', 'x', '5', '.', 'd', 'e', '\0',
+  /* "pixel.facebook.com", false */ 'p', 'i', 'x', 'e', 'l', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "pixel.google.com", true */ 'p', 'i', 'x', 'e', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pixelbash.de", true */ 'p', 'i', 'x', 'e', 'l', 'b', 'a', 's', 'h', '.', 'd', 'e', '\0',
+  /* "pixelcubed.com", true */ 'p', 'i', 'x', 'e', 'l', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pixelesque.uk", true */ 'p', 'i', 'x', 'e', 'l', 'e', 's', 'q', 'u', 'e', '.', 'u', 'k', '\0',
+  /* "pixelfou.com", true */ 'p', 'i', 'x', 'e', 'l', 'f', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pixelminers.net", true */ 'p', 'i', 'x', 'e', 'l', 'm', 'i', 'n', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "pixelpoint.io", true */ 'p', 'i', 'x', 'e', 'l', 'p', 'o', 'i', 'n', 't', '.', 'i', 'o', '\0',
+  /* "pixelrain.info", true */ 'p', 'i', 'x', 'e', 'l', 'r', 'a', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pixelsquared.us", true */ 'p', 'i', 'x', 'e', 'l', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'u', 's', '\0',
+  /* "pixelurbia.com", true */ 'p', 'i', 'x', 'e', 'l', 'u', 'r', 'b', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pixelution.at", true */ 'p', 'i', 'x', 'e', 'l', 'u', 't', 'i', 'o', 'n', '.', 'a', 't', '\0',
+  /* "pixiv.moe", true */ 'p', 'i', 'x', 'i', 'v', '.', 'm', 'o', 'e', '\0',
+  /* "pixivimg.me", true */ 'p', 'i', 'x', 'i', 'v', 'i', 'm', 'g', '.', 'm', 'e', '\0',
+  /* "pixlfox.com", true */ 'p', 'i', 'x', 'l', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "pizala.de", true */ 'p', 'i', 'z', 'a', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "pizzabottle.com", true */ 'p', 'i', 'z', 'z', 'a', 'b', 'o', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pizzacook.ch", true */ 'p', 'i', 'z', 'z', 'a', 'c', 'o', 'o', 'k', '.', 'c', 'h', '\0',
+  /* "pizzafest.ddns.net", true */ 'p', 'i', 'z', 'z', 'a', 'f', 'e', 's', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "pizzagigant.hu", true */ 'p', 'i', 'z', 'z', 'a', 'g', 'i', 'g', 'a', 'n', 't', '.', 'h', 'u', '\0',
+  /* "pizzeria-mehrhoog.de", true */ 'p', 'i', 'z', 'z', 'e', 'r', 'i', 'a', '-', 'm', 'e', 'h', 'r', 'h', 'o', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "pizzeriacolore.com", true */ 'p', 'i', 'z', 'z', 'e', 'r', 'i', 'a', 'c', 'o', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pj539999.com", true */ 'p', 'j', '5', '3', '9', '9', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "pjentertainments.co.uk", true */ 'p', 'j', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pjili.com", true */ 'p', 'j', 'i', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "pjleisure.co.uk", true */ 'p', 'j', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pjuu.com", false */ 'p', 'j', 'u', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pk.search.yahoo.com", false */ 'p', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pkgt.de", false */ 'p', 'k', 'g', 't', '.', 'd', 'e', '\0',
+  /* "pko.ch", true */ 'p', 'k', 'o', '.', 'c', 'h', '\0',
+  /* "pkov.cz", true */ 'p', 'k', 'o', 'v', '.', 'c', 'z', '\0',
+  /* "pkphotobooths.co.uk", true */ 'p', 'k', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pl-cours.ch", true */ 'p', 'l', '-', 'c', 'o', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "pl.search.yahoo.com", false */ 'p', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "placasonline.com.br", true */ 'p', 'l', 'a', 'c', 'a', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "placassinal.com.br", true */ 'p', 'l', 'a', 'c', 'a', 's', 's', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "placefade.com", true */ 'p', 'l', 'a', 'c', 'e', 'f', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "placehold.co", true */ 'p', 'l', 'a', 'c', 'e', 'h', 'o', 'l', 'd', '.', 'c', 'o', '\0',
+  /* "placeralplato.com", true */ 'p', 'l', 'a', 'c', 'e', 'r', 'a', 'l', 'p', 'l', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "placker.com", false */ 'p', 'l', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plae.com.au", true */ 'p', 'l', 'a', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "plainjs.com", false */ 'p', 'l', 'a', 'i', 'n', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "plainmark.com", true */ 'p', 'l', 'a', 'i', 'n', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "plaintech.net.au", true */ 'p', 'l', 'a', 'i', 'n', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "plaintray.com", true */ 'p', 'l', 'a', 'i', 'n', 't', 'r', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "plakbak.nl", true */ 'p', 'l', 'a', 'k', 'b', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "plan-immobilier.fr", true */ 'p', 'l', 'a', 'n', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "planboardapp.com", true */ 'p', 'l', 'a', 'n', 'b', 'o', 'a', 'r', 'd', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "planet-work.com", true */ 'p', 'l', 'a', 'n', 'e', 't', '-', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "planetasuboficial.com.br", true */ 'p', 'l', 'a', 'n', 'e', 't', 'a', 's', 'u', 'b', 'o', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "planetau2.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'a', 'u', '2', '.', 'c', 'o', 'm', '\0',
+  /* "planetbeauty.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "planetbreath.ch", true */ 'p', 'l', 'a', 'n', 'e', 't', 'b', 'r', 'e', 'a', 't', 'h', '.', 'c', 'h', '\0',
+  /* "planete-cocoon.com", false */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 'c', 'o', 'c', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "planete-lira.fr", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 'l', 'i', 'r', 'a', '.', 'f', 'r', '\0',
+  /* "planete-secu.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 's', 'e', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "planeteroliste.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'r', 'o', 'l', 'i', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "planeteroliste.fr", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'r', 'o', 'l', 'i', 's', 't', 'e', '.', 'f', 'r', '\0',
+  /* "planetexpress.cc", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'c', '\0',
+  /* "planetromeofoundation.org", true */ 'p', 'l', 'a', 'n', 'e', 't', 'r', 'o', 'm', 'e', 'o', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "planify.io", true */ 'p', 'l', 'a', 'n', 'i', 'f', 'y', '.', 'i', 'o', '\0',
+  /* "planitz.com", true */ 'p', 'l', 'a', 'n', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "planitz.net", true */ 'p', 'l', 'a', 'n', 'i', 't', 'z', '.', 'n', 'e', 't', '\0',
+  /* "planktonforhealth.co.uk", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'f', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "planktonholland.com", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "planktonholland.nl", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "planlos.net", true */ 'p', 'l', 'a', 'n', 'l', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "planmemberpartners.com", true */ 'p', 'l', 'a', 'n', 'm', 'e', 'm', 'b', 'e', 'r', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "planningexcellence.com.au", true */ 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "plant-gift.jp", true */ 'p', 'l', 'a', 'n', 't', '-', 'g', 'i', 'f', 't', '.', 'j', 'p', '\0',
+  /* "plantarum.com.br", true */ 'p', 'l', 'a', 'n', 't', 'a', 'r', 'u', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "plantastique.ch", true */ 'p', 'l', 'a', 'n', 't', 'a', 's', 't', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "plantastique.com", true */ 'p', 'l', 'a', 'n', 't', 'a', 's', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "planteforum.no", true */ 'p', 'l', 'a', 'n', 't', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'o', '\0',
+  /* "plantroon.com", true */ 'p', 'l', 'a', 'n', 't', 'r', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "plantrustler.com", true */ 'p', 'l', 'a', 'n', 't', 'r', 'u', 's', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plaque-funeraire.fr", true */ 'p', 'l', 'a', 'q', 'u', 'e', '-', 'f', 'u', 'n', 'e', 'r', 'a', 'i', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "plassmann.ws", true */ 'p', 'l', 'a', 's', 's', 'm', 'a', 'n', 'n', '.', 'w', 's', '\0',
+  /* "plasti-pac.ch", true */ 'p', 'l', 'a', 's', 't', 'i', '-', 'p', 'a', 'c', '.', 'c', 'h', '\0',
+  /* "plasticsurgeryartist.com", true */ 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'a', 'r', 't', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "platformadmin.com", true */ 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "platinumpeek.com", true */ 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', 'p', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "platomania.nl", true */ 'p', 'l', 'a', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "platschi.net", true */ 'p', 'l', 'a', 't', 's', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "platten-nach-mass.de", true */ 'p', 'l', 'a', 't', 't', 'e', 'n', '-', 'n', 'a', 'c', 'h', '-', 'm', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "platterlauncher.com", true */ 'p', 'l', 'a', 't', 't', 'e', 'r', 'l', 'a', 'u', 'n', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plattner.club", true */ 'p', 'l', 'a', 't', 't', 'n', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "play.cash", true */ 'p', 'l', 'a', 'y', '.', 'c', 'a', 's', 'h', '\0',
+  /* "play.google.com", true */ 'p', 'l', 'a', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "playanka.com", true */ 'p', 'l', 'a', 'y', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "playawaycastles.co.uk", true */ 'p', 'l', 'a', 'y', 'a', 'w', 'a', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "playdaysparties.co.uk", true */ 'p', 'l', 'a', 'y', 'd', 'a', 'y', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "playdreamcraft.com.br", true */ 'p', 'l', 'a', 'y', 'd', 'r', 'e', 'a', 'm', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "playform.cloud", true */ 'p', 'l', 'a', 'y', 'f', 'o', 'r', 'm', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "playhappywheelsunblocked.com", true */ 'p', 'l', 'a', 'y', 'h', 'a', 'p', 'p', 'y', 'w', 'h', 'e', 'e', 'l', 's', 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "playkh.com", true */ 'p', 'l', 'a', 'y', 'k', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "playmfe.com", true */ 'p', 'l', 'a', 'y', 'm', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "playpirates.com", true */ 'p', 'l', 'a', 'y', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "playsnake.org", true */ 'p', 'l', 'a', 'y', 's', 'n', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "playsoundevents.be", true */ 'p', 'l', 'a', 'y', 's', 'o', 'u', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'b', 'e', '\0',
+  /* "playsource.co", true */ 'p', 'l', 'a', 'y', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '\0',
+  /* "playsprout.industries", false */ 'p', 'l', 'a', 'y', 's', 'p', 'r', 'o', 'u', 't', '.', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '\0',
+  /* "playtictactoe.org", true */ 'p', 'l', 'a', 'y', 't', 'i', 'c', 't', 'a', 'c', 't', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "playtimebouncycastles.co.uk", true */ 'p', 'l', 'a', 'y', 't', 'i', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "playwhyyza.com", true */ 'p', 'l', 'a', 'y', 'w', 'h', 'y', 'y', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "playzonecastles.co.uk", true */ 'p', 'l', 'a', 'y', 'z', 'o', 'n', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pld-entertainment.co.uk", true */ 'p', 'l', 'd', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pldx.org", true */ 'p', 'l', 'd', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "please-deny.me", true */ 'p', 'l', 'e', 'a', 's', 'e', '-', 'd', 'e', 'n', 'y', '.', 'm', 'e', '\0',
+  /* "pleaseuseansnisupportedbrowser.ml", true */ 'p', 'l', 'e', 'a', 's', 'e', 'u', 's', 'e', 'a', 'n', 's', 'n', 'i', 's', 'u', 'p', 'p', 'o', 'r', 't', 'e', 'd', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'm', 'l', '\0',
+  /* "pleasure-science.com", true */ 'p', 'l', 'e', 'a', 's', 'u', 'r', 'e', '-', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pleine-conscience.ch", true */ 'p', 'l', 'e', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "plen.io", true */ 'p', 'l', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "plenigo.com", true */ 'p', 'l', 'e', 'n', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "plexhome13.ddns.net", true */ 'p', 'l', 'e', 'x', 'h', 'o', 'm', 'e', '1', '3', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "plexi.dyndns.tv", true */ 'p', 'l', 'e', 'x', 'i', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 't', 'v', '\0',
+  /* "plexpy13.ddns.net", true */ 'p', 'l', 'e', 'x', 'p', 'y', '1', '3', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "plextv.de", true */ 'p', 'l', 'e', 'x', 't', 'v', '.', 'd', 'e', '\0',
+  /* "plexusmd.com", true */ 'p', 'l', 'e', 'x', 'u', 's', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "plinc.co", true */ 'p', 'l', 'i', 'n', 'c', '.', 'c', 'o', '\0',
+  /* "pliosoft.com", true */ 'p', 'l', 'i', 'o', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "plitu.de", true */ 'p', 'l', 'i', 't', 'u', '.', 'd', 'e', '\0',
+  /* "ploader.ru", false */ 'p', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "plochka.bg", true */ 'p', 'l', 'o', 'c', 'h', 'k', 'a', '.', 'b', 'g', '\0',
+  /* "plomberierenga.com", true */ 'p', 'l', 'o', 'm', 'b', 'e', 'r', 'i', 'e', 'r', 'e', 'n', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "plongee-phuket.fr", true */ 'p', 'l', 'o', 'n', 'g', 'e', 'e', '-', 'p', 'h', 'u', 'k', 'e', 't', '.', 'f', 'r', '\0',
+  /* "ploofer.com", true */ 'p', 'l', 'o', 'o', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plot.ly", true */ 'p', 'l', 'o', 't', '.', 'l', 'y', '\0',
+  /* "plr4wp.com", true */ 'p', 'l', 'r', '4', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "plsboop.me", true */ 'p', 'l', 's', 'b', 'o', 'o', 'p', '.', 'm', 'e', '\0',
+  /* "pluga.co", true */ 'p', 'l', 'u', 'g', 'a', '.', 'c', 'o', '\0',
+  /* "plugboard.xyz", true */ 'p', 'l', 'u', 'g', 'b', 'o', 'a', 'r', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "plugcubed.net", false */ 'p', 'l', 'u', 'g', 'c', 'u', 'b', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "pluggedhead.com", true */ 'p', 'l', 'u', 'g', 'g', 'e', 'd', 'h', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "plugin-planet.com", true */ 'p', 'l', 'u', 'g', 'i', 'n', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pluginfactory.io", true */ 'p', 'l', 'u', 'g', 'i', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "pluginsloaded.com", true */ 'p', 'l', 'u', 'g', 'i', 'n', 's', 'l', 'o', 'a', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "plumber-in-sandton.co.za", true */ 'p', 'l', 'u', 'm', 'b', 'e', 'r', '-', 'i', 'n', '-', 's', 'a', 'n', 'd', 't', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "plumbingbenoni.co.za", true */ 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', 'b', 'e', 'n', 'o', 'n', 'i', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "plumlocosoft.com", true */ 'p', 'l', 'u', 'm', 'l', 'o', 'c', 'o', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "plumnet.ch", true */ 'p', 'l', 'u', 'm', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "plumpie.net", false */ 'p', 'l', 'u', 'm', 'p', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "plus-5.com", true */ 'p', 'l', 'u', 's', '-', '5', '.', 'c', 'o', 'm', '\0',
+  /* "plus.google.com", false */ 'p', 'l', 'u', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "plus.sandbox.google.com", true */ 'p', 'l', 'u', 's', '.', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "plus1s.tk", true */ 'p', 'l', 'u', 's', '1', 's', '.', 't', 'k', '\0',
+  /* "plushev.com", true */ 'p', 'l', 'u', 's', 'h', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pluslink.co.jp", true */ 'p', 'l', 'u', 's', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "plusstreamfeed.appspot.com", true */ 'p', 'l', 'u', 's', 's', 't', 'r', 'e', 'a', 'm', 'f', 'e', 'e', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "plustech.id", true */ 'p', 'l', 'u', 's', 't', 'e', 'c', 'h', '.', 'i', 'd', '\0',
+  /* "pluta.net", true */ 'p', 'l', 'u', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pluto.life", true */ 'p', 'l', 'u', 't', 'o', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "plutokorea.com", true */ 'p', 'l', 'u', 't', 'o', 'k', 'o', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "plutopia.ch", true */ 'p', 'l', 'u', 't', 'o', 'p', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "plymouthbouncycastles.co.uk", true */ 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "plymouthglassgallery.com", true */ 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', 'g', 'l', 'a', 's', 's', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "plzdontpwn.me", true */ 'p', 'l', 'z', 'd', 'o', 'n', 't', 'p', 'w', 'n', '.', 'm', 'e', '\0',
+  /* "plzenskybarcamp.cz", true */ 'p', 'l', 'z', 'e', 'n', 's', 'k', 'y', 'b', 'a', 'r', 'c', 'a', 'm', 'p', '.', 'c', 'z', '\0',
+  /* "plzh4x.me", true */ 'p', 'l', 'z', 'h', '4', 'x', '.', 'm', 'e', '\0',
+  /* "pm-onboarding-external-dev.azurewebsites.net", true */ 'p', 'm', '-', 'o', 'n', 'b', 'o', 'a', 'r', 'd', 'i', 'n', 'g', '-', 'e', 'x', 't', 'e', 'r', 'n', 'a', 'l', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "pm-partners-management-dev.azurewebsites.net", true */ 'p', 'm', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "pm13.cz", true */ 'p', 'm', '1', '3', '.', 'c', 'z', '\0',
+  /* "pm13.org", true */ 'p', 'm', '1', '3', '.', 'o', 'r', 'g', '\0',
+  /* "pmalaty.com", true */ 'p', 'm', 'a', 'l', 'a', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pmarques.info", true */ 'p', 'm', 'a', 'r', 'q', 'u', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pmbc.org", true */ 'p', 'm', 'b', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "pmconference.ch", true */ 'p', 'm', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "pmctire.com", true */ 'p', 'm', 'c', 't', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pmessage.ch", true */ 'p', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "pmg-offshore-company.com", true */ 'p', 'm', 'g', '-', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pmg-purchase.com", true */ 'p', 'm', 'g', '-', 'p', 'u', 'r', 'c', 'h', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pmg-purchase.net", true */ 'p', 'm', 'g', '-', 'p', 'u', 'r', 'c', 'h', 'a', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "pmklaassen.com", true */ 'p', 'm', 'k', 'l', 'a', 'a', 's', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pmoreau.org", true */ 'p', 'm', 'o', 'r', 'e', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pmp-art.com", true */ 'p', 'm', 'p', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pmponline.de", true */ 'p', 'm', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "pmsacorp.com", true */ 'p', 'm', 's', 'a', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pmsf.eu", true */ 'p', 'm', 's', 'f', '.', 'e', 'u', '\0',
+  /* "pmt-documenten.nl", true */ 'p', 'm', 't', '-', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "pneuhaus-lemp.ch", true */ 'p', 'n', 'e', 'u', 'h', 'a', 'u', 's', '-', 'l', 'e', 'm', 'p', '.', 'c', 'h', '\0',
+  /* "pneusgppremium.com.br", true */ 'p', 'n', 'e', 'u', 's', 'g', 'p', 'p', 'r', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pnimmobilier.ch", true */ 'p', 'n', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "pnmhomecheckup.com", true */ 'p', 'n', 'm', 'h', 'o', 'm', 'e', 'c', 'h', 'e', 'c', 'k', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pnona.cz", true */ 'p', 'n', 'o', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "pnut.io", false */ 'p', 'n', 'u', 't', '.', 'i', 'o', '\0',
+  /* "poba.fr", true */ 'p', 'o', 'b', 'a', '.', 'f', 'r', '\0',
+  /* "pocatellonissanparts.com", true */ 'p', 'o', 'c', 'a', 't', 'e', 'l', 'l', 'o', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pochaneko.com", false */ 'p', 'o', 'c', 'h', 'a', 'n', 'e', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pocketfruity.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'f', 'r', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pocketfullofapps.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'f', 'u', 'l', 'l', 'o', 'f', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pocketinsure.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'i', 'n', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pocketmemories.net", true */ 'p', 'o', 'c', 'k', 'e', 't', 'm', 'e', 'm', 'o', 'r', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "pocobelli.ch", true */ 'p', 'o', 'c', 'o', 'b', 'e', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "podcast.style", true */ 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 's', 't', 'y', 'l', 'e', '\0',
+  /* "podemos.info", true */ 'p', 'o', 'd', 'e', 'm', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "podia.com.gr", true */ 'p', 'o', 'd', 'i', 'a', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0',
+  /* "podroof.com", true */ 'p', 'o', 'd', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "podroof.com.au", true */ 'p', 'o', 'd', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "podshrink.de", true */ 'p', 'o', 'd', 's', 'h', 'r', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "poe.digital", true */ 'p', 'o', 'e', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "poed.com.au", true */ 'p', 'o', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "poed.net.au", true */ 'p', 'o', 'e', 'd', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "poedgirl.com", true */ 'p', 'o', 'e', 'd', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "poeg.cz", true */ 'p', 'o', 'e', 'g', '.', 'c', 'z', '\0',
+  /* "pogoswine.com", true */ 'p', 'o', 'g', 'o', 's', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pogrebisky.net", true */ 'p', 'o', 'g', 'r', 'e', 'b', 'i', 's', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "poinsot.info", true */ 'p', 'o', 'i', 'n', 's', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pointaction.com", true */ 'p', 'o', 'i', 'n', 't', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pointhost.de", true */ 'p', 'o', 'i', 'n', 't', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "pointiswunderland.de", true */ 'p', 'o', 'i', 'n', 't', 'i', 's', 'w', 'u', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "points4unitedway.com", true */ 'p', 'o', 'i', 'n', 't', 's', '4', 'u', 'n', 'i', 't', 'e', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pointsixtyfive.com", true */ 'p', 'o', 'i', 'n', 't', 's', 'i', 'x', 't', 'y', 'f', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pointum.com", true */ 'p', 'o', 'i', 'n', 't', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "poiru.net", true */ 'p', 'o', 'i', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "poitiers-ttacc-86.eu.org", true */ 'p', 'o', 'i', 't', 'i', 'e', 'r', 's', '-', 't', 't', 'a', 'c', 'c', '-', '8', '6', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pojer.me", true */ 'p', 'o', 'j', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "pokalsocial.de", true */ 'p', 'o', 'k', 'a', 'l', 's', 'o', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "pokefarm.com", true */ 'p', 'o', 'k', 'e', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "pokeinthe.io", true */ 'p', 'o', 'k', 'e', 'i', 'n', 't', 'h', 'e', '.', 'i', 'o', '\0',
+  /* "pokemondb.net", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'n', 'd', 'b', '.', 'n', 'e', 't', '\0',
+  /* "pokemontabletopadventures.com", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'n', 't', 'a', 'b', 'l', 'e', 't', 'o', 'p', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pokemori.jp", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'r', 'i', '.', 'j', 'p', '\0',
+  /* "pokepon.center", true */ 'p', 'o', 'k', 'e', 'p', 'o', 'n', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "pokl.cz", true */ 'p', 'o', 'k', 'l', '.', 'c', 'z', '\0',
+  /* "polaire.org", true */ 'p', 'o', 'l', 'a', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "polandb2b.directory", true */ 'p', 'o', 'l', 'a', 'n', 'd', 'b', '2', 'b', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "pole-emotion.ch", true */ 'p', 'o', 'l', 'e', '-', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "poleacademie.com", true */ 'p', 'o', 'l', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "poleartschool.com", false */ 'p', 'o', 'l', 'e', 'a', 'r', 't', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "poles4pilots.com", true */ 'p', 'o', 'l', 'e', 's', '4', 'p', 'i', 'l', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "policedriver.com", true */ 'p', 'o', 'l', 'i', 'c', 'e', 'd', 'r', 'i', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "polis.or.at", true */ 'p', 'o', 'l', 'i', 's', '.', 'o', 'r', '.', 'a', 't', '\0',
+  /* "polis.to", false */ 'p', 'o', 'l', 'i', 's', '.', 't', 'o', '\0',
+  /* "polish.directory", true */ 'p', 'o', 'l', 'i', 's', 'h', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "politeiaudesa.org", true */ 'p', 'o', 'l', 'i', 't', 'e', 'i', 'a', 'u', 'd', 'e', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "politik-bei-uns.de", true */ 'p', 'o', 'l', 'i', 't', 'i', 'k', '-', 'b', 'e', 'i', '-', 'u', 'n', 's', '.', 'd', 'e', '\0',
+  /* "polizeiwallis.ch", true */ 'p', 'o', 'l', 'i', 'z', 'e', 'i', 'w', 'a', 'l', 'l', 'i', 's', '.', 'c', 'h', '\0',
+  /* "polkam.go.id", false */ 'p', 'o', 'l', 'k', 'a', 'm', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "pollet-ghijs.be", true */ 'p', 'o', 'l', 'l', 'e', 't', '-', 'g', 'h', 'i', 'j', 's', '.', 'b', 'e', '\0',
+  /* "pollet-ghys.be", true */ 'p', 'o', 'l', 'l', 'e', 't', '-', 'g', 'h', 'y', 's', '.', 'b', 'e', '\0',
+  /* "polletmera.com", true */ 'p', 'o', 'l', 'l', 'e', 't', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pollingplace.uk", true */ 'p', 'o', 'l', 'l', 'i', 'n', 'g', 'p', 'l', 'a', 'c', 'e', '.', 'u', 'k', '\0',
+  /* "pollpodium.nl", true */ 'p', 'o', 'l', 'l', 'p', 'o', 'd', 'i', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "polsport.live", true */ 'p', 'o', 'l', 's', 'p', 'o', 'r', 't', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "poly-fast.com", true */ 'p', 'o', 'l', 'y', '-', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "polyfill.io", true */ 'p', 'o', 'l', 'y', 'f', 'i', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "polygamer.net", true */ 'p', 'o', 'l', 'y', 'g', 'a', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "polymake.org", true */ 'p', 'o', 'l', 'y', 'm', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "polymathematician.com", true */ 'p', 'o', 'l', 'y', 'm', 'a', 't', 'h', 'e', 'm', 'a', 't', 'i', 'c', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "polynomapp.com", true */ 'p', 'o', 'l', 'y', 'n', 'o', 'm', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "polypane.rocks", true */ 'p', 'o', 'l', 'y', 'p', 'a', 'n', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "polypet.com.sg", true */ 'p', 'o', 'l', 'y', 'p', 'e', 't', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "polytarian.com", true */ 'p', 'o', 'l', 'y', 't', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "polytechecosystem.vc", true */ 'p', 'o', 'l', 'y', 't', 'e', 'c', 'h', 'e', 'c', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'v', 'c', '\0',
+  /* "pomar.club", false */ 'p', 'o', 'm', 'a', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "pomfe.co", true */ 'p', 'o', 'm', 'f', 'e', '.', 'c', 'o', '\0',
+  /* "pommedepain.fr", true */ 'p', 'o', 'm', 'm', 'e', 'd', 'e', 'p', 'a', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "pomocniczy.eu.org", true */ 'p', 'o', 'm', 'o', 'c', 'n', 'i', 'c', 'z', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pompiers-martigny.ch", true */ 'p', 'o', 'm', 'p', 'i', 'e', 'r', 's', '-', 'm', 'a', 'r', 't', 'i', 'g', 'n', 'y', '.', 'c', 'h', '\0',
+  /* "pomsinoz.com", true */ 'p', 'o', 'm', 's', 'i', 'n', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pondof.fish", true */ 'p', 'o', 'n', 'd', 'o', 'f', '.', 'f', 'i', 's', 'h', '\0',
+  /* "poneypourtous.com", true */ 'p', 'o', 'n', 'e', 'y', 'p', 'o', 'u', 'r', 't', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "poneytelecom.org", true */ 'p', 'o', 'n', 'e', 'y', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "ponga.se", true */ 'p', 'o', 'n', 'g', 'a', '.', 's', 'e', '\0',
+  /* "ponteus.com", true */ 'p', 'o', 'n', 't', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pontodogame.com.br", true */ 'p', 'o', 'n', 't', 'o', 'd', 'o', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pony-cl.co.jp", true */ 'p', 'o', 'n', 'y', '-', 'c', 'l', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "pony.tf", true */ 'p', 'o', 'n', 'y', '.', 't', 'f', '\0',
+  /* "ponychan.net", true */ 'p', 'o', 'n', 'y', 'c', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ponycyclepals.co.uk", true */ 'p', 'o', 'n', 'y', 'c', 'y', 'c', 'l', 'e', 'p', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ponyfoo.com", true */ 'p', 'o', 'n', 'y', 'f', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ponzi.life", true */ 'p', 'o', 'n', 'z', 'i', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "pookl.com", true */ 'p', 'o', 'o', 'k', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "poollicht.be", true */ 'p', 'o', 'o', 'l', 'l', 'i', 'c', 'h', 't', '.', 'b', 'e', '\0',
+  /* "poolvilla-margarita.net", false */ 'p', 'o', 'o', 'l', 'v', 'i', 'l', 'l', 'a', '-', 'm', 'a', 'r', 'g', 'a', 'r', 'i', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "poon.io", true */ 'p', 'o', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "poopjournal.rocks", true */ 'p', 'o', 'o', 'p', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "pop-corn.ro", true */ 'p', 'o', 'p', '-', 'c', 'o', 'r', 'n', '.', 'r', 'o', '\0',
+  /* "popcornpalacefundraising.com", true */ 'p', 'o', 'p', 'c', 'o', 'r', 'n', 'p', 'a', 'l', 'a', 'c', 'e', 'f', 'u', 'n', 'd', 'r', 'a', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "popcultureshack.com", true */ 'p', 'o', 'p', 'c', 'u', 'l', 't', 'u', 'r', 'e', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "popinga.it", true */ 'p', 'o', 'p', 'i', 'n', 'g', 'a', '.', 'i', 't', '\0',
+  /* "popkins.cf", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'c', 'f', '\0',
+  /* "popkins.ga", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'g', 'a', '\0',
+  /* "popkins.gq", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'g', 'q', '\0',
+  /* "popkins.tk", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 't', 'k', '\0',
+  /* "popmagz.com", true */ 'p', 'o', 'p', 'm', 'a', 'g', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "popoway.cloud", true */ 'p', 'o', 'p', 'o', 'w', 'a', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "popoway.me", true */ 'p', 'o', 'p', 'o', 'w', 'a', 'y', '.', 'm', 'e', '\0',
+  /* "poppetsphere.de", true */ 'p', 'o', 'p', 'p', 'e', 't', 's', 'p', 'h', 'e', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "population-ethics.com", true */ 'p', 'o', 'p', 'u', 'l', 'a', 't', 'i', 'o', 'n', '-', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "popupsoftplay.com", true */ 'p', 'o', 'p', 'u', 'p', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "poquvi.net", true */ 'p', 'o', 'q', 'u', 'v', 'i', '.', 'n', 'e', 't', '\0',
+  /* "porg.es", true */ 'p', 'o', 'r', 'g', '.', 'e', 's', '\0',
+  /* "pork.org.uk", true */ 'p', 'o', 'r', 'k', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "porn77.info", true */ 'p', 'o', 'r', 'n', '7', '7', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pornbase.info", true */ 'p', 'o', 'r', 'n', 'b', 'a', 's', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pornbay.org", true */ 'p', 'o', 'r', 'n', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "pornblog.org", true */ 'p', 'o', 'r', 'n', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "porncandi.com", true */ 'p', 'o', 'r', 'n', 'c', 'a', 'n', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "pornohub.su", true */ 'p', 'o', 'r', 'n', 'o', 'h', 'u', 'b', '.', 's', 'u', '\0',
+  /* "pornolab-net.appspot.com", false */ 'p', 'o', 'r', 'n', 'o', 'l', 'a', 'b', '-', 'n', 'e', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pornomens.be", true */ 'p', 'o', 'r', 'n', 'o', 'm', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "porschen.fr", true */ 'p', 'o', 'r', 's', 'c', 'h', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "port.social", true */ 'p', 'o', 'r', 't', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "port443.hamburg", true */ 'p', 'o', 'r', 't', '4', '4', '3', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "port443.se", true */ 'p', 'o', 'r', 't', '4', '4', '3', '.', 's', 'e', '\0',
+  /* "port67.org", true */ 'p', 'o', 'r', 't', '6', '7', '.', 'o', 'r', 'g', '\0',
+  /* "port80.hamburg", true */ 'p', 'o', 'r', 't', '8', '0', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "portailevangelique.ca", true */ 'p', 'o', 'r', 't', 'a', 'i', 'l', 'e', 'v', 'a', 'n', 'g', 'e', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'a', '\0',
+  /* "portal.tirol.gv.at", true */ 'p', 'o', 'r', 't', 'a', 'l', '.', 't', 'i', 'r', 'o', 'l', '.', 'g', 'v', '.', 'a', 't', '\0',
+  /* "portalcarriers.com", true */ 'p', 'o', 'r', 't', 'a', 'l', 'c', 'a', 'r', 'r', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "portalcentric.net", true */ 'p', 'o', 'r', 't', 'a', 'l', 'c', 'e', 'n', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "portalisapres.cl", true */ 'p', 'o', 'r', 't', 'a', 'l', 'i', 's', 'a', 'p', 'r', 'e', 's', '.', 'c', 'l', '\0',
+  /* "portalkla.com.br", true */ 'p', 'o', 'r', 't', 'a', 'l', 'k', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "portefeuillesignalen.nl", true */ 'p', 'o', 'r', 't', 'e', 'f', 'e', 'u', 'i', 'l', 'l', 'e', 's', 'i', 'g', 'n', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "portercup.com", true */ 'p', 'o', 'r', 't', 'e', 'r', 'c', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "porterranchelectrical.com", true */ 'p', 'o', 'r', 't', 'e', 'r', 'r', 'a', 'n', 'c', 'h', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "portofacil.com", true */ 'p', 'o', 'r', 't', 'o', 'f', 'a', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "portofrotterdam.com", true */ 'p', 'o', 'r', 't', 'o', 'f', 'r', 'o', 't', 't', 'e', 'r', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "portosonline.pl", true */ 'p', 'o', 'r', 't', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "portraitsystem.biz", true */ 'p', 'o', 'r', 't', 'r', 'a', 'i', 't', 's', 'y', 's', 't', 'e', 'm', '.', 'b', 'i', 'z', '\0',
+  /* "portsdebalears.gob.es", true */ 'p', 'o', 'r', 't', 's', 'd', 'e', 'b', 'a', 'l', 'e', 'a', 'r', 's', '.', 'g', 'o', 'b', '.', 'e', 's', '\0',
+  /* "portsmouthbouncycastles.co.uk", true */ 'p', 'o', 'r', 't', 's', 'm', 'o', 'u', 't', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "portugalsko.net", true */ 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', 's', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "portvaletickets.com", true */ 'p', 'o', 'r', 't', 'v', 'a', 'l', 'e', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "porybox.com", true */ 'p', 'o', 'r', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "porzgmbh.de", true */ 'p', 'o', 'r', 'z', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "posaunenchor-senden.de", true */ 'p', 'o', 's', 'a', 'u', 'n', 'e', 'n', 'c', 'h', 'o', 'r', '-', 's', 'e', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "posbank.co.uk", true */ 'p', 'o', 's', 'b', 'a', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "poseidonwaterproofing.com", true */ 'p', 'o', 's', 'e', 'i', 'd', 'o', 'n', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "poshcastles.co.uk", true */ 'p', 'o', 's', 'h', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "poshsecurity.com", true */ 'p', 'o', 's', 'h', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "positionus.io", true */ 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 'u', 's', '.', 'i', 'o', '\0',
+  /* "positive.com.cy", true */ 'p', 'o', 's', 'i', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'c', 'y', '\0',
+  /* "positivesobrietyinstitute.com", true */ 'p', 'o', 's', 'i', 't', 'i', 'v', 'e', 's', 'o', 'b', 'r', 'i', 'e', 't', 'y', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "posobota.cz", true */ 'p', 'o', 's', 'o', 'b', 'o', 't', 'a', '.', 'c', 'z', '\0',
+  /* "post-darwinian.com", true */ 'p', 'o', 's', 't', '-', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "post-darwinism.com", true */ 'p', 'o', 's', 't', '-', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "post.com.ar", true */ 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "post.io", true */ 'p', 'o', 's', 't', '.', 'i', 'o', '\0',
+  /* "post4me.at", true */ 'p', 'o', 's', 't', '4', 'm', 'e', '.', 'a', 't', '\0',
+  /* "postal.dk", true */ 'p', 'o', 's', 't', 'a', 'l', '.', 'd', 'k', '\0',
+  /* "postal3.es", true */ 'p', 'o', 's', 't', 'a', 'l', '3', '.', 'e', 's', '\0',
+  /* "postback.io", true */ 'p', 'o', 's', 't', 'b', 'a', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "postblue.info", true */ 'p', 'o', 's', 't', 'b', 'l', 'u', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "postbox.life", true */ 'p', 'o', 's', 't', 'b', 'o', 'x', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "postcardpayment.com", true */ 'p', 'o', 's', 't', 'c', 'a', 'r', 'd', 'p', 'a', 'y', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "postcode.nl", true */ 'p', 'o', 's', 't', 'c', 'o', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "postcodegarant.nl", true */ 'p', 'o', 's', 't', 'c', 'o', 'd', 'e', 'g', 'a', 'r', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "postdarwinian.com", true */ 'p', 'o', 's', 't', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "postdarwinism.com", true */ 'p', 'o', 's', 't', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "postdeck.de", true */ 'p', 'o', 's', 't', 'd', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "posteo.de", false */ 'p', 'o', 's', 't', 'e', 'o', '.', 'd', 'e', '\0',
+  /* "posters.win", true */ 'p', 'o', 's', 't', 'e', 'r', 's', '.', 'w', 'i', 'n', '\0',
+  /* "posterspy.com", true */ 'p', 'o', 's', 't', 'e', 'r', 's', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "postfalls-naturopathic.com", true */ 'p', 'o', 's', 't', 'f', 'a', 'l', 'l', 's', '-', 'n', 'a', 't', 'u', 'r', 'o', 'p', 'a', 't', 'h', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "postfinance.ch", true */ 'p', 'o', 's', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "postmatescode.com", true */ 'p', 'o', 's', 't', 'm', 'a', 't', 'e', 's', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "postn.eu", true */ 'p', 'o', 's', 't', 'n', '.', 'e', 'u', '\0',
+  /* "postpot.co.kr", true */ 'p', 'o', 's', 't', 'p', 'o', 't', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "posttigo.com", true */ 'p', 'o', 's', 't', 't', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "potatiz.com", true */ 'p', 'o', 't', 'a', 't', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "potatofrom.space", false */ 'p', 'o', 't', 'a', 't', 'o', 'f', 'r', 'o', 'm', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "potatopro.com", true */ 'p', 'o', 't', 'a', 't', 'o', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "potbox.com", true */ 'p', 'o', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "potentialproject.com", true */ 'p', 'o', 't', 'e', 'n', 't', 'i', 'a', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pothe.com", true */ 'p', 'o', 't', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pothe.de", true */ 'p', 'o', 't', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "potolok.am", true */ 'p', 'o', 't', 'o', 'l', 'o', 'k', '.', 'a', 'm', '\0',
+  /* "potomania.cz", true */ 'p', 'o', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'z', '\0',
+  /* "potpourrifestival.de", true */ 'p', 'o', 't', 'p', 'o', 'u', 'r', 'r', 'i', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "potrillionaires.com", true */ 'p', 'o', 't', 'r', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "potterscraftcider.com", true */ 'p', 'o', 't', 't', 'e', 'r', 's', 'c', 'r', 'a', 'f', 't', 'c', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pottersheartministry.org", true */ 'p', 'o', 't', 't', 'e', 'r', 's', 'h', 'e', 'a', 'r', 't', 'm', 'i', 'n', 'i', 's', 't', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "pottshome.co.uk", true */ 'p', 'o', 't', 't', 's', 'h', 'o', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "potworowski.de", true */ 'p', 'o', 't', 'w', 'o', 'r', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "pouet.it", true */ 'p', 'o', 'u', 'e', 't', '.', 'i', 't', '\0',
+  /* "poupatempo.org", true */ 'p', 'o', 'u', 'p', 'a', 't', 'e', 'm', 'p', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "pourlesenfants.info", true */ 'p', 'o', 'u', 'r', 'l', 'e', 's', 'e', 'n', 'f', 'a', 'n', 't', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pourout.org", true */ 'p', 'o', 'u', 'r', 'o', 'u', 't', '.', 'o', 'r', 'g', '\0',
+  /* "povareschka.ru", true */ 'p', 'o', 'v', 'a', 'r', 'e', 's', 'c', 'h', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "povesham.tk", true */ 'p', 'o', 'v', 'e', 's', 'h', 'a', 'm', '.', 't', 'k', '\0',
+  /* "powdersnow.top", true */ 'p', 'o', 'w', 'd', 'e', 'r', 's', 'n', 'o', 'w', '.', 't', 'o', 'p', '\0',
+  /* "power-coonies.de", true */ 'p', 'o', 'w', 'e', 'r', '-', 'c', 'o', 'o', 'n', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "power-fit.org", true */ 'p', 'o', 'w', 'e', 'r', '-', 'f', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "power-flowengineer.com", true */ 'p', 'o', 'w', 'e', 'r', '-', 'f', 'l', 'o', 'w', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "power-tools24.com", true */ 'p', 'o', 'w', 'e', 'r', '-', 't', 'o', 'o', 'l', 's', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "powerb.ch", true */ 'p', 'o', 'w', 'e', 'r', 'b', '.', 'c', 'h', '\0',
+  /* "powercloud.technology", true */ 'p', 'o', 'w', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "powerdent.net.br", true */ 'p', 'o', 'w', 'e', 'r', 'd', 'e', 'n', 't', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "poweredbyiris.nl", true */ 'p', 'o', 'w', 'e', 'r', 'e', 'd', 'b', 'y', 'i', 'r', 'i', 's', '.', 'n', 'l', '\0',
+  /* "poweredbypurdy.com", true */ 'p', 'o', 'w', 'e', 'r', 'e', 'd', 'b', 'y', 'p', 'u', 'r', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "powergridess.com", false */ 'p', 'o', 'w', 'e', 'r', 'g', 'r', 'i', 'd', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "powermeter.at", true */ 'p', 'o', 'w', 'e', 'r', 'm', 'e', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "powersergdatasystems.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'd', 'a', 't', 'a', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "powersergthisisthewebsitefuckyouscott.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 't', 'h', 'i', 's', 'i', 's', 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'f', 'u', 'c', 'k', 'y', 'o', 'u', 's', 'c', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "powersergunited.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "powersergunited.org", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 'n', 'i', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "powersergusercontent.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "powershellmagic.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'h', 'e', 'l', 'l', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "powerwellness-korecki.de", true */ 'p', 'o', 'w', 'e', 'r', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '-', 'k', 'o', 'r', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "pozemedicale.org", true */ 'p', 'o', 'z', 'e', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pozytywnyplan.pl", true */ 'p', 'o', 'z', 'y', 't', 'y', 'w', 'n', 'y', 'p', 'l', 'a', 'n', '.', 'p', 'l', '\0',
+  /* "pozzo-balbi.com", true */ 'p', 'o', 'z', 'z', 'o', '-', 'b', 'a', 'l', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ppipe.net", true */ 'p', 'p', 'i', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ppmathis.ch", true */ 'p', 'p', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'h', '\0',
+  /* "ppmathis.com", true */ 'p', 'p', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ppmoon.com", true */ 'p', 'p', 'm', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ppoozl.com", true */ 'p', 'p', 'o', 'o', 'z', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pptavmdata.org", true */ 'p', 'p', 't', 'a', 'v', 'm', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ppy.sh", true */ 'p', 'p', 'y', '.', 's', 'h', '\0',
+  /* "pr.search.yahoo.com", false */ 'p', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pr1sm.com", true */ 'p', 'r', '1', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "pr2studio.com", true */ 'p', 'r', '2', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prac.to", true */ 'p', 'r', 'a', 'c', '.', 't', 'o', '\0',
+  /* "pracowniatkanin.com", true */ 'p', 'r', 'a', 'c', 'o', 'w', 'n', 'i', 'a', 't', 'k', 'a', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "practicepanther.com", true */ 'p', 'r', 'a', 'c', 't', 'i', 'c', 'e', 'p', 'a', 'n', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "practo.com", true */ 'p', 'r', 'a', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prado.it", true */ 'p', 'r', 'a', 'd', 'o', '.', 'i', 't', '\0',
+  /* "praeparation-keppner.de", true */ 'p', 'r', 'a', 'e', 'p', 'a', 'r', 'a', 't', 'i', 'o', 'n', '-', 'k', 'e', 'p', 'p', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "praerien-racing.com", true */ 'p', 'r', 'a', 'e', 'r', 'i', 'e', 'n', '-', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "prague-swim.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', '-', 's', 'w', 'i', 'm', '.', 'c', 'z', '\0',
+  /* "praguepsychology.com", true */ 'p', 'r', 'a', 'g', 'u', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "praguepsychology.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'z', '\0',
+  /* "pragueswim.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', 's', 'w', 'i', 'm', '.', 'c', 'z', '\0',
+  /* "prajwalkoirala.com", true */ 'p', 'r', 'a', 'j', 'w', 'a', 'l', 'k', 'o', 'i', 'r', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prakhar.uk", true */ 'p', 'r', 'a', 'k', 'h', 'a', 'r', '.', 'u', 'k', '\0',
+  /* "prakharprasad.com", true */ 'p', 'r', 'a', 'k', 'h', 'a', 'r', 'p', 'r', 'a', 's', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "praxino.de", true */ 'p', 'r', 'a', 'x', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "praxis-dingeldey.de", true */ 'p', 'r', 'a', 'x', 'i', 's', '-', 'd', 'i', 'n', 'g', 'e', 'l', 'd', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "praxis-familienglueck.de", true */ 'p', 'r', 'a', 'x', 'i', 's', '-', 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'n', 'g', 'l', 'u', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "prayerrequest.com", true */ 'p', 'r', 'a', 'y', 'e', 'r', 'r', 'e', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "prazeresdavida.com.br", true */ 'p', 'r', 'a', 'z', 'e', 'r', 'e', 's', 'd', 'a', 'v', 'i', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "prazynka.pl", true */ 'p', 'r', 'a', 'z', 'y', 'n', 'k', 'a', '.', 'p', 'l', '\0',
+  /* "prc-newmedia.com", true */ 'p', 'r', 'c', '-', 'n', 'e', 'w', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prc.gov", true */ 'p', 'r', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "precedecaritas.com.br", true */ 'p', 'r', 'e', 'c', 'e', 'd', 'e', 'c', 'a', 'r', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "preciouslife.fr", true */ 'p', 'r', 'e', 'c', 'i', 'o', 'u', 's', 'l', 'i', 'f', 'e', '.', 'f', 'r', '\0',
+  /* "preciscx.com", true */ 'p', 'r', 'e', 'c', 'i', 's', 'c', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "preciseassemblies.com", true */ 'p', 'r', 'e', 'c', 'i', 's', 'e', 'a', 's', 's', 'e', 'm', 'b', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "precode.eu", true */ 'p', 'r', 'e', 'c', 'o', 'd', 'e', '.', 'e', 'u', '\0',
+  /* "predoiu.ro", true */ 'p', 'r', 'e', 'd', 'o', 'i', 'u', '.', 'r', 'o', '\0',
+  /* "preexport.com", true */ 'p', 'r', 'e', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "prefix.eu", true */ 'p', 'r', 'e', 'f', 'i', 'x', '.', 'e', 'u', '\0',
+  /* "pregunteleakaren.gov", true */ 'p', 'r', 'e', 'g', 'u', 'n', 't', 'e', 'l', 'e', 'a', 'k', 'a', 'r', 'e', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "preigu.de", true */ 'p', 'r', 'e', 'i', 'g', 'u', '.', 'd', 'e', '\0',
+  /* "preis-alarm.info", true */ 'p', 'r', 'e', 'i', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "preis-alarm.org", true */ 'p', 'r', 'e', 'i', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "preisser-it.de", true */ 'p', 'r', 'e', 'i', 's', 's', 'e', 'r', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "preisser.it", true */ 'p', 'r', 'e', 'i', 's', 's', 'e', 'r', '.', 'i', 't', '\0',
+  /* "prekladysanca.cz", true */ 'p', 'r', 'e', 'k', 'l', 'a', 'd', 'y', 's', 'a', 'n', 'c', 'a', '.', 'c', 'z', '\0',
+  /* "preloaded-hsts.badssl.com", true */ 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '-', 'h', 's', 't', 's', '.', 'b', 'a', 'd', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "preludes.org", true */ 'p', 'r', 'e', 'l', 'u', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "prelved.com", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "prelved.es", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'e', 's', '\0',
+  /* "prelved.fi", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'f', 'i', '\0',
+  /* "prelved.fr", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'f', 'r', '\0',
+  /* "prelved.it", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'i', 't', '\0',
+  /* "prelved.nl", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "prelved.pl", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'p', 'l', '\0',
+  /* "prelved.se", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 's', 'e', '\0',
+  /* "premaritalsex.info", true */ 'p', 'r', 'e', 'm', 'a', 'r', 'i', 't', 'a', 'l', 's', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "premierbouncycastles.co.uk", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "premierevents.ie", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'i', 'e', '\0',
+  /* "premierheart.com", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'h', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "premiership-predictors.co.uk", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 's', 'h', 'i', 'p', '-', 'p', 'r', 'e', 'd', 'i', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "premiumweb.co.id", true */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'w', 'e', 'b', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "premiumwebdesign.it", true */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 't', '\0',
+  /* "premiumzweirad.de", false */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'z', 'w', 'e', 'i', 'r', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "prenatalgeboortekaartjes.nl", true */ 'p', 'r', 'e', 'n', 'a', 't', 'a', 'l', 'g', 'e', 'b', 'o', 'o', 'r', 't', 'e', 'k', 'a', 'a', 'r', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "prenger.co", true */ 'p', 'r', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "prepaid-cards.xyz", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', '-', 'c', 'a', 'r', 'd', 's', '.', 'x', 'y', 'z', '\0',
+  /* "prepaid-voip.nl", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', '-', 'v', 'o', 'i', 'p', '.', 'n', 'l', '\0',
+  /* "prepaidgirl.com", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "prepaidkredietkaart.be", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', 'k', 'r', 'e', 'd', 'i', 'e', 't', 'k', 'a', 'a', 'r', 't', '.', 'b', 'e', '\0',
+  /* "prepare-job-hunting.com", true */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', '-', 'j', 'o', 'b', '-', 'h', 'u', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "preparedcapital.com", true */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "preparetheword.com", false */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', 't', 'h', 'e', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "presbee.com", true */ 'p', 'r', 'e', 's', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "prescotonline.co.uk", true */ 'p', 'r', 'e', 's', 'c', 'o', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prescriptionrex.com", true */ 'p', 'r', 'e', 's', 'c', 'r', 'i', 'p', 't', 'i', 'o', 'n', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "present-m.com", true */ 'p', 'r', 'e', 's', 'e', 'n', 't', '-', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "presentesdegrife.com.br", true */ 'p', 'r', 'e', 's', 'e', 'n', 't', 'e', 's', 'd', 'e', 'g', 'r', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "president.bg", true */ 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', '.', 'b', 'g', '\0',
+  /* "prespanok.sk", true */ 'p', 'r', 'e', 's', 'p', 'a', 'n', 'o', 'k', '.', 's', 'k', '\0',
+  /* "press-presse.ca", true */ 'p', 'r', 'e', 's', 's', '-', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'a', '\0',
+  /* "presscenter.jp", true */ 'p', 'r', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "presses.ch", true */ 'p', 'r', 'e', 's', 's', 'e', 's', '.', 'c', 'h', '\0',
+  /* "pressography.org", true */ 'p', 'r', 'e', 's', 's', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "pressrush.com", true */ 'p', 'r', 'e', 's', 's', 'r', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "pressureradio.com", true */ 'p', 'r', 'e', 's', 's', 'u', 'r', 'e', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prestburyscouts.org.uk", true */ 'p', 'r', 'e', 's', 't', 'b', 'u', 'r', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "prestige-car-location.ch", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', '-', 'c', 'a', 'r', '-', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "prestige-portal.com", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "prestigebouncycastles.co.uk", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prestigeeventshire.co.uk", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'e', 'v', 'e', 'n', 't', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prestigerepairs.com.au", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'r', 'e', 'p', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "prestigesigns.net", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 's', 'i', 'g', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "prestonandsons.com.au", true */ 'p', 'r', 'e', 's', 't', 'o', 'n', 'a', 'n', 'd', 's', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "prestonbrant.com", true */ 'p', 'r', 'e', 's', 't', 'o', 'n', 'b', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pretachique.com.br", true */ 'p', 'r', 'e', 't', 'a', 'c', 'h', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pretix.eu", true */ 'p', 'r', 'e', 't', 'i', 'x', '.', 'e', 'u', '\0',
+  /* "pretrialservices.gov", true */ 'p', 'r', 'e', 't', 'r', 'i', 'a', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "pretty.hu", true */ 'p', 'r', 'e', 't', 't', 'y', '.', 'h', 'u', '\0',
+  /* "prettytunesapp.com", true */ 'p', 'r', 'e', 't', 't', 'y', 't', 'u', 'n', 'e', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pretwolk.nl", true */ 'p', 'r', 'e', 't', 'w', 'o', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "pretzelx.com", true */ 'p', 'r', 'e', 't', 'z', 'e', 'l', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "prevenir.ch", true */ 'p', 'r', 'e', 'v', 'e', 'n', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "priceholic.com", true */ 'p', 'r', 'i', 'c', 'e', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pricesniffer.co", true */ 'p', 'r', 'i', 'c', 'e', 's', 'n', 'i', 'f', 'f', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "prideindomination.com", true */ 'p', 'r', 'i', 'd', 'e', 'i', 'n', 'd', 'o', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pridetechdesign.com", true */ 'p', 'r', 'i', 'd', 'e', 't', 'e', 'c', 'h', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "prielwurmjaeger.de", true */ 'p', 'r', 'i', 'e', 'l', 'w', 'u', 'r', 'm', 'j', 'a', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "prifo.se", true */ 'p', 'r', 'i', 'f', 'o', '.', 's', 'e', '\0',
+  /* "primaconsulting.net", true */ 'p', 'r', 'i', 'm', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "primalinea.pro", true */ 'p', 'r', 'i', 'm', 'a', 'l', 'i', 'n', 'e', 'a', '.', 'p', 'r', 'o', '\0',
+  /* "primates.com", true */ 'p', 'r', 'i', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "primewho.org", true */ 'p', 'r', 'i', 'm', 'e', 'w', 'h', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "primordialsnooze.com", true */ 'p', 'r', 'i', 'm', 'o', 'r', 'd', 'i', 'a', 'l', 's', 'n', 'o', 'o', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "primotiles.co.uk", true */ 'p', 'r', 'i', 'm', 'o', 't', 'i', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "primotilesandbathrooms.co.uk", true */ 'p', 'r', 'i', 'm', 'o', 't', 'i', 'l', 'e', 's', 'a', 'n', 'd', 'b', 'a', 't', 'h', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "princeagency.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "princeofwhales.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 'o', 'f', 'w', 'h', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "princesparktouch.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 's', 'p', 'a', 'r', 'k', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "princessmargaretlotto.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 's', 's', 'm', 'a', 'r', 'g', 'a', 'r', 'e', 't', 'l', 'o', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "principalstest.com", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'a', 'l', 's', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "principaltoolbox.com", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'a', 'l', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "principia-journal.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "principia-magazin.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "principia-online.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "princovi.cz", true */ 'p', 'r', 'i', 'n', 'c', 'o', 'v', 'i', '.', 'c', 'z', '\0',
+  /* "prinesdoma.at", true */ 'p', 'r', 'i', 'n', 'e', 's', 'd', 'o', 'm', 'a', '.', 'a', 't', '\0',
+  /* "prinice.org", true */ 'p', 'r', 'i', 'n', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "printeknologies.com", true */ 'p', 'r', 'i', 'n', 't', 'e', 'k', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "printerleasing.be", true */ 'p', 'r', 'i', 'n', 't', 'e', 'r', 'l', 'e', 'a', 's', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "printexpress.cloud", true */ 'p', 'r', 'i', 'n', 't', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "printf.de", true */ 'p', 'r', 'i', 'n', 't', 'f', '.', 'd', 'e', '\0',
+  /* "printler.com", true */ 'p', 'r', 'i', 'n', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "printmet.com", true */ 'p', 'r', 'i', 'n', 't', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "prior-it.be", true */ 'p', 'r', 'i', 'o', 'r', '-', 'i', 't', '.', 'b', 'e', '\0',
+  /* "priorite-education.com", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'e', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "priorityelectric.net", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "prioritynissannewportnewsparts.com", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'y', 'n', 'i', 's', 's', 'a', 'n', 'n', 'e', 'w', 'p', 'o', 'r', 't', 'n', 'e', 'w', 's', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pristal.eu", true */ 'p', 'r', 'i', 's', 't', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "pristineevents.co.uk", true */ 'p', 'r', 'i', 's', 't', 'i', 'n', 'e', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "priv.im", true */ 'p', 'r', 'i', 'v', '.', 'i', 'm', '\0',
+  /* "priva.si", true */ 'p', 'r', 'i', 'v', 'a', '.', 's', 'i', '\0',
+  /* "privacy-week-vienna.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '-', 'w', 'e', 'e', 'k', '-', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0',
+  /* "privacy-week.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '-', 'w', 'e', 'e', 'k', '.', 'a', 't', '\0',
+  /* "privacy.com", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "privacybadger.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "privacyforjournalists.org.au", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'f', 'o', 'r', 'j', 'o', 'u', 'r', 'n', 'a', 'l', 'i', 's', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "privacyinternational.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "privacynow.eu", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'n', 'o', 'w', '.', 'e', 'u', '\0',
+  /* "privacyscore.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 's', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "privacyweek.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'a', 't', '\0',
+  /* "privacyweek.de", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'd', 'e', '\0',
+  /* "privacyweek.eu", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'e', 'u', '\0',
+  /* "privacyweekvienna.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0',
+  /* "privaday.de", true */ 'p', 'r', 'i', 'v', 'a', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "privasphere.com", true */ 'p', 'r', 'i', 'v', 'a', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "privatebanks.uk", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'b', 'a', 'n', 'k', 's', '.', 'u', 'k', '\0',
+  /* "privatebin.info", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'b', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "privategiant.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'g', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "privateideas.de", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'i', 'd', 'e', 'a', 's', '.', 'd', 'e', '\0',
+  /* "privateimarketing.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'i', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "privatepokertour.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'p', 'o', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "privatepropertymallorca.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'm', 'a', 'l', 'l', 'o', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "privaterelay.com", false */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'r', 'e', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "privatestatic.com", false */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "privatewolke.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'w', 'o', 'l', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "privatfrei.de", true */ 'p', 'r', 'i', 'v', 'a', 't', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "privea.fr", true */ 'p', 'r', 'i', 'v', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "priverify.com", true */ 'p', 'r', 'i', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "privu.me", true */ 'p', 'r', 'i', 'v', 'u', '.', 'm', 'e', '\0',
+  /* "prjktruby.com", true */ 'p', 'r', 'j', 'k', 't', 'r', 'u', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "prknje.com", true */ 'p', 'r', 'k', 'n', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "prlved.co.uk", true */ 'p', 'r', 'l', 'v', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prnav.com", true */ 'p', 'r', 'n', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pro-bike.ro", true */ 'p', 'r', 'o', '-', 'b', 'i', 'k', 'e', '.', 'r', 'o', '\0',
+  /* "pro-ing.com", true */ 'p', 'r', 'o', '-', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pro-link.eu", true */ 'p', 'r', 'o', '-', 'l', 'i', 'n', 'k', '.', 'e', 'u', '\0',
+  /* "pro-mile.pl", true */ 'p', 'r', 'o', '-', 'm', 'i', 'l', 'e', '.', 'p', 'l', '\0',
+  /* "pro-netz.de", true */ 'p', 'r', 'o', '-', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "pro-wiert.pl", true */ 'p', 'r', 'o', '-', 'w', 'i', 'e', 'r', 't', '.', 'p', 'l', '\0',
+  /* "proautorepairs.com.au", true */ 'p', 'r', 'o', 'a', 'u', 't', 'o', 'r', 'e', 'p', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "probase.ph", true */ 'p', 'r', 'o', 'b', 'a', 's', 'e', '.', 'p', 'h', '\0',
+  /* "probely.com", true */ 'p', 'r', 'o', 'b', 'e', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "probiv.biz", true */ 'p', 'r', 'o', 'b', 'i', 'v', '.', 'b', 'i', 'z', '\0',
+  /* "probiv.cc", true */ 'p', 'r', 'o', 'b', 'i', 'v', '.', 'c', 'c', '\0',
+  /* "procens.us", true */ 'p', 'r', 'o', 'c', 'e', 'n', 's', '.', 'u', 's', '\0',
+  /* "procensus.com", true */ 'p', 'r', 'o', 'c', 'e', 'n', 's', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "procert.ch", true */ 'p', 'r', 'o', 'c', 'e', 'r', 't', '.', 'c', 'h', '\0',
+  /* "processesinmotion.com", true */ 'p', 'r', 'o', 'c', 'e', 's', 's', 'e', 's', 'i', 'n', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "procharter.com", true */ 'p', 'r', 'o', 'c', 'h', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "procinorte.net", true */ 'p', 'r', 'o', 'c', 'i', 'n', 'o', 'r', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "proclib.org", true */ 'p', 'r', 'o', 'c', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "procrastinationland.com", true */ 'p', 'r', 'o', 'c', 'r', 'a', 's', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "proctorio.com", true */ 'p', 'r', 'o', 'c', 't', 'o', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prodct.info", true */ 'p', 'r', 'o', 'd', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "prodigia.com", true */ 'p', 'r', 'o', 'd', 'i', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prodinger.com", true */ 'p', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "prodsim.ninja", true */ 'p', 'r', 'o', 'd', 's', 'i', 'm', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "producertools.io", true */ 'p', 'r', 'o', 'd', 'u', 'c', 'e', 'r', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0',
+  /* "productbarcodes.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'b', 'a', 'r', 'c', 'o', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "productboard.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "productdesignsoftware.com.au", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'd', 'e', 's', 'i', 'g', 'n', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "productgap.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'g', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "productived.net", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "productpeo.pl", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'p', 'e', 'o', '.', 'p', 'l', '\0',
+  /* "products4more.at", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '4', 'm', 'o', 'r', 'e', '.', 'a', 't', '\0',
+  /* "proefteksten.nl", false */ 'p', 'r', 'o', 'e', 'f', 't', 'e', 'k', 's', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "proemployeeprotection.com", true */ 'p', 'r', 'o', 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "proemployeeprotection.net", true */ 'p', 'r', 'o', 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "prof.ch", true */ 'p', 'r', 'o', 'f', '.', 'c', 'h', '\0',
+  /* "profection.biz", true */ 'p', 'r', 'o', 'f', 'e', 'c', 't', 'i', 'o', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "professionalboundaries.com", true */ 'p', 'r', 'o', 'f', 'e', 's', 's', 'i', 'o', 'n', 'a', 'l', 'b', 'o', 'u', 'n', 'd', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "professors.ee", true */ 'p', 'r', 'o', 'f', 'e', 's', 's', 'o', 'r', 's', '.', 'e', 'e', '\0',
+  /* "profidea.cz", true */ 'p', 'r', 'o', 'f', 'i', 'd', 'e', 'a', '.', 'c', 'z', '\0',
+  /* "profile.tf", true */ 'p', 'r', 'o', 'f', 'i', 'l', 'e', '.', 't', 'f', '\0',
+  /* "profiles.google.com", true */ 'p', 'r', 'o', 'f', 'i', 'l', 'e', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "profinetz.de", true */ 'p', 'r', 'o', 'f', 'i', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "profitablewebprojects.com", true */ 'p', 'r', 'o', 'f', 'i', 't', 'a', 'b', 'l', 'e', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "profitopia.de", true */ 'p', 'r', 'o', 'f', 'i', 't', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "proft.eu", true */ 'p', 'r', 'o', 'f', 't', '.', 'e', 'u', '\0',
+  /* "progarm.org", true */ 'p', 'r', 'o', 'g', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "progeon.nl", true */ 'p', 'r', 'o', 'g', 'e', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "progg.no", true */ 'p', 'r', 'o', 'g', 'g', '.', 'n', 'o', '\0',
+  /* "proggersession.com", true */ 'p', 'r', 'o', 'g', 'g', 'e', 'r', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "proggersession.de", true */ 'p', 'r', 'o', 'g', 'g', 'e', 'r', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "progiscad.com", true */ 'p', 'r', 'o', 'g', 'i', 's', 'c', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "progolfjourney.com", true */ 'p', 'r', 'o', 'g', 'o', 'l', 'f', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "programsupport300procent.com", true */ 'p', 'r', 'o', 'g', 'r', 'a', 'm', 's', 'u', 'p', 'p', 'o', 'r', 't', '3', '0', '0', 'p', 'r', 'o', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "progreso.pl", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 'o', '.', 'p', 'l', '\0',
+  /* "progress-linux.org", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '-', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "progress.photos", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "progressive.work", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', 'i', 'v', 'e', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "progressiveplanning.com", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', 'i', 'v', 'e', 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "prohrcloud.com", true */ 'p', 'r', 'o', 'h', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "proj.org.cn", true */ 'p', 'r', 'o', 'j', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0',
+  /* "project-rune.tech", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 'r', 'u', 'n', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "project-splash.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 's', 'p', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "project-stats.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "project.supply", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "projectarmy.net", false */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'a', 'r', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "projectbenson.com", false */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'b', 'e', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "projectblackbook.us", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'b', 'l', 'a', 'c', 'k', 'b', 'o', 'o', 'k', '.', 'u', 's', '\0',
+  /* "projectcastle.tech", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'c', 'a', 's', 't', 'l', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "projectforge.org", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'f', 'o', 'r', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "projectherogames.xyz", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'h', 'e', 'r', 'o', 'g', 'a', 'm', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "projectnom.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'n', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "projectsecretidentity.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', 'e', 'c', 'r', 'e', 't', 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "projectsecretidentity.org", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', 'e', 'c', 'r', 'e', 't', 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "projectte.ch", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 't', 'e', '.', 'c', 'h', '\0',
+  /* "projectunity.io", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'u', 'n', 'i', 't', 'y', '.', 'i', 'o', '\0',
+  /* "projekt-umbriel.de", true */ 'p', 'r', 'o', 'j', 'e', 'k', 't', '-', 'u', 'm', 'b', 'r', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "projektzentrisch.de", true */ 'p', 'r', 'o', 'j', 'e', 'k', 't', 'z', 'e', 'n', 't', 'r', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "projest.ch", true */ 'p', 'r', 'o', 'j', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "prok.pw", true */ 'p', 'r', 'o', 'k', '.', 'p', 'w', '\0',
+  /* "promedicalapplications.com", true */ 'p', 'r', 'o', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prometheanfire.net", true */ 'p', 'r', 'o', 'm', 'e', 't', 'h', 'e', 'a', 'n', 'f', 'i', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "prometheanfire.org", true */ 'p', 'r', 'o', 'm', 'e', 't', 'h', 'e', 'a', 'n', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "promhadan.com", true */ 'p', 'r', 'o', 'm', 'h', 'a', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "promisesaplus.com", true */ 'p', 'r', 'o', 'm', 'i', 's', 'e', 's', 'a', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "promocao.email", true */ 'p', 'r', 'o', 'm', 'o', 'c', 'a', 'o', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "promods.net", true */ 'p', 'r', 'o', 'm', 'o', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "promohunt.ru", true */ 'p', 'r', 'o', 'm', 'o', 'h', 'u', 'n', 't', '.', 'r', 'u', '\0',
+  /* "promolover.com", true */ 'p', 'r', 'o', 'm', 'o', 'l', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "promopony.com", true */ 'p', 'r', 'o', 'm', 'o', 'p', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "promoscuola.net", true */ 'p', 'r', 'o', 'm', 'o', 's', 'c', 'u', 'o', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "promoterms.com.au", true */ 'p', 'r', 'o', 'm', 'o', 't', 'e', 'r', 'm', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "promotiongeeks.com", false */ 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 'g', 'e', 'e', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pronto-intervento.net", true */ 'p', 'r', 'o', 'n', 't', 'o', '-', 'i', 'n', 't', 'e', 'r', 'v', 'e', 'n', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "proobec.cz", true */ 'p', 'r', 'o', 'o', 'b', 'e', 'c', '.', 'c', 'z', '\0',
+  /* "proofwiki.org", true */ 'p', 'r', 'o', 'o', 'f', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "proos.nl", true */ 'p', 'r', 'o', 'o', 's', '.', 'n', 'l', '\0',
+  /* "proovn.com", true */ 'p', 'r', 'o', 'o', 'v', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "propagandablog.de", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 'n', 'd', 'a', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "propagandism.org", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 'n', 'd', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "propagationtools.com", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 't', 'i', 'o', 'n', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "propepper.net", true */ 'p', 'r', 'o', 'p', 'e', 'p', 'p', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "propershave.com", true */ 'p', 'r', 'o', 'p', 'e', 'r', 's', 'h', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "properticons.com", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "property-catalogue.eu", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '-', 'c', 'a', 't', 'a', 'l', 'o', 'g', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "propertygroup.pl", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'p', 'l', '\0',
+  /* "propertyone.mk", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'o', 'n', 'e', '.', 'm', 'k', '\0',
+  /* "propipesystem.com", true */ 'p', 'r', 'o', 'p', 'i', 'p', 'e', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "proplan.co.il", true */ 'p', 'r', 'o', 'p', 'l', 'a', 'n', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "proposalonline.com", true */ 'p', 'r', 'o', 'p', 'o', 's', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "propr.no", true */ 'p', 'r', 'o', 'p', 'r', '.', 'n', 'o', '\0',
+  /* "propseller.com", true */ 'p', 'r', 'o', 'p', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "proseandleprechauns.com", true */ 'p', 'r', 'o', 's', 'e', 'a', 'n', 'd', 'l', 'e', 'p', 'r', 'e', 'c', 'h', 'a', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prosenseit.com", true */ 'p', 'r', 'o', 's', 'e', 'n', 's', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "proslimdiets.com", true */ 'p', 'r', 'o', 's', 'l', 'i', 'm', 'd', 'i', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prosocialmachines.com", true */ 'p', 'r', 'o', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'a', 'c', 'h', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prospanek.cz", true */ 'p', 'r', 'o', 's', 'p', 'a', 'n', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "prospo.co", true */ 'p', 'r', 'o', 's', 'p', 'o', '.', 'c', 'o', '\0',
+  /* "prostohobby.ru", true */ 'p', 'r', 'o', 's', 't', 'o', 'h', 'o', 'b', 'b', 'y', '.', 'r', 'u', '\0',
+  /* "prostye-recepty.com", true */ 'p', 'r', 'o', 's', 't', 'y', 'e', '-', 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "prot.ch", true */ 'p', 'r', 'o', 't', '.', 'c', 'h', '\0',
+  /* "proteapower.co.za", true */ 'p', 'r', 'o', 't', 'e', 'a', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "protecciondelconsumidor.gov", true */ 'p', 'r', 'o', 't', 'e', 'c', 'c', 'i', 'o', 'n', 'd', 'e', 'l', 'c', 'o', 'n', 's', 'u', 'm', 'i', 'd', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "protegetudescanso.com", true */ 'p', 'r', 'o', 't', 'e', 'g', 'e', 't', 'u', 'd', 'e', 's', 'c', 'a', 'n', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "proteinnuts.cz", true */ 'p', 'r', 'o', 't', 'e', 'i', 'n', 'n', 'u', 't', 's', '.', 'c', 'z', '\0',
+  /* "proteinnuts.sk", true */ 'p', 'r', 'o', 't', 'e', 'i', 'n', 'n', 'u', 't', 's', '.', 's', 'k', '\0',
+  /* "protempore.fr", true */ 'p', 'r', 'o', 't', 'e', 'm', 'p', 'o', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "proteus-eretes.nl", true */ 'p', 'r', 'o', 't', 'e', 'u', 's', '-', 'e', 'r', 'e', 't', 'e', 's', '.', 'n', 'l', '\0',
+  /* "proteus-tech.com", true */ 'p', 'r', 'o', 't', 'e', 'u', 's', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "proto-online.ru", true */ 'p', 'r', 'o', 't', 'o', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'u', '\0',
+  /* "protonmail.ch", true */ 'p', 'r', 'o', 't', 'o', 'n', 'm', 'a', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "protonmail.com", true */ 'p', 'r', 'o', 't', 'o', 'n', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "protonvpn.com", true */ 'p', 'r', 'o', 't', 'o', 'n', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "prototypefund.de", true */ 'p', 'r', 'o', 't', 'o', 't', 'y', 'p', 'e', 'f', 'u', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "protoxin.net", false */ 'p', 'r', 'o', 't', 'o', 'x', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "proust.ch", false */ 'p', 'r', 'o', 'u', 's', 't', '.', 'c', 'h', '\0',
+  /* "proust.media", false */ 'p', 'r', 'o', 'u', 's', 't', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "proustmedia.de", false */ 'p', 'r', 'o', 'u', 's', 't', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "provectus.de", true */ 'p', 'r', 'o', 'v', 'e', 'c', 't', 'u', 's', '.', 'd', 'e', '\0',
+  /* "proveits.me", false */ 'p', 'r', 'o', 'v', 'e', 'i', 't', 's', '.', 'm', 'e', '\0',
+  /* "provence-appartements.com", true */ 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '-', 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "providerlijst.com", true */ 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 'l', 'i', 'j', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "providerlijst.nl", true */ 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 'l', 'i', 'j', 's', 't', '.', 'n', 'l', '\0',
+  /* "provision-isr.nl", true */ 'p', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', '-', 'i', 's', 'r', '.', 'n', 'l', '\0',
+  /* "provisionaldriving.com", true */ 'p', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', 'a', 'l', 'd', 'r', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "provitec.com", true */ 'p', 'r', 'o', 'v', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "provitec.de", true */ 'p', 'r', 'o', 'v', 'i', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "provokator.co.il", true */ 'p', 'r', 'o', 'v', 'o', 'k', 'a', 't', 'o', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "proweser.de", true */ 'p', 'r', 'o', 'w', 'e', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "prowise.com", true */ 'p', 'r', 'o', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "proxbox.net", true */ 'p', 'r', 'o', 'x', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "proximityradio.fr", true */ 'p', 'r', 'o', 'x', 'i', 'm', 'i', 't', 'y', 'r', 'a', 'd', 'i', 'o', '.', 'f', 'r', '\0',
+  /* "proxybay.co", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'c', 'o', '\0',
+  /* "proxybay.eu.org", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "proxybay.la", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'l', 'a', '\0',
+  /* "proxybay.one", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "proxybay.tv", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 't', 'v', '\0',
+  /* "proxyportal.me", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "proxyportal.net", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "proxyportal.org", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "proymaganadera.com", true */ 'p', 'r', 'o', 'y', 'm', 'a', 'g', 'a', 'n', 'a', 'd', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prstatic.com", true */ 'p', 'r', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "prt.in.th", true */ 'p', 'r', 't', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "prtimes.com", true */ 'p', 'r', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prtpe.com", true */ 'p', 'r', 't', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pruma.com.br", true */ 'p', 'r', 'u', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "prvikvadrat.hr", true */ 'p', 'r', 'v', 'i', 'k', 'v', 'a', 'd', 'r', 'a', 't', '.', 'h', 'r', '\0',
+  /* "pryspry.com", true */ 'p', 'r', 'y', 's', 'p', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "przemas.pl", true */ 'p', 'r', 'z', 'e', 'm', 'a', 's', '.', 'p', 'l', '\0',
+  /* "ps-provider.co.jp", true */ 'p', 's', '-', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "ps-qa.com", true */ 'p', 's', '-', 'q', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ps-w.ru", true */ 'p', 's', '-', 'w', '.', 'r', 'u', '\0',
+  /* "ps-x.ru", true */ 'p', 's', '-', 'x', '.', 'r', 'u', '\0',
+  /* "ps4all.nl", true */ 'p', 's', '4', 'a', 'l', 'l', '.', 'n', 'l', '\0',
+  /* "psa.gov", true */ 'p', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "psb.cloud", true */ 'p', 's', 'b', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "psb1.org", true */ 'p', 's', 'b', '1', '.', 'o', 'r', 'g', '\0',
+  /* "psb1911.com", true */ 'p', 's', 'b', '1', '9', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "psb4ukr.org", true */ 'p', 's', 'b', '4', 'u', 'k', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "psbarrett.com", true */ 'p', 's', 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "psc.gov", true */ 'p', 's', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "pschierl.com", true */ 'p', 's', 'c', 'h', 'i', 'e', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "psdsfn.com", true */ 'p', 's', 'd', 's', 'f', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pseta.ru", true */ 'p', 's', 'e', 't', 'a', '.', 'r', 'u', '\0',
+  /* "pseudo.coffee", true */ 'p', 's', 'e', 'u', 'd', 'o', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "psicoexpansao.com.br", true */ 'p', 's', 'i', 'c', 'o', 'e', 'x', 'p', 'a', 'n', 's', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "psicologoforensebarcelona.com", true */ 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'o', 'f', 'o', 'r', 'e', 'n', 's', 'e', 'b', 'a', 'r', 'c', 'e', 'l', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "psicologoforensemadrid.com", true */ 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'o', 'f', 'o', 'r', 'e', 'n', 's', 'e', 'm', 'a', 'd', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "psicosalud.online", true */ 'p', 's', 'i', 'c', 'o', 's', 'a', 'l', 'u', 'd', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "psm.org.ph", true */ 'p', 's', 'm', '.', 'o', 'r', 'g', '.', 'p', 'h', '\0',
+  /* "pson.ninja", true */ 'p', 's', 'o', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "psono.pw", true */ 'p', 's', 'o', 'n', 'o', '.', 'p', 'w', '\0',
+  /* "pssgcsim.org", true */ 'p', 's', 's', 'g', 'c', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "pste.pw", true */ 'p', 's', 't', 'e', '.', 'p', 'w', '\0',
+  /* "pstrozniak.com", true */ 'p', 's', 't', 'r', 'o', 'z', 'n', 'i', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "psu.je", true */ 'p', 's', 'u', '.', 'j', 'e', '\0',
+  /* "psw-consulting.de", true */ 'p', 's', 'w', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "psw-group.de", true */ 'p', 's', 'w', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0',
+  /* "psw.net", true */ 'p', 's', 'w', '.', 'n', 'e', 't', '\0',
+  /* "psxtr.com", true */ 'p', 's', 'x', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "psyao.ch", true */ 'p', 's', 'y', 'a', 'o', '.', 'c', 'h', '\0',
+  /* "psychedelia.com", true */ 'p', 's', 'y', 'c', 'h', 'e', 'd', 'e', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "psychedelics.org", true */ 'p', 's', 'y', 'c', 'h', 'e', 'd', 'e', 'l', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "psychiatrie-betreuung.ch", true */ 'p', 's', 'y', 'c', 'h', 'i', 'a', 't', 'r', 'i', 'e', '-', 'b', 'e', 't', 'r', 'e', 'u', 'u', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "psychic-healer-mariya-i-petrova-boyankinska-b-borovan-bg.com", true */ 'p', 's', 'y', 'c', 'h', 'i', 'c', '-', 'h', 'e', 'a', 'l', 'e', 'r', '-', 'm', 'a', 'r', 'i', 'y', 'a', '-', 'i', '-', 'p', 'e', 't', 'r', 'o', 'v', 'a', '-', 'b', 'o', 'y', 'a', 'n', 'k', 'i', 'n', 's', 'k', 'a', '-', 'b', '-', 'b', 'o', 'r', 'o', 'v', 'a', 'n', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "psychintervention.com", true */ 'p', 's', 'y', 'c', 'h', 'i', 'n', 't', 'e', 'r', 'v', 'e', 'n', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "psycho-lobby.com", true */ 'p', 's', 'y', 'c', 'h', 'o', '-', 'l', 'o', 'b', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "psycho.space", true */ 'p', 's', 'y', 'c', 'h', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "psychoactive.com", true */ 'p', 's', 'y', 'c', 'h', 'o', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "psychotherapie-kp.de", true */ 'p', 's', 'y', 'c', 'h', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', '-', 'k', 'p', '.', 'd', 'e', '\0',
+  /* "psydix.org", true */ 'p', 's', 'y', 'd', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "psyk.yt", true */ 'p', 's', 'y', 'k', '.', 'y', 't', '\0',
+  /* "psylab.cc", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'c', 'c', '\0',
+  /* "psylab.re", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'r', 'e', '\0',
+  /* "psylab.vip", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'v', 'i', 'p', '\0',
+  /* "psynapse.net.au", true */ 'p', 's', 'y', 'n', 'a', 'p', 's', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "pt-server.de", true */ 'p', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ptal.eu", true */ 'p', 't', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "ptbi.org.pl", true */ 'p', 't', 'b', 'i', '.', 'o', 'r', 'g', '.', 'p', 'l', '\0',
+  /* "ptbx.co", true */ 'p', 't', 'b', 'x', '.', 'c', 'o', '\0',
+  /* "pterodactylus.cz", true */ 'p', 't', 'e', 'r', 'o', 'd', 'a', 'c', 't', 'y', 'l', 'u', 's', '.', 'c', 'z', '\0',
+  /* "ptgoldensun.com", true */ 'p', 't', 'g', 'o', 'l', 'd', 'e', 'n', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ptm.ro", false */ 'p', 't', 'm', '.', 'r', 'o', '\0',
+  /* "ptmarquees.ie", true */ 'p', 't', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'i', 'e', '\0',
+  /* "ptrbrs.nl", true */ 'p', 't', 'r', 'b', 'r', 's', '.', 'n', 'l', '\0',
+  /* "ptrl.ws", true */ 'p', 't', 'r', 'l', '.', 'w', 's', '\0',
+  /* "ptron.org", true */ 'p', 't', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ptrujillo.com", true */ 'p', 't', 'r', 'u', 'j', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "puac.de", true */ 'p', 'u', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "pub-online.ro", true */ 'p', 'u', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'o', '\0',
+  /* "pubi.me", true */ 'p', 'u', 'b', 'i', '.', 'm', 'e', '\0',
+  /* "publanda.nl", true */ 'p', 'u', 'b', 'l', 'a', 'n', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "public-g.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'g', '.', 'd', 'e', '\0',
+  /* "public-projects.com", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "public-projects.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'd', 'e', '\0',
+  /* "public-vocals.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'v', 'o', 'c', 'a', 'l', 's', '.', 'd', 'e', '\0',
+  /* "publiccarauctionscalifornia.com", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "publicintegrity.org", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "publicintelligence.net", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "publick.net", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "publicsuffix.org", true */ 'p', 'u', 'b', 'l', 'i', 'c', 's', 'u', 'f', 'f', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "publiq.space", true */ 'p', 'u', 'b', 'l', 'i', 'q', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "pubreviews.com", true */ 'p', 'u', 'b', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pucchi.net", true */ 'p', 'u', 'c', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "puchunguis.com", true */ 'p', 'u', 'c', 'h', 'u', 'n', 'g', 'u', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pucssa.org", true */ 'p', 'u', 'c', 's', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "puddis.de", true */ 'p', 'u', 'd', 'd', 'i', 's', '.', 'd', 'e', '\0',
+  /* "puetter.eu", true */ 'p', 'u', 'e', 't', 't', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "pugovka72.ru", true */ 'p', 'u', 'g', 'o', 'v', 'k', 'a', '7', '2', '.', 'r', 'u', '\0',
+  /* "puhka.me", true */ 'p', 'u', 'h', 'k', 'a', '.', 'm', 'e', '\0',
+  /* "puikheid.nl", true */ 'p', 'u', 'i', 'k', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "puissancemac.ch", true */ 'p', 'u', 'i', 's', 's', 'a', 'n', 'c', 'e', 'm', 'a', 'c', '.', 'c', 'h', '\0',
+  /* "puli.com.br", true */ 'p', 'u', 'l', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pulledporkheaven.com", true */ 'p', 'u', 'l', 'l', 'e', 'd', 'p', 'o', 'r', 'k', 'h', 'e', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pulsedursley.co.uk", true */ 'p', 'u', 'l', 's', 'e', 'd', 'u', 'r', 's', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pumperszene.com", true */ 'p', 'u', 'm', 'p', 'e', 'r', 's', 'z', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "puneflowermall.com", true */ 'p', 'u', 'n', 'e', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "punikonta.de", true */ 'p', 'u', 'n', 'i', 'k', 'o', 'n', 't', 'a', '.', 'd', 'e', '\0',
+  /* "punitsheth.com", true */ 'p', 'u', 'n', 'i', 't', 's', 'h', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "punkapoule.fr", true */ 'p', 'u', 'n', 'k', 'a', 'p', 'o', 'u', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "punkdns.top", true */ 'p', 'u', 'n', 'k', 'd', 'n', 's', '.', 't', 'o', 'p', '\0',
+  /* "punknews.org", true */ 'p', 'u', 'n', 'k', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "pupboss.com", true */ 'p', 'u', 'p', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "puppet.pl", true */ 'p', 'u', 'p', 'p', 'e', 't', '.', 'p', 'l', '\0',
+  /* "purahealthyliving.com", true */ 'p', 'u', 'r', 'a', 'h', 'e', 'a', 'l', 't', 'h', 'y', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "purelunch.co.uk", true */ 'p', 'u', 'r', 'e', 'l', 'u', 'n', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "purevapeofficial.com", true */ 'p', 'u', 'r', 'e', 'v', 'a', 'p', 'e', 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "purikore.com", true */ 'p', 'u', 'r', 'i', 'k', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "purplebooth.co.uk", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'b', 'o', 'o', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "purplebricksplc.com", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'b', 'r', 'i', 'c', 'k', 's', 'p', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "purplemoon.ch", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'm', 'o', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "purpleplains.net", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'p', 'l', 'a', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "purplepr.bg", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'p', 'r', '.', 'b', 'g', '\0',
+  /* "purplestar.ch", true */ 'p', 'u', 'r', 'p', 'l', 'e', 's', 't', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "purplestar.com", true */ 'p', 'u', 'r', 'p', 'l', 'e', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "purplewindows.net", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "purplez.pw", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'z', '.', 'p', 'w', '\0',
+  /* "purpspc.com", true */ 'p', 'u', 'r', 'p', 's', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "purrfect-box.co.uk", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', '-', 'b', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "purrfectboudoir.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'b', 'o', 'u', 'd', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "purrfectcams.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "purrfectmembersclub.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'm', 'e', 'm', 'b', 'e', 'r', 's', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "purrfectswingers.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 's', 'w', 'i', 'n', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "puryearlaw.com", true */ 'p', 'u', 'r', 'y', 'e', 'a', 'r', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "pusatinkubatorbayi.com", true */ 'p', 'u', 's', 'a', 't', 'i', 'n', 'k', 'u', 'b', 'a', 't', 'o', 'r', 'b', 'a', 'y', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "put.moe", true */ 'p', 'u', 't', '.', 'm', 'o', 'e', '\0',
+  /* "put.re", true */ 'p', 'u', 't', '.', 'r', 'e', '\0',
+  /* "putatara.net", true */ 'p', 'u', 't', 'a', 't', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "putney.io", true */ 'p', 'u', 't', 'n', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "puurwonengeldrop.nl", false */ 'p', 'u', 'u', 'r', 'w', 'o', 'n', 'e', 'n', 'g', 'e', 'l', 'd', 'r', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "puxlit.net", true */ 'p', 'u', 'x', 'l', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "puyallupnissanparts.com", true */ 'p', 'u', 'y', 'a', 'l', 'l', 'u', 'p', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "puyblanc.info", true */ 'p', 'u', 'y', 'b', 'l', 'a', 'n', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "puzz.gg", true */ 'p', 'u', 'z', 'z', '.', 'g', 'g', '\0',
+  /* "puzz.me", true */ 'p', 'u', 'z', 'z', '.', 'm', 'e', '\0',
+  /* "puzzle-welt.ch", true */ 'p', 'u', 'z', 'z', 'l', 'e', '-', 'w', 'e', 'l', 't', '.', 'c', 'h', '\0',
+  /* "puzzlepoint.ch", true */ 'p', 'u', 'z', 'z', 'l', 'e', 'p', 'o', 'i', 'n', 't', '.', 'c', 'h', '\0',
+  /* "pv-paderborn-now.de", true */ 'p', 'v', '-', 'p', 'a', 'd', 'e', 'r', 'b', 'o', 'r', 'n', '-', 'n', 'o', 'w', '.', 'd', 'e', '\0',
+  /* "pvcvoordeel.nl", false */ 'p', 'v', 'c', 'v', 'o', 'o', 'r', 'd', 'e', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "pvmotorco.com", true */ 'p', 'v', 'm', 'o', 't', 'o', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pvpcraft.ca", true */ 'p', 'v', 'p', 'c', 'r', 'a', 'f', 't', '.', 'c', 'a', '\0',
+  /* "pvtschlag.com", true */ 'p', 'v', 't', 's', 'c', 'h', 'l', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pwdsafe.com", true */ 'p', 'w', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pwe.vision", true */ 'p', 'w', 'e', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0',
+  /* "pwfrance.com", true */ 'p', 'w', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pwi.agency", true */ 'p', 'w', 'i', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "pwnies.dk", true */ 'p', 'w', 'n', 'i', 'e', 's', '.', 'd', 'k', '\0',
+  /* "pwntr.com", true */ 'p', 'w', 'n', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pwolk.com", true */ 'p', 'w', 'o', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "pxx.io", true */ 'p', 'x', 'x', '.', 'i', 'o', '\0',
+  /* "py-amf.org", true */ 'p', 'y', '-', 'a', 'm', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "py.search.yahoo.com", false */ 'p', 'y', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pygarage.com", true */ 'p', 'y', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pyjiaoyi.cf", true */ 'p', 'y', 'j', 'i', 'a', 'o', 'y', 'i', '.', 'c', 'f', '\0',
+  /* "pyopenssl.org", true */ 'p', 'y', 'o', 'p', 'e', 'n', 's', 's', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "pypa.io", true */ 'p', 'y', 'p', 'a', '.', 'i', 'o', '\0',
+  /* "pypi.io", true */ 'p', 'y', 'p', 'i', '.', 'i', 'o', '\0',
+  /* "pypi.org", true */ 'p', 'y', 'p', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "pypi.python.org", true */ 'p', 'y', 'p', 'i', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "pyrotechnologie.de", true */ 'p', 'y', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "pyspace.org", true */ 'p', 'y', 's', 'p', 'a', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "python-hyper.org", true */ 'p', 'y', 't', 'h', 'o', 'n', '-', 'h', 'y', 'p', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "python.org", false */ 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "pyzlnar.com", true */ 'p', 'y', 'z', 'l', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "q-inn.com", true */ 'q', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "q-inn.nl", true */ 'q', '-', 'i', 'n', 'n', '.', 'n', 'l', '\0',
+  /* "qa-brandywineglobal.com", true */ 'q', 'a', '-', 'b', 'r', 'a', 'n', 'd', 'y', 'w', 'i', 'n', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qa.stg.fedoraproject.org", true */ 'q', 'a', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "qaconstrucciones.com", true */ 'q', 'a', 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 'c', 'i', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qamrulhaque.com", true */ 'q', 'a', 'm', 'r', 'u', 'l', 'h', 'a', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qandavision.com", false */ 'q', 'a', 'n', 'd', 'a', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "qapital.com", true */ 'q', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qbeing.info", true */ 'q', 'b', 'e', 'i', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "qbiju.com.br", true */ 'q', 'b', 'i', 'j', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "qbin.io", true */ 'q', 'b', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "qbus.pl", true */ 'q', 'b', 'u', 's', '.', 'p', 'l', '\0',
+  /* "qc.search.yahoo.com", false */ 'q', 'c', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "qccareerschool.com", false */ 'q', 'c', 'c', 'a', 'r', 'e', 'e', 'r', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qcdesignschool.com", true */ 'q', 'c', 'd', 'e', 's', 'i', 'g', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qceventplanning.com", false */ 'q', 'c', 'e', 'v', 'e', 'n', 't', 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "qcloud.cz", true */ 'q', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'z', '\0',
+  /* "qcmakeupacademy.com", true */ 'q', 'c', 'm', 'a', 'k', 'e', 'u', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "qcstudentcenter.com", false */ 'q', 'c', 's', 't', 'u', 'd', 'e', 'n', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "qcstyleacademy.com", false */ 'q', 'c', 's', 't', 'y', 'l', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "qctravelschool.com", false */ 'q', 'c', 't', 'r', 'a', 'v', 'e', 'l', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qe2homelottery.com", true */ 'q', 'e', '2', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "qedcon.org", false */ 'q', 'e', 'd', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "qelectrotech.org", true */ 'q', 'e', 'l', 'e', 'c', 't', 'r', 'o', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "qetesh.de", true */ 'q', 'e', 't', 'e', 's', 'h', '.', 'd', 'e', '\0',
+  /* "qetic.co.jp", true */ 'q', 'e', 't', 'i', 'c', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "qewc.com", true */ 'q', 'e', 'w', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "qgustavor.tk", true */ 'q', 'g', 'u', 's', 't', 'a', 'v', 'o', 'r', '.', 't', 'k', '\0',
+  /* "qhse-professionals.nl", true */ 'q', 'h', 's', 'e', '-', 'p', 'r', 'o', 'f', 'e', 's', 's', 'i', 'o', 'n', 'a', 'l', 's', '.', 'n', 'l', '\0',
+  /* "qianalysis.com", true */ 'q', 'i', 'a', 'n', 'a', 'l', 'y', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qifu.me", true */ 'q', 'i', 'f', 'u', '.', 'm', 'e', '\0',
+  /* "qifu.org.cn", true */ 'q', 'i', 'f', 'u', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0',
+  /* "qimiao.io", true */ 'q', 'i', 'm', 'i', 'a', 'o', '.', 'i', 'o', '\0',
+  /* "qingpat.com", true */ 'q', 'i', 'n', 'g', 'p', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "qingpei.me", false */ 'q', 'i', 'n', 'g', 'p', 'e', 'i', '.', 'm', 'e', '\0',
+  /* "qionouu.cn", true */ 'q', 'i', 'o', 'n', 'o', 'u', 'u', '.', 'c', 'n', '\0',
+  /* "qirinus.com", true */ 'q', 'i', 'r', 'i', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qitarabutrans.com", true */ 'q', 'i', 't', 'a', 'r', 'a', 'b', 'u', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qits.de", false */ 'q', 'i', 't', 's', '.', 'd', 'e', '\0',
+  /* "qivonline.pt", true */ 'q', 'i', 'v', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 't', '\0',
+  /* "qiwi.be", true */ 'q', 'i', 'w', 'i', '.', 'b', 'e', '\0',
+  /* "qixi.biz", true */ 'q', 'i', 'x', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "qkka.org", true */ 'q', 'k', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "qkmortgage.com", true */ 'q', 'k', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qldconservation.org.au", true */ 'q', 'l', 'd', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "qledtech.com", true */ 'q', 'l', 'e', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "qlrace.com", false */ 'q', 'l', 'r', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qm-marzahnnordwest.de", true */ 'q', 'm', '-', 'm', 'a', 'r', 'z', 'a', 'h', 'n', 'n', 'o', 'r', 'd', 'w', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "qochealth.com", true */ 'q', 'o', 'c', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "qoohoot.com", true */ 'q', 'o', 'o', 'h', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "qotw.net", true */ 'q', 'o', 't', 'w', '.', 'n', 'e', 't', '\0',
+  /* "qq-navi.com", true */ 'q', 'q', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "qqj.net", true */ 'q', 'q', 'j', '.', 'n', 'e', 't', '\0',
+  /* "qqvips.com", false */ 'q', 'q', 'v', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qrcontagion.com", true */ 'q', 'r', 'c', 'o', 'n', 't', 'a', 'g', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "qrpth.eu", true */ 'q', 'r', 'p', 't', 'h', '.', 'e', 'u', '\0',
+  /* "qtl.me", true */ 'q', 't', 'l', '.', 'm', 'e', '\0',
+  /* "qto.com", true */ 'q', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "qtpass.org", true */ 'q', 't', 'p', 'a', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "qtpower.co.uk", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "qtpower.net", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "qtpower.org", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "qtvr.com", true */ 'q', 't', 'v', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "qtxh.net", true */ 'q', 't', 'x', 'h', '.', 'n', 'e', 't', '\0',
+  /* "quackerswaterproofing.com", true */ 'q', 'u', 'a', 'c', 'k', 'e', 'r', 's', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "quaedam.org", true */ 'q', 'u', 'a', 'e', 'd', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "quaggan.co", true */ 'q', 'u', 'a', 'g', 'g', 'a', 'n', '.', 'c', 'o', '\0',
+  /* "quai10.org", false */ 'q', 'u', 'a', 'i', '1', '0', '.', 'o', 'r', 'g', '\0',
+  /* "quakelive.dk", false */ 'q', 'u', 'a', 'k', 'e', 'l', 'i', 'v', 'e', '.', 'd', 'k', '\0',
+  /* "qualite-ecole-et-formation.ch", true */ 'q', 'u', 'a', 'l', 'i', 't', 'e', '-', 'e', 'c', 'o', 'l', 'e', '-', 'e', 't', '-', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "quality-life.gr", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', '-', 'l', 'i', 'f', 'e', '.', 'g', 'r', '\0',
+  /* "qualityedgarsolutions.com", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'e', 'd', 'g', 'a', 'r', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qualityhomesystems.com", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'h', 'o', 'm', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qualityofcourse.com", false */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'o', 'f', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qualitypropertycare.co.uk", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "qualtrics.com", true */ 'q', 'u', 'a', 'l', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quanterra.ch", true */ 'q', 'u', 'a', 'n', 't', 'e', 'r', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "quantor.dk", true */ 'q', 'u', 'a', 'n', 't', 'o', 'r', '.', 'd', 'k', '\0',
+  /* "quantoras.com", true */ 'q', 'u', 'a', 'n', 't', 'o', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quantum-lviv.pp.ua", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '-', 'l', 'v', 'i', 'v', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "quantum-mechanics.com", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '-', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quantum2.xyz", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '2', '.', 'x', 'y', 'z', '\0',
+  /* "quantumfurball.net", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', 'f', 'u', 'r', 'b', 'a', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "quantumwebs.co", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', 'w', 'e', 'b', 's', '.', 'c', 'o', '\0',
+  /* "quanyin.eu.org", true */ 'q', 'u', 'a', 'n', 'y', 'i', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "quareal.ru", true */ 'q', 'u', 'a', 'r', 'e', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "quarryhillrentals.com", true */ 'q', 'u', 'a', 'r', 'r', 'y', 'h', 'i', 'l', 'l', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quarterfull.com", true */ 'q', 'u', 'a', 'r', 't', 'e', 'r', 'f', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "quasarelectronics.co.uk", true */ 'q', 'u', 'a', 's', 'a', 'r', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "quasseldroid.info", true */ 'q', 'u', 'a', 's', 's', 'e', 'l', 'd', 'r', 'o', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "quatrefoiscent.fr", true */ 'q', 'u', 'a', 't', 'r', 'e', 'f', 'o', 'i', 's', 'c', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "qubes-os.org", true */ 'q', 'u', 'b', 'e', 's', '-', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "qubyte.codes", true */ 'q', 'u', 'b', 'y', 't', 'e', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "quchao.com", true */ 'q', 'u', 'c', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "queenshaflo.com", true */ 'q', 'u', 'e', 'e', 'n', 's', 'h', 'a', 'f', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "queensrdapartments.com.au", true */ 'q', 'u', 'e', 'e', 'n', 's', 'r', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "queer.party", true */ 'q', 'u', 'e', 'e', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "queercinema.ch", true */ 'q', 'u', 'e', 'e', 'r', 'c', 'i', 'n', 'e', 'm', 'a', '.', 'c', 'h', '\0',
+  /* "queercoders.com", false */ 'q', 'u', 'e', 'e', 'r', 'c', 'o', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quehacerencusco.com", true */ 'q', 'u', 'e', 'h', 'a', 'c', 'e', 'r', 'e', 'n', 'c', 'u', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "quelleformation.net", true */ 'q', 'u', 'e', 'l', 'l', 'e', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "queminventou.com.br", true */ 'q', 'u', 'e', 'm', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "quemmeliga.com", true */ 'q', 'u', 'e', 'm', 'm', 'e', 'l', 'i', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "quentinchevre.ch", true */ 'q', 'u', 'e', 'n', 't', 'i', 'n', 'c', 'h', 'e', 'v', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "quera.ir", true */ 'q', 'u', 'e', 'r', 'a', '.', 'i', 'r', '\0',
+  /* "queroreceitasoberana.com.br", true */ 'q', 'u', 'e', 'r', 'o', 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', 'o', 'b', 'e', 'r', 'a', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "query-massage.com", true */ 'q', 'u', 'e', 'r', 'y', '-', 'm', 'a', 's', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "question.com", true */ 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "questionable.host", true */ 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', 'a', 'b', 'l', 'e', '.', 'h', 'o', 's', 't', '\0',
+  /* "questsocial.it", true */ 'q', 'u', 'e', 's', 't', 's', 'o', 'c', 'i', 'a', 'l', '.', 'i', 't', '\0',
+  /* "quevisiongrafica.com", true */ 'q', 'u', 'e', 'v', 'i', 's', 'i', 'o', 'n', 'g', 'r', 'a', 'f', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "quic.fr", true */ 'q', 'u', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "quickboysvrouwen2.nl", true */ 'q', 'u', 'i', 'c', 'k', 'b', 'o', 'y', 's', 'v', 'r', 'o', 'u', 'w', 'e', 'n', '2', '.', 'n', 'l', '\0',
+  /* "quietapple.org", true */ 'q', 'u', 'i', 'e', 't', 'a', 'p', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "quikchange.net", true */ 'q', 'u', 'i', 'k', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "quikpay.com.au", true */ 'q', 'u', 'i', 'k', 'p', 'a', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "quikrmovies.to", true */ 'q', 'u', 'i', 'k', 'r', 'm', 'o', 'v', 'i', 'e', 's', '.', 't', 'o', '\0',
+  /* "quinnlabs.com", true */ 'q', 'u', 'i', 'n', 'n', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quinoa24.com", true */ 'q', 'u', 'i', 'n', 'o', 'a', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "quintessa.org", true */ 'q', 'u', 'i', 'n', 't', 'e', 's', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "quire.io", true */ 'q', 'u', 'i', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "quizogames.com", true */ 'q', 'u', 'i', 'z', 'o', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qul.link", true */ 'q', 'u', 'l', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "quli.nl", false */ 'q', 'u', 'l', 'i', '.', 'n', 'l', '\0',
+  /* "quocdesign.ch", true */ 'q', 'u', 'o', 'c', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "quotev.com", true */ 'q', 'u', 'o', 't', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "quppa.net", true */ 'q', 'u', 'p', 'p', 'a', '.', 'n', 'e', 't', '\0',
+  /* "quuz.org", true */ 'q', 'u', 'u', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "qvggroup.com", true */ 'q', 'v', 'g', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "qvi.st", true */ 'q', 'v', 'i', '.', 's', 't', '\0',
+  /* "qvitoo.com", true */ 'q', 'v', 'i', 't', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "qwans.nl", true */ 'q', 'w', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "qwant.com", true */ 'q', 'w', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "qwant.fr", true */ 'q', 'w', 'a', 'n', 't', '.', 'f', 'r', '\0',
+  /* "qwaser.fr", true */ 'q', 'w', 'a', 's', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "qwe7002.com", true */ 'q', 'w', 'e', '7', '0', '0', '2', '.', 'c', 'o', 'm', '\0',
+  /* "qweepi.de", true */ 'q', 'w', 'e', 'e', 'p', 'i', '.', 'd', 'e', '\0',
+  /* "qwertee.com", true */ 'q', 'w', 'e', 'r', 't', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qwerty.work", true */ 'q', 'w', 'e', 'r', 't', 'y', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "qwikdash.com", true */ 'q', 'w', 'i', 'k', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "qxy.ch", true */ 'q', 'x', 'y', '.', 'c', 'h', '\0',
+  /* "r-core.org", true */ 'r', '-', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "r-cut.fr", true */ 'r', '-', 'c', 'u', 't', '.', 'f', 'r', '\0',
+  /* "r-rwebdesign.com", true */ 'r', '-', 'r', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "r0t.co", true */ 'r', '0', 't', '.', 'c', 'o', '\0',
+  /* "r0uzic.net", true */ 'r', '0', 'u', 'z', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "r2d2pc.com", true */ 'r', '2', 'd', '2', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "r3nt3r.com", true */ 'r', '3', 'n', 't', '3', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "r3s1stanc3.me", true */ 'r', '3', 's', '1', 's', 't', 'a', 'n', 'c', '3', '.', 'm', 'e', '\0',
+  /* "r40.us", true */ 'r', '4', '0', '.', 'u', 's', '\0',
+  /* "r6-team.ru", true */ 'r', '6', '-', 't', 'e', 'a', 'm', '.', 'r', 'u', '\0',
+  /* "r7h.at", true */ 'r', '7', 'h', '.', 'a', 't', '\0',
+  /* "r811.de", true */ 'r', '8', '1', '1', '.', 'd', 'e', '\0',
+  /* "ra-micro-koeln.de", true */ 'r', 'a', '-', 'm', 'i', 'c', 'r', 'o', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "ra.co.ke", true */ 'r', 'a', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "ra4wvpn.com", true */ 'r', 'a', '4', 'w', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "raah.co", true */ 'r', 'a', 'a', 'h', '.', 'c', 'o', '\0',
+  /* "rabbit.wales", false */ 'r', 'a', 'b', 'b', 'i', 't', '.', 'w', 'a', 'l', 'e', 's', '\0',
+  /* "rabbitvcactus.eu", true */ 'r', 'a', 'b', 'b', 'i', 't', 'v', 'c', 'a', 'c', 't', 'u', 's', '.', 'e', 'u', '\0',
+  /* "rabotaescort.com", true */ 'r', 'a', 'b', 'o', 't', 'a', 'e', 's', 'c', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rabynska.eu", true */ 'r', 'a', 'b', 'y', 'n', 's', 'k', 'a', '.', 'e', 'u', '\0',
+  /* "racasdecachorro.org", true */ 'r', 'a', 'c', 'a', 's', 'd', 'e', 'c', 'a', 'c', 'h', 'o', 'r', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "raccoltarifiuti.com", true */ 'r', 'a', 'c', 'c', 'o', 'l', 't', 'a', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "racermaster.xyz", true */ 'r', 'a', 'c', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "raceviewcycles.com", true */ 'r', 'a', 'c', 'e', 'v', 'i', 'e', 'w', 'c', 'y', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "raceviewequestrian.com", true */ 'r', 'a', 'c', 'e', 'v', 'i', 'e', 'w', 'e', 'q', 'u', 'e', 's', 't', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rachaelrussell.com", true */ 'r', 'a', 'c', 'h', 'a', 'e', 'l', 'r', 'u', 's', 's', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rachelchen.me", true */ 'r', 'a', 'c', 'h', 'e', 'l', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "rachelreagan.com", true */ 'r', 'a', 'c', 'h', 'e', 'l', 'r', 'e', 'a', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rachelsbouncycastles.co.uk", true */ 'r', 'a', 'c', 'h', 'e', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rachida-dati.eu", true */ 'r', 'a', 'c', 'h', 'i', 'd', 'a', '-', 'd', 'a', 't', 'i', '.', 'e', 'u', '\0',
+  /* "racius.com", true */ 'r', 'a', 'c', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rackerlab.com", true */ 'r', 'a', 'c', 'k', 'e', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "racktear.com", true */ 'r', 'a', 'c', 'k', 't', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "raconconsulting.co.uk", true */ 'r', 'a', 'c', 'o', 'n', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "racoo.net", true */ 'r', 'a', 'c', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "racunovodstvo-prina.si", true */ 'r', 'a', 'c', 'u', 'n', 'o', 'v', 'o', 'd', 's', 't', 'v', 'o', '-', 'p', 'r', 'i', 'n', 'a', '.', 's', 'i', '\0',
+  /* "rad-route.de", true */ 'r', 'a', 'd', '-', 'r', 'o', 'u', 't', 'e', '.', 'd', 'e', '\0',
+  /* "radar.sx", true */ 'r', 'a', 'd', 'a', 'r', '.', 's', 'x', '\0',
+  /* "radaravia.ru", true */ 'r', 'a', 'd', 'a', 'r', 'a', 'v', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "radcube.hu", true */ 'r', 'a', 'd', 'c', 'u', 'b', 'e', '.', 'h', 'u', '\0',
+  /* "raddavarden.nu", true */ 'r', 'a', 'd', 'd', 'a', 'v', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "radfieldhomecare.co.uk", true */ 'r', 'a', 'd', 'f', 'i', 'e', 'l', 'd', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "radfieldhomecarefranchising.co.uk", true */ 'r', 'a', 'd', 'f', 'i', 'e', 'l', 'd', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "radical.org", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "radicaloptimism.org", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', 'o', 'p', 't', 'i', 'm', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "radicalsub.com.br", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', 's', 'u', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "radins.com", true */ 'r', 'a', 'd', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "radio-utopie.de", true */ 'r', 'a', 'd', 'i', 'o', '-', 'u', 't', 'o', 'p', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "radio1.ie", true */ 'r', 'a', 'd', 'i', 'o', '1', '.', 'i', 'e', '\0',
+  /* "radioilusion.es", true */ 'r', 'a', 'd', 'i', 'o', 'i', 'l', 'u', 's', 'i', 'o', 'n', '.', 'e', 's', '\0',
+  /* "radiom.fr", true */ 'r', 'a', 'd', 'i', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "radiomodem.dk", true */ 'r', 'a', 'd', 'i', 'o', 'm', 'o', 'd', 'e', 'm', '.', 'd', 'k', '\0',
+  /* "radiomontebianco.it", true */ 'r', 'a', 'd', 'i', 'o', 'm', 'o', 'n', 't', 'e', 'b', 'i', 'a', 'n', 'c', 'o', '.', 'i', 't', '\0',
+  /* "radionicabg.com", true */ 'r', 'a', 'd', 'i', 'o', 'n', 'i', 'c', 'a', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "radiopolarniki.spb.ru", true */ 'r', 'a', 'd', 'i', 'o', 'p', 'o', 'l', 'a', 'r', 'n', 'i', 'k', 'i', '.', 's', 'p', 'b', '.', 'r', 'u', '\0',
+  /* "radiormi.com", true */ 'r', 'a', 'd', 'i', 'o', 'r', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "radis-adopt.com", true */ 'r', 'a', 'd', 'i', 's', '-', 'a', 'd', 'o', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "radondetectionandcontrol.com", true */ 'r', 'a', 'd', 'o', 'n', 'd', 'e', 't', 'e', 'c', 't', 'i', 'o', 'n', 'a', 'n', 'd', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "radreisetraumtreibstoff.de", true */ 'r', 'a', 'd', 'r', 'e', 'i', 's', 'e', 't', 'r', 'a', 'u', 'm', 't', 'r', 'e', 'i', 'b', 's', 't', 'o', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "radtke.bayern", true */ 'r', 'a', 'd', 't', 'k', 'e', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "radyn.com", true */ 'r', 'a', 'd', 'y', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "raeu.me", true */ 'r', 'a', 'e', 'u', '.', 'm', 'e', '\0',
+  /* "raeven.nl", true */ 'r', 'a', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rafaelmagalhaesweb.com", true */ 'r', 'a', 'f', 'a', 'e', 'l', 'm', 'a', 'g', 'a', 'l', 'h', 'a', 'e', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "rafey.xyz", true */ 'r', 'a', 'f', 'e', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "rafting-japan.com", true */ 'r', 'a', 'f', 't', 'i', 'n', 'g', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rage-overload.ch", true */ 'r', 'a', 'g', 'e', '-', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "rage.rip", true */ 'r', 'a', 'g', 'e', '.', 'r', 'i', 'p', '\0',
+  /* "rage4.com", true */ 'r', 'a', 'g', 'e', '4', '.', 'c', 'o', 'm', '\0',
+  /* "raghavdua.in", true */ 'r', 'a', 'g', 'h', 'a', 'v', 'd', 'u', 'a', '.', 'i', 'n', '\0',
+  /* "ragnaroktop.com.br", true */ 'r', 'a', 'g', 'n', 'a', 'r', 'o', 'k', 't', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rahamasin.eu", true */ 'r', 'a', 'h', 'a', 'm', 'a', 's', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "raiffeisen-kosovo.com", true */ 'r', 'a', 'i', 'f', 'f', 'e', 'i', 's', 'e', 'n', '-', 'k', 'o', 's', 'o', 'v', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "railgun.ac", true */ 'r', 'a', 'i', 'l', 'g', 'u', 'n', '.', 'a', 'c', '\0',
+  /* "railgun.com.cn", true */ 'r', 'a', 'i', 'l', 'g', 'u', 'n', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "railjob.cn", true */ 'r', 'a', 'i', 'l', 'j', 'o', 'b', '.', 'c', 'n', '\0',
+  /* "railyardurgentcare.com", true */ 'r', 'a', 'i', 'l', 'y', 'a', 'r', 'd', 'u', 'r', 'g', 'e', 'n', 't', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rainbowbay.org", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "rainbowinflatables.co.uk", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rainbowstore.com.au", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rainbowstore.com.ua", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "rainforest.engineering", true */ 'r', 'a', 'i', 'n', 'f', 'o', 'r', 'e', 's', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "rainpaper.com", true */ 'r', 'a', 'i', 'n', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rainville.me", true */ 'r', 'a', 'i', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "rainway.io", true */ 'r', 'a', 'i', 'n', 'w', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "raiseyourflag.com", true */ 'r', 'a', 'i', 's', 'e', 'y', 'o', 'u', 'r', 'f', 'l', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "raissarobles.com", true */ 'r', 'a', 'i', 's', 's', 'a', 'r', 'o', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "raitza.de", true */ 'r', 'a', 'i', 't', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "rajyogarishikesh.com", true */ 'r', 'a', 'j', 'y', 'o', 'g', 'a', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rak-business-service.com", true */ 'r', 'a', 'k', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rakugokai.net", true */ 'r', 'a', 'k', 'u', 'g', 'o', 'k', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "ralf-huebscher.de", true */ 'r', 'a', 'l', 'f', '-', 'h', 'u', 'e', 'b', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ralfs-zusizone.de", true */ 'r', 'a', 'l', 'f', 's', '-', 'z', 'u', 's', 'i', 'z', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "rally-base.com", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rally-base.cz", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'c', 'z', '\0',
+  /* "rally-base.eu", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'e', 'u', '\0',
+  /* "rally-results.eu", true */ 'r', 'a', 'l', 'l', 'y', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'e', 'u', '\0',
+  /* "rally-vysledky.cz", true */ 'r', 'a', 'l', 'l', 'y', '-', 'v', 'y', 's', 'l', 'e', 'd', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "rallybase.cz", true */ 'r', 'a', 'l', 'l', 'y', 'b', 'a', 's', 'e', '.', 'c', 'z', '\0',
+  /* "rallybase.eu", true */ 'r', 'a', 'l', 'l', 'y', 'b', 'a', 's', 'e', '.', 'e', 'u', '\0',
+  /* "rallycycling.com", true */ 'r', 'a', 'l', 'l', 'y', 'c', 'y', 'c', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ralph.bike", true */ 'r', 'a', 'l', 'p', 'h', '.', 'b', 'i', 'k', 'e', '\0',
+  /* "ralphwoessner.com", true */ 'r', 'a', 'l', 'p', 'h', 'w', 'o', 'e', 's', 's', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ram-it.nl", true */ 'r', 'a', 'm', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "ram.nl", true */ 'r', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "ramatola.uk", true */ 'r', 'a', 'm', 'a', 't', 'o', 'l', 'a', '.', 'u', 'k', '\0',
+  /* "rambii.de", true */ 'r', 'a', 'm', 'b', 'i', 'i', '.', 'd', 'e', '\0',
+  /* "ramblingrf.tech", true */ 'r', 'a', 'm', 'b', 'l', 'i', 'n', 'g', 'r', 'f', '.', 't', 'e', 'c', 'h', '\0',
+  /* "rametrix.com", true */ 'r', 'a', 'm', 'e', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ramov.com", true */ 'r', 'a', 'm', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "ramrecha.com", true */ 'r', 'a', 'm', 'r', 'e', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ramsor-gaming.de", true */ 'r', 'a', 'm', 's', 'o', 'r', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "randc.org", true */ 'r', 'a', 'n', 'd', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "random-samplings.org", true */ 'r', 'a', 'n', 'd', 'o', 'm', '-', 's', 'a', 'm', 'p', 'l', 'i', 'n', 'g', 's', '.', 'o', 'r', 'g', '\0',
+  /* "randomadversary.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'a', 'd', 'v', 'e', 'r', 's', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "randombit.eu", false */ 'r', 'a', 'n', 'd', 'o', 'm', 'b', 'i', 't', '.', 'e', 'u', '\0',
+  /* "randomdysfunctions.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'd', 'y', 's', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "randomkoalafacts.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'k', 'o', 'a', 'l', 'a', 'f', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "randomprecision.co.uk", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'p', 'r', 'e', 'c', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "randomquotesapp.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'q', 'u', 'o', 't', 'e', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "randy.su", true */ 'r', 'a', 'n', 'd', 'y', '.', 's', 'u', '\0',
+  /* "rangde.org", true */ 'r', 'a', 'n', 'g', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ranking-deli.jp", true */ 'r', 'a', 'n', 'k', 'i', 'n', 'g', '-', 'd', 'e', 'l', 'i', '.', 'j', 'p', '\0',
+  /* "ranson.com.au", true */ 'r', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rantanda.com", true */ 'r', 'a', 'n', 't', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ranyeh.com", true */ 'r', 'a', 'n', 'y', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ranzbak.nl", true */ 'r', 'a', 'n', 'z', 'b', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "rapenroer.com", true */ 'r', 'a', 'p', 'e', 'n', 'r', 'o', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rapenroer.nl", true */ 'r', 'a', 'p', 'e', 'n', 'r', 'o', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "raphael.li", true */ 'r', 'a', 'p', 'h', 'a', 'e', 'l', '.', 'l', 'i', '\0',
+  /* "raphaelcasazza.ch", true */ 'r', 'a', 'p', 'h', 'a', 'e', 'l', 'c', 'a', 's', 'a', 'z', 'z', 'a', '.', 'c', 'h', '\0',
+  /* "rapidapp.io", true */ 'r', 'a', 'p', 'i', 'd', 'a', 'p', 'p', '.', 'i', 'o', '\0',
+  /* "rapido.nu", true */ 'r', 'a', 'p', 'i', 'd', 'o', '.', 'n', 'u', '\0',
+  /* "rapidshit.net", true */ 'r', 'a', 'p', 'i', 'd', 's', 'h', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "rapidstone.com", true */ 'r', 'a', 'p', 'i', 'd', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raraflora.com.au", true */ 'r', 'a', 'r', 'a', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rareative.com", true */ 'r', 'a', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raryosu.info", true */ 'r', 'a', 'r', 'y', 'o', 's', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rasagiline.com", true */ 'r', 'a', 's', 'a', 'g', 'i', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rascals-castles.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rascalscastles.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rascalscastlesdoncaster.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', 'd', 'o', 'n', 'c', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rasebo.ro", true */ 'r', 'a', 's', 'e', 'b', 'o', '.', 'r', 'o', '\0',
+  /* "raspass.me", true */ 'r', 'a', 's', 'p', 'a', 's', 's', '.', 'm', 'e', '\0',
+  /* "raspberry.us", true */ 'r', 'a', 's', 'p', 'b', 'e', 'r', 'r', 'y', '.', 'u', 's', '\0',
+  /* "raspberryultradrops.com", true */ 'r', 'a', 's', 'p', 'b', 'e', 'r', 'r', 'y', 'u', 'l', 't', 'r', 'a', 'd', 'r', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rastreie.net", true */ 'r', 'a', 's', 't', 'r', 'e', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rasty.cz", true */ 'r', 'a', 's', 't', 'y', '.', 'c', 'z', '\0',
+  /* "ratd.net", true */ 'r', 'a', 't', 'd', '.', 'n', 'e', 't', '\0',
+  /* "ratebridge.com", true */ 'r', 'a', 't', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rathbonesonline.com", true */ 'r', 'a', 't', 'h', 'b', 'o', 'n', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rathgeb.org", true */ 'r', 'a', 't', 'h', 'g', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "rathorian.fr", true */ 'r', 'a', 't', 'h', 'o', 'r', 'i', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "rationalcreation.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rationalism.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "rationalops.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rattenkot.io", true */ 'r', 'a', 't', 't', 'e', 'n', 'k', 'o', 't', '.', 'i', 'o', '\0',
+  /* "raulrivero.es", true */ 'r', 'a', 'u', 'l', 'r', 'i', 'v', 'e', 'r', 'o', '.', 'e', 's', '\0',
+  /* "raumzeitlabor.de", false */ 'r', 'a', 'u', 'm', 'z', 'e', 'i', 't', 'l', 'a', 'b', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "rauros.net", true */ 'r', 'a', 'u', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "rautermods.net", true */ 'r', 'a', 'u', 't', 'e', 'r', 'm', 'o', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "ravchat.com", true */ 'r', 'a', 'v', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "raven.dog", true */ 'r', 'a', 'v', 'e', 'n', '.', 'd', 'o', 'g', '\0',
+  /* "ravenger.net", true */ 'r', 'a', 'v', 'e', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ravensbuch.de", true */ 'r', 'a', 'v', 'e', 'n', 's', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "ravhaaglanden.org", true */ 'r', 'a', 'v', 'h', 'a', 'a', 'g', 'l', 'a', 'n', 'd', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ravindran.me", true */ 'r', 'a', 'v', 'i', 'n', 'd', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "ravis.org", true */ 'r', 'a', 'v', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "rawsec.net", true */ 'r', 'a', 'w', 's', 'e', 'c', '.', 'n', 'e', 't', '\0',
+  /* "raxion.cf", true */ 'r', 'a', 'x', 'i', 'o', 'n', '.', 'c', 'f', '\0',
+  /* "raxion.tk", true */ 'r', 'a', 'x', 'i', 'o', 'n', '.', 't', 'k', '\0',
+  /* "ray-home.de", true */ 'r', 'a', 'y', '-', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "ray-works.de", true */ 'r', 'a', 'y', '-', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "rayiris.com", true */ 'r', 'a', 'y', 'i', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "raykitchenware.com", true */ 'r', 'a', 'y', 'k', 'i', 't', 'c', 'h', 'e', 'n', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raymcbride.com", true */ 'r', 'a', 'y', 'm', 'c', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raymd.de", true */ 'r', 'a', 'y', 'm', 'd', '.', 'd', 'e', '\0',
+  /* "raymii.org", true */ 'r', 'a', 'y', 'm', 'i', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "raymondelooff.nl", true */ 'r', 'a', 'y', 'm', 'o', 'n', 'd', 'e', 'l', 'o', 'o', 'f', 'f', '.', 'n', 'l', '\0',
+  /* "rayworks.de", true */ 'r', 'a', 'y', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "razberry.kr", true */ 'r', 'a', 'z', 'b', 'e', 'r', 'r', 'y', '.', 'k', 'r', '\0',
+  /* "rb-china.net", true */ 'r', 'b', '-', 'c', 'h', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "rbensch.com", true */ 'r', 'b', 'e', 'n', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rbflote.lv", true */ 'r', 'b', 'f', 'l', 'o', 't', 'e', '.', 'l', 'v', '\0',
+  /* "rbltracker.com", true */ 'r', 'b', 'l', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rbmafrica.co.za", true */ 'r', 'b', 'm', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "rbnet.xyz", true */ 'r', 'b', 'n', 'e', 't', '.', 'x', 'y', 'z', '\0',
+  /* "rbran.com", true */ 'r', 'b', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rbtvshitstorm.is", true */ 'r', 'b', 't', 'v', 's', 'h', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'i', 's', '\0',
+  /* "rburchell.com", true */ 'r', 'b', 'u', 'r', 'c', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rbxcatalog.com", true */ 'r', 'b', 'x', 'c', 'a', 't', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rc-offi.net", true */ 'r', 'c', '-', 'o', 'f', 'f', 'i', '.', 'n', 'e', 't', '\0',
+  /* "rc-shop.ch", true */ 'r', 'c', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "rc7.ch", true */ 'r', 'c', '7', '.', 'c', 'h', '\0',
+  /* "rca.fr", true */ 'r', 'c', 'a', '.', 'f', 'r', '\0',
+  /* "rcdocuments.com", true */ 'r', 'c', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rchrdsn.uk", true */ 'r', 'c', 'h', 'r', 'd', 's', 'n', '.', 'u', 'k', '\0',
+  /* "rclsm.net", true */ 'r', 'c', 'l', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "rcmlinx.com", true */ 'r', 'c', 'm', 'l', 'i', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rcmurphy.com", true */ 'r', 'c', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rcnitrotalk.com", true */ 'r', 'c', 'n', 'i', 't', 'r', 'o', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rcraigmurphy.com", true */ 'r', 'c', 'r', 'a', 'i', 'g', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rcx.io", true */ 'r', 'c', 'x', '.', 'i', 'o', '\0',
+  /* "rdh.asia", true */ 'r', 'd', 'h', '.', 'a', 's', 'i', 'a', '\0',
+  /* "rdl.at", false */ 'r', 'd', 'l', '.', 'a', 't', '\0',
+  /* "rdns.cc", true */ 'r', 'd', 'n', 's', '.', 'c', 'c', '\0',
+  /* "re-curi.com", true */ 'r', 'e', '-', 'c', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "re-wilding.com", true */ 'r', 'e', '-', 'w', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "reachrss.com", true */ 'r', 'e', 'a', 'c', 'h', 'r', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reaconverter.com", true */ 'r', 'e', 'a', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "react-db.com", true */ 'r', 'e', 'a', 'c', 't', '-', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "reactivarte.es", true */ 'r', 'e', 'a', 'c', 't', 'i', 'v', 'a', 'r', 't', 'e', '.', 'e', 's', '\0',
+  /* "read.sc", true */ 'r', 'e', 'a', 'd', '.', 's', 'c', '\0',
+  /* "reades.co.uk", true */ 'r', 'e', 'a', 'd', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "readheadcopywriting.com", true */ 'r', 'e', 'a', 'd', 'h', 'e', 'a', 'd', 'c', 'o', 'p', 'y', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "readingandmath.org", true */ 'r', 'e', 'a', 'd', 'i', 'n', 'g', 'a', 'n', 'd', 'm', 'a', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "readism.io", true */ 'r', 'e', 'a', 'd', 'i', 's', 'm', '.', 'i', 'o', '\0',
+  /* "readonly.de", true */ 'r', 'e', 'a', 'd', 'o', 'n', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "readouble.com", false */ 'r', 'e', 'a', 'd', 'o', 'u', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "readtldr.com", true */ 'r', 'e', 'a', 'd', 't', 'l', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "readysell.net", true */ 'r', 'e', 'a', 'd', 'y', 's', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "readytongue.com", true */ 'r', 'e', 'a', 'd', 'y', 't', 'o', 'n', 'g', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "readytowear.es", true */ 'r', 'e', 'a', 'd', 'y', 't', 'o', 'w', 'e', 'a', 'r', '.', 'e', 's', '\0',
+  /* "reaganlibrary.gov", true */ 'r', 'e', 'a', 'g', 'a', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "real-bits.com", true */ 'r', 'e', 'a', 'l', '-', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "real-digital.co.uk", true */ 'r', 'e', 'a', 'l', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "real-it.nl", true */ 'r', 'e', 'a', 'l', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "realcapoeira.ru", true */ 'r', 'e', 'a', 'l', 'c', 'a', 'p', 'o', 'e', 'i', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "realestateonehowell.com", true */ 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'o', 'n', 'e', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "realestateradioshow.com", true */ 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'r', 'a', 'd', 'i', 'o', 's', 'h', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "realfamilyincest.com", true */ 'r', 'e', 'a', 'l', 'f', 'a', 'm', 'i', 'l', 'y', 'i', 'n', 'c', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "realgarant-shop.de", false */ 'r', 'e', 'a', 'l', 'g', 'a', 'r', 'a', 'n', 't', '-', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "realhorsegirls.net", true */ 'r', 'e', 'a', 'l', 'h', 'o', 'r', 's', 'e', 'g', 'i', 'r', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "realhost.name", true */ 'r', 'e', 'a', 'l', 'h', 'o', 's', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "realitea.co.uk", true */ 'r', 'e', 'a', 'l', 'i', 't', 'e', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "reality.news", true */ 'r', 'e', 'a', 'l', 'i', 't', 'y', '.', 'n', 'e', 'w', 's', '\0',
+  /* "reality0ne.com", false */ 'r', 'e', 'a', 'l', 'i', 't', 'y', '0', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "realitycrazy.com", true */ 'r', 'e', 'a', 'l', 'i', 't', 'y', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "reallifeforums.com", true */ 'r', 'e', 'a', 'l', 'l', 'i', 'f', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "realloc.me", true */ 'r', 'e', 'a', 'l', 'l', 'o', 'c', '.', 'm', 'e', '\0',
+  /* "really-simple-ssl.com", true */ 'r', 'e', 'a', 'l', 'l', 'y', '-', 's', 'i', 'm', 'p', 'l', 'e', '-', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "really.ai", true */ 'r', 'e', 'a', 'l', 'l', 'y', '.', 'a', 'i', '\0',
+  /* "really.io", true */ 'r', 'e', 'a', 'l', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "reallyreally.io", true */ 'r', 'e', 'a', 'l', 'l', 'y', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "realmofespionage.xyz", true */ 'r', 'e', 'a', 'l', 'm', 'o', 'f', 'e', 's', 'p', 'i', 'o', 'n', 'a', 'g', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "realnewhomes.com", true */ 'r', 'e', 'a', 'l', 'n', 'e', 'w', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "realum.com", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "realum.de", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "realum.eu", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "realum.net", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "realwaycome.com", true */ 'r', 'e', 'a', 'l', 'w', 'a', 'y', 'c', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "realwildart.com", true */ 'r', 'e', 'a', 'l', 'w', 'i', 'l', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "realworldholidays.co.uk", true */ 'r', 'e', 'a', 'l', 'w', 'o', 'r', 'l', 'd', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "reancos.report", true */ 'r', 'e', 'a', 'n', 'c', 'o', 's', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "reanimated.eu", true */ 'r', 'e', 'a', 'n', 'i', 'm', 'a', 't', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "reath.me", true */ 'r', 'e', 'a', 't', 'h', '.', 'm', 'e', '\0',
+  /* "reaven.nl", true */ 'r', 'e', 'a', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rebane2001.com", true */ 'r', 'e', 'b', 'a', 'n', 'e', '2', '0', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "rebelessex.com", true */ 'r', 'e', 'b', 'e', 'l', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rebelz.se", true */ 'r', 'e', 'b', 'e', 'l', 'z', '.', 's', 'e', '\0',
+  /* "rebirthia.me", true */ 'r', 'e', 'b', 'i', 'r', 't', 'h', 'i', 'a', '.', 'm', 'e', '\0',
+  /* "reboxetine.com", true */ 'r', 'e', 'b', 'o', 'x', 'e', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reboxonline.com", true */ 'r', 'e', 'b', 'o', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "recantoshop.com", true */ 'r', 'e', 'c', 'a', 'n', 't', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "recantoshop.com.br", true */ 'r', 'e', 'c', 'a', 'n', 't', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "recapp.ch", true */ 'r', 'e', 'c', 'a', 'p', 'p', '.', 'c', 'h', '\0',
+  /* "receitas-de-bolos.pt", true */ 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', '-', 'd', 'e', '-', 'b', 'o', 'l', 'o', 's', '.', 'p', 't', '\0',
+  /* "receitasdebacalhau.pt", true */ 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', 'd', 'e', 'b', 'a', 'c', 'a', 'l', 'h', 'a', 'u', '.', 'p', 't', '\0',
+  /* "receptionsbook.com", true */ 'r', 'e', 'c', 'e', 'p', 't', 'i', 'o', 'n', 's', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "recepty.eu", false */ 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'e', 'u', '\0',
+  /* "recetasdecocinaideal.com", true */ 'r', 'e', 'c', 'e', 't', 'a', 's', 'd', 'e', 'c', 'o', 'c', 'i', 'n', 'a', 'i', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "recetasfacilesdehacer.com", true */ 'r', 'e', 'c', 'e', 't', 'a', 's', 'f', 'a', 'c', 'i', 'l', 'e', 's', 'd', 'e', 'h', 'a', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rechat.com", true */ 'r', 'e', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rechenknaecht.de", true */ 'r', 'e', 'c', 'h', 'e', 'n', 'k', 'n', 'a', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "rechenwerk.net", true */ 'r', 'e', 'c', 'h', 'e', 'n', 'w', 'e', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "recht-freundlich.de", true */ 'r', 'e', 'c', 'h', 't', '-', 'f', 'r', 'e', 'u', 'n', 'd', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "rechtenliteratuurleiden.nl", true */ 'r', 'e', 'c', 'h', 't', 'e', 'n', 'l', 'i', 't', 'e', 'r', 'a', 't', 'u', 'u', 'r', 'l', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rechtsanwaeltin-vollmer.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'a', 'n', 'w', 'a', 'e', 'l', 't', 'i', 'n', '-', 'v', 'o', 'l', 'l', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rechtsanwalt-koeppen-feucht.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'a', 'n', 'w', 'a', 'l', 't', '-', 'k', 'o', 'e', 'p', 'p', 'e', 'n', '-', 'f', 'e', 'u', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "rechtschreibpruefung24.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'p', 'r', 'u', 'e', 'f', 'u', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "reclamebureau-ultrax.nl", true */ 'r', 'e', 'c', 'l', 'a', 'm', 'e', 'b', 'u', 'r', 'e', 'a', 'u', '-', 'u', 'l', 't', 'r', 'a', 'x', '.', 'n', 'l', '\0',
+  /* "reclametoolz.nl", true */ 'r', 'e', 'c', 'l', 'a', 'm', 'e', 't', 'o', 'o', 'l', 'z', '.', 'n', 'l', '\0',
+  /* "reclusiam.net", true */ 'r', 'e', 'c', 'l', 'u', 's', 'i', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "recmon.hu", true */ 'r', 'e', 'c', 'm', 'o', 'n', '.', 'h', 'u', '\0',
+  /* "reco-studio.de", true */ 'r', 'e', 'c', 'o', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "recolic.net", true */ 'r', 'e', 'c', 'o', 'l', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "recommended.reviews", true */ 'r', 'e', 'c', 'o', 'm', 'm', 'e', 'n', 'd', 'e', 'd', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "recompiled.org", true */ 'r', 'e', 'c', 'o', 'm', 'p', 'i', 'l', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "recon-networks.com", true */ 'r', 'e', 'c', 'o', 'n', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "recordeuropa.com", false */ 'r', 'e', 'c', 'o', 'r', 'd', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "recoveringspirit.com", true */ 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "recreation.gov", true */ 'r', 'e', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "recreoviral.com", true */ 'r', 'e', 'c', 'r', 'e', 'o', 'v', 'i', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "recruitmade.jp", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'a', 'd', 'e', '.', 'j', 'p', '\0',
+  /* "recruitsecuritytraining.co.uk", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "recruitsecuritytraining.com", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rectoraudiparts.com", true */ 'r', 'e', 'c', 't', 'o', 'r', 'a', 'u', 'd', 'i', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "recuerdafilms.com", true */ 'r', 'e', 'c', 'u', 'e', 'r', 'd', 'a', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "recurly.com", true */ 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "recyclingpromotions.us", true */ 'r', 'e', 'c', 'y', 'c', 'l', 'i', 'n', 'g', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'u', 's', '\0',
+  /* "red-t-shirt.ru", true */ 'r', 'e', 'd', '-', 't', '-', 's', 'h', 'i', 'r', 't', '.', 'r', 'u', '\0',
+  /* "redable.hosting", true */ 'r', 'e', 'd', 'a', 'b', 'l', 'e', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "redb.cz", true */ 'r', 'e', 'd', 'b', '.', 'c', 'z', '\0',
+  /* "redballoonsecurity.com", true */ 'r', 'e', 'd', 'b', 'a', 'l', 'l', 'o', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "redburn.com", true */ 'r', 'e', 'd', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "redcomet.org", true */ 'r', 'e', 'd', 'c', 'o', 'm', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "redcone.net", true */ 'r', 'e', 'd', 'c', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "redcorus.com", true */ 'r', 'e', 'd', 'c', 'o', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "redd.it", true */ 'r', 'e', 'd', 'd', '.', 'i', 't', '\0',
+  /* "reddingo.at", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'a', 't', '\0',
+  /* "reddingo.be", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'b', 'e', '\0',
+  /* "reddingo.ch", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "reddingo.com", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "reddingo.com.au", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "reddingo.de", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "reddingo.es", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'e', 's', '\0',
+  /* "reddingo.eu", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'e', 'u', '\0',
+  /* "reddingo.fr", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'f', 'r', '\0',
+  /* "reddingo.it", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'i', 't', '\0',
+  /* "reddingo.jp", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'j', 'p', '\0',
+  /* "reddingo.nl", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "reddingo.nz", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'n', 'z', '\0',
+  /* "reddingsbrigade-zwolle.nl", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'b', 'r', 'i', 'g', 'a', 'd', 'e', '-', 'z', 'w', 'o', 'l', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "reddit2kindle.com", true */ 'r', 'e', 'd', 'd', 'i', 't', '2', 'k', 'i', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reddraggone9.com", true */ 'r', 'e', 'd', 'd', 'r', 'a', 'g', 'g', 'o', 'n', 'e', '9', '.', 'c', 'o', 'm', '\0',
+  /* "rede-reim.de", true */ 'r', 'e', 'd', 'e', '-', 'r', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "redeemingbeautyminerals.com", true */ 'r', 'e', 'd', 'e', 'e', 'm', 'i', 'n', 'g', 'b', 'e', 'a', 'u', 't', 'y', 'm', 'i', 'n', 'e', 'r', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "redessantaluzia.com.br", true */ 'r', 'e', 'd', 'e', 's', 's', 'a', 'n', 't', 'a', 'l', 'u', 'z', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "redgatesoftware.co.uk", true */ 'r', 'e', 'd', 'g', 'a', 't', 'e', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "redheeler.com.br", true */ 'r', 'e', 'd', 'h', 'e', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "redigest.it", true */ 'r', 'e', 'd', 'i', 'g', 'e', 's', 't', '.', 'i', 't', '\0',
+  /* "redir.me", true */ 'r', 'e', 'd', 'i', 'r', '.', 'm', 'e', '\0',
+  /* "redirect.fedoraproject.org", true */ 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "redirect.stg.fedoraproject.org", true */ 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "rediske.me", true */ 'r', 'e', 'd', 'i', 's', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "redit.com", true */ 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "redivis.com", true */ 'r', 'e', 'd', 'i', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "redizoo.com", true */ 'r', 'e', 'd', 'i', 'z', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "redletter.link", true */ 'r', 'e', 'd', 'l', 'e', 't', 't', 'e', 'r', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "redlink.de", true */ 'r', 'e', 'd', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "redneragenturen.org", true */ 'r', 'e', 'd', 'n', 'e', 'r', 'a', 'g', 'e', 'n', 't', 'u', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "rednoseday.com", true */ 'r', 'e', 'd', 'n', 'o', 's', 'e', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rednsx.org", true */ 'r', 'e', 'd', 'n', 's', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "redperegrine.com", true */ 'r', 'e', 'd', 'p', 'e', 'r', 'e', 'g', 'r', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "redprice.by", true */ 'r', 'e', 'd', 'p', 'r', 'i', 'c', 'e', '.', 'b', 'y', '\0',
+  /* "redshield.co", true */ 'r', 'e', 'd', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', '\0',
+  /* "redshiftcybersecurity.co.za", true */ 'r', 'e', 'd', 's', 'h', 'i', 'f', 't', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "redshiftlabs.com.au", true */ 'r', 'e', 'd', 's', 'h', 'i', 'f', 't', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "redshoeswalking.net", true */ 'r', 'e', 'd', 's', 'h', 'o', 'e', 's', 'w', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "redsicom.com", true */ 'r', 'e', 'd', 's', 'i', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "redstoner.com", true */ 'r', 'e', 'd', 's', 't', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "redteam-pentesting.de", true */ 'r', 'e', 'd', 't', 'e', 'a', 'm', '-', 'p', 'e', 'n', 't', 'e', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "reducerin.ro", true */ 'r', 'e', 'd', 'u', 'c', 'e', 'r', 'i', 'n', '.', 'r', 'o', '\0',
+  /* "redwoodpaddle.es", true */ 'r', 'e', 'd', 'w', 'o', 'o', 'd', 'p', 'a', 'd', 'd', 'l', 'e', '.', 'e', 's', '\0',
+  /* "redwoodpaddle.pt", true */ 'r', 'e', 'd', 'w', 'o', 'o', 'd', 'p', 'a', 'd', 'd', 'l', 'e', '.', 'p', 't', '\0',
+  /* "redzurl.com", true */ 'r', 'e', 'd', 'z', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "reed-sensor.com", true */ 'r', 'e', 'e', 'd', '-', 's', 'e', 'n', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "reedloden.com", true */ 'r', 'e', 'e', 'd', 'l', 'o', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reepay.com", true */ 'r', 'e', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "reeson.at", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'a', 't', '\0',
+  /* "reeson.de", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "reeson.info", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "reeson.org", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "reevoo.com", true */ 'r', 'e', 'e', 'v', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "reezer.org", true */ 'r', 'e', 'e', 'z', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ref1oct.nl", true */ 'r', 'e', 'f', '1', 'o', 'c', 't', '.', 'n', 'l', '\0',
+  /* "refactor.zone", true */ 'r', 'e', 'f', 'a', 'c', 't', 'o', 'r', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "refficience.com", true */ 'r', 'e', 'f', 'f', 'i', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "refill-roboter.de", true */ 'r', 'e', 'f', 'i', 'l', 'l', '-', 'r', 'o', 'b', 'o', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "reflexions.co", true */ 'r', 'e', 'f', 'l', 'e', 'x', 'i', 'o', 'n', 's', '.', 'c', 'o', '\0',
+  /* "refood-cascaiscpr.eu", true */ 'r', 'e', 'f', 'o', 'o', 'd', '-', 'c', 'a', 's', 'c', 'a', 'i', 's', 'c', 'p', 'r', '.', 'e', 'u', '\0',
+  /* "reforesttheplanet.com", true */ 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', 't', 'h', 'e', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "refreshingserum.com", true */ 'r', 'e', 'f', 'r', 'e', 's', 'h', 'i', 'n', 'g', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "refreshliving.us", true */ 'r', 'e', 'f', 'r', 'e', 's', 'h', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'u', 's', '\0',
+  /* "refundo.cz", true */ 'r', 'e', 'f', 'u', 'n', 'd', 'o', '.', 'c', 'z', '\0',
+  /* "refundo.sk", true */ 'r', 'e', 'f', 'u', 'n', 'd', 'o', '.', 's', 'k', '\0',
+  /* "regain.us", true */ 'r', 'e', 'g', 'a', 'i', 'n', '.', 'u', 's', '\0',
+  /* "regalcapitalwi.com", true */ 'r', 'e', 'g', 'a', 'l', 'c', 'a', 'p', 'i', 't', 'a', 'l', 'w', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "regalosymuestrasgratis.com", true */ 'r', 'e', 'g', 'a', 'l', 'o', 's', 'y', 'm', 'u', 'e', 's', 't', 'r', 'a', 's', 'g', 'r', 'a', 't', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "regalpaintingfdl.com", true */ 'r', 'e', 'g', 'a', 'l', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'f', 'd', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "reganclassics.co.uk", true */ 'r', 'e', 'g', 'a', 'n', 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "reganclassics.com", true */ 'r', 'e', 'g', 'a', 'n', 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reganparty.com", true */ 'r', 'e', 'g', 'a', 'n', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "regar42.fr", false */ 'r', 'e', 'g', 'a', 'r', '4', '2', '.', 'f', 'r', '\0',
+  /* "regily.com", true */ 'r', 'e', 'g', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "regime-maigrir-vite.com", true */ 'r', 'e', 'g', 'i', 'm', 'e', '-', 'm', 'a', 'i', 'g', 'r', 'i', 'r', '-', 'v', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "regiobeveland.nl", true */ 'r', 'e', 'g', 'i', 'o', 'b', 'e', 'v', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "regionalbasementandcrawlspacerepair.com", true */ 'r', 'e', 'g', 'i', 'o', 'n', 'a', 'l', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'a', 'n', 'd', 'c', 'r', 'a', 'w', 'l', 's', 'p', 'a', 'c', 'e', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "regionalcoalition.org", true */ 'r', 'e', 'g', 'i', 'o', 'n', 'a', 'l', 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "regiosalland.nl", true */ 'r', 'e', 'g', 'i', 'o', 's', 'a', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "regiovertrieb.de", false */ 'r', 'e', 'g', 'i', 'o', 'v', 'e', 'r', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "register.gov.uk", true */ 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "registerforevent.co.uk", true */ 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'f', 'o', 'r', 'e', 'v', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "registrar.io", true */ 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "regmyr.se", true */ 'r', 'e', 'g', 'm', 'y', 'r', '.', 's', 'e', '\0',
+  /* "regnix.net", true */ 'r', 'e', 'g', 'n', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "regnr.info", true */ 'r', 'e', 'g', 'n', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "regolithmedia.com", true */ 'r', 'e', 'g', 'o', 'l', 'i', 't', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "regraph.de", true */ 'r', 'e', 'g', 'r', 'a', 'p', 'h', '.', 'd', 'e', '\0',
+  /* "regsec.com", true */ 'r', 'e', 'g', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "regulations.gov", true */ 'r', 'e', 'g', 'u', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'g', 'o', 'v', '\0',
+  /* "reha-honpo.jp", true */ 'r', 'e', 'h', 'a', '-', 'h', 'o', 'n', 'p', 'o', '.', 'j', 'p', '\0',
+  /* "rehabili-shigoto.com", true */ 'r', 'e', 'h', 'a', 'b', 'i', 'l', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rehabphilippines.com", true */ 'r', 'e', 'h', 'a', 'b', 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rehabthailand.com", true */ 'r', 'e', 'h', 'a', 'b', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rehabthailand.org", true */ 'r', 'e', 'h', 'a', 'b', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "rei.ki", true */ 'r', 'e', 'i', '.', 'k', 'i', '\0',
+  /* "reichel-steinmetz.de", true */ 'r', 'e', 'i', 'c', 'h', 'e', 'l', '-', 's', 't', 'e', 'i', 'n', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "reichelt-cloud.de", true */ 'r', 'e', 'i', 'c', 'h', 'e', 'l', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "reichl-online.net", true */ 'r', 'e', 'i', 'c', 'h', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "reidasbombas.com", true */ 'r', 'e', 'i', 'd', 'a', 's', 'b', 'o', 'm', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reiki-coaching.nl", false */ 'r', 'e', 'i', 'k', 'i', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "reilly.io", true */ 'r', 'e', 'i', 'l', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "reimaginebelonging.de", true */ 'r', 'e', 'i', 'm', 'a', 'g', 'i', 'n', 'e', 'b', 'e', 'l', 'o', 'n', 'g', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "reimann.me", true */ 'r', 'e', 'i', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0',
+  /* "reimers.de", true */ 'r', 'e', 'i', 'm', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "reimu.ink", false */ 'r', 'e', 'i', 'm', 'u', '.', 'i', 'n', 'k', '\0',
+  /* "rein.kr", true */ 'r', 'e', 'i', 'n', '.', 'k', 'r', '\0',
+  /* "reinaertvandecruys.me", false */ 'r', 'e', 'i', 'n', 'a', 'e', 'r', 't', 'v', 'a', 'n', 'd', 'e', 'c', 'r', 'u', 'y', 's', '.', 'm', 'e', '\0',
+  /* "reinaldudras.ee", true */ 'r', 'e', 'i', 'n', 'a', 'l', 'd', 'u', 'd', 'r', 'a', 's', '.', 'e', 'e', '\0',
+  /* "reinaldudrasfamily.ee", true */ 'r', 'e', 'i', 'n', 'a', 'l', 'd', 'u', 'd', 'r', 'a', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'e', 'e', '\0',
+  /* "reineberthe.ch", true */ 'r', 'e', 'i', 'n', 'e', 'b', 'e', 'r', 't', 'h', 'e', '.', 'c', 'h', '\0',
+  /* "reinencaressa.be", true */ 'r', 'e', 'i', 'n', 'e', 'n', 'c', 'a', 'r', 'e', 's', 's', 'a', '.', 'b', 'e', '\0',
+  /* "reinfer.io", true */ 'r', 'e', 'i', 'n', 'f', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "reinhard.codes", true */ 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "reinhardtsgrimma.de", true */ 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', 't', 's', 'g', 'r', 'i', 'm', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "reinierjonker.nl", true */ 'r', 'e', 'i', 'n', 'i', 'e', 'r', 'j', 'o', 'n', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "reinoldus.ddns.net", true */ 'r', 'e', 'i', 'n', 'o', 'l', 'd', 'u', 's', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "reinout.nu", true */ 'r', 'e', 'i', 'n', 'o', 'u', 't', '.', 'n', 'u', '\0',
+  /* "reinouthoornweg.nl", true */ 'r', 'e', 'i', 'n', 'o', 'u', 't', 'h', 'o', 'o', 'r', 'n', 'w', 'e', 'g', '.', 'n', 'l', '\0',
+  /* "reisekosten-gorilla.com", true */ 'r', 'e', 'i', 's', 'e', 'k', 'o', 's', 't', 'e', 'n', '-', 'g', 'o', 'r', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "reishunger.de", true */ 'r', 'e', 'i', 's', 'h', 'u', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rejahrehim.com", true */ 'r', 'e', 'j', 'a', 'h', 'r', 'e', 'h', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "rejushiiplotter.ru", true */ 'r', 'e', 'j', 'u', 's', 'h', 'i', 'i', 'p', 'l', 'o', 't', 't', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "rekorsanat.com.tr", true */ 'r', 'e', 'k', 'o', 'r', 's', 'a', 'n', 'a', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "relates.link", true */ 'r', 'e', 'l', 'a', 't', 'e', 's', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "relatethesport.com", false */ 'r', 'e', 'l', 'a', 't', 'e', 't', 'h', 'e', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "relatic.net", true */ 'r', 'e', 'l', 'a', 't', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "relax.hn", true */ 'r', 'e', 'l', 'a', 'x', '.', 'h', 'n', '\0',
+  /* "relaxdom.net", true */ 'r', 'e', 'l', 'a', 'x', 'd', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "relaxhavefun.com", true */ 'r', 'e', 'l', 'a', 'x', 'h', 'a', 'v', 'e', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "relaxpointhyncice.cz", true */ 'r', 'e', 'l', 'a', 'x', 'p', 'o', 'i', 'n', 't', 'h', 'y', 'n', 'c', 'i', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "relaybox.io", true */ 'r', 'e', 'l', 'a', 'y', 'b', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "release-monitoring.org", true */ 'r', 'e', 'l', 'e', 'a', 's', 'e', '-', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "reliancebank.bank", true */ 'r', 'e', 'l', 'i', 'a', 'n', 'c', 'e', 'b', 'a', 'n', 'k', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "religiousforums.com", true */ 'r', 'e', 'l', 'i', 'g', 'i', 'o', 'u', 's', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "relsak.cz", true */ 'r', 'e', 'l', 's', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "rem0te.net", true */ 'r', 'e', 'm', '0', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "remambo.jp", true */ 'r', 'e', 'm', 'a', 'm', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "remedioparaherpes.com", true */ 'r', 'e', 'm', 'e', 'd', 'i', 'o', 'p', 'a', 'r', 'a', 'h', 'e', 'r', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "remedioscaserosparalacistitis.com", true */ 'r', 'e', 'm', 'e', 'd', 'i', 'o', 's', 'c', 'a', 's', 'e', 'r', 'o', 's', 'p', 'a', 'r', 'a', 'l', 'a', 'c', 'i', 's', 't', 'i', 't', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "remedyrehab.com", true */ 'r', 'e', 'm', 'e', 'd', 'y', 'r', 'e', 'h', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "remejeanne.com", true */ 'r', 'e', 'm', 'e', 'j', 'e', 'a', 'n', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rememberthemilk.com", false */ 'r', 'e', 'm', 'e', 'm', 'b', 'e', 'r', 't', 'h', 'e', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "remodelwithlegacy.com", true */ 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'w', 'i', 't', 'h', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "remonti.info", true */ 'r', 'e', 'm', 'o', 'n', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "remote.so", true */ 'r', 'e', 'm', 'o', 't', 'e', '.', 's', 'o', '\0',
+  /* "remoteutilities.com", true */ 'r', 'e', 'm', 'o', 't', 'e', 'u', 't', 'i', 'l', 'i', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "removedrepo.com", true */ 'r', 'e', 'm', 'o', 'v', 'e', 'd', 'r', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "renascentia.asia", true */ 'r', 'e', 'n', 'a', 's', 'c', 'e', 'n', 't', 'i', 'a', '.', 'a', 's', 'i', 'a', '\0',
+  /* "renaultclubticino.ch", true */ 'r', 'e', 'n', 'a', 'u', 'l', 't', 'c', 'l', 'u', 'b', 't', 'i', 'c', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "renderloop.com", true */ 'r', 'e', 'n', 'd', 'e', 'r', 'l', 'o', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rene-schwarz.com", true */ 'r', 'e', 'n', 'e', '-', 's', 'c', 'h', 'w', 'a', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "rene-stolp.de", true */ 'r', 'e', 'n', 'e', '-', 's', 't', 'o', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "renearends.nl", true */ 'r', 'e', 'n', 'e', 'a', 'r', 'e', 'n', 'd', 's', '.', 'n', 'l', '\0',
+  /* "reneleu.ch", true */ 'r', 'e', 'n', 'e', 'l', 'e', 'u', '.', 'c', 'h', '\0',
+  /* "renem.net", false */ 'r', 'e', 'n', 'e', 'm', '.', 'n', 'e', 't', '\0',
+  /* "renerehelse.no", false */ 'r', 'e', 'n', 'e', 'r', 'e', 'h', 'e', 'l', 's', 'e', '.', 'n', 'o', '\0',
+  /* "reneschmidt.de", true */ 'r', 'e', 'n', 'e', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'd', 'e', '\0',
+  /* "renewablefreedom.org", true */ 'r', 'e', 'n', 'e', 'w', 'a', 'b', 'l', 'e', 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "renezuo.com", true */ 'r', 'e', 'n', 'e', 'z', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "renkenlaw.com", true */ 'r', 'e', 'n', 'k', 'e', 'n', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "renlen.nl", true */ 'r', 'e', 'n', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rennfire.org", true */ 'r', 'e', 'n', 'n', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "renov8sa.co.za", true */ 'r', 'e', 'n', 'o', 'v', '8', 's', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "renrenche.com", false */ 'r', 'e', 'n', 'r', 'e', 'n', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rens.nu", true */ 'r', 'e', 'n', 's', '.', 'n', 'u', '\0',
+  /* "rent-a-coder.de", true */ 'r', 'e', 'n', 't', '-', 'a', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rentacaramerica.com", true */ 'r', 'e', 'n', 't', 'a', 'c', 'a', 'r', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "rentasweb.gob.ar", true */ 'r', 'e', 'n', 't', 'a', 's', 'w', 'e', 'b', '.', 'g', 'o', 'b', '.', 'a', 'r', '\0',
+  /* "rentinsingapore.com.sg", true */ 'r', 'e', 'n', 't', 'i', 'n', 's', 'i', 'n', 'g', 'a', 'p', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "rentourhomeinprovence.com", true */ 'r', 'e', 'n', 't', 'o', 'u', 'r', 'h', 'o', 'm', 'e', 'i', 'n', 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "renuo.ch", false */ 'r', 'e', 'n', 'u', 'o', '.', 'c', 'h', '\0',
+  /* "reorz.com", true */ 'r', 'e', 'o', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "reox.at", false */ 'r', 'e', 'o', 'x', '.', 'a', 't', '\0',
+  /* "repaik.com", true */ 'r', 'e', 'p', 'a', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "repair.by", true */ 'r', 'e', 'p', 'a', 'i', 'r', '.', 'b', 'y', '\0',
+  /* "repaper.org", true */ 'r', 'e', 'p', 'a', 'p', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "repaxan.com", true */ 'r', 'e', 'p', 'a', 'x', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "repex.co.il", true */ 'r', 'e', 'p', 'e', 'x', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "replaceits.me", true */ 'r', 'e', 'p', 'l', 'a', 'c', 'e', 'i', 't', 's', '.', 'm', 'e', '\0',
+  /* "replicagunsswords.com", false */ 'r', 'e', 'p', 'l', 'i', 'c', 'a', 'g', 'u', 'n', 's', 's', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "replicaswiss.nl", true */ 'r', 'e', 'p', 'l', 'i', 'c', 'a', 's', 'w', 'i', 's', 's', '.', 'n', 'l', '\0',
+  /* "report-uri.com", true */ 'r', 'e', 'p', 'o', 'r', 't', '-', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "reporting.gov", false */ 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "reporturi.com", true */ 'r', 'e', 'p', 'o', 'r', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "reporturi.io", true */ 'r', 'e', 'p', 'o', 'r', 't', 'u', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "reposaarenkuva.fi", true */ 'r', 'e', 'p', 'o', 's', 'a', 'a', 'r', 'e', 'n', 'k', 'u', 'v', 'a', '.', 'f', 'i', '\0',
+  /* "reproduciblescience.org", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 'i', 'b', 'l', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "reproductive-revolution.com", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', '-', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reproductiverevolution.com", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reprogramming-predators.com", true */ 'r', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '-', 'p', 'r', 'e', 'd', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reprogrammingpredators.com", true */ 'r', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', 'p', 'r', 'e', 'd', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reprozip.org", true */ 'r', 'e', 'p', 'r', 'o', 'z', 'i', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "repsomelt.com", true */ 'r', 'e', 'p', 's', 'o', 'm', 'e', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "reptrax.com", true */ 'r', 'e', 'p', 't', 'r', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "republic.gr", true */ 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'g', 'r', '\0',
+  /* "republique.org", true */ 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'q', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "repugnant-conclusion.com", true */ 'r', 'e', 'p', 'u', 'g', 'n', 'a', 'n', 't', '-', 'c', 'o', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "repugnantconclusion.com", true */ 'r', 'e', 'p', 'u', 'g', 'n', 'a', 'n', 't', 'c', 'o', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "repustate.com", true */ 'r', 'e', 'p', 'u', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reputationweaver.com", true */ 'r', 'e', 'p', 'u', 't', 'a', 't', 'i', 'o', 'n', 'w', 'e', 'a', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "reqrut.net", true */ 'r', 'e', 'q', 'r', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "request-trent.com", true */ 'r', 'e', 'q', 'u', 'e', 's', 't', '-', 't', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "requestr.co.uk", true */ 'r', 'e', 'q', 'u', 'e', 's', 't', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "resama.eu", true */ 'r', 'e', 's', 'a', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "resc.la", true */ 'r', 'e', 's', 'c', '.', 'l', 'a', '\0',
+  /* "rescms-secure.com", true */ 'r', 'e', 's', 'c', 'm', 's', '-', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "research.facebook.com", false */ 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "researchgate.net", true */ 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'g', 'a', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "reseausyndic.ca", true */ 'r', 'e', 's', 'e', 'a', 'u', 's', 'y', 'n', 'd', 'i', 'c', '.', 'c', 'a', '\0',
+  /* "reservar-un-hotel.com", true */ 'r', 'e', 's', 'e', 'r', 'v', 'a', 'r', '-', 'u', 'n', '-', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "residence-simoncelli.com", true */ 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '-', 's', 'i', 'm', 'o', 'n', 'c', 'e', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "resist.ca", true */ 'r', 'e', 's', 'i', 's', 't', '.', 'c', 'a', '\0',
+  /* "resolvefa.co.uk", true */ 'r', 'e', 's', 'o', 'l', 'v', 'e', 'f', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "resolvefa.com", true */ 'r', 'e', 's', 'o', 'l', 'v', 'e', 'f', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "resoplus.ch", true */ 'r', 'e', 's', 'o', 'p', 'l', 'u', 's', '.', 'c', 'h', '\0',
+  /* "resortohshima.com", true */ 'r', 'e', 's', 'o', 'r', 't', 'o', 'h', 's', 'h', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "resoundpro.ca", true */ 'r', 'e', 's', 'o', 'u', 'n', 'd', 'p', 'r', 'o', '.', 'c', 'a', '\0',
+  /* "resourceconnect.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "resourceguruapp.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 'g', 'u', 'r', 'u', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "resources.flowfinity.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'f', 'l', 'o', 'w', 'f', 'i', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "respectmyprivacy.eu", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'e', 'u', '\0',
+  /* "respectmyprivacy.net", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'n', 'e', 't', '\0',
+  /* "respectmyprivacy.nl", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'n', 'l', '\0',
+  /* "respon.jp", true */ 'r', 'e', 's', 'p', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "responer.com", true */ 'r', 'e', 's', 'p', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "responsibledisclosure.nl", false */ 'r', 'e', 's', 'p', 'o', 'n', 's', 'i', 'b', 'l', 'e', 'd', 'i', 's', 'c', 'l', 'o', 's', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "respostas.com.br", true */ 'r', 'e', 's', 'p', 'o', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "restaurant-mangal.ch", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "restaurant-oregano.de", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'o', 'r', 'e', 'g', 'a', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "restaurant-rosengarten.at", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'r', 'o', 's', 'e', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "restaurantesimonetti.com.br", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 'e', 's', 'i', 'm', 'o', 'n', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "restaurantmangal.ch", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "restauranttester.at", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 't', 'e', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "rester-a-domicile.ch", true */ 'r', 'e', 's', 't', 'e', 'r', '-', 'a', '-', 'd', 'o', 'm', 'i', 'c', 'i', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "rester-autonome-chez-soi.ch", true */ 'r', 'e', 's', 't', 'e', 'r', '-', 'a', 'u', 't', 'o', 'n', 'o', 'm', 'e', '-', 'c', 'h', 'e', 'z', '-', 's', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "restioson.me", true */ 'r', 'e', 's', 't', 'i', 'o', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "restoran-radovce.me", true */ 'r', 'e', 's', 't', 'o', 'r', 'a', 'n', '-', 'r', 'a', 'd', 'o', 'v', 'c', 'e', '.', 'm', 'e', '\0',
+  /* "restoreresearchstudy.com", true */ 'r', 'e', 's', 't', 'o', 'r', 'e', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "restoruns.com", true */ 'r', 'e', 's', 't', 'o', 'r', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "restoruns.xyz", true */ 'r', 'e', 's', 't', 'o', 'r', 'u', 'n', 's', '.', 'x', 'y', 'z', '\0',
+  /* "restrealitaet.de", false */ 'r', 'e', 's', 't', 'r', 'e', 'a', 'l', 'i', 't', 'a', 'e', 't', '.', 'd', 'e', '\0',
+  /* "restrito.org", true */ 'r', 'e', 's', 't', 'r', 'i', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "resursedigitale.ro", true */ 'r', 'e', 's', 'u', 'r', 's', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'r', 'o', '\0',
+  /* "retcor.net", true */ 'r', 'e', 't', 'c', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "retetenoi.net", true */ 'r', 'e', 't', 'e', 't', 'e', 'n', 'o', 'i', '.', 'n', 'e', 't', '\0',
+  /* "reto.ch", true */ 'r', 'e', 't', 'o', '.', 'c', 'h', '\0',
+  /* "reto.com", true */ 'r', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "reto.io", true */ 'r', 'e', 't', 'o', '.', 'i', 'o', '\0',
+  /* "retogroup.com", true */ 'r', 'e', 't', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "retokromer.ch", true */ 'r', 'e', 't', 'o', 'k', 'r', 'o', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "retro.rocks", true */ 'r', 'e', 't', 'r', 'o', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "retro.sx", true */ 'r', 'e', 't', 'r', 'o', '.', 's', 'x', '\0',
+  /* "retrofitlab.com", true */ 'r', 'e', 't', 'r', 'o', 'f', 'i', 't', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "retroity.net", true */ 'r', 'e', 't', 'r', 'o', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "retropage.co", true */ 'r', 'e', 't', 'r', 'o', 'p', 'a', 'g', 'e', '.', 'c', 'o', '\0',
+  /* "retroroundup.com", true */ 'r', 'e', 't', 'r', 'o', 'r', 'o', 'u', 'n', 'd', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "retrotracks.net", true */ 'r', 'e', 't', 'r', 'o', 't', 'r', 'a', 'c', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "retrowave.eu", true */ 'r', 'e', 't', 'r', 'o', 'w', 'a', 'v', 'e', '.', 'e', 'u', '\0',
+  /* "rets.org.br", true */ 'r', 'e', 't', 's', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "reucon.com", false */ 'r', 'e', 'u', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reulitz.de", true */ 'r', 'e', 'u', 'l', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "reussirsavie.info", true */ 'r', 'e', 'u', 's', 's', 'i', 'r', 's', 'a', 'v', 'i', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "reuter-profishop.de", true */ 'r', 'e', 'u', 't', 'e', 'r', '-', 'p', 'r', 'o', 'f', 'i', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "reuter-shop.com", true */ 'r', 'e', 'u', 't', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "reuter.de", true */ 'r', 'e', 'u', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "revamed.com", false */ 'r', 'e', 'v', 'a', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "revapost.fr", true */ 'r', 'e', 'v', 'a', 'p', 'o', 's', 't', '.', 'f', 'r', '\0',
+  /* "revayd.net", true */ 'r', 'e', 'v', 'a', 'y', 'd', '.', 'n', 'e', 't', '\0',
+  /* "revensoftware.com", true */ 'r', 'e', 'v', 'e', 'n', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reverencestudios.com", true */ 'r', 'e', 'v', 'e', 'r', 'e', 'n', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reverse.design", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "reverseaustralia.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "reversecanada.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "reverseloansolutions.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'l', 'o', 'a', 'n', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reversesouthafrica.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "review.jp", true */ 'r', 'e', 'v', 'i', 'e', 'w', '.', 'j', 'p', '\0',
+  /* "revisionnotes.xyz", true */ 'r', 'e', 'v', 'i', 's', 'i', 'o', 'n', 'n', 'o', 't', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "revistapequenosolhares.com.br", true */ 'r', 'e', 'v', 'i', 's', 't', 'a', 'p', 'e', 'q', 'u', 'e', 'n', 'o', 's', 'o', 'l', 'h', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "revivalinhisword.com", true */ 'r', 'e', 'v', 'i', 'v', 'a', 'l', 'i', 'n', 'h', 'i', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "revivingtheredeemed.org", true */ 'r', 'e', 'v', 'i', 'v', 'i', 'n', 'g', 't', 'h', 'e', 'r', 'e', 'd', 'e', 'e', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "revlect.com", true */ 'r', 'e', 'v', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "revolt.tv", true */ 'r', 'e', 'v', 'o', 'l', 't', '.', 't', 'v', '\0',
+  /* "revthefox.co.uk", true */ 'r', 'e', 'v', 't', 'h', 'e', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rewardingexcellence.com", true */ 'r', 'e', 'w', 'a', 'r', 'd', 'i', 'n', 'g', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rewrite3.com", true */ 'r', 'e', 'w', 'r', 'i', 't', 'e', '3', '.', 'c', 'o', 'm', '\0',
+  /* "rex.st", true */ 'r', 'e', 'x', '.', 's', 't', '\0',
+  /* "rex.tc", true */ 'r', 'e', 'x', '.', 't', 'c', '\0',
+  /* "rezexpert.com", true */ 'r', 'e', 'z', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rezosup.net", true */ 'r', 'e', 'z', 'o', 's', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "rezosup.org", true */ 'r', 'e', 'z', 'o', 's', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "rezultant.ru", true */ 'r', 'e', 'z', 'u', 'l', 't', 'a', 'n', 't', '.', 'r', 'u', '\0',
+  /* "rezun.cloud", true */ 'r', 'e', 'z', 'u', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "rf.tn", true */ 'r', 'f', '.', 't', 'n', '\0',
+  /* "rfeif.org", true */ 'r', 'f', 'e', 'i', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "rgavmf.ru", true */ 'r', 'g', 'a', 'v', 'm', 'f', '.', 'r', 'u', '\0',
+  /* "rgbinnovation.com", true */ 'r', 'g', 'b', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rgcomportement.fr", true */ 'r', 'g', 'c', 'o', 'm', 'p', 'o', 'r', 't', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "rgservers.com", true */ 'r', 'g', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rhees.nl", true */ 'r', 'h', 'e', 'e', 's', '.', 'n', 'l', '\0',
+  /* "rhein-liebe.de", true */ 'r', 'h', 'e', 'i', 'n', '-', 'l', 'i', 'e', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "rheinneckarmetal.com", true */ 'r', 'h', 'e', 'i', 'n', 'n', 'e', 'c', 'k', 'a', 'r', 'm', 'e', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rheocube.com", true */ 'r', 'h', 'e', 'o', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rhese.net", true */ 'r', 'h', 'e', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rhetthenckel.com", true */ 'r', 'h', 'e', 't', 't', 'h', 'e', 'n', 'c', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rheuma-online.de", true */ 'r', 'h', 'e', 'u', 'm', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "rhinelander.ca", true */ 'r', 'h', 'i', 'n', 'e', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "rhinoceroses.org", true */ 'r', 'h', 'i', 'n', 'o', 'c', 'e', 'r', 'o', 's', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "rhiskiapril.com", true */ 'r', 'h', 'i', 's', 'k', 'i', 'a', 'p', 'r', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rhnet.at", true */ 'r', 'h', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "rhodenmanorcattery.co.uk", true */ 'r', 'h', 'o', 'd', 'e', 'n', 'm', 'a', 'n', 'o', 'r', 'c', 'a', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rhodes.ml", true */ 'r', 'h', 'o', 'd', 'e', 's', '.', 'm', 'l', '\0',
+  /* "rhodesianridgeback.com.br", true */ 'r', 'h', 'o', 'd', 'e', 's', 'i', 'a', 'n', 'r', 'i', 'd', 'g', 'e', 'b', 'a', 'c', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rhodri.io", true */ 'r', 'h', 'o', 'd', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "rhymeswithmogul.com", true */ 'r', 'h', 'y', 'm', 'e', 's', 'w', 'i', 't', 'h', 'm', 'o', 'g', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rhymix.org", true */ 'r', 'h', 'y', 'm', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "rhynl.io", true */ 'r', 'h', 'y', 'n', 'l', '.', 'i', 'o', '\0',
+  /* "rial.space", true */ 'r', 'i', 'a', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "ribs.com", true */ 'r', 'i', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ricardo.nu", true */ 'r', 'i', 'c', 'a', 'r', 'd', 'o', '.', 'n', 'u', '\0',
+  /* "ricardobalk.nl", true */ 'r', 'i', 'c', 'a', 'r', 'd', 'o', 'b', 'a', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "ricaud.me", true */ 'r', 'i', 'c', 'a', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "riccy.org", true */ 'r', 'i', 'c', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "riceadvice.info", true */ 'r', 'i', 'c', 'e', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "richardb.me", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'b', '.', 'm', 'e', '\0',
+  /* "richardcrosby.co.uk", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'c', 'r', 'o', 's', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "richardhering.de", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "richardjgreen.net", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'j', 'g', 'r', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "richardlangworth.com", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'l', 'a', 'n', 'g', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "richardlugten.nl", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "richardrblocker.net", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'r', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "richardson.engineering", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "richardson.pictures", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0',
+  /* "richardson.software", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "richardson.systems", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "richardwarrender.com", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'w', 'a', 'r', 'r', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "richie.link", true */ 'r', 'i', 'c', 'h', 'i', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "richonrails.com", true */ 'r', 'i', 'c', 'h', 'o', 'n', 'r', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ricketyspace.net", true */ 'r', 'i', 'c', 'k', 'e', 't', 'y', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ricki-z.com", true */ 'r', 'i', 'c', 'k', 'i', '-', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "rickmartensen.nl", true */ 'r', 'i', 'c', 'k', 'm', 'a', 'r', 't', 'e', 'n', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "ricknox.com", true */ 'r', 'i', 'c', 'k', 'n', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rickrongen.nl", true */ 'r', 'i', 'c', 'k', 'r', 'o', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rickscastles.co.uk", true */ 'r', 'i', 'c', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rickweijers.nl", true */ 'r', 'i', 'c', 'k', 'w', 'e', 'i', 'j', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "rickyromero.com", true */ 'r', 'i', 'c', 'k', 'y', 'r', 'o', 'm', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rico-brase.de", false */ 'r', 'i', 'c', 'o', '-', 'b', 'r', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "rico.ovh", true */ 'r', 'i', 'c', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "ricochet.im", true */ 'r', 'i', 'c', 'o', 'c', 'h', 'e', 't', '.', 'i', 'm', '\0',
+  /* "ricozienke.de", true */ 'r', 'i', 'c', 'o', 'z', 'i', 'e', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "riddims.co", true */ 'r', 'i', 'd', 'd', 'i', 'm', 's', '.', 'c', 'o', '\0',
+  /* "ride-up.com", true */ 'r', 'i', 'd', 'e', '-', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ridingboutique.de", true */ 'r', 'i', 'd', 'i', 'n', 'g', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'd', 'e', '\0',
+  /* "ridingoklahoma.com", true */ 'r', 'i', 'd', 'i', 'n', 'g', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "rienasemettre.fr", true */ 'r', 'i', 'e', 'n', 'a', 's', 'e', 'm', 'e', 't', 't', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "riesenmagnete.de", true */ 'r', 'i', 'e', 's', 'e', 'n', 'm', 'a', 'g', 'n', 'e', 't', 'e', '.', 'd', 'e', '\0',
+  /* "riesenweber.id.au", true */ 'r', 'i', 'e', 's', 'e', 'n', 'w', 'e', 'b', 'e', 'r', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "riesheating.com", true */ 'r', 'i', 'e', 's', 'h', 'e', 'a', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rievo.net", true */ 'r', 'i', 'e', 'v', 'o', '.', 'n', 'e', 't', '\0',
+  /* "riffreporter.de", true */ 'r', 'i', 'f', 'f', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rift.pictures", true */ 'r', 'i', 'f', 't', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0',
+  /* "rigabeerbike.com", true */ 'r', 'i', 'g', 'a', 'b', 'e', 'e', 'r', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rigabeerbike.lv", true */ 'r', 'i', 'g', 'a', 'b', 'e', 'e', 'r', 'b', 'i', 'k', 'e', '.', 'l', 'v', '\0',
+  /* "rigart-michael.be", true */ 'r', 'i', 'g', 'a', 'r', 't', '-', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "rigartmichael.be", true */ 'r', 'i', 'g', 'a', 'r', 't', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "righettod.eu", true */ 'r', 'i', 'g', 'h', 'e', 't', 't', 'o', 'd', '.', 'e', 'u', '\0',
+  /* "righini.ch", true */ 'r', 'i', 'g', 'h', 'i', 'n', 'i', '.', 'c', 'h', '\0',
+  /* "rightbrain.training", true */ 'r', 'i', 'g', 'h', 't', 'b', 'r', 'a', 'i', 'n', '.', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '\0',
+  /* "rightcapital.com", true */ 'r', 'i', 'g', 'h', 't', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "righteousendeavour.com", true */ 'r', 'i', 'g', 'h', 't', 'e', 'o', 'u', 's', 'e', 'n', 'd', 'e', 'a', 'v', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rightstuff.link", true */ 'r', 'i', 'g', 'h', 't', 's', 't', 'u', 'f', 'f', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "righttobuy.gov.uk", true */ 'r', 'i', 'g', 'h', 't', 't', 'o', 'b', 'u', 'y', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "rijk-catering.nl", false */ 'r', 'i', 'j', 'k', '-', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "rijschoolgevonden.nl", false */ 'r', 'i', 'j', 's', 'c', 'h', 'o', 'o', 'l', 'g', 'e', 'v', 'o', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rijsinkunst.nl", true */ 'r', 'i', 'j', 's', 'i', 'n', 'k', 'u', 'n', 's', 't', '.', 'n', 'l', '\0',
+  /* "rile5.com", true */ 'r', 'i', 'l', 'e', '5', '.', 'c', 'o', 'm', '\0',
+  /* "rileyevans.co.uk", true */ 'r', 'i', 'l', 'e', 'y', 'e', 'v', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rimax.vn", true */ 'r', 'i', 'm', 'a', 'x', '.', 'v', 'n', '\0',
+  /* "rimcountrymuseum.org", true */ 'r', 'i', 'm', 'c', 'o', 'u', 'n', 't', 'r', 'y', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "rimeto.io", true */ 'r', 'i', 'm', 'e', 't', 'o', '.', 'i', 'o', '\0',
+  /* "rimo.site", true */ 'r', 'i', 'm', 'o', '.', 's', 'i', 't', 'e', '\0',
+  /* "ringingliberty.com", true */ 'r', 'i', 'n', 'g', 'i', 'n', 'g', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rinj.se", true */ 'r', 'i', 'n', 'j', '.', 's', 'e', '\0',
+  /* "rinvex.com", true */ 'r', 'i', 'n', 'v', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rio-weimar.de", true */ 'r', 'i', 'o', '-', 'w', 'e', 'i', 'm', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "rioshop.com.br", true */ 'r', 'i', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rip-sport.cz", true */ 'r', 'i', 'p', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0',
+  /* "ripmixmake.org", true */ 'r', 'i', 'p', 'm', 'i', 'x', 'm', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ripple.com", true */ 'r', 'i', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ris.fi", true */ 'r', 'i', 's', '.', 'f', 'i', '\0',
+  /* "risada.nl", true */ 'r', 'i', 's', 'a', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "risaphuketproperty.com", true */ 'r', 'i', 's', 'a', 'p', 'h', 'u', 'k', 'e', 't', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "riscascape.net", true */ 'r', 'i', 's', 'c', 'a', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rischard.org", true */ 'r', 'i', 's', 'c', 'h', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "rise-technologies.com", true */ 'r', 'i', 's', 'e', '-', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "riseup.net", true */ 'r', 'i', 's', 'e', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "rishikeshyoga.in", true */ 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', 'y', 'o', 'g', 'a', '.', 'i', 'n', '\0',
+  /* "risiinfo.com", true */ 'r', 'i', 's', 'i', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "risingsun.red", true */ 'r', 'i', 's', 'i', 'n', 'g', 's', 'u', 'n', '.', 'r', 'e', 'd', '\0',
+  /* "riskmitigation.ch", true */ 'r', 'i', 's', 'k', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "risparmiare.info", true */ 'r', 'i', 's', 'p', 'a', 'r', 'm', 'i', 'a', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rissato.com.br", true */ 'r', 'i', 's', 's', 'a', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ristioja.ee", true */ 'r', 'i', 's', 't', 'i', 'o', 'j', 'a', '.', 'e', 'e', '\0',
+  /* "ristoarea.it", true */ 'r', 'i', 's', 't', 'o', 'a', 'r', 'e', 'a', '.', 'i', 't', '\0',
+  /* "ristorantefattoamano.eu", true */ 'r', 'i', 's', 't', 'o', 'r', 'a', 'n', 't', 'e', 'f', 'a', 't', 't', 'o', 'a', 'm', 'a', 'n', 'o', '.', 'e', 'u', '\0',
+  /* "ristorantefattoamano.it", true */ 'r', 'i', 's', 't', 'o', 'r', 'a', 'n', 't', 'e', 'f', 'a', 't', 't', 'o', 'a', 'm', 'a', 'n', 'o', '.', 'i', 't', '\0',
+  /* "rittau.biz", true */ 'r', 'i', 't', 't', 'a', 'u', '.', 'b', 'i', 'z', '\0',
+  /* "rittau.org", true */ 'r', 'i', 't', 't', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ritzlux.com.tw", true */ 'r', 'i', 't', 'z', 'l', 'u', 'x', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "rivaforum.de", true */ 'r', 'i', 'v', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "rivagecare.it", true */ 'r', 'i', 'v', 'a', 'g', 'e', 'c', 'a', 'r', 'e', '.', 'i', 't', '\0',
+  /* "rivalsa.cn", true */ 'r', 'i', 'v', 'a', 'l', 's', 'a', '.', 'c', 'n', '\0',
+  /* "rivastation.de", true */ 'r', 'i', 'v', 'a', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "riverbanktearooms.co.uk", true */ 'r', 'i', 'v', 'e', 'r', 'b', 'a', 'n', 'k', 't', 'e', 'a', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "riverford.co.uk", true */ 'r', 'i', 'v', 'e', 'r', 'f', 'o', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rivermendhealthcenters.com", true */ 'r', 'i', 'v', 'e', 'r', 'm', 'e', 'n', 'd', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'e', 'n', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rivermist.com.au", true */ 'r', 'i', 'v', 'e', 'r', 'm', 'i', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "riversideauto.net", true */ 'r', 'i', 'v', 'e', 'r', 's', 'i', 'd', 'e', 'a', 'u', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "riversideradio.nl", true */ 'r', 'i', 'v', 'e', 'r', 's', 'i', 'd', 'e', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "riverstyxgame.com", true */ 'r', 'i', 'v', 'e', 'r', 's', 't', 'y', 'x', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "riverweb.gr", true */ 'r', 'i', 'v', 'e', 'r', 'w', 'e', 'b', '.', 'g', 'r', '\0',
+  /* "rivierasaints.ch", true */ 'r', 'i', 'v', 'i', 'e', 'r', 'a', 's', 'a', 'i', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "rivy.org", true */ 'r', 'i', 'v', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "rix.ninja", true */ 'r', 'i', 'x', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "rixter.com", true */ 'r', 'i', 'x', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "riyono.com", true */ 'r', 'i', 'y', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rizospastis.gr", true */ 'r', 'i', 'z', 'o', 's', 'p', 'a', 's', 't', 'i', 's', '.', 'g', 'r', '\0',
+  /* "rj-onderneemt.nl", true */ 'r', 'j', '-', 'o', 'n', 'd', 'e', 'r', 'n', 'e', 'e', 'm', 't', '.', 'n', 'l', '\0',
+  /* "rjnutrition.consulting", true */ 'r', 'j', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "rkc-hygrotherm.de", true */ 'r', 'k', 'c', '-', 'h', 'y', 'g', 'r', 'o', 't', 'h', 'e', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "rlalique.com", true */ 'r', 'l', 'a', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rld.org", true */ 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "rlds.ch", true */ 'r', 'l', 'd', 's', '.', 'c', 'h', '\0',
+  /* "rleh.de", true */ 'r', 'l', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "rlove.org", true */ 'r', 'l', 'o', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "rlsnet.ru", false */ 'r', 'l', 's', 'n', 'e', 't', '.', 'r', 'u', '\0',
+  /* "rm-it.de", true */ 'r', 'm', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "rmb.li", true */ 'r', 'm', 'b', '.', 'l', 'i', '\0',
+  /* "rmcbs.de", true */ 'r', 'm', 'c', 'b', 's', '.', 'd', 'e', '\0',
+  /* "rmdlingerie.com.br", true */ 'r', 'm', 'd', 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rmf.io", true */ 'r', 'm', 'f', '.', 'i', 'o', '\0',
+  /* "rmit.me", true */ 'r', 'm', 'i', 't', '.', 'm', 'e', '\0',
+  /* "rmk.si", true */ 'r', 'm', 'k', '.', 's', 'i', '\0',
+  /* "rmmanfredi.com", true */ 'r', 'm', 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rmpsolution.de", true */ 'r', 'm', 'p', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "rmrig.org", true */ 'r', 'm', 'r', 'i', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "rms.sexy", true */ 'r', 'm', 's', '.', 's', 'e', 'x', 'y', '\0',
+  /* "rmsides.com", true */ 'r', 'm', 's', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rmstudio.tw", true */ 'r', 'm', 's', 't', 'u', 'd', 'i', 'o', '.', 't', 'w', '\0',
+  /* "rmsupply.nl", true */ 'r', 'm', 's', 'u', 'p', 'p', 'l', 'y', '.', 'n', 'l', '\0',
+  /* "rnag.ie", true */ 'r', 'n', 'a', 'g', '.', 'i', 'e', '\0',
+  /* "rnb-storenbau.ch", true */ 'r', 'n', 'b', '-', 's', 't', 'o', 'r', 'e', 'n', 'b', 'a', 'u', '.', 'c', 'h', '\0',
+  /* "rngmeme.com", true */ 'r', 'n', 'g', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rnt.cl", true */ 'r', 'n', 't', '.', 'c', 'l', '\0',
+  /* "ro.search.yahoo.com", false */ 'r', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "roadguard.nl", true */ 'r', 'o', 'a', 'd', 'g', 'u', 'a', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "roadtopgm.com", true */ 'r', 'o', 'a', 'd', 't', 'o', 'p', 'g', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "roave.com", true */ 'r', 'o', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rob.uk.com", true */ 'r', 'o', 'b', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rob006.net", true */ 'r', 'o', 'b', '0', '0', '6', '.', 'n', 'e', 't', '\0',
+  /* "robandjanine.com", true */ 'r', 'o', 'b', 'a', 'n', 'd', 'j', 'a', 'n', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "robbertt.com", true */ 'r', 'o', 'b', 'b', 'e', 'r', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "robert-flynn.de", true */ 'r', 'o', 'b', 'e', 'r', 't', '-', 'f', 'l', 'y', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "robertabittle.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'a', 'b', 'i', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "robertattfield.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'a', 't', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "robertg.me", true */ 'r', 'o', 'b', 'e', 'r', 't', 'g', '.', 'm', 'e', '\0',
+  /* "robertglastra.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'g', 'l', 'a', 's', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "roberthurlbut.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'h', 'u', 'r', 'l', 'b', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "robertkrueger.de", true */ 'r', 'o', 'b', 'e', 'r', 't', 'k', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "robertlysik.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'l', 'y', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "roberto-webhosting.nl", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', '-', 'w', 'e', 'b', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "robertoentringer.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', 'e', 'n', 't', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "robertof.ovh", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', 'f', '.', 'o', 'v', 'h', '\0',
+  /* "robertreiser.photography", true */ 'r', 'o', 'b', 'e', 'r', 't', 'r', 'e', 'i', 's', 'e', 'r', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "robertrijnders.nl", true */ 'r', 'o', 'b', 'e', 'r', 't', 'r', 'i', 'j', 'n', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "robertsmits.be", true */ 'r', 'o', 'b', 'e', 'r', 't', 's', 'm', 'i', 't', 's', '.', 'b', 'e', '\0',
+  /* "robhorstmanshof.nl", true */ 'r', 'o', 'b', 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "robin-novotny.com", true */ 'r', 'o', 'b', 'i', 'n', '-', 'n', 'o', 'v', 'o', 't', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "robin.co.kr", true */ 'r', 'o', 'b', 'i', 'n', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "robin.info", true */ 'r', 'o', 'b', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "robinadr.com", true */ 'r', 'o', 'b', 'i', 'n', 'a', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "robinevandenbos.nl", true */ 'r', 'o', 'b', 'i', 'n', 'e', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "robinflikkema.nl", true */ 'r', 'o', 'b', 'i', 'n', 'f', 'l', 'i', 'k', 'k', 'e', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "robinhoodbingo.com", true */ 'r', 'o', 'b', 'i', 'n', 'h', 'o', 'o', 'd', 'b', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "robinlinden.eu", true */ 'r', 'o', 'b', 'i', 'n', 'l', 'i', 'n', 'd', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "robinsonstrategy.com", true */ 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "robinsonyu.com", true */ 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "robinvdmarkt.nl", true */ 'r', 'o', 'b', 'i', 'n', 'v', 'd', 'm', 'a', 'r', 'k', 't', '.', 'n', 'l', '\0',
+  /* "robinwinslow.uk", true */ 'r', 'o', 'b', 'i', 'n', 'w', 'i', 'n', 's', 'l', 'o', 'w', '.', 'u', 'k', '\0',
+  /* "robjager-fotografie.nl", true */ 'r', 'o', 'b', 'j', 'a', 'g', 'e', 'r', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "robocop.no", true */ 'r', 'o', 'b', 'o', 'c', 'o', 'p', '.', 'n', 'o', '\0',
+  /* "robodeidentidad.gov", true */ 'r', 'o', 'b', 'o', 'd', 'e', 'i', 'd', 'e', 'n', 't', 'i', 'd', 'a', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "robohash.org", true */ 'r', 'o', 'b', 'o', 'h', 'a', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "robot.car", true */ 'r', 'o', 'b', 'o', 't', '.', 'c', 'a', 'r', '\0',
+  /* "robotattack.org", true */ 'r', 'o', 'b', 'o', 't', 'a', 't', 't', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "robotham.org", true */ 'r', 'o', 'b', 'o', 't', 'h', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "robototes.com", true */ 'r', 'o', 'b', 'o', 't', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "robots-ju.ch", true */ 'r', 'o', 'b', 'o', 't', 's', '-', 'j', 'u', '.', 'c', 'h', '\0',
+  /* "robpol86.com", true */ 'r', 'o', 'b', 'p', 'o', 'l', '8', '6', '.', 'c', 'o', 'm', '\0',
+  /* "robspc.repair", true */ 'r', 'o', 'b', 's', 'p', 'c', '.', 'r', 'e', 'p', 'a', 'i', 'r', '\0',
+  /* "robspeed.rocks", true */ 'r', 'o', 'b', 's', 'p', 'e', 'e', 'd', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "robu.in", true */ 'r', 'o', 'b', 'u', '.', 'i', 'n', '\0',
+  /* "robud.info", true */ 'r', 'o', 'b', 'u', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rocka.me", true */ 'r', 'o', 'c', 'k', 'a', '.', 'm', 'e', '\0',
+  /* "rockagogo.com", true */ 'r', 'o', 'c', 'k', 'a', 'g', 'o', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rockbankland.com.au", true */ 'r', 'o', 'c', 'k', 'b', 'a', 'n', 'k', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rockcanyonbank.com", true */ 'r', 'o', 'c', 'k', 'c', 'a', 'n', 'y', 'o', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rockcellar.ch", true */ 'r', 'o', 'c', 'k', 'c', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "rockenfuerlachenhelfen.de", true */ 'r', 'o', 'c', 'k', 'e', 'n', 'f', 'u', 'e', 'r', 'l', 'a', 'c', 'h', 'e', 'n', 'h', 'e', 'l', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rocketr.net", true */ 'r', 'o', 'c', 'k', 'e', 't', 'r', '.', 'n', 'e', 't', '\0',
+  /* "rockfax.com", true */ 'r', 'o', 'c', 'k', 'f', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rockhounds.co.za", true */ 'r', 'o', 'c', 'k', 'h', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "rockinronniescastles.co.uk", true */ 'r', 'o', 'c', 'k', 'i', 'n', 'r', 'o', 'n', 'n', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rockitinflatables.co.uk", true */ 'r', 'o', 'c', 'k', 'i', 't', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rockpesado.com.br", true */ 'r', 'o', 'c', 'k', 'p', 'e', 's', 'a', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rockthebabybump.com", true */ 'r', 'o', 'c', 'k', 't', 'h', 'e', 'b', 'a', 'b', 'y', 'b', 'u', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rockuse.com.br", true */ 'r', 'o', 'c', 'k', 'u', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rockymountainspice.com", true */ 'r', 'o', 'c', 'k', 'y', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 's', 'p', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rocssti.net", true */ 'r', 'o', 'c', 's', 's', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "rodeobull.biz", true */ 'r', 'o', 'd', 'e', 'o', 'b', 'u', 'l', 'l', '.', 'b', 'i', 'z', '\0',
+  /* "rodeohire.com", true */ 'r', 'o', 'd', 'e', 'o', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rodeosales.co.uk", true */ 'r', 'o', 'd', 'e', 'o', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rodevlaggen.nl", true */ 'r', 'o', 'd', 'e', 'v', 'l', 'a', 'g', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rodichi.net", true */ 'r', 'o', 'd', 'i', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "rodolfo.gs", true */ 'r', 'o', 'd', 'o', 'l', 'f', 'o', '.', 'g', 's', '\0',
+  /* "rodomonte.org", true */ 'r', 'o', 'd', 'o', 'm', 'o', 'n', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "rodrigocarvalho.blog.br", true */ 'r', 'o', 'd', 'r', 'i', 'g', 'o', 'c', 'a', 'r', 'v', 'a', 'l', 'h', 'o', '.', 'b', 'l', 'o', 'g', '.', 'b', 'r', '\0',
+  /* "rodzina-kupiec.eu.org", true */ 'r', 'o', 'd', 'z', 'i', 'n', 'a', '-', 'k', 'u', 'p', 'i', 'e', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "roeckx.be", true */ 'r', 'o', 'e', 'c', 'k', 'x', '.', 'b', 'e', '\0',
+  /* "roeitijd.nl", true */ 'r', 'o', 'e', 'i', 't', 'i', 'j', 'd', '.', 'n', 'l', '\0',
+  /* "roeldevries.me", true */ 'r', 'o', 'e', 'l', 'd', 'e', 'v', 'r', 'i', 'e', 's', '.', 'm', 'e', '\0',
+  /* "roelf.org", true */ 'r', 'o', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "roelhollander.eu", true */ 'r', 'o', 'e', 'l', 'h', 'o', 'l', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "roelof.io", true */ 'r', 'o', 'e', 'l', 'o', 'f', '.', 'i', 'o', '\0',
+  /* "roelsworld.eu", true */ 'r', 'o', 'e', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'e', 'u', '\0',
+  /* "roemhild.de", true */ 'r', 'o', 'e', 'm', 'h', 'i', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "roerstaafjes.nl", true */ 'r', 'o', 'e', 'r', 's', 't', 'a', 'a', 'f', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "roessner-network-solutions.com", false */ 'r', 'o', 'e', 's', 's', 'n', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "roffe.nu", true */ 'r', 'o', 'f', 'f', 'e', '.', 'n', 'u', '\0',
+  /* "rofl.com.ua", true */ 'r', 'o', 'f', 'l', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "roflcopter.fr", true */ 'r', 'o', 'f', 'l', 'c', 'o', 'p', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "rogagym.com", true */ 'r', 'o', 'g', 'a', 'g', 'y', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "rogeiro.net", true */ 'r', 'o', 'g', 'e', 'i', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "roger101.com", true */ 'r', 'o', 'g', 'e', 'r', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "rogerdat.ovh", true */ 'r', 'o', 'g', 'e', 'r', 'd', 'a', 't', '.', 'o', 'v', 'h', '\0',
+  /* "rogerhub.com", true */ 'r', 'o', 'g', 'e', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "rogerriendeau.ca", true */ 'r', 'o', 'g', 'e', 'r', 'r', 'i', 'e', 'n', 'd', 'e', 'a', 'u', '.', 'c', 'a', '\0',
+  /* "rogersaam.ch", true */ 'r', 'o', 'g', 'e', 'r', 's', 'a', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "rogersremovals.co.uk", true */ 'r', 'o', 'g', 'e', 'r', 's', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rogersvilleumc.org", true */ 'r', 'o', 'g', 'e', 'r', 's', 'v', 'i', 'l', 'l', 'e', 'u', 'm', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "rognhaugen.no", true */ 'r', 'o', 'g', 'n', 'h', 'a', 'u', 'g', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "rogue-e.xyz", true */ 'r', 'o', 'g', 'u', 'e', '-', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "roguefinancial.com", true */ 'r', 'o', 'g', 'u', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "roguefortgame.com", true */ 'r', 'o', 'g', 'u', 'e', 'f', 'o', 'r', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "roguesignal.net", true */ 'r', 'o', 'g', 'u', 'e', 's', 'i', 'g', 'n', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "roguetechhub.org", true */ 'r', 'o', 'g', 'u', 'e', 't', 'e', 'c', 'h', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "rohedaten.de", true */ 'r', 'o', 'h', 'e', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rohitagr.com", true */ 'r', 'o', 'h', 'i', 't', 'a', 'g', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rointe.online", true */ 'r', 'o', 'i', 'n', 't', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "roiscroll.com", true */ 'r', 'o', 'i', 's', 'c', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rokki.ch", true */ 'r', 'o', 'k', 'k', 'i', '.', 'c', 'h', '\0',
+  /* "rokort.dk", true */ 'r', 'o', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "rokudenashi.de", true */ 'r', 'o', 'k', 'u', 'd', 'e', 'n', 'a', 's', 'h', 'i', '.', 'd', 'e', '\0',
+  /* "roland.io", true */ 'r', 'o', 'l', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "rolandkolodziej.com", true */ 'r', 'o', 'l', 'a', 'n', 'd', 'k', 'o', 'l', 'o', 'd', 'z', 'i', 'e', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "rolandreed.cn", true */ 'r', 'o', 'l', 'a', 'n', 'd', 'r', 'e', 'e', 'd', '.', 'c', 'n', '\0',
+  /* "rolandszabo.com", true */ 'r', 'o', 'l', 'a', 'n', 'd', 's', 'z', 'a', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rolliwelt.de", true */ 'r', 'o', 'l', 'l', 'i', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "rolodato.com", true */ 'r', 'o', 'l', 'o', 'd', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "roma-servizi.it", true */ 'r', 'o', 'm', 'a', '-', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0',
+  /* "romab.com", true */ 'r', 'o', 'm', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "roman-pavlik.cz", true */ 'r', 'o', 'm', 'a', 'n', '-', 'p', 'a', 'v', 'l', 'i', 'k', '.', 'c', 'z', '\0',
+  /* "romande-entretien.ch", true */ 'r', 'o', 'm', 'a', 'n', 'd', 'e', '-', 'e', 'n', 't', 'r', 'e', 't', 'i', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "romanpavlodar.kz", true */ 'r', 'o', 'm', 'a', 'n', 'p', 'a', 'v', 'l', 'o', 'd', 'a', 'r', '.', 'k', 'z', '\0',
+  /* "romantelychko.com", true */ 'r', 'o', 'm', 'a', 'n', 't', 'e', 'l', 'y', 'c', 'h', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "romantic-quotes.co.uk", true */ 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "romanticschemermovie.com", true */ 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', 's', 'c', 'h', 'e', 'm', 'e', 'r', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "romarin.es", true */ 'r', 'o', 'm', 'a', 'r', 'i', 'n', '.', 'e', 's', '\0',
+  /* "rome.dating", true */ 'r', 'o', 'm', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "rommelwood.de", true */ 'r', 'o', 'm', 'm', 'e', 'l', 'w', 'o', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "rondommen.nl", true */ 'r', 'o', 'n', 'd', 'o', 'm', 'm', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rondouin.fr", true */ 'r', 'o', 'n', 'd', 'o', 'u', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "rondreis-planner.nl", true */ 'r', 'o', 'n', 'd', 'r', 'e', 'i', 's', '-', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "roninf.ch", true */ 'r', 'o', 'n', 'i', 'n', 'f', '.', 'c', 'h', '\0',
+  /* "ronomon.com", true */ 'r', 'o', 'n', 'o', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "roo.ie", true */ 'r', 'o', 'o', '.', 'i', 'e', '\0',
+  /* "roofingomaha.com", true */ 'r', 'o', 'o', 'f', 'i', 'n', 'g', 'o', 'm', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "roofsandbasements.com", true */ 'r', 'o', 'o', 'f', 's', 'a', 'n', 'd', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rool.me", true */ 'r', 'o', 'o', 'l', '.', 'm', 'e', '\0',
+  /* "room208.org", true */ 'r', 'o', 'o', 'm', '2', '0', '8', '.', 'o', 'r', 'g', '\0',
+  /* "room2d.com", true */ 'r', 'o', 'o', 'm', '2', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "room3b.eu", true */ 'r', 'o', 'o', 'm', '3', 'b', '.', 'e', 'u', '\0',
+  /* "roombase.nl", true */ 'r', 'o', 'o', 'm', 'b', 'a', 's', 'e', '.', 'n', 'l', '\0',
+  /* "roomhub.jp", true */ 'r', 'o', 'o', 'm', 'h', 'u', 'b', '.', 'j', 'p', '\0',
+  /* "roomongo.com", true */ 'r', 'o', 'o', 'm', 'o', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rooneytours.nl", true */ 'r', 'o', 'o', 'n', 'e', 'y', 't', 'o', 'u', 'r', 's', '.', 'n', 'l', '\0',
+  /* "roosabels.nl", false */ 'r', 'o', 'o', 's', 'a', 'b', 'e', 'l', 's', '.', 'n', 'l', '\0',
+  /* "roosteroriginals.com", true */ 'r', 'o', 'o', 's', 't', 'e', 'r', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "roosterpgplus.nl", true */ 'r', 'o', 'o', 's', 't', 'e', 'r', 'p', 'g', 'p', 'l', 'u', 's', '.', 'n', 'l', '\0',
+  /* "root.bg", true */ 'r', 'o', 'o', 't', '.', 'b', 'g', '\0',
+  /* "root.eu.org", true */ 'r', 'o', 'o', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "rootcamp.net", true */ 'r', 'o', 'o', 't', 'c', 'a', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "rootcommand.com", true */ 'r', 'o', 'o', 't', 'c', 'o', 'm', 'm', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rootear.com", true */ 'r', 'o', 'o', 't', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rootedlifemontessori.com", true */ 'r', 'o', 'o', 't', 'e', 'd', 'l', 'i', 'f', 'e', 'm', 'o', 'n', 't', 'e', 's', 's', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rootlair.com", true */ 'r', 'o', 'o', 't', 'l', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rootrelativity.com", true */ 'r', 'o', 'o', 't', 'r', 'e', 'l', 'a', 't', 'i', 'v', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "roots-example-project.com", true */ 'r', 'o', 'o', 't', 's', '-', 'e', 'x', 'a', 'm', 'p', 'l', 'e', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "roots.io", true */ 'r', 'o', 'o', 't', 's', '.', 'i', 'o', '\0',
+  /* "rootsandrain.com", true */ 'r', 'o', 'o', 't', 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rootsbar.fr", true */ 'r', 'o', 'o', 't', 's', 'b', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "rootscope.co.uk", true */ 'r', 'o', 'o', 't', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rootswitch.com", true */ 'r', 'o', 'o', 't', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rootusers.com", true */ 'r', 'o', 'o', 't', 'u', 's', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "roryneville.com", true */ 'r', 'o', 'r', 'y', 'n', 'e', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rosabellas.co.uk", true */ 'r', 'o', 's', 'a', 'b', 'e', 'l', 'l', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rosbass.ru", true */ 'r', 'o', 's', 'b', 'a', 's', 's', '.', 'r', 'u', '\0',
+  /* "rose-prism.org", true */ 'r', 'o', 's', 'e', '-', 'p', 'r', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "rosehosting.reviews", true */ 'r', 'o', 's', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "roseitsolutions.co.uk", true */ 'r', 'o', 's', 'e', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "roseitsolutions.uk", true */ 'r', 'o', 's', 'e', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'u', 'k', '\0',
+  /* "roseliere.ch", true */ 'r', 'o', 's', 'e', 'l', 'i', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "roseliere.com", true */ 'r', 'o', 's', 'e', 'l', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "roseluna.com", true */ 'r', 'o', 's', 'e', 'l', 'u', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "rosemariefloydballet.com", true */ 'r', 'o', 's', 'e', 'm', 'a', 'r', 'i', 'e', 'f', 'l', 'o', 'y', 'd', 'b', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rosenheimsingles.de", true */ 'r', 'o', 's', 'e', 'n', 'h', 'e', 'i', 'm', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0',
+  /* "rosenkeller.org", true */ 'r', 'o', 's', 'e', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "roseofyork.com", true */ 'r', 'o', 's', 'e', 'o', 'f', 'y', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "roseofyorkbooking.com", true */ 'r', 'o', 's', 'e', 'o', 'f', 'y', 'o', 'r', 'k', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rosesciences.com", true */ 'r', 'o', 's', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rosevillefacialplasticsurgery.com", true */ 'r', 'o', 's', 'e', 'v', 'i', 'l', 'l', 'e', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rosewoodranch.com", true */ 'r', 'o', 's', 'e', 'w', 'o', 'o', 'd', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rosi-royal.com", true */ 'r', 'o', 's', 'i', '-', 'r', 'o', 'y', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "roslynpad.net", true */ 'r', 'o', 's', 'l', 'y', 'n', 'p', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "rosset.me", true */ 'r', 'o', 's', 's', 'e', 't', '.', 'm', 'e', '\0',
+  /* "rosset.net", true */ 'r', 'o', 's', 's', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "rossiworld.com", true */ 'r', 'o', 's', 's', 'i', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rosslug.org.uk", true */ 'r', 'o', 's', 's', 'l', 'u', 'g', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "rot47.net", true */ 'r', 'o', 't', '4', '7', '.', 'n', 'e', 't', '\0',
+  /* "roten.email", true */ 'r', 'o', 't', 'e', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "rothkranz.net", true */ 'r', 'o', 't', 'h', 'k', 'r', 'a', 'n', 'z', '.', 'n', 'e', 't', '\0',
+  /* "rothnater.ch", true */ 'r', 'o', 't', 'h', 'n', 'a', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "rotol.me", true */ 'r', 'o', 't', 'o', 'l', '.', 'm', 'e', '\0',
+  /* "rottweil-hilft.de", true */ 'r', 'o', 't', 't', 'w', 'e', 'i', 'l', '-', 'h', 'i', 'l', 'f', 't', '.', 'd', 'e', '\0',
+  /* "rotunneling.net", true */ 'r', 'o', 't', 'u', 'n', 'n', 'e', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "rotzonline.com", true */ 'r', 'o', 't', 'z', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rougechocolat.fr", true */ 'r', 'o', 'u', 'g', 'e', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', '.', 'f', 'r', '\0',
+  /* "roughgrain.com", true */ 'r', 'o', 'u', 'g', 'h', 'g', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "roulinfo.ch", true */ 'r', 'o', 'u', 'l', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "roulons-autrement.com", true */ 'r', 'o', 'u', 'l', 'o', 'n', 's', '-', 'a', 'u', 't', 'r', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rounda.it", true */ 'r', 'o', 'u', 'n', 'd', 'a', '.', 'i', 't', '\0',
+  /* "roundcube.mayfirst.org", false */ 'r', 'o', 'u', 'n', 'd', 'c', 'u', 'b', 'e', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "roussos.cc", true */ 'r', 'o', 'u', 's', 's', 'o', 's', '.', 'c', 'c', '\0',
+  /* "rout0r.org", true */ 'r', 'o', 'u', 't', '0', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "routeragency.com", true */ 'r', 'o', 'u', 't', 'e', 'r', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "routerclub.ru", true */ 'r', 'o', 'u', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'r', 'u', '\0',
+  /* "routetracker.co", true */ 'r', 'o', 'u', 't', 'e', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "rove3d.com", true */ 'r', 'o', 'v', 'e', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rowancasting.ie", true */ 'r', 'o', 'w', 'a', 'n', 'c', 'a', 's', 't', 'i', 'n', 'g', '.', 'i', 'e', '\0',
+  /* "rowankaag.nl", true */ 'r', 'o', 'w', 'a', 'n', 'k', 'a', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "rowlog.com", true */ 'r', 'o', 'w', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rows.io", true */ 'r', 'o', 'w', 's', '.', 'i', 'o', '\0',
+  /* "roxiesbouncycastlehire.co.uk", true */ 'r', 'o', 'x', 'i', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "roxtri.cz", true */ 'r', 'o', 'x', 't', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "royal-mangal.ch", true */ 'r', 'o', 'y', 'a', 'l', '-', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "royal-rangers.de", true */ 'r', 'o', 'y', 'a', 'l', '-', 'r', 'a', 'n', 'g', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "royalacademy.org.uk", true */ 'r', 'o', 'y', 'a', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "royalbluewa3.cc", true */ 'r', 'o', 'y', 'a', 'l', 'b', 'l', 'u', 'e', 'w', 'a', '3', '.', 'c', 'c', '\0',
+  /* "royalcitytaxi.ca", true */ 'r', 'o', 'y', 'a', 'l', 'c', 'i', 't', 'y', 't', 'a', 'x', 'i', '.', 'c', 'a', '\0',
+  /* "royalcitytaxi.com", true */ 'r', 'o', 'y', 'a', 'l', 'c', 'i', 't', 'y', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "royalmarinesassociation.org.uk", true */ 'r', 'o', 'y', 'a', 'l', 'm', 'a', 'r', 'i', 'n', 'e', 's', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "royalnissanparts.com", true */ 'r', 'o', 'y', 'a', 'l', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "royalpalacenogent.fr", true */ 'r', 'o', 'y', 'a', 'l', 'p', 'a', 'l', 'a', 'c', 'e', 'n', 'o', 'g', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "royalrangers.fi", true */ 'r', 'o', 'y', 'a', 'l', 'r', 'a', 'n', 'g', 'e', 'r', 's', '.', 'f', 'i', '\0',
+  /* "royalty-market.com", true */ 'r', 'o', 'y', 'a', 'l', 't', 'y', '-', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "royalvisiongroup.com", true */ 'r', 'o', 'y', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rozhodce.cz", true */ 'r', 'o', 'z', 'h', 'o', 'd', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "rpadovani.com", true */ 'r', 'p', 'a', 'd', 'o', 'v', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rpgmaker.es", true */ 'r', 'p', 'g', 'm', 'a', 'k', 'e', 'r', '.', 'e', 's', '\0',
+  /* "rpherbig.com", true */ 'r', 'p', 'h', 'e', 'r', 'b', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rpine.net", true */ 'r', 'p', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rpy.xyz", true */ 'r', 'p', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "rq-labo.jp", true */ 'r', 'q', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "rr105.de", true */ 'r', 'r', '1', '0', '5', '.', 'd', 'e', '\0',
+  /* "rraesthetics.com", true */ 'r', 'r', 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rrdesignsuisse.com", true */ 'r', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 'u', 'i', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rrg-partner.ch", true */ 'r', 'r', 'g', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "rring.me", true */ 'r', 'r', 'i', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "rro.rs", true */ 'r', 'r', 'o', '.', 'r', 's', '\0',
+  /* "rrom.me", true */ 'r', 'r', 'o', 'm', '.', 'm', 'e', '\0',
+  /* "rrudnik.com", true */ 'r', 'r', 'u', 'd', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rrwolfe.com", true */ 'r', 'r', 'w', 'o', 'l', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rsap.ca", true */ 'r', 's', 'a', 'p', '.', 'c', 'a', '\0',
+  /* "rsauget.fr", true */ 'r', 's', 'a', 'u', 'g', 'e', 't', '.', 'f', 'r', '\0',
+  /* "rsgcard.com", true */ 'r', 's', 'g', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rsi.im", false */ 'r', 's', 'i', '.', 'i', 'm', '\0',
+  /* "rsingermd.com", true */ 'r', 's', 'i', 'n', 'g', 'e', 'r', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rskuipers.com", true */ 'r', 's', 'k', 'u', 'i', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rsl.gd", true */ 'r', 's', 'l', '.', 'g', 'd', '\0',
+  /* "rsm-intern.de", true */ 'r', 's', 'm', '-', 'i', 'n', 't', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "rsm-liga.de", true */ 'r', 's', 'm', '-', 'l', 'i', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "rss.sh", false */ 'r', 's', 's', '.', 's', 'h', '\0',
+  /* "rssr.se", true */ 'r', 's', 's', 'r', '.', 's', 'e', '\0',
+  /* "rstraining.co.uk", true */ 'r', 's', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rstsecuritygroup.co.uk", true */ 'r', 's', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rsttraining.co.uk", true */ 'r', 's', 't', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rsvaachen.de", true */ 'r', 's', 'v', 'a', 'a', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rsync.eu", false */ 'r', 's', 'y', 'n', 'c', '.', 'e', 'u', '\0',
+  /* "rtate.ca", true */ 'r', 't', 'a', 't', 'e', '.', 'c', 'a', '\0',
+  /* "rtate.se", true */ 'r', 't', 'a', 't', 'e', '.', 's', 'e', '\0',
+  /* "rtcx.net", true */ 'r', 't', 'c', 'x', '.', 'n', 'e', 't', '\0',
+  /* "rtd.uk.com", true */ 'r', 't', 'd', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rte.eu", true */ 'r', 't', 'e', '.', 'e', 'u', '\0',
+  /* "rte2fm.ie", true */ 'r', 't', 'e', '2', 'f', 'm', '.', 'i', 'e', '\0',
+  /* "rteaertel.ie", true */ 'r', 't', 'e', 'a', 'e', 'r', 't', 'e', 'l', '.', 'i', 'e', '\0',
+  /* "rtechservices.io", true */ 'r', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'i', 'o', '\0',
+  /* "rteinternational.ie", true */ 'r', 't', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'i', 'e', '\0',
+  /* "rtejr.ie", true */ 'r', 't', 'e', 'j', 'r', '.', 'i', 'e', '\0',
+  /* "rtek.se", true */ 'r', 't', 'e', 'k', '.', 's', 'e', '\0',
+  /* "rtenews.eu", true */ 'r', 't', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0',
+  /* "rteone.ie", true */ 'r', 't', 'e', 'o', 'n', 'e', '.', 'i', 'e', '\0',
+  /* "rteplayer.com", true */ 'r', 't', 'e', 'p', 'l', 'a', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rtesport.eu", true */ 'r', 't', 'e', 's', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0',
+  /* "rtfpessoa.xyz", true */ 'r', 't', 'f', 'p', 'e', 's', 's', 'o', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "rtho.me", true */ 'r', 't', 'h', 'o', '.', 'm', 'e', '\0',
+  /* "rtrinflatables.co.uk", true */ 'r', 't', 'r', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rtsr.ch", true */ 'r', 't', 's', 'r', '.', 'c', 'h', '\0',
+  /* "rtvi.com", true */ 'r', 't', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rtwcourse.com", true */ 'r', 't', 'w', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ru-sprachstudio.ch", true */ 'r', 'u', '-', 's', 'p', 'r', 'a', 'c', 'h', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "ru.search.yahoo.com", false */ 'r', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ruanmi.de", true */ 'r', 'u', 'a', 'n', 'm', 'i', '.', 'd', 'e', '\0',
+  /* "rubberfurs.org", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'f', 'u', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "rubberlegscastles.co.uk", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'l', 'e', 'g', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rubbermaidoutlet.com", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'm', 'a', 'i', 'd', 'o', 'u', 't', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rubbix.net", true */ 'r', 'u', 'b', 'b', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "rubbleremovalsbenoni.co.za", true */ 'r', 'u', 'b', 'b', 'l', 'e', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', 'b', 'e', 'n', 'o', 'n', 'i', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ruben.am", true */ 'r', 'u', 'b', 'e', 'n', '.', 'a', 'm', '\0',
+  /* "rubenbarbero.com", true */ 'r', 'u', 'b', 'e', 'n', 'b', 'a', 'r', 'b', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rubenkruisselbrink.nl", true */ 'r', 'u', 'b', 'e', 'n', 'k', 'r', 'u', 'i', 's', 's', 'e', 'l', 'b', 'r', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "rublacklist.net", true */ 'r', 'u', 'b', 'l', 'a', 'c', 'k', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "ruby-auf-schienen.de", true */ 'r', 'u', 'b', 'y', '-', 'a', 'u', 'f', '-', 's', 'c', 'h', 'i', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rubyist.today", true */ 'r', 'u', 'b', 'y', 'i', 's', 't', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "rubymartin.com.au", true */ 'r', 'u', 'b', 'y', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rubyquincunx.com", true */ 'r', 'u', 'b', 'y', 'q', 'u', 'i', 'n', 'c', 'u', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rubyquincunx.org", true */ 'r', 'u', 'b', 'y', 'q', 'u', 'i', 'n', 'c', 'u', 'n', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "rubytune.com", true */ 'r', 'u', 'b', 'y', 't', 'u', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rucnerobene.eu", true */ 'r', 'u', 'c', 'n', 'e', 'r', 'o', 'b', 'e', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "ruconsole.com", true */ 'r', 'u', 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rud.is", true */ 'r', 'u', 'd', '.', 'i', 's', '\0',
+  /* "rudd-o.com", true */ 'r', 'u', 'd', 'd', '-', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rudelune.fr", true */ 'r', 'u', 'd', 'e', 'l', 'u', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "ruderverein-gelsenkirchen.de", true */ 'r', 'u', 'd', 'e', 'r', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'g', 'e', 'l', 's', 'e', 'n', 'k', 'i', 'r', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rudloff.pro", false */ 'r', 'u', 'd', 'l', 'o', 'f', 'f', '.', 'p', 'r', 'o', '\0',
+  /* "rudolph.life", true */ 'r', 'u', 'd', 'o', 'l', 'p', 'h', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "rudolphmarketing.com", true */ 'r', 'u', 'd', 'o', 'l', 'p', 'h', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rudrastyh.com", true */ 'r', 'u', 'd', 'r', 'a', 's', 't', 'y', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ruedirrenggli.ch", true */ 'r', 'u', 'e', 'd', 'i', 'r', 'r', 'e', 'n', 'g', 'g', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "rueg.eu", true */ 'r', 'u', 'e', 'g', '.', 'e', 'u', '\0',
+  /* "ruerte.net", true */ 'r', 'u', 'e', 'r', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rufabula-com.appspot.com", true */ 'r', 'u', 'f', 'a', 'b', 'u', 'l', 'a', '-', 'c', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ruffbeatz.com", true */ 'r', 'u', 'f', 'f', 'b', 'e', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "rugby.video", true */ 'r', 'u', 'g', 'b', 'y', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "rugk.dedyn.io", true */ 'r', 'u', 'g', 'k', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "ruh-veit.de", true */ 'r', 'u', 'h', '-', 'v', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "ruhrmobil-e.de", true */ 'r', 'u', 'h', 'r', 'm', 'o', 'b', 'i', 'l', '-', 'e', '.', 'd', 'e', '\0',
+  /* "ruhrnalist.de", true */ 'r', 'u', 'h', 'r', 'n', 'a', 'l', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "ruht.ro", true */ 'r', 'u', 'h', 't', '.', 'r', 'o', '\0',
+  /* "ruigomes.me", true */ 'r', 'u', 'i', 'g', 'o', 'm', 'e', 's', '.', 'm', 'e', '\0',
+  /* "ruiming.me", false */ 'r', 'u', 'i', 'm', 'i', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "ruja.dk", true */ 'r', 'u', 'j', 'a', '.', 'd', 'k', '\0',
+  /* "ruk.ca", true */ 'r', 'u', 'k', '.', 'c', 'a', '\0',
+  /* "rukhaiyar.com", true */ 'r', 'u', 'k', 'h', 'a', 'i', 'y', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rullzer.com", true */ 'r', 'u', 'l', 'l', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rulu.co", true */ 'r', 'u', 'l', 'u', '.', 'c', 'o', '\0',
+  /* "rulu.tv", true */ 'r', 'u', 'l', 'u', '.', 't', 'v', '\0',
+  /* "rulutv.com", true */ 'r', 'u', 'l', 'u', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "rumlager.de", true */ 'r', 'u', 'm', 'l', 'a', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rummel-platz.de", true */ 'r', 'u', 'm', 'm', 'e', 'l', '-', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "rumplesinflatables.co.uk", true */ 'r', 'u', 'm', 'p', 'l', 'e', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rumtaste.com", true */ 'r', 'u', 'm', 't', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rumtaste.de", true */ 'r', 'u', 'm', 't', 'a', 's', 't', 'e', '.', 'd', 'e', '\0',
+  /* "run-forrest.run", true */ 'r', 'u', 'n', '-', 'f', 'o', 'r', 'r', 'e', 's', 't', '.', 'r', 'u', 'n', '\0',
+  /* "runagain.ch", true */ 'r', 'u', 'n', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "runebet.com", true */ 'r', 'u', 'n', 'e', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "runklesecurity.com", true */ 'r', 'u', 'n', 'k', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "runnergrapher.com", true */ 'r', 'u', 'n', 'n', 'e', 'r', 'g', 'r', 'a', 'p', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "runreport.fr", true */ 'r', 'u', 'n', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "runschrauger.com", true */ 'r', 'u', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "runvs.io", true */ 'r', 'u', 'n', 'v', 's', '.', 'i', 'o', '\0',
+  /* "ruobiyi.com", true */ 'r', 'u', 'o', 'b', 'i', 'y', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ruri.io", true */ 'r', 'u', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "rus-trip.ru", true */ 'r', 'u', 's', '-', 't', 'r', 'i', 'p', '.', 'r', 'u', '\0',
+  /* "rusempire.ru", true */ 'r', 'u', 's', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'r', 'u', '\0',
+  /* "rushball.net", true */ 'r', 'u', 's', 'h', 'b', 'a', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "rushiiworks.com", true */ 'r', 'u', 's', 'h', 'i', 'i', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rushpoppershop.co.uk", true */ 'r', 'u', 's', 'h', 'p', 'o', 'p', 'p', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rusi-ns.ca", true */ 'r', 'u', 's', 'i', '-', 'n', 's', '.', 'c', 'a', '\0',
+  /* "ruskod.net", true */ 'r', 'u', 's', 'k', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "rusl.net", true */ 'r', 'u', 's', 'l', '.', 'n', 'e', 't', '\0',
+  /* "russellandbrowns.co.uk", true */ 'r', 'u', 's', 's', 'e', 'l', 'l', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "russellupevents.co.uk", true */ 'r', 'u', 's', 's', 'e', 'l', 'l', 'u', 'p', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "russia.dating", true */ 'r', 'u', 's', 's', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "russianorthodoxchurch.co.uk", true */ 'r', 'u', 's', 's', 'i', 'a', 'n', 'o', 'r', 't', 'h', 'o', 'd', 'o', 'x', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "russt.me", true */ 'r', 'u', 's', 's', 't', '.', 'm', 'e', '\0',
+  /* "rust.mn", true */ 'r', 'u', 's', 't', '.', 'm', 'n', '\0',
+  /* "rustable.com", true */ 'r', 'u', 's', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rustbyexample.com", true */ 'r', 'u', 's', 't', 'b', 'y', 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rustyrambles.com", true */ 'r', 'u', 's', 't', 'y', 'r', 'a', 'm', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rusxakep.com", true */ 'r', 'u', 's', 'x', 'a', 'k', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rutgerschimmel.nl", true */ 'r', 'u', 't', 'g', 'e', 'r', 's', 'c', 'h', 'i', 'm', 'm', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "rutiger.com", true */ 'r', 'u', 't', 'i', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ruurdboomsma.nl", true */ 'r', 'u', 'u', 'r', 'd', 'b', 'o', 'o', 'm', 's', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "ruwhof.net", true */ 'r', 'u', 'w', 'h', 'o', 'f', '.', 'n', 'e', 't', '\0',
+  /* "rv-jpshop.com", true */ 'r', 'v', '-', 'j', 'p', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rva-asbestgroep.nl", true */ 'r', 'v', 'a', '-', 'a', 's', 'b', 'e', 's', 't', 'g', 'r', 'o', 'e', 'p', '.', 'n', 'l', '\0',
+  /* "rvg.zone", true */ 'r', 'v', 'g', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "rvnoel.net", true */ 'r', 'v', 'n', 'o', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "rvolve.net", true */ 'r', 'v', 'o', 'l', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rvsa2bevestigingen.nl", true */ 'r', 'v', 's', 'a', '2', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rvsa4bevestigingen.nl", true */ 'r', 'v', 's', 'a', '4', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rvsbevestigingen.nl", true */ 'r', 'v', 's', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rw.search.yahoo.com", false */ 'r', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rwanderlust.com", false */ 'r', 'w', 'a', 'n', 'd', 'e', 'r', 'l', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rwky.net", true */ 'r', 'w', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "rws-vertriebsportal.de", true */ 'r', 'w', 's', '-', 'v', 'e', 'r', 't', 'r', 'i', 'e', 'b', 's', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "rx-contact.com", false */ 'r', 'x', '-', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rxbn.de", true */ 'r', 'x', 'b', 'n', '.', 'd', 'e', '\0',
+  /* "rxbusiness.com", true */ 'r', 'x', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rxcheck.com", true */ 'r', 'x', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ryan-goldstein.com", true */ 'r', 'y', 'a', 'n', '-', 'g', 'o', 'l', 'd', 's', 't', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ryanbritton.com", true */ 'r', 'y', 'a', 'n', 'b', 'r', 'i', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ryanhowell.io", true */ 'r', 'y', 'a', 'n', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "ryankearney.com", false */ 'r', 'y', 'a', 'n', 'k', 'e', 'a', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ryanmcdonough.co.uk", true */ 'r', 'y', 'a', 'n', 'm', 'c', 'd', 'o', 'n', 'o', 'u', 'g', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ryazan-region.ru", true */ 'r', 'y', 'a', 'z', 'a', 'n', '-', 'r', 'e', 'g', 'i', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "rybox.info", true */ 'r', 'y', 'b', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rychlikoderi.cz", true */ 'r', 'y', 'c', 'h', 'l', 'i', 'k', 'o', 'd', 'e', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "ryejuice.sytes.net", true */ 'r', 'y', 'e', 'j', 'u', 'i', 'c', 'e', '.', 's', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "rylore.com", true */ 'r', 'y', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rynekpierwotny.pl", true */ 'r', 'y', 'n', 'e', 'k', 'p', 'i', 'e', 'r', 'w', 'o', 't', 'n', 'y', '.', 'p', 'l', '\0',
+  /* "rythgs.co", false */ 'r', 'y', 't', 'h', 'g', 's', '.', 'c', 'o', '\0',
+  /* "ryu22e.org", true */ 'r', 'y', 'u', '2', '2', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ryuu.es", true */ 'r', 'y', 'u', 'u', '.', 'e', 's', '\0',
+  /* "ryzhov.me", true */ 'r', 'y', 'z', 'h', 'o', 'v', '.', 'm', 'e', '\0',
+  /* "rzentarzewski.net", true */ 'r', 'z', 'e', 'n', 't', 'a', 'r', 'z', 'e', 'w', 's', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "s-c.se", true */ 's', '-', 'c', '.', 's', 'e', '\0',
+  /* "s-cubed.net", true */ 's', '-', 'c', 'u', 'b', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "s-ip-media.de", true */ 's', '-', 'i', 'p', '-', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "s-mainte.com", true */ 's', '-', 'm', 'a', 'i', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "s-mdb.com", true */ 's', '-', 'm', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "s-on.li", true */ 's', '-', 'o', 'n', '.', 'l', 'i', '\0',
+  /* "s007.co", true */ 's', '0', '0', '7', '.', 'c', 'o', '\0',
+  /* "s13d.fr", true */ 's', '1', '3', 'd', '.', 'f', 'r', '\0',
+  /* "s16e.no", true */ 's', '1', '6', 'e', '.', 'n', 'o', '\0',
+  /* "s2member.com", true */ 's', '2', 'm', 'e', 'm', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "s3cur3.it", true */ 's', '3', 'c', 'u', 'r', '3', '.', 'i', 't', '\0',
+  /* "s3gfault.com", true */ 's', '3', 'g', 'f', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "s404.de", true */ 's', '4', '0', '4', '.', 'd', 'e', '\0',
+  /* "s4db.net", true */ 's', '4', 'd', 'b', '.', 'n', 'e', 't', '\0',
+  /* "s4tips.com", true */ 's', '4', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "s4ur0n.com", true */ 's', '4', 'u', 'r', '0', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "s8a.us", true */ 's', '8', 'a', '.', 'u', 's', '\0',
+  /* "s95.de", true */ 's', '9', '5', '.', 'd', 'e', '\0',
+  /* "sa-blog.net", true */ 's', 'a', '-', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "sa-mp.ro", true */ 's', 'a', '-', 'm', 'p', '.', 'r', 'o', '\0',
+  /* "saabpartsdistribution.com", true */ 's', 'a', 'a', 'b', 'p', 'a', 'r', 't', 's', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "saamhorigheidsfonds.nl", false */ 's', 'a', 'a', 'm', 'h', 'o', 'r', 'i', 'g', 'h', 'e', 'i', 'd', 's', 'f', 'o', 'n', 'd', 's', '.', 'n', 'l', '\0',
+  /* "saba-piserver.info", true */ 's', 'a', 'b', 'a', '-', 'p', 'i', 's', 'e', 'r', 'v', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sabahattin-gucukoglu.com", true */ 's', 'a', 'b', 'a', 'h', 'a', 't', 't', 'i', 'n', '-', 'g', 'u', 'c', 'u', 'k', 'o', 'g', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "sabatek.pl", true */ 's', 'a', 'b', 'a', 't', 'e', 'k', '.', 'p', 'l', '\0',
+  /* "sabrinajoiasprontaentrega.com.br", true */ 's', 'a', 'b', 'r', 'i', 'n', 'a', 'j', 'o', 'i', 'a', 's', 'p', 'r', 'o', 'n', 't', 'a', 'e', 'n', 't', 'r', 'e', 'g', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sacaentradas.com", true */ 's', 'a', 'c', 'a', 'e', 'n', 't', 'r', 'a', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saccani.net", true */ 's', 'a', 'c', 'c', 'a', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "sackers.com", true */ 's', 'a', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sackmesser.ch", true */ 's', 'a', 'c', 'k', 'm', 'e', 's', 's', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "saclier.at", true */ 's', 'a', 'c', 'l', 'i', 'e', 'r', '.', 'a', 't', '\0',
+  /* "saco-ceso.com", true */ 's', 'a', 'c', 'o', '-', 'c', 'e', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sacred-knights.net", true */ 's', 'a', 'c', 'r', 'e', 'd', '-', 'k', 'n', 'i', 'g', 'h', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "sadbox.es", true */ 's', 'a', 'd', 'b', 'o', 'x', '.', 'e', 's', '\0',
+  /* "sadbox.org", true */ 's', 'a', 'd', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "sadhawkict.org", true */ 's', 'a', 'd', 'h', 'a', 'w', 'k', 'i', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "sadmansh.com", true */ 's', 'a', 'd', 'm', 'a', 'n', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "saengsook.com", true */ 's', 'a', 'e', 'n', 'g', 's', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "saengsuk.com", true */ 's', 'a', 'e', 'n', 'g', 's', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "safar.sk", true */ 's', 'a', 'f', 'a', 'r', '.', 's', 'k', '\0',
+  /* "safcstore.com", true */ 's', 'a', 'f', 'c', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "safe.moe", true */ 's', 'a', 'f', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "safe.space", true */ 's', 'a', 'f', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "safebasements.com", true */ 's', 'a', 'f', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "safebasementsnorthdakota.com", true */ 's', 'a', 'f', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', 'n', 'o', 'r', 't', 'h', 'd', 'a', 'k', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "safebuyerscheme.co.uk", true */ 's', 'a', 'f', 'e', 'b', 'u', 'y', 'e', 'r', 's', 'c', 'h', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "safecar.gov", false */ 's', 'a', 'f', 'e', 'c', 'a', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "safedevice.net", true */ 's', 'a', 'f', 'e', 'd', 'e', 'v', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "safegold.ca", true */ 's', 'a', 'f', 'e', 'g', 'o', 'l', 'd', '.', 'c', 'a', '\0',
+  /* "safegroup.pl", true */ 's', 'a', 'f', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'p', 'l', '\0',
+  /* "safeinfra.nl", true */ 's', 'a', 'f', 'e', 'i', 'n', 'f', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "safeme.ga", true */ 's', 'a', 'f', 'e', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "safer-networking.org", true */ 's', 'a', 'f', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "saferchildren.eu", false */ 's', 'a', 'f', 'e', 'r', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "saferedirect.link", true */ 's', 'a', 'f', 'e', 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "saferpost.com", true */ 's', 'a', 'f', 'e', 'r', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "safescan.com", true */ 's', 'a', 'f', 'e', 's', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "safesecret.info", true */ 's', 'a', 'f', 'e', 's', 'e', 'c', 'r', 'e', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "safetext.me", true */ 's', 'a', 'f', 'e', 't', 'e', 'x', 't', '.', 'm', 'e', '\0',
+  /* "safetycloud.me", true */ 's', 'a', 'f', 'e', 't', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "safezone.cc", true */ 's', 'a', 'f', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'c', '\0',
+  /* "safire.ac.za", true */ 's', 'a', 'f', 'i', 'r', 'e', '.', 'a', 'c', '.', 'z', 'a', '\0',
+  /* "sagedocumentmanager.com", true */ 's', 'a', 'g', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sagemontchurch.org", true */ 's', 'a', 'g', 'e', 'm', 'o', 'n', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "sagerus.com", true */ 's', 'a', 'g', 'e', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sagsmarseille.com", true */ 's', 'a', 'g', 's', 'm', 'a', 'r', 's', 'e', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sahar.io", true */ 's', 'a', 'h', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "sahb.dk", true */ 's', 'a', 'h', 'b', '.', 'd', 'k', '\0',
+  /* "sahkotyot.eu", true */ 's', 'a', 'h', 'k', 'o', 't', 'y', 'o', 't', '.', 'e', 'u', '\0',
+  /* "said.id", true */ 's', 'a', 'i', 'd', '.', 'i', 'd', '\0',
+  /* "said.my.id", true */ 's', 'a', 'i', 'd', '.', 'm', 'y', '.', 'i', 'd', '\0',
+  /* "saier.me", true */ 's', 'a', 'i', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "saifoundation.in", true */ 's', 'a', 'i', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "saigonflowers.com", true */ 's', 'a', 'i', 'g', 'o', 'n', 'f', 'l', 'o', 'w', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saikarra.com", true */ 's', 'a', 'i', 'k', 'a', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saikou.moe", true */ 's', 'a', 'i', 'k', 'o', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "saikouji.tokushima.jp", true */ 's', 'a', 'i', 'k', 'o', 'u', 'j', 'i', '.', 't', 'o', 'k', 'u', 's', 'h', 'i', 'm', 'a', '.', 'j', 'p', '\0',
+  /* "sailormoonevents.org", false */ 's', 'a', 'i', 'l', 'o', 'r', 'm', 'o', 'o', 'n', 'e', 'v', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "saimoe.moe", true */ 's', 'a', 'i', 'm', 'o', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "saimoe.org", true */ 's', 'a', 'i', 'm', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "sainetworks.net", true */ 's', 'a', 'i', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "saintaardvarkthecarpeted.com", true */ 's', 'a', 'i', 'n', 't', 'a', 'a', 'r', 'd', 'v', 'a', 'r', 'k', 't', 'h', 'e', 'c', 'a', 'r', 'p', 'e', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "saintanthonyscorner.com", true */ 's', 'a', 'i', 'n', 't', 'a', 'n', 't', 'h', 'o', 'n', 'y', 's', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sainth.de", true */ 's', 'a', 'i', 'n', 't', 'h', '.', 'd', 'e', '\0',
+  /* "saintsrobotics.com", true */ 's', 'a', 'i', 'n', 't', 's', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saipariwar.com", true */ 's', 'a', 'i', 'p', 'a', 'r', 'i', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "saiputra.com", true */ 's', 'a', 'i', 'p', 'u', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saitrance.com", true */ 's', 'a', 'i', 't', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saiyasu-search.com", true */ 's', 'a', 'i', 'y', 'a', 's', 'u', '-', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sakostacloud.de", true */ 's', 'a', 'k', 'o', 's', 't', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "sakuraflores.com.br", true */ 's', 'a', 'k', 'u', 'r', 'a', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "salaervergleich.com", true */ 's', 'a', 'l', 'a', 'e', 'r', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "salde.net", true */ 's', 'a', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "sale4ru.ru", true */ 's', 'a', 'l', 'e', '4', 'r', 'u', '.', 'r', 'u', '\0',
+  /* "saleaks.org", true */ 's', 'a', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "salearnership.co.za", true */ 's', 'a', 'l', 'e', 'a', 'r', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "salensmotors-usedcars.be", true */ 's', 'a', 'l', 'e', 'n', 's', 'm', 'o', 't', 'o', 'r', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "salesflare.com", true */ 's', 'a', 'l', 'e', 's', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "salesmachine.io", true */ 's', 'a', 'l', 'e', 's', 'm', 'a', 'c', 'h', 'i', 'n', 'e', '.', 'i', 'o', '\0',
+  /* "salishseawhalewatching.ca", true */ 's', 'a', 'l', 'i', 's', 'h', 's', 'e', 'a', 'w', 'h', 'a', 'l', 'e', 'w', 'a', 't', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "salixcode.com", true */ 's', 'a', 'l', 'i', 'x', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "salle-quali.fr", true */ 's', 'a', 'l', 'l', 'e', '-', 'q', 'u', 'a', 'l', 'i', '.', 'f', 'r', '\0',
+  /* "sallydowns.name", true */ 's', 'a', 'l', 'l', 'y', 'd', 'o', 'w', 'n', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "salmo23.com.br", true */ 's', 'a', 'l', 'm', 'o', '2', '3', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "salmododia.net", true */ 's', 'a', 'l', 'm', 'o', 'd', 'o', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "salmonella.co.uk", true */ 's', 'a', 'l', 'm', 'o', 'n', 'e', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "salmonrecovery.gov", true */ 's', 'a', 'l', 'm', 'o', 'n', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "salmonvision.com.tw", true */ 's', 'a', 'l', 'm', 'o', 'n', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "salmos91.com", true */ 's', 'a', 'l', 'm', 'o', 's', '9', '1', '.', 'c', 'o', 'm', '\0',
+  /* "salmotierra-salvatierra.com", true */ 's', 'a', 'l', 'm', 'o', 't', 'i', 'e', 'r', 'r', 'a', '-', 's', 'a', 'l', 'v', 'a', 't', 'i', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "salon-claudia.ch", true */ 's', 'a', 'l', 'o', 'n', '-', 'c', 'l', 'a', 'u', 'd', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "salon-minipli.de", true */ 's', 'a', 'l', 'o', 'n', '-', 'm', 'i', 'n', 'i', 'p', 'l', 'i', '.', 'd', 'e', '\0',
+  /* "salon.io", false */ 's', 'a', 'l', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "salonestella.it", true */ 's', 'a', 'l', 'o', 'n', 'e', 's', 't', 'e', 'l', 'l', 'a', '.', 'i', 't', '\0',
+  /* "salonsantebienetre.ch", true */ 's', 'a', 'l', 'o', 'n', 's', 'a', 'n', 't', 'e', 'b', 'i', 'e', 'n', 'e', 't', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "salsa-straubing.de", true */ 's', 'a', 'l', 's', 'a', '-', 's', 't', 'r', 'a', 'u', 'b', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "saltbythesea.com", true */ 's', 'a', 'l', 't', 'b', 'y', 't', 'h', 'e', 's', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saltercane.com", false */ 's', 'a', 'l', 't', 'e', 'r', 'c', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saltro.nl", true */ 's', 'a', 'l', 't', 'r', 'o', '.', 'n', 'l', '\0',
+  /* "saltstack.cz", true */ 's', 'a', 'l', 't', 's', 't', 'a', 'c', 'k', '.', 'c', 'z', '\0',
+  /* "salud.top", false */ 's', 'a', 'l', 'u', 'd', '.', 't', 'o', 'p', '\0',
+  /* "saludsexualmasculina.org", true */ 's', 'a', 'l', 'u', 'd', 's', 'e', 'x', 'u', 'a', 'l', 'm', 'a', 's', 'c', 'u', 'l', 'i', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "saludsis.mil.co", true */ 's', 'a', 'l', 'u', 'd', 's', 'i', 's', '.', 'm', 'i', 'l', '.', 'c', 'o', '\0',
+  /* "salutethepig.com", true */ 's', 'a', 'l', 'u', 't', 'e', 't', 'h', 'e', 'p', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "salverainha.org", true */ 's', 'a', 'l', 'v', 'e', 'r', 'a', 'i', 'n', 'h', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sam-football.fr", true */ 's', 'a', 'm', '-', 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', '.', 'f', 'r', '\0',
+  /* "samanthahumphreysstudio.com", true */ 's', 'a', 'm', 'a', 'n', 't', 'h', 'a', 'h', 'u', 'm', 'p', 'h', 'r', 'e', 'y', 's', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "samanthasgeckos.com", true */ 's', 'a', 'm', 'a', 'n', 't', 'h', 'a', 's', 'g', 'e', 'c', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samappleton.com", true */ 's', 'a', 'm', 'a', 'p', 'p', 'l', 'e', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "samaritainsmeyrin.ch", true */ 's', 'a', 'm', 'a', 'r', 'i', 't', 'a', 'i', 'n', 's', 'm', 'e', 'y', 'r', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "samaritansnet.org", true */ 's', 'a', 'm', 'a', 'r', 'i', 't', 'a', 'n', 's', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "samatva-yogalaya.com", true */ 's', 'a', 'm', 'a', 't', 'v', 'a', '-', 'y', 'o', 'g', 'a', 'l', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "samba.org", true */ 's', 'a', 'm', 'b', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sambaa.com.br", true */ 's', 'a', 'm', 'b', 'a', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sambaash.com", true */ 's', 'a', 'm', 'b', 'a', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sambeso.net", true */ 's', 'a', 'm', 'b', 'e', 's', 'o', '.', 'n', 'e', 't', '\0',
+  /* "samegoal.com", true */ 's', 'a', 'm', 'e', 'g', 'o', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "samel.de", true */ 's', 'a', 'm', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "samenwerkingsportaal.nl", true */ 's', 'a', 'm', 'e', 'n', 'w', 'e', 'r', 'k', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "samenwerkingsportaal.tk", true */ 's', 'a', 'm', 'e', 'n', 'w', 'e', 'r', 'k', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 't', 'k', '\0',
+  /* "sameworks.com", true */ 's', 'a', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samgrayson.me", true */ 's', 'a', 'm', 'g', 'r', 'a', 'y', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "samifar.in", true */ 's', 'a', 'm', 'i', 'f', 'a', 'r', '.', 'i', 'n', '\0',
+  /* "samizdat.cz", true */ 's', 'a', 'm', 'i', 'z', 'd', 'a', 't', '.', 'c', 'z', '\0',
+  /* "samkelleher.com", true */ 's', 'a', 'm', 'k', 'e', 'l', 'l', 'e', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "saml-gateway.org", true */ 's', 'a', 'm', 'l', '-', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "samm.com.au", true */ 's', 'a', 'm', 'm', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sammyjohnson.com", false */ 's', 'a', 'm', 'm', 'y', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sammyservers.com", true */ 's', 'a', 'm', 'm', 'y', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samp.im", true */ 's', 'a', 'm', 'p', '.', 'i', 'm', '\0',
+  /* "samsonova.de", true */ 's', 'a', 'm', 's', 'o', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "samsungphonegenerator.xyz", true */ 's', 'a', 'm', 's', 'u', 'n', 'g', 'p', 'h', 'o', 'n', 'e', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "samsungxoa.com", true */ 's', 'a', 'm', 's', 'u', 'n', 'g', 'x', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "samuelkeeley.com", true */ 's', 'a', 'm', 'u', 'e', 'l', 'k', 'e', 'e', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "samuellaulhau.fr", true */ 's', 'a', 'm', 'u', 'e', 'l', 'l', 'a', 'u', 'l', 'h', 'a', 'u', '.', 'f', 'r', '\0',
+  /* "samui-samui.de", true */ 's', 'a', 'm', 'u', 'i', '-', 's', 'a', 'm', 'u', 'i', '.', 'd', 'e', '\0',
+  /* "samuirehabcenter.com", true */ 's', 'a', 'm', 'u', 'i', 'r', 'e', 'h', 'a', 'b', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "samvanderkris.com", true */ 's', 'a', 'm', 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samwilberforce.com", true */ 's', 'a', 'm', 'w', 'i', 'l', 'b', 'e', 'r', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "samwu.tw", false */ 's', 'a', 'm', 'w', 'u', '.', 't', 'w', '\0',
+  /* "samyerkes.com", true */ 's', 'a', 'm', 'y', 'e', 'r', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sana-store.com", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sana-store.cz", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'z', '\0',
+  /* "sana-store.sk", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 's', 'k', '\0',
+  /* "sanandreasstories.com", true */ 's', 'a', 'n', 'a', 'n', 'd', 'r', 'e', 'a', 's', 's', 't', 'o', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sanasport.cz", true */ 's', 'a', 'n', 'a', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0',
+  /* "sanasport.sk", true */ 's', 'a', 'n', 'a', 's', 'p', 'o', 'r', 't', '.', 's', 'k', '\0',
+  /* "sanatorii-sverdlovskoy-oblasti.ru", true */ 's', 'a', 'n', 'a', 't', 'o', 'r', 'i', 'i', '-', 's', 'v', 'e', 'r', 'd', 'l', 'o', 'v', 's', 'k', 'o', 'y', '-', 'o', 'b', 'l', 'a', 's', 't', 'i', '.', 'r', 'u', '\0',
+  /* "sanatorionosti.com.ar", true */ 's', 'a', 'n', 'a', 't', 'o', 'r', 'i', 'o', 'n', 'o', 's', 't', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "sanchez.adv.br", true */ 's', 'a', 'n', 'c', 'h', 'e', 'z', '.', 'a', 'd', 'v', '.', 'b', 'r', '\0',
+  /* "sancy.de", true */ 's', 'a', 'n', 'c', 'y', '.', 'd', 'e', '\0',
+  /* "sand-islets.de", true */ 's', 'a', 'n', 'd', '-', 'i', 's', 'l', 'e', 't', 's', '.', 'd', 'e', '\0',
+  /* "sandalj.com", true */ 's', 'a', 'n', 'd', 'a', 'l', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "sandbagexpress.com", true */ 's', 'a', 'n', 'd', 'b', 'a', 'g', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sandbox.mydigipass.com", false */ 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sandburner.net", true */ 's', 'a', 'n', 'd', 'b', 'u', 'r', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "sanderdorigo.nl", true */ 's', 'a', 'n', 'd', 'e', 'r', 'd', 'o', 'r', 'i', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "sanderknape.com", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'n', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sanderkoenders.eu", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'o', 'e', 'n', 'd', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "sanderkoenders.nl", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'o', 'e', 'n', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "sandervankasteel.nl", false */ 's', 'a', 'n', 'd', 'e', 'r', 'v', 'a', 'n', 'k', 'a', 's', 't', 'e', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "sandhaufen.tk", true */ 's', 'a', 'n', 'd', 'h', 'a', 'u', 'f', 'e', 'n', '.', 't', 'k', '\0',
+  /* "sandmanintel.com", true */ 's', 'a', 'n', 'd', 'm', 'a', 'n', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sandmarc.cz", true */ 's', 'a', 'n', 'd', 'm', 'a', 'r', 'c', '.', 'c', 'z', '\0',
+  /* "sandobygg.se", true */ 's', 'a', 'n', 'd', 'o', 'b', 'y', 'g', 'g', '.', 's', 'e', '\0',
+  /* "sandogruppen.se", true */ 's', 'a', 'n', 'd', 'o', 'g', 'r', 'u', 'p', 'p', 'e', 'n', '.', 's', 'e', '\0',
+  /* "sandor.wtf", true */ 's', 'a', 'n', 'd', 'o', 'r', '.', 'w', 't', 'f', '\0',
+  /* "sandrainden.nl", true */ 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "sandraindenfotografie.nl", true */ 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', 'd', 'e', 'n', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "sandrolittke.de", true */ 's', 'a', 'n', 'd', 'r', 'o', 'l', 'i', 't', 't', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "sandyrobsonhypnotherapy.co.uk", true */ 's', 'a', 'n', 'd', 'y', 'r', 'o', 'b', 's', 'o', 'n', 'h', 'y', 'p', 'n', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sanepsychologen.nl", true */ 's', 'a', 'n', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "sanex.ca", false */ 's', 'a', 'n', 'e', 'x', '.', 'c', 'a', '\0',
+  /* "sanglierhurlant.fr", true */ 's', 'a', 'n', 'g', 'l', 'i', 'e', 'r', 'h', 'u', 'r', 'l', 'a', 'n', 't', '.', 'f', 'r', '\0',
+  /* "sangwon.io", true */ 's', 'a', 'n', 'g', 'w', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "sanilodge.com", true */ 's', 'a', 'n', 'i', 'l', 'o', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sanitairwinkel.be", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "sanitairwinkel.com", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sanitairwinkel.nl", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "sanooktiew.com", false */ 's', 'a', 'n', 'o', 'o', 'k', 't', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "sanpham-balea.org", true */ 's', 'a', 'n', 'p', 'h', 'a', 'm', '-', 'b', 'a', 'l', 'e', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sanradon.by", true */ 's', 'a', 'n', 'r', 'a', 'd', 'o', 'n', '.', 'b', 'y', '\0',
+  /* "sanskritiyoga.com", true */ 's', 'a', 'n', 's', 'k', 'r', 'i', 't', 'i', 'y', 'o', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sansonehowell.com", true */ 's', 'a', 'n', 's', 'o', 'n', 'e', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "santafemacas.com.br", true */ 's', 'a', 'n', 't', 'a', 'f', 'e', 'm', 'a', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "santanderideas.com", true */ 's', 'a', 'n', 't', 'a', 'n', 'd', 'e', 'r', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "santenatureetcie.com", true */ 's', 'a', 'n', 't', 'e', 'n', 'a', 't', 'u', 'r', 'e', 'e', 't', 'c', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "santevie.ch", true */ 's', 'a', 'n', 't', 'e', 'v', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "santmark.com", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "santmark.eu", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "santmark.fi", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'f', 'i', '\0',
+  /* "santmark.info", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "santmark.net", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "santmark.org", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "santodomingocg.org", true */ 's', 'a', 'n', 't', 'o', 'd', 'o', 'm', 'i', 'n', 'g', 'o', 'c', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "santojuken.co.jp", true */ 's', 'a', 'n', 't', 'o', 'j', 'u', 'k', 'e', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "santorinibbs.com", true */ 's', 'a', 'n', 't', 'o', 'r', 'i', 'n', 'i', 'b', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sanvitolocapobus.com", true */ 's', 'a', 'n', 'v', 'i', 't', 'o', 'l', 'o', 'c', 'a', 'p', 'o', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saoneth.pl", true */ 's', 'a', 'o', 'n', 'e', 't', 'h', '.', 'p', 'l', '\0',
+  /* "saorsat.com", true */ 's', 'a', 'o', 'r', 's', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "saorsat.ie", true */ 's', 'a', 'o', 'r', 's', 'a', 't', '.', 'i', 'e', '\0',
+  /* "saorview.com", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "saorviewconnect.ie", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'i', 'e', '\0',
+  /* "saorviewconnected.ie", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'e', 'd', '.', 'i', 'e', '\0',
+  /* "sapac.es", true */ 's', 'a', 'p', 'a', 'c', '.', 'e', 's', '\0',
+  /* "sapereaude.com.pl", true */ 's', 'a', 'p', 'e', 'r', 'e', 'a', 'u', 'd', 'e', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "sapien-ci.com", true */ 's', 'a', 'p', 'i', 'e', 'n', '-', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sapience.com", true */ 's', 'a', 'p', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sapk.fr", true */ 's', 'a', 'p', 'k', '.', 'f', 'r', '\0',
+  /* "saposute-s.jp", true */ 's', 'a', 'p', 'o', 's', 'u', 't', 'e', '-', 's', '.', 'j', 'p', '\0',
+  /* "sapporobeer.com", true */ 's', 'a', 'p', 'p', 'o', 'r', 'o', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sapprendre.ch", true */ 's', 'a', 'p', 'p', 'r', 'e', 'n', 'd', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "sapuncheta.com", true */ 's', 'a', 'p', 'u', 'n', 'c', 'h', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saq.com", true */ 's', 'a', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "sarahbeckettharpist.com", true */ 's', 'a', 'r', 'a', 'h', 'b', 'e', 'c', 'k', 'e', 't', 't', 'h', 'a', 'r', 'p', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sarahlicity.co.uk", false */ 's', 'a', 'r', 'a', 'h', 'l', 'i', 'c', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sarahlicity.me.uk", true */ 's', 'a', 'r', 'a', 'h', 'l', 'i', 'c', 'i', 't', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "sarahs-roestcafe.de", false */ 's', 'a', 'r', 'a', 'h', 's', '-', 'r', 'o', 'e', 's', 't', 'c', 'a', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "sarahvictor.co.uk", true */ 's', 'a', 'r', 'a', 'h', 'v', 'i', 'c', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sarariman.com", true */ 's', 'a', 'r', 'a', 'r', 'i', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sarasturdivant.com", true */ 's', 'a', 'r', 'a', 's', 't', 'u', 'r', 'd', 'i', 'v', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sardegnatirocini.it", true */ 's', 'a', 'r', 'd', 'e', 'g', 'n', 'a', 't', 'i', 'r', 'o', 'c', 'i', 'n', 'i', '.', 'i', 't', '\0',
+  /* "sarink.eu", true */ 's', 'a', 'r', 'i', 'n', 'k', '.', 'e', 'u', '\0',
+  /* "sarkarikhoj.com", true */ 's', 'a', 'r', 'k', 'a', 'r', 'i', 'k', 'h', 'o', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "sarkisozleri.us", true */ 's', 'a', 'r', 'k', 'i', 's', 'o', 'z', 'l', 'e', 'r', 'i', '.', 'u', 's', '\0',
+  /* "saro.me", true */ 's', 'a', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "saronno5stelle.it", true */ 's', 'a', 'r', 'o', 'n', 'n', 'o', '5', 's', 't', 'e', 'l', 'l', 'e', '.', 'i', 't', '\0',
+  /* "sarpsb.org", true */ 's', 'a', 'r', 'p', 's', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "sarumtechnologies.com", true */ 's', 'a', 'r', 'u', 'm', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sas-snowboarding.sk", true */ 's', 'a', 's', '-', 's', 'n', 'o', 'w', 'b', 'o', 'a', 'r', 'd', 'i', 'n', 'g', '.', 's', 'k', '\0',
+  /* "sash.pw", true */ 's', 'a', 's', 'h', '.', 'p', 'w', '\0',
+  /* "sashaokun.com", true */ 's', 'a', 's', 'h', 'a', 'o', 'k', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sashascollections.com", true */ 's', 'a', 's', 'h', 'a', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saskpension.com", true */ 's', 'a', 's', 'k', 'p', 'e', 'n', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sastd.com", true */ 's', 'a', 's', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sasyabapi.com", true */ 's', 'a', 's', 'y', 'a', 'b', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sat4all.com", true */ 's', 'a', 't', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "satai.dk", true */ 's', 'a', 't', 'a', 'i', '.', 'd', 'k', '\0',
+  /* "saterdalen.net", true */ 's', 'a', 't', 'e', 'r', 'd', 'a', 'l', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "satimagingcorp.com", true */ 's', 'a', 't', 'i', 'm', 'a', 'g', 'i', 'n', 'g', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "satinn.pl", true */ 's', 'a', 't', 'i', 'n', 'n', '.', 'p', 'l', '\0',
+  /* "satmd.de", true */ 's', 'a', 't', 'm', 'd', '.', 'd', 'e', '\0',
+  /* "saturn.pl", true */ 's', 'a', 't', 'u', 'r', 'n', '.', 'p', 'l', '\0',
+  /* "saudavel.com.vc", true */ 's', 'a', 'u', 'd', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '.', 'v', 'c', '\0',
+  /* "saudeealimentos.com", true */ 's', 'a', 'u', 'd', 'e', 'e', 'a', 'l', 'i', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saudeintimadamulher.com.br", true */ 's', 'a', 'u', 'd', 'e', 'i', 'n', 't', 'i', 'm', 'a', 'd', 'a', 'm', 'u', 'l', 'h', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "saudenoclique.com.br", true */ 's', 'a', 'u', 'd', 'e', 'n', 'o', 'c', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sauenytt.no", true */ 's', 'a', 'u', 'e', 'n', 'y', 't', 't', '.', 'n', 'o', '\0',
+  /* "sauer-systems.net", true */ 's', 'a', 'u', 'e', 'r', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "sauerland-schnittgruen.de", true */ 's', 'a', 'u', 'e', 'r', 'l', 'a', 'n', 'd', '-', 's', 'c', 'h', 'n', 'i', 't', 't', 'g', 'r', 'u', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "saulchristie.com", true */ 's', 'a', 'u', 'l', 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saumon-de-france.com", true */ 's', 'a', 'u', 'm', 'o', 'n', '-', 'd', 'e', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saumon-france.com", true */ 's', 'a', 'u', 'm', 'o', 'n', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saumon.io", true */ 's', 'a', 'u', 'm', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "saumondefrance.fr", true */ 's', 'a', 'u', 'm', 'o', 'n', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "saumonfrance.fr", true */ 's', 'a', 'u', 'm', 'o', 'n', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "saunahats.eu", true */ 's', 'a', 'u', 'n', 'a', 'h', 'a', 't', 's', '.', 'e', 'u', '\0',
+  /* "saunas.fr", true */ 's', 'a', 'u', 'n', 'a', 's', '.', 'f', 'r', '\0',
+  /* "saurel.me", true */ 's', 'a', 'u', 'r', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "savacloud.com", true */ 's', 'a', 'v', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "savageorgiev.com", true */ 's', 'a', 'v', 'a', 'g', 'e', 'o', 'r', 'g', 'i', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "savannahtasteexperience.com", true */ 's', 'a', 'v', 'a', 'n', 'n', 'a', 'h', 't', 'a', 's', 't', 'e', 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "save-me-aachen.de", true */ 's', 'a', 'v', 'e', '-', 'm', 'e', '-', 'a', 'a', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "save-me-koeln.de", true */ 's', 'a', 'v', 'e', '-', 'm', 'e', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "savecrypto.org", true */ 's', 'a', 'v', 'e', 'c', 'r', 'y', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "savekorea.net", true */ 's', 'a', 'v', 'e', 'k', 'o', 'r', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "savemoneyonenergy.com", true */ 's', 'a', 'v', 'e', 'm', 'o', 'n', 'e', 'y', 'o', 'n', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "savenet.org", true */ 's', 'a', 'v', 'e', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "saveora.com", true */ 's', 'a', 'v', 'e', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saveora.shop", true */ 's', 'a', 'v', 'e', 'o', 'r', 'a', '.', 's', 'h', 'o', 'p', '\0',
+  /* "savetheinternet.eu", true */ 's', 'a', 'v', 'e', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "savic.com", true */ 's', 'a', 'v', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "savingbytes.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "savinggoliath.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 'g', 'o', 'l', 'i', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "savingsbondwizard.gov", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 'b', 'o', 'n', 'd', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "savingsomegreen.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 'o', 'm', 'e', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "savingsstoreonline.ca", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 's', 't', 'o', 'r', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'a', '\0',
+  /* "savisasolutions.co.za", true */ 's', 'a', 'v', 'i', 's', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "savvytime.com", true */ 's', 'a', 'v', 'v', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sawyerroofing.com", true */ 's', 'a', 'w', 'y', 'e', 'r', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "saxojoe.co.uk", true */ 's', 'a', 'x', 'o', 'j', 'o', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "saxojoe.de", true */ 's', 'a', 'x', 'o', 'j', 'o', 'e', '.', 'd', 'e', '\0',
+  /* "saxol-group.com", true */ 's', 'a', 'x', 'o', 'l', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "saxoncreative.com", true */ 's', 'a', 'x', 'o', 'n', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saxwereld.nl", true */ 's', 'a', 'x', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "sayprepay.com", true */ 's', 'a', 'y', 'p', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sayura.net", true */ 's', 'a', 'y', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "saz.sh", true */ 's', 'a', 'z', '.', 's', 'h', '\0',
+  /* "sazuz.cz", true */ 's', 'a', 'z', 'u', 'z', '.', 'c', 'z', '\0',
+  /* "sb-group.dk", true */ 's', 'b', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'k', '\0',
+  /* "sb-tuning.ru", true */ 's', 'b', '-', 't', 'u', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "sb.im", true */ 's', 'b', '.', 'i', 'm', '\0',
+  /* "sb.sb", true */ 's', 'b', '.', 's', 'b', '\0',
+  /* "sb0.io", true */ 's', 'b', '0', '.', 'i', 'o', '\0',
+  /* "sbanken.no", true */ 's', 'b', 'a', 'n', 'k', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "sber.us", true */ 's', 'b', 'e', 'r', '.', 'u', 's', '\0',
+  /* "sberbank.ch", true */ 's', 'b', 'e', 'r', 'b', 'a', 'n', 'k', '.', 'c', 'h', '\0',
+  /* "sbf888.com", true */ 's', 'b', 'f', '8', '8', '8', '.', 'c', 'o', 'm', '\0',
+  /* "sbiewald.de", true */ 's', 'b', 'i', 'e', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "sbirecruitment.co.in", true */ 's', 'b', 'i', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "sbit.com.br", true */ 's', 'b', 'i', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sblum.de", true */ 's', 'b', 'l', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "sbo-dresden.de", true */ 's', 'b', 'o', '-', 'd', 'r', 'e', 's', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "sbr.red", true */ 's', 'b', 'r', '.', 'r', 'e', 'd', '\0',
+  /* "sbsavings.bank", true */ 's', 'b', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "sbsnursery.co.uk", true */ 's', 'b', 's', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sbssoft.ru", true */ 's', 'b', 's', 's', 'o', 'f', 't', '.', 'r', 'u', '\0',
+  /* "sbytes.info", true */ 's', 'b', 'y', 't', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "scalaire.com", true */ 's', 'c', 'a', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scalaire.fr", true */ 's', 'c', 'a', 'l', 'a', 'i', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "scalesbiolab.com", true */ 's', 'c', 'a', 'l', 'e', 's', 'b', 'i', 'o', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "scaling.solutions", true */ 's', 'c', 'a', 'l', 'i', 'n', 'g', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "scallywagsbouncycastles.co.uk", true */ 's', 'c', 'a', 'l', 'l', 'y', 'w', 'a', 'g', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scamblockplus.org", true */ 's', 'c', 'a', 'm', 'b', 'l', 'o', 'c', 'k', 'p', 'l', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "scandicom.fi", true */ 's', 'c', 'a', 'n', 'd', 'i', 'c', 'o', 'm', '.', 'f', 'i', '\0',
+  /* "scandinavia.dating", true */ 's', 'c', 'a', 'n', 'd', 'i', 'n', 'a', 'v', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "scangeo.net", true */ 's', 'c', 'a', 'n', 'g', 'e', 'o', '.', 'n', 'e', 't', '\0',
+  /* "scanleasing.net", true */ 's', 'c', 'a', 'n', 'l', 'e', 'a', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "scanpay.dk", true */ 's', 'c', 'a', 'n', 'p', 'a', 'y', '.', 'd', 'k', '\0',
+  /* "scatsbouncingcastles.ie", true */ 's', 'c', 'a', 't', 's', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "scelec.com.au", true */ 's', 'c', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "scenastu.pl", true */ 's', 'c', 'e', 'n', 'a', 's', 't', 'u', '.', 'p', 'l', '\0',
+  /* "scenester.tv", false */ 's', 'c', 'e', 'n', 'e', 's', 't', 'e', 'r', '.', 't', 'v', '\0',
+  /* "scenicbyways.info", true */ 's', 'c', 'e', 'n', 'i', 'c', 'b', 'y', 'w', 'a', 'y', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "scepticism.com", true */ 's', 'c', 'e', 'p', 't', 'i', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sceptique.eu", true */ 's', 'c', 'e', 'p', 't', 'i', 'q', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "schadevergoedingen.eu", true */ 's', 'c', 'h', 'a', 'd', 'e', 'v', 'e', 'r', 'g', 'o', 'e', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "schalkoortbv.nl", true */ 's', 'c', 'h', 'a', 'l', 'k', 'o', 'o', 'r', 't', 'b', 'v', '.', 'n', 'l', '\0',
+  /* "schallert.com", true */ 's', 'c', 'h', 'a', 'l', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schamlosharmlos.de", true */ 's', 'c', 'h', 'a', 'm', 'l', 'o', 's', 'h', 'a', 'r', 'm', 'l', 'o', 's', '.', 'd', 'e', '\0',
+  /* "schaper-sport.com", true */ 's', 'c', 'h', 'a', 'p', 'e', 'r', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schatzibaers.de", true */ 's', 'c', 'h', 'a', 't', 'z', 'i', 'b', 'a', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "schawe.me", true */ 's', 'c', 'h', 'a', 'w', 'e', '.', 'm', 'e', '\0',
+  /* "schd.io", true */ 's', 'c', 'h', 'd', '.', 'i', 'o', '\0',
+  /* "scheduleme.io", true */ 's', 'c', 'h', 'e', 'd', 'u', 'l', 'e', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "scheemadigital.com", true */ 's', 'c', 'h', 'e', 'e', 'm', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "schefczyk.com", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "schefczyk.de", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "schefczyk.eu", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'e', 'u', '\0',
+  /* "schefczyk.net", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'n', 'e', 't', '\0',
+  /* "scheidtweiler.de", true */ 's', 'c', 'h', 'e', 'i', 'd', 't', 'w', 'e', 'i', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "scheinlichter.de", true */ 's', 'c', 'h', 'e', 'i', 'n', 'l', 'i', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "schelberts.de", true */ 's', 'c', 'h', 'e', 'l', 'b', 'e', 'r', 't', 's', '.', 'd', 'e', '\0',
+  /* "schellevis.net", true */ 's', 'c', 'h', 'e', 'l', 'l', 'e', 'v', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "schenkes.de", true */ 's', 'c', 'h', 'e', 'n', 'k', 'e', 's', '.', 'd', 'e', '\0',
+  /* "scherfke.de", true */ 's', 'c', 'h', 'e', 'r', 'f', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "scheuchenstuel.at", true */ 's', 'c', 'h', 'e', 'u', 'c', 'h', 'e', 'n', 's', 't', 'u', 'e', 'l', '.', 'a', 't', '\0',
+  /* "schier.info", true */ 's', 'c', 'h', 'i', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "schildbach.de", true */ 's', 'c', 'h', 'i', 'l', 'd', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "schippendale.de", true */ 's', 'c', 'h', 'i', 'p', 'p', 'e', 'n', 'd', 'a', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "schippers-it.nl", true */ 's', 'c', 'h', 'i', 'p', 'p', 'e', 'r', 's', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "schizoids.net", true */ 's', 'c', 'h', 'i', 'z', 'o', 'i', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "schlabbi.com", false */ 's', 'c', 'h', 'l', 'a', 'b', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "schlachter.ca", true */ 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "schlafguru.com", true */ 's', 'c', 'h', 'l', 'a', 'f', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "schlagenhauf.info", true */ 's', 'c', 'h', 'l', 'a', 'g', 'e', 'n', 'h', 'a', 'u', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "schlagma.de", true */ 's', 'c', 'h', 'l', 'a', 'g', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "schlarp.com", true */ 's', 'c', 'h', 'l', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "schlechtewitze.com", true */ 's', 'c', 'h', 'l', 'e', 'c', 'h', 't', 'e', 'w', 'i', 't', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "schlossereieder.at", true */ 's', 'c', 'h', 'l', 'o', 's', 's', 'e', 'r', 'e', 'i', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "schlueter-software.de", true */ 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "schmaeh-coaching.ch", true */ 's', 'c', 'h', 'm', 'a', 'e', 'h', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "schmelzle.io", true */ 's', 'c', 'h', 'm', 'e', 'l', 'z', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "schmetterlingsapp.at", true */ 's', 'c', 'h', 'm', 'e', 't', 't', 'e', 'r', 'l', 'i', 'n', 'g', 's', 'a', 'p', 'p', '.', 'a', 't', '\0',
+  /* "schmidthomes.com", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "schmidtplasticsurgery.com", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "schmidttulskie.de", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 't', 'u', 'l', 's', 'k', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "schmitt-max.com", true */ 's', 'c', 'h', 'm', 'i', 't', 't', '-', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "schmitz.link", true */ 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "schnegg.name", true */ 's', 'c', 'h', 'n', 'e', 'g', 'g', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "schneids.me", true */ 's', 'c', 'h', 'n', 'e', 'i', 'd', 's', '.', 'm', 'e', '\0',
+  /* "schnellno.de", true */ 's', 'c', 'h', 'n', 'e', 'l', 'l', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "schnellsuche.de", true */ 's', 'c', 'h', 'n', 'e', 'l', 'l', 's', 'u', 'c', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "schnouki.net", true */ 's', 'c', 'h', 'n', 'o', 'u', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "schnyder-werbung.ch", true */ 's', 'c', 'h', 'n', 'y', 'd', 'e', 'r', '-', 'w', 'e', 'r', 'b', 'u', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "schoeck-elektro.de", true */ 's', 'c', 'h', 'o', 'e', 'c', 'k', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "schoepski.de", true */ 's', 'c', 'h', 'o', 'e', 'p', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "schoknecht.net", true */ 's', 'c', 'h', 'o', 'k', 'n', 'e', 'c', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "schoknecht.one", true */ 's', 'c', 'h', 'o', 'k', 'n', 'e', 'c', 'h', 't', '.', 'o', 'n', 'e', '\0',
+  /* "schokokeks.org", true */ 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "scholarly.com.ph", true */ 's', 'c', 'h', 'o', 'l', 'a', 'r', 'l', 'y', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "scholarly.ph", true */ 's', 'c', 'h', 'o', 'l', 'a', 'r', 'l', 'y', '.', 'p', 'h', '\0',
+  /* "scholierenvervoerzeeland.nl", true */ 's', 'c', 'h', 'o', 'l', 'i', 'e', 'r', 'e', 'n', 'v', 'e', 'r', 'v', 'o', 'e', 'r', 'z', 'e', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "schont.org", true */ 's', 'c', 'h', 'o', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "school.in.th", true */ 's', 'c', 'h', 'o', 'o', 'l', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "schooli.io", true */ 's', 'c', 'h', 'o', 'o', 'l', 'i', '.', 'i', 'o', '\0',
+  /* "schoolotzyv.ru", true */ 's', 'c', 'h', 'o', 'o', 'l', 'o', 't', 'z', 'y', 'v', '.', 'r', 'u', '\0',
+  /* "schoolze.com", true */ 's', 'c', 'h', 'o', 'o', 'l', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "schopenhauer-institut.de", true */ 's', 'c', 'h', 'o', 'p', 'e', 'n', 'h', 'a', 'u', 'e', 'r', '-', 'i', 'n', 's', 't', 'i', 't', 'u', 't', '.', 'd', 'e', '\0',
+  /* "schorel.ovh", true */ 's', 'c', 'h', 'o', 'r', 'e', 'l', '.', 'o', 'v', 'h', '\0',
+  /* "schorelweb.nl", true */ 's', 'c', 'h', 'o', 'r', 'e', 'l', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "schraebanowicz.net", true */ 's', 'c', 'h', 'r', 'a', 'e', 'b', 'a', 'n', 'o', 'w', 'i', 'c', 'z', '.', 'n', 'e', 't', '\0',
+  /* "schrauger.com", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "schrauger.info", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "schrauger.net", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "schrauger.org", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "schrauger.run", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'r', 'u', 'n', '\0',
+  /* "schraugerrun.com", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', 'r', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "schreibers.ca", true */ 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', 's', '.', 'c', 'a', '\0',
+  /* "schreibnacht.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'b', 'n', 'a', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "schreinerei-jahreis.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'n', 'e', 'r', 'e', 'i', '-', 'j', 'a', 'h', 'r', 'e', 'i', 's', '.', 'd', 'e', '\0',
+  /* "schreinerei-wortmann.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'n', 'e', 'r', 'e', 'i', '-', 'w', 'o', 'r', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "schrenkinzl.at", true */ 's', 'c', 'h', 'r', 'e', 'n', 'k', 'i', 'n', 'z', 'l', '.', 'a', 't', '\0',
+  /* "schritt4fit.de", true */ 's', 'c', 'h', 'r', 'i', 't', 't', '4', 'f', 'i', 't', '.', 'd', 'e', '\0',
+  /* "schrodingersscat.com", true */ 's', 'c', 'h', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', 's', 's', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schrodingersscat.org", true */ 's', 'c', 'h', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', 's', 's', 'c', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "schroeder-immobilien-sundern.de", true */ 's', 'c', 'h', 'r', 'o', 'e', 'd', 'e', 'r', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "schroepfi.de", true */ 's', 'c', 'h', 'r', 'o', 'e', 'p', 'f', 'i', '.', 'd', 'e', '\0',
+  /* "schrolm.de", true */ 's', 'c', 'h', 'r', 'o', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "schsrch.org", true */ 's', 'c', 'h', 's', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "schsrch.xyz", true */ 's', 'c', 'h', 's', 'r', 'c', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "schtiehve.duckdns.org", true */ 's', 'c', 'h', 't', 'i', 'e', 'h', 'v', 'e', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "schubergphilis.com", true */ 's', 'c', 'h', 'u', 'b', 'e', 'r', 'g', 'p', 'h', 'i', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "schubertgmbh-ingelheim.de", true */ 's', 'c', 'h', 'u', 'b', 'e', 'r', 't', 'g', 'm', 'b', 'h', '-', 'i', 'n', 'g', 'e', 'l', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "schuhbeck.tk", true */ 's', 'c', 'h', 'u', 'h', 'b', 'e', 'c', 'k', '.', 't', 'k', '\0',
+  /* "schuhwerkstatt.at", true */ 's', 'c', 'h', 'u', 'h', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'a', 't', '\0',
+  /* "schul-bar.de", true */ 's', 'c', 'h', 'u', 'l', '-', 'b', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "schulderinsky.de", true */ 's', 'c', 'h', 'u', 'l', 'd', 'e', 'r', 'i', 'n', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "schuler.st", true */ 's', 'c', 'h', 'u', 'l', 'e', 'r', '.', 's', 't', '\0',
+  /* "schulfotograf-deinfoto.ch", true */ 's', 'c', 'h', 'u', 'l', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "schull.ch", true */ 's', 'c', 'h', 'u', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "schum.world", true */ 's', 'c', 'h', 'u', 'm', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "schumanandmonnet.eu", true */ 's', 'c', 'h', 'u', 'm', 'a', 'n', 'a', 'n', 'd', 'm', 'o', 'n', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "schummar.de", true */ 's', 'c', 'h', 'u', 'm', 'm', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "schunako.ch", true */ 's', 'c', 'h', 'u', 'n', 'a', 'k', 'o', '.', 'c', 'h', '\0',
+  /* "schurkenstaat.net", true */ 's', 'c', 'h', 'u', 'r', 'k', 'e', 'n', 's', 't', 'a', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "schutznetze24.de", true */ 's', 'c', 'h', 'u', 't', 'z', 'n', 'e', 't', 'z', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "schutzwerk.com", true */ 's', 'c', 'h', 'u', 't', 'z', 'w', 'e', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "schwabenhaus-ka.de", true */ 's', 'c', 'h', 'w', 'a', 'b', 'e', 'n', 'h', 'a', 'u', 's', '-', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "schwanke.in", true */ 's', 'c', 'h', 'w', 'a', 'n', 'k', 'e', '.', 'i', 'n', '\0',
+  /* "schwarzegar.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'g', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "schwarzer.it", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'r', '.', 'i', 't', '\0',
+  /* "schwarzes-muenchen.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 's', '-', 'm', 'u', 'e', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "schwarzhenri.ch", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'h', 'e', 'n', 'r', 'i', '.', 'c', 'h', '\0',
+  /* "schwarztrade.cz", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 't', 'r', 'a', 'd', 'e', '.', 'c', 'z', '\0',
+  /* "schwarzwald-flirt.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'w', 'a', 'l', 'd', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "schwarzwaldcon.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'w', 'a', 'l', 'd', 'c', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "schwedenhaus.ag", true */ 's', 'c', 'h', 'w', 'e', 'd', 'e', 'n', 'h', 'a', 'u', 's', '.', 'a', 'g', '\0',
+  /* "schwinabart.com", true */ 's', 'c', 'h', 'w', 'i', 'n', 'a', 'b', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schwinger.me", true */ 's', 'c', 'h', 'w', 'i', 'n', 'g', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "schwinnbike.ru", true */ 's', 'c', 'h', 'w', 'i', 'n', 'n', 'b', 'i', 'k', 'e', '.', 'r', 'u', '\0',
+  /* "schwuppengrillen.de", true */ 's', 'c', 'h', 'w', 'u', 'p', 'p', 'e', 'n', 'g', 'r', 'i', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "sci-internet.tk", true */ 's', 'c', 'i', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 't', 'k', '\0',
+  /* "science-network.ch", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'h', '\0',
+  /* "science-questions.org", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "science-texts.de", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 't', 'e', 'x', 't', 's', '.', 'd', 'e', '\0',
+  /* "science360.gov", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '3', '6', '0', '.', 'g', 'o', 'v', '\0',
+  /* "scienceminnesota.com", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sciencesolutions.eu", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'e', 'u', '\0',
+  /* "sciencex.com", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "scifi.fyi", true */ 's', 'c', 'i', 'f', 'i', '.', 'f', 'y', 'i', '\0',
+  /* "scimage.com", true */ 's', 'c', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scintilla.nl", true */ 's', 'c', 'i', 'n', 't', 'i', 'l', 'l', 'a', '.', 'n', 'l', '\0',
+  /* "scintillating.stream", true */ 's', 'c', 'i', 'n', 't', 'i', 'l', 'l', 'a', 't', 'i', 'n', 'g', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "scionasset.com", true */ 's', 'c', 'i', 'o', 'n', 'a', 's', 's', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scis.com.ua", true */ 's', 'c', 'i', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "scistarter.com", true */ 's', 'c', 'i', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "scitopia.me", true */ 's', 'c', 'i', 't', 'o', 'p', 'i', 'a', '.', 'm', 'e', '\0',
+  /* "sckc.stream", true */ 's', 'c', 'k', 'c', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "scm-2017.org", true */ 's', 'c', 'm', '-', '2', '0', '1', '7', '.', 'o', 'r', 'g', '\0',
+  /* "scoolcode.com", true */ 's', 'c', 'o', 'o', 'l', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scooterservis.com", true */ 's', 'c', 'o', 'o', 't', 'e', 'r', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "scootfleet.com", true */ 's', 'c', 'o', 'o', 't', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scopea.fr", true */ 's', 'c', 'o', 'p', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "scorobudem.ru", true */ 's', 'c', 'o', 'r', 'o', 'b', 'u', 'd', 'e', 'm', '.', 'r', 'u', '\0',
+  /* "scorocode.ru", true */ 's', 'c', 'o', 'r', 'o', 'c', 'o', 'd', 'e', '.', 'r', 'u', '\0',
+  /* "scorp13.com", true */ 's', 'c', 'o', 'r', 'p', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "scottgruber.me", true */ 's', 'c', 'o', 't', 't', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "scottgthomas.com", true */ 's', 'c', 'o', 't', 't', 'g', 't', 'h', 'o', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "scotthel.me", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "scotthelme.co.uk", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scotthelme.com", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scottstorey.co.uk", true */ 's', 'c', 'o', 't', 't', 's', 't', 'o', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scottynordstrom.org", false */ 's', 'c', 'o', 't', 't', 'y', 'n', 'o', 'r', 'd', 's', 't', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "scoutdb.ch", true */ 's', 'c', 'o', 'u', 't', 'd', 'b', '.', 'c', 'h', '\0',
+  /* "scoutingridderkerk.nl", true */ 's', 'c', 'o', 'u', 't', 'i', 'n', 'g', 'r', 'i', 'd', 'd', 'e', 'r', 'k', 'e', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "scoutnet.de", true */ 's', 'c', 'o', 'u', 't', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "scp-trens.notaires.fr", true */ 's', 'c', 'p', '-', 't', 'r', 'e', 'n', 's', '.', 'n', 'o', 't', 'a', 'i', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "scp500.com", true */ 's', 'c', 'p', '5', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "scpartyentertainment.co.uk", true */ 's', 'c', 'p', 'a', 'r', 't', 'y', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scrambox.com", true */ 's', 'c', 'r', 'a', 'm', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "scramget.com", true */ 's', 'c', 'r', 'a', 'm', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scramsoft.com", true */ 's', 'c', 'r', 'a', 'm', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scrap.tf", true */ 's', 'c', 'r', 'a', 'p', '.', 't', 'f', '\0',
+  /* "scrayos.net", true */ 's', 'c', 'r', 'a', 'y', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "scredible.com", true */ 's', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "screen64.tk", true */ 's', 'c', 'r', 'e', 'e', 'n', '6', '4', '.', 't', 'k', '\0',
+  /* "screenlight.tv", true */ 's', 'c', 'r', 'e', 'e', 'n', 'l', 'i', 'g', 'h', 't', '.', 't', 'v', '\0',
+  /* "screenparadigm.com", true */ 's', 'c', 'r', 'e', 'e', 'n', 'p', 'a', 'r', 'a', 'd', 'i', 'g', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "scripo-bay.com", true */ 's', 'c', 'r', 'i', 'p', 'o', '-', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "script.google.com", true */ 's', 'c', 'r', 'i', 'p', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scriptgates.ru", true */ 's', 'c', 'r', 'i', 'p', 't', 'g', 'a', 't', 'e', 's', '.', 'r', 'u', '\0',
+  /* "scriptum.gr", true */ 's', 'c', 'r', 'i', 'p', 't', 'u', 'm', '.', 'g', 'r', '\0',
+  /* "scrisulfacebine.ro", true */ 's', 'c', 'r', 'i', 's', 'u', 'l', 'f', 'a', 'c', 'e', 'b', 'i', 'n', 'e', '.', 'r', 'o', '\0',
+  /* "scruffymen.com", true */ 's', 'c', 'r', 'u', 'f', 'f', 'y', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "scrumbleship.com", true */ 's', 'c', 'r', 'u', 'm', 'b', 'l', 'e', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "scrumstack.co.uk", true */ 's', 'c', 'r', 'u', 'm', 's', 't', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scryfall.com", true */ 's', 'c', 'r', 'y', 'f', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "scs-simulatoren.de", true */ 's', 'c', 's', '-', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "scswam.com", true */ 's', 'c', 's', 'w', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sctrainingllc.com", true */ 's', 'c', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 'l', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "scubadiving-phuket.com", true */ 's', 'c', 'u', 'b', 'a', 'd', 'i', 'v', 'i', 'n', 'g', '-', 'p', 'h', 'u', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sculpture.support", true */ 's', 'c', 'u', 'l', 'p', 't', 'u', 'r', 'e', '.', 's', 'u', 'p', 'p', 'o', 'r', 't', '\0',
+  /* "scuolaguidalame.ch", true */ 's', 'c', 'u', 'o', 'l', 'a', 'g', 'u', 'i', 'd', 'a', 'l', 'a', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "scw.com", true */ 's', 'c', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "scw.nz", true */ 's', 'c', 'w', '.', 'n', 'z', '\0',
+  /* "scwilliams.co.uk", true */ 's', 'c', 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scwilliams.uk", true */ 's', 'c', 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', '.', 'u', 'k', '\0',
+  /* "sd.af", true */ 's', 'd', '.', 'a', 'f', '\0',
+  /* "sdcardrecovery.de", true */ 's', 'd', 'c', 'a', 'r', 'd', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "sdho.org", true */ 's', 'd', 'h', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "sdns.fr", true */ 's', 'd', 'n', 's', '.', 'f', 'r', '\0',
+  /* "sdsi.us", true */ 's', 'd', 's', 'i', '.', 'u', 's', '\0',
+  /* "sdsmanagement.me", true */ 's', 'd', 's', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'm', 'e', '\0',
+  /* "sdsmt.engineering", true */ 's', 'd', 's', 'm', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "sdvigpress.org", true */ 's', 'd', 'v', 'i', 'g', 'p', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sdvx.net", true */ 's', 'd', 'v', 'x', '.', 'n', 'e', 't', '\0',
+  /* "se.search.yahoo.com", false */ 's', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sea-godzilla.com", true */ 's', 'e', 'a', '-', 'g', 'o', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "seacam-store.com", true */ 's', 'e', 'a', 'c', 'a', 'm', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seafood.co.nz", true */ 's', 'e', 'a', 'f', 'o', 'o', 'd', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "seaholmwines.com", true */ 's', 'e', 'a', 'h', 'o', 'l', 'm', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sealbaker.com", true */ 's', 'e', 'a', 'l', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sealtitebasement.com", true */ 's', 'e', 'a', 'l', 't', 'i', 't', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "seamless.no", true */ 's', 'e', 'a', 'm', 'l', 'e', 's', 's', '.', 'n', 'o', '\0',
+  /* "seanholcroft.co.uk", true */ 's', 'e', 'a', 'n', 'h', 'o', 'l', 'c', 'r', 'o', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "seankilgarriff.com", true */ 's', 'e', 'a', 'n', 'k', 'i', 'l', 'g', 'a', 'r', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "seanstrout.com", true */ 's', 'e', 'a', 'n', 's', 't', 'r', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "seansyardservice.com", true */ 's', 'e', 'a', 'n', 's', 'y', 'a', 'r', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seaplayhomes.com", true */ 's', 'e', 'a', 'p', 'l', 'a', 'y', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "search-job-in.com", true */ 's', 'e', 'a', 'r', 'c', 'h', '-', 'j', 'o', 'b', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "search-one.de", true */ 's', 'e', 'a', 'r', 'c', 'h', '-', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "search.gov", true */ 's', 'e', 'a', 'r', 'c', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "search.yahoo.com", false */ 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "searchbrothers.at", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'a', 't', '\0',
+  /* "searchbrothers.ch", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "searchbrothers.co.il", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "searchbrothers.com", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "searchbrothers.de", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "searchbrothers.dk", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'd', 'k', '\0',
+  /* "searchbrothers.es", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "searchbrothers.fr", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "searchbrothers.it", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'i', 't', '\0',
+  /* "searchbrothers.nl", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "searchbrothers.ru", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'r', 'u', '\0',
+  /* "searchbrothers.uk", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'u', 'k', '\0',
+  /* "searchdatalogy.com", true */ 's', 'e', 'a', 'r', 'c', 'h', 'd', 'a', 't', 'a', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "searchgov.gov.il", true */ 's', 'e', 'a', 'r', 'c', 'h', 'g', 'o', 'v', '.', 'g', 'o', 'v', '.', 'i', 'l', '\0',
+  /* "seareytraining.com", true */ 's', 'e', 'a', 'r', 'e', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "seasons.nu", false */ 's', 'e', 'a', 's', 'o', 'n', 's', '.', 'n', 'u', '\0',
+  /* "seatbeltpledge.com", true */ 's', 'e', 'a', 't', 'b', 'e', 'l', 't', 'p', 'l', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seattle-life.net", true */ 's', 'e', 'a', 't', 't', 'l', 'e', '-', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "seattlefabrication.com", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'f', 'a', 'b', 'r', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "seattlemesh.net", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'm', 'e', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "seattleprivacy.org", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "seattlewalkinbathtubs.com", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'w', 'a', 'l', 'k', 'i', 'n', 'b', 'a', 't', 'h', 't', 'u', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "seb-mgl.de", true */ 's', 'e', 'b', '-', 'm', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "sebascelis.com", true */ 's', 'e', 'b', 'a', 's', 'c', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sebastiaandouma.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'a', 'n', 'd', 'o', 'u', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sebastian-janich.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'j', 'a', 'n', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "sebastian-kraus.me", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'k', 'r', 'a', 'u', 's', '.', 'm', 'e', '\0',
+  /* "sebastian-lutsch.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'l', 'u', 't', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "sebastian-schmidt.me", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'm', 'e', '\0',
+  /* "sebastian.expert", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0',
+  /* "sebastianblade.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', 'b', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sebastianboegl.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', 'b', 'o', 'e', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "sebastiaperis.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'p', 'e', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sebi.cf", true */ 's', 'e', 'b', 'i', '.', 'c', 'f', '\0',
+  /* "sebi.org", true */ 's', 'e', 'b', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "sec-mails.de", true */ 's', 'e', 'c', '-', 'm', 'a', 'i', 'l', 's', '.', 'd', 'e', '\0',
+  /* "sec-research.com", true */ 's', 'e', 'c', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sec-wiki.com", true */ 's', 'e', 'c', '-', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sec.ec", true */ 's', 'e', 'c', '.', 'e', 'c', '\0',
+  /* "sec.gd", true */ 's', 'e', 'c', '.', 'g', 'd', '\0',
+  /* "sec3ure.co.uk", true */ 's', 'e', 'c', '3', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "secanje.nl", true */ 's', 'e', 'c', 'a', 'n', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "secboom.com", true */ 's', 'e', 'c', 'b', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "seccom.ch", true */ 's', 'e', 'c', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "seccomp.ru", true */ 's', 'e', 'c', 'c', 'o', 'm', 'p', '.', 'r', 'u', '\0',
+  /* "secctexasgiving.org", false */ 's', 'e', 'c', 'c', 't', 'e', 'x', 'a', 's', 'g', 'i', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "secgui.de", true */ 's', 'e', 'c', 'g', 'u', 'i', '.', 'd', 'e', '\0',
+  /* "sech.me", true */ 's', 'e', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "secitem.at", true */ 's', 'e', 'c', 'i', 't', 'e', 'm', '.', 'a', 't', '\0',
+  /* "secitem.eu", true */ 's', 'e', 'c', 'i', 't', 'e', 'm', '.', 'e', 'u', '\0',
+  /* "secnews.gr", true */ 's', 'e', 'c', 'n', 'e', 'w', 's', '.', 'g', 'r', '\0',
+  /* "secomo.org", true */ 's', 'e', 'c', 'o', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "seconfig.sytes.net", true */ 's', 'e', 'c', 'o', 'n', 'f', 'i', 'g', '.', 's', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "secpatrol.de", true */ 's', 'e', 'c', 'p', 'a', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "secretar.is", true */ 's', 'e', 'c', 'r', 'e', 't', 'a', 'r', '.', 'i', 's', '\0',
+  /* "secretofanah.com", true */ 's', 'e', 'c', 'r', 'e', 't', 'o', 'f', 'a', 'n', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "secretpanties.com", true */ 's', 'e', 'c', 'r', 'e', 't', 'p', 'a', 'n', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secretsanta.fr", true */ 's', 'e', 'c', 'r', 'e', 't', 's', 'a', 'n', 't', 'a', '.', 'f', 'r', '\0',
+  /* "secretserveronline.com", true */ 's', 'e', 'c', 'r', 'e', 't', 's', 'e', 'r', 'v', 'e', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "secretum.tech", true */ 's', 'e', 'c', 'r', 'e', 't', 'u', 'm', '.', 't', 'e', 'c', 'h', '\0',
+  /* "sectelligence.nl", true */ 's', 'e', 'c', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "sectio-aurea.org", true */ 's', 'e', 'c', 't', 'i', 'o', '-', 'a', 'u', 'r', 'e', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "section-31.org", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '-', '3', '1', '.', 'o', 'r', 'g', '\0',
+  /* "section.io", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "section508.gov", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '5', '0', '8', '.', 'g', 'o', 'v', '\0',
+  /* "sectionw2s.org", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', 'w', '2', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sector5.xyz", true */ 's', 'e', 'c', 't', 'o', 'r', '5', '.', 'x', 'y', 'z', '\0',
+  /* "secumail.nl", true */ 's', 'e', 'c', 'u', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "secundity.nl", true */ 's', 'e', 'c', 'u', 'n', 'd', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "securai.de", true */ 's', 'e', 'c', 'u', 'r', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "secure-graphic.de", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 'g', 'r', 'a', 'p', 'h', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "secure-gw.de", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 'g', 'w', '.', 'd', 'e', '\0',
+  /* "secure-server-hosting.com", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "secure.advancepayroll.com.au", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'p', 'a', 'y', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "secure.chat", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'h', 'a', 't', '\0',
+  /* "secure.co.hu", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', '.', 'h', 'u', '\0',
+  /* "secure.facebook.com", false */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "securedrop.org", true */ 's', 'e', 'c', 'u', 'r', 'e', 'd', 'r', 'o', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "secureesolutions.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secureheaders.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secureideas.com", false */ 's', 'e', 'c', 'u', 'r', 'e', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "securejabber.me", true */ 's', 'e', 'c', 'u', 'r', 'e', 'j', 'a', 'b', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "securelect-inspection.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'l', 'e', 'c', 't', '-', 'i', 'n', 's', 'p', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "secureonline.co", true */ 's', 'e', 'c', 'u', 'r', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "securethe.news", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'h', 'e', '.', 'n', 'e', 'w', 's', '\0',
+  /* "securetheorem.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'h', 'e', 'o', 'r', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "securetronic.ch", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'r', 'o', 'n', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "securi-tay.co.uk", true */ 's', 'e', 'c', 'u', 'r', 'i', '-', 't', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "securify.nl", true */ 's', 'e', 'c', 'u', 'r', 'i', 'f', 'y', '.', 'n', 'l', '\0',
+  /* "securiscan.io", true */ 's', 'e', 'c', 'u', 'r', 'i', 's', 'c', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "security-24-7.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '-', '2', '4', '-', '7', '.', 'c', 'o', 'm', '\0',
+  /* "security-brokers.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '-', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "security.gives", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'i', 'v', 'e', 's', '\0',
+  /* "security.google.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "security.love", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "security201.co.uk", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '2', '0', '1', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "security201.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '2', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "securitybrief.asia", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'a', 's', 'i', 'a', '\0',
+  /* "securitybrief.co.nz", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "securitybrief.com.au", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "securitybrief.eu", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'e', 'u', '\0',
+  /* "securityfest.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'f', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "securityheaders.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "securityheaders.io", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "securityinet.com", false */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'i', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "securitykey.co", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', '.', 'c', 'o', '\0',
+  /* "securitymap.wiki", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'm', 'a', 'p', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "securitypluspro.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'p', 'l', 'u', 's', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "securityprimes.in", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'p', 'r', 'i', 'm', 'e', 's', '.', 'i', 'n', '\0',
+  /* "securitysnobs.com", false */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 'n', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "securitystrata.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 't', 'r', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "securitystreak.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 't', 'r', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "securitytalk.pl", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'a', 'l', 'k', '.', 'p', 'l', '\0',
+  /* "securitywatch.co.nz", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "securitywithnick.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'i', 't', 'h', 'n', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "securitywithoutborders.org", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'i', 't', 'h', 'o', 'u', 't', 'b', 'o', 'r', 'd', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "securocloud.com", true */ 's', 'e', 'c', 'u', 'r', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "secutrans.com", true */ 's', 'e', 'c', 'u', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secuvera.de", true */ 's', 'e', 'c', 'u', 'v', 'e', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "secwall.me", true */ 's', 'e', 'c', 'w', 'a', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "secwise.nl", true */ 's', 'e', 'c', 'w', 'i', 's', 'e', '.', 'n', 'l', '\0',
+  /* "sedeusquiser.net", true */ 's', 'e', 'd', 'e', 'u', 's', 'q', 'u', 'i', 's', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "sedussa.ro", true */ 's', 'e', 'd', 'u', 's', 's', 'a', '.', 'r', 'o', '\0',
+  /* "seeclop.ch", true */ 's', 'e', 'e', 'c', 'l', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "seedalpha.com", true */ 's', 'e', 'e', 'd', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "seedbox.fr", true */ 's', 'e', 'e', 'd', 'b', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "seedsofangelica.net", true */ 's', 'e', 'e', 'd', 's', 'o', 'f', 'a', 'n', 'g', 'e', 'l', 'i', 'c', 'a', '.', 'n', 'e', 't', '\0',
+  /* "seekers.ch", true */ 's', 'e', 'e', 'k', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "seeks.ru", true */ 's', 'e', 'e', 'k', 's', '.', 'r', 'u', '\0',
+  /* "seekthe.net", true */ 's', 'e', 'e', 'k', 't', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "seemeagain.com", true */ 's', 'e', 'e', 'm', 'e', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "seemeasaperson.com", true */ 's', 'e', 'e', 'm', 'e', 'a', 's', 'a', 'p', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "seesuite.com", true */ 's', 'e', 'e', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seewhatididhere.com", true */ 's', 'e', 'e', 'w', 'h', 'a', 't', 'i', 'd', 'i', 'd', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seeworkdone.com", true */ 's', 'e', 'e', 'w', 'o', 'r', 'k', 'd', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sefru.de", true */ 's', 'e', 'f', 'r', 'u', '.', 'd', 'e', '\0',
+  /* "seg-leipzig.org", true */ 's', 'e', 'g', '-', 'l', 'e', 'i', 'p', 'z', 'i', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "segitz.de", true */ 's', 'e', 'g', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "segmetic.com", true */ 's', 'e', 'g', 'm', 'e', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "segulink.com", true */ 's', 'e', 'g', 'u', 'l', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "segurosbalboa.com.ec", false */ 's', 'e', 'g', 'u', 'r', 'o', 's', 'b', 'a', 'l', 'b', 'o', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "segurosocial.gov", true */ 's', 'e', 'g', 'u', 'r', 'o', 's', 'o', 'c', 'i', 'a', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "seguroviagem.srv.br", true */ 's', 'e', 'g', 'u', 'r', 'o', 'v', 'i', 'a', 'g', 'e', 'm', '.', 's', 'r', 'v', '.', 'b', 'r', '\0',
+  /* "sehnenweh.org", true */ 's', 'e', 'h', 'n', 'e', 'n', 'w', 'e', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "seida.at", true */ 's', 'e', 'i', 'd', 'a', '.', 'a', 't', '\0',
+  /* "seifried.org", true */ 's', 'e', 'i', 'f', 'r', 'i', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "seikatu-navi.com", true */ 's', 'e', 'i', 'k', 'a', 't', 'u', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "seinfeldquote.com", true */ 's', 'e', 'i', 'n', 'f', 'e', 'l', 'd', 'q', 'u', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seiryokuzai-ch.com", true */ 's', 'e', 'i', 'r', 'y', 'o', 'k', 'u', 'z', 'a', 'i', '-', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "seitai-taiyou.com", true */ 's', 'e', 'i', 't', 'a', 'i', '-', 't', 'a', 'i', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "seitenwaelzer.de", true */ 's', 'e', 'i', 't', 'e', 'n', 'w', 'a', 'e', 'l', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "sekisonn.com", true */ 's', 'e', 'k', 'i', 's', 'o', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "selbys.net.au", true */ 's', 'e', 'l', 'b', 'y', 's', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "selco-himejiminami.com", true */ 's', 'e', 'l', 'c', 'o', '-', 'h', 'i', 'm', 'e', 'j', 'i', 'm', 'i', 'n', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "selected-properties.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'd', '-', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selectel.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "selectel.ru", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "selectorders.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'o', 'r', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selegiline.com", true */ 's', 'e', 'l', 'e', 'g', 'i', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "selent.me", true */ 's', 'e', 'l', 'e', 'n', 't', '.', 'm', 'e', '\0',
+  /* "self-evident.org", true */ 's', 'e', 'l', 'f', '-', 'e', 'v', 'i', 'd', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "self-signed.com", true */ 's', 'e', 'l', 'f', '-', 's', 'i', 'g', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "self.nu", true */ 's', 'e', 'l', 'f', '.', 'n', 'u', '\0',
+  /* "selfassess.govt.nz", true */ 's', 'e', 'l', 'f', 'a', 's', 's', 'e', 's', 's', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "selfdestruct.net", true */ 's', 'e', 'l', 'f', 'd', 'e', 's', 't', 'r', 'u', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "selfhosters.com", true */ 's', 'e', 'l', 'f', 'h', 'o', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selfici.com", true */ 's', 'e', 'l', 'f', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "selfici.cz", true */ 's', 'e', 'l', 'f', 'i', 'c', 'i', '.', 'c', 'z', '\0',
+  /* "selfishness.com", true */ 's', 'e', 'l', 'f', 'i', 's', 'h', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selfloath.in", true */ 's', 'e', 'l', 'f', 'l', 'o', 'a', 't', 'h', '.', 'i', 'n', '\0',
+  /* "selfmade4u.de", true */ 's', 'e', 'l', 'f', 'm', 'a', 'd', 'e', '4', 'u', '.', 'd', 'e', '\0',
+  /* "selkiemckatrick.com", true */ 's', 'e', 'l', 'k', 'i', 'e', 'm', 'c', 'k', 'a', 't', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "sellajoch.com", true */ 's', 'e', 'l', 'l', 'a', 'j', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sellguard.pl", true */ 's', 'e', 'l', 'l', 'g', 'u', 'a', 'r', 'd', '.', 'p', 'l', '\0',
+  /* "sellme.biz", true */ 's', 'e', 'l', 'l', 'm', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "seltendoof.de", true */ 's', 'e', 'l', 't', 'e', 'n', 'd', 'o', 'o', 'f', '.', 'd', 'e', '\0',
+  /* "semacode.com", true */ 's', 'e', 'm', 'a', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "semaflex.it", true */ 's', 'e', 'm', 'a', 'f', 'l', 'e', 'x', '.', 'i', 't', '\0',
+  /* "semaphore-studios.com", true */ 's', 'e', 'm', 'a', 'p', 'h', 'o', 'r', 'e', '-', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sementes.gratis", true */ 's', 'e', 'm', 'e', 'n', 't', 'e', 's', '.', 'g', 'r', 'a', 't', 'i', 's', '\0',
+  /* "semianalog.com", true */ 's', 'e', 'm', 'i', 'a', 'n', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "seminariruum.ee", true */ 's', 'e', 'm', 'i', 'n', 'a', 'r', 'i', 'r', 'u', 'u', 'm', '.', 'e', 'e', '\0',
+  /* "semiocast.com", true */ 's', 'e', 'm', 'i', 'o', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "semjonov.de", true */ 's', 'e', 'm', 'j', 'o', 'n', 'o', 'v', '.', 'd', 'e', '\0',
+  /* "semmlers.com", true */ 's', 'e', 'm', 'm', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "semox.de", true */ 's', 'e', 'm', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "semps-2fa.de", true */ 's', 'e', 'm', 'p', 's', '-', '2', 'f', 'a', '.', 'd', 'e', '\0',
+  /* "semps-threema.de", true */ 's', 'e', 'm', 'p', 's', '-', 't', 'h', 'r', 'e', 'e', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "semyonov.su", true */ 's', 'e', 'm', 'y', 'o', 'n', 'o', 'v', '.', 's', 'u', '\0',
+  /* "semyonov.us", true */ 's', 'e', 'm', 'y', 'o', 'n', 'o', 'v', '.', 'u', 's', '\0',
+  /* "senarius.de", true */ 's', 'e', 'n', 'a', 'r', 'i', 'u', 's', '.', 'd', 'e', '\0',
+  /* "sendai-sisters.com", true */ 's', 'e', 'n', 'd', 'a', 'i', '-', 's', 'i', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sendc.at", true */ 's', 'e', 'n', 'd', 'c', '.', 'a', 't', '\0',
+  /* "sendcat.com", true */ 's', 'e', 'n', 'd', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sendinvoice.nl", true */ 's', 'e', 'n', 'd', 'i', 'n', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "sendonce.io", true */ 's', 'e', 'n', 'd', 'o', 'n', 'c', 'e', '.', 'i', 'o', '\0',
+  /* "sendthisfile.com", true */ 's', 'e', 'n', 'd', 't', 'h', 'i', 's', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sendway.com", true */ 's', 'e', 'n', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sendya.me", true */ 's', 'e', 'n', 'd', 'y', 'a', '.', 'm', 'e', '\0',
+  /* "sengokulife.com", true */ 's', 'e', 'n', 'g', 'o', 'k', 'u', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seniors.singles", true */ 's', 'e', 'n', 'i', 'o', 'r', 's', '.', 's', 'i', 'n', 'g', 'l', 'e', 's', '\0',
+  /* "senmendai-reform.com", true */ 's', 'e', 'n', 'm', 'e', 'n', 'd', 'a', 'i', '-', 'r', 'e', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "senmonsyoku.top", true */ 's', 'e', 'n', 'm', 'o', 'n', 's', 'y', 'o', 'k', 'u', '.', 't', 'o', 'p', '\0',
+  /* "senorcontento.com", true */ 's', 'e', 'n', 'o', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sensebridge.com", true */ 's', 'e', 'n', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sensebridge.net", true */ 's', 'e', 'n', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "sensepixel.com", true */ 's', 'e', 'n', 's', 'e', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "senshudo.tv", true */ 's', 'e', 'n', 's', 'h', 'u', 'd', 'o', '.', 't', 'v', '\0',
+  /* "sensualism.com", true */ 's', 'e', 'n', 's', 'u', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sentinel.gov", true */ 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "sentinelproject.io", true */ 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "sentry.io", true */ 's', 'e', 'n', 't', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "senzaparole.de", true */ 's', 'e', 'n', 'z', 'a', 'p', 'a', 'r', 'o', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "seo-analyse.com", true */ 's', 'e', 'o', '-', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seo-linz.at", true */ 's', 'e', 'o', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "seo-nerd.de", true */ 's', 'e', 'o', '-', 'n', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "seo-portal.de", true */ 's', 'e', 'o', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "seo.consulting", true */ 's', 'e', 'o', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "seo.london", true */ 's', 'e', 'o', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "seo.tl", true */ 's', 'e', 'o', '.', 't', 'l', '\0',
+  /* "seoagentur2go.de", true */ 's', 'e', 'o', 'a', 'g', 'e', 'n', 't', 'u', 'r', '2', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "seoarchive.org", true */ 's', 'e', 'o', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "seocomposer.com", true */ 's', 'e', 'o', 'c', 'o', 'm', 'p', 'o', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "seogeek.nl", true */ 's', 'e', 'o', 'g', 'e', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "seohochschule.de", true */ 's', 'e', 'o', 'h', 'o', 'c', 'h', 's', 'c', 'h', 'u', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "seoinc.com", true */ 's', 'e', 'o', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "seoium.com", true */ 's', 'e', 'o', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "seokay.com", true */ 's', 'e', 'o', 'k', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "seolib.org", true */ 's', 'e', 'o', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "seomen.biz", true */ 's', 'e', 'o', 'm', 'e', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "seon.me", true */ 's', 'e', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "seoprovider.nl", true */ 's', 'e', 'o', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "seoquake.com", true */ 's', 'e', 'o', 'q', 'u', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seosof.com", true */ 's', 'e', 'o', 's', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "seoul.dating", true */ 's', 'e', 'o', 'u', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "seouniversity.org", true */ 's', 'e', 'o', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "sepalandseed.com", true */ 's', 'e', 'p', 'a', 'l', 'a', 'n', 'd', 's', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sephr.com", true */ 's', 'e', 'p', 'h', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sepie.gob.es", true */ 's', 'e', 'p', 'i', 'e', '.', 'g', 'o', 'b', '.', 'e', 's', '\0',
+  /* "seppelec.com", true */ 's', 'e', 'p', 'p', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "seproco.com", true */ 's', 'e', 'p', 'r', 'o', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "septakkordeon.de", true */ 's', 'e', 'p', 't', 'a', 'k', 'k', 'o', 'r', 'd', 'e', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "septfinance.ch", true */ 's', 'e', 'p', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "septillion.cn", true */ 's', 'e', 'p', 't', 'i', 'l', 'l', 'i', 'o', 'n', '.', 'c', 'n', '\0',
+  /* "septs.pw", true */ 's', 'e', 'p', 't', 's', '.', 'p', 'w', '\0',
+  /* "sequencing.com", true */ 's', 'e', 'q', 'u', 'e', 'n', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sequiturs.com", true */ 's', 'e', 'q', 'u', 'i', 't', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sera.jp", true */ 's', 'e', 'r', 'a', '.', 'j', 'p', '\0',
+  /* "serafin.tech", true */ 's', 'e', 'r', 'a', 'f', 'i', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "seraph.tokyo", true */ 's', 'e', 'r', 'a', 'p', 'h', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "serbanpaun.ro", true */ 's', 'e', 'r', 'b', 'a', 'n', 'p', 'a', 'u', 'n', '.', 'r', 'o', '\0',
+  /* "sereema.com", true */ 's', 'e', 'r', 'e', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "serenaden.at", true */ 's', 'e', 'r', 'e', 'n', 'a', 'd', 'e', 'n', '.', 'a', 't', '\0',
+  /* "serf.io", true */ 's', 'e', 'r', 'f', '.', 'i', 'o', '\0',
+  /* "sergefonville.nl", true */ 's', 'e', 'r', 'g', 'e', 'f', 'o', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "sergeyreznikov.com", true */ 's', 'e', 'r', 'g', 'e', 'y', 'r', 'e', 'z', 'n', 'i', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "sergije-stanic.me", true */ 's', 'e', 'r', 'g', 'i', 'j', 'e', '-', 's', 't', 'a', 'n', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "sergiosantoro.it", true */ 's', 'e', 'r', 'g', 'i', 'o', 's', 'a', 'n', 't', 'o', 'r', 'o', '.', 'i', 't', '\0',
+  /* "sergos.de", true */ 's', 'e', 'r', 'g', 'o', 's', '.', 'd', 'e', '\0',
+  /* "serienstream.to", true */ 's', 'e', 'r', 'i', 'e', 'n', 's', 't', 'r', 'e', 'a', 'm', '.', 't', 'o', '\0',
+  /* "serigraphs.co.uk", true */ 's', 'e', 'r', 'i', 'g', 'r', 'a', 'p', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "seriousclimbing.com", true */ 's', 'e', 'r', 'i', 'o', 'u', 's', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sernate.com", true */ 's', 'e', 'r', 'n', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "serpenteq.com", true */ 's', 'e', 'r', 'p', 'e', 'n', 't', 'e', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "serrano-chris.ch", true */ 's', 'e', 'r', 'r', 'a', 'n', 'o', '-', 'c', 'h', 'r', 'i', 's', '.', 'c', 'h', '\0',
+  /* "servdiscount.com", true */ 's', 'e', 'r', 'v', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "serve-a.com.au", true */ 's', 'e', 'r', 'v', 'e', '-', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "servea.com.au", true */ 's', 'e', 'r', 'v', 'e', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "serveatechnologies.com", true */ 's', 'e', 'r', 'v', 'e', 'a', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "servecrypt.net", true */ 's', 'e', 'r', 'v', 'e', 'c', 'r', 'y', 'p', 't', '.', 'n', 'e', 't', '\0',
+  /* "servecrypt.ru", true */ 's', 'e', 'r', 'v', 'e', 'c', 'r', 'y', 'p', 't', '.', 'r', 'u', '\0',
+  /* "servemnaction.org", true */ 's', 'e', 'r', 'v', 'e', 'm', 'n', 'a', 'c', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "servepublic.com", true */ 's', 'e', 'r', 'v', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "servepublic.org", true */ 's', 'e', 'r', 'v', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "server-bg.net", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'b', 'g', '.', 'n', 'e', 't', '\0',
+  /* "server-daten.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "server-datenrettung.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'd', 'a', 't', 'e', 'n', 'r', 'e', 't', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "server-eye.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'e', 'y', 'e', '.', 'd', 'e', '\0',
+  /* "server.pk", true */ 's', 'e', 'r', 'v', 'e', 'r', '.', 'p', 'k', '\0',
+  /* "serveradminz.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 'a', 'd', 'm', 'i', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "serverco.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "serverd.de", true */ 's', 'e', 'r', 'v', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "serverfrog.de", true */ 's', 'e', 'r', 'v', 'e', 'r', 'f', 'r', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "serverlog.net", true */ 's', 'e', 'r', 'v', 'e', 'r', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "serveroffline.net", false */ 's', 'e', 'r', 'v', 'e', 'r', 'o', 'f', 'f', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "servers4all.co.uk", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', '4', 'a', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "serversftw.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 'f', 't', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "serverstuff.info", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 't', 'u', 'f', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "serversuit.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "servertastic.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 't', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "servethecity-karlsruhe.de", true */ 's', 'e', 'r', 'v', 'e', 't', 'h', 'e', 'c', 'i', 't', 'y', '-', 'k', 'a', 'r', 'l', 's', 'r', 'u', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "servgate.jp", true */ 's', 'e', 'r', 'v', 'g', 'a', 't', 'e', '.', 'j', 'p', '\0',
+  /* "service.gov.uk", true */ 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "serviceboss.de", true */ 's', 'e', 'r', 'v', 'i', 'c', 'e', 'b', 'o', 's', 's', '.', 'd', 'e', '\0',
+  /* "serviettenhaus.de", true */ 's', 'e', 'r', 'v', 'i', 'e', 't', 't', 'e', 'n', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "servingbaby.com", true */ 's', 'e', 'r', 'v', 'i', 'n', 'g', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "servious.org", true */ 's', 'e', 'r', 'v', 'i', 'o', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "servpanel.de", false */ 's', 'e', 'r', 'v', 'p', 'a', 'n', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "serw.org", true */ 's', 'e', 'r', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "seryox.com", true */ 's', 'e', 'r', 'y', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "sesslerimmo.ch", true */ 's', 'e', 's', 's', 'l', 'e', 'r', 'i', 'm', 'm', 'o', '.', 'c', 'h', '\0',
+  /* "setfix.de", true */ 's', 'e', 't', 'f', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "sethcaplan.com", true */ 's', 'e', 't', 'h', 'c', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sethvargo.com", true */ 's', 'e', 't', 'h', 'v', 'a', 'r', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "seti-germany.de", true */ 's', 'e', 't', 'i', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "setkit.net", true */ 's', 'e', 't', 'k', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "settberg.de", true */ 's', 'e', 't', 't', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "setterirlandes.com.br", true */ 's', 'e', 't', 't', 'e', 'r', 'i', 'r', 'l', 'a', 'n', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "settleapp.co", true */ 's', 'e', 't', 't', 'l', 'e', 'a', 'p', 'p', '.', 'c', 'o', '\0',
+  /* "setuid0.kr", true */ 's', 'e', 't', 'u', 'i', 'd', '0', '.', 'k', 'r', '\0',
+  /* "setyoursite.nl", true */ 's', 'e', 't', 'y', 'o', 'u', 'r', 's', 'i', 't', 'e', '.', 'n', 'l', '\0',
+  /* "seven-purple.com", true */ 's', 'e', 'v', 'e', 'n', '-', 'p', 'u', 'r', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sevencooks.com", true */ 's', 'e', 'v', 'e', 'n', 'c', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sevenet.pl", true */ 's', 'e', 'v', 'e', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "sevenhillsapartments.com.au", true */ 's', 'e', 'v', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sevenmatches.com", true */ 's', 'e', 'v', 'e', 'n', 'm', 'a', 't', 'c', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "severine-trousselard.com", true */ 's', 'e', 'v', 'e', 'r', 'i', 'n', 'e', '-', 't', 'r', 'o', 'u', 's', 's', 'e', 'l', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "severntrentinsuranceportal.com", true */ 's', 'e', 'v', 'e', 'r', 'n', 't', 'r', 'e', 'n', 't', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sevinci.ch", true */ 's', 'e', 'v', 'i', 'n', 'c', 'i', '.', 'c', 'h', '\0',
+  /* "sevsey.ru", true */ 's', 'e', 'v', 's', 'e', 'y', '.', 'r', 'u', '\0',
+  /* "sevsopr.ru", true */ 's', 'e', 'v', 's', 'o', 'p', 'r', '.', 'r', 'u', '\0',
+  /* "sewafineseam.com", true */ 's', 'e', 'w', 'a', 'f', 'i', 'n', 'e', 's', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sewinginsight.com", true */ 's', 'e', 'w', 'i', 'n', 'g', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sewoo.co.uk", true */ 's', 'e', 'w', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sex-education.com", true */ 's', 'e', 'x', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sexaki.com", true */ 's', 'e', 'x', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sexgarage.de", true */ 's', 'e', 'x', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "sexmobil.de", true */ 's', 'e', 'x', 'm', 'o', 'b', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "sexocomgravidas.com", true */ 's', 'e', 'x', 'o', 'c', 'o', 'm', 'g', 'r', 'a', 'v', 'i', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sexpay.net", true */ 's', 'e', 'x', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "sexservice.io", true */ 's', 'e', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'o', '\0',
+  /* "sexshopfacil.com.br", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 'f', 'a', 'c', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sexshopnet.com.br", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sexshopsgay.com", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 's', 'g', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sexwork.net", true */ 's', 'e', 'x', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "sexy-store.nl", true */ 's', 'e', 'x', 'y', '-', 's', 't', 'o', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "seyfarth.de", true */ 's', 'e', 'y', 'f', 'a', 'r', 't', 'h', '.', 'd', 'e', '\0',
+  /* "seyr.it", true */ 's', 'e', 'y', 'r', '.', 'i', 't', '\0',
+  /* "seyr.me", true */ 's', 'e', 'y', 'r', '.', 'm', 'e', '\0',
+  /* "sfaturiit.ro", true */ 's', 'f', 'a', 't', 'u', 'r', 'i', 'i', 't', '.', 'r', 'o', '\0',
+  /* "sfdev.ovh", true */ 's', 'f', 'd', 'e', 'v', '.', 'o', 'v', 'h', '\0',
+  /* "sfg-nordholz.de", true */ 's', 'f', 'g', '-', 'n', 'o', 'r', 'd', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "sfile.eu", true */ 's', 'f', 'i', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "sfirat-haomer.com", true */ 's', 'f', 'i', 'r', 'a', 't', '-', 'h', 'a', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sfleisure.com", true */ 's', 'f', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sfo-fog.ch", true */ 's', 'f', 'o', '-', 'f', 'o', 'g', '.', 'c', 'h', '\0',
+  /* "sft-framework.org", true */ 's', 'f', 't', '-', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sftool.gov", true */ 's', 'f', 't', 'o', 'o', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "sg-elektro.de", true */ 's', 'g', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "sg.search.yahoo.com", false */ 's', 'g', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sgb.co", true */ 's', 'g', 'b', '.', 'c', 'o', '\0',
+  /* "sgroup-hitoduma.com", true */ 's', 'g', 'r', 'o', 'u', 'p', '-', 'h', 'i', 't', 'o', 'd', 'u', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sgroup-rec.com", true */ 's', 'g', 'r', 'o', 'u', 'p', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "sgtcodfish.com", true */ 's', 'g', 't', 'c', 'o', 'd', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sgthotshot.com", true */ 's', 'g', 't', 'h', 'o', 't', 's', 'h', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sgtsnookums.net", true */ 's', 'g', 't', 's', 'n', 'o', 'o', 'k', 'u', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "sgtt.ch", true */ 's', 'g', 't', 't', '.', 'c', 'h', '\0',
+  /* "sh-heppelmann.de", true */ 's', 'h', '-', 'h', 'e', 'p', 'p', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "sh-network.de", false */ 's', 'h', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "sh0rt.in", true */ 's', 'h', '0', 'r', 't', '.', 'i', 'n', '\0',
+  /* "sh4y.com", true */ 's', 'h', '4', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "shaaaaaaaaaaaaa.com", true */ 's', 'h', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "shad.waw.pl", true */ 's', 'h', 'a', 'd', '.', 'w', 'a', 'w', '.', 'p', 'l', '\0',
+  /* "shadesofgrayadr.com", true */ 's', 'h', 'a', 'd', 'e', 's', 'o', 'f', 'g', 'r', 'a', 'y', 'a', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shadesofgraylaw.com", true */ 's', 'h', 'a', 'd', 'e', 's', 'o', 'f', 'g', 'r', 'a', 'y', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "shadigee.org", true */ 's', 'h', 'a', 'd', 'i', 'g', 'e', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "shadowict.net", true */ 's', 'h', 'a', 'd', 'o', 'w', 'i', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "shadowict.tech", true */ 's', 'h', 'a', 'd', 'o', 'w', 'i', 'c', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "shadowkitsune.net", true */ 's', 'h', 'a', 'd', 'o', 'w', 'k', 'i', 't', 's', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "shadowlurker.com.au", true */ 's', 'h', 'a', 'd', 'o', 'w', 'l', 'u', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "shadowsing.com", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "shadowsocks.com", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shadowsocks.com.au", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "shadowsocks.com.hk", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "shadowsocks.la", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'l', 'a', '\0',
+  /* "shadowsocks.software", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "shadowsworldonline.co.uk", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'w', 'o', 'r', 'l', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "shag-shag.ru", true */ 's', 'h', 'a', 'g', '-', 's', 'h', 'a', 'g', '.', 'r', 'u', '\0',
+  /* "shaharyaranjum.com", true */ 's', 'h', 'a', 'h', 'a', 'r', 'y', 'a', 'r', 'a', 'n', 'j', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "shaicoleman.com", true */ 's', 'h', 'a', 'i', 'c', 'o', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shaitan.eu", true */ 's', 'h', 'a', 'i', 't', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "shakan.ch", true */ 's', 'h', 'a', 'k', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "shaken-kyoto.jp", true */ 's', 'h', 'a', 'k', 'e', 'n', '-', 'k', 'y', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "shaken110.com", true */ 's', 'h', 'a', 'k', 'e', 'n', '1', '1', '0', '.', 'c', 'o', 'm', '\0',
+  /* "shakepeers.org", false */ 's', 'h', 'a', 'k', 'e', 'p', 'e', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "shakes4u.com", true */ 's', 'h', 'a', 'k', 'e', 's', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "shakespearesolutions.com.au", false */ 's', 'h', 'a', 'k', 'e', 's', 'p', 'e', 'a', 'r', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "shakespearevet.com", true */ 's', 'h', 'a', 'k', 'e', 's', 'p', 'e', 'a', 'r', 'e', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "shalott.org", true */ 's', 'h', 'a', 'l', 'o', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "shamara.info", true */ 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "shamariki.ru", true */ 's', 'h', 'a', 'm', 'a', 'r', 'i', 'k', 'i', '.', 'r', 'u', '\0',
+  /* "shamka.ru", true */ 's', 'h', 'a', 'm', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "shan.io", false */ 's', 'h', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "shanae.nl", true */ 's', 'h', 'a', 'n', 'a', 'e', '.', 'n', 'l', '\0',
+  /* "shanetully.com", true */ 's', 'h', 'a', 'n', 'e', 't', 'u', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "shanewadleigh.com", true */ 's', 'h', 'a', 'n', 'e', 'w', 'a', 'd', 'l', 'e', 'i', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "shannoneichorn.com", true */ 's', 'h', 'a', 'n', 'n', 'o', 'n', 'e', 'i', 'c', 'h', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shansing.cn", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'c', 'n', '\0',
+  /* "shansing.com", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "shansing.net", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "shansing.space", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "sharanyamunsi.net", true */ 's', 'h', 'a', 'r', 'a', 'n', 'y', 'a', 'm', 'u', 'n', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "sharedhost.de", true */ 's', 'h', 'a', 'r', 'e', 'd', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "shareeri.com", true */ 's', 'h', 'a', 'r', 'e', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sharemessage.net", true */ 's', 'h', 'a', 'r', 'e', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "shareoffice.ch", true */ 's', 'h', 'a', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "shareoine.com", true */ 's', 'h', 'a', 'r', 'e', 'o', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sharepointdrive.com", true */ 's', 'h', 'a', 'r', 'e', 'p', 'o', 'i', 'n', 't', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sharescope.co.uk", false */ 's', 'h', 'a', 'r', 'e', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "shareselecttools.com", true */ 's', 'h', 'a', 'r', 'e', 's', 'e', 'l', 'e', 'c', 't', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sharesplitter.com", true */ 's', 'h', 'a', 'r', 'e', 's', 'p', 'l', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sharevari.com", true */ 's', 'h', 'a', 'r', 'e', 'v', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shareworx.net", true */ 's', 'h', 'a', 'r', 'e', 'w', 'o', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "shariahlawcenter.com", true */ 's', 'h', 'a', 'r', 'i', 'a', 'h', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shariahlawcenter.org", true */ 's', 'h', 'a', 'r', 'i', 'a', 'h', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "sharialawcenter.com", true */ 's', 'h', 'a', 'r', 'i', 'a', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sharialawcenter.org", true */ 's', 'h', 'a', 'r', 'i', 'a', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "sharperedge.pw", true */ 's', 'h', 'a', 'r', 'p', 'e', 'r', 'e', 'd', 'g', 'e', '.', 'p', 'w', '\0',
+  /* "sharperedgecomputers.com", true */ 's', 'h', 'a', 'r', 'p', 'e', 'r', 'e', 'd', 'g', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sharu.me", true */ 's', 'h', 'a', 'r', 'u', '.', 'm', 'e', '\0',
+  /* "sharvey.ca", true */ 's', 'h', 'a', 'r', 'v', 'e', 'y', '.', 'c', 'a', '\0',
+  /* "shasso.com", true */ 's', 'h', 'a', 's', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "shatorin.com", true */ 's', 'h', 'a', 't', 'o', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shaun.net", true */ 's', 'h', 'a', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "shaundanielz.com", true */ 's', 'h', 'a', 'u', 'n', 'd', 'a', 'n', 'i', 'e', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "shaunharker.com", true */ 's', 'h', 'a', 'u', 'n', 'h', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shav.it", true */ 's', 'h', 'a', 'v', '.', 'i', 't', '\0',
+  /* "shawcentral.ca", false */ 's', 'h', 'a', 'w', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'a', '\0',
+  /* "shawnhogan.com", true */ 's', 'h', 'a', 'w', 'n', 'h', 'o', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shawnstarrcustomhomes.com", true */ 's', 'h', 'a', 'w', 'n', 's', 't', 'a', 'r', 'r', 'c', 'u', 's', 't', 'o', 'm', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shawnwilson.info", true */ 's', 'h', 'a', 'w', 'n', 'w', 'i', 'l', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "shazbots.org", true */ 's', 'h', 'a', 'z', 'b', 'o', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "shazzlemd.com", true */ 's', 'h', 'a', 'z', 'z', 'l', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shazzlepro.com", true */ 's', 'h', 'a', 'z', 'z', 'l', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sheaf.site", true */ 's', 'h', 'e', 'a', 'f', '.', 's', 'i', 't', 'e', '\0',
+  /* "shearcomfort.com", true */ 's', 'h', 'e', 'a', 'r', 'c', 'o', 'm', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sheehyinfinitioftysonsparts.com", true */ 's', 'h', 'e', 'e', 'h', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 't', 'y', 's', 'o', 'n', 's', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sheepfriends.com", true */ 's', 'h', 'e', 'e', 'p', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shehata.com", true */ 's', 'h', 'e', 'h', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sheilasdrivingschool.com", true */ 's', 'h', 'e', 'i', 'l', 'a', 's', 'd', 'r', 'i', 'v', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "shelfordsandstaplefordscouts.org.uk", true */ 's', 'h', 'e', 'l', 'f', 'o', 'r', 'd', 's', 'a', 'n', 'd', 's', 't', 'a', 'p', 'l', 'e', 'f', 'o', 'r', 'd', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "shellday.cc", true */ 's', 'h', 'e', 'l', 'l', 'd', 'a', 'y', '.', 'c', 'c', '\0',
+  /* "shelleystoybox.com", true */ 's', 'h', 'e', 'l', 'l', 'e', 'y', 's', 't', 'o', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "shellfire.de", true */ 's', 'h', 'e', 'l', 'l', 'f', 'i', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "shellj.me", true */ 's', 'h', 'e', 'l', 'l', 'j', '.', 'm', 'e', '\0',
+  /* "shellshock.eu", true */ 's', 'h', 'e', 'l', 'l', 's', 'h', 'o', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "shellvatore.us", true */ 's', 'h', 'e', 'l', 'l', 'v', 'a', 't', 'o', 'r', 'e', '.', 'u', 's', '\0',
+  /* "shemissed.me", true */ 's', 'h', 'e', 'm', 'i', 's', 's', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "shemsconseils.ma", true */ 's', 'h', 'e', 'm', 's', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'm', 'a', '\0',
+  /* "shenghaiautoparts.com", true */ 's', 'h', 'e', 'n', 'g', 'h', 'a', 'i', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shenghaiautoparts.net", true */ 's', 'h', 'e', 'n', 'g', 'h', 'a', 'i', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "shentengtu.idv.tw", true */ 's', 'h', 'e', 'n', 't', 'e', 'n', 'g', 't', 'u', '.', 'i', 'd', 'v', '.', 't', 'w', '\0',
+  /* "shenyuqi.com", false */ 's', 'h', 'e', 'n', 'y', 'u', 'q', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sherbers.de", true */ 's', 'h', 'e', 'r', 'b', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "shethbox.com", true */ 's', 'h', 'e', 't', 'h', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "shevronpatriot.ru", true */ 's', 'h', 'e', 'v', 'r', 'o', 'n', 'p', 'a', 't', 'r', 'i', 'o', 't', '.', 'r', 'u', '\0',
+  /* "shft.cl", true */ 's', 'h', 'f', 't', '.', 'c', 'l', '\0',
+  /* "shgt.jp", true */ 's', 'h', 'g', 't', '.', 'j', 'p', '\0',
+  /* "shh-listen.com", true */ 's', 'h', 'h', '-', 'l', 'i', 's', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shh.sh", true */ 's', 'h', 'h', '.', 's', 'h', '\0',
+  /* "shiawasedo.co.jp", true */ 's', 'h', 'i', 'a', 'w', 'a', 's', 'e', 'd', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "shibainu.com.br", true */ 's', 'h', 'i', 'b', 'a', 'i', 'n', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "shichibukai.net", true */ 's', 'h', 'i', 'c', 'h', 'i', 'b', 'u', 'k', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "shieldcomputer.com", true */ 's', 'h', 'i', 'e', 'l', 'd', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shieldofachilles.in", true */ 's', 'h', 'i', 'e', 'l', 'd', 'o', 'f', 'a', 'c', 'h', 'i', 'l', 'l', 'e', 's', '.', 'i', 'n', '\0',
+  /* "shift-record.com", true */ 's', 'h', 'i', 'f', 't', '-', 'r', 'e', 'c', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shift-to.co.jp", true */ 's', 'h', 'i', 'f', 't', '-', 't', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "shiftdevices.com", true */ 's', 'h', 'i', 'f', 't', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shiftj.is", true */ 's', 'h', 'i', 'f', 't', 'j', '.', 'i', 's', '\0',
+  /* "shiftleft.org", true */ 's', 'h', 'i', 'f', 't', 'l', 'e', 'f', 't', '.', 'o', 'r', 'g', '\0',
+  /* "shijing.me", true */ 's', 'h', 'i', 'j', 'i', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "shikimori.one", true */ 's', 'h', 'i', 'k', 'i', 'm', 'o', 'r', 'i', '.', 'o', 'n', 'e', '\0',
+  /* "shikimori.org", true */ 's', 'h', 'i', 'k', 'i', 'm', 'o', 'r', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "shikinobi.com", true */ 's', 'h', 'i', 'k', 'i', 'n', 'o', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shimi.net", true */ 's', 'h', 'i', 'm', 'i', '.', 'n', 'e', 't', '\0',
+  /* "shimo.im", true */ 's', 'h', 'i', 'm', 'o', '.', 'i', 'm', '\0',
+  /* "shin-inc.jp", true */ 's', 'h', 'i', 'n', '-', 'i', 'n', 'c', '.', 'j', 'p', '\0',
+  /* "shinghoi.com", true */ 's', 'h', 'i', 'n', 'g', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shining.gifts", true */ 's', 'h', 'i', 'n', 'i', 'n', 'g', '.', 'g', 'i', 'f', 't', 's', '\0',
+  /* "shinko-osaka.jp", true */ 's', 'h', 'i', 'n', 'k', 'o', '-', 'o', 's', 'a', 'k', 'a', '.', 'j', 'p', '\0',
+  /* "shinnyosangha.org", false */ 's', 'h', 'i', 'n', 'n', 'y', 'o', 's', 'a', 'n', 'g', 'h', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "shinobi-fansub.ro", true */ 's', 'h', 'i', 'n', 'o', 'b', 'i', '-', 'f', 'a', 'n', 's', 'u', 'b', '.', 'r', 'o', '\0',
+  /* "shinonome-lab.eu.org", true */ 's', 'h', 'i', 'n', 'o', 'n', 'o', 'm', 'e', '-', 'l', 'a', 'b', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "shintoism.com", true */ 's', 'h', 'i', 'n', 't', 'o', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "shinyuu.net", true */ 's', 'h', 'i', 'n', 'y', 'u', 'u', '.', 'n', 'e', 't', '\0',
+  /* "shipard.com", true */ 's', 'h', 'i', 'p', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shipard.cz", true */ 's', 'h', 'i', 'p', 'a', 'r', 'd', '.', 'c', 'z', '\0',
+  /* "shipcloud.io", true */ 's', 'h', 'i', 'p', 'c', 'l', 'o', 'u', 'd', '.', 'i', 'o', '\0',
+  /* "shiroki-k.net", true */ 's', 'h', 'i', 'r', 'o', 'k', 'i', '-', 'k', '.', 'n', 'e', 't', '\0',
+  /* "shirt2go.shop", true */ 's', 'h', 'i', 'r', 't', '2', 'g', 'o', '.', 's', 'h', 'o', 'p', '\0',
+  /* "shirtsofholland.com", true */ 's', 'h', 'i', 'r', 't', 's', 'o', 'f', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shiseki.top", true */ 's', 'h', 'i', 's', 'e', 'k', 'i', '.', 't', 'o', 'p', '\0',
+  /* "shishamania.de", true */ 's', 'h', 'i', 's', 'h', 'a', 'm', 'a', 'n', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "shishkin.link", true */ 's', 'h', 'i', 's', 'h', 'k', 'i', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "shishkin.us", true */ 's', 'h', 'i', 's', 'h', 'k', 'i', 'n', '.', 'u', 's', '\0',
+  /* "shishlik.net", true */ 's', 'h', 'i', 's', 'h', 'l', 'i', 'k', '.', 'n', 'e', 't', '\0',
+  /* "shitagi-shop.com", true */ 's', 'h', 'i', 't', 'a', 'g', 'i', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "shitbeast.institute", true */ 's', 'h', 'i', 't', 'b', 'e', 'a', 's', 't', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0',
+  /* "shitmybradsays.com", true */ 's', 'h', 'i', 't', 'm', 'y', 'b', 'r', 'a', 'd', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shitposts.se", true */ 's', 'h', 'i', 't', 'p', 'o', 's', 't', 's', '.', 's', 'e', '\0',
+  /* "shitproductions.org", true */ 's', 'h', 'i', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "shitsta.in", true */ 's', 'h', 'i', 't', 's', 't', 'a', '.', 'i', 'n', '\0',
+  /* "shk.im", true */ 's', 'h', 'k', '.', 'i', 'm', '\0',
+  /* "shlemenkov.by", true */ 's', 'h', 'l', 'e', 'm', 'e', 'n', 'k', 'o', 'v', '.', 'b', 'y', '\0',
+  /* "shobhanayogsadan.com", true */ 's', 'h', 'o', 'b', 'h', 'a', 'n', 'a', 'y', 'o', 'g', 's', 'a', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shock.ee", true */ 's', 'h', 'o', 'c', 'k', '.', 'e', 'e', '\0',
+  /* "shockercityservices.com", true */ 's', 'h', 'o', 'c', 'k', 'e', 'r', 'c', 'i', 't', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shodan.io", true */ 's', 'h', 'o', 'd', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "shoemuse.com", true */ 's', 'h', 'o', 'e', 'm', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "shoestringeventing.co.uk", true */ 's', 'h', 'o', 'e', 's', 't', 'r', 'i', 'n', 'g', 'e', 'v', 'e', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "shokola.com", true */ 's', 'h', 'o', 'k', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "shome.de", true */ 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "shooter.dog", true */ 's', 'h', 'o', 'o', 't', 'e', 'r', '.', 'd', 'o', 'g', '\0',
+  /* "shootpooloklahoma.com", true */ 's', 'h', 'o', 'o', 't', 'p', 'o', 'o', 'l', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "shop-s.net", true */ 's', 'h', 'o', 'p', '-', 's', '.', 'n', 'e', 't', '\0',
+  /* "shopapi.cz", true */ 's', 'h', 'o', 'p', 'a', 'p', 'i', '.', 'c', 'z', '\0',
+  /* "shopatkei.com", true */ 's', 'h', 'o', 'p', 'a', 't', 'k', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shopbakersnook.com", true */ 's', 'h', 'o', 'p', 'b', 'a', 'k', 'e', 'r', 's', 'n', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "shopcoupon.co.za", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "shopcoupons.co.id", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "shopcoupons.my", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'm', 'y', '\0',
+  /* "shopcoupons.ph", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'p', 'h', '\0',
+  /* "shopcoupons.sg", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 's', 'g', '\0',
+  /* "shopdopastor.com.br", true */ 's', 'h', 'o', 'p', 'd', 'o', 'p', 'a', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "shopifycloud.com", true */ 's', 'h', 'o', 'p', 'i', 'f', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shopkini.com", true */ 's', 'h', 'o', 'p', 'k', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shoplandia.co", true */ 's', 'h', 'o', 'p', 'l', 'a', 'n', 'd', 'i', 'a', '.', 'c', 'o', '\0',
+  /* "shoppia.se", true */ 's', 'h', 'o', 'p', 'p', 'i', 'a', '.', 's', 'e', '\0',
+  /* "shopping24.de", true */ 's', 'h', 'o', 'p', 'p', 'i', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "shoppr.dk", true */ 's', 'h', 'o', 'p', 'p', 'r', '.', 'd', 'k', '\0',
+  /* "shoprsc.com", true */ 's', 'h', 'o', 'p', 'r', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "shopsouthafrican.com", true */ 's', 'h', 'o', 'p', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shoptec.sk", true */ 's', 'h', 'o', 'p', 't', 'e', 'c', '.', 's', 'k', '\0',
+  /* "shorebreaksecurity.com", true */ 's', 'h', 'o', 'r', 'e', 'b', 'r', 'e', 'a', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "shortdiary.me", true */ 's', 'h', 'o', 'r', 't', 'd', 'i', 'a', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "shortpath.com", true */ 's', 'h', 'o', 'r', 't', 'p', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "shoshin-aikido.de", true */ 's', 'h', 'o', 's', 'h', 'i', 'n', '-', 'a', 'i', 'k', 'i', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "shota.vip", true */ 's', 'h', 'o', 't', 'a', '.', 'v', 'i', 'p', '\0',
+  /* "shotbow.net", true */ 's', 'h', 'o', 't', 'b', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "shotonwhat.com", true */ 's', 'h', 'o', 't', 'o', 'n', 'w', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "shotpixonline.com.br", true */ 's', 'h', 'o', 't', 'p', 'i', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "show-saratov.ru", false */ 's', 'h', 'o', 'w', '-', 's', 'a', 'r', 'a', 't', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "showbits.net", true */ 's', 'h', 'o', 'w', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "showdepiscinas.com.br", true */ 's', 'h', 'o', 'w', 'd', 'e', 'p', 'i', 's', 'c', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "shower.im", true */ 's', 'h', 'o', 'w', 'e', 'r', '.', 'i', 'm', '\0',
+  /* "showmax.com", true */ 's', 'h', 'o', 'w', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "showroom.de", true */ 's', 'h', 'o', 'w', 'r', 'o', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "showsonar.com", true */ 's', 'h', 'o', 'w', 's', 'o', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shrike.me", false */ 's', 'h', 'r', 'i', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "shrinidhiclinic.in", true */ 's', 'h', 'r', 'i', 'n', 'i', 'd', 'h', 'i', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'i', 'n', '\0',
+  /* "shrinkhub.com", true */ 's', 'h', 'r', 'i', 'n', 'k', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "shrub.ca", true */ 's', 'h', 'r', 'u', 'b', '.', 'c', 'a', '\0',
+  /* "shtorku.com", true */ 's', 'h', 't', 'o', 'r', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "shu-fu.net", true */ 's', 'h', 'u', '-', 'f', 'u', '.', 'n', 'e', 't', '\0',
+  /* "shu-kin.net", true */ 's', 'h', 'u', '-', 'k', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "shulan.moe", true */ 's', 'h', 'u', 'l', 'a', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "shuro.de", true */ 's', 'h', 'u', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "shushu.media", true */ 's', 'h', 'u', 's', 'h', 'u', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "shutter-shower.com", true */ 's', 'h', 'u', 't', 't', 'e', 'r', '-', 's', 'h', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shux.pro", true */ 's', 'h', 'u', 'x', '.', 'p', 'r', 'o', '\0',
+  /* "si-benelux.nl", true */ 's', 'i', '-', 'b', 'e', 'n', 'e', 'l', 'u', 'x', '.', 'n', 'l', '\0',
+  /* "si.to", true */ 's', 'i', '.', 't', 'o', '\0',
+  /* "siamojo.com", true */ 's', 'i', 'a', 'm', 'o', 'j', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "siamsnus.com", true */ 's', 'i', 'a', 'm', 's', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "siao-mei.com", true */ 's', 'i', 'a', 'o', '-', 'm', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sibfk.org", true */ 's', 'i', 'b', 'f', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sibrenvasse.nl", true */ 's', 'i', 'b', 'r', 'e', 'n', 'v', 'a', 's', 's', 'e', '.', 'n', 'l', '\0',
+  /* "siciliadisinfestazioni.it", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 't', '\0',
+  /* "siciliamconsulting.com", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'm', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sicilianbalm.com", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'n', 'b', 'a', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sicken.eu", true */ 's', 'i', 'c', 'k', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "sicklepod.com", true */ 's', 'i', 'c', 'k', 'l', 'e', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "siconnect.us", true */ 's', 'i', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'u', 's', '\0',
+  /* "sidelka-tver.ru", true */ 's', 'i', 'd', 'e', 'l', 'k', 'a', '-', 't', 'v', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "sidepodcast.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sidepodcastdaily.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', 'd', 'a', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sidepodcastextra.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', 'e', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sideshowbarker.net", true */ 's', 'i', 'd', 'e', 's', 'h', 'o', 'w', 'b', 'a', 'r', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "sidium.de", true */ 's', 'i', 'd', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "sidnicio.us", true */ 's', 'i', 'd', 'n', 'i', 'c', 'i', 'o', '.', 'u', 's', '\0',
+  /* "sidonge.com", true */ 's', 'i', 'd', 'o', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sidongkim.com", true */ 's', 'i', 'd', 'o', 'n', 'g', 'k', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sidpod.ru", true */ 's', 'i', 'd', 'p', 'o', 'd', '.', 'r', 'u', '\0',
+  /* "siegemund-frankfurt.de", true */ 's', 'i', 'e', 'g', 'e', 'm', 'u', 'n', 'd', '-', 'f', 'r', 'a', 'n', 'k', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "sieh.es", true */ 's', 'i', 'e', 'h', '.', 'e', 's', '\0',
+  /* "sientemendoza.com.ar", true */ 's', 'i', 'e', 'n', 't', 'e', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "sieulog.com", true */ 's', 'i', 'e', 'u', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "siewert-kau.de", true */ 's', 'i', 'e', 'w', 'e', 'r', 't', '-', 'k', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "sift-tool.org", true */ 's', 'i', 'f', 't', '-', 't', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "sig6.org", true */ 's', 'i', 'g', '6', '.', 'o', 'r', 'g', '\0',
+  /* "sigabrt.org", true */ 's', 'i', 'g', 'a', 'b', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "siggerudklatreklubb.no", true */ 's', 'i', 'g', 'g', 'e', 'r', 'u', 'd', 'k', 'l', 'a', 't', 'r', 'e', 'k', 'l', 'u', 'b', 'b', '.', 'n', 'o', '\0',
+  /* "sightcure.jp", true */ 's', 'i', 'g', 'h', 't', 'c', 'u', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "sighup.nz", true */ 's', 'i', 'g', 'h', 'u', 'p', '.', 'n', 'z', '\0',
+  /* "sigismonda.ch", true */ 's', 'i', 'g', 'i', 's', 'm', 'o', 'n', 'd', 'a', '.', 'c', 'h', '\0',
+  /* "sigma-signalisation.com", true */ 's', 'i', 'g', 'm', 'a', '-', 's', 'i', 'g', 'n', 'a', 'l', 'i', 's', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sigmalux.sarl", true */ 's', 'i', 'g', 'm', 'a', 'l', 'u', 'x', '.', 's', 'a', 'r', 'l', '\0',
+  /* "sign.io", true */ 's', 'i', 'g', 'n', '.', 'i', 'o', '\0',
+  /* "signaltransmitter.de", true */ 's', 'i', 'g', 'n', 'a', 'l', 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "signere.com", true */ 's', 'i', 'g', 'n', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "signere.no", true */ 's', 'i', 'g', 'n', 'e', 'r', 'e', '.', 'n', 'o', '\0',
+  /* "significados.com", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "significados.com.br", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "significantbanter.com", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'n', 't', 'b', 'a', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "signing-milter.org", true */ 's', 'i', 'g', 'n', 'i', 'n', 'g', '-', 'm', 'i', 'l', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "signix.net", true */ 's', 'i', 'g', 'n', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "signslabelstapesandmore.com", false */ 's', 'i', 'g', 'n', 's', 'l', 'a', 'b', 'e', 'l', 's', 't', 'a', 'p', 'e', 's', 'a', 'n', 'd', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "signtul.com", false */ 's', 'i', 'g', 'n', 't', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sigsegv.run", true */ 's', 'i', 'g', 's', 'e', 'g', 'v', '.', 'r', 'u', 'n', '\0',
+  /* "sigterm.sh", true */ 's', 'i', 'g', 't', 'e', 'r', 'm', '.', 's', 'h', '\0',
+  /* "siikarantacamping.fi", true */ 's', 'i', 'i', 'k', 'a', 'r', 'a', 'n', 't', 'a', 'c', 'a', 'm', 'p', 'i', 'n', 'g', '.', 'f', 'i', '\0',
+  /* "siirtutkusu.com", true */ 's', 'i', 'i', 'r', 't', 'u', 't', 'k', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "sijmenschoon.nl", true */ 's', 'i', 'j', 'm', 'e', 'n', 's', 'c', 'h', 'o', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "sikevux.se", true */ 's', 'i', 'k', 'e', 'v', 'u', 'x', '.', 's', 'e', '\0',
+  /* "sikko.biz", true */ 's', 'i', 'k', 'k', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "siku-shop.ch", true */ 's', 'i', 'k', 'u', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "silashes.com", true */ 's', 'i', 'l', 'a', 's', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "silashes.ru", true */ 's', 'i', 'l', 'a', 's', 'h', 'e', 's', '.', 'r', 'u', '\0',
+  /* "silentexplosion.de", true */ 's', 'i', 'l', 'e', 'n', 't', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "silentkernel.fr", false */ 's', 'i', 'l', 'e', 'n', 't', 'k', 'e', 'r', 'n', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "silentmode.com", true */ 's', 'i', 'l', 'e', 'n', 't', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "silentundo.org", true */ 's', 'i', 'l', 'e', 'n', 't', 'u', 'n', 'd', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "siliconchip.me", true */ 's', 'i', 'l', 'i', 'c', 'o', 'n', 'c', 'h', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "silkebaekken.no", true */ 's', 'i', 'l', 'k', 'e', 'b', 'a', 'e', 'k', 'k', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "sillisalaatti.fi", true */ 's', 'i', 'l', 'l', 'i', 's', 'a', 'l', 'a', 'a', 't', 't', 'i', '.', 'f', 'i', '\0',
+  /* "sillysnapz.co.uk", true */ 's', 'i', 'l', 'l', 'y', 's', 'n', 'a', 'p', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "siloportem.net", true */ 's', 'i', 'l', 'o', 'p', 'o', 'r', 't', 'e', 'm', '.', 'n', 'e', 't', '\0',
+  /* "silqueskineyeserum.com", true */ 's', 'i', 'l', 'q', 'u', 'e', 's', 'k', 'i', 'n', 'e', 'y', 'e', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "silsha.me", true */ 's', 'i', 'l', 's', 'h', 'a', '.', 'm', 'e', '\0',
+  /* "silv.me", true */ 's', 'i', 'l', 'v', '.', 'm', 'e', '\0',
+  /* "silver-heart.co.uk", true */ 's', 'i', 'l', 'v', 'e', 'r', '-', 'h', 'e', 'a', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "silverback.is", true */ 's', 'i', 'l', 'v', 'e', 'r', 'b', 'a', 'c', 'k', '.', 'i', 's', '\0',
+  /* "silverbowflyshop.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'b', 'o', 'w', 'f', 'l', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "silverdragonart.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'd', 'r', 'a', 'g', 'o', 'n', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "silvergoldbull.be", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'b', 'e', '\0',
+  /* "silvergoldbull.by", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'b', 'y', '\0',
+  /* "silvergoldbull.ca", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "silvergoldbull.cl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'l', '\0',
+  /* "silvergoldbull.cm", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'm', '\0',
+  /* "silvergoldbull.cn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'n', '\0',
+  /* "silvergoldbull.co", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '\0',
+  /* "silvergoldbull.co.il", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "silvergoldbull.co.no", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'n', 'o', '\0',
+  /* "silvergoldbull.co.tz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 't', 'z', '\0',
+  /* "silvergoldbull.co.uk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "silvergoldbull.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "silvergoldbull.com.ar", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "silvergoldbull.com.au", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "silvergoldbull.com.mt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'm', 't', '\0',
+  /* "silvergoldbull.cr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'r', '\0',
+  /* "silvergoldbull.cz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'z', '\0',
+  /* "silvergoldbull.de", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "silvergoldbull.do", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'd', 'o', '\0',
+  /* "silvergoldbull.ec", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 'c', '\0',
+  /* "silvergoldbull.ee", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 'e', '\0',
+  /* "silvergoldbull.es", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 's', '\0',
+  /* "silvergoldbull.fi", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'f', 'i', '\0',
+  /* "silvergoldbull.gd", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'd', '\0',
+  /* "silvergoldbull.ge", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'e', '\0',
+  /* "silvergoldbull.gl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'l', '\0',
+  /* "silvergoldbull.gr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'r', '\0',
+  /* "silvergoldbull.gt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 't', '\0',
+  /* "silvergoldbull.hk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'k', '\0',
+  /* "silvergoldbull.hn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'n', '\0',
+  /* "silvergoldbull.hu", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'u', '\0',
+  /* "silvergoldbull.id", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 'd', '\0',
+  /* "silvergoldbull.in", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 'n', '\0',
+  /* "silvergoldbull.is", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 's', '\0',
+  /* "silvergoldbull.it", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 't', '\0',
+  /* "silvergoldbull.kr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'k', 'r', '\0',
+  /* "silvergoldbull.ky", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'k', 'y', '\0',
+  /* "silvergoldbull.li", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 'i', '\0',
+  /* "silvergoldbull.lt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 't', '\0',
+  /* "silvergoldbull.lv", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 'v', '\0',
+  /* "silvergoldbull.ma", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'a', '\0',
+  /* "silvergoldbull.mk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'k', '\0',
+  /* "silvergoldbull.ml", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'l', '\0',
+  /* "silvergoldbull.mw", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'w', '\0',
+  /* "silvergoldbull.nz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'n', 'z', '\0',
+  /* "silvergoldbull.ph", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 'h', '\0',
+  /* "silvergoldbull.pl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 'l', '\0',
+  /* "silvergoldbull.pt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 't', '\0',
+  /* "silvergoldbull.qa", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'q', 'a', '\0',
+  /* "silvergoldbull.rs", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'r', 's', '\0',
+  /* "silvergoldbull.se", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'e', '\0',
+  /* "silvergoldbull.si", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'i', '\0',
+  /* "silvergoldbull.sv", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'v', '\0',
+  /* "silvergoldbull.tj", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'j', '\0',
+  /* "silvergoldbull.tn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'n', '\0',
+  /* "silvergoldbull.tt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 't', '\0',
+  /* "silvergoldbull.tw", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'w', '\0',
+  /* "silvergoldbull.uy", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'u', 'y', '\0',
+  /* "silvergoldbull.uz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'u', 'z', '\0',
+  /* "silvergoldbull.ws", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'w', 's', '\0',
+  /* "silverlinkz.net", true */ 's', 'i', 'l', 'v', 'e', 'r', 'l', 'i', 'n', 'k', 'z', '.', 'n', 'e', 't', '\0',
+  /* "silverseen.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 's', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "silverstartup.sk", true */ 's', 'i', 'l', 'v', 'e', 'r', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 's', 'k', '\0',
+  /* "silverwind.io", true */ 's', 'i', 'l', 'v', 'e', 'r', 'w', 'i', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "silviamacallister.com", true */ 's', 'i', 'l', 'v', 'i', 'a', 'm', 'a', 'c', 'a', 'l', 'l', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "silvine.xyz", true */ 's', 'i', 'l', 'v', 'i', 'n', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "sim-karten.net", true */ 's', 'i', 'm', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sim-sim.appspot.com", true */ 's', 'i', 'm', '-', 's', 'i', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sim4seed.org", true */ 's', 'i', 'm', '4', 's', 'e', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "simam.de", true */ 's', 'i', 'm', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "simbeton.nl", true */ 's', 'i', 'm', 'b', 'e', 't', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "simbolo.co.uk", false */ 's', 'i', 'm', 'b', 'o', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "simeonoff.ninja", true */ 's', 'i', 'm', 'e', 'o', 'n', 'o', 'f', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "simetal.ch", true */ 's', 'i', 'm', 'e', 't', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "simfed.org", true */ 's', 'i', 'm', 'f', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "simivalleyelectrical.com", true */ 's', 'i', 'm', 'i', 'v', 'a', 'l', 'l', 'e', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "simlau.net", true */ 's', 'i', 'm', 'l', 'a', 'u', '.', 'n', 'e', 't', '\0',
+  /* "simmis.fr", true */ 's', 'i', 'm', 'm', 'i', 's', '.', 'f', 'r', '\0',
+  /* "simoesgoulart.com.br", true */ 's', 'i', 'm', 'o', 'e', 's', 'g', 'o', 'u', 'l', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "simon-hofmann.org", true */ 's', 'i', 'm', 'o', 'n', '-', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "simon-mueller.de", true */ 's', 'i', 'm', 'o', 'n', '-', 'm', 'u', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "simon.lc", true */ 's', 'i', 'm', 'o', 'n', '.', 'l', 'c', '\0',
+  /* "simonberard.garden", true */ 's', 'i', 'm', 'o', 'n', 'b', 'e', 'r', 'a', 'r', 'd', '.', 'g', 'a', 'r', 'd', 'e', 'n', '\0',
+  /* "simonbondo.dk", true */ 's', 'i', 'm', 'o', 'n', 'b', 'o', 'n', 'd', 'o', '.', 'd', 'k', '\0',
+  /* "simoncommunity.org.uk", true */ 's', 'i', 'm', 'o', 'n', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "simoncook.org", true */ 's', 'i', 'm', 'o', 'n', 'c', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "simonfischer.info", true */ 's', 'i', 'm', 'o', 'n', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "simonhirscher.de", true */ 's', 'i', 'm', 'o', 'n', 'h', 'i', 'r', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "simonkjellberg.com", true */ 's', 'i', 'm', 'o', 'n', 'k', 'j', 'e', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "simonkjellberg.se", true */ 's', 'i', 'm', 'o', 'n', 'k', 'j', 'e', 'l', 'l', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0',
+  /* "simonlyabonnement.nl", true */ 's', 'i', 'm', 'o', 'n', 'l', 'y', 'a', 'b', 'o', 'n', 'n', 'e', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "simonpaarlberg.com", true */ 's', 'i', 'm', 'o', 'n', 'p', 'a', 'a', 'r', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "simonreich.de", true */ 's', 'i', 'm', 'o', 'n', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "simonschmitt.ch", true */ 's', 'i', 'm', 'o', 'n', 's', 'c', 'h', 'm', 'i', 't', 't', '.', 'c', 'h', '\0',
+  /* "simonsmh.cc", true */ 's', 'i', 'm', 'o', 'n', 's', 'm', 'h', '.', 'c', 'c', '\0',
+  /* "simonspeich.ch", true */ 's', 'i', 'm', 'o', 'n', 's', 'p', 'e', 'i', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "simonsreich.de", true */ 's', 'i', 'm', 'o', 'n', 's', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "simontaite.com", true */ 's', 'i', 'm', 'o', 'n', 't', 'a', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simonwessel.net", true */ 's', 'i', 'm', 'o', 'n', 'w', 'e', 's', 's', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "simonwoodside.com", true */ 's', 'i', 'm', 'o', 'n', 'w', 'o', 'o', 'd', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simpbx.net", true */ 's', 'i', 'm', 'p', 'b', 'x', '.', 'n', 'e', 't', '\0',
+  /* "simpel.be", true */ 's', 'i', 'm', 'p', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "simpeo.fr", true */ 's', 'i', 'm', 'p', 'e', 'o', '.', 'f', 'r', '\0',
+  /* "simpeo.org", true */ 's', 'i', 'm', 'p', 'e', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "simphony.cz", true */ 's', 'i', 'm', 'p', 'h', 'o', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "simpip.com", true */ 's', 'i', 'm', 'p', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "simple.com", false */ 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simplecontacts.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'c', 'o', 'n', 't', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "simplednscrypt.org", true */ 's', 'i', 'm', 'p', 'l', 'e', 'd', 'n', 's', 'c', 'r', 'y', 'p', 't', '.', 'o', 'r', 'g', '\0',
+  /* "simpleindianrecipes.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'd', 'i', 'a', 'n', 'r', 'e', 'c', 'i', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "simpleinout.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "simpleinvoices.io", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'v', 'o', 'i', 'c', 'e', 's', '.', 'i', 'o', '\0',
+  /* "simplesamlphp.org", true */ 's', 'i', 'm', 'p', 'l', 'e', 's', 'a', 'm', 'l', 'p', 'h', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "simpletax.ca", true */ 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "simplewire.de", true */ 's', 'i', 'm', 'p', 'l', 'e', 'w', 'i', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "simplexgame.net", true */ 's', 'i', 'm', 'p', 'l', 'e', 'x', 'g', 'a', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "simplia.cz", true */ 's', 'i', 'm', 'p', 'l', 'i', 'a', '.', 'c', 'z', '\0',
+  /* "simplicitypvp.net", true */ 's', 'i', 'm', 'p', 'l', 'i', 'c', 'i', 't', 'y', 'p', 'v', 'p', '.', 'n', 'e', 't', '\0',
+  /* "simplidesigns.nl", true */ 's', 'i', 'm', 'p', 'l', 'i', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'n', 'l', '\0',
+  /* "simplifylivelove.com", true */ 's', 'i', 'm', 'p', 'l', 'i', 'f', 'y', 'l', 'i', 'v', 'e', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simply.scot", true */ 's', 'i', 'm', 'p', 'l', 'y', '.', 's', 'c', 'o', 't', '\0',
+  /* "simplycharlottemason.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', 'm', 'a', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "simplycloud.de", true */ 's', 'i', 'm', 'p', 'l', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "simplyfixit.co.uk", true */ 's', 'i', 'm', 'p', 'l', 'y', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "simplyhelen.de", true */ 's', 'i', 'm', 'p', 'l', 'y', 'h', 'e', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "simplylovejesus.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 'l', 'o', 'v', 'e', 'j', 'e', 's', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "simplymozzo.se", true */ 's', 'i', 'm', 'p', 'l', 'y', 'm', 'o', 'z', 'z', 'o', '.', 's', 'e', '\0',
+  /* "simplystudio.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "simpte.com", true */ 's', 'i', 'm', 'p', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simpul.nl", true */ 's', 'i', 'm', 'p', 'u', 'l', '.', 'n', 'l', '\0',
+  /* "simsnieuws.nl", true */ 's', 'i', 'm', 's', 'n', 'i', 'e', 'u', 'w', 's', '.', 'n', 'l', '\0',
+  /* "simukti.net", true */ 's', 'i', 'm', 'u', 'k', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "simumiehet.com", true */ 's', 'i', 'm', 'u', 'm', 'i', 'e', 'h', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "simus.fr", true */ 's', 'i', 'm', 'u', 's', '.', 'f', 'r', '\0',
+  /* "sin-nombre-alleria.de", true */ 's', 'i', 'n', '-', 'n', 'o', 'm', 'b', 'r', 'e', '-', 'a', 'l', 'l', 'e', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "sin.swiss", true */ 's', 'i', 'n', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "sinaryuda.web.id", true */ 's', 'i', 'n', 'a', 'r', 'y', 'u', 'd', 'a', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "sinatrafamily.com", true */ 's', 'i', 'n', 'a', 't', 'r', 'a', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sinefili.com", true */ 's', 'i', 'n', 'e', 'f', 'i', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sinergy.ch", true */ 's', 'i', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "sinfield.com", false */ 's', 'i', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "singaporemint.com", true */ 's', 'i', 'n', 'g', 'a', 'p', 'o', 'r', 'e', 'm', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "singapurfirma.com", true */ 's', 'i', 'n', 'g', 'a', 'p', 'u', 'r', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "singee.site", true */ 's', 'i', 'n', 'g', 'e', 'e', '.', 's', 'i', 't', 'e', '\0',
+  /* "singel.ch", true */ 's', 'i', 'n', 'g', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "singerwang.com", true */ 's', 'i', 'n', 'g', 'e', 'r', 'w', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "single-in-stuttgart.de", true */ 's', 'i', 'n', 'g', 'l', 'e', '-', 'i', 'n', '-', 's', 't', 'u', 't', 't', 'g', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "singles-aus-hamburg.de", true */ 's', 'i', 'n', 'g', 'l', 'e', 's', '-', 'a', 'u', 's', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "singles-berlin.de", true */ 's', 'i', 'n', 'g', 'l', 'e', 's', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "singleuse.link", true */ 's', 'i', 'n', 'g', 'l', 'e', 'u', 's', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "singlu10.org", false */ 's', 'i', 'n', 'g', 'l', 'u', '1', '0', '.', 'o', 'r', 'g', '\0',
+  /* "sinkip.com", true */ 's', 'i', 'n', 'k', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sinktank.de", true */ 's', 'i', 'n', 'k', 't', 'a', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "sinnersprojects.ro", true */ 's', 'i', 'n', 'n', 'e', 'r', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'r', 'o', '\0',
+  /* "sinnovate.de", true */ 's', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "sinomod.com", true */ 's', 'i', 'n', 'o', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sinonimos.com.br", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sinonimosonline.com", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sinonimosonline.com.br", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sinoscandinavia.se", true */ 's', 'i', 'n', 'o', 's', 'c', 'a', 'n', 'd', 'i', 'n', 'a', 'v', 'i', 'a', '.', 's', 'e', '\0',
+  /* "sinquin.eu", true */ 's', 'i', 'n', 'q', 'u', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "sint-joris.nl", true */ 's', 'i', 'n', 't', '-', 'j', 'o', 'r', 'i', 's', '.', 'n', 'l', '\0',
+  /* "sinterama.biz", true */ 's', 'i', 'n', 't', 'e', 'r', 'a', 'm', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "sintesysglobal.com", true */ 's', 'i', 'n', 't', 'e', 's', 'y', 's', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sinuelovirtual.com.br", true */ 's', 'i', 'n', 'u', 'e', 'l', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sion.moe", true */ 's', 'i', 'o', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "siraweb.org", true */ 's', 'i', 'r', 'a', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "sirbouncealotcastles.co.uk", true */ 's', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sirbouncelot.co.uk", true */ 's', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'l', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sirburton.com", true */ 's', 'i', 'r', 'b', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sirena.co.jp", true */ 's', 'i', 'r', 'e', 'n', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "sirenslove.com", true */ 's', 'i', 'r', 'e', 'n', 's', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "siriuspup.com", true */ 's', 'i', 'r', 'i', 'u', 's', 'p', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "siroop.ch", true */ 's', 'i', 'r', 'o', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "sirtaptap.com", true */ 's', 'i', 'r', 't', 'a', 'p', 't', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sirtuins.com", true */ 's', 'i', 'r', 't', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sistel.es", true */ 's', 'i', 's', 't', 'e', 'l', '.', 'e', 's', '\0',
+  /* "sistem-maklumat.com", true */ 's', 'i', 's', 't', 'e', 'm', '-', 'm', 'a', 'k', 'l', 'u', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sistem-maklumat.com.my", true */ 's', 'i', 's', 't', 'e', 'm', '-', 'm', 'a', 'k', 'l', 'u', 'm', 'a', 't', '.', 'c', 'o', 'm', '.', 'm', 'y', '\0',
+  /* "sistemy48.ru", false */ 's', 'i', 's', 't', 'e', 'm', 'y', '4', '8', '.', 'r', 'u', '\0',
+  /* "sistersurprise.de", true */ 's', 'i', 's', 't', 'e', 'r', 's', 'u', 'r', 'p', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0',
+  /* "sistimiki-anaparastasi.gr", true */ 's', 'i', 's', 't', 'i', 'm', 'i', 'k', 'i', '-', 'a', 'n', 'a', 'p', 'a', 'r', 'a', 's', 't', 'a', 's', 'i', '.', 'g', 'r', '\0',
+  /* "sisv.eu", true */ 's', 'i', 's', 'v', '.', 'e', 'u', '\0',
+  /* "sit-brn.ru", true */ 's', 'i', 't', '-', 'b', 'r', 'n', '.', 'r', 'u', '\0',
+  /* "sit.ec", true */ 's', 'i', 't', '.', 'e', 'c', '\0',
+  /* "sitc.sk", true */ 's', 'i', 't', 'c', '.', 's', 'k', '\0',
+  /* "sitecloudify.com", true */ 's', 'i', 't', 'e', 'c', 'l', 'o', 'u', 'd', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sitecuatui.com", true */ 's', 'i', 't', 'e', 'c', 'u', 'a', 't', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sitedrive.fi", true */ 's', 'i', 't', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'f', 'i', '\0',
+  /* "sitehoster.org", true */ 's', 'i', 't', 'e', 'h', 'o', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "siterencontre.me", true */ 's', 'i', 't', 'e', 'r', 'e', 'n', 'c', 'o', 'n', 't', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "sites.google.com", true */ 's', 'i', 't', 'e', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sitesko.de", true */ 's', 'i', 't', 'e', 's', 'k', 'o', '.', 'd', 'e', '\0',
+  /* "sitsy.ru", false */ 's', 'i', 't', 's', 'y', '.', 'r', 'u', '\0',
+  /* "sivyerge.com", true */ 's', 'i', 'v', 'y', 'e', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sixpackholubice.cz", true */ 's', 'i', 'x', 'p', 'a', 'c', 'k', 'h', 'o', 'l', 'u', 'b', 'i', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "sixtwentyten.com", true */ 's', 'i', 'x', 't', 'w', 'e', 'n', 't', 'y', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sj-leisure.com", true */ 's', 'j', '-', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sja-se-training.com", true */ 's', 'j', 'a', '-', 's', 'e', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sjd.is", true */ 's', 'j', 'd', '.', 'i', 's', '\0',
+  /* "sjdaws.com", true */ 's', 'j', 'd', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sjleisure.co.uk", true */ 's', 'j', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sjoorm.com", true */ 's', 'j', 'o', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sjsc.fr", true */ 's', 'j', 's', 'c', '.', 'f', 'r', '\0',
+  /* "sk-net.cz", true */ 's', 'k', '-', 'n', 'e', 't', '.', 'c', 'z', '\0',
+  /* "skanvordoff.ru", true */ 's', 'k', 'a', 'n', 'v', 'o', 'r', 'd', 'o', 'f', 'f', '.', 'r', 'u', '\0',
+  /* "skarox.com", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "skarox.ee", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'e', 'e', '\0',
+  /* "skarox.eu", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'e', 'u', '\0',
+  /* "skarox.net", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "skatclub-beratzhausen.de", true */ 's', 'k', 'a', 't', 'c', 'l', 'u', 'b', '-', 'b', 'e', 'r', 'a', 't', 'z', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "skates.guru", true */ 's', 'k', 'a', 't', 'e', 's', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "skatingchina.com", true */ 's', 'k', 'a', 't', 'i', 'n', 'g', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "skatn.de", true */ 's', 'k', 'a', 't', 'n', '.', 'd', 'e', '\0',
+  /* "skazka.ru", true */ 's', 'k', 'a', 'z', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "skday.com", true */ 's', 'k', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "skeeley.com", true */ 's', 'k', 'e', 'e', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "skei.org", true */ 's', 'k', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "skepticalsports.com", true */ 's', 'k', 'e', 'p', 't', 'i', 'c', 'a', 'l', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sketchmyroom.com", true */ 's', 'k', 'e', 't', 'c', 'h', 'm', 'y', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sketchywebsite.net", true */ 's', 'k', 'e', 't', 'c', 'h', 'y', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "skhire.co.uk", true */ 's', 'k', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "skhoop.cz", true */ 's', 'k', 'h', 'o', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "skia.org", false */ 's', 'k', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "skifairview.com", true */ 's', 'k', 'i', 'f', 'a', 'i', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "skigebied.nl", true */ 's', 'k', 'i', 'g', 'e', 'b', 'i', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "skigebiete-test.de", true */ 's', 'k', 'i', 'g', 'e', 'b', 'i', 'e', 't', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "skile.ru", true */ 's', 'k', 'i', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "skilldetector.com", true */ 's', 'k', 'i', 'l', 'l', 'd', 'e', 't', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "skilletfood.com", true */ 's', 'k', 'i', 'l', 'l', 'e', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "skillled.com", true */ 's', 'k', 'i', 'l', 'l', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "skills2services.com", true */ 's', 'k', 'i', 'l', 'l', 's', '2', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skillseo.com", true */ 's', 'k', 'i', 'l', 'l', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "skimming.net", true */ 's', 'k', 'i', 'm', 'm', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "skinbet.co", true */ 's', 'k', 'i', 'n', 'b', 'e', 't', '.', 'c', 'o', '\0',
+  /* "skincases.co", true */ 's', 'k', 'i', 'n', 'c', 'a', 's', 'e', 's', '.', 'c', 'o', '\0',
+  /* "skincontracts.co", true */ 's', 'k', 'i', 'n', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 's', '.', 'c', 'o', '\0',
+  /* "sking.io", true */ 's', 'k', 'i', 'n', 'g', '.', 'i', 'o', '\0',
+  /* "skingame.co", true */ 's', 'k', 'i', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', '\0',
+  /* "skingames.co", true */ 's', 'k', 'i', 'n', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '\0',
+  /* "skinmarket.co", true */ 's', 'k', 'i', 'n', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', '\0',
+  /* "skinpwrd.com", true */ 's', 'k', 'i', 'n', 'p', 'w', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "skins.net", true */ 's', 'k', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "skipfault.com", true */ 's', 'k', 'i', 'p', 'f', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "skipperinnovations.com", true */ 's', 'k', 'i', 'p', 'p', 'e', 'r', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skischule-wildewiese.de", true */ 's', 'k', 'i', 's', 'c', 'h', 'u', 'l', 'e', '-', 'w', 'i', 'l', 'd', 'e', 'w', 'i', 'e', 's', 'e', '.', 'd', 'e', '\0',
+  /* "skks.cz", true */ 's', 'k', 'k', 's', '.', 'c', 'z', '\0',
+  /* "sklepsamsung.pl", true */ 's', 'k', 'l', 'e', 'p', 's', 'a', 'm', 's', 'u', 'n', 'g', '.', 'p', 'l', '\0',
+  /* "sklotechnik.cz", true */ 's', 'k', 'l', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'c', 'z', '\0',
+  /* "skocia.net", true */ 's', 'k', 'o', 'c', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "skoda-im-dialog.de", true */ 's', 'k', 'o', 'd', 'a', '-', 'i', 'm', '-', 'd', 'i', 'a', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "skogsbruket.fi", true */ 's', 'k', 'o', 'g', 's', 'b', 'r', 'u', 'k', 'e', 't', '.', 'f', 'i', '\0',
+  /* "skogskultur.fi", true */ 's', 'k', 'o', 'g', 's', 'k', 'u', 'l', 't', 'u', 'r', '.', 'f', 'i', '\0',
+  /* "skol.bzh", true */ 's', 'k', 'o', 'l', '.', 'b', 'z', 'h', '\0',
+  /* "skolem.de", true */ 's', 'k', 'o', 'l', 'e', 'm', '.', 'd', 'e', '\0',
+  /* "skoleniphp.cz", true */ 's', 'k', 'o', 'l', 'e', 'n', 'i', 'p', 'h', 'p', '.', 'c', 'z', '\0',
+  /* "skommettiamo.it", true */ 's', 'k', 'o', 'm', 'm', 'e', 't', 't', 'i', 'a', 'm', 'o', '.', 'i', 't', '\0',
+  /* "skontakt.cz", true */ 's', 'k', 'o', 'n', 't', 'a', 'k', 't', '.', 'c', 'z', '\0',
+  /* "skontorp-enterprise.no", true */ 's', 'k', 'o', 'n', 't', 'o', 'r', 'p', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', '.', 'n', 'o', '\0',
+  /* "skortekaas.nl", false */ 's', 'k', 'o', 'r', 't', 'e', 'k', 'a', 'a', 's', '.', 'n', 'l', '\0',
+  /* "skory.us", true */ 's', 'k', 'o', 'r', 'y', '.', 'u', 's', '\0',
+  /* "skou.dk", true */ 's', 'k', 'o', 'u', '.', 'd', 'k', '\0',
+  /* "skram.de", true */ 's', 'k', 'r', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "skryptersi.pl", true */ 's', 'k', 'r', 'y', 'p', 't', 'e', 'r', 's', 'i', '.', 'p', 'l', '\0',
+  /* "sktan.com", true */ 's', 'k', 't', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sktsolution.com", false */ 's', 'k', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "skuldwyrm.no", true */ 's', 'k', 'u', 'l', 'd', 'w', 'y', 'r', 'm', '.', 'n', 'o', '\0',
+  /* "skwile-cafe.com", true */ 's', 'k', 'w', 'i', 'l', 'e', '-', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "skyanchor.com", true */ 's', 'k', 'y', 'a', 'n', 'c', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "skybound.link", true */ 's', 'k', 'y', 'b', 'o', 'u', 'n', 'd', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "skydragoness.com", true */ 's', 'k', 'y', 'd', 'r', 'a', 'g', 'o', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skydrive.live.com", false */ 's', 'k', 'y', 'd', 'r', 'i', 'v', 'e', '.', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "skylgenet.nl", true */ 's', 'k', 'y', 'l', 'g', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "skylightcreative.com.au", true */ 's', 'k', 'y', 'l', 'i', 'g', 'h', 't', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "skylinertech.com", true */ 's', 'k', 'y', 'l', 'i', 'n', 'e', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "skylineservers.com", true */ 's', 'k', 'y', 'l', 'i', 'n', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skyloisirs.ch", true */ 's', 'k', 'y', 'l', 'o', 'i', 's', 'i', 'r', 's', '.', 'c', 'h', '\0',
+  /* "skyminds.net", true */ 's', 'k', 'y', 'm', 'i', 'n', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "skynet233.ch", true */ 's', 'k', 'y', 'n', 'e', 't', '2', '3', '3', '.', 'c', 'h', '\0',
+  /* "skynetnetwork.eu.org", true */ 's', 'k', 'y', 'n', 'e', 't', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "skynetz.tk", true */ 's', 'k', 'y', 'n', 'e', 't', 'z', '.', 't', 'k', '\0',
+  /* "skype.com", true */ 's', 'k', 'y', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "skypoker.com", true */ 's', 'k', 'y', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "skyquid.co.uk", true */ 's', 'k', 'y', 'q', 'u', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "skyris.co", true */ 's', 'k', 'y', 'r', 'i', 's', '.', 'c', 'o', '\0',
+  /* "skys-entertainment.com", true */ 's', 'k', 'y', 's', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "skysuite.nl", true */ 's', 'k', 'y', 's', 'u', 'i', 't', 'e', '.', 'n', 'l', '\0',
+  /* "skyvault.io", true */ 's', 'k', 'y', 'v', 'a', 'u', 'l', 't', '.', 'i', 'o', '\0',
+  /* "skyzimba.com.br", true */ 's', 'k', 'y', 'z', 'i', 'm', 'b', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sl0.us", true */ 's', 'l', '0', '.', 'u', 's', '\0',
+  /* "slack-files.com", true */ 's', 'l', 'a', 'c', 'k', '-', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "slack.com", true */ 's', 'l', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "sladic.si", false */ 's', 'l', 'a', 'd', 'i', 'c', '.', 's', 'i', '\0',
+  /* "slainvet.net", true */ 's', 'l', 'a', 'i', 'n', 'v', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "slamdjapan.com", true */ 's', 'l', 'a', 'm', 'd', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "slamix.nl", true */ 's', 'l', 'a', 'm', 'i', 'x', '.', 'n', 'l', '\0',
+  /* "slane.cn", true */ 's', 'l', 'a', 'n', 'e', '.', 'c', 'n', '\0',
+  /* "slangbellor.com", true */ 's', 'l', 'a', 'n', 'g', 'b', 'e', 'l', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slapen17.nl", true */ 's', 'l', 'a', 'p', 'e', 'n', '1', '7', '.', 'n', 'l', '\0',
+  /* "slash32.co.uk", true */ 's', 'l', 'a', 's', 'h', '3', '2', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slash64.co.uk", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slash64.com", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "slash64.uk", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'u', 'k', '\0',
+  /* "slashbits.no", true */ 's', 'l', 'a', 's', 'h', 'b', 'i', 't', 's', '.', 'n', 'o', '\0',
+  /* "slatemc.fun", true */ 's', 'l', 'a', 't', 'e', 'm', 'c', '.', 'f', 'u', 'n', '\0',
+  /* "slatop.org", true */ 's', 'l', 'a', 't', 'o', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "slaughter.com", true */ 's', 'l', 'a', 'u', 'g', 'h', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slaughterhouse.fr", true */ 's', 'l', 'a', 'u', 'g', 'h', 't', 'e', 'r', 'h', 'o', 'u', 's', 'e', '.', 'f', 'r', '\0',
+  /* "slavasveta.info", true */ 's', 'l', 'a', 'v', 'a', 's', 'v', 'e', 't', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "slaws.io", true */ 's', 'l', 'a', 'w', 's', '.', 'i', 'o', '\0',
+  /* "sleeplessbeastie.eu", true */ 's', 'l', 'e', 'e', 'p', 'l', 'e', 's', 's', 'b', 'e', 'a', 's', 't', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "sleepmap.de", true */ 's', 'l', 'e', 'e', 'p', 'm', 'a', 'p', '.', 'd', 'e', '\0',
+  /* "sleepstar.co.uk", true */ 's', 'l', 'e', 'e', 'p', 's', 't', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sleepstar.de", true */ 's', 'l', 'e', 'e', 'p', 's', 't', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "sleio.com", true */ 's', 'l', 'e', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "slever.cz", true */ 's', 'l', 'e', 'v', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "slevermann.de", true */ 's', 'l', 'e', 'v', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "slevomat.cz", true */ 's', 'l', 'e', 'v', 'o', 'm', 'a', 't', '.', 'c', 'z', '\0',
+  /* "sliceone.com", true */ 's', 'l', 'i', 'c', 'e', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "slicklines.co.uk", true */ 's', 'l', 'i', 'c', 'k', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slidebatch.com", true */ 's', 'l', 'i', 'd', 'e', 'b', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "slides.zone", true */ 's', 'l', 'i', 'd', 'e', 's', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "slik.ai", true */ 's', 'l', 'i', 'k', '.', 'a', 'i', '\0',
+  /* "slimk1nd.nl", true */ 's', 'l', 'i', 'm', 'k', '1', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "slimmerbouwen.be", true */ 's', 'l', 'i', 'm', 'm', 'e', 'r', 'b', 'o', 'u', 'w', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "slimspots.com", true */ 's', 'l', 'i', 'm', 's', 'p', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "slingo-sta.com", true */ 's', 'l', 'i', 'n', 'g', 'o', '-', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "slingo.com", true */ 's', 'l', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "slingooriginals.com", true */ 's', 'l', 'i', 'n', 'g', 'o', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "slingoweb.com", true */ 's', 'l', 'i', 'n', 'g', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "slink.hr", true */ 's', 'l', 'i', 'n', 'k', '.', 'h', 'r', '\0',
+  /* "slip-gaming.tk", true */ 's', 'l', 'i', 'p', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 't', 'k', '\0',
+  /* "slneighbors.org", true */ 's', 'l', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "slo-net.net", true */ 's', 'l', 'o', '-', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "slo-tech.com", true */ 's', 'l', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sloancom.com", true */ 's', 'l', 'o', 'a', 'n', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "slopeedge.com", true */ 's', 'l', 'o', 'p', 'e', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "slotboss.co.uk", true */ 's', 'l', 'o', 't', 'b', 'o', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slotcar.com", false */ 's', 'l', 'o', 't', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slotfara.com", true */ 's', 'l', 'o', 't', 'f', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "slotfara.net", true */ 's', 'l', 'o', 't', 'f', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "sloths.org", true */ 's', 'l', 'o', 't', 'h', 's', '.', 'o', 'r', 'g', '\0',
+  /* "slotlist.info", true */ 's', 'l', 'o', 't', 'l', 'i', 's', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "slovenskycestovatel.sk", true */ 's', 'l', 'o', 'v', 'e', 'n', 's', 'k', 'y', 'c', 'e', 's', 't', 'o', 'v', 'a', 't', 'e', 'l', '.', 's', 'k', '\0',
+  /* "slow.zone", true */ 's', 'l', 'o', 'w', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "slowb.ro", true */ 's', 'l', 'o', 'w', 'b', '.', 'r', 'o', '\0',
+  /* "slowfood.es", true */ 's', 'l', 'o', 'w', 'f', 'o', 'o', 'd', '.', 'e', 's', '\0',
+  /* "slowgames.xyz", true */ 's', 'l', 'o', 'w', 'g', 'a', 'm', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "slowsociety.org", true */ 's', 'l', 'o', 'w', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "slpower.com", true */ 's', 'l', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slrd-isperih.com", true */ 's', 'l', 'r', 'd', '-', 'i', 's', 'p', 'e', 'r', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "slse.ca", true */ 's', 'l', 's', 'e', '.', 'c', 'a', '\0',
+  /* "sluimann.de", true */ 's', 'l', 'u', 'i', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "sluitkampzeist.nl", false */ 's', 'l', 'u', 'i', 't', 'k', 'a', 'm', 'p', 'z', 'e', 'i', 's', 't', '.', 'n', 'l', '\0',
+  /* "slvh.fr", true */ 's', 'l', 'v', 'h', '.', 'f', 'r', '\0',
+  /* "slwilde.ca", true */ 's', 'l', 'w', 'i', 'l', 'd', 'e', '.', 'c', 'a', '\0',
+  /* "slxh.eu", true */ 's', 'l', 'x', 'h', '.', 'e', 'u', '\0',
+  /* "slxh.nl", true */ 's', 'l', 'x', 'h', '.', 'n', 'l', '\0',
+  /* "sm.ms", true */ 's', 'm', '.', 'm', 's', '\0',
+  /* "sm2016.ch", true */ 's', 'm', '2', '0', '1', '6', '.', 'c', 'h', '\0',
+  /* "sma-gift.com", true */ 's', 'm', 'a', '-', 'g', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "smackhappy.com", true */ 's', 'm', 'a', 'c', 'k', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smalldogbreeds.net", true */ 's', 'm', 'a', 'l', 'l', 'd', 'o', 'g', 'b', 'r', 'e', 'e', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "smallhadroncollider.com", true */ 's', 'm', 'a', 'l', 'l', 'h', 'a', 'd', 'r', 'o', 'n', 'c', 'o', 'l', 'l', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "smallpath.me", true */ 's', 'm', 'a', 'l', 'l', 'p', 'a', 't', 'h', '.', 'm', 'e', '\0',
+  /* "smallplanet.ch", true */ 's', 'm', 'a', 'l', 'l', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "smalltalkconsulting.com", true */ 's', 'm', 'a', 'l', 'l', 't', 'a', 'l', 'k', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "smaltimento-rifiuti.org", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', '-', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "smaltimento.napoli.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', '.', 'n', 'a', 'p', 'o', 'l', 'i', '.', 'i', 't', '\0',
+  /* "smaltimentoamianto.latina.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', 'a', 'm', 'i', 'a', 'n', 't', 'o', '.', 'l', 'a', 't', 'i', 'n', 'a', '.', 'i', 't', '\0',
+  /* "smaltimentorifiuti.veneto.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'v', 'e', 'n', 'e', 't', 'o', '.', 'i', 't', '\0',
+  /* "smares.de", true */ 's', 'm', 'a', 'r', 'e', 's', '.', 'd', 'e', '\0',
+  /* "smart-cp.jp", true */ 's', 'm', 'a', 'r', 't', '-', 'c', 'p', '.', 'j', 'p', '\0',
+  /* "smart-informatics.com", true */ 's', 'm', 'a', 'r', 't', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smart-shapes.co.uk", true */ 's', 'm', 'a', 'r', 't', '-', 's', 'h', 'a', 'p', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smart-wohnen.net", true */ 's', 'm', 'a', 'r', 't', '-', 'w', 'o', 'h', 'n', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "smart.gov", true */ 's', 'm', 'a', 'r', 't', '.', 'g', 'o', 'v', '\0',
+  /* "smartairkey.com", true */ 's', 'm', 'a', 'r', 't', 'a', 'i', 'r', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smartandcom.ch", true */ 's', 'm', 'a', 'r', 't', 'a', 'n', 'd', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "smartandhappychild.ro", true */ 's', 'm', 'a', 'r', 't', 'a', 'n', 'd', 'h', 'a', 'p', 'p', 'y', 'c', 'h', 'i', 'l', 'd', '.', 'r', 'o', '\0',
+  /* "smartbiz.vn", true */ 's', 'm', 'a', 'r', 't', 'b', 'i', 'z', '.', 'v', 'n', '\0',
+  /* "smartcheck.gov", true */ 's', 'm', 'a', 'r', 't', 'c', 'h', 'e', 'c', 'k', '.', 'g', 'o', 'v', '\0',
+  /* "smartest-trading.com", true */ 's', 'm', 'a', 'r', 't', 'e', 's', 't', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "smartfit.cz", true */ 's', 'm', 'a', 'r', 't', 'f', 'i', 't', '.', 'c', 'z', '\0',
+  /* "smartftp.com", true */ 's', 'm', 'a', 'r', 't', 'f', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "smarthdd.com", true */ 's', 'm', 'a', 'r', 't', 'h', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "smarthinking.nl", true */ 's', 'm', 'a', 'r', 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "smarthouse.de", true */ 's', 'm', 'a', 'r', 't', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0',
+  /* "smartit.pro", true */ 's', 'm', 'a', 'r', 't', 'i', 't', '.', 'p', 'r', 'o', '\0',
+  /* "smartjoin.style", true */ 's', 'm', 'a', 'r', 't', 'j', 'o', 'i', 'n', '.', 's', 't', 'y', 'l', 'e', '\0',
+  /* "smartlend.se", true */ 's', 'm', 'a', 'r', 't', 'l', 'e', 'n', 'd', '.', 's', 'e', '\0',
+  /* "smartlocksmith.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "smartlogreturns.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 'r', 'e', 't', 'u', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smartlogstock.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 's', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "smartlogtower.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 't', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "smartmeal.ru", true */ 's', 'm', 'a', 'r', 't', 'm', 'e', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "smartmessages.net", true */ 's', 'm', 'a', 'r', 't', 'm', 'e', 's', 's', 'a', 'g', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "smartmomsmartideas.com", true */ 's', 'm', 'a', 'r', 't', 'm', 'o', 'm', 's', 'm', 'a', 'r', 't', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smartpass.government.ae", true */ 's', 'm', 'a', 'r', 't', 'p', 'a', 's', 's', '.', 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', '.', 'a', 'e', '\0',
+  /* "smartpolicingplatform.com", true */ 's', 'm', 'a', 'r', 't', 'p', 'o', 'l', 'i', 'c', 'i', 'n', 'g', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "smartrade.tech", true */ 's', 'm', 'a', 'r', 't', 'r', 'a', 'd', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "smartshiftme.com", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'i', 'f', 't', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "smartship.co.jp", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "smartshoppers.es", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'o', 'p', 'p', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "smartsparrow.com", true */ 's', 'm', 'a', 'r', 't', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "smartvideo.io", true */ 's', 'm', 'a', 'r', 't', 'v', 'i', 'd', 'e', 'o', '.', 'i', 'o', '\0',
+  /* "smartviewing.com", true */ 's', 'm', 'a', 'r', 't', 'v', 'i', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "smartwelve.com", true */ 's', 'm', 'a', 'r', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "smartwritingservice.com", true */ 's', 'm', 'a', 'r', 't', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "smartwurk.nl", true */ 's', 'm', 'a', 'r', 't', 'w', 'u', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "smash-gg.club", true */ 's', 'm', 'a', 's', 'h', '-', 'g', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "smatch.com", true */ 's', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "smb445.com", true */ 's', 'm', 'b', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "smdavis.us", true */ 's', 'm', 'd', 'a', 'v', 'i', 's', '.', 'u', 's', '\0',
+  /* "smdcn.net", true */ 's', 'm', 'd', 'c', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sme-gmbh.net", true */ 's', 'm', 'e', '-', 'g', 'm', 'b', 'h', '.', 'n', 'e', 't', '\0',
+  /* "smeetsengraas.com", true */ 's', 'm', 'e', 'e', 't', 's', 'e', 'n', 'g', 'r', 'a', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smeso.it", true */ 's', 'm', 'e', 's', 'o', '.', 'i', 't', '\0',
+  /* "smi-a.me", true */ 's', 'm', 'i', '-', 'a', '.', 'm', 'e', '\0',
+  /* "smiatek.name", true */ 's', 'm', 'i', 'a', 't', 'e', 'k', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "smileandpay.com", true */ 's', 'm', 'i', 'l', 'e', 'a', 'n', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smiledirectsales.com", true */ 's', 'm', 'i', 'l', 'e', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smilessoftplay.co.uk", true */ 's', 'm', 'i', 'l', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smime.io", true */ 's', 'm', 'i', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "smimea.info", true */ 's', 'm', 'i', 'm', 'e', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "smipty.cn", true */ 's', 'm', 'i', 'p', 't', 'y', '.', 'c', 'n', '\0',
+  /* "smipty.com", true */ 's', 'm', 'i', 'p', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smit.com.ua", true */ 's', 'm', 'i', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "smithandcanova.co.uk", false */ 's', 'm', 'i', 't', 'h', 'a', 'n', 'd', 'c', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smkw.com", false */ 's', 'm', 'k', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "smm.im", true */ 's', 'm', 'm', '.', 'i', 'm', '\0',
+  /* "smoo.st", true */ 's', 'm', 'o', 'o', '.', 's', 't', '\0',
+  /* "smoothgesturesplus.com", true */ 's', 'm', 'o', 'o', 't', 'h', 'g', 'e', 's', 't', 'u', 'r', 'e', 's', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smoothics.at", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'a', 't', '\0',
+  /* "smoothics.com", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smoothics.eu", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'e', 'u', '\0',
+  /* "smoothics.mobi", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "smoothics.net", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "smorgasblog.ie", true */ 's', 'm', 'o', 'r', 'g', 'a', 's', 'b', 'l', 'o', 'g', '.', 'i', 'e', '\0',
+  /* "smow.com", true */ 's', 'm', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "smow.de", true */ 's', 'm', 'o', 'w', '.', 'd', 'e', '\0',
+  /* "smpetrey.com", true */ 's', 'm', 'p', 'e', 't', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sms1.ro", true */ 's', 'm', 's', '1', '.', 'r', 'o', '\0',
+  /* "smsappointment.com", true */ 's', 'm', 's', 'a', 'p', 'p', 'o', 'i', 'n', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "smsg-dev.ch", true */ 's', 'm', 's', 'g', '-', 'd', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "smskeywords.co.uk", true */ 's', 'm', 's', 'k', 'e', 'y', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smsprivacy.org", true */ 's', 'm', 's', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "smuncensored.com", true */ 's', 'm', 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "smutba.se", true */ 's', 'm', 'u', 't', 'b', 'a', '.', 's', 'e', '\0',
+  /* "smutek.net", true */ 's', 'm', 'u', 't', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "snafarms.com", true */ 's', 'n', 'a', 'f', 'a', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "snafu.cz", true */ 's', 'n', 'a', 'f', 'u', '.', 'c', 'z', '\0',
+  /* "snakafya.com", true */ 's', 'n', 'a', 'k', 'a', 'f', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "snake.dog", true */ 's', 'n', 'a', 'k', 'e', '.', 'd', 'o', 'g', '\0',
+  /* "snap.com", true */ 's', 'n', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "snapappointments.com", true */ 's', 'n', 'a', 'p', 'a', 'p', 'p', 'o', 'i', 'n', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "snapappts.com", true */ 's', 'n', 'a', 'p', 'a', 'p', 'p', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "snapfinance.com", true */ 's', 'n', 'a', 'p', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snapserv.ch", true */ 's', 'n', 'a', 'p', 's', 'e', 'r', 'v', '.', 'c', 'h', '\0',
+  /* "snapserv.net", true */ 's', 'n', 'a', 'p', 's', 'e', 'r', 'v', '.', 'n', 'e', 't', '\0',
+  /* "snaptools.io", true */ 's', 'n', 'a', 'p', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0',
+  /* "snarf.in", true */ 's', 'n', 'a', 'r', 'f', '.', 'i', 'n', '\0',
+  /* "snatch.com.ua", true */ 's', 'n', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "snazel.co.uk", true */ 's', 'n', 'a', 'z', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "snazzie.nl", true */ 's', 'n', 'a', 'z', 'z', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "sncdn.com", true */ 's', 'n', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sndbouncycastles.co.uk", true */ 's', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sneak.berlin", true */ 's', 'n', 'e', 'a', 'k', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "sneaker.date", true */ 's', 'n', 'e', 'a', 'k', 'e', 'r', '.', 'd', 'a', 't', 'e', '\0',
+  /* "sneakpod.de", true */ 's', 'n', 'e', 'a', 'k', 'p', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "sneakynote.com", true */ 's', 'n', 'e', 'a', 'k', 'y', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sneakypaw.com", true */ 's', 'n', 'e', 'a', 'k', 'y', 'p', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "sneberger.cz", false */ 's', 'n', 'e', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "sneed.company", true */ 's', 'n', 'e', 'e', 'd', '.', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '\0',
+  /* "sneed.it", true */ 's', 'n', 'e', 'e', 'd', '.', 'i', 't', '\0',
+  /* "sneedit.com", true */ 's', 'n', 'e', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sneedit.de", true */ 's', 'n', 'e', 'e', 'd', 'i', 't', '.', 'd', 'e', '\0',
+  /* "sneeuwhoogtes.eu", true */ 's', 'n', 'e', 'e', 'u', 'w', 'h', 'o', 'o', 'g', 't', 'e', 's', '.', 'e', 'u', '\0',
+  /* "sneezry.com", true */ 's', 'n', 'e', 'e', 'z', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "snel4u.nl", true */ 's', 'n', 'e', 'l', '4', 'u', '.', 'n', 'l', '\0',
+  /* "snelbv.nl", true */ 's', 'n', 'e', 'l', 'b', 'v', '.', 'n', 'l', '\0',
+  /* "snelshops.nl", true */ 's', 'n', 'e', 'l', 's', 'h', 'o', 'p', 's', '.', 'n', 'l', '\0',
+  /* "snelwebshop.nl", true */ 's', 'n', 'e', 'l', 'w', 'e', 'b', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "snelxboxlivegold.nl", true */ 's', 'n', 'e', 'l', 'x', 'b', 'o', 'x', 'l', 'i', 'v', 'e', 'g', 'o', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "snerith.com", true */ 's', 'n', 'e', 'r', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "snfdata.com", false */ 's', 'n', 'f', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sniderman.eu.org", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "sniderman.pro", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "sniderman.us", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'u', 's', '\0',
+  /* "sniderman.xyz", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "sniep.net", true */ 's', 'n', 'i', 'e', 'p', '.', 'n', 'e', 't', '\0',
+  /* "snight.co", true */ 's', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', '\0',
+  /* "snille.com", true */ 's', 'n', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snip.run", true */ 's', 'n', 'i', 'p', '.', 'r', 'u', 'n', '\0',
+  /* "snl.no", true */ 's', 'n', 'l', '.', 'n', 'o', '\0',
+  /* "snod.land", true */ 's', 'n', 'o', 'd', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "snote.io", true */ 's', 'n', 'o', 't', 'e', '.', 'i', 'o', '\0',
+  /* "snoupon.com", true */ 's', 'n', 'o', 'u', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "snovey.com", true */ 's', 'n', 'o', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "snow-online.com", true */ 's', 'n', 'o', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snow-online.de", true */ 's', 'n', 'o', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "snow.dog", true */ 's', 'n', 'o', 'w', '.', 'd', 'o', 'g', '\0',
+  /* "snowalerts.eu", true */ 's', 'n', 'o', 'w', 'a', 'l', 'e', 'r', 't', 's', '.', 'e', 'u', '\0',
+  /* "snowalerts.nl", true */ 's', 'n', 'o', 'w', 'a', 'l', 'e', 'r', 't', 's', '.', 'n', 'l', '\0',
+  /* "snowchamps.nl", true */ 's', 'n', 'o', 'w', 'c', 'h', 'a', 'm', 'p', 's', '.', 'n', 'l', '\0',
+  /* "snowcrestdesign.com", true */ 's', 'n', 'o', 'w', 'c', 'r', 'e', 's', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "snowdy.dk", true */ 's', 'n', 'o', 'w', 'd', 'y', '.', 'd', 'k', '\0',
+  /* "snowdy.link", true */ 's', 'n', 'o', 'w', 'd', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "snowhaze.ch", true */ 's', 'n', 'o', 'w', 'h', 'a', 'z', 'e', '.', 'c', 'h', '\0',
+  /* "snowhaze.com", true */ 's', 'n', 'o', 'w', 'h', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snowplane.net", true */ 's', 'n', 'o', 'w', 'p', 'l', 'a', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "snowraven.de", true */ 's', 'n', 'o', 'w', 'r', 'a', 'v', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "snrub.co", true */ 's', 'n', 'r', 'u', 'b', '.', 'c', 'o', '\0',
+  /* "snuff.porn", true */ 's', 'n', 'u', 'f', 'f', '.', 'p', 'o', 'r', 'n', '\0',
+  /* "snughealth.org.uk", true */ 's', 'n', 'u', 'g', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "sny.no", true */ 's', 'n', 'y', '.', 'n', 'o', '\0',
+  /* "so-healthy.co.uk", true */ 's', 'o', '-', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "so.is-a-cpa.com", true */ 's', 'o', '.', 'i', 's', '-', 'a', '-', 'c', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "soapitup.com.au", true */ 's', 'o', 'a', 'p', 'i', 't', 'u', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sobaya-gohei.com", true */ 's', 'o', 'b', 'a', 'y', 'a', '-', 'g', 'o', 'h', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sobelift.com", true */ 's', 'o', 'b', 'e', 'l', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sobie.ch", true */ 's', 'o', 'b', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "sobieray.dyndns.org", true */ 's', 'o', 'b', 'i', 'e', 'r', 'a', 'y', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sobinski.pl", false */ 's', 'o', 'b', 'i', 'n', 's', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "sobotkama.eu", true */ 's', 'o', 'b', 'o', 't', 'k', 'a', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "soc.net", true */ 's', 'o', 'c', '.', 'n', 'e', 't', '\0',
+  /* "socal-babes.com", true */ 's', 'o', 'c', 'a', 'l', '-', 'b', 'a', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "soccersavings.com", true */ 's', 'o', 'c', 'c', 'e', 'r', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "soccorso-stradale.org", true */ 's', 'o', 'c', 'c', 'o', 'r', 's', 'o', '-', 's', 't', 'r', 'a', 'd', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "sochi-sochno.ru", true */ 's', 'o', 'c', 'h', 'i', '-', 's', 'o', 'c', 'h', 'n', 'o', '.', 'r', 'u', '\0',
+  /* "soci.ml", true */ 's', 'o', 'c', 'i', '.', 'm', 'l', '\0',
+  /* "social-events.net", false */ 's', 'o', 'c', 'i', 'a', 'l', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "social-media-strategies.it", true */ 's', 'o', 'c', 'i', 'a', 'l', '-', 'm', 'e', 'd', 'i', 'a', '-', 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'e', 's', '.', 'i', 't', '\0',
+  /* "socialdj.de", true */ 's', 'o', 'c', 'i', 'a', 'l', 'd', 'j', '.', 'd', 'e', '\0',
+  /* "socialhams.net", true */ 's', 'o', 'c', 'i', 'a', 'l', 'h', 'a', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "socialmedia.ro", true */ 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'r', 'o', '\0',
+  /* "socialnitro.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'n', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "socialnous.co", true */ 's', 'o', 'c', 'i', 'a', 'l', 'n', 'o', 'u', 's', '.', 'c', 'o', '\0',
+  /* "socialrank.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'r', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "socialsecurity.gov", false */ 's', 'o', 'c', 'i', 'a', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "socialweblearning.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'w', 'e', 'b', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "societyhilldance.com", true */ 's', 'o', 'c', 'i', 'e', 't', 'y', 'h', 'i', 'l', 'l', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "socioambiental.org", true */ 's', 'o', 'c', 'i', 'o', 'a', 'm', 'b', 'i', 'e', 'n', 't', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "sociobiology.com", true */ 's', 'o', 'c', 'i', 'o', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sociopathy.org", true */ 's', 'o', 'c', 'i', 'o', 'p', 'a', 't', 'h', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "sockeye.io", true */ 's', 'o', 'c', 'k', 'e', 'y', 'e', '.', 'i', 'o', '\0',
+  /* "sockscap64.com", true */ 's', 'o', 'c', 'k', 's', 'c', 'a', 'p', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "socoastal.com", true */ 's', 'o', 'c', 'o', 'a', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sodafilm.de", true */ 's', 'o', 'd', 'a', 'f', 'i', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "sodexam.pro", true */ 's', 'o', 'd', 'e', 'x', 'a', 'm', '.', 'p', 'r', 'o', '\0',
+  /* "sodi.nl", true */ 's', 'o', 'd', 'i', '.', 'n', 'l', '\0',
+  /* "sodiao.cc", true */ 's', 'o', 'd', 'i', 'a', 'o', '.', 'c', 'c', '\0',
+  /* "soe-server.com", true */ 's', 'o', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sofa-rockers.org", true */ 's', 'o', 'f', 'a', '-', 'r', 'o', 'c', 'k', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sofabedshop.de", true */ 's', 'o', 'f', 'a', 'b', 'e', 'd', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "sofiavanmoorsel.com", true */ 's', 'o', 'f', 'i', 'a', 'v', 'a', 'n', 'm', 'o', 'o', 'r', 's', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sofort.com", true */ 's', 'o', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sofortueberweisung.de", true */ 's', 'o', 'f', 'o', 'r', 't', 'u', 'e', 'b', 'e', 'r', 'w', 'e', 'i', 's', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "softandbouncy.co.uk", true */ 's', 'o', 'f', 't', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "softanka.com", true */ 's', 'o', 'f', 't', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "softballrampage.com", true */ 's', 'o', 'f', 't', 'b', 'a', 'l', 'l', 'r', 'a', 'm', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "softclean.pt", true */ 's', 'o', 'f', 't', 'c', 'l', 'e', 'a', 'n', '.', 'p', 't', '\0',
+  /* "softcreatr.de", true */ 's', 'o', 'f', 't', 'c', 'r', 'e', 'a', 't', 'r', '.', 'd', 'e', '\0',
+  /* "softplay4hire.co.uk", true */ 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '4', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "softplaynation.co.uk", true */ 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "softprayog.in", true */ 's', 'o', 'f', 't', 'p', 'r', 'a', 'y', 'o', 'g', '.', 'i', 'n', '\0',
+  /* "softrobot.se", true */ 's', 'o', 'f', 't', 'r', 'o', 'b', 'o', 't', '.', 's', 'e', '\0',
+  /* "softtennis-zenei.com", true */ 's', 'o', 'f', 't', 't', 'e', 'n', 'n', 'i', 's', '-', 'z', 'e', 'n', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "software.rocks", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "softwarebetrieb.de", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'b', 'e', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "softwaredesign.foundation", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "softwarevoortherapeuten.nl", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'v', 'o', 'o', 'r', 't', 'h', 'e', 'r', 'a', 'p', 'e', 'u', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "softwerk-edv.de", true */ 's', 'o', 'f', 't', 'w', 'e', 'r', 'k', '-', 'e', 'd', 'v', '.', 'd', 'e', '\0',
+  /* "sogola.com", true */ 's', 'o', 'g', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sogravatas.com.br", true */ 's', 'o', 'g', 'r', 'a', 'v', 'a', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sogutma.com.tr", true */ 's', 'o', 'g', 'u', 't', 'm', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "soia.ca", true */ 's', 'o', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "soinvett.com", true */ 's', 'o', 'i', 'n', 'v', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "soju.fi", true */ 's', 'o', 'j', 'u', '.', 'f', 'i', '\0',
+  /* "sokche.com", true */ 's', 'o', 'k', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sokietech.com", true */ 's', 'o', 'k', 'i', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sokkenhoek.nl", true */ 's', 'o', 'k', 'k', 'e', 'n', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "sokolkarvina.cz", true */ 's', 'o', 'k', 'o', 'l', 'k', 'a', 'r', 'v', 'i', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "sol-computers.es", true */ 's', 'o', 'l', '-', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "sol24.net", true */ 's', 'o', 'l', '2', '4', '.', 'n', 'e', 't', '\0',
+  /* "solacyre.ch", true */ 's', 'o', 'l', 'a', 'c', 'y', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "solanum-games.com", true */ 's', 'o', 'l', 'a', 'n', 'u', 'm', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "solar-aydinlatma.com", true */ 's', 'o', 'l', 'a', 'r', '-', 'a', 'y', 'd', 'i', 'n', 'l', 'a', 't', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "solar-ec.com", true */ 's', 'o', 'l', 'a', 'r', '-', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "solariiknight.org", true */ 's', 'o', 'l', 'a', 'r', 'i', 'i', 'k', 'n', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "solariilacheie.ro", true */ 's', 'o', 'l', 'a', 'r', 'i', 'i', 'l', 'a', 'c', 'h', 'e', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "solarplan-berlin.de", true */ 's', 'o', 'l', 'a', 'r', 'p', 'l', 'a', 'n', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "soldecom.com", true */ 's', 'o', 'l', 'd', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "soldout-app.com", true */ 's', 'o', 'l', 'd', 'o', 'u', 't', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sole-erdwaermetauscher.de", true */ 's', 'o', 'l', 'e', '-', 'e', 'r', 'd', 'w', 'a', 'e', 'r', 'm', 'e', 't', 'a', 'u', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "soledadpenades.com", true */ 's', 'o', 'l', 'e', 'd', 'a', 'd', 'p', 'e', 'n', 'a', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "solentbubblesandbounce.co.uk", true */ 's', 'o', 'l', 'e', 'n', 't', 'b', 'u', 'b', 'b', 'l', 'e', 's', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "soleria.eu", true */ 's', 'o', 'l', 'e', 'r', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "solfegiator.ch", true */ 's', 'o', 'l', 'f', 'e', 'g', 'i', 'a', 't', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "soli.cafe", true */ 's', 'o', 'l', 'i', '.', 'c', 'a', 'f', 'e', '\0',
+  /* "solicafe.at", true */ 's', 'o', 'l', 'i', 'c', 'a', 'f', 'e', '.', 'a', 't', '\0',
+  /* "solidimage.com.br", true */ 's', 'o', 'l', 'i', 'd', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "solidshield.com", true */ 's', 'o', 'l', 'i', 'd', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "solidwebnetworks.co.uk", true */ 's', 'o', 'l', 'i', 'd', 'w', 'e', 'b', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "solihullcarnival.co.uk", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "solihullinflatables.com", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "solihulllionsclub.org.uk", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'l', 'i', 'o', 'n', 's', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "solipym.net", true */ 's', 'o', 'l', 'i', 'p', 'y', 'm', '.', 'n', 'e', 't', '\0',
+  /* "solisrey.es", true */ 's', 'o', 'l', 'i', 's', 'r', 'e', 'y', '.', 'e', 's', '\0',
+  /* "solit.systems", true */ 's', 'o', 'l', 'i', 't', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "solmek.co.uk", true */ 's', 'o', 'l', 'm', 'e', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "solmek.com", true */ 's', 'o', 'l', 'm', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "solomisael.com", true */ 's', 'o', 'l', 'o', 'm', 'i', 's', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "solomo.pt", true */ 's', 'o', 'l', 'o', 'm', 'o', '.', 'p', 't', '\0',
+  /* "solonotizie24.it", true */ 's', 'o', 'l', 'o', 'n', 'o', 't', 'i', 'z', 'i', 'e', '2', '4', '.', 'i', 't', '\0',
+  /* "solos.im", true */ 's', 'o', 'l', 'o', 's', '.', 'i', 'm', '\0',
+  /* "solsocog.de", true */ 's', 'o', 'l', 's', 'o', 'c', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "soluphant.de", true */ 's', 'o', 'l', 'u', 'p', 'h', 'a', 'n', 't', '.', 'd', 'e', '\0',
+  /* "solus-project.com", true */ 's', 'o', 'l', 'u', 's', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "solutionhoisthire.com.au", true */ 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'h', 'o', 'i', 's', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "solve-it.se", true */ 's', 'o', 'l', 'v', 'e', '-', 'i', 't', '.', 's', 'e', '\0',
+  /* "solved.tips", true */ 's', 'o', 'l', 'v', 'e', 'd', '.', 't', 'i', 'p', 's', '\0',
+  /* "solvemethod.com", true */ 's', 'o', 'l', 'v', 'e', 'm', 'e', 't', 'h', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "solvops.com", true */ 's', 'o', 'l', 'v', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "somaini.li", true */ 's', 'o', 'm', 'a', 'i', 'n', 'i', '.', 'l', 'i', '\0',
+  /* "somali-derp.com", true */ 's', 'o', 'm', 'a', 'l', 'i', '-', 'd', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "somaliagenda.com", true */ 's', 'o', 'm', 'a', 'l', 'i', 'a', 'g', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "somanao.com", true */ 's', 'o', 'm', 'a', 'n', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "somcase.com.br", true */ 's', 'o', 'm', 'c', 'a', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "somebodycares.org", true */ 's', 'o', 'm', 'e', 'b', 'o', 'd', 'y', 'c', 'a', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "somecrazy.com", true */ 's', 'o', 'm', 'e', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "somethingsimilar.com", true */ 's', 'o', 'm', 'e', 't', 'h', 'i', 'n', 'g', 's', 'i', 'm', 'i', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "somuchbetterwithage.com", true */ 's', 'o', 'm', 'u', 'c', 'h', 'b', 'e', 't', 't', 'e', 'r', 'w', 'i', 't', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "somweyr.de", true */ 's', 'o', 'm', 'w', 'e', 'y', 'r', '.', 'd', 'e', '\0',
+  /* "sona-gaming.com", true */ 's', 'o', 'n', 'a', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sonacupalova.cz", true */ 's', 'o', 'n', 'a', 'c', 'u', 'p', 'a', 'l', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "sonarqube.com", false */ 's', 'o', 'n', 'a', 'r', 'q', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sondergaard.de", true */ 's', 'o', 'n', 'd', 'e', 'r', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "songsmp3.co", true */ 's', 'o', 'n', 'g', 's', 'm', 'p', '3', '.', 'c', 'o', '\0',
+  /* "songsthatsavedyourlife.com", true */ 's', 'o', 'n', 'g', 's', 't', 'h', 'a', 't', 's', 'a', 'v', 'e', 'd', 'y', 'o', 'u', 'r', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "songzhuolun.com", true */ 's', 'o', 'n', 'g', 'z', 'h', 'u', 'o', 'l', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "soniafauville.com", true */ 's', 'o', 'n', 'i', 'a', 'f', 'a', 'u', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sonixonline.com", true */ 's', 'o', 'n', 'i', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sonja-daniels.com", true */ 's', 'o', 'n', 'j', 'a', '-', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sonja-kowa.de", true */ 's', 'o', 'n', 'j', 'a', '-', 'k', 'o', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "sonoecoracao.com.br", true */ 's', 'o', 'n', 'o', 'e', 'c', 'o', 'r', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sonyunlock.nu", true */ 's', 'o', 'n', 'y', 'u', 'n', 'l', 'o', 'c', 'k', '.', 'n', 'u', '\0',
+  /* "soohealthy.nl", true */ 's', 'o', 'o', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'n', 'l', '\0',
+  /* "soomee.be", true */ 's', 'o', 'o', 'm', 'e', 'e', '.', 'b', 'e', '\0',
+  /* "soomee1.be", true */ 's', 'o', 'o', 'm', 'e', 'e', '1', '.', 'b', 'e', '\0',
+  /* "soontm.de", false */ 's', 'o', 'o', 'n', 't', 'm', '.', 'd', 'e', '\0',
+  /* "soopure.nl", true */ 's', 'o', 'o', 'p', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "soph.us", true */ 's', 'o', 'p', 'h', '.', 'u', 's', '\0',
+  /* "sopheos.com", false */ 's', 'o', 'p', 'h', 'e', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sopher.io", true */ 's', 'o', 'p', 'h', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "sophiaandmatt.co.uk", true */ 's', 'o', 'p', 'h', 'i', 'a', 'a', 'n', 'd', 'm', 'a', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sophiakligys.com", true */ 's', 'o', 'p', 'h', 'i', 'a', 'k', 'l', 'i', 'g', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sophieandtrey.com", true */ 's', 'o', 'p', 'h', 'i', 'e', 'a', 'n', 'd', 't', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "soprabalao.com.br", true */ 's', 'o', 'p', 'r', 'a', 'b', 'a', 'l', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sor.so", true */ 's', 'o', 'r', '.', 's', 'o', '\0',
+  /* "sorakumo.jp", true */ 's', 'o', 'r', 'a', 'k', 'u', 'm', 'o', '.', 'j', 'p', '\0',
+  /* "sorcix.com", true */ 's', 'o', 'r', 'c', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "sorellecollection.com.au", true */ 's', 'o', 'r', 'e', 'l', 'l', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sorenstudios.com", true */ 's', 'o', 'r', 'e', 'n', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sorex.photo", true */ 's', 'o', 'r', 'e', 'x', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "sorincocorada.ro", true */ 's', 'o', 'r', 'i', 'n', 'c', 'o', 'c', 'o', 'r', 'a', 'd', 'a', '.', 'r', 'o', '\0',
+  /* "sorinmuntean.ro", true */ 's', 'o', 'r', 'i', 'n', 'm', 'u', 'n', 't', 'e', 'a', 'n', '.', 'r', 'o', '\0',
+  /* "sorn.service.gov.uk", true */ 's', 'o', 'r', 'n', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "sorrowfulunfounded.com", true */ 's', 'o', 'r', 'r', 'o', 'w', 'f', 'u', 'l', 'u', 'n', 'f', 'o', 'u', 'n', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "soruly.com", true */ 's', 'o', 'r', 'u', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sorz.org", true */ 's', 'o', 'r', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "sos-idraulico.it", true */ 's', 'o', 's', '-', 'i', 'd', 'r', 'a', 'u', 'l', 'i', 'c', 'o', '.', 'i', 't', '\0',
+  /* "sos.sk", false */ 's', 'o', 's', '.', 's', 'k', '\0',
+  /* "sosecu.red", true */ 's', 'o', 's', 'e', 'c', 'u', '.', 'r', 'e', 'd', '\0',
+  /* "sosoftplay.co.uk", true */ 's', 'o', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sospromotions.com.au", true */ 's', 'o', 's', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sostacancun.com", true */ 's', 'o', 's', 't', 'a', 'c', 'a', 'n', 'c', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sosteric.si", true */ 's', 'o', 's', 't', 'e', 'r', 'i', 'c', '.', 's', 'i', '\0',
+  /* "sotadb.info", true */ 's', 'o', 't', 'a', 'd', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sotar.us", true */ 's', 'o', 't', 'a', 'r', '.', 'u', 's', '\0',
+  /* "sotavasara.net", true */ 's', 'o', 't', 'a', 'v', 'a', 's', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "sotiran.com", true */ 's', 'o', 't', 'i', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sotoasobi.net", true */ 's', 'o', 't', 'o', 'a', 's', 'o', 'b', 'i', '.', 'n', 'e', 't', '\0',
+  /* "sou-co.jp", true */ 's', 'o', 'u', '-', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "soubriquet.org", true */ 's', 'o', 'u', 'b', 'r', 'i', 'q', 'u', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "soufastnet.com.br", true */ 's', 'o', 'u', 'f', 'a', 's', 't', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sougi-review.top", true */ 's', 'o', 'u', 'g', 'i', '-', 'r', 'e', 'v', 'i', 'e', 'w', '.', 't', 'o', 'p', '\0',
+  /* "souki.cz", true */ 's', 'o', 'u', 'k', 'i', '.', 'c', 'z', '\0',
+  /* "soukodou.jp", true */ 's', 'o', 'u', 'k', 'o', 'd', 'o', 'u', '.', 'j', 'p', '\0',
+  /* "soul-source.co.uk", true */ 's', 'o', 'u', 'l', '-', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "soulcrazy.org", true */ 's', 'o', 'u', 'l', 'c', 'r', 'a', 'z', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "soulmate.dating", true */ 's', 'o', 'u', 'l', 'm', 'a', 't', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "soulogic.com", false */ 's', 'o', 'u', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "soumikghosh.com", true */ 's', 'o', 'u', 'm', 'i', 'k', 'g', 'h', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "soumya92.me", true */ 's', 'o', 'u', 'm', 'y', 'a', '9', '2', '.', 'm', 'e', '\0',
+  /* "soundabout.nl", true */ 's', 'o', 'u', 'n', 'd', 'a', 'b', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "soundedj.com.br", true */ 's', 'o', 'u', 'n', 'd', 'e', 'd', 'j', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "soundeo.com", true */ 's', 'o', 'u', 'n', 'd', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "soundeo.net", true */ 's', 'o', 'u', 'n', 'd', 'e', 'o', '.', 'n', 'e', 't', '\0',
+  /* "soundgasm.net", true */ 's', 'o', 'u', 'n', 'd', 'g', 'a', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "soundhunter.xyz", false */ 's', 'o', 'u', 'n', 'd', 'h', 'u', 'n', 't', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "soundsecurity.io", true */ 's', 'o', 'u', 'n', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 'o', '\0',
+  /* "sour.is", true */ 's', 'o', 'u', 'r', '.', 'i', 's', '\0',
+  /* "souravsaha.com", true */ 's', 'o', 'u', 'r', 'a', 'v', 's', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sourcebox.be", true */ 's', 'o', 'u', 'r', 'c', 'e', 'b', 'o', 'x', '.', 'b', 'e', '\0',
+  /* "sourcecode.love", true */ 's', 'o', 'u', 'r', 'c', 'e', 'c', 'o', 'd', 'e', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "sourcely.net", true */ 's', 'o', 'u', 'r', 'c', 'e', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "sourceway.de", true */ 's', 'o', 'u', 'r', 'c', 'e', 'w', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "souris.ch", true */ 's', 'o', 'u', 'r', 'i', 's', '.', 'c', 'h', '\0',
+  /* "sous-surveillance.net", true */ 's', 'o', 'u', 's', '-', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "southafrican.dating", true */ 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "southambouncycastle.co.uk", true */ 's', 'o', 'u', 't', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "southamerican.dating", true */ 's', 'o', 'u', 't', 'h', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "southbankregister.com.au", true */ 's', 'o', 'u', 't', 'h', 'b', 'a', 'n', 'k', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "southcoastkitesurf.co.uk", true */ 's', 'o', 'u', 't', 'h', 'c', 'o', 'a', 's', 't', 'k', 'i', 't', 'e', 's', 'u', 'r', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "southernmost.us", true */ 's', 'o', 'u', 't', 'h', 'e', 'r', 'n', 'm', 'o', 's', 't', '.', 'u', 's', '\0',
+  /* "southernutahinfluencers.com", true */ 's', 'o', 'u', 't', 'h', 'e', 'r', 'n', 'u', 't', 'a', 'h', 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "southlakenissanparts.com", true */ 's', 'o', 'u', 't', 'h', 'l', 'a', 'k', 'e', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "southmelbourne.apartments", true */ 's', 'o', 'u', 't', 'h', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0',
+  /* "southmorangtownhouses.com.au", true */ 's', 'o', 'u', 't', 'h', 'm', 'o', 'r', 'a', 'n', 'g', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "southside-crew.com", true */ 's', 'o', 'u', 't', 'h', 's', 'i', 'd', 'e', '-', 'c', 'r', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "southside-tuning-day.de", true */ 's', 'o', 'u', 't', 'h', 's', 'i', 'd', 'e', '-', 't', 'u', 'n', 'i', 'n', 'g', '-', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "southwaymotors.com", true */ 's', 'o', 'u', 't', 'h', 'w', 'a', 'y', 'm', 'o', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "southwestrda.org.uk", true */ 's', 'o', 'u', 't', 'h', 'w', 'e', 's', 't', 'r', 'd', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "soutien-naissance.com", true */ 's', 'o', 'u', 't', 'i', 'e', 'n', '-', 'n', 'a', 'i', 's', 's', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "soved.eu", true */ 's', 'o', 'v', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "soybase.org", true */ 's', 'o', 'y', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "sozai-good.com", true */ 's', 'o', 'z', 'a', 'i', '-', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sozialy.com", true */ 's', 'o', 'z', 'i', 'a', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sozon.ca", true */ 's', 'o', 'z', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "sp-sephiroth.jp", true */ 's', 'p', '-', 's', 'e', 'p', 'h', 'i', 'r', 'o', 't', 'h', '.', 'j', 'p', '\0',
+  /* "sp.com.pl", true */ 's', 'p', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "space-it.de", true */ 's', 'p', 'a', 'c', 'e', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "spacebaseapp.com", true */ 's', 'p', 'a', 'c', 'e', 'b', 'a', 's', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "spacecafe.org", true */ 's', 'p', 'a', 'c', 'e', 'c', 'a', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "spacedirectory.org", true */ 's', 'p', 'a', 'c', 'e', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "spacehighway.ms", true */ 's', 'p', 'a', 'c', 'e', 'h', 'i', 'g', 'h', 'w', 'a', 'y', '.', 'm', 's', '\0',
+  /* "spacehost.de", false */ 's', 'p', 'a', 'c', 'e', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "spacelabs.io", true */ 's', 'p', 'a', 'c', 'e', 'l', 'a', 'b', 's', '.', 'i', 'o', '\0',
+  /* "spacepage.be", true */ 's', 'p', 'a', 'c', 'e', 'p', 'a', 'g', 'e', '.', 'b', 'e', '\0',
+  /* "spaceweather.live", true */ 's', 'p', 'a', 'c', 'e', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "spaceweatherlive.com", true */ 's', 'p', 'a', 'c', 'e', 'w', 'e', 'a', 't', 'h', 'e', 'r', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spackova.cz", true */ 's', 'p', 'a', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "spahireleeds.co.uk", true */ 's', 'p', 'a', 'h', 'i', 'r', 'e', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "spaid.xyz", true */ 's', 'p', 'a', 'i', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "spam.lol", true */ 's', 'p', 'a', 'm', '.', 'l', 'o', 'l', '\0',
+  /* "spamdrain.com", true */ 's', 'p', 'a', 'm', 'd', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "spamwc.de", true */ 's', 'p', 'a', 'm', 'w', 'c', '.', 'd', 'e', '\0',
+  /* "sparanoid.com", true */ 's', 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sparkasse.de", true */ 's', 'p', 'a', 'r', 'k', 'a', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "sparkbase.cn", true */ 's', 'p', 'a', 'r', 'k', 'b', 'a', 's', 'e', '.', 'c', 'n', '\0',
+  /* "sparkforautism.org", true */ 's', 'p', 'a', 'r', 'k', 'f', 'o', 'r', 'a', 'u', 't', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "sparklebastard.com", true */ 's', 'p', 'a', 'r', 'k', 'l', 'e', 'b', 'a', 's', 't', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sparkwood.org", true */ 's', 'p', 'a', 'r', 'k', 'w', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "sparta-solutions.de", true */ 's', 'p', 'a', 'r', 't', 'a', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "spartaconsulting.fi", true */ 's', 'p', 'a', 'r', 't', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'f', 'i', '\0',
+  /* "spartantheatre.org", true */ 's', 'p', 'a', 'r', 't', 'a', 'n', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "spasicilia.it", true */ 's', 'p', 'a', 's', 'i', 'c', 'i', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "spatzenwerkstatt.de", true */ 's', 'p', 'a', 't', 'z', 'e', 'n', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0',
+  /* "spawn.cz", true */ 's', 'p', 'a', 'w', 'n', '.', 'c', 'z', '\0',
+  /* "spaysy.com", true */ 's', 'p', 'a', 'y', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "spaziobenedetti.com.br", true */ 's', 'p', 'a', 'z', 'i', 'o', 'b', 'e', 'n', 'e', 'd', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "spaziopervoi.com.br", true */ 's', 'p', 'a', 'z', 'i', 'o', 'p', 'e', 'r', 'v', 'o', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "spdepartamentos.com.br", true */ 's', 'p', 'd', 'e', 'p', 'a', 'r', 't', 'a', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "spdf.net", true */ 's', 'p', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "spearfishingmx.com", true */ 's', 'p', 'e', 'a', 'r', 'f', 'i', 's', 'h', 'i', 'n', 'g', 'm', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "speciesism.com", true */ 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "spectrosoftware.de", true */ 's', 'p', 'e', 'c', 't', 'r', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "spedplus.com.br", false */ 's', 'p', 'e', 'd', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "speech-balloon.com", true */ 's', 'p', 'e', 'e', 'c', 'h', '-', 'b', 'a', 'l', 'l', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "speechmate.com", true */ 's', 'p', 'e', 'e', 'c', 'h', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "speechndraw.com", true */ 's', 'p', 'e', 'e', 'c', 'h', 'n', 'd', 'r', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "speeddate.it", false */ 's', 'p', 'e', 'e', 'd', 'd', 'a', 't', 'e', '.', 'i', 't', '\0',
+  /* "speedracer.ca", true */ 's', 'p', 'e', 'e', 'd', 'r', 'a', 'c', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "speeds.vip", true */ 's', 'p', 'e', 'e', 'd', 's', '.', 'v', 'i', 'p', '\0',
+  /* "speedsportofhull.co.uk", true */ 's', 'p', 'e', 'e', 'd', 's', 'p', 'o', 'r', 't', 'o', 'f', 'h', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "speedtailors.com", true */ 's', 'p', 'e', 'e', 'd', 't', 'a', 'i', 'l', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "speedtest-russia.com", true */ 's', 'p', 'e', 'e', 'd', 't', 'e', 's', 't', '-', 'r', 'u', 's', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "speedychat.it", true */ 's', 'p', 'e', 'e', 'd', 'y', 'c', 'h', 'a', 't', '.', 'i', 't', '\0',
+  /* "speerpunt.info", true */ 's', 'p', 'e', 'e', 'r', 'p', 'u', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "speich.net", true */ 's', 'p', 'e', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "spek.tech", true */ 's', 'p', 'e', 'k', '.', 't', 'e', 'c', 'h', '\0',
+  /* "spellcheck24.net", true */ 's', 'p', 'e', 'l', 'l', 'c', 'h', 'e', 'c', 'k', '2', '4', '.', 'n', 'e', 't', '\0',
+  /* "spendwise.com.au", true */ 's', 'p', 'e', 'n', 'd', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "spenglerei-shop.de", true */ 's', 'p', 'e', 'n', 'g', 'l', 'e', 'r', 'e', 'i', '-', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "sperohub.com", true */ 's', 'p', 'e', 'r', 'o', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "sperohub.lt", true */ 's', 'p', 'e', 'r', 'o', 'h', 'u', 'b', '.', 'l', 't', '\0',
+  /* "sperrstun.de", true */ 's', 'p', 'e', 'r', 'r', 's', 't', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "spesys-services.fr", true */ 's', 'p', 'e', 's', 'y', 's', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'f', 'r', '\0',
+  /* "sphereblur.com", true */ 's', 'p', 'h', 'e', 'r', 'e', 'b', 'l', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "spherenix.org", true */ 's', 'p', 'h', 'e', 'r', 'e', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "spicydog.org", true */ 's', 'p', 'i', 'c', 'y', 'd', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "spicydog.tk", false */ 's', 'p', 'i', 'c', 'y', 'd', 'o', 'g', '.', 't', 'k', '\0',
+  /* "spicymatch.com", true */ 's', 'p', 'i', 'c', 'y', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "spidermail.tk", true */ 's', 'p', 'i', 'd', 'e', 'r', 'm', 'a', 'i', 'l', '.', 't', 'k', '\0',
+  /* "spidernet.tk", true */ 's', 'p', 'i', 'd', 'e', 'r', 'n', 'e', 't', '.', 't', 'k', '\0',
+  /* "spideroak.com", true */ 's', 'p', 'i', 'd', 'e', 'r', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "spiders.org.ua", true */ 's', 'p', 'i', 'd', 'e', 'r', 's', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "spielezar.ch", true */ 's', 'p', 'i', 'e', 'l', 'e', 'z', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "spielland.ch", true */ 's', 'p', 'i', 'e', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "spiellawine.de", true */ 's', 'p', 'i', 'e', 'l', 'l', 'a', 'w', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "spiet.nl", true */ 's', 'p', 'i', 'e', 't', '.', 'n', 'l', '\0',
+  /* "spiff.eu", true */ 's', 'p', 'i', 'f', 'f', '.', 'e', 'u', '\0',
+  /* "spiga.ch", true */ 's', 'p', 'i', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "spillersfamily.net", true */ 's', 'p', 'i', 'l', 'l', 'e', 'r', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "spilogkoder.dk", true */ 's', 'p', 'i', 'l', 'o', 'g', 'k', 'o', 'd', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "spinalien.net", true */ 's', 'p', 'i', 'n', 'a', 'l', 'i', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "spingenie.com", true */ 's', 'p', 'i', 'n', 'g', 'e', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spinner.dnshome.de", true */ 's', 'p', 'i', 'n', 'n', 'e', 'r', '.', 'd', 'n', 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "spins.fedoraproject.org", true */ 's', 'p', 'i', 'n', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "spinspin.wtf", true */ 's', 'p', 'i', 'n', 's', 'p', 'i', 'n', '.', 'w', 't', 'f', '\0',
+  /* "spiralschneiderkaufen.de", true */ 's', 'p', 'i', 'r', 'a', 'l', 's', 'c', 'h', 'n', 'e', 'i', 'd', 'e', 'r', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "spirella-shop.ch", true */ 's', 'p', 'i', 'r', 'e', 'l', 'l', 'a', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "spiritbionic.ro", true */ 's', 'p', 'i', 'r', 'i', 't', 'b', 'i', 'o', 'n', 'i', 'c', '.', 'r', 'o', '\0',
+  /* "spiritual.dating", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "spiritualife.net", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "spiritualregression.com.au", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', 'r', 'e', 'g', 'r', 'e', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "spisbilligt.dk", true */ 's', 'p', 'i', 's', 'b', 'i', 'l', 'l', 'i', 'g', 't', '.', 'd', 'k', '\0',
+  /* "spitfireuav.com", true */ 's', 'p', 'i', 't', 'f', 'i', 'r', 'e', 'u', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "splarty.net", true */ 's', 'p', 'l', 'a', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "splendidspoon.com", true */ 's', 'p', 'l', 'e', 'n', 'd', 'i', 'd', 's', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "splendorservizi.it", true */ 's', 'p', 'l', 'e', 'n', 'd', 'o', 'r', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0',
+  /* "splikity.com", true */ 's', 'p', 'l', 'i', 'k', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "splitdna.com", true */ 's', 'p', 'l', 'i', 't', 'd', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "splitreflection.com", true */ 's', 'p', 'l', 'i', 't', 'r', 'e', 'f', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "splunk.net", true */ 's', 'p', 'l', 'u', 'n', 'k', '.', 'n', 'e', 't', '\0',
+  /* "spodelime.com", true */ 's', 'p', 'o', 'd', 'e', 'l', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spoketwist.com", true */ 's', 'p', 'o', 'k', 'e', 't', 'w', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "spolwind.de", true */ 's', 'p', 'o', 'l', 'w', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "spom.net", true */ 's', 'p', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "spon.cz", true */ 's', 'p', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "sponc.de", true */ 's', 'p', 'o', 'n', 'c', '.', 'd', 'e', '\0',
+  /* "spongepowered.org", true */ 's', 'p', 'o', 'n', 'g', 'e', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "sponsor.network", true */ 's', 'p', 'o', 'n', 's', 'o', 'r', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "sponsorowani.pl", true */ 's', 'p', 'o', 'n', 's', 'o', 'r', 'o', 'w', 'a', 'n', 'i', '.', 'p', 'l', '\0',
+  /* "spontex.org", true */ 's', 'p', 'o', 'n', 't', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "spoofhaus.com", true */ 's', 'p', 'o', 'o', 'f', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "spookbook.net", true */ 's', 'p', 'o', 'o', 'k', 'b', 'o', 'o', 'k', '.', 'n', 'e', 't', '\0',
+  /* "spookquest.com", true */ 's', 'p', 'o', 'o', 'k', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "spoopy.link", true */ 's', 'p', 'o', 'o', 'p', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "sporcard.com", true */ 's', 'p', 'o', 'r', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "spornkuller.de", true */ 's', 'p', 'o', 'r', 'n', 'k', 'u', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "sport-in-sundern.de", true */ 's', 'p', 'o', 'r', 't', '-', 'i', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "sport-potreby.cz", true */ 's', 'p', 'o', 'r', 't', '-', 'p', 'o', 't', 'r', 'e', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "sport-potreby.sk", true */ 's', 'p', 'o', 'r', 't', '-', 'p', 'o', 't', 'r', 'e', 'b', 'y', '.', 's', 'k', '\0',
+  /* "sport-socken.net", true */ 's', 'p', 'o', 'r', 't', '-', 's', 'o', 'c', 'k', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sporter.com", true */ 's', 'p', 'o', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sportflash.info", true */ 's', 'p', 'o', 'r', 't', 'f', 'l', 'a', 's', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sportnesia.com", true */ 's', 'p', 'o', 'r', 't', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sportovnidum.cz", true */ 's', 'p', 'o', 'r', 't', 'o', 'v', 'n', 'i', 'd', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "sportparks.com", true */ 's', 'p', 'o', 'r', 't', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sportparks.org", true */ 's', 'p', 'o', 'r', 't', 'p', 'a', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sportressofblogitude.com", true */ 's', 'p', 'o', 'r', 't', 'r', 'e', 's', 's', 'o', 'f', 'b', 'l', 'o', 'g', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sports.dating", true */ 's', 'p', 'o', 'r', 't', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "sportsmansblog.com", true */ 's', 'p', 'o', 'r', 't', 's', 'm', 'a', 'n', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sportstraineradvisor.com", true */ 's', 'p', 'o', 'r', 't', 's', 't', 'r', 'a', 'i', 'n', 'e', 'r', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sportugalia.ru", true */ 's', 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "sportxt.ru", true */ 's', 'p', 'o', 'r', 't', 'x', 't', '.', 'r', 'u', '\0',
+  /* "spotlightsrule.com", true */ 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', 's', 'r', 'u', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spotupload.com", true */ 's', 'p', 'o', 't', 'u', 'p', 'l', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sprachfreudehoch3.de", true */ 's', 'p', 'r', 'a', 'c', 'h', 'f', 'r', 'e', 'u', 'd', 'e', 'h', 'o', 'c', 'h', '3', '.', 'd', 'e', '\0',
+  /* "spreadsheets.google.com", true */ 's', 'p', 'r', 'e', 'a', 'd', 's', 'h', 'e', 'e', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spreadthenews.eu", true */ 's', 'p', 'r', 'e', 'a', 'd', 't', 'h', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0',
+  /* "spree.co.za", true */ 's', 'p', 'r', 'e', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "spreed.me", true */ 's', 'p', 'r', 'e', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "spricknet.de", true */ 's', 'p', 'r', 'i', 'c', 'k', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "sprigings.com", true */ 's', 'p', 'r', 'i', 'g', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "springerundpartner.de", true */ 's', 'p', 'r', 'i', 'n', 'g', 'e', 'r', 'u', 'n', 'd', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "springfieldbricks.com", true */ 's', 'p', 'r', 'i', 'n', 'g', 'f', 'i', 'e', 'l', 'd', 'b', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "springsoffthegrid.com", true */ 's', 'p', 'r', 'i', 'n', 'g', 's', 'o', 'f', 'f', 't', 'h', 'e', 'g', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sprock.io", false */ 's', 'p', 'r', 'o', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "sproing.ca", true */ 's', 'p', 'r', 'o', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "spron.in", true */ 's', 'p', 'r', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "sprucecreekclubs.com", true */ 's', 'p', 'r', 'u', 'c', 'e', 'c', 'r', 'e', 'e', 'k', 'c', 'l', 'u', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sprucecreekgcc.com", true */ 's', 'p', 'r', 'u', 'c', 'e', 'c', 'r', 'e', 'e', 'k', 'g', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "sprueche-zum-valentinstag.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'm', '-', 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 's', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "sprueche-zur-geburt.info", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'g', 'e', 'b', 'u', 'r', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sprueche-zur-hochzeit.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "sprueche-zur-konfirmation.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'k', 'o', 'n', 'f', 'i', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "sps-lehrgang.de", true */ 's', 'p', 's', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "sptk.org", true */ 's', 'p', 't', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "spuffin.com", true */ 's', 'p', 'u', 'f', 'f', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "spufpowered.com", true */ 's', 'p', 'u', 'f', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "spunkt.fr", true */ 's', 'p', 'u', 'n', 'k', 't', '.', 'f', 'r', '\0',
+  /* "spur.com.br", true */ 's', 'p', 'u', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sputnik1net.org", true */ 's', 'p', 'u', 't', 'n', 'i', 'k', '1', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "spydar007.com", true */ 's', 'p', 'y', 'd', 'a', 'r', '0', '0', '7', '.', 'c', 'o', 'm', '\0',
+  /* "spydar007.net", true */ 's', 'p', 'y', 'd', 'a', 'r', '0', '0', '7', '.', 'n', 'e', 't', '\0',
+  /* "spydersec.com", true */ 's', 'p', 'y', 'd', 'e', 'r', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "spykedigital.com", true */ 's', 'p', 'y', 'k', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "spyprofit.ru", true */ 's', 'p', 'y', 'p', 'r', 'o', 'f', 'i', 't', '.', 'r', 'u', '\0',
+  /* "sqetsa.com", true */ 's', 'q', 'e', 't', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sql-und-xml.de", true */ 's', 'q', 'l', '-', 'u', 'n', 'd', '-', 'x', 'm', 'l', '.', 'd', 'e', '\0',
+  /* "sqlapius.net", true */ 's', 'q', 'l', 'a', 'p', 'i', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "sqlfeatures.com", true */ 's', 'q', 'l', 'f', 'e', 'a', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sqr-training.com", true */ 's', 'q', 'r', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sqroot.eu", true */ 's', 'q', 'r', 'o', 'o', 't', '.', 'e', 'u', '\0',
+  /* "sqshq.de", true */ 's', 'q', 's', 'h', 'q', '.', 'd', 'e', '\0',
+  /* "squadlinx.com", true */ 's', 'q', 'u', 'a', 'd', 'l', 'i', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "square-gaming.org", true */ 's', 'q', 'u', 'a', 'r', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "square-src.de", false */ 's', 'q', 'u', 'a', 'r', 'e', '-', 's', 'r', 'c', '.', 'd', 'e', '\0',
+  /* "square.com", false */ 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "squarelab.it", true */ 's', 'q', 'u', 'a', 'r', 'e', 'l', 'a', 'b', '.', 'i', 't', '\0',
+  /* "squareonebgc.com.ph", true */ 's', 'q', 'u', 'a', 'r', 'e', 'o', 'n', 'e', 'b', 'g', 'c', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "squareup.com", false */ 's', 'q', 'u', 'a', 'r', 'e', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "squawk.cc", true */ 's', 'q', 'u', 'a', 'w', 'k', '.', 'c', 'c', '\0',
+  /* "squeezemetrics.com", true */ 's', 'q', 'u', 'e', 'e', 'z', 'e', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "squido.ch", true */ 's', 'q', 'u', 'i', 'd', 'o', '.', 'c', 'h', '\0',
+  /* "squidparty.com", true */ 's', 'q', 'u', 'i', 'd', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "squirex2.com", true */ 's', 'q', 'u', 'i', 'r', 'e', 'x', '2', '.', 'c', 'o', 'm', '\0',
+  /* "sr-cs.net", true */ 's', 'r', '-', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "sr33.com", true */ 's', 'r', '3', '3', '.', 'c', 'o', 'm', '\0',
+  /* "srandom.com", true */ 's', 'r', 'a', 'n', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "srbija-nekretnine.org", true */ 's', 'r', 'b', 'i', 'j', 'a', '-', 'n', 'e', 'k', 'r', 'e', 't', 'n', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "src.fedoraproject.org", true */ 's', 'r', 'c', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "srchub.org", true */ 's', 'r', 'c', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "sreeharis.tk", true */ 's', 'r', 'e', 'e', 'h', 'a', 'r', 'i', 's', '.', 't', 'k', '\0',
+  /* "srinivasan.io", true */ 's', 'r', 'i', 'n', 'i', 'v', 'a', 's', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "sro.center", true */ 's', 'r', 'o', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "srolim.com", true */ 's', 'r', 'o', 'l', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "srrdb.com", true */ 's', 'r', 'r', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "srroddy.com", true */ 's', 'r', 'r', 'o', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "srv.so", true */ 's', 'r', 'v', '.', 's', 'o', '\0',
+  /* "srvc.io", true */ 's', 'r', 'v', 'c', '.', 'i', 'o', '\0',
+  /* "ss-x.ru", true */ 's', 's', '-', 'x', '.', 'r', 'u', '\0',
+  /* "ss.com", true */ 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ss.lt", true */ 's', 's', '.', 'l', 't', '\0',
+  /* "ss.lv", true */ 's', 's', '.', 'l', 'v', '\0',
+  /* "ss.ua", true */ 's', 's', '.', 'u', 'a', '\0',
+  /* "ss64.com", true */ 's', 's', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "ss64.org", true */ 's', 's', '6', '4', '.', 'o', 'r', 'g', '\0',
+  /* "ss88.uk", true */ 's', 's', '8', '8', '.', 'u', 'k', '\0',
+  /* "ssa.gov", false */ 's', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "ssbkk.ru", true */ 's', 's', 'b', 'k', 'k', '.', 'r', 'u', '\0',
+  /* "ssbrm.ch", true */ 's', 's', 'b', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "sscd.no", true */ 's', 's', 'c', 'd', '.', 'n', 'o', '\0',
+  /* "ssdax.com", false */ 's', 's', 'd', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ssenberg.nl", true */ 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "ssh-keys.online", true */ 's', 's', 'h', '-', 'k', 'e', 'y', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "ssh-vault.com", true */ 's', 's', 'h', '-', 'v', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sshool.at", true */ 's', 's', 'h', 'o', 'o', 'l', '.', 'a', 't', '\0',
+  /* "ssky.cn", true */ 's', 's', 'k', 'y', '.', 'c', 'n', '\0',
+  /* "ssl-zertifikate.de", true */ 's', 's', 'l', '-', 'z', 'e', 'r', 't', 'i', 'f', 'i', 'k', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "ssl.do", true */ 's', 's', 'l', '.', 'd', 'o', '\0',
+  /* "ssl.doctor", true */ 's', 's', 'l', '.', 'd', 'o', 'c', 't', 'o', 'r', '\0',
+  /* "ssl.google-analytics.com", true */ 's', 's', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ssl.md", true */ 's', 's', 'l', '.', 'm', 'd', '\0',
+  /* "ssl247.co.uk", true */ 's', 's', 'l', '2', '4', '7', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ssl247.com.mx", true */ 's', 's', 'l', '2', '4', '7', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "ssl247.de", true */ 's', 's', 'l', '2', '4', '7', '.', 'd', 'e', '\0',
+  /* "ssl247.dk", true */ 's', 's', 'l', '2', '4', '7', '.', 'd', 'k', '\0',
+  /* "ssl888.com", true */ 's', 's', 'l', '8', '8', '8', '.', 'c', 'o', 'm', '\0',
+  /* "sslcertificaten.nl", true */ 's', 's', 'l', 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "sslcheck.nl", true */ 's', 's', 'l', 'c', 'h', 'e', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "ssldecoder.org", true */ 's', 's', 'l', 'd', 'e', 'c', 'o', 'd', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ssldev.net", true */ 's', 's', 'l', 'd', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "sslmate.com", true */ 's', 's', 'l', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sslok.com", true */ 's', 's', 'l', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "sslping.com", true */ 's', 's', 'l', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sslpoint.com", true */ 's', 's', 'l', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ssls.cz", true */ 's', 's', 'l', 's', '.', 'c', 'z', '\0',
+  /* "sslsurvey.de", true */ 's', 's', 'l', 's', 'u', 'r', 'v', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "sslzilla.de", true */ 's', 's', 'l', 'z', 'i', 'l', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "ssnet.vip", true */ 's', 's', 'n', 'e', 't', '.', 'v', 'i', 'p', '\0',
+  /* "ssrvpn.tech", true */ 's', 's', 'r', 'v', 'p', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "sss3s.com", true */ 's', 's', 's', '3', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sstaging.com", true */ 's', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sstewartgallus.com", true */ 's', 's', 't', 'e', 'w', 'a', 'r', 't', 'g', 'a', 'l', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ssuiteoffice.com", true */ 's', 's', 'u', 'i', 't', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ssuitesoft.com", true */ 's', 's', 'u', 'i', 't', 'e', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "st-kilian-markt-erlbach.de", true */ 's', 't', '-', 'k', 'i', 'l', 'i', 'a', 'n', '-', 'm', 'a', 'r', 'k', 't', '-', 'e', 'r', 'l', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "st-news.de", true */ 's', 't', '-', 'n', 'e', 'w', 's', '.', 'd', 'e', '\0',
+  /* "st-steuern.de", true */ 's', 't', '-', 's', 't', 'e', 'u', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "staatschutz.at", true */ 's', 't', 'a', 'a', 't', 's', 'c', 'h', 'u', 't', 'z', '.', 'a', 't', '\0',
+  /* "staatsschutz.at", true */ 's', 't', 'a', 'a', 't', 's', 's', 'c', 'h', 'u', 't', 'z', '.', 'a', 't', '\0',
+  /* "staatsschutzgesetz.at", true */ 's', 't', 'a', 'a', 't', 's', 's', 'c', 'h', 'u', 't', 'z', 'g', 'e', 's', 'e', 't', 'z', '.', 'a', 't', '\0',
+  /* "stablelib.com", true */ 's', 't', 'a', 'b', 'l', 'e', 'l', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "staceyhankeinc.com", true */ 's', 't', 'a', 'c', 'e', 'y', 'h', 'a', 'n', 'k', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stackhub.cc", true */ 's', 't', 'a', 'c', 'k', 'h', 'u', 'b', '.', 'c', 'c', '\0',
+  /* "stackptr.com", true */ 's', 't', 'a', 'c', 'k', 'p', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stacktile.io", false */ 's', 't', 'a', 'c', 'k', 't', 'i', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "stackunderflow.com", true */ 's', 't', 'a', 'c', 'k', 'u', 'n', 'd', 'e', 'r', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "stadm.com", true */ 's', 't', 'a', 'd', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "stadsbygd.info", true */ 's', 't', 'a', 'd', 's', 'b', 'y', 'g', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "stadt-apotheke-muensingen.de", true */ 's', 't', 'a', 'd', 't', '-', 'a', 'p', 'o', 't', 'h', 'e', 'k', 'e', '-', 'm', 'u', 'e', 'n', 's', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "stadterneuerung-hwb.de", true */ 's', 't', 'a', 'd', 't', 'e', 'r', 'n', 'e', 'u', 'e', 'r', 'u', 'n', 'g', '-', 'h', 'w', 'b', '.', 'd', 'e', '\0',
+  /* "stadtpapa.de", true */ 's', 't', 'a', 'd', 't', 'p', 'a', 'p', 'a', '.', 'd', 'e', '\0',
+  /* "stadtplan-ilmenau.de", true */ 's', 't', 'a', 'd', 't', 'p', 'l', 'a', 'n', '-', 'i', 'l', 'm', 'e', 'n', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "stage-props-blank-guns.com", false */ 's', 't', 'a', 'g', 'e', '-', 'p', 'r', 'o', 'p', 's', '-', 'b', 'l', 'a', 'n', 'k', '-', 'g', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stage.wepay.com", false */ 's', 't', 'a', 'g', 'e', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stage4.ch", true */ 's', 't', 'a', 'g', 'e', '4', '.', 'c', 'h', '\0',
+  /* "stageirites.com", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stageirites.fr", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "stageirites.org", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "stagingjobshq.com", true */ 's', 't', 'a', 'g', 'i', 'n', 'g', 'j', 'o', 'b', 's', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "stagstickets.co.uk", true */ 's', 't', 'a', 'g', 's', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stahlfors.com", true */ 's', 't', 'a', 'h', 'l', 'f', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stainedglass.net.au", true */ 's', 't', 'a', 'i', 'n', 'e', 'd', 'g', 'l', 'a', 's', 's', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "stair.ch", true */ 's', 't', 'a', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "stairfallgames.com", true */ 's', 't', 'a', 'i', 'r', 'f', 'a', 'l', 'l', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stairlin.com", true */ 's', 't', 'a', 'i', 'r', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "stalder.work", true */ 's', 't', 'a', 'l', 'd', 'e', 'r', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "stalker-shop.com", true */ 's', 't', 'a', 'l', 'k', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "stalkr.net", true */ 's', 't', 'a', 'l', 'k', 'r', '.', 'n', 'e', 't', '\0',
+  /* "stamboommuller.nl", true */ 's', 't', 'a', 'm', 'b', 'o', 'o', 'm', 'm', 'u', 'l', 'l', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "stamboomvanderwal.nl", true */ 's', 't', 'a', 'm', 'b', 'o', 'o', 'm', 'v', 'a', 'n', 'd', 'e', 'r', 'w', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "stameystreet.com", true */ 's', 't', 'a', 'm', 'e', 'y', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stamkassa.nl", true */ 's', 't', 'a', 'm', 'k', 'a', 's', 's', 'a', '.', 'n', 'l', '\0',
+  /* "stammtisch.domains", true */ 's', 't', 'a', 'm', 'm', 't', 'i', 's', 'c', 'h', '.', 'd', 'o', 'm', 'a', 'i', 'n', 's', '\0',
+  /* "stampederadon.com", true */ 's', 't', 'a', 'm', 'p', 'e', 'd', 'e', 'r', 'a', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "standagainstspying.org", true */ 's', 't', 'a', 'n', 'd', 'a', 'g', 'a', 'i', 'n', 's', 't', 's', 'p', 'y', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "standardequipment.com", true */ 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "standards.gov", true */ 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 's', '.', 'g', 'o', 'v', '\0',
+  /* "standoutbooks.com", true */ 's', 't', 'a', 'n', 'd', 'o', 'u', 't', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stanthonymaryclaret.org", true */ 's', 't', 'a', 'n', 't', 'h', 'o', 'n', 'y', 'm', 'a', 'r', 'y', 'c', 'l', 'a', 'r', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "star-citizen.wiki", true */ 's', 't', 'a', 'r', '-', 'c', 'i', 't', 'i', 'z', 'e', 'n', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "star-killer.net", true */ 's', 't', 'a', 'r', '-', 'k', 'i', 'l', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "star-stuff.de", true */ 's', 't', 'a', 'r', '-', 's', 't', 'u', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "starcafe.me", true */ 's', 't', 'a', 'r', 'c', 'a', 'f', 'e', '.', 'm', 'e', '\0',
+  /* "starcomproj.com", true */ 's', 't', 'a', 'r', 'c', 'o', 'm', 'p', 'r', 'o', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "stardanceacademy.net", true */ 's', 't', 'a', 'r', 'd', 'a', 'n', 'c', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "stardeeps.net", true */ 's', 't', 'a', 'r', 'd', 'e', 'e', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "stardust-entertainments.co.uk", true */ 's', 't', 'a', 'r', 'd', 'u', 's', 't', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "starfm.de", true */ 's', 't', 'a', 'r', 'f', 'm', '.', 'd', 'e', '\0',
+  /* "stargarder-jungs.de", true */ 's', 't', 'a', 'r', 'g', 'a', 'r', 'd', 'e', 'r', '-', 'j', 'u', 'n', 'g', 's', '.', 'd', 'e', '\0',
+  /* "stargazer.de", true */ 's', 't', 'a', 'r', 'g', 'a', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stari.co", true */ 's', 't', 'a', 'r', 'i', '.', 'c', 'o', '\0',
+  /* "starina.ru", true */ 's', 't', 'a', 'r', 'i', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "starka.st", true */ 's', 't', 'a', 'r', 'k', 'a', '.', 's', 't', '\0',
+  /* "starkbim.com", true */ 's', 't', 'a', 'r', 'k', 'b', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "starlightentertainmentdevon.co.uk", true */ 's', 't', 'a', 'r', 'l', 'i', 'g', 'h', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 'd', 'e', 'v', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "starlim.co.in", true */ 's', 't', 'a', 'r', 'l', 'i', 'm', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "starlim.org", true */ 's', 't', 'a', 'r', 'l', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "starpeak.org", true */ 's', 't', 'a', 'r', 'p', 'e', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "starphotoboothsni.co.uk", true */ 's', 't', 'a', 'r', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "starplatinum.jp", true */ 's', 't', 'a', 'r', 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', '.', 'j', 'p', '\0',
+  /* "starquake.nl", true */ 's', 't', 'a', 'r', 'q', 'u', 'a', 'k', 'e', '.', 'n', 'l', '\0',
+  /* "starsam80.net", true */ 's', 't', 'a', 'r', 's', 'a', 'm', '8', '0', '.', 'n', 'e', 't', '\0',
+  /* "starsbattle.net", true */ 's', 't', 'a', 'r', 's', 'b', 'a', 't', 't', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "starstreak.net", true */ 's', 't', 'a', 'r', 's', 't', 'r', 'e', 'a', 'k', '.', 'n', 'e', 't', '\0',
+  /* "startaninflatablebusiness.com", true */ 's', 't', 'a', 'r', 't', 'a', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "startlab.sk", true */ 's', 't', 'a', 'r', 't', 'l', 'a', 'b', '.', 's', 'k', '\0',
+  /* "startpage.com", true */ 's', 't', 'a', 'r', 't', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "startpage.info", true */ 's', 't', 'a', 'r', 't', 'p', 'a', 'g', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "startrek.in", true */ 's', 't', 'a', 'r', 't', 'r', 'e', 'k', '.', 'i', 'n', '\0',
+  /* "starttraffic.com", true */ 's', 't', 'a', 'r', 't', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "starttraffic.uk", true */ 's', 't', 'a', 'r', 't', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'u', 'k', '\0',
+  /* "startup.melbourne", true */ 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "startuplevel.com", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'l', 'e', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "startuppeople.co.uk", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "startupum.ru", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'u', 'm', '.', 'r', 'u', '\0',
+  /* "starwatches.eu", true */ 's', 't', 'a', 'r', 'w', 'a', 't', 'c', 'h', 'e', 's', '.', 'e', 'u', '\0',
+  /* "starwins.co.uk", true */ 's', 't', 'a', 'r', 'w', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stassi.ch", true */ 's', 't', 'a', 's', 's', 'i', '.', 'c', 'h', '\0',
+  /* "stastka.ch", true */ 's', 't', 'a', 's', 't', 'k', 'a', '.', 'c', 'h', '\0',
+  /* "stat.ink", true */ 's', 't', 'a', 't', '.', 'i', 'n', 'k', '\0',
+  /* "state-of-body-and-mind.com", true */ 's', 't', 'a', 't', 'e', '-', 'o', 'f', '-', 'b', 'o', 'd', 'y', '-', 'a', 'n', 'd', '-', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "statecollegemortgages.com", true */ 's', 't', 'a', 't', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "static-692b8c32.de", true */ 's', 't', 'a', 't', 'i', 'c', '-', '6', '9', '2', 'b', '8', 'c', '3', '2', '.', 'd', 'e', '\0',
+  /* "static-myfxee-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'e', 'e', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "static-myfxoau-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'o', 'a', 'u', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "static-myfxouk-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'o', 'u', 'k', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "static.wepay.com", false */ 's', 't', 'a', 't', 'i', 'c', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stationa.ch", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "stationary-traveller.eu", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'a', 'r', 'y', '-', 't', 'r', 'a', 'v', 'e', 'l', 'l', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "stationcharlie.co.za", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'c', 'h', 'a', 'r', 'l', 'i', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "statistikian.com", true */ 's', 't', 'a', 't', 'i', 's', 't', 'i', 'k', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "statofus.com", true */ 's', 't', 'a', 't', 'o', 'f', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stats.g.doubleclick.net", true */ 's', 't', 'a', 't', 's', '.', 'g', '.', 'd', 'o', 'u', 'b', 'l', 'e', 'c', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "status2u.com", true */ 's', 't', 'a', 't', 'u', 's', '2', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "statuscode.ch", true */ 's', 't', 'a', 't', 'u', 's', 'c', 'o', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "stav.io", true */ 's', 't', 'a', 'v', '.', 'i', 'o', '\0',
+  /* "stavros.ovh", true */ 's', 't', 'a', 'v', 'r', 'o', 's', '.', 'o', 'v', 'h', '\0',
+  /* "staxflax.tk", true */ 's', 't', 'a', 'x', 'f', 'l', 'a', 'x', '.', 't', 'k', '\0',
+  /* "stay.black", true */ 's', 't', 'a', 'y', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "stayme.cz", true */ 's', 't', 'a', 'y', 'm', 'e', '.', 'c', 'z', '\0',
+  /* "stb-schefczyk.de", true */ 's', 't', 'b', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "stb-strzyzewski.de", true */ 's', 't', 'b', '-', 's', 't', 'r', 'z', 'y', 'z', 'e', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "stbennett.org", true */ 's', 't', 'b', 'e', 'n', 'n', 'e', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "stcu.org", true */ 's', 't', 'c', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "std-home-test.com", true */ 's', 't', 'd', '-', 'h', 'o', 'm', 'e', '-', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stderr.cc", true */ 's', 't', 'd', 'e', 'r', 'r', '.', 'c', 'c', '\0',
+  /* "stdrc.cc", true */ 's', 't', 'd', 'r', 'c', '.', 'c', 'c', '\0',
+  /* "steakovercooked.com", true */ 's', 't', 'e', 'a', 'k', 'o', 'v', 'e', 'r', 'c', 'o', 'o', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "stealsaga.net", true */ 's', 't', 'e', 'a', 'l', 's', 'a', 'g', 'a', '.', 'n', 'e', 't', '\0',
+  /* "steamdb.info", true */ 's', 't', 'e', 'a', 'm', 'd', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "steamerrors.com", true */ 's', 't', 'e', 'a', 'm', 'e', 'r', 'r', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "steamgifts.com", true */ 's', 't', 'e', 'a', 'm', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "steampress.io", true */ 's', 't', 'e', 'a', 'm', 'p', 'r', 'e', 's', 's', '.', 'i', 'o', '\0',
+  /* "steamscore.info", true */ 's', 't', 'e', 'a', 'm', 's', 'c', 'o', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "steamtrades.com", true */ 's', 't', 'e', 'a', 'm', 't', 'r', 'a', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "steborio.pw", true */ 's', 't', 'e', 'b', 'o', 'r', 'i', 'o', '.', 'p', 'w', '\0',
+  /* "steckel.cc", true */ 's', 't', 'e', 'c', 'k', 'e', 'l', '.', 'c', 'c', '\0',
+  /* "steckregal-super.de", false */ 's', 't', 'e', 'c', 'k', 'r', 'e', 'g', 'a', 'l', '-', 's', 'u', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stedb.eu", true */ 's', 't', 'e', 'd', 'b', '.', 'e', 'u', '\0',
+  /* "stedbg.net", true */ 's', 't', 'e', 'd', 'b', 'g', '.', 'n', 'e', 't', '\0',
+  /* "steef389.eu", true */ 's', 't', 'e', 'e', 'f', '3', '8', '9', '.', 'e', 'u', '\0',
+  /* "steelephys.com.au", true */ 's', 't', 'e', 'e', 'l', 'e', 'p', 'h', 'y', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "steemit.com", true */ 's', 't', 'e', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "steenackers.be", true */ 's', 't', 'e', 'e', 'n', 'a', 'c', 'k', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "stefan-bayer.eu", true */ 's', 't', 'e', 'f', 'a', 'n', '-', 'b', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "stefan-schlueter.de", true */ 's', 't', 'e', 'f', 'a', 'n', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stefanbayer.de", true */ 's', 't', 'e', 'f', 'a', 'n', 'b', 'a', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stefanovski.io", false */ 's', 't', 'e', 'f', 'a', 'n', 'o', 'v', 's', 'k', 'i', '.', 'i', 'o', '\0',
+  /* "stefanvanburen.xyz", true */ 's', 't', 'e', 'f', 'a', 'n', 'v', 'a', 'n', 'b', 'u', 'r', 'e', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "stefany.eu", true */ 's', 't', 'e', 'f', 'a', 'n', 'y', '.', 'e', 'u', '\0',
+  /* "steidlewirt.de", true */ 's', 't', 'e', 'i', 'd', 'l', 'e', 'w', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "steigerplank.com", false */ 's', 't', 'e', 'i', 'g', 'e', 'r', 'p', 'l', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "steinbergmedia.de", true */ 's', 't', 'e', 'i', 'n', 'b', 'e', 'r', 'g', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "steinibox.de", true */ 's', 't', 'e', 'i', 'n', 'i', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "steklein.de", true */ 's', 't', 'e', 'k', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "stella-artis-ensemble.at", true */ 's', 't', 'e', 'l', 'l', 'a', '-', 'a', 'r', 't', 'i', 's', '-', 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '.', 'a', 't', '\0',
+  /* "stellanova-planeten.de", false */ 's', 't', 'e', 'l', 'l', 'a', 'n', 'o', 'v', 'a', '-', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "stellarium-gornergrat.ch", true */ 's', 't', 'e', 'l', 'l', 'a', 'r', 'i', 'u', 'm', '-', 'g', 'o', 'r', 'n', 'e', 'r', 'g', 'r', 'a', 't', '.', 'c', 'h', '\0',
+  /* "stellarvale.net", true */ 's', 't', 'e', 'l', 'l', 'a', 'r', 'v', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "stellen.ch", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "stelleninserate.de", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', 'i', 'n', 's', 'e', 'r', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "stellenticket.de", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', 't', 'i', 'c', 'k', 'e', 't', '.', 'd', 'e', '\0',
+  /* "stellmacher.name", true */ 's', 't', 'e', 'l', 'l', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "stem.is", true */ 's', 't', 'e', 'm', '.', 'i', 's', '\0',
+  /* "stembureauledenindenhaag.nl", true */ 's', 't', 'e', 'm', 'b', 'u', 'r', 'e', 'a', 'u', 'l', 'e', 'd', 'e', 'n', 'i', 'n', 'd', 'e', 'n', 'h', 'a', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "stemsims.com", true */ 's', 't', 'e', 'm', 's', 'i', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stening.co", true */ 's', 't', 'e', 'n', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "stenzhorn-cloud.de", true */ 's', 't', 'e', 'n', 'z', 'h', 'o', 'r', 'n', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "stepanvanek.cz", true */ 's', 't', 'e', 'p', 'a', 'n', 'v', 'a', 'n', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "steph3n.me", true */ 's', 't', 'e', 'p', 'h', '3', 'n', '.', 'm', 'e', '\0',
+  /* "stephan-matthiesen.de", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', '-', 'm', 'a', 't', 't', 'h', 'i', 'e', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "stephane-huc.net", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', 'e', '-', 'h', 'u', 'c', '.', 'n', 'e', 't', '\0',
+  /* "stephanieschreiber.com", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', 'i', 'e', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stephenhaunts.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'h', 'a', 'u', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stephenhorler.com.au", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "stephenj.co.uk", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'j', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stephenjvoiceovers.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'j', 'v', 'o', 'i', 'c', 'e', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stephenperreira.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'p', 'e', 'r', 'r', 'e', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "stephenschrauger.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stephenschrauger.info", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "stephenschrauger.net", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "stephenschrauger.org", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "stephenskory.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'k', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stephensol.is", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', '.', 'i', 's', '\0',
+  /* "stephensolis.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stephensolis.net", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "stephensolisrey.es", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', 'r', 'e', 'y', '.', 'e', 's', '\0',
+  /* "stephsolis.net", true */ 's', 't', 'e', 'p', 'h', 's', 'o', 'l', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "stephspace.net", true */ 's', 't', 'e', 'p', 'h', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "steplogictalent.com", true */ 's', 't', 'e', 'p', 'l', 'o', 'g', 'i', 'c', 't', 'a', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stepstone.dk", true */ 's', 't', 'e', 'p', 's', 't', 'o', 'n', 'e', '.', 'd', 'k', '\0',
+  /* "stepsweb.com", true */ 's', 't', 'e', 'p', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "ster-enzo.nl", true */ 's', 't', 'e', 'r', '-', 'e', 'n', 'z', 'o', '.', 'n', 'l', '\0',
+  /* "sterchi-fromages.ch", true */ 's', 't', 'e', 'r', 'c', 'h', 'i', '-', 'f', 'r', 'o', 'm', 'a', 'g', 'e', 's', '.', 'c', 'h', '\0',
+  /* "stereo.lu", true */ 's', 't', 'e', 'r', 'e', 'o', '.', 'l', 'u', '\0',
+  /* "stereochro.me", false */ 's', 't', 'e', 'r', 'e', 'o', 'c', 'h', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "stern-freunde.de", true */ 's', 't', 'e', 'r', 'n', '-', 'f', 'r', 'e', 'u', 'n', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "stern.koeln", true */ 's', 't', 'e', 'r', 'n', '.', 'k', 'o', 'e', 'l', 'n', '\0',
+  /* "sternen-sitzberg.ch", true */ 's', 't', 'e', 'r', 'n', 'e', 'n', '-', 's', 'i', 't', 'z', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "sternplastic.com", true */ 's', 't', 'e', 'r', 'n', 'p', 'l', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stesti.cz", true */ 's', 't', 'e', 's', 't', 'i', '.', 'c', 'z', '\0',
+  /* "stetspa.it", true */ 's', 't', 'e', 't', 's', 'p', 'a', '.', 'i', 't', '\0',
+  /* "steuerkanzlei-edel.de", true */ 's', 't', 'e', 'u', 'e', 'r', 'k', 'a', 'n', 'z', 'l', 'e', 'i', '-', 'e', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "steuerseminare-graf.de", true */ 's', 't', 'e', 'u', 'e', 'r', 's', 'e', 'm', 'i', 'n', 'a', 'r', 'e', '-', 'g', 'r', 'a', 'f', '.', 'd', 'e', '\0',
+  /* "steve.kiwi", true */ 's', 't', 'e', 'v', 'e', '.', 'k', 'i', 'w', 'i', '\0',
+  /* "steveborba.com", true */ 's', 't', 'e', 'v', 'e', 'b', 'o', 'r', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "stevedesmond.ca", true */ 's', 't', 'e', 'v', 'e', 'd', 'e', 's', 'm', 'o', 'n', 'd', '.', 'c', 'a', '\0',
+  /* "stevedoggett.com", true */ 's', 't', 'e', 'v', 'e', 'd', 'o', 'g', 'g', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stevegrav.es", true */ 's', 't', 'e', 'v', 'e', 'g', 'r', 'a', 'v', '.', 'e', 's', '\0',
+  /* "stevenberg.net", true */ 's', 't', 'e', 'v', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'e', 't', '\0',
+  /* "stevengoodpaster.com", true */ 's', 't', 'e', 'v', 'e', 'n', 'g', 'o', 'o', 'd', 'p', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stevenhumphrey.uk", true */ 's', 't', 'e', 'v', 'e', 'n', 'h', 'u', 'm', 'p', 'h', 'r', 'e', 'y', '.', 'u', 'k', '\0',
+  /* "stevenkwan.me", true */ 's', 't', 'e', 'v', 'e', 'n', 'k', 'w', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "stevens.se", true */ 's', 't', 'e', 'v', 'e', 'n', 's', '.', 's', 'e', '\0',
+  /* "stevenski.com", false */ 's', 't', 'e', 'v', 'e', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "steventress.com", true */ 's', 't', 'e', 'v', 'e', 'n', 't', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stevenwooding.com", true */ 's', 't', 'e', 'v', 'e', 'n', 'w', 'o', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "stevenz.science", true */ 's', 't', 'e', 'v', 'e', 'n', 'z', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0',
+  /* "stevenz.xyz", true */ 's', 't', 'e', 'v', 'e', 'n', 'z', '.', 'x', 'y', 'z', '\0',
+  /* "stevesdrivingschooltyneside.com", true */ 's', 't', 'e', 'v', 'e', 's', 'd', 'r', 'i', 'v', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'o', 'l', 't', 'y', 'n', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stewartswines.com", true */ 's', 't', 'e', 'w', 'a', 'r', 't', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stewonet.nl", true */ 's', 't', 'e', 'w', 'o', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "steyaert.be", false */ 's', 't', 'e', 'y', 'a', 'e', 'r', 't', '.', 'b', 'e', '\0',
+  /* "stforex.com", true */ 's', 't', 'f', 'o', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "stfw.info", true */ 's', 't', 'f', 'w', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "stichtingliab.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 'l', 'i', 'a', 'b', '.', 'n', 'l', '\0',
+  /* "stichtingscholierenvervoerzeeland.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'l', 'i', 'e', 'r', 'e', 'n', 'v', 'e', 'r', 'v', 'o', 'e', 'r', 'z', 'e', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "stichtingsticky.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 's', 't', 'i', 'c', 'k', 'y', '.', 'n', 'l', '\0',
+  /* "stick2bike.de", true */ 's', 't', 'i', 'c', 'k', '2', 'b', 'i', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "stickergiant.com", true */ 's', 't', 'i', 'c', 'k', 'e', 'r', 'g', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stickies.io", true */ 's', 't', 'i', 'c', 'k', 'i', 'e', 's', '.', 'i', 'o', '\0',
+  /* "stickmanventures.com", false */ 's', 't', 'i', 'c', 'k', 'm', 'a', 'n', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stift-kremsmuenster.at", true */ 's', 't', 'i', 'f', 't', '-', 'k', 'r', 'e', 'm', 's', 'm', 'u', 'e', 'n', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "stigharder.com", true */ 's', 't', 'i', 'g', 'h', 'a', 'r', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stijnbelmans.be", true */ 's', 't', 'i', 'j', 'n', 'b', 'e', 'l', 'm', 'a', 'n', 's', '.', 'b', 'e', '\0',
+  /* "stijnodink.nl", true */ 's', 't', 'i', 'j', 'n', 'o', 'd', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "stikic.me", true */ 's', 't', 'i', 'k', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "stikkie.me", true */ 's', 't', 'i', 'k', 'k', 'i', 'e', '.', 'm', 'e', '\0',
+  /* "stikonas.eu", false */ 's', 't', 'i', 'k', 'o', 'n', 'a', 's', '.', 'e', 'u', '\0',
+  /* "stilartmoebel.de", true */ 's', 't', 'i', 'l', 'a', 'r', 't', 'm', 'o', 'e', 'b', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "stillyarts.com", false */ 's', 't', 'i', 'l', 'l', 'y', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stilmobil.se", true */ 's', 't', 'i', 'l', 'm', 'o', 'b', 'i', 'l', '.', 's', 'e', '\0',
+  /* "stimmgabel.lu", true */ 's', 't', 'i', 'm', 'm', 'g', 'a', 'b', 'e', 'l', '.', 'l', 'u', '\0',
+  /* "stin.hr", true */ 's', 't', 'i', 'n', '.', 'h', 'r', '\0',
+  /* "stintup.com", true */ 's', 't', 'i', 'n', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "stipsan.me", true */ 's', 't', 'i', 'p', 's', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "stirling.co", true */ 's', 't', 'i', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "stirlingpoon.com", true */ 's', 't', 'i', 'r', 'l', 'i', 'n', 'g', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "stitchfiddle.com", true */ 's', 't', 'i', 't', 'c', 'h', 'f', 'i', 'd', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stitthappens.com", true */ 's', 't', 'i', 't', 't', 'h', 'a', 'p', 'p', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stivesbouncycastlehire.co.uk", true */ 's', 't', 'i', 'v', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stjohnin.com", true */ 's', 't', 'j', 'o', 'h', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "stjohnmiami.org", true */ 's', 't', 'j', 'o', 'h', 'n', 'm', 'i', 'a', 'm', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "stjohnsc.com", true */ 's', 't', 'j', 'o', 'h', 'n', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stlu.de", true */ 's', 't', 'l', 'u', '.', 'd', 'e', '\0',
+  /* "stlucasmuseum.org", true */ 's', 't', 'l', 'u', 'c', 'a', 's', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "stlukesbrandon.org", true */ 's', 't', 'l', 'u', 'k', 'e', 's', 'b', 'r', 'a', 'n', 'd', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "stm-net.de", true */ 's', 't', 'm', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "stmlearning.com", true */ 's', 't', 'm', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "stmsolutions.pl", true */ 's', 't', 'm', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'p', 'l', '\0',
+  /* "stneotsbouncycastlehire.co.uk", true */ 's', 't', 'n', 'e', 'o', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stnl.de", false */ 's', 't', 'n', 'l', '.', 'd', 'e', '\0',
+  /* "stockpile.com", true */ 's', 't', 'o', 'c', 'k', 'p', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stockrow.com", true */ 's', 't', 'o', 'c', 'k', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "stocktrader.com", true */ 's', 't', 'o', 'c', 'k', 't', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stodieck.com", true */ 's', 't', 'o', 'd', 'i', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "stoebermehl.at", true */ 's', 't', 'o', 'e', 'b', 'e', 'r', 'm', 'e', 'h', 'l', '.', 'a', 't', '\0',
+  /* "stoffelen.nl", true */ 's', 't', 'o', 'f', 'f', 'e', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "stoffelnet.de", true */ 's', 't', 'o', 'f', 'f', 'e', 'l', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "stoianlawfirm.com", true */ 's', 't', 'o', 'i', 'a', 'n', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "stolina.de", false */ 's', 't', 'o', 'l', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "stolkpotplanten.nl", true */ 's', 't', 'o', 'l', 'k', 'p', 'o', 't', 'p', 'l', 'a', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "stolkschepen.nl", true */ 's', 't', 'o', 'l', 'k', 's', 'c', 'h', 'e', 'p', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "stomadental.com", true */ 's', 't', 'o', 'm', 'a', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "stonedworms.de", true */ 's', 't', 'o', 'n', 'e', 'd', 'w', 'o', 'r', 'm', 's', '.', 'd', 'e', '\0',
+  /* "stonefusion.org.uk", true */ 's', 't', 'o', 'n', 'e', 'f', 'u', 's', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "stonehammerhead.org", true */ 's', 't', 'o', 'n', 'e', 'h', 'a', 'm', 'm', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "stonemain.eu", true */ 's', 't', 'o', 'n', 'e', 'm', 'a', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "stonewuu.com", true */ 's', 't', 'o', 'n', 'e', 'w', 'u', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "stony.com", true */ 's', 't', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stonystratford.org", true */ 's', 't', 'o', 'n', 'y', 's', 't', 'r', 'a', 't', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "stopakwardhandshakes.org", true */ 's', 't', 'o', 'p', 'a', 'k', 'w', 'a', 'r', 'd', 'h', 'a', 'n', 'd', 's', 'h', 'a', 'k', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "stopbullying.gov", true */ 's', 't', 'o', 'p', 'b', 'u', 'l', 'l', 'y', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "stopfraud.gov", true */ 's', 't', 'o', 'p', 'f', 'r', 'a', 'u', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "stopthethyroidmadness.com", true */ 's', 't', 'o', 'p', 't', 'h', 'e', 't', 'h', 'y', 'r', 'o', 'i', 'd', 'm', 'a', 'd', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stordbatlag.no", true */ 's', 't', 'o', 'r', 'd', 'b', 'a', 't', 'l', 'a', 'g', '.', 'n', 'o', '\0',
+  /* "store10.de", false */ 's', 't', 'o', 'r', 'e', '1', '0', '.', 'd', 'e', '\0',
+  /* "storedsafe.com", true */ 's', 't', 'o', 'r', 'e', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "storgom.ua", false */ 's', 't', 'o', 'r', 'g', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "stormi.io", true */ 's', 't', 'o', 'r', 'm', 'i', '.', 'i', 'o', '\0',
+  /* "stormwatcher.org", true */ 's', 't', 'o', 'r', 'm', 'w', 'a', 't', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "storvann.net", true */ 's', 't', 'o', 'r', 'v', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "storvann.no", true */ 's', 't', 'o', 'r', 'v', 'a', 'n', 'n', '.', 'n', 'o', '\0',
+  /* "storycollective.film", true */ 's', 't', 'o', 'r', 'y', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'f', 'i', 'l', 'm', '\0',
+  /* "storycollective.nl", true */ 's', 't', 'o', 'r', 'y', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "storyland.ie", true */ 's', 't', 'o', 'r', 'y', 'l', 'a', 'n', 'd', '.', 'i', 'e', '\0',
+  /* "storysift.news", true */ 's', 't', 'o', 'r', 'y', 's', 'i', 'f', 't', '.', 'n', 'e', 'w', 's', '\0',
+  /* "storytime.hu", true */ 's', 't', 'o', 'r', 'y', 't', 'i', 'm', 'e', '.', 'h', 'u', '\0',
+  /* "stoxford.com", true */ 's', 't', 'o', 'x', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "stpatricksguild.com", true */ 's', 't', 'p', 'a', 't', 'r', 'i', 'c', 'k', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "straatderzotten.nl", true */ 's', 't', 'r', 'a', 'a', 't', 'd', 'e', 'r', 'z', 'o', 't', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "strahlende-augen.info", true */ 's', 't', 'r', 'a', 'h', 'l', 'e', 'n', 'd', 'e', '-', 'a', 'u', 'g', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "straka.name", true */ 's', 't', 'r', 'a', 'k', 'a', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "strangemusicinc.net", true */ 's', 't', 'r', 'a', 'n', 'g', 'e', 'm', 'u', 's', 'i', 'c', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "strangeplace.net", true */ 's', 't', 'r', 'a', 'n', 'g', 'e', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "strate.io", true */ 's', 't', 'r', 'a', 't', 'e', '.', 'i', 'o', '\0',
+  /* "strategiclivingblog.com", true */ 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'c', 'l', 'i', 'v', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "strategie-zone.de", true */ 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'e', '-', 'z', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "strathewerd.de", true */ 's', 't', 'r', 'a', 't', 'h', 'e', 'w', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "stratmann-b.de", true */ 's', 't', 'r', 'a', 't', 'm', 'a', 'n', 'n', '-', 'b', '.', 'd', 'e', '\0',
+  /* "straubis.org", true */ 's', 't', 'r', 'a', 'u', 'b', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "strauser.com", true */ 's', 't', 'r', 'a', 'u', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stravers.shoes", true */ 's', 't', 'r', 'a', 'v', 'e', 'r', 's', '.', 's', 'h', 'o', 'e', 's', '\0',
+  /* "stream-ing.xyz", true */ 's', 't', 'r', 'e', 'a', 'm', '-', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "streamchan.org", true */ 's', 't', 'r', 'e', 'a', 'm', 'c', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "streamdesk.ca", true */ 's', 't', 'r', 'e', 'a', 'm', 'd', 'e', 's', 'k', '.', 'c', 'a', '\0',
+  /* "streamer.tips", true */ 's', 't', 'r', 'e', 'a', 'm', 'e', 'r', '.', 't', 'i', 'p', 's', '\0',
+  /* "streamingeverywhere.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', 'e', 'v', 'e', 'r', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "streamlineautogroup.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'l', 'i', 'n', 'e', 'a', 'u', 't', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "streampanel.net", true */ 's', 't', 'r', 'e', 'a', 'm', 'p', 'a', 'n', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "streamthemeeting.com", true */ 's', 't', 'r', 'e', 'a', 'm', 't', 'h', 'e', 'm', 'e', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "streamzilla.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "street-smart-home.de", true */ 's', 't', 'r', 'e', 'e', 't', '-', 's', 'm', 'a', 'r', 't', '-', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "streetdancecenter.com", true */ 's', 't', 'r', 'e', 'e', 't', 'd', 'a', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "streets.mn", true */ 's', 't', 'r', 'e', 'e', 't', 's', '.', 'm', 'n', '\0',
+  /* "streetspotr.com", true */ 's', 't', 'r', 'e', 'e', 't', 's', 'p', 'o', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "streetview.wien", true */ 's', 't', 'r', 'e', 'e', 't', 'v', 'i', 'e', 'w', '.', 'w', 'i', 'e', 'n', '\0',
+  /* "strefapi.com", true */ 's', 't', 'r', 'e', 'f', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "strehl.tk", true */ 's', 't', 'r', 'e', 'h', 'l', '.', 't', 'k', '\0',
+  /* "streklhof.at", true */ 's', 't', 'r', 'e', 'k', 'l', 'h', 'o', 'f', '.', 'a', 't', '\0',
+  /* "strengthroots.com", true */ 's', 't', 'r', 'e', 'n', 'g', 't', 'h', 'r', 'o', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stressfreehousehold.com", true */ 's', 't', 'r', 'e', 's', 's', 'f', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'h', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "stretchmyan.us", true */ 's', 't', 'r', 'e', 't', 'c', 'h', 'm', 'y', 'a', 'n', '.', 'u', 's', '\0',
+  /* "stretchpc.com", true */ 's', 't', 'r', 'e', 't', 'c', 'h', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stricted.net", true */ 's', 't', 'r', 'i', 'c', 't', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "strictlynormal.com", true */ 's', 't', 'r', 'i', 'c', 't', 'l', 'y', 'n', 'o', 'r', 'm', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "strijkshop.be", true */ 's', 't', 'r', 'i', 'j', 'k', 's', 'h', 'o', 'p', '.', 'b', 'e', '\0',
+  /* "stringtoolbox.com", true */ 's', 't', 'r', 'i', 'n', 'g', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "stringvox.com", true */ 's', 't', 'r', 'i', 'n', 'g', 'v', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "stripe.com", true */ 's', 't', 'r', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "striptizer.tk", true */ 's', 't', 'r', 'i', 'p', 't', 'i', 'z', 'e', 'r', '.', 't', 'k', '\0',
+  /* "strm.hu", true */ 's', 't', 'r', 'm', '.', 'h', 'u', '\0',
+  /* "strobeltobias.de", true */ 's', 't', 'r', 'o', 'b', 'e', 'l', 't', 'o', 'b', 'i', 'a', 's', '.', 'd', 'e', '\0',
+  /* "strobeto.de", true */ 's', 't', 'r', 'o', 'b', 'e', 't', 'o', '.', 'd', 'e', '\0',
+  /* "strobotti.com", true */ 's', 't', 'r', 'o', 'b', 'o', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "stroginohelp.ru", true */ 's', 't', 'r', 'o', 'g', 'i', 'n', 'o', 'h', 'e', 'l', 'p', '.', 'r', 'u', '\0',
+  /* "strom.family", true */ 's', 't', 'r', 'o', 'm', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "strongrandom.com", false */ 's', 't', 'r', 'o', 'n', 'g', 'r', 'a', 'n', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "strozik.de", true */ 's', 't', 'r', 'o', 'z', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "structurally.net", true */ 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'a', 'l', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "strugee.net", true */ 's', 't', 'r', 'u', 'g', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "strutta.me", true */ 's', 't', 'r', 'u', 't', 't', 'a', '.', 'm', 'e', '\0',
+  /* "struxureon.com", true */ 's', 't', 'r', 'u', 'x', 'u', 'r', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "strydom.me.uk", true */ 's', 't', 'r', 'y', 'd', 'o', 'm', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "stt.wiki", true */ 's', 't', 't', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "stuartbell.co.uk", true */ 's', 't', 'u', 'a', 'r', 't', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stuarts.xyz", true */ 's', 't', 'u', 'a', 'r', 't', 's', '.', 'x', 'y', 'z', '\0',
+  /* "stuco.co", true */ 's', 't', 'u', 'c', 'o', '.', 'c', 'o', '\0',
+  /* "stucydee.nl", true */ 's', 't', 'u', 'c', 'y', 'd', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "studenckiemetody.pl", true */ 's', 't', 'u', 'd', 'e', 'n', 'c', 'k', 'i', 'e', 'm', 'e', 't', 'o', 'd', 'y', '.', 'p', 'l', '\0',
+  /* "student-eshop.cz", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '-', 'e', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "student-eshop.sk", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '-', 'e', 's', 'h', 'o', 'p', '.', 's', 'k', '\0',
+  /* "student.andover.edu", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '.', 'a', 'n', 'd', 'o', 'v', 'e', 'r', '.', 'e', 'd', 'u', '\0',
+  /* "studentforums.biz", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'f', 'o', 'r', 'u', 'm', 's', '.', 'b', 'i', 'z', '\0',
+  /* "studentite.bg", false */ 's', 't', 'u', 'd', 'e', 'n', 't', 'i', 't', 'e', '.', 'b', 'g', '\0',
+  /* "studentloans.gov", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'l', 'o', 'a', 'n', 's', '.', 'g', 'o', 'v', '\0',
+  /* "studentrightsadvocate.org", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'r', 'i', 'g', 'h', 't', 's', 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "studenttenant.com", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 't', 'e', 'n', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "studer.su", true */ 's', 't', 'u', 'd', 'e', 'r', '.', 's', 'u', '\0',
+  /* "studiemeter.nl", true */ 's', 't', 'u', 'd', 'i', 'e', 'm', 'e', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "studienportal.eu", true */ 's', 't', 'u', 'd', 'i', 'e', 'n', 'p', 'o', 'r', 't', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "studienservice.de", true */ 's', 't', 'u', 'd', 'i', 'e', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "studiereader.nl", true */ 's', 't', 'u', 'd', 'i', 'e', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "studio-architetto.com", true */ 's', 't', 'u', 'd', 'i', 'o', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "studio-fotografico.ru", true */ 's', 't', 'u', 'd', 'i', 'o', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'c', 'o', '.', 'r', 'u', '\0',
+  /* "studiodentisticosanmarco.it", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'e', 'n', 't', 'i', 's', 't', 'i', 'c', 'o', 's', 'a', 'n', 'm', 'a', 'r', 'c', 'o', '.', 'i', 't', '\0',
+  /* "studiodewit.nl", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'e', 'w', 'i', 't', '.', 'n', 'l', '\0',
+  /* "studiodoprazer.com.br", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'o', 'p', 'r', 'a', 'z', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "studiograou.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'g', 'r', 'a', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "studiokicca.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'k', 'i', 'c', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "studiomarcella.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'm', 'a', 'r', 'c', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "studionowystyl.pl", true */ 's', 't', 'u', 'd', 'i', 'o', 'n', 'o', 'w', 'y', 's', 't', 'y', 'l', '.', 'p', 'l', '\0',
+  /* "studioriehl.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'r', 'i', 'e', 'h', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "studiostawki.com", true */ 's', 't', 'u', 'd', 'i', 'o', 's', 't', 'a', 'w', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "studiostudio.net", true */ 's', 't', 'u', 'd', 'i', 'o', 's', 't', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "studiotheatrestains.fr", true */ 's', 't', 'u', 'd', 'i', 'o', 't', 'h', 'e', 'a', 't', 'r', 'e', 's', 't', 'a', 'i', 'n', 's', '.', 'f', 'r', '\0',
+  /* "studiovaud.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'v', 'a', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "studium.cz", true */ 's', 't', 'u', 'd', 'i', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "studlan.no", true */ 's', 't', 'u', 'd', 'l', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "studport.rv.ua", true */ 's', 't', 'u', 'd', 'p', 'o', 'r', 't', '.', 'r', 'v', '.', 'u', 'a', '\0',
+  /* "studyabroadstation.com", true */ 's', 't', 'u', 'd', 'y', 'a', 'b', 'r', 'o', 'a', 'd', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "studying-neet.com", true */ 's', 't', 'u', 'd', 'y', 'i', 'n', 'g', '-', 'n', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stuermer.me", true */ 's', 't', 'u', 'e', 'r', 'm', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "stuetzredli.ch", true */ 's', 't', 'u', 'e', 't', 'z', 'r', 'e', 'd', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "stuff-fibre.co.nz", true */ 's', 't', 'u', 'f', 'f', '-', 'f', 'i', 'b', 'r', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "stuffi.fr", true */ 's', 't', 'u', 'f', 'f', 'i', '.', 'f', 'r', '\0',
+  /* "stuka-art.de", true */ 's', 't', 'u', 'k', 'a', '-', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "stulda.cz", true */ 's', 't', 'u', 'l', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "stumeta.de", true */ 's', 't', 'u', 'm', 'e', 't', 'a', '.', 'd', 'e', '\0',
+  /* "stumeta2018.de", true */ 's', 't', 'u', 'm', 'e', 't', 'a', '2', '0', '1', '8', '.', 'd', 'e', '\0',
+  /* "stumf.si", true */ 's', 't', 'u', 'm', 'f', '.', 's', 'i', '\0',
+  /* "stuntmen.xyz", true */ 's', 't', 'u', 'n', 't', 'm', 'e', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "stupidstatetricks.com", true */ 's', 't', 'u', 'p', 'i', 'd', 's', 't', 'a', 't', 'e', 't', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sturbi.de", true */ 's', 't', 'u', 'r', 'b', 'i', '.', 'd', 'e', '\0',
+  /* "sturge.co.uk", true */ 's', 't', 'u', 'r', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stutelage.com", true */ 's', 't', 'u', 't', 'e', 'l', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stuttgart-gablenberg.de", true */ 's', 't', 'u', 't', 't', 'g', 'a', 'r', 't', '-', 'g', 'a', 'b', 'l', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "stuudium.com", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "stuudium.life", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "stuudium.pro", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'p', 'r', 'o', '\0',
+  /* "stuur.nl", false */ 's', 't', 'u', 'u', 'r', '.', 'n', 'l', '\0',
+  /* "stuvel.eu", true */ 's', 't', 'u', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "stw-group.at", true */ 's', 't', 'w', '-', 'g', 'r', 'o', 'u', 'p', '.', 'a', 't', '\0',
+  /* "stygium.net", false */ 's', 't', 'y', 'g', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "styleci.io", true */ 's', 't', 'y', 'l', 'e', 'c', 'i', '.', 'i', 'o', '\0',
+  /* "stylecollective.us", true */ 's', 't', 'y', 'l', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'u', 's', '\0',
+  /* "stylefast.com.au", true */ 's', 't', 'y', 'l', 'e', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "styles.pm", true */ 's', 't', 'y', 'l', 'e', 's', '.', 'p', 'm', '\0',
+  /* "stylett.ru", true */ 's', 't', 'y', 'l', 'e', 't', 't', '.', 'r', 'u', '\0',
+  /* "stylewish.me", true */ 's', 't', 'y', 'l', 'e', 'w', 'i', 's', 'h', '.', 'm', 'e', '\0',
+  /* "styloeart.com", true */ 's', 't', 'y', 'l', 'o', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stypr.com", true */ 's', 't', 'y', 'p', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stytt.com", true */ 's', 't', 'y', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "su1ph3r.io", true */ 's', 'u', '1', 'p', 'h', '3', 'r', '.', 'i', 'o', '\0',
+  /* "suareforma.com", true */ 's', 'u', 'a', 'r', 'e', 'f', 'o', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "suave.io", true */ 's', 'u', 'a', 'v', 'e', '.', 'i', 'o', '\0',
+  /* "sub-net.at", true */ 's', 'u', 'b', '-', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "sub.media", true */ 's', 'u', 'b', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "subastasdecarros.net", true */ 's', 'u', 'b', 'a', 's', 't', 'a', 's', 'd', 'e', 'c', 'a', 'r', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "subdev.org", true */ 's', 'u', 'b', 'd', 'e', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "sublevel.net", false */ 's', 'u', 'b', 'l', 'e', 'v', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "sublimebits.com", true */ 's', 'u', 'b', 'l', 'i', 'm', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "submedia.tv", true */ 's', 'u', 'b', 'm', 'e', 'd', 'i', 'a', '.', 't', 'v', '\0',
+  /* "submelon.tech", true */ 's', 'u', 'b', 'm', 'e', 'l', 'o', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "subohm.com", true */ 's', 'u', 'b', 'o', 'h', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "suborbital.io", true */ 's', 'u', 'b', 'o', 'r', 'b', 'i', 't', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "subrain.com", true */ 's', 'u', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "subrosa.io", false */ 's', 'u', 'b', 'r', 'o', 's', 'a', '.', 'i', 'o', '\0',
+  /* "subseq.net", false */ 's', 'u', 'b', 's', 'e', 'q', '.', 'n', 'e', 't', '\0',
+  /* "substitutealert.com", true */ 's', 'u', 'b', 's', 't', 'i', 't', 'u', 't', 'e', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "subterfuge.io", true */ 's', 'u', 'b', 't', 'e', 'r', 'f', 'u', 'g', 'e', '.', 'i', 'o', '\0',
+  /* "suburban-landscape.net", true */ 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', '-', 'l', 'a', 'n', 'd', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "suburbaninfinitioftroyparts.com", true */ 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 't', 'r', 'o', 'y', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "subzerolosangeles.com", true */ 's', 'u', 'b', 'z', 'e', 'r', 'o', 'l', 'o', 's', 'a', 'n', 'g', 'e', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "succ.in", true */ 's', 'u', 'c', 'c', '.', 'i', 'n', '\0',
+  /* "suche.org", true */ 's', 'u', 'c', 'h', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "suchmaschinen-werkstatt.de", true */ 's', 'u', 'c', 'h', 'm', 'a', 's', 'c', 'h', 'i', 'n', 'e', 'n', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0',
+  /* "suchprogrammer.net", true */ 's', 'u', 'c', 'h', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "suckmyan.us", false */ 's', 'u', 'c', 'k', 'm', 'y', 'a', 'n', '.', 'u', 's', '\0',
+  /* "sudaraka.org", true */ 's', 'u', 'd', 'a', 'r', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sudmotor-occasions.be", true */ 's', 'u', 'd', 'm', 'o', 't', 'o', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "sudo.ws", true */ 's', 'u', 'd', 'o', '.', 'w', 's', '\0',
+  /* "sudoschool.com", true */ 's', 'u', 'd', 'o', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "suelyonjones.com", true */ 's', 'u', 'e', 'l', 'y', 'o', 'n', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "suempresa.cloud", true */ 's', 'u', 'e', 'm', 'p', 'r', 'e', 's', 'a', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "suevia-ka.de", true */ 's', 'u', 'e', 'v', 'i', 'a', '-', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "sufix.cz", true */ 's', 'u', 'f', 'i', 'x', '.', 'c', 'z', '\0',
+  /* "sugarandcloth.com", true */ 's', 'u', 'g', 'a', 'r', 'a', 'n', 'd', 'c', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sugarbrother.com", true */ 's', 'u', 'g', 'a', 'r', 'b', 'r', 'o', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sugarcitycon.com", true */ 's', 'u', 'g', 'a', 'r', 'c', 'i', 't', 'y', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sugarshin.net", true */ 's', 'u', 'g', 'a', 'r', 's', 'h', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "suggea.com", true */ 's', 'u', 'g', 'g', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "suggestim.ch", true */ 's', 'u', 'g', 'g', 'e', 's', 't', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "suiranfes.com", true */ 's', 'u', 'i', 'r', 'a', 'n', 'f', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sujoydhar.in", true */ 's', 'u', 'j', 'o', 'y', 'd', 'h', 'a', 'r', '.', 'i', 'n', '\0',
+  /* "suki.moe", true */ 's', 'u', 'k', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "sukrie.net", true */ 's', 'u', 'k', 'r', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "suksit.com", true */ 's', 'u', 'k', 's', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sulian.me", true */ 's', 'u', 'l', 'i', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "suluvir.com", true */ 's', 'u', 'l', 'u', 'v', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sumguy.com", true */ 's', 'u', 'm', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "summa-prefis.com", true */ 's', 'u', 'm', 'm', 'a', '-', 'p', 'r', 'e', 'f', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "summa.eu", false */ 's', 'u', 'm', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "summercampthailand.com", true */ 's', 'u', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "summitmasters.net", true */ 's', 'u', 'm', 'm', 'i', 't', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "sumthing.com", true */ 's', 'u', 'm', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sunboxstore.jp", true */ 's', 'u', 'n', 'b', 'o', 'x', 's', 't', 'o', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "sunbritetv.com", true */ 's', 'u', 'n', 'b', 'r', 'i', 't', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "sundanceusa.com", true */ 's', 'u', 'n', 'd', 'a', 'n', 'c', 'e', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sundaycooks.com", true */ 's', 'u', 'n', 'd', 'a', 'y', 'c', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sundayfundayjapan.com", true */ 's', 'u', 'n', 'd', 'a', 'y', 'f', 'u', 'n', 'd', 'a', 'y', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sunfeathers.net", true */ 's', 'u', 'n', 'f', 'e', 'a', 't', 'h', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "sunfox.cz", true */ 's', 'u', 'n', 'f', 'o', 'x', '.', 'c', 'z', '\0',
+  /* "sunfulong.me", true */ 's', 'u', 'n', 'f', 'u', 'l', 'o', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "sunjaydhama.com", true */ 's', 'u', 'n', 'j', 'a', 'y', 'd', 'h', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sunn.ie", true */ 's', 'u', 'n', 'n', '.', 'i', 'e', '\0',
+  /* "sunsetwx.com", true */ 's', 'u', 'n', 's', 'e', 't', 'w', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "sunshinesf.org", true */ 's', 'u', 'n', 's', 'h', 'i', 'n', 'e', 's', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "sunsmartresorts.com", true */ 's', 'u', 'n', 's', 'm', 'a', 'r', 't', 'r', 'e', 's', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sunstar.bg", true */ 's', 'u', 'n', 's', 't', 'a', 'r', '.', 'b', 'g', '\0',
+  /* "supa.sexy", true */ 's', 'u', 'p', 'a', '.', 's', 'e', 'x', 'y', '\0',
+  /* "supastuds.com", true */ 's', 'u', 'p', 'a', 's', 't', 'u', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "super-o-blog.com", true */ 's', 'u', 'p', 'e', 'r', '-', 'o', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "superbouncebouncycastles.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "superbowlkneel.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 'o', 'w', 'l', 'k', 'n', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "superbshare.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "supercalorias.com", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 'l', 'o', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "supercastlesadelaide.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'a', 'd', 'e', 'l', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlesbrisbane.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlesmelbourne.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlessouthsydney.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'o', 'u', 't', 'h', 's', 'y', 'd', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlessunshinecoast.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'u', 'n', 's', 'h', 'i', 'n', 'e', 'c', 'o', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlessydney.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'y', 'd', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercentenarian.com", true */ 's', 'u', 'p', 'e', 'r', 'c', 'e', 'n', 't', 'e', 'n', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "supercinebattle.fr", true */ 's', 'u', 'p', 'e', 'r', 'c', 'i', 'n', 'e', 'b', 'a', 't', 't', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "superguide.com.au", true */ 's', 'u', 'p', 'e', 'r', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "superhappiness.com", true */ 's', 'u', 'p', 'e', 'r', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "superhome.com.au", true */ 's', 'u', 'p', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "superkonsult.se", true */ 's', 'u', 'p', 'e', 'r', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 's', 'e', '\0',
+  /* "supermarx.nl", true */ 's', 'u', 'p', 'e', 'r', 'm', 'a', 'r', 'x', '.', 'n', 'l', '\0',
+  /* "supermil.ch", true */ 's', 'u', 'p', 'e', 'r', 'm', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "supern0va.net", true */ 's', 'u', 'p', 'e', 'r', 'n', '0', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "supernt.lt", true */ 's', 'u', 'p', 'e', 'r', 'n', 't', '.', 'l', 't', '\0',
+  /* "supersahnetorten.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'a', 'h', 'n', 'e', 't', 'o', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "supersec.es", true */ 's', 'u', 'p', 'e', 'r', 's', 'e', 'c', '.', 'e', 's', '\0',
+  /* "supersole.net", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "supersonnig-festival.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'i', 'g', '-', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "supersonnigfestival.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'i', 'g', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "supersteosbouncycastles.com", true */ 's', 'u', 'p', 'e', 'r', 's', 't', 'e', 'o', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "supersu.kr", true */ 's', 'u', 'p', 'e', 'r', 's', 'u', '.', 'k', 'r', '\0',
+  /* "superswingtrainer.com", true */ 's', 'u', 'p', 'e', 'r', 's', 'w', 'i', 'n', 'g', 't', 'r', 'a', 'i', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "supertasker.org", true */ 's', 'u', 'p', 'e', 'r', 't', 'a', 's', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "supeuro.com", true */ 's', 'u', 'p', 'e', 'u', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "supplementler.com", true */ 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "supplies24.at", true */ 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '2', '4', '.', 'a', 't', '\0',
+  /* "supplies24.es", true */ 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '2', '4', '.', 'e', 's', '\0',
+  /* "support.mayfirst.org", false */ 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "supportdesk.nu", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'd', 'e', 's', 'k', '.', 'n', 'u', '\0',
+  /* "supportericking.org", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'e', 'r', 'i', 'c', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "supportme123.com", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'm', 'e', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "suprem.biz", true */ 's', 'u', 'p', 'r', 'e', 'm', '.', 'b', 'i', 'z', '\0',
+  /* "suprem.ch", true */ 's', 'u', 'p', 'r', 'e', 'm', '.', 'c', 'h', '\0',
+  /* "supriville.com.br", true */ 's', 'u', 'p', 'r', 'i', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sur-v.com", true */ 's', 'u', 'r', '-', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "surao.cz", true */ 's', 'u', 'r', 'a', 'o', '.', 'c', 'z', '\0',
+  /* "sure-it.de", true */ 's', 'u', 'r', 'e', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "suretone.co.za", true */ 's', 'u', 'r', 'e', 't', 'o', 'n', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "surgenet.nl", true */ 's', 'u', 'r', 'g', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "surgeongeneral.gov", true */ 's', 'u', 'r', 'g', 'e', 'o', 'n', 'g', 'e', 'n', 'e', 'r', 'a', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "surgicalassociateswny.com", true */ 's', 'u', 'r', 'g', 'i', 'c', 'a', 'l', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', 'w', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "surkatty.org", true */ 's', 'u', 'r', 'k', 'a', 't', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "surpreem.com", true */ 's', 'u', 'r', 'p', 'r', 'e', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "survature.com", true */ 's', 'u', 'r', 'v', 'a', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "surveymill.co.uk", true */ 's', 'u', 'r', 'v', 'e', 'y', 'm', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "survivalmonkey.com", true */ 's', 'u', 'r', 'v', 'i', 'v', 'a', 'l', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "survivebox.fr", true */ 's', 'u', 'r', 'v', 'i', 'v', 'e', 'b', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "susanbpilates.co", true */ 's', 'u', 's', 'a', 'n', 'b', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', '\0',
+  /* "susanbpilates.com", true */ 's', 'u', 's', 'a', 'n', 'b', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "susann-kerk.de", true */ 's', 'u', 's', 'a', 'n', 'n', '-', 'k', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "susanna-komischke.de", true */ 's', 'u', 's', 'a', 'n', 'n', 'a', '-', 'k', 'o', 'm', 'i', 's', 'c', 'h', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "susastudentenjobs.de", true */ 's', 'u', 's', 'a', 's', 't', 'u', 'd', 'e', 'n', 't', 'e', 'n', 'j', 'o', 'b', 's', '.', 'd', 'e', '\0',
+  /* "susc.org.uk", true */ 's', 'u', 's', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "suseasky.com", true */ 's', 'u', 's', 'e', 'a', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sush.us", true */ 's', 'u', 's', 'h', '.', 'u', 's', '\0',
+  /* "sushi.roma.it", true */ 's', 'u', 's', 'h', 'i', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "sushifrick.de", true */ 's', 'u', 's', 'h', 'i', 'f', 'r', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "sushikatze.de", true */ 's', 'u', 's', 'h', 'i', 'k', 'a', 't', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "susosudon.com", true */ 's', 'u', 's', 'o', 's', 'u', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "suspension-shop.com", true */ 's', 'u', 's', 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sussexwebdesigns.co.uk", true */ 's', 'u', 's', 's', 'e', 'x', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sussexwebsites.info", true */ 's', 'u', 's', 's', 'e', 'x', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sustainabilityknowledgegroup.com", true */ 's', 'u', 's', 't', 'a', 'i', 'n', 'a', 'b', 'i', 'l', 'i', 't', 'y', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sustsol.com", true */ 's', 'u', 's', 't', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sutas.market", true */ 's', 'u', 't', 'a', 's', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "suts.co.uk", true */ 's', 'u', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "suttonbouncycastles.co.uk", true */ 's', 'u', 't', 't', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "suuria.de", true */ 's', 'u', 'u', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "suvidhaapay.com", true */ 's', 'u', 'v', 'i', 'd', 'h', 'a', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "suwalls.com", true */ 's', 'u', 'w', 'a', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "suzi3d.com", true */ 's', 'u', 'z', 'i', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "suzukimarinepress.com", true */ 's', 'u', 'z', 'u', 'k', 'i', 'm', 'a', 'r', 'i', 'n', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sv-1966-medenbach.de", true */ 's', 'v', '-', '1', '9', '6', '6', '-', 'm', 'e', 'd', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "sv-turm-hohenlimburg.de", true */ 's', 'v', '-', 't', 'u', 'r', 'm', '-', 'h', 'o', 'h', 'e', 'n', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "sv.search.yahoo.com", false */ 's', 'v', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "svadobkajuvi.sk", true */ 's', 'v', 'a', 'd', 'o', 'b', 'k', 'a', 'j', 'u', 'v', 'i', '.', 's', 'k', '\0',
+  /* "svager.cz", true */ 's', 'v', 'a', 'g', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "svantner.sk", true */ 's', 'v', 'a', 'n', 't', 'n', 'e', 'r', '.', 's', 'k', '\0',
+  /* "svarnyjunak.cz", true */ 's', 'v', 'a', 'r', 'n', 'y', 'j', 'u', 'n', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "svarovani.tk", true */ 's', 'v', 'a', 'r', 'o', 'v', 'a', 'n', 'i', '.', 't', 'k', '\0',
+  /* "svc-sitec.com", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "svc-sitec.com.mx", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "svc-sitec.mx", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'm', 'x', '\0',
+  /* "svc-sitec.org", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "svdb.co", false */ 's', 'v', 'd', 'b', '.', 'c', 'o', '\0',
+  /* "svdreamcatcher.com", true */ 's', 'v', 'd', 'r', 'e', 'a', 'm', 'c', 'a', 't', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sve-hosting.nl", true */ 's', 'v', 'e', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "sveinerik.org", true */ 's', 'v', 'e', 'i', 'n', 'e', 'r', 'i', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "svendubbeld.nl", true */ 's', 'v', 'e', 'n', 'd', 'u', 'b', 'b', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "sveneckelmann.de", true */ 's', 'v', 'e', 'n', 'e', 'c', 'k', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "svenjaundchristian.de", true */ 's', 'v', 'e', 'n', 'j', 'a', 'u', 'n', 'd', 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "svennd.be", true */ 's', 'v', 'e', 'n', 'n', 'd', '.', 'b', 'e', '\0',
+  /* "svetandroida.cz", true */ 's', 'v', 'e', 't', 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "svetlilo.com", true */ 's', 'v', 'e', 't', 'l', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "svetzitrka.cz", false */ 's', 'v', 'e', 't', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "svijet-medija.hr", true */ 's', 'v', 'i', 'j', 'e', 't', '-', 'm', 'e', 'd', 'i', 'j', 'a', '.', 'h', 'r', '\0',
+  /* "sviz.pro", true */ 's', 'v', 'i', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "svj-stochovska.cz", true */ 's', 'v', 'j', '-', 's', 't', 'o', 'c', 'h', 'o', 'v', 's', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "svjvn.cz", true */ 's', 'v', 'j', 'v', 'n', '.', 'c', 'z', '\0',
+  /* "svm-basketball.de", true */ 's', 'v', 'm', '-', 'b', 'a', 's', 'k', 'e', 't', 'b', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "svm-it.eu", true */ 's', 'v', 'm', '-', 'i', 't', '.', 'e', 'u', '\0',
+  /* "sw-servers.net", true */ 's', 'w', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "sw33tp34.com", true */ 's', 'w', '3', '3', 't', 'p', '3', '4', '.', 'c', 'o', 'm', '\0',
+  /* "swacp.com", true */ 's', 'w', 'a', 'c', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "swansdoor.org", true */ 's', 'w', 'a', 'n', 's', 'd', 'o', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "swapadoodle.com", true */ 's', 'w', 'a', 'p', 'a', 'd', 'o', 'o', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "swarfarm.com", true */ 's', 'w', 'a', 'r', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "swarlys-server.de", true */ 's', 'w', 'a', 'r', 'l', 'y', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "swarmation.com", true */ 's', 'w', 'a', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "swat4stats.com", true */ 's', 'w', 'a', 't', '4', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "swattransport.ae", true */ 's', 'w', 'a', 't', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'a', 'e', '\0',
+  /* "sway-cdn.com", true */ 's', 'w', 'a', 'y', '-', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sway.com", true */ 's', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "swd.agency", true */ 's', 'w', 'd', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "swedishhost.com", true */ 's', 'w', 'e', 'd', 'i', 's', 'h', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "swedishhost.se", true */ 's', 'w', 'e', 'd', 'i', 's', 'h', 'h', 'o', 's', 't', '.', 's', 'e', '\0',
+  /* "sweep-me.net", true */ 's', 'w', 'e', 'e', 'p', '-', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "sweepay.ch", true */ 's', 'w', 'e', 'e', 'p', 'a', 'y', '.', 'c', 'h', '\0',
+  /* "sweetair.com", true */ 's', 'w', 'e', 'e', 't', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sweetgood.de", true */ 's', 'w', 'e', 'e', 't', 'g', 'o', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "sweetll.me", false */ 's', 'w', 'e', 'e', 't', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "sweetvanilla.jp", true */ 's', 'w', 'e', 'e', 't', 'v', 'a', 'n', 'i', 'l', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "swehack.org", true */ 's', 'w', 'e', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sweharris.org", true */ 's', 'w', 'e', 'h', 'a', 'r', 'r', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "swfloshatraining.com", true */ 's', 'w', 'f', 'l', 'o', 's', 'h', 'a', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "swfmax.com", true */ 's', 'w', 'f', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "swift-devedge.de", true */ 's', 'w', 'i', 'f', 't', '-', 'd', 'e', 'v', 'e', 'd', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "swiftconf.com", true */ 's', 'w', 'i', 'f', 't', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "swiftqueue.com", true */ 's', 'w', 'i', 'f', 't', 'q', 'u', 'e', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "swilly.org", true */ 's', 'w', 'i', 'l', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "swimbee.nl", true */ 's', 'w', 'i', 'm', 'b', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "swimturk.com.tr", true */ 's', 'w', 'i', 'm', 't', 'u', 'r', 'k', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "swimwear365.co.uk", true */ 's', 'w', 'i', 'm', 'w', 'e', 'a', 'r', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "swineson.me", true */ 's', 'w', 'i', 'n', 'e', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "swingmonkey.com", true */ 's', 'w', 'i', 'n', 'g', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "swipetv.ie", true */ 's', 'w', 'i', 'p', 'e', 't', 'v', '.', 'i', 'e', '\0',
+  /* "swiss-apartments.com", true */ 's', 'w', 'i', 's', 's', '-', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "swiss-connection.net", true */ 's', 'w', 'i', 's', 's', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "swiss-cyber-experts.ch", true */ 's', 'w', 'i', 's', 's', '-', 'c', 'y', 'b', 'e', 'r', '-', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "swisscannabis.club", true */ 's', 'w', 'i', 's', 's', 'c', 'a', 'n', 'n', 'a', 'b', 'i', 's', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "swissdojo.ch", true */ 's', 'w', 'i', 's', 's', 'd', 'o', 'j', 'o', '.', 'c', 'h', '\0',
+  /* "swisselement365.com", true */ 's', 'w', 'i', 's', 's', 'e', 'l', 'e', 'm', 'e', 'n', 't', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "swissentreprises.ch", true */ 's', 'w', 'i', 's', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'h', '\0',
+  /* "swissfreshaircan.ch", true */ 's', 'w', 'i', 's', 's', 'f', 'r', 'e', 's', 'h', 'a', 'i', 'r', 'c', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "swissfreshaircan.com", true */ 's', 'w', 'i', 's', 's', 'f', 'r', 'e', 's', 'h', 'a', 'i', 'r', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "swissid.ch", true */ 's', 'w', 'i', 's', 's', 'i', 'd', '.', 'c', 'h', '\0',
+  /* "swisslinux.org", true */ 's', 'w', 'i', 's', 's', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "swisswebhelp.ch", true */ 's', 'w', 'i', 's', 's', 'w', 'e', 'b', 'h', 'e', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "swissxperts.ch", true */ 's', 'w', 'i', 's', 's', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "switch.moe", true */ 's', 'w', 'i', 't', 'c', 'h', '.', 'm', 'o', 'e', '\0',
+  /* "switzerland-family-office.com", true */ 's', 'w', 'i', 't', 'z', 'e', 'r', 'l', 'a', 'n', 'd', '-', 'f', 'a', 'm', 'i', 'l', 'y', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "swordfeng.xyz", true */ 's', 'w', 'o', 'r', 'd', 'f', 'e', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "swuosa.org", true */ 's', 'w', 'u', 'o', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "swvaux.com", true */ 's', 'w', 'v', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "swyn.net", true */ 's', 'w', 'y', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sy24.ru", true */ 's', 'y', '2', '4', '.', 'r', 'u', '\0',
+  /* "syajvo.if.ua", true */ 's', 'y', 'a', 'j', 'v', 'o', '.', 'i', 'f', '.', 'u', 'a', '\0',
+  /* "sycamorememphis.org", true */ 's', 'y', 'c', 'a', 'm', 'o', 'r', 'e', 'm', 'e', 'm', 'p', 'h', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sychov.pro", true */ 's', 'y', 'c', 'h', 'o', 'v', '.', 'p', 'r', 'o', '\0',
+  /* "sydney-sehen.com", true */ 's', 'y', 'd', 'n', 'e', 'y', '-', 's', 'e', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sydney.dating", true */ 's', 'y', 'd', 'n', 'e', 'y', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "syenar.net", true */ 's', 'y', 'e', 'n', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "syezd.com.au", true */ 's', 'y', 'e', 'z', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "syha.org.uk", true */ 's', 'y', 'h', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "syhost.at", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'a', 't', '\0',
+  /* "syhost.ch", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'c', 'h', '\0',
+  /* "syhost.de", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "sykepleien.no", false */ 's', 'y', 'k', 'e', 'p', 'l', 'e', 'i', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "sylaps.com", true */ 's', 'y', 'l', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "syleam.in", true */ 's', 'y', 'l', 'e', 'a', 'm', '.', 'i', 'n', '\0',
+  /* "syllogi.xyz", true */ 's', 'y', 'l', 'l', 'o', 'g', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "sylvaindurand.fr", true */ 's', 'y', 'l', 'v', 'a', 'i', 'n', 'd', 'u', 'r', 'a', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "sylvaindurand.org", true */ 's', 'y', 'l', 'v', 'a', 'i', 'n', 'd', 'u', 'r', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "sylvan.me", true */ 's', 'y', 'l', 'v', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "sylvangarden.net", true */ 's', 'y', 'l', 'v', 'a', 'n', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sylve.ch", true */ 's', 'y', 'l', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "symb.ch", true */ 's', 'y', 'm', 'b', '.', 'c', 'h', '\0',
+  /* "symbiose-bien-etre.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'b', 'i', 'e', 'n', '-', 'e', 't', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "symbiose-com.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "symbiose-immobilier.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "symbiose.com", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "symbiosecom.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "symeda.de", true */ 's', 'y', 'm', 'e', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "symphonos.it", true */ 's', 'y', 'm', 'p', 'h', 'o', 'n', 'o', 's', '.', 'i', 't', '\0',
+  /* "symptome-erklaert.de", true */ 's', 'y', 'm', 'p', 't', 'o', 'm', 'e', '-', 'e', 'r', 'k', 'l', 'a', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "synabi.com", true */ 's', 'y', 'n', 'a', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "synaptickz.me", true */ 's', 'y', 'n', 'a', 'p', 't', 'i', 'c', 'k', 'z', '.', 'm', 'e', '\0',
+  /* "synatra.co", true */ 's', 'y', 'n', 'a', 't', 'r', 'a', '.', 'c', 'o', '\0',
+  /* "sync-it.no", true */ 's', 'y', 'n', 'c', '-', 'i', 't', '.', 'n', 'o', '\0',
+  /* "syncaddict.net", true */ 's', 'y', 'n', 'c', 'a', 'd', 'd', 'i', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "synchrocube.com", true */ 's', 'y', 'n', 'c', 'h', 'r', 'o', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "synchtu.be", false */ 's', 'y', 'n', 'c', 'h', 't', 'u', '.', 'b', 'e', '\0',
+  /* "syncmylife.net", false */ 's', 'y', 'n', 'c', 'm', 'y', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "syncrise.co.jp", true */ 's', 'y', 'n', 'c', 'r', 'i', 's', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "syndic-discount.fr", false */ 's', 'y', 'n', 'd', 'i', 'c', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'f', 'r', '\0',
+  /* "syneart.com", true */ 's', 'y', 'n', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "synecek11.cz", true */ 's', 'y', 'n', 'e', 'c', 'e', 'k', '1', '1', '.', 'c', 'z', '\0',
+  /* "synergyflare.com", true */ 's', 'y', 'n', 'e', 'r', 'g', 'y', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "synergyworkingdogclub.com", true */ 's', 'y', 'n', 'e', 'r', 'g', 'y', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'd', 'o', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "synfin.org", true */ 's', 'y', 'n', 'f', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "synony.me", true */ 's', 'y', 'n', 'o', 'n', 'y', '.', 'm', 'e', '\0',
+  /* "synotna.eu", true */ 's', 'y', 'n', 'o', 't', 'n', 'a', '.', 'e', 'u', '\0',
+  /* "syntaxnightmare.com", true */ 's', 'y', 'n', 't', 'a', 'x', 'n', 'i', 'g', 'h', 't', 'm', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "syntheticmotoroil.org", true */ 's', 'y', 'n', 't', 'h', 'e', 't', 'i', 'c', 'm', 'o', 't', 'o', 'r', 'o', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "synthetik.com", true */ 's', 'y', 'n', 't', 'h', 'e', 't', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "syriatalk.biz", true */ 's', 'y', 'r', 'i', 'a', 't', 'a', 'l', 'k', '.', 'b', 'i', 'z', '\0',
+  /* "syriatalk.org", true */ 's', 'y', 'r', 'i', 'a', 't', 'a', 'l', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sys.tf", true */ 's', 'y', 's', '.', 't', 'f', '\0',
+  /* "sysadm.guru", true */ 's', 'y', 's', 'a', 'd', 'm', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "sysadmin.pm", false */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'p', 'm', '\0',
+  /* "sysadmin.xyz", true */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "sysadmins.ro", true */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', 's', '.', 'r', 'o', '\0',
+  /* "sysctl.se", true */ 's', 'y', 's', 'c', 't', 'l', '.', 's', 'e', '\0',
+  /* "sysert.tv", false */ 's', 'y', 's', 'e', 'r', 't', '.', 't', 'v', '\0',
+  /* "sysmike.de", true */ 's', 'y', 's', 'm', 'i', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "sysmike.net", true */ 's', 'y', 's', 'm', 'i', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "systea.fr", true */ 's', 'y', 's', 't', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "systea.net", true */ 's', 'y', 's', 't', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "system-m.de", true */ 's', 'y', 's', 't', 'e', 'm', '-', 'm', '.', 'd', 'e', '\0',
+  /* "system.cf", true */ 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'f', '\0',
+  /* "system.is", true */ 's', 'y', 's', 't', 'e', 'm', '.', 'i', 's', '\0',
+  /* "system12.pl", true */ 's', 'y', 's', 't', 'e', 'm', '1', '2', '.', 'p', 'l', '\0',
+  /* "system365.eu", true */ 's', 'y', 's', 't', 'e', 'm', '3', '6', '5', '.', 'e', 'u', '\0',
+  /* "systemd.ch", true */ 's', 'y', 's', 't', 'e', 'm', 'd', '.', 'c', 'h', '\0',
+  /* "systemeprod.fr", true */ 's', 'y', 's', 't', 'e', 'm', 'e', 'p', 'r', 'o', 'd', '.', 'f', 'r', '\0',
+  /* "systemintegra.ru", true */ 's', 'y', 's', 't', 'e', 'm', 'i', 'n', 't', 'e', 'g', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "systemli.org", true */ 's', 'y', 's', 't', 'e', 'm', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "systemreboot.net", true */ 's', 'y', 's', 't', 'e', 'm', 'r', 'e', 'b', 'o', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "systemspace.link", true */ 's', 'y', 's', 't', 'e', 'm', 's', 'p', 'a', 'c', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "systoolbox.net", true */ 's', 'y', 's', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "sysystems.cz", true */ 's', 'y', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'z', '\0',
+  /* "syt3.net", true */ 's', 'y', 't', '3', '.', 'n', 'e', 't', '\0',
+  /* "syy.im", true */ 's', 'y', 'y', '.', 'i', 'm', '\0',
+  /* "syzygy-tables.info", true */ 's', 'y', 'z', 'y', 'g', 'y', '-', 't', 'a', 'b', 'l', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "szagun.net", true */ 's', 'z', 'a', 'g', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "szamitogepdepo.com", true */ 's', 'z', 'a', 'm', 'i', 't', 'o', 'g', 'e', 'p', 'd', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "szaydon.me", false */ 's', 'z', 'a', 'y', 'd', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "szczot3k.pl", true */ 's', 'z', 'c', 'z', 'o', 't', '3', 'k', '.', 'p', 'l', '\0',
+  /* "szechenyi2020.hu", true */ 's', 'z', 'e', 'c', 'h', 'e', 'n', 'y', 'i', '2', '0', '2', '0', '.', 'h', 'u', '\0',
+  /* "szentistvanpt.sk", true */ 's', 'z', 'e', 'n', 't', 'i', 's', 't', 'v', 'a', 'n', 'p', 't', '.', 's', 'k', '\0',
+  /* "szerelem.love", true */ 's', 'z', 'e', 'r', 'e', 'l', 'e', 'm', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "szongott.net", true */ 's', 'z', 'o', 'n', 'g', 'o', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "szunia.com", true */ 's', 'z', 'u', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "szybkiebieganie.pl", true */ 's', 'z', 'y', 'b', 'k', 'i', 'e', 'b', 'i', 'e', 'g', 'a', 'n', 'i', 'e', '.', 'p', 'l', '\0',
+  /* "szyndler.ch", true */ 's', 'z', 'y', 'n', 'd', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "t-hawk.com", true */ 't', '-', 'h', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "t-net.org.hu", true */ 't', '-', 'n', 'e', 't', '.', 'o', 'r', 'g', '.', 'h', 'u', '\0',
+  /* "t-point.eu", true */ 't', '-', 'p', 'o', 'i', 'n', 't', '.', 'e', 'u', '\0',
+  /* "t-shirts4less.nl", true */ 't', '-', 's', 'h', 'i', 'r', 't', 's', '4', 'l', 'e', 's', 's', '.', 'n', 'l', '\0',
+  /* "t-stonegroup.com", true */ 't', '-', 's', 't', 'o', 'n', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "t.facebook.com", false */ 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "t0ne.net", false */ 't', '0', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "t12u.com", true */ 't', '1', '2', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "t2000headphones.com", true */ 't', '2', '0', '0', '0', 'h', 'e', 'a', 'd', 'p', 'h', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "t2000laserpointers.com", true */ 't', '2', '0', '0', '0', 'l', 'a', 's', 'e', 'r', 'p', 'o', 'i', 'n', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "t23m-navi.jp", false */ 't', '2', '3', 'm', '-', 'n', 'a', 'v', 'i', '.', 'j', 'p', '\0',
+  /* "t2i.nl", true */ 't', '2', 'i', '.', 'n', 'l', '\0',
+  /* "t47.io", true */ 't', '4', '7', '.', 'i', 'o', '\0',
+  /* "t7e.de", false */ 't', '7', 'e', '.', 'd', 'e', '\0',
+  /* "ta-65.com", true */ 't', 'a', '-', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "ta-sports.net", true */ 't', 'a', '-', 's', 'p', 'o', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "ta65.com", true */ 't', 'a', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "taabe.net", true */ 't', 'a', 'a', 'b', 'e', '.', 'n', 'e', 't', '\0',
+  /* "taartenfeesies.nl", true */ 't', 'a', 'a', 'r', 't', 'e', 'n', 'f', 'e', 'e', 's', 'i', 'e', 's', '.', 'n', 'l', '\0',
+  /* "tab.watch", true */ 't', 'a', 'b', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "tabernadovinho.com.br", true */ 't', 'a', 'b', 'e', 'r', 'n', 'a', 'd', 'o', 'v', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "taberu-fujitsubo.com", true */ 't', 'a', 'b', 'e', 'r', 'u', '-', 'f', 'u', 'j', 'i', 't', 's', 'u', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tabino.top", true */ 't', 'a', 'b', 'i', 'n', 'o', '.', 't', 'o', 'p', '\0',
+  /* "tabithawebb.co.uk", true */ 't', 'a', 'b', 'i', 't', 'h', 'a', 'w', 'e', 'b', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tabla-periodica.com", true */ 't', 'a', 'b', 'l', 'a', '-', 'p', 'e', 'r', 'i', 'o', 'd', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tabledusud.be", true */ 't', 'a', 'b', 'l', 'e', 'd', 'u', 's', 'u', 'd', '.', 'b', 'e', '\0',
+  /* "tabledusud.nl", true */ 't', 'a', 'b', 'l', 'e', 'd', 'u', 's', 'u', 'd', '.', 'n', 'l', '\0',
+  /* "tablescraps.com", true */ 't', 'a', 'b', 'l', 'e', 's', 'c', 'r', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tablet.facebook.com", false */ 't', 'a', 'b', 'l', 'e', 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tablotv.com", false */ 't', 'a', 'b', 'l', 'o', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "taborsky.cz", true */ 't', 'a', 'b', 'o', 'r', 's', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "tac-volley.com", true */ 't', 'a', 'c', '-', 'v', 'o', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tacklog.com", true */ 't', 'a', 'c', 'k', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tacoma-games.com", true */ 't', 'a', 'c', 'o', 'm', 'a', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tacomafia.net", false */ 't', 'a', 'c', 'o', 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "tacotown.tk", true */ 't', 'a', 'c', 'o', 't', 'o', 'w', 'n', '.', 't', 'k', '\0',
+  /* "tacticalsquare.com", true */ 't', 'a', 'c', 't', 'i', 'c', 'a', 'l', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tadata.me", true */ 't', 'a', 'd', 'a', 't', 'a', '.', 'm', 'e', '\0',
+  /* "tadcastercircuit.org.uk", true */ 't', 'a', 'd', 'c', 'a', 's', 't', 'e', 'r', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "tadtadya.com", true */ 't', 'a', 'd', 't', 'a', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tadu.de", true */ 't', 'a', 'd', 'u', '.', 'd', 'e', '\0',
+  /* "tagdocumentary.com", true */ 't', 'a', 'g', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tagesmutter-in-bilm.de", true */ 't', 'a', 'g', 'e', 's', 'm', 'u', 't', 't', 'e', 'r', '-', 'i', 'n', '-', 'b', 'i', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "taggedpdf.com", false */ 't', 'a', 'g', 'g', 'e', 'd', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "taglioepiega.com", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "taglioepiega.eu", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'e', 'u', '\0',
+  /* "taglioepiega.it", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'i', 't', '\0',
+  /* "tahf.net", true */ 't', 'a', 'h', 'f', '.', 'n', 'e', 't', '\0',
+  /* "tahosa.co", true */ 't', 'a', 'h', 'o', 's', 'a', '.', 'c', 'o', '\0',
+  /* "tahosalodge.org", true */ 't', 'a', 'h', 'o', 's', 'a', 'l', 'o', 'd', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "taidu.news", true */ 't', 'a', 'i', 'd', 'u', '.', 'n', 'e', 'w', 's', '\0',
+  /* "tailandfur.com", true */ 't', 'a', 'i', 'l', 'a', 'n', 'd', 'f', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tailpuff.net", true */ 't', 'a', 'i', 'l', 'p', 'u', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "tails.boum.org", true */ 't', 'a', 'i', 'l', 's', '.', 'b', 'o', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "taim.io", true */ 't', 'a', 'i', 'm', '.', 'i', 'o', '\0',
+  /* "taishon.nagoya", true */ 't', 'a', 'i', 's', 'h', 'o', 'n', '.', 'n', 'a', 'g', 'o', 'y', 'a', '\0',
+  /* "taiwan.dating", true */ 't', 'a', 'i', 'w', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "taiwantour.info", true */ 't', 'a', 'i', 'w', 'a', 'n', 't', 'o', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "taiyouko-hatuden.net", true */ 't', 'a', 'i', 'y', 'o', 'u', 'k', 'o', '-', 'h', 'a', 't', 'u', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tajper.pl", true */ 't', 'a', 'j', 'p', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "take1give1.com", false */ 't', 'a', 'k', 'e', '1', 'g', 'i', 'v', 'e', '1', '.', 'c', 'o', 'm', '\0',
+  /* "takebonus.com", true */ 't', 'a', 'k', 'e', 'b', 'o', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "takedownthissite.com", true */ 't', 'a', 'k', 'e', 'd', 'o', 'w', 'n', 't', 'h', 'i', 's', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "takeitoffline.co.uk", true */ 't', 'a', 'k', 'e', 'i', 't', 'o', 'f', 'f', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "takemoto-ped.com", true */ 't', 'a', 'k', 'e', 'm', 'o', 't', 'o', '-', 'p', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "taken.pl", true */ 't', 'a', 'k', 'e', 'n', '.', 'p', 'l', '\0',
+  /* "takeshifujimoto.com", true */ 't', 'a', 'k', 'e', 's', 'h', 'i', 'f', 'u', 'j', 'i', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "takinet.kr", true */ 't', 'a', 'k', 'i', 'n', 'e', 't', '.', 'k', 'r', '\0',
+  /* "takk.pl", true */ 't', 'a', 'k', 'k', '.', 'p', 'l', '\0',
+  /* "takkaaaaa.com", true */ 't', 'a', 'k', 'k', 'a', 'a', 'a', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "takuto.de", true */ 't', 'a', 'k', 'u', 't', 'o', '.', 'd', 'e', '\0',
+  /* "takuyaphotos.com", true */ 't', 'a', 'k', 'u', 'y', 'a', 'p', 'h', 'o', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "talado.gr", false */ 't', 'a', 'l', 'a', 'd', 'o', '.', 'g', 'r', '\0',
+  /* "talentcast.nl", false */ 't', 'a', 'l', 'e', 'n', 't', 'c', 'a', 's', 't', '.', 'n', 'l', '\0',
+  /* "talenthero.io", true */ 't', 'a', 'l', 'e', 'n', 't', 'h', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "talentos.pt", true */ 't', 'a', 'l', 'e', 'n', 't', 'o', 's', '.', 'p', 't', '\0',
+  /* "taler.net", true */ 't', 'a', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "talideon.com", false */ 't', 'a', 'l', 'i', 'd', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "talk.google.com", true */ 't', 'a', 'l', 'k', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "talk.xyz", true */ 't', 'a', 'l', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "talkgadget.google.com", true */ 't', 'a', 'l', 'k', 'g', 'a', 'd', 'g', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "talkreal.net", true */ 't', 'a', 'l', 'k', 'r', 'e', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "talktodarcy.com", true */ 't', 'a', 'l', 'k', 't', 'o', 'd', 'a', 'r', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "talkwithyourbaby.org", true */ 't', 'a', 'l', 'k', 'w', 'i', 't', 'h', 'y', 'o', 'u', 'r', 'b', 'a', 'b', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "tallcraft.com", true */ 't', 'a', 'l', 'l', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "talldude.net", true */ 't', 'a', 'l', 'l', 'd', 'u', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "talltreeskv.com.au", true */ 't', 'a', 'l', 'l', 't', 'r', 'e', 'e', 's', 'k', 'v', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "talon.rip", true */ 't', 'a', 'l', 'o', 'n', '.', 'r', 'i', 'p', '\0',
+  /* "talsi.eu", true */ 't', 'a', 'l', 's', 'i', '.', 'e', 'u', '\0',
+  /* "talun.de", true */ 't', 'a', 'l', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "tam7t.com", true */ 't', 'a', 'm', '7', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tamasszabo.net", true */ 't', 'a', 'm', 'a', 's', 's', 'z', 'a', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "tamchunho.com", true */ 't', 'a', 'm', 'c', 'h', 'u', 'n', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tamindir.com", true */ 't', 'a', 'm', 'i', 'n', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tammy.pro", true */ 't', 'a', 'm', 'm', 'y', '.', 'p', 'r', 'o', '\0',
+  /* "tampabaybusinesslistings.com", true */ 't', 'a', 'm', 'p', 'a', 'b', 'a', 'y', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'l', 'i', 's', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tanak3n.xyz", true */ 't', 'a', 'n', 'a', 'k', '3', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "tancredi.nl", true */ 't', 'a', 'n', 'c', 'r', 'e', 'd', 'i', '.', 'n', 'l', '\0',
+  /* "tandblekningidag.com", true */ 't', 'a', 'n', 'd', 'b', 'l', 'e', 'k', 'n', 'i', 'n', 'g', 'i', 'd', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tangiblesecurity.com", true */ 't', 'a', 'n', 'g', 'i', 'b', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tango-cats.de", true */ 't', 'a', 'n', 'g', 'o', '-', 'c', 'a', 't', 's', '.', 'd', 'e', '\0',
+  /* "tango-ouest.com", true */ 't', 'a', 'n', 'g', 'o', '-', 'o', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tangoalpha.co.uk", true */ 't', 'a', 'n', 'g', 'o', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tanhit.com", true */ 't', 'a', 'n', 'h', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "taniku-succulent.com", true */ 't', 'a', 'n', 'i', 'k', 'u', '-', 's', 'u', 'c', 'c', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tankski.co.uk", true */ 't', 'a', 'n', 'k', 's', 'k', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tannenhof-moelln.de", true */ 't', 'a', 'n', 'n', 'e', 'n', 'h', 'o', 'f', '-', 'm', 'o', 'e', 'l', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "tantalos.nl", true */ 't', 'a', 'n', 't', 'a', 'l', 'o', 's', '.', 'n', 'l', '\0',
+  /* "tantei100.net", true */ 't', 'a', 'n', 't', 'e', 'i', '1', '0', '0', '.', 'n', 'e', 't', '\0',
+  /* "tanto259.name", true */ 't', 'a', 'n', 't', 'o', '2', '5', '9', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "tanz.info", true */ 't', 'a', 'n', 'z', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tanzhijun.com", true */ 't', 'a', 'n', 'z', 'h', 'i', 'j', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "taoburee.com", true */ 't', 'a', 'o', 'b', 'u', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tapestries.tk", true */ 't', 'a', 'p', 'e', 's', 't', 'r', 'i', 'e', 's', '.', 't', 'k', '\0',
+  /* "taqsim.jp", true */ 't', 'a', 'q', 's', 'i', 'm', '.', 'j', 'p', '\0',
+  /* "taquilla.com", true */ 't', 'a', 'q', 'u', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "taqun.club", true */ 't', 'a', 'q', 'u', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "taranis.re", true */ 't', 'a', 'r', 'a', 'n', 'i', 's', '.', 'r', 'e', '\0',
+  /* "tarantul.org.ua", true */ 't', 'a', 'r', 'a', 'n', 't', 'u', 'l', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "tarasecurity.co.uk", true */ 't', 'a', 'r', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tarasecurity.com", true */ 't', 'a', 'r', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tarasevich.by", true */ 't', 'a', 'r', 'a', 's', 'e', 'v', 'i', 'c', 'h', '.', 'b', 'y', '\0',
+  /* "taravancil.com", false */ 't', 'a', 'r', 'a', 'v', 'a', 'n', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tardis.io", true */ 't', 'a', 'r', 'd', 'i', 's', '.', 'i', 'o', '\0',
+  /* "tardybaker.com", true */ 't', 'a', 'r', 'd', 'y', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tarek.link", true */ 't', 'a', 'r', 'e', 'k', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "targimieszkaniowe.net", true */ 't', 'a', 'r', 'g', 'i', 'm', 'i', 'e', 's', 'z', 'k', 'a', 'n', 'i', 'o', 'w', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tarik.io", true */ 't', 'a', 'r', 'i', 'k', '.', 'i', 'o', '\0',
+  /* "tarsan.cz", true */ 't', 'a', 'r', 's', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "tarsashaz-biztositas.hu", true */ 't', 'a', 'r', 's', 'a', 's', 'h', 'a', 'z', '-', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'h', 'u', '\0',
+  /* "tartaneagle.org.uk", true */ 't', 'a', 'r', 't', 'a', 'n', 'e', 'a', 'g', 'l', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "tartanhamedshop.com.br", true */ 't', 'a', 'r', 't', 'a', 'n', 'h', 'a', 'm', 'e', 'd', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "taskin.me", true */ 't', 'a', 's', 'k', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "taskotron.fedoraproject.org", true */ 't', 'a', 's', 'k', 'o', 't', 'r', 'o', 'n', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "taskotron.stg.fedoraproject.org", true */ 't', 'a', 's', 'k', 'o', 't', 'r', 'o', 'n', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "taskstream.com", true */ 't', 'a', 's', 'k', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "taskulu.com", true */ 't', 'a', 's', 'k', 'u', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tasta.ro", true */ 't', 'a', 's', 't', 'a', '.', 'r', 'o', '\0',
+  /* "tasticfilm.com", true */ 't', 'a', 's', 't', 'i', 'c', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tastycake.net", true */ 't', 'a', 's', 't', 'y', 'c', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tastystakes.com", true */ 't', 'a', 's', 't', 'y', 's', 't', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tat2grl85.com", true */ 't', 'a', 't', '2', 'g', 'r', 'l', '8', '5', '.', 'c', 'o', 'm', '\0',
+  /* "tatara.ne.jp", true */ 't', 'a', 't', 'a', 'r', 'a', '.', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "tateesq.com", true */ 't', 'a', 't', 'e', 'e', 's', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "tatiloley.com", true */ 't', 'a', 't', 'i', 'l', 'o', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tatort-fanpage.de", true */ 't', 'a', 't', 'o', 'r', 't', '-', 'f', 'a', 'n', 'p', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tatsidou.gr", true */ 't', 'a', 't', 's', 'i', 'd', 'o', 'u', '.', 'g', 'r', '\0',
+  /* "tattoo.dating", true */ 't', 'a', 't', 't', 'o', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "tavolaquadrada.com.br", true */ 't', 'a', 'v', 'o', 'l', 'a', 'q', 'u', 'a', 'd', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tavsys.net", true */ 't', 'a', 'v', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "taxaroo.com", true */ 't', 'a', 'x', 'a', 'r', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "taxaudit.com", true */ 't', 'a', 'x', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "taxi-24std.de", true */ 't', 'a', 'x', 'i', '-', '2', '4', 's', 't', 'd', '.', 'd', 'e', '\0',
+  /* "taxi-chamonix.fr", true */ 't', 'a', 'x', 'i', '-', 'c', 'h', 'a', 'm', 'o', 'n', 'i', 'x', '.', 'f', 'r', '\0',
+  /* "taxi-collectif.ch", true */ 't', 'a', 'x', 'i', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', '.', 'c', 'h', '\0',
+  /* "taxicollectif.ch", true */ 't', 'a', 'x', 'i', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', '.', 'c', 'h', '\0',
+  /* "taxiindenbosch.nl", true */ 't', 'a', 'x', 'i', 'i', 'n', 'd', 'e', 'n', 'b', 'o', 's', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "taxis-collectifs.ch", true */ 't', 'a', 'x', 'i', 's', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', 's', '.', 'c', 'h', '\0',
+  /* "taxisafmatosinhos.pt", true */ 't', 'a', 'x', 'i', 's', 'a', 'f', 'm', 'a', 't', 'o', 's', 'i', 'n', 'h', 'o', 's', '.', 'p', 't', '\0',
+  /* "taxiscollectifs.ch", true */ 't', 'a', 'x', 'i', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', 's', '.', 'c', 'h', '\0',
+  /* "taxlab.co.nz", true */ 't', 'a', 'x', 'l', 'a', 'b', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "taxmadras.com", true */ 't', 'a', 'x', 'm', 'a', 'd', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "taxspeaker.com", true */ 't', 'a', 'x', 's', 'p', 'e', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "taxsquirrel.com", true */ 't', 'a', 'x', 's', 'q', 'u', 'i', 'r', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "taylorpearson.me", false */ 't', 'a', 'y', 'l', 'o', 'r', 'p', 'e', 'a', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "taylors-castles.co.uk", true */ 't', 'a', 'y', 'l', 'o', 'r', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "taysonvodao.fr", true */ 't', 'a', 'y', 's', 'o', 'n', 'v', 'o', 'd', 'a', 'o', '.', 'f', 'r', '\0',
+  /* "tazemama.biz", true */ 't', 'a', 'z', 'e', 'm', 'a', 'm', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "tb-devel.de", true */ 't', 'b', '-', 'd', 'e', 'v', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "tb-itf.de", true */ 't', 'b', '-', 'i', 't', 'f', '.', 'd', 'e', '\0',
+  /* "tbarter.com", false */ 't', 'b', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tbitc.ch", true */ 't', 'b', 'i', 't', 'c', '.', 'c', 'h', '\0',
+  /* "tbonejs.org", true */ 't', 'b', 'o', 'n', 'e', 'j', 's', '.', 'o', 'r', 'g', '\0',
+  /* "tbrindus.ca", true */ 't', 'b', 'r', 'i', 'n', 'd', 'u', 's', '.', 'c', 'a', '\0',
+  /* "tbrss.com", true */ 't', 'b', 'r', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tbs-certificates.co.uk", true */ 't', 'b', 's', '-', 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tbtech.cz", true */ 't', 'b', 't', 'e', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "tbuchloh.de", true */ 't', 'b', 'u', 'c', 'h', 'l', 'o', 'h', '.', 'd', 'e', '\0',
+  /* "tc-st-leonard.ch", true */ 't', 'c', '-', 's', 't', '-', 'l', 'e', 'o', 'n', 'a', 'r', 'd', '.', 'c', 'h', '\0',
+  /* "tc.nz", true */ 't', 'c', '.', 'n', 'z', '\0',
+  /* "tcacademy.co.uk", true */ 't', 'c', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tcb-a.org", true */ 't', 'c', 'b', '-', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "tcb-b.org", true */ 't', 'c', 'b', '-', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "tcf.org", true */ 't', 'c', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "tcgrepublic.com", true */ 't', 'c', 'g', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "tchebb.me", true */ 't', 'c', 'h', 'e', 'b', 'b', '.', 'm', 'e', '\0',
+  /* "tchnics.de", true */ 't', 'c', 'h', 'n', 'i', 'c', 's', '.', 'd', 'e', '\0',
+  /* "tchoukball.ch", true */ 't', 'c', 'h', 'o', 'u', 'k', 'b', 'a', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "tcnapplications.com", true */ 't', 'c', 'n', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tcptun.com", true */ 't', 'c', 'p', 't', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tdchrom.com", true */ 't', 'd', 'c', 'h', 'r', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tdfbfoundation.org", true */ 't', 'd', 'f', 'b', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "tdrcartuchos.com.br", true */ 't', 'd', 'r', 'c', 'a', 'r', 't', 'u', 'c', 'h', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tdrs.info", true */ 't', 'd', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tdsinflatables.co.uk", true */ 't', 'd', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tdude.co", true */ 't', 'd', 'u', 'd', 'e', '.', 'c', 'o', '\0',
+  /* "teabagdesign.co.uk", true */ 't', 'e', 'a', 'b', 'a', 'g', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "teachercreatedmaterials.com", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'c', 'r', 'e', 'a', 't', 'e', 'd', 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teacherph.com", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "teacherph.net", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'h', '.', 'n', 'e', 't', '\0',
+  /* "teacherpowered.org", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "teachingcopyright.com", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "teachingcopyright.net", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "teachingcopyright.org", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "teachmeplease.com", true */ 't', 'e', 'a', 'c', 'h', 'm', 'e', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "teachmeplease.ru", true */ 't', 'e', 'a', 'c', 'h', 'm', 'e', 'p', 'l', 'e', 'a', 's', 'e', '.', 'r', 'u', '\0',
+  /* "teachpeople.org", true */ 't', 'e', 'a', 'c', 'h', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "teachwithouttears.com", true */ 't', 'e', 'a', 'c', 'h', 'w', 'i', 't', 'h', 'o', 'u', 't', 't', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teahut.net", true */ 't', 'e', 'a', 'h', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "team-azerty.com", true */ 't', 'e', 'a', 'm', '-', 'a', 'z', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "team-bbd.com", true */ 't', 'e', 'a', 'm', '-', 'b', 'b', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "team-pancake.eu", true */ 't', 'e', 'a', 'm', '-', 'p', 'a', 'n', 'c', 'a', 'k', 'e', '.', 'e', 'u', '\0',
+  /* "team3482.com", true */ 't', 'e', 'a', 'm', '3', '4', '8', '2', '.', 'c', 'o', 'm', '\0',
+  /* "teamassists.com", true */ 't', 'e', 'a', 'm', 'a', 's', 's', 'i', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teambeam.at", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'a', 't', '\0',
+  /* "teambeam.ch", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "teambeam.com", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "teambeam.de", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "teambition.com", true */ 't', 'e', 'a', 'm', 'b', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "teamcombat.com", true */ 't', 'e', 'a', 'm', 'c', 'o', 'm', 'b', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "teamdaylo.xyz", true */ 't', 'e', 'a', 'm', 'd', 'a', 'y', 'l', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "teamliquidpro.com", true */ 't', 'e', 'a', 'm', 'l', 'i', 'q', 'u', 'i', 'd', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "teammathics.com", true */ 't', 'e', 'a', 'm', 'm', 'a', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teamnetsol.com", true */ 't', 'e', 'a', 'm', 'n', 'e', 't', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "teamnissannorthparts.com", true */ 't', 'e', 'a', 'm', 'n', 'i', 's', 's', 'a', 'n', 'n', 'o', 'r', 't', 'h', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teamnorthgermany.de", true */ 't', 'e', 'a', 'm', 'n', 'o', 'r', 't', 'h', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "teampaddymurphy.ch", true */ 't', 'e', 'a', 'm', 'p', 'a', 'd', 'd', 'y', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "teampaddymurphy.ie", true */ 't', 'e', 'a', 'm', 'p', 'a', 'd', 'd', 'y', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'i', 'e', '\0',
+  /* "teamtouring.net", true */ 't', 'e', 'a', 'm', 't', 'o', 'u', 'r', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "teamtrack.uk", true */ 't', 'e', 'a', 'm', 't', 'r', 'a', 'c', 'k', '.', 'u', 'k', '\0',
+  /* "teamupturn.com", true */ 't', 'e', 'a', 'm', 'u', 'p', 't', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "teamupturn.org", true */ 't', 'e', 'a', 'm', 'u', 'p', 't', 'u', 'r', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "teamx-gaming.de", true */ 't', 'e', 'a', 'm', 'x', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "teaparty.id", true */ 't', 'e', 'a', 'p', 'a', 'r', 't', 'y', '.', 'i', 'd', '\0',
+  /* "teasenetwork.com", true */ 't', 'e', 'a', 's', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "teaser-trailer.com", true */ 't', 'e', 'a', 's', 'e', 'r', '-', 't', 'r', 'a', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "teatrarium.com", true */ 't', 'e', 'a', 't', 'r', 'a', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tec3000.ch", true */ 't', 'e', 'c', '3', '0', '0', '0', '.', 'c', 'h', '\0',
+  /* "tecart-cloud.de", true */ 't', 'e', 'c', 'a', 'r', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "tecart-system.de", true */ 't', 'e', 'c', 'a', 'r', 't', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'd', 'e', '\0',
+  /* "tecartcrm.de", true */ 't', 'e', 'c', 'a', 'r', 't', 'c', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "tech-blogger.net", true */ 't', 'e', 'c', 'h', '-', 'b', 'l', 'o', 'g', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tech-clips.com", true */ 't', 'e', 'c', 'h', '-', 'c', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tech-director.ru", true */ 't', 'e', 'c', 'h', '-', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', '.', 'r', 'u', '\0',
+  /* "tech-essential.com", true */ 't', 'e', 'c', 'h', '-', 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tech-rat.com", true */ 't', 'e', 'c', 'h', '-', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tech-seminar.jp", true */ 't', 'e', 'c', 'h', '-', 's', 'e', 'm', 'i', 'n', 'a', 'r', '.', 'j', 'p', '\0',
+  /* "tech-value.eu", true */ 't', 'e', 'c', 'h', '-', 'v', 'a', 'l', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "tech-zealots.com", true */ 't', 'e', 'c', 'h', '-', 'z', 'e', 'a', 'l', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "techace.jp", true */ 't', 'e', 'c', 'h', 'a', 'c', 'e', '.', 'j', 'p', '\0',
+  /* "techademy.nl", true */ 't', 'e', 'c', 'h', 'a', 'd', 'e', 'm', 'y', '.', 'n', 'l', '\0',
+  /* "techarea.fr", true */ 't', 'e', 'c', 'h', 'a', 'r', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "techbrown.com", true */ 't', 'e', 'c', 'h', 'b', 'r', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "techcentric.com", false */ 't', 'e', 'c', 'h', 'c', 'e', 'n', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "techcracky.com", true */ 't', 'e', 'c', 'h', 'c', 'r', 'a', 'c', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "techcultivation.de", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "techcultivation.net", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "techcultivation.org", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "techday.co.nz", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "techday.com", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "techday.com.au", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "techday.eu", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'e', 'u', '\0',
+  /* "techdirt.com", true */ 't', 'e', 'c', 'h', 'd', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "techendeavors.com", true */ 't', 'e', 'c', 'h', 'e', 'n', 'd', 'e', 'a', 'v', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "techhappy.ca", true */ 't', 'e', 'c', 'h', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'a', '\0',
+  /* "techinet.pl", true */ 't', 'e', 'c', 'h', 'i', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "techjoe.co", true */ 't', 'e', 'c', 'h', 'j', 'o', 'e', '.', 'c', 'o', '\0',
+  /* "techmajesty.com", true */ 't', 'e', 'c', 'h', 'm', 'a', 'j', 'e', 's', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "techmasters.io", true */ 't', 'e', 'c', 'h', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "techmunchies.net", false */ 't', 'e', 'c', 'h', 'm', 'u', 'n', 'c', 'h', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "technicabv.nl", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'b', 'v', '.', 'n', 'l', '\0',
+  /* "technicalforensic.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'f', 'o', 'r', 'e', 'n', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "technicallyeasy.net", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'l', 'y', 'e', 'a', 's', 'y', '.', 'n', 'e', 't', '\0',
+  /* "technicalpenguins.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'p', 'e', 'n', 'g', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "technifocal.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'f', 'o', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "technikrom.org", true */ 't', 'e', 'c', 'h', 'n', 'i', 'k', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "technoinfogroup.it", true */ 't', 'e', 'c', 'h', 'n', 'o', 'i', 'n', 'f', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'i', 't', '\0',
+  /* "technologie-innovation.fr", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '-', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "technologyand.me", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 'a', 'n', 'd', '.', 'm', 'e', '\0',
+  /* "technologysi.com", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "technoparcepsilon.fr", true */ 't', 'e', 'c', 'h', 'n', 'o', 'p', 'a', 'r', 'c', 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "technoscoots.com", true */ 't', 'e', 'c', 'h', 'n', 'o', 's', 'c', 'o', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "technosorcery.net", true */ 't', 'e', 'c', 'h', 'n', 'o', 's', 'o', 'r', 'c', 'e', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "technotonic.co.uk", true */ 't', 'e', 'c', 'h', 'n', 'o', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "techold.ru", true */ 't', 'e', 'c', 'h', 'o', 'l', 'd', '.', 'r', 'u', '\0',
+  /* "techorbiter.com", true */ 't', 'e', 'c', 'h', 'o', 'r', 'b', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "techosmarcelo.com.ar", true */ 't', 'e', 'c', 'h', 'o', 's', 'm', 'a', 'r', 'c', 'e', 'l', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "techpivot.net", true */ 't', 'e', 'c', 'h', 'p', 'i', 'v', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "techpro.net.br", true */ 't', 'e', 'c', 'h', 'p', 'r', 'o', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "techshift.eu", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 'e', 'u', '\0',
+  /* "techshift.nl", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 'n', 'l', '\0',
+  /* "techshift.se", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 's', 'e', '\0',
+  /* "techtalks.no", true */ 't', 'e', 'c', 'h', 't', 'a', 'l', 'k', 's', '.', 'n', 'o', '\0',
+  /* "techtuts.info", true */ 't', 'e', 'c', 'h', 't', 'u', 't', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "techunit.org", true */ 't', 'e', 'c', 'h', 'u', 'n', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "techvalue.gr", true */ 't', 'e', 'c', 'h', 'v', 'a', 'l', 'u', 'e', '.', 'g', 'r', '\0',
+  /* "techviewforum.com", true */ 't', 'e', 'c', 'h', 'v', 'i', 'e', 'w', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "techwayz.com", true */ 't', 'e', 'c', 'h', 'w', 'a', 'y', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "techwords.io", true */ 't', 'e', 'c', 'h', 'w', 'o', 'r', 'd', 's', '.', 'i', 'o', '\0',
+  /* "tecit.ch", true */ 't', 'e', 'c', 'i', 't', '.', 'c', 'h', '\0',
+  /* "tecne.ws", true */ 't', 'e', 'c', 'n', 'e', '.', 'w', 's', '\0',
+  /* "tecnoarea.com.ar", true */ 't', 'e', 'c', 'n', 'o', 'a', 'r', 'e', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "tecnobrasilloja.com.br", true */ 't', 'e', 'c', 'n', 'o', 'b', 'r', 'a', 's', 'i', 'l', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tecnodritte.it", true */ 't', 'e', 'c', 'n', 'o', 'd', 'r', 'i', 't', 't', 'e', '.', 'i', 't', '\0',
+  /* "tecyt.com", true */ 't', 'e', 'c', 'y', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tedb.us", true */ 't', 'e', 'd', 'b', '.', 'u', 's', '\0',
+  /* "teddy.ch", true */ 't', 'e', 'd', 'd', 'y', '.', 'c', 'h', '\0',
+  /* "teddybradford.com", true */ 't', 'e', 'd', 'd', 'y', 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "teddylu.info", true */ 't', 'e', 'd', 'd', 'y', 'l', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tedeh.net", true */ 't', 'e', 'd', 'e', 'h', '.', 'n', 'e', 't', '\0',
+  /* "tedsdivingsystem.com", true */ 't', 'e', 'd', 's', 'd', 'i', 'v', 'i', 'n', 'g', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tee-idf.net", true */ 't', 'e', 'e', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "teebeedee.org", true */ 't', 'e', 'e', 'b', 'e', 'e', 'd', 'e', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "teedb.de", true */ 't', 'e', 'e', 'd', 'b', '.', 'd', 'e', '\0',
+  /* "teemo.gg", true */ 't', 'e', 'e', 'm', 'o', '.', 'g', 'g', '\0',
+  /* "teemperor.de", true */ 't', 'e', 'e', 'm', 'p', 'e', 'r', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "teemulintula.fi", true */ 't', 'e', 'e', 'm', 'u', 'l', 'i', 'n', 't', 'u', 'l', 'a', '.', 'f', 'i', '\0',
+  /* "teencounseling.com", true */ 't', 'e', 'e', 'n', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "teeplelaw.com", true */ 't', 'e', 'e', 'p', 'l', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "teeworlds-friends.de", true */ 't', 'e', 'e', 'w', 'o', 'r', 'l', 'd', 's', '-', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'd', 'e', '\0',
+  /* "tefek.cz", true */ 't', 'e', 'f', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "tege-elektronik.hu", true */ 't', 'e', 'g', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', '.', 'h', 'u', '\0',
+  /* "tehcrayz.com", true */ 't', 'e', 'h', 'c', 'r', 'a', 'y', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "tehplace.club", true */ 't', 'e', 'h', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "tehrabbitt.com", false */ 't', 'e', 'h', 'r', 'a', 'b', 'b', 'i', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tehranperfume.com", true */ 't', 'e', 'h', 'r', 'a', 'n', 'p', 'e', 'r', 'f', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "teixobactin.com", true */ 't', 'e', 'i', 'x', 'o', 'b', 'a', 'c', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tejarat98.com", true */ 't', 'e', 'j', 'a', 'r', 'a', 't', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "tekiro.com", true */ 't', 'e', 'k', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "teknemodus.com.au", true */ 't', 'e', 'k', 'n', 'e', 'm', 'o', 'd', 'u', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "teknik.io", true */ 't', 'e', 'k', 'n', 'i', 'k', '.', 'i', 'o', '\0',
+  /* "teknogeek.id", true */ 't', 'e', 'k', 'n', 'o', 'g', 'e', 'e', 'k', '.', 'i', 'd', '\0',
+  /* "tekstschrijvers.net", true */ 't', 'e', 'k', 's', 't', 's', 'c', 'h', 'r', 'i', 'j', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "tektuts.com", true */ 't', 'e', 'k', 't', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tekuteku.jp", true */ 't', 'e', 'k', 'u', 't', 'e', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "tele-alarme.ch", true */ 't', 'e', 'l', 'e', '-', 'a', 'l', 'a', 'r', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "tele-assistance.ch", true */ 't', 'e', 'l', 'e', '-', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "tele-online.com", true */ 't', 'e', 'l', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "telealarme.ch", true */ 't', 'e', 'l', 'e', 'a', 'l', 'a', 'r', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "telealarmevalais.ch", true */ 't', 'e', 'l', 'e', 'a', 'l', 'a', 'r', 'm', 'e', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "telecamera.pro", false */ 't', 'e', 'l', 'e', 'c', 'a', 'm', 'e', 'r', 'a', '.', 'p', 'r', 'o', '\0',
+  /* "telecharger-open-office.com", true */ 't', 'e', 'l', 'e', 'c', 'h', 'a', 'r', 'g', 'e', 'r', '-', 'o', 'p', 'e', 'n', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "telecharger-winrar.com", true */ 't', 'e', 'l', 'e', 'c', 'h', 'a', 'r', 'g', 'e', 'r', '-', 'w', 'i', 'n', 'r', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "telecomwestland.nl", true */ 't', 'e', 'l', 'e', 'c', 'o', 'm', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "teledivi.com", true */ 't', 'e', 'l', 'e', 'd', 'i', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "telefon.report", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "telefoncek.si", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'c', 'e', 'k', '.', 's', 'i', '\0',
+  /* "telefonkonferenz.ch", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'k', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'z', '.', 'c', 'h', '\0',
+  /* "telefonni-ustredna.cz", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'n', 'i', '-', 'u', 's', 't', 'r', 'e', 'd', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "telefonseelsorge-paderborn.de", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 's', 'e', 'e', 'l', 's', 'o', 'r', 'g', 'e', '-', 'p', 'a', 'd', 'e', 'r', 'b', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "telefoonabonnement.nl", true */ 't', 'e', 'l', 'e', 'f', 'o', 'o', 'n', 'a', 'b', 'o', 'n', 'n', 'e', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "telehealthventures.com", false */ 't', 'e', 'l', 'e', 'h', 'e', 'a', 'l', 't', 'h', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teleogistic.net", true */ 't', 'e', 'l', 'e', 'o', 'g', 'i', 's', 't', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "telepass.me", true */ 't', 'e', 'l', 'e', 'p', 'a', 's', 's', '.', 'm', 'e', '\0',
+  /* "telling.xyz", true */ 't', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "telly.site", true */ 't', 'e', 'l', 'l', 'y', '.', 's', 'i', 't', 'e', '\0',
+  /* "tellygames.com", true */ 't', 'e', 'l', 'l', 'y', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teloo.pl", true */ 't', 'e', 'l', 'o', 'o', '.', 'p', 'l', '\0',
+  /* "telos-analytics.com", true */ 't', 'e', 'l', 'o', 's', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "telugu4u.net", true */ 't', 'e', 'l', 'u', 'g', 'u', '4', 'u', '.', 'n', 'e', 't', '\0',
+  /* "tem.li", true */ 't', 'e', 'm', '.', 'l', 'i', '\0',
+  /* "temizmama.com", true */ 't', 'e', 'm', 'i', 'z', 'm', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "temp.pm", true */ 't', 'e', 'm', 'p', '.', 'p', 'm', '\0',
+  /* "tempdomain.ml", true */ 't', 'e', 'm', 'p', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'm', 'l', '\0',
+  /* "template-parks.com", true */ 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', '-', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "templateinvaders.com", true */ 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', 'i', 'n', 'v', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "temptraining.ru", false */ 't', 'e', 'm', 'p', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "tempus-aquilae.de", true */ 't', 'e', 'm', 'p', 'u', 's', '-', 'a', 'q', 'u', 'i', 'l', 'a', 'e', '.', 'd', 'e', '\0',
+  /* "tenable.com.au", true */ 't', 'e', 'n', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "tenberg.com", true */ 't', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tenbos.ch", true */ 't', 'e', 'n', 'b', 'o', 's', '.', 'c', 'h', '\0',
+  /* "tendermaster.com.ua", true */ 't', 'e', 'n', 'd', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "tenderstem.co.uk", true */ 't', 'e', 'n', 'd', 'e', 'r', 's', 't', 'e', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tendomag.com", true */ 't', 'e', 'n', 'd', 'o', 'm', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tenenz.com", true */ 't', 'e', 'n', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "tengu.cloud", true */ 't', 'e', 'n', 'g', 'u', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "tenisservis.eu", true */ 't', 'e', 'n', 'i', 's', 's', 'e', 'r', 'v', 'i', 's', '.', 'e', 'u', '\0',
+  /* "tenkofx.com", true */ 't', 'e', 'n', 'k', 'o', 'f', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "tennisadmin.com", true */ 't', 'e', 'n', 'n', 'i', 's', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tennismindgame.com", true */ 't', 'e', 'n', 'n', 'i', 's', 'm', 'i', 'n', 'd', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tenpolab.com", true */ 't', 'e', 'n', 'p', 'o', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "tenseapp.pl", true */ 't', 'e', 'n', 's', 'e', 'a', 'p', 'p', '.', 'p', 'l', '\0',
+  /* "tenshoku-hanashi.com", true */ 't', 'e', 'n', 's', 'h', 'o', 'k', 'u', '-', 'h', 'a', 'n', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tent.io", true */ 't', 'e', 'n', 't', '.', 'i', 'o', '\0',
+  /* "tenta.com", true */ 't', 'e', 'n', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tentabrowser.com", true */ 't', 'e', 'n', 't', 'a', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tentations-voyages.com", false */ 't', 'e', 'n', 't', 'a', 't', 'i', 'o', 'n', 's', '-', 'v', 'o', 'y', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tenthousandcoffees.com", true */ 't', 'e', 'n', 't', 'h', 'o', 'u', 's', 'a', 'n', 'd', 'c', 'o', 'f', 'f', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tenyx.de", true */ 't', 'e', 'n', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "teodio.cl", true */ 't', 'e', 'o', 'd', 'i', 'o', '.', 'c', 'l', '\0',
+  /* "teoskanta.fi", true */ 't', 'e', 'o', 's', 'k', 'a', 'n', 't', 'a', '.', 'f', 'i', '\0',
+  /* "tepid.org", true */ 't', 'e', 'p', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "tepitus.de", true */ 't', 'e', 'p', 'i', 't', 'u', 's', '.', 'd', 'e', '\0',
+  /* "tequilazor.com", true */ 't', 'e', 'q', 'u', 'i', 'l', 'a', 'z', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "teracloud.at", true */ 't', 'e', 'r', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0',
+  /* "teranacreative.com", true */ 't', 'e', 'r', 'a', 'n', 'a', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "teranga.ch", true */ 't', 'e', 'r', 'a', 'n', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "teriiphotography.com", true */ 't', 'e', 'r', 'i', 'i', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "terlindung.com", true */ 't', 'e', 'r', 'l', 'i', 'n', 'd', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "terminalvelocity.co.nz", true */ 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', 'v', 'e', 'l', 'o', 'c', 'i', 't', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "termitemounds.org", true */ 't', 'e', 'r', 'm', 'i', 't', 'e', 'm', 'o', 'u', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "termitinitus.org", true */ 't', 'e', 'r', 'm', 'i', 't', 'i', 'n', 'i', 't', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "terrab.de", false */ 't', 'e', 'r', 'r', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "terracloud.de", false */ 't', 'e', 'r', 'r', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "terraelectronica.ru", true */ 't', 'e', 'r', 'r', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', '.', 'r', 'u', '\0',
+  /* "terrafinanz.de", true */ 't', 'e', 'r', 'r', 'a', 'f', 'i', 'n', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "terraform.io", true */ 't', 'e', 'r', 'r', 'a', 'f', 'o', 'r', 'm', '.', 'i', 'o', '\0',
+  /* "terragni-sarasin.ch", true */ 't', 'e', 'r', 'r', 'a', 'g', 'n', 'i', '-', 's', 'a', 'r', 'a', 's', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "terrainator.com", true */ 't', 'e', 'r', 'r', 'a', 'i', 'n', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "terralimno.com", true */ 't', 'e', 'r', 'r', 'a', 'l', 'i', 'm', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "terralimno.eu", true */ 't', 'e', 'r', 'r', 'a', 'l', 'i', 'm', 'n', 'o', '.', 'e', 'u', '\0',
+  /* "terraluna.space", true */ 't', 'e', 'r', 'r', 'a', 'l', 'u', 'n', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "terrastaffinggroup.com", false */ 't', 'e', 'r', 'r', 'a', 's', 't', 'a', 'f', 'f', 'i', 'n', 'g', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "terraweb.net", true */ 't', 'e', 'r', 'r', 'a', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "terrazoo.de", true */ 't', 'e', 'r', 'r', 'a', 'z', 'o', 'o', '.', 'd', 'e', '\0',
+  /* "terresmagiques.com", true */ 't', 'e', 'r', 'r', 'e', 's', 'm', 'a', 'g', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "terrty.net", true */ 't', 'e', 'r', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "tes.com", true */ 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tesche.biz", true */ 't', 'e', 's', 'c', 'h', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "teschenhausen.com", true */ 't', 'e', 's', 'c', 'h', 'e', 'n', 'h', 'a', 'u', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tescoirelandpayslips.com", true */ 't', 'e', 's', 'c', 'o', 'i', 'r', 'e', 'l', 'a', 'n', 'd', 'p', 'a', 'y', 's', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tescolide.cz", true */ 't', 'e', 's', 'c', 'o', 'l', 'i', 'd', 'e', '.', 'c', 'z', '\0',
+  /* "tescoludia.sk", true */ 't', 'e', 's', 'c', 'o', 'l', 'u', 'd', 'i', 'a', '.', 's', 'k', '\0',
+  /* "teskalabs.com", true */ 't', 'e', 's', 'k', 'a', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tesoro.pr", true */ 't', 'e', 's', 'o', 'r', 'o', '.', 'p', 'r', '\0',
+  /* "tessai.ga", true */ 't', 'e', 's', 's', 'a', 'i', '.', 'g', 'a', '\0',
+  /* "test.de", true */ 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "testadren.com", true */ 't', 'e', 's', 't', 'a', 'd', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "testadron.com", true */ 't', 'e', 's', 't', 'a', 'd', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "testbawks.com", true */ 't', 'e', 's', 't', 'b', 'a', 'w', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "testbirds.cz", true */ 't', 'e', 's', 't', 'b', 'i', 'r', 'd', 's', '.', 'c', 'z', '\0',
+  /* "testbirds.sk", true */ 't', 'e', 's', 't', 'b', 'i', 'r', 'd', 's', '.', 's', 'k', '\0',
+  /* "testgeomed.ro", true */ 't', 'e', 's', 't', 'g', 'e', 'o', 'm', 'e', 'd', '.', 'r', 'o', '\0',
+  /* "testi.info", true */ 't', 'e', 's', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "testingbot.com", false */ 't', 'e', 's', 't', 'i', 'n', 'g', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "testnode.xyz", false */ 't', 'e', 's', 't', 'n', 'o', 'd', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "testomato.com", true */ 't', 'e', 's', 't', 'o', 'm', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "testosterone-complex.com", true */ 't', 'e', 's', 't', 'o', 's', 't', 'e', 'r', 'o', 'n', 'e', '-', 'c', 'o', 'm', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "testpornsite.com", true */ 't', 'e', 's', 't', 'p', 'o', 'r', 'n', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "testsuite.org", true */ 't', 'e', 's', 't', 's', 'u', 'i', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "testuje.net", true */ 't', 'e', 's', 't', 'u', 'j', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tetedelacourse.ch", true */ 't', 'e', 't', 'e', 'd', 'e', 'l', 'a', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'h', '\0',
+  /* "tetrarch.co", true */ 't', 'e', 't', 'r', 'a', 'r', 'c', 'h', '.', 'c', 'o', '\0',
+  /* "tetsugakunomichi.jp", true */ 't', 'e', 't', 's', 'u', 'g', 'a', 'k', 'u', 'n', 'o', 'm', 'i', 'c', 'h', 'i', '.', 'j', 'p', '\0',
+  /* "tetsumaki.net", true */ 't', 'e', 't', 's', 'u', 'm', 'a', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "teuniz.nl", true */ 't', 'e', 'u', 'n', 'i', 'z', '.', 'n', 'l', '\0',
+  /* "teunstuinposters.nl", true */ 't', 'e', 'u', 'n', 's', 't', 'u', 'i', 'n', 'p', 'o', 's', 't', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "teva-li.com", true */ 't', 'e', 'v', 'a', '-', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tewarilab.co.uk", true */ 't', 'e', 'w', 'a', 'r', 'i', 'l', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tewkesburybouncycastles.co.uk", true */ 't', 'e', 'w', 'k', 'e', 's', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "texasllcpros.com", true */ 't', 'e', 'x', 'a', 's', 'l', 'l', 'c', 'p', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "texaspaintingandgutters.com", true */ 't', 'e', 'x', 'a', 's', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'a', 'n', 'd', 'g', 'u', 't', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "texastwostepdivorce.com", true */ 't', 'e', 'x', 'a', 's', 't', 'w', 'o', 's', 't', 'e', 'p', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "texasvolunteerattorneys.org", true */ 't', 'e', 'x', 'a', 's', 'v', 'o', 'l', 'u', 'n', 't', 'e', 'e', 'r', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "texby.com", true */ 't', 'e', 'x', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "texhnolyze.net", true */ 't', 'e', 'x', 'h', 'n', 'o', 'l', 'y', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "text-shirt.com", true */ 't', 'e', 'x', 't', '-', 's', 'h', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "textburst.com", true */ 't', 'e', 'x', 't', 'b', 'u', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "texter-linz.at", true */ 't', 'e', 'x', 't', 'e', 'r', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "texterseo.at", true */ 't', 'e', 'x', 't', 'e', 'r', 's', 'e', 'o', '.', 'a', 't', '\0',
+  /* "texterseo.de", true */ 't', 'e', 'x', 't', 'e', 'r', 's', 'e', 'o', '.', 'd', 'e', '\0',
+  /* "textpedia.org", true */ 't', 'e', 'x', 't', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "textualapp.com", true */ 't', 'e', 'x', 't', 'u', 'a', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "texture.net.au", true */ 't', 'e', 'x', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "texus.me", true */ 't', 'e', 'x', 'u', 's', '.', 'm', 'e', '\0',
+  /* "texy.info", true */ 't', 'e', 'x', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "teysens.com", true */ 't', 'e', 'y', 's', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teyssedre.ca", true */ 't', 'e', 'y', 's', 's', 'e', 'd', 'r', 'e', '.', 'c', 'a', '\0',
+  /* "tezcam.tk", true */ 't', 'e', 'z', 'c', 'a', 'm', '.', 't', 'k', '\0',
+  /* "tf-network.de", true */ 't', 'f', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "tf2b.com", true */ 't', 'f', '2', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "tf2calculator.com", true */ 't', 'f', '2', 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tfg-bouncycastles.com", true */ 't', 'f', 'g', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tfle.xyz", true */ 't', 'f', 'l', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "tflite.com", true */ 't', 'f', 'l', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tfnapps.de", true */ 't', 'f', 'n', 'a', 'p', 'p', 's', '.', 'd', 'e', '\0',
+  /* "tfx.com.br", true */ 't', 'f', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tfx.pt", true */ 't', 'f', 'x', '.', 'p', 't', '\0',
+  /* "tfxstartup.com", true */ 't', 'f', 'x', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tfxstartup.com.br", true */ 't', 'f', 'x', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tgamobility.co.uk", true */ 't', 'g', 'a', 'm', 'o', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tgbyte.com", true */ 't', 'g', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tgbyte.de", true */ 't', 'g', 'b', 'y', 't', 'e', '.', 'd', 'e', '\0',
+  /* "tgexport.eu", true */ 't', 'g', 'e', 'x', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0',
+  /* "tgmkanis.com", true */ 't', 'g', 'm', 'k', 'a', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tgod.co", true */ 't', 'g', 'o', 'd', '.', 'c', 'o', '\0',
+  /* "tgtv.tn", true */ 't', 'g', 't', 'v', '.', 't', 'n', '\0',
+  /* "tgui.eu", true */ 't', 'g', 'u', 'i', '.', 'e', 'u', '\0',
+  /* "tgui.net", true */ 't', 'g', 'u', 'i', '.', 'n', 'e', 't', '\0',
+  /* "tgw.com", true */ 't', 'g', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "th.search.yahoo.com", false */ 't', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thablubb.de", true */ 't', 'h', 'a', 'b', 'l', 'u', 'b', 'b', '.', 'd', 'e', '\0',
+  /* "thaedal.net", true */ 't', 'h', 'a', 'e', 'd', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "thai.dating", true */ 't', 'h', 'a', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "thai.land", false */ 't', 'h', 'a', 'i', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "thaianthro.com", true */ 't', 'h', 'a', 'i', 'a', 'n', 't', 'h', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thaicyberpoint.com", true */ 't', 'h', 'a', 'i', 'c', 'y', 'b', 'e', 'r', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thaiforest.ch", true */ 't', 'h', 'a', 'i', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "thaihomecooking.com", true */ 't', 'h', 'a', 'i', 'h', 'o', 'm', 'e', 'c', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thailandpharmacy.net", true */ 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'n', 'e', 't', '\0',
+  /* "thairehabassociation.com", true */ 't', 'h', 'a', 'i', 'r', 'e', 'h', 'a', 'b', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thajskyraj.com", true */ 't', 'h', 'a', 'j', 's', 'k', 'y', 'r', 'a', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "thalan.fr", true */ 't', 'h', 'a', 'l', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "thalgott.net", true */ 't', 'h', 'a', 'l', 'g', 'o', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "thalhammer.it", true */ 't', 'h', 'a', 'l', 'h', 'a', 'm', 'm', 'e', 'r', '.', 'i', 't', '\0',
+  /* "thalskarth.com", true */ 't', 'h', 'a', 'l', 's', 'k', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thamesfamilydentistry.com", true */ 't', 'h', 'a', 'm', 'e', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'd', 'e', 'n', 't', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thanabh.at", true */ 't', 'h', 'a', 'n', 'a', 'b', 'h', '.', 'a', 't', '\0',
+  /* "thanatoid.net", true */ 't', 'h', 'a', 'n', 'a', 't', 'o', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "thanhthinhbui.com", true */ 't', 'h', 'a', 'n', 'h', 't', 'h', 'i', 'n', 'h', 'b', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "thatgudstuff.com", true */ 't', 'h', 'a', 't', 'g', 'u', 'd', 's', 't', 'u', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "thatpodcast.io", true */ 't', 'h', 'a', 't', 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 'i', 'o', '\0',
+  /* "thatquiz.org", true */ 't', 'h', 'a', 't', 'q', 'u', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "thca.ca", true */ 't', 'h', 'c', 'a', '.', 'c', 'a', '\0',
+  /* "thcpbees.co.uk", true */ 't', 'h', 'c', 'p', 'b', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "the-body-shop.hu", false */ 't', 'h', 'e', '-', 'b', 'o', 'd', 'y', '-', 's', 'h', 'o', 'p', '.', 'h', 'u', '\0',
+  /* "the-earth-yui.net", false */ 't', 'h', 'e', '-', 'e', 'a', 'r', 't', 'h', '-', 'y', 'u', 'i', '.', 'n', 'e', 't', '\0',
+  /* "the-hemingway-code.de", true */ 't', 'h', 'e', '-', 'h', 'e', 'm', 'i', 'n', 'g', 'w', 'a', 'y', '-', 'c', 'o', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "the-mystery.org", true */ 't', 'h', 'e', '-', 'm', 'y', 's', 't', 'e', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "the-paddies.de", true */ 't', 'h', 'e', '-', 'p', 'a', 'd', 'd', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "the-pcca.org", true */ 't', 'h', 'e', '-', 'p', 'c', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "the-webmaster.com", true */ 't', 'h', 'e', '-', 'w', 'e', 'b', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "the-zenti.de", true */ 't', 'h', 'e', '-', 'z', 'e', 'n', 't', 'i', '.', 'd', 'e', '\0',
+  /* "the2f.de", true */ 't', 'h', 'e', '2', 'f', '.', 'd', 'e', '\0',
+  /* "the3musketeers.biz", true */ 't', 'h', 'e', '3', 'm', 'u', 's', 'k', 'e', 't', 'e', 'e', 'r', 's', '.', 'b', 'i', 'z', '\0',
+  /* "theankhlife.com", true */ 't', 'h', 'e', 'a', 'n', 'k', 'h', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thebakers.com.br", true */ 't', 'h', 'e', 'b', 'a', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "thebasebk.org", true */ 't', 'h', 'e', 'b', 'a', 's', 'e', 'b', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "thebcm.co.uk", true */ 't', 'h', 'e', 'b', 'c', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebest.ch", true */ 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "thebestfun.co.uk", true */ 't', 'h', 'e', 'b', 'e', 's', 't', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebestsavingsplan.com", true */ 't', 'h', 'e', 'b', 'e', 's', 't', 's', 'a', 'v', 'i', 'n', 'g', 's', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thebigbitch.nl", true */ 't', 'h', 'e', 'b', 'i', 'g', 'b', 'i', 't', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "thebigdatacompany.com", true */ 't', 'h', 'e', 'b', 'i', 'g', 'd', 'a', 't', 'a', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thebigwave.de", true */ 't', 'h', 'e', 'b', 'i', 'g', 'w', 'a', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "thebikeinsurer.co.uk", true */ 't', 'h', 'e', 'b', 'i', 'k', 'e', 'i', 'n', 's', 'u', 'r', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebimhub.com", true */ 't', 'h', 'e', 'b', 'i', 'm', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "thebit.link", true */ 't', 'h', 'e', 'b', 'i', 't', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "theblackknightsings.com", true */ 't', 'h', 'e', 'b', 'l', 'a', 'c', 'k', 'k', 'n', 'i', 'g', 'h', 't', 's', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thebodyprinciple.com", true */ 't', 'h', 'e', 'b', 'o', 'd', 'y', 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thebouncedepartment.co.uk", true */ 't', 'h', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'd', 'e', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebouncyman.co.uk", true */ 't', 'h', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theboxofcarlos.com", true */ 't', 'h', 'e', 'b', 'o', 'x', 'o', 'f', 'c', 'a', 'r', 'l', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thebreakhotel.com", true */ 't', 'h', 'e', 'b', 'r', 'e', 'a', 'k', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thebreakroom.org", true */ 't', 'h', 'e', 'b', 'r', 'e', 'a', 'k', 'r', 'o', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "thebte.com", true */ 't', 'h', 'e', 'b', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thebuffalotavern.com", true */ 't', 'h', 'e', 'b', 'u', 'f', 'f', 'a', 'l', 'o', 't', 'a', 'v', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thecandidforum.com", true */ 't', 'h', 'e', 'c', 'a', 'n', 'd', 'i', 'd', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thecarolingconnection.com", true */ 't', 'h', 'e', 'c', 'a', 'r', 'o', 'l', 'i', 'n', 'g', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thecherryship.ch", true */ 't', 'h', 'e', 'c', 'h', 'e', 'r', 'r', 'y', 's', 'h', 'i', 'p', '.', 'c', 'h', '\0',
+  /* "theciderlink.com.au", true */ 't', 'h', 'e', 'c', 'i', 'd', 'e', 'r', 'l', 'i', 'n', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thecitizens.com", true */ 't', 'h', 'e', 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thecitywarehouse.clothing", true */ 't', 'h', 'e', 'c', 'i', 't', 'y', 'w', 'a', 'r', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "theclimbingunit.com", true */ 't', 'h', 'e', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', 'u', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thecloudmigrator.com", true */ 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', 'm', 'i', 'g', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thecloudrevolution.net", true */ 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "thecoffeepod.co.uk", true */ 't', 'h', 'e', 'c', 'o', 'f', 'f', 'e', 'e', 'p', 'o', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thecoffeesuperstore.com", true */ 't', 'h', 'e', 'c', 'o', 'f', 'f', 'e', 'e', 's', 'u', 'p', 'e', 'r', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thecolumnist.net", true */ 't', 'h', 'e', 'c', 'o', 'l', 'u', 'm', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "thecondobuyers.com", true */ 't', 'h', 'e', 'c', 'o', 'n', 'd', 'o', 'b', 'u', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thecozycastle.com", true */ 't', 'h', 'e', 'c', 'o', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thecrazytravel.com", true */ 't', 'h', 'e', 'c', 'r', 'a', 'z', 'y', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thecrew-exchange.com", true */ 't', 'h', 'e', 'c', 'r', 'e', 'w', '-', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thecrochetcottage.net", true */ 't', 'h', 'e', 'c', 'r', 'o', 'c', 'h', 'e', 't', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thecskr.in", true */ 't', 'h', 'e', 'c', 's', 'k', 'r', '.', 'i', 'n', '\0',
+  /* "thecsw.com", true */ 't', 'h', 'e', 'c', 's', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "thecuppacakery.co.uk", true */ 't', 'h', 'e', 'c', 'u', 'p', 'p', 'a', 'c', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thecuriouscat.net", true */ 't', 'h', 'e', 'c', 'u', 'r', 'i', 'o', 'u', 's', 'c', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "thecustomizewindows.com", true */ 't', 'h', 'e', 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thedailyupvote.com", true */ 't', 'h', 'e', 'd', 'a', 'i', 'l', 'y', 'u', 'p', 'v', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedark1337.com", true */ 't', 'h', 'e', 'd', 'a', 'r', 'k', '1', '3', '3', '7', '.', 'c', 'o', 'm', '\0',
+  /* "thederminstitute.com", true */ 't', 'h', 'e', 'd', 'e', 'r', 'm', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedevilwearswibra.nl", true */ 't', 'h', 'e', 'd', 'e', 'v', 'i', 'l', 'w', 'e', 'a', 'r', 's', 'w', 'i', 'b', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "thedevrycommonsbrasil.com", false */ 't', 'h', 'e', 'd', 'e', 'v', 'r', 'y', 'c', 'o', 'm', 'm', 'o', 'n', 's', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thediaryofadam.com", true */ 't', 'h', 'e', 'd', 'i', 'a', 'r', 'y', 'o', 'f', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thedisc.nl", true */ 't', 'h', 'e', 'd', 'i', 's', 'c', '.', 'n', 'l', '\0',
+  /* "thediscovine.com", true */ 't', 'h', 'e', 'd', 'i', 's', 'c', 'o', 'v', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedocumentrefinery.com", true */ 't', 'h', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'r', 'e', 'f', 'i', 'n', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thedominatorsclan.com", true */ 't', 'h', 'e', 'd', 'o', 'm', 'i', 'n', 'a', 't', 'o', 'r', 's', 'c', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thedreamtravelgroup.co.uk", true */ 't', 'h', 'e', 'd', 'r', 'e', 'a', 'm', 't', 'r', 'a', 'v', 'e', 'l', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thedrinks.co", true */ 't', 'h', 'e', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', '\0',
+  /* "thedronechart.com", true */ 't', 'h', 'e', 'd', 'r', 'o', 'n', 'e', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thedrunkencabbage.com", true */ 't', 'h', 'e', 'd', 'r', 'u', 'n', 'k', 'e', 'n', 'c', 'a', 'b', 'b', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedutchmarketers.com", true */ 't', 'h', 'e', 'd', 'u', 't', 'c', 'h', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theebookkeepers.co.za", true */ 't', 'h', 'e', 'e', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "theeducationchannel.info", true */ 't', 'h', 'e', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "theeducationdirectory.org", true */ 't', 'h', 'e', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "theevergreen.me", true */ 't', 'h', 'e', 'e', 'v', 'e', 'r', 'g', 'r', 'e', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "theexpatriate.de", true */ 't', 'h', 'e', 'e', 'x', 'p', 'a', 't', 'r', 'i', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "thefanimatrix.net", true */ 't', 'h', 'e', 'f', 'a', 'n', 'i', 'm', 'a', 't', 'r', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "thefbstalker.com", true */ 't', 'h', 'e', 'f', 'b', 's', 't', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "theferrarista.com", true */ 't', 'h', 'e', 'f', 'e', 'r', 'r', 'a', 'r', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "theflyingbear.net", true */ 't', 'h', 'e', 'f', 'l', 'y', 'i', 'n', 'g', 'b', 'e', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "thefnafarchive.org", true */ 't', 'h', 'e', 'f', 'n', 'a', 'f', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "thefox.com.fr", true */ 't', 'h', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "thefrk.pw", true */ 't', 'h', 'e', 'f', 'r', 'k', '.', 'p', 'w', '\0',
+  /* "thefunfirm.co.uk", true */ 't', 'h', 'e', 'f', 'u', 'n', 'f', 'i', 'r', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thegarrowcompany.com", true */ 't', 'h', 'e', 'g', 'a', 'r', 'r', 'o', 'w', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thegcccoin.com", true */ 't', 'h', 'e', 'g', 'c', 'c', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thegeekdiary.com", true */ 't', 'h', 'e', 'g', 'e', 'e', 'k', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thegioinano.com", true */ 't', 'h', 'e', 'g', 'i', 'o', 'i', 'n', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thegraciousgourmet.com", true */ 't', 'h', 'e', 'g', 'r', 'a', 'c', 'i', 'o', 'u', 's', 'g', 'o', 'u', 'r', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thegrape.ro", true */ 't', 'h', 'e', 'g', 'r', 'a', 'p', 'e', '.', 'r', 'o', '\0',
+  /* "thegreatplains.com", true */ 't', 'h', 'e', 'g', 'r', 'e', 'a', 't', 'p', 'l', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thegreenfields.se", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', 's', '.', 's', 'e', '\0',
+  /* "thegreenmanpottery.com", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 'm', 'a', 'n', 'p', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thegreens.us", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 's', '.', 'u', 's', '\0',
+  /* "thegvoffice.net", true */ 't', 'h', 'e', 'g', 'v', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thegym.org", true */ 't', 'h', 'e', 'g', 'y', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "thehackerblog.com", true */ 't', 'h', 'e', 'h', 'a', 'c', 'k', 'e', 'r', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thehaxbys.co.uk", true */ 't', 'h', 'e', 'h', 'a', 'x', 'b', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thehiddenbay.cc", true */ 't', 'h', 'e', 'h', 'i', 'd', 'd', 'e', 'n', 'b', 'a', 'y', '.', 'c', 'c', '\0',
+  /* "thehiddenbay.info", true */ 't', 'h', 'e', 'h', 'i', 'd', 'd', 'e', 'n', 'b', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "thehivedesign.org", true */ 't', 'h', 'e', 'h', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "thehomeicreate.com", true */ 't', 'h', 'e', 'h', 'o', 'm', 'e', 'i', 'c', 'r', 'e', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thehookup.be", true */ 't', 'h', 'e', 'h', 'o', 'o', 'k', 'u', 'p', '.', 'b', 'e', '\0',
+  /* "theidiotboard.com", true */ 't', 'h', 'e', 'i', 'd', 'i', 'o', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "theinflatables-ni.co.uk", true */ 't', 'h', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '-', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theinflatablesne.co.uk", true */ 't', 'h', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theinitium.com", true */ 't', 'h', 'e', 'i', 'n', 'i', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "theintercept.com", true */ 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "theinternationalgeekconspiracy.eu", true */ 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'g', 'e', 'e', 'k', 'c', 'o', 'n', 's', 'p', 'i', 'r', 'a', 'c', 'y', '.', 'e', 'u', '\0',
+  /* "thejacksoninstitute.com.au", true */ 't', 'h', 'e', 'j', 'a', 'c', 'k', 's', 'o', 'n', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thekev.in", true */ 't', 'h', 'e', 'k', 'e', 'v', '.', 'i', 'n', '\0',
+  /* "thekeymusic.com", true */ 't', 'h', 'e', 'k', 'e', 'y', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "thekingofhate.com", true */ 't', 'h', 'e', 'k', 'i', 'n', 'g', 'o', 'f', 'h', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thekrewserver.com", true */ 't', 'h', 'e', 'k', 'r', 'e', 'w', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thelaimlife.com", true */ 't', 'h', 'e', 'l', 'a', 'i', 'm', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelanscape.com", true */ 't', 'h', 'e', 'l', 'a', 'n', 's', 'c', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelastsurprise.com", true */ 't', 'h', 'e', 'l', 'a', 's', 't', 's', 'u', 'r', 'p', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelefthand.org", true */ 't', 'h', 'e', 'l', 'e', 'f', 't', 'h', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "thelinuxspace.com", true */ 't', 'h', 'e', 'l', 'i', 'n', 'u', 'x', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelinuxtree.net", true */ 't', 'h', 'e', 'l', 'i', 'n', 'u', 'x', 't', 'r', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thelittlecraft.com", true */ 't', 'h', 'e', 'l', 'i', 't', 't', 'l', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thelocals.ru", true */ 't', 'h', 'e', 'l', 'o', 'c', 'a', 'l', 's', '.', 'r', 'u', '\0',
+  /* "thelonelyones.co.uk", true */ 't', 'h', 'e', 'l', 'o', 'n', 'e', 'l', 'y', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "themacoaching.nl", true */ 't', 'h', 'e', 'm', 'a', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "themarshallproject.org", true */ 't', 'h', 'e', 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "themeaudit.com", true */ 't', 'h', 'e', 'm', 'e', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "themecraft.studio", true */ 't', 'h', 'e', 'm', 'e', 'c', 'r', 'a', 'f', 't', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "themetacity.com", true */ 't', 'h', 'e', 'm', 'e', 't', 'a', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "themilanlife.com", true */ 't', 'h', 'e', 'm', 'i', 'l', 'a', 'n', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "themillerslive.com", true */ 't', 'h', 'e', 'm', 'i', 'l', 'l', 'e', 'r', 's', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "themist.cz", true */ 't', 'h', 'e', 'm', 'i', 's', 't', '.', 'c', 'z', '\0',
+  /* "themoep.at", true */ 't', 'h', 'e', 'm', 'o', 'e', 'p', '.', 'a', 't', '\0',
+  /* "themoneyconverter.com", true */ 't', 'h', 'e', 'm', 'o', 'n', 'e', 'y', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "themonthly.com.au", true */ 't', 'h', 'e', 'm', 'o', 'n', 't', 'h', 'l', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "themostexpensiveworkofart.com", true */ 't', 'h', 'e', 'm', 'o', 's', 't', 'e', 'x', 'p', 'e', 'n', 's', 'i', 'v', 'e', 'w', 'o', 'r', 'k', 'o', 'f', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "themusecollaborative.org", true */ 't', 'h', 'e', 'm', 'u', 's', 'e', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "themusicinnoise.net", true */ 't', 'h', 'e', 'm', 'u', 's', 'i', 'c', 'i', 'n', 'n', 'o', 'i', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thenanfang.com", true */ 't', 'h', 'e', 'n', 'a', 'n', 'f', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thenarcissisticlife.com", true */ 't', 'h', 'e', 'n', 'a', 'r', 'c', 'i', 's', 's', 'i', 's', 't', 'i', 'c', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thenexwork.com", true */ 't', 'h', 'e', 'n', 'e', 'x', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "thenib.com", true */ 't', 'h', 'e', 'n', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "thenichecast.com", true */ 't', 'h', 'e', 'n', 'i', 'c', 'h', 'e', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thenocman.com", true */ 't', 'h', 'e', 'n', 'o', 'c', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "theobromos.fr", true */ 't', 'h', 'e', 'o', 'b', 'r', 'o', 'm', 'o', 's', '.', 'f', 'r', '\0',
+  /* "theocharis.org", true */ 't', 'h', 'e', 'o', 'c', 'h', 'a', 'r', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "theodorahome.co", true */ 't', 'h', 'e', 'o', 'd', 'o', 'r', 'a', 'h', 'o', 'm', 'e', '.', 'c', 'o', '\0',
+  /* "theodorahome.com.br", true */ 't', 'h', 'e', 'o', 'd', 'o', 'r', 'a', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "theofleck.com", true */ 't', 'h', 'e', 'o', 'f', 'l', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "theojones.name", true */ 't', 'h', 'e', 'o', 'j', 'o', 'n', 'e', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "theokonst.tk", true */ 't', 'h', 'e', 'o', 'k', 'o', 'n', 's', 't', '.', 't', 'k', '\0',
+  /* "theokouzelis.com", true */ 't', 'h', 'e', 'o', 'k', 'o', 'u', 'z', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theoldbrewhouse.info", true */ 't', 'h', 'e', 'o', 'l', 'd', 'b', 'r', 'e', 'w', 'h', 'o', 'u', 's', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "theoriginalbit.com", true */ 't', 'h', 'e', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "theory-test-online.co.uk", true */ 't', 'h', 'e', 'o', 'r', 'y', '-', 't', 'e', 's', 't', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theory.org", true */ 't', 'h', 'e', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "theoscure.eu", true */ 't', 'h', 'e', 'o', 's', 'c', 'u', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "theosophie-afrique.org", true */ 't', 'h', 'e', 'o', 's', 'o', 'p', 'h', 'i', 'e', '-', 'a', 'f', 'r', 'i', 'q', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "theoutline.com", true */ 't', 'h', 'e', 'o', 'u', 't', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "theoverfly.co", true */ 't', 'h', 'e', 'o', 'v', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', '\0',
+  /* "thepaffy.de", true */ 't', 'h', 'e', 'p', 'a', 'f', 'f', 'y', '.', 'd', 'e', '\0',
+  /* "thepartner.co.uk", true */ 't', 'h', 'e', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thepartydoctors.co.uk", true */ 't', 'h', 'e', 'p', 'a', 'r', 't', 'y', 'd', 'o', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thepasteb.in", true */ 't', 'h', 'e', 'p', 'a', 's', 't', 'e', 'b', '.', 'i', 'n', '\0',
+  /* "thepathsofdiscovery.com", true */ 't', 'h', 'e', 'p', 'a', 't', 'h', 's', 'o', 'f', 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thepaulagcompany.com", true */ 't', 'h', 'e', 'p', 'a', 'u', 'l', 'a', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thepaymentscompany.com", true */ 't', 'h', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thepb.in", true */ 't', 'h', 'e', 'p', 'b', '.', 'i', 'n', '\0',
+  /* "thepeninsulaires.com", true */ 't', 'h', 'e', 'p', 'e', 'n', 'i', 'n', 's', 'u', 'l', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thephonecaseplace.com", true */ 't', 'h', 'e', 'p', 'h', 'o', 'n', 'e', 'c', 'a', 's', 'e', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thephp.cc", true */ 't', 'h', 'e', 'p', 'h', 'p', '.', 'c', 'c', '\0',
+  /* "thepiabo.ovh", true */ 't', 'h', 'e', 'p', 'i', 'a', 'b', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "thepieslicer.com", true */ 't', 'h', 'e', 'p', 'i', 'e', 's', 'l', 'i', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thepiratesociety.org", true */ 't', 'h', 'e', 'p', 'i', 'r', 'a', 't', 'e', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "theplasticsurgerycenterofnashville.com", true */ 't', 'h', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'c', 'e', 'n', 't', 'e', 'r', 'o', 'f', 'n', 'a', 's', 'h', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "theplaydaysbus.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'a', 'y', 'd', 'a', 'y', 's', 'b', 'u', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theplayspot.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'a', 'y', 's', 'p', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theploughharborne.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'o', 'u', 'g', 'h', 'h', 'a', 'r', 'b', 'o', 'r', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theposhfudgecompany.co.uk", true */ 't', 'h', 'e', 'p', 'o', 's', 'h', 'f', 'u', 'd', 'g', 'e', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thepostoffice.ro", true */ 't', 'h', 'e', 'p', 'o', 's', 't', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'r', 'o', '\0',
+  /* "thepromisemusic.com", true */ 't', 'h', 'e', 'p', 'r', 'o', 'm', 'i', 's', 'e', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "theragran.co.id", true */ 't', 'h', 'e', 'r', 'a', 'g', 'r', 'a', 'n', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "theralino.de", true */ 't', 'h', 'e', 'r', 'a', 'l', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "theramo.re", true */ 't', 'h', 'e', 'r', 'a', 'm', 'o', '.', 'r', 'e', '\0',
+  /* "therapynotes.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "therapyportal.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "therapysxm.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 's', 'x', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "therealcost.gov", true */ 't', 'h', 'e', 'r', 'e', 'a', 'l', 'c', 'o', 's', 't', '.', 'g', 'o', 'v', '\0',
+  /* "theresa-mayer.eu", true */ 't', 'h', 'e', 'r', 'e', 's', 'a', '-', 'm', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "therevenge.me", true */ 't', 'h', 'e', 'r', 'e', 'v', 'e', 'n', 'g', 'e', '.', 'm', 'e', '\0',
+  /* "therewill.be", true */ 't', 'h', 'e', 'r', 'e', 'w', 'i', 'l', 'l', '.', 'b', 'e', '\0',
+  /* "thermity.com", true */ 't', 'h', 'e', 'r', 'm', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thermolamina.nl", true */ 't', 'h', 'e', 'r', 'm', 'o', 'l', 'a', 'm', 'i', 'n', 'a', '.', 'n', 'l', '\0',
+  /* "theroks.com", true */ 't', 'h', 'e', 'r', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theroyalmarinescharity.org.uk", true */ 't', 'h', 'e', 'r', 'o', 'y', 'a', 'l', 'm', 'a', 'r', 'i', 'n', 'e', 's', 'c', 'h', 'a', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "theruizes.com", true */ 't', 'h', 'e', 'r', 'u', 'i', 'z', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theruleslawyer.net", true */ 't', 'h', 'e', 'r', 'u', 'l', 'e', 's', 'l', 'a', 'w', 'y', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "therumfordcitizen.com", true */ 't', 'h', 'e', 'r', 'u', 'm', 'f', 'o', 'r', 'd', 'c', 'i', 't', 'i', 'z', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thesalonthing.com", false */ 't', 'h', 'e', 's', 'a', 'l', 'o', 'n', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thesaturdaypaper.com.au", true */ 't', 'h', 'e', 's', 'a', 't', 'u', 'r', 'd', 'a', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "theschool.jp", true */ 't', 'h', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'j', 'p', '\0',
+  /* "thesecondsposts.com", true */ 't', 'h', 'e', 's', 'e', 'c', 'o', 'n', 'd', 's', 'p', 'o', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theseed.io", true */ 't', 'h', 'e', 's', 'e', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "theseedbox.xyz", true */ 't', 'h', 'e', 's', 'e', 'e', 'd', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "theseletarmall.com", true */ 't', 'h', 'e', 's', 'e', 'l', 'e', 't', 'a', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "theseoframework.com", true */ 't', 'h', 'e', 's', 'e', 'o', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "theseosystem.com", true */ 't', 'h', 'e', 's', 'e', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thesession.org", false */ 't', 'h', 'e', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "theshadestore.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'd', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thesharedbrain.ch", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'd', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "thesharedbrain.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'd', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thesharepointfarm.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'p', 'o', 'i', 'n', 't', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "theshine.pl", true */ 't', 'h', 'e', 's', 'h', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "thesignalco.com.au", true */ 't', 'h', 'e', 's', 'i', 'g', 'n', 'a', 'l', 'c', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thesisgeek.com", true */ 't', 'h', 'e', 's', 'i', 's', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "thesishelp.net", true */ 't', 'h', 'e', 's', 'i', 's', 'h', 'e', 'l', 'p', '.', 'n', 'e', 't', '\0',
+  /* "thesled.net", true */ 't', 'h', 'e', 's', 'l', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "thesocialmediacentral.com", true */ 't', 'h', 'e', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thestoritplace.com", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'i', 't', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thestory.ie", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'y', '.', 'i', 'e', '\0',
+  /* "thestoryshack.com", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'y', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "thestrategyagency.com.au", true */ 't', 'h', 'e', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thestyle.city", true */ 't', 'h', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'i', 't', 'y', '\0',
+  /* "thesuppercircle.com", true */ 't', 'h', 'e', 's', 'u', 'p', 'p', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "theswissbay.ch", true */ 't', 'h', 'e', 's', 'w', 'i', 's', 's', 'b', 'a', 'y', '.', 'c', 'h', '\0',
+  /* "thetapirsmouth.com", true */ 't', 'h', 'e', 't', 'a', 'p', 'i', 'r', 's', 'm', 'o', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thetenscrolls.com", true */ 't', 'h', 'e', 't', 'e', 'n', 's', 'c', 'r', 'o', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thetomharling.com", true */ 't', 'h', 'e', 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thetrendspotter.net", true */ 't', 'h', 'e', 't', 'r', 'e', 'n', 'd', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "thetruthhurvitz.com", true */ 't', 'h', 'e', 't', 'r', 'u', 't', 'h', 'h', 'u', 'r', 'v', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "thetuxkeeper.de", false */ 't', 'h', 'e', 't', 'u', 'x', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "theunitedstates.io", true */ 't', 'h', 'e', 'u', 'n', 'i', 't', 'e', 'd', 's', 't', 'a', 't', 'e', 's', '.', 'i', 'o', '\0',
+  /* "thevacweb.com", true */ 't', 'h', 'e', 'v', 'a', 'c', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "thevalentineconstitution.com", true */ 't', 'h', 'e', 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'c', 'o', 'n', 's', 't', 'i', 't', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thevgg.com", false */ 't', 'h', 'e', 'v', 'g', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thevoid.one", true */ 't', 'h', 'e', 'v', 'o', 'i', 'd', '.', 'o', 'n', 'e', '\0',
+  /* "thewebdexter.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 'd', 'e', 'x', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thewebflash.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 'f', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thewebsitedoctors.co.uk", true */ 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'o', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thewebsitemarketingagency.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thewhitehat.club", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'e', 'h', 'a', 't', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "thewhiterabbit.space", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'e', 'r', 'a', 'b', 'b', 'i', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "thewhitneypaige.com", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'n', 'e', 'y', 'p', 'a', 'i', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thewindow.com", true */ 't', 'h', 'e', 'w', 'i', 'n', 'd', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "thewoodkid.com.au", true */ 't', 'h', 'e', 'w', 'o', 'o', 'd', 'k', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "theworldsend.eu", true */ 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', 's', 'e', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "thexfactorgames.com", true */ 't', 'h', 'e', 'x', 'f', 'a', 'c', 't', 'o', 'r', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thexme.de", true */ 't', 'h', 'e', 'x', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "theyachtteam.com", true */ 't', 'h', 'e', 'y', 'a', 'c', 'h', 't', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "theyarnhookup.com", false */ 't', 'h', 'e', 'y', 'a', 'r', 'n', 'h', 'o', 'o', 'k', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "theyear199x.org", true */ 't', 'h', 'e', 'y', 'e', 'a', 'r', '1', '9', '9', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "theyearinpictures.co.uk", true */ 't', 'h', 'e', 'y', 'e', 'a', 'r', 'i', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theyosh.nl", true */ 't', 'h', 'e', 'y', 'o', 's', 'h', '.', 'n', 'l', '\0',
+  /* "thezero.org", true */ 't', 'h', 'e', 'z', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "thezillersathenshotel.com", true */ 't', 'h', 'e', 'z', 'i', 'l', 'l', 'e', 'r', 's', 'a', 't', 'h', 'e', 'n', 's', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thibaultwalle.com", true */ 't', 'h', 'i', 'b', 'a', 'u', 'l', 't', 'w', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thibautcharles.net", true */ 't', 'h', 'i', 'b', 'a', 'u', 't', 'c', 'h', 'a', 'r', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "thiepcuoidep.com", true */ 't', 'h', 'i', 'e', 'p', 'c', 'u', 'o', 'i', 'd', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "thierry-daellenbach.com", true */ 't', 'h', 'i', 'e', 'r', 'r', 'y', '-', 'd', 'a', 'e', 'l', 'l', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thierrybasset.ch", true */ 't', 'h', 'i', 'e', 'r', 'r', 'y', 'b', 'a', 's', 's', 'e', 't', '.', 'c', 'h', '\0',
+  /* "thijsslop.nl", true */ 't', 'h', 'i', 'j', 's', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "thijsvanderveen.net", true */ 't', 'h', 'i', 'j', 's', 'v', 'a', 'n', 'd', 'e', 'r', 'v', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "thingies.site", true */ 't', 'h', 'i', 'n', 'g', 'i', 'e', 's', '.', 's', 'i', 't', 'e', '\0',
+  /* "thinkindifferent.net", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "thinkingandcomputing.com", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thinkingplanet.net", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'p', 'l', 'a', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "thinklikeanentrepreneur.com", true */ 't', 'h', 'i', 'n', 'k', 'l', 'i', 'k', 'e', 'a', 'n', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thinkmarketing.ca", true */ 't', 'h', 'i', 'n', 'k', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "thinkquality.nl", true */ 't', 'h', 'i', 'n', 'k', 'q', 'u', 'a', 'l', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "thinkrealty.com", true */ 't', 'h', 'i', 'n', 'k', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thinkswap.com", true */ 't', 'h', 'i', 'n', 'k', 's', 'w', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "thinktux.net", true */ 't', 'h', 'i', 'n', 'k', 't', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "thirdworld.moe", true */ 't', 'h', 'i', 'r', 'd', 'w', 'o', 'r', 'l', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "thiry-automobiles.net", true */ 't', 'h', 'i', 'r', 'y', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "thisbrownman.com", true */ 't', 'h', 'i', 's', 'b', 'r', 'o', 'w', 'n', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thiscloudiscrap.com", false */ 't', 'h', 'i', 's', 'c', 'l', 'o', 'u', 'd', 'i', 's', 'c', 'r', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "thiscode.works", true */ 't', 'h', 'i', 's', 'c', 'o', 'd', 'e', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "thisfreelife.gov", true */ 't', 'h', 'i', 's', 'f', 'r', 'e', 'e', 'l', 'i', 'f', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "thisishugo.com", false */ 't', 'h', 'i', 's', 'i', 's', 'h', 'u', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thisistheserver.com", true */ 't', 'h', 'i', 's', 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thisiswhywemom.com", true */ 't', 'h', 'i', 's', 'i', 's', 'w', 'h', 'y', 'w', 'e', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thismumdoesntknowbest.com", true */ 't', 'h', 'i', 's', 'm', 'u', 'm', 'd', 'o', 'e', 's', 'n', 't', 'k', 'n', 'o', 'w', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thisoldearth.com", true */ 't', 'h', 'i', 's', 'o', 'l', 'd', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thisserver.dontexist.net", true */ 't', 'h', 'i', 's', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'o', 'n', 't', 'e', 'x', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "thistleandleaves.com", true */ 't', 'h', 'i', 's', 't', 'l', 'e', 'a', 'n', 'd', 'l', 'e', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thm.vn", true */ 't', 'h', 'm', '.', 'v', 'n', '\0',
+  /* "thole.org", true */ 't', 'h', 'o', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "thom4s.info", true */ 't', 'h', 'o', 'm', '4', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "thomalaudan.de", true */ 't', 'h', 'o', 'm', 'a', 'l', 'a', 'u', 'd', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "thomas-bertran.com", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'b', 'e', 'r', 't', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thomas-fahle.de", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'f', 'a', 'h', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "thomas-grobelny.de", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'g', 'r', 'o', 'b', 'e', 'l', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "thomas-suchon.fr", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 's', 'u', 'c', 'h', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "thomasbeckers.be", true */ 't', 'h', 'o', 'm', 'a', 's', 'b', 'e', 'c', 'k', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "thomasetsophie.fr", true */ 't', 'h', 'o', 'm', 'a', 's', 'e', 't', 's', 'o', 'p', 'h', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "thomasfoster.co", true */ 't', 'h', 'o', 'm', 'a', 's', 'f', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "thomasgriffin.io", true */ 't', 'h', 'o', 'm', 'a', 's', 'g', 'r', 'i', 'f', 'f', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "thomashunter.name", false */ 't', 'h', 'o', 'm', 'a', 's', 'h', 'u', 'n', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "thomasmcfly.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'm', 'c', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thomassen.sh", true */ 't', 'h', 'o', 'm', 'a', 's', 's', 'e', 'n', '.', 's', 'h', '\0',
+  /* "thomasstevensmusic.com", true */ 't', 'h', 'o', 'm', 'a', 's', 's', 't', 'e', 'v', 'e', 'n', 's', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "thomastimepieces.com.au", true */ 't', 'h', 'o', 'm', 'a', 's', 't', 'i', 'm', 'e', 'p', 'i', 'e', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thomasvochten.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'v', 'o', 'c', 'h', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thomasvt.xyz", true */ 't', 'h', 'o', 'm', 'a', 's', 'v', 't', '.', 'x', 'y', 'z', '\0',
+  /* "thomaswoo.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'w', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thomsonscleaning.co.uk", true */ 't', 'h', 'o', 'm', 's', 'o', 'n', 's', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thomspooren.nl", true */ 't', 'h', 'o', 'm', 's', 'p', 'o', 'o', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "thomwiggers.nl", true */ 't', 'h', 'o', 'm', 'w', 'i', 'g', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "thor.edu", true */ 't', 'h', 'o', 'r', '.', 'e', 'd', 'u', '\0',
+  /* "thorbis.com", true */ 't', 'h', 'o', 'r', 'b', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thorbiswebsitedesign.com", true */ 't', 'h', 'o', 'r', 'b', 'i', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thorgames.nl", true */ 't', 'h', 'o', 'r', 'g', 'a', 'm', 'e', 's', '.', 'n', 'l', '\0',
+  /* "thoroquel.org", true */ 't', 'h', 'o', 'r', 'o', 'q', 'u', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "thorsten-schaefer.com", true */ 't', 'h', 'o', 'r', 's', 't', 'e', 'n', '-', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thorstenschaefer.name", true */ 't', 'h', 'o', 'r', 's', 't', 'e', 'n', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "thosci.com", true */ 't', 'h', 'o', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "thot.space", true */ 't', 'h', 'o', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "thotpublicidad.com", true */ 't', 'h', 'o', 't', 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'd', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "thoughtlessleaders.online", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 'l', 'e', 's', 's', 'l', 'e', 'a', 'd', 'e', 'r', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "thoughtsynth.com", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thoughtsynth.net", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "thoughtsynth.org", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "thouni.de", true */ 't', 'h', 'o', 'u', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "thousandoakselectrical.com", true */ 't', 'h', 'o', 'u', 's', 'a', 'n', 'd', 'o', 'a', 'k', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "threatcentral.io", true */ 't', 'h', 'r', 'e', 'a', 't', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "threebrothersbrewing.com", true */ 't', 'h', 'r', 'e', 'e', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "threecrownsllp.com", true */ 't', 'h', 'r', 'e', 'e', 'c', 'r', 'o', 'w', 'n', 's', 'l', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "threedpro.me", true */ 't', 'h', 'r', 'e', 'e', 'd', 'p', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "threefours.net", true */ 't', 'h', 'r', 'e', 'e', 'f', 'o', 'u', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "threelions.ch", true */ 't', 'h', 'r', 'e', 'e', 'l', 'i', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "thriftdiving.com", true */ 't', 'h', 'r', 'i', 'f', 't', 'd', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thrivesummit.com", true */ 't', 'h', 'r', 'i', 'v', 'e', 's', 'u', 'm', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thriveta.com", true */ 't', 'h', 'r', 'i', 'v', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "throttlerz.in", true */ 't', 'h', 'r', 'o', 't', 't', 'l', 'e', 'r', 'z', '.', 'i', 'n', '\0',
+  /* "throughtheglass.photo", true */ 't', 'h', 'r', 'o', 'u', 'g', 'h', 't', 'h', 'e', 'g', 'l', 'a', 's', 's', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "throwaway.link", true */ 't', 'h', 'r', 'o', 'w', 'a', 'w', 'a', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "throwpass.com", true */ 't', 'h', 'r', 'o', 'w', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thrx.net", true */ 't', 'h', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "thues.eu", true */ 't', 'h', 'u', 'e', 's', '.', 'e', 'u', '\0',
+  /* "thuisverpleging-meerdael.be", true */ 't', 'h', 'u', 'i', 's', 'v', 'e', 'r', 'p', 'l', 'e', 'g', 'i', 'n', 'g', '-', 'm', 'e', 'e', 'r', 'd', 'a', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "thullbery.com", true */ 't', 'h', 'u', 'l', 'l', 'b', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thunderfield-boat.co.uk", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'f', 'i', 'e', 'l', 'd', '-', 'b', 'o', 'a', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thunderfox.nl", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'f', 'o', 'x', '.', 'n', 'l', '\0',
+  /* "thunderkeys.net", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'k', 'e', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "thundr.eu", true */ 't', 'h', 'u', 'n', 'd', 'r', '.', 'e', 'u', '\0',
+  /* "thunraz.com", true */ 't', 'h', 'u', 'n', 'r', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "thusoy.com", false */ 't', 'h', 'u', 's', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thuthuatios.com", true */ 't', 'h', 'u', 't', 'h', 'u', 'a', 't', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thuviensoft.com", true */ 't', 'h', 'u', 'v', 'i', 'e', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thuviensoft.net", true */ 't', 'h', 'u', 'v', 'i', 'e', 'n', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "thw-bernburg.de", true */ 't', 'h', 'w', '-', 'b', 'e', 'r', 'n', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "thxandbye.de", true */ 't', 'h', 'x', 'a', 'n', 'd', 'b', 'y', 'e', '.', 'd', 'e', '\0',
+  /* "thyngster.com", true */ 't', 'h', 'y', 'n', 'g', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thynx.io", true */ 't', 'h', 'y', 'n', 'x', '.', 'i', 'o', '\0',
+  /* "ti-js.com", true */ 't', 'i', '-', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ti-pla.net", true */ 't', 'i', '-', 'p', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "ti-planet.org", true */ 't', 'i', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tiacollection.com", true */ 't', 'i', 'a', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tiagonunes.pt", true */ 't', 'i', 'a', 'g', 'o', 'n', 'u', 'n', 'e', 's', '.', 'p', 't', '\0',
+  /* "tiaki.org", true */ 't', 'i', 'a', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tianeptine.com", true */ 't', 'i', 'a', 'n', 'e', 'p', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tianshili.me", true */ 't', 'i', 'a', 'n', 's', 'h', 'i', 'l', 'i', '.', 'm', 'e', '\0',
+  /* "tianxicaipiao.com", true */ 't', 'i', 'a', 'n', 'x', 'i', 'c', 'a', 'i', 'p', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tibbitshall.ca", true */ 't', 'i', 'b', 'b', 'i', 't', 's', 'h', 'a', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "tibipg.com", true */ 't', 'i', 'b', 'i', 'p', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tibovanheule.site", true */ 't', 'i', 'b', 'o', 'v', 'a', 'n', 'h', 'e', 'u', 'l', 'e', '.', 's', 'i', 't', 'e', '\0',
+  /* "ticfleet.com", true */ 't', 'i', 'c', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ticketluck.com", true */ 't', 'i', 'c', 'k', 'e', 't', 'l', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ticketmates.com.au", true */ 't', 'i', 'c', 'k', 'e', 't', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ticketpro.ca", true */ 't', 'i', 'c', 'k', 'e', 't', 'p', 'r', 'o', '.', 'c', 'a', '\0',
+  /* "ticketslover.com", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'l', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ticketsmate.com", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ticketsource.co.uk", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ticketsource.eu", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "ticketsource.us", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'u', 's', '\0',
+  /* "ticketsourcebeta.co.uk", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', 'b', 'e', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ticketsvergleichen.de", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "tickit.ca", true */ 't', 'i', 'c', 'k', 'i', 't', '.', 'c', 'a', '\0',
+  /* "tid.jp", true */ 't', 'i', 'd', '.', 'j', 'p', '\0',
+  /* "tie-online.org", true */ 't', 'i', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "tielectric.ch", true */ 't', 'i', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "tiendafetichista.com", true */ 't', 'i', 'e', 'n', 'd', 'a', 'f', 'e', 't', 'i', 'c', 'h', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tiendavertigo.com", true */ 't', 'i', 'e', 'n', 'd', 'a', 'v', 'e', 'r', 't', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tiens-ib.cz", true */ 't', 'i', 'e', 'n', 's', '-', 'i', 'b', '.', 'c', 'z', '\0',
+  /* "tier-1-entrepreneur.com", true */ 't', 'i', 'e', 'r', '-', '1', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tierarztpraxis-bogenhausen.de", true */ 't', 'i', 'e', 'r', 'a', 'r', 'z', 't', 'p', 'r', 'a', 'x', 'i', 's', '-', 'b', 'o', 'g', 'e', 'n', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "tierarztpraxis-weinert.de", true */ 't', 'i', 'e', 'r', 'a', 'r', 'z', 't', 'p', 'r', 'a', 'x', 'i', 's', '-', 'w', 'e', 'i', 'n', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "tiernanx.com", true */ 't', 'i', 'e', 'r', 'n', 'a', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ties.com", true */ 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tiew.pl", true */ 't', 'i', 'e', 'w', '.', 'p', 'l', '\0',
+  /* "tifan.net", true */ 't', 'i', 'f', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tiffanytravels.com", true */ 't', 'i', 'f', 'f', 'a', 'n', 'y', 't', 'r', 'a', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tigerchef.com", true */ 't', 'i', 'g', 'e', 'r', 'c', 'h', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "tigerdile.com", true */ 't', 'i', 'g', 'e', 'r', 'd', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tiggeriffic.com", true */ 't', 'i', 'g', 'g', 'e', 'r', 'i', 'f', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "tiihosen.fi", true */ 't', 'i', 'i', 'h', 'o', 's', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "tijden.nu", true */ 't', 'i', 'j', 'd', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "tijo.ch", true */ 't', 'i', 'j', 'o', '.', 'c', 'h', '\0',
+  /* "tik.edu.ee", true */ 't', 'i', 'k', '.', 'e', 'd', 'u', '.', 'e', 'e', '\0',
+  /* "tik.help", true */ 't', 'i', 'k', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "tiki-god.co.uk", true */ 't', 'i', 'k', 'i', '-', 'g', 'o', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tiledailyshop.com", true */ 't', 'i', 'l', 'e', 'd', 'a', 'i', 'l', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tilesbay.com", true */ 't', 'i', 'l', 'e', 's', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tileyourvisit.pt", true */ 't', 'i', 'l', 'e', 'y', 'o', 'u', 'r', 'v', 'i', 's', 'i', 't', '.', 'p', 't', '\0',
+  /* "tiliaze.be", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'b', 'e', '\0',
+  /* "tiliaze.biz", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "tiliaze.eu", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'e', 'u', '\0',
+  /* "tiliaze.info", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tiliaze.net", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "till.im", true */ 't', 'i', 'l', 'l', '.', 'i', 'm', '\0',
+  /* "tillberg.us", true */ 't', 'i', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'u', 's', '\0',
+  /* "tilleysbouncycastles.co.uk", true */ 't', 'i', 'l', 'l', 'e', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tillseasyscore.com", true */ 't', 'i', 'l', 'l', 's', 'e', 'a', 's', 'y', 's', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tiltedwindmillcrafts.com", true */ 't', 'i', 'l', 't', 'e', 'd', 'w', 'i', 'n', 'd', 'm', 'i', 'l', 'l', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "timbarlotta.com", true */ 't', 'i', 'm', 'b', 'a', 'r', 'l', 'o', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "timberkel.com", true */ 't', 'i', 'm', 'b', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "timbishopartist.com", true */ 't', 'i', 'm', 'b', 'i', 's', 'h', 'o', 'p', 'a', 'r', 't', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "timco.cloud", true */ 't', 'i', 'm', 'c', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "timdebruijn.nl", true */ 't', 'i', 'm', 'd', 'e', 'b', 'r', 'u', 'i', 'j', 'n', '.', 'n', 'l', '\0',
+  /* "timdeneau.com", true */ 't', 'i', 'm', 'd', 'e', 'n', 'e', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "timdoug.com", true */ 't', 'i', 'm', 'd', 'o', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "time2060.ru", true */ 't', 'i', 'm', 'e', '2', '0', '6', '0', '.', 'r', 'u', '\0',
+  /* "time22.com", true */ 't', 'i', 'm', 'e', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "timeauction.hk", true */ 't', 'i', 'm', 'e', 'a', 'u', 'c', 't', 'i', 'o', 'n', '.', 'h', 'k', '\0',
+  /* "timebox.tk", true */ 't', 'i', 'm', 'e', 'b', 'o', 'x', '.', 't', 'k', '\0',
+  /* "timeglass.de", true */ 't', 'i', 'm', 'e', 'g', 'l', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "timer.fit", true */ 't', 'i', 'm', 'e', 'r', '.', 'f', 'i', 't', '\0',
+  /* "timersuite.com", true */ 't', 'i', 'm', 'e', 'r', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "timetab.org", true */ 't', 'i', 'm', 'e', 't', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "timetotrade.com", true */ 't', 'i', 'm', 'e', 't', 'o', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "timewasters.nl", true */ 't', 'i', 'm', 'e', 'w', 'a', 's', 't', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "timfiedler.net", true */ 't', 'i', 'm', 'f', 'i', 'e', 'd', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "timing.com.br", true */ 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "timmersgems.com", true */ 't', 'i', 'm', 'm', 'e', 'r', 's', 'g', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "timmy.im", true */ 't', 'i', 'm', 'm', 'y', '.', 'i', 'm', '\0',
+  /* "timmy.ws", true */ 't', 'i', 'm', 'm', 'y', '.', 'w', 's', '\0',
+  /* "timmyrs.de", true */ 't', 'i', 'm', 'm', 'y', 'r', 's', '.', 'd', 'e', '\0',
+  /* "timoxbrow.com", true */ 't', 'i', 'm', 'o', 'x', 'b', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "timroes.de", true */ 't', 'i', 'm', 'r', 'o', 'e', 's', '.', 'd', 'e', '\0',
+  /* "timstoffel.net", false */ 't', 'i', 'm', 's', 't', 'o', 'f', 'f', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "timtaubert.de", true */ 't', 'i', 'm', 't', 'a', 'u', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "timtelfer.com", true */ 't', 'i', 'm', 't', 'e', 'l', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "timtj.ca", true */ 't', 'i', 'm', 't', 'j', '.', 'c', 'a', '\0',
+  /* "timvivian.ca", true */ 't', 'i', 'm', 'v', 'i', 'v', 'i', 'a', 'n', '.', 'c', 'a', '\0',
+  /* "timweb.ca", true */ 't', 'i', 'm', 'w', 'e', 'b', '.', 'c', 'a', '\0',
+  /* "timysewyn.be", true */ 't', 'i', 'm', 'y', 's', 'e', 'w', 'y', 'n', '.', 'b', 'e', '\0',
+  /* "tinastahlschmidt.de", true */ 't', 'i', 'n', 'a', 's', 't', 'a', 'h', 'l', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'd', 'e', '\0',
+  /* "tinf15b4.de", true */ 't', 'i', 'n', 'f', '1', '5', 'b', '4', '.', 'd', 'e', '\0',
+  /* "tinfoilsecurity.com", false */ 't', 'i', 'n', 'f', 'o', 'i', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tinfoleak.com", true */ 't', 'i', 'n', 'f', 'o', 'l', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tinker.career", true */ 't', 'i', 'n', 'k', 'e', 'r', '.', 'c', 'a', 'r', 'e', 'e', 'r', '\0',
+  /* "tinkerboard.org", true */ 't', 'i', 'n', 'k', 'e', 'r', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "tinkertry.com", true */ 't', 'i', 'n', 'k', 'e', 'r', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tinte24.de", true */ 't', 'i', 'n', 't', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "tintencenter.com", true */ 't', 'i', 'n', 't', 'e', 'n', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tintenfix.net", true */ 't', 'i', 'n', 't', 'e', 'n', 'f', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "tintenfux.de", true */ 't', 'i', 'n', 't', 'e', 'n', 'f', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "tintenland.de", true */ 't', 'i', 'n', 't', 'e', 'n', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "tinyhousefinance.com.au", true */ 't', 'i', 'n', 'y', 'h', 'o', 'u', 's', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "tinylan.com", true */ 't', 'i', 'n', 'y', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tinyspeck.com", true */ 't', 'i', 'n', 'y', 's', 'p', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tinyssh.com", true */ 't', 'i', 'n', 'y', 's', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tinyssh.org", true */ 't', 'i', 'n', 'y', 's', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "tinytownsoftplay.co.uk", true */ 't', 'i', 'n', 'y', 't', 'o', 'w', 'n', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tinyvpn.net", true */ 't', 'i', 'n', 'y', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tinyvpn.org", true */ 't', 'i', 'n', 'y', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "tioat.net", true */ 't', 'i', 'o', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "tipaki.gr", true */ 't', 'i', 'p', 'a', 'k', 'i', '.', 'g', 'r', '\0',
+  /* "tipbox.is", true */ 't', 'i', 'p', 'b', 'o', 'x', '.', 'i', 's', '\0',
+  /* "tipiakers.club", true */ 't', 'i', 'p', 'i', 'a', 'k', 'e', 'r', 's', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "tiplanet.org", true */ 't', 'i', 'p', 'l', 'a', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tipoftheday.tips", true */ 't', 'i', 'p', 'o', 'f', 't', 'h', 'e', 'd', 'a', 'y', '.', 't', 'i', 'p', 's', '\0',
+  /* "tipps-fuer-den-haushalt.de", true */ 't', 'i', 'p', 'p', 's', '-', 'f', 'u', 'e', 'r', '-', 'd', 'e', 'n', '-', 'h', 'a', 'u', 's', 'h', 'a', 'l', 't', '.', 'd', 'e', '\0',
+  /* "tippspiel.cc", true */ 't', 'i', 'p', 'p', 's', 'p', 'i', 'e', 'l', '.', 'c', 'c', '\0',
+  /* "tippytoad.com", true */ 't', 'i', 'p', 'p', 'y', 't', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tipsacademicos.com", true */ 't', 'i', 'p', 's', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tir-pistolet-chexbres.ch", true */ 't', 'i', 'r', '-', 'p', 'i', 's', 't', 'o', 'l', 'e', 't', '-', 'c', 'h', 'e', 'x', 'b', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "tircentrale.net", true */ 't', 'i', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tirionnetwork.de", true */ 't', 'i', 'r', 'i', 'o', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "tiroler-kupferschmiede.com", true */ 't', 'i', 'r', 'o', 'l', 'e', 'r', '-', 'k', 'u', 'p', 'f', 'e', 'r', 's', 'c', 'h', 'm', 'i', 'e', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tirs4ne.ch", true */ 't', 'i', 'r', 's', '4', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "tism.in", true */ 't', 'i', 's', 'm', '.', 'i', 'n', '\0',
+  /* "tissot-mayenfisch.com", true */ 't', 'i', 's', 's', 'o', 't', '-', 'm', 'a', 'y', 'e', 'n', 'f', 'i', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tiste.org", true */ 't', 'i', 's', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "tit.systems", true */ 't', 'i', 't', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "titanous.com", true */ 't', 'i', 't', 'a', 'n', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "titelseite.ch", true */ 't', 'i', 't', 'e', 'l', 's', 'e', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "titiansgirlphotography.com", true */ 't', 'i', 't', 'i', 'a', 'n', 's', 'g', 'i', 'r', 'l', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tittelbach.at", false */ 't', 'i', 't', 't', 'e', 'l', 'b', 'a', 'c', 'h', '.', 'a', 't', '\0',
+  /* "titusetcompagnies.net", true */ 't', 'i', 't', 'u', 's', 'e', 't', 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "tivido.nl", true */ 't', 'i', 'v', 'i', 'd', 'o', '.', 'n', 'l', '\0',
+  /* "tjandpals.com", true */ 't', 'j', 'a', 'n', 'd', 'p', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tjenestetorvet.dk", true */ 't', 'j', 'e', 'n', 'e', 's', 't', 'e', 't', 'o', 'r', 'v', 'e', 't', '.', 'd', 'k', '\0',
+  /* "tjkcastles.uk", true */ 't', 'j', 'k', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'u', 'k', '\0',
+  /* "tjl.rocks", true */ 't', 'j', 'l', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "tjp.ch", true */ 't', 'j', 'p', '.', 'c', 'h', '\0',
+  /* "tjs.me", true */ 't', 'j', 's', '.', 'm', 'e', '\0',
+  /* "tjsbouncycastles.co.uk", true */ 't', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tjullrich.de", true */ 't', 'j', 'u', 'l', 'l', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "tkacz.pro", true */ 't', 'k', 'a', 'c', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "tkanemoto.com", true */ 't', 'k', 'a', 'n', 'e', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tkat.ch", true */ 't', 'k', 'a', 't', '.', 'c', 'h', '\0',
+  /* "tkgpm.com", true */ 't', 'k', 'g', 'p', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tkjg.fi", true */ 't', 'k', 'j', 'g', '.', 'f', 'i', '\0',
+  /* "tkn.me", true */ 't', 'k', 'n', '.', 'm', 'e', '\0',
+  /* "tkts.cl", true */ 't', 'k', 't', 's', '.', 'c', 'l', '\0',
+  /* "tkusano.jp", true */ 't', 'k', 'u', 's', 'a', 'n', 'o', '.', 'j', 'p', '\0',
+  /* "tkw01536.de", true */ 't', 'k', 'w', '0', '1', '5', '3', '6', '.', 'd', 'e', '\0',
+  /* "tlach.cz", true */ 't', 'l', 'a', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "tlca.org", true */ 't', 'l', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "tlcnet.info", true */ 't', 'l', 'c', 'n', 'e', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tlehseasyads.com", true */ 't', 'l', 'e', 'h', 's', 'e', 'a', 's', 'y', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tlo.xyz", true */ 't', 'l', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "tloxygen.com", true */ 't', 'l', 'o', 'x', 'y', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tls-proxy.de", true */ 't', 'l', 's', '-', 'p', 'r', 'o', 'x', 'y', '.', 'd', 'e', '\0',
+  /* "tls.builders", true */ 't', 'l', 's', '.', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '\0',
+  /* "tls.care", true */ 't', 'l', 's', '.', 'c', 'a', 'r', 'e', '\0',
+  /* "tls1914.org", true */ 't', 'l', 's', '1', '9', '1', '4', '.', 'o', 'r', 'g', '\0',
+  /* "tlsrobot.se", true */ 't', 'l', 's', 'r', 'o', 'b', 'o', 't', '.', 's', 'e', '\0',
+  /* "tlthings.net", true */ 't', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "tlys.de", true */ 't', 'l', 'y', 's', '.', 'd', 'e', '\0',
+  /* "tm.id.au", true */ 't', 'm', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "tmberg.cf", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'f', '\0',
+  /* "tmberg.ga", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'g', 'a', '\0',
+  /* "tmberg.gq", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'g', 'q', '\0',
+  /* "tmberg.ml", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'm', 'l', '\0',
+  /* "tmberg.tk", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 't', 'k', '\0',
+  /* "tmc.com.mt", true */ 't', 'm', 'c', '.', 'c', 'o', 'm', '.', 'm', 't', '\0',
+  /* "tmconnects.com", true */ 't', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tmcpromotions.co.uk", true */ 't', 'm', 'c', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tmcreationweb.com", true */ 't', 'm', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "tmdb.biz", true */ 't', 'm', 'd', 'b', '.', 'b', 'i', 'z', '\0',
+  /* "tmf.ru", true */ 't', 'm', 'f', '.', 'r', 'u', '\0',
+  /* "tmhr.moe", true */ 't', 'm', 'h', 'r', '.', 'm', 'o', 'e', '\0',
+  /* "tmi-products.eu", true */ 't', 'm', 'i', '-', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '.', 'e', 'u', '\0',
+  /* "tmi-produkter.se", true */ 't', 'm', 'i', '-', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', 'r', '.', 's', 'e', '\0',
+  /* "tmi.news", true */ 't', 'm', 'i', '.', 'n', 'e', 'w', 's', '\0',
+  /* "tmin.cf", true */ 't', 'm', 'i', 'n', '.', 'c', 'f', '\0',
+  /* "tmm.cx", true */ 't', 'm', 'm', '.', 'c', 'x', '\0',
+  /* "tmonitoring.com", true */ 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tmpraider.net", true */ 't', 'm', 'p', 'r', 'a', 'i', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tmpsantos.com.br", true */ 't', 'm', 'p', 's', 'a', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tmtopup.com", true */ 't', 'm', 't', 'o', 'p', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tn0.club", true */ 't', 'n', '0', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "tnes.dk", true */ 't', 'n', 'e', 's', '.', 'd', 'k', '\0',
+  /* "tniad.mil.id", false */ 't', 'n', 'i', 'a', 'd', '.', 'm', 'i', 'l', '.', 'i', 'd', '\0',
+  /* "tntmobi.com", true */ 't', 'n', 't', 'm', 'o', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tny.link", true */ 't', 'n', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "toad.ga", true */ 't', 'o', 'a', 'd', '.', 'g', 'a', '\0',
+  /* "toast.al", false */ 't', 'o', 'a', 's', 't', '.', 'a', 'l', '\0',
+  /* "tob-rulez.de", true */ 't', 'o', 'b', '-', 'r', 'u', 'l', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "tobacco.gov", true */ 't', 'o', 'b', 'a', 'c', 'c', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "tobedo.net", true */ 't', 'o', 'b', 'e', 'd', 'o', '.', 'n', 'e', 't', '\0',
+  /* "tobi-mayer.de", true */ 't', 'o', 'b', 'i', '-', 'm', 'a', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tobias-bauer.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'b', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tobias-haenel.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'h', 'a', 'e', 'n', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "tobias-kluge.com", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'k', 'l', 'u', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tobias-kluge.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'k', 'l', 'u', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tobias-picha.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'p', 'i', 'c', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "tobias-weidhase.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'w', 'e', 'i', 'd', 'h', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "tobias.gr", true */ 't', 'o', 'b', 'i', 'a', 's', '.', 'g', 'r', '\0',
+  /* "tobiasbergius.se", true */ 't', 'o', 'b', 'i', 'a', 's', 'b', 'e', 'r', 'g', 'i', 'u', 's', '.', 's', 'e', '\0',
+  /* "tobiasbrunner.net", true */ 't', 'o', 'b', 'i', 'a', 's', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tobiasconradi.com", true */ 't', 'o', 'b', 'i', 'a', 's', 'c', 'o', 'n', 'r', 'a', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tobiashorvath.com", true */ 't', 'o', 'b', 'i', 'a', 's', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tobiashorvath.de", true */ 't', 'o', 'b', 'i', 'a', 's', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'd', 'e', '\0',
+  /* "tobiaskorf.de", true */ 't', 'o', 'b', 'i', 'a', 's', 'k', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "tobiassachs.de", true */ 't', 'o', 'b', 'i', 'a', 's', 's', 'a', 'c', 'h', 's', '.', 'd', 'e', '\0',
+  /* "tobiassattler.com", true */ 't', 'o', 'b', 'i', 'a', 's', 's', 'a', 't', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tobiemilford.com", true */ 't', 'o', 'b', 'i', 'e', 'm', 'i', 'l', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tobis-rundfluege.de", true */ 't', 'o', 'b', 'i', 's', '-', 'r', 'u', 'n', 'd', 'f', 'l', 'u', 'e', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tobis-webservice.de", true */ 't', 'o', 'b', 'i', 's', '-', 'w', 'e', 'b', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "tobischo.de", true */ 't', 'o', 'b', 'i', 's', 'c', 'h', 'o', '.', 'd', 'e', '\0',
+  /* "tobisworld.ch", true */ 't', 'o', 'b', 'i', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "tobyschrapel.com", true */ 't', 'o', 'b', 'y', 's', 'c', 'h', 'r', 'a', 'p', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tobyx.com", true */ 't', 'o', 'b', 'y', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "tobyx.de", true */ 't', 'o', 'b', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "tobyx.eu", true */ 't', 'o', 'b', 'y', 'x', '.', 'e', 'u', '\0',
+  /* "tobyx.net", true */ 't', 'o', 'b', 'y', 'x', '.', 'n', 'e', 't', '\0',
+  /* "tobyx.org", true */ 't', 'o', 'b', 'y', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "tocaro.im", true */ 't', 'o', 'c', 'a', 'r', 'o', '.', 'i', 'm', '\0',
+  /* "toccoig.com", true */ 't', 'o', 'c', 'c', 'o', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tochi-urikata.net", true */ 't', 'o', 'c', 'h', 'i', '-', 'u', 'r', 'i', 'k', 'a', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "todaciencia.com", true */ 't', 'o', 'd', 'a', 'c', 'i', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "todamateria.com.br", true */ 't', 'o', 'd', 'a', 'm', 'a', 't', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "todaymeow.com", true */ 't', 'o', 'd', 'a', 'y', 'm', 'e', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "todocracy.com", true */ 't', 'o', 'd', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "todoescine.com", true */ 't', 'o', 'd', 'o', 'e', 's', 'c', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "todoist.com", true */ 't', 'o', 'd', 'o', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "todon.fr", true */ 't', 'o', 'd', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "toeglhofer.at", true */ 't', 'o', 'e', 'g', 'l', 'h', 'o', 'f', 'e', 'r', '.', 'a', 't', '\0',
+  /* "toeightycountries.com", true */ 't', 'o', 'e', 'i', 'g', 'h', 't', 'y', 'c', 'o', 'u', 'n', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tofa-koeln.de", true */ 't', 'o', 'f', 'a', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "tofe.io", true */ 't', 'o', 'f', 'e', '.', 'i', 'o', '\0',
+  /* "tofilmhub.com", true */ 't', 'o', 'f', 'i', 'l', 'm', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "togech.jp", true */ 't', 'o', 'g', 'e', 'c', 'h', '.', 'j', 'p', '\0',
+  /* "togetter.com", true */ 't', 'o', 'g', 'e', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "toheb.de", true */ 't', 'o', 'h', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "tohokinemakan.tk", true */ 't', 'o', 'h', 'o', 'k', 'i', 'n', 'e', 'm', 'a', 'k', 'a', 'n', '.', 't', 'k', '\0',
+  /* "tojeto.eu", true */ 't', 'o', 'j', 'e', 't', 'o', '.', 'e', 'u', '\0',
+  /* "tokage.me", true */ 't', 'o', 'k', 'a', 'g', 'e', '.', 'm', 'e', '\0',
+  /* "tokaido-kun.jp", true */ 't', 'o', 'k', 'a', 'i', 'd', 'o', '-', 'k', 'u', 'n', '.', 'j', 'p', '\0',
+  /* "tokaido.com", true */ 't', 'o', 'k', 'a', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tokainafb.net", true */ 't', 'o', 'k', 'a', 'i', 'n', 'a', 'f', 'b', '.', 'n', 'e', 't', '\0',
+  /* "tokainakurasi.net", true */ 't', 'o', 'k', 'a', 'i', 'n', 'a', 'k', 'u', 'r', 'a', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "tokbijouxs.com.br", true */ 't', 'o', 'k', 'b', 'i', 'j', 'o', 'u', 'x', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tokic.hr", true */ 't', 'o', 'k', 'i', 'c', '.', 'h', 'r', '\0',
+  /* "tokio.fi", true */ 't', 'o', 'k', 'i', 'o', '.', 'f', 'i', '\0',
+  /* "tokke.dk", true */ 't', 'o', 'k', 'k', 'e', '.', 'd', 'k', '\0',
+  /* "tokobungaasryflorist.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'a', 's', 'r', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tokobungadijambi.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'j', 'a', 'm', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tokobungadilampung.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'l', 'a', 'm', 'p', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tokobungadipadangflorist.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'p', 'a', 'd', 'a', 'n', 'g', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tokototech.com", true */ 't', 'o', 'k', 'o', 't', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tokumei.co", true */ 't', 'o', 'k', 'u', 'm', 'e', 'i', '.', 'c', 'o', '\0',
+  /* "tokyo-onkyo.jp", true */ 't', 'o', 'k', 'y', 'o', '-', 'o', 'n', 'k', 'y', 'o', '.', 'j', 'p', '\0',
+  /* "tokyo-powerstation.com", true */ 't', 'o', 'k', 'y', 'o', '-', 'p', 'o', 'w', 'e', 'r', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tokyo.dating", true */ 't', 'o', 'k', 'y', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "tokyomakino.com", true */ 't', 'o', 'k', 'y', 'o', 'm', 'a', 'k', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tokyovipper.com", true */ 't', 'o', 'k', 'y', 'o', 'v', 'i', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tolboe.com", true */ 't', 'o', 'l', 'b', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toleressea.fr", true */ 't', 'o', 'l', 'e', 'r', 'e', 's', 's', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "toles-sur-mesure.fr", true */ 't', 'o', 'l', 'e', 's', '-', 's', 'u', 'r', '-', 'm', 'e', 's', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "tolle-wolke.de", true */ 't', 'o', 'l', 'l', 'e', '-', 'w', 'o', 'l', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "tollfreeproxy.com", true */ 't', 'o', 'l', 'l', 'f', 'r', 'e', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tom-geiger.de", true */ 't', 'o', 'm', '-', 'g', 'e', 'i', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tom-kunze.de", true */ 't', 'o', 'm', '-', 'k', 'u', 'n', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "tom-maxwell.com", true */ 't', 'o', 'm', '-', 'm', 'a', 'x', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tom.horse", true */ 't', 'o', 'm', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "tomabrafix.de", true */ 't', 'o', 'm', 'a', 'b', 'r', 'a', 'f', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "tomandshirley.com", true */ 't', 'o', 'm', 'a', 'n', 'd', 's', 'h', 'i', 'r', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tomasjacik.cz", true */ 't', 'o', 'm', 'a', 's', 'j', 'a', 'c', 'i', 'k', '.', 'c', 'z', '\0',
+  /* "tomaskavalek.cz", true */ 't', 'o', 'm', 'a', 's', 'k', 'a', 'v', 'a', 'l', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "tomaspialek.cz", true */ 't', 'o', 'm', 'a', 's', 'p', 'i', 'a', 'l', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "tomatenaufdenaugen.de", true */ 't', 'o', 'm', 'a', 't', 'e', 'n', 'a', 'u', 'f', 'd', 'e', 'n', 'a', 'u', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "tomatis-nantes.com", true */ 't', 'o', 'm', 'a', 't', 'i', 's', '-', 'n', 'a', 'n', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tomaw.net", true */ 't', 'o', 'm', 'a', 'w', '.', 'n', 'e', 't', '\0',
+  /* "tomaz.eu", true */ 't', 'o', 'm', 'a', 'z', '.', 'e', 'u', '\0',
+  /* "tombaker.me", true */ 't', 'o', 'm', 'b', 'a', 'k', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "tomberek.info", true */ 't', 'o', 'm', 'b', 'e', 'r', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tombrossman.com", true */ 't', 'o', 'm', 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tomcort.com", true */ 't', 'o', 'm', 'c', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tomdudfield.com", true */ 't', 'o', 'm', 'd', 'u', 'd', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tomend.es", true */ 't', 'o', 'm', 'e', 'n', 'd', '.', 'e', 's', '\0',
+  /* "tomershemesh.me", true */ 't', 'o', 'm', 'e', 'r', 's', 'h', 'e', 'm', 'e', 's', 'h', '.', 'm', 'e', '\0',
+  /* "tomfisher.eu", true */ 't', 'o', 'm', 'f', 'i', 's', 'h', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "tomharling.co.uk", true */ 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tomharling.uk", true */ 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'u', 'k', '\0',
+  /* "tomharris.tech", true */ 't', 'o', 'm', 'h', 'a', 'r', 'r', 'i', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "tomi.cc", true */ 't', 'o', 'm', 'i', '.', 'c', 'c', '\0',
+  /* "tomica.me", true */ 't', 'o', 'm', 'i', 'c', 'a', '.', 'm', 'e', '\0',
+  /* "tomiler.com", true */ 't', 'o', 'm', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tomjans.nl", true */ 't', 'o', 'm', 'j', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "tomjonsson.se", true */ 't', 'o', 'm', 'j', 'o', 'n', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "tomkunze.de", true */ 't', 'o', 'm', 'k', 'u', 'n', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "tomli.blog", true */ 't', 'o', 'm', 'l', 'i', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "tommic.eu", true */ 't', 'o', 'm', 'm', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "tommy-bordas.fr", true */ 't', 'o', 'm', 'm', 'y', '-', 'b', 'o', 'r', 'd', 'a', 's', '.', 'f', 'r', '\0',
+  /* "tomnatt.com", true */ 't', 'o', 'm', 'n', 'a', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tomo.gr", false */ 't', 'o', 'm', 'o', '.', 'g', 'r', '\0',
+  /* "tomochun.net", true */ 't', 'o', 'm', 'o', 'c', 'h', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tomravinmd.com", true */ 't', 'o', 'm', 'r', 'a', 'v', 'i', 'n', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tomrei.com", true */ 't', 'o', 'm', 'r', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tomrichards.net", true */ 't', 'o', 'm', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "tomschlick.com", true */ 't', 'o', 'm', 's', 'c', 'h', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tomssl.com", true */ 't', 'o', 'm', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tomticket.com", true */ 't', 'o', 'm', 't', 'i', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tomudding.com", true */ 't', 'o', 'm', 'u', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tomudding.nl", true */ 't', 'o', 'm', 'u', 'd', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "tomvote.com", true */ 't', 'o', 'm', 'v', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tomwassenberg.com", true */ 't', 'o', 'm', 'w', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tomwassenberg.nl", true */ 't', 'o', 'm', 'w', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "tomwiggers.nl", false */ 't', 'o', 'm', 'w', 'i', 'g', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "tomwilson.io", true */ 't', 'o', 'm', 'w', 'i', 'l', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "tomyork.net", true */ 't', 'o', 'm', 'y', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "tonabor.ru", true */ 't', 'o', 'n', 'a', 'b', 'o', 'r', '.', 'r', 'u', '\0',
+  /* "tonage.de", true */ 't', 'o', 'n', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tondles.com", true */ 't', 'o', 'n', 'd', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tonegidoarchief.nl", true */ 't', 'o', 'n', 'e', 'g', 'i', 'd', 'o', 'a', 'r', 'c', 'h', 'i', 'e', 'f', '.', 'n', 'l', '\0',
+  /* "toner24.at", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'a', 't', '\0',
+  /* "toner24.co.uk", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "toner24.es", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'e', 's', '\0',
+  /* "toner24.fr", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'f', 'r', '\0',
+  /* "toner24.it", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'i', 't', '\0',
+  /* "toner24.nl", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'n', 'l', '\0',
+  /* "toner24.pl", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'p', 'l', '\0',
+  /* "tonerdepot.de", true */ 't', 'o', 'n', 'e', 'r', 'd', 'e', 'p', 'o', 't', '.', 'd', 'e', '\0',
+  /* "tonerjet.at", true */ 't', 'o', 'n', 'e', 'r', 'j', 'e', 't', '.', 'a', 't', '\0',
+  /* "tonerjet.co.uk", true */ 't', 'o', 'n', 'e', 'r', 'j', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tonerklick.de", true */ 't', 'o', 'n', 'e', 'r', 'k', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "tonerkurier.de", true */ 't', 'o', 'n', 'e', 'r', 'k', 'u', 'r', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tonermaus.de", true */ 't', 'o', 'n', 'e', 'r', 'm', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "tonermonster.de", true */ 't', 'o', 'n', 'e', 'r', 'm', 'o', 'n', 's', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tonex.de", true */ 't', 'o', 'n', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "tonex.nl", true */ 't', 'o', 'n', 'e', 'x', '.', 'n', 'l', '\0',
+  /* "tonkinson.com", true */ 't', 'o', 'n', 'k', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tonkinwilsonvillenissanparts.com", true */ 't', 'o', 'n', 'k', 'i', 'n', 'w', 'i', 'l', 's', 'o', 'n', 'v', 'i', 'l', 'l', 'e', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tonsit.com", true */ 't', 'o', 'n', 's', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tonsit.org", true */ 't', 'o', 'n', 's', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tonyarcieri.com", true */ 't', 'o', 'n', 'y', 'a', 'r', 'c', 'i', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tonymanning.com", false */ 't', 'o', 'n', 'y', 'm', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tonytan.cn", true */ 't', 'o', 'n', 'y', 't', 'a', 'n', '.', 'c', 'n', '\0',
+  /* "tonytan.io", true */ 't', 'o', 'n', 'y', 't', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "tonytron.com.br", true */ 't', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tonyw.xyz", true */ 't', 'o', 'n', 'y', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "tonywebster.com", true */ 't', 'o', 'n', 'y', 'w', 'e', 'b', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "too.gy", true */ 't', 'o', 'o', '.', 'g', 'y', '\0',
+  /* "toobug.net", true */ 't', 'o', 'o', 'b', 'u', 'g', '.', 'n', 'e', 't', '\0',
+  /* "toolbox.ninja", false */ 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "toom.io", true */ 't', 'o', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "toonpool.com", true */ 't', 'o', 'o', 'n', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "toool.nl", true */ 't', 'o', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "toool.org", true */ 't', 'o', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "tooti.biz", true */ 't', 'o', 'o', 't', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "top-obaly.cz", true */ 't', 'o', 'p', '-', 'o', 'b', 'a', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "top-opakowania.pl", true */ 't', 'o', 'p', '-', 'o', 'p', 'a', 'k', 'o', 'w', 'a', 'n', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "top-solar-info.de", true */ 't', 'o', 'p', '-', 's', 'o', 'l', 'a', 'r', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "top10mountainbikes.info", true */ 't', 'o', 'p', '1', '0', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'b', 'i', 'k', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "top9.fr", true */ 't', 'o', 'p', '9', '.', 'f', 'r', '\0',
+  /* "topanlage.de", true */ 't', 'o', 'p', 'a', 'n', 'l', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "topaxi.ch", true */ 't', 'o', 'p', 'a', 'x', 'i', '.', 'c', 'h', '\0',
+  /* "topaxi.codes", true */ 't', 'o', 'p', 'a', 'x', 'i', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "topbargains.com.au", false */ 't', 'o', 'p', 'b', 'a', 'r', 'g', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "topbounce.com", true */ 't', 'o', 'p', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "topbouncycastles.co.uk", true */ 't', 'o', 'p', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "topbrakes.com", true */ 't', 'o', 'p', 'b', 'r', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "topclassfun.ie", true */ 't', 'o', 'p', 'c', 'l', 'a', 's', 's', 'f', 'u', 'n', '.', 'i', 'e', '\0',
+  /* "topdesk.net", true */ 't', 'o', 'p', 'd', 'e', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "topdevbox.net", true */ 't', 'o', 'p', 'd', 'e', 'v', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "topdogsinflatables.co.uk", true */ 't', 'o', 'p', 'd', 'o', 'g', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "topeng-emas.com", true */ 't', 'o', 'p', 'e', 'n', 'g', '-', 'e', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "topfivepercent.co.uk", true */ 't', 'o', 'p', 'f', 'i', 'v', 'e', 'p', 'e', 'r', 'c', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "topicit.net", true */ 't', 'o', 'p', 'i', 'c', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "topirishcasinos.com", true */ 't', 'o', 'p', 'i', 'r', 'i', 's', 'h', 'c', 'a', 's', 'i', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "topjobs.ch", true */ 't', 'o', 'p', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "toplist.eu", true */ 't', 'o', 'p', 'l', 'i', 's', 't', '.', 'e', 'u', '\0',
+  /* "topnotepad.com", true */ 't', 'o', 'p', 'n', 'o', 't', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "topodin.com", true */ 't', 'o', 'p', 'o', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "topprice.ua", true */ 't', 'o', 'p', 'p', 'r', 'i', 'c', 'e', '.', 'u', 'a', '\0',
+  /* "topshelfcommercial.com", true */ 't', 'o', 'p', 's', 'h', 'e', 'l', 'f', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "topspeedgolf.com", false */ 't', 'o', 'p', 's', 'p', 'e', 'e', 'd', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "toptec.net.br", true */ 't', 'o', 'p', 't', 'e', 'c', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "toptexture.com", true */ 't', 'o', 'p', 't', 'e', 'x', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toptheto.com", true */ 't', 'o', 'p', 't', 'h', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "topwin.la", true */ 't', 'o', 'p', 'w', 'i', 'n', '.', 'l', 'a', '\0',
+  /* "toracon.org", true */ 't', 'o', 'r', 'a', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "torbay.ga", true */ 't', 'o', 'r', 'b', 'a', 'y', '.', 'g', 'a', '\0',
+  /* "torbe.es", true */ 't', 'o', 'r', 'b', 'e', '.', 'e', 's', '\0',
+  /* "torchantifa.org", true */ 't', 'o', 'r', 'c', 'h', 'a', 'n', 't', 'i', 'f', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "toretame.jp", true */ 't', 'o', 'r', 'e', 't', 'a', 'm', 'e', '.', 'j', 'p', '\0',
+  /* "toretfaction.net", true */ 't', 'o', 'r', 'e', 't', 'f', 'a', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tormentedradio.com", true */ 't', 'o', 'r', 'm', 'e', 'n', 't', 'e', 'd', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "torn1.se", true */ 't', 'o', 'r', 'n', '1', '.', 's', 'e', '\0',
+  /* "torontocorporatelimo.services", true */ 't', 'o', 'r', 'o', 'n', 't', 'o', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'l', 'i', 'm', 'o', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "torproject.org", false */ 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "torprojects.com", true */ 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "torquato.de", false */ 't', 'o', 'r', 'q', 'u', 'a', 't', 'o', '.', 'd', 'e', '\0',
+  /* "torrent.fedoraproject.org", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "torrent.is", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 's', '\0',
+  /* "torrentgamesps2.info", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'g', 'a', 'm', 'e', 's', 'p', 's', '2', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "torrentpier.me", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'p', 'i', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "torrentz2.eu", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'z', '2', '.', 'e', 'u', '\0',
+  /* "torresygutierrez.com", true */ 't', 'o', 'r', 'r', 'e', 's', 'y', 'g', 'u', 't', 'i', 'e', 'r', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "torretzalam.com", true */ 't', 'o', 'r', 'r', 'e', 't', 'z', 'a', 'l', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "torservers.net", true */ 't', 'o', 'r', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "torsten-schmitz.net", true */ 't', 'o', 'r', 's', 't', 'e', 'n', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'n', 'e', 't', '\0',
+  /* "torstensenf.de", true */ 't', 'o', 'r', 's', 't', 'e', 'n', 's', 'e', 'n', 'f', '.', 'd', 'e', '\0',
+  /* "tortoises-turtles.com", true */ 't', 'o', 'r', 't', 'o', 'i', 's', 'e', 's', '-', 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tortugan.com.br", true */ 't', 'o', 'r', 't', 'u', 'g', 'a', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tosainu.com.br", true */ 't', 'o', 's', 'a', 'i', 'n', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "toscer.me", true */ 't', 'o', 's', 'c', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "toschool.com.br", true */ 't', 'o', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "toshkov.com", true */ 't', 'o', 's', 'h', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "tosteberg.se", true */ 't', 'o', 's', 't', 'e', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0',
+  /* "tostu.de", true */ 't', 'o', 's', 't', 'u', '.', 'd', 'e', '\0',
+  /* "totaku.ru", true */ 't', 'o', 't', 'a', 'k', 'u', '.', 'r', 'u', '\0',
+  /* "totalbeauty.co.uk", true */ 't', 'o', 't', 'a', 'l', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "totalbike.com.br", true */ 't', 'o', 't', 'a', 'l', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "totalcarcheck.co.uk", true */ 't', 'o', 't', 'a', 'l', 'c', 'a', 'r', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "totalchecklist.com", true */ 't', 'o', 't', 'a', 'l', 'c', 'h', 'e', 'c', 'k', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "totalforcegym.com", true */ 't', 'o', 't', 'a', 'l', 'f', 'o', 'r', 'c', 'e', 'g', 'y', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "totalhomecareinc.com", true */ 't', 'o', 't', 'a', 'l', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "totallylegitimatehosting.ru", true */ 't', 'o', 't', 'a', 'l', 'l', 'y', 'l', 'e', 'g', 'i', 't', 'i', 'm', 'a', 't', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "totalpahire.com", true */ 't', 'o', 't', 'a', 'l', 'p', 'a', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "totalparts.com.au", true */ 't', 'o', 't', 'a', 'l', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "totalprint.hu", true */ 't', 'o', 't', 'a', 'l', 'p', 'r', 'i', 'n', 't', '.', 'h', 'u', '\0',
+  /* "totaltriathlon.com", true */ 't', 'o', 't', 'a', 'l', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "totem-international.com", true */ 't', 'o', 't', 'e', 'm', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "totobetty.com", true */ 't', 'o', 't', 'o', 'b', 'e', 't', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "touch.facebook.com", false */ 't', 'o', 'u', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "touch.mail.ru", true */ 't', 'o', 'u', 'c', 'h', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "touchoflife.in", true */ 't', 'o', 'u', 'c', 'h', 'o', 'f', 'l', 'i', 'f', 'e', '.', 'i', 'n', '\0',
+  /* "touchscreentills.com", true */ 't', 'o', 'u', 'c', 'h', 's', 'c', 'r', 'e', 'e', 'n', 't', 'i', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tougetu.com", true */ 't', 'o', 'u', 'g', 'e', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "touhou.cc", true */ 't', 'o', 'u', 'h', 'o', 'u', '.', 'c', 'c', '\0',
+  /* "toujours-actif.com", true */ 't', 'o', 'u', 'j', 'o', 'u', 'r', 's', '-', 'a', 'c', 't', 'i', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "tounyou-raku.com", true */ 't', 'o', 'u', 'n', 'y', 'o', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "touray-enterprise.ch", true */ 't', 'o', 'u', 'r', 'a', 'y', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "tourismwithme.com", true */ 't', 'o', 'u', 'r', 'i', 's', 'm', 'w', 'i', 't', 'h', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tourispo.com", true */ 't', 'o', 'u', 'r', 'i', 's', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tournevis.ch", true */ 't', 'o', 'u', 'r', 'n', 'e', 'v', 'i', 's', '.', 'c', 'h', '\0',
+  /* "tourtransferitaly.it", true */ 't', 'o', 'u', 'r', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 'i', 't', 'a', 'l', 'y', '.', 'i', 't', '\0',
+  /* "tous-travaux.ch", true */ 't', 'o', 'u', 's', '-', 't', 'r', 'a', 'v', 'a', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "toushi-exe.com", true */ 't', 'o', 'u', 's', 'h', 'i', '-', 'e', 'x', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toushi-return.xyz", true */ 't', 'o', 'u', 's', 'h', 'i', '-', 'r', 'e', 't', 'u', 'r', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "touslesdrivers.com", true */ 't', 'o', 'u', 's', 'l', 'e', 's', 'd', 'r', 'i', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tousproducteurs.fr", true */ 't', 'o', 'u', 's', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "tout-art.ch", true */ 't', 'o', 'u', 't', '-', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "toutart.ch", true */ 't', 'o', 'u', 't', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "toutenmusic.fr", true */ 't', 'o', 'u', 't', 'e', 'n', 'm', 'u', 's', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "toutmonexam.fr", true */ 't', 'o', 'u', 't', 'm', 'o', 'n', 'e', 'x', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "tovare.com", true */ 't', 'o', 'v', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toverland-tickets.nl", true */ 't', 'o', 'v', 'e', 'r', 'l', 'a', 'n', 'd', '-', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'n', 'l', '\0',
+  /* "towandalibrary.org", true */ 't', 'o', 'w', 'a', 'n', 'd', 'a', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "towaway.ru", true */ 't', 'o', 'w', 'a', 'w', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "townandcountryus.com", true */ 't', 'o', 'w', 'n', 'a', 'n', 'd', 'c', 'o', 'u', 'n', 't', 'r', 'y', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "townhousedevelopments.com.au", true */ 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "townhouseregister.com.au", true */ 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "townofbridgewater.ca", true */ 't', 'o', 'w', 'n', 'o', 'f', 'b', 'r', 'i', 'd', 'g', 'e', 'w', 'a', 't', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "towywebdesigns.uk", true */ 't', 'o', 'w', 'y', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'u', 'k', '\0',
+  /* "tox.im", true */ 't', 'o', 'x', '.', 'i', 'm', '\0',
+  /* "toxicboot.com", true */ 't', 'o', 'x', 'i', 'c', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "toymania.de", true */ 't', 'o', 'y', 'm', 'a', 'n', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "toysperiod.com", true */ 't', 'o', 'y', 's', 'p', 'e', 'r', 'i', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tp-iryuubun.com", true */ 't', 'p', '-', 'i', 'r', 'y', 'u', 'u', 'b', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tp-kabushiki.com", true */ 't', 'p', '-', 'k', 'a', 'b', 'u', 's', 'h', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tp-kyouyufudousan.com", true */ 't', 'p', '-', 'k', 'y', 'o', 'u', 'y', 'u', 'f', 'u', 'd', 'o', 'u', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tp-law.jp", true */ 't', 'p', '-', 'l', 'a', 'w', '.', 'j', 'p', '\0',
+  /* "tpansino.com", true */ 't', 'p', 'a', 'n', 's', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tpbproxy.co", true */ 't', 'p', 'b', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', '\0',
+  /* "tpbunblocked.org", true */ 't', 'p', 'b', 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "tpidg.us", true */ 't', 'p', 'i', 'd', 'g', '.', 'u', 's', '\0',
+  /* "tpolemis.com", true */ 't', 'p', 'o', 'l', 'e', 'm', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tpp.chat", true */ 't', 'p', 'p', '.', 'c', 'h', 'a', 't', '\0',
+  /* "tppleague.me", false */ 't', 'p', 'p', 'l', 'e', 'a', 'g', 'u', 'e', '.', 'm', 'e', '\0',
+  /* "tqdev.com", true */ 't', 'q', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "tr.search.yahoo.com", false */ 't', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tr0n.net", true */ 't', 'r', '0', 'n', '.', 'n', 'e', 't', '\0',
+  /* "traas.org", true */ 't', 'r', 'a', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "trabajarenperu.com", true */ 't', 'r', 'a', 'b', 'a', 'j', 'a', 'r', 'e', 'n', 'p', 'e', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "trabajarenremoto.com", true */ 't', 'r', 'a', 'b', 'a', 'j', 'a', 'r', 'e', 'n', 'r', 'e', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trabbel.org", true */ 't', 'r', 'a', 'b', 'b', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "tracalada.cl", true */ 't', 'r', 'a', 'c', 'a', 'l', 'a', 'd', 'a', '.', 'c', 'l', '\0',
+  /* "trace.guru", true */ 't', 'r', 'a', 'c', 'e', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "tracelight.io", true */ 't', 'r', 'a', 'c', 'e', 'l', 'i', 'g', 'h', 't', '.', 'i', 'o', '\0',
+  /* "traceroute.guru", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "traceroute.link", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "traceroute.network", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "traces.ml", true */ 't', 'r', 'a', 'c', 'e', 's', '.', 'm', 'l', '\0',
+  /* "tracetracker.no", true */ 't', 'r', 'a', 'c', 'e', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'n', 'o', '\0',
+  /* "tracfinancialservices.com", true */ 't', 'r', 'a', 'c', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tracinsurance.com", true */ 't', 'r', 'a', 'c', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trackchair.com", true */ 't', 'r', 'a', 'c', 'k', 'c', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trackdomains.com", true */ 't', 'r', 'a', 'c', 'k', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trackersimulator.org", true */ 't', 'r', 'a', 'c', 'k', 'e', 'r', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "trackeye.dk", true */ 't', 'r', 'a', 'c', 'k', 'e', 'y', 'e', '.', 'd', 'k', '\0',
+  /* "trackmeet.io", true */ 't', 'r', 'a', 'c', 'k', 'm', 'e', 'e', 't', '.', 'i', 'o', '\0',
+  /* "trackrecordpro.co.uk", true */ 't', 'r', 'a', 'c', 'k', 'r', 'e', 'c', 'o', 'r', 'd', 'p', 'r', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tractorpumps.com", true */ 't', 'r', 'a', 'c', 't', 'o', 'r', 'p', 'u', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trade.gov.uk", true */ 't', 'r', 'a', 'd', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "tradedesk.co.za", true */ 't', 'r', 'a', 'd', 'e', 'd', 'e', 's', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "tradeinvent.co.uk", true */ 't', 'r', 'a', 'd', 'e', 'i', 'n', 'v', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trademan.ky", true */ 't', 'r', 'a', 'd', 'e', 'm', 'a', 'n', '.', 'k', 'y', '\0',
+  /* "traderjoe-cloud.de", true */ 't', 'r', 'a', 'd', 'e', 'r', 'j', 'o', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "tradietrove.com.au", true */ 't', 'r', 'a', 'd', 'i', 'e', 't', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "tradinews.com", true */ 't', 'r', 'a', 'd', 'i', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tradinews.fr", true */ 't', 'r', 'a', 'd', 'i', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "tradingbhavishya.com", true */ 't', 'r', 'a', 'd', 'i', 'n', 'g', 'b', 'h', 'a', 'v', 'i', 's', 'h', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tradingrooms.com", false */ 't', 'r', 'a', 'd', 'i', 'n', 'g', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "traditionsvivantesenimages.ch", true */ 't', 'r', 'a', 'd', 'i', 't', 'i', 'o', 'n', 's', 'v', 'i', 'v', 'a', 'n', 't', 'e', 's', 'e', 'n', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'h', '\0',
+  /* "tradiz.org", true */ 't', 'r', 'a', 'd', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "traeningsprojekt.dk", false */ 't', 'r', 'a', 'e', 'n', 'i', 'n', 'g', 's', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'd', 'k', '\0',
+  /* "trafarm.ro", true */ 't', 'r', 'a', 'f', 'a', 'r', 'm', '.', 'r', 'o', '\0',
+  /* "traffic.az", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'a', 'z', '\0',
+  /* "trafficmanager.xxx", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'x', 'x', 'x', '\0',
+  /* "trafficologyblueprint.com", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'o', 'l', 'o', 'g', 'y', 'b', 'l', 'u', 'e', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trafficpixel.tk", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'p', 'i', 'x', 'e', 'l', '.', 't', 'k', '\0',
+  /* "traffixdevices.com", true */ 't', 'r', 'a', 'f', 'f', 'i', 'x', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tragmi.ch", true */ 't', 'r', 'a', 'g', 'm', 'i', '.', 'c', 'h', '\0',
+  /* "trailerparty.com", true */ 't', 'r', 'a', 'i', 'l', 'e', 'r', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "trailforks.com", true */ 't', 'r', 'a', 'i', 'l', 'f', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "train-track.co.uk", true */ 't', 'r', 'a', 'i', 'n', '-', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trainex.org", true */ 't', 'r', 'a', 'i', 'n', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "trainhornforums.com", true */ 't', 'r', 'a', 'i', 'n', 'h', 'o', 'r', 'n', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trainiac.com.au", true */ 't', 'r', 'a', 'i', 'n', 'i', 'a', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "trainings-handschuhe-test.de", true */ 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 's', '-', 'h', 'a', 'n', 'd', 's', 'c', 'h', 'u', 'h', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "trainline.at", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'a', 't', '\0',
+  /* "trainline.cn", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'n', '\0',
+  /* "trainline.com.br", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "trainline.com.pt", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'p', 't', '\0',
+  /* "trainline.cz", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "trainline.de", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "trainline.dk", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'k', '\0',
+  /* "trainline.es", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'e', 's', '\0',
+  /* "trainline.eu", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "trainline.fr", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "trainline.io", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'i', 'o', '\0',
+  /* "trainline.it", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'i', 't', '\0',
+  /* "trainline.nl", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "trainline.no", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'o', '\0',
+  /* "trainline.pl", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "trainline.se", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 's', 'e', '\0',
+  /* "trainsgoodplanesbad.com", true */ 't', 'r', 'a', 'i', 'n', 's', 'g', 'o', 'o', 'd', 'p', 'l', 'a', 'n', 'e', 's', 'b', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "traista.ru", true */ 't', 'r', 'a', 'i', 's', 't', 'a', '.', 'r', 'u', '\0',
+  /* "trajano.net", true */ 't', 'r', 'a', 'j', 'a', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "tran.pw", true */ 't', 'r', 'a', 'n', '.', 'p', 'w', '\0',
+  /* "trancendances.fr", true */ 't', 'r', 'a', 'n', 'c', 'e', 'n', 'd', 'a', 'n', 'c', 'e', 's', '.', 'f', 'r', '\0',
+  /* "trangcongnghe.com", true */ 't', 'r', 'a', 'n', 'g', 'c', 'o', 'n', 'g', 'n', 'g', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trangell.com", true */ 't', 'r', 'a', 'n', 'g', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tranglenull.xyz", true */ 't', 'r', 'a', 'n', 'g', 'l', 'e', 'n', 'u', 'l', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "transacid.de", true */ 't', 'r', 'a', 'n', 's', 'a', 'c', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "transappealrights.com", true */ 't', 'r', 'a', 'n', 's', 'a', 'p', 'p', 'e', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "transcend.org", true */ 't', 'r', 'a', 'n', 's', 'c', 'e', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "transcricentro.pt", true */ 't', 'r', 'a', 'n', 's', 'c', 'r', 'i', 'c', 'e', 'n', 't', 'r', 'o', '.', 'p', 't', '\0',
+  /* "transfer.pw", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', '.', 'p', 'w', '\0',
+  /* "transferio.nl", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "transfers.do", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'd', 'o', '\0',
+  /* "transferserver.at", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', 'e', 'r', 'v', 'e', 'r', '.', 'a', 't', '\0',
+  /* "transfersummit.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', 'u', 'm', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "transfigurewizard.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'i', 'g', 'u', 'r', 'e', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "transfile.fr", true */ 't', 'r', 'a', 'n', 's', 'f', 'i', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "transformaniatime.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'o', 'r', 'm', 'a', 'n', 'i', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "transformations-magazin.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "transhumanism.co.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "transhumanist.co.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "transhumanist.com", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "transhumanist.net", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "transhumanist.org", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "transhumanist.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'u', 'k', '\0',
+  /* "transitownplaza.com", true */ 't', 'r', 'a', 'n', 's', 'i', 't', 'o', 'w', 'n', 'p', 'l', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "transitpoint.us", true */ 't', 'r', 'a', 'n', 's', 'i', 't', 'p', 'o', 'i', 'n', 't', '.', 'u', 's', '\0',
+  /* "translate.fedoraproject.org", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "translate.googleapis.com", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "translate.stg.fedoraproject.org", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "translateblender.ru", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', 'b', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "translatoruk.co.uk", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'o', 'r', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "transmarttouring.com", true */ 't', 'r', 'a', 'n', 's', 'm', 'a', 'r', 't', 't', 'o', 'u', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "transmisjeonline.pl", true */ 't', 'r', 'a', 'n', 's', 'm', 'i', 's', 'j', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "transmithe.net", true */ 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "transnexus.com", true */ 't', 'r', 'a', 'n', 's', 'n', 'e', 'x', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "transparentcorp.com", true */ 't', 'r', 'a', 'n', 's', 'p', 'a', 'r', 'e', 'n', 't', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "transport.eu", true */ 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0',
+  /* "transporterlock.com", true */ 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'e', 'r', 'l', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "transsexualpantyhose.com", true */ 't', 'r', 'a', 'n', 's', 's', 'e', 'x', 'u', 'a', 'l', 'p', 'a', 'n', 't', 'y', 'h', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "transverify.com", true */ 't', 'r', 'a', 'n', 's', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "trashnothing.com", true */ 't', 'r', 'a', 's', 'h', 'n', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "trask.no", true */ 't', 'r', 'a', 's', 'k', '.', 'n', 'o', '\0',
+  /* "traslocare.roma.it", true */ 't', 'r', 'a', 's', 'l', 'o', 'c', 'a', 'r', 'e', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "trauertexte.info", true */ 't', 'r', 'a', 'u', 'e', 'r', 't', 'e', 'x', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "traut.cloud", true */ 't', 'r', 'a', 'u', 't', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "travador.com", true */ 't', 'r', 'a', 'v', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "travaux-toiture-idf.fr", true */ 't', 'r', 'a', 'v', 'a', 'u', 'x', '-', 't', 'o', 'i', 't', 'u', 'r', 'e', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "travel-dealz.de", true */ 't', 'r', 'a', 'v', 'e', 'l', '-', 'd', 'e', 'a', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "travel-to-nature.ch", true */ 't', 'r', 'a', 'v', 'e', 'l', '-', 't', 'o', '-', 'n', 'a', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "travel365.it", true */ 't', 'r', 'a', 'v', 'e', 'l', '3', '6', '5', '.', 'i', 't', '\0',
+  /* "travelarmenia.org", true */ 't', 'r', 'a', 'v', 'e', 'l', 'a', 'r', 'm', 'e', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "traveling-thailand.info", true */ 't', 'r', 'a', 'v', 'e', 'l', 'i', 'n', 'g', '-', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "travellers.dating", true */ 't', 'r', 'a', 'v', 'e', 'l', 'l', 'e', 'r', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "travelling.expert", true */ 't', 'r', 'a', 'v', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0',
+  /* "travelmyth.ie", true */ 't', 'r', 'a', 'v', 'e', 'l', 'm', 'y', 't', 'h', '.', 'i', 'e', '\0',
+  /* "travelogue.jp", true */ 't', 'r', 'a', 'v', 'e', 'l', 'o', 'g', 'u', 'e', '.', 'j', 'p', '\0',
+  /* "travelpricecheck.com", true */ 't', 'r', 'a', 'v', 'e', 'l', 'p', 'r', 'i', 'c', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "travi.org", true */ 't', 'r', 'a', 'v', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "travisf.net", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', '.', 'n', 'e', 't', '\0',
+  /* "travisforte.io", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', 'o', 'r', 't', 'e', '.', 'i', 'o', '\0',
+  /* "travisfranck.com", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "travler.net", true */ 't', 'r', 'a', 'v', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "trbanka.com", true */ 't', 'r', 'b', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "treasurydirect.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 'd', 'i', 'r', 'e', 'c', 't', '.', 'g', 'o', 'v', '\0',
+  /* "treasuryhunt.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 'h', 'u', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "treasuryscams.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 's', 'c', 'a', 'm', 's', '.', 'g', 'o', 'v', '\0',
+  /* "treebaglia.xyz", true */ 't', 'r', 'e', 'e', 'b', 'a', 'g', 'l', 'i', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "treehousebydesign.com", true */ 't', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'b', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "treehouseresort.nl", true */ 't', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'r', 'e', 's', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "trees.chat", true */ 't', 'r', 'e', 'e', 's', '.', 'c', 'h', 'a', 't', '\0',
+  /* "treeschat.com", true */ 't', 'r', 'e', 'e', 's', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trefcon.cz", true */ 't', 'r', 'e', 'f', 'c', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "trefpuntdemeent.nl", true */ 't', 'r', 'e', 'f', 'p', 'u', 'n', 't', 'd', 'e', 'm', 'e', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "treinaweb.com.br", false */ 't', 'r', 'e', 'i', 'n', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "treinonerd.com", true */ 't', 'r', 'e', 'i', 'n', 'o', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "trek-planet.ru", true */ 't', 'r', 'e', 'k', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'r', 'u', '\0',
+  /* "trekfriend.com", true */ 't', 'r', 'e', 'k', 'f', 'r', 'i', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tremlor.com", true */ 't', 'r', 'e', 'm', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tremolosoftware.com", true */ 't', 'r', 'e', 'm', 'o', 'l', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tremoureux.fr", true */ 't', 'r', 'e', 'm', 'o', 'u', 'r', 'e', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "trendingpulse.com", true */ 't', 'r', 'e', 'n', 'd', 'i', 'n', 'g', 'p', 'u', 'l', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trendisland.de", true */ 't', 'r', 'e', 'n', 'd', 'i', 's', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "trendkraft.de", true */ 't', 'r', 'e', 'n', 'd', 'k', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "trendydips.com", true */ 't', 'r', 'e', 'n', 'd', 'y', 'd', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trendykids.cz", true */ 't', 'r', 'e', 'n', 'd', 'y', 'k', 'i', 'd', 's', '.', 'c', 'z', '\0',
+  /* "trenta.io", true */ 't', 'r', 'e', 'n', 't', 'a', '.', 'i', 'o', '\0',
+  /* "trentmaydew.com", true */ 't', 'r', 'e', 'n', 't', 'm', 'a', 'y', 'd', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "tresorit.com", true */ 't', 'r', 'e', 's', 'o', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tresorsecurity.com", true */ 't', 'r', 'e', 's', 'o', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tretail.net", true */ 't', 'r', 'e', 't', 'a', 'i', 'l', '.', 'n', 'e', 't', '\0',
+  /* "tretkowski.de", true */ 't', 'r', 'e', 't', 'k', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "trewe.eu", true */ 't', 'r', 'e', 'w', 'e', '.', 'e', 'u', '\0',
+  /* "trhastane.com", true */ 't', 'r', 'h', 'a', 's', 't', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "triage.com", true */ 't', 'r', 'i', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "triageo.com.au", true */ 't', 'r', 'i', 'a', 'g', 'e', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "trialcentralnet.com", true */ 't', 'r', 'i', 'a', 'l', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trianglecastles.co.uk", true */ 't', 'r', 'i', 'a', 'n', 'g', 'l', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tribac.de", true */ 't', 'r', 'i', 'b', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "tribaldos.com", true */ 't', 'r', 'i', 'b', 'a', 'l', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tribut.de", true */ 't', 'r', 'i', 'b', 'u', 't', '.', 'd', 'e', '\0',
+  /* "tributh.net", true */ 't', 'r', 'i', 'b', 'u', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "trickedguys.com", true */ 't', 'r', 'i', 'c', 'k', 'e', 'd', 'g', 'u', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "triddi.com", true */ 't', 'r', 'i', 'd', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "trident-online.de", true */ 't', 'r', 'i', 'd', 'e', 'n', 't', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "tridentflood.com", true */ 't', 'r', 'i', 'd', 'e', 'n', 't', 'f', 'l', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "trietment.com", true */ 't', 'r', 'i', 'e', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trigardon-rg.de", true */ 't', 'r', 'i', 'g', 'a', 'r', 'd', 'o', 'n', '-', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "trigular.de", true */ 't', 'r', 'i', 'g', 'u', 'l', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "trik.es", false */ 't', 'r', 'i', 'k', '.', 'e', 's', '\0',
+  /* "trim-a-slab.com", true */ 't', 'r', 'i', 'm', '-', 'a', '-', 's', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "trimage.org", true */ 't', 'r', 'i', 'm', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "trimarchimanuele.it", true */ 't', 'r', 'i', 'm', 'a', 'r', 'c', 'h', 'i', 'm', 'a', 'n', 'u', 'e', 'l', 'e', '.', 'i', 't', '\0',
+  /* "trinary.ca", true */ 't', 'r', 'i', 'n', 'a', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "trineco.com", true */ 't', 'r', 'i', 'n', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trineco.fi", true */ 't', 'r', 'i', 'n', 'e', 'c', 'o', '.', 'f', 'i', '\0',
+  /* "trinitytechdev.com", true */ 't', 'r', 'i', 'n', 'i', 't', 'y', 't', 'e', 'c', 'h', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "trink-und-partyspiele.de", true */ 't', 'r', 'i', 'n', 'k', '-', 'u', 'n', 'd', '-', 'p', 'a', 'r', 't', 'y', 's', 'p', 'i', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "trinnes.net", true */ 't', 'r', 'i', 'n', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "trio.online", true */ 't', 'r', 'i', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "triop.se", true */ 't', 'r', 'i', 'o', 'p', '.', 's', 'e', '\0',
+  /* "trior.net", true */ 't', 'r', 'i', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tripcombi.com", true */ 't', 'r', 'i', 'p', 'c', 'o', 'm', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "triple-mmm.de", true */ 't', 'r', 'i', 'p', 'l', 'e', '-', 'm', 'm', 'm', '.', 'd', 'e', '\0',
+  /* "tripseats.com", true */ 't', 'r', 'i', 'p', 's', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tripsinc.com", true */ 't', 'r', 'i', 'p', 's', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "trisportas.lt", true */ 't', 'r', 'i', 's', 'p', 'o', 'r', 't', 'a', 's', '.', 'l', 't', '\0',
+  /* "trixati.org.ua", true */ 't', 'r', 'i', 'x', 'a', 't', 'i', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "trixexpressweb.nl", true */ 't', 'r', 'i', 'x', 'e', 'x', 'p', 'r', 'e', 's', 's', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "triz.co.uk", true */ 't', 'r', 'i', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trizone.com.au", true */ 't', 'r', 'i', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "trkpuls.tk", true */ 't', 'r', 'k', 'p', 'u', 'l', 's', '.', 't', 'k', '\0',
+  /* "trockendock.ch", true */ 't', 'r', 'o', 'c', 'k', 'e', 'n', 'd', 'o', 'c', 'k', '.', 'c', 'h', '\0',
+  /* "troedel-trolle.de", true */ 't', 'r', 'o', 'e', 'd', 'e', 'l', '-', 't', 'r', 'o', 'l', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "troedelhannes.at", true */ 't', 'r', 'o', 'e', 'd', 'e', 'l', 'h', 'a', 'n', 'n', 'e', 's', '.', 'a', 't', '\0',
+  /* "troianet.com.br", true */ 't', 'r', 'o', 'i', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "troisdorf-gestalten.de", true */ 't', 'r', 'o', 'i', 's', 'd', 'o', 'r', 'f', '-', 'g', 'e', 's', 't', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "trollingeffects.org", true */ 't', 'r', 'o', 'l', 'l', 'i', 'n', 'g', 'e', 'f', 'f', 'e', 'c', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "trollmoa.se", true */ 't', 'r', 'o', 'l', 'l', 'm', 'o', 'a', '.', 's', 'e', '\0',
+  /* "trommelwirbel.com", true */ 't', 'r', 'o', 'm', 'm', 'e', 'l', 'w', 'i', 'r', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tronatic-studio.com", true */ 't', 'r', 'o', 'n', 'a', 't', 'i', 'c', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trondelan.no", true */ 't', 'r', 'o', 'n', 'd', 'e', 'l', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "tronflix.com", true */ 't', 'r', 'o', 'n', 'f', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "trophee-discount.com", true */ 't', 'r', 'o', 'p', 'h', 'e', 'e', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tropicalserver.com", true */ 't', 'r', 'o', 'p', 'i', 'c', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trotec.com", true */ 't', 'r', 'o', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "trouweninoverijssel.nl", true */ 't', 'r', 'o', 'u', 'w', 'e', 'n', 'i', 'n', 'o', 'v', 'e', 'r', 'i', 'j', 's', 's', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "trovaprezzi.it", true */ 't', 'r', 'o', 'v', 'a', 'p', 'r', 'e', 'z', 'z', 'i', '.', 'i', 't', '\0',
+  /* "troyfawkes.com", true */ 't', 'r', 'o', 'y', 'f', 'a', 'w', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "troyhuntsucks.com", true */ 't', 'r', 'o', 'y', 'h', 'u', 'n', 't', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trs.tn", true */ 't', 'r', 's', '.', 't', 'n', '\0',
+  /* "trtltravel.com", true */ 't', 'r', 't', 'l', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tru.ltd", true */ 't', 'r', 'u', '.', 'l', 't', 'd', '\0',
+  /* "truckersmp.com", true */ 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "truckerswereld.nl", false */ 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "truckstop-magazin.de", false */ 't', 'r', 'u', 'c', 'k', 's', 't', 'o', 'p', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "true-itk.de", true */ 't', 'r', 'u', 'e', '-', 'i', 't', 'k', '.', 'd', 'e', '\0',
+  /* "trueblueessentials.com", true */ 't', 'r', 'u', 'e', 'b', 'l', 'u', 'e', 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trueinstincts.ca", true */ 't', 'r', 'u', 'e', 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 's', '.', 'c', 'a', '\0',
+  /* "truejob.com", true */ 't', 'r', 'u', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "truekey.com", true */ 't', 'r', 'u', 'e', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "truerizm.ru", true */ 't', 'r', 'u', 'e', 'r', 'i', 'z', 'm', '.', 'r', 'u', '\0',
+  /* "truestaradvisors.com", true */ 't', 'r', 'u', 'e', 's', 't', 'a', 'r', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "truesteamachievements.com", true */ 't', 'r', 'u', 'e', 's', 't', 'e', 'a', 'm', 'a', 'c', 'h', 'i', 'e', 'v', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "truestor.com", true */ 't', 'r', 'u', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trueteaching.com", true */ 't', 'r', 'u', 'e', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "truetrophies.com", true */ 't', 'r', 'u', 'e', 't', 'r', 'o', 'p', 'h', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trufflemonkey.co.uk", true */ 't', 'r', 'u', 'f', 'f', 'l', 'e', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trulance.com", true */ 't', 'r', 'u', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trumanlibrary.org", true */ 't', 'r', 'u', 'm', 'a', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "trumeet.top", true */ 't', 'r', 'u', 'm', 'e', 'e', 't', '.', 't', 'o', 'p', '\0',
+  /* "trunk-show.net", true */ 't', 'r', 'u', 'n', 'k', '-', 's', 'h', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "truserve.org", true */ 't', 'r', 'u', 's', 'e', 'r', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "trush.in", true */ 't', 'r', 'u', 's', 'h', '.', 'i', 'n', '\0',
+  /* "trusitio.com", true */ 't', 'r', 'u', 's', 'i', 't', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trustcase.com", true */ 't', 'r', 'u', 's', 't', 'c', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trustfield.ch", true */ 't', 'r', 'u', 's', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "truthmessages.pw", true */ 't', 'r', 'u', 't', 'h', 'm', 'e', 's', 's', 'a', 'g', 'e', 's', '.', 'p', 'w', '\0',
+  /* "trw-reseller.com", true */ 't', 'r', 'w', '-', 'r', 'e', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trybabyschoice.com", true */ 't', 'r', 'y', 'b', 'a', 'b', 'y', 's', 'c', 'h', 'o', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tryfabulousdiet.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'd', 'i', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tryfabulousskincream.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 's', 'k', 'i', 'n', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tryfabulousskinserum.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 's', 'k', 'i', 'n', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tryhard.cz", true */ 't', 'r', 'y', 'h', 'a', 'r', 'd', '.', 'c', 'z', '\0',
+  /* "trymegadrol.com", true */ 't', 'r', 'y', 'm', 'e', 'g', 'a', 'd', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "trynta.com", true */ 't', 'r', 'y', 'n', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "trynta.net", true */ 't', 'r', 'y', 'n', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "tryupdates.com", true */ 't', 'r', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trywesayyes.com", true */ 't', 'r', 'y', 'w', 'e', 's', 'a', 'y', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trzepak.pl", true */ 't', 'r', 'z', 'e', 'p', 'a', 'k', '.', 'p', 'l', '\0',
+  /* "ts-publishers.com", true */ 't', 's', '-', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tsa-sucks.com", true */ 't', 's', 'a', '-', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tschuermans.be", true */ 't', 's', 'c', 'h', 'u', 'e', 'r', 'm', 'a', 'n', 's', '.', 'b', 'e', '\0',
+  /* "tsedryk.ca", true */ 't', 's', 'e', 'd', 'r', 'y', 'k', '.', 'c', 'a', '\0',
+  /* "tsgbit.net", true */ 't', 's', 'g', 'b', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "tsicons.com", true */ 't', 's', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tsigaradiko.com", true */ 't', 's', 'i', 'g', 'a', 'r', 'a', 'd', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tsironis-olivenoel.de", true */ 't', 's', 'i', 'r', 'o', 'n', 'i', 's', '-', 'o', 'l', 'i', 'v', 'e', 'n', 'o', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "tsng-stg.tk", true */ 't', 's', 'n', 'g', '-', 's', 't', 'g', '.', 't', 'k', '\0',
+  /* "tsng.co.jp", true */ 't', 's', 'n', 'g', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "tstrubberstamp.com", true */ 't', 's', 't', 'r', 'u', 'b', 'b', 'e', 'r', 's', 't', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tsugi.fr", true */ 't', 's', 'u', 'g', 'i', '.', 'f', 'r', '\0',
+  /* "tsukhani.com", true */ 't', 's', 'u', 'k', 'h', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tsuki.moe", true */ 't', 's', 'u', 'k', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "tsukuba.style", true */ 't', 's', 'u', 'k', 'u', 'b', 'a', '.', 's', 't', 'y', 'l', 'e', '\0',
+  /* "tsumegumi.com", true */ 't', 's', 'u', 'm', 'e', 'g', 'u', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tsumi.it", true */ 't', 's', 'u', 'm', 'i', '.', 'i', 't', '\0',
+  /* "tsumi.moe", true */ 't', 's', 'u', 'm', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "tsundere.moe", true */ 't', 's', 'u', 'n', 'd', 'e', 'r', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "tsura.org", true */ 't', 's', 'u', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "tsuyuzakihiroyuki.com", true */ 't', 's', 'u', 'y', 'u', 'z', 'a', 'k', 'i', 'h', 'i', 'r', 'o', 'y', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tsv-1894.de", true */ 't', 's', 'v', '-', '1', '8', '9', '4', '.', 'd', 'e', '\0',
+  /* "ttb.gov", true */ 't', 't', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "ttbonline.gov", true */ 't', 't', 'b', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "ttcaarberg.ch", true */ 't', 't', 'c', 'a', 'a', 'r', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "ttcf.ca", true */ 't', 't', 'c', 'f', '.', 'c', 'a', '\0',
+  /* "ttchan.org", true */ 't', 't', 'c', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ttdsevaonline.com", true */ 't', 't', 'd', 's', 'e', 'v', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ttll.de", true */ 't', 't', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "ttsoft.pl", true */ 't', 't', 's', 'o', 'f', 't', '.', 'p', 'l', '\0',
+  /* "ttsweb.org", true */ 't', 't', 's', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "ttt.tt", true */ 't', 't', 't', '.', 't', 't', '\0',
+  /* "ttuwiki.ee", true */ 't', 't', 'u', 'w', 'i', 'k', 'i', '.', 'e', 'e', '\0',
+  /* "ttuwiki.org", true */ 't', 't', 'u', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tty.space", true */ 't', 't', 'y', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "ttz.im", true */ 't', 't', 'z', '.', 'i', 'm', '\0',
+  /* "tu6.pm", true */ 't', 'u', '6', '.', 'p', 'm', '\0',
+  /* "tubanten.nl", true */ 't', 'u', 'b', 'a', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "tube.tools", true */ 't', 'u', 'b', 'e', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "tubejack.nl", true */ 't', 'u', 'b', 'e', 'j', 'a', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "tubeju.com", true */ 't', 'u', 'b', 'e', 'j', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tuberecht.de", true */ 't', 'u', 'b', 'e', 'r', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "tubs4fun.co.uk", true */ 't', 'u', 'b', 's', '4', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tubul.net", true */ 't', 'u', 'b', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "tucny.com", true */ 't', 'u', 'c', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tucsonfcu.com", true */ 't', 'u', 'c', 's', 'o', 'n', 'f', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tucuxi.org", true */ 't', 'u', 'c', 'u', 'x', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tudiennhakhoa.com", true */ 't', 'u', 'd', 'i', 'e', 'n', 'n', 'h', 'a', 'k', 'h', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tudorproject.org", true */ 't', 'u', 'd', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tueche.com.ar", true */ 't', 'u', 'e', 'c', 'h', 'e', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "tufilo.com", true */ 't', 'u', 'f', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tuincentersnaet.be", true */ 't', 'u', 'i', 'n', 'c', 'e', 'n', 't', 'e', 'r', 's', 'n', 'a', 'e', 't', '.', 'b', 'e', '\0',
+  /* "tuingereedschappen.net", false */ 't', 'u', 'i', 'n', 'g', 'e', 'r', 'e', 'e', 'd', 's', 'c', 'h', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tuitle.com", true */ 't', 'u', 'i', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tuja.hu", true */ 't', 'u', 'j', 'a', '.', 'h', 'u', '\0',
+  /* "tulsameetingroom.com", true */ 't', 'u', 'l', 's', 'a', 'm', 'e', 'e', 't', 'i', 'n', 'g', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tumagiri.net", true */ 't', 'u', 'm', 'a', 'g', 'i', 'r', 'i', '.', 'n', 'e', 't', '\0',
+  /* "tumblenfun.com", true */ 't', 'u', 'm', 'b', 'l', 'e', 'n', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tumedico.es", true */ 't', 'u', 'm', 'e', 'd', 'i', 'c', 'o', '.', 'e', 's', '\0',
+  /* "tumelum.de", true */ 't', 'u', 'm', 'e', 'l', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "tuminauskas.lt", true */ 't', 'u', 'm', 'i', 'n', 'a', 'u', 's', 'k', 'a', 's', '.', 'l', 't', '\0',
+  /* "tumutanzi.com", true */ 't', 'u', 'm', 'u', 't', 'a', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tune-web.de", true */ 't', 'u', 'n', 'e', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "tunefish-entertainment.de", true */ 't', 'u', 'n', 'e', 'f', 'i', 's', 'h', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "tuner.cloud", true */ 't', 'u', 'n', 'e', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "tuning-werkstatt-nuernberg.de", true */ 't', 'u', 'n', 'i', 'n', 'g', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '-', 'n', 'u', 'e', 'r', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "tuningblog.eu", false */ 't', 'u', 'n', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'e', 'u', '\0',
+  /* "tunnelblick.net", true */ 't', 'u', 'n', 'n', 'e', 'l', 'b', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "tunnelwatch.com", true */ 't', 'u', 'n', 'n', 'e', 'l', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tuntitili.fi", true */ 't', 'u', 'n', 't', 'i', 't', 'i', 'l', 'i', '.', 'f', 'i', '\0',
+  /* "tupa-germania.ru", true */ 't', 'u', 'p', 'a', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "tupeuxpastest.ch", true */ 't', 'u', 'p', 'e', 'u', 'x', 'p', 'a', 's', 't', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "tuppenceworth.ie", true */ 't', 'u', 'p', 'p', 'e', 'n', 'c', 'e', 'w', 'o', 'r', 't', 'h', '.', 'i', 'e', '\0',
+  /* "turbobit.ch", true */ 't', 'u', 'r', 'b', 'o', 'b', 'i', 't', '.', 'c', 'h', '\0',
+  /* "turigum.com", true */ 't', 'u', 'r', 'i', 'g', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "turismo.cl", true */ 't', 'u', 'r', 'i', 's', 'm', 'o', '.', 'c', 'l', '\0',
+  /* "turkish.dating", true */ 't', 'u', 'r', 'k', 'i', 's', 'h', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "turncircles.com", true */ 't', 'u', 'r', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "turnoffthelights.com", true */ 't', 'u', 'r', 'n', 'o', 'f', 'f', 't', 'h', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "turnonsocial.com", true */ 't', 'u', 'r', 'n', 'o', 'n', 's', 'o', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "turpinpesage.fr", true */ 't', 'u', 'r', 'p', 'i', 'n', 'p', 'e', 's', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "tursiae.org", true */ 't', 'u', 'r', 's', 'i', 'a', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "turtle.ai", true */ 't', 'u', 'r', 't', 'l', 'e', '.', 'a', 'i', '\0',
+  /* "turtleduckstudios.com", true */ 't', 'u', 'r', 't', 'l', 'e', 'd', 'u', 'c', 'k', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "turtlepwr.com", true */ 't', 'u', 'r', 't', 'l', 'e', 'p', 'w', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "turtles.ga", true */ 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'g', 'a', '\0',
+  /* "tutanota.com", true */ 't', 'u', 't', 'a', 'n', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tuto-craft.com", true */ 't', 'u', 't', 'o', '-', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tutoragency.org", true */ 't', 'u', 't', 'o', 'r', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "tutorialinux.com", true */ 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "tutorio.ga", true */ 't', 'u', 't', 'o', 'r', 'i', 'o', '.', 'g', 'a', '\0',
+  /* "tuts4you.com", true */ 't', 'u', 't', 's', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tuttimundi.org", true */ 't', 'u', 't', 't', 'i', 'm', 'u', 'n', 'd', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tuttoandroid.net", true */ 't', 'u', 't', 't', 'o', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "tuvangoicuoc.com", true */ 't', 'u', 'v', 'a', 'n', 'g', 'o', 'i', 'c', 'u', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "tuxcloud.net", true */ 't', 'u', 'x', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "tuxflow.de", true */ 't', 'u', 'x', 'f', 'l', 'o', 'w', '.', 'd', 'e', '\0',
+  /* "tuxgeo.com", false */ 't', 'u', 'x', 'g', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tuxie.com", true */ 't', 'u', 'x', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tuxlife.net", true */ 't', 'u', 'x', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tuxpeliculas.com", true */ 't', 'u', 'x', 'p', 'e', 'l', 'i', 'c', 'u', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tuxplace.nl", true */ 't', 'u', 'x', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "tuxtimo.me", true */ 't', 'u', 'x', 't', 'i', 'm', 'o', '.', 'm', 'e', '\0',
+  /* "tuzaijidi.com", true */ 't', 'u', 'z', 'a', 'i', 'j', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tv2vie.org", false */ 't', 'v', '2', 'v', 'i', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "tvbeugels.nl", false */ 't', 'v', 'b', 'e', 'u', 'g', 'e', 'l', 's', '.', 'n', 'l', '\0',
+  /* "tvc.red", true */ 't', 'v', 'c', '.', 'r', 'e', 'd', '\0',
+  /* "tvcal.net", true */ 't', 'v', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "tvcmarketing.com", true */ 't', 'v', 'c', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tver-msk.ru", true */ 't', 'v', 'e', 'r', '-', 'm', 's', 'k', '.', 'r', 'u', '\0',
+  /* "tverskaya-outlet.ru", true */ 't', 'v', 'e', 'r', 's', 'k', 'a', 'y', 'a', '-', 'o', 'u', 't', 'l', 'e', 't', '.', 'r', 'u', '\0',
+  /* "tvoru.com.ua", true */ 't', 'v', 'o', 'r', 'u', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "tvs-virtual.cz", true */ 't', 'v', 's', '-', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'z', '\0',
+  /* "tvsheerenhoek.nl", true */ 't', 'v', 's', 'h', 'e', 'e', 'r', 'e', 'n', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "tw.search.yahoo.com", false */ 't', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "twaka.com", true */ 't', 'w', 'a', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "twb.berlin", true */ 't', 'w', 'b', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "twd2.me", true */ 't', 'w', 'd', '2', '.', 'm', 'e', '\0',
+  /* "twd2.net", false */ 't', 'w', 'd', '2', '.', 'n', 'e', 't', '\0',
+  /* "tweakers.net", true */ 't', 'w', 'e', 'a', 'k', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "tweakersbadge.nl", true */ 't', 'w', 'e', 'a', 'k', 'e', 'r', 's', 'b', 'a', 'd', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "tweaktown.com", true */ 't', 'w', 'e', 'a', 'k', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "twelve.rocks", true */ 't', 'w', 'e', 'l', 'v', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "twelve.today", true */ 't', 'w', 'e', 'l', 'v', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "twem.ddns.net", true */ 't', 'w', 'e', 'm', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "twenty71.com", true */ 't', 'w', 'e', 'n', 't', 'y', '7', '1', '.', 'c', 'o', 'm', '\0',
+  /* "twentymilliseconds.com", true */ 't', 'w', 'e', 'n', 't', 'y', 'm', 'i', 'l', 'l', 'i', 's', 'e', 'c', 'o', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twilleys.com", true */ 't', 'w', 'i', 'l', 'l', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twincitynissantxparts.com", true */ 't', 'w', 'i', 'n', 'c', 'i', 't', 'y', 'n', 'i', 's', 's', 'a', 'n', 't', 'x', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twinkseason.com", true */ 't', 'w', 'i', 'n', 'k', 's', 'e', 'a', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "twisata.com", true */ 't', 'w', 'i', 's', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "twistapp.com", true */ 't', 'w', 'i', 's', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "twisted-brains.org", true */ 't', 'w', 'i', 's', 't', 'e', 'd', '-', 'b', 'r', 'a', 'i', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "twistedwave.com", true */ 't', 'w', 'i', 's', 't', 'e', 'd', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "twisto.cz", true */ 't', 'w', 'i', 's', 't', 'o', '.', 'c', 'z', '\0',
+  /* "twit-guide.com", true */ 't', 'w', 'i', 't', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "twitter.com", false */ 't', 'w', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "twitteroauth.com", true */ 't', 'w', 'i', 't', 't', 'e', 'r', 'o', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "twizzkidzinflatables.co.uk", true */ 't', 'w', 'i', 'z', 'z', 'k', 'i', 'd', 'z', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "twlan.org", true */ 't', 'w', 'l', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "twodadsgames.com", true */ 't', 'w', 'o', 'd', 'a', 'd', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twofactorauth.org", true */ 't', 'w', 'o', 'f', 'a', 'c', 't', 'o', 'r', 'a', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "twohuo.com", true */ 't', 'w', 'o', 'h', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "twojfaktum.pl", true */ 't', 'w', 'o', 'j', 'f', 'a', 'k', 't', 'u', 'm', '.', 'p', 'l', '\0',
+  /* "twolanedesign.com", true */ 't', 'w', 'o', 'l', 'a', 'n', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "twoo.com", true */ 't', 'w', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "twopif.net", true */ 't', 'w', 'o', 'p', 'i', 'f', '.', 'n', 'e', 't', '\0',
+  /* "tworaz.net", true */ 't', 'w', 'o', 'r', 'a', 'z', '.', 'n', 'e', 't', '\0',
+  /* "twun.io", true */ 't', 'w', 'u', 'n', '.', 'i', 'o', '\0',
+  /* "twuni.org", true */ 't', 'w', 'u', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "txcap.org", true */ 't', 'x', 'c', 'a', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "txdivorce.org", true */ 't', 'x', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "txi.su", true */ 't', 'x', 'i', '.', 's', 'u', '\0',
+  /* "txlrs.org", true */ 't', 'x', 'l', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "txm.pl", true */ 't', 'x', 'm', '.', 'p', 'l', '\0',
+  /* "tyche.io", true */ 't', 'y', 'c', 'h', 'e', '.', 'i', 'o', '\0',
+  /* "tycjt.vip", true */ 't', 'y', 'c', 'j', 't', '.', 'v', 'i', 'p', '\0',
+  /* "tyil.nl", true */ 't', 'y', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "tyil.work", true */ 't', 'y', 'i', 'l', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "tyl.io", true */ 't', 'y', 'l', '.', 'i', 'o', '\0',
+  /* "tyler.rs", true */ 't', 'y', 'l', 'e', 'r', '.', 'r', 's', '\0',
+  /* "tylerdavies.net", true */ 't', 'y', 'l', 'e', 'r', 'd', 'a', 'v', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "tylerfreedman.com", true */ 't', 'y', 'l', 'e', 'r', 'f', 'r', 'e', 'e', 'd', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tylerharcourt.ca", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'c', 'a', '\0',
+  /* "tylerharcourt.net", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "tylerharcourt.org", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tyleromeara.com", true */ 't', 'y', 'l', 'e', 'r', 'o', 'm', 'e', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tylerschmidtke.com", true */ 't', 'y', 'l', 'e', 'r', 's', 'c', 'h', 'm', 'i', 'd', 't', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "type1joe.com", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "type1joe.net", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'n', 'e', 't', '\0',
+  /* "type1joe.org", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "typeblog.net", true */ 't', 'y', 'p', 'e', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "typecodes.com", true */ 't', 'y', 'p', 'e', 'c', 'o', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "typehub.net", true */ 't', 'y', 'p', 'e', 'h', 'u', 'b', '.', 'n', 'e', 't', '\0',
+  /* "typeonejoe.com", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "typeonejoe.net", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'n', 'e', 't', '\0',
+  /* "typeonejoe.org", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "typeria.net", true */ 't', 'y', 'p', 'e', 'r', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "typewolf.com", true */ 't', 'y', 'p', 'e', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "typing.com", true */ 't', 'y', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "typist.tech", true */ 't', 'y', 'p', 'i', 's', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "typo3.com", true */ 't', 'y', 'p', 'o', '3', '.', 'c', 'o', 'm', '\0',
+  /* "tyroremotes.co.uk", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tyroremotes.es", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'e', 's', '\0',
+  /* "tyroremotes.fr", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "tyroremotes.nl", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'n', 'l', '\0',
+  /* "tysox.de", true */ 't', 'y', 's', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "tyuo-keibi.co.jp", true */ 't', 'y', 'u', 'o', '-', 'k', 'e', 'i', 'b', 'i', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "tzifas.com", true */ 't', 'z', 'i', 'f', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "u-master.net", true */ 'u', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "u-tokyo.club", true */ 'u', '-', 't', 'o', 'k', 'y', 'o', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "u.nu", true */ 'u', '.', 'n', 'u', '\0',
+  /* "u03.fr", true */ 'u', '0', '3', '.', 'f', 'r', '\0',
+  /* "u1100.com", true */ 'u', '1', '1', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "u1144.com", true */ 'u', '1', '1', '4', '4', '.', 'c', 'o', 'm', '\0',
+  /* "u2fanlife.com", true */ 'u', '2', 'f', 'a', 'n', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "u2fsecuritykeys.com", true */ 'u', '2', 'f', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "u4mh-dev-accesscontroller.azurewebsites.net", true */ 'u', '4', 'm', 'h', '-', 'd', 'e', 'v', '-', 'a', 'c', 'c', 'e', 's', 's', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'l', 'e', 'r', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "u4mh-dev-portal.azurewebsites.net", true */ 'u', '4', 'm', 'h', '-', 'd', 'e', 'v', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "u5b.de", false */ 'u', '5', 'b', '.', 'd', 'e', '\0',
+  /* "u5r.nl", true */ 'u', '5', 'r', '.', 'n', 'l', '\0',
+  /* "ua.search.yahoo.com", false */ 'u', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uae-company-service.com", true */ 'u', 'a', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "uangteman.com", true */ 'u', 'a', 'n', 'g', 't', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uasmi.com", false */ 'u', 'a', 's', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "uat-activesg.com", true */ 'u', 'a', 't', '-', 'a', 'c', 't', 'i', 'v', 'e', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "uatgootax.ru", true */ 'u', 'a', 't', 'g', 'o', 'o', 't', 'a', 'x', '.', 'r', 'u', '\0',
+  /* "ub3rk1tten.com", false */ 'u', 'b', '3', 'r', 'k', '1', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ubalert.com", true */ 'u', 'b', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ubanquity.com", true */ 'u', 'b', 'a', 'n', 'q', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "uberboxen.net", true */ 'u', 'b', 'e', 'r', 'b', 'o', 'x', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ubermail.me", true */ 'u', 'b', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'm', 'e', '\0',
+  /* "ubertt.org", true */ 'u', 'b', 'e', 'r', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "uberwald.de", true */ 'u', 'b', 'e', 'r', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "uberwald.ws", true */ 'u', 'b', 'e', 'r', 'w', 'a', 'l', 'd', '.', 'w', 's', '\0',
+  /* "ubineering.de", true */ 'u', 'b', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ublaboo.org", true */ 'u', 'b', 'l', 'a', 'b', 'o', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "ubtce.com", true */ 'u', 'b', 't', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ucac.nz", false */ 'u', 'c', 'a', 'c', '.', 'n', 'z', '\0',
+  /* "ucangiller.com", true */ 'u', 'c', 'a', 'n', 'g', 'i', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ucch.be", true */ 'u', 'c', 'c', 'h', '.', 'b', 'e', '\0',
+  /* "ucfirst.nl", true */ 'u', 'c', 'f', 'i', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "uchargeapp.com", true */ 'u', 'c', 'h', 'a', 'r', 'g', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "uclanmasterplan.co.uk", true */ 'u', 'c', 'l', 'a', 'n', 'm', 'a', 's', 't', 'e', 'r', 'p', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ucppe.org", true */ 'u', 'c', 'p', 'p', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ucrdatatool.gov", true */ 'u', 'c', 'r', 'd', 'a', 't', 'a', 't', 'o', 'o', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "uctarna.online", true */ 'u', 'c', 't', 'a', 'r', 'n', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "udbhav.me", true */ 'u', 'd', 'b', 'h', 'a', 'v', '.', 'm', 'e', '\0',
+  /* "udo-luetkemeier.de", true */ 'u', 'd', 'o', '-', 'l', 'u', 'e', 't', 'k', 'e', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "udomain.net", true */ 'u', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "udp.sh", false */ 'u', 'd', 'p', '.', 's', 'h', '\0',
+  /* "udruga-point.hr", true */ 'u', 'd', 'r', 'u', 'g', 'a', '-', 'p', 'o', 'i', 'n', 't', '.', 'h', 'r', '\0',
+  /* "ueba1085.jp", true */ 'u', 'e', 'b', 'a', '1', '0', '8', '5', '.', 'j', 'p', '\0',
+  /* "ueberwachungspaket.at", true */ 'u', 'e', 'b', 'e', 'r', 'w', 'a', 'c', 'h', 'u', 'n', 'g', 's', 'p', 'a', 'k', 'e', 't', '.', 'a', 't', '\0',
+  /* "uedaviolin.com", true */ 'u', 'e', 'd', 'a', 'v', 'i', 'o', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uel-thompson-okanagan.ca", true */ 'u', 'e', 'l', '-', 't', 'h', 'o', 'm', 'p', 's', 'o', 'n', '-', 'o', 'k', 'a', 'n', 'a', 'g', 'a', 'n', '.', 'c', 'a', '\0',
+  /* "ueni.com", true */ 'u', 'e', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "uerdingen.info", true */ 'u', 'e', 'r', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "uesociedadlimitada.com", true */ 'u', 'e', 's', 'o', 'c', 'i', 'e', 'd', 'a', 'd', 'l', 'i', 'm', 'i', 't', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "uevan.com", true */ 'u', 'e', 'v', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uex.im", true */ 'u', 'e', 'x', '.', 'i', 'm', '\0',
+  /* "ufanisi.mx", true */ 'u', 'f', 'a', 'n', 'i', 's', 'i', '.', 'm', 'x', '\0',
+  /* "ufindme.at", true */ 'u', 'f', 'i', 'n', 'd', 'm', 'e', '.', 'a', 't', '\0',
+  /* "uflixit.com", true */ 'u', 'f', 'l', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ufo.moe", true */ 'u', 'f', 'o', '.', 'm', 'o', 'e', '\0',
+  /* "ufplanets.com", true */ 'u', 'f', 'p', 'l', 'a', 'n', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ugcdn.com", true */ 'u', 'g', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uggedal.com", true */ 'u', 'g', 'g', 'e', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "uhc.gg", true */ 'u', 'h', 'c', '.', 'g', 'g', '\0',
+  /* "uhrenlux.de", true */ 'u', 'h', 'r', 'e', 'n', 'l', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "uhuru-market.com", true */ 'u', 'h', 'u', 'r', 'u', '-', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ui8.net", true */ 'u', 'i', '8', '.', 'n', 'e', 't', '\0',
+  /* "uicchy.com", true */ 'u', 'i', 'c', 'c', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "uiop.link", true */ 'u', 'i', 'o', 'p', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "uitgeverij-deviant.nl", true */ 'u', 'i', 't', 'g', 'e', 'v', 'e', 'r', 'i', 'j', '-', 'd', 'e', 'v', 'i', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "ujob.com.cn", true */ 'u', 'j', 'o', 'b', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "uk.dating", true */ 'u', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "uk.search.yahoo.com", false */ 'u', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ukchemicalresearch.org", false */ 'u', 'k', 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "ukclimbing.com", true */ 'u', 'k', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ukdefencejournal.org.uk", true */ 'u', 'k', 'd', 'e', 'f', 'e', 'n', 'c', 'e', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "ukhas.net", true */ 'u', 'k', 'h', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "ukhillwalking.com", true */ 'u', 'k', 'h', 'i', 'l', 'l', 'w', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ukkeyholdingcompany.co.uk", true */ 'u', 'k', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ukmeetandgreet.com", true */ 'u', 'k', 'm', 'e', 'e', 't', 'a', 'n', 'd', 'g', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ukmortgagecompare.co.uk", true */ 'u', 'k', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ukooku.com", true */ 'u', 'k', 'o', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ukozliku.cz", true */ 'u', 'k', 'o', 'z', 'l', 'i', 'k', 'u', '.', 'c', 'z', '\0',
+  /* "ukpirate.org", true */ 'u', 'k', 'p', 'i', 'r', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ukrainians.ch", true */ 'u', 'k', 'r', 'a', 'i', 'n', 'i', 'a', 'n', 's', '.', 'c', 'h', '\0',
+  /* "ukrigging.net", true */ 'u', 'k', 'r', 'i', 'g', 'g', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "ukrnet.co.uk", true */ 'u', 'k', 'r', 'n', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ukwct.org.uk", true */ 'u', 'k', 'w', 'c', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "ulabox.com", true */ 'u', 'l', 'a', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ulalau.com", true */ 'u', 'l', 'a', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "uli-eckhardt.de", true */ 'u', 'l', 'i', '-', 'e', 'c', 'k', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0',
+  /* "ullah.se", true */ 'u', 'l', 'l', 'a', 'h', '.', 's', 'e', '\0',
+  /* "ulrik.moe", true */ 'u', 'l', 'r', 'i', 'k', '.', 'm', 'o', 'e', '\0',
+  /* "ultieme.be", false */ 'u', 'l', 't', 'i', 'e', 'm', 'e', '.', 'b', 'e', '\0',
+  /* "ultima-ratio.at", true */ 'u', 'l', 't', 'i', 'm', 'a', '-', 'r', 'a', 't', 'i', 'o', '.', 'a', 't', '\0',
+  /* "ultimateanu.com", true */ 'u', 'l', 't', 'i', 'm', 'a', 't', 'e', 'a', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ultimatemafia.net", true */ 'u', 'l', 't', 'i', 'm', 'a', 't', 'e', 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "ultratechlp.com", true */ 'u', 'l', 't', 'r', 'a', 't', 'e', 'c', 'h', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "umassfive.coop", true */ 'u', 'm', 'a', 's', 's', 'f', 'i', 'v', 'e', '.', 'c', 'o', 'o', 'p', '\0',
+  /* "umbricht.li", true */ 'u', 'm', 'b', 'r', 'i', 'c', 'h', 't', '.', 'l', 'i', '\0',
+  /* "umenlisam.com", true */ 'u', 'm', 'e', 'n', 'l', 'i', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "umisonoda.com", true */ 'u', 'm', 'i', 's', 'o', 'n', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "umkmjogja.com", true */ 'u', 'm', 'k', 'm', 'j', 'o', 'g', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ump45.moe", true */ 'u', 'm', 'p', '4', '5', '.', 'm', 'o', 'e', '\0',
+  /* "un-zero-un.fr", true */ 'u', 'n', '-', 'z', 'e', 'r', 'o', '-', 'u', 'n', '.', 'f', 'r', '\0',
+  /* "unapp.me", true */ 'u', 'n', 'a', 'p', 'p', '.', 'm', 'e', '\0',
+  /* "unbelievableplaces.de", true */ 'u', 'n', 'b', 'e', 'l', 'i', 'e', 'v', 'a', 'b', 'l', 'e', 'p', 'l', 'a', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "unblockall.xyz", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'a', 'l', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "unblocked.at", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'a', 't', '\0',
+  /* "unblocked.bet", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'e', 't', '\0',
+  /* "unblocked.bid", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'i', 'd', '\0',
+  /* "unblocked.blue", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "unblocked.cam", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'c', 'a', 'm', '\0',
+  /* "unblocked.ink", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'i', 'n', 'k', '\0',
+  /* "unblocked.live", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "unblocked.one", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'o', 'n', 'e', '\0',
+  /* "unblocked.pl", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'l', '\0',
+  /* "unblocked.pro", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'r', 'o', '\0',
+  /* "unblocked.pub", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'u', 'b', '\0',
+  /* "unblocked.uno", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'u', 'n', 'o', '\0',
+  /* "unblocked.vc", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'v', 'c', '\0',
+  /* "unblocked.vip", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'v', 'i', 'p', '\0',
+  /* "unblockedbay.info", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', 'b', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "unblockweb.co", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'w', 'e', 'b', '.', 'c', 'o', '\0',
+  /* "uncensoreddns.dk", true */ 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', 'd', 'n', 's', '.', 'd', 'k', '\0',
+  /* "uncensoreddns.org", true */ 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "undeadbrains.de", true */ 'u', 'n', 'd', 'e', 'a', 'd', 'b', 'r', 'a', 'i', 'n', 's', '.', 'd', 'e', '\0',
+  /* "undecidable.de", true */ 'u', 'n', 'd', 'e', 'c', 'i', 'd', 'a', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "underbridgeleisure.co.uk", true */ 'u', 'n', 'd', 'e', 'r', 'b', 'r', 'i', 'd', 'g', 'e', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "undercovercondoms.co.uk", true */ 'u', 'n', 'd', 'e', 'r', 'c', 'o', 'v', 'e', 'r', 'c', 'o', 'n', 'd', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "undercovercondoms.com", true */ 'u', 'n', 'd', 'e', 'r', 'c', 'o', 'v', 'e', 'r', 'c', 'o', 'n', 'd', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "underlined.fr", true */ 'u', 'n', 'd', 'e', 'r', 'l', 'i', 'n', 'e', 'd', '.', 'f', 'r', '\0',
+  /* "undernet.uy", false */ 'u', 'n', 'd', 'e', 'r', 'n', 'e', 't', '.', 'u', 'y', '\0',
+  /* "underskatten.tk", true */ 'u', 'n', 'd', 'e', 'r', 's', 'k', 'a', 't', 't', 'e', 'n', '.', 't', 'k', '\0',
+  /* "undo.co.il", true */ 'u', 'n', 'd', 'o', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "undone.me", true */ 'u', 'n', 'd', 'o', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "unearaigneeauplafond.fr", false */ 'u', 'n', 'e', 'a', 'r', 'a', 'i', 'g', 'n', 'e', 'e', 'a', 'u', 'p', 'l', 'a', 'f', 'o', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "unerosesurlalune.fr", true */ 'u', 'n', 'e', 'r', 'o', 's', 'e', 's', 'u', 'r', 'l', 'a', 'l', 'u', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "unfettered.net", false */ 'u', 'n', 'f', 'e', 't', 't', 'e', 'r', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "unfuddle.cn", true */ 'u', 'n', 'f', 'u', 'd', 'd', 'l', 'e', '.', 'c', 'n', '\0',
+  /* "unga.dk", true */ 'u', 'n', 'g', 'a', '.', 'd', 'k', '\0',
+  /* "ungegamere.dk", true */ 'u', 'n', 'g', 'e', 'g', 'a', 'm', 'e', 'r', 'e', '.', 'd', 'k', '\0',
+  /* "unicef-karten.at", true */ 'u', 'n', 'i', 'c', 'e', 'f', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "unicef.pl", true */ 'u', 'n', 'i', 'c', 'e', 'f', '.', 'p', 'l', '\0',
+  /* "unicefcards.at", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'a', 't', '\0',
+  /* "unicefcards.cz", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'c', 'z', '\0',
+  /* "unicefcards.gr", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'g', 'r', '\0',
+  /* "unicefcards.it", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'i', 't', '\0',
+  /* "unicefcards.nl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'n', 'l', '\0',
+  /* "unicefcards.sk", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 's', 'k', '\0',
+  /* "unicefcestitke.rs", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'e', 's', 't', 'i', 't', 'k', 'e', '.', 'r', 's', '\0',
+  /* "unicefkaarten.nl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "unicefkartkidlafirm.pl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'a', 'r', 't', 'k', 'i', 'd', 'l', 'a', 'f', 'i', 'r', 'm', '.', 'p', 'l', '\0',
+  /* "unicefkepeslapok.hu", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'e', 'p', 'e', 's', 'l', 'a', 'p', 'o', 'k', '.', 'h', 'u', '\0',
+  /* "unicefkort.dk", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "unicefvoscilnice.si", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'v', 'o', 's', 'c', 'i', 'l', 'n', 'i', 'c', 'e', '.', 's', 'i', '\0',
+  /* "unicorn.melbourne", true */ 'u', 'n', 'i', 'c', 'o', 'r', 'n', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "unicorncloud.org", true */ 'u', 'n', 'i', 'c', 'o', 'r', 'n', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "unicredit.ba", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', '.', 'b', 'a', '\0',
+  /* "unicredit.ro", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', '.', 'r', 'o', '\0',
+  /* "unicreditbank.hu", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'h', 'u', '\0',
+  /* "unicreditbank.rs", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'r', 's', '\0',
+  /* "unicreditbank.ru", false */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'r', 'u', '\0',
+  /* "unieducar.org.br", true */ 'u', 'n', 'i', 'e', 'd', 'u', 'c', 'a', 'r', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "uniekglas.nl", true */ 'u', 'n', 'i', 'e', 'k', 'g', 'l', 'a', 's', '.', 'n', 'l', '\0',
+  /* "uniform-agri.com", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', '-', 'a', 'g', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "uniformebateriasheliar.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 'b', 'a', 't', 'e', 'r', 'i', 'a', 's', 'h', 'e', 'l', 'i', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uniformehope.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uniformespousoalegre.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', 'p', 'o', 'u', 's', 'o', 'a', 'l', 'e', 'g', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "unikoingold.com", true */ 'u', 'n', 'i', 'k', 'o', 'i', 'n', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "unikrn.com", true */ 'u', 'n', 'i', 'k', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "unila.edu.br", true */ 'u', 'n', 'i', 'l', 'a', '.', 'e', 'd', 'u', '.', 'b', 'r', '\0',
+  /* "unionplat.ru", true */ 'u', 'n', 'i', 'o', 'n', 'p', 'l', 'a', 't', '.', 'r', 'u', '\0',
+  /* "unipig.de", true */ 'u', 'n', 'i', 'p', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "uniprimebr.com.br", true */ 'u', 'n', 'i', 'p', 'r', 'i', 'm', 'e', 'b', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uniq.site", true */ 'u', 'n', 'i', 'q', '.', 's', 'i', 't', 'e', '\0',
+  /* "unique-bouncy-castles.co.uk", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "unique-pathways.ch", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'h', '\0',
+  /* "unique-pathways.com", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uniquepathways.ch", true */ 'u', 'n', 'i', 'q', 'u', 'e', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'h', '\0',
+  /* "unirenter.ru", true */ 'u', 'n', 'i', 'r', 'e', 'n', 't', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "unit7jazz.com", true */ 'u', 'n', 'i', 't', '7', 'j', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "unit7jazz.org", true */ 'u', 'n', 'i', 't', '7', 'j', 'a', 'z', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "unite-ka.de", true */ 'u', 'n', 'i', 't', 'e', '-', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "united-schools.net", true */ 'u', 'n', 'i', 't', 'e', 'd', '-', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "united.com", false */ 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "unitedadmins.com", true */ 'u', 'n', 'i', 't', 'e', 'd', 'a', 'd', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unitedpsychological.com", true */ 'u', 'n', 'i', 't', 'e', 'd', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "unitel2000.de", true */ 'u', 'n', 'i', 't', 'e', 'l', '2', '0', '0', '0', '.', 'd', 'e', '\0',
+  /* "univercite.ch", true */ 'u', 'n', 'i', 'v', 'e', 'r', 'c', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "universal-happiness.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', '-', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "universalcarremote.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', 'c', 'a', 'r', 'r', 'e', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "universalpaymentgateway.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', 'p', 'a', 'y', 'm', 'e', 'n', 't', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "universeinform.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "universogay.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'o', 'g', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "univitale.fr", true */ 'u', 'n', 'i', 'v', 'i', 't', 'a', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "unix.se", true */ 'u', 'n', 'i', 'x', '.', 's', 'e', '\0',
+  /* "unixadm.org", true */ 'u', 'n', 'i', 'x', 'a', 'd', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "unixattic.com", true */ 'u', 'n', 'i', 'x', 'a', 't', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "unixcorn.org", false */ 'u', 'n', 'i', 'x', 'c', 'o', 'r', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "unixforum.org", true */ 'u', 'n', 'i', 'x', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "unixtime.date", true */ 'u', 'n', 'i', 'x', 't', 'i', 'm', 'e', '.', 'd', 'a', 't', 'e', '\0',
+  /* "unlax.com", true */ 'u', 'n', 'l', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "unleash.pw", true */ 'u', 'n', 'l', 'e', 'a', 's', 'h', '.', 'p', 'w', '\0',
+  /* "unli.xyz", true */ 'u', 'n', 'l', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "unlockboot.com", false */ 'u', 'n', 'l', 'o', 'c', 'k', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "unlocken.nl", true */ 'u', 'n', 'l', 'o', 'c', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "unmanaged.space", true */ 'u', 'n', 'm', 'a', 'n', 'a', 'g', 'e', 'd', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "unmonito.red", true */ 'u', 'n', 'm', 'o', 'n', 'i', 't', 'o', '.', 'r', 'e', 'd', '\0',
+  /* "uno-pizza.ru", true */ 'u', 'n', 'o', '-', 'p', 'i', 'z', 'z', 'a', '.', 'r', 'u', '\0',
+  /* "unobrindes.com.br", true */ 'u', 'n', 'o', 'b', 'r', 'i', 'n', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "unoccupyabq.org", true */ 'u', 'n', 'o', 'c', 'c', 'u', 'p', 'y', 'a', 'b', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "unpkg.com", true */ 'u', 'n', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "unpossible.xyz", true */ 'u', 'n', 'p', 'o', 's', 's', 'i', 'b', 'l', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "unpr.dk", true */ 'u', 'n', 'p', 'r', '.', 'd', 'k', '\0',
+  /* "unquote.li", true */ 'u', 'n', 'q', 'u', 'o', 't', 'e', '.', 'l', 'i', '\0',
+  /* "unrealircd.org", true */ 'u', 'n', 'r', 'e', 'a', 'l', 'i', 'r', 'c', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "unrelated.net.au", true */ 'u', 'n', 'r', 'e', 'l', 'a', 't', 'e', 'd', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "unripple.com", true */ 'u', 'n', 'r', 'i', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "unruh.fr", true */ 'u', 'n', 'r', 'u', 'h', '.', 'f', 'r', '\0',
+  /* "uns.vn", true */ 'u', 'n', 's', '.', 'v', 'n', '\0',
+  /* "unsacsurledos.com", true */ 'u', 'n', 's', 'a', 'c', 's', 'u', 'r', 'l', 'e', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unschoolrules.com", true */ 'u', 'n', 's', 'c', 'h', 'o', 'o', 'l', 'r', 'u', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unsee.cc", true */ 'u', 'n', 's', 'e', 'e', '.', 'c', 'c', '\0',
+  /* "unseen.is", true */ 'u', 'n', 's', 'e', 'e', 'n', '.', 'i', 's', '\0',
+  /* "unseen.tw", true */ 'u', 'n', 's', 'e', 'e', 'n', '.', 't', 'w', '\0',
+  /* "unser-gartenforum.de", true */ 'u', 'n', 's', 'e', 'r', '-', 'g', 'a', 'r', 't', 'e', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "unsuspicious.click", true */ 'u', 'n', 's', 'u', 's', 'p', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "unterfrankenclan.de", true */ 'u', 'n', 't', 'e', 'r', 'f', 'r', 'a', 'n', 'k', 'e', 'n', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "unterkunft.guru", true */ 'u', 'n', 't', 'e', 'r', 'k', 'u', 'n', 'f', 't', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "unterschicht.tv", true */ 'u', 'n', 't', 'e', 'r', 's', 'c', 'h', 'i', 'c', 'h', 't', '.', 't', 'v', '\0',
+  /* "untethereddog.com", true */ 'u', 'n', 't', 'e', 't', 'h', 'e', 'r', 'e', 'd', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "untoldstory.eu", true */ 'u', 'n', 't', 'o', 'l', 'd', 's', 't', 'o', 'r', 'y', '.', 'e', 'u', '\0',
+  /* "unun.fi", true */ 'u', 'n', 'u', 'n', '.', 'f', 'i', '\0',
+  /* "unusualhatclub.com", true */ 'u', 'n', 'u', 's', 'u', 'a', 'l', 'h', 'a', 't', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "unveiledgnosis.com", true */ 'u', 'n', 'v', 'e', 'i', 'l', 'e', 'd', 'g', 'n', 'o', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unworthy.ml", true */ 'u', 'n', 'w', 'o', 'r', 't', 'h', 'y', '.', 'm', 'l', '\0',
+  /* "unx.dk", true */ 'u', 'n', 'x', '.', 'd', 'k', '\0',
+  /* "unxicdellum.cat", true */ 'u', 'n', 'x', 'i', 'c', 'd', 'e', 'l', 'l', 'u', 'm', '.', 'c', 'a', 't', '\0',
+  /* "upandclear.org", true */ 'u', 'p', 'a', 'n', 'd', 'c', 'l', 'e', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "upani.net", true */ 'u', 'p', 'a', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "upay.ru", true */ 'u', 'p', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "upbad.com", true */ 'u', 'p', 'b', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "upbeatrobot.com", true */ 'u', 'p', 'b', 'e', 'a', 't', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "upbeatrobot.eu", true */ 'u', 'p', 'b', 'e', 'a', 't', 'r', 'o', 'b', 'o', 't', '.', 'e', 'u', '\0',
+  /* "upd.jp", true */ 'u', 'p', 'd', '.', 'j', 'p', '\0',
+  /* "upgamerengine.com", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "upgamerengine.com.br", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "upgamerengine.net", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "upgauged.com", true */ 'u', 'p', 'g', 'a', 'u', 'g', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "upitnik.rs", true */ 'u', 'p', 'i', 't', 'n', 'i', 'k', '.', 'r', 's', '\0',
+  /* "uplaqui.com.br", true */ 'u', 'p', 'l', 'a', 'q', 'u', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uplinklabs.net", true */ 'u', 'p', 'l', 'i', 'n', 'k', 'l', 'a', 'b', 's', '.', 'n', 'e', 't', '\0',
+  /* "upload.cat", true */ 'u', 'p', 'l', 'o', 'a', 'd', '.', 'c', 'a', 't', '\0',
+  /* "upload.facebook.com", false */ 'u', 'p', 'l', 'o', 'a', 'd', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "uploadbeta.com", true */ 'u', 'p', 'l', 'o', 'a', 'd', 'b', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "upmchealthsecurity.us", true */ 'u', 'p', 'm', 'c', 'h', 'e', 'a', 'l', 't', 'h', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'u', 's', '\0',
+  /* "upnext.io", true */ 'u', 'p', 'n', 'e', 'x', 't', '.', 'i', 'o', '\0',
+  /* "upperbeaconsfield.org.au", true */ 'u', 'p', 'p', 'e', 'r', 'b', 'e', 'a', 'c', 'o', 'n', 's', 'f', 'i', 'e', 'l', 'd', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "upplevelse.com", true */ 'u', 'p', 'p', 'l', 'e', 'v', 'e', 'l', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "upr-info.org", true */ 'u', 'p', 'r', '-', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "upr.com.ua", true */ 'u', 'p', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "upsiteseo.com", true */ 'u', 'p', 's', 'i', 't', 'e', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uptimed.com", true */ 'u', 'p', 't', 'i', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "uptimenotguaranteed.com", true */ 'u', 'p', 't', 'i', 'm', 'e', 'n', 'o', 't', 'g', 'u', 'a', 'r', 'a', 'n', 't', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "uptodateinteriors.com", true */ 'u', 'p', 't', 'o', 'd', 'a', 't', 'e', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uptogood.org", true */ 'u', 'p', 't', 'o', 'g', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "uptoon.jp", true */ 'u', 'p', 't', 'o', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "uptownlocators.com", true */ 'u', 'p', 't', 'o', 'w', 'n', 'l', 'o', 'c', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uptrends.com", true */ 'u', 'p', 't', 'r', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uptrends.de", true */ 'u', 'p', 't', 'r', 'e', 'n', 'd', 's', '.', 'd', 'e', '\0',
+  /* "upundit.com", true */ 'u', 'p', 'u', 'n', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "upwork.com", true */ 'u', 'p', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ur.nl", true */ 'u', 'r', '.', 'n', 'l', '\0',
+  /* "ur2.pw", true */ 'u', 'r', '2', '.', 'p', 'w', '\0',
+  /* "urbackups.com", true */ 'u', 'r', 'b', 'a', 'c', 'k', 'u', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "urbalex.ch", true */ 'u', 'r', 'b', 'a', 'l', 'e', 'x', '.', 'c', 'h', '\0',
+  /* "urban-culture.fr", true */ 'u', 'r', 'b', 'a', 'n', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "urban-karuizawa.co.jp", true */ 'u', 'r', 'b', 'a', 'n', '-', 'k', 'a', 'r', 'u', 'i', 'z', 'a', 'w', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "urban.melbourne", true */ 'u', 'r', 'b', 'a', 'n', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "urbanesecurity.com", true */ 'u', 'r', 'b', 'a', 'n', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "urbanfi.sh", true */ 'u', 'r', 'b', 'a', 'n', 'f', 'i', '.', 's', 'h', '\0',
+  /* "urbanguerillas.de", true */ 'u', 'r', 'b', 'a', 'n', 'g', 'u', 'e', 'r', 'i', 'l', 'l', 'a', 's', '.', 'd', 'e', '\0',
+  /* "urbanietz-immobilien.de", true */ 'u', 'r', 'b', 'a', 'n', 'i', 'e', 't', 'z', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "urbanmelbourne.info", true */ 'u', 'r', 'b', 'a', 'n', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "urbannewsservice.com", true */ 'u', 'r', 'b', 'a', 'n', 'n', 'e', 'w', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "urbansparrow.in", true */ 'u', 'r', 'b', 'a', 'n', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'i', 'n', '\0',
+  /* "urbanwildlifealliance.org", true */ 'u', 'r', 'b', 'a', 'n', 'w', 'i', 'l', 'd', 'l', 'i', 'f', 'e', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "urbexdk.nl", true */ 'u', 'r', 'b', 'e', 'x', 'd', 'k', '.', 'n', 'l', '\0',
+  /* "urcentral.com", true */ 'u', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "urcentral.net", true */ 'u', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "ureka.org", true */ 'u', 'r', 'e', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "urgences-valais.ch", true */ 'u', 'r', 'g', 'e', 'n', 'c', 'e', 's', '-', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "uripura.de", true */ 'u', 'r', 'i', 'p', 'u', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "urist1011.ru", true */ 'u', 'r', 'i', 's', 't', '1', '0', '1', '1', '.', 'r', 'u', '\0',
+  /* "url.cab", true */ 'u', 'r', 'l', '.', 'c', 'a', 'b', '\0',
+  /* "url.fi", true */ 'u', 'r', 'l', '.', 'f', 'i', '\0',
+  /* "url.fm", true */ 'u', 'r', 'l', '.', 'f', 'm', '\0',
+  /* "url.rw", true */ 'u', 'r', 'l', '.', 'r', 'w', '\0',
+  /* "url0.eu", true */ 'u', 'r', 'l', '0', '.', 'e', 'u', '\0',
+  /* "urlachershop.com.br", true */ 'u', 'r', 'l', 'a', 'c', 'h', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "urlaub-leitner.at", true */ 'u', 'r', 'l', 'a', 'u', 'b', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'a', 't', '\0',
+  /* "urlscan.io", true */ 'u', 'r', 'l', 's', 'c', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "urology.wiki", true */ 'u', 'r', 'o', 'l', 'o', 'g', 'y', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "ursa-minor-beta.org", true */ 'u', 'r', 's', 'a', '-', 'm', 'i', 'n', 'o', 'r', '-', 'b', 'e', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ursae.co", true */ 'u', 'r', 's', 'a', 'e', '.', 'c', 'o', '\0',
+  /* "urspringer.de", true */ 'u', 'r', 's', 'p', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ursuslibris.hu", true */ 'u', 'r', 's', 'u', 's', 'l', 'i', 'b', 'r', 'i', 's', '.', 'h', 'u', '\0',
+  /* "urukproject.org", true */ 'u', 'r', 'u', 'k', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "usaa.com", false */ 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "usabackground.com", true */ 'u', 's', 'a', 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "usability.gov", true */ 'u', 's', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "usaestaonline.com", true */ 'u', 's', 'a', 'e', 's', 't', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "usafuelservice.com", true */ 'u', 's', 'a', 'f', 'u', 'e', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "usajobs.com", true */ 'u', 's', 'a', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "usajobs.gov", true */ 'u', 's', 'a', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "usakitchensandflooring.com", true */ 'u', 's', 'a', 'k', 'i', 't', 'c', 'h', 'e', 'n', 's', 'a', 'n', 'd', 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "usap.gov", false */ 'u', 's', 'a', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "usbcraft.com", true */ 'u', 's', 'b', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "usbevents.co.uk", true */ 'u', 's', 'b', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "uscloud.nl", true */ 'u', 's', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'l', '\0',
+  /* "usd.de", true */ 'u', 's', 'd', '.', 'd', 'e', '\0',
+  /* "usds.gov", true */ 'u', 's', 'd', 's', '.', 'g', 'o', 'v', '\0',
+  /* "use.be", true */ 'u', 's', 'e', '.', 'b', 'e', '\0',
+  /* "usebean.com", true */ 'u', 's', 'e', 'b', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "usedesk.ru", true */ 'u', 's', 'e', 'd', 'e', 's', 'k', '.', 'r', 'u', '\0',
+  /* "usedu.us", true */ 'u', 's', 'e', 'd', 'u', '.', 'u', 's', '\0',
+  /* "useresponse.com", true */ 'u', 's', 'e', 'r', 'e', 's', 'p', 'o', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "usetypo3.com", true */ 'u', 's', 'e', 't', 'y', 'p', 'o', '3', '.', 'c', 'o', 'm', '\0',
+  /* "useyourloaf.com", true */ 'u', 's', 'e', 'y', 'o', 'u', 'r', 'l', 'o', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "usgande.com", true */ 'u', 's', 'g', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ushandbookapp.com", true */ 'u', 's', 'h', 'a', 'n', 'd', 'b', 'o', 'o', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ushare.ch", true */ 'u', 's', 'h', 'a', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "usimmigration.us", true */ 'u', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '.', 'u', 's', '\0',
+  /* "usipvd.ch", true */ 'u', 's', 'i', 'p', 'v', 'd', '.', 'c', 'h', '\0',
+  /* "usitcolours.bg", true */ 'u', 's', 'i', 't', 'c', 'o', 'l', 'o', 'u', 'r', 's', '.', 'b', 'g', '\0',
+  /* "usleep.net", true */ 'u', 's', 'l', 'e', 'e', 'p', '.', 'n', 'e', 't', '\0',
+  /* "usmint.gov", true */ 'u', 's', 'm', 'i', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "usparklodging.com", true */ 'u', 's', 'p', 'a', 'r', 'k', 'l', 'o', 'd', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "uspsoig.gov", true */ 'u', 's', 'p', 's', 'o', 'i', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "ussm.gov", true */ 'u', 's', 's', 'm', '.', 'g', 'o', 'v', '\0',
+  /* "ussuka.com", true */ 'u', 's', 's', 'u', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ust.space", true */ 'u', 's', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "usualbeings.com", true */ 'u', 's', 'u', 'a', 'l', 'b', 'e', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uswitch.com", true */ 'u', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ut-addicted.com", true */ 'u', 't', '-', 'a', 'd', 'd', 'i', 'c', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "utahfireinfo.gov", true */ 'u', 't', 'a', 'h', 'f', 'i', 'r', 'e', 'i', 'n', 'f', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "utahlocal.net", true */ 'u', 't', 'a', 'h', 'l', 'o', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "utdsgda.com", true */ 'u', 't', 'd', 's', 'g', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "utepils.de", true */ 'u', 't', 'e', 'p', 'i', 'l', 's', '.', 'd', 'e', '\0',
+  /* "utilia.tools", true */ 'u', 't', 'i', 'l', 'i', 'a', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "utilitarian.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "utilitarian.net", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "utilitarian.org", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "utilitarianism.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "utilitarianism.org", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "utilitarismo.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 's', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "utilitronium.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'r', 'o', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "utilityapi.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'y', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "utitreatment.com", true */ 'u', 't', 'i', 't', 'r', 'e', 'a', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "utonia.ch", true */ 'u', 't', 'o', 'n', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "utopialgb.org.uk", true */ 'u', 't', 'o', 'p', 'i', 'a', 'l', 'g', 'b', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "utopicestudios.com", true */ 'u', 't', 'o', 'p', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "utox.io", true */ 'u', 't', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "utugnn.ru", true */ 'u', 't', 'u', 'g', 'n', 'n', '.', 'r', 'u', '\0',
+  /* "utw.me", true */ 'u', 't', 'w', '.', 'm', 'e', '\0',
+  /* "utzon.net", true */ 'u', 't', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "uuit.nl", true */ 'u', 'u', 'i', 't', '.', 'n', 'l', '\0',
+  /* "uvocorp.com", true */ 'u', 'v', 'o', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "uwac.co.uk", true */ 'u', 'w', 'a', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "uwfreelanceopticien.nl", true */ 'u', 'w', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'o', 'p', 't', 'i', 'c', 'i', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "uwimonacs.org.jm", true */ 'u', 'w', 'i', 'm', 'o', 'n', 'a', 'c', 's', '.', 'o', 'r', 'g', '.', 'j', 'm', '\0',
+  /* "uxtechnologist.com", true */ 'u', 'x', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "uy.search.yahoo.com", false */ 'u', 'y', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uz.search.yahoo.com", false */ 'u', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uzaymedya.com.tr", true */ 'u', 'z', 'a', 'y', 'm', 'e', 'd', 'y', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "v-d-p.net", true */ 'v', '-', 'd', '-', 'p', '.', 'n', 'e', 't', '\0',
+  /* "v-tek.fi", true */ 'v', '-', 't', 'e', 'k', '.', 'f', 'i', '\0',
+  /* "v-u-z.ru", true */ 'v', '-', 'u', '-', 'z', '.', 'r', 'u', '\0',
+  /* "v1sit0r.ru", true */ 'v', '1', 's', 'i', 't', '0', 'r', '.', 'r', 'u', '\0',
+  /* "v2bv.net", true */ 'v', '2', 'b', 'v', '.', 'n', 'e', 't', '\0',
+  /* "v2bv.win", true */ 'v', '2', 'b', 'v', '.', 'w', 'i', 'n', '\0',
+  /* "v2ex.com", true */ 'v', '2', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "va-reitartikel.com", true */ 'v', 'a', '-', 'r', 'e', 'i', 't', 'a', 'r', 't', 'i', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vacationscostarica.com", true */ 'v', 'a', 'c', 'a', 't', 'i', 'o', 'n', 's', 'c', 'o', 's', 't', 'a', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vaccines.gov", true */ 'v', 'a', 'c', 'c', 'i', 'n', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "vaclavambroz.cz", true */ 'v', 'a', 'c', 'l', 'a', 'v', 'a', 'm', 'b', 'r', 'o', 'z', '.', 'c', 'z', '\0',
+  /* "vacuumpump.co.id", true */ 'v', 'a', 'c', 'u', 'u', 'm', 'p', 'u', 'm', 'p', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "vadennissanofhiltonheadparts.com", true */ 'v', 'a', 'd', 'e', 'n', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'h', 'i', 'l', 't', 'o', 'n', 'h', 'e', 'a', 'd', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vadennissanofhinesvilleparts.com", true */ 'v', 'a', 'd', 'e', 'n', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'h', 'i', 'n', 'e', 's', 'v', 'i', 'l', 'l', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vaew.com", true */ 'v', 'a', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vagabond.fr", true */ 'v', 'a', 'g', 'a', 'b', 'o', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "vagabondgal.com", true */ 'v', 'a', 'g', 'a', 'b', 'o', 'n', 'd', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vagaerg.com", true */ 'v', 'a', 'g', 'a', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "vagaerg.net", true */ 'v', 'a', 'g', 'a', 'e', 'r', 'g', '.', 'n', 'e', 't', '\0',
+  /* "vagmour.eu", true */ 'v', 'a', 'g', 'm', 'o', 'u', 'r', '.', 'e', 'u', '\0',
+  /* "vagpartsdb.com", true */ 'v', 'a', 'g', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "vagrantcloud.com", true */ 'v', 'a', 'g', 'r', 'a', 'n', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vagrantup.com", true */ 'v', 'a', 'g', 'r', 'a', 'n', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "vaindil.com", true */ 'v', 'a', 'i', 'n', 'd', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vakantiedetective.nl", true */ 'v', 'a', 'k', 'a', 'n', 't', 'i', 'e', 'd', 'e', 't', 'e', 'c', 't', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "vakantienet.nl", true */ 'v', 'a', 'k', 'a', 'n', 't', 'i', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "vakuutuskanava.fi", true */ 'v', 'a', 'k', 'u', 'u', 't', 'u', 's', 'k', 'a', 'n', 'a', 'v', 'a', '.', 'f', 'i', '\0',
+  /* "val-sec.com", true */ 'v', 'a', 'l', '-', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "valasi.eu", true */ 'v', 'a', 'l', 'a', 's', 'i', '.', 'e', 'u', '\0',
+  /* "valbonne-consulting.com", true */ 'v', 'a', 'l', 'b', 'o', 'n', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "valenciadevops.me", true */ 'v', 'a', 'l', 'e', 'n', 'c', 'i', 'a', 'd', 'e', 'v', 'o', 'p', 's', '.', 'm', 'e', '\0',
+  /* "valentin-sundermann.de", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "valentinberclaz.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'b', 'e', 'r', 'c', 'l', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "valentineapparel.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "valentineforpresident.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'f', 'o', 'r', 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "valentinera.in", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'r', 'a', '.', 'i', 'n', '\0',
+  /* "valentinesongs.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 's', 'o', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "valentinritz.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'r', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "valeriansaliou.name", true */ 'v', 'a', 'l', 'e', 'r', 'i', 'a', 'n', 's', 'a', 'l', 'i', 'o', 'u', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "vales.io", true */ 'v', 'a', 'l', 'e', 's', '.', 'i', 'o', '\0',
+  /* "valesdev.com", true */ 'v', 'a', 'l', 'e', 's', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "valesdigital.com", true */ 'v', 'a', 'l', 'e', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "validatis.com", true */ 'v', 'a', 'l', 'i', 'd', 'a', 't', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "validator.nu", true */ 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'n', 'u', '\0',
+  /* "validbrands.com", true */ 'v', 'a', 'l', 'i', 'd', 'b', 'r', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "valika.ee", true */ 'v', 'a', 'l', 'i', 'k', 'a', '.', 'e', 'e', '\0',
+  /* "valis.sx", true */ 'v', 'a', 'l', 'i', 's', '.', 's', 'x', '\0',
+  /* "valkohattu.fi", true */ 'v', 'a', 'l', 'k', 'o', 'h', 'a', 't', 't', 'u', '.', 'f', 'i', '\0',
+  /* "valkor.pro", true */ 'v', 'a', 'l', 'k', 'o', 'r', '.', 'p', 'r', 'o', '\0',
+  /* "vallei-veluwe.nl", true */ 'v', 'a', 'l', 'l', 'e', 'i', '-', 'v', 'e', 'l', 'u', 'w', 'e', '.', 'n', 'l', '\0',
+  /* "valleyautofair.com", true */ 'v', 'a', 'l', 'l', 'e', 'y', 'a', 'u', 't', 'o', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "valleycode.net", true */ 'v', 'a', 'l', 'l', 'e', 'y', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "vallutaja.eu", true */ 'v', 'a', 'l', 'l', 'u', 't', 'a', 'j', 'a', '.', 'e', 'u', '\0',
+  /* "valokuva-albumi.fi", true */ 'v', 'a', 'l', 'o', 'k', 'u', 'v', 'a', '-', 'a', 'l', 'b', 'u', 'm', 'i', '.', 'f', 'i', '\0',
+  /* "valopv.be", true */ 'v', 'a', 'l', 'o', 'p', 'v', '.', 'b', 'e', '\0',
+  /* "valordolarblue.com.ar", true */ 'v', 'a', 'l', 'o', 'r', 'd', 'o', 'l', 'a', 'r', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "valorem-tax.ch", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', '-', 't', 'a', 'x', '.', 'c', 'h', '\0',
+  /* "valoremtax.ch", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', 't', 'a', 'x', '.', 'c', 'h', '\0',
+  /* "valoremtax.com", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', 't', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "valshamar.is", true */ 'v', 'a', 'l', 's', 'h', 'a', 'm', 'a', 'r', '.', 'i', 's', '\0',
+  /* "valsk.is", true */ 'v', 'a', 'l', 's', 'k', '.', 'i', 's', '\0',
+  /* "valskis.lt", true */ 'v', 'a', 'l', 's', 'k', 'i', 's', '.', 'l', 't', '\0',
+  /* "valtoaho.com", true */ 'v', 'a', 'l', 't', 'o', 'a', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "valueng.com", true */ 'v', 'a', 'l', 'u', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "valueseed.net", true */ 'v', 'a', 'l', 'u', 'e', 's', 'e', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "vamosfalardesaude.pt", true */ 'v', 'a', 'm', 'o', 's', 'f', 'a', 'l', 'a', 'r', 'd', 'e', 's', 'a', 'u', 'd', 'e', '.', 'p', 't', '\0',
+  /* "vampyrium.com", false */ 'v', 'a', 'm', 'p', 'y', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "vampyrium.net", false */ 'v', 'a', 'm', 'p', 'y', 'r', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "van11y.net", true */ 'v', 'a', 'n', '1', '1', 'y', '.', 'n', 'e', 't', '\0',
+  /* "vanbinnenuit.nl", true */ 'v', 'a', 'n', 'b', 'i', 'n', 'n', 'e', 'n', 'u', 'i', 't', '.', 'n', 'l', '\0',
+  /* "vancouvercosmeticsurgery.ca", true */ 'v', 'a', 'n', 'c', 'o', 'u', 'v', 'e', 'r', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "vandalfsen.me", true */ 'v', 'a', 'n', 'd', 'a', 'l', 'f', 's', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "vandam.io", true */ 'v', 'a', 'n', 'd', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "vandenbroeck-usedcars.be", true */ 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'r', 'o', 'e', 'c', 'k', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vandeput.be", true */ 'v', 'a', 'n', 'd', 'e', 'p', 'u', 't', '.', 'b', 'e', '\0',
+  /* "vanderkrieken.org", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'i', 'e', 'k', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vanderkroon.nl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'o', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "vandermeer.frl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'm', 'e', 'e', 'r', '.', 'f', 'r', 'l', '\0',
+  /* "vanderrijt.nl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'r', 'i', 'j', 't', '.', 'n', 'l', '\0',
+  /* "vanderziel.org", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'z', 'i', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "vaneigenkweek.be", true */ 'v', 'a', 'n', 'e', 'i', 'g', 'e', 'n', 'k', 'w', 'e', 'e', 'k', '.', 'b', 'e', '\0',
+  /* "vanessabalibridal.com", true */ 'v', 'a', 'n', 'e', 's', 's', 'a', 'b', 'a', 'l', 'i', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vanetv.com", true */ 'v', 'a', 'n', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "vangeluwedeberlaere.be", true */ 'v', 'a', 'n', 'g', 'e', 'l', 'u', 'w', 'e', 'd', 'e', 'b', 'e', 'r', 'l', 'a', 'e', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "vanhoudt-usedcars.be", true */ 'v', 'a', 'n', 'h', 'o', 'u', 'd', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vanhoutte.be", false */ 'v', 'a', 'n', 'h', 'o', 'u', 't', 't', 'e', '.', 'b', 'e', '\0',
+  /* "vanhove.biz", true */ 'v', 'a', 'n', 'h', 'o', 'v', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "vanlaanen.com", true */ 'v', 'a', 'n', 'l', 'a', 'a', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vanmalland.com", true */ 'v', 'a', 'n', 'm', 'a', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vannaos.com", true */ 'v', 'a', 'n', 'n', 'a', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vannaos.net", true */ 'v', 'a', 'n', 'n', 'a', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "vanohaker.ru", true */ 'v', 'a', 'n', 'o', 'h', 'a', 'k', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "vanouwerkerk.net", true */ 'v', 'a', 'n', 'o', 'u', 'w', 'e', 'r', 'k', 'e', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "vante.me", true */ 'v', 'a', 'n', 't', 'e', '.', 'm', 'e', '\0',
+  /* "vantien.com", true */ 'v', 'a', 'n', 't', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vantru.is", true */ 'v', 'a', 'n', 't', 'r', 'u', '.', 'i', 's', '\0',
+  /* "vanvoro.us", false */ 'v', 'a', 'n', 'v', 'o', 'r', 'o', '.', 'u', 's', '\0',
+  /* "vanwunnik.com", true */ 'v', 'a', 'n', 'w', 'u', 'n', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "vapecom-shop.com", true */ 'v', 'a', 'p', 'e', 'c', 'o', 'm', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "vapehour.com", true */ 'v', 'a', 'p', 'e', 'h', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vapemania.eu", true */ 'v', 'a', 'p', 'e', 'm', 'a', 'n', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "vaperolles.ch", true */ 'v', 'a', 'p', 'e', 'r', 'o', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "vapesense.co.uk", true */ 'v', 'a', 'p', 'e', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vaphone.co", true */ 'v', 'a', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "vapor.cloud", false */ 'v', 'a', 'p', 'o', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "vapordepot.jp", true */ 'v', 'a', 'p', 'o', 'r', 'd', 'e', 'p', 'o', 't', '.', 'j', 'p', '\0',
+  /* "varcare.jp", true */ 'v', 'a', 'r', 'c', 'a', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "varden.info", true */ 'v', 'a', 'r', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "vareillefoundation.fr", true */ 'v', 'a', 'r', 'e', 'i', 'l', 'l', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "vareillefoundation.org", true */ 'v', 'a', 'r', 'e', 'i', 'l', 'l', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "varghese.de", true */ 'v', 'a', 'r', 'g', 'h', 'e', 's', 'e', '.', 'd', 'e', '\0',
+  /* "variable.agency", true */ 'v', 'a', 'r', 'i', 'a', 'b', 'l', 'e', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "variablyconstant.com", true */ 'v', 'a', 'r', 'i', 'a', 'b', 'l', 'y', 'c', 'o', 'n', 's', 't', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "variag-group.ru", true */ 'v', 'a', 'r', 'i', 'a', 'g', '-', 'g', 'r', 'o', 'u', 'p', '.', 'r', 'u', '\0',
+  /* "variag-montazh.ru", true */ 'v', 'a', 'r', 'i', 'a', 'g', '-', 'm', 'o', 'n', 't', 'a', 'z', 'h', '.', 'r', 'u', '\0',
+  /* "varicoseveinssolution.com", true */ 'v', 'a', 'r', 'i', 'c', 'o', 's', 'e', 'v', 'e', 'i', 'n', 's', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "varimedoma.com", true */ 'v', 'a', 'r', 'i', 'm', 'e', 'd', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "varshathacker.com", true */ 'v', 'a', 'r', 's', 'h', 'a', 't', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "varta.io", true */ 'v', 'a', 'r', 't', 'a', '.', 'i', 'o', '\0',
+  /* "varunagw.com", false */ 'v', 'a', 'r', 'u', 'n', 'a', 'g', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "varunpriolkar.com", true */ 'v', 'a', 'r', 'u', 'n', 'p', 'r', 'i', 'o', 'l', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "varvy.com", true */ 'v', 'a', 'r', 'v', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vascomm.co.id", true */ 'v', 'a', 's', 'c', 'o', 'm', 'm', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "vashel.us", true */ 'v', 'a', 's', 'h', 'e', 'l', '.', 'u', 's', '\0',
+  /* "vasileruscior.ro", true */ 'v', 'a', 's', 'i', 'l', 'e', 'r', 'u', 's', 'c', 'i', 'o', 'r', '.', 'r', 'o', '\0',
+  /* "vaskulitis-info.de", true */ 'v', 'a', 's', 'k', 'u', 'l', 'i', 't', 'i', 's', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "vasports.com.au", true */ 'v', 'a', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "vastgoedcultuurfonds.nl", true */ 'v', 'a', 's', 't', 'g', 'o', 'e', 'd', 'c', 'u', 'l', 't', 'u', 'u', 'r', 'f', 'o', 'n', 'd', 's', '.', 'n', 'l', '\0',
+  /* "vasyharan.com", true */ 'v', 'a', 's', 'y', 'h', 'a', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vat-eu.com", true */ 'v', 'a', 't', '-', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "vatelecom.dk", true */ 'v', 'a', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'd', 'k', '\0',
+  /* "vattulainen.fi", true */ 'v', 'a', 't', 't', 'u', 'l', 'a', 'i', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "vaud-fleurs.ch", true */ 'v', 'a', 'u', 'd', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "vault21.net", true */ 'v', 'a', 'u', 'l', 't', '2', '1', '.', 'n', 'e', 't', '\0',
+  /* "vaultproject.io", true */ 'v', 'a', 'u', 'l', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "vaur.fr", true */ 'v', 'a', 'u', 'r', '.', 'f', 'r', '\0',
+  /* "vavai.net", true */ 'v', 'a', 'v', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "vavel.com", true */ 'v', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vavouchers.com", true */ 'v', 'a', 'v', 'o', 'u', 'c', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vawebsite.co", true */ 'v', 'a', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', '\0',
+  /* "vaygren.com", true */ 'v', 'a', 'y', 'g', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vazue.com", true */ 'v', 'a', 'z', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vbazile.com", true */ 'v', 'b', 'a', 'z', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vbcdn.com", true */ 'v', 'b', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vbestreviews.com", true */ 'v', 'b', 'e', 's', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vbh2o.com", true */ 'v', 'b', 'h', '2', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vc.gg", true */ 'v', 'c', '.', 'g', 'g', '\0',
+  /* "vcam.org", true */ 'v', 'c', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "vccmurah.net", true */ 'v', 'c', 'c', 'm', 'u', 'r', 'a', 'h', '.', 'n', 'e', 't', '\0',
+  /* "vcdn.xyz", true */ 'v', 'c', 'd', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "vcelin-na-doliku.cz", true */ 'v', 'c', 'e', 'l', 'i', 'n', '-', 'n', 'a', '-', 'd', 'o', 'l', 'i', 'k', 'u', '.', 'c', 'z', '\0',
+  /* "vcf.gov", true */ 'v', 'c', 'f', '.', 'g', 'o', 'v', '\0',
+  /* "vcientertainment.com", false */ 'v', 'c', 'i', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vcmi.download", true */ 'v', 'c', 'm', 'i', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "vconcept.ch", true */ 'v', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'h', '\0',
+  /* "vconcept.me", true */ 'v', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'm', 'e', '\0',
+  /* "vcsjones.codes", true */ 'v', 'c', 's', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "vcsjones.com", true */ 'v', 'c', 's', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vcti.cloud", true */ 'v', 'c', 't', 'i', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "vd42.net", true */ 'v', 'd', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "vdbongard.com", true */ 'v', 'd', 'b', 'o', 'n', 'g', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vdcomp.cz", true */ 'v', 'd', 'c', 'o', 'm', 'p', '.', 'c', 'z', '\0',
+  /* "vdemuzere.be", true */ 'v', 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "vdesc.com", true */ 'v', 'd', 'e', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vdisk24.de", true */ 'v', 'd', 'i', 's', 'k', '2', '4', '.', 'd', 'e', '\0',
+  /* "vdownloader.com", true */ 'v', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vdrpro.com", true */ 'v', 'd', 'r', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ve.search.yahoo.com", false */ 'v', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ve3oat.ca", true */ 'v', 'e', '3', 'o', 'a', 't', '.', 'c', 'a', '\0',
+  /* "vea.re", true */ 'v', 'e', 'a', '.', 'r', 'e', '\0',
+  /* "veblr.com", false */ 'v', 'e', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vecerkaracing.cz", true */ 'v', 'e', 'c', 'e', 'r', 'k', 'a', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'z', '\0',
+  /* "vecozo.nl", true */ 'v', 'e', 'c', 'o', 'z', 'o', '.', 'n', 'l', '\0',
+  /* "vectorwish.com", true */ 'v', 'e', 'c', 't', 'o', 'r', 'w', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "vectro.me", true */ 'v', 'e', 'c', 't', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "veg-leiden.nl", true */ 'v', 'e', 'g', '-', 'l', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "vegalitarian.org", true */ 'v', 'e', 'g', 'a', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vegane-proteine.com", true */ 'v', 'e', 'g', 'a', 'n', 'e', '-', 'p', 'r', 'o', 't', 'e', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "veganforum.org", true */ 'v', 'e', 'g', 'a', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "veganism.co.uk", true */ 'v', 'e', 'g', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "veganism.com", true */ 'v', 'e', 'g', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "vegepa.com", true */ 'v', 'e', 'g', 'e', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "veglog.com", true */ 'v', 'e', 'g', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "vehicleenquiry.service.gov.uk", true */ 'v', 'e', 'h', 'i', 'c', 'l', 'e', 'e', 'n', 'q', 'u', 'i', 'r', 'y', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "vehicletax.service.gov.uk", true */ 'v', 'e', 'h', 'i', 'c', 'l', 'e', 't', 'a', 'x', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "veii.de", true */ 'v', 'e', 'i', 'i', '.', 'd', 'e', '\0',
+  /* "veil-framework.com", true */ 'v', 'e', 'i', 'l', '-', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "veke.fi", true */ 'v', 'e', 'k', 'e', '.', 'f', 'i', '\0',
+  /* "vekenz.com", true */ 'v', 'e', 'k', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "velasense.com", true */ 'v', 'e', 'l', 'a', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "velonustraduction.com", true */ 'v', 'e', 'l', 'o', 'n', 'u', 's', 't', 'r', 'a', 'd', 'u', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "velotyretz.fr", true */ 'v', 'e', 'l', 'o', 't', 'y', 'r', 'e', 't', 'z', '.', 'f', 'r', '\0',
+  /* "venalytics.com", true */ 'v', 'e', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vendigital.com", true */ 'v', 'e', 'n', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vendorconnect.nyc", true */ 'v', 'e', 'n', 'd', 'o', 'r', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'n', 'y', 'c', '\0',
+  /* "vendserve.eu", true */ 'v', 'e', 'n', 'd', 's', 'e', 'r', 'v', 'e', '.', 'e', 'u', '\0',
+  /* "venicecomputerrepair.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "venicefloridawebsitedesign.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "venicerealdeal.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'r', 'e', 'a', 'l', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "venirextra.com", true */ 'v', 'e', 'n', 'i', 'r', 'e', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "venirideal.com", true */ 'v', 'e', 'n', 'i', 'r', 'i', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "venninvestorplatform.com", true */ 'v', 'e', 'n', 'n', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ventesprivees-fr.com", true */ 'v', 'e', 'n', 't', 'e', 's', 'p', 'r', 'i', 'v', 'e', 'e', 's', '-', 'f', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ventizo.com", true */ 'v', 'e', 'n', 't', 'i', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "venturum.com", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "venturum.de", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "venturum.eu", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "venturum.net", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "vera.bg", true */ 'v', 'e', 'r', 'a', '.', 'b', 'g', '\0',
+  /* "veramagazine.jp", true */ 'v', 'e', 'r', 'a', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "verberne.nu", true */ 'v', 'e', 'r', 'b', 'e', 'r', 'n', 'e', '.', 'n', 'u', '\0',
+  /* "verbierfestival.com", true */ 'v', 'e', 'r', 'b', 'i', 'e', 'r', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "verdict.gg", true */ 'v', 'e', 'r', 'd', 'i', 'c', 't', '.', 'g', 'g', '\0',
+  /* "verduccies.com", true */ 'v', 'e', 'r', 'd', 'u', 'c', 'c', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verein-kiekin.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', '-', 'k', 'i', 'e', 'k', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "vereinlandwege.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', 'l', 'a', 'n', 'd', 'w', 'e', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "vereinscheck.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', 's', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "verfassungsklage.at", true */ 'v', 'e', 'r', 'f', 'a', 's', 's', 'u', 'n', 'g', 's', 'k', 'l', 'a', 'g', 'e', '.', 'a', 't', '\0',
+  /* "vergeaccessories.com", true */ 'v', 'e', 'r', 'g', 'e', 'a', 'c', 'c', 'e', 's', 's', 'o', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verhovs.ky", true */ 'v', 'e', 'r', 'h', 'o', 'v', 's', '.', 'k', 'y', '\0',
+  /* "verifyos.com", true */ 'v', 'e', 'r', 'i', 'f', 'y', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "veriny.tf", true */ 'v', 'e', 'r', 'i', 'n', 'y', '.', 't', 'f', '\0',
+  /* "veriomed.com", true */ 'v', 'e', 'r', 'i', 'o', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "veritafineviolins.com", true */ 'v', 'e', 'r', 'i', 't', 'a', 'f', 'i', 'n', 'e', 'v', 'i', 'o', 'l', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verizonguidelines.com", true */ 'v', 'e', 'r', 'i', 'z', 'o', 'n', 'g', 'u', 'i', 'd', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verliebt-in-bw.de", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'b', 't', '-', 'i', 'n', '-', 'b', 'w', '.', 'd', 'e', '\0',
+  /* "verliebt-in-niedersachsen.de", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'b', 't', '-', 'i', 'n', '-', 'n', 'i', 'e', 'd', 'e', 'r', 's', 'a', 'c', 'h', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "verliefde-jongens.nl", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'f', 'd', 'e', '-', 'j', 'o', 'n', 'g', 'e', 'n', 's', '.', 'n', 'l', '\0',
+  /* "vermeerdealers.com", true */ 'v', 'e', 'r', 'm', 'e', 'e', 'r', 'd', 'e', 'a', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vermogeninkaart.nl", true */ 'v', 'e', 'r', 'm', 'o', 'g', 'e', 'n', 'i', 'n', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "vermuetje.nl", true */ 'v', 'e', 'r', 'm', 'u', 'e', 't', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "vernaeve-usedcars.be", true */ 'v', 'e', 'r', 'n', 'a', 'e', 'v', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vernonatvclub.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'a', 't', 'v', 'c', 'l', 'u', 'b', '.', 'c', 'a', '\0',
+  /* "vernonchan.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'c', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vernonfilmsociety.bc.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'f', 'i', 'l', 'm', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'b', 'c', '.', 'c', 'a', '\0',
+  /* "vernonfishandgame.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'f', 'i', 's', 'h', 'a', 'n', 'd', 'g', 'a', 'm', 'e', '.', 'c', 'a', '\0',
+  /* "vernonhouseofhope.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'h', 'o', 'u', 's', 'e', 'o', 'f', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vernonsecureselfstorage.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'e', 's', 'e', 'l', 'f', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'a', '\0',
+  /* "vernonspeedskatingclub.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 's', 'p', 'e', 'e', 'd', 's', 'k', 'a', 't', 'i', 'n', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "vernonwintercarnival.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'w', 'i', 'n', 't', 'e', 'r', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "veronique-schmitz.de", true */ 'v', 'e', 'r', 'o', 'n', 'i', 'q', 'u', 'e', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "verrerie-mousseline.org", true */ 'v', 'e', 'r', 'r', 'e', 'r', 'i', 'e', '-', 'm', 'o', 'u', 's', 's', 'e', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "vers.one", true */ 'v', 'e', 'r', 's', '.', 'o', 'n', 'e', '\0',
+  /* "versagercloud.de", true */ 'v', 'e', 'r', 's', 'a', 'g', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "versbeton.nl", true */ 'v', 'e', 'r', 's', 'b', 'e', 't', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "versicherungskontor.net", true */ 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', 's', 'k', 'o', 'n', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "verspai.de", true */ 'v', 'e', 'r', 's', 'p', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "verstraetenusedcars.be", true */ 'v', 'e', 'r', 's', 't', 'r', 'a', 'e', 't', 'e', 'n', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vertebrates.com", true */ 'v', 'e', 'r', 't', 'e', 'b', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verteilergetriebe.info", true */ 'v', 'e', 'r', 't', 'e', 'i', 'l', 'e', 'r', 'g', 'e', 't', 'r', 'i', 'e', 'b', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "vertikar.net", true */ 'v', 'e', 'r', 't', 'i', 'k', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "vertner.net", true */ 'v', 'e', 'r', 't', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "veryapt.com", true */ 'v', 'e', 'r', 'y', 'a', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "verymelon.de", true */ 'v', 'e', 'r', 'y', 'm', 'e', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "verzick.com", true */ 'v', 'e', 'r', 'z', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ves.vn.ua", true */ 'v', 'e', 's', '.', 'v', 'n', '.', 'u', 'a', '\0',
+  /* "vescudero.net", true */ 'v', 'e', 's', 'c', 'u', 'd', 'e', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "veslosada.com", true */ 'v', 'e', 's', 'l', 'o', 's', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vespacascadia.com", true */ 'v', 'e', 's', 'p', 'a', 'c', 'a', 's', 'c', 'a', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "veterinario.roma.it", true */ 'v', 'e', 't', 'e', 'r', 'i', 'n', 'a', 'r', 'i', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "vetforum.co", true */ 'v', 'e', 't', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', '\0',
+  /* "vetinte.eu", true */ 'v', 'e', 't', 'i', 'n', 't', 'e', '.', 'e', 'u', '\0',
+  /* "vetofish.com", true */ 'v', 'e', 't', 'o', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "vets.gov", true */ 'v', 'e', 't', 's', '.', 'g', 'o', 'v', '\0',
+  /* "veverusak.cz", true */ 'v', 'e', 'v', 'e', 'r', 'u', 's', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "vfdworld.com", true */ 'v', 'f', 'd', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vfn-nrw.de", true */ 'v', 'f', 'n', '-', 'n', 'r', 'w', '.', 'd', 'e', '\0',
+  /* "vgerak.com", true */ 'v', 'g', 'e', 'r', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "vgolos.zt.ua", true */ 'v', 'g', 'o', 'l', 'o', 's', '.', 'z', 't', '.', 'u', 'a', '\0',
+  /* "vgropp.de", true */ 'v', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "vhummel.nl", true */ 'v', 'h', 'u', 'm', 'm', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "viacdn.org", true */ 'v', 'i', 'a', 'c', 'd', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "viafinance.cz", true */ 'v', 'i', 'a', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "viaggio-in-cina.it", true */ 'v', 'i', 'a', 'g', 'g', 'i', 'o', '-', 'i', 'n', '-', 'c', 'i', 'n', 'a', '.', 'i', 't', '\0',
+  /* "viaje-a-china.com", true */ 'v', 'i', 'a', 'j', 'e', '-', 'a', '-', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vialibido.com.br", true */ 'v', 'i', 'a', 'l', 'i', 'b', 'i', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vialorran.com", true */ 'v', 'i', 'a', 'l', 'o', 'r', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "viaprinto.de", true */ 'v', 'i', 'a', 'p', 'r', 'i', 'n', 't', 'o', '.', 'd', 'e', '\0',
+  /* "vibrant-america.com", true */ 'v', 'i', 'b', 'r', 'a', 'n', 't', '-', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vibrashop.com.br", true */ 'v', 'i', 'b', 'r', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vichiya.com", true */ 'v', 'i', 'c', 'h', 'i', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vician.cz", false */ 'v', 'i', 'c', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "viciousflora.com", true */ 'v', 'i', 'c', 'i', 'o', 'u', 's', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "viciousviscosity.xyz", true */ 'v', 'i', 'c', 'i', 'o', 'u', 's', 'v', 'i', 's', 'c', 'o', 's', 'i', 't', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "viclab.se", true */ 'v', 'i', 'c', 'l', 'a', 'b', '.', 's', 'e', '\0',
+  /* "victorcanera.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'c', 'a', 'n', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "victordiaz.me", true */ 'v', 'i', 'c', 't', 'o', 'r', 'd', 'i', 'a', 'z', '.', 'm', 'e', '\0',
+  /* "victoreriksson.se", true */ 'v', 'i', 'c', 't', 'o', 'r', 'e', 'r', 'i', 'k', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "victorgbustamante.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'g', 'b', 'u', 's', 't', 'a', 'm', 'a', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "victorhawk.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'h', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "victoriaartist.ru", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 'a', 'r', 't', 'i', 's', 't', '.', 'r', 'u', '\0',
+  /* "victoriastudio.ru", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'u', '\0',
+  /* "victoriaville.ca", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "victorjacobs.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'j', 'a', 'c', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "victornet.de", true */ 'v', 'i', 'c', 't', 'o', 'r', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "victornilsson.pw", true */ 'v', 'i', 'c', 't', 'o', 'r', 'n', 'i', 'l', 's', 's', 'o', 'n', '.', 'p', 'w', '\0',
+  /* "vicyu.com", true */ 'v', 'i', 'c', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "vid-immobilien.de", true */ 'v', 'i', 'd', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "vida-it.com", true */ 'v', 'i', 'd', 'a', '-', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vida.es", true */ 'v', 'i', 'd', 'a', '.', 'e', 's', '\0',
+  /* "vidbooster.com", true */ 'v', 'i', 'd', 'b', 'o', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vide-dressing.org", false */ 'v', 'i', 'd', 'e', '-', 'd', 'r', 'e', 's', 's', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "vide-greniers.org", false */ 'v', 'i', 'd', 'e', '-', 'g', 'r', 'e', 'n', 'i', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "vide-maisons.org", false */ 'v', 'i', 'd', 'e', '-', 'm', 'a', 'i', 's', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "videnskabsklubben.dk", true */ 'v', 'i', 'd', 'e', 'n', 's', 'k', 'a', 'b', 's', 'k', 'l', 'u', 'b', 'b', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "videogamesartwork.com", true */ 'v', 'i', 'd', 'e', 'o', 'g', 'a', 'm', 'e', 's', 'a', 'r', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "videoseyredin.net", true */ 'v', 'i', 'd', 'e', 'o', 's', 'e', 'y', 'r', 'e', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "videosqr.com", true */ 'v', 'i', 'd', 'e', 'o', 's', 'q', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "videov.tk", true */ 'v', 'i', 'd', 'e', 'o', 'v', '.', 't', 'k', '\0',
+  /* "vidiproject.com", true */ 'v', 'i', 'd', 'i', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vidister.de", true */ 'v', 'i', 'd', 'i', 's', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "viditut.com", true */ 'v', 'i', 'd', 'i', 't', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vidkovaomara.si", true */ 'v', 'i', 'd', 'k', 'o', 'v', 'a', 'o', 'm', 'a', 'r', 'a', '.', 's', 'i', '\0',
+  /* "vidlyoficial.com", true */ 'v', 'i', 'd', 'l', 'y', 'o', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vieaw.com", true */ 'v', 'i', 'e', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vieclam24h.vn", false */ 'v', 'i', 'e', 'c', 'l', 'a', 'm', '2', '4', 'h', '.', 'v', 'n', '\0',
+  /* "viekelis.lt", false */ 'v', 'i', 'e', 'k', 'e', 'l', 'i', 's', '.', 'l', 't', '\0',
+  /* "viemeister.com", true */ 'v', 'i', 'e', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "viemontante.be", true */ 'v', 'i', 'e', 'm', 'o', 'n', 't', 'a', 'n', 't', 'e', '.', 'b', 'e', '\0',
+  /* "viennan.net", true */ 'v', 'i', 'e', 'n', 'n', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "vientos.coop", true */ 'v', 'i', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'o', 'p', '\0',
+  /* "viepixel.at", true */ 'v', 'i', 'e', 'p', 'i', 'x', 'e', 'l', '.', 'a', 't', '\0',
+  /* "vierdaagsehotel.nl", true */ 'v', 'i', 'e', 'r', 'd', 'a', 'a', 'g', 's', 'e', 'h', 'o', 't', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "vierpfeile.de", true */ 'v', 'i', 'e', 'r', 'p', 'f', 'e', 'i', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "vierpluseins.wtf", true */ 'v', 'i', 'e', 'r', 'p', 'l', 'u', 's', 'e', 'i', 'n', 's', '.', 'w', 't', 'f', '\0',
+  /* "vietnam-lifer.com", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', '-', 'l', 'i', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vietnamese.dating", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'e', 's', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "vietnamhost.vn", false */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'h', 'o', 's', 't', '.', 'v', 'n', '\0',
+  /* "vietnamwomenveterans.org", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'w', 'o', 'm', 'e', 'n', 'v', 'e', 't', 'e', 'r', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "vieux.pro", true */ 'v', 'i', 'e', 'u', 'x', '.', 'p', 'r', 'o', '\0',
+  /* "viewbook.com", true */ 'v', 'i', 'e', 'w', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "viewmyrecords.com", true */ 'v', 'i', 'e', 'w', 'm', 'y', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "viewsea.com", true */ 'v', 'i', 'e', 'w', 's', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "viga.me", true */ 'v', 'i', 'g', 'a', '.', 'm', 'e', '\0',
+  /* "vigenebio.com", true */ 'v', 'i', 'g', 'e', 'n', 'e', 'b', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vigilantnow.com", true */ 'v', 'i', 'g', 'i', 'l', 'a', 'n', 't', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vigliano.ovh", true */ 'v', 'i', 'g', 'l', 'i', 'a', 'n', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "vigo-krankenversicherung.de", true */ 'v', 'i', 'g', 'o', '-', 'k', 'r', 'a', 'n', 'k', 'e', 'n', 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "vigo-tarife.de", true */ 'v', 'i', 'g', 'o', '-', 't', 'a', 'r', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "vigour.us", true */ 'v', 'i', 'g', 'o', 'u', 'r', '.', 'u', 's', '\0',
+  /* "vigoxatelier.tech", true */ 'v', 'i', 'g', 'o', 'x', 'a', 't', 'e', 'l', 'i', 'e', 'r', '.', 't', 'e', 'c', 'h', '\0',
+  /* "vigrey.com", true */ 'v', 'i', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "viikko.eu", true */ 'v', 'i', 'i', 'k', 'k', 'o', '.', 'e', 'u', '\0',
+  /* "vijay-international.com", true */ 'v', 'i', 'j', 'a', 'y', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vijverbenodigdheden.nl", true */ 'v', 'i', 'j', 'v', 'e', 'r', 'b', 'e', 'n', 'o', 'd', 'i', 'g', 'd', 'h', 'e', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "vik.im", true */ 'v', 'i', 'k', '.', 'i', 'm', '\0',
+  /* "vikashkumar.me", true */ 'v', 'i', 'k', 'a', 's', 'h', 'k', 'u', 'm', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "viking-style.ru", true */ 'v', 'i', 'k', 'i', 'n', 'g', '-', 's', 't', 'y', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "vikings.net", true */ 'v', 'i', 'k', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "vikodek.com", true */ 'v', 'i', 'k', 'o', 'd', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "viktorprevaric.eu", true */ 'v', 'i', 'k', 't', 'o', 'r', 'p', 'r', 'e', 'v', 'a', 'r', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "viladochurrasco.com.br", true */ 'v', 'i', 'l', 'a', 'd', 'o', 'c', 'h', 'u', 'r', 'r', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "villa-gockel.de", true */ 'v', 'i', 'l', 'l', 'a', '-', 'g', 'o', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "villa-romantica-zillertal.at", true */ 'v', 'i', 'l', 'l', 'a', '-', 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', 'a', '-', 'z', 'i', 'l', 'l', 'e', 'r', 't', 'a', 'l', '.', 'a', 't', '\0',
+  /* "villafiore.com.br", true */ 'v', 'i', 'l', 'l', 'a', 'f', 'i', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "villageunique.com.br", true */ 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'u', 'n', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "villagockel.de", true */ 'v', 'i', 'l', 'l', 'a', 'g', 'o', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "villainsclothing.com.au", true */ 'v', 'i', 'l', 'l', 'a', 'i', 'n', 's', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "villasenor.online", true */ 'v', 'i', 'l', 'l', 'a', 's', 'e', 'n', 'o', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "villasfinistere.fr", true */ 'v', 'i', 'l', 'l', 'a', 's', 'f', 'i', 'n', 'i', 's', 't', 'e', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "villasforsale-bali.com", true */ 'v', 'i', 'l', 'l', 'a', 's', 'f', 'o', 'r', 's', 'a', 'l', 'e', '-', 'b', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "villek.fi", true */ 'v', 'i', 'l', 'l', 'e', 'k', '.', 'f', 'i', '\0',
+  /* "villenavedornon.fr", true */ 'v', 'i', 'l', 'l', 'e', 'n', 'a', 'v', 'e', 'd', 'o', 'r', 'n', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "vilog.me", true */ 'v', 'i', 'l', 'o', 'g', '.', 'm', 'e', '\0',
+  /* "viltsu.net", true */ 'v', 'i', 'l', 't', 's', 'u', '.', 'n', 'e', 't', '\0',
+  /* "vima.ch", true */ 'v', 'i', 'm', 'a', '.', 'c', 'h', '\0',
+  /* "vimeo.com", true */ 'v', 'i', 'm', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vinagro.sk", true */ 'v', 'i', 'n', 'a', 'g', 'r', 'o', '.', 's', 'k', '\0',
+  /* "vinarstvimodryhrozen.cz", true */ 'v', 'i', 'n', 'a', 'r', 's', 't', 'v', 'i', 'm', 'o', 'd', 'r', 'y', 'h', 'r', 'o', 'z', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "vincentcox.com", false */ 'v', 'i', 'n', 'c', 'e', 'n', 't', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "vincentpancol.com", true */ 'v', 'i', 'n', 'c', 'e', 'n', 't', 'p', 'a', 'n', 'c', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vincitraining.com", true */ 'v', 'i', 'n', 'c', 'i', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "vineright.com", true */ 'v', 'i', 'n', 'e', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vinicius.sl", true */ 'v', 'i', 'n', 'i', 'c', 'i', 'u', 's', '.', 's', 'l', '\0',
+  /* "vinilosdecorativos.net", true */ 'v', 'i', 'n', 'i', 'l', 'o', 's', 'd', 'e', 'c', 'o', 'r', 'a', 't', 'i', 'v', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "vinner.com.au", true */ 'v', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "vinolli.de", true */ 'v', 'i', 'n', 'o', 'l', 'l', 'i', '.', 'd', 'e', '\0',
+  /* "vinovum.net", true */ 'v', 'i', 'n', 'o', 'v', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "vintagecaskandbarrel.com", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'c', 'a', 's', 'k', 'a', 'n', 'd', 'b', 'a', 'r', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vintagejeeps.net", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'j', 'e', 'e', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "vintageportgifts.co.uk", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'p', 'o', 'r', 't', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vintagetrailerbuyers.com", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 't', 'r', 'a', 'i', 'l', 'e', 'r', 'b', 'u', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vintazh.net", true */ 'v', 'i', 'n', 't', 'a', 'z', 'h', '.', 'n', 'e', 't', '\0',
+  /* "vinticom.ch", true */ 'v', 'i', 'n', 't', 'i', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "vintock.com", true */ 'v', 'i', 'n', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "vinyculture.com", true */ 'v', 'i', 'n', 'y', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vinzite.com", true */ 'v', 'i', 'n', 'z', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "violet-letter.delivery", true */ 'v', 'i', 'o', 'l', 'e', 't', '-', 'l', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', 'l', 'i', 'v', 'e', 'r', 'y', '\0',
+  /* "violetraven.co.uk", true */ 'v', 'i', 'o', 'l', 'e', 't', 'r', 'a', 'v', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "violin4fun.nl", true */ 'v', 'i', 'o', 'l', 'i', 'n', '4', 'f', 'u', 'n', '.', 'n', 'l', '\0',
+  /* "vionicbeach.com", true */ 'v', 'i', 'o', 'n', 'i', 'c', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "vip8522.com", true */ 'v', 'i', 'p', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "vipi.es", true */ 'v', 'i', 'p', 'i', '.', 'e', 's', '\0',
+  /* "vipnettikasinoklubi.com", true */ 'v', 'i', 'p', 'n', 'e', 't', 't', 'i', 'k', 'a', 's', 'i', 'n', 'o', 'k', 'l', 'u', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "viptamin.eu", true */ 'v', 'i', 'p', 't', 'a', 'm', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "viptamol.com", true */ 'v', 'i', 'p', 't', 'a', 'm', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vir-tec.eu", true */ 'v', 'i', 'r', '-', 't', 'e', 'c', '.', 'e', 'u', '\0',
+  /* "viralboombox.xyz", true */ 'v', 'i', 'r', 'a', 'l', 'b', 'o', 'o', 'm', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "viralpop.it", true */ 'v', 'i', 'r', 'a', 'l', 'p', 'o', 'p', '.', 'i', 't', '\0',
+  /* "virgopolymer.com", true */ 'v', 'i', 'r', 'g', 'o', 'p', 'o', 'l', 'y', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "virial.de", true */ 'v', 'i', 'r', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "viridis-milites.cz", true */ 'v', 'i', 'r', 'i', 'd', 'i', 's', '-', 'm', 'i', 'l', 'i', 't', 'e', 's', '.', 'c', 'z', '\0',
+  /* "virtualcustoms.tech", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'c', 'u', 's', 't', 'o', 'm', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "virtualdesignmedia.com", false */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'd', 'e', 's', 'i', 'g', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "virtuallifestyle.nl", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "virtualmt2.pl", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'm', 't', '2', '.', 'p', 'l', '\0',
+  /* "virtualsanity.com", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 's', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "virtualvaults.com", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'v', 'a', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "virtubox.net", true */ 'v', 'i', 'r', 't', 'u', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "virtusaero.com", true */ 'v', 'i', 'r', 't', 'u', 's', 'a', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "virvum.ch", true */ 'v', 'i', 'r', 'v', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "visa-shinsei.com", true */ 'v', 'i', 's', 'a', '-', 's', 'h', 'i', 'n', 's', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "visaexpert.co.za", true */ 'v', 'i', 's', 'a', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "visalogy.com", true */ 'v', 'i', 's', 'a', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "visaop.com", true */ 'v', 'i', 's', 'a', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "visapourailleurs.fr", true */ 'v', 'i', 's', 'a', 'p', 'o', 'u', 'r', 'a', 'i', 'l', 'l', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "visaya.com.co", true */ 'v', 'i', 's', 'a', 'y', 'a', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "viscoelastico.com.br", true */ 'v', 'i', 's', 'c', 'o', 'e', 'l', 'a', 's', 't', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "viscopic.com", true */ 'v', 'i', 's', 'c', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vishwashantiyoga.com", true */ 'v', 'i', 's', 'h', 'w', 'a', 's', 'h', 'a', 'n', 't', 'i', 'y', 'o', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "visibox.nl", true */ 'v', 'i', 's', 'i', 'b', 'o', 'x', '.', 'n', 'l', '\0',
+  /* "visikom.de", true */ 'v', 'i', 's', 'i', 'k', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "visioflux-premium.com", true */ 'v', 'i', 's', 'i', 'o', 'f', 'l', 'u', 'x', '-', 'p', 'r', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "visionarymedia.nl", true */ 'v', 'i', 's', 'i', 'o', 'n', 'a', 'r', 'y', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "visionless.me", false */ 'v', 'i', 's', 'i', 'o', 'n', 'l', 'e', 's', 's', '.', 'm', 'e', '\0',
+  /* "visiontree-beta.eu", true */ 'v', 'i', 's', 'i', 'o', 'n', 't', 'r', 'e', 'e', '-', 'b', 'e', 't', 'a', '.', 'e', 'u', '\0',
+  /* "visistruct.com", true */ 'v', 'i', 's', 'i', 's', 't', 'r', 'u', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "visitkangaroovalley.com.au", true */ 'v', 'i', 's', 'i', 't', 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "visor.ph", true */ 'v', 'i', 's', 'o', 'r', '.', 'p', 'h', '\0',
+  /* "vispaleistexel.nl", true */ 'v', 'i', 's', 'p', 'a', 'l', 'e', 'i', 's', 't', 'e', 'x', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "vistaalmar.es", true */ 'v', 'i', 's', 't', 'a', 'a', 'l', 'm', 'a', 'r', '.', 'e', 's', '\0',
+  /* "vistastylebuilder.com", false */ 'v', 'i', 's', 't', 'a', 's', 't', 'y', 'l', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vistb.me", true */ 'v', 'i', 's', 't', 'b', '.', 'm', 'e', '\0',
+  /* "visual-cockpit.com", true */ 'v', 'i', 's', 'u', 'a', 'l', '-', 'c', 'o', 'c', 'k', 'p', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "visualideas.org", true */ 'v', 'i', 's', 'u', 'a', 'l', 'i', 'd', 'e', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "visudira.com", true */ 'v', 'i', 's', 'u', 'd', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vitahook.pw", true */ 'v', 'i', 't', 'a', 'h', 'o', 'o', 'k', '.', 'p', 'w', '\0',
+  /* "vital-tel.co.uk", true */ 'v', 'i', 't', 'a', 'l', '-', 't', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vitalamin.at", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'a', 't', '\0',
+  /* "vitalamin.ch", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "vitalamin.com", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vitalamin.de", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "vitalismaatjes.nl", true */ 'v', 'i', 't', 'a', 'l', 'i', 's', 'm', 'a', 'a', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "vitalthings.de", true */ 'v', 'i', 't', 'a', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'd', 'e', '\0',
+  /* "vitalyzhukphoto.com", true */ 'v', 'i', 't', 'a', 'l', 'y', 'z', 'h', 'u', 'k', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vitaminler.com", true */ 'v', 'i', 't', 'a', 'm', 'i', 'n', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vitapingu.de", true */ 'v', 'i', 't', 'a', 'p', 'i', 'n', 'g', 'u', '.', 'd', 'e', '\0',
+  /* "vitastic.nl", true */ 'v', 'i', 't', 'a', 's', 't', 'i', 'c', '.', 'n', 'l', '\0',
+  /* "viteoscrm.ch", true */ 'v', 'i', 't', 'e', 'o', 's', 'c', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "vitkausk.as", true */ 'v', 'i', 't', 'k', 'a', 'u', 's', 'k', '.', 'a', 's', '\0',
+  /* "vitkutny.cz", true */ 'v', 'i', 't', 'k', 'u', 't', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "vitoye.com", true */ 'v', 'i', 't', 'o', 'y', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vitra-vcare.co.uk", true */ 'v', 'i', 't', 'r', 'a', '-', 'v', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vitrado.de", true */ 'v', 'i', 't', 'r', 'a', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "vitsoft.by", true */ 'v', 'i', 't', 's', 'o', 'f', 't', '.', 'b', 'y', '\0',
+  /* "vivaldi.club", true */ 'v', 'i', 'v', 'a', 'l', 'd', 'i', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "vivamusic.es", true */ 'v', 'i', 'v', 'a', 'm', 'u', 's', 'i', 'c', '.', 'e', 's', '\0',
+  /* "vivanosports.com.br", true */ 'v', 'i', 'v', 'a', 'n', 'o', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vivatv.com.tw", true */ 'v', 'i', 'v', 'a', 't', 'v', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "vivendi.de", true */ 'v', 'i', 'v', 'e', 'n', 'd', 'i', '.', 'd', 'e', '\0',
+  /* "vivianmaier.cn", true */ 'v', 'i', 'v', 'i', 'a', 'n', 'm', 'a', 'i', 'e', 'r', '.', 'c', 'n', '\0',
+  /* "vivid-academy.com", true */ 'v', 'i', 'v', 'i', 'd', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vividinflatables.co.uk", true */ 'v', 'i', 'v', 'i', 'd', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vividlumen.com", true */ 'v', 'i', 'v', 'i', 'd', 'l', 'u', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "viviennevandenbos.nl", true */ 'v', 'i', 'v', 'i', 'e', 'n', 'n', 'e', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "vivirenelmundo.com", true */ 'v', 'i', 'v', 'i', 'r', 'e', 'n', 'e', 'l', 'm', 'u', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vivo.sx", true */ 'v', 'i', 'v', 'o', '.', 's', 'x', '\0',
+  /* "vizards.cc", true */ 'v', 'i', 'z', 'a', 'r', 'd', 's', '.', 'c', 'c', '\0',
+  /* "vize.ai", true */ 'v', 'i', 'z', 'e', '.', 'a', 'i', '\0',
+  /* "vizional.com", true */ 'v', 'i', 'z', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vizzboard.com", true */ 'v', 'i', 'z', 'z', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vjeff.com", true */ 'v', 'j', 'e', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "vjeff.net", true */ 'v', 'j', 'e', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "vk4wip.org.au", true */ 'v', 'k', '4', 'w', 'i', 'p', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "vkennke.org", true */ 'v', 'k', 'e', 'n', 'n', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "vkino.com", false */ 'v', 'k', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vkirichenko.name", true */ 'v', 'k', 'i', 'r', 'i', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "vkox.com", true */ 'v', 'k', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "vksportphoto.com", true */ 'v', 'k', 's', 'p', 'o', 'r', 't', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vladimiroff.org", true */ 'v', 'l', 'a', 'd', 'i', 'm', 'i', 'r', 'o', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "vladislavstoyanov.com", true */ 'v', 'l', 'a', 'd', 'i', 's', 'l', 'a', 'v', 's', 't', 'o', 'y', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "vldkn.net", true */ 'v', 'l', 'd', 'k', 'n', '.', 'n', 'e', 't', '\0',
+  /* "vleij.com", true */ 'v', 'l', 'e', 'i', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "vleij.family", true */ 'v', 'l', 'e', 'i', 'j', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "vleij.se", true */ 'v', 'l', 'e', 'i', 'j', '.', 's', 'e', '\0',
+  /* "vliegensvlug.services", true */ 'v', 'l', 'i', 'e', 'g', 'e', 'n', 's', 'v', 'l', 'u', 'g', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "vloeck.de", true */ 'v', 'l', 'o', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "vlovgr.se", true */ 'v', 'l', 'o', 'v', 'g', 'r', '.', 's', 'e', '\0',
+  /* "vlsk.eu", true */ 'v', 'l', 's', 'k', '.', 'e', 'u', '\0',
+  /* "vlsm.se", true */ 'v', 'l', 's', 'm', '.', 's', 'e', '\0',
+  /* "vlvvl.com", true */ 'v', 'l', 'v', 'v', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vm-0.com", true */ 'v', 'm', '-', '0', '.', 'c', 'o', 'm', '\0',
+  /* "vm-co.ch", true */ 'v', 'm', '-', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "vmc.co.id", true */ 'v', 'm', 'c', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "vmem.jp", false */ 'v', 'm', 'e', 'm', '.', 'j', 'p', '\0',
+  /* "vmgirls.com", true */ 'v', 'm', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vmhydro.ru", false */ 'v', 'm', 'h', 'y', 'd', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "vmis.nl", true */ 'v', 'm', 'i', 's', '.', 'n', 'l', '\0',
+  /* "vmoagents.com", false */ 'v', 'm', 'o', 'a', 'g', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vmoe.info", true */ 'v', 'm', 'o', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "vmug.pl", true */ 'v', 'm', 'u', 'g', '.', 'p', 'l', '\0',
+  /* "vn.search.yahoo.com", false */ 'v', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vnd.cloud", true */ 'v', 'n', 'd', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "vnvisa.center", true */ 'v', 'n', 'v', 'i', 's', 'a', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "vnvisa.ru", true */ 'v', 'n', 'v', 'i', 's', 'a', '.', 'r', 'u', '\0',
+  /* "vocab.guru", true */ 'v', 'o', 'c', 'a', 'b', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "vocaloid.my", true */ 'v', 'o', 'c', 'a', 'l', 'o', 'i', 'd', '.', 'm', 'y', '\0',
+  /* "vocalviews.com", true */ 'v', 'o', 'c', 'a', 'l', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vodpay.com", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vodpay.net", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "vodpay.org", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "vogler.name", true */ 'v', 'o', 'g', 'l', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "voice-of-design.com", true */ 'v', 'o', 'i', 'c', 'e', '-', 'o', 'f', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "voicu.ch", true */ 'v', 'o', 'i', 'c', 'u', '.', 'c', 'h', '\0',
+  /* "void-it.nl", true */ 'v', 'o', 'i', 'd', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "void-zero.com", true */ 'v', 'o', 'i', 'd', '-', 'z', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "voidpay.com", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "voidpay.net", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "voidpay.org", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "voidptr.eu", true */ 'v', 'o', 'i', 'd', 'p', 't', 'r', '.', 'e', 'u', '\0',
+  /* "voids.org", true */ 'v', 'o', 'i', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "voidshift.com", true */ 'v', 'o', 'i', 'd', 's', 'h', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "voipkb.com", true */ 'v', 'o', 'i', 'p', 'k', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "voipsun.com", true */ 'v', 'o', 'i', 'p', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vokativy.cz", false */ 'v', 'o', 'k', 'a', 't', 'i', 'v', 'y', '.', 'c', 'z', '\0',
+  /* "vokeapp.com", true */ 'v', 'o', 'k', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "volcanconcretos.com", true */ 'v', 'o', 'l', 'c', 'a', 'n', 'c', 'o', 'n', 'c', 'r', 'e', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "volga.us", true */ 'v', 'o', 'l', 'g', 'a', '.', 'u', 's', '\0',
+  /* "volgavibes.ru", false */ 'v', 'o', 'l', 'g', 'a', 'v', 'i', 'b', 'e', 's', '.', 'r', 'u', '\0',
+  /* "voliere-info.nl", false */ 'v', 'o', 'l', 'i', 'e', 'r', 'e', '-', 'i', 'n', 'f', 'o', '.', 'n', 'l', '\0',
+  /* "volker-gropp.de", true */ 'v', 'o', 'l', 'k', 'e', 'r', '-', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "volkergropp.de", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "volkerwesselstransfer.nl", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'w', 'e', 's', 's', 'e', 'l', 's', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "volkerwesselswave.nl", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'w', 'e', 's', 's', 'e', 'l', 's', 'w', 'a', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "volkswurst.de", true */ 'v', 'o', 'l', 'k', 's', 'w', 'u', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "vollans.id.au", true */ 'v', 'o', 'l', 'l', 'a', 'n', 's', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "voloevents.com", true */ 'v', 'o', 'l', 'o', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "volta.io", true */ 'v', 'o', 'l', 't', 'a', '.', 'i', 'o', '\0',
+  /* "voltimax.com", true */ 'v', 'o', 'l', 't', 'i', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "volto.io", true */ 'v', 'o', 'l', 't', 'o', '.', 'i', 'o', '\0',
+  /* "voltotc.com", true */ 'v', 'o', 'l', 't', 'o', 't', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vonauw.com", true */ 'v', 'o', 'n', 'a', 'u', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vonborstelboerner.de", true */ 'v', 'o', 'n', 'b', 'o', 'r', 's', 't', 'e', 'l', 'b', 'o', 'e', 'r', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "vonedelmann.de", false */ 'v', 'o', 'n', 'e', 'd', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "vongerlach.at", true */ 'v', 'o', 'n', 'g', 'e', 'r', 'l', 'a', 'c', 'h', '.', 'a', 't', '\0',
+  /* "vonniehudson.com", true */ 'v', 'o', 'n', 'n', 'i', 'e', 'h', 'u', 'd', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vonski.pl", true */ 'v', 'o', 'n', 's', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "voodoochile.at", true */ 'v', 'o', 'o', 'd', 'o', 'o', 'c', 'h', 'i', 'l', 'e', '.', 'a', 't', '\0',
+  /* "vop.li", true */ 'v', 'o', 'p', '.', 'l', 'i', '\0',
+  /* "vorkbaard.nl", true */ 'v', 'o', 'r', 'k', 'b', 'a', 'a', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "vorlicek.de", true */ 'v', 'o', 'r', 'l', 'i', 'c', 'e', 'k', '.', 'd', 'e', '\0',
+  /* "vorm2.com", true */ 'v', 'o', 'r', 'm', '2', '.', 'c', 'o', 'm', '\0',
+  /* "vos-fleurs.ch", true */ 'v', 'o', 's', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "vos-fleurs.com", true */ 'v', 'o', 's', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vosgym.jp", true */ 'v', 'o', 's', 'g', 'y', 'm', '.', 'j', 'p', '\0',
+  /* "vosky.fr", true */ 'v', 'o', 's', 'k', 'y', '.', 'f', 'r', '\0',
+  /* "vostronet.com", true */ 'v', 'o', 's', 't', 'r', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "voter-info.uk", true */ 'v', 'o', 't', 'e', 'r', '-', 'i', 'n', 'f', 'o', '.', 'u', 'k', '\0',
+  /* "votercircle.com", true */ 'v', 'o', 't', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "voterstartingpoint.uk", true */ 'v', 'o', 't', 'e', 'r', 's', 't', 'a', 'r', 't', 'i', 'n', 'g', 'p', 'o', 'i', 'n', 't', '.', 'u', 'k', '\0',
+  /* "votocek.cz", true */ 'v', 'o', 't', 'o', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "votockova.cz", true */ 'v', 'o', 't', 'o', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "votoot.com", true */ 'v', 'o', 't', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "votre-site-internet.ch", true */ 'v', 'o', 't', 'r', 'e', '-', 's', 'i', 't', 'e', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "vow.vn", true */ 'v', 'o', 'w', '.', 'v', 'n', '\0',
+  /* "voxfilmeonline.net", true */ 'v', 'o', 'x', 'f', 'i', 'l', 'm', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "voxml.com", true */ 'v', 'o', 'x', 'm', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "voxographe.com", false */ 'v', 'o', 'x', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "voyage-martinique.fr", true */ 'v', 'o', 'y', 'a', 'g', 'e', '-', 'm', 'a', 'r', 't', 'i', 'n', 'i', 'q', 'u', 'e', '.', 'f', 'r', '\0',
+  /* "voyageforum.com", true */ 'v', 'o', 'y', 'a', 'g', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "voyagesaufildespages.be", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'a', 'u', 'f', 'i', 'l', 'd', 'e', 's', 'p', 'a', 'g', 'e', 's', '.', 'b', 'e', '\0',
+  /* "voyageschine.com", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "voyagesdetective.fr", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'd', 'e', 't', 'e', 'c', 't', 'i', 'v', 'e', '.', 'f', 'r', '\0',
+  /* "vozami.com", true */ 'v', 'o', 'z', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "vpc-display.com", true */ 'v', 'p', 'c', '-', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vpn.black", true */ 'v', 'p', 'n', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "vpn.ht", true */ 'v', 'p', 'n', '.', 'h', 't', '\0',
+  /* "vpnservice.nl", true */ 'v', 'p', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "vpnzoom.com", true */ 'v', 'p', 'n', 'z', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "vpsboard.com", true */ 'v', 'p', 's', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vpsdream.dk", true */ 'v', 'p', 's', 'd', 'r', 'e', 'a', 'm', '.', 'd', 'k', '\0',
+  /* "vrandopulo.ru", true */ 'v', 'r', 'a', 'n', 'd', 'o', 'p', 'u', 'l', 'o', '.', 'r', 'u', '\0',
+  /* "vranjske.co.rs", true */ 'v', 'r', 'a', 'n', 'j', 's', 'k', 'e', '.', 'c', 'o', '.', 'r', 's', '\0',
+  /* "vreeman.com", true */ 'v', 'r', 'e', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vriesdonkow.be", true */ 'v', 'r', 'i', 'e', 's', 'd', 'o', 'n', 'k', 'o', 'w', '.', 'b', 'e', '\0',
+  /* "vrijgezellen-feest.com", true */ 'v', 'r', 'i', 'j', 'g', 'e', 'z', 'e', 'l', 'l', 'e', 'n', '-', 'f', 'e', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vrlaid.com", false */ 'v', 'r', 'l', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vroedvrouwella.be", true */ 'v', 'r', 'o', 'e', 'd', 'v', 'r', 'o', 'u', 'w', 'e', 'l', 'l', 'a', '.', 'b', 'e', '\0',
+  /* "vrsgames.com.mx", true */ 'v', 'r', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "vrsystem.com.br", true */ 'v', 'r', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vrtak-cz.net", true */ 'v', 'r', 't', 'a', 'k', '-', 'c', 'z', '.', 'n', 'e', 't', '\0',
+  /* "vrzl.pro", true */ 'v', 'r', 'z', 'l', '.', 'p', 'r', 'o', '\0',
+  /* "vsamsonov.com", true */ 'v', 's', 'a', 'm', 's', 'o', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "vscale.io", true */ 'v', 's', 'c', 'a', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "vsean.net", true */ 'v', 's', 'e', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "vserver-preis-vergleich.de", true */ 'v', 's', 'e', 'r', 'v', 'e', 'r', '-', 'p', 'r', 'e', 'i', 's', '-', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "vsesrazu-raiffeisen.ru", true */ 'v', 's', 'e', 's', 'r', 'a', 'z', 'u', '-', 'r', 'a', 'i', 'f', 'f', 'e', 'i', 's', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "vsl-defi.ch", true */ 'v', 's', 'l', '-', 'd', 'e', 'f', 'i', '.', 'c', 'h', '\0',
+  /* "vssnederland.nl", true */ 'v', 's', 's', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "vstehn.ru", true */ 'v', 's', 't', 'e', 'h', 'n', '.', 'r', 'u', '\0',
+  /* "vsund.de", true */ 'v', 's', 'u', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "vsx.ch", true */ 'v', 's', 'x', '.', 'c', 'h', '\0',
+  /* "vuakhuyenmai.vn", true */ 'v', 'u', 'a', 'k', 'h', 'u', 'y', 'e', 'n', 'm', 'a', 'i', '.', 'v', 'n', '\0',
+  /* "vubey.yt", true */ 'v', 'u', 'b', 'e', 'y', '.', 'y', 't', '\0',
+  /* "vuljespaarpot.nl", true */ 'v', 'u', 'l', 'j', 'e', 's', 'p', 'a', 'a', 'r', 'p', 'o', 't', '.', 'n', 'l', '\0',
+  /* "vulnerability.ch", true */ 'v', 'u', 'l', 'n', 'e', 'r', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'h', '\0',
+  /* "vulners.com", true */ 'v', 'u', 'l', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vulnscan.org", true */ 'v', 'u', 'l', 'n', 's', 'c', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vulpine.club", true */ 'v', 'u', 'l', 'p', 'i', 'n', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "vumetric.com", true */ 'v', 'u', 'm', 'e', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vuojolahti.fi", true */ 'v', 'u', 'o', 'j', 'o', 'l', 'a', 'h', 't', 'i', '.', 'f', 'i', '\0',
+  /* "vuosaarenmontessoritalo.fi", true */ 'v', 'u', 'o', 's', 'a', 'a', 'r', 'e', 'n', 'm', 'o', 'n', 't', 'e', 's', 's', 'o', 'r', 'i', 't', 'a', 'l', 'o', '.', 'f', 'i', '\0',
+  /* "vuvanhon.com", true */ 'v', 'u', 'v', 'a', 'n', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vux.li", true */ 'v', 'u', 'x', '.', 'l', 'i', '\0',
+  /* "vuzi.fr", true */ 'v', 'u', 'z', 'i', '.', 'f', 'r', '\0',
+  /* "vvdbronckhorst.nl", true */ 'v', 'v', 'd', 'b', 'r', 'o', 'n', 'c', 'k', 'h', 'o', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "vw-touranclub.cz", true */ 'v', 'w', '-', 't', 'o', 'u', 'r', 'a', 'n', 'c', 'l', 'u', 'b', '.', 'c', 'z', '\0',
+  /* "vwbusje.com", true */ 'v', 'w', 'b', 'u', 's', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vwittich.de", true */ 'v', 'w', 'i', 't', 't', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "vwoforangeparts.com", true */ 'v', 'w', 'o', 'f', 'o', 'r', 'a', 'n', 'g', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vwsoft.de", true */ 'v', 'w', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "vww-8522.com", true */ 'v', 'w', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "vxst.org", true */ 'v', 'x', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "vybeministry.org", true */ 'v', 'y', 'b', 'e', 'm', 'i', 'n', 'i', 's', 't', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "vyber-odhadce.cz", true */ 'v', 'y', 'b', 'e', 'r', '-', 'o', 'd', 'h', 'a', 'd', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "vyberodhadce.cz", true */ 'v', 'y', 'b', 'e', 'r', 'o', 'd', 'h', 'a', 'd', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "vyplnto.cz", true */ 'v', 'y', 'p', 'l', 'n', 't', 'o', '.', 'c', 'z', '\0',
+  /* "vyshivanochka.in.ua", true */ 'v', 'y', 's', 'h', 'i', 'v', 'a', 'n', 'o', 'c', 'h', 'k', 'a', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "vysko.cz", true */ 'v', 'y', 's', 'k', 'o', '.', 'c', 'z', '\0',
+  /* "vyskocil.eu", true */ 'v', 'y', 's', 'k', 'o', 'c', 'i', 'l', '.', 'e', 'u', '\0',
+  /* "vyvygen.org", true */ 'v', 'y', 'v', 'y', 'g', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vyzner.cz", true */ 'v', 'y', 'z', 'n', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "vzis.org", true */ 'v', 'z', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "vztekloun.cz", true */ 'v', 'z', 't', 'e', 'k', 'l', 'o', 'u', 'n', '.', 'c', 'z', '\0',
+  /* "w-p-k.de", true */ 'w', '-', 'p', '-', 'k', '.', 'd', 'e', '\0',
+  /* "w-spotlight.appspot.com", true */ 'w', '-', 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "w-w-auto.de", true */ 'w', '-', 'w', '-', 'a', 'u', 't', 'o', '.', 'd', 'e', '\0',
+  /* "w.wiki", true */ 'w', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "w10club.com", true */ 'w', '1', '0', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "w3ctag.org", true */ 'w', '3', 'c', 't', 'a', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "w3n.org", true */ 'w', '3', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "w4.no", true */ 'w', '4', '.', 'n', 'o', '\0',
+  /* "w4b.in", true */ 'w', '4', 'b', '.', 'i', 'n', '\0',
+  /* "w4eg.de", true */ 'w', '4', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "w5gfe.org", true */ 'w', '5', 'g', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "w7k.de", true */ 'w', '7', 'k', '.', 'd', 'e', '\0',
+  /* "w9rld.com", true */ 'w', '9', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wa-stromerzeuger.de", true */ 'w', 'a', '-', 's', 't', 'r', 'o', 'm', 'e', 'r', 'z', 'e', 'u', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "waaw.tv", true */ 'w', 'a', 'a', 'w', '.', 't', 'v', '\0',
+  /* "wabatam.com", true */ 'w', 'a', 'b', 'a', 't', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wachter.biz", true */ 'w', 'a', 'c', 'h', 't', 'e', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "wacky.one", true */ 'w', 'a', 'c', 'k', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "wadidi.com", true */ 'w', 'a', 'd', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wadsworth.gallery", true */ 'w', 'a', 'd', 's', 'w', 'o', 'r', 't', 'h', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "wadvisor.com", true */ 'w', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "waelisch.de", true */ 'w', 'a', 'e', 'l', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "waelti.xxx", true */ 'w', 'a', 'e', 'l', 't', 'i', '.', 'x', 'x', 'x', '\0',
+  /* "waf.ninja", true */ 'w', 'a', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "wafa4hw.com", true */ 'w', 'a', 'f', 'a', '4', 'h', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "wafairhaven.com.au", true */ 'w', 'a', 'f', 'a', 'i', 'r', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "waffle.at", true */ 'w', 'a', 'f', 'f', 'l', 'e', '.', 'a', 't', '\0',
+  /* "wafni.com", true */ 'w', 'a', 'f', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wahidhasan.com", true */ 'w', 'a', 'h', 'i', 'd', 'h', 'a', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "wahlman.org", true */ 'w', 'a', 'h', 'l', 'm', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "wahrnehmungswelt.de", true */ 'w', 'a', 'h', 'r', 'n', 'e', 'h', 'm', 'u', 'n', 'g', 's', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "wahrnehmungswelten.de", true */ 'w', 'a', 'h', 'r', 'n', 'e', 'h', 'm', 'u', 'n', 'g', 's', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wai-in.com", true */ 'w', 'a', 'i', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "waigel.org", true */ 'w', 'a', 'i', 'g', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "wail.net", true */ 'w', 'a', 'i', 'l', '.', 'n', 'e', 't', '\0',
+  /* "wait.jp", true */ 'w', 'a', 'i', 't', '.', 'j', 'p', '\0',
+  /* "waiterwheels.com", true */ 'w', 'a', 'i', 't', 'e', 'r', 'w', 'h', 'e', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "waits.io", true */ 'w', 'a', 'i', 't', 's', '.', 'i', 'o', '\0',
+  /* "waixingrenfuli.vip", true */ 'w', 'a', 'i', 'x', 'i', 'n', 'g', 'r', 'e', 'n', 'f', 'u', 'l', 'i', '.', 'v', 'i', 'p', '\0',
+  /* "wak.io", true */ 'w', 'a', 'k', '.', 'i', 'o', '\0',
+  /* "waka-mono.com", true */ 'w', 'a', 'k', 'a', '-', 'm', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "waka88.com", true */ 'w', 'a', 'k', 'a', '8', '8', '.', 'c', 'o', 'm', '\0',
+  /* "wakamiyasumiyosi.com", true */ 'w', 'a', 'k', 'a', 'm', 'i', 'y', 'a', 's', 'u', 'm', 'i', 'y', 'o', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wakatime.com", true */ 'w', 'a', 'k', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "walk.onl", true */ 'w', 'a', 'l', 'k', '.', 'o', 'n', 'l', '\0',
+  /* "walkhighlandsandislands.com", true */ 'w', 'a', 'l', 'k', 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 's', 'a', 'n', 'd', 'i', 's', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "walkingforhealth.org.uk", true */ 'w', 'a', 'l', 'k', 'i', 'n', 'g', 'f', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "walksedona.com", true */ 'w', 'a', 'l', 'k', 's', 'e', 'd', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wallabies.org", true */ 'w', 'a', 'l', 'l', 'a', 'b', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wallace-group.net", true */ 'w', 'a', 'l', 'l', 'a', 'c', 'e', '-', 'g', 'r', 'o', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "wallet.google.com", true */ 'w', 'a', 'l', 'l', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wallet.pp.ua", true */ 'w', 'a', 'l', 'l', 'e', 't', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "wallethub.com", false */ 'w', 'a', 'l', 'l', 'e', 't', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "walletnames.com", true */ 'w', 'a', 'l', 'l', 'e', 't', 'n', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wallingford.cc", true */ 'w', 'a', 'l', 'l', 'i', 'n', 'g', 'f', 'o', 'r', 'd', '.', 'c', 'c', '\0',
+  /* "wallpaperup.com", true */ 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "walls.de", true */ 'w', 'a', 'l', 'l', 's', '.', 'd', 'e', '\0',
+  /* "walls.io", true */ 'w', 'a', 'l', 'l', 's', '.', 'i', 'o', '\0',
+  /* "wallysmasterblaster.com.au", true */ 'w', 'a', 'l', 'l', 'y', 's', 'm', 'a', 's', 't', 'e', 'r', 'b', 'l', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "walnutgaming.com", true */ 'w', 'a', 'l', 'n', 'u', 't', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "walnutis.net", true */ 'w', 'a', 'l', 'n', 'u', 't', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "walravensax.nl", true */ 'w', 'a', 'l', 'r', 'a', 'v', 'e', 'n', 's', 'a', 'x', '.', 'n', 'l', '\0',
+  /* "walruses.org", true */ 'w', 'a', 'l', 'r', 'u', 's', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "waltellis.com", true */ 'w', 'a', 'l', 't', 'e', 'l', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wan.pp.ua", false */ 'w', 'a', 'n', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "wander.al", true */ 'w', 'a', 'n', 'd', 'e', 'r', '.', 'a', 'l', '\0',
+  /* "wandercue.com", true */ 'w', 'a', 'n', 'd', 'e', 'r', 'c', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wandervoll.ch", true */ 'w', 'a', 'n', 'd', 'e', 'r', 'v', 'o', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "wane.co", true */ 'w', 'a', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "wangjiatun.com.tw", true */ 'w', 'a', 'n', 'g', 'j', 'i', 'a', 't', 'u', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "wangqiliang.com", true */ 'w', 'a', 'n', 'g', 'q', 'i', 'l', 'i', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wangql.cn", true */ 'w', 'a', 'n', 'g', 'q', 'l', '.', 'c', 'n', '\0',
+  /* "wangql.net", true */ 'w', 'a', 'n', 'g', 'q', 'l', '.', 'n', 'e', 't', '\0',
+  /* "wangqr.tk", true */ 'w', 'a', 'n', 'g', 'q', 'r', '.', 't', 'k', '\0',
+  /* "wangyue.blog", true */ 'w', 'a', 'n', 'g', 'y', 'u', 'e', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "wantshow.com.br", true */ 'w', 'a', 'n', 't', 's', 'h', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "wanybug.cn", true */ 'w', 'a', 'n', 'y', 'b', 'u', 'g', '.', 'c', 'n', '\0',
+  /* "waonui.io", true */ 'w', 'a', 'o', 'n', 'u', 'i', '.', 'i', 'o', '\0',
+  /* "wapking.live", true */ 'w', 'a', 'p', 'k', 'i', 'n', 'g', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "wardow.com", true */ 'w', 'a', 'r', 'd', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "warebouncycastles.co.uk", true */ 'w', 'a', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "warekon.com", true */ 'w', 'a', 'r', 'e', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "warekon.dk", true */ 'w', 'a', 'r', 'e', 'k', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "warenits.at", true */ 'w', 'a', 'r', 'e', 'n', 'i', 't', 's', '.', 'a', 't', '\0',
+  /* "warezaddict.com", true */ 'w', 'a', 'r', 'e', 'z', 'a', 'd', 'd', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wargameexclusive.com", true */ 'w', 'a', 'r', 'g', 'a', 'm', 'e', 'e', 'x', 'c', 'l', 'u', 's', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "warhaggis.com", true */ 'w', 'a', 'r', 'h', 'a', 'g', 'g', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "warmestwishes.ca", true */ 'w', 'a', 'r', 'm', 'e', 's', 't', 'w', 'i', 's', 'h', 'e', 's', '.', 'c', 'a', '\0',
+  /* "warmlyyours.com", false */ 'w', 'a', 'r', 'm', 'l', 'y', 'y', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "warmservers.com", true */ 'w', 'a', 'r', 'm', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "warr.ath.cx", true */ 'w', 'a', 'r', 'r', '.', 'a', 't', 'h', '.', 'c', 'x', '\0',
+  /* "warringtonkidsbouncycastles.co.uk", true */ 'w', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'k', 'i', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "warschild.org", true */ 'w', 'a', 'r', 's', 'c', 'h', 'i', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "wartorngalaxy.com", true */ 'w', 'a', 'r', 't', 'o', 'r', 'n', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wasatchconstables.com", true */ 'w', 'a', 's', 'a', 't', 'c', 'h', 'c', 'o', 'n', 's', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "waschpark-hantschel.de", true */ 'w', 'a', 's', 'c', 'h', 'p', 'a', 'r', 'k', '-', 'h', 'a', 'n', 't', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "wasema.com", true */ 'w', 'a', 's', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wasfestes.de", true */ 'w', 'a', 's', 'f', 'e', 's', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "washingtonregisteredagent.io", true */ 'w', 'a', 's', 'h', 'i', 'n', 'g', 't', 'o', 'n', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'a', 'g', 'e', 'n', 't', '.', 'i', 'o', '\0',
+  /* "washingtonviews.com", true */ 'w', 'a', 's', 'h', 'i', 'n', 'g', 't', 'o', 'n', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wasi-net.de", true */ 'w', 'a', 's', 'i', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "wasielewski.com.de", true */ 'w', 'a', 's', 'i', 'e', 'l', 'e', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "wasil.org", true */ 'w', 'a', 's', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "waslh.com", true */ 'w', 'a', 's', 'l', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "wasserspucker.de", true */ 'w', 'a', 's', 's', 'e', 'r', 's', 'p', 'u', 'c', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wassibauer.com", true */ 'w', 'a', 's', 's', 'i', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wassim.is", true */ 'w', 'a', 's', 's', 'i', 'm', '.', 'i', 's', '\0',
+  /* "wastrel.ch", true */ 'w', 'a', 's', 't', 'r', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "watashi.bid", true */ 'w', 'a', 't', 'a', 's', 'h', 'i', '.', 'b', 'i', 'd', '\0',
+  /* "watch-wiki.org", true */ 'w', 'a', 't', 'c', 'h', '-', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "watchface.watch", true */ 'w', 'a', 't', 'c', 'h', 'f', 'a', 'c', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "watchfreeonline.co.uk", true */ 'w', 'a', 't', 'c', 'h', 'f', 'r', 'e', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "watchinventory.com", true */ 'w', 'a', 't', 'c', 'h', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "watchparts-and-tools-okayama.co.jp", true */ 'w', 'a', 't', 'c', 'h', 'p', 'a', 'r', 't', 's', '-', 'a', 'n', 'd', '-', 't', 'o', 'o', 'l', 's', '-', 'o', 'k', 'a', 'y', 'a', 'm', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "watchstyle.com", true */ 'w', 'a', 't', 'c', 'h', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "watchtv-online.pw", true */ 'w', 'a', 't', 'c', 'h', 't', 'v', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'w', '\0',
+  /* "waterfedpole.com", true */ 'w', 'a', 't', 'e', 'r', 'f', 'e', 'd', 'p', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "waterleeftinbeek.nl", true */ 'w', 'a', 't', 'e', 'r', 'l', 'e', 'e', 'f', 't', 'i', 'n', 'b', 'e', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "watermonitor.gov", true */ 'w', 'a', 't', 'e', 'r', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "watersb.org", true */ 'w', 'a', 't', 'e', 'r', 's', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "waterschaplimburg.nl", true */ 'w', 'a', 't', 'e', 'r', 's', 'c', 'h', 'a', 'p', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "watertrails.io", true */ 'w', 'a', 't', 'e', 'r', 't', 'r', 'a', 'i', 'l', 's', '.', 'i', 'o', '\0',
+  /* "waterworkscondos.com", true */ 'w', 'a', 't', 'e', 'r', 'w', 'o', 'r', 'k', 's', 'c', 'o', 'n', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "watsonwork.me", true */ 'w', 'a', 't', 's', 'o', 'n', 'w', 'o', 'r', 'k', '.', 'm', 'e', '\0',
+  /* "wattechweb.com", true */ 'w', 'a', 't', 't', 'e', 'c', 'h', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wave-ola.es", true */ 'w', 'a', 'v', 'e', '-', 'o', 'l', 'a', '.', 'e', 's', '\0',
+  /* "wavesoftime.com", true */ 'w', 'a', 'v', 'e', 's', 'o', 'f', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "waveum.com", true */ 'w', 'a', 'v', 'e', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wawak.pl", true */ 'w', 'a', 'w', 'a', 'k', '.', 'p', 'l', '\0',
+  /* "waylaydesign.com", true */ 'w', 'a', 'y', 'l', 'a', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "wayne.cloud", false */ 'w', 'a', 'y', 'n', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "wayohoo.com", true */ 'w', 'a', 'y', 'o', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wayohoo.net", true */ 'w', 'a', 'y', 'o', 'h', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "waytt.cf", true */ 'w', 'a', 'y', 't', 't', '.', 'c', 'f', '\0',
+  /* "waze.com", true */ 'w', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wbci.us", true */ 'w', 'b', 'c', 'i', '.', 'u', 's', '\0',
+  /* "wbg-vs.de", true */ 'w', 'b', 'g', '-', 'v', 's', '.', 'd', 'e', '\0',
+  /* "wbit.co.il", true */ 'w', 'b', 'i', 't', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "wbt-solutions.ch", true */ 'w', 'b', 't', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "wbt-solutions.net", true */ 'w', 'b', 't', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "wbuntu.com", true */ 'w', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "wbvb.nl", true */ 'w', 'b', 'v', 'b', '.', 'n', 'l', '\0',
+  /* "wbx.support", true */ 'w', 'b', 'x', '.', 's', 'u', 'p', 'p', 'o', 'r', 't', '\0',
+  /* "wcbook.ru", true */ 'w', 'c', 'b', 'o', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "wcn.life", true */ 'w', 'c', 'n', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "wd627.com", true */ 'w', 'd', '6', '2', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wd976.com", true */ 'w', 'd', '9', '7', '6', '.', 'c', 'o', 'm', '\0',
+  /* "wdbflowersevents.co.uk", true */ 'w', 'd', 'b', 'f', 'l', 'o', 'w', 'e', 'r', 's', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wdbgroup.co.uk", true */ 'w', 'd', 'b', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wdesk.com", true */ 'w', 'd', 'e', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wdmg.com.ua", true */ 'w', 'd', 'm', 'g', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "wdodelta.nl", true */ 'w', 'd', 'o', 'd', 'e', 'l', 't', 'a', '.', 'n', 'l', '\0',
+  /* "wdrl.info", true */ 'w', 'd', 'r', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wdt.cz", false */ 'w', 'd', 't', '.', 'c', 'z', '\0',
+  /* "wdt.io", true */ 'w', 'd', 't', '.', 'i', 'o', '\0',
+  /* "we-bb.com", true */ 'w', 'e', '-', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "we-run-linux.de", true */ 'w', 'e', '-', 'r', 'u', 'n', '-', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "we-use-linux.de", true */ 'w', 'e', '-', 'u', 's', 'e', '-', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "weacceptbitcoin.gr", true */ 'w', 'e', 'a', 'c', 'c', 'e', 'p', 't', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'g', 'r', '\0',
+  /* "wealthcentral.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wealthfactory.com", false */ 'w', 'e', 'a', 'l', 't', 'h', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wealthprojector.com", true */ 'w', 'e', 'a', 'l', 't', 'h', 'p', 'r', 'o', 'j', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wealthprojector.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'p', 'r', 'o', 'j', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wealthreport.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wearandcare.net", true */ 'w', 'e', 'a', 'r', 'a', 'n', 'd', 'c', 'a', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "weare1inspirit.com", true */ 'w', 'e', 'a', 'r', 'e', '1', 'i', 'n', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wearedisneyland.com", true */ 'w', 'e', 'a', 'r', 'e', 'd', 'i', 's', 'n', 'e', 'y', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wearegenki.com", true */ 'w', 'e', 'a', 'r', 'e', 'g', 'e', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wearepapermill.co", true */ 'w', 'e', 'a', 'r', 'e', 'p', 'a', 'p', 'e', 'r', 'm', 'i', 'l', 'l', '.', 'c', 'o', '\0',
+  /* "wearesouthafricans.com", true */ 'w', 'e', 'a', 'r', 'e', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wearewithyou.org", true */ 'w', 'e', 'a', 'r', 'e', 'w', 'i', 't', 'h', 'y', 'o', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "wearvr.com", true */ 'w', 'e', 'a', 'r', 'v', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "weather-and-climate.com", false */ 'w', 'e', 'a', 't', 'h', 'e', 'r', '-', 'a', 'n', 'd', '-', 'c', 'l', 'i', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "weathermyway.rocks", true */ 'w', 'e', 'a', 't', 'h', 'e', 'r', 'm', 'y', 'w', 'a', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "web-adminy.co.uk", true */ 'w', 'e', 'b', '-', 'a', 'd', 'm', 'i', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "web-advisor.co.uk", true */ 'w', 'e', 'b', '-', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "web-design.co.il", true */ 'w', 'e', 'b', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "web-hotel.gr", true */ 'w', 'e', 'b', '-', 'h', 'o', 't', 'e', 'l', '.', 'g', 'r', '\0',
+  /* "web-kouza.com", true */ 'w', 'e', 'b', '-', 'k', 'o', 'u', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "web-mail.info", true */ 'w', 'e', 'b', '-', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "web-redacteuren.nl", true */ 'w', 'e', 'b', '-', 'r', 'e', 'd', 'a', 'c', 't', 'e', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "web-wave.jp", true */ 'w', 'e', 'b', '-', 'w', 'a', 'v', 'e', '.', 'j', 'p', '\0',
+  /* "web.bzh", true */ 'w', 'e', 'b', '.', 'b', 'z', 'h', '\0',
+  /* "web.cc", false */ 'w', 'e', 'b', '.', 'c', 'c', '\0',
+  /* "web.de", true */ 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "web2033.com", true */ 'w', 'e', 'b', '2', '0', '3', '3', '.', 'c', 'o', 'm', '\0',
+  /* "web2ldap.de", true */ 'w', 'e', 'b', '2', 'l', 'd', 'a', 'p', '.', 'd', 'e', '\0',
+  /* "web2screen.tv", true */ 'w', 'e', 'b', '2', 's', 'c', 'r', 'e', 'e', 'n', '.', 't', 'v', '\0',
+  /* "web404.net", true */ 'w', 'e', 'b', '4', '0', '4', '.', 'n', 'e', 't', '\0',
+  /* "webaeon.org", true */ 'w', 'e', 'b', 'a', 'e', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "webaholic.co.in", true */ 'w', 'e', 'b', 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "webais.ru", true */ 'w', 'e', 'b', 'a', 'i', 's', '.', 'r', 'u', '\0',
+  /* "webambacht.nl", true */ 'w', 'e', 'b', 'a', 'm', 'b', 'a', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "webandmore.de", false */ 'w', 'e', 'b', 'a', 'n', 'd', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "webapky.cz", true */ 'w', 'e', 'b', 'a', 'p', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "webappky.cz", true */ 'w', 'e', 'b', 'a', 'p', 'p', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "webartex.ru", true */ 'w', 'e', 'b', 'a', 'r', 't', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "webbhuset.se", false */ 'w', 'e', 'b', 'b', 'h', 'u', 's', 'e', 't', '.', 's', 'e', '\0',
+  /* "webbiz.co.uk", true */ 'w', 'e', 'b', 'b', 'i', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webbuzz.com.au", true */ 'w', 'e', 'b', 'b', 'u', 'z', 'z', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "webcamtoy.com", true */ 'w', 'e', 'b', 'c', 'a', 'm', 't', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "webcatchers.nl", true */ 'w', 'e', 'b', 'c', 'a', 't', 'c', 'h', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "webclimbers.ch", true */ 'w', 'e', 'b', 'c', 'l', 'i', 'm', 'b', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "webcollect.org.uk", true */ 'w', 'e', 'b', 'c', 'o', 'l', 'l', 'e', 'c', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "webcontentspinning.com", true */ 'w', 'e', 'b', 'c', 'o', 'n', 't', 'e', 'n', 't', 's', 'p', 'i', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "webcookies.org", true */ 'w', 'e', 'b', 'c', 'o', 'o', 'k', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "webcrm.com", true */ 'w', 'e', 'b', 'c', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "webdesign-st.de", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '-', 's', 't', '.', 'd', 'e', '\0',
+  /* "webdesigneauclaire.com", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'a', 'u', 'c', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "webdesignerinwarwickshire.co.uk", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 'i', 'n', 'w', 'a', 'r', 'w', 'i', 'c', 'k', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webdesignplay.com", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "webdesignplayground.io", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'l', 'a', 'y', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "webdesignssussex.co.uk", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webdev-quiz.de", true */ 'w', 'e', 'b', 'd', 'e', 'v', '-', 'q', 'u', 'i', 'z', '.', 'd', 'e', '\0',
+  /* "webdevops.io", true */ 'w', 'e', 'b', 'd', 'e', 'v', 'o', 'p', 's', '.', 'i', 'o', '\0',
+  /* "webdosh.com", true */ 'w', 'e', 'b', 'd', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "webduck.nl", true */ 'w', 'e', 'b', 'd', 'u', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "webergrillrestaurant.com", true */ 'w', 'e', 'b', 'e', 'r', 'g', 'r', 'i', 'l', 'l', 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webexp.biz", true */ 'w', 'e', 'b', 'e', 'x', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "webfilings-eu-mirror.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'e', 'u', '-', 'm', 'i', 'r', 'r', 'o', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfilings-eu.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'e', 'u', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfilings-mirror-hrd.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'm', 'i', 'r', 'r', 'o', 'r', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfilings.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfox.com.br", true */ 'w', 'e', 'b', 'f', 'o', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "webgarten.ch", true */ 'w', 'e', 'b', 'g', 'a', 'r', 't', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "webgears.com", true */ 'w', 'e', 'b', 'g', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webhelyesarcu.hu", true */ 'w', 'e', 'b', 'h', 'e', 'l', 'y', 'e', 's', 'a', 'r', 'c', 'u', '.', 'h', 'u', '\0',
+  /* "webhostplan.info", true */ 'w', 'e', 'b', 'h', 'o', 's', 't', 'p', 'l', 'a', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "webinnovation.ie", true */ 'w', 'e', 'b', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'i', 'e', '\0',
+  /* "webjobposting.com", true */ 'w', 'e', 'b', 'j', 'o', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "webkeks.org", true */ 'w', 'e', 'b', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "weblagring.se", true */ 'w', 'e', 'b', 'l', 'a', 'g', 'r', 'i', 'n', 'g', '.', 's', 'e', '\0',
+  /* "weblate.org", true */ 'w', 'e', 'b', 'l', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "webless.com", true */ 'w', 'e', 'b', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webliberty.ru", true */ 'w', 'e', 'b', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'r', 'u', '\0',
+  /* "weblogic.pl", true */ 'w', 'e', 'b', 'l', 'o', 'g', 'i', 'c', '.', 'p', 'l', '\0',
+  /* "weblogzwolle.nl", true */ 'w', 'e', 'b', 'l', 'o', 'g', 'z', 'w', 'o', 'l', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "webmail.gigahost.dk", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'g', 'i', 'g', 'a', 'h', 'o', 's', 't', '.', 'd', 'k', '\0',
+  /* "webmail.info", true */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "webmail.onlime.ch", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "webmail.schokokeks.org", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "webmail.xalqbank.az", true */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'x', 'a', 'l', 'q', 'b', 'a', 'n', 'k', '.', 'a', 'z', '\0',
+  /* "webmandesign.eu", true */ 'w', 'e', 'b', 'm', 'a', 'n', 'd', 'e', 's', 'i', 'g', 'n', '.', 'e', 'u', '\0',
+  /* "webmax.com.tr", true */ 'w', 'e', 'b', 'm', 'a', 'x', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "webmedpharmacy.co.uk", true */ 'w', 'e', 'b', 'm', 'e', 'd', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webmel.com", true */ 'w', 'e', 'b', 'm', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "webmetering.at", true */ 'w', 'e', 'b', 'm', 'e', 't', 'e', 'r', 'i', 'n', 'g', '.', 'a', 't', '\0',
+  /* "webmotelli.fi", true */ 'w', 'e', 'b', 'm', 'o', 't', 'e', 'l', 'l', 'i', '.', 'f', 'i', '\0',
+  /* "webnetmail4u.com", true */ 'w', 'e', 'b', 'n', 'e', 't', 'm', 'a', 'i', 'l', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "webneuch.ch", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "webneuch.com", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "webneuch.eu", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'e', 'u', '\0',
+  /* "webneuch.fr", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'f', 'r', '\0',
+  /* "webneuch.info", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "webneuch.swiss", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "webnoob.net", true */ 'w', 'e', 'b', 'n', 'o', 'o', 'b', '.', 'n', 'e', 't', '\0',
+  /* "webogram.org", false */ 'w', 'e', 'b', 'o', 'g', 'r', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "webpostingmart.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webpostingpro.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "webpostingreviews.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webproguru.com", true */ 'w', 'e', 'b', 'p', 'r', 'o', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "webproxy.pw", true */ 'w', 'e', 'b', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'w', '\0',
+  /* "webpubsub.com", true */ 'w', 'e', 'b', 'p', 'u', 'b', 's', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "webqueens.com", true */ 'w', 'e', 'b', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webrentcars.com", true */ 'w', 'e', 'b', 'r', 'e', 'n', 't', 'c', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webreport.fr", true */ 'w', 'e', 'b', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "webreslist.com", true */ 'w', 'e', 'b', 'r', 'e', 's', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webs4all.ro", false */ 'w', 'e', 'b', 's', '4', 'a', 'l', 'l', '.', 'r', 'o', '\0',
+  /* "websectools.com", true */ 'w', 'e', 'b', 's', 'e', 'c', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "websecurity.is", true */ 'w', 'e', 'b', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 's', '\0',
+  /* "webseitendesigner.com", false */ 'w', 'e', 'b', 's', 'e', 'i', 't', 'e', 'n', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "webseitenserver.com", true */ 'w', 'e', 'b', 's', 'e', 'i', 't', 'e', 'n', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "websenat.de", true */ 'w', 'e', 'b', 's', 'e', 'n', 'a', 't', '.', 'd', 'e', '\0',
+  /* "websharks.org", true */ 'w', 'e', 'b', 's', 'h', 'a', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "websiteadvice.com.au", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "websiteforlease.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'f', 'o', 'r', 'l', 'e', 'a', 's', 'e', '.', 'c', 'a', '\0',
+  /* "websiteout.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'o', 'u', 't', '.', 'c', 'a', '\0',
+  /* "websiteout.net", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'o', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "websiterent.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'r', 'e', 'n', 't', '.', 'c', 'a', '\0',
+  /* "websites4business.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '4', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'a', '\0',
+  /* "websitesdallas.com", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', 'd', 'a', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "websiteservice.pro", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'p', 'r', 'o', '\0',
+  /* "webslake.com", true */ 'w', 'e', 'b', 's', 'l', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "webspiral.jp", true */ 'w', 'e', 'b', 's', 'p', 'i', 'r', 'a', 'l', '.', 'j', 'p', '\0',
+  /* "webspire.tech", true */ 'w', 'e', 'b', 's', 'p', 'i', 'r', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "webstore.be", false */ 'w', 'e', 'b', 's', 't', 'o', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "webstu.be", true */ 'w', 'e', 'b', 's', 't', 'u', '.', 'b', 'e', '\0',
+  /* "webstudio-n.com", true */ 'w', 'e', 'b', 's', 't', 'u', 'd', 'i', 'o', '-', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "webstylemedia.com", true */ 'w', 'e', 'b', 's', 't', 'y', 'l', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "websvetaines.lt", true */ 'w', 'e', 'b', 's', 'v', 'e', 't', 'a', 'i', 'n', 'e', 's', '.', 'l', 't', '\0',
+  /* "webtalis.nl", true */ 'w', 'e', 'b', 't', 'a', 'l', 'i', 's', '.', 'n', 'l', '\0',
+  /* "webtasarim.pw", true */ 'w', 'e', 'b', 't', 'a', 's', 'a', 'r', 'i', 'm', '.', 'p', 'w', '\0',
+  /* "webtek.nu", true */ 'w', 'e', 'b', 't', 'e', 'k', '.', 'n', 'u', '\0',
+  /* "webtheapp.com", true */ 'w', 'e', 'b', 't', 'h', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "webtobesocial.de", true */ 'w', 'e', 'b', 't', 'o', 'b', 'e', 's', 'o', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "webtorrent.io", true */ 'w', 'e', 'b', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 'o', '\0',
+  /* "webtrh.cz", true */ 'w', 'e', 'b', 't', 'r', 'h', '.', 'c', 'z', '\0',
+  /* "webtropia.com", false */ 'w', 'e', 'b', 't', 'r', 'o', 'p', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "webukhost.com", true */ 'w', 'e', 'b', 'u', 'k', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webwinkelwestland.nl", true */ 'w', 'e', 'b', 'w', 'i', 'n', 'k', 'e', 'l', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "webwit.nl", true */ 'w', 'e', 'b', 'w', 'i', 't', '.', 'n', 'l', '\0',
+  /* "webwolf.co.za", true */ 'w', 'e', 'b', 'w', 'o', 'l', 'f', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "webyazilimankara.com", true */ 'w', 'e', 'b', 'y', 'a', 'z', 'i', 'l', 'i', 'm', 'a', 'n', 'k', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "webzanem.com", true */ 'w', 'e', 'b', 'z', 'a', 'n', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wecleanbins.com", true */ 'w', 'e', 'c', 'l', 'e', 'a', 'n', 'b', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wecobble.com", true */ 'w', 'e', 'c', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wedding-m.jp", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', '-', 'm', '.', 'j', 'p', '\0',
+  /* "weddingfantasy.ru", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', 'f', 'a', 'n', 't', 'a', 's', 'y', '.', 'r', 'u', '\0',
+  /* "weddingsbynoon.co.uk", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'b', 'y', 'n', 'o', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "weddywood.ru", true */ 'w', 'e', 'd', 'd', 'y', 'w', 'o', 'o', 'd', '.', 'r', 'u', '\0',
+  /* "wedos.com", true */ 'w', 'e', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weeblr.com", true */ 'w', 'e', 'e', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "weeblrpress.com", true */ 'w', 'e', 'e', 'b', 'l', 'r', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weedypedia.de", true */ 'w', 'e', 'e', 'd', 'y', 'p', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "week.report", true */ 'w', 'e', 'e', 'k', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "weekdone.com", true */ 'w', 'e', 'e', 'k', 'd', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "weekly-residence.com", true */ 'w', 'e', 'e', 'k', 'l', 'y', '-', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "weeknummers.be", true */ 'w', 'e', 'e', 'k', 'n', 'u', 'm', 'm', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "weeknummers.nl", true */ 'w', 'e', 'e', 'k', 'n', 'u', 'm', 'm', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "weemake.fr", true */ 'w', 'e', 'e', 'm', 'a', 'k', 'e', '.', 'f', 'r', '\0',
+  /* "weemakers.fr", true */ 'w', 'e', 'e', 'm', 'a', 'k', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "weepycat.com", true */ 'w', 'e', 'e', 'p', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "weerda.fr", true */ 'w', 'e', 'e', 'r', 'd', 'a', '.', 'f', 'r', '\0',
+  /* "weerstationgiethoorn.nl", true */ 'w', 'e', 'e', 'r', 's', 't', 'a', 't', 'i', 'o', 'n', 'g', 'i', 'e', 't', 'h', 'o', 'o', 'r', 'n', '.', 'n', 'l', '\0',
+  /* "weerstatistieken.nl", true */ 'w', 'e', 'e', 'r', 's', 't', 'a', 't', 'i', 's', 't', 'i', 'e', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "wefinanceinc.com", true */ 'w', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "wefitboilers.com", true */ 'w', 'e', 'f', 'i', 't', 'b', 'o', 'i', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weggeweest.nl", true */ 'w', 'e', 'g', 'g', 'e', 'w', 'e', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "wegner.no", true */ 'w', 'e', 'g', 'n', 'e', 'r', '.', 'n', 'o', '\0',
+  /* "wegotcookies.com", true */ 'w', 'e', 'g', 'o', 't', 'c', 'o', 'o', 'k', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wegvielfalt.de", true */ 'w', 'e', 'g', 'v', 'i', 'e', 'l', 'f', 'a', 'l', 't', '.', 'd', 'e', '\0',
+  /* "wehostdnn.com", true */ 'w', 'e', 'h', 'o', 's', 't', 'd', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "weibomiaopai.com", true */ 'w', 'e', 'i', 'b', 'o', 'm', 'i', 'a', 'o', 'p', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "weicn.org", true */ 'w', 'e', 'i', 'c', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "weideheuvel.org", true */ 'w', 'e', 'i', 'd', 'e', 'h', 'e', 'u', 'v', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "weidmannfibertechnology.com", true */ 'w', 'e', 'i', 'd', 'm', 'a', 'n', 'n', 'f', 'i', 'b', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "weigelia.nl", true */ 'w', 'e', 'i', 'g', 'e', 'l', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "weightreviews.com", true */ 'w', 'e', 'i', 'g', 'h', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weils.net", true */ 'w', 'e', 'i', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "weimaraner.com.br", true */ 'w', 'e', 'i', 'm', 'a', 'r', 'a', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "weimz.com", true */ 'w', 'e', 'i', 'm', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "wein.cc", true */ 'w', 'e', 'i', 'n', '.', 'c', 'c', '\0',
+  /* "wein.co.kr", true */ 'w', 'e', 'i', 'n', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "weinbergerlawgroup.com", true */ 'w', 'e', 'i', 'n', 'b', 'e', 'r', 'g', 'e', 'r', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "weinhandel-preissler.de", true */ 'w', 'e', 'i', 'n', 'h', 'a', 'n', 'd', 'e', 'l', '-', 'p', 'r', 'e', 'i', 's', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "weirdesigns.com", true */ 'w', 'e', 'i', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weirdserver.com", true */ 'w', 'e', 'i', 'r', 'd', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "weisse-liste.de", true */ 'w', 'e', 'i', 's', 's', 'e', '-', 'l', 'i', 's', 't', 'e', '.', 'd', 'e', '\0',
+  /* "weissman.agency", true */ 'w', 'e', 'i', 's', 's', 'm', 'a', 'n', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "weiterbildung-vdz.de", true */ 'w', 'e', 'i', 't', 'e', 'r', 'b', 'i', 'l', 'd', 'u', 'n', 'g', '-', 'v', 'd', 'z', '.', 'd', 'e', '\0',
+  /* "weizenke.im", true */ 'w', 'e', 'i', 'z', 'e', 'n', 'k', 'e', '.', 'i', 'm', '\0',
+  /* "weizenspr.eu", true */ 'w', 'e', 'i', 'z', 'e', 'n', 's', 'p', 'r', '.', 'e', 'u', '\0',
+  /* "welches-kinderfahrrad.de", true */ 'w', 'e', 'l', 'c', 'h', 'e', 's', '-', 'k', 'i', 'n', 'd', 'e', 'r', 'f', 'a', 'h', 'r', 'r', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "welcome-tahiti.com", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 't', 'a', 'h', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "welcome-werkstatt.com", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "welcome-werkstatt.de", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0',
+  /* "welcome26.ch", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '2', '6', '.', 'c', 'h', '\0',
+  /* "welcomehelp.de", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', 'h', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "weldwp.com", true */ 'w', 'e', 'l', 'd', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wellacapability.com", true */ 'w', 'e', 'l', 'l', 'a', 'c', 'a', 'p', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wellbeing360.com.au", true */ 'w', 'e', 'l', 'l', 'b', 'e', 'i', 'n', 'g', '3', '6', '0', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wellcom.co.il", true */ 'w', 'e', 'l', 'l', 'c', 'o', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "welldrake.com", true */ 'w', 'e', 'l', 'l', 'd', 'r', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wellensteyn.ru", true */ 'w', 'e', 'l', 'l', 'e', 'n', 's', 't', 'e', 'y', 'n', '.', 'r', 'u', '\0',
+  /* "weller.pm", true */ 'w', 'e', 'l', 'l', 'e', 'r', '.', 'p', 'm', '\0',
+  /* "wellist.com", true */ 'w', 'e', 'l', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wellness-gutschein.de", true */ 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '-', 'g', 'u', 't', 's', 'c', 'h', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "wellnesscheck.net", true */ 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', 'c', 'h', 'e', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "wellopp.com", true */ 'w', 'e', 'l', 'l', 'o', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wellsplasticsurgery.com", true */ 'w', 'e', 'l', 'l', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wellspringcamps.com", true */ 'w', 'e', 'l', 'l', 's', 'p', 'r', 'i', 'n', 'g', 'c', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "welovejobs.com", true */ 'w', 'e', 'l', 'o', 'v', 'e', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "welovemail.com", true */ 'w', 'e', 'l', 'o', 'v', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "welsh.com.br", true */ 'w', 'e', 'l', 's', 'h', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "welteneroberer.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'e', 'r', 'o', 'b', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "weltengilde.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'g', 'i', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "weltenhueter.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'h', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "weltverschwoerung.de", true */ 'w', 'e', 'l', 't', 'v', 'e', 'r', 's', 'c', 'h', 'w', 'o', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "welzijnkoggenland.nl", true */ 'w', 'e', 'l', 'z', 'i', 'j', 'n', 'k', 'o', 'g', 'g', 'e', 'n', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "wemakemenus.com", true */ 'w', 'e', 'm', 'a', 'k', 'e', 'm', 'e', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wemakeonlinereviews.com", true */ 'w', 'e', 'm', 'a', 'k', 'e', 'o', 'n', 'l', 'i', 'n', 'e', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wendigo.pl", true */ 'w', 'e', 'n', 'd', 'i', 'g', 'o', '.', 'p', 'l', '\0',
+  /* "wendu.me", true */ 'w', 'e', 'n', 'd', 'u', '.', 'm', 'e', '\0',
+  /* "wenger-shop.ch", true */ 'w', 'e', 'n', 'g', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "wenjs.me", true */ 'w', 'e', 'n', 'j', 's', '.', 'm', 'e', '\0',
+  /* "wenode.net", true */ 'w', 'e', 'n', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wepay.com", false */ 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wepay.in.th", true */ 'w', 'e', 'p', 'a', 'y', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "weplaynaked.dk", true */ 'w', 'e', 'p', 'l', 'a', 'y', 'n', 'a', 'k', 'e', 'd', '.', 'd', 'k', '\0',
+  /* "wer-kommt-her.de", true */ 'w', 'e', 'r', '-', 'k', 'o', 'm', 'm', 't', '-', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werally.com", true */ 'w', 'e', 'r', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "werbefotograf-leitner.de", true */ 'w', 'e', 'r', 'b', 'e', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werbefotografie-leitner.de", true */ 'w', 'e', 'r', 'b', 'e', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werbewelt-tv.de", true */ 'w', 'e', 'r', 'b', 'e', 'w', 'e', 'l', 't', '-', 't', 'v', '.', 'd', 'e', '\0',
+  /* "werbik.at", true */ 'w', 'e', 'r', 'b', 'i', 'k', '.', 'a', 't', '\0',
+  /* "werehub.org", true */ 'w', 'e', 'r', 'e', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "wereldkoffie.eu", true */ 'w', 'e', 'r', 'e', 'l', 'd', 'k', 'o', 'f', 'f', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "werk-34.de", true */ 'w', 'e', 'r', 'k', '-', '3', '4', '.', 'd', 'e', '\0',
+  /* "werkemotion.com", true */ 'w', 'e', 'r', 'k', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "werken-bij-inwork.nl", true */ 'w', 'e', 'r', 'k', 'e', 'n', '-', 'b', 'i', 'j', '-', 'i', 'n', 'w', 'o', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "werkenbijdfzs.nl", true */ 'w', 'e', 'r', 'k', 'e', 'n', 'b', 'i', 'j', 'd', 'f', 'z', 's', '.', 'n', 'l', '\0',
+  /* "werkgroepderdewereld.nl", true */ 'w', 'e', 'r', 'k', 'g', 'r', 'o', 'e', 'p', 'd', 'e', 'r', 'd', 'e', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "werkinc.de", true */ 'w', 'e', 'r', 'k', 'i', 'n', 'c', '.', 'd', 'e', '\0',
+  /* "werkkrew.xyz", true */ 'w', 'e', 'r', 'k', 'k', 'r', 'e', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "werkstattkinder.de", true */ 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', 'k', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werktor.com", true */ 'w', 'e', 'r', 'k', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "werktor.net", true */ 'w', 'e', 'r', 'k', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "werner-ema.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', '-', 'e', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "werner-schaeffer.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', '-', 's', 'c', 'h', 'a', 'e', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wernerschaeffer.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', 's', 'c', 'h', 'a', 'e', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wertheimer-burgrock.de", true */ 'w', 'e', 'r', 't', 'h', 'e', 'i', 'm', 'e', 'r', '-', 'b', 'u', 'r', 'g', 'r', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "werwolf-live.de", true */ 'w', 'e', 'r', 'w', 'o', 'l', 'f', '-', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "wesayyesprogram.com", true */ 'w', 'e', 's', 'a', 'y', 'y', 'e', 's', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wesecom.com", true */ 'w', 'e', 's', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wesell.asia", true */ 'w', 'e', 's', 'e', 'l', 'l', '.', 'a', 's', 'i', 'a', '\0',
+  /* "weserv.nl", true */ 'w', 'e', 's', 'e', 'r', 'v', '.', 'n', 'l', '\0',
+  /* "wesleycabus.be", true */ 'w', 'e', 's', 'l', 'e', 'y', 'c', 'a', 'b', 'u', 's', '.', 'b', 'e', '\0',
+  /* "wesreportportal.com", true */ 'w', 'e', 's', 'r', 'e', 'p', 'o', 'r', 't', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wessner.co", true */ 'w', 'e', 's', 's', 'n', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "wessner.org", true */ 'w', 'e', 's', 's', 'n', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "west-wind.net", true */ 'w', 'e', 's', 't', '-', 'w', 'i', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "westcarrollton.org", true */ 'w', 'e', 's', 't', 'c', 'a', 'r', 'r', 'o', 'l', 'l', 't', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "westcentenaryscouts.org.au", true */ 'w', 'e', 's', 't', 'c', 'e', 'n', 't', 'e', 'n', 'a', 'r', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "westcoastcastles.com", true */ 'w', 'e', 's', 't', 'c', 'o', 'a', 's', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "westcountrystalking.com", true */ 'w', 'e', 's', 't', 'c', 'o', 'u', 'n', 't', 'r', 'y', 's', 't', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "westendwifi.net", true */ 'w', 'e', 's', 't', 'e', 'n', 'd', 'w', 'i', 'f', 'i', '.', 'n', 'e', 't', '\0',
+  /* "westeros.hu", true */ 'w', 'e', 's', 't', 'e', 'r', 'o', 's', '.', 'h', 'u', '\0',
+  /* "westhighlandwhiteterrier.com.br", true */ 'w', 'e', 's', 't', 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 'w', 'h', 'i', 't', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "westhillselectrical.com", true */ 'w', 'e', 's', 't', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "westlakevillageelectrical.com", true */ 'w', 'e', 's', 't', 'l', 'a', 'k', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "westlights.net", true */ 'w', 'e', 's', 't', 'l', 'i', 'g', 'h', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "westmead.org", true */ 'w', 'e', 's', 't', 'm', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "westmeadapartments.com.au", true */ 'w', 'e', 's', 't', 'm', 'e', 'a', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "westmidlandsbouncycastlehire.co.uk", true */ 'w', 'e', 's', 't', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "westmidlandsinflatables.co.uk", true */ 'w', 'e', 's', 't', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "westsuburbanbank.com", true */ 'w', 'e', 's', 't', 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "westtulsa.com", true */ 'w', 'e', 's', 't', 't', 'u', 'l', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "westwood.no", true */ 'w', 'e', 's', 't', 'w', 'o', 'o', 'd', '.', 'n', 'o', '\0',
+  /* "wetherbymethodist.org.uk", true */ 'w', 'e', 't', 'h', 'e', 'r', 'b', 'y', 'm', 'e', 't', 'h', 'o', 'd', 'i', 's', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "wetherbyweather.org.uk", true */ 'w', 'e', 't', 'h', 'e', 'r', 'b', 'y', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "wetofu.top", true */ 'w', 'e', 't', 'o', 'f', 'u', '.', 't', 'o', 'p', '\0',
+  /* "wevenues.com", true */ 'w', 'e', 'v', 'e', 'n', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wexfordbouncycastles.ie", true */ 'w', 'e', 'x', 'f', 'o', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "weyland-yutani.org", true */ 'w', 'e', 'y', 'l', 'a', 'n', 'd', '-', 'y', 'u', 't', 'a', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "weyland.tech", true */ 'w', 'e', 'y', 'l', 'a', 'n', 'd', '.', 't', 'e', 'c', 'h', '\0',
+  /* "wf-bigsky-master.appspot.com", true */ 'w', 'f', '-', 'b', 'i', 'g', 's', 'k', 'y', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-demo-eu.appspot.com", true */ 'w', 'f', '-', 'd', 'e', 'm', 'o', '-', 'e', 'u', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-demo-hrd.appspot.com", true */ 'w', 'f', '-', 'd', 'e', 'm', 'o', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-dogfood-hrd.appspot.com", true */ 'w', 'f', '-', 'd', 'o', 'g', 'f', 'o', 'o', 'd', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-hosting.de", true */ 'w', 'f', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "wf-pentest.appspot.com", true */ 'w', 'f', '-', 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-staging-hr.appspot.com", true */ 'w', 'f', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '-', 'h', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-training-hrd.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-training-master.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-trial-hrd.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'i', 'a', 'l', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wfh.ovh", true */ 'w', 'f', 'h', '.', 'o', 'v', 'h', '\0',
+  /* "wfh.se", true */ 'w', 'f', 'h', '.', 's', 'e', '\0',
+  /* "wg3k.us", true */ 'w', 'g', '3', 'k', '.', 'u', 's', '\0',
+  /* "wgom.org", true */ 'w', 'g', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "wgraphics.ru", true */ 'w', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '.', 'r', 'u', '\0',
+  /* "wh-guide.de", true */ 'w', 'h', '-', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "whanau.org", true */ 'w', 'h', 'a', 'n', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "whatagreatwebsite.net", true */ 'w', 'h', 'a', 't', 'a', 'g', 'r', 'e', 'a', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "whatanime.ga", true */ 'w', 'h', 'a', 't', 'a', 'n', 'i', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "whatarepatentsfor.com", true */ 'w', 'h', 'a', 't', 'a', 'r', 'e', 'p', 'a', 't', 'e', 'n', 't', 's', 'f', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "whatisl.ovh", true */ 'w', 'h', 'a', 't', 'i', 's', 'l', '.', 'o', 'v', 'h', '\0',
+  /* "whatismyipaddress.ca", true */ 'w', 'h', 'a', 't', 'i', 's', 'm', 'y', 'i', 'p', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'a', '\0',
+  /* "whatsahoy.com", true */ 'w', 'h', 'a', 't', 's', 'a', 'h', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "whatsapp.com", true */ 'w', 'h', 'a', 't', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "whatsmychaincert.com", true */ 'w', 'h', 'a', 't', 's', 'm', 'y', 'c', 'h', 'a', 'i', 'n', 'c', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "whatsupgold.com.tw", true */ 'w', 'h', 'a', 't', 's', 'u', 'p', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "whatsupoutdoor.com", true */ 'w', 'h', 'a', 't', 's', 'u', 'p', 'o', 'u', 't', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "whatwebcando.today", true */ 'w', 'h', 'a', 't', 'w', 'e', 'b', 'c', 'a', 'n', 'd', 'o', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "whatwg.org", true */ 'w', 'h', 'a', 't', 'w', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "whd-guide.de", true */ 'w', 'h', 'd', '-', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "wheatgra.in", true */ 'w', 'h', 'e', 'a', 't', 'g', 'r', 'a', '.', 'i', 'n', '\0',
+  /* "wheatley.nl", true */ 'w', 'h', 'e', 'a', 't', 'l', 'e', 'y', '.', 'n', 'l', '\0',
+  /* "wheeler.kiwi.nz", true */ 'w', 'h', 'e', 'e', 'l', 'e', 'r', '.', 'k', 'i', 'w', 'i', '.', 'n', 'z', '\0',
+  /* "wheelwide.co.uk", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'i', 'd', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wheelwork.org", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wheelwright.org", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'r', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "when-release.com", true */ 'w', 'h', 'e', 'n', '-', 'r', 'e', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "when.fm", true */ 'w', 'h', 'e', 'n', '.', 'f', 'm', '\0',
+  /* "where2trip.com", true */ 'w', 'h', 'e', 'r', 'e', '2', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "whereiszakir.com", true */ 'w', 'h', 'e', 'r', 'e', 'i', 's', 'z', 'a', 'k', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wherephoto.com", false */ 'w', 'h', 'e', 'r', 'e', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "whey-protein.ch", true */ 'w', 'h', 'e', 'y', '-', 'p', 'r', 'o', 't', 'e', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "whiletrue.run", true */ 'w', 'h', 'i', 'l', 'e', 't', 'r', 'u', 'e', '.', 'r', 'u', 'n', '\0',
+  /* "whing.org", true */ 'w', 'h', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "whipnic.com", true */ 'w', 'h', 'i', 'p', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "whisky-circle.info", true */ 'w', 'h', 'i', 's', 'k', 'y', '-', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "whiskynerd.ca", true */ 'w', 'h', 'i', 's', 'k', 'y', 'n', 'e', 'r', 'd', '.', 'c', 'a', '\0',
+  /* "whisp.ly", false */ 'w', 'h', 'i', 's', 'p', '.', 'l', 'y', '\0',
+  /* "whispeer.de", true */ 'w', 'h', 'i', 's', 'p', 'e', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "whisperinghoperanch.org", true */ 'w', 'h', 'i', 's', 'p', 'e', 'r', 'i', 'n', 'g', 'h', 'o', 'p', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "whisperlab.org", true */ 'w', 'h', 'i', 's', 'p', 'e', 'r', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "whistleb.com", true */ 'w', 'h', 'i', 's', 't', 'l', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "whistleblower.gov", true */ 'w', 'h', 'i', 's', 't', 'l', 'e', 'b', 'l', 'o', 'w', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "whitby-brewery.com", true */ 'w', 'h', 'i', 't', 'b', 'y', '-', 'b', 'r', 'e', 'w', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "whitealps.at", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'a', 't', '\0',
+  /* "whitealps.be", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'b', 'e', '\0',
+  /* "whitealps.ch", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'c', 'h', '\0',
+  /* "whitealps.de", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'd', 'e', '\0',
+  /* "whitealps.fr", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'f', 'r', '\0',
+  /* "whitealps.net", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "whitefm.ch", true */ 'w', 'h', 'i', 't', 'e', 'f', 'm', '.', 'c', 'h', '\0',
+  /* "whitehathackers.com.br", true */ 'w', 'h', 'i', 't', 'e', 'h', 'a', 't', 'h', 'a', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "whitehouse.gov", true */ 'w', 'h', 'i', 't', 'e', 'h', 'o', 'u', 's', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "whiteink.com", true */ 'w', 'h', 'i', 't', 'e', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "whitejaguars.com", true */ 'w', 'h', 'i', 't', 'e', 'j', 'a', 'g', 'u', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "whitelabelcashback.nl", true */ 'w', 'h', 'i', 't', 'e', 'l', 'a', 'b', 'e', 'l', 'c', 'a', 's', 'h', 'b', 'a', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "whitelabeltickets.com", true */ 'w', 'h', 'i', 't', 'e', 'l', 'a', 'b', 'e', 'l', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "whitepharmacy.co.uk", true */ 'w', 'h', 'i', 't', 'e', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "whiteroom.agency", true */ 'w', 'h', 'i', 't', 'e', 'r', 'o', 'o', 'm', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "whiteshadowimperium.com", true */ 'w', 'h', 'i', 't', 'e', 's', 'h', 'a', 'd', 'o', 'w', 'i', 'm', 'p', 'e', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "whitkirkartsguild.com", true */ 'w', 'h', 'i', 't', 'k', 'i', 'r', 'k', 'a', 'r', 't', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "whitkirkchurch.org.uk", true */ 'w', 'h', 'i', 't', 'k', 'i', 'r', 'k', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "whizzzbang.co.uk", true */ 'w', 'h', 'i', 'z', 'z', 'z', 'b', 'a', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "whmcs.hosting", true */ 'w', 'h', 'm', 'c', 's', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "who-calledme.com", true */ 'w', 'h', 'o', '-', 'c', 'a', 'l', 'l', 'e', 'd', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "who.pm", true */ 'w', 'h', 'o', '.', 'p', 'm', '\0',
+  /* "whocalld.com", true */ 'w', 'h', 'o', 'c', 'a', 'l', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "whocalled.us", true */ 'w', 'h', 'o', 'c', 'a', 'l', 'l', 'e', 'd', '.', 'u', 's', '\0',
+  /* "whoimg.com", true */ 'w', 'h', 'o', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "whoisthenightking.com", true */ 'w', 'h', 'o', 'i', 's', 't', 'h', 'e', 'n', 'i', 'g', 'h', 't', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "whoiswp.com", true */ 'w', 'h', 'o', 'i', 's', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wholelotofbounce.co.uk", false */ 'w', 'h', 'o', 'l', 'e', 'l', 'o', 't', 'o', 'f', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wholesalecbd.com", true */ 'w', 'h', 'o', 'l', 'e', 's', 'a', 'l', 'e', 'c', 'b', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wholikes.us", true */ 'w', 'h', 'o', 'l', 'i', 'k', 'e', 's', '.', 'u', 's', '\0',
+  /* "whoneedstobeprimaried.today", true */ 'w', 'h', 'o', 'n', 'e', 'e', 'd', 's', 't', 'o', 'b', 'e', 'p', 'r', 'i', 'm', 'a', 'r', 'i', 'e', 'd', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "whonix.org", true */ 'w', 'h', 'o', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "whoownsmyavailability.com", true */ 'w', 'h', 'o', 'o', 'w', 'n', 's', 'm', 'y', 'a', 'v', 'a', 'i', 'l', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "whoturgled.com", true */ 'w', 'h', 'o', 't', 'u', 'r', 'g', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "why-brexit.uk", true */ 'w', 'h', 'y', '-', 'b', 'r', 'e', 'x', 'i', 't', '.', 'u', 'k', '\0',
+  /* "whyopencomputing.ch", true */ 'w', 'h', 'y', 'o', 'p', 'e', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "whyopencomputing.com", true */ 'w', 'h', 'y', 'o', 'p', 'e', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "whyworldhot.com", true */ 'w', 'h', 'y', 'w', 'o', 'r', 'l', 'd', 'h', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wiapply.com", true */ 'w', 'i', 'a', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wibbe.link", true */ 'w', 'i', 'b', 'b', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "wiberg.nu", true */ 'w', 'i', 'b', 'e', 'r', 'g', '.', 'n', 'u', '\0',
+  /* "wickrath.net", true */ 'w', 'i', 'c', 'k', 'r', 'a', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "widdleguy.com", true */ 'w', 'i', 'd', 'd', 'l', 'e', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wideboxmacau.com", false */ 'w', 'i', 'd', 'e', 'b', 'o', 'x', 'm', 'a', 'c', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "widegab.com", true */ 'w', 'i', 'd', 'e', 'g', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wideinfo.org", true */ 'w', 'i', 'd', 'e', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "widemann.de", true */ 'w', 'i', 'd', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "widememory.com", true */ 'w', 'i', 'd', 'e', 'm', 'e', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "widenews.org", true */ 'w', 'i', 'd', 'e', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "widmer.bz", true */ 'w', 'i', 'd', 'm', 'e', 'r', '.', 'b', 'z', '\0',
+  /* "widsl.de", true */ 'w', 'i', 'd', 's', 'l', '.', 'd', 'e', '\0',
+  /* "wiebetaaltdat.nl", true */ 'w', 'i', 'e', 'b', 'e', 't', 'a', 'a', 'l', 't', 'd', 'a', 't', '.', 'n', 'l', '\0',
+  /* "wieckiewicz.org", true */ 'w', 'i', 'e', 'c', 'k', 'i', 'e', 'w', 'i', 'c', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "wiedmeyer.de", true */ 'w', 'i', 'e', 'd', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wiedu.net", true */ 'w', 'i', 'e', 'd', 'u', '.', 'n', 'e', 't', '\0',
+  /* "wiegedaten.de", true */ 'w', 'i', 'e', 'g', 'e', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wien52.at", true */ 'w', 'i', 'e', 'n', '5', '2', '.', 'a', 't', '\0',
+  /* "wieneck-bauelemente.de", true */ 'w', 'i', 'e', 'n', 'e', 'c', 'k', '-', 'b', 'a', 'u', 'e', 'l', 'e', 'm', 'e', 'n', 't', 'e', '.', 'd', 'e', '\0',
+  /* "wienergyjobs.com", true */ 'w', 'i', 'e', 'n', 'e', 'r', 'g', 'y', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wienerwichtelchallenge.at", true */ 'w', 'i', 'e', 'n', 'e', 'r', 'w', 'i', 'c', 'h', 't', 'e', 'l', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'a', 't', '\0',
+  /* "wieobensounten.de", true */ 'w', 'i', 'e', 'o', 'b', 'e', 'n', 's', 'o', 'u', 'n', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wifi-hack.com", true */ 'w', 'i', 'f', 'i', '-', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wifi-names.com", true */ 'w', 'i', 'f', 'i', '-', 'n', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wifimask.com", true */ 'w', 'i', 'f', 'i', 'm', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wifipineapple.com", true */ 'w', 'i', 'f', 'i', 'p', 'i', 'n', 'e', 'a', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wifirst.net", true */ 'w', 'i', 'f', 'i', 'r', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "wifree.lv", true */ 'w', 'i', 'f', 'r', 'e', 'e', '.', 'l', 'v', '\0',
+  /* "wigggle.it", true */ 'w', 'i', 'g', 'g', 'g', 'l', 'e', '.', 'i', 't', '\0',
+  /* "wigle.net", true */ 'w', 'i', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wiiaam.com", true */ 'w', 'i', 'i', 'a', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wiimotion.de", true */ 'w', 'i', 'i', 'm', 'o', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "wijnservices.nl", false */ 'w', 'i', 'j', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0',
+  /* "wiki-play.ru", true */ 'w', 'i', 'k', 'i', '-', 'p', 'l', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "wiki.python.org", true */ 'w', 'i', 'k', 'i', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "wikibooks.org", true */ 'w', 'i', 'k', 'i', 'b', 'o', 'o', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wikibulz.com", true */ 'w', 'i', 'k', 'i', 'b', 'u', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "wikidata.org", true */ 'w', 'i', 'k', 'i', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wikidsystems.com", false */ 'w', 'i', 'k', 'i', 'd', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wikileaks.com", true */ 'w', 'i', 'k', 'i', 'l', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wikileaks.org", true */ 'w', 'i', 'k', 'i', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wikimedia.org", true */ 'w', 'i', 'k', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wikimediafoundation.org", true */ 'w', 'i', 'k', 'i', 'm', 'e', 'd', 'i', 'a', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "wikimilk.org", true */ 'w', 'i', 'k', 'i', 'm', 'i', 'l', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wikinews.org", true */ 'w', 'i', 'k', 'i', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wikipedia.org", true */ 'w', 'i', 'k', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wikiquote.org", true */ 'w', 'i', 'k', 'i', 'q', 'u', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wikisource.org", true */ 'w', 'i', 'k', 'i', 's', 'o', 'u', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wikiversity.org", true */ 'w', 'i', 'k', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "wikivisually.com", true */ 'w', 'i', 'k', 'i', 'v', 'i', 's', 'u', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wikivoyage.org", true */ 'w', 'i', 'k', 'i', 'v', 'o', 'y', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wiktionary.org", true */ 'w', 'i', 'k', 't', 'i', 'o', 'n', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "wiktoriaslife.com", true */ 'w', 'i', 'k', 't', 'o', 'r', 'i', 'a', 's', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wilane.org", true */ 'w', 'i', 'l', 'a', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wilcodeboer.me", true */ 'w', 'i', 'l', 'c', 'o', 'd', 'e', 'b', 'o', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "wild-emotion-events.de", true */ 'w', 'i', 'l', 'd', '-', 'e', 'm', 'o', 't', 'i', 'o', 'n', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'd', 'e', '\0',
+  /* "wild-turtles.com", true */ 'w', 'i', 'l', 'd', '-', 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wildbirds.dk", true */ 'w', 'i', 'l', 'd', 'b', 'i', 'r', 'd', 's', '.', 'd', 'k', '\0',
+  /* "wildboaratvparts.com", true */ 'w', 'i', 'l', 'd', 'b', 'o', 'a', 'r', 'a', 't', 'v', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wildcard.hu", true */ 'w', 'i', 'l', 'd', 'c', 'a', 'r', 'd', '.', 'h', 'u', '\0',
+  /* "wilddogdesign.co.uk", true */ 'w', 'i', 'l', 'd', 'd', 'o', 'g', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wildlifeadaptationstrategy.gov", true */ 'w', 'i', 'l', 'd', 'l', 'i', 'f', 'e', 'a', 'd', 'a', 'p', 't', 'a', 't', 'i', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "wildnisfamilie.net", true */ 'w', 'i', 'l', 'd', 'n', 'i', 's', 'f', 'a', 'm', 'i', 'l', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wildtrip.blog", true */ 'w', 'i', 'l', 'd', 't', 'r', 'i', 'p', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "wildwildtravel.com", true */ 'w', 'i', 'l', 'd', 'w', 'i', 'l', 'd', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wilfrid-calixte.fr", true */ 'w', 'i', 'l', 'f', 'r', 'i', 'd', '-', 'c', 'a', 'l', 'i', 'x', 't', 'e', '.', 'f', 'r', '\0',
+  /* "wili.li", true */ 'w', 'i', 'l', 'i', '.', 'l', 'i', '\0',
+  /* "wiliquet.net", true */ 'w', 'i', 'l', 'i', 'q', 'u', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "willbarnesphotography.co.uk", true */ 'w', 'i', 'l', 'l', 'b', 'a', 'r', 'n', 'e', 's', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "willberg.bayern", true */ 'w', 'i', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "willekeinden.nl", true */ 'w', 'i', 'l', 'l', 'e', 'k', 'e', 'i', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "willeminfo.ch", true */ 'w', 'i', 'l', 'l', 'e', 'm', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "willems-kristiansen.dk", true */ 'w', 'i', 'l', 'l', 'e', 'm', 's', '-', 'k', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "willemsjort.be", true */ 'w', 'i', 'l', 'l', 'e', 'm', 's', 'j', 'o', 'r', 't', '.', 'b', 'e', '\0',
+  /* "willfarrell.ca", true */ 'w', 'i', 'l', 'l', 'f', 'a', 'r', 'r', 'e', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "willi-graf-gymnasium.de", true */ 'w', 'i', 'l', 'l', 'i', '-', 'g', 'r', 'a', 'f', '-', 'g', 'y', 'm', 'n', 'a', 's', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "willi-graf-os.de", true */ 'w', 'i', 'l', 'l', 'i', '-', 'g', 'r', 'a', 'f', '-', 'o', 's', '.', 'd', 'e', '\0',
+  /* "williamboundsltd.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'b', 'o', 'u', 'n', 'd', 's', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "williamfeely.info", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'f', 'e', 'e', 'l', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "williamjohngauthier.net", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'j', 'o', 'h', 'n', 'g', 'a', 'u', 't', 'h', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "williamsonshore.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', 'o', 'n', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "williamsportmortgages.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', 'p', 'o', 'r', 't', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "willnorris.com", true */ 'w', 'i', 'l', 'l', 'n', 'o', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "willow.technology", true */ 'w', 'i', 'l', 'l', 'o', 'w', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "willowdalechurch.ca", true */ 'w', 'i', 'l', 'l', 'o', 'w', 'd', 'a', 'l', 'e', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "wills.co.tt", true */ 'w', 'i', 'l', 'l', 's', '.', 'c', 'o', '.', 't', 't', '\0',
+  /* "willstamper.name", true */ 'w', 'i', 'l', 'l', 's', 't', 'a', 'm', 'p', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "willywangstory.com", true */ 'w', 'i', 'l', 'l', 'y', 'w', 'a', 'n', 'g', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wilseyrealty.com", true */ 'w', 'i', 'l', 's', 'e', 'y', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wilsonovi.com", true */ 'w', 'i', 'l', 's', 'o', 'n', 'o', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wimachtendienk.com", true */ 'w', 'i', 'm', 'a', 'c', 'h', 't', 'e', 'n', 'd', 'i', 'e', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wimbo.nl", true */ 'w', 'i', 'm', 'b', 'o', '.', 'n', 'l', '\0',
+  /* "wimpernforyou.de", true */ 'w', 'i', 'm', 'p', 'e', 'r', 'n', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "win7stylebuilder.com", false */ 'w', 'i', 'n', '7', 's', 't', 'y', 'l', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "winbuzzer.com", true */ 'w', 'i', 'n', 'b', 'u', 'z', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wind.moe", true */ 'w', 'i', 'n', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "windelnkaufen24.de", true */ 'w', 'i', 'n', 'd', 'e', 'l', 'n', 'k', 'a', 'u', 'f', 'e', 'n', '2', '4', '.', 'd', 'e', '\0',
+  /* "windhaven.nl", false */ 'w', 'i', 'n', 'd', 'h', 'a', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "windholz.us", true */ 'w', 'i', 'n', 'd', 'h', 'o', 'l', 'z', '.', 'u', 's', '\0',
+  /* "windowcleaningexperts.net", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "windows10insider.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', '1', '0', 'i', 'n', 's', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "windowsnerd.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "windowstech.it", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', 't', 'e', 'c', 'h', '.', 'i', 't', '\0',
+  /* "windowwellcovers.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'w', 'e', 'l', 'l', 'c', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "windowwellexperts.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'w', 'e', 'l', 'l', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "windrunner.se", true */ 'w', 'i', 'n', 'd', 'r', 'u', 'n', 'n', 'e', 'r', '.', 's', 'e', '\0',
+  /* "windscribe.com", true */ 'w', 'i', 'n', 'd', 's', 'c', 'r', 'i', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "windsock-app.com", true */ 'w', 'i', 'n', 'd', 's', 'o', 'c', 'k', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "windwoodmedia.com", true */ 'w', 'i', 'n', 'd', 'w', 'o', 'o', 'd', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "windwoodweb.com", true */ 'w', 'i', 'n', 'd', 'w', 'o', 'o', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "windycitydubfest.com", true */ 'w', 'i', 'n', 'd', 'y', 'c', 'i', 't', 'y', 'd', 'u', 'b', 'f', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wine-importer.ru", true */ 'w', 'i', 'n', 'e', '-', 'i', 'm', 'p', 'o', 'r', 't', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "winebid.com", true */ 'w', 'i', 'n', 'e', 'b', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wineworksonline.com", true */ 'w', 'i', 'n', 'e', 'w', 'o', 'r', 'k', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "winfieldchen.me", true */ 'w', 'i', 'n', 'f', 'i', 'e', 'l', 'd', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "winghill.com", false */ 'w', 'i', 'n', 'g', 'h', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "winhistory-forum.net", true */ 'w', 'i', 'n', 'h', 'i', 's', 't', 'o', 'r', 'y', '-', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "winmodels.org", true */ 'w', 'i', 'n', 'm', 'o', 'd', 'e', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "winmodels.ru", true */ 'w', 'i', 'n', 'm', 'o', 'd', 'e', 'l', 's', '.', 'r', 'u', '\0',
+  /* "winphonemetro.com", true */ 'w', 'i', 'n', 'p', 'h', 'o', 'n', 'e', 'm', 'e', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "winsome.world", true */ 'w', 'i', 'n', 's', 'o', 'm', 'e', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "wint.global", true */ 'w', 'i', 'n', 't', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "winter-elektro.de", true */ 'w', 'i', 'n', 't', 'e', 'r', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "winter.engineering", false */ 'w', 'i', 'n', 't', 'e', 'r', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "winterbergwebcams.com", true */ 'w', 'i', 'n', 't', 'e', 'r', 'b', 'e', 'r', 'g', 'w', 'e', 'b', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "winterfeldt.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'f', 'e', 'l', 'd', 't', '.', 'd', 'e', '\0',
+  /* "winterhillbank.com", true */ 'w', 'i', 'n', 't', 'e', 'r', 'h', 'i', 'l', 'l', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wintermeyer-consulting.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'm', 'e', 'y', 'e', 'r', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "wintermeyer.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "winterschoen.nl", true */ 'w', 'i', 'n', 't', 'e', 'r', 's', 'c', 'h', 'o', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "wintodoor.com", true */ 'w', 'i', 'n', 't', 'o', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wipswiss.ch", true */ 'w', 'i', 'p', 's', 'w', 'i', 's', 's', '.', 'c', 'h', '\0',
+  /* "wir-bewegen.sh", true */ 'w', 'i', 'r', '-', 'b', 'e', 'w', 'e', 'g', 'e', 'n', '.', 's', 'h', '\0',
+  /* "wirbatz.org", true */ 'w', 'i', 'r', 'b', 'a', 't', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "wircon-int.net", true */ 'w', 'i', 'r', 'c', 'o', 'n', '-', 'i', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "wiredcut.com", true */ 'w', 'i', 'r', 'e', 'd', 'c', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wireheading.com", true */ 'w', 'i', 'r', 'e', 'h', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wireless-emergency-stop.com", true */ 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', '-', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '-', 's', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wirelesswatch.com.au", true */ 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wireshark.org", true */ 'w', 'i', 'r', 'e', 's', 'h', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wiretime.de", true */ 'w', 'i', 'r', 'e', 't', 'i', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "wiretrip.io", true */ 'w', 'i', 'r', 'e', 't', 'r', 'i', 'p', '.', 'i', 'o', '\0',
+  /* "wirhabenspass.de", true */ 'w', 'i', 'r', 'h', 'a', 'b', 'e', 'n', 's', 'p', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "wirkstoffreich.de", true */ 'w', 'i', 'r', 'k', 's', 't', 'o', 'f', 'f', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "wirralbouncycastles.co.uk", true */ 'w', 'i', 'r', 'r', 'a', 'l', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wirsol.com", true */ 'w', 'i', 'r', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wis.no", true */ 'w', 'i', 's', '.', 'n', 'o', '\0',
+  /* "wisdomize.me", true */ 'w', 'i', 's', 'd', 'o', 'm', 'i', 'z', 'e', '.', 'm', 'e', '\0',
+  /* "wiseflat.com", true */ 'w', 'i', 's', 'e', 'f', 'l', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wisper.net.au", true */ 'w', 'i', 's', 'p', 'e', 'r', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "wispsuperfoods.com", true */ 'w', 'i', 's', 'p', 's', 'u', 'p', 'e', 'r', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wisv.ch", true */ 'w', 'i', 's', 'v', '.', 'c', 'h', '\0',
+  /* "wisweb.no", true */ 'w', 'i', 's', 'w', 'e', 'b', '.', 'n', 'o', '\0',
+  /* "wit.ai", true */ 'w', 'i', 't', '.', 'a', 'i', '\0',
+  /* "witae.com", true */ 'w', 'i', 't', 'a', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "withgoogle.com", true */ 'w', 'i', 't', 'h', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "withinsecurity.com", true */ 'w', 'i', 't', 'h', 'i', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "withlocals.com", true */ 'w', 'i', 't', 'h', 'l', 'o', 'c', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "withoutacrystalball.com", true */ 'w', 'i', 't', 'h', 'o', 'u', 't', 'a', 'c', 'r', 'y', 's', 't', 'a', 'l', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "withyoutube.com", true */ 'w', 'i', 't', 'h', 'y', 'o', 'u', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "witneywaterpolo.org.uk", true */ 'w', 'i', 't', 'n', 'e', 'y', 'w', 'a', 't', 'e', 'r', 'p', 'o', 'l', 'o', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "witt-international.co.uk", true */ 'w', 'i', 't', 't', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wittepapaver.nl", true */ 'w', 'i', 't', 't', 'e', 'p', 'a', 'p', 'a', 'v', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "witting.co", true */ 'w', 'i', 't', 't', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "witway.nl", false */ 'w', 'i', 't', 'w', 'a', 'y', '.', 'n', 'l', '\0',
+  /* "wivoc.nl", true */ 'w', 'i', 'v', 'o', 'c', '.', 'n', 'l', '\0',
+  /* "wiz.at", true */ 'w', 'i', 'z', '.', 'a', 't', '\0',
+  /* "wiz.farm", true */ 'w', 'i', 'z', '.', 'f', 'a', 'r', 'm', '\0',
+  /* "wizard.gov", true */ 'w', 'i', 'z', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "wizardbouncycastles.co.uk", true */ 'w', 'i', 'z', 'a', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wizardspire.com", true */ 'w', 'i', 'z', 'a', 'r', 'd', 's', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wizzley.com", false */ 'w', 'i', 'z', 'z', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wizzr.nl", true */ 'w', 'i', 'z', 'z', 'r', '.', 'n', 'l', '\0',
+  /* "wj0666.com", true */ 'w', 'j', '0', '6', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "wjbolles.com", true */ 'w', 'j', 'b', 'o', 'l', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wje-online.de", true */ 'w', 'j', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "wjg.ca", true */ 'w', 'j', 'g', '.', 'c', 'a', '\0',
+  /* "wjg.dk", true */ 'w', 'j', 'g', '.', 'd', 'k', '\0',
+  /* "wjglerum.nl", true */ 'w', 'j', 'g', 'l', 'e', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "wjm2038.me", true */ 'w', 'j', 'm', '2', '0', '3', '8', '.', 'm', 'e', '\0',
+  /* "wk577.com", true */ 'w', 'k', '5', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wkennington.com", true */ 'w', 'k', 'e', 'n', 'n', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "wkv.com", true */ 'w', 'k', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "wkz.io", true */ 'w', 'k', 'z', '.', 'i', 'o', '\0',
+  /* "wlaws.com", true */ 'w', 'l', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wlci.gov", true */ 'w', 'l', 'c', 'i', '.', 'g', 'o', 'v', '\0',
+  /* "wlog.it", true */ 'w', 'l', 'o', 'g', '.', 'i', 't', '\0',
+  /* "wlsme.org", true */ 'w', 'l', 's', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wlt.ca", true */ 'w', 'l', 't', '.', 'c', 'a', '\0',
+  /* "wltix.com", true */ 'w', 'l', 't', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "wm-talk.net", true */ 'w', 'm', '-', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0',
+  /* "wmaccess.com", true */ 'w', 'm', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wmfusercontent.org", true */ 'w', 'm', 'f', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "wmkowa.de", true */ 'w', 'm', 'k', 'o', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "wmustore.com", true */ 'w', 'm', 'u', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wnmed.com.au", true */ 'w', 'n', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wnu.com", true */ 'w', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "wo-ist-elvira.net", true */ 'w', 'o', '-', 'i', 's', 't', '-', 'e', 'l', 'v', 'i', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "wo2forum.nl", true */ 'w', 'o', '2', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "wobble.ninja", true */ 'w', 'o', 'b', 'b', 'l', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "wobblywotnotz.co.uk", true */ 'w', 'o', 'b', 'b', 'l', 'y', 'w', 'o', 't', 'n', 'o', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wochennummern.de", true */ 'w', 'o', 'c', 'h', 'e', 'n', 'n', 'u', 'm', 'm', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "wod-stavby.cz", true */ 'w', 'o', 'd', '-', 's', 't', 'a', 'v', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "wodboss.com", true */ 'w', 'o', 'd', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wodinaz.com", true */ 'w', 'o', 'd', 'i', 'n', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "wodka-division.de", true */ 'w', 'o', 'd', 'k', 'a', '-', 'd', 'i', 'v', 'i', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "woelkchen.me", true */ 'w', 'o', 'e', 'l', 'k', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "wofford-ecs.org", true */ 'w', 'o', 'f', 'f', 'o', 'r', 'd', '-', 'e', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "woffs.de", true */ 'w', 'o', 'f', 'f', 's', '.', 'd', 'e', '\0',
+  /* "wogo.org", true */ 'w', 'o', 'g', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "woheni.de", true */ 'w', 'o', 'h', 'e', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "wohlgemuth.rocks", true */ 'w', 'o', 'h', 'l', 'g', 'e', 'm', 'u', 't', 'h', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "wohnbegleitung.ch", true */ 'w', 'o', 'h', 'n', 'b', 'e', 'g', 'l', 'e', 'i', 't', 'u', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "wohnsitz-ausland.com", true */ 'w', 'o', 'h', 'n', 's', 'i', 't', 'z', '-', 'a', 'u', 's', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "woi.vision", true */ 'w', 'o', 'i', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0',
+  /* "wokeai.net", true */ 'w', 'o', 'k', 'e', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "wolf-squad.de", false */ 'w', 'o', 'l', 'f', '-', 's', 'q', 'u', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "wolfachtal-alpaka.de", true */ 'w', 'o', 'l', 'f', 'a', 'c', 'h', 't', 'a', 'l', '-', 'a', 'l', 'p', 'a', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "wolferstetterkeller.de", true */ 'w', 'o', 'l', 'f', 'e', 'r', 's', 't', 'e', 't', 't', 'e', 'r', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wolfgang-braun.info", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'b', 'r', 'a', 'u', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wolfgang-kerschbaumer.at", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'a', 't', '\0',
+  /* "wolfgang-kerschbaumer.com", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wolfgang-kerschbaumer.net", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "wolfgang-ziegler.com", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'z', 'i', 'e', 'g', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wolfie.ovh", true */ 'w', 'o', 'l', 'f', 'i', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "wolfpa.ws", true */ 'w', 'o', 'l', 'f', 'p', 'a', '.', 'w', 's', '\0',
+  /* "wolfram.io", true */ 'w', 'o', 'l', 'f', 'r', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "wolfsden.cz", true */ 'w', 'o', 'l', 'f', 's', 'd', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "wolfy1339.com", true */ 'w', 'o', 'l', 'f', 'y', '1', '3', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "wolkenspeicher.org", true */ 'w', 'o', 'l', 'k', 'e', 'n', 's', 'p', 'e', 'i', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "wollekorb.de", true */ 'w', 'o', 'l', 'l', 'e', 'k', 'o', 'r', 'b', '.', 'd', 'e', '\0',
+  /* "wollongongbaptist.hopto.org", true */ 'w', 'o', 'l', 'l', 'o', 'n', 'g', 'o', 'n', 'g', 'b', 'a', 'p', 't', 'i', 's', 't', '.', 'h', 'o', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "wollwerk.org", true */ 'w', 'o', 'l', 'l', 'w', 'e', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wolszon.me", true */ 'w', 'o', 'l', 's', 'z', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "womb.city", true */ 'w', 'o', 'm', 'b', '.', 'c', 'i', 't', 'y', '\0',
+  /* "wombatalla.com.au", true */ 'w', 'o', 'm', 'b', 'a', 't', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wombats.net", true */ 'w', 'o', 'm', 'b', 'a', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "women-only.net", true */ 'w', 'o', 'm', 'e', 'n', '-', 'o', 'n', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "womenshairlossproject.com", true */ 'w', 'o', 'm', 'e', 'n', 's', 'h', 'a', 'i', 'r', 'l', 'o', 's', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wonabo.com", true */ 'w', 'o', 'n', 'a', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wonderbill.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wondergorilla.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'g', 'o', 'r', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wonderhost.info", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'h', 'o', 's', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wonderhowto.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'h', 'o', 'w', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wonderlandmovies.de", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', 'm', 'o', 'v', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "wondermags.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'm', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wondershift.biz", true */ 'w', 'o', 'n', 'd', 'e', 'r', 's', 'h', 'i', 'f', 't', '.', 'b', 'i', 'z', '\0',
+  /* "woodbury.io", true */ 'w', 'o', 'o', 'd', 'b', 'u', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "woodev.us", true */ 'w', 'o', 'o', 'd', 'e', 'v', '.', 'u', 's', '\0',
+  /* "woodlandhillselectrical.com", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "woodlandsmetro.church", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', 'm', 'e', 't', 'r', 'o', '.', 'c', 'h', 'u', 'r', 'c', 'h', '\0',
+  /* "woodlandsvale.uk", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', 'v', 'a', 'l', 'e', '.', 'u', 'k', '\0',
+  /* "woodlandwindows.com", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "woodomat.com", true */ 'w', 'o', 'o', 'd', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "woodsidepottery.ca", true */ 'w', 'o', 'o', 'd', 's', 'i', 'd', 'e', 'p', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "woof.gq", true */ 'w', 'o', 'o', 'f', '.', 'g', 'q', '\0',
+  /* "woohooyeah.nl", true */ 'w', 'o', 'o', 'h', 'o', 'o', 'y', 'e', 'a', 'h', '.', 'n', 'l', '\0',
+  /* "woontegelwinkel.nl", true */ 'w', 'o', 'o', 'n', 't', 'e', 'g', 'e', 'l', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "wooplagaming.com", true */ 'w', 'o', 'o', 'p', 'l', 'a', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wootware.co.za", true */ 'w', 'o', 'o', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "worcade.net", true */ 'w', 'o', 'r', 'c', 'a', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "worcesterbouncycastlehire.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worcesterbouncycastles.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worcesterdance.org", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'd', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "worcesterfestival.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "word-grabber.com", true */ 'w', 'o', 'r', 'd', '-', 'g', 'r', 'a', 'b', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wordbits.net", true */ 'w', 'o', 'r', 'd', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "wordcounter.net", true */ 'w', 'o', 'r', 'd', 'c', 'o', 'u', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "wordher.com", true */ 'w', 'o', 'r', 'd', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wordplay.one", true */ 'w', 'o', 'r', 'd', 'p', 'l', 'a', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "wordpress.com", false */ 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wordpresspro.cl", true */ 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', 'p', 'r', 'o', '.', 'c', 'l', '\0',
+  /* "wordsmart.it", true */ 'w', 'o', 'r', 'd', 's', 'm', 'a', 'r', 't', '.', 'i', 't', '\0',
+  /* "wordsofamaster.com", true */ 'w', 'o', 'r', 'd', 's', 'o', 'f', 'a', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wordspy.com", true */ 'w', 'o', 'r', 'd', 's', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wordxtra.net", true */ 'w', 'o', 'r', 'd', 'x', 't', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "work-in-progress.website", true */ 'w', 'o', 'r', 'k', '-', 'i', 'n', '-', 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "workcelerator.com", true */ 'w', 'o', 'r', 'k', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "workcloud.jp", true */ 'w', 'o', 'r', 'k', 'c', 'l', 'o', 'u', 'd', '.', 'j', 'p', '\0',
+  /* "workingmachine.info", true */ 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'm', 'a', 'c', 'h', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "workplaces.online", true */ 'w', 'o', 'r', 'k', 'p', 'l', 'a', 'c', 'e', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "workraw.com", true */ 'w', 'o', 'r', 'k', 'r', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "workray.com", true */ 'w', 'o', 'r', 'k', 'r', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "works-ginan.jp", true */ 'w', 'o', 'r', 'k', 's', '-', 'g', 'i', 'n', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "worksofwyoming.org", true */ 'w', 'o', 'r', 'k', 's', 'o', 'f', 'w', 'y', 'o', 'm', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "workwithgo.com", true */ 'w', 'o', 'r', 'k', 'w', 'i', 't', 'h', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "world-education-association.org", true */ 'w', 'o', 'r', 'l', 'd', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '-', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "world-in-my-eyes.com", true */ 'w', 'o', 'r', 'l', 'd', '-', 'i', 'n', '-', 'm', 'y', '-', 'e', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldchess.london", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'h', 'e', 's', 's', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "worldcigars.com.br", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'i', 'g', 'a', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "worldcrafts.org", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'r', 'a', 'f', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "worldcubeassociation.org", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'u', 'b', 'e', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "worldessays.com", true */ 'w', 'o', 'r', 'l', 'd', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldeventscalendars.com", true */ 'w', 'o', 'r', 'l', 'd', 'e', 'v', 'e', 'n', 't', 's', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldnettps.com", true */ 'w', 'o', 'r', 'l', 'd', 'n', 'e', 't', 't', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldofbelia.de", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'b', 'e', 'l', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "worldofparties.co.uk", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worldofterra.net", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 't', 'e', 'r', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "worldofvnc.net", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'v', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "worldofwobble.co.uk", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'w', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worldpovertysolutions.org", true */ 'w', 'o', 'r', 'l', 'd', 'p', 'o', 'v', 'e', 'r', 't', 'y', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "worldsgreatestazuredemo.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 'g', 'r', 'e', 'a', 't', 'e', 's', 't', 'a', 'z', 'u', 'r', 'e', 'd', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "worldsoccerclips.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 'o', 'c', 'c', 'e', 'r', 'c', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldstone777.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 't', 'o', 'n', 'e', '7', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wormbytes.ca", true */ 'w', 'o', 'r', 'm', 'b', 'y', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "wormdisk.net", true */ 'w', 'o', 'r', 'm', 'd', 'i', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "wormholevpn.net", true */ 'w', 'o', 'r', 'm', 'h', 'o', 'l', 'e', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "worst.horse", false */ 'w', 'o', 'r', 's', 't', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "wort-suchen.de", true */ 'w', 'o', 'r', 't', '-', 's', 'u', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "woshiluo.site", true */ 'w', 'o', 's', 'h', 'i', 'l', 'u', 'o', '.', 's', 'i', 't', 'e', '\0',
+  /* "wot-tudasbazis.hu", true */ 'w', 'o', 't', '-', 't', 'u', 'd', 'a', 's', 'b', 'a', 'z', 'i', 's', '.', 'h', 'u', '\0',
+  /* "wotra-register.com", true */ 'w', 'o', 't', 'r', 'a', '-', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "woudenberg.nl", true */ 'w', 'o', 'u', 'd', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "woufbox.com", true */ 'w', 'o', 'u', 'f', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "woutergeraedts.nl", true */ 'w', 'o', 'u', 't', 'e', 'r', 'g', 'e', 'r', 'a', 'e', 'd', 't', 's', '.', 'n', 'l', '\0',
+  /* "woutervdb.com", true */ 'w', 'o', 'u', 't', 'e', 'r', 'v', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wow-travel.eu", true */ 'w', 'o', 'w', '-', 't', 'r', 'a', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "wowaffixes.info", true */ 'w', 'o', 'w', 'a', 'f', 'f', 'i', 'x', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wowbouncycastles.co.uk", true */ 'w', 'o', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wowhelp.it", true */ 'w', 'o', 'w', 'h', 'e', 'l', 'p', '.', 'i', 't', '\0',
+  /* "wowjs.co.uk", true */ 'w', 'o', 'w', 'j', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wowjs.org", true */ 'w', 'o', 'w', 'j', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wowjs.uk", true */ 'w', 'o', 'w', 'j', 's', '.', 'u', 'k', '\0',
+  /* "wownmedia.com", true */ 'w', 'o', 'w', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wozalapha.com", true */ 'w', 'o', 'z', 'a', 'l', 'a', 'p', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wp-bullet.com", true */ 'w', 'p', '-', 'b', 'u', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wp-master.org", true */ 'w', 'p', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "wp-mix.com", true */ 'w', 'p', '-', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "wp-securehosting.com", true */ 'w', 'p', '-', 's', 'e', 'c', 'u', 'r', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wp-site1.com", true */ 'w', 'p', '-', 's', 'i', 't', 'e', '1', '.', 'c', 'o', 'm', '\0',
+  /* "wp-site2.com", true */ 'w', 'p', '-', 's', 'i', 't', 'e', '2', '.', 'c', 'o', 'm', '\0',
+  /* "wp-tao.com", true */ 'w', 'p', '-', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wpac.de", true */ 'w', 'p', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "wpandup.org", true */ 'w', 'p', 'a', 'n', 'd', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "wpcharged.nz", true */ 'w', 'p', 'c', 'h', 'a', 'r', 'g', 'e', 'd', '.', 'n', 'z', '\0',
+  /* "wpdesigner.ir", true */ 'w', 'p', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'i', 'r', '\0',
+  /* "wpdirecto.com", true */ 'w', 'p', 'd', 'i', 'r', 'e', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wpenhance.com", true */ 'w', 'p', 'e', 'n', 'h', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wpg-inc.com", true */ 'w', 'p', 'g', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "wphostingblog.nl", true */ 'w', 'p', 'h', 'o', 's', 't', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'n', 'l', '\0',
+  /* "wpinfos.de", true */ 'w', 'p', 'i', 'n', 'f', 'o', 's', '.', 'd', 'e', '\0',
+  /* "wpinter.com", true */ 'w', 'p', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wpldn.uk", true */ 'w', 'p', 'l', 'd', 'n', '.', 'u', 'k', '\0',
+  /* "wpletter.de", false */ 'w', 'p', 'l', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wpmeetup-berlin.de", true */ 'w', 'p', 'm', 'e', 'e', 't', 'u', 'p', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "wpostats.com", true */ 'w', 'p', 'o', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wprevs.com", true */ 'w', 'p', 'r', 'e', 'v', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wpscans.com", true */ 'w', 'p', 's', 'c', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wpserp.com", true */ 'w', 'p', 's', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wpsharks.com", true */ 'w', 'p', 's', 'h', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wpsnelheid.nl", true */ 'w', 'p', 's', 'n', 'e', 'l', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "wpsono.com", true */ 'w', 'p', 's', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wptotal.com", true */ 'w', 'p', 't', 'o', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wpvulndb.com", true */ 'w', 'p', 'v', 'u', 'l', 'n', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wr.su", true */ 'w', 'r', '.', 's', 'u', '\0',
+  /* "wrapitup.co.uk", true */ 'w', 'r', 'a', 'p', 'i', 't', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wrara.org", true */ 'w', 'r', 'a', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wrc-results.com", true */ 'w', 'r', 'c', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wrdcfiles.ca", true */ 'w', 'r', 'd', 'c', 'f', 'i', 'l', 'e', 's', '.', 'c', 'a', '\0',
+  /* "wrenwrites.com", true */ 'w', 'r', 'e', 'n', 'w', 'r', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wrfu.co.nz", true */ 'w', 'r', 'f', 'u', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "wrgms.com", true */ 'w', 'r', 'g', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wriedts.de", true */ 'w', 'r', 'i', 'e', 'd', 't', 's', '.', 'd', 'e', '\0',
+  /* "write-right.net", true */ 'w', 'r', 'i', 't', 'e', '-', 'r', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "writeandedit-for-you.com", true */ 'w', 'r', 'i', 't', 'e', 'a', 'n', 'd', 'e', 'd', 'i', 't', '-', 'f', 'o', 'r', '-', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "writecustomessay.com", true */ 'w', 'r', 'i', 't', 'e', 'c', 'u', 's', 't', 'o', 'm', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "writemyessay.info", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'e', 's', 's', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "writemyessays.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "writemypaperhub.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'p', 'a', 'p', 'e', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "writemytermpapers.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "writeoff.me", true */ 'w', 'r', 'i', 't', 'e', 'o', 'f', 'f', '.', 'm', 'e', '\0',
+  /* "writepride.com", true */ 'w', 'r', 'i', 't', 'e', 'p', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "writepro.net", true */ 'w', 'r', 'i', 't', 'e', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "writereditor.com", true */ 'w', 'r', 'i', 't', 'e', 'r', 'e', 'd', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "writing-expert.com", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', '-', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "writing-job-online.com", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', '-', 'j', 'o', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "writingcities.net", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', 'c', 'i', 't', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "writingtoserve.net", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', 't', 'o', 's', 'e', 'r', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wrksheet.com", true */ 'w', 'r', 'k', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wroffle.com", true */ 'w', 'r', 'o', 'f', 'f', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wromeapp.com", true */ 'w', 'r', 'o', 'm', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wrongware.cz", true */ 'w', 'r', 'o', 'n', 'g', 'w', 'a', 'r', 'e', '.', 'c', 'z', '\0',
+  /* "wrp.gov", true */ 'w', 'r', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "wsa.poznan.pl", true */ 'w', 's', 'a', '.', 'p', 'o', 'z', 'n', 'a', 'n', '.', 'p', 'l', '\0',
+  /* "wsb-immo.at", true */ 'w', 's', 'b', '-', 'i', 'm', 'm', 'o', '.', 'a', 't', '\0',
+  /* "wscales.com", true */ 'w', 's', 'c', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wsdcapital.com", true */ 'w', 's', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wselektro.de", true */ 'w', 's', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "wsgvet.com", true */ 'w', 's', 'g', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wss.com.ve", true */ 'w', 's', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "wsspalluto.de", true */ 'w', 's', 's', 'p', 'a', 'l', 'l', 'u', 't', 'o', '.', 'd', 'e', '\0',
+  /* "wssv.ch", true */ 'w', 's', 's', 'v', '.', 'c', 'h', '\0',
+  /* "wstudio.ch", true */ 'w', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "wstx.com", true */ 'w', 's', 't', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "wsv-grafenau.de", true */ 'w', 's', 'v', '-', 'g', 'r', 'a', 'f', 'e', 'n', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "wsyy.info", true */ 'w', 's', 'y', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wt-server3.de", true */ 'w', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '3', '.', 'd', 'e', '\0',
+  /* "wtf.ninja", true */ 'w', 't', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "wtfismyip.com", true */ 'w', 't', 'f', 'i', 's', 'm', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wth.in", true */ 'w', 't', 'h', '.', 'i', 'n', '\0',
+  /* "wtpmj.com", true */ 'w', 't', 'p', 'm', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "wtw.io", true */ 'w', 't', 'w', '.', 'i', 'o', '\0',
+  /* "wubify.com", true */ 'w', 'u', 'b', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wuerfel.wf", true */ 'w', 'u', 'e', 'r', 'f', 'e', 'l', '.', 'w', 'f', '\0',
+  /* "wuerfelmail.de", true */ 'w', 'u', 'e', 'r', 'f', 'e', 'l', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "wufu.org", false */ 'w', 'u', 'f', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "wufupay.com", true */ 'w', 'u', 'f', 'u', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wug.jp", true */ 'w', 'u', 'g', '.', 'j', 'p', '\0',
+  /* "wug.news", true */ 'w', 'u', 'g', '.', 'n', 'e', 'w', 's', '\0',
+  /* "wuji.cz", true */ 'w', 'u', 'j', 'i', '.', 'c', 'z', '\0',
+  /* "wukongmusic.us", false */ 'w', 'u', 'k', 'o', 'n', 'g', 'm', 'u', 's', 'i', 'c', '.', 'u', 's', '\0',
+  /* "wumbo.cf", true */ 'w', 'u', 'm', 'b', 'o', '.', 'c', 'f', '\0',
+  /* "wumbo.co.nz", true */ 'w', 'u', 'm', 'b', 'o', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "wumbo.ga", true */ 'w', 'u', 'm', 'b', 'o', '.', 'g', 'a', '\0',
+  /* "wumbo.gq", true */ 'w', 'u', 'm', 'b', 'o', '.', 'g', 'q', '\0',
+  /* "wumbo.kiwi", true */ 'w', 'u', 'm', 'b', 'o', '.', 'k', 'i', 'w', 'i', '\0',
+  /* "wumbo.ml", true */ 'w', 'u', 'm', 'b', 'o', '.', 'm', 'l', '\0',
+  /* "wumbo.tk", true */ 'w', 'u', 'm', 'b', 'o', '.', 't', 'k', '\0',
+  /* "wunderkarten.de", true */ 'w', 'u', 'n', 'd', 'e', 'r', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wunderlist.com", true */ 'w', 'u', 'n', 'd', 'e', 'r', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wundi.net", true */ 'w', 'u', 'n', 'd', 'i', '.', 'n', 'e', 't', '\0',
+  /* "wutianyi.com", true */ 'w', 'u', 't', 'i', 'a', 'n', 'y', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wuyue.photo", true */ 'w', 'u', 'y', 'u', 'e', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "wv-n.de", true */ 'w', 'v', '-', 'n', '.', 'd', 'e', '\0',
+  /* "wvg.myds.me", true */ 'w', 'v', 'g', '.', 'm', 'y', 'd', 's', '.', 'm', 'e', '\0',
+  /* "wvw-8522.com", true */ 'w', 'v', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "wvw698.com", true */ 'w', 'v', 'w', '6', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "wweforums.net", true */ 'w', 'w', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "wweichen.com.cn", true */ 'w', 'w', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "wwgc2011.se", true */ 'w', 'w', 'g', 'c', '2', '0', '1', '1', '.', 's', 'e', '\0',
+  /* "wwv-8522.com", true */ 'w', 'w', 'v', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "www-33445.com", true */ 'w', 'w', 'w', '-', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "www-49889.com", true */ 'w', 'w', 'w', '-', '4', '9', '8', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "www-62755.com", true */ 'w', 'w', 'w', '-', '6', '2', '7', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "www-8522.am", true */ 'w', 'w', 'w', '-', '8', '5', '2', '2', '.', 'a', 'm', '\0',
+  /* "www-8522.com", true */ 'w', 'w', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "www.aclu.org", false */ 'w', 'w', 'w', '.', 'a', 'c', 'l', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "www.airbnb.com", true */ 'w', 'w', 'w', '.', 'a', 'i', 'r', 'b', 'n', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "www.amazon.ca", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "www.amazon.cn", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'n', '\0',
+  /* "www.amazon.co.jp", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "www.amazon.co.uk", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "www.amazon.com", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.amazon.com.au", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "www.amazon.com.br", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "www.amazon.com.mx", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "www.amazon.de", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "www.amazon.es", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'e', 's', '\0',
+  /* "www.amazon.fr", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "www.amazon.it", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'i', 't', '\0',
+  /* "www.amazon.nl", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "www.apollo-auto.com", false */ 'w', 'w', 'w', '.', 'a', 'p', 'o', 'l', 'l', 'o', '-', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "www.banking.co.at", false */ 'w', 'w', 'w', '.', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "www.braintreepayments.com", false */ 'w', 'w', 'w', '.', 'b', 'r', 'a', 'i', 'n', 't', 'r', 'e', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.calyxinstitute.org", false */ 'w', 'w', 'w', '.', 'c', 'a', 'l', 'y', 'x', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "www.capitainetrain.com", false */ 'w', 'w', 'w', '.', 'c', 'a', 'p', 'i', 't', 'a', 'i', 'n', 'e', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.captaintrain.com", false */ 'w', 'w', 'w', '.', 'c', 'a', 'p', 't', 'a', 'i', 'n', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.cnet.com", true */ 'w', 'w', 'w', '.', 'c', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.dropbox.com", true */ 'w', 'w', 'w', '.', 'd', 'r', 'o', 'p', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "www.dropcam.com", false */ 'w', 'w', 'w', '.', 'd', 'r', 'o', 'p', 'c', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "www.entropia.de", false */ 'w', 'w', 'w', '.', 'e', 'n', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "www.eternalgoth.co.uk", true */ 'w', 'w', 'w', '.', 'e', 't', 'e', 'r', 'n', 'a', 'l', 'g', 'o', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "www.etsy.com", true */ 'w', 'w', 'w', '.', 'e', 't', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "www.evernote.com", false */ 'w', 'w', 'w', '.', 'e', 'v', 'e', 'r', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.facebook.com", false */ 'w', 'w', 'w', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "www.fastmail.com", true */ 'w', 'w', 'w', '.', 'f', 'a', 's', 't', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.getcloak.com", false */ 'w', 'w', 'w', '.', 'g', 'e', 't', 'c', 'l', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "www.gmail.com", false */ 'w', 'w', 'w', '.', 'g', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.googlemail.com", false */ 'w', 'w', 'w', '.', 'g', 'o', 'o', 'g', 'l', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.gov.uk", false */ 'w', 'w', 'w', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "www.grc.com", false */ 'w', 'w', 'w', '.', 'g', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "www.healthcare.gov", false */ 'w', 'w', 'w', '.', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "www.heliosnet.com", true */ 'w', 'w', 'w', '.', 'h', 'e', 'l', 'i', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.history.pe", true */ 'w', 'w', 'w', '.', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'p', 'e', '\0',
+  /* "www.hyatt.com", false */ 'w', 'w', 'w', '.', 'h', 'y', 'a', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.icann.org", false */ 'w', 'w', 'w', '.', 'i', 'c', 'a', 'n', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "www.intercom.io", true */ 'w', 'w', 'w', '.', 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "www.irccloud.com", false */ 'w', 'w', 'w', '.', 'i', 'r', 'c', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "www.lastpass.com", false */ 'w', 'w', 'w', '.', 'l', 'a', 's', 't', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.linode.com", false */ 'w', 'w', 'w', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.lookout.com", false */ 'w', 'w', 'w', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.makeyourlaws.org", true */ 'w', 'w', 'w', '.', 'm', 'a', 'k', 'e', 'y', 'o', 'u', 'r', 'l', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "www.messenger.com", true */ 'w', 'w', 'w', '.', 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "www.mydigipass.com", false */ 'w', 'w', 'w', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.mylookout.com", false */ 'w', 'w', 'w', '.', 'm', 'y', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.noisebridge.net", true */ 'w', 'w', 'w', '.', 'n', 'o', 'i', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "www.opsmate.com", true */ 'w', 'w', 'w', '.', 'o', 'p', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.paypal.com", false */ 'w', 'w', 'w', '.', 'p', 'a', 'y', 'p', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.python.org", true */ 'w', 'w', 'w', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "www.rememberthemilk.com", true */ 'w', 'w', 'w', '.', 'r', 'e', 'm', 'e', 'm', 'b', 'e', 'r', 't', 'h', 'e', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "www.simbolo.co.uk", false */ 'w', 'w', 'w', '.', 's', 'i', 'm', 'b', 'o', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "www.simple.com", false */ 'w', 'w', 'w', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.theguardian.com", true */ 'w', 'w', 'w', '.', 't', 'h', 'e', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.therapynotes.com", true */ 'w', 'w', 'w', '.', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.tinfoilsecurity.com", false */ 'w', 'w', 'w', '.', 't', 'i', 'n', 'f', 'o', 'i', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "www.torproject.org", false */ 'w', 'w', 'w', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "www.tumblr.com", false */ 'w', 'w', 'w', '.', 't', 'u', 'm', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "www.twitter.com", false */ 'w', 'w', 'w', '.', 't', 'w', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "www.united.com", true */ 'w', 'w', 'w', '.', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "www.usaa.com", false */ 'w', 'w', 'w', '.', 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "www.vino75.com", false */ 'w', 'w', 'w', '.', 'v', 'i', 'n', 'o', '7', '5', '.', 'c', 'o', 'm', '\0',
+  /* "www.wepay.com", false */ 'w', 'w', 'w', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "www.wordpress.com", false */ 'w', 'w', 'w', '.', 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www68277.com", true */ 'w', 'w', 'w', '6', '8', '2', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wxcafe.net", true */ 'w', 'x', 'c', 'a', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wxh.jp", true */ 'w', 'x', 'h', '.', 'j', 'p', '\0',
+  /* "wxrlab.com", true */ 'w', 'x', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wxster.com", true */ 'w', 'x', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wy6.org", true */ 'w', 'y', '6', '.', 'o', 'r', 'g', '\0',
+  /* "wyam.io", true */ 'w', 'y', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "wyday.com", true */ 'w', 'y', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wyeworks.com", true */ 'w', 'y', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wygibanki.pl", true */ 'w', 'y', 'g', 'i', 'b', 'a', 'n', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "wygodnie.pl", true */ 'w', 'y', 'g', 'o', 'd', 'n', 'i', 'e', '.', 'p', 'l', '\0',
+  /* "wynterhill.co.uk", true */ 'w', 'y', 'n', 't', 'e', 'r', 'h', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wypemagazine.se", true */ 'w', 'y', 'p', 'e', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 's', 'e', '\0',
+  /* "wyssmuller.ch", true */ 'w', 'y', 's', 's', 'm', 'u', 'l', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "wyu.cc", true */ 'w', 'y', 'u', '.', 'c', 'c', '\0',
+  /* "wyzwaniemilosci.com", true */ 'w', 'y', 'z', 'w', 'a', 'n', 'i', 'e', 'm', 'i', 'l', 'o', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wzrd.in", true */ 'w', 'z', 'r', 'd', '.', 'i', 'n', '\0',
+  /* "wzyboy.org", true */ 'w', 'z', 'y', 'b', 'o', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "x-iweb.ru", true */ 'x', '-', 'i', 'w', 'e', 'b', '.', 'r', 'u', '\0',
+  /* "x-lan.be", true */ 'x', '-', 'l', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "x-pertservice.com", true */ 'x', '-', 'p', 'e', 'r', 't', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "x.io", true */ 'x', '.', 'i', 'o', '\0',
+  /* "x.st", true */ 'x', '.', 's', 't', '\0',
+  /* "x0r.be", true */ 'x', '0', 'r', '.', 'b', 'e', '\0',
+  /* "x13.com", true */ 'x', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "x1616.tk", true */ 'x', '1', '6', '1', '6', '.', 't', 'k', '\0',
+  /* "x2d2.de", true */ 'x', '2', 'd', '2', '.', 'd', 'e', '\0',
+  /* "x378.ch", true */ 'x', '3', '7', '8', '.', 'c', 'h', '\0',
+  /* "x509.io", true */ 'x', '5', '0', '9', '.', 'i', 'o', '\0',
+  /* "x64architecture.com", true */ 'x', '6', '4', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "x69.biz", true */ 'x', '6', '9', '.', 'b', 'i', 'z', '\0',
+  /* "x69x.net", true */ 'x', '6', '9', 'x', '.', 'n', 'e', 't', '\0',
+  /* "x7plus.com", true */ 'x', '7', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xa.search.yahoo.com", false */ 'x', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "xa1.uk", true */ 'x', 'a', '1', '.', 'u', 'k', '\0',
+  /* "xalqbank-online.az", true */ 'x', 'a', 'l', 'q', 'b', 'a', 'n', 'k', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'a', 'z', '\0',
+  /* "xatr0z.org", false */ 'x', 'a', 't', 'r', '0', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "xawen.net", true */ 'x', 'a', 'w', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xbb.hk", true */ 'x', 'b', 'b', '.', 'h', 'k', '\0',
+  /* "xbb.li", true */ 'x', 'b', 'b', '.', 'l', 'i', '\0',
+  /* "xblau.com", true */ 'x', 'b', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "xboxdownloadthat.com", true */ 'x', 'b', 'o', 'x', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 't', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xboxlivegoldshop.nl", true */ 'x', 'b', 'o', 'x', 'l', 'i', 'v', 'e', 'g', 'o', 'l', 'd', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "xboxonex.shop", true */ 'x', 'b', 'o', 'x', 'o', 'n', 'e', 'x', '.', 's', 'h', 'o', 'p', '\0',
+  /* "xbrlsuccess.appspot.com", true */ 'x', 'b', 'r', 'l', 's', 'u', 'c', 'c', 'e', 's', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xbt.co", true */ 'x', 'b', 't', '.', 'c', 'o', '\0',
+  /* "xbtce.com", true */ 'x', 'b', 't', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xbtmusic.org", false */ 'x', 'b', 't', 'm', 'u', 's', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "xcelerator.ninja", true */ 'x', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'o', 'r', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "xcentricmold.com", true */ 'x', 'c', 'e', 'n', 't', 'r', 'i', 'c', 'm', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xclirion-support.de", true */ 'x', 'c', 'l', 'i', 'r', 'i', 'o', 'n', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'd', 'e', '\0',
+  /* "xcorpsolutions.com", true */ 'x', 'c', 'o', 'r', 'p', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xd.cm", true */ 'x', 'd', '.', 'c', 'm', '\0',
+  /* "xd.fi", true */ 'x', 'd', '.', 'f', 'i', '\0',
+  /* "xdavidhu.me", true */ 'x', 'd', 'a', 'v', 'i', 'd', 'h', 'u', '.', 'm', 'e', '\0',
+  /* "xdeftor.com", true */ 'x', 'd', 'e', 'f', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "xdty.org", true */ 'x', 'd', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "xecure.zone", true */ 'x', 'e', 'c', 'u', 'r', 'e', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "xecureit.com", true */ 'x', 'e', 'c', 'u', 'r', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xeedbeam.me", true */ 'x', 'e', 'e', 'd', 'b', 'e', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "xega.org", true */ 'x', 'e', 'g', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "xehost.com", true */ 'x', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xenomedia.nl", true */ 'x', 'e', 'n', 'o', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "xenophile.name", true */ 'x', 'e', 'n', 'o', 'p', 'h', 'i', 'l', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "xenosphere.tk", true */ 'x', 'e', 'n', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 't', 'k', '\0',
+  /* "xenotropegames.com", true */ 'x', 'e', 'n', 'o', 't', 'r', 'o', 'p', 'e', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xenoworld.de", true */ 'x', 'e', 'n', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "xerblade.com", true */ 'x', 'e', 'r', 'b', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xerhost.de", true */ 'x', 'e', 'r', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "xetown.com", true */ 'x', 'e', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xfce.space", true */ 'x', 'f', 'c', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "xferion.com", true */ 'x', 'f', 'e', 'r', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xfix.pw", true */ 'x', 'f', 'i', 'x', '.', 'p', 'w', '\0',
+  /* "xfrag-networks.com", false */ 'x', 'f', 'r', 'a', 'g', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xg3n1us.de", false */ 'x', 'g', '3', 'n', '1', 'u', 's', '.', 'd', 'e', '\0',
+  /* "xgame.com.tr", true */ 'x', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "xgclan.com", true */ 'x', 'g', 'c', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xgn.es", true */ 'x', 'g', 'n', '.', 'e', 's', '\0',
+  /* "xhadius.de", true */ 'x', 'h', 'a', 'd', 'i', 'u', 's', '.', 'd', 'e', '\0',
+  /* "xho.me", true */ 'x', 'h', 'o', '.', 'm', 'e', '\0',
+  /* "xiamenshipbuilding.com", true */ 'x', 'i', 'a', 'm', 'e', 'n', 's', 'h', 'i', 'p', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xiamuzi.com", true */ 'x', 'i', 'a', 'm', 'u', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "xiangblog.com", true */ 'x', 'i', 'a', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xiangweiqing.co.uk", true */ 'x', 'i', 'a', 'n', 'g', 'w', 'e', 'i', 'q', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "xiangwenquan.me", true */ 'x', 'i', 'a', 'n', 'g', 'w', 'e', 'n', 'q', 'u', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "xiaofengsky.com", true */ 'x', 'i', 'a', 'o', 'f', 'e', 'n', 'g', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "xiaoguo.net", false */ 'x', 'i', 'a', 'o', 'g', 'u', 'o', '.', 'n', 'e', 't', '\0',
+  /* "xiaolan.me", true */ 'x', 'i', 'a', 'o', 'l', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "xiaolanglang.net", true */ 'x', 'i', 'a', 'o', 'l', 'a', 'n', 'g', 'l', 'a', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "xiaomi.eu", true */ 'x', 'i', 'a', 'o', 'm', 'i', '.', 'e', 'u', '\0',
+  /* "xiaoniaoyou.com", true */ 'x', 'i', 'a', 'o', 'n', 'i', 'a', 'o', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "xiaowutou.com", true */ 'x', 'i', 'a', 'o', 'w', 'u', 't', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "xiaoyu.net", true */ 'x', 'i', 'a', 'o', 'y', 'u', '.', 'n', 'e', 't', '\0',
+  /* "xiazhanjian.com", true */ 'x', 'i', 'a', 'z', 'h', 'a', 'n', 'j', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xichtsbuch.de", true */ 'x', 'i', 'c', 'h', 't', 's', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "xichuangke.com", false */ 'x', 'i', 'c', 'h', 'u', 'a', 'n', 'g', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xicreative.net", true */ 'x', 'i', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "xight.org", true */ 'x', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "xilef.org", true */ 'x', 'i', 'l', 'e', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "xiliant.com", true */ 'x', 'i', 'l', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xilkoi.net", true */ 'x', 'i', 'l', 'k', 'o', 'i', '.', 'n', 'e', 't', '\0',
+  /* "ximage.me", false */ 'x', 'i', 'm', 'a', 'g', 'e', '.', 'm', 'e', '\0',
+  /* "ximbo.net", true */ 'x', 'i', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "xingiahanvisa.net", true */ 'x', 'i', 'n', 'g', 'i', 'a', 'h', 'a', 'n', 'v', 'i', 's', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xiqi.us", true */ 'x', 'i', 'q', 'i', '.', 'u', 's', '\0',
+  /* "xirion.net", true */ 'x', 'i', 'r', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xiyu.it", false */ 'x', 'i', 'y', 'u', '.', 'i', 't', '\0',
+  /* "xj8876.com", true */ 'x', 'j', '8', '8', '7', '6', '.', 'c', 'o', 'm', '\0',
+  /* "xjd.vision", true */ 'x', 'j', 'd', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0',
+  /* "xjjeeps.com", true */ 'x', 'j', 'j', 'e', 'e', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xjoin.de", true */ 'x', 'j', 'o', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "xjpvictor.info", true */ 'x', 'j', 'p', 'v', 'i', 'c', 't', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "xkblog.xyz", true */ 'x', 'k', 'b', 'l', 'o', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "xkcd.pw", true */ 'x', 'k', 'c', 'd', '.', 'p', 'w', '\0',
+  /* "xkviz.net", true */ 'x', 'k', 'v', 'i', 'z', '.', 'n', 'e', 't', '\0',
+  /* "xlaff.com", true */ 'x', 'l', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "xlan.be", true */ 'x', 'l', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "xlange.com", true */ 'x', 'l', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xlboo.com", true */ 'x', 'l', 'b', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "xlfblog.com", true */ 'x', 'l', 'f', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xlinar.com", true */ 'x', 'l', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "xmedius.ca", true */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'c', 'a', '\0',
+  /* "xmedius.com", false */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xmedius.eu", true */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'e', 'u', '\0',
+  /* "xmenrevolution.com", true */ 'x', 'm', 'e', 'n', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xmerak.com", true */ 'x', 'm', 'e', 'r', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "xmiui.com", true */ 'x', 'm', 'i', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "xmlbeam.org", true */ 'x', 'm', 'l', 'b', 'e', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "xmonk.org", false */ 'x', 'm', 'o', 'n', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "xmpp.dk", true */ 'x', 'm', 'p', 'p', '.', 'd', 'k', '\0',
+  /* "xmppwocky.net", true */ 'x', 'm', 'p', 'p', 'w', 'o', 'c', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "xmr.to", true */ 'x', 'm', 'r', '.', 't', 'o', '\0',
+  /* "xn----7sbmucgqdbgwwc5e9b.xn--p1ai", true */ 'x', 'n', '-', '-', '-', '-', '7', 's', 'b', 'm', 'u', 'c', 'g', 'q', 'd', 'b', 'g', 'w', 'w', 'c', '5', 'e', '9', 'b', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn----8hcdn2ankm1bfq.com", true */ 'x', 'n', '-', '-', '-', '-', '8', 'h', 'c', 'd', 'n', '2', 'a', 'n', 'k', 'm', '1', 'b', 'f', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "xn--0kq33cz5c8wmwrqqw1d.com", true */ 'x', 'n', '-', '-', '0', 'k', 'q', '3', '3', 'c', 'z', '5', 'c', '8', 'w', 'm', 'w', 'r', 'q', 'q', 'w', '1', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xn--3lqp21gwna.cn", true */ 'x', 'n', '-', '-', '3', 'l', 'q', 'p', '2', '1', 'g', 'w', 'n', 'a', '.', 'c', 'n', '\0',
+  /* "xn--6x6a.life", true */ 'x', 'n', '-', '-', '6', 'x', '6', 'a', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "xn--79q87uvkclvgd56ahq5a.net", true */ 'x', 'n', '-', '-', '7', '9', 'q', '8', '7', 'u', 'v', 'k', 'c', 'l', 'v', 'g', 'd', '5', '6', 'a', 'h', 'q', '5', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xn--7ca.co", true */ 'x', 'n', '-', '-', '7', 'c', 'a', '.', 'c', 'o', '\0',
+  /* "xn--7xa.google.com", true */ 'x', 'n', '-', '-', '7', 'x', 'a', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xn--80aaagmgvmvmcuoq7r.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'a', 'a', 'g', 'm', 'g', 'v', 'm', 'v', 'm', 'c', 'u', 'o', 'q', '7', 'r', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn--80anogxed.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'n', 'o', 'g', 'x', 'e', 'd', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn--80azelb.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'z', 'e', 'l', 'b', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn--88j2fy28hbxmnnf9zlw5buzd.com", true */ 'x', 'n', '-', '-', '8', '8', 'j', '2', 'f', 'y', '2', '8', 'h', 'b', 'x', 'm', 'n', 'n', 'f', '9', 'z', 'l', 'w', '5', 'b', 'u', 'z', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xn--8dry00a7se89ay98epsgxxq.com", true */ 'x', 'n', '-', '-', '8', 'd', 'r', 'y', '0', '0', 'a', '7', 's', 'e', '8', '9', 'a', 'y', '9', '8', 'e', 'p', 's', 'g', 'x', 'x', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "xn--8mr166hf6s.xn--fiqs8s", true */ 'x', 'n', '-', '-', '8', 'm', 'r', '1', '6', '6', 'h', 'f', '6', 's', '.', 'x', 'n', '-', '-', 'f', 'i', 'q', 's', '8', 's', '\0',
+  /* "xn--90accgba6bldkcbb7a.xn--p1acf", true */ 'x', 'n', '-', '-', '9', '0', 'a', 'c', 'c', 'g', 'b', 'a', '6', 'b', 'l', 'd', 'k', 'c', 'b', 'b', '7', 'a', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'c', 'f', '\0',
+  /* "xn--allgu-biker-o8a.de", true */ 'x', 'n', '-', '-', 'a', 'l', 'l', 'g', 'u', '-', 'b', 'i', 'k', 'e', 'r', '-', 'o', '8', 'a', '.', 'd', 'e', '\0',
+  /* "xn--aviao-dra1a.pt", true */ 'x', 'n', '-', '-', 'a', 'v', 'i', 'a', 'o', '-', 'd', 'r', 'a', '1', 'a', '.', 'p', 't', '\0',
+  /* "xn--baron-bonzenbru-elb.com", true */ 'x', 'n', '-', '-', 'b', 'a', 'r', 'o', 'n', '-', 'b', 'o', 'n', 'z', 'e', 'n', 'b', 'r', 'u', '-', 'e', 'l', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--berwachungspaket-izb.at", true */ 'x', 'n', '-', '-', 'b', 'e', 'r', 'w', 'a', 'c', 'h', 'u', 'n', 'g', 's', 'p', 'a', 'k', 'e', 't', '-', 'i', 'z', 'b', '.', 'a', 't', '\0',
+  /* "xn--brneruhr-0za.ch", true */ 'x', 'n', '-', '-', 'b', 'r', 'n', 'e', 'r', 'u', 'h', 'r', '-', '0', 'z', 'a', '.', 'c', 'h', '\0',
+  /* "xn--cck4ax91r.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', '4', 'a', 'x', '9', '1', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "xn--cck7f515h.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', '7', 'f', '5', '1', '5', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xn--cckdrt0kwb4g3cnh.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', 'd', 'r', 't', '0', 'k', 'w', 'b', '4', 'g', '3', 'c', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xn--cckvb1cwa0c5br5e2d2711k.net", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', 'v', 'b', '1', 'c', 'w', 'a', '0', 'c', '5', 'b', 'r', '5', 'e', '2', 'd', '2', '7', '1', '1', 'k', '.', 'n', 'e', 't', '\0',
+  /* "xn--cctsgy36bnvprwpekc.com", true */ 'x', 'n', '-', '-', 'c', 'c', 't', 's', 'g', 'y', '3', '6', 'b', 'n', 'v', 'p', 'r', 'w', 'p', 'e', 'k', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "xn--d1acj9c.xn--90ais", true */ 'x', 'n', '-', '-', 'd', '1', 'a', 'c', 'j', '9', 'c', '.', 'x', 'n', '-', '-', '9', '0', 'a', 'i', 's', '\0',
+  /* "xn--dcko6fsa5b1a8gyicbc.biz", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'o', '6', 'f', 's', 'a', '5', 'b', '1', 'a', '8', 'g', 'y', 'i', 'c', 'b', 'c', '.', 'b', 'i', 'z', '\0',
+  /* "xn--dckya4a0bya6x.com", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'y', 'a', '4', 'a', '0', 'b', 'y', 'a', '6', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "xn--dckya4a0bya6x.jp", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'y', 'a', '4', 'a', '0', 'b', 'y', 'a', '6', 'x', '.', 'j', 'p', '\0',
+  /* "xn--detrkl13b9sbv53j.com", true */ 'x', 'n', '-', '-', 'd', 'e', 't', 'r', 'k', 'l', '1', '3', 'b', '9', 's', 'b', 'v', '5', '3', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "xn--detrkl13b9sbv53j.org", true */ 'x', 'n', '-', '-', 'd', 'e', 't', 'r', 'k', 'l', '1', '3', 'b', '9', 's', 'b', 'v', '5', '3', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "xn--dmonenjger-q5ag.net", true */ 'x', 'n', '-', '-', 'd', 'm', 'o', 'n', 'e', 'n', 'j', 'g', 'e', 'r', '-', 'q', '5', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "xn--dragni-g1a.de", true */ 'x', 'n', '-', '-', 'd', 'r', 'a', 'g', 'n', 'i', '-', 'g', '1', 'a', '.', 'd', 'e', '\0',
+  /* "xn--e--0g4aiy1b8rmfg3o.jp", true */ 'x', 'n', '-', '-', 'e', '-', '-', '0', 'g', '4', 'a', 'i', 'y', '1', 'b', '8', 'r', 'm', 'f', 'g', '3', 'o', '.', 'j', 'p', '\0',
+  /* "xn--e--4h4axau6ld4lna0g.com", true */ 'x', 'n', '-', '-', 'e', '-', '-', '4', 'h', '4', 'a', 'x', 'a', 'u', '6', 'l', 'd', '4', 'l', 'n', 'a', '0', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xn--e--ig4a4c3f6bvc5et632i.com", true */ 'x', 'n', '-', '-', 'e', '-', '-', 'i', 'g', '4', 'a', '4', 'c', '3', 'f', '6', 'b', 'v', 'c', '5', 'e', 't', '6', '3', '2', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "xn--e--k83a5h244w54gttk.xyz", true */ 'x', 'n', '-', '-', 'e', '-', '-', 'k', '8', '3', 'a', '5', 'h', '2', '4', '4', 'w', '5', '4', 'g', 't', 't', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "xn--ecki0cd0bu9a4nsjb.com", true */ 'x', 'n', '-', '-', 'e', 'c', 'k', 'i', '0', 'c', 'd', '0', 'b', 'u', '9', 'a', '4', 'n', 's', 'j', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--erklderbarenben-slbh.dk", true */ 'x', 'n', '-', '-', 'e', 'r', 'k', 'l', 'd', 'e', 'r', 'b', 'a', 'r', 'e', 'n', 'b', 'e', 'n', '-', 's', 'l', 'b', 'h', '.', 'd', 'k', '\0',
+  /* "xn--f9jh4f4b4993b66s.tokyo", true */ 'x', 'n', '-', '-', 'f', '9', 'j', 'h', '4', 'f', '4', 'b', '4', '9', '9', '3', 'b', '6', '6', 's', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "xn--fischereiverein-mnsterhausen-i7c.de", true */ 'x', 'n', '-', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', 'e', 'i', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'm', 'n', 's', 't', 'e', 'r', 'h', 'a', 'u', 's', 'e', 'n', '-', 'i', '7', 'c', '.', 'd', 'e', '\0',
+  /* "xn--grnderlehrstuhl-0vb.de", true */ 'x', 'n', '-', '-', 'g', 'r', 'n', 'd', 'e', 'r', 'l', 'e', 'h', 'r', 's', 't', 'u', 'h', 'l', '-', '0', 'v', 'b', '.', 'd', 'e', '\0',
+  /* "xn--hfk-allgu-schwaben-stb.de", true */ 'x', 'n', '-', '-', 'h', 'f', 'k', '-', 'a', 'l', 'l', 'g', 'u', '-', 's', 'c', 'h', 'w', 'a', 'b', 'e', 'n', '-', 's', 't', 'b', '.', 'd', 'e', '\0',
+  /* "xn--hllrigl-90a.at", true */ 'x', 'n', '-', '-', 'h', 'l', 'l', 'r', 'i', 'g', 'l', '-', '9', '0', 'a', '.', 'a', 't', '\0',
+  /* "xn--i2ru8q2qg.com", true */ 'x', 'n', '-', '-', 'i', '2', 'r', 'u', '8', 'q', '2', 'q', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xn--internetlnen-1cb.com", true */ 'x', 'n', '-', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'l', 'n', 'e', 'n', '-', '1', 'c', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--jbs-tna.de", true */ 'x', 'n', '-', '-', 'j', 'b', 's', '-', 't', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "xn--jda.tk", true */ 'x', 'n', '-', '-', 'j', 'd', 'a', '.', 't', 'k', '\0',
+  /* "xn--jp8hx8f.ws", true */ 'x', 'n', '-', '-', 'j', 'p', '8', 'h', 'x', '8', 'f', '.', 'w', 's', '\0',
+  /* "xn--jywq5uqwqxhd2onsij.jp", true */ 'x', 'n', '-', '-', 'j', 'y', 'w', 'q', '5', 'u', 'q', 'w', 'q', 'x', 'h', 'd', '2', 'o', 'n', 's', 'i', 'j', '.', 'j', 'p', '\0',
+  /* "xn--kda.tk", true */ 'x', 'n', '-', '-', 'k', 'd', 'a', '.', 't', 'k', '\0',
+  /* "xn--knstler-n2a.tips", false */ 'x', 'n', '-', '-', 'k', 'n', 's', 't', 'l', 'e', 'r', '-', 'n', '2', 'a', '.', 't', 'i', 'p', 's', '\0',
+  /* "xn--ktha-kamrater-pfba.se", true */ 'x', 'n', '-', '-', 'k', 't', 'h', 'a', '-', 'k', 'a', 'm', 'r', 'a', 't', 'e', 'r', '-', 'p', 'f', 'b', 'a', '.', 's', 'e', '\0',
+  /* "xn--lna-2000-9za.nu", true */ 'x', 'n', '-', '-', 'l', 'n', 'a', '-', '2', '0', '0', '0', '-', '9', 'z', 'a', '.', 'n', 'u', '\0',
+  /* "xn--lna-4000-9za.nu", true */ 'x', 'n', '-', '-', 'l', 'n', 'a', '-', '4', '0', '0', '0', '-', '9', 'z', 'a', '.', 'n', 'u', '\0',
+  /* "xn--love-un4c7e0d4a.com", true */ 'x', 'n', '-', '-', 'l', 'o', 'v', 'e', '-', 'u', 'n', '4', 'c', '7', 'e', '0', 'd', '4', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--lsaupp-iua.se", true */ 'x', 'n', '-', '-', 'l', 's', 'a', 'u', 'p', 'p', '-', 'i', 'u', 'a', '.', 's', 'e', '\0',
+  /* "xn--lsupp-mra.net", true */ 'x', 'n', '-', '-', 'l', 's', 'u', 'p', 'p', '-', 'm', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xn--manuela-stsser-psb.de", true */ 'x', 'n', '-', '-', 'm', 'a', 'n', 'u', 'e', 'l', 'a', '-', 's', 't', 's', 's', 'e', 'r', '-', 'p', 's', 'b', '.', 'd', 'e', '\0',
+  /* "xn--maraa-rta.org", true */ 'x', 'n', '-', '-', 'm', 'a', 'r', 'a', 'a', '-', 'r', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "xn--mentaltraining-fr-musiker-uwc.ch", true */ 'x', 'n', '-', '-', 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'f', 'r', '-', 'm', 'u', 's', 'i', 'k', 'e', 'r', '-', 'u', 'w', 'c', '.', 'c', 'h', '\0',
+  /* "xn--mgbbh2a9fub.xn--ngbc5azd", false */ 'x', 'n', '-', '-', 'm', 'g', 'b', 'b', 'h', '2', 'a', '9', 'f', 'u', 'b', '.', 'x', 'n', '-', '-', 'n', 'g', 'b', 'c', '5', 'a', 'z', 'd', '\0',
+  /* "xn--mgbmmp7eub.com", true */ 'x', 'n', '-', '-', 'm', 'g', 'b', 'm', 'm', 'p', '7', 'e', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--mllers-wxa.info", true */ 'x', 'n', '-', '-', 'm', 'l', 'l', 'e', 'r', 's', '-', 'w', 'x', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "xn--n8j7dygrbu0c31a5861bq8qb.com", true */ 'x', 'n', '-', '-', 'n', '8', 'j', '7', 'd', 'y', 'g', 'r', 'b', 'u', '0', 'c', '3', '1', 'a', '5', '8', '6', '1', 'b', 'q', '8', 'q', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--n8jp5083dnzs.net", true */ 'x', 'n', '-', '-', 'n', '8', 'j', 'p', '5', '0', '8', '3', 'd', 'n', 'z', 's', '.', 'n', 'e', 't', '\0',
+  /* "xn--n8jtcugp92n4wc738f.net", true */ 'x', 'n', '-', '-', 'n', '8', 'j', 't', 'c', 'u', 'g', 'p', '9', '2', 'n', '4', 'w', 'c', '7', '3', '8', 'f', '.', 'n', 'e', 't', '\0',
+  /* "xn--o77hka.ga", true */ 'x', 'n', '-', '-', 'o', '7', '7', 'h', 'k', 'a', '.', 'g', 'a', '\0',
+  /* "xn--pbt947am3ab71g.com", true */ 'x', 'n', '-', '-', 'p', 'b', 't', '9', '4', '7', 'a', 'm', '3', 'a', 'b', '7', '1', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xn--pe-bka.ee", true */ 'x', 'n', '-', '-', 'p', 'e', '-', 'b', 'k', 'a', '.', 'e', 'e', '\0',
+  /* "xn--pq1a637b.xn--6qq986b3xl", true */ 'x', 'n', '-', '-', 'p', 'q', '1', 'a', '6', '3', '7', 'b', '.', 'x', 'n', '-', '-', '6', 'q', 'q', '9', '8', '6', 'b', '3', 'x', 'l', '\0',
+  /* "xn--q9jb1h5dvcspke3218b9mn4p0c.com", true */ 'x', 'n', '-', '-', 'q', '9', 'j', 'b', '1', 'h', '5', 'd', 'v', 'c', 's', 'p', 'k', 'e', '3', '2', '1', '8', 'b', '9', 'm', 'n', '4', 'p', '0', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "xn--qckss0j.tk", true */ 'x', 'n', '-', '-', 'q', 'c', 'k', 's', 's', '0', 'j', '.', 't', 'k', '\0',
+  /* "xn--r77hya.ga", true */ 'x', 'n', '-', '-', 'r', '7', '7', 'h', 'y', 'a', '.', 'g', 'a', '\0',
+  /* "xn--r8jzaf7977b09e.com", true */ 'x', 'n', '-', '-', 'r', '8', 'j', 'z', 'a', 'f', '7', '9', '7', '7', 'b', '0', '9', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xn--rdiger-kuhlmann-zvb.de", true */ 'x', 'n', '-', '-', 'r', 'd', 'i', 'g', 'e', 'r', '-', 'k', 'u', 'h', 'l', 'm', 'a', 'n', 'n', '-', 'z', 'v', 'b', '.', 'd', 'e', '\0',
+  /* "xn--rlcus7b3d.xn--xkc2dl3a5ee0h", true */ 'x', 'n', '-', '-', 'r', 'l', 'c', 'u', 's', '7', 'b', '3', 'd', '.', 'x', 'n', '-', '-', 'x', 'k', 'c', '2', 'd', 'l', '3', 'a', '5', 'e', 'e', '0', 'h', '\0',
+  /* "xn--roselire-60a.ch", true */ 'x', 'n', '-', '-', 'r', 'o', 's', 'e', 'l', 'i', 'r', 'e', '-', '6', '0', 'a', '.', 'c', 'h', '\0',
+  /* "xn--roselire-60a.com", true */ 'x', 'n', '-', '-', 'r', 'o', 's', 'e', 'l', 'i', 'r', 'e', '-', '6', '0', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--rt-cja.eu", true */ 'x', 'n', '-', '-', 'r', 't', '-', 'c', 'j', 'a', '.', 'e', 'u', '\0',
+  /* "xn--rt-cja.ie", true */ 'x', 'n', '-', '-', 'r', 't', '-', 'c', 'j', 'a', '.', 'i', 'e', '\0',
+  /* "xn--rtter-kva.eu", true */ 'x', 'n', '-', '-', 'r', 't', 't', 'e', 'r', '-', 'k', 'v', 'a', '.', 'e', 'u', '\0',
+  /* "xn--ruanmller-u9a.com", true */ 'x', 'n', '-', '-', 'r', 'u', 'a', 'n', 'm', 'l', 'l', 'e', 'r', '-', 'u', '9', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--sdkwa9azd389v01ya.com", true */ 'x', 'n', '-', '-', 's', 'd', 'k', 'w', 'a', '9', 'a', 'z', 'd', '3', '8', '9', 'v', '0', '1', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--seelenwchter-mcb.eu", true */ 'x', 'n', '-', '-', 's', 'e', 'e', 'l', 'e', 'n', 'w', 'c', 'h', 't', 'e', 'r', '-', 'm', 'c', 'b', '.', 'e', 'u', '\0',
+  /* "xn--spenijmazania-yhc.pl", true */ 'x', 'n', '-', '-', 's', 'p', 'e', 'n', 'i', 'j', 'm', 'a', 'z', 'a', 'n', 'i', 'a', '-', 'y', 'h', 'c', '.', 'p', 'l', '\0',
+  /* "xn--t-oha.lv", true */ 'x', 'n', '-', '-', 't', '-', 'o', 'h', 'a', '.', 'l', 'v', '\0',
+  /* "xn--t8j4aa4nkg1h9bwcvud.com", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'k', 'g', '1', 'h', '9', 'b', 'w', 'c', 'v', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xn--t8j4aa4nyhxa7duezbl49aqg5546e264d.net", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'y', 'h', 'x', 'a', '7', 'd', 'u', 'e', 'z', 'b', 'l', '4', '9', 'a', 'q', 'g', '5', '5', '4', '6', 'e', '2', '6', '4', 'd', '.', 'n', 'e', 't', '\0',
+  /* "xn--t8j4aa4nzg3a5euoxcwee.xyz", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'z', 'g', '3', 'a', '5', 'e', 'u', 'o', 'x', 'c', 'w', 'e', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "xn--tda.ml", true */ 'x', 'n', '-', '-', 't', 'd', 'a', '.', 'm', 'l', '\0',
+  /* "xn--thorme-6uaf.ca", true */ 'x', 'n', '-', '-', 't', 'h', 'o', 'r', 'm', 'e', '-', '6', 'u', 'a', 'f', '.', 'c', 'a', '\0',
+  /* "xn--tigreray-i1a.org", true */ 'x', 'n', '-', '-', 't', 'i', 'g', 'r', 'e', 'r', 'a', 'y', '-', 'i', '1', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "xn--u9j0ia6hb7347cg8wavz0avb0e.com", true */ 'x', 'n', '-', '-', 'u', '9', 'j', '0', 'i', 'a', '6', 'h', 'b', '7', '3', '4', '7', 'c', 'g', '8', 'w', 'a', 'v', 'z', '0', 'a', 'v', 'b', '0', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xn--u9jv84l7ea468b.com", true */ 'x', 'n', '-', '-', 'u', '9', 'j', 'v', '8', '4', 'l', '7', 'e', 'a', '4', '6', '8', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--uort9oqoaj00bv04d.biz", true */ 'x', 'n', '-', '-', 'u', 'o', 'r', 't', '9', 'o', 'q', 'o', 'a', 'j', '0', '0', 'b', 'v', '0', '4', 'd', '.', 'b', 'i', 'z', '\0',
+  /* "xn--uorz58b8p0bpwa.biz", true */ 'x', 'n', '-', '-', 'u', 'o', 'r', 'z', '5', '8', 'b', '8', 'p', '0', 'b', 'p', 'w', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "xn--v-wfa35g.ro", true */ 'x', 'n', '-', '-', 'v', '-', 'w', 'f', 'a', '3', '5', 'g', '.', 'r', 'o', '\0',
+  /* "xn--v6q426ishax2a.xyz", true */ 'x', 'n', '-', '-', 'v', '6', 'q', '4', '2', '6', 'i', 's', 'h', 'a', 'x', '2', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "xn--vck8crc010pu14e.biz", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', '0', '1', '0', 'p', 'u', '1', '4', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "xn--vck8crc655y34ioha.net", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', '6', '5', '5', 'y', '3', '4', 'i', 'o', 'h', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xn--vck8crcu789ajtaj92eura.xyz", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', 'u', '7', '8', '9', 'a', 'j', 't', 'a', 'j', '9', '2', 'e', 'u', 'r', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "xn--werner-schffer-fib.de", true */ 'x', 'n', '-', '-', 'w', 'e', 'r', 'n', 'e', 'r', '-', 's', 'c', 'h', 'f', 'f', 'e', 'r', '-', 'f', 'i', 'b', '.', 'd', 'e', '\0',
+  /* "xn--xz1a.jp", true */ 'x', 'n', '-', '-', 'x', 'z', '1', 'a', '.', 'j', 'p', '\0',
+  /* "xn--y8j148r.xn--q9jyb4c", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '1', '4', '8', 'r', '.', 'x', 'n', '-', '-', 'q', '9', 'j', 'y', 'b', '4', 'c', '\0',
+  /* "xn--y8j2eb5631a4qf5n0h.com", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '2', 'e', 'b', '5', '6', '3', '1', 'a', '4', 'q', 'f', '5', 'n', '0', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xn--y8j5gq14rbdd.net", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '5', 'g', 'q', '1', '4', 'r', 'b', 'd', 'd', '.', 'n', 'e', 't', '\0',
+  /* "xn--zettlmeil-n1a.de", true */ 'x', 'n', '-', '-', 'z', 'e', 't', 't', 'l', 'm', 'e', 'i', 'l', '-', 'n', '1', 'a', '.', 'd', 'e', '\0',
+  /* "xn5.de", true */ 'x', 'n', '5', '.', 'd', 'e', '\0',
+  /* "xnaas.info", true */ 'x', 'n', 'a', 'a', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "xnet-x.net", true */ 'x', 'n', 'e', 't', '-', 'x', '.', 'n', 'e', 't', '\0',
+  /* "xng.io", true */ 'x', 'n', 'g', '.', 'i', 'o', '\0',
+  /* "xninja.xyz", true */ 'x', 'n', 'i', 'n', 'j', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "xnode.org", true */ 'x', 'n', 'o', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "xntrik.wtf", true */ 'x', 'n', 't', 'r', 'i', 'k', '.', 'w', 't', 'f', '\0',
+  /* "xo.tc", true */ 'x', 'o', '.', 't', 'c', '\0',
+  /* "xolphin.nl", true */ 'x', 'o', 'l', 'p', 'h', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "xombitgames.com", true */ 'x', 'o', 'm', 'b', 'i', 't', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xombitmusic.com", true */ 'x', 'o', 'm', 'b', 'i', 't', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "xonn.de", true */ 'x', 'o', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "xotika.tv", true */ 'x', 'o', 't', 'i', 'k', 'a', '.', 't', 'v', '\0',
+  /* "xp2.de", true */ 'x', 'p', '2', '.', 'd', 'e', '\0',
+  /* "xpd.se", true */ 'x', 'p', 'd', '.', 's', 'e', '\0',
+  /* "xpenology-fr.net", true */ 'x', 'p', 'e', 'n', 'o', 'l', 'o', 'g', 'y', '-', 'f', 'r', '.', 'n', 'e', 't', '\0',
+  /* "xperidia.com", true */ 'x', 'p', 'e', 'r', 'i', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xpj.bet", true */ 'x', 'p', 'j', '.', 'b', 'e', 't', '\0',
+  /* "xpjcunkuan.com", true */ 'x', 'p', 'j', 'c', 'u', 'n', 'k', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xpletus.nl", true */ 'x', 'p', 'l', 'e', 't', 'u', 's', '.', 'n', 'l', '\0',
+  /* "xplore-dna.net", true */ 'x', 'p', 'l', 'o', 'r', 'e', '-', 'd', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xpressprint.com.br", true */ 'x', 'p', 'r', 'e', 's', 's', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "xps2pdf.co.uk", true */ 'x', 'p', 's', '2', 'p', 'd', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "xqin.net", true */ 'x', 'q', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xr.cx", true */ 'x', 'r', '.', 'c', 'x', '\0',
+  /* "xrippedhd.com", true */ 'x', 'r', 'i', 'p', 'p', 'e', 'd', 'h', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xrockx.de", true */ 'x', 'r', 'o', 'c', 'k', 'x', '.', 'd', 'e', '\0',
+  /* "xroot.org", true */ 'x', 'r', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0',
+  /* "xs2a.no", true */ 'x', 's', '2', 'a', '.', 'n', 'o', '\0',
+  /* "xscancun.com", true */ 'x', 's', 'c', 'a', 'n', 'c', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xscapers.com", true */ 'x', 's', 'c', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xsmobile.de", true */ 'x', 's', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "xss.ht", true */ 'x', 's', 's', '.', 'h', 't', '\0',
+  /* "xss.sk", true */ 'x', 's', 's', '.', 's', 'k', '\0',
+  /* "xsstime.nl", true */ 'x', 's', 's', 't', 'i', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "xsyds.cn", true */ 'x', 's', 'y', 'd', 's', '.', 'c', 'n', '\0',
+  /* "xsz.jp", true */ 'x', 's', 'z', '.', 'j', 'p', '\0',
+  /* "xt.om", true */ 'x', 't', '.', 'o', 'm', '\0',
+  /* "xtarget.ru", true */ 'x', 't', 'a', 'r', 'g', 'e', 't', '.', 'r', 'u', '\0',
+  /* "xtom.chat", true */ 'x', 't', 'o', 'm', '.', 'c', 'h', 'a', 't', '\0',
+  /* "xtom.com", true */ 'x', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "xtom.com.hk", true */ 'x', 't', 'o', 'm', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "xtom.io", true */ 'x', 't', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "xtreme-servers.eu", true */ 'x', 't', 'r', 'e', 'm', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "xtremebouncepartyhire.com.au", true */ 'x', 't', 'r', 'e', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "xtremegaming.it", true */ 'x', 't', 'r', 'e', 'm', 'e', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'i', 't', '\0',
+  /* "xtronics.com", true */ 'x', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xts.bike", true */ 'x', 't', 's', '.', 'b', 'i', 'k', 'e', '\0',
+  /* "xts3636.net", true */ 'x', 't', 's', '3', '6', '3', '6', '.', 'n', 'e', 't', '\0',
+  /* "xtu2.com", true */ 'x', 't', 'u', '2', '.', 'c', 'o', 'm', '\0',
+  /* "xtzone.be", true */ 'x', 't', 'z', 'o', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "xuab.net", true */ 'x', 'u', 'a', 'b', '.', 'n', 'e', 't', '\0',
+  /* "xubo666.com", true */ 'x', 'u', 'b', 'o', '6', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "xuc.me", true */ 'x', 'u', 'c', '.', 'm', 'e', '\0',
+  /* "xuming.studio", true */ 'x', 'u', 'm', 'i', 'n', 'g', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "xuntier.ch", true */ 'x', 'u', 'n', 't', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "xupeng.me", true */ 'x', 'u', 'p', 'e', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "xuri.me", false */ 'x', 'u', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "xvt-blog.tk", true */ 'x', 'v', 't', '-', 'b', 'l', 'o', 'g', '.', 't', 'k', '\0',
+  /* "xwalck.se", true */ 'x', 'w', 'a', 'l', 'c', 'k', '.', 's', 'e', '\0',
+  /* "xx0r.eu", true */ 'x', 'x', '0', 'r', '.', 'e', 'u', '\0',
+  /* "xxffo.com", true */ 'x', 'x', 'f', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "xxiz.com", true */ 'x', 'x', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "xxx3dbdsm.com", true */ 'x', 'x', 'x', '3', 'd', 'b', 'd', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "xxxladyboysporn.com", true */ 'x', 'x', 'x', 'l', 'a', 'd', 'y', 'b', 'o', 'y', 's', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xyfun.net", true */ 'x', 'y', 'f', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xyndrac.net", true */ 'x', 'y', 'n', 'd', 'r', 'a', 'c', '.', 'n', 'e', 't', '\0',
+  /* "xyngular-health.com", true */ 'x', 'y', 'n', 'g', 'u', 'l', 'a', 'r', '-', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xynta.ch", true */ 'x', 'y', 'n', 't', 'a', '.', 'c', 'h', '\0',
+  /* "xyyp.mn", true */ 'x', 'y', 'y', 'p', '.', 'm', 'n', '\0',
+  /* "xyzulu.hosting", true */ 'x', 'y', 'z', 'u', 'l', 'u', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "xzclip.cn", true */ 'x', 'z', 'c', 'l', 'i', 'p', '.', 'c', 'n', '\0',
+  /* "y11n.net", true */ 'y', '1', '1', 'n', '.', 'n', 'e', 't', '\0',
+  /* "yaay.com.br", true */ 'y', 'a', 'a', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "yabuisha.jp", true */ 'y', 'a', 'b', 'u', 'i', 's', 'h', 'a', '.', 'j', 'p', '\0',
+  /* "yaccin.com", true */ 'y', 'a', 'c', 'c', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yachigoya.com", true */ 'y', 'a', 'c', 'h', 'i', 'g', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yacobo.com", true */ 'y', 'a', 'c', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yado-furu.com", true */ 'y', 'a', 'd', 'o', '-', 'f', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "yafuoku.ru", true */ 'y', 'a', 'f', 'u', 'o', 'k', 'u', '.', 'r', 'u', '\0',
+  /* "yagihiro.tech", true */ 'y', 'a', 'g', 'i', 'h', 'i', 'r', 'o', '.', 't', 'e', 'c', 'h', '\0',
+  /* "yaharu.ru", true */ 'y', 'a', 'h', 'a', 'r', 'u', '.', 'r', 'u', '\0',
+  /* "yahvehyireh.com", true */ 'y', 'a', 'h', 'v', 'e', 'h', 'y', 'i', 'r', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "yak.is", true */ 'y', 'a', 'k', '.', 'i', 's', '\0',
+  /* "yakaz.com", true */ 'y', 'a', 'k', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "yakmade.com", true */ 'y', 'a', 'k', 'm', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "yakmoo.se", true */ 'y', 'a', 'k', 'm', 'o', 'o', '.', 's', 'e', '\0',
+  /* "yal.sh", true */ 'y', 'a', 'l', '.', 's', 'h', '\0',
+  /* "yalla.jp", true */ 'y', 'a', 'l', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "yallamotor.com", true */ 'y', 'a', 'l', 'l', 'a', 'm', 'o', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yalook.com", true */ 'y', 'a', 'l', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "yama.su", true */ 'y', 'a', 'm', 'a', '.', 's', 'u', '\0',
+  /* "yamadaya.tv", true */ 'y', 'a', 'm', 'a', 'd', 'a', 'y', 'a', '.', 't', 'v', '\0',
+  /* "yamaken.jp", true */ 'y', 'a', 'm', 'a', 'k', 'e', 'n', '.', 'j', 'p', '\0',
+  /* "yamashita-clinic.org", true */ 'y', 'a', 'm', 'a', 's', 'h', 'i', 't', 'a', '-', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "yame2.com", true */ 'y', 'a', 'm', 'e', '2', '.', 'c', 'o', 'm', '\0',
+  /* "yamm.io", true */ 'y', 'a', 'm', 'm', '.', 'i', 'o', '\0',
+  /* "yanaduday.com", true */ 'y', 'a', 'n', 'a', 'd', 'u', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yandere.moe", true */ 'y', 'a', 'n', 'd', 'e', 'r', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "yangjingwen.cn", true */ 'y', 'a', 'n', 'g', 'j', 'i', 'n', 'g', 'w', 'e', 'n', '.', 'c', 'n', '\0',
+  /* "yanngraf.ch", true */ 'y', 'a', 'n', 'n', 'g', 'r', 'a', 'f', '.', 'c', 'h', '\0',
+  /* "yanngraf.com", true */ 'y', 'a', 'n', 'n', 'g', 'r', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "yanovich.net", true */ 'y', 'a', 'n', 'o', 'v', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "yanqiyu.info", true */ 'y', 'a', 'n', 'q', 'i', 'y', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yantrasthal.com", true */ 'y', 'a', 'n', 't', 'r', 'a', 's', 't', 'h', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "yaoidreams.com", true */ 'y', 'a', 'o', 'i', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yapbreak.fr", true */ 'y', 'a', 'p', 'b', 'r', 'e', 'a', 'k', '.', 'f', 'r', '\0',
+  /* "yarcom.ru", false */ 'y', 'a', 'r', 'c', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "yarogneva.ru", true */ 'y', 'a', 'r', 'o', 'g', 'n', 'e', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "yarravilletownhouses.com.au", true */ 'y', 'a', 'r', 'r', 'a', 'v', 'i', 'l', 'l', 'e', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "yaru.one", true */ 'y', 'a', 'r', 'u', '.', 'o', 'n', 'e', '\0',
+  /* "yatesun.com", true */ 'y', 'a', 't', 'e', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yatorie.net", true */ 'y', 'a', 't', 'o', 'r', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "yatsuenpoon.com", true */ 'y', 'a', 't', 's', 'u', 'e', 'n', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yaup.tk", true */ 'y', 'a', 'u', 'p', '.', 't', 'k', '\0',
+  /* "yawen.tw", true */ 'y', 'a', 'w', 'e', 'n', '.', 't', 'w', '\0',
+  /* "yawnbox.com", true */ 'y', 'a', 'w', 'n', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "yaxim.org", true */ 'y', 'a', 'x', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "ybin.me", true */ 'y', 'b', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "ybresson.com", true */ 'y', 'b', 'r', 'e', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ybsul.com", true */ 'y', 'b', 's', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ybti.net", true */ 'y', 'b', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "ycaaz.com", true */ 'y', 'c', 'a', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "ych.art", true */ 'y', 'c', 'h', '.', 'a', 'r', 't', '\0',
+  /* "ychon.com", true */ 'y', 'c', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ychong.com", true */ 'y', 'c', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yclan.net", true */ 'y', 'c', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "yeapdata.com", true */ 'y', 'e', 'a', 'p', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yeesker.com", true */ 'y', 'e', 'e', 's', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yellowpages.ee", true */ 'y', 'e', 'l', 'l', 'o', 'w', 'p', 'a', 'g', 'e', 's', '.', 'e', 'e', '\0',
+  /* "yelp.at", true */ 'y', 'e', 'l', 'p', '.', 'a', 't', '\0',
+  /* "yelp.be", true */ 'y', 'e', 'l', 'p', '.', 'b', 'e', '\0',
+  /* "yelp.ca", true */ 'y', 'e', 'l', 'p', '.', 'c', 'a', '\0',
+  /* "yelp.ch", true */ 'y', 'e', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "yelp.cl", true */ 'y', 'e', 'l', 'p', '.', 'c', 'l', '\0',
+  /* "yelp.co.jp", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "yelp.co.nz", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "yelp.co.uk", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yelp.com", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yelp.com.ar", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "yelp.com.au", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "yelp.com.br", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "yelp.com.hk", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "yelp.com.mx", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "yelp.com.ph", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "yelp.com.sg", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "yelp.com.tr", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "yelp.com.tw", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "yelp.cz", true */ 'y', 'e', 'l', 'p', '.', 'c', 'z', '\0',
+  /* "yelp.de", true */ 'y', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "yelp.dk", true */ 'y', 'e', 'l', 'p', '.', 'd', 'k', '\0',
+  /* "yelp.es", true */ 'y', 'e', 'l', 'p', '.', 'e', 's', '\0',
+  /* "yelp.fi", true */ 'y', 'e', 'l', 'p', '.', 'f', 'i', '\0',
+  /* "yelp.fr", true */ 'y', 'e', 'l', 'p', '.', 'f', 'r', '\0',
+  /* "yelp.ie", true */ 'y', 'e', 'l', 'p', '.', 'i', 'e', '\0',
+  /* "yelp.it", true */ 'y', 'e', 'l', 'p', '.', 'i', 't', '\0',
+  /* "yelp.my", true */ 'y', 'e', 'l', 'p', '.', 'm', 'y', '\0',
+  /* "yelp.nl", true */ 'y', 'e', 'l', 'p', '.', 'n', 'l', '\0',
+  /* "yelp.no", true */ 'y', 'e', 'l', 'p', '.', 'n', 'o', '\0',
+  /* "yelp.pl", true */ 'y', 'e', 'l', 'p', '.', 'p', 'l', '\0',
+  /* "yelp.pt", true */ 'y', 'e', 'l', 'p', '.', 'p', 't', '\0',
+  /* "yelp.se", true */ 'y', 'e', 'l', 'p', '.', 's', 'e', '\0',
+  /* "yemalu.com", true */ 'y', 'e', 'm', 'a', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "yemektarifleri.com", true */ 'y', 'e', 'm', 'e', 'k', 't', 'a', 'r', 'i', 'f', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "yennhi.co", true */ 'y', 'e', 'n', 'n', 'h', 'i', '.', 'c', 'o', '\0',
+  /* "yep-pro.ch", true */ 'y', 'e', 'p', '-', 'p', 'r', 'o', '.', 'c', 'h', '\0',
+  /* "yepbitcoin.com", true */ 'y', 'e', 'p', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yephy.com", true */ 'y', 'e', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yesiammaisey.me", true */ 'y', 'e', 's', 'i', 'a', 'm', 'm', 'a', 'i', 's', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "yeswehack.com", true */ 'y', 'e', 's', 'w', 'e', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "yetii.net", true */ 'y', 'e', 't', 'i', 'i', '.', 'n', 'e', 't', '\0',
+  /* "yetzt.me", false */ 'y', 'e', 't', 'z', 't', '.', 'm', 'e', '\0',
+  /* "yeu.io", true */ 'y', 'e', 'u', '.', 'i', 'o', '\0',
+  /* "yfengs.moe", true */ 'y', 'f', 'e', 'n', 'g', 's', '.', 'm', 'o', 'e', '\0',
+  /* "yhaupenthal.org", true */ 'y', 'h', 'a', 'u', 'p', 'e', 'n', 't', 'h', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "yhb.io", true */ 'y', 'h', 'b', '.', 'i', 'o', '\0',
+  /* "yhong.me", true */ 'y', 'h', 'o', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "yhwj.top", true */ 'y', 'h', 'w', 'j', '.', 't', 'o', 'p', '\0',
+  /* "yibaoweilong.top", true */ 'y', 'i', 'b', 'a', 'o', 'w', 'e', 'i', 'l', 'o', 'n', 'g', '.', 't', 'o', 'p', '\0',
+  /* "yicknam.my", true */ 'y', 'i', 'c', 'k', 'n', 'a', 'm', '.', 'm', 'y', '\0',
+  /* "yii2.cc", true */ 'y', 'i', 'i', '2', '.', 'c', 'c', '\0',
+  /* "yikeyong.com", true */ 'y', 'i', 'k', 'e', 'y', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yin8888.tv", true */ 'y', 'i', 'n', '8', '8', '8', '8', '.', 't', 'v', '\0',
+  /* "yinfor.com", true */ 'y', 'i', 'n', 'f', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yinga.ga", true */ 'y', 'i', 'n', 'g', 'a', '.', 'g', 'a', '\0',
+  /* "yingatech.com", true */ 'y', 'i', 'n', 'g', 'a', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "yinglinda.love", true */ 'y', 'i', 'n', 'g', 'l', 'i', 'n', 'd', 'a', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "yinlei.org", true */ 'y', 'i', 'n', 'l', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "yiyuanzhong.com", true */ 'y', 'i', 'y', 'u', 'a', 'n', 'z', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yiz96.com", true */ 'y', 'i', 'z', '9', '6', '.', 'c', 'o', 'm', '\0',
+  /* "yjsoft.me", true */ 'y', 'j', 's', 'o', 'f', 't', '.', 'm', 'e', '\0',
+  /* "yjsw.sh.cn", true */ 'y', 'j', 's', 'w', '.', 's', 'h', '.', 'c', 'n', '\0',
+  /* "yksityisyydensuoja.fi", true */ 'y', 'k', 's', 'i', 't', 'y', 'i', 's', 'y', 'y', 'd', 'e', 'n', 's', 'u', 'o', 'j', 'a', '.', 'f', 'i', '\0',
+  /* "ylilauta.org", true */ 'y', 'l', 'i', 'l', 'a', 'u', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ylinternal.com", true */ 'y', 'l', 'i', 'n', 't', 'e', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ymarion.de", true */ 'y', 'm', 'a', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "ymblaw.com", true */ 'y', 'm', 'b', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "ympl.de", true */ 'y', 'm', 'p', 'l', '.', 'd', 'e', '\0',
+  /* "ymtsonline.org", true */ 'y', 'm', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ynode.com", true */ 'y', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "yobai-grouprec.jp", true */ 'y', 'o', 'b', 'a', 'i', '-', 'g', 'r', 'o', 'u', 'p', 'r', 'e', 'c', '.', 'j', 'p', '\0',
+  /* "yobai28.com", true */ 'y', 'o', 'b', 'a', 'i', '2', '8', '.', 'c', 'o', 'm', '\0',
+  /* "yobbelwobbel.de", true */ 'y', 'o', 'b', 'b', 'e', 'l', 'w', 'o', 'b', 'b', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "yobify.com", true */ 'y', 'o', 'b', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yoga-prive.de", true */ 'y', 'o', 'g', 'a', '-', 'p', 'r', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "yoga-school.xyz", true */ 'y', 'o', 'g', 'a', '-', 's', 'c', 'h', 'o', 'o', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "yoga-schwerin.de", true */ 'y', 'o', 'g', 'a', '-', 's', 'c', 'h', 'w', 'e', 'r', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "yoga-sky.de", true */ 'y', 'o', 'g', 'a', '-', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "yoga-zentrum-narayani.de", true */ 'y', 'o', 'g', 'a', '-', 'z', 'e', 'n', 't', 'r', 'u', 'm', '-', 'n', 'a', 'r', 'a', 'y', 'a', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "yogabhawnamission.com", true */ 'y', 'o', 'g', 'a', 'b', 'h', 'a', 'w', 'n', 'a', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yogananda-roma.org", true */ 'y', 'o', 'g', 'a', 'n', 'a', 'n', 'd', 'a', '-', 'r', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "yogaschoolrishikesh.com", true */ 'y', 'o', 'g', 'a', 's', 'c', 'h', 'o', 'o', 'l', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "yogoeasy.com", true */ 'y', 'o', 'g', 'o', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yoibyoin.info", true */ 'y', 'o', 'i', 'b', 'y', 'o', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yoimise.net", true */ 'y', 'o', 'i', 'm', 'i', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "yoitoko.city", true */ 'y', 'o', 'i', 't', 'o', 'k', 'o', '.', 'c', 'i', 't', 'y', '\0',
+  /* "yoitsu.moe", true */ 'y', 'o', 'i', 't', 's', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "yokohama-legaloffice.jp", true */ 'y', 'o', 'k', 'o', 'h', 'a', 'm', 'a', '-', 'l', 'e', 'g', 'a', 'l', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'j', 'p', '\0',
+  /* "yolo.jetzt", true */ 'y', 'o', 'l', 'o', '.', 'j', 'e', 't', 'z', 't', '\0',
+  /* "yolobert.de", true */ 'y', 'o', 'l', 'o', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "yolocelebs.com", false */ 'y', 'o', 'l', 'o', 'c', 'e', 'l', 'e', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yolops.net", true */ 'y', 'o', 'l', 'o', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "yombo.net", true */ 'y', 'o', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yomena.in", true */ 'y', 'o', 'm', 'e', 'n', 'a', '.', 'i', 'n', '\0',
+  /* "yoonas.com", true */ 'y', 'o', 'o', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yooooex.com", true */ 'y', 'o', 'o', 'o', 'o', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "yoramvandevelde.net", true */ 'y', 'o', 'r', 'a', 'm', 'v', 'a', 'n', 'd', 'e', 'v', 'e', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "yorcom.nl", false */ 'y', 'o', 'r', 'c', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "yorcool.nl", true */ 'y', 'o', 'r', 'c', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "yorkshiredalesinflatables.co.uk", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 'd', 'a', 'l', 'e', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yorkshireinflatables.co.uk", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yorkshireterrier.com.br", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "yorname.ml", true */ 'y', 'o', 'r', 'n', 'a', 'm', 'e', '.', 'm', 'l', '\0',
+  /* "yosbeda.com", true */ 'y', 'o', 's', 'b', 'e', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yosemo.de", true */ 'y', 'o', 's', 'e', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "yosheenetwork.fr", true */ 'y', 'o', 's', 'h', 'e', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'f', 'r', '\0',
+  /* "yoshibaworks.com", true */ 'y', 'o', 's', 'h', 'i', 'b', 'a', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yoshitsugu.net", true */ 'y', 'o', 's', 'h', 'i', 't', 's', 'u', 'g', 'u', '.', 'n', 'e', 't', '\0',
+  /* "yospos.org", true */ 'y', 'o', 's', 'p', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "yoticonnections.com", true */ 'y', 'o', 't', 'i', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yotilab.com", true */ 'y', 'o', 't', 'i', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "yotta-zetta.com", true */ 'y', 'o', 't', 't', 'a', '-', 'z', 'e', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yotubaiotona.net", true */ 'y', 'o', 't', 'u', 'b', 'a', 'i', 'o', 't', 'o', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "youcancraft.de", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'c', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "youcanfuckoff.xyz", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'f', 'u', 'c', 'k', 'o', 'f', 'f', '.', 'x', 'y', 'z', '\0',
+  /* "youcanmakeit.at", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'm', 'a', 'k', 'e', 'i', 't', '.', 'a', 't', '\0',
+  /* "youcruit.com", true */ 'y', 'o', 'u', 'c', 'r', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "youdamom.com", false */ 'y', 'o', 'u', 'd', 'a', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "youdowell.com", true */ 'y', 'o', 'u', 'd', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "youdungoofd.com", true */ 'y', 'o', 'u', 'd', 'u', 'n', 'g', 'o', 'o', 'f', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "youftp.tk", true */ 'y', 'o', 'u', 'f', 't', 'p', '.', 't', 'k', '\0',
+  /* "yougee.ml", true */ 'y', 'o', 'u', 'g', 'e', 'e', '.', 'm', 'l', '\0',
+  /* "youhacked.me", true */ 'y', 'o', 'u', 'h', 'a', 'c', 'k', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "youhavewords.com", true */ 'y', 'o', 'u', 'h', 'a', 'v', 'e', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "youhua.ru", true */ 'y', 'o', 'u', 'h', 'u', 'a', '.', 'r', 'u', '\0',
+  /* "youkaryote.com", true */ 'y', 'o', 'u', 'k', 'a', 'r', 'y', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "youkaryote.org", true */ 'y', 'o', 'u', 'k', 'a', 'r', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "youkok2.com", true */ 'y', 'o', 'u', 'k', 'o', 'k', '2', '.', 'c', 'o', 'm', '\0',
+  /* "youlend.com", true */ 'y', 'o', 'u', 'l', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "youmonit.me", true */ 'y', 'o', 'u', 'm', 'o', 'n', 'i', 't', '.', 'm', 'e', '\0',
+  /* "youms.de", true */ 'y', 'o', 'u', 'm', 's', '.', 'd', 'e', '\0',
+  /* "young-sheldon.com", true */ 'y', 'o', 'u', 'n', 'g', '-', 's', 'h', 'e', 'l', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "youngdogs.org", true */ 'y', 'o', 'u', 'n', 'g', 'd', 'o', 'g', 's', '.', 'o', 'r', 'g', '\0',
+  /* "youngfree.cn", true */ 'y', 'o', 'u', 'n', 'g', 'f', 'r', 'e', 'e', '.', 'c', 'n', '\0',
+  /* "youngsook.com", true */ 'y', 'o', 'u', 'n', 'g', 's', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "youngsook.org", true */ 'y', 'o', 'u', 'n', 'g', 's', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "youpark.no", true */ 'y', 'o', 'u', 'p', 'a', 'r', 'k', '.', 'n', 'o', '\0',
+  /* "youran.me", true */ 'y', 'o', 'u', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "yourciso.com", true */ 'y', 'o', 'u', 'r', 'c', 'i', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yourcopywriter.it", true */ 'y', 'o', 'u', 'r', 'c', 'o', 'p', 'y', 'w', 'r', 'i', 't', 'e', 'r', '.', 'i', 't', '\0',
+  /* "yourdaddy.dk", true */ 'y', 'o', 'u', 'r', 'd', 'a', 'd', 'd', 'y', '.', 'd', 'k', '\0',
+  /* "yourforex.org", true */ 'y', 'o', 'u', 'r', 'f', 'o', 'r', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "yourgames.tv", true */ 'y', 'o', 'u', 'r', 'g', 'a', 'm', 'e', 's', '.', 't', 'v', '\0',
+  /* "yoursbookstore.jp", true */ 'y', 'o', 'u', 'r', 's', 'b', 'o', 'o', 'k', 's', 't', 'o', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "yourself.today", true */ 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "yourticketbooking.com", true */ 'y', 'o', 'u', 'r', 't', 'i', 'c', 'k', 'e', 't', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "youruseragent.info", true */ 'y', 'o', 'u', 'r', 'u', 's', 'e', 'r', 'a', 'g', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yout.com", true */ 'y', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "youth2009.org", true */ 'y', 'o', 'u', 't', 'h', '2', '0', '0', '9', '.', 'o', 'r', 'g', '\0',
+  /* "youtous.me", true */ 'y', 'o', 'u', 't', 'o', 'u', 's', '.', 'm', 'e', '\0',
+  /* "youtsuu-raku.com", true */ 'y', 'o', 'u', 't', 's', 'u', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "youtube.com", true */ 'y', 'o', 'u', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "youtubedownloader.com", true */ 'y', 'o', 'u', 't', 'u', 'b', 'e', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "youwatchporn.com", true */ 'y', 'o', 'u', 'w', 'a', 't', 'c', 'h', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yoxall.me.uk", true */ 'y', 'o', 'x', 'a', 'l', 'l', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "yoyoost.duckdns.org", true */ 'y', 'o', 'y', 'o', 'o', 's', 't', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ypart.eu", true */ 'y', 'p', 'a', 'r', 't', '.', 'e', 'u', '\0',
+  /* "ypcs.fi", true */ 'y', 'p', 'c', 's', '.', 'f', 'i', '\0',
+  /* "ypid.de", true */ 'y', 'p', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "yplanapp.com", true */ 'y', 'p', 'l', 'a', 'n', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yqjf68.com", true */ 'y', 'q', 'j', 'f', '6', '8', '.', 'c', 'o', 'm', '\0',
+  /* "yr166166.com", true */ 'y', 'r', '1', '6', '6', '1', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "yryz.net", true */ 'y', 'r', 'y', 'z', '.', 'n', 'e', 't', '\0',
+  /* "ys-shop.biz", true */ 'y', 's', '-', 's', 'h', 'o', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "ysicorp.com", true */ 'y', 's', 'i', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yslbeauty.com", true */ 'y', 's', 'l', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ytb.zone", true */ 'y', 't', 'b', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "ytbmp3.com", true */ 'y', 't', 'b', 'm', 'p', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ytbmp4.com", true */ 'y', 't', 'b', 'm', 'p', '4', '.', 'c', 'o', 'm', '\0',
+  /* "ytec.ca", true */ 'y', 't', 'e', 'c', '.', 'c', 'a', '\0',
+  /* "ythyth.com", true */ 'y', 't', 'h', 'y', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ytpak.com", true */ 'y', 't', 'p', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ytpak.pk", true */ 'y', 't', 'p', 'a', 'k', '.', 'p', 'k', '\0',
+  /* "ytreza.fr", true */ 'y', 't', 'r', 'e', 'z', 'a', '.', 'f', 'r', '\0',
+  /* "ytuquelees.net", true */ 'y', 't', 'u', 'q', 'u', 'e', 'l', 'e', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "yu.gg", false */ 'y', 'u', '.', 'g', 'g', '\0',
+  /* "yu.vc", true */ 'y', 'u', '.', 'v', 'c', '\0',
+  /* "yuan.ga", true */ 'y', 'u', 'a', 'n', '.', 'g', 'a', '\0',
+  /* "yuanben.io", true */ 'y', 'u', 'a', 'n', 'b', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "yuanbenlian.com", true */ 'y', 'u', 'a', 'n', 'b', 'e', 'n', 'l', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yubi.co", true */ 'y', 'u', 'b', 'i', '.', 'c', 'o', '\0',
+  /* "yubicloud.io", true */ 'y', 'u', 'b', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'i', 'o', '\0',
+  /* "yubico.ae", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'a', 'e', '\0',
+  /* "yubico.at", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'a', 't', '\0',
+  /* "yubico.be", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'b', 'e', '\0',
+  /* "yubico.biz", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "yubico.cloud", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "yubico.co.in", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "yubico.co.uk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yubico.com", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yubico.dk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'd', 'k', '\0',
+  /* "yubico.es", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'e', 's', '\0',
+  /* "yubico.fi", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'f', 'i', '\0',
+  /* "yubico.in", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "yubico.info", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yubico.io", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'o', '\0',
+  /* "yubico.mobi", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "yubico.net", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yubico.online", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "yubico.org", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "yubico.sg", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 's', 'g', '\0',
+  /* "yubico.uk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yubico.us", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'u', 's', '\0',
+  /* "yubicodemo.com", true */ 'y', 'u', 'b', 'i', 'c', 'o', 'd', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yubikey.ae", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 'e', '\0',
+  /* "yubikey.asia", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 's', 'i', 'a', '\0',
+  /* "yubikey.at", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 't', '\0',
+  /* "yubikey.com", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yubikey.dk", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'd', 'k', '\0',
+  /* "yubikey.fi", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'f', 'i', '\0',
+  /* "yubikey.io", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "yubikey.org", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "yubikey.sg", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 's', 'g', '\0',
+  /* "yubikey.us", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'u', 's', '\0',
+  /* "yubiking.com", true */ 'y', 'u', 'b', 'i', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yue.la", true */ 'y', 'u', 'e', '.', 'l', 'a', '\0',
+  /* "yue2.net", true */ 'y', 'u', 'e', '2', '.', 'n', 'e', 't', '\0',
+  /* "yugege.cf", true */ 'y', 'u', 'g', 'e', 'g', 'e', '.', 'c', 'f', '\0',
+  /* "yuhuo.org", true */ 'y', 'u', 'h', 'u', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "yuka.one", true */ 'y', 'u', 'k', 'a', '.', 'o', 'n', 'e', '\0',
+  /* "yuki.xyz", true */ 'y', 'u', 'k', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "yukonconnector.com", true */ 'y', 'u', 'k', 'o', 'n', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yukonlip.com", true */ 'y', 'u', 'k', 'o', 'n', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yukontec.com", true */ 'y', 'u', 'k', 'o', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "yumeconcert.com", true */ 'y', 'u', 'm', 'e', 'c', 'o', 'n', 'c', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "yuna.love", true */ 'y', 'u', 'n', 'a', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "yuna.tg", true */ 'y', 'u', 'n', 'a', '.', 't', 'g', '\0',
+  /* "yunity.org", true */ 'y', 'u', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "yunjishou.pro", true */ 'y', 'u', 'n', 'j', 'i', 's', 'h', 'o', 'u', '.', 'p', 'r', 'o', '\0',
+  /* "yuricarlenzoli.it", true */ 'y', 'u', 'r', 'i', 'c', 'a', 'r', 'l', 'e', 'n', 'z', 'o', 'l', 'i', '.', 'i', 't', '\0',
+  /* "yurikirin.me", true */ 'y', 'u', 'r', 'i', 'k', 'i', 'r', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "yurimoens.be", true */ 'y', 'u', 'r', 'i', 'm', 'o', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "yurinet.org", true */ 'y', 'u', 'r', 'i', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "yusa.me", true */ 'y', 'u', 's', 'a', '.', 'm', 'e', '\0',
+  /* "yutakato.net", true */ 'y', 'u', 't', 'a', 'k', 'a', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yutangyun.com", true */ 'y', 'u', 't', 'a', 'n', 'g', 'y', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yutuo.net", true */ 'y', 'u', 't', 'u', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yuwei.org", true */ 'y', 'u', 'w', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "yuxingxin.com", true */ 'y', 'u', 'x', 'i', 'n', 'g', 'x', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yuxuan.org", true */ 'y', 'u', 'x', 'u', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "yuyu.io", true */ 'y', 'u', 'y', 'u', '.', 'i', 'o', '\0',
+  /* "yuzu.tk", true */ 'y', 'u', 'z', 'u', '.', 't', 'k', '\0',
+  /* "yveshield.com", true */ 'y', 'v', 'e', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "yveslegendre.fr", true */ 'y', 'v', 'e', 's', 'l', 'e', 'g', 'e', 'n', 'd', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "yvesx.com", true */ 'y', 'v', 'e', 's', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "yvonnehaeusser.de", true */ 'y', 'v', 'o', 'n', 'n', 'e', 'h', 'a', 'e', 'u', 's', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "yyc.city", true */ 'y', 'y', 'c', '.', 'c', 'i', 't', 'y', '\0',
+  /* "yyyy.xyz", true */ 'y', 'y', 'y', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "yzimroni.net", true */ 'y', 'z', 'i', 'm', 'r', 'o', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "z-coder.com", true */ 'z', '-', 'c', 'o', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "z-konzept-nutrition.ru", true */ 'z', '-', 'k', 'o', 'n', 'z', 'e', 'p', 't', '-', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "z-vector.com", true */ 'z', '-', 'v', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "z.ai", true */ 'z', '.', 'a', 'i', '\0',
+  /* "z0rro.net", true */ 'z', '0', 'r', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "z1h.de", true */ 'z', '1', 'h', '.', 'd', 'e', '\0',
+  /* "z33.ch", true */ 'z', '3', '3', '.', 'c', 'h', '\0',
+  /* "z4k.de", true */ 'z', '4', 'k', '.', 'd', 'e', '\0',
+  /* "z99944x.xyz", true */ 'z', '9', '9', '9', '4', '4', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "za.search.yahoo.com", false */ 'z', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zaalleatherwear.nl", false */ 'z', 'a', 'a', 'l', 'l', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'e', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "zabszk.net", true */ 'z', 'a', 'b', 's', 'z', 'k', '.', 'n', 'e', 't', '\0',
+  /* "zabukovnik.net", true */ 'z', 'a', 'b', 'u', 'k', 'o', 'v', 'n', 'i', 'k', '.', 'n', 'e', 't', '\0',
+  /* "zacarias.com.ar", true */ 'z', 'a', 'c', 'a', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "zacavi.com.br", true */ 'z', 'a', 'c', 'a', 'v', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zach.codes", true */ 'z', 'a', 'c', 'h', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "zacharopoulos.eu", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'e', 'u', '\0',
+  /* "zacharopoulos.me", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'm', 'e', '\0',
+  /* "zacharopoulos.org", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "zachaysan.com", true */ 'z', 'a', 'c', 'h', 'a', 'y', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zachborboa.com", true */ 'z', 'a', 'c', 'h', 'b', 'o', 'r', 'b', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zachgibbens.org", true */ 'z', 'a', 'c', 'h', 'g', 'i', 'b', 'b', 'e', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "zachpeters.org", true */ 'z', 'a', 'c', 'h', 'p', 'e', 't', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "zaclys.com", true */ 'z', 'a', 'c', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zadarkside.ro", true */ 'z', 'a', 'd', 'a', 'r', 'k', 's', 'i', 'd', 'e', '.', 'r', 'o', '\0',
+  /* "zadroweb.com", true */ 'z', 'a', 'd', 'r', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "zafirus.name", true */ 'z', 'a', 'f', 'i', 'r', 'u', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "zahe.me", true */ 'z', 'a', 'h', 'e', '.', 'm', 'e', '\0',
+  /* "zahyantechnologies.com", false */ 'z', 'a', 'h', 'y', 'a', 'n', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zaidan.de", true */ 'z', 'a', 'i', 'd', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "zaidan.eu", true */ 'z', 'a', 'i', 'd', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "zaidanfood.com", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "zaidanfood.eu", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'f', 'o', 'o', 'd', '.', 'e', 'u', '\0',
+  /* "zaidanlebensmittelhandel.de", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'l', 'e', 'b', 'e', 'n', 's', 'm', 'i', 't', 't', 'e', 'l', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "zajazd.biz", true */ 'z', 'a', 'j', 'a', 'z', 'd', '.', 'b', 'i', 'z', '\0',
+  /* "zakcutner.uk", true */ 'z', 'a', 'k', 'c', 'u', 't', 'n', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "zakladam.cz", true */ 'z', 'a', 'k', 'l', 'a', 'd', 'a', 'm', '.', 'c', 'z', '\0',
+  /* "zakmccrac.de", true */ 'z', 'a', 'k', 'm', 'c', 'c', 'r', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "zakr.es", true */ 'z', 'a', 'k', 'r', '.', 'e', 's', '\0',
+  /* "zakspartiesandevents.com", true */ 'z', 'a', 'k', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zalamea.ph", true */ 'z', 'a', 'l', 'a', 'm', 'e', 'a', '.', 'p', 'h', '\0',
+  /* "zalan.do", true */ 'z', 'a', 'l', 'a', 'n', '.', 'd', 'o', '\0',
+  /* "zamis.net", true */ 'z', 'a', 'm', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "zamocosmeticos.com.br", true */ 'z', 'a', 'm', 'o', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zamow.co", true */ 'z', 'a', 'm', 'o', 'w', '.', 'c', 'o', '\0',
+  /* "zandcell.com", true */ 'z', 'a', 'n', 'd', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zanthra.com", true */ 'z', 'a', 'n', 't', 'h', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zapier.com", true */ 'z', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zappbuildapps.com", false */ 'z', 'a', 'p', 'p', 'b', 'u', 'i', 'l', 'd', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zaratan.fr", true */ 'z', 'a', 'r', 'a', 't', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "zargaripour.com", true */ 'z', 'a', 'r', 'g', 'a', 'r', 'i', 'p', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zarmarket.org", true */ 'z', 'a', 'r', 'm', 'a', 'r', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "zarpo.com.br", true */ 'z', 'a', 'r', 'p', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zary.me", true */ 'z', 'a', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "zaufanatrzeciastrona.pl", true */ 'z', 'a', 'u', 'f', 'a', 'n', 'a', 't', 'r', 'z', 'e', 'c', 'i', 'a', 's', 't', 'r', 'o', 'n', 'a', '.', 'p', 'l', '\0',
+  /* "zavec.com.ec", true */ 'z', 'a', 'v', 'e', 'c', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "zavetaji.lv", true */ 'z', 'a', 'v', 'e', 't', 'a', 'j', 'i', '.', 'l', 'v', '\0',
+  /* "zawo-electric.de", true */ 'z', 'a', 'w', 'o', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "zberger.com", true */ 'z', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zbetcheck.in", true */ 'z', 'b', 'e', 't', 'c', 'h', 'e', 'c', 'k', '.', 'i', 'n', '\0',
+  /* "zbp.at", false */ 'z', 'b', 'p', '.', 'a', 't', '\0',
+  /* "zbrane-doplnky.cz", true */ 'z', 'b', 'r', 'a', 'n', 'e', '-', 'd', 'o', 'p', 'l', 'n', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "zby.io", true */ 'z', 'b', 'y', '.', 'i', 'o', '\0',
+  /* "zbyga.cz", true */ 'z', 'b', 'y', 'g', 'a', '.', 'c', 'z', '\0',
+  /* "zbyte.it", false */ 'z', 'b', 'y', 't', 'e', '.', 'i', 't', '\0',
+  /* "zcarot.com", true */ 'z', 'c', 'a', 'r', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zcarrot.com", true */ 'z', 'c', 'a', 'r', 'r', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zcgram.com", true */ 'z', 'c', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "zcon.nl", true */ 'z', 'c', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "zcr.ca", true */ 'z', 'c', 'r', '.', 'c', 'a', '\0',
+  /* "zdbl.de", true */ 'z', 'd', 'b', 'l', '.', 'd', 'e', '\0',
+  /* "zdenekspacek.cz", true */ 'z', 'd', 'e', 'n', 'e', 'k', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "zdorovayasimya.com", true */ 'z', 'd', 'o', 'r', 'o', 'v', 'a', 'y', 'a', 's', 'i', 'm', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zdravesteny.cz", true */ 'z', 'd', 'r', 'a', 'v', 'e', 's', 't', 'e', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "zdrojak.cz", true */ 'z', 'd', 'r', 'o', 'j', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "zdx.ch", true */ 'z', 'd', 'x', '.', 'c', 'h', '\0',
+  /* "ze3kr.com", true */ 'z', 'e', '3', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zeb.fun", true */ 'z', 'e', 'b', '.', 'f', 'u', 'n', '\0',
+  /* "zebedeescastles.co.uk", true */ 'z', 'e', 'b', 'e', 'd', 'e', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zeds-official.com", true */ 'z', 'e', 'd', 's', '-', 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zeebrieshoekvanholland.nl", true */ 'z', 'e', 'e', 'b', 'r', 'i', 'e', 's', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "zeel.com", true */ 'z', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zeguigui.com", true */ 'z', 'e', 'g', 'u', 'i', 'g', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "zehdenick-bleibt-bunt.de", true */ 'z', 'e', 'h', 'd', 'e', 'n', 'i', 'c', 'k', '-', 'b', 'l', 'e', 'i', 'b', 't', '-', 'b', 'u', 'n', 't', '.', 'd', 'e', '\0',
+  /* "zeilenmethans.nl", true */ 'z', 'e', 'i', 'l', 'e', 'n', 'm', 'e', 't', 'h', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "zeilles.nu", true */ 'z', 'e', 'i', 'l', 'l', 'e', 's', '.', 'n', 'u', '\0',
+  /* "zeitoununiversity.org", true */ 'z', 'e', 'i', 't', 'o', 'u', 'n', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "zeitpunkt-kulturmagazin.de", true */ 'z', 'e', 'i', 't', 'p', 'u', 'n', 'k', 't', '-', 'k', 'u', 'l', 't', 'u', 'r', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "zekinteractive.com", true */ 'z', 'e', 'k', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zelezny.uk", false */ 'z', 'e', 'l', 'e', 'z', 'n', 'y', '.', 'u', 'k', '\0',
+  /* "zelfrijdendeautos.com", true */ 'z', 'e', 'l', 'f', 'r', 'i', 'j', 'd', 'e', 'n', 'd', 'e', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zellari.ru", true */ 'z', 'e', 'l', 'l', 'a', 'r', 'i', '.', 'r', 'u', '\0',
+  /* "zeloz.xyz", true */ 'z', 'e', 'l', 'o', 'z', '.', 'x', 'y', 'z', '\0',
+  /* "zemlova.cz", true */ 'z', 'e', 'm', 'l', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "zen-diez.de", true */ 'z', 'e', 'n', '-', 'd', 'i', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "zen-ume.com", true */ 'z', 'e', 'n', '-', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zenfusion.fr", true */ 'z', 'e', 'n', 'f', 'u', 's', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "zenics.co.uk", true */ 'z', 'e', 'n', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zenithmedia.ca", true */ 'z', 'e', 'n', 'i', 't', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "zenk-security.com", true */ 'z', 'e', 'n', 'k', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "zenlogic.com", true */ 'z', 'e', 'n', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "zenmate.com.tr", true */ 'z', 'e', 'n', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "zeno-system.com", true */ 'z', 'e', 'n', 'o', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "zenofa.co.id", true */ 'z', 'e', 'n', 'o', 'f', 'a', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "zentask.io", true */ 'z', 'e', 'n', 't', 'a', 's', 'k', '.', 'i', 'o', '\0',
+  /* "zenvideocloud.com", true */ 'z', 'e', 'n', 'v', 'i', 'd', 'e', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "zenycosta.com", true */ 'z', 'e', 'n', 'y', 'c', 'o', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zepect.com", true */ 'z', 'e', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zeplin.io", true */ 'z', 'e', 'p', 'l', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "zer0-day.pw", true */ 'z', 'e', 'r', '0', '-', 'd', 'a', 'y', '.', 'p', 'w', '\0',
+  /* "zer0.de", true */ 'z', 'e', 'r', '0', '.', 'd', 'e', '\0',
+  /* "zero-sum.xyz", true */ 'z', 'e', 'r', 'o', '-', 's', 'u', 'm', '.', 'x', 'y', 'z', '\0',
+  /* "zerobounce.net", true */ 'z', 'e', 'r', 'o', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "zerocool.io", true */ 'z', 'e', 'r', 'o', 'c', 'o', 'o', 'l', '.', 'i', 'o', '\0',
+  /* "zerofy.de", true */ 'z', 'e', 'r', 'o', 'f', 'y', '.', 'd', 'e', '\0',
+  /* "zeroling.com", true */ 'z', 'e', 'r', 'o', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "zeronet.io", true */ 'z', 'e', 'r', 'o', 'n', 'e', 't', '.', 'i', 'o', '\0',
+  /* "zeropush.com", true */ 'z', 'e', 'r', 'o', 'p', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "zerossl.com", true */ 'z', 'e', 'r', 'o', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zertif.info", true */ 'z', 'e', 'r', 't', 'i', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zertitude.com", true */ 'z', 'e', 'r', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zeryn.net", true */ 'z', 'e', 'r', 'y', 'n', '.', 'n', 'e', 't', '\0',
+  /* "zespia.tw", false */ 'z', 'e', 's', 'p', 'i', 'a', '.', 't', 'w', '\0',
+  /* "zestylemon.co.uk", true */ 'z', 'e', 's', 't', 'y', 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zetamode.com", true */ 'z', 'e', 't', 'a', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zetorzeszow.pl", false */ 'z', 'e', 't', 'o', 'r', 'z', 'e', 's', 'z', 'o', 'w', '.', 'p', 'l', '\0',
+  /* "zetrov.pl", true */ 'z', 'e', 't', 'r', 'o', 'v', '.', 'p', 'l', '\0',
+  /* "zettaplan.ru", true */ 'z', 'e', 't', 't', 'a', 'p', 'l', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "zettlmeissl.de", true */ 'z', 'e', 't', 't', 'l', 'm', 'e', 'i', 's', 's', 'l', '.', 'd', 'e', '\0',
+  /* "zeug.co", true */ 'z', 'e', 'u', 'g', '.', 'c', 'o', '\0',
+  /* "zevelev.net", true */ 'z', 'e', 'v', 'e', 'l', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "zewtie.com", true */ 'z', 'e', 'w', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zfast.com.br", true */ 'z', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zfly.me", true */ 'z', 'f', 'l', 'y', '.', 'm', 'e', '\0',
+  /* "zfo.gg", true */ 'z', 'f', 'o', '.', 'g', 'g', '\0',
+  /* "zfree.co.nz", true */ 'z', 'f', 'r', 'e', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "zgrep.org", true */ 'z', 'g', 'r', 'e', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "zh.search.yahoo.com", false */ 'z', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zhang-hao.com", true */ 'z', 'h', 'a', 'n', 'g', '-', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zhang.nz", true */ 'z', 'h', 'a', 'n', 'g', '.', 'n', 'z', '\0',
+  /* "zhanghao.me", true */ 'z', 'h', 'a', 'n', 'g', 'h', 'a', 'o', '.', 'm', 'e', '\0',
+  /* "zhangsidan.com", true */ 'z', 'h', 'a', 'n', 'g', 's', 'i', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zhangyuhao.com", true */ 'z', 'h', 'a', 'n', 'g', 'y', 'u', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zhangzifan.com", true */ 'z', 'h', 'a', 'n', 'g', 'z', 'i', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zhaofeng.li", true */ 'z', 'h', 'a', 'o', 'f', 'e', 'n', 'g', '.', 'l', 'i', '\0',
+  /* "zhaoxixiangban.cc", true */ 'z', 'h', 'a', 'o', 'x', 'i', 'x', 'i', 'a', 'n', 'g', 'b', 'a', 'n', '.', 'c', 'c', '\0',
+  /* "zhen-chen.com", true */ 'z', 'h', 'e', 'n', '-', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zhengjie.com", true */ 'z', 'h', 'e', 'n', 'g', 'j', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zhiku8.com", true */ 'z', 'h', 'i', 'k', 'u', '8', '.', 'c', 'o', 'm', '\0',
+  /* "zhima.io", true */ 'z', 'h', 'i', 'm', 'a', '.', 'i', 'o', '\0',
+  /* "zhitanska.com", true */ 'z', 'h', 'i', 't', 'a', 'n', 's', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zhovner.com", true */ 'z', 'h', 'o', 'v', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zhuji.com", true */ 'z', 'h', 'u', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "zhujicaihong.com", true */ 'z', 'h', 'u', 'j', 'i', 'c', 'a', 'i', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "zi.is", true */ 'z', 'i', '.', 'i', 's', '\0',
+  /* "ziegler-family.com", true */ 'z', 'i', 'e', 'g', 'l', 'e', 'r', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ziegler-heizung-frankfurt.de", true */ 'z', 'i', 'e', 'g', 'l', 'e', 'r', '-', 'h', 'e', 'i', 'z', 'u', 'n', 'g', '-', 'f', 'r', 'a', 'n', 'k', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "ziemlich-zackig.de", true */ 'z', 'i', 'e', 'm', 'l', 'i', 'c', 'h', '-', 'z', 'a', 'c', 'k', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "ziemlichzackig.de", true */ 'z', 'i', 'e', 'm', 'l', 'i', 'c', 'h', 'z', 'a', 'c', 'k', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "zigi.io", true */ 'z', 'i', 'g', 'i', '.', 'i', 'o', '\0',
+  /* "zigzagmart.com", true */ 'z', 'i', 'g', 'z', 'a', 'g', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ziin.de", false */ 'z', 'i', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "zijung.me", true */ 'z', 'i', 'j', 'u', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "zillertaleralpen.net", true */ 'z', 'i', 'l', 'l', 'e', 'r', 't', 'a', 'l', 'e', 'r', 'a', 'l', 'p', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "zilon.com.co", true */ 'z', 'i', 'l', 'o', 'n', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "zilore.com", true */ 'z', 'i', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zilsen.com", true */ 'z', 'i', 'l', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zima.io", true */ 'z', 'i', 'm', 'a', '.', 'i', 'o', '\0',
+  /* "zimiao.moe", true */ 'z', 'i', 'm', 'i', 'a', 'o', '.', 'm', 'o', 'e', '\0',
+  /* "zingarastore.com", true */ 'z', 'i', 'n', 'g', 'a', 'r', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zingjerijk.nl", true */ 'z', 'i', 'n', 'g', 'j', 'e', 'r', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "zinniamay.com", true */ 'z', 'i', 'n', 'n', 'i', 'a', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "zinoui.com", true */ 'z', 'i', 'n', 'o', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ziondrive.com.br", true */ 'z', 'i', 'o', 'n', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zionvps.com", false */ 'z', 'i', 'o', 'n', 'v', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zip.ch", true */ 'z', 'i', 'p', '.', 'c', 'h', '\0',
+  /* "ziptie.com", true */ 'z', 'i', 'p', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zircode.com", true */ 'z', 'i', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ziroh.be", true */ 'z', 'i', 'r', 'o', 'h', '.', 'b', 'e', '\0',
+  /* "zittingskalender.be", true */ 'z', 'i', 't', 't', 'i', 'n', 'g', 's', 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "zivava.ge", true */ 'z', 'i', 'v', 'a', 'v', 'a', '.', 'g', 'e', '\0',
+  /* "zivmergers.com", true */ 'z', 'i', 'v', 'm', 'e', 'r', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zivver.com", true */ 'z', 'i', 'v', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zivyruzenec.cz", false */ 'z', 'i', 'v', 'y', 'r', 'u', 'z', 'e', 'n', 'e', 'c', '.', 'c', 'z', '\0',
+  /* "zixiao.wang", true */ 'z', 'i', 'x', 'i', 'a', 'o', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "zixo.sk", true */ 'z', 'i', 'x', 'o', '.', 's', 'k', '\0',
+  /* "zk.gd", true */ 'z', 'k', '.', 'g', 'd', '\0',
+  /* "zk9.nl", true */ 'z', 'k', '9', '.', 'n', 'l', '\0',
+  /* "zkrypt.cc", true */ 'z', 'k', 'r', 'y', 'p', 't', '.', 'c', 'c', '\0',
+  /* "zlatakus.cz", true */ 'z', 'l', 'a', 't', 'a', 'k', 'u', 's', '.', 'c', 'z', '\0',
+  /* "zlatosnadno.cz", true */ 'z', 'l', 'a', 't', 'o', 's', 'n', 'a', 'd', 'n', 'o', '.', 'c', 'z', '\0',
+  /* "zlavomat.sk", true */ 'z', 'l', 'a', 'v', 'o', 'm', 'a', 't', '.', 's', 'k', '\0',
+  /* "zlc1994.com", true */ 'z', 'l', 'c', '1', '9', '9', '4', '.', 'c', 'o', 'm', '\0',
+  /* "zlima12.com", true */ 'z', 'l', 'i', 'm', 'a', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "znation.nl", true */ 'z', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "zning.net.cn", true */ 'z', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '.', 'c', 'n', '\0',
+  /* "zockenbiszumumfallen.de", true */ 'z', 'o', 'c', 'k', 'e', 'n', 'b', 'i', 's', 'z', 'u', 'm', 'u', 'm', 'f', 'a', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "zodiacohouses.com", true */ 'z', 'o', 'd', 'i', 'a', 'c', 'o', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zoeller.me", true */ 'z', 'o', 'e', 'l', 'l', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "zohar.shop", true */ 'z', 'o', 'h', 'a', 'r', '.', 's', 'h', 'o', 'p', '\0',
+  /* "zohar.wang", true */ 'z', 'o', 'h', 'a', 'r', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "zoigl.club", true */ 'z', 'o', 'i', 'g', 'l', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "zojadravai.com", true */ 'z', 'o', 'j', 'a', 'd', 'r', 'a', 'v', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "zoki.art", true */ 'z', 'o', 'k', 'i', '.', 'a', 'r', 't', '\0',
+  /* "zollihood.ch", true */ 'z', 'o', 'l', 'l', 'i', 'h', 'o', 'o', 'd', '.', 'c', 'h', '\0',
+  /* "zolokar.xyz", true */ 'z', 'o', 'l', 'o', 'k', 'a', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "zombiesecured.com", true */ 'z', 'o', 'm', 'b', 'i', 'e', 's', 'e', 'c', 'u', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "zomerschoen.nl", true */ 'z', 'o', 'm', 'e', 'r', 's', 'c', 'h', 'o', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "zonadebolsa.es", true */ 'z', 'o', 'n', 'a', 'd', 'e', 'b', 'o', 'l', 's', 'a', '.', 'e', 's', '\0',
+  /* "zone-produkte.de", false */ 'z', 'o', 'n', 'e', '-', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'd', 'e', '\0',
+  /* "zone39.com", true */ 'z', 'o', 'n', 'e', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "zonecb.com", true */ 'z', 'o', 'n', 'e', 'c', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "zonemaster.fr", true */ 'z', 'o', 'n', 'e', 'm', 'a', 's', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "zonemaster.net", true */ 'z', 'o', 'n', 'e', 'm', 'a', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "zonesec.org", true */ 'z', 'o', 'n', 'e', 's', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "zonglovani.info", true */ 'z', 'o', 'n', 'g', 'l', 'o', 'v', 'a', 'n', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zoo.city", true */ 'z', 'o', 'o', '.', 'c', 'i', 't', 'y', '\0',
+  /* "zoofit.com.au", true */ 'z', 'o', 'o', 'f', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "zooish.net", true */ 'z', 'o', 'o', 'i', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "zoola.io", true */ 'z', 'o', 'o', 'l', 'a', '.', 'i', 'o', '\0',
+  /* "zoological-gardens.eu", true */ 'z', 'o', 'o', 'l', 'o', 'g', 'i', 'c', 'a', 'l', '-', 'g', 'a', 'r', 'd', 'e', 'n', 's', '.', 'e', 'u', '\0',
+  /* "zoom.earth", true */ 'z', 'o', 'o', 'm', '.', 'e', 'a', 'r', 't', 'h', '\0',
+  /* "zoomek.com", true */ 'z', 'o', 'o', 'm', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "zoomseoservices.com", true */ 'z', 'o', 'o', 'm', 's', 'e', 'o', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zooom.azurewebsites.net", true */ 'z', 'o', 'o', 'o', 'm', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "zooom2.azurewebsites.net", true */ 'z', 'o', 'o', 'o', 'm', '2', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "zooparadies.eu", true */ 'z', 'o', 'o', 'p', 'a', 'r', 'a', 'd', 'i', 'e', 's', '.', 'e', 'u', '\0',
+  /* "zootime.net", true */ 'z', 'o', 'o', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "zootime.org", true */ 'z', 'o', 'o', 't', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "zoowiki.us", true */ 'z', 'o', 'o', 'w', 'i', 'k', 'i', '.', 'u', 's', '\0',
+  /* "zooxdata.com", true */ 'z', 'o', 'o', 'x', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zopy.com.br", true */ 'z', 'o', 'p', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zopyx.com", true */ 'z', 'o', 'p', 'y', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zor.com", true */ 'z', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zorgclustertool.nl", true */ 'z', 'o', 'r', 'g', 'c', 'l', 'u', 's', 't', 'e', 'r', 't', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "zorium.org", true */ 'z', 'o', 'r', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "zorntt.fr", true */ 'z', 'o', 'r', 'n', 't', 't', '.', 'f', 'r', '\0',
+  /* "zorz.info", true */ 'z', 'o', 'r', 'z', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zotero.org", true */ 'z', 'o', 't', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "zouk.info", true */ 'z', 'o', 'u', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zravypapir.cz", true */ 'z', 'r', 'a', 'v', 'y', 'p', 'a', 'p', 'i', 'r', '.', 'c', 'z', '\0',
+  /* "zrn.in", false */ 'z', 'r', 'n', '.', 'i', 'n', '\0',
+  /* "zrniecka-pre-sny.sk", true */ 'z', 'r', 'n', 'i', 'e', 'c', 'k', 'a', '-', 'p', 'r', 'e', '-', 's', 'n', 'y', '.', 's', 'k', '\0',
+  /* "zscales.com", true */ 'z', 's', 'c', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zserver.fr", true */ 'z', 's', 'e', 'r', 'v', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "zskomenskeho.cz", true */ 'z', 's', 'k', 'o', 'm', 'e', 'n', 's', 'k', 'e', 'h', 'o', '.', 'c', 'z', '\0',
+  /* "zsoltsandor.me", true */ 'z', 's', 'o', 'l', 't', 's', 'a', 'n', 'd', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "zsrbcs.com", true */ 'z', 's', 'r', 'b', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zten.org", true */ 'z', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ztjuh.tk", true */ 'z', 't', 'j', 'u', 'h', '.', 't', 'k', '\0',
+  /* "zuan-in.net", true */ 'z', 'u', 'a', 'n', '-', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "zuckerfloh.de", true */ 'z', 'u', 'c', 'k', 'e', 'r', 'f', 'l', 'o', 'h', '.', 'd', 'e', '\0',
+  /* "zuefle.net", true */ 'z', 'u', 'e', 'f', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "zug-anwalt.de", true */ 'z', 'u', 'g', '-', 'a', 'n', 'w', 'a', 'l', 't', '.', 'd', 'e', '\0',
+  /* "zug.fr", true */ 'z', 'u', 'g', '.', 'f', 'r', '\0',
+  /* "zug.io", true */ 'z', 'u', 'g', '.', 'i', 'o', '\0',
+  /* "zughilfen-test.de", true */ 'z', 'u', 'g', 'h', 'i', 'l', 'f', 'e', 'n', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "zuiacg.com", true */ 'z', 'u', 'i', 'a', 'c', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "zukix.com", true */ 'z', 'u', 'k', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zulu.ro", true */ 'z', 'u', 'l', 'u', '.', 'r', 'o', '\0',
+  /* "zulu7.com", true */ 'z', 'u', 'l', 'u', '7', '.', 'c', 'o', 'm', '\0',
+  /* "zund-app.com", true */ 'z', 'u', 'n', 'd', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "zundapp529.nl", true */ 'z', 'u', 'n', 'd', 'a', 'p', 'p', '5', '2', '9', '.', 'n', 'l', '\0',
+  /* "zundappachterhoek.nl", true */ 'z', 'u', 'n', 'd', 'a', 'p', 'p', 'a', 'c', 'h', 't', 'e', 'r', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "zuolan.me", true */ 'z', 'u', 'o', 'l', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "zup.me", true */ 'z', 'u', 'p', '.', 'm', 'e', '\0',
+  /* "zupago.com", true */ 'z', 'u', 'p', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zupago.pe", true */ 'z', 'u', 'p', 'a', 'g', 'o', '.', 'p', 'e', '\0',
+  /* "zuppy.pm", true */ 'z', 'u', 'p', 'p', 'y', '.', 'p', 'm', '\0',
+  /* "zuralski.net", true */ 'z', 'u', 'r', 'a', 'l', 's', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "zurgl.com", true */ 'z', 'u', 'r', 'g', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zurickrelogios.com.br", true */ 'z', 'u', 'r', 'i', 'c', 'k', 'r', 'e', 'l', 'o', 'g', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zurret.de", true */ 'z', 'u', 'r', 'r', 'e', 't', '.', 'd', 'e', '\0',
+  /* "zusjesvandenbos.nl", true */ 'z', 'u', 's', 'j', 'e', 's', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "zutsu-raku.com", true */ 'z', 'u', 't', 's', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "zuzumba.es", true */ 'z', 'u', 'z', 'u', 'm', 'b', 'a', '.', 'e', 's', '\0',
+  /* "zvps.uk", true */ 'z', 'v', 'p', 's', '.', 'u', 'k', '\0',
+  /* "zvxr.net", true */ 'z', 'v', 'x', 'r', '.', 'n', 'e', 't', '\0',
+  /* "zvz.im", true */ 'z', 'v', 'z', '.', 'i', 'm', '\0',
+  /* "zwalcz-cellulit.com", true */ 'z', 'w', 'a', 'l', 'c', 'z', '-', 'c', 'e', 'l', 'l', 'u', 'l', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zwartendijkstalling.nl", true */ 'z', 'w', 'a', 'r', 't', 'e', 'n', 'd', 'i', 'j', 'k', 's', 't', 'a', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "zwb3.de", true */ 'z', 'w', 'b', '3', '.', 'd', 'e', '\0',
+  /* "zwerimex.com", true */ 'z', 'w', 'e', 'r', 'i', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zwollemag.nl", true */ 'z', 'w', 'o', 'l', 'l', 'e', 'm', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "zwy.ch", true */ 'z', 'w', 'y', '.', 'c', 'h', '\0',
+  /* "zx6rninja.de", true */ 'z', 'x', '6', 'r', 'n', 'i', 'n', 'j', 'a', '.', 'd', 'e', '\0',
+  /* "zx7r.de", true */ 'z', 'x', '7', 'r', '.', 'd', 'e', '\0',
+  /* "zxity.co.uk", true */ 'z', 'x', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zxity.ltd", true */ 'z', 'x', 'i', 't', 'y', '.', 'l', 't', 'd', '\0',
+  /* "zxity.uk", true */ 'z', 'x', 'i', 't', 'y', '.', 'u', 'k', '\0',
+  /* "zxtcode.com", true */ 'z', 'x', 't', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zybbo.com", true */ 'z', 'y', 'b', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zyciedlazwierzat.pl", true */ 'z', 'y', 'c', 'i', 'e', 'd', 'l', 'a', 'z', 'w', 'i', 'e', 'r', 'z', 'a', 't', '.', 'p', 'l', '\0',
+  /* "zymmm.com", true */ 'z', 'y', 'm', 'm', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "zypern-firma.com", true */ 'z', 'y', 'p', 'e', 'r', 'n', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zypr.pw", true */ 'z', 'y', 'p', 'r', '.', 'p', 'w', '\0',
+  /* "zyria.de", true */ 'z', 'y', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "zyul.ddns.net", true */ 'z', 'y', 'u', 'l', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "zyzardx.com", true */ 'z', 'y', 'z', 'a', 'r', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zzsec.org", true */ 'z', 'z', 's', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+};
+
+struct nsSTSPreload
+{
+  const uint32_t mHostIndex : 31;
+  const uint32_t mIncludeSubdomains : 1;
+};
+
+static const nsSTSPreload kSTSPreloadList[] = {
+  { 0, true },
+  { 8, true },
+  { 20, true },
+  { 32, true },
+  { 54, true },
+  { 67, true },
+  { 75, true },
+  { 85, true },
+  { 97, true },
+  { 108, true },
+  { 129, true },
+  { 148, true },
+  { 156, true },
+  { 167, true },
+  { 178, true },
+  { 197, true },
+  { 215, true },
+  { 226, true },
+  { 236, true },
+  { 248, true },
+  { 258, true },
+  { 269, true },
+  { 278, true },
+  { 285, true },
+  { 291, true },
+  { 298, true },
+  { 306, true },
+  { 318, true },
+  { 325, true },
+  { 333, true },
+  { 347, true },
+  { 358, true },
+  { 366, true },
+  { 373, true },
+  { 380, true },
+  { 388, true },
+  { 394, true },
+  { 400, true },
+  { 415, true },
+  { 423, true },
+  { 432, true },
+  { 441, true },
+  { 450, true },
+  { 459, true },
+  { 474, true },
+  { 482, true },
+  { 490, true },
+  { 500, true },
+  { 509, true },
+  { 520, true },
+  { 532, true },
+  { 540, false },
+  { 548, true },
+  { 561, true },
+  { 569, true },
+  { 578, true },
+  { 586, true },
+  { 593, true },
+  { 602, true },
+  { 620, true },
+  { 638, true },
+  { 648, true },
+  { 661, true },
+  { 675, true },
+  { 690, true },
+  { 700, false },
+  { 723, true },
+  { 734, true },
+  { 748, true },
+  { 759, true },
+  { 779, true },
+  { 795, true },
+  { 811, true },
+  { 823, true },
+  { 835, true },
+  { 847, true },
+  { 872, true },
+  { 880, true },
+  { 891, true },
+  { 899, true },
+  { 907, true },
+  { 915, true },
+  { 923, true },
+  { 935, true },
+  { 945, true },
+  { 955, true },
+  { 964, true },
+  { 974, true },
+  { 995, true },
+  { 1006, true },
+  { 1031, true },
+  { 1056, true },
+  { 1071, true },
+  { 1085, true },
+  { 1100, true },
+  { 1114, true },
+  { 1124, true },
+  { 1136, true },
+  { 1154, true },
+  { 1166, true },
+  { 1177, true },
+  { 1188, true },
+  { 1198, true },
+  { 1205, true },
+  { 1214, true },
+  { 1227, true },
+  { 1252, true },
+  { 1263, true },
+  { 1272, true },
+  { 1286, true },
+  { 1311, true },
+  { 1336, true },
+  { 1344, true },
+  { 1352, true },
+  { 1362, true },
+  { 1387, true },
+  { 1412, true },
+  { 1430, true },
+  { 1441, true },
+  { 1466, true },
+  { 1477, false },
+  { 1493, true },
+  { 1504, true },
+  { 1529, false },
+  { 1540, true },
+  { 1553, true },
+  { 1564, true },
+  { 1574, true },
+  { 1584, true },
+  { 1592, false },
+  { 1604, true },
+  { 1614, true },
+  { 1630, true },
+  { 1655, true },
+  { 1680, true },
+  { 1705, true },
+  { 1720, true },
+  { 1742, true },
+  { 1759, true },
+  { 1782, true },
+  { 1795, true },
+  { 1809, true },
+  { 1816, true },
+  { 1831, true },
+  { 1842, true },
+  { 1864, true },
+  { 1874, true },
+  { 1886, true },
+  { 1893, false },
+  { 1904, true },
+  { 1911, true },
+  { 1919, true },
+  { 1937, false },
+  { 1946, true },
+  { 1955, true },
+  { 1966, true },
+  { 1977, false },
+  { 1983, true },
+  { 1996, true },
+  { 2006, true },
+  { 2020, true },
+  { 2027, true },
+  { 2034, true },
+  { 2041, true },
+  { 2052, true },
+  { 2064, true },
+  { 2081, true },
+  { 2098, true },
+  { 2116, true },
+  { 2135, true },
+  { 2163, true },
+  { 2179, true },
+  { 2206, true },
+  { 2220, true },
+  { 2231, true },
+  { 2243, true },
+  { 2250, true },
+  { 2256, true },
+  { 2270, true },
+  { 2285, true },
+  { 2292, true },
+  { 2305, true },
+  { 2314, true },
+  { 2325, true },
+  { 2334, true },
+  { 2344, true },
+  { 2355, true },
+  { 2367, true },
+  { 2378, true },
+  { 2390, true },
+  { 2398, true },
+  { 2408, true },
+  { 2419, true },
+  { 2437, true },
+  { 2452, true },
+  { 2461, true },
+  { 2469, true },
+  { 2477, true },
+  { 2488, true },
+  { 2496, true },
+  { 2509, true },
+  { 2525, true },
+  { 2543, true },
+  { 2554, true },
+  { 2563, true },
+  { 2576, true },
+  { 2586, true },
+  { 2596, true },
+  { 2605, true },
+  { 2613, true },
+  { 2626, true },
+  { 2636, true },
+  { 2648, true },
+  { 2660, true },
+  { 2669, true },
+  { 2678, true },
+  { 2687, true },
+  { 2698, true },
+  { 2709, true },
+  { 2720, true },
+  { 2729, true },
+  { 2743, true },
+  { 2750, true },
+  { 2761, true },
+  { 2770, true },
+  { 2792, true },
+  { 2813, true },
+  { 2822, true },
+  { 2834, true },
+  { 2848, true },
+  { 2858, true },
+  { 2873, true },
+  { 2881, true },
+  { 2898, true },
+  { 2907, true },
+  { 2920, false },
+  { 2929, true },
+  { 2948, true },
+  { 2961, true },
+  { 2973, true },
+  { 2981, true },
+  { 2992, true },
+  { 2999, true },
+  { 3008, true },
+  { 3016, true },
+  { 3026, true },
+  { 3036, true },
+  { 3049, true },
+  { 3060, true },
+  { 3079, true },
+  { 3090, true },
+  { 3109, true },
+  { 3127, true },
+  { 3146, true },
+  { 3158, true },
+  { 3172, true },
+  { 3184, true },
+  { 3195, true },
+  { 3208, true },
+  { 3219, true },
+  { 3229, true },
+  { 3238, true },
+  { 3246, true },
+  { 3261, true },
+  { 3269, true },
+  { 3279, true },
+  { 3297, true },
+  { 3323, true },
+  { 3330, true },
+  { 3340, true },
+  { 3352, true },
+  { 3366, true },
+  { 3379, true },
+  { 3399, true },
+  { 3414, true },
+  { 3434, true },
+  { 3454, true },
+  { 3463, true },
+  { 3474, true },
+  { 3484, true },
+  { 3492, true },
+  { 3502, true },
+  { 3517, true },
+  { 3528, true },
+  { 3539, true },
+  { 3549, true },
+  { 3563, true },
+  { 3577, true },
+  { 3587, true },
+  { 3596, true },
+  { 3615, true },
+  { 3624, true },
+  { 3638, true },
+  { 3646, true },
+  { 3653, true },
+  { 3667, true },
+  { 3686, true },
+  { 3697, true },
+  { 3710, true },
+  { 3720, true },
+  { 3733, true },
+  { 3745, true },
+  { 3757, true },
+  { 3768, true },
+  { 3787, true },
+  { 3794, false },
+  { 3804, true },
+  { 3814, true },
+  { 3825, true },
+  { 3836, true },
+  { 3846, true },
+  { 3859, true },
+  { 3892, true },
+  { 3905, true },
+  { 3914, true },
+  { 3924, true },
+  { 3935, true },
+  { 3949, true },
+  { 3964, false },
+  { 3977, true },
+  { 3992, true },
+  { 4001, true },
+  { 4011, true },
+  { 4019, true },
+  { 4030, true },
+  { 4045, true },
+  { 4055, true },
+  { 4064, true },
+  { 4083, true },
+  { 4095, true },
+  { 4106, true },
+  { 4118, true },
+  { 4125, true },
+  { 4135, true },
+  { 4141, true },
+  { 4151, true },
+  { 4159, true },
+  { 4168, true },
+  { 4179, true },
+  { 4195, true },
+  { 4204, true },
+  { 4215, true },
+  { 4228, true },
+  { 4237, true },
+  { 4249, true },
+  { 4260, true },
+  { 4268, true },
+  { 4280, true },
+  { 4292, true },
+  { 4302, true },
+  { 4312, true },
+  { 4325, true },
+  { 4335, true },
+  { 4374, true },
+  { 4383, true },
+  { 4394, true },
+  { 4406, true },
+  { 4416, true },
+  { 4426, true },
+  { 4443, true },
+  { 4471, true },
+  { 4478, true },
+  { 4484, true },
+  { 4494, false },
+  { 4501, true },
+  { 4516, true },
+  { 4528, true },
+  { 4540, true },
+  { 4552, true },
+  { 4564, true },
+  { 4576, true },
+  { 4588, true },
+  { 4599, true },
+  { 4610, true },
+  { 4622, true },
+  { 4630, true },
+  { 4646, true },
+  { 4659, true },
+  { 4675, true },
+  { 4682, true },
+  { 4689, true },
+  { 4698, true },
+  { 4708, true },
+  { 4715, true },
+  { 4725, true },
+  { 4737, true },
+  { 4748, true },
+  { 4760, true },
+  { 4777, true },
+  { 4791, true },
+  { 4804, true },
+  { 4815, true },
+  { 4829, false },
+  { 4836, true },
+  { 4845, true },
+  { 4866, true },
+  { 4881, true },
+  { 4893, true },
+  { 4902, true },
+  { 4915, true },
+  { 4927, true },
+  { 4938, true },
+  { 4950, true },
+  { 4961, true },
+  { 4969, true },
+  { 4985, true },
+  { 4998, true },
+  { 5015, true },
+  { 5024, true },
+  { 5031, true },
+  { 5044, true },
+  { 5065, true },
+  { 5080, true },
+  { 5089, true },
+  { 5097, true },
+  { 5107, false },
+  { 5120, true },
+  { 5134, true },
+  { 5144, true },
+  { 5197, false },
+  { 5205, true },
+  { 5219, true },
+  { 5230, true },
+  { 5241, true },
+  { 5252, true },
+  { 5264, true },
+  { 5276, true },
+  { 5285, true },
+  { 5295, true },
+  { 5308, true },
+  { 5322, true },
+  { 5332, true },
+  { 5342, true },
+  { 5350, true },
+  { 5357, true },
+  { 5385, true },
+  { 5397, true },
+  { 5422, true },
+  { 5434, true },
+  { 5443, true },
+  { 5465, true },
+  { 5476, true },
+  { 5502, true },
+  { 5512, true },
+  { 5535, true },
+  { 5557, true },
+  { 5569, true },
+  { 5586, true },
+  { 5594, true },
+  { 5605, true },
+  { 5613, true },
+  { 5632, true },
+  { 5640, true },
+  { 5651, true },
+  { 5661, true },
+  { 5676, true },
+  { 5693, true },
+  { 5707, true },
+  { 5721, true },
+  { 5745, true },
+  { 5762, true },
+  { 5772, true },
+  { 5790, true },
+  { 5808, true },
+  { 5819, true },
+  { 5831, true },
+  { 5844, true },
+  { 5868, true },
+  { 5885, true },
+  { 5895, true },
+  { 5905, true },
+  { 5921, false },
+  { 5937, true },
+  { 5952, true },
+  { 5967, true },
+  { 5975, false },
+  { 5985, true },
+  { 6009, true },
+  { 6029, true },
+  { 6054, true },
+  { 6071, true },
+  { 6086, true },
+  { 6101, true },
+  { 6120, true },
+  { 6131, true },
+  { 6160, true },
+  { 6169, true },
+  { 6181, true },
+  { 6201, true },
+  { 6222, true },
+  { 6235, true },
+  { 6251, true },
+  { 6261, true },
+  { 6268, true },
+  { 6297, true },
+  { 6320, true },
+  { 6330, true },
+  { 6344, true },
+  { 6355, true },
+  { 6372, true },
+  { 6384, true },
+  { 6399, false },
+  { 6409, true },
+  { 6422, false },
+  { 6437, true },
+  { 6455, true },
+  { 6483, true },
+  { 6497, true },
+  { 6519, true },
+  { 6538, true },
+  { 6548, true },
+  { 6562, true },
+  { 6574, true },
+  { 6585, true },
+  { 6596, true },
+  { 6611, true },
+  { 6630, true },
+  { 6642, true },
+  { 6666, true },
+  { 6684, true },
+  { 6695, true },
+  { 6709, true },
+  { 6722, true },
+  { 6734, true },
+  { 6746, true },
+  { 6768, true },
+  { 6777, false },
+  { 6789, true },
+  { 6802, true },
+  { 6812, true },
+  { 6831, true },
+  { 6844, true },
+  { 6857, true },
+  { 6868, true },
+  { 6879, true },
+  { 6901, true },
+  { 6920, true },
+  { 6934, true },
+  { 6950, true },
+  { 6969, true },
+  { 6986, true },
+  { 7002, true },
+  { 7019, true },
+  { 7035, true },
+  { 7060, true },
+  { 7085, true },
+  { 7101, true },
+  { 7120, true },
+  { 7137, true },
+  { 7153, true },
+  { 7170, true },
+  { 7186, true },
+  { 7208, true },
+  { 7232, true },
+  { 7256, true },
+  { 7275, true },
+  { 7293, true },
+  { 7304, false },
+  { 7312, true },
+  { 7335, true },
+  { 7359, true },
+  { 7371, true },
+  { 7383, true },
+  { 7397, true },
+  { 7411, true },
+  { 7426, true },
+  { 7438, true },
+  { 7457, true },
+  { 7470, true },
+  { 7482, true },
+  { 7493, true },
+  { 7521, true },
+  { 7538, true },
+  { 7573, true },
+  { 7596, true },
+  { 7614, true },
+  { 7638, true },
+  { 7651, true },
+  { 7664, true },
+  { 7677, true },
+  { 7686, true },
+  { 7695, true },
+  { 7706, true },
+  { 7729, true },
+  { 7744, true },
+  { 7756, true },
+  { 7775, true },
+  { 7787, true },
+  { 7799, true },
+  { 7818, true },
+  { 7840, true },
+  { 7853, true },
+  { 7870, true },
+  { 7889, true },
+  { 7904, true },
+  { 7924, true },
+  { 7938, true },
+  { 7946, true },
+  { 7965, true },
+  { 7976, true },
+  { 7990, true },
+  { 8009, true },
+  { 8032, true },
+  { 8056, true },
+  { 8075, true },
+  { 8090, true },
+  { 8107, true },
+  { 8131, true },
+  { 8144, true },
+  { 8170, true },
+  { 8186, true },
+  { 8204, true },
+  { 8222, true },
+  { 8243, true },
+  { 8263, true },
+  { 8288, true },
+  { 8310, true },
+  { 8326, true },
+  { 8341, true },
+  { 8360, true },
+  { 8379, true },
+  { 8402, true },
+  { 8413, true },
+  { 8432, true },
+  { 8447, true },
+  { 8465, true },
+  { 8479, true },
+  { 8498, true },
+  { 8508, true },
+  { 8515, false },
+  { 8524, true },
+  { 8536, true },
+  { 8557, true },
+  { 8569, true },
+  { 8582, true },
+  { 8598, true },
+  { 8612, true },
+  { 8633, true },
+  { 8645, true },
+  { 8666, true },
+  { 8677, true },
+  { 8688, true },
+  { 8701, true },
+  { 8719, true },
+  { 8730, true },
+  { 8745, false },
+  { 8754, false },
+  { 8765, true },
+  { 8775, true },
+  { 8791, true },
+  { 8806, true },
+  { 8818, true },
+  { 8833, true },
+  { 8852, true },
+  { 8863, true },
+  { 8874, true },
+  { 8891, true },
+  { 8912, true },
+  { 8922, true },
+  { 8936, true },
+  { 8946, true },
+  { 8962, true },
+  { 8978, true },
+  { 8990, true },
+  { 9001, true },
+  { 9026, true },
+  { 9038, true },
+  { 9048, true },
+  { 9061, true },
+  { 9073, true },
+  { 9088, true },
+  { 9108, true },
+  { 9123, true },
+  { 9149, true },
+  { 9170, true },
+  { 9187, false },
+  { 9197, true },
+  { 9214, true },
+  { 9231, true },
+  { 9247, true },
+  { 9272, true },
+  { 9296, true },
+  { 9311, true },
+  { 9325, true },
+  { 9339, false },
+  { 9352, true },
+  { 9360, true },
+  { 9369, true },
+  { 9384, true },
+  { 9393, false },
+  { 9409, true },
+  { 9423, true },
+  { 9435, true },
+  { 9450, true },
+  { 9463, true },
+  { 9475, true },
+  { 9487, true },
+  { 9499, true },
+  { 9511, true },
+  { 9523, true },
+  { 9531, true },
+  { 9542, true },
+  { 9559, true },
+  { 9574, true },
+  { 9592, true },
+  { 9607, true },
+  { 9621, true },
+  { 9635, true },
+  { 9652, true },
+  { 9661, true },
+  { 9678, true },
+  { 9694, true },
+  { 9709, true },
+  { 9724, true },
+  { 9733, true },
+  { 9758, true },
+  { 9771, true },
+  { 9792, true },
+  { 9807, true },
+  { 9828, true },
+  { 9837, true },
+  { 9847, true },
+  { 9872, true },
+  { 9884, true },
+  { 9903, true },
+  { 9915, true },
+  { 9934, true },
+  { 9953, true },
+  { 9972, true },
+  { 9985, true },
+  { 9997, true },
+  { 10012, true },
+  { 10027, true },
+  { 10043, true },
+  { 10054, true },
+  { 10066, false },
+  { 10077, true },
+  { 10090, true },
+  { 10102, true },
+  { 10116, true },
+  { 10131, true },
+  { 10151, true },
+  { 10164, true },
+  { 10184, true },
+  { 10194, true },
+  { 10216, true },
+  { 10233, true },
+  { 10242, true },
+  { 10256, true },
+  { 10268, true },
+  { 10294, true },
+  { 10321, true },
+  { 10347, true },
+  { 10358, true },
+  { 10371, true },
+  { 10385, true },
+  { 10398, true },
+  { 10409, true },
+  { 10424, true },
+  { 10448, true },
+  { 10465, true },
+  { 10493, false },
+  { 10507, true },
+  { 10531, true },
+  { 10541, true },
+  { 10553, true },
+  { 10565, true },
+  { 10576, true },
+  { 10588, true },
+  { 10597, true },
+  { 10611, true },
+  { 10621, true },
+  { 10635, true },
+  { 10654, true },
+  { 10677, true },
+  { 10688, true },
+  { 10698, true },
+  { 10715, true },
+  { 10727, false },
+  { 10742, true },
+  { 10755, true },
+  { 10772, true },
+  { 10786, true },
+  { 10800, true },
+  { 10814, true },
+  { 10822, true },
+  { 10837, true },
+  { 10858, true },
+  { 10876, true },
+  { 10894, true },
+  { 10909, true },
+  { 10925, true },
+  { 10942, true },
+  { 10959, true },
+  { 10980, true },
+  { 10991, true },
+  { 11014, true },
+  { 11027, true },
+  { 11038, true },
+  { 11047, true },
+  { 11063, true },
+  { 11079, true },
+  { 11098, true },
+  { 11119, true },
+  { 11133, true },
+  { 11156, true },
+  { 11189, true },
+  { 11215, true },
+  { 11249, true },
+  { 11268, true },
+  { 11288, true },
+  { 11301, true },
+  { 11328, true },
+  { 11339, true },
+  { 11350, true },
+  { 11370, true },
+  { 11381, true },
+  { 11399, true },
+  { 11417, true },
+  { 11439, false },
+  { 11458, true },
+  { 11478, true },
+  { 11492, true },
+  { 11516, true },
+  { 11535, true },
+  { 11556, true },
+  { 11577, true },
+  { 11597, true },
+  { 11607, true },
+  { 11615, true },
+  { 11631, true },
+  { 11641, true },
+  { 11651, true },
+  { 11661, true },
+  { 11674, true },
+  { 11687, true },
+  { 11698, true },
+  { 11712, true },
+  { 11726, true },
+  { 11736, true },
+  { 11746, true },
+  { 11756, true },
+  { 11766, true },
+  { 11776, true },
+  { 11786, true },
+  { 11796, true },
+  { 11806, true },
+  { 11817, true },
+  { 11834, true },
+  { 11851, true },
+  { 11866, true },
+  { 11884, true },
+  { 11900, true },
+  { 11910, true },
+  { 11918, true },
+  { 11930, true },
+  { 11938, true },
+  { 11948, true },
+  { 11963, true },
+  { 11975, false },
+  { 11986, true },
+  { 11996, true },
+  { 12013, true },
+  { 12030, true },
+  { 12043, true },
+  { 12053, true },
+  { 12070, true },
+  { 12086, true },
+  { 12106, true },
+  { 12117, true },
+  { 12126, true },
+  { 12140, true },
+  { 12152, true },
+  { 12167, true },
+  { 12179, true },
+  { 12190, true },
+  { 12202, true },
+  { 12217, true },
+  { 12227, true },
+  { 12236, true },
+  { 12250, true },
+  { 12272, true },
+  { 12290, true },
+  { 12310, true },
+  { 12342, true },
+  { 12353, true },
+  { 12365, true },
+  { 12382, true },
+  { 12406, true },
+  { 12435, true },
+  { 12460, true },
+  { 12481, true },
+  { 12510, true },
+  { 12524, true },
+  { 12552, true },
+  { 12571, true },
+  { 12593, true },
+  { 12610, true },
+  { 12626, true },
+  { 12641, true },
+  { 12649, true },
+  { 12664, true },
+  { 12674, true },
+  { 12685, true },
+  { 12693, true },
+  { 12707, true },
+  { 12727, true },
+  { 12745, true },
+  { 12761, true },
+  { 12773, true },
+  { 12788, true },
+  { 12802, true },
+  { 12815, true },
+  { 12823, true },
+  { 12832, true },
+  { 12851, true },
+  { 12865, true },
+  { 12881, true },
+  { 12890, true },
+  { 12907, true },
+  { 12915, true },
+  { 12948, true },
+  { 12965, true },
+  { 12982, true },
+  { 12999, false },
+  { 13015, true },
+  { 13033, true },
+  { 13048, true },
+  { 13062, true },
+  { 13082, true },
+  { 13095, true },
+  { 13109, true },
+  { 13117, true },
+  { 13125, true },
+  { 13138, true },
+  { 13152, false },
+  { 13166, true },
+  { 13188, true },
+  { 13200, true },
+  { 13210, true },
+  { 13221, true },
+  { 13231, true },
+  { 13245, true },
+  { 13259, true },
+  { 13271, true },
+  { 13283, true },
+  { 13295, true },
+  { 13307, true },
+  { 13328, true },
+  { 13354, true },
+  { 13363, true },
+  { 13375, true },
+  { 13384, true },
+  { 13398, true },
+  { 13411, true },
+  { 13426, true },
+  { 13437, true },
+  { 13448, true },
+  { 13460, true },
+  { 13473, true },
+  { 13492, true },
+  { 13506, true },
+  { 13516, true },
+  { 13533, true },
+  { 13545, true },
+  { 13561, true },
+  { 13569, true },
+  { 13589, true },
+  { 13599, false },
+  { 13609, false },
+  { 13617, true },
+  { 13627, true },
+  { 13636, true },
+  { 13650, true },
+  { 13661, true },
+  { 13674, true },
+  { 13688, true },
+  { 13696, true },
+  { 13708, true },
+  { 13720, true },
+  { 13744, true },
+  { 13761, true },
+  { 13780, true },
+  { 13790, true },
+  { 13802, true },
+  { 13821, false },
+  { 13830, true },
+  { 13844, true },
+  { 13854, true },
+  { 13868, true },
+  { 13875, true },
+  { 13887, true },
+  { 13900, true },
+  { 13911, true },
+  { 13922, true },
+  { 13937, true },
+  { 13948, true },
+  { 13959, true },
+  { 13966, true },
+  { 13980, true },
+  { 14001, true },
+  { 14012, true },
+  { 14024, true },
+  { 14033, true },
+  { 14043, true },
+  { 14061, true },
+  { 14081, true },
+  { 14104, true },
+  { 14119, true },
+  { 14134, true },
+  { 14151, true },
+  { 14166, true },
+  { 14179, true },
+  { 14194, true },
+  { 14206, true },
+  { 14216, true },
+  { 14229, true },
+  { 14248, true },
+  { 14261, true },
+  { 14277, true },
+  { 14288, true },
+  { 14299, true },
+  { 14314, true },
+  { 14341, true },
+  { 14354, true },
+  { 14367, false },
+  { 14384, true },
+  { 14394, true },
+  { 14417, true },
+  { 14430, true },
+  { 14440, true },
+  { 14451, true },
+  { 14463, true },
+  { 14474, true },
+  { 14485, true },
+  { 14507, true },
+  { 14518, true },
+  { 14529, true },
+  { 14559, true },
+  { 14575, true },
+  { 14600, true },
+  { 14630, true },
+  { 14641, true },
+  { 14662, true },
+  { 14673, true },
+  { 14684, true },
+  { 14711, true },
+  { 14723, true },
+  { 14741, true },
+  { 14752, true },
+  { 14764, true },
+  { 14781, true },
+  { 14799, true },
+  { 14808, true },
+  { 14822, true },
+  { 14832, true },
+  { 14843, true },
+  { 14855, true },
+  { 14877, true },
+  { 14887, true },
+  { 14897, true },
+  { 14908, true },
+  { 14926, true },
+  { 14937, true },
+  { 14947, true },
+  { 14962, true },
+  { 14979, true },
+  { 14995, true },
+  { 15008, true },
+  { 15019, true },
+  { 15033, false },
+  { 15059, false },
+  { 15070, false },
+  { 15087, true },
+  { 15097, true },
+  { 15109, true },
+  { 15118, true },
+  { 15137, true },
+  { 15160, true },
+  { 15170, true },
+  { 15183, true },
+  { 15195, true },
+  { 15204, true },
+  { 15221, true },
+  { 15228, true },
+  { 15243, true },
+  { 15267, true },
+  { 15283, true },
+  { 15308, true },
+  { 15333, true },
+  { 15358, true },
+  { 15370, true },
+  { 15392, true },
+  { 15402, true },
+  { 15414, true },
+  { 15426, true },
+  { 15439, true },
+  { 15466, true },
+  { 15494, true },
+  { 15509, true },
+  { 15522, true },
+  { 15536, true },
+  { 15550, true },
+  { 15565, true },
+  { 15581, false },
+  { 15597, true },
+  { 15617, true },
+  { 15637, true },
+  { 15651, true },
+  { 15672, true },
+  { 15685, true },
+  { 15701, true },
+  { 15716, true },
+  { 15733, true },
+  { 15747, true },
+  { 15759, true },
+  { 15770, true },
+  { 15780, true },
+  { 15791, true },
+  { 15810, true },
+  { 15825, true },
+  { 15837, true },
+  { 15849, true },
+  { 15861, true },
+  { 15875, true },
+  { 15893, true },
+  { 15902, true },
+  { 15914, true },
+  { 15933, true },
+  { 15946, true },
+  { 15962, true },
+  { 15973, true },
+  { 15982, true },
+  { 15993, true },
+  { 16011, true },
+  { 16025, true },
+  { 16040, true },
+  { 16050, true },
+  { 16064, true },
+  { 16088, true },
+  { 16097, true },
+  { 16113, true },
+  { 16126, true },
+  { 16144, true },
+  { 16164, true },
+  { 16184, true },
+  { 16205, true },
+  { 16224, true },
+  { 16238, true },
+  { 16252, true },
+  { 16265, true },
+  { 16279, true },
+  { 16294, true },
+  { 16309, true },
+  { 16327, true },
+  { 16345, true },
+  { 16369, true },
+  { 16384, true },
+  { 16402, true },
+  { 16412, true },
+  { 16429, true },
+  { 16447, true },
+  { 16462, true },
+  { 16480, true },
+  { 16494, true },
+  { 16508, true },
+  { 16522, true },
+  { 16535, true },
+  { 16547, true },
+  { 16562, true },
+  { 16576, true },
+  { 16591, true },
+  { 16601, true },
+  { 16615, false },
+  { 16630, true },
+  { 16639, true },
+  { 16656, true },
+  { 16671, true },
+  { 16685, true },
+  { 16699, true },
+  { 16713, true },
+  { 16727, true },
+  { 16743, true },
+  { 16755, true },
+  { 16768, true },
+  { 16788, true },
+  { 16801, true },
+  { 16814, true },
+  { 16841, true },
+  { 16856, true },
+  { 16877, true },
+  { 16896, true },
+  { 16908, true },
+  { 16922, true },
+  { 16936, true },
+  { 16948, true },
+  { 16963, true },
+  { 16973, true },
+  { 16991, true },
+  { 17000, true },
+  { 17015, true },
+  { 17029, true },
+  { 17043, true },
+  { 17052, true },
+  { 17067, true },
+  { 17081, true },
+  { 17093, true },
+  { 17115, true },
+  { 17127, true },
+  { 17150, true },
+  { 17171, true },
+  { 17191, true },
+  { 17203, true },
+  { 17219, true },
+  { 17233, true },
+  { 17250, true },
+  { 17268, true },
+  { 17281, true },
+  { 17293, true },
+  { 17304, true },
+  { 17315, false },
+  { 17331, true },
+  { 17351, true },
+  { 17369, true },
+  { 17389, true },
+  { 17407, true },
+  { 17432, true },
+  { 17454, true },
+  { 17474, true },
+  { 17490, true },
+  { 17503, true },
+  { 17526, true },
+  { 17548, true },
+  { 17564, true },
+  { 17576, true },
+  { 17596, true },
+  { 17609, true },
+  { 17623, true },
+  { 17636, true },
+  { 17644, true },
+  { 17668, true },
+  { 17681, true },
+  { 17698, true },
+  { 17716, true },
+  { 17734, true },
+  { 17747, true },
+  { 17765, true },
+  { 17787, true },
+  { 17804, true },
+  { 17834, true },
+  { 17858, true },
+  { 17874, true },
+  { 17898, true },
+  { 17917, true },
+  { 17930, true },
+  { 17946, true },
+  { 17958, true },
+  { 17972, true },
+  { 17981, true },
+  { 17996, true },
+  { 18010, true },
+  { 18024, true },
+  { 18037, true },
+  { 18055, true },
+  { 18074, true },
+  { 18090, true },
+  { 18103, true },
+  { 18124, true },
+  { 18148, true },
+  { 18178, true },
+  { 18194, true },
+  { 18213, true },
+  { 18226, true },
+  { 18248, true },
+  { 18265, true },
+  { 18286, true },
+  { 18306, true },
+  { 18326, true },
+  { 18344, true },
+  { 18360, true },
+  { 18378, true },
+  { 18392, true },
+  { 18405, true },
+  { 18418, false },
+  { 18431, true },
+  { 18443, true },
+  { 18466, true },
+  { 18476, true },
+  { 18501, true },
+  { 18514, true },
+  { 18528, true },
+  { 18542, true },
+  { 18557, true },
+  { 18574, true },
+  { 18594, false },
+  { 18610, true },
+  { 18619, true },
+  { 18634, true },
+  { 18652, true },
+  { 18677, true },
+  { 18691, true },
+  { 18705, true },
+  { 18731, true },
+  { 18746, true },
+  { 18770, true },
+  { 18784, true },
+  { 18800, true },
+  { 18812, true },
+  { 18826, true },
+  { 18837, true },
+  { 18847, true },
+  { 18861, true },
+  { 18878, true },
+  { 18902, true },
+  { 18924, true },
+  { 18937, true },
+  { 18948, true },
+  { 18961, true },
+  { 18975, true },
+  { 18992, true },
+  { 19006, true },
+  { 19014, true },
+  { 19026, true },
+  { 19042, true },
+  { 19057, true },
+  { 19071, true },
+  { 19085, true },
+  { 19097, true },
+  { 19115, true },
+  { 19132, true },
+  { 19150, true },
+  { 19168, true },
+  { 19187, true },
+  { 19203, true },
+  { 19215, true },
+  { 19229, true },
+  { 19251, true },
+  { 19265, true },
+  { 19282, true },
+  { 19294, true },
+  { 19306, true },
+  { 19325, true },
+  { 19339, true },
+  { 19353, true },
+  { 19368, true },
+  { 19389, true },
+  { 19401, true },
+  { 19412, true },
+  { 19422, true },
+  { 19434, true },
+  { 19445, true },
+  { 19457, true },
+  { 19474, true },
+  { 19500, true },
+  { 19514, true },
+  { 19526, true },
+  { 19534, true },
+  { 19545, true },
+  { 19553, true },
+  { 19561, true },
+  { 19569, true },
+  { 19577, true },
+  { 19590, true },
+  { 19598, true },
+  { 19605, true },
+  { 19615, true },
+  { 19626, true },
+  { 19645, true },
+  { 19658, true },
+  { 19671, true },
+  { 19685, true },
+  { 19697, true },
+  { 19710, true },
+  { 19724, true },
+  { 19738, true },
+  { 19758, true },
+  { 19776, true },
+  { 19788, true },
+  { 19800, true },
+  { 19809, true },
+  { 19835, true },
+  { 19857, true },
+  { 19884, true },
+  { 19912, true },
+  { 19937, true },
+  { 19944, true },
+  { 19959, true },
+  { 19982, true },
+  { 20004, true },
+  { 20027, true },
+  { 20045, true },
+  { 20058, true },
+  { 20067, true },
+  { 20084, true },
+  { 20097, true },
+  { 20113, true },
+  { 20126, true },
+  { 20140, true },
+  { 20151, true },
+  { 20161, true },
+  { 20172, true },
+  { 20182, true },
+  { 20193, true },
+  { 20202, true },
+  { 20222, true },
+  { 20249, true },
+  { 20265, true },
+  { 20281, true },
+  { 20306, true },
+  { 20333, true },
+  { 20361, true },
+  { 20398, true },
+  { 20429, true },
+  { 20448, true },
+  { 20463, true },
+  { 20483, true },
+  { 20495, true },
+  { 20516, true },
+  { 20536, true },
+  { 20562, true },
+  { 20574, true },
+  { 20587, true },
+  { 20596, true },
+  { 20605, true },
+  { 20615, true },
+  { 20622, true },
+  { 20640, true },
+  { 20665, true },
+  { 20684, true },
+  { 20701, true },
+  { 20724, true },
+  { 20740, true },
+  { 20751, true },
+  { 20762, true },
+  { 20771, true },
+  { 20787, true },
+  { 20802, true },
+  { 20822, true },
+  { 20841, true },
+  { 20874, true },
+  { 20884, true },
+  { 20899, true },
+  { 20913, true },
+  { 20934, true },
+  { 20944, true },
+  { 20971, true },
+  { 20988, true },
+  { 20999, true },
+  { 21018, true },
+  { 21040, true },
+  { 21050, true },
+  { 21064, true },
+  { 21081, true },
+  { 21105, true },
+  { 21114, true },
+  { 21125, true },
+  { 21145, true },
+  { 21164, true },
+  { 21177, true },
+  { 21188, true },
+  { 21200, true },
+  { 21218, true },
+  { 21233, true },
+  { 21255, true },
+  { 21272, true },
+  { 21284, false },
+  { 21295, true },
+  { 21314, true },
+  { 21328, true },
+  { 21346, true },
+  { 21364, true },
+  { 21383, true },
+  { 21405, true },
+  { 21419, true },
+  { 21434, true },
+  { 21448, true },
+  { 21462, true },
+  { 21477, true },
+  { 21487, true },
+  { 21507, true },
+  { 21522, false },
+  { 21553, true },
+  { 21564, false },
+  { 21588, true },
+  { 21609, true },
+  { 21627, true },
+  { 21642, true },
+  { 21653, true },
+  { 21671, true },
+  { 21693, false },
+  { 21704, true },
+  { 21721, true },
+  { 21740, true },
+  { 21756, true },
+  { 21769, true },
+  { 21777, true },
+  { 21794, true },
+  { 21807, true },
+  { 21818, true },
+  { 21833, true },
+  { 21845, true },
+  { 21864, true },
+  { 21882, true },
+  { 21893, true },
+  { 21903, true },
+  { 21918, true },
+  { 21935, true },
+  { 21947, true },
+  { 21969, true },
+  { 21984, true },
+  { 22001, true },
+  { 22022, true },
+  { 22038, true },
+  { 22055, true },
+  { 22072, true },
+  { 22086, true },
+  { 22101, true },
+  { 22116, true },
+  { 22130, true },
+  { 22146, true },
+  { 22166, true },
+  { 22180, true },
+  { 22197, true },
+  { 22214, true },
+  { 22231, true },
+  { 22243, true },
+  { 22261, true },
+  { 22278, true },
+  { 22293, true },
+  { 22310, true },
+  { 22326, true },
+  { 22341, true },
+  { 22355, true },
+  { 22372, true },
+  { 22390, true },
+  { 22406, true },
+  { 22419, true },
+  { 22433, true },
+  { 22444, true },
+  { 22457, true },
+  { 22471, true },
+  { 22489, true },
+  { 22507, true },
+  { 22524, true },
+  { 22543, true },
+  { 22558, true },
+  { 22578, true },
+  { 22592, true },
+  { 22612, true },
+  { 22627, true },
+  { 22638, true },
+  { 22651, true },
+  { 22665, true },
+  { 22681, true },
+  { 22696, true },
+  { 22705, true },
+  { 22719, true },
+  { 22736, true },
+  { 22752, true },
+  { 22771, true },
+  { 22782, true },
+  { 22795, true },
+  { 22806, true },
+  { 22820, true },
+  { 22842, true },
+  { 22854, true },
+  { 22877, true },
+  { 22892, true },
+  { 22907, true },
+  { 22921, true },
+  { 22938, true },
+  { 22956, true },
+  { 22966, true },
+  { 22981, true },
+  { 23002, true },
+  { 23022, true },
+  { 23042, true },
+  { 23053, true },
+  { 23066, true },
+  { 23077, true },
+  { 23086, true },
+  { 23101, true },
+  { 23116, true },
+  { 23130, true },
+  { 23143, true },
+  { 23155, true },
+  { 23163, true },
+  { 23178, true },
+  { 23193, true },
+  { 23215, true },
+  { 23233, true },
+  { 23248, false },
+  { 23261, true },
+  { 23279, true },
+  { 23296, true },
+  { 23319, true },
+  { 23337, false },
+  { 23346, true },
+  { 23356, true },
+  { 23367, true },
+  { 23377, true },
+  { 23388, true },
+  { 23400, true },
+  { 23416, true },
+  { 23431, true },
+  { 23453, true },
+  { 23468, true },
+  { 23485, true },
+  { 23502, true },
+  { 23522, true },
+  { 23533, true },
+  { 23544, true },
+  { 23562, true },
+  { 23594, true },
+  { 23621, true },
+  { 23635, true },
+  { 23646, true },
+  { 23659, true },
+  { 23671, true },
+  { 23685, true },
+  { 23695, true },
+  { 23709, true },
+  { 23723, true },
+  { 23738, true },
+  { 23752, true },
+  { 23770, true },
+  { 23782, true },
+  { 23811, true },
+  { 23823, true },
+  { 23841, true },
+  { 23861, true },
+  { 23880, true },
+  { 23900, true },
+  { 23916, true },
+  { 23939, true },
+  { 23957, true },
+  { 23975, true },
+  { 23989, true },
+  { 24011, true },
+  { 24028, false },
+  { 24052, true },
+  { 24064, true },
+  { 24075, true },
+  { 24088, true },
+  { 24103, true },
+  { 24115, true },
+  { 24127, true },
+  { 24139, true },
+  { 24150, true },
+  { 24159, true },
+  { 24175, true },
+  { 24192, true },
+  { 24211, true },
+  { 24222, true },
+  { 24238, true },
+  { 24257, true },
+  { 24278, true },
+  { 24295, true },
+  { 24307, true },
+  { 24320, true },
+  { 24330, true },
+  { 24339, true },
+  { 24349, true },
+  { 24361, true },
+  { 24373, true },
+  { 24386, true },
+  { 24404, true },
+  { 24421, true },
+  { 24440, true },
+  { 24457, true },
+  { 24473, true },
+  { 24490, true },
+  { 24500, true },
+  { 24510, true },
+  { 24522, true },
+  { 24533, true },
+  { 24544, true },
+  { 24567, true },
+  { 24588, true },
+  { 24608, true },
+  { 24623, true },
+  { 24643, true },
+  { 24660, true },
+  { 24681, true },
+  { 24698, true },
+  { 24708, true },
+  { 24722, true },
+  { 24737, true },
+  { 24752, true },
+  { 24770, true },
+  { 24785, true },
+  { 24800, true },
+  { 24811, true },
+  { 24823, true },
+  { 24833, true },
+  { 24851, true },
+  { 24872, true },
+  { 24898, true },
+  { 24917, true },
+  { 24936, true },
+  { 24964, true },
+  { 24976, true },
+  { 24992, true },
+  { 25013, true },
+  { 25029, true },
+  { 25043, true },
+  { 25058, true },
+  { 25068, true },
+  { 25084, true },
+  { 25097, true },
+  { 25110, true },
+  { 25127, true },
+  { 25144, true },
+  { 25160, false },
+  { 25167, true },
+  { 25178, true },
+  { 25190, true },
+  { 25200, true },
+  { 25212, true },
+  { 25225, true },
+  { 25238, true },
+  { 25254, true },
+  { 25266, true },
+  { 25277, true },
+  { 25284, true },
+  { 25295, true },
+  { 25305, true },
+  { 25317, true },
+  { 25328, true },
+  { 25339, false },
+  { 25347, true },
+  { 25357, true },
+  { 25375, true },
+  { 25389, true },
+  { 25401, true },
+  { 25415, false },
+  { 25429, true },
+  { 25445, true },
+  { 25459, true },
+  { 25474, true },
+  { 25493, true },
+  { 25514, true },
+  { 25539, true },
+  { 25548, true },
+  { 25566, true },
+  { 25577, true },
+  { 25585, true },
+  { 25597, true },
+  { 25620, true },
+  { 25633, true },
+  { 25652, true },
+  { 25678, true },
+  { 25690, true },
+  { 25706, true },
+  { 25719, true },
+  { 25735, false },
+  { 25751, true },
+  { 25767, false },
+  { 25782, false },
+  { 25795, true },
+  { 25807, true },
+  { 25823, true },
+  { 25835, true },
+  { 25848, true },
+  { 25864, true },
+  { 25878, true },
+  { 25890, true },
+  { 25901, true },
+  { 25910, true },
+  { 25920, true },
+  { 25933, true },
+  { 25943, true },
+  { 25959, true },
+  { 25968, true },
+  { 25988, true },
+  { 25995, true },
+  { 26007, true },
+  { 26020, true },
+  { 26042, false },
+  { 26058, true },
+  { 26077, true },
+  { 26085, true },
+  { 26101, true },
+  { 26112, true },
+  { 26133, true },
+  { 26143, true },
+  { 26157, true },
+  { 26166, true },
+  { 26176, true },
+  { 26187, true },
+  { 26198, true },
+  { 26209, true },
+  { 26220, true },
+  { 26232, true },
+  { 26248, true },
+  { 26265, false },
+  { 26282, true },
+  { 26304, true },
+  { 26328, true },
+  { 26354, true },
+  { 26375, true },
+  { 26388, true },
+  { 26400, true },
+  { 26414, true },
+  { 26433, true },
+  { 26454, true },
+  { 26466, true },
+  { 26480, true },
+  { 26504, true },
+  { 26536, true },
+  { 26549, true },
+  { 26562, true },
+  { 26576, true },
+  { 26591, true },
+  { 26604, true },
+  { 26620, true },
+  { 26637, true },
+  { 26648, true },
+  { 26657, true },
+  { 26671, true },
+  { 26684, true },
+  { 26698, true },
+  { 26711, true },
+  { 26723, true },
+  { 26737, true },
+  { 26749, true },
+  { 26770, true },
+  { 26778, false },
+  { 26796, true },
+  { 26819, true },
+  { 26846, true },
+  { 26861, true },
+  { 26879, false },
+  { 26900, false },
+  { 26913, true },
+  { 26921, true },
+  { 26935, true },
+  { 26949, true },
+  { 26961, true },
+  { 26981, true },
+  { 26994, true },
+  { 27007, true },
+  { 27019, true },
+  { 27036, true },
+  { 27048, true },
+  { 27075, true },
+  { 27084, true },
+  { 27098, true },
+  { 27106, true },
+  { 27123, true },
+  { 27136, true },
+  { 27149, true },
+  { 27162, true },
+  { 27181, true },
+  { 27193, true },
+  { 27203, true },
+  { 27225, true },
+  { 27242, true },
+  { 27256, true },
+  { 27267, true },
+  { 27280, true },
+  { 27293, true },
+  { 27309, true },
+  { 27330, true },
+  { 27354, true },
+  { 27366, true },
+  { 27380, true },
+  { 27404, true },
+  { 27419, true },
+  { 27442, true },
+  { 27455, false },
+  { 27471, true },
+  { 27488, true },
+  { 27514, true },
+  { 27527, true },
+  { 27546, true },
+  { 27552, true },
+  { 27564, true },
+  { 27578, true },
+  { 27591, true },
+  { 27601, true },
+  { 27612, true },
+  { 27628, true },
+  { 27640, true },
+  { 27651, true },
+  { 27661, true },
+  { 27678, true },
+  { 27692, true },
+  { 27701, true },
+  { 27720, true },
+  { 27732, false },
+  { 27744, true },
+  { 27757, true },
+  { 27768, true },
+  { 27797, true },
+  { 27823, true },
+  { 27839, true },
+  { 27852, true },
+  { 27866, true },
+  { 27881, true },
+  { 27892, true },
+  { 27902, true },
+  { 27925, true },
+  { 27941, true },
+  { 27951, true },
+  { 27967, true },
+  { 27979, false },
+  { 27998, true },
+  { 28022, true },
+  { 28050, true },
+  { 28063, true },
+  { 28077, false },
+  { 28089, true },
+  { 28102, true },
+  { 28112, true },
+  { 28126, true },
+  { 28137, true },
+  { 28155, true },
+  { 28168, true },
+  { 28182, true },
+  { 28194, true },
+  { 28206, true },
+  { 28222, true },
+  { 28238, true },
+  { 28261, true },
+  { 28275, true },
+  { 28291, true },
+  { 28315, false },
+  { 28331, true },
+  { 28342, true },
+  { 28351, true },
+  { 28360, true },
+  { 28374, true },
+  { 28382, true },
+  { 28396, true },
+  { 28406, true },
+  { 28419, true },
+  { 28428, true },
+  { 28439, true },
+  { 28459, true },
+  { 28472, true },
+  { 28481, true },
+  { 28503, true },
+  { 28516, true },
+  { 28526, true },
+  { 28538, true },
+  { 28560, true },
+  { 28575, true },
+  { 28591, true },
+  { 28608, true },
+  { 28622, true },
+  { 28634, true },
+  { 28647, true },
+  { 28673, true },
+  { 28688, true },
+  { 28706, true },
+  { 28726, true },
+  { 28739, true },
+  { 28752, true },
+  { 28770, true },
+  { 28782, true },
+  { 28796, true },
+  { 28810, true },
+  { 28819, true },
+  { 28839, true },
+  { 28851, true },
+  { 28869, true },
+  { 28889, true },
+  { 28913, true },
+  { 28939, true },
+  { 28959, true },
+  { 28968, true },
+  { 28978, true },
+  { 28991, true },
+  { 29004, true },
+  { 29016, true },
+  { 29042, true },
+  { 29052, true },
+  { 29067, true },
+  { 29081, true },
+  { 29093, true },
+  { 29107, true },
+  { 29125, true },
+  { 29143, true },
+  { 29163, true },
+  { 29188, true },
+  { 29198, true },
+  { 29214, true },
+  { 29232, true },
+  { 29243, true },
+  { 29259, true },
+  { 29279, true },
+  { 29287, true },
+  { 29309, true },
+  { 29324, true },
+  { 29335, true },
+  { 29345, true },
+  { 29367, true },
+  { 29382, true },
+  { 29401, true },
+  { 29414, false },
+  { 29429, true },
+  { 29449, true },
+  { 29460, true },
+  { 29470, true },
+  { 29488, true },
+  { 29502, true },
+  { 29514, true },
+  { 29532, true },
+  { 29541, true },
+  { 29552, true },
+  { 29572, true },
+  { 29583, true },
+  { 29603, true },
+  { 29623, true },
+  { 29635, true },
+  { 29647, false },
+  { 29661, true },
+  { 29673, true },
+  { 29690, true },
+  { 29700, true },
+  { 29713, false },
+  { 29728, true },
+  { 29740, true },
+  { 29753, true },
+  { 29765, true },
+  { 29777, true },
+  { 29797, true },
+  { 29811, true },
+  { 29824, true },
+  { 29838, true },
+  { 29850, true },
+  { 29868, true },
+  { 29880, true },
+  { 29891, true },
+  { 29902, true },
+  { 29913, true },
+  { 29926, true },
+  { 29939, true },
+  { 29954, true },
+  { 29967, true },
+  { 29978, true },
+  { 30000, true },
+  { 30023, true },
+  { 30034, true },
+  { 30049, true },
+  { 30063, true },
+  { 30079, true },
+  { 30090, true },
+  { 30100, true },
+  { 30121, true },
+  { 30132, true },
+  { 30141, true },
+  { 30161, true },
+  { 30180, true },
+  { 30194, true },
+  { 30201, true },
+  { 30212, true },
+  { 30229, true },
+  { 30243, true },
+  { 30253, true },
+  { 30266, true },
+  { 30279, true },
+  { 30291, true },
+  { 30303, true },
+  { 30320, true },
+  { 30331, true },
+  { 30344, true },
+  { 30357, true },
+  { 30367, true },
+  { 30379, true },
+  { 30397, true },
+  { 30407, true },
+  { 30421, true },
+  { 30438, true },
+  { 30448, true },
+  { 30464, true },
+  { 30475, true },
+  { 30484, true },
+  { 30495, true },
+  { 30506, true },
+  { 30517, true },
+  { 30528, true },
+  { 30542, true },
+  { 30557, true },
+  { 30576, true },
+  { 30600, true },
+  { 30618, true },
+  { 30637, true },
+  { 30654, true },
+  { 30666, true },
+  { 30682, true },
+  { 30697, true },
+  { 30712, true },
+  { 30731, true },
+  { 30747, true },
+  { 30760, true },
+  { 30779, true },
+  { 30801, true },
+  { 30827, true },
+  { 30842, true },
+  { 30855, true },
+  { 30866, true },
+  { 30876, true },
+  { 30886, true },
+  { 30896, false },
+  { 30906, true },
+  { 30921, true },
+  { 30931, true },
+  { 30940, true },
+  { 30959, true },
+  { 30976, true },
+  { 30988, true },
+  { 31000, true },
+  { 31018, true },
+  { 31032, true },
+  { 31046, true },
+  { 31056, true },
+  { 31063, true },
+  { 31073, true },
+  { 31083, true },
+  { 31091, false },
+  { 31100, true },
+  { 31116, true },
+  { 31140, true },
+  { 31165, true },
+  { 31187, true },
+  { 31205, true },
+  { 31218, true },
+  { 31238, true },
+  { 31251, true },
+  { 31272, true },
+  { 31289, true },
+  { 31312, true },
+  { 31342, true },
+  { 31357, true },
+  { 31381, true },
+  { 31397, true },
+  { 31414, true },
+  { 31432, true },
+  { 31446, true },
+  { 31471, true },
+  { 31496, true },
+  { 31518, true },
+  { 31531, true },
+  { 31551, true },
+  { 31567, true },
+  { 31587, true },
+  { 31599, true },
+  { 31619, true },
+  { 31633, true },
+  { 31654, true },
+  { 31666, true },
+  { 31683, true },
+  { 31693, true },
+  { 31706, true },
+  { 31715, true },
+  { 31725, true },
+  { 31734, true },
+  { 31742, true },
+  { 31754, true },
+  { 31769, true },
+  { 31778, false },
+  { 31787, false },
+  { 31807, true },
+  { 31828, true },
+  { 31838, true },
+  { 31845, true },
+  { 31861, true },
+  { 31877, true },
+  { 31892, true },
+  { 31901, true },
+  { 31909, true },
+  { 31925, true },
+  { 31935, true },
+  { 31955, true },
+  { 31973, true },
+  { 32000, true },
+  { 32020, true },
+  { 32034, true },
+  { 32055, true },
+  { 32082, true },
+  { 32101, true },
+  { 32118, true },
+  { 32136, true },
+  { 32164, true },
+  { 32187, true },
+  { 32202, true },
+  { 32220, true },
+  { 32228, true },
+  { 32243, true },
+  { 32257, true },
+  { 32268, true },
+  { 32277, true },
+  { 32298, true },
+  { 32318, true },
+  { 32338, true },
+  { 32348, true },
+  { 32364, true },
+  { 32376, true },
+  { 32391, true },
+  { 32403, true },
+  { 32418, true },
+  { 32433, true },
+  { 32445, true },
+  { 32468, true },
+  { 32475, true },
+  { 32488, true },
+  { 32501, true },
+  { 32524, true },
+  { 32542, true },
+  { 32564, true },
+  { 32585, true },
+  { 32605, true },
+  { 32622, true },
+  { 32648, true },
+  { 32661, true },
+  { 32678, true },
+  { 32687, true },
+  { 32709, true },
+  { 32727, true },
+  { 32739, true },
+  { 32752, true },
+  { 32766, true },
+  { 32778, true },
+  { 32790, true },
+  { 32800, true },
+  { 32814, true },
+  { 32824, true },
+  { 32839, true },
+  { 32854, true },
+  { 32865, true },
+  { 32878, true },
+  { 32896, true },
+  { 32915, true },
+  { 32927, true },
+  { 32953, true },
+  { 32967, true },
+  { 32989, true },
+  { 33002, true },
+  { 33018, true },
+  { 33033, true },
+  { 33045, true },
+  { 33053, true },
+  { 33073, true },
+  { 33091, true },
+  { 33112, true },
+  { 33133, true },
+  { 33147, true },
+  { 33163, true },
+  { 33175, true },
+  { 33188, false },
+  { 33199, true },
+  { 33213, true },
+  { 33225, true },
+  { 33237, true },
+  { 33249, true },
+  { 33261, true },
+  { 33276, true },
+  { 33286, true },
+  { 33296, true },
+  { 33312, true },
+  { 33321, true },
+  { 33331, true },
+  { 33346, true },
+  { 33368, true },
+  { 33379, true },
+  { 33404, true },
+  { 33419, true },
+  { 33432, true },
+  { 33451, true },
+  { 33466, true },
+  { 33480, true },
+  { 33496, true },
+  { 33508, true },
+  { 33520, true },
+  { 33536, true },
+  { 33555, true },
+  { 33574, true },
+  { 33586, true },
+  { 33599, true },
+  { 33614, true },
+  { 33634, true },
+  { 33645, true },
+  { 33660, true },
+  { 33673, true },
+  { 33691, true },
+  { 33721, true },
+  { 33744, true },
+  { 33757, true },
+  { 33772, false },
+  { 33780, true },
+  { 33792, true },
+  { 33814, true },
+  { 33831, true },
+  { 33841, true },
+  { 33851, true },
+  { 33859, true },
+  { 33873, true },
+  { 33889, true },
+  { 33913, true },
+  { 33945, true },
+  { 33966, true },
+  { 33976, true },
+  { 33993, true },
+  { 34014, false },
+  { 34034, true },
+  { 34063, true },
+  { 34079, true },
+  { 34101, true },
+  { 34119, true },
+  { 34134, true },
+  { 34160, true },
+  { 34179, true },
+  { 34197, true },
+  { 34223, true },
+  { 34245, true },
+  { 34263, true },
+  { 34285, true },
+  { 34297, true },
+  { 34308, true },
+  { 34330, true },
+  { 34343, true },
+  { 34359, true },
+  { 34377, true },
+  { 34394, true },
+  { 34412, true },
+  { 34425, true },
+  { 34446, true },
+  { 34471, true },
+  { 34496, true },
+  { 34514, true },
+  { 34528, true },
+  { 34543, true },
+  { 34561, true },
+  { 34586, true },
+  { 34611, true },
+  { 34635, true },
+  { 34648, true },
+  { 34663, true },
+  { 34683, true },
+  { 34697, true },
+  { 34714, true },
+  { 34742, true },
+  { 34765, true },
+  { 34780, true },
+  { 34793, true },
+  { 34806, true },
+  { 34819, true },
+  { 34843, true },
+  { 34862, true },
+  { 34878, true },
+  { 34891, true },
+  { 34904, true },
+  { 34920, true },
+  { 34939, true },
+  { 34960, true },
+  { 34989, true },
+  { 34999, true },
+  { 35012, true },
+  { 35025, true },
+  { 35037, true },
+  { 35055, true },
+  { 35063, true },
+  { 35072, false },
+  { 35088, true },
+  { 35104, true },
+  { 35114, true },
+  { 35134, true },
+  { 35146, true },
+  { 35167, true },
+  { 35184, true },
+  { 35202, true },
+  { 35212, true },
+  { 35224, true },
+  { 35232, true },
+  { 35243, true },
+  { 35254, true },
+  { 35272, true },
+  { 35280, true },
+  { 35292, true },
+  { 35301, true },
+  { 35310, false },
+  { 35322, false },
+  { 35334, true },
+  { 35358, true },
+  { 35376, true },
+  { 35396, true },
+  { 35407, true },
+  { 35420, true },
+  { 35429, true },
+  { 35443, true },
+  { 35465, true },
+  { 35475, true },
+  { 35484, true },
+  { 35495, true },
+  { 35503, true },
+  { 35513, true },
+  { 35522, true },
+  { 35534, true },
+  { 35546, true },
+  { 35555, true },
+  { 35566, true },
+  { 35574, true },
+  { 35584, true },
+  { 35595, false },
+  { 35607, true },
+  { 35620, true },
+  { 35641, true },
+  { 35653, true },
+  { 35668, true },
+  { 35681, true },
+  { 35689, true },
+  { 35705, false },
+  { 35715, true },
+  { 35738, true },
+  { 35762, true },
+  { 35771, true },
+  { 35779, true },
+  { 35806, true },
+  { 35814, true },
+  { 35821, true },
+  { 35838, true },
+  { 35857, true },
+  { 35878, true },
+  { 35889, true },
+  { 35898, true },
+  { 35907, true },
+  { 35924, true },
+  { 35942, true },
+  { 35953, true },
+  { 35969, true },
+  { 35981, true },
+  { 35992, true },
+  { 36003, true },
+  { 36014, true },
+  { 36026, true },
+  { 36038, false },
+  { 36047, true },
+  { 36063, true },
+  { 36072, true },
+  { 36081, true },
+  { 36091, true },
+  { 36101, true },
+  { 36112, true },
+  { 36121, true },
+  { 36131, true },
+  { 36146, true },
+  { 36156, true },
+  { 36182, true },
+  { 36194, true },
+  { 36212, true },
+  { 36226, true },
+  { 36237, true },
+  { 36268, true },
+  { 36288, false },
+  { 36304, true },
+  { 36322, false },
+  { 36342, true },
+  { 36354, true },
+  { 36364, true },
+  { 36374, true },
+  { 36386, true },
+  { 36399, true },
+  { 36409, true },
+  { 36423, true },
+  { 36432, true },
+  { 36442, true },
+  { 36452, true },
+  { 36461, true },
+  { 36469, true },
+  { 36479, true },
+  { 36491, true },
+  { 36503, true },
+  { 36515, true },
+  { 36525, true },
+  { 36541, true },
+  { 36555, true },
+  { 36572, true },
+  { 36588, true },
+  { 36603, true },
+  { 36615, true },
+  { 36623, true },
+  { 36634, false },
+  { 36644, true },
+  { 36661, true },
+  { 36673, true },
+  { 36695, true },
+  { 36702, true },
+  { 36711, true },
+  { 36719, true },
+  { 36729, true },
+  { 36743, true },
+  { 36773, true },
+  { 36788, true },
+  { 36797, true },
+  { 36811, true },
+  { 36823, true },
+  { 36844, true },
+  { 36859, true },
+  { 36871, true },
+  { 36886, true },
+  { 36910, true },
+  { 36927, true },
+  { 36944, true },
+  { 36962, true },
+  { 36975, true },
+  { 36987, true },
+  { 37010, true },
+  { 37021, true },
+  { 37030, true },
+  { 37041, true },
+  { 37066, true },
+  { 37082, true },
+  { 37096, true },
+  { 37116, true },
+  { 37131, true },
+  { 37149, true },
+  { 37167, true },
+  { 37182, true },
+  { 37196, true },
+  { 37211, true },
+  { 37230, true },
+  { 37245, true },
+  { 37266, true },
+  { 37279, true },
+  { 37295, true },
+  { 37319, true },
+  { 37329, true },
+  { 37339, true },
+  { 37348, true },
+  { 37357, true },
+  { 37367, true },
+  { 37378, true },
+  { 37403, true },
+  { 37432, true },
+  { 37445, true },
+  { 37455, true },
+  { 37470, true },
+  { 37484, true },
+  { 37501, false },
+  { 37509, false },
+  { 37518, true },
+  { 37532, true },
+  { 37539, false },
+  { 37556, true },
+  { 37571, true },
+  { 37583, true },
+  { 37598, true },
+  { 37608, true },
+  { 37627, true },
+  { 37644, true },
+  { 37656, false },
+  { 37663, true },
+  { 37689, true },
+  { 37702, true },
+  { 37714, true },
+  { 37733, true },
+  { 37760, true },
+  { 37781, true },
+  { 37795, true },
+  { 37810, true },
+  { 37834, true },
+  { 37843, true },
+  { 37855, true },
+  { 37867, true },
+  { 37881, true },
+  { 37896, true },
+  { 37908, true },
+  { 37917, true },
+  { 37936, true },
+  { 37952, true },
+  { 37970, true },
+  { 37987, true },
+  { 38006, true },
+  { 38036, true },
+  { 38046, true },
+  { 38063, true },
+  { 38076, true },
+  { 38094, true },
+  { 38104, true },
+  { 38121, true },
+  { 38143, true },
+  { 38156, true },
+  { 38172, true },
+  { 38182, true },
+  { 38195, true },
+  { 38209, true },
+  { 38223, true },
+  { 38235, true },
+  { 38255, true },
+  { 38270, true },
+  { 38286, true },
+  { 38314, true },
+  { 38328, true },
+  { 38343, true },
+  { 38357, true },
+  { 38366, true },
+  { 38377, true },
+  { 38395, true },
+  { 38409, true },
+  { 38424, true },
+  { 38436, true },
+  { 38448, true },
+  { 38462, true },
+  { 38479, true },
+  { 38490, true },
+  { 38501, true },
+  { 38512, true },
+  { 38525, true },
+  { 38548, true },
+  { 38563, true },
+  { 38578, false },
+  { 38594, true },
+  { 38616, true },
+  { 38634, true },
+  { 38651, true },
+  { 38669, true },
+  { 38688, true },
+  { 38699, true },
+  { 38712, true },
+  { 38729, true },
+  { 38749, true },
+  { 38776, true },
+  { 38803, true },
+  { 38821, true },
+  { 38839, true },
+  { 38851, true },
+  { 38860, true },
+  { 38873, true },
+  { 38889, true },
+  { 38911, true },
+  { 38928, true },
+  { 38950, true },
+  { 38970, true },
+  { 38987, true },
+  { 39002, true },
+  { 39021, true },
+  { 39036, true },
+  { 39050, true },
+  { 39061, true },
+  { 39084, true },
+  { 39096, true },
+  { 39109, true },
+  { 39122, true },
+  { 39135, true },
+  { 39153, true },
+  { 39171, true },
+  { 39189, true },
+  { 39206, true },
+  { 39231, true },
+  { 39243, true },
+  { 39257, true },
+  { 39274, true },
+  { 39294, true },
+  { 39304, true },
+  { 39320, true },
+  { 39333, true },
+  { 39346, true },
+  { 39362, true },
+  { 39375, true },
+  { 39388, true },
+  { 39401, true },
+  { 39410, true },
+  { 39427, true },
+  { 39438, true },
+  { 39449, true },
+  { 39463, true },
+  { 39474, true },
+  { 39491, true },
+  { 39501, true },
+  { 39515, true },
+  { 39528, true },
+  { 39537, true },
+  { 39546, true },
+  { 39556, true },
+  { 39569, true },
+  { 39580, true },
+  { 39594, true },
+  { 39604, true },
+  { 39614, true },
+  { 39625, true },
+  { 39648, true },
+  { 39674, true },
+  { 39694, true },
+  { 39714, true },
+  { 39736, true },
+  { 39751, true },
+  { 39764, true },
+  { 39783, true },
+  { 39811, true },
+  { 39820, true },
+  { 39841, true },
+  { 39861, true },
+  { 39871, true },
+  { 39897, true },
+  { 39918, true },
+  { 39935, true },
+  { 39955, true },
+  { 39974, true },
+  { 39989, true },
+  { 40001, true },
+  { 40014, true },
+  { 40026, true },
+  { 40046, true },
+  { 40064, true },
+  { 40075, true },
+  { 40092, true },
+  { 40105, true },
+  { 40118, true },
+  { 40129, true },
+  { 40142, true },
+  { 40154, true },
+  { 40171, true },
+  { 40185, true },
+  { 40216, true },
+  { 40226, true },
+  { 40238, true },
+  { 40251, true },
+  { 40262, true },
+  { 40273, true },
+  { 40287, false },
+  { 40305, true },
+  { 40322, true },
+  { 40338, true },
+  { 40353, true },
+  { 40377, true },
+  { 40393, true },
+  { 40421, true },
+  { 40440, true },
+  { 40450, true },
+  { 40463, true },
+  { 40485, true },
+  { 40496, true },
+  { 40519, true },
+  { 40543, true },
+  { 40556, true },
+  { 40567, true },
+  { 40584, true },
+  { 40600, true },
+  { 40616, true },
+  { 40631, true },
+  { 40647, true },
+  { 40662, true },
+  { 40677, true },
+  { 40694, true },
+  { 40713, true },
+  { 40725, true },
+  { 40752, true },
+  { 40764, true },
+  { 40782, false },
+  { 40794, true },
+  { 40803, true },
+  { 40812, true },
+  { 40821, true },
+  { 40840, true },
+  { 40852, true },
+  { 40866, true },
+  { 40881, true },
+  { 40898, true },
+  { 40914, true },
+  { 40924, true },
+  { 40933, true },
+  { 40951, true },
+  { 40962, true },
+  { 40974, true },
+  { 40982, true },
+  { 41000, true },
+  { 41010, true },
+  { 41027, true },
+  { 41038, true },
+  { 41052, true },
+  { 41070, true },
+  { 41080, true },
+  { 41087, true },
+  { 41114, true },
+  { 41123, true },
+  { 41137, true },
+  { 41150, true },
+  { 41164, true },
+  { 41174, true },
+  { 41187, true },
+  { 41211, false },
+  { 41222, true },
+  { 41240, true },
+  { 41265, true },
+  { 41272, true },
+  { 41284, true },
+  { 41296, true },
+  { 41317, true },
+  { 41330, true },
+  { 41347, false },
+  { 41367, true },
+  { 41379, true },
+  { 41395, true },
+  { 41407, true },
+  { 41426, true },
+  { 41439, false },
+  { 41453, true },
+  { 41466, true },
+  { 41486, true },
+  { 41499, true },
+  { 41516, true },
+  { 41530, true },
+  { 41548, true },
+  { 41568, true },
+  { 41588, true },
+  { 41604, true },
+  { 41616, true },
+  { 41630, true },
+  { 41645, true },
+  { 41658, true },
+  { 41667, true },
+  { 41685, true },
+  { 41695, true },
+  { 41712, true },
+  { 41733, true },
+  { 41756, false },
+  { 41775, true },
+  { 41786, true },
+  { 41794, true },
+  { 41805, true },
+  { 41819, true },
+  { 41838, true },
+  { 41864, true },
+  { 41887, true },
+  { 41912, true },
+  { 41926, true },
+  { 41943, true },
+  { 41959, true },
+  { 41972, true },
+  { 41983, true },
+  { 41993, true },
+  { 42009, true },
+  { 42023, true },
+  { 42036, true },
+  { 42050, true },
+  { 42063, true },
+  { 42077, true },
+  { 42092, true },
+  { 42104, true },
+  { 42119, true },
+  { 42138, true },
+  { 42157, true },
+  { 42174, true },
+  { 42190, true },
+  { 42210, true },
+  { 42227, true },
+  { 42243, true },
+  { 42253, true },
+  { 42268, true },
+  { 42286, true },
+  { 42299, true },
+  { 42314, true },
+  { 42327, true },
+  { 42343, true },
+  { 42357, true },
+  { 42371, true },
+  { 42390, true },
+  { 42403, true },
+  { 42423, true },
+  { 42435, true },
+  { 42458, true },
+  { 42470, true },
+  { 42493, true },
+  { 42506, true },
+  { 42521, true },
+  { 42538, true },
+  { 42550, true },
+  { 42566, true },
+  { 42591, true },
+  { 42602, true },
+  { 42614, true },
+  { 42629, true },
+  { 42657, false },
+  { 42676, true },
+  { 42691, true },
+  { 42707, true },
+  { 42718, true },
+  { 42728, true },
+  { 42741, true },
+  { 42757, true },
+  { 42770, true },
+  { 42780, true },
+  { 42791, true },
+  { 42802, true },
+  { 42813, true },
+  { 42824, true },
+  { 42835, true },
+  { 42846, true },
+  { 42857, true },
+  { 42885, true },
+  { 42907, false },
+  { 42921, true },
+  { 42933, true },
+  { 42953, true },
+  { 42970, true },
+  { 42996, true },
+  { 43005, true },
+  { 43017, true },
+  { 43029, true },
+  { 43040, true },
+  { 43068, false },
+  { 43087, true },
+  { 43101, true },
+  { 43111, true },
+  { 43122, true },
+  { 43149, true },
+  { 43170, true },
+  { 43181, true },
+  { 43191, true },
+  { 43218, true },
+  { 43233, true },
+  { 43245, true },
+  { 43256, true },
+  { 43277, false },
+  { 43292, true },
+  { 43305, true },
+  { 43315, true },
+  { 43326, true },
+  { 43339, true },
+  { 43350, true },
+  { 43362, true },
+  { 43377, true },
+  { 43391, true },
+  { 43405, true },
+  { 43427, true },
+  { 43440, true },
+  { 43455, true },
+  { 43474, true },
+  { 43495, true },
+  { 43505, true },
+  { 43519, true },
+  { 43539, true },
+  { 43559, true },
+  { 43569, true },
+  { 43582, true },
+  { 43596, true },
+  { 43610, true },
+  { 43627, true },
+  { 43645, true },
+  { 43664, true },
+  { 43677, true },
+  { 43692, true },
+  { 43713, true },
+  { 43725, true },
+  { 43743, true },
+  { 43764, true },
+  { 43784, true },
+  { 43802, true },
+  { 43820, true },
+  { 43838, true },
+  { 43852, true },
+  { 43865, true },
+  { 43884, false },
+  { 43898, true },
+  { 43929, true },
+  { 43948, true },
+  { 43958, true },
+  { 43977, true },
+  { 43988, true },
+  { 43998, true },
+  { 44014, true },
+  { 44029, true },
+  { 44053, true },
+  { 44068, true },
+  { 44082, true },
+  { 44104, true },
+  { 44118, true },
+  { 44131, true },
+  { 44144, true },
+  { 44157, true },
+  { 44174, true },
+  { 44187, true },
+  { 44204, true },
+  { 44234, true },
+  { 44253, true },
+  { 44262, true },
+  { 44276, true },
+  { 44292, true },
+  { 44303, true },
+  { 44321, true },
+  { 44337, true },
+  { 44357, true },
+  { 44371, true },
+  { 44387, true },
+  { 44396, true },
+  { 44417, true },
+  { 44438, true },
+  { 44456, true },
+  { 44466, true },
+  { 44495, true },
+  { 44523, true },
+  { 44540, true },
+  { 44566, true },
+  { 44581, true },
+  { 44603, true },
+  { 44626, true },
+  { 44634, true },
+  { 44643, true },
+  { 44654, true },
+  { 44664, true },
+  { 44677, true },
+  { 44687, true },
+  { 44706, true },
+  { 44723, true },
+  { 44732, true },
+  { 44749, true },
+  { 44766, true },
+  { 44791, true },
+  { 44804, true },
+  { 44824, true },
+  { 44845, true },
+  { 44855, true },
+  { 44867, true },
+  { 44878, true },
+  { 44888, true },
+  { 44901, true },
+  { 44914, true },
+  { 44924, true },
+  { 44945, true },
+  { 44958, true },
+  { 44976, true },
+  { 44997, true },
+  { 45016, true },
+  { 45040, true },
+  { 45066, true },
+  { 45086, true },
+  { 45104, true },
+  { 45119, true },
+  { 45134, true },
+  { 45150, true },
+  { 45169, true },
+  { 45187, true },
+  { 45203, true },
+  { 45221, true },
+  { 45244, true },
+  { 45266, true },
+  { 45283, true },
+  { 45297, true },
+  { 45323, true },
+  { 45341, true },
+  { 45359, true },
+  { 45381, true },
+  { 45397, true },
+  { 45411, true },
+  { 45428, true },
+  { 45448, true },
+  { 45459, true },
+  { 45472, true },
+  { 45484, true },
+  { 45496, true },
+  { 45508, true },
+  { 45524, true },
+  { 45535, true },
+  { 45550, true },
+  { 45562, true },
+  { 45570, true },
+  { 45589, true },
+  { 45602, true },
+  { 45624, true },
+  { 45642, true },
+  { 45651, true },
+  { 45671, true },
+  { 45682, true },
+  { 45704, true },
+  { 45721, true },
+  { 45736, true },
+  { 45748, true },
+  { 45766, true },
+  { 45780, true },
+  { 45809, true },
+  { 45825, true },
+  { 45844, true },
+  { 45865, true },
+  { 45882, true },
+  { 45896, true },
+  { 45910, true },
+  { 45923, true },
+  { 45935, true },
+  { 45946, true },
+  { 45956, true },
+  { 45986, false },
+  { 46011, true },
+  { 46027, true },
+  { 46040, true },
+  { 46051, true },
+  { 46070, true },
+  { 46097, true },
+  { 46109, true },
+  { 46124, true },
+  { 46141, true },
+  { 46159, true },
+  { 46177, true },
+  { 46186, true },
+  { 46202, true },
+  { 46222, true },
+  { 46233, true },
+  { 46253, true },
+  { 46273, true },
+  { 46292, true },
+  { 46311, true },
+  { 46329, true },
+  { 46346, true },
+  { 46372, true },
+  { 46388, true },
+  { 46402, true },
+  { 46414, true },
+  { 46425, true },
+  { 46440, true },
+  { 46453, true },
+  { 46471, true },
+  { 46489, true },
+  { 46497, false },
+  { 46506, true },
+  { 46520, true },
+  { 46534, true },
+  { 46548, true },
+  { 46565, true },
+  { 46577, true },
+  { 46592, true },
+  { 46600, true },
+  { 46614, true },
+  { 46625, true },
+  { 46637, true },
+  { 46651, true },
+  { 46666, true },
+  { 46676, true },
+  { 46685, true },
+  { 46698, true },
+  { 46711, true },
+  { 46725, true },
+  { 46735, true },
+  { 46748, true },
+  { 46759, false },
+  { 46779, true },
+  { 46791, true },
+  { 46814, true },
+  { 46832, true },
+  { 46850, true },
+  { 46862, true },
+  { 46877, true },
+  { 46886, true },
+  { 46901, true },
+  { 46914, true },
+  { 46926, true },
+  { 46940, true },
+  { 46955, true },
+  { 46970, true },
+  { 46988, true },
+  { 47001, true },
+  { 47012, true },
+  { 47022, true },
+  { 47034, true },
+  { 47053, true },
+  { 47073, true },
+  { 47086, true },
+  { 47105, true },
+  { 47115, true },
+  { 47130, true },
+  { 47149, true },
+  { 47170, true },
+  { 47182, true },
+  { 47197, true },
+  { 47212, true },
+  { 47220, true },
+  { 47235, true },
+  { 47250, true },
+  { 47263, true },
+  { 47273, true },
+  { 47285, true },
+  { 47300, true },
+  { 47317, true },
+  { 47342, true },
+  { 47358, true },
+  { 47387, true },
+  { 47409, true },
+  { 47425, true },
+  { 47444, true },
+  { 47467, true },
+  { 47483, true },
+  { 47507, true },
+  { 47528, true },
+  { 47537, true },
+  { 47550, true },
+  { 47571, true },
+  { 47592, true },
+  { 47621, true },
+  { 47631, true },
+  { 47645, true },
+  { 47665, true },
+  { 47685, true },
+  { 47702, true },
+  { 47716, true },
+  { 47731, true },
+  { 47742, true },
+  { 47758, true },
+  { 47784, true },
+  { 47797, true },
+  { 47811, true },
+  { 47830, true },
+  { 47845, false },
+  { 47864, false },
+  { 47882, true },
+  { 47894, true },
+  { 47908, true },
+  { 47920, true },
+  { 47938, true },
+  { 47953, true },
+  { 47975, true },
+  { 47987, true },
+  { 47997, true },
+  { 48009, true },
+  { 48019, true },
+  { 48034, true },
+  { 48050, true },
+  { 48069, true },
+  { 48091, true },
+  { 48109, true },
+  { 48124, true },
+  { 48137, true },
+  { 48164, true },
+  { 48184, true },
+  { 48198, false },
+  { 48210, true },
+  { 48225, true },
+  { 48246, true },
+  { 48262, true },
+  { 48277, true },
+  { 48289, true },
+  { 48318, true },
+  { 48329, true },
+  { 48343, true },
+  { 48358, true },
+  { 48368, true },
+  { 48376, true },
+  { 48393, true },
+  { 48415, true },
+  { 48435, true },
+  { 48452, true },
+  { 48470, true },
+  { 48484, true },
+  { 48504, true },
+  { 48516, true },
+  { 48525, true },
+  { 48540, true },
+  { 48555, true },
+  { 48569, true },
+  { 48586, true },
+  { 48601, true },
+  { 48612, true },
+  { 48630, true },
+  { 48640, true },
+  { 48663, true },
+  { 48677, true },
+  { 48693, true },
+  { 48715, true },
+  { 48733, true },
+  { 48745, true },
+  { 48756, true },
+  { 48768, true },
+  { 48783, true },
+  { 48795, true },
+  { 48812, true },
+  { 48826, true },
+  { 48856, true },
+  { 48867, false },
+  { 48880, true },
+  { 48892, true },
+  { 48910, true },
+  { 48924, true },
+  { 48936, true },
+  { 48953, true },
+  { 48971, true },
+  { 48982, true },
+  { 48995, true },
+  { 49011, true },
+  { 49023, true },
+  { 49046, true },
+  { 49065, true },
+  { 49078, true },
+  { 49094, true },
+  { 49102, true },
+  { 49114, true },
+  { 49124, true },
+  { 49137, true },
+  { 49159, true },
+  { 49182, true },
+  { 49204, true },
+  { 49220, true },
+  { 49238, true },
+  { 49255, true },
+  { 49279, true },
+  { 49299, true },
+  { 49315, true },
+  { 49327, true },
+  { 49354, true },
+  { 49370, true },
+  { 49386, true },
+  { 49397, true },
+  { 49409, true },
+  { 49424, true },
+  { 49433, true },
+  { 49447, true },
+  { 49462, true },
+  { 49472, true },
+  { 49485, true },
+  { 49499, true },
+  { 49516, true },
+  { 49527, true },
+  { 49536, true },
+  { 49547, true },
+  { 49559, true },
+  { 49573, true },
+  { 49586, true },
+  { 49600, true },
+  { 49613, true },
+  { 49631, true },
+  { 49649, true },
+  { 49662, true },
+  { 49673, true },
+  { 49687, true },
+  { 49699, true },
+  { 49710, true },
+  { 49721, true },
+  { 49734, true },
+  { 49746, true },
+  { 49757, true },
+  { 49776, true },
+  { 49797, true },
+  { 49813, true },
+  { 49828, true },
+  { 49842, true },
+  { 49859, true },
+  { 49879, true },
+  { 49904, true },
+  { 49922, true },
+  { 49934, true },
+  { 49946, true },
+  { 49958, true },
+  { 49971, true },
+  { 49980, true },
+  { 49995, true },
+  { 50009, true },
+  { 50022, true },
+  { 50034, true },
+  { 50044, true },
+  { 50058, true },
+  { 50073, true },
+  { 50093, true },
+  { 50116, true },
+  { 50135, true },
+  { 50149, true },
+  { 50160, true },
+  { 50174, true },
+  { 50185, true },
+  { 50196, true },
+  { 50206, true },
+  { 50220, true },
+  { 50230, true },
+  { 50241, true },
+  { 50253, true },
+  { 50266, true },
+  { 50277, true },
+  { 50289, true },
+  { 50300, true },
+  { 50315, true },
+  { 50327, true },
+  { 50340, true },
+  { 50354, true },
+  { 50366, true },
+  { 50380, true },
+  { 50392, true },
+  { 50405, true },
+  { 50416, true },
+  { 50427, true },
+  { 50452, true },
+  { 50468, false },
+  { 50480, true },
+  { 50497, true },
+  { 50511, true },
+  { 50524, true },
+  { 50535, true },
+  { 50546, true },
+  { 50565, true },
+  { 50580, true },
+  { 50591, true },
+  { 50607, true },
+  { 50617, true },
+  { 50627, true },
+  { 50641, true },
+  { 50658, true },
+  { 50669, true },
+  { 50683, true },
+  { 50695, true },
+  { 50705, true },
+  { 50714, true },
+  { 50728, true },
+  { 50747, true },
+  { 50764, true },
+  { 50785, true },
+  { 50808, true },
+  { 50825, true },
+  { 50848, true },
+  { 50861, true },
+  { 50874, true },
+  { 50886, true },
+  { 50898, true },
+  { 50912, true },
+  { 50925, true },
+  { 50938, true },
+  { 50954, true },
+  { 50968, true },
+  { 50985, true },
+  { 51002, true },
+  { 51015, true },
+  { 51028, true },
+  { 51041, true },
+  { 51054, true },
+  { 51067, true },
+  { 51080, true },
+  { 51093, true },
+  { 51106, true },
+  { 51119, true },
+  { 51132, true },
+  { 51145, true },
+  { 51158, true },
+  { 51171, true },
+  { 51184, true },
+  { 51203, true },
+  { 51218, true },
+  { 51232, true },
+  { 51245, true },
+  { 51256, true },
+  { 51272, true },
+  { 51290, true },
+  { 51302, true },
+  { 51315, true },
+  { 51337, true },
+  { 51357, true },
+  { 51369, true },
+  { 51392, true },
+  { 51416, true },
+  { 51434, true },
+  { 51454, true },
+  { 51467, true },
+  { 51486, true },
+  { 51502, true },
+  { 51516, true },
+  { 51531, true },
+  { 51552, true },
+  { 51574, true },
+  { 51586, true },
+  { 51597, true },
+  { 51616, true },
+  { 51635, true },
+  { 51650, true },
+  { 51666, true },
+  { 51679, true },
+  { 51694, true },
+  { 51712, true },
+  { 51728, true },
+  { 51744, true },
+  { 51770, true },
+  { 51785, true },
+  { 51804, true },
+  { 51814, true },
+  { 51828, true },
+  { 51842, true },
+  { 51857, true },
+  { 51876, true },
+  { 51885, true },
+  { 51911, true },
+  { 51928, true },
+  { 51958, true },
+  { 51969, true },
+  { 51985, true },
+  { 51995, true },
+  { 52011, true },
+  { 52030, true },
+  { 52051, true },
+  { 52065, true },
+  { 52081, true },
+  { 52103, true },
+  { 52114, true },
+  { 52139, true },
+  { 52151, true },
+  { 52162, true },
+  { 52173, true },
+  { 52187, true },
+  { 52207, true },
+  { 52222, true },
+  { 52237, true },
+  { 52256, true },
+  { 52269, true },
+  { 52279, true },
+  { 52293, true },
+  { 52313, true },
+  { 52335, true },
+  { 52354, true },
+  { 52368, true },
+  { 52382, true },
+  { 52390, true },
+  { 52403, true },
+  { 52417, true },
+  { 52432, true },
+  { 52446, true },
+  { 52459, true },
+  { 52475, true },
+  { 52486, true },
+  { 52495, true },
+  { 52503, true },
+  { 52518, true },
+  { 52530, true },
+  { 52546, true },
+  { 52568, true },
+  { 52582, true },
+  { 52597, true },
+  { 52613, true },
+  { 52625, true },
+  { 52639, true },
+  { 52655, true },
+  { 52667, false },
+  { 52683, false },
+  { 52700, true },
+  { 52713, true },
+  { 52725, true },
+  { 52738, true },
+  { 52753, true },
+  { 52770, true },
+  { 52786, true },
+  { 52804, true },
+  { 52819, true },
+  { 52835, true },
+  { 52849, true },
+  { 52867, true },
+  { 52892, true },
+  { 52908, true },
+  { 52923, true },
+  { 52933, true },
+  { 52953, true },
+  { 52966, true },
+  { 52982, true },
+  { 52998, true },
+  { 53018, true },
+  { 53035, true },
+  { 53053, true },
+  { 53064, true },
+  { 53073, true },
+  { 53082, true },
+  { 53091, true },
+  { 53103, true },
+  { 53119, true },
+  { 53135, true },
+  { 53146, true },
+  { 53159, true },
+  { 53174, true },
+  { 53188, true },
+  { 53198, true },
+  { 53212, true },
+  { 53226, true },
+  { 53238, true },
+  { 53250, true },
+  { 53275, true },
+  { 53291, true },
+  { 53315, true },
+  { 53328, true },
+  { 53342, true },
+  { 53355, true },
+  { 53376, true },
+  { 53396, true },
+  { 53410, true },
+  { 53425, true },
+  { 53448, true },
+  { 53466, true },
+  { 53475, true },
+  { 53486, true },
+  { 53496, true },
+  { 53506, true },
+  { 53517, true },
+  { 53538, true },
+  { 53555, true },
+  { 53573, true },
+  { 53589, true },
+  { 53614, true },
+  { 53636, true },
+  { 53649, true },
+  { 53662, true },
+  { 53673, true },
+  { 53684, true },
+  { 53692, true },
+  { 53711, true },
+  { 53721, true },
+  { 53734, true },
+  { 53762, true },
+  { 53779, true },
+  { 53792, true },
+  { 53817, true },
+  { 53825, true },
+  { 53834, true },
+  { 53852, true },
+  { 53864, true },
+  { 53873, true },
+  { 53891, true },
+  { 53901, true },
+  { 53918, true },
+  { 53931, true },
+  { 53944, true },
+  { 53956, true },
+  { 53972, true },
+  { 53981, true },
+  { 53992, true },
+  { 54003, true },
+  { 54018, true },
+  { 54038, true },
+  { 54051, true },
+  { 54063, true },
+  { 54075, true },
+  { 54091, true },
+  { 54101, true },
+  { 54112, true },
+  { 54126, true },
+  { 54140, true },
+  { 54164, true },
+  { 54177, true },
+  { 54188, true },
+  { 54208, true },
+  { 54230, true },
+  { 54246, true },
+  { 54264, true },
+  { 54286, true },
+  { 54308, true },
+  { 54323, true },
+  { 54339, true },
+  { 54350, true },
+  { 54372, true },
+  { 54390, true },
+  { 54400, true },
+  { 54414, true },
+  { 54423, true },
+  { 54432, true },
+  { 54445, true },
+  { 54461, true },
+  { 54476, true },
+  { 54496, true },
+  { 54513, true },
+  { 54524, true },
+  { 54543, true },
+  { 54562, true },
+  { 54574, true },
+  { 54591, true },
+  { 54605, true },
+  { 54632, true },
+  { 54645, false },
+  { 54653, true },
+  { 54663, true },
+  { 54674, true },
+  { 54691, true },
+  { 54705, true },
+  { 54715, true },
+  { 54725, true },
+  { 54735, true },
+  { 54745, true },
+  { 54759, true },
+  { 54775, true },
+  { 54798, true },
+  { 54815, true },
+  { 54826, true },
+  { 54838, true },
+  { 54857, true },
+  { 54873, true },
+  { 54883, true },
+  { 54897, true },
+  { 54907, true },
+  { 54921, true },
+  { 54941, true },
+  { 54961, true },
+  { 54976, true },
+  { 54996, true },
+  { 55006, true },
+  { 55034, true },
+  { 55049, true },
+  { 55064, true },
+  { 55079, true },
+  { 55094, true },
+  { 55108, true },
+  { 55120, true },
+  { 55136, true },
+  { 55147, true },
+  { 55159, true },
+  { 55170, true },
+  { 55196, true },
+  { 55214, true },
+  { 55228, true },
+  { 55242, true },
+  { 55262, true },
+  { 55279, true },
+  { 55291, true },
+  { 55317, true },
+  { 55329, true },
+  { 55344, true },
+  { 55358, true },
+  { 55386, true },
+  { 55403, true },
+  { 55411, true },
+  { 55426, true },
+  { 55439, true },
+  { 55453, true },
+  { 55467, true },
+  { 55481, true },
+  { 55493, true },
+  { 55503, true },
+  { 55512, true },
+  { 55523, true },
+  { 55533, true },
+  { 55543, true },
+  { 55552, true },
+  { 55561, true },
+  { 55573, true },
+  { 55599, true },
+  { 55609, true },
+  { 55619, false },
+  { 55629, true },
+  { 55642, true },
+  { 55651, true },
+  { 55663, true },
+  { 55674, true },
+  { 55690, true },
+  { 55710, true },
+  { 55728, true },
+  { 55746, true },
+  { 55764, true },
+  { 55782, true },
+  { 55795, true },
+  { 55807, true },
+  { 55819, true },
+  { 55837, true },
+  { 55849, true },
+  { 55863, true },
+  { 55877, true },
+  { 55885, true },
+  { 55902, true },
+  { 55917, true },
+  { 55926, true },
+  { 55947, true },
+  { 55957, true },
+  { 55971, true },
+  { 55984, true },
+  { 56003, true },
+  { 56029, true },
+  { 56043, true },
+  { 56050, true },
+  { 56060, true },
+  { 56082, true },
+  { 56110, true },
+  { 56132, true },
+  { 56142, true },
+  { 56152, true },
+  { 56163, true },
+  { 56175, true },
+  { 56183, true },
+  { 56199, true },
+  { 56214, true },
+  { 56235, true },
+  { 56254, true },
+  { 56272, true },
+  { 56290, true },
+  { 56306, true },
+  { 56324, true },
+  { 56344, true },
+  { 56361, true },
+  { 56375, true },
+  { 56391, true },
+  { 56406, true },
+  { 56423, true },
+  { 56448, true },
+  { 56472, true },
+  { 56496, true },
+  { 56523, true },
+  { 56549, true },
+  { 56571, true },
+  { 56585, true },
+  { 56610, true },
+  { 56638, true },
+  { 56660, true },
+  { 56684, true },
+  { 56710, true },
+  { 56732, true },
+  { 56747, true },
+  { 56768, true },
+  { 56791, true },
+  { 56811, true },
+  { 56827, true },
+  { 56851, true },
+  { 56880, true },
+  { 56900, true },
+  { 56920, true },
+  { 56942, true },
+  { 56961, true },
+  { 56989, true },
+  { 57012, true },
+  { 57035, true },
+  { 57067, true },
+  { 57090, true },
+  { 57108, true },
+  { 57129, true },
+  { 57150, true },
+  { 57172, true },
+  { 57194, true },
+  { 57220, true },
+  { 57241, true },
+  { 57260, true },
+  { 57292, true },
+  { 57323, true },
+  { 57353, true },
+  { 57384, true },
+  { 57408, true },
+  { 57429, true },
+  { 57450, true },
+  { 57472, true },
+  { 57500, true },
+  { 57518, true },
+  { 57538, true },
+  { 57552, true },
+  { 57568, true },
+  { 57593, true },
+  { 57625, true },
+  { 57645, true },
+  { 57672, true },
+  { 57701, true },
+  { 57734, true },
+  { 57765, true },
+  { 57798, true },
+  { 57827, true },
+  { 57861, true },
+  { 57888, true },
+  { 57920, true },
+  { 57948, true },
+  { 57978, true },
+  { 58005, true },
+  { 58034, true },
+  { 58063, true },
+  { 58092, true },
+  { 58123, true },
+  { 58156, true },
+  { 58178, true },
+  { 58215, true },
+  { 58238, true },
+  { 58255, true },
+  { 58279, true },
+  { 58303, true },
+  { 58332, true },
+  { 58354, true },
+  { 58381, true },
+  { 58408, true },
+  { 58439, true },
+  { 58465, true },
+  { 58488, true },
+  { 58517, true },
+  { 58534, true },
+  { 58551, true },
+  { 58572, true },
+  { 58591, true },
+  { 58619, true },
+  { 58638, true },
+  { 58658, true },
+  { 58676, true },
+  { 58703, true },
+  { 58720, true },
+  { 58738, true },
+  { 58759, true },
+  { 58776, true },
+  { 58793, true },
+  { 58812, true },
+  { 58831, true },
+  { 58848, true },
+  { 58860, true },
+  { 58878, true },
+  { 58891, true },
+  { 58907, true },
+  { 58917, false },
+  { 58939, false },
+  { 58964, false },
+  { 58988, true },
+  { 59013, true },
+  { 59036, true },
+  { 59064, true },
+  { 59074, true },
+  { 59087, true },
+  { 59112, true },
+  { 59130, true },
+  { 59142, false },
+  { 59156, true },
+  { 59166, true },
+  { 59179, true },
+  { 59189, true },
+  { 59199, true },
+  { 59209, true },
+  { 59219, true },
+  { 59229, true },
+  { 59239, true },
+  { 59249, true },
+  { 59263, true },
+  { 59280, true },
+  { 59289, true },
+  { 59303, true },
+  { 59321, true },
+  { 59333, true },
+  { 59344, true },
+  { 59356, true },
+  { 59363, true },
+  { 59397, true },
+  { 59422, true },
+  { 59436, true },
+  { 59447, true },
+  { 59462, true },
+  { 59470, true },
+  { 59484, true },
+  { 59491, true },
+  { 59498, false },
+  { 59518, false },
+  { 59527, true },
+  { 59537, true },
+  { 59548, true },
+  { 59569, true },
+  { 59588, true },
+  { 59613, true },
+  { 59635, true },
+  { 59650, true },
+  { 59662, true },
+  { 59677, true },
+  { 59696, true },
+  { 59721, true },
+  { 59741, true },
+  { 59757, true },
+  { 59770, true },
+  { 59785, true },
+  { 59803, true },
+  { 59818, true },
+  { 59829, true },
+  { 59844, true },
+  { 59857, true },
+  { 59871, true },
+  { 59883, true },
+  { 59896, true },
+  { 59910, true },
+  { 59925, true },
+  { 59942, true },
+  { 59955, true },
+  { 59977, true },
+  { 59993, true },
+  { 60009, true },
+  { 60022, true },
+  { 60034, true },
+  { 60058, true },
+  { 60073, true },
+  { 60088, true },
+  { 60098, true },
+  { 60107, true },
+  { 60129, true },
+  { 60141, true },
+  { 60166, true },
+  { 60190, true },
+  { 60209, true },
+  { 60223, true },
+  { 60239, true },
+  { 60258, true },
+  { 60275, true },
+  { 60290, true },
+  { 60309, true },
+  { 60332, true },
+  { 60353, true },
+  { 60363, true },
+  { 60373, true },
+  { 60393, true },
+  { 60405, true },
+  { 60425, true },
+  { 60443, true },
+  { 60463, true },
+  { 60491, false },
+  { 60504, true },
+  { 60518, true },
+  { 60536, true },
+  { 60550, true },
+  { 60567, true },
+  { 60584, true },
+  { 60600, true },
+  { 60609, true },
+  { 60624, true },
+  { 60640, true },
+  { 60650, true },
+  { 60669, true },
+  { 60690, true },
+  { 60710, true },
+  { 60727, true },
+  { 60742, true },
+  { 60751, true },
+  { 60759, true },
+  { 60766, true },
+  { 60783, true },
+  { 60799, true },
+  { 60818, true },
+  { 60828, true },
+  { 60843, true },
+  { 60857, true },
+  { 60871, true },
+  { 60886, true },
+  { 60901, true },
+  { 60915, true },
+  { 60929, true },
+  { 60944, true },
+  { 60955, false },
+  { 60971, false },
+  { 60988, true },
+  { 60999, true },
+  { 61013, true },
+  { 61024, true },
+  { 61034, true },
+  { 61044, true },
+  { 61064, true },
+  { 61084, true },
+  { 61095, true },
+  { 61110, true },
+  { 61129, true },
+  { 61148, true },
+  { 61165, true },
+  { 61177, true },
+  { 61196, true },
+  { 61210, true },
+  { 61228, true },
+  { 61244, true },
+  { 61259, true },
+  { 61271, true },
+  { 61284, true },
+  { 61298, true },
+  { 61313, true },
+  { 61324, true },
+  { 61335, true },
+  { 61351, true },
+  { 61377, true },
+  { 61393, true },
+  { 61409, true },
+  { 61426, true },
+  { 61444, true },
+  { 61459, true },
+  { 61475, true },
+  { 61492, true },
+  { 61505, true },
+  { 61521, true },
+  { 61537, true },
+  { 61551, true },
+  { 61566, false },
+  { 61574, true },
+  { 61597, true },
+  { 61623, true },
+  { 61637, true },
+  { 61652, true },
+  { 61674, true },
+  { 61684, true },
+  { 61698, true },
+  { 61722, true },
+  { 61735, true },
+  { 61760, true },
+  { 61777, true },
+  { 61803, true },
+  { 61819, true },
+  { 61844, true },
+  { 61872, true },
+  { 61899, true },
+  { 61910, true },
+  { 61924, true },
+  { 61952, true },
+  { 61965, true },
+  { 61990, true },
+  { 62005, true },
+  { 62037, true },
+  { 62053, true },
+  { 62069, true },
+  { 62093, true },
+  { 62112, true },
+  { 62128, true },
+  { 62155, true },
+  { 62178, true },
+  { 62196, true },
+  { 62220, true },
+  { 62234, true },
+  { 62248, true },
+  { 62270, true },
+  { 62277, true },
+  { 62284, true },
+  { 62302, true },
+  { 62317, true },
+  { 62332, true },
+  { 62345, true },
+  { 62358, true },
+  { 62370, true },
+  { 62383, true },
+  { 62398, true },
+  { 62418, true },
+  { 62435, true },
+  { 62457, true },
+  { 62474, true },
+  { 62489, false },
+  { 62506, true },
+  { 62521, true },
+  { 62538, true },
+  { 62565, true },
+  { 62577, true },
+  { 62592, true },
+  { 62614, true },
+  { 62628, true },
+  { 62647, true },
+  { 62665, true },
+  { 62679, true },
+  { 62687, true },
+  { 62703, true },
+  { 62718, true },
+  { 62727, true },
+  { 62739, true },
+  { 62752, true },
+  { 62764, true },
+  { 62778, true },
+  { 62793, true },
+  { 62808, true },
+  { 62823, true },
+  { 62832, true },
+  { 62848, true },
+  { 62865, true },
+  { 62889, true },
+  { 62904, true },
+  { 62920, true },
+  { 62926, true },
+  { 62932, true },
+  { 62942, true },
+  { 62955, true },
+  { 62972, true },
+  { 62984, true },
+  { 62997, true },
+  { 63007, true },
+  { 63019, true },
+  { 63039, true },
+  { 63051, true },
+  { 63063, true },
+  { 63076, true },
+  { 63089, true },
+  { 63110, true },
+  { 63123, true },
+  { 63135, true },
+  { 63151, true },
+  { 63161, false },
+  { 63168, true },
+  { 63183, true },
+  { 63197, true },
+  { 63206, true },
+  { 63221, true },
+  { 63231, true },
+  { 63243, true },
+  { 63251, true },
+  { 63260, true },
+  { 63278, true },
+  { 63291, true },
+  { 63299, true },
+  { 63309, true },
+  { 63319, true },
+  { 63329, true },
+  { 63337, true },
+  { 63345, true },
+  { 63354, true },
+  { 63363, true },
+  { 63381, true },
+  { 63399, true },
+  { 63421, true },
+  { 63442, true },
+  { 63452, true },
+  { 63469, true },
+  { 63478, true },
+  { 63496, true },
+  { 63511, true },
+  { 63526, true },
+  { 63555, true },
+  { 63567, true },
+  { 63584, true },
+  { 63599, true },
+  { 63611, true },
+  { 63629, true },
+  { 63639, true },
+  { 63653, true },
+  { 63676, true },
+  { 63709, true },
+  { 63723, true },
+  { 63739, true },
+  { 63759, true },
+  { 63771, true },
+  { 63782, false },
+  { 63798, true },
+  { 63809, true },
+  { 63822, true },
+  { 63840, true },
+  { 63860, true },
+  { 63874, true },
+  { 63896, true },
+  { 63921, false },
+  { 63934, true },
+  { 63943, true },
+  { 63956, true },
+  { 63974, true },
+  { 63989, true },
+  { 64000, true },
+  { 64010, true },
+  { 64031, true },
+  { 64041, true },
+  { 64060, true },
+  { 64072, true },
+  { 64087, true },
+  { 64116, true },
+  { 64145, true },
+  { 64166, true },
+  { 64180, true },
+  { 64196, true },
+  { 64232, true },
+  { 64249, true },
+  { 64263, true },
+  { 64271, true },
+  { 64284, true },
+  { 64296, true },
+  { 64308, true },
+  { 64324, true },
+  { 64338, true },
+  { 64360, true },
+  { 64379, true },
+  { 64395, true },
+  { 64408, true },
+  { 64434, true },
+  { 64453, true },
+  { 64471, true },
+  { 64491, true },
+  { 64506, true },
+  { 64521, true },
+  { 64539, true },
+  { 64555, true },
+  { 64566, true },
+  { 64584, false },
+  { 64594, true },
+  { 64616, true },
+  { 64630, true },
+  { 64653, true },
+  { 64669, true },
+  { 64687, true },
+  { 64703, true },
+  { 64712, true },
+  { 64728, true },
+  { 64742, true },
+  { 64755, true },
+  { 64771, true },
+  { 64782, true },
+  { 64795, false },
+  { 64803, true },
+  { 64816, true },
+  { 64831, true },
+  { 64844, true },
+  { 64862, true },
+  { 64894, true },
+  { 64910, false },
+  { 64930, true },
+  { 64944, true },
+  { 64958, true },
+  { 64973, true },
+  { 64981, true },
+  { 64997, true },
+  { 65025, true },
+  { 65040, true },
+  { 65051, true },
+  { 65064, true },
+  { 65076, true },
+  { 65089, true },
+  { 65101, true },
+  { 65114, true },
+  { 65135, true },
+  { 65148, true },
+  { 65168, false },
+  { 65190, true },
+  { 65217, true },
+  { 65237, true },
+  { 65260, true },
+  { 65283, true },
+  { 65307, true },
+  { 65334, true },
+  { 65360, true },
+  { 65374, true },
+  { 65387, true },
+  { 65403, true },
+  { 65415, true },
+  { 65443, true },
+  { 65455, true },
+  { 65467, true },
+  { 65492, true },
+  { 65506, true },
+  { 65520, true },
+  { 65532, true },
+  { 65544, true },
+  { 65567, true },
+  { 65581, true },
+  { 65599, true },
+  { 65614, true },
+  { 65635, true },
+  { 65649, true },
+  { 65662, true },
+  { 65676, true },
+  { 65695, true },
+  { 65710, true },
+  { 65739, true },
+  { 65755, true },
+  { 65773, true },
+  { 65786, true },
+  { 65802, true },
+  { 65813, true },
+  { 65825, true },
+  { 65838, true },
+  { 65851, true },
+  { 65862, true },
+  { 65875, true },
+  { 65884, true },
+  { 65898, true },
+  { 65907, true },
+  { 65924, true },
+  { 65933, true },
+  { 65950, true },
+  { 65959, true },
+  { 65967, true },
+  { 65975, true },
+  { 65984, true },
+  { 65993, true },
+  { 66004, true },
+  { 66015, true },
+  { 66024, true },
+  { 66034, true },
+  { 66045, true },
+  { 66058, true },
+  { 66082, true },
+  { 66092, true },
+  { 66101, true },
+  { 66111, true },
+  { 66121, true },
+  { 66132, true },
+  { 66142, true },
+  { 66151, true },
+  { 66160, true },
+  { 66171, true },
+  { 66185, true },
+  { 66194, true },
+  { 66208, true },
+  { 66221, true },
+  { 66236, true },
+  { 66248, true },
+  { 66261, true },
+  { 66271, true },
+  { 66281, false },
+  { 66294, true },
+  { 66304, true },
+  { 66319, true },
+  { 66333, true },
+  { 66351, true },
+  { 66366, true },
+  { 66385, true },
+  { 66401, true },
+  { 66415, true },
+  { 66431, true },
+  { 66443, true },
+  { 66454, true },
+  { 66467, true },
+  { 66481, true },
+  { 66491, true },
+  { 66509, true },
+  { 66520, true },
+  { 66529, true },
+  { 66539, true },
+  { 66551, true },
+  { 66567, true },
+  { 66581, true },
+  { 66586, true },
+  { 66598, true },
+  { 66614, true },
+  { 66623, true },
+  { 66632, true },
+  { 66640, true },
+  { 66647, true },
+  { 66653, true },
+  { 66663, true },
+  { 66672, true },
+  { 66681, true },
+  { 66691, true },
+  { 66720, true },
+  { 66735, false },
+  { 66755, true },
+  { 66762, true },
+  { 66772, true },
+  { 66787, true },
+  { 66800, true },
+  { 66813, true },
+  { 66826, true },
+  { 66844, true },
+  { 66865, true },
+  { 66885, true },
+  { 66898, true },
+  { 66914, true },
+  { 66933, true },
+  { 66945, true },
+  { 66963, true },
+  { 66975, true },
+  { 66988, true },
+  { 67000, true },
+  { 67012, true },
+  { 67023, true },
+  { 67033, true },
+  { 67044, true },
+  { 67056, true },
+  { 67067, true },
+  { 67078, true },
+  { 67092, true },
+  { 67107, true },
+  { 67125, true },
+  { 67144, true },
+  { 67158, true },
+  { 67173, true },
+  { 67188, true },
+  { 67203, true },
+  { 67223, false },
+  { 67239, true },
+  { 67259, true },
+  { 67267, true },
+  { 67278, false },
+  { 67288, true },
+  { 67300, true },
+  { 67314, true },
+  { 67330, true },
+  { 67344, true },
+  { 67360, true },
+  { 67380, true },
+  { 67392, true },
+  { 67404, true },
+  { 67415, true },
+  { 67439, true },
+  { 67458, true },
+  { 67471, true },
+  { 67479, true },
+  { 67498, true },
+  { 67512, true },
+  { 67529, true },
+  { 67556, false },
+  { 67572, true },
+  { 67586, true },
+  { 67603, true },
+  { 67614, true },
+  { 67626, true },
+  { 67641, true },
+  { 67653, true },
+  { 67669, true },
+  { 67688, true },
+  { 67707, true },
+  { 67715, true },
+  { 67727, true },
+  { 67744, true },
+  { 67755, true },
+  { 67769, true },
+  { 67781, true },
+  { 67794, true },
+  { 67807, true },
+  { 67827, true },
+  { 67837, true },
+  { 67854, true },
+  { 67873, false },
+  { 67892, true },
+  { 67910, true },
+  { 67922, true },
+  { 67946, true },
+  { 67957, true },
+  { 67969, true },
+  { 67984, true },
+  { 68001, true },
+  { 68025, true },
+  { 68036, true },
+  { 68050, true },
+  { 68068, true },
+  { 68080, true },
+  { 68096, true },
+  { 68116, true },
+  { 68127, true },
+  { 68143, true },
+  { 68159, true },
+  { 68179, true },
+  { 68196, true },
+  { 68211, true },
+  { 68235, true },
+  { 68249, true },
+  { 68264, true },
+  { 68287, true },
+  { 68315, true },
+  { 68334, true },
+  { 68352, true },
+  { 68369, true },
+  { 68387, true },
+  { 68401, true },
+  { 68412, true },
+  { 68438, true },
+  { 68457, true },
+  { 68472, true },
+  { 68488, true },
+  { 68498, true },
+  { 68517, true },
+  { 68531, true },
+  { 68552, true },
+  { 68568, false },
+  { 68593, true },
+  { 68618, true },
+  { 68636, true },
+  { 68655, true },
+  { 68681, false },
+  { 68695, true },
+  { 68713, true },
+  { 68729, true },
+  { 68743, true },
+  { 68762, true },
+  { 68771, true },
+  { 68783, true },
+  { 68812, true },
+  { 68828, true },
+  { 68841, true },
+  { 68858, true },
+  { 68871, true },
+  { 68883, true },
+  { 68903, true },
+  { 68918, true },
+  { 68931, true },
+  { 68954, true },
+  { 68972, true },
+  { 68985, true },
+  { 68997, true },
+  { 69009, true },
+  { 69024, true },
+  { 69057, true },
+  { 69070, true },
+  { 69084, true },
+  { 69094, true },
+  { 69107, true },
+  { 69115, true },
+  { 69122, true },
+  { 69147, true },
+  { 69173, true },
+  { 69184, true },
+  { 69196, true },
+  { 69210, true },
+  { 69238, true },
+  { 69251, true },
+  { 69272, true },
+  { 69284, true },
+  { 69308, true },
+  { 69326, true },
+  { 69344, true },
+  { 69359, true },
+  { 69385, true },
+  { 69401, true },
+  { 69418, true },
+  { 69444, true },
+  { 69456, true },
+  { 69478, true },
+  { 69492, true },
+  { 69512, true },
+  { 69538, true },
+  { 69548, true },
+  { 69561, true },
+  { 69582, true },
+  { 69604, true },
+  { 69624, true },
+  { 69638, false },
+  { 69652, true },
+  { 69668, true },
+  { 69692, true },
+  { 69707, true },
+  { 69718, true },
+  { 69735, true },
+  { 69748, true },
+  { 69757, true },
+  { 69766, true },
+  { 69781, true },
+  { 69803, true },
+  { 69826, true },
+  { 69850, true },
+  { 69873, true },
+  { 69897, true },
+  { 69916, true },
+  { 69929, true },
+  { 69947, false },
+  { 69962, true },
+  { 69973, true },
+  { 69985, true },
+  { 69994, true },
+  { 70011, true },
+  { 70025, true },
+  { 70039, true },
+  { 70053, true },
+  { 70067, true },
+  { 70081, true },
+  { 70094, true },
+  { 70107, true },
+  { 70122, true },
+  { 70138, true },
+  { 70148, true },
+  { 70158, true },
+  { 70168, true },
+  { 70178, true },
+  { 70191, true },
+  { 70204, true },
+  { 70227, true },
+  { 70239, true },
+  { 70250, true },
+  { 70273, true },
+  { 70287, true },
+  { 70297, true },
+  { 70306, true },
+  { 70319, false },
+  { 70332, true },
+  { 70345, true },
+  { 70362, true },
+  { 70395, true },
+  { 70414, true },
+  { 70428, true },
+  { 70442, true },
+  { 70454, true },
+  { 70470, true },
+  { 70489, true },
+  { 70503, true },
+  { 70520, true },
+  { 70533, true },
+  { 70547, true },
+  { 70558, true },
+  { 70587, true },
+  { 70604, true },
+  { 70618, true },
+  { 70638, true },
+  { 70673, true },
+  { 70695, true },
+  { 70718, true },
+  { 70731, true },
+  { 70741, true },
+  { 70759, true },
+  { 70780, true },
+  { 70796, true },
+  { 70807, true },
+  { 70818, true },
+  { 70830, true },
+  { 70842, true },
+  { 70853, true },
+  { 70873, true },
+  { 70886, true },
+  { 70898, true },
+  { 70913, true },
+  { 70931, true },
+  { 70945, true },
+  { 70965, true },
+  { 70991, true },
+  { 71022, true },
+  { 71033, true },
+  { 71062, true },
+  { 71080, true },
+  { 71097, true },
+  { 71120, true },
+  { 71148, true },
+  { 71163, true },
+  { 71172, true },
+  { 71190, true },
+  { 71205, true },
+  { 71219, true },
+  { 71240, true },
+  { 71257, true },
+  { 71273, true },
+  { 71286, true },
+  { 71310, true },
+  { 71323, true },
+  { 71344, true },
+  { 71362, true },
+  { 71389, true },
+  { 71406, true },
+  { 71426, true },
+  { 71445, true },
+  { 71462, true },
+  { 71476, true },
+  { 71507, true },
+  { 71519, true },
+  { 71531, true },
+  { 71548, true },
+  { 71563, true },
+  { 71576, true },
+  { 71588, true },
+  { 71601, true },
+  { 71624, true },
+  { 71636, true },
+  { 71648, true },
+  { 71660, true },
+  { 71673, true },
+  { 71690, true },
+  { 71702, true },
+  { 71717, true },
+  { 71736, true },
+  { 71749, true },
+  { 71760, true },
+  { 71772, true },
+  { 71782, true },
+  { 71798, true },
+  { 71814, true },
+  { 71829, true },
+  { 71841, true },
+  { 71853, true },
+  { 71873, true },
+  { 71886, true },
+  { 71904, true },
+  { 71919, true },
+  { 71948, true },
+  { 71969, true },
+  { 71987, true },
+  { 72012, true },
+  { 72029, true },
+  { 72054, true },
+  { 72074, true },
+  { 72091, true },
+  { 72104, true },
+  { 72115, true },
+  { 72123, true },
+  { 72136, true },
+  { 72154, true },
+  { 72168, true },
+  { 72180, true },
+  { 72196, true },
+  { 72213, true },
+  { 72232, true },
+  { 72245, true },
+  { 72262, true },
+  { 72274, true },
+  { 72291, true },
+  { 72302, true },
+  { 72315, true },
+  { 72339, true },
+  { 72353, true },
+  { 72368, true },
+  { 72383, true },
+  { 72403, true },
+  { 72427, true },
+  { 72444, true },
+  { 72455, true },
+  { 72466, true },
+  { 72478, false },
+  { 72488, true },
+  { 72501, false },
+  { 72512, true },
+  { 72528, true },
+  { 72543, true },
+  { 72574, true },
+  { 72611, true },
+  { 72626, true },
+  { 72643, true },
+  { 72653, true },
+  { 72660, true },
+  { 72669, true },
+  { 72703, true },
+  { 72719, true },
+  { 72739, true },
+  { 72757, true },
+  { 72775, true },
+  { 72789, true },
+  { 72800, true },
+  { 72810, true },
+  { 72821, true },
+  { 72836, true },
+  { 72847, true },
+  { 72856, true },
+  { 72868, true },
+  { 72894, true },
+  { 72911, true },
+  { 72918, true },
+  { 72935, true },
+  { 72944, true },
+  { 72960, true },
+  { 72968, true },
+  { 72976, false },
+  { 72984, true },
+  { 72995, true },
+  { 73009, true },
+  { 73016, true },
+  { 73025, true },
+  { 73044, true },
+  { 73051, true },
+  { 73058, true },
+  { 73065, true },
+  { 73078, false },
+  { 73098, true },
+  { 73111, true },
+  { 73124, true },
+  { 73141, true },
+  { 73149, true },
+  { 73163, true },
+  { 73171, true },
+  { 73181, true },
+  { 73196, true },
+  { 73210, true },
+  { 73224, true },
+  { 73237, true },
+  { 73248, true },
+  { 73256, true },
+  { 73266, true },
+  { 73277, true },
+  { 73296, true },
+  { 73309, true },
+  { 73318, true },
+  { 73339, true },
+  { 73358, true },
+  { 73372, true },
+  { 73388, true },
+  { 73405, true },
+  { 73423, true },
+  { 73434, true },
+  { 73447, true },
+  { 73462, false },
+  { 73472, true },
+  { 73483, true },
+  { 73502, false },
+  { 73515, true },
+  { 73528, true },
+  { 73539, true },
+  { 73557, true },
+  { 73573, true },
+  { 73584, true },
+  { 73602, true },
+  { 73610, true },
+  { 73624, true },
+  { 73640, true },
+  { 73656, true },
+  { 73666, true },
+  { 73677, true },
+  { 73697, true },
+  { 73717, false },
+  { 73734, true },
+  { 73750, false },
+  { 73765, true },
+  { 73775, true },
+  { 73787, true },
+  { 73799, true },
+  { 73827, true },
+  { 73841, true },
+  { 73860, true },
+  { 73877, true },
+  { 73896, true },
+  { 73914, true },
+  { 73928, true },
+  { 73943, true },
+  { 73958, true },
+  { 73979, true },
+  { 73996, true },
+  { 74014, true },
+  { 74031, true },
+  { 74051, true },
+  { 74076, true },
+  { 74088, true },
+  { 74101, true },
+  { 74114, true },
+  { 74127, true },
+  { 74137, true },
+  { 74151, true },
+  { 74166, true },
+  { 74179, true },
+  { 74193, true },
+  { 74206, true },
+  { 74224, true },
+  { 74243, true },
+  { 74261, true },
+  { 74272, true },
+  { 74286, true },
+  { 74303, true },
+  { 74318, true },
+  { 74332, true },
+  { 74346, true },
+  { 74359, true },
+  { 74382, true },
+  { 74403, true },
+  { 74413, true },
+  { 74432, true },
+  { 74448, true },
+  { 74465, true },
+  { 74481, true },
+  { 74497, true },
+  { 74522, true },
+  { 74537, true },
+  { 74547, true },
+  { 74562, true },
+  { 74576, true },
+  { 74588, true },
+  { 74611, true },
+  { 74622, true },
+  { 74638, true },
+  { 74650, false },
+  { 74658, true },
+  { 74670, true },
+  { 74691, true },
+  { 74701, true },
+  { 74709, true },
+  { 74720, true },
+  { 74728, true },
+  { 74739, true },
+  { 74748, true },
+  { 74756, true },
+  { 74764, true },
+  { 74779, true },
+  { 74793, true },
+  { 74807, false },
+  { 74827, true },
+  { 74835, true },
+  { 74843, true },
+  { 74860, true },
+  { 74874, true },
+  { 74894, true },
+  { 74906, true },
+  { 74920, true },
+  { 74929, false },
+  { 74949, true },
+  { 74963, true },
+  { 74981, true },
+  { 75001, true },
+  { 75009, true },
+  { 75036, true },
+  { 75049, true },
+  { 75067, true },
+  { 75086, true },
+  { 75102, true },
+  { 75115, true },
+  { 75136, true },
+  { 75154, true },
+  { 75171, true },
+  { 75183, true },
+  { 75194, false },
+  { 75212, true },
+  { 75230, true },
+  { 75250, true },
+  { 75262, true },
+  { 75283, true },
+  { 75295, true },
+  { 75307, true },
+  { 75323, true },
+  { 75337, true },
+  { 75353, true },
+  { 75372, true },
+  { 75385, true },
+  { 75404, true },
+  { 75419, false },
+  { 75432, true },
+  { 75446, true },
+  { 75465, true },
+  { 75481, true },
+  { 75501, false },
+  { 75515, true },
+  { 75531, true },
+  { 75548, true },
+  { 75566, true },
+  { 75585, true },
+  { 75597, true },
+  { 75615, true },
+  { 75636, true },
+  { 75646, true },
+  { 75659, true },
+  { 75669, true },
+  { 75688, true },
+  { 75705, true },
+  { 75718, true },
+  { 75732, true },
+  { 75745, true },
+  { 75758, true },
+  { 75774, true },
+  { 75789, true },
+  { 75814, true },
+  { 75835, true },
+  { 75847, true },
+  { 75861, true },
+  { 75880, true },
+  { 75890, true },
+  { 75907, true },
+  { 75916, true },
+  { 75935, true },
+  { 75952, true },
+  { 75967, true },
+  { 75987, true },
+  { 76015, true },
+  { 76033, true },
+  { 76047, true },
+  { 76067, true },
+  { 76085, true },
+  { 76101, true },
+  { 76121, true },
+  { 76156, true },
+  { 76170, true },
+  { 76187, true },
+  { 76205, true },
+  { 76215, true },
+  { 76245, true },
+  { 76260, true },
+  { 76273, true },
+  { 76284, true },
+  { 76296, true },
+  { 76310, true },
+  { 76326, true },
+  { 76341, true },
+  { 76359, true },
+  { 76375, true },
+  { 76404, true },
+  { 76412, true },
+  { 76423, true },
+  { 76437, true },
+  { 76453, true },
+  { 76470, true },
+  { 76485, true },
+  { 76502, true },
+  { 76517, true },
+  { 76537, true },
+  { 76557, true },
+  { 76583, true },
+  { 76598, true },
+  { 76610, true },
+  { 76624, false },
+  { 76634, true },
+  { 76648, true },
+  { 76665, true },
+  { 76690, true },
+  { 76707, true },
+  { 76724, true },
+  { 76742, true },
+  { 76761, true },
+  { 76770, true },
+  { 76779, true },
+  { 76798, true },
+  { 76809, true },
+  { 76825, true },
+  { 76840, true },
+  { 76857, true },
+  { 76871, true },
+  { 76884, true },
+  { 76894, true },
+  { 76906, false },
+  { 76917, true },
+  { 76928, true },
+  { 76936, true },
+  { 76944, true },
+  { 76955, true },
+  { 76969, true },
+  { 76979, true },
+  { 77002, true },
+  { 77017, true },
+  { 77038, true },
+  { 77059, true },
+  { 77083, true },
+  { 77105, true },
+  { 77126, true },
+  { 77147, true },
+  { 77168, true },
+  { 77189, true },
+  { 77210, true },
+  { 77231, false },
+  { 77247, true },
+  { 77260, true },
+  { 77279, true },
+  { 77295, true },
+  { 77310, true },
+  { 77331, true },
+  { 77344, false },
+  { 77365, true },
+  { 77379, true },
+  { 77398, true },
+  { 77424, true },
+  { 77444, true },
+  { 77466, true },
+  { 77480, true },
+  { 77492, true },
+  { 77510, true },
+  { 77528, true },
+  { 77551, true },
+  { 77564, true },
+  { 77584, true },
+  { 77613, true },
+  { 77639, true },
+  { 77670, true },
+  { 77692, true },
+  { 77715, true },
+  { 77731, true },
+  { 77745, true },
+  { 77763, true },
+  { 77776, true },
+  { 77788, true },
+  { 77804, true },
+  { 77827, true },
+  { 77857, true },
+  { 77868, true },
+  { 77893, true },
+  { 77911, true },
+  { 77922, true },
+  { 77939, true },
+  { 77950, true },
+  { 77963, true },
+  { 77977, true },
+  { 77990, true },
+  { 78007, true },
+  { 78024, true },
+  { 78052, true },
+  { 78067, true },
+  { 78086, true },
+  { 78114, true },
+  { 78128, true },
+  { 78145, true },
+  { 78157, true },
+  { 78169, true },
+  { 78193, true },
+  { 78203, true },
+  { 78214, true },
+  { 78229, true },
+  { 78242, true },
+  { 78251, false },
+  { 78273, true },
+  { 78284, true },
+  { 78292, false },
+  { 78308, true },
+  { 78323, true },
+  { 78339, true },
+  { 78356, true },
+  { 78370, true },
+  { 78387, true },
+  { 78402, true },
+  { 78419, true },
+  { 78437, true },
+  { 78449, true },
+  { 78469, true },
+  { 78494, true },
+  { 78505, true },
+  { 78529, true },
+  { 78553, true },
+  { 78577, true },
+  { 78615, true },
+  { 78639, true },
+  { 78669, true },
+  { 78685, true },
+  { 78700, true },
+  { 78710, true },
+  { 78719, true },
+  { 78735, true },
+  { 78750, true },
+  { 78763, true },
+  { 78782, true },
+  { 78803, true },
+  { 78828, true },
+  { 78843, true },
+  { 78852, true },
+  { 78863, true },
+  { 78876, false },
+  { 78886, true },
+  { 78905, true },
+  { 78919, true },
+  { 78938, true },
+  { 78966, true },
+  { 78993, true },
+  { 79008, true },
+  { 79023, true },
+  { 79032, true },
+  { 79054, false },
+  { 79076, true },
+  { 79088, true },
+  { 79107, true },
+  { 79123, true },
+  { 79143, true },
+  { 79158, true },
+  { 79169, true },
+  { 79185, true },
+  { 79203, true },
+  { 79221, false },
+  { 79237, true },
+  { 79256, true },
+  { 79281, true },
+  { 79305, true },
+  { 79328, false },
+  { 79342, true },
+  { 79355, true },
+  { 79367, true },
+  { 79375, true },
+  { 79393, true },
+  { 79412, true },
+  { 79420, true },
+  { 79432, true },
+  { 79441, true },
+  { 79456, true },
+  { 79474, true },
+  { 79489, true },
+  { 79502, true },
+  { 79514, true },
+  { 79526, true },
+  { 79547, true },
+  { 79565, true },
+  { 79585, true },
+  { 79607, true },
+  { 79618, true },
+  { 79636, true },
+  { 79646, true },
+  { 79657, true },
+  { 79674, true },
+  { 79689, true },
+  { 79707, true },
+  { 79724, true },
+  { 79739, true },
+  { 79756, true },
+  { 79770, true },
+  { 79784, true },
+  { 79800, true },
+  { 79819, true },
+  { 79836, true },
+  { 79853, true },
+  { 79870, true },
+  { 79887, false },
+  { 79902, true },
+  { 79929, true },
+  { 79949, true },
+  { 79981, true },
+  { 80001, true },
+  { 80023, true },
+  { 80043, true },
+  { 80062, true },
+  { 80083, false },
+  { 80102, true },
+  { 80121, true },
+  { 80138, true },
+  { 80158, true },
+  { 80179, true },
+  { 80205, true },
+  { 80225, true },
+  { 80243, true },
+  { 80261, true },
+  { 80284, true },
+  { 80303, true },
+  { 80322, true },
+  { 80344, true },
+  { 80361, true },
+  { 80386, true },
+  { 80409, true },
+  { 80432, true },
+  { 80454, true },
+  { 80475, true },
+  { 80495, true },
+  { 80512, true },
+  { 80539, true },
+  { 80562, true },
+  { 80585, true },
+  { 80603, true },
+  { 80619, true },
+  { 80636, true },
+  { 80652, true },
+  { 80666, true },
+  { 80679, true },
+  { 80716, false },
+  { 80727, true },
+  { 80745, true },
+  { 80765, true },
+  { 80788, true },
+  { 80813, false },
+  { 80844, true },
+  { 80859, true },
+  { 80882, true },
+  { 80896, true },
+  { 80910, true },
+  { 80928, true },
+  { 80942, true },
+  { 80953, true },
+  { 80963, true },
+  { 80972, true },
+  { 80983, true },
+  { 80995, true },
+  { 81011, true },
+  { 81021, true },
+  { 81030, true },
+  { 81042, true },
+  { 81056, true },
+  { 81075, true },
+  { 81093, true },
+  { 81110, true },
+  { 81129, true },
+  { 81150, true },
+  { 81160, true },
+  { 81174, true },
+  { 81184, true },
+  { 81191, true },
+  { 81204, true },
+  { 81221, true },
+  { 81239, true },
+  { 81250, false },
+  { 81258, true },
+  { 81279, true },
+  { 81290, true },
+  { 81304, true },
+  { 81330, true },
+  { 81343, true },
+  { 81354, true },
+  { 81373, true },
+  { 81385, true },
+  { 81402, false },
+  { 81420, true },
+  { 81433, true },
+  { 81445, true },
+  { 81458, true },
+  { 81469, true },
+  { 81482, true },
+  { 81496, true },
+  { 81504, true },
+  { 81517, true },
+  { 81533, false },
+  { 81544, true },
+  { 81558, true },
+  { 81576, true },
+  { 81585, true },
+  { 81601, true },
+  { 81614, true },
+  { 81632, true },
+  { 81649, true },
+  { 81667, true },
+  { 81679, true },
+  { 81690, true },
+  { 81699, true },
+  { 81707, true },
+  { 81721, true },
+  { 81728, true },
+  { 81746, true },
+  { 81759, true },
+  { 81773, true },
+  { 81785, true },
+  { 81802, true },
+  { 81814, true },
+  { 81824, true },
+  { 81831, true },
+  { 81842, true },
+  { 81854, true },
+  { 81870, true },
+  { 81879, true },
+  { 81889, true },
+  { 81901, true },
+  { 81912, true },
+  { 81926, true },
+  { 81937, true },
+  { 81962, true },
+  { 81979, true },
+  { 82004, true },
+  { 82027, true },
+  { 82041, true },
+  { 82053, true },
+  { 82062, true },
+  { 82070, true },
+  { 82088, true },
+  { 82099, true },
+  { 82114, true },
+  { 82133, true },
+  { 82152, true },
+  { 82171, true },
+  { 82187, true },
+  { 82200, true },
+  { 82214, true },
+  { 82226, false },
+  { 82242, true },
+  { 82256, true },
+  { 82266, true },
+  { 82285, true },
+  { 82299, true },
+  { 82313, true },
+  { 82330, true },
+  { 82350, true },
+  { 82367, true },
+  { 82387, true },
+  { 82400, true },
+  { 82415, true },
+  { 82429, true },
+  { 82442, true },
+  { 82456, true },
+  { 82474, true },
+  { 82489, true },
+  { 82509, true },
+  { 82532, true },
+  { 82545, true },
+  { 82553, true },
+  { 82559, true },
+  { 82573, true },
+  { 82587, true },
+  { 82600, true },
+  { 82609, true },
+  { 82623, true },
+  { 82637, true },
+  { 82650, true },
+  { 82663, false },
+  { 82683, true },
+  { 82700, true },
+  { 82716, true },
+  { 82730, true },
+  { 82745, true },
+  { 82760, true },
+  { 82781, true },
+  { 82804, true },
+  { 82820, true },
+  { 82833, true },
+  { 82846, true },
+  { 82866, true },
+  { 82885, true },
+  { 82901, true },
+  { 82928, true },
+  { 82948, true },
+  { 82969, true },
+  { 82982, true },
+  { 82996, true },
+  { 83016, true },
+  { 83028, true },
+  { 83042, true },
+  { 83063, true },
+  { 83074, true },
+  { 83091, true },
+  { 83104, true },
+  { 83121, true },
+  { 83130, true },
+  { 83156, true },
+  { 83174, true },
+  { 83196, true },
+  { 83206, true },
+  { 83231, true },
+  { 83249, true },
+  { 83264, true },
+  { 83278, true },
+  { 83287, true },
+  { 83306, true },
+  { 83325, true },
+  { 83337, true },
+  { 83353, true },
+  { 83375, true },
+  { 83393, true },
+  { 83412, true },
+  { 83425, true },
+  { 83433, true },
+  { 83451, true },
+  { 83467, true },
+  { 83488, true },
+  { 83508, true },
+  { 83521, true },
+  { 83535, true },
+  { 83550, true },
+  { 83569, true },
+  { 83594, true },
+  { 83609, true },
+  { 83623, true },
+  { 83642, true },
+  { 83661, true },
+  { 83678, true },
+  { 83693, true },
+  { 83706, true },
+  { 83730, true },
+  { 83743, true },
+  { 83758, true },
+  { 83774, true },
+  { 83786, true },
+  { 83803, true },
+  { 83818, true },
+  { 83841, true },
+  { 83857, true },
+  { 83879, true },
+  { 83892, true },
+  { 83902, true },
+  { 83917, true },
+  { 83940, true },
+  { 83959, true },
+  { 83971, true },
+  { 83989, true },
+  { 84008, true },
+  { 84034, false },
+  { 84042, true },
+  { 84055, true },
+  { 84064, true },
+  { 84077, true },
+  { 84087, true },
+  { 84099, true },
+  { 84115, true },
+  { 84132, true },
+  { 84153, true },
+  { 84170, true },
+  { 84195, true },
+  { 84221, true },
+  { 84232, false },
+  { 84242, true },
+  { 84253, false },
+  { 84265, true },
+  { 84289, true },
+  { 84311, true },
+  { 84327, true },
+  { 84346, true },
+  { 84358, true },
+  { 84375, true },
+  { 84389, true },
+  { 84400, true },
+  { 84417, true },
+  { 84427, false },
+  { 84439, true },
+  { 84466, true },
+  { 84484, true },
+  { 84500, true },
+  { 84520, true },
+  { 84534, true },
+  { 84550, true },
+  { 84567, true },
+  { 84589, true },
+  { 84604, true },
+  { 84626, true },
+  { 84638, true },
+  { 84651, true },
+  { 84664, true },
+  { 84679, true },
+  { 84700, true },
+  { 84713, true },
+  { 84735, true },
+  { 84752, true },
+  { 84774, true },
+  { 84790, true },
+  { 84804, true },
+  { 84819, true },
+  { 84845, true },
+  { 84861, true },
+  { 84876, true },
+  { 84901, true },
+  { 84917, true },
+  { 84932, true },
+  { 84945, true },
+  { 84960, true },
+  { 84974, true },
+  { 84986, true },
+  { 85001, true },
+  { 85010, true },
+  { 85022, true },
+  { 85039, true },
+  { 85049, true },
+  { 85058, true },
+  { 85071, true },
+  { 85085, true },
+  { 85096, true },
+  { 85107, true },
+  { 85122, true },
+  { 85133, true },
+  { 85153, true },
+  { 85173, true },
+  { 85189, true },
+  { 85204, true },
+  { 85218, true },
+  { 85233, true },
+  { 85245, true },
+  { 85258, true },
+  { 85273, true },
+  { 85284, true },
+  { 85298, true },
+  { 85312, true },
+  { 85326, true },
+  { 85342, true },
+  { 85361, true },
+  { 85376, true },
+  { 85392, true },
+  { 85402, true },
+  { 85415, true },
+  { 85424, true },
+  { 85436, true },
+  { 85448, true },
+  { 85460, true },
+  { 85478, true },
+  { 85489, true },
+  { 85505, true },
+  { 85516, true },
+  { 85528, true },
+  { 85542, true },
+  { 85557, true },
+  { 85570, true },
+  { 85584, true },
+  { 85601, true },
+  { 85609, true },
+  { 85629, true },
+  { 85647, true },
+  { 85659, true },
+  { 85671, true },
+  { 85684, true },
+  { 85695, false },
+  { 85715, true },
+  { 85727, true },
+  { 85736, true },
+  { 85744, true },
+  { 85760, true },
+  { 85776, true },
+  { 85790, true },
+  { 85801, true },
+  { 85811, true },
+  { 85826, true },
+  { 85834, true },
+  { 85847, false },
+  { 85867, true },
+  { 85876, true },
+  { 85890, true },
+  { 85910, true },
+  { 85934, true },
+  { 85958, true },
+  { 85979, true },
+  { 85987, true },
+  { 86004, true },
+  { 86025, true },
+  { 86035, true },
+  { 86048, true },
+  { 86067, true },
+  { 86089, true },
+  { 86103, true },
+  { 86114, true },
+  { 86137, true },
+  { 86159, true },
+  { 86181, true },
+  { 86194, true },
+  { 86202, false },
+  { 86212, true },
+  { 86242, true },
+  { 86269, true },
+  { 86282, true },
+  { 86295, false },
+  { 86309, true },
+  { 86325, true },
+  { 86338, true },
+  { 86355, true },
+  { 86374, true },
+  { 86394, true },
+  { 86403, true },
+  { 86414, true },
+  { 86425, true },
+  { 86438, true },
+  { 86455, true },
+  { 86469, false },
+  { 86487, true },
+  { 86495, true },
+  { 86511, true },
+  { 86521, true },
+  { 86532, false },
+  { 86547, true },
+  { 86560, true },
+  { 86576, true },
+  { 86589, true },
+  { 86603, true },
+  { 86618, false },
+  { 86633, true },
+  { 86647, true },
+  { 86659, true },
+  { 86669, true },
+  { 86681, true },
+  { 86694, true },
+  { 86709, true },
+  { 86722, true },
+  { 86735, true },
+  { 86748, true },
+  { 86760, false },
+  { 86783, false },
+  { 86807, true },
+  { 86824, true },
+  { 86836, true },
+  { 86850, true },
+  { 86863, true },
+  { 86877, true },
+  { 86893, true },
+  { 86908, true },
+  { 86925, true },
+  { 86936, true },
+  { 86948, true },
+  { 86959, true },
+  { 86974, true },
+  { 86992, true },
+  { 87004, true },
+  { 87018, true },
+  { 87029, true },
+  { 87039, true },
+  { 87050, true },
+  { 87069, true },
+  { 87088, true },
+  { 87105, true },
+  { 87115, true },
+  { 87137, true },
+  { 87151, true },
+  { 87170, true },
+  { 87185, true },
+  { 87201, true },
+  { 87211, true },
+  { 87221, true },
+  { 87233, true },
+  { 87247, true },
+  { 87280, true },
+  { 87295, true },
+  { 87320, true },
+  { 87339, true },
+  { 87353, true },
+  { 87367, true },
+  { 87380, true },
+  { 87395, true },
+  { 87412, true },
+  { 87428, true },
+  { 87442, true },
+  { 87459, true },
+  { 87472, true },
+  { 87485, true },
+  { 87498, true },
+  { 87518, false },
+  { 87530, true },
+  { 87542, true },
+  { 87559, true },
+  { 87570, true },
+  { 87588, true },
+  { 87607, true },
+  { 87615, true },
+  { 87622, true },
+  { 87638, true },
+  { 87651, true },
+  { 87664, true },
+  { 87676, false },
+  { 87688, true },
+  { 87699, true },
+  { 87721, true },
+  { 87741, true },
+  { 87753, true },
+  { 87765, true },
+  { 87778, true },
+  { 87795, true },
+  { 87813, true },
+  { 87827, false },
+  { 87842, true },
+  { 87857, true },
+  { 87878, true },
+  { 87891, true },
+  { 87907, true },
+  { 87923, true },
+  { 87937, true },
+  { 87950, true },
+  { 87966, true },
+  { 87983, true },
+  { 87996, true },
+  { 88020, true },
+  { 88042, true },
+  { 88062, true },
+  { 88081, true },
+  { 88095, true },
+  { 88107, true },
+  { 88118, true },
+  { 88134, true },
+  { 88150, true },
+  { 88171, true },
+  { 88193, true },
+  { 88214, true },
+  { 88234, true },
+  { 88261, true },
+  { 88280, true },
+  { 88294, true },
+  { 88311, true },
+  { 88323, true },
+  { 88343, true },
+  { 88356, true },
+  { 88382, true },
+  { 88396, true },
+  { 88420, true },
+  { 88441, true },
+  { 88467, true },
+  { 88488, true },
+  { 88505, true },
+  { 88526, true },
+  { 88544, true },
+  { 88566, true },
+  { 88589, true },
+  { 88609, true },
+  { 88627, true },
+  { 88644, true },
+  { 88654, true },
+  { 88661, true },
+  { 88683, true },
+  { 88694, true },
+  { 88710, true },
+  { 88720, true },
+  { 88735, true },
+  { 88748, true },
+  { 88769, true },
+  { 88789, true },
+  { 88803, true },
+  { 88819, true },
+  { 88831, true },
+  { 88846, true },
+  { 88866, true },
+  { 88876, true },
+  { 88892, true },
+  { 88909, true },
+  { 88921, true },
+  { 88933, true },
+  { 88949, true },
+  { 88966, true },
+  { 88979, true },
+  { 88988, true },
+  { 89010, true },
+  { 89018, true },
+  { 89033, true },
+  { 89050, true },
+  { 89071, true },
+  { 89093, true },
+  { 89103, true },
+  { 89121, true },
+  { 89135, true },
+  { 89155, true },
+  { 89178, true },
+  { 89210, true },
+  { 89237, true },
+  { 89256, true },
+  { 89270, true },
+  { 89304, true },
+  { 89314, true },
+  { 89338, true },
+  { 89351, true },
+  { 89383, true },
+  { 89409, true },
+  { 89445, true },
+  { 89474, true },
+  { 89489, true },
+  { 89508, true },
+  { 89528, true },
+  { 89547, false },
+  { 89569, true },
+  { 89593, true },
+  { 89609, true },
+  { 89633, true },
+  { 89649, true },
+  { 89673, true },
+  { 89690, true },
+  { 89702, true },
+  { 89714, true },
+  { 89729, true },
+  { 89756, true },
+  { 89784, true },
+  { 89810, true },
+  { 89827, true },
+  { 89852, true },
+  { 89866, true },
+  { 89886, true },
+  { 89911, true },
+  { 89933, true },
+  { 89958, true },
+  { 89987, true },
+  { 90009, false },
+  { 90024, true },
+  { 90047, true },
+  { 90070, true },
+  { 90094, true },
+  { 90109, true },
+  { 90125, true },
+  { 90140, true },
+  { 90154, true },
+  { 90172, true },
+  { 90194, true },
+  { 90216, true },
+  { 90241, true },
+  { 90257, false },
+  { 90282, true },
+  { 90306, true },
+  { 90333, true },
+  { 90357, false },
+  { 90378, true },
+  { 90392, true },
+  { 90415, true },
+  { 90423, true },
+  { 90437, false },
+  { 90451, true },
+  { 90466, true },
+  { 90484, true },
+  { 90502, true },
+  { 90521, true },
+  { 90541, true },
+  { 90557, true },
+  { 90576, true },
+  { 90599, true },
+  { 90616, true },
+  { 90640, true },
+  { 90656, false },
+  { 90673, true },
+  { 90696, true },
+  { 90714, true },
+  { 90732, true },
+  { 90750, true },
+  { 90777, true },
+  { 90801, true },
+  { 90822, false },
+  { 90844, true },
+  { 90857, true },
+  { 90874, true },
+  { 90888, true },
+  { 90910, true },
+  { 90920, true },
+  { 90934, true },
+  { 90953, true },
+  { 90964, true },
+  { 90978, true },
+  { 90989, true },
+  { 91000, true },
+  { 91011, true },
+  { 91024, true },
+  { 91039, true },
+  { 91058, true },
+  { 91073, true },
+  { 91088, true },
+  { 91109, true },
+  { 91126, true },
+  { 91142, true },
+  { 91156, true },
+  { 91169, true },
+  { 91180, true },
+  { 91195, true },
+  { 91208, true },
+  { 91219, true },
+  { 91238, true },
+  { 91256, true },
+  { 91274, true },
+  { 91294, true },
+  { 91318, true },
+  { 91337, true },
+  { 91366, true },
+  { 91386, true },
+  { 91405, true },
+  { 91423, true },
+  { 91435, true },
+  { 91449, true },
+  { 91462, true },
+  { 91485, true },
+  { 91498, true },
+  { 91515, true },
+  { 91533, true },
+  { 91554, true },
+  { 91571, true },
+  { 91581, true },
+  { 91597, true },
+  { 91615, true },
+  { 91628, true },
+  { 91655, true },
+  { 91673, true },
+  { 91694, true },
+  { 91709, true },
+  { 91724, false },
+  { 91758, true },
+  { 91776, true },
+  { 91792, true },
+  { 91817, true },
+  { 91837, true },
+  { 91853, true },
+  { 91868, true },
+  { 91891, true },
+  { 91908, true },
+  { 91929, false },
+  { 91952, true },
+  { 91976, true },
+  { 91998, true },
+  { 92015, true },
+  { 92028, true },
+  { 92050, true },
+  { 92068, true },
+  { 92081, true },
+  { 92102, true },
+  { 92117, true },
+  { 92132, true },
+  { 92149, true },
+  { 92160, true },
+  { 92173, true },
+  { 92187, false },
+  { 92226, true },
+  { 92236, true },
+  { 92256, true },
+  { 92269, true },
+  { 92281, true },
+  { 92299, true },
+  { 92315, true },
+  { 92329, true },
+  { 92346, true },
+  { 92364, true },
+  { 92383, false },
+  { 92398, true },
+  { 92418, false },
+  { 92434, true },
+  { 92443, true },
+  { 92462, true },
+  { 92481, true },
+  { 92492, true },
+  { 92504, true },
+  { 92526, true },
+  { 92538, true },
+  { 92552, true },
+  { 92568, true },
+  { 92580, true },
+  { 92608, true },
+  { 92631, true },
+  { 92645, true },
+  { 92657, true },
+  { 92666, true },
+  { 92683, true },
+  { 92697, true },
+  { 92714, true },
+  { 92735, true },
+  { 92745, true },
+  { 92761, true },
+  { 92776, true },
+  { 92796, true },
+  { 92810, true },
+  { 92826, true },
+  { 92842, true },
+  { 92852, true },
+  { 92868, true },
+  { 92885, true },
+  { 92902, false },
+  { 92914, true },
+  { 92926, true },
+  { 92938, true },
+  { 92952, true },
+  { 92964, true },
+  { 92987, true },
+  { 93012, true },
+  { 93032, true },
+  { 93049, true },
+  { 93061, true },
+  { 93071, true },
+  { 93088, true },
+  { 93100, true },
+  { 93111, true },
+  { 93121, true },
+  { 93141, true },
+  { 93153, true },
+  { 93165, true },
+  { 93181, true },
+  { 93200, true },
+  { 93213, true },
+  { 93227, true },
+  { 93239, true },
+  { 93258, true },
+  { 93270, true },
+  { 93280, true },
+  { 93294, true },
+  { 93326, true },
+  { 93351, true },
+  { 93368, true },
+  { 93388, true },
+  { 93405, true },
+  { 93425, true },
+  { 93446, true },
+  { 93459, true },
+  { 93470, true },
+  { 93494, true },
+  { 93515, true },
+  { 93538, true },
+  { 93552, true },
+  { 93565, true },
+  { 93582, true },
+  { 93594, true },
+  { 93606, true },
+  { 93620, true },
+  { 93642, true },
+  { 93662, true },
+  { 93687, true },
+  { 93708, true },
+  { 93722, true },
+  { 93744, true },
+  { 93760, true },
+  { 93784, true },
+  { 93796, true },
+  { 93805, true },
+  { 93815, true },
+  { 93836, true },
+  { 93857, true },
+  { 93880, true },
+  { 93896, false },
+  { 93915, true },
+  { 93935, true },
+  { 93948, true },
+  { 93959, true },
+  { 93973, true },
+  { 93982, true },
+  { 93994, true },
+  { 94008, true },
+  { 94028, true },
+  { 94044, true },
+  { 94060, true },
+  { 94078, true },
+  { 94094, true },
+  { 94109, true },
+  { 94127, true },
+  { 94148, true },
+  { 94171, true },
+  { 94189, true },
+  { 94207, true },
+  { 94234, true },
+  { 94251, true },
+  { 94269, true },
+  { 94287, true },
+  { 94298, true },
+  { 94315, true },
+  { 94344, true },
+  { 94357, true },
+  { 94370, true },
+  { 94381, true },
+  { 94401, true },
+  { 94419, true },
+  { 94437, true },
+  { 94453, true },
+  { 94461, true },
+  { 94484, true },
+  { 94503, true },
+  { 94520, true },
+  { 94530, false },
+  { 94545, true },
+  { 94555, true },
+  { 94567, true },
+  { 94579, true },
+  { 94592, true },
+  { 94601, true },
+  { 94624, true },
+  { 94639, true },
+  { 94647, true },
+  { 94660, true },
+  { 94679, true },
+  { 94690, true },
+  { 94715, true },
+  { 94727, true },
+  { 94738, true },
+  { 94751, true },
+  { 94761, true },
+  { 94776, true },
+  { 94790, true },
+  { 94804, true },
+  { 94815, true },
+  { 94827, true },
+  { 94834, true },
+  { 94846, true },
+  { 94853, false },
+  { 94873, true },
+  { 94885, true },
+  { 94899, true },
+  { 94910, true },
+  { 94926, true },
+  { 94943, true },
+  { 94962, true },
+  { 94979, false },
+  { 94992, true },
+  { 95010, true },
+  { 95027, true },
+  { 95053, true },
+  { 95066, true },
+  { 95080, true },
+  { 95094, true },
+  { 95112, true },
+  { 95124, true },
+  { 95141, true },
+  { 95160, true },
+  { 95175, true },
+  { 95189, true },
+  { 95200, true },
+  { 95212, true },
+  { 95226, true },
+  { 95245, true },
+  { 95258, true },
+  { 95271, true },
+  { 95283, true },
+  { 95305, true },
+  { 95318, true },
+  { 95345, true },
+  { 95361, true },
+  { 95377, true },
+  { 95396, true },
+  { 95415, true },
+  { 95435, true },
+  { 95451, true },
+  { 95467, true },
+  { 95481, true },
+  { 95491, true },
+  { 95506, true },
+  { 95519, true },
+  { 95533, true },
+  { 95541, true },
+  { 95549, true },
+  { 95564, true },
+  { 95583, true },
+  { 95596, true },
+  { 95615, true },
+  { 95636, true },
+  { 95663, true },
+  { 95683, false },
+  { 95701, true },
+  { 95718, true },
+  { 95736, true },
+  { 95755, true },
+  { 95774, true },
+  { 95794, true },
+  { 95816, true },
+  { 95835, true },
+  { 95850, true },
+  { 95868, true },
+  { 95883, true },
+  { 95902, true },
+  { 95921, true },
+  { 95940, true },
+  { 95956, true },
+  { 95973, true },
+  { 95989, true },
+  { 96009, true },
+  { 96021, true },
+  { 96037, true },
+  { 96051, true },
+  { 96061, true },
+  { 96073, true },
+  { 96089, true },
+  { 96110, false },
+  { 96129, true },
+  { 96150, true },
+  { 96159, true },
+  { 96174, true },
+  { 96191, true },
+  { 96208, true },
+  { 96227, true },
+  { 96241, true },
+  { 96249, true },
+  { 96258, true },
+  { 96267, true },
+  { 96282, true },
+  { 96297, true },
+  { 96314, true },
+  { 96328, true },
+  { 96340, true },
+  { 96355, true },
+  { 96363, true },
+  { 96372, true },
+  { 96392, true },
+  { 96403, true },
+  { 96414, true },
+  { 96435, true },
+  { 96456, true },
+  { 96467, true },
+  { 96479, true },
+  { 96496, true },
+  { 96507, true },
+  { 96516, true },
+  { 96530, true },
+  { 96542, true },
+  { 96555, false },
+  { 96570, true },
+  { 96592, true },
+  { 96602, true },
+  { 96616, false },
+  { 96630, true },
+  { 96655, true },
+  { 96665, true },
+  { 96680, true },
+  { 96695, true },
+  { 96709, true },
+  { 96721, true },
+  { 96740, true },
+  { 96754, true },
+  { 96769, true },
+  { 96781, true },
+  { 96804, true },
+  { 96816, true },
+  { 96839, true },
+  { 96859, true },
+  { 96872, true },
+  { 96889, true },
+  { 96908, true },
+  { 96916, true },
+  { 96929, true },
+  { 96946, true },
+  { 96962, true },
+  { 96990, true },
+  { 97009, true },
+  { 97032, true },
+  { 97057, true },
+  { 97084, true },
+  { 97094, true },
+  { 97104, true },
+  { 97111, true },
+  { 97134, true },
+  { 97151, true },
+  { 97165, true },
+  { 97179, true },
+  { 97200, true },
+  { 97209, true },
+  { 97227, true },
+  { 97235, false },
+  { 97242, true },
+  { 97253, true },
+  { 97270, true },
+  { 97278, true },
+  { 97292, true },
+  { 97307, true },
+  { 97321, true },
+  { 97334, true },
+  { 97352, false },
+  { 97363, true },
+  { 97379, false },
+  { 97389, false },
+  { 97405, true },
+  { 97418, true },
+  { 97432, true },
+  { 97446, true },
+  { 97462, true },
+  { 97478, true },
+  { 97500, true },
+  { 97518, true },
+  { 97532, true },
+  { 97549, true },
+  { 97567, true },
+  { 97581, true },
+  { 97595, true },
+  { 97610, true },
+  { 97625, true },
+  { 97645, false },
+  { 97661, true },
+  { 97677, true },
+  { 97690, true },
+  { 97704, true },
+  { 97717, true },
+  { 97747, true },
+  { 97759, true },
+  { 97788, true },
+  { 97798, true },
+  { 97808, true },
+  { 97824, true },
+  { 97832, true },
+  { 97842, true },
+  { 97853, true },
+  { 97861, true },
+  { 97876, true },
+  { 97885, true },
+  { 97895, true },
+  { 97903, false },
+  { 97918, true },
+  { 97935, true },
+  { 97951, true },
+  { 97966, true },
+  { 97979, true },
+  { 97990, true },
+  { 98011, true },
+  { 98034, true },
+  { 98050, true },
+  { 98063, true },
+  { 98070, true },
+  { 98087, true },
+  { 98096, true },
+  { 98104, true },
+  { 98113, true },
+  { 98127, true },
+  { 98135, true },
+  { 98154, false },
+  { 98174, true },
+  { 98187, true },
+  { 98197, true },
+  { 98209, true },
+  { 98222, true },
+  { 98230, true },
+  { 98248, true },
+  { 98257, true },
+  { 98266, true },
+  { 98275, true },
+  { 98283, true },
+  { 98309, true },
+  { 98324, true },
+  { 98332, true },
+  { 98346, true },
+  { 98365, true },
+  { 98384, true },
+  { 98398, true },
+  { 98410, true },
+  { 98419, true },
+  { 98430, true },
+  { 98441, true },
+  { 98452, true },
+  { 98464, false },
+  { 98473, false },
+  { 98493, false },
+  { 98516, true },
+  { 98526, true },
+  { 98542, true },
+  { 98560, true },
+  { 98577, true },
+  { 98597, true },
+  { 98621, true },
+  { 98634, true },
+  { 98648, true },
+  { 98664, true },
+  { 98674, true },
+  { 98686, true },
+  { 98700, true },
+  { 98718, true },
+  { 98737, true },
+  { 98754, true },
+  { 98770, true },
+  { 98784, true },
+  { 98803, true },
+  { 98816, true },
+  { 98828, true },
+  { 98843, true },
+  { 98850, true },
+  { 98861, true },
+  { 98872, true },
+  { 98880, true },
+  { 98890, true },
+  { 98904, true },
+  { 98922, true },
+  { 98937, true },
+  { 98953, true },
+  { 98969, true },
+  { 98990, true },
+  { 99004, true },
+  { 99023, true },
+  { 99045, true },
+  { 99057, true },
+  { 99080, true },
+  { 99103, true },
+  { 99114, true },
+  { 99136, false },
+  { 99158, true },
+  { 99177, true },
+  { 99193, true },
+  { 99211, true },
+  { 99226, true },
+  { 99243, true },
+  { 99259, true },
+  { 99276, true },
+  { 99293, true },
+  { 99312, true },
+  { 99327, true },
+  { 99346, true },
+  { 99358, true },
+  { 99373, true },
+  { 99396, true },
+  { 99414, true },
+  { 99438, true },
+  { 99460, true },
+  { 99478, true },
+  { 99495, true },
+  { 99514, true },
+  { 99539, true },
+  { 99568, true },
+  { 99581, true },
+  { 99593, true },
+  { 99603, true },
+  { 99612, true },
+  { 99624, true },
+  { 99634, true },
+  { 99643, true },
+  { 99652, true },
+  { 99661, true },
+  { 99670, true },
+  { 99680, true },
+  { 99690, true },
+  { 99699, true },
+  { 99708, true },
+  { 99721, true },
+  { 99741, true },
+  { 99750, true },
+  { 99760, true },
+  { 99768, true },
+  { 99775, true },
+  { 99791, true },
+  { 99799, true },
+  { 99810, true },
+  { 99817, true },
+  { 99830, true },
+  { 99844, true },
+  { 99851, true },
+  { 99861, true },
+  { 99872, true },
+  { 99882, false },
+  { 99897, true },
+  { 99911, true },
+  { 99925, true },
+  { 99937, true },
+  { 99954, true },
+  { 99972, true },
+  { 99983, true },
+  { 99997, true },
+  { 100009, true },
+  { 100022, true },
+  { 100035, true },
+  { 100055, true },
+  { 100074, true },
+  { 100092, true },
+  { 100105, true },
+  { 100123, true },
+  { 100137, true },
+  { 100152, true },
+  { 100166, true },
+  { 100183, true },
+  { 100209, true },
+  { 100223, true },
+  { 100245, true },
+  { 100266, true },
+  { 100283, true },
+  { 100298, true },
+  { 100312, true },
+  { 100327, true },
+  { 100338, true },
+  { 100351, true },
+  { 100364, true },
+  { 100378, true },
+  { 100388, true },
+  { 100399, true },
+  { 100418, true },
+  { 100433, true },
+  { 100448, true },
+  { 100475, true },
+  { 100496, true },
+  { 100516, true },
+  { 100528, true },
+  { 100538, true },
+  { 100551, true },
+  { 100563, true },
+  { 100574, true },
+  { 100591, true },
+  { 100599, true },
+  { 100613, true },
+  { 100624, true },
+  { 100633, true },
+  { 100649, true },
+  { 100657, true },
+  { 100665, true },
+  { 100673, true },
+  { 100684, true },
+  { 100692, true },
+  { 100706, true },
+  { 100721, true },
+  { 100748, true },
+  { 100766, true },
+  { 100793, true },
+  { 100803, true },
+  { 100812, true },
+  { 100826, true },
+  { 100854, true },
+  { 100865, true },
+  { 100876, true },
+  { 100885, true },
+  { 100895, true },
+  { 100902, true },
+  { 100916, true },
+  { 100930, true },
+  { 100941, true },
+  { 100954, true },
+  { 100961, true },
+  { 100969, true },
+  { 100984, true },
+  { 101000, true },
+  { 101010, true },
+  { 101023, true },
+  { 101037, true },
+  { 101051, true },
+  { 101065, true },
+  { 101070, true },
+  { 101075, true },
+  { 101083, true },
+  { 101090, true },
+  { 101099, true },
+  { 101106, true },
+  { 101136, true },
+  { 101143, true },
+  { 101155, true },
+  { 101162, true },
+  { 101173, true },
+  { 101180, true },
+  { 101187, true },
+  { 101193, true },
+  { 101209, true },
+  { 101216, true },
+  { 101228, true },
+  { 101242, true },
+  { 101269, true },
+  { 101301, true },
+  { 101315, true },
+  { 101332, true },
+  { 101340, true },
+  { 101348, true },
+  { 101368, true },
+  { 101390, true },
+  { 101401, true },
+  { 101412, true },
+  { 101423, true },
+  { 101434, true },
+  { 101445, true },
+  { 101457, true },
+  { 101467, true },
+  { 101486, true },
+  { 101502, true },
+  { 101519, true },
+  { 101527, true },
+  { 101544, true },
+  { 101559, true },
+  { 101585, true },
+  { 101606, true },
+  { 101619, true },
+  { 101634, true },
+  { 101649, true },
+  { 101665, true },
+  { 101684, true },
+  { 101701, true },
+  { 101717, false },
+  { 101727, true },
+  { 101740, true },
+  { 101750, true },
+  { 101761, true },
+  { 101780, true },
+  { 101795, true },
+  { 101810, true },
+  { 101823, true },
+  { 101831, true },
+  { 101849, true },
+  { 101861, false },
+  { 101873, true },
+  { 101887, true },
+  { 101899, true },
+  { 101912, true },
+  { 101928, true },
+  { 101942, true },
+  { 101963, true },
+  { 101975, true },
+  { 101992, true },
+  { 102005, true },
+  { 102017, true },
+  { 102035, true },
+  { 102045, true },
+  { 102058, true },
+  { 102077, true },
+  { 102107, true },
+  { 102117, true },
+  { 102128, true },
+  { 102141, true },
+  { 102153, true },
+  { 102167, true },
+  { 102184, true },
+  { 102196, true },
+  { 102214, true },
+  { 102245, true },
+  { 102259, true },
+  { 102278, true },
+  { 102287, true },
+  { 102305, true },
+  { 102319, true },
+  { 102335, true },
+  { 102349, true },
+  { 102368, true },
+  { 102386, true },
+  { 102404, true },
+  { 102420, true },
+  { 102440, true },
+  { 102461, true },
+  { 102482, true },
+  { 102498, true },
+  { 102514, true },
+  { 102530, true },
+  { 102549, true },
+  { 102564, false },
+  { 102585, false },
+  { 102605, true },
+  { 102625, true },
+  { 102641, true },
+  { 102660, true },
+  { 102675, true },
+  { 102693, true },
+  { 102709, true },
+  { 102726, true },
+  { 102745, true },
+  { 102764, true },
+  { 102782, true },
+  { 102798, true },
+  { 102809, false },
+  { 102819, true },
+  { 102834, true },
+  { 102843, true },
+  { 102855, true },
+  { 102883, true },
+  { 102901, true },
+  { 102918, true },
+  { 102927, true },
+  { 102941, true },
+  { 102960, true },
+  { 102978, true },
+  { 102990, true },
+  { 103000, true },
+  { 103010, true },
+  { 103023, true },
+  { 103038, true },
+  { 103053, true },
+  { 103068, true },
+  { 103083, true },
+  { 103102, true },
+  { 103119, true },
+  { 103127, true },
+  { 103141, true },
+  { 103156, true },
+  { 103167, true },
+  { 103177, true },
+  { 103211, true },
+  { 103223, true },
+  { 103234, true },
+  { 103251, true },
+  { 103261, true },
+  { 103271, true },
+  { 103284, true },
+  { 103296, false },
+  { 103310, true },
+  { 103328, true },
+  { 103341, true },
+  { 103352, true },
+  { 103368, true },
+  { 103386, true },
+  { 103404, true },
+  { 103415, true },
+  { 103433, true },
+  { 103448, true },
+  { 103462, true },
+  { 103477, true },
+  { 103491, true },
+  { 103506, true },
+  { 103522, true },
+  { 103534, true },
+  { 103551, true },
+  { 103563, true },
+  { 103592, true },
+  { 103625, true },
+  { 103637, true },
+  { 103649, true },
+  { 103666, true },
+  { 103678, true },
+  { 103693, true },
+  { 103702, true },
+  { 103720, true },
+  { 103729, true },
+  { 103742, true },
+  { 103754, true },
+  { 103766, true },
+  { 103783, true },
+  { 103796, true },
+  { 103811, true },
+  { 103825, true },
+  { 103840, true },
+  { 103852, false },
+  { 103866, true },
+  { 103876, true },
+  { 103891, true },
+  { 103911, true },
+  { 103929, true },
+  { 103942, true },
+  { 103956, true },
+  { 103970, true },
+  { 103983, true },
+  { 103996, true },
+  { 104011, true },
+  { 104031, true },
+  { 104045, true },
+  { 104054, true },
+  { 104067, true },
+  { 104078, true },
+  { 104090, true },
+  { 104105, true },
+  { 104119, true },
+  { 104133, true },
+  { 104147, true },
+  { 104161, true },
+  { 104181, true },
+  { 104202, true },
+  { 104220, true },
+  { 104234, true },
+  { 104245, true },
+  { 104265, true },
+  { 104280, false },
+  { 104292, true },
+  { 104305, true },
+  { 104321, true },
+  { 104334, true },
+  { 104347, true },
+  { 104360, true },
+  { 104387, true },
+  { 104398, true },
+  { 104413, true },
+  { 104439, true },
+  { 104459, true },
+  { 104473, true },
+  { 104486, false },
+  { 104500, true },
+  { 104514, false },
+  { 104531, true },
+  { 104556, true },
+  { 104568, true },
+  { 104585, true },
+  { 104602, true },
+  { 104615, true },
+  { 104629, true },
+  { 104642, true },
+  { 104654, true },
+  { 104670, true },
+  { 104697, true },
+  { 104727, true },
+  { 104749, true },
+  { 104768, true },
+  { 104787, false },
+  { 104799, true },
+  { 104813, true },
+  { 104829, true },
+  { 104844, true },
+  { 104856, true },
+  { 104871, true },
+  { 104891, true },
+  { 104910, true },
+  { 104926, true },
+  { 104942, true },
+  { 104957, true },
+  { 104974, true },
+  { 104988, true },
+  { 105003, true },
+  { 105018, true },
+  { 105033, true },
+  { 105055, true },
+  { 105075, true },
+  { 105093, true },
+  { 105111, true },
+  { 105126, true },
+  { 105142, true },
+  { 105159, true },
+  { 105179, true },
+  { 105193, true },
+  { 105209, true },
+  { 105227, true },
+  { 105240, true },
+  { 105255, true },
+  { 105274, true },
+  { 105291, true },
+  { 105304, true },
+  { 105318, true },
+  { 105333, true },
+  { 105349, true },
+  { 105368, true },
+  { 105389, true },
+  { 105406, true },
+  { 105422, true },
+  { 105438, true },
+  { 105457, true },
+  { 105477, true },
+  { 105488, true },
+  { 105500, true },
+  { 105513, true },
+  { 105530, true },
+  { 105546, true },
+  { 105553, true },
+  { 105568, true },
+  { 105584, true },
+  { 105610, true },
+  { 105623, true },
+  { 105643, true },
+  { 105654, true },
+  { 105672, true },
+  { 105686, true },
+  { 105698, true },
+  { 105711, true },
+  { 105722, true },
+  { 105730, true },
+  { 105738, true },
+  { 105760, true },
+  { 105777, true },
+  { 105794, true },
+  { 105805, true },
+  { 105813, true },
+  { 105825, true },
+  { 105838, true },
+  { 105848, true },
+  { 105860, true },
+  { 105868, true },
+  { 105877, true },
+  { 105888, true },
+  { 105899, true },
+  { 105914, true },
+  { 105924, true },
+  { 105935, true },
+  { 105948, true },
+  { 105967, true },
+  { 105989, true },
+  { 105997, true },
+  { 106009, true },
+  { 106023, true },
+  { 106034, true },
+  { 106042, true },
+  { 106054, true },
+  { 106062, true },
+  { 106073, true },
+  { 106083, true },
+  { 106091, false },
+  { 106099, false },
+  { 106115, true },
+  { 106128, true },
+  { 106143, true },
+  { 106160, true },
+  { 106169, true },
+  { 106191, true },
+  { 106212, true },
+  { 106226, true },
+  { 106234, true },
+  { 106247, true },
+  { 106260, true },
+  { 106270, true },
+  { 106281, false },
+  { 106301, true },
+  { 106316, true },
+  { 106328, true },
+  { 106341, true },
+  { 106353, true },
+  { 106365, true },
+  { 106379, false },
+  { 106400, true },
+  { 106411, true },
+  { 106425, true },
+  { 106439, true },
+  { 106453, true },
+  { 106470, true },
+  { 106485, true },
+  { 106499, true },
+  { 106513, true },
+  { 106527, true },
+  { 106541, true },
+  { 106555, true },
+  { 106570, true },
+  { 106592, true },
+  { 106604, true },
+  { 106618, true },
+  { 106631, true },
+  { 106649, true },
+  { 106664, true },
+  { 106678, true },
+  { 106694, true },
+  { 106709, true },
+  { 106721, true },
+  { 106733, true },
+  { 106745, true },
+  { 106777, true },
+  { 106787, true },
+  { 106805, true },
+  { 106818, true },
+  { 106833, true },
+  { 106847, true },
+  { 106867, true },
+  { 106880, true },
+  { 106893, true },
+  { 106902, true },
+  { 106923, true },
+  { 106936, true },
+  { 106946, true },
+  { 106959, true },
+  { 106980, true },
+  { 106990, true },
+  { 107010, true },
+  { 107029, true },
+  { 107050, true },
+  { 107063, true },
+  { 107078, true },
+  { 107090, true },
+  { 107103, true },
+  { 107118, true },
+  { 107133, true },
+  { 107152, true },
+  { 107171, true },
+  { 107196, true },
+  { 107213, true },
+  { 107236, true },
+  { 107248, true },
+  { 107256, true },
+  { 107268, true },
+  { 107279, true },
+  { 107294, true },
+  { 107310, true },
+  { 107317, true },
+  { 107324, true },
+  { 107348, true },
+  { 107358, true },
+  { 107375, true },
+  { 107398, true },
+  { 107411, true },
+  { 107426, true },
+  { 107446, true },
+  { 107462, true },
+  { 107473, true },
+  { 107483, true },
+  { 107495, true },
+  { 107506, true },
+  { 107517, true },
+  { 107530, true },
+  { 107547, true },
+  { 107568, true },
+  { 107578, true },
+  { 107594, true },
+  { 107609, true },
+  { 107625, true },
+  { 107642, true },
+  { 107658, true },
+  { 107675, true },
+  { 107689, true },
+  { 107704, true },
+  { 107720, true },
+  { 107735, true },
+  { 107746, true },
+  { 107756, true },
+  { 107765, true },
+  { 107775, true },
+  { 107786, true },
+  { 107796, true },
+  { 107807, true },
+  { 107820, true },
+  { 107830, true },
+  { 107842, true },
+  { 107853, true },
+  { 107866, true },
+  { 107878, true },
+  { 107902, true },
+  { 107915, true },
+  { 107943, true },
+  { 107966, true },
+  { 107978, true },
+  { 107992, true },
+  { 108002, true },
+  { 108016, true },
+  { 108032, true },
+  { 108044, true },
+  { 108055, true },
+  { 108067, true },
+  { 108083, true },
+  { 108094, true },
+  { 108102, true },
+  { 108115, true },
+  { 108131, true },
+  { 108144, true },
+  { 108157, true },
+  { 108177, true },
+  { 108188, true },
+  { 108209, true },
+  { 108225, true },
+  { 108247, true },
+  { 108267, true },
+  { 108288, true },
+  { 108307, true },
+  { 108319, true },
+  { 108331, true },
+  { 108346, true },
+  { 108361, true },
+  { 108371, true },
+  { 108386, true },
+  { 108400, true },
+  { 108415, true },
+  { 108424, true },
+  { 108435, true },
+  { 108452, true },
+  { 108465, true },
+  { 108479, true },
+  { 108491, true },
+  { 108506, true },
+  { 108528, true },
+  { 108539, true },
+  { 108558, true },
+  { 108579, true },
+  { 108591, true },
+  { 108601, true },
+  { 108617, true },
+  { 108625, true },
+  { 108642, true },
+  { 108652, true },
+  { 108665, true },
+  { 108689, true },
+  { 108710, true },
+  { 108735, true },
+  { 108757, true },
+  { 108769, true },
+  { 108782, true },
+  { 108799, true },
+  { 108816, true },
+  { 108828, true },
+  { 108841, true },
+  { 108853, true },
+  { 108866, true },
+  { 108879, true },
+  { 108890, true },
+  { 108904, true },
+  { 108922, true },
+  { 108940, true },
+  { 108951, true },
+  { 108963, true },
+  { 108978, true },
+  { 109000, true },
+  { 109018, true },
+  { 109035, true },
+  { 109049, true },
+  { 109063, false },
+  { 109078, true },
+  { 109092, true },
+  { 109108, true },
+  { 109127, true },
+  { 109141, true },
+  { 109151, true },
+  { 109159, true },
+  { 109177, true },
+  { 109206, true },
+  { 109217, true },
+  { 109236, true },
+  { 109249, true },
+  { 109274, true },
+  { 109297, true },
+  { 109312, true },
+  { 109332, true },
+  { 109353, true },
+  { 109366, true },
+  { 109378, true },
+  { 109389, true },
+  { 109414, true },
+  { 109435, true },
+  { 109448, true },
+  { 109460, true },
+  { 109472, true },
+  { 109482, true },
+  { 109499, true },
+  { 109519, true },
+  { 109531, true },
+  { 109555, true },
+  { 109576, true },
+  { 109596, true },
+  { 109616, true },
+  { 109639, true },
+  { 109672, true },
+  { 109698, true },
+  { 109720, true },
+  { 109737, true },
+  { 109758, true },
+  { 109772, true },
+  { 109788, true },
+  { 109807, true },
+  { 109833, true },
+  { 109843, true },
+  { 109853, true },
+  { 109866, true },
+  { 109889, true },
+  { 109901, true },
+  { 109915, true },
+  { 109925, true },
+  { 109935, true },
+  { 109944, true },
+  { 109962, true },
+  { 109973, true },
+  { 109991, true },
+  { 110004, true },
+  { 110032, true },
+  { 110044, true },
+  { 110061, true },
+  { 110083, true },
+  { 110092, true },
+  { 110109, true },
+  { 110121, true },
+  { 110135, true },
+  { 110153, true },
+  { 110174, true },
+  { 110188, true },
+  { 110215, true },
+  { 110241, true },
+  { 110259, true },
+  { 110276, true },
+  { 110301, true },
+  { 110321, true },
+  { 110346, true },
+  { 110360, true },
+  { 110375, true },
+  { 110390, true },
+  { 110400, false },
+  { 110414, true },
+  { 110427, true },
+  { 110448, true },
+  { 110457, true },
+  { 110482, true },
+  { 110498, true },
+  { 110511, true },
+  { 110537, true },
+  { 110550, true },
+  { 110568, true },
+  { 110599, true },
+  { 110628, true },
+  { 110639, true },
+  { 110649, true },
+  { 110672, true },
+  { 110695, true },
+  { 110722, false },
+  { 110736, true },
+  { 110751, true },
+  { 110765, true },
+  { 110782, true },
+  { 110797, true },
+  { 110816, true },
+  { 110835, true },
+  { 110857, true },
+  { 110872, true },
+  { 110886, true },
+  { 110900, true },
+  { 110910, true },
+  { 110919, true },
+  { 110936, true },
+  { 110945, true },
+  { 110955, true },
+  { 110993, true },
+  { 111012, true },
+  { 111027, true },
+  { 111038, true },
+  { 111050, true },
+  { 111068, true },
+  { 111093, true },
+  { 111123, true },
+  { 111136, true },
+  { 111153, true },
+  { 111164, true },
+  { 111172, true },
+  { 111183, false },
+  { 111192, true },
+  { 111202, true },
+  { 111215, true },
+  { 111225, true },
+  { 111239, true },
+  { 111248, true },
+  { 111261, true },
+  { 111283, false },
+  { 111308, true },
+  { 111326, true },
+  { 111343, false },
+  { 111367, true },
+  { 111381, true },
+  { 111400, true },
+  { 111427, true },
+  { 111439, true },
+  { 111451, true },
+  { 111463, true },
+  { 111471, true },
+  { 111480, true },
+  { 111494, true },
+  { 111517, true },
+  { 111534, true },
+  { 111550, false },
+  { 111562, true },
+  { 111574, true },
+  { 111585, true },
+  { 111595, true },
+  { 111607, true },
+  { 111621, true },
+  { 111635, true },
+  { 111647, true },
+  { 111657, true },
+  { 111671, true },
+  { 111688, true },
+  { 111706, true },
+  { 111718, true },
+  { 111730, true },
+  { 111742, true },
+  { 111751, true },
+  { 111762, true },
+  { 111774, true },
+  { 111788, true },
+  { 111798, true },
+  { 111811, true },
+  { 111823, true },
+  { 111839, true },
+  { 111861, true },
+  { 111874, true },
+  { 111884, true },
+  { 111898, true },
+  { 111907, true },
+  { 111919, true },
+  { 111930, true },
+  { 111937, true },
+  { 111950, true },
+  { 111962, true },
+  { 111974, true },
+  { 111997, true },
+  { 112006, true },
+  { 112015, true },
+  { 112026, true },
+  { 112042, true },
+  { 112052, true },
+  { 112066, true },
+  { 112073, true },
+  { 112090, true },
+  { 112101, true },
+  { 112114, true },
+  { 112125, true },
+  { 112139, true },
+  { 112148, true },
+  { 112168, true },
+  { 112206, true },
+  { 112218, true },
+  { 112227, true },
+  { 112238, true },
+  { 112249, true },
+  { 112259, true },
+  { 112273, true },
+  { 112291, true },
+  { 112309, true },
+  { 112325, true },
+  { 112340, true },
+  { 112354, true },
+  { 112366, true },
+  { 112381, true },
+  { 112395, true },
+  { 112411, true },
+  { 112425, true },
+  { 112441, true },
+  { 112454, true },
+  { 112471, true },
+  { 112489, true },
+  { 112506, true },
+  { 112516, true },
+  { 112538, true },
+  { 112547, true },
+  { 112559, true },
+  { 112582, true },
+  { 112605, true },
+  { 112616, true },
+  { 112637, true },
+  { 112662, true },
+  { 112677, true },
+  { 112703, true },
+  { 112728, true },
+  { 112761, true },
+  { 112789, true },
+  { 112818, true },
+  { 112834, true },
+  { 112846, true },
+  { 112859, true },
+  { 112871, true },
+  { 112882, true },
+  { 112893, true },
+  { 112910, true },
+  { 112935, true },
+  { 112950, true },
+  { 112963, true },
+  { 112985, true },
+  { 113010, true },
+  { 113026, true },
+  { 113057, false },
+  { 113069, true },
+  { 113081, true },
+  { 113093, true },
+  { 113109, true },
+  { 113123, true },
+  { 113138, true },
+  { 113156, true },
+  { 113165, true },
+  { 113179, true },
+  { 113201, true },
+  { 113215, true },
+  { 113230, true },
+  { 113247, true },
+  { 113270, true },
+  { 113287, true },
+  { 113305, true },
+  { 113324, true },
+  { 113337, true },
+  { 113347, true },
+  { 113359, true },
+  { 113371, true },
+  { 113386, true },
+  { 113400, false },
+  { 113413, false },
+  { 113427, true },
+  { 113439, true },
+  { 113453, true },
+  { 113464, true },
+  { 113475, true },
+  { 113487, true },
+  { 113499, true },
+  { 113511, true },
+  { 113526, true },
+  { 113540, true },
+  { 113561, true },
+  { 113573, true },
+  { 113586, true },
+  { 113598, true },
+  { 113614, true },
+  { 113630, false },
+  { 113643, true },
+  { 113654, false },
+  { 113671, true },
+  { 113693, true },
+  { 113713, false },
+  { 113725, true },
+  { 113742, true },
+  { 113758, true },
+  { 113782, true },
+  { 113800, true },
+  { 113814, true },
+  { 113829, true },
+  { 113846, true },
+  { 113874, true },
+  { 113899, true },
+  { 113915, true },
+  { 113936, true },
+  { 113958, true },
+  { 113974, true },
+  { 113990, true },
+  { 114005, true },
+  { 114020, true },
+  { 114043, true },
+  { 114057, true },
+  { 114083, true },
+  { 114103, true },
+  { 114121, true },
+  { 114136, true },
+  { 114158, true },
+  { 114187, true },
+  { 114208, true },
+  { 114227, true },
+  { 114246, true },
+  { 114262, true },
+  { 114289, true },
+  { 114305, true },
+  { 114326, true },
+  { 114339, true },
+  { 114352, true },
+  { 114369, true },
+  { 114379, true },
+  { 114391, false },
+  { 114408, true },
+  { 114427, true },
+  { 114435, true },
+  { 114447, true },
+  { 114457, true },
+  { 114476, true },
+  { 114493, true },
+  { 114510, true },
+  { 114520, true },
+  { 114534, true },
+  { 114548, true },
+  { 114565, true },
+  { 114573, true },
+  { 114592, true },
+  { 114605, true },
+  { 114614, true },
+  { 114625, true },
+  { 114643, true },
+  { 114655, true },
+  { 114666, true },
+  { 114676, true },
+  { 114687, true },
+  { 114697, true },
+  { 114705, true },
+  { 114722, true },
+  { 114732, true },
+  { 114745, true },
+  { 114759, true },
+  { 114770, true },
+  { 114783, true },
+  { 114792, true },
+  { 114804, false },
+  { 114812, true },
+  { 114823, true },
+  { 114834, true },
+  { 114847, true },
+  { 114860, true },
+  { 114874, true },
+  { 114893, true },
+  { 114909, true },
+  { 114933, true },
+  { 114945, true },
+  { 114959, true },
+  { 114975, true },
+  { 114989, true },
+  { 115009, true },
+  { 115032, true },
+  { 115052, true },
+  { 115063, true },
+  { 115079, true },
+  { 115089, true },
+  { 115101, true },
+  { 115114, true },
+  { 115128, true },
+  { 115144, true },
+  { 115164, true },
+  { 115178, true },
+  { 115186, true },
+  { 115204, true },
+  { 115215, true },
+  { 115228, true },
+  { 115240, true },
+  { 115255, true },
+  { 115273, true },
+  { 115290, true },
+  { 115305, true },
+  { 115324, false },
+  { 115338, true },
+  { 115352, true },
+  { 115369, true },
+  { 115387, true },
+  { 115405, true },
+  { 115426, false },
+  { 115448, true },
+  { 115470, true },
+  { 115486, true },
+  { 115510, true },
+  { 115527, true },
+  { 115548, true },
+  { 115564, true },
+  { 115578, true },
+  { 115597, true },
+  { 115616, true },
+  { 115643, true },
+  { 115670, true },
+  { 115691, true },
+  { 115717, true },
+  { 115738, true },
+  { 115758, true },
+  { 115784, true },
+  { 115802, true },
+  { 115814, true },
+  { 115825, true },
+  { 115836, true },
+  { 115852, true },
+  { 115864, true },
+  { 115878, true },
+  { 115895, true },
+  { 115916, true },
+  { 115931, false },
+  { 115951, true },
+  { 115977, true },
+  { 116004, true },
+  { 116032, true },
+  { 116059, true },
+  { 116081, true },
+  { 116091, true },
+  { 116104, true },
+  { 116112, true },
+  { 116124, true },
+  { 116132, true },
+  { 116145, true },
+  { 116162, true },
+  { 116182, true },
+  { 116205, true },
+  { 116217, true },
+  { 116229, true },
+  { 116242, true },
+  { 116256, true },
+  { 116279, true },
+  { 116298, true },
+  { 116320, true },
+  { 116338, true },
+  { 116357, true },
+  { 116376, true },
+  { 116394, true },
+  { 116404, true },
+  { 116415, true },
+  { 116425, true },
+  { 116442, true },
+  { 116454, true },
+  { 116464, true },
+  { 116485, true },
+  { 116495, true },
+  { 116506, true },
+  { 116525, true },
+  { 116540, true },
+  { 116558, true },
+  { 116577, true },
+  { 116600, true },
+  { 116607, true },
+  { 116620, true },
+  { 116633, true },
+  { 116643, true },
+  { 116661, true },
+  { 116685, true },
+  { 116709, true },
+  { 116718, true },
+  { 116735, false },
+  { 116755, true },
+  { 116774, true },
+  { 116782, false },
+  { 116792, true },
+  { 116806, true },
+  { 116832, true },
+  { 116845, true },
+  { 116862, true },
+  { 116870, true },
+  { 116878, true },
+  { 116894, true },
+  { 116901, true },
+  { 116914, true },
+  { 116923, true },
+  { 116933, true },
+  { 116953, true },
+  { 116964, true },
+  { 116973, false },
+  { 116988, true },
+  { 117007, true },
+  { 117016, true },
+  { 117025, true },
+  { 117039, true },
+  { 117053, true },
+  { 117063, true },
+  { 117080, true },
+  { 117092, true },
+  { 117101, true },
+  { 117108, true },
+  { 117120, true },
+  { 117137, true },
+  { 117145, false },
+  { 117153, true },
+  { 117161, true },
+  { 117168, true },
+  { 117179, true },
+  { 117192, true },
+  { 117199, true },
+  { 117210, true },
+  { 117221, true },
+  { 117231, true },
+  { 117244, true },
+  { 117259, true },
+  { 117276, true },
+  { 117291, true },
+  { 117303, true },
+  { 117315, true },
+  { 117327, true },
+  { 117342, true },
+  { 117353, true },
+  { 117363, true },
+  { 117381, true },
+  { 117390, true },
+  { 117402, true },
+  { 117408, false },
+  { 117428, true },
+  { 117437, true },
+  { 117445, true },
+  { 117454, true },
+  { 117468, true },
+  { 117480, true },
+  { 117495, true },
+  { 117502, true },
+  { 117514, true },
+  { 117524, true },
+  { 117534, true },
+  { 117551, true },
+  { 117569, true },
+  { 117581, true },
+  { 117598, true },
+  { 117610, true },
+  { 117620, true },
+  { 117634, true },
+  { 117647, false },
+  { 117663, true },
+  { 117679, true },
+  { 117687, true },
+  { 117695, true },
+  { 117709, true },
+  { 117722, true },
+  { 117741, true },
+  { 117755, true },
+  { 117771, true },
+  { 117789, true },
+  { 117802, true },
+  { 117815, true },
+  { 117830, true },
+  { 117846, true },
+  { 117874, true },
+  { 117886, true },
+  { 117902, true },
+  { 117911, true },
+  { 117936, false },
+  { 117953, true },
+  { 117966, true },
+  { 117979, false },
+  { 117988, true },
+  { 117998, true },
+  { 118008, true },
+  { 118030, true },
+  { 118040, true },
+  { 118050, true },
+  { 118066, true },
+  { 118082, true },
+  { 118094, true },
+  { 118106, true },
+  { 118121, true },
+  { 118135, true },
+  { 118149, true },
+  { 118161, true },
+  { 118183, true },
+  { 118207, true },
+  { 118224, true },
+  { 118232, true },
+  { 118243, true },
+  { 118257, true },
+  { 118270, true },
+  { 118290, true },
+  { 118304, true },
+  { 118320, true },
+  { 118328, true },
+  { 118342, true },
+  { 118363, true },
+  { 118378, true },
+  { 118397, false },
+  { 118414, true },
+  { 118428, true },
+  { 118447, true },
+  { 118462, true },
+  { 118478, true },
+  { 118493, true },
+  { 118504, true },
+  { 118527, true },
+  { 118539, true },
+  { 118549, true },
+  { 118570, true },
+  { 118588, true },
+  { 118609, true },
+  { 118626, true },
+  { 118647, true },
+  { 118662, true },
+  { 118679, true },
+  { 118697, true },
+  { 118709, true },
+  { 118727, true },
+  { 118743, true },
+  { 118760, true },
+  { 118780, true },
+  { 118798, true },
+  { 118817, true },
+  { 118842, true },
+  { 118864, true },
+  { 118878, true },
+  { 118893, true },
+  { 118911, true },
+  { 118927, true },
+  { 118942, true },
+  { 118964, true },
+  { 118979, true },
+  { 118994, true },
+  { 119012, true },
+  { 119027, true },
+  { 119041, true },
+  { 119055, true },
+  { 119070, true },
+  { 119084, false },
+  { 119097, true },
+  { 119111, true },
+  { 119125, true },
+  { 119153, true },
+  { 119172, true },
+  { 119186, true },
+  { 119205, false },
+  { 119217, true },
+  { 119229, true },
+  { 119243, true },
+  { 119256, true },
+  { 119275, true },
+  { 119293, true },
+  { 119309, true },
+  { 119317, true },
+  { 119328, true },
+  { 119342, true },
+  { 119357, true },
+  { 119380, true },
+  { 119396, true },
+  { 119409, true },
+  { 119428, true },
+  { 119439, true },
+  { 119448, true },
+  { 119464, true },
+  { 119479, true },
+  { 119500, true },
+  { 119511, true },
+  { 119526, true },
+  { 119537, true },
+  { 119550, true },
+  { 119563, true },
+  { 119575, true },
+  { 119600, true },
+  { 119614, true },
+  { 119625, true },
+  { 119644, true },
+  { 119653, true },
+  { 119662, true },
+  { 119675, true },
+  { 119690, true },
+  { 119705, true },
+  { 119722, true },
+  { 119739, true },
+  { 119756, true },
+  { 119767, true },
+  { 119781, true },
+  { 119795, true },
+  { 119822, true },
+  { 119831, true },
+  { 119844, true },
+  { 119855, true },
+  { 119864, true },
+  { 119873, true },
+  { 119882, true },
+  { 119898, true },
+  { 119917, true },
+  { 119942, true },
+  { 119960, true },
+  { 119967, true },
+  { 119986, false },
+  { 119997, true },
+  { 120012, true },
+  { 120023, true },
+  { 120038, true },
+  { 120052, true },
+  { 120063, true },
+  { 120087, true },
+  { 120099, true },
+  { 120119, true },
+  { 120130, true },
+  { 120140, true },
+  { 120152, true },
+  { 120169, true },
+  { 120182, true },
+  { 120194, true },
+  { 120205, true },
+  { 120216, true },
+  { 120228, true },
+  { 120237, true },
+  { 120258, true },
+  { 120272, true },
+  { 120288, false },
+  { 120300, true },
+  { 120317, true },
+  { 120332, true },
+  { 120344, true },
+  { 120354, true },
+  { 120373, true },
+  { 120382, true },
+  { 120391, true },
+  { 120407, true },
+  { 120428, true },
+  { 120445, true },
+  { 120474, true },
+  { 120492, true },
+  { 120509, true },
+  { 120528, false },
+  { 120543, true },
+  { 120556, true },
+  { 120569, true },
+  { 120581, true },
+  { 120592, true },
+  { 120604, true },
+  { 120623, true },
+  { 120630, true },
+  { 120649, true },
+  { 120658, false },
+  { 120681, true },
+  { 120697, true },
+  { 120714, true },
+  { 120724, true },
+  { 120737, true },
+  { 120748, true },
+  { 120760, true },
+  { 120771, true },
+  { 120784, true },
+  { 120794, true },
+  { 120805, true },
+  { 120822, true },
+  { 120834, true },
+  { 120852, true },
+  { 120866, true },
+  { 120884, true },
+  { 120899, true },
+  { 120919, true },
+  { 120933, true },
+  { 120953, true },
+  { 120969, true },
+  { 120989, true },
+  { 121003, true },
+  { 121024, true },
+  { 121041, true },
+  { 121058, true },
+  { 121075, true },
+  { 121092, true },
+  { 121109, true },
+  { 121128, true },
+  { 121146, true },
+  { 121164, true },
+  { 121178, true },
+  { 121189, true },
+  { 121203, false },
+  { 121222, true },
+  { 121233, true },
+  { 121252, true },
+  { 121266, true },
+  { 121277, true },
+  { 121287, true },
+  { 121295, true },
+  { 121308, true },
+  { 121324, true },
+  { 121344, true },
+  { 121367, true },
+  { 121392, true },
+  { 121410, true },
+  { 121419, true },
+  { 121433, true },
+  { 121450, true },
+  { 121470, true },
+  { 121484, true },
+  { 121505, true },
+  { 121524, true },
+  { 121543, false },
+  { 121561, true },
+  { 121573, true },
+  { 121585, true },
+  { 121600, true },
+  { 121616, true },
+  { 121626, true },
+  { 121636, true },
+  { 121650, true },
+  { 121666, true },
+  { 121681, true },
+  { 121695, true },
+  { 121705, true },
+  { 121714, true },
+  { 121729, true },
+  { 121747, true },
+  { 121774, true },
+  { 121784, true },
+  { 121794, true },
+  { 121802, true },
+  { 121815, true },
+  { 121828, true },
+  { 121840, true },
+  { 121853, true },
+  { 121872, true },
+  { 121887, false },
+  { 121897, false },
+  { 121914, true },
+  { 121924, true },
+  { 121940, true },
+  { 121953, true },
+  { 121963, true },
+  { 121976, true },
+  { 121990, true },
+  { 122011, true },
+  { 122033, true },
+  { 122062, true },
+  { 122081, true },
+  { 122091, true },
+  { 122110, true },
+  { 122130, true },
+  { 122139, true },
+  { 122160, true },
+  { 122170, true },
+  { 122182, true },
+  { 122197, true },
+  { 122212, true },
+  { 122220, false },
+  { 122233, true },
+  { 122254, true },
+  { 122266, true },
+  { 122280, true },
+  { 122294, true },
+  { 122306, true },
+  { 122320, true },
+  { 122333, true },
+  { 122346, true },
+  { 122359, true },
+  { 122380, true },
+  { 122392, true },
+  { 122401, true },
+  { 122416, true },
+  { 122428, true },
+  { 122442, true },
+  { 122458, true },
+  { 122467, true },
+  { 122485, true },
+  { 122501, true },
+  { 122515, true },
+  { 122525, true },
+  { 122535, true },
+  { 122550, true },
+  { 122572, true },
+  { 122588, false },
+  { 122597, true },
+  { 122611, true },
+  { 122621, true },
+  { 122641, true },
+  { 122658, true },
+  { 122669, true },
+  { 122683, true },
+  { 122699, true },
+  { 122715, true },
+  { 122737, true },
+  { 122749, true },
+  { 122771, true },
+  { 122789, true },
+  { 122797, true },
+  { 122812, true },
+  { 122823, true },
+  { 122837, true },
+  { 122852, true },
+  { 122866, true },
+  { 122875, true },
+  { 122883, true },
+  { 122894, true },
+  { 122905, true },
+  { 122914, true },
+  { 122936, true },
+  { 122946, true },
+  { 122964, true },
+  { 122978, true },
+  { 122991, true },
+  { 123005, true },
+  { 123029, true },
+  { 123037, true },
+  { 123046, true },
+  { 123055, true },
+  { 123068, true },
+  { 123083, true },
+  { 123090, true },
+  { 123105, false },
+  { 123117, true },
+  { 123125, true },
+  { 123148, true },
+  { 123170, true },
+  { 123194, true },
+  { 123210, true },
+  { 123225, true },
+  { 123238, true },
+  { 123256, true },
+  { 123268, true },
+  { 123283, true },
+  { 123296, true },
+  { 123307, true },
+  { 123318, false },
+  { 123329, false },
+  { 123339, false },
+  { 123350, false },
+  { 123361, false },
+  { 123373, true },
+  { 123389, true },
+  { 123396, true },
+  { 123407, true },
+  { 123422, true },
+  { 123434, true },
+  { 123444, true },
+  { 123454, true },
+  { 123471, true },
+  { 123483, true },
+  { 123494, true },
+  { 123512, true },
+  { 123521, true },
+  { 123530, true },
+  { 123542, true },
+  { 123552, true },
+  { 123568, true },
+  { 123585, true },
+  { 123595, true },
+  { 123609, false },
+  { 123628, true },
+  { 123642, true },
+  { 123656, true },
+  { 123678, true },
+  { 123696, true },
+  { 123714, true },
+  { 123729, true },
+  { 123748, true },
+  { 123756, true },
+  { 123771, true },
+  { 123787, true },
+  { 123797, true },
+  { 123808, true },
+  { 123821, true },
+  { 123836, true },
+  { 123845, true },
+  { 123865, true },
+  { 123874, true },
+  { 123889, true },
+  { 123900, true },
+  { 123915, true },
+  { 123931, true },
+  { 123949, true },
+  { 123960, true },
+  { 123970, true },
+  { 123983, true },
+  { 124003, true },
+  { 124023, false },
+  { 124032, true },
+  { 124042, true },
+  { 124055, true },
+  { 124066, true },
+  { 124081, true },
+  { 124094, true },
+  { 124106, true },
+  { 124124, true },
+  { 124134, true },
+  { 124143, true },
+  { 124153, true },
+  { 124162, true },
+  { 124173, true },
+  { 124185, true },
+  { 124193, true },
+  { 124207, false },
+  { 124214, true },
+  { 124224, true },
+  { 124238, true },
+  { 124250, true },
+  { 124260, true },
+  { 124270, true },
+  { 124286, true },
+  { 124300, true },
+  { 124314, true },
+  { 124329, true },
+  { 124336, true },
+  { 124349, true },
+  { 124369, false },
+  { 124384, true },
+  { 124400, true },
+  { 124415, true },
+  { 124435, true },
+  { 124455, true },
+  { 124472, true },
+  { 124484, true },
+  { 124492, true },
+  { 124506, true },
+  { 124521, false },
+  { 124531, true },
+  { 124539, true },
+  { 124556, true },
+  { 124567, true },
+  { 124581, true },
+  { 124589, true },
+  { 124596, true },
+  { 124606, true },
+  { 124614, true },
+  { 124629, true },
+  { 124642, true },
+  { 124652, true },
+  { 124662, true },
+  { 124672, true },
+  { 124682, true },
+  { 124692, true },
+  { 124708, true },
+  { 124723, true },
+  { 124738, true },
+  { 124755, true },
+  { 124766, true },
+  { 124774, true },
+  { 124788, true },
+  { 124801, true },
+  { 124818, true },
+  { 124839, true },
+  { 124854, true },
+  { 124874, true },
+  { 124891, true },
+  { 124904, true },
+  { 124924, true },
+  { 124934, true },
+  { 124946, true },
+  { 124960, true },
+  { 124969, true },
+  { 124978, true },
+  { 124995, true },
+  { 125005, true },
+  { 125014, false },
+  { 125025, true },
+  { 125034, true },
+  { 125045, true },
+  { 125052, true },
+  { 125063, true },
+  { 125070, true },
+  { 125079, true },
+  { 125087, true },
+  { 125095, true },
+  { 125102, true },
+  { 125109, true },
+  { 125123, true },
+  { 125137, true },
+  { 125151, true },
+  { 125174, true },
+  { 125199, true },
+  { 125217, true },
+  { 125235, true },
+  { 125249, true },
+  { 125260, true },
+  { 125269, true },
+  { 125286, true },
+  { 125304, true },
+  { 125316, true },
+  { 125334, true },
+  { 125347, true },
+  { 125356, true },
+  { 125373, true },
+  { 125390, true },
+  { 125408, true },
+  { 125424, true },
+  { 125436, true },
+  { 125451, true },
+  { 125464, true },
+  { 125476, true },
+  { 125507, true },
+  { 125534, true },
+  { 125565, true },
+  { 125594, true },
+  { 125612, true },
+  { 125629, false },
+  { 125642, false },
+  { 125661, true },
+  { 125676, true },
+  { 125692, true },
+  { 125708, true },
+  { 125720, true },
+  { 125733, true },
+  { 125746, false },
+  { 125758, true },
+  { 125769, true },
+  { 125786, true },
+  { 125796, false },
+  { 125814, true },
+  { 125827, true },
+  { 125846, true },
+  { 125863, true },
+  { 125876, false },
+  { 125890, true },
+  { 125906, true },
+  { 125925, true },
+  { 125936, true },
+  { 125950, true },
+  { 125959, true },
+  { 125978, true },
+  { 125988, true },
+  { 125995, true },
+  { 126024, true },
+  { 126046, true },
+  { 126067, true },
+  { 126094, true },
+  { 126114, true },
+  { 126122, true },
+  { 126133, true },
+  { 126145, true },
+  { 126165, false },
+  { 126182, true },
+  { 126193, true },
+  { 126207, true },
+  { 126215, true },
+  { 126226, true },
+  { 126235, true },
+  { 126246, true },
+  { 126258, true },
+  { 126274, false },
+  { 126289, true },
+  { 126310, true },
+  { 126320, true },
+  { 126335, true },
+  { 126351, true },
+  { 126363, true },
+  { 126375, true },
+  { 126392, true },
+  { 126407, true },
+  { 126425, true },
+  { 126437, true },
+  { 126452, true },
+  { 126471, true },
+  { 126485, true },
+  { 126496, true },
+  { 126514, true },
+  { 126528, true },
+  { 126541, true },
+  { 126553, true },
+  { 126562, true },
+  { 126573, true },
+  { 126589, true },
+  { 126612, true },
+  { 126624, true },
+  { 126640, true },
+  { 126657, true },
+  { 126669, true },
+  { 126687, true },
+  { 126701, true },
+  { 126715, true },
+  { 126733, true },
+  { 126755, true },
+  { 126766, true },
+  { 126784, true },
+  { 126797, true },
+  { 126815, true },
+  { 126840, true },
+  { 126853, true },
+  { 126868, true },
+  { 126882, true },
+  { 126895, true },
+  { 126908, true },
+  { 126930, true },
+  { 126946, true },
+  { 126959, true },
+  { 126970, true },
+  { 126984, true },
+  { 126993, true },
+  { 127004, true },
+  { 127018, true },
+  { 127029, true },
+  { 127048, true },
+  { 127060, true },
+  { 127084, true },
+  { 127102, true },
+  { 127123, true },
+  { 127140, true },
+  { 127155, false },
+  { 127168, true },
+  { 127174, true },
+  { 127184, true },
+  { 127198, true },
+  { 127210, true },
+  { 127220, true },
+  { 127230, true },
+  { 127242, true },
+  { 127271, true },
+  { 127287, true },
+  { 127302, true },
+  { 127321, true },
+  { 127334, true },
+  { 127347, true },
+  { 127358, true },
+  { 127373, true },
+  { 127384, true },
+  { 127399, true },
+  { 127415, true },
+  { 127430, true },
+  { 127452, false },
+  { 127467, true },
+  { 127486, true },
+  { 127505, true },
+  { 127534, true },
+  { 127545, true },
+  { 127561, true },
+  { 127573, true },
+  { 127595, true },
+  { 127604, true },
+  { 127615, true },
+  { 127630, true },
+  { 127645, true },
+  { 127656, true },
+  { 127673, true },
+  { 127688, true },
+  { 127699, true },
+  { 127721, true },
+  { 127744, true },
+  { 127761, true },
+  { 127777, true },
+  { 127794, true },
+  { 127807, true },
+  { 127818, true },
+  { 127831, true },
+  { 127840, true },
+  { 127852, true },
+  { 127863, true },
+  { 127877, true },
+  { 127887, true },
+  { 127900, true },
+  { 127916, true },
+  { 127930, true },
+  { 127939, true },
+  { 127953, true },
+  { 127971, true },
+  { 127988, false },
+  { 127996, true },
+  { 128005, true },
+  { 128018, true },
+  { 128035, true },
+  { 128048, true },
+  { 128058, true },
+  { 128070, true },
+  { 128080, true },
+  { 128089, true },
+  { 128096, true },
+  { 128116, true },
+  { 128138, true },
+  { 128146, true },
+  { 128156, true },
+  { 128163, true },
+  { 128178, true },
+  { 128184, true },
+  { 128201, true },
+  { 128210, true },
+  { 128219, true },
+  { 128228, true },
+  { 128243, true },
+  { 128251, true },
+  { 128263, true },
+  { 128271, true },
+  { 128294, true },
+  { 128314, true },
+  { 128332, true },
+  { 128352, true },
+  { 128363, true },
+  { 128372, true },
+  { 128388, true },
+  { 128402, true },
+  { 128413, true },
+  { 128426, true },
+  { 128439, true },
+  { 128448, true },
+  { 128470, true },
+  { 128481, false },
+  { 128488, true },
+  { 128499, true },
+  { 128512, true },
+  { 128524, true },
+  { 128537, true },
+  { 128550, true },
+  { 128561, true },
+  { 128576, true },
+  { 128590, true },
+  { 128600, true },
+  { 128610, true },
+  { 128619, true },
+  { 128630, true },
+  { 128639, false },
+  { 128651, true },
+  { 128664, true },
+  { 128675, true },
+  { 128691, true },
+  { 128700, true },
+  { 128710, true },
+  { 128722, true },
+  { 128731, true },
+  { 128741, true },
+  { 128752, true },
+  { 128767, true },
+  { 128784, true },
+  { 128801, true },
+  { 128811, true },
+  { 128834, true },
+  { 128848, true },
+  { 128859, true },
+  { 128870, true },
+  { 128892, true },
+  { 128905, true },
+  { 128920, true },
+  { 128933, true },
+  { 128948, true },
+  { 128962, true },
+  { 128988, true },
+  { 128999, true },
+  { 129010, true },
+  { 129026, true },
+  { 129035, true },
+  { 129046, true },
+  { 129061, true },
+  { 129090, true },
+  { 129103, true },
+  { 129119, true },
+  { 129133, true },
+  { 129161, true },
+  { 129180, true },
+  { 129196, true },
+  { 129217, true },
+  { 129229, false },
+  { 129247, true },
+  { 129257, false },
+  { 129268, true },
+  { 129278, true },
+  { 129299, true },
+  { 129317, true },
+  { 129327, true },
+  { 129348, true },
+  { 129364, true },
+  { 129374, true },
+  { 129393, true },
+  { 129400, true },
+  { 129410, true },
+  { 129420, true },
+  { 129432, true },
+  { 129447, true },
+  { 129461, true },
+  { 129478, true },
+  { 129491, true },
+  { 129504, true },
+  { 129523, true },
+  { 129538, true },
+  { 129553, true },
+  { 129564, true },
+  { 129576, true },
+  { 129591, true },
+  { 129605, true },
+  { 129618, true },
+  { 129627, true },
+  { 129636, true },
+  { 129648, true },
+  { 129664, true },
+  { 129678, true },
+  { 129694, true },
+  { 129710, true },
+  { 129726, true },
+  { 129736, true },
+  { 129756, true },
+  { 129775, true },
+  { 129797, true },
+  { 129814, true },
+  { 129830, true },
+  { 129851, true },
+  { 129881, true },
+  { 129913, true },
+  { 129946, true },
+  { 129977, true },
+  { 129998, true },
+  { 130022, true },
+  { 130030, true },
+  { 130049, true },
+  { 130069, true },
+  { 130085, true },
+  { 130103, true },
+  { 130120, true },
+  { 130139, true },
+  { 130163, true },
+  { 130182, true },
+  { 130200, true },
+  { 130217, true },
+  { 130239, true },
+  { 130255, true },
+  { 130275, true },
+  { 130295, true },
+  { 130311, true },
+  { 130328, true },
+  { 130350, true },
+  { 130367, true },
+  { 130383, true },
+  { 130400, true },
+  { 130415, true },
+  { 130431, true },
+  { 130450, true },
+  { 130467, true },
+  { 130489, true },
+  { 130511, true },
+  { 130533, true },
+  { 130552, true },
+  { 130567, true },
+  { 130584, true },
+  { 130598, true },
+  { 130611, true },
+  { 130624, true },
+  { 130640, true },
+  { 130672, true },
+  { 130694, true },
+  { 130704, true },
+  { 130721, false },
+  { 130736, true },
+  { 130751, true },
+  { 130762, true },
+  { 130772, true },
+  { 130787, true },
+  { 130801, true },
+  { 130819, true },
+  { 130837, true },
+  { 130850, true },
+  { 130866, true },
+  { 130878, true },
+  { 130893, true },
+  { 130912, true },
+  { 130928, false },
+  { 130938, false },
+  { 130947, true },
+  { 130969, true },
+  { 130989, true },
+  { 131010, true },
+  { 131026, true },
+  { 131040, true },
+  { 131054, true },
+  { 131065, true },
+  { 131086, true },
+  { 131107, true },
+  { 131123, true },
+  { 131143, true },
+  { 131154, true },
+  { 131167, true },
+  { 131189, true },
+  { 131213, true },
+  { 131222, false },
+  { 131239, true },
+  { 131248, true },
+  { 131261, true },
+  { 131275, true },
+  { 131286, true },
+  { 131307, true },
+  { 131318, true },
+  { 131329, true },
+  { 131345, true },
+  { 131358, true },
+  { 131371, true },
+  { 131393, true },
+  { 131412, true },
+  { 131425, true },
+  { 131436, true },
+  { 131456, true },
+  { 131465, true },
+  { 131480, true },
+  { 131489, true },
+  { 131501, true },
+  { 131514, true },
+  { 131524, true },
+  { 131533, true },
+  { 131556, true },
+  { 131569, true },
+  { 131586, true },
+  { 131602, true },
+  { 131613, true },
+  { 131630, true },
+  { 131655, true },
+  { 131682, true },
+  { 131709, true },
+  { 131721, true },
+  { 131732, true },
+  { 131749, true },
+  { 131765, true },
+  { 131776, true },
+  { 131785, true },
+  { 131798, true },
+  { 131811, true },
+  { 131831, true },
+  { 131844, true },
+  { 131867, true },
+  { 131884, true },
+  { 131899, true },
+  { 131922, true },
+  { 131936, true },
+  { 131946, true },
+  { 131961, true },
+  { 131982, true },
+  { 131992, true },
+  { 132008, true },
+  { 132018, true },
+  { 132032, true },
+  { 132056, true },
+  { 132073, true },
+  { 132087, true },
+  { 132113, true },
+  { 132130, true },
+  { 132149, true },
+  { 132182, true },
+  { 132204, true },
+  { 132224, true },
+  { 132233, true },
+  { 132241, true },
+  { 132262, true },
+  { 132269, true },
+  { 132289, true },
+  { 132300, true },
+  { 132312, true },
+  { 132325, true },
+  { 132339, true },
+  { 132356, true },
+  { 132373, false },
+  { 132386, true },
+  { 132404, true },
+  { 132419, true },
+  { 132436, true },
+  { 132447, true },
+  { 132465, true },
+  { 132481, true },
+  { 132505, true },
+  { 132515, true },
+  { 132528, true },
+  { 132538, true },
+  { 132554, true },
+  { 132568, true },
+  { 132587, true },
+  { 132611, true },
+  { 132623, true },
+  { 132638, true },
+  { 132654, true },
+  { 132665, true },
+  { 132685, true },
+  { 132706, true },
+  { 132719, true },
+  { 132730, true },
+  { 132742, true },
+  { 132762, true },
+  { 132776, true },
+  { 132792, true },
+  { 132819, true },
+  { 132845, true },
+  { 132869, true },
+  { 132892, true },
+  { 132915, true },
+  { 132927, true },
+  { 132941, true },
+  { 132952, true },
+  { 132967, true },
+  { 132982, true },
+  { 132995, true },
+  { 133004, true },
+  { 133013, true },
+  { 133027, true },
+  { 133039, false },
+  { 133067, true },
+  { 133080, true },
+  { 133089, true },
+  { 133100, true },
+  { 133124, true },
+  { 133134, true },
+  { 133150, true },
+  { 133160, true },
+  { 133172, true },
+  { 133184, true },
+  { 133207, false },
+  { 133221, false },
+  { 133236, true },
+  { 133251, true },
+  { 133275, true },
+  { 133296, true },
+  { 133318, true },
+  { 133338, true },
+  { 133358, true },
+  { 133368, true },
+  { 133380, true },
+  { 133406, true },
+  { 133420, true },
+  { 133437, true },
+  { 133450, true },
+  { 133478, true },
+  { 133490, true },
+  { 133506, false },
+  { 133530, true },
+  { 133548, true },
+  { 133565, true },
+  { 133584, true },
+  { 133610, true },
+  { 133634, true },
+  { 133655, true },
+  { 133671, true },
+  { 133681, true },
+  { 133697, true },
+  { 133713, true },
+  { 133732, true },
+  { 133751, true },
+  { 133768, true },
+  { 133784, true },
+  { 133798, true },
+  { 133816, true },
+  { 133834, true },
+  { 133857, true },
+  { 133867, true },
+  { 133885, true },
+  { 133893, true },
+  { 133905, true },
+  { 133922, true },
+  { 133939, true },
+  { 133947, true },
+  { 133964, true },
+  { 133978, true },
+  { 133989, true },
+  { 134001, true },
+  { 134021, true },
+  { 134040, true },
+  { 134056, true },
+  { 134076, true },
+  { 134094, true },
+  { 134109, true },
+  { 134127, true },
+  { 134138, true },
+  { 134151, true },
+  { 134162, true },
+  { 134177, true },
+  { 134195, true },
+  { 134210, true },
+  { 134222, true },
+  { 134240, true },
+  { 134256, true },
+  { 134271, true },
+  { 134289, true },
+  { 134307, true },
+  { 134326, true },
+  { 134345, true },
+  { 134358, true },
+  { 134368, true },
+  { 134378, true },
+  { 134392, true },
+  { 134402, true },
+  { 134418, true },
+  { 134429, true },
+  { 134448, true },
+  { 134462, true },
+  { 134472, true },
+  { 134488, true },
+  { 134507, true },
+  { 134517, true },
+  { 134536, true },
+  { 134548, true },
+  { 134558, true },
+  { 134570, true },
+  { 134581, true },
+  { 134591, true },
+  { 134606, true },
+  { 134622, true },
+  { 134635, true },
+  { 134648, true },
+  { 134671, true },
+  { 134695, true },
+  { 134712, true },
+  { 134727, true },
+  { 134740, true },
+  { 134763, true },
+  { 134793, false },
+  { 134805, true },
+  { 134818, true },
+  { 134832, true },
+  { 134842, true },
+  { 134855, true },
+  { 134870, true },
+  { 134890, true },
+  { 134904, true },
+  { 134914, true },
+  { 134929, true },
+  { 134944, true },
+  { 134968, true },
+  { 134991, true },
+  { 135007, true },
+  { 135025, true },
+  { 135036, true },
+  { 135045, true },
+  { 135054, true },
+  { 135066, true },
+  { 135089, false },
+  { 135106, true },
+  { 135119, true },
+  { 135131, true },
+  { 135139, true },
+  { 135155, true },
+  { 135163, true },
+  { 135179, true },
+  { 135194, true },
+  { 135228, true },
+  { 135252, true },
+  { 135267, true },
+  { 135283, true },
+  { 135299, true },
+  { 135313, true },
+  { 135335, true },
+  { 135351, true },
+  { 135365, true },
+  { 135379, true },
+  { 135391, true },
+  { 135406, true },
+  { 135420, true },
+  { 135440, true },
+  { 135450, true },
+  { 135467, true },
+  { 135479, true },
+  { 135490, true },
+  { 135501, true },
+  { 135515, true },
+  { 135531, true },
+  { 135548, true },
+  { 135567, true },
+  { 135577, true },
+  { 135592, true },
+  { 135615, true },
+  { 135636, true },
+  { 135655, true },
+  { 135673, true },
+  { 135691, true },
+  { 135705, true },
+  { 135720, true },
+  { 135736, true },
+  { 135756, true },
+  { 135776, true },
+  { 135793, true },
+  { 135812, true },
+  { 135830, true },
+  { 135851, true },
+  { 135869, true },
+  { 135886, true },
+  { 135906, true },
+  { 135923, true },
+  { 135940, true },
+  { 135958, true },
+  { 135976, true },
+  { 135989, true },
+  { 136005, true },
+  { 136020, true },
+  { 136033, true },
+  { 136047, true },
+  { 136066, true },
+  { 136077, true },
+  { 136090, true },
+  { 136104, true },
+  { 136115, true },
+  { 136128, true },
+  { 136138, true },
+  { 136153, true },
+  { 136167, true },
+  { 136179, true },
+  { 136197, true },
+  { 136208, true },
+  { 136229, true },
+  { 136247, true },
+  { 136272, true },
+  { 136285, true },
+  { 136301, true },
+  { 136307, true },
+  { 136315, true },
+  { 136336, true },
+  { 136345, true },
+  { 136355, true },
+  { 136379, true },
+  { 136391, true },
+  { 136414, true },
+  { 136439, true },
+  { 136451, true },
+  { 136467, true },
+  { 136480, true },
+  { 136492, true },
+  { 136504, true },
+  { 136520, true },
+  { 136539, true },
+  { 136550, true },
+  { 136569, true },
+  { 136584, true },
+  { 136597, true },
+  { 136617, true },
+  { 136632, true },
+  { 136648, true },
+  { 136659, true },
+  { 136677, true },
+  { 136686, true },
+  { 136697, true },
+  { 136708, true },
+  { 136719, true },
+  { 136729, true },
+  { 136746, true },
+  { 136760, true },
+  { 136772, true },
+  { 136788, true },
+  { 136798, true },
+  { 136807, true },
+  { 136821, true },
+  { 136844, true },
+  { 136854, true },
+  { 136864, true },
+  { 136877, true },
+  { 136887, true },
+  { 136899, true },
+  { 136908, true },
+  { 136919, false },
+  { 136932, true },
+  { 136944, true },
+  { 136958, true },
+  { 136970, true },
+  { 136980, true },
+  { 136994, true },
+  { 137006, true },
+  { 137028, true },
+  { 137035, true },
+  { 137048, true },
+  { 137060, true },
+  { 137072, true },
+  { 137084, true },
+  { 137096, true },
+  { 137108, true },
+  { 137120, true },
+  { 137132, true },
+  { 137144, true },
+  { 137158, true },
+  { 137174, true },
+  { 137189, true },
+  { 137205, true },
+  { 137227, true },
+  { 137240, false },
+  { 137260, true },
+  { 137278, true },
+  { 137288, true },
+  { 137301, true },
+  { 137318, true },
+  { 137333, true },
+  { 137346, true },
+  { 137357, true },
+  { 137368, true },
+  { 137379, true },
+  { 137389, true },
+  { 137403, true },
+  { 137412, true },
+  { 137423, true },
+  { 137436, true },
+  { 137451, true },
+  { 137465, true },
+  { 137484, true },
+  { 137498, true },
+  { 137509, true },
+  { 137522, true },
+  { 137540, true },
+  { 137557, true },
+  { 137576, true },
+  { 137597, true },
+  { 137620, true },
+  { 137632, true },
+  { 137642, true },
+  { 137655, true },
+  { 137669, true },
+  { 137678, true },
+  { 137693, true },
+  { 137701, true },
+  { 137715, true },
+  { 137732, true },
+  { 137745, true },
+  { 137756, true },
+  { 137767, true },
+  { 137787, true },
+  { 137796, true },
+  { 137808, true },
+  { 137821, true },
+  { 137830, true },
+  { 137839, true },
+  { 137855, true },
+  { 137864, true },
+  { 137878, true },
+  { 137897, true },
+  { 137911, true },
+  { 137925, true },
+  { 137940, true },
+  { 137955, true },
+  { 137970, true },
+  { 137990, true },
+  { 138011, false },
+  { 138036, true },
+  { 138049, true },
+  { 138058, true },
+  { 138079, true },
+  { 138096, true },
+  { 138106, true },
+  { 138121, true },
+  { 138133, true },
+  { 138152, true },
+  { 138170, true },
+  { 138188, true },
+  { 138203, true },
+  { 138223, true },
+  { 138235, true },
+  { 138247, true },
+  { 138264, true },
+  { 138278, true },
+  { 138291, true },
+  { 138304, true },
+  { 138321, true },
+  { 138348, true },
+  { 138368, true },
+  { 138384, true },
+  { 138409, true },
+  { 138432, true },
+  { 138448, false },
+  { 138476, true },
+  { 138487, true },
+  { 138496, true },
+  { 138509, true },
+  { 138524, true },
+  { 138537, true },
+  { 138553, true },
+  { 138569, true },
+  { 138583, true },
+  { 138592, true },
+  { 138610, true },
+  { 138633, true },
+  { 138667, true },
+  { 138677, true },
+  { 138689, true },
+  { 138710, true },
+  { 138733, true },
+  { 138744, true },
+  { 138761, true },
+  { 138787, true },
+  { 138813, false },
+  { 138828, true },
+  { 138837, true },
+  { 138846, true },
+  { 138858, true },
+  { 138871, true },
+  { 138881, true },
+  { 138890, true },
+  { 138909, true },
+  { 138924, true },
+  { 138938, false },
+  { 138949, true },
+  { 138966, true },
+  { 138990, true },
+  { 139009, true },
+  { 139025, true },
+  { 139040, true },
+  { 139048, true },
+  { 139056, true },
+  { 139067, true },
+  { 139080, true },
+  { 139089, true },
+  { 139104, true },
+  { 139116, true },
+  { 139130, true },
+  { 139144, true },
+  { 139156, true },
+  { 139174, true },
+  { 139189, true },
+  { 139204, true },
+  { 139215, true },
+  { 139232, true },
+  { 139245, true },
+  { 139259, true },
+  { 139271, true },
+  { 139282, true },
+  { 139295, true },
+  { 139316, true },
+  { 139330, true },
+  { 139350, true },
+  { 139362, true },
+  { 139377, true },
+  { 139396, true },
+  { 139416, true },
+  { 139436, true },
+  { 139443, true },
+  { 139452, true },
+  { 139460, true },
+  { 139473, true },
+  { 139483, true },
+  { 139497, true },
+  { 139512, true },
+  { 139525, true },
+  { 139539, true },
+  { 139556, true },
+  { 139573, true },
+  { 139590, true },
+  { 139603, true },
+  { 139616, true },
+  { 139629, true },
+  { 139642, true },
+  { 139655, true },
+  { 139668, true },
+  { 139681, true },
+  { 139694, true },
+  { 139707, true },
+  { 139720, true },
+  { 139733, true },
+  { 139746, true },
+  { 139759, true },
+  { 139773, true },
+  { 139781, true },
+  { 139790, true },
+  { 139798, true },
+  { 139819, true },
+  { 139832, true },
+  { 139848, true },
+  { 139871, true },
+  { 139885, true },
+  { 139903, true },
+  { 139917, true },
+  { 139931, true },
+  { 139945, true },
+  { 139960, true },
+  { 139974, true },
+  { 139988, true },
+  { 140002, true },
+  { 140017, true },
+  { 140031, true },
+  { 140045, true },
+  { 140059, true },
+  { 140073, true },
+  { 140090, true },
+  { 140110, true },
+  { 140142, true },
+  { 140167, true },
+  { 140179, true },
+  { 140189, true },
+  { 140201, true },
+  { 140216, true },
+  { 140228, true },
+  { 140242, true },
+  { 140256, true },
+  { 140267, true },
+  { 140274, true },
+  { 140289, true },
+  { 140299, true },
+  { 140311, true },
+  { 140323, true },
+  { 140338, true },
+  { 140353, true },
+  { 140366, true },
+  { 140385, true },
+  { 140395, true },
+  { 140415, true },
+  { 140433, true },
+  { 140446, true },
+  { 140456, true },
+  { 140470, true },
+  { 140486, true },
+  { 140503, true },
+  { 140516, true },
+  { 140529, true },
+  { 140542, true },
+  { 140555, true },
+  { 140579, true },
+  { 140597, true },
+  { 140607, true },
+  { 140618, true },
+  { 140634, true },
+  { 140660, true },
+  { 140672, true },
+  { 140684, true },
+  { 140697, true },
+  { 140716, false },
+  { 140731, true },
+  { 140744, true },
+  { 140765, true },
+  { 140781, true },
+  { 140797, true },
+  { 140809, true },
+  { 140826, true },
+  { 140840, true },
+  { 140858, true },
+  { 140875, true },
+  { 140894, true },
+  { 140905, true },
+  { 140927, true },
+  { 140945, true },
+  { 140964, true },
+  { 140977, true },
+  { 140989, true },
+  { 141010, true },
+  { 141019, true },
+  { 141028, true },
+  { 141039, true },
+  { 141053, true },
+  { 141067, false },
+  { 141079, true },
+  { 141104, true },
+  { 141131, true },
+  { 141154, true },
+  { 141172, true },
+  { 141184, true },
+  { 141193, true },
+  { 141204, true },
+  { 141214, true },
+  { 141225, true },
+  { 141236, true },
+  { 141246, true },
+  { 141259, true },
+  { 141274, true },
+  { 141288, true },
+  { 141300, true },
+  { 141311, true },
+  { 141322, true },
+  { 141332, true },
+  { 141343, true },
+  { 141359, true },
+  { 141368, true },
+  { 141380, true },
+  { 141393, true },
+  { 141401, true },
+  { 141412, true },
+  { 141432, true },
+  { 141452, true },
+  { 141463, true },
+  { 141474, true },
+  { 141492, true },
+  { 141504, true },
+  { 141518, true },
+  { 141537, true },
+  { 141550, true },
+  { 141573, true },
+  { 141591, true },
+  { 141615, true },
+  { 141632, true },
+  { 141661, true },
+  { 141671, true },
+  { 141685, true },
+  { 141708, true },
+  { 141720, true },
+  { 141733, true },
+  { 141747, true },
+  { 141759, true },
+  { 141782, true },
+  { 141792, true },
+  { 141807, true },
+  { 141816, true },
+  { 141830, true },
+  { 141846, true },
+  { 141859, true },
+  { 141882, true },
+  { 141892, true },
+  { 141900, true },
+  { 141912, true },
+  { 141926, true },
+  { 141947, true },
+  { 141954, true },
+  { 141967, true },
+  { 141981, true },
+  { 141994, true },
+  { 142011, true },
+  { 142025, true },
+  { 142042, true },
+  { 142062, true },
+  { 142080, true },
+  { 142090, true },
+  { 142108, true },
+  { 142123, true },
+  { 142145, true },
+  { 142162, true },
+  { 142175, true },
+  { 142195, true },
+  { 142212, false },
+  { 142223, true },
+  { 142237, true },
+  { 142248, true },
+  { 142261, true },
+  { 142276, true },
+  { 142296, true },
+  { 142312, true },
+  { 142325, true },
+  { 142340, true },
+  { 142355, true },
+  { 142375, true },
+  { 142386, true },
+  { 142401, true },
+  { 142416, true },
+  { 142433, true },
+  { 142449, true },
+  { 142468, true },
+  { 142487, true },
+  { 142504, true },
+  { 142520, true },
+  { 142535, true },
+  { 142553, true },
+  { 142565, true },
+  { 142572, true },
+  { 142583, true },
+  { 142595, true },
+  { 142611, true },
+  { 142638, true },
+  { 142666, true },
+  { 142690, true },
+  { 142708, false },
+  { 142726, true },
+  { 142742, true },
+  { 142761, true },
+  { 142778, true },
+  { 142796, true },
+  { 142813, true },
+  { 142830, true },
+  { 142849, true },
+  { 142867, true },
+  { 142885, true },
+  { 142905, true },
+  { 142924, true },
+  { 142942, true },
+  { 142951, true },
+  { 142963, true },
+  { 142986, true },
+  { 142998, false },
+  { 143013, true },
+  { 143032, true },
+  { 143044, true },
+  { 143052, true },
+  { 143065, true },
+  { 143079, true },
+  { 143089, true },
+  { 143098, true },
+  { 143106, true },
+  { 143122, true },
+  { 143134, true },
+  { 143154, true },
+  { 143164, true },
+  { 143177, true },
+  { 143187, true },
+  { 143203, true },
+  { 143224, true },
+  { 143233, true },
+  { 143245, true },
+  { 143254, true },
+  { 143264, true },
+  { 143271, true },
+  { 143288, true },
+  { 143305, true },
+  { 143319, true },
+  { 143331, true },
+  { 143344, true },
+  { 143352, true },
+  { 143359, true },
+  { 143372, true },
+  { 143381, true },
+  { 143388, true },
+  { 143402, true },
+  { 143415, true },
+  { 143428, true },
+  { 143441, true },
+  { 143460, true },
+  { 143478, true },
+  { 143493, true },
+  { 143513, true },
+  { 143529, true },
+  { 143545, true },
+  { 143563, true },
+  { 143577, true },
+  { 143591, true },
+  { 143609, true },
+  { 143626, true },
+  { 143643, true },
+  { 143653, true },
+  { 143680, true },
+  { 143715, true },
+  { 143730, true },
+  { 143748, true },
+  { 143765, true },
+  { 143781, true },
+  { 143796, true },
+  { 143822, false },
+  { 143835, true },
+  { 143858, true },
+  { 143877, true },
+  { 143898, true },
+  { 143912, true },
+  { 143925, true },
+  { 143937, true },
+  { 143956, true },
+  { 143981, true },
+  { 144002, true },
+  { 144024, true },
+  { 144045, true },
+  { 144065, true },
+  { 144086, true },
+  { 144106, false },
+  { 144116, true },
+  { 144139, true },
+  { 144156, true },
+  { 144173, true },
+  { 144183, true },
+  { 144193, false },
+  { 144206, true },
+  { 144218, true },
+  { 144237, true },
+  { 144248, true },
+  { 144263, true },
+  { 144271, true },
+  { 144284, true },
+  { 144299, true },
+  { 144310, true },
+  { 144322, true },
+  { 144334, true },
+  { 144347, true },
+  { 144370, true },
+  { 144388, true },
+  { 144400, true },
+  { 144425, true },
+  { 144441, true },
+  { 144461, true },
+  { 144483, true },
+  { 144497, true },
+  { 144508, true },
+  { 144521, true },
+  { 144533, true },
+  { 144542, true },
+  { 144554, true },
+  { 144567, true },
+  { 144581, true },
+  { 144593, true },
+  { 144613, true },
+  { 144632, true },
+  { 144642, true },
+  { 144654, true },
+  { 144678, true },
+  { 144700, true },
+  { 144725, true },
+  { 144748, true },
+  { 144768, true },
+  { 144779, true },
+  { 144795, false },
+  { 144810, true },
+  { 144822, true },
+  { 144834, true },
+  { 144844, true },
+  { 144861, true },
+  { 144881, true },
+  { 144896, true },
+  { 144913, true },
+  { 144930, true },
+  { 144953, true },
+  { 144969, true },
+  { 144989, true },
+  { 145002, true },
+  { 145019, true },
+  { 145040, true },
+  { 145060, true },
+  { 145074, true },
+  { 145091, true },
+  { 145108, true },
+  { 145128, true },
+  { 145146, true },
+  { 145162, true },
+  { 145177, true },
+  { 145187, true },
+  { 145197, true },
+  { 145208, true },
+  { 145227, true },
+  { 145243, true },
+  { 145253, true },
+  { 145263, true },
+  { 145283, true },
+  { 145308, true },
+  { 145342, true },
+  { 145379, true },
+  { 145400, true },
+  { 145431, true },
+  { 145455, true },
+  { 145475, true },
+  { 145489, true },
+  { 145502, true },
+  { 145515, true },
+  { 145524, true },
+  { 145537, true },
+  { 145544, true },
+  { 145551, false },
+  { 145567, true },
+  { 145576, true },
+  { 145590, true },
+  { 145604, true },
+  { 145617, true },
+  { 145637, true },
+  { 145652, true },
+  { 145666, true },
+  { 145685, true },
+  { 145697, true },
+  { 145706, true },
+  { 145716, true },
+  { 145728, true },
+  { 145751, true },
+  { 145765, true },
+  { 145780, true },
+  { 145791, true },
+  { 145802, true },
+  { 145814, true },
+  { 145824, true },
+  { 145835, true },
+  { 145851, true },
+  { 145864, true },
+  { 145880, false },
+  { 145895, true },
+  { 145912, true },
+  { 145929, true },
+  { 145947, true },
+  { 145968, true },
+  { 145985, true },
+  { 146002, true },
+  { 146019, true },
+  { 146036, true },
+  { 146053, true },
+  { 146070, true },
+  { 146087, true },
+  { 146104, true },
+  { 146121, true },
+  { 146138, true },
+  { 146155, true },
+  { 146172, true },
+  { 146191, true },
+  { 146207, true },
+  { 146221, true },
+  { 146246, true },
+  { 146261, true },
+  { 146276, true },
+  { 146293, true },
+  { 146309, true },
+  { 146331, false },
+  { 146344, true },
+  { 146358, true },
+  { 146375, true },
+  { 146392, true },
+  { 146412, false },
+  { 146434, true },
+  { 146447, true },
+  { 146471, true },
+  { 146485, true },
+  { 146505, true },
+  { 146520, true },
+  { 146529, false },
+  { 146543, true },
+  { 146560, true },
+  { 146573, true },
+  { 146586, true },
+  { 146596, true },
+  { 146607, true },
+  { 146618, true },
+  { 146624, true },
+  { 146634, true },
+  { 146650, true },
+  { 146661, true },
+  { 146668, true },
+  { 146680, true },
+  { 146690, true },
+  { 146700, true },
+  { 146709, true },
+  { 146723, true },
+  { 146738, true },
+  { 146748, true },
+  { 146760, true },
+  { 146772, true },
+  { 146781, true },
+  { 146796, true },
+  { 146805, true },
+  { 146816, false },
+  { 146826, true },
+  { 146834, true },
+  { 146844, true },
+  { 146857, true },
+  { 146876, true },
+  { 146890, true },
+  { 146900, true },
+  { 146910, true },
+  { 146932, true },
+  { 146948, true },
+  { 146957, true },
+  { 146980, true },
+  { 146996, true },
+  { 147015, true },
+  { 147038, true },
+  { 147052, true },
+  { 147064, true },
+  { 147081, true },
+  { 147100, true },
+  { 147117, true },
+  { 147129, true },
+  { 147140, true },
+  { 147153, false },
+  { 147165, true },
+  { 147176, true },
+  { 147190, true },
+  { 147203, true },
+  { 147213, true },
+  { 147234, true },
+  { 147249, true },
+  { 147257, true },
+  { 147272, true },
+  { 147286, true },
+  { 147299, true },
+  { 147312, true },
+  { 147322, true },
+  { 147334, true },
+  { 147345, true },
+  { 147356, true },
+  { 147371, true },
+  { 147400, true },
+  { 147412, true },
+  { 147424, true },
+  { 147438, true },
+  { 147453, true },
+  { 147469, true },
+  { 147483, true },
+  { 147500, true },
+  { 147514, true },
+  { 147528, true },
+  { 147543, true },
+  { 147557, true },
+  { 147569, true },
+  { 147583, true },
+  { 147597, true },
+  { 147609, true },
+  { 147621, true },
+  { 147635, true },
+  { 147647, true },
+  { 147659, true },
+  { 147673, true },
+  { 147691, true },
+  { 147699, true },
+  { 147710, true },
+  { 147726, true },
+  { 147742, true },
+  { 147756, true },
+  { 147775, true },
+  { 147794, true },
+  { 147817, false },
+  { 147846, true },
+  { 147876, true },
+  { 147892, true },
+  { 147906, true },
+  { 147920, true },
+  { 147938, true },
+  { 147959, true },
+  { 147978, true },
+  { 147990, true },
+  { 148010, true },
+  { 148025, true },
+  { 148038, true },
+  { 148049, true },
+  { 148064, true },
+  { 148083, true },
+  { 148098, true },
+  { 148116, true },
+  { 148136, true },
+  { 148148, true },
+  { 148160, true },
+  { 148175, true },
+  { 148202, true },
+  { 148225, true },
+  { 148249, true },
+  { 148273, true },
+  { 148289, true },
+  { 148313, true },
+  { 148323, true },
+  { 148337, true },
+  { 148359, true },
+  { 148369, true },
+  { 148401, true },
+  { 148416, true },
+  { 148427, true },
+  { 148435, true },
+  { 148452, true },
+  { 148463, true },
+  { 148475, true },
+  { 148489, true },
+  { 148497, true },
+  { 148519, true },
+  { 148529, true },
+  { 148542, false },
+  { 148553, false },
+  { 148565, true },
+  { 148577, true },
+  { 148587, true },
+  { 148606, true },
+  { 148621, true },
+  { 148635, false },
+  { 148655, true },
+  { 148665, true },
+  { 148673, false },
+  { 148686, true },
+  { 148714, true },
+  { 148728, true },
+  { 148739, true },
+  { 148748, true },
+  { 148761, true },
+  { 148768, true },
+  { 148779, true },
+  { 148788, true },
+  { 148801, true },
+  { 148815, true },
+  { 148830, true },
+  { 148844, true },
+  { 148864, true },
+  { 148882, false },
+  { 148898, true },
+  { 148920, true },
+  { 148935, true },
+  { 148954, true },
+  { 148968, true },
+  { 148985, true },
+  { 148994, true },
+  { 149007, true },
+  { 149020, true },
+  { 149037, true },
+  { 149050, true },
+  { 149060, true },
+  { 149070, true },
+  { 149096, true },
+  { 149106, true },
+  { 149114, true },
+  { 149123, true },
+  { 149137, true },
+  { 149149, true },
+  { 149163, true },
+  { 149176, false },
+  { 149188, true },
+  { 149202, true },
+  { 149214, true },
+  { 149226, true },
+  { 149236, true },
+  { 149253, true },
+  { 149265, true },
+  { 149274, true },
+  { 149294, true },
+  { 149314, true },
+  { 149325, true },
+  { 149342, true },
+  { 149363, true },
+  { 149384, true },
+  { 149400, true },
+  { 149409, true },
+  { 149427, true },
+  { 149444, true },
+  { 149456, true },
+  { 149473, true },
+  { 149493, true },
+  { 149511, true },
+  { 149532, true },
+  { 149546, true },
+  { 149555, true },
+  { 149579, true },
+  { 149595, false },
+  { 149605, true },
+  { 149620, true },
+  { 149633, true },
+  { 149652, true },
+  { 149661, true },
+  { 149677, true },
+  { 149690, true },
+  { 149716, true },
+  { 149733, true },
+  { 149746, true },
+  { 149763, true },
+  { 149777, true },
+  { 149791, true },
+  { 149808, true },
+  { 149828, true },
+  { 149846, true },
+  { 149861, true },
+  { 149872, true },
+  { 149891, true },
+  { 149901, true },
+  { 149913, true },
+  { 149924, true },
+  { 149941, true },
+  { 149953, true },
+  { 149968, false },
+  { 149985, true },
+  { 149993, true },
+  { 150006, true },
+  { 150018, true },
+  { 150033, true },
+  { 150052, true },
+  { 150067, true },
+  { 150084, true },
+  { 150094, true },
+  { 150109, true },
+  { 150123, true },
+  { 150147, true },
+  { 150162, true },
+  { 150187, true },
+  { 150202, true },
+  { 150218, true },
+  { 150235, true },
+  { 150248, true },
+  { 150260, true },
+  { 150272, true },
+  { 150292, true },
+  { 150304, true },
+  { 150317, true },
+  { 150331, true },
+  { 150349, true },
+  { 150370, true },
+  { 150382, true },
+  { 150406, true },
+  { 150426, true },
+  { 150441, true },
+  { 150460, true },
+  { 150472, true },
+  { 150484, true },
+  { 150499, true },
+  { 150523, true },
+  { 150533, true },
+  { 150546, true },
+  { 150580, true },
+  { 150601, true },
+  { 150621, true },
+  { 150643, true },
+  { 150667, true },
+  { 150681, true },
+  { 150695, true },
+  { 150708, true },
+  { 150719, false },
+  { 150735, true },
+  { 150759, true },
+  { 150771, true },
+  { 150786, true },
+  { 150799, true },
+  { 150808, true },
+  { 150822, true },
+  { 150837, true },
+  { 150855, true },
+  { 150881, true },
+  { 150914, true },
+  { 150946, true },
+  { 150961, true },
+  { 150976, true },
+  { 150985, true },
+  { 150995, true },
+  { 151005, true },
+  { 151020, true },
+  { 151031, true },
+  { 151055, true },
+  { 151067, true },
+  { 151079, true },
+  { 151090, true },
+  { 151102, true },
+  { 151111, true },
+  { 151120, true },
+  { 151129, true },
+  { 151139, true },
+  { 151151, true },
+  { 151164, true },
+  { 151178, true },
+  { 151192, true },
+  { 151204, true },
+  { 151220, true },
+  { 151242, true },
+  { 151264, true },
+  { 151278, false },
+  { 151288, false },
+  { 151308, false },
+  { 151322, true },
+  { 151334, true },
+  { 151347, true },
+  { 151356, true },
+  { 151365, true },
+  { 151374, true },
+  { 151387, true },
+  { 151408, true },
+  { 151420, true },
+  { 151432, false },
+  { 151445, true },
+  { 151454, true },
+  { 151462, false },
+  { 151479, true },
+  { 151493, true },
+  { 151509, true },
+  { 151528, true },
+  { 151538, true },
+  { 151548, true },
+  { 151566, true },
+  { 151587, true },
+  { 151601, true },
+  { 151614, true },
+  { 151622, true },
+  { 151641, true },
+  { 151661, true },
+  { 151675, true },
+  { 151684, true },
+  { 151703, true },
+  { 151723, true },
+  { 151732, true },
+  { 151745, true },
+  { 151754, true },
+  { 151767, true },
+  { 151791, true },
+  { 151806, true },
+  { 151819, true },
+  { 151832, true },
+  { 151850, true },
+  { 151870, true },
+  { 151885, false },
+  { 151898, true },
+  { 151915, true },
+  { 151928, true },
+  { 151941, true },
+  { 151954, true },
+  { 151972, true },
+  { 151993, true },
+  { 152008, true },
+  { 152032, true },
+  { 152059, true },
+  { 152073, true },
+  { 152084, true },
+  { 152095, true },
+  { 152105, true },
+  { 152118, false },
+  { 152132, true },
+  { 152145, true },
+  { 152159, true },
+  { 152175, true },
+  { 152189, true },
+  { 152204, true },
+  { 152222, true },
+  { 152235, true },
+  { 152247, true },
+  { 152260, true },
+  { 152269, true },
+  { 152292, false },
+  { 152303, false },
+  { 152314, true },
+  { 152325, true },
+  { 152341, true },
+  { 152359, true },
+  { 152380, true },
+  { 152400, true },
+  { 152422, true },
+  { 152438, true },
+  { 152456, true },
+  { 152473, true },
+  { 152490, true },
+  { 152508, true },
+  { 152525, true },
+  { 152542, true },
+  { 152557, true },
+  { 152575, true },
+  { 152598, true },
+  { 152612, true },
+  { 152627, true },
+  { 152640, false },
+  { 152657, true },
+  { 152672, true },
+  { 152686, true },
+  { 152705, false },
+  { 152715, true },
+  { 152726, true },
+  { 152742, true },
+  { 152751, true },
+  { 152762, true },
+  { 152781, true },
+  { 152801, true },
+  { 152816, true },
+  { 152824, true },
+  { 152835, true },
+  { 152844, true },
+  { 152855, true },
+  { 152866, true },
+  { 152885, true },
+  { 152900, true },
+  { 152918, true },
+  { 152929, true },
+  { 152946, true },
+  { 152961, true },
+  { 152989, true },
+  { 152997, false },
+  { 153008, true },
+  { 153024, true },
+  { 153038, true },
+  { 153050, true },
+  { 153064, true },
+  { 153084, true },
+  { 153098, true },
+  { 153113, true },
+  { 153125, false },
+  { 153146, true },
+  { 153164, true },
+  { 153177, true },
+  { 153187, true },
+  { 153196, true },
+  { 153204, true },
+  { 153220, true },
+  { 153232, true },
+  { 153244, true },
+  { 153254, true },
+  { 153265, true },
+  { 153277, true },
+  { 153297, true },
+  { 153307, true },
+  { 153313, true },
+  { 153331, true },
+  { 153343, true },
+  { 153354, true },
+  { 153362, true },
+  { 153376, true },
+  { 153388, true },
+  { 153400, true },
+  { 153413, true },
+  { 153435, true },
+  { 153446, false },
+  { 153460, true },
+  { 153468, true },
+  { 153483, true },
+  { 153494, true },
+  { 153506, true },
+  { 153521, true },
+  { 153539, false },
+  { 153552, true },
+  { 153573, true },
+  { 153587, true },
+  { 153596, true },
+  { 153619, true },
+  { 153638, true },
+  { 153647, true },
+  { 153658, true },
+  { 153667, true },
+  { 153678, true },
+  { 153685, true },
+  { 153705, true },
+  { 153717, true },
+  { 153731, true },
+  { 153745, true },
+  { 153764, true },
+  { 153783, true },
+  { 153799, true },
+  { 153818, true },
+  { 153826, true },
+  { 153843, true },
+  { 153862, true },
+  { 153871, true },
+  { 153880, true },
+  { 153889, true },
+  { 153899, true },
+  { 153908, true },
+  { 153919, true },
+  { 153932, true },
+  { 153951, true },
+  { 153967, true },
+  { 153985, true },
+  { 153996, true },
+  { 154012, true },
+  { 154019, true },
+  { 154031, true },
+  { 154052, true },
+  { 154068, true },
+  { 154085, true },
+  { 154095, true },
+  { 154110, true },
+  { 154129, true },
+  { 154142, true },
+  { 154159, true },
+  { 154178, true },
+  { 154189, true },
+  { 154204, true },
+  { 154216, true },
+  { 154227, true },
+  { 154235, true },
+  { 154252, true },
+  { 154261, true },
+  { 154275, true },
+  { 154297, true },
+  { 154312, true },
+  { 154324, true },
+  { 154338, true },
+  { 154351, true },
+  { 154367, true },
+  { 154398, true },
+  { 154416, true },
+  { 154433, true },
+  { 154444, true },
+  { 154460, true },
+  { 154475, true },
+  { 154497, true },
+  { 154506, true },
+  { 154519, true },
+  { 154531, false },
+  { 154545, true },
+  { 154562, true },
+  { 154579, true },
+  { 154601, true },
+  { 154615, true },
+  { 154630, true },
+  { 154643, true },
+  { 154654, true },
+  { 154672, true },
+  { 154695, true },
+  { 154712, true },
+  { 154732, true },
+  { 154747, true },
+  { 154758, true },
+  { 154770, true },
+  { 154784, true },
+  { 154803, false },
+  { 154811, true },
+  { 154829, true },
+  { 154853, true },
+  { 154870, true },
+  { 154888, true },
+  { 154899, true },
+  { 154921, true },
+  { 154931, true },
+  { 154956, true },
+  { 154973, true },
+  { 154985, true },
+  { 155001, true },
+  { 155013, true },
+  { 155024, true },
+  { 155036, true },
+  { 155048, true },
+  { 155061, true },
+  { 155075, true },
+  { 155088, true },
+  { 155101, true },
+  { 155119, true },
+  { 155134, true },
+  { 155148, true },
+  { 155177, true },
+  { 155203, false },
+  { 155220, true },
+  { 155230, true },
+  { 155253, true },
+  { 155273, true },
+  { 155296, true },
+  { 155323, true },
+  { 155347, true },
+  { 155370, true },
+  { 155387, true },
+  { 155398, true },
+  { 155413, true },
+  { 155432, true },
+  { 155444, true },
+  { 155456, true },
+  { 155476, true },
+  { 155493, true },
+  { 155509, true },
+  { 155526, true },
+  { 155539, true },
+  { 155547, true },
+  { 155564, true },
+  { 155593, true },
+  { 155605, true },
+  { 155621, true },
+  { 155636, true },
+  { 155657, true },
+  { 155680, true },
+  { 155702, true },
+  { 155724, true },
+  { 155742, true },
+  { 155756, true },
+  { 155767, true },
+  { 155781, true },
+  { 155796, true },
+  { 155817, true },
+  { 155835, true },
+  { 155848, true },
+  { 155858, true },
+  { 155867, true },
+  { 155883, true },
+  { 155895, true },
+  { 155908, true },
+  { 155926, true },
+  { 155944, true },
+  { 155957, true },
+  { 155975, true },
+  { 155983, true },
+  { 155996, true },
+  { 156004, true },
+  { 156021, true },
+  { 156028, false },
+  { 156048, true },
+  { 156062, true },
+  { 156074, true },
+  { 156083, true },
+  { 156098, true },
+  { 156116, true },
+  { 156130, true },
+  { 156139, true },
+  { 156153, true },
+  { 156168, true },
+  { 156176, true },
+  { 156200, true },
+  { 156221, true },
+  { 156237, true },
+  { 156256, true },
+  { 156270, true },
+  { 156287, true },
+  { 156309, true },
+  { 156329, true },
+  { 156348, true },
+  { 156359, true },
+  { 156373, true },
+  { 156383, true },
+  { 156400, true },
+  { 156422, true },
+  { 156443, true },
+  { 156458, true },
+  { 156468, true },
+  { 156484, true },
+  { 156500, true },
+  { 156515, true },
+  { 156528, true },
+  { 156541, true },
+  { 156557, true },
+  { 156575, false },
+  { 156587, true },
+  { 156599, true },
+  { 156625, true },
+  { 156641, true },
+  { 156663, true },
+  { 156683, true },
+  { 156696, true },
+  { 156707, true },
+  { 156722, true },
+  { 156735, true },
+  { 156755, true },
+  { 156769, true },
+  { 156789, true },
+  { 156805, true },
+  { 156821, true },
+  { 156831, true },
+  { 156843, true },
+  { 156851, true },
+  { 156865, true },
+  { 156875, true },
+  { 156899, true },
+  { 156917, true },
+  { 156936, false },
+  { 156955, true },
+  { 156968, true },
+  { 156985, true },
+  { 156999, true },
+  { 157016, true },
+  { 157028, true },
+  { 157038, true },
+  { 157057, true },
+  { 157076, true },
+  { 157092, true },
+  { 157113, true },
+  { 157127, true },
+  { 157147, true },
+  { 157159, true },
+  { 157184, true },
+  { 157220, true },
+  { 157232, true },
+  { 157249, true },
+  { 157262, true },
+  { 157273, true },
+  { 157287, true },
+  { 157307, true },
+  { 157326, true },
+  { 157346, true },
+  { 157363, true },
+  { 157388, true },
+  { 157403, true },
+  { 157422, true },
+  { 157445, true },
+  { 157459, true },
+  { 157477, true },
+  { 157493, true },
+  { 157512, true },
+  { 157534, true },
+  { 157549, true },
+  { 157559, true },
+  { 157578, true },
+  { 157594, true },
+  { 157607, true },
+  { 157625, true },
+  { 157647, true },
+  { 157670, true },
+  { 157684, true },
+  { 157697, true },
+  { 157712, true },
+  { 157725, true },
+  { 157742, true },
+  { 157757, false },
+  { 157767, true },
+  { 157786, true },
+  { 157802, true },
+  { 157817, true },
+  { 157830, true },
+  { 157855, true },
+  { 157870, true },
+  { 157888, true },
+  { 157903, true },
+  { 157921, true },
+  { 157938, true },
+  { 157954, true },
+  { 157972, true },
+  { 157987, true },
+  { 158000, true },
+  { 158012, true },
+  { 158023, true },
+  { 158037, true },
+  { 158055, true },
+  { 158068, true },
+  { 158081, true },
+  { 158095, true },
+  { 158121, true },
+  { 158139, true },
+  { 158163, true },
+  { 158184, true },
+  { 158203, true },
+  { 158219, true },
+  { 158241, true },
+  { 158258, true },
+  { 158268, true },
+  { 158282, true },
+  { 158299, true },
+  { 158318, true },
+  { 158329, true },
+  { 158348, true },
+  { 158364, true },
+  { 158383, true },
+  { 158395, true },
+  { 158411, true },
+  { 158423, true },
+  { 158439, true },
+  { 158453, true },
+  { 158467, true },
+  { 158480, true },
+  { 158495, true },
+  { 158511, true },
+  { 158530, true },
+  { 158545, true },
+  { 158563, true },
+  { 158580, true },
+  { 158593, true },
+  { 158615, true },
+  { 158639, true },
+  { 158659, true },
+  { 158678, true },
+  { 158691, true },
+  { 158715, true },
+  { 158725, true },
+  { 158735, true },
+  { 158744, true },
+  { 158757, true },
+  { 158772, true },
+  { 158784, true },
+  { 158797, true },
+  { 158806, true },
+  { 158816, true },
+  { 158828, true },
+  { 158844, true },
+  { 158854, true },
+  { 158862, true },
+  { 158870, true },
+  { 158883, true },
+  { 158896, true },
+  { 158907, true },
+  { 158920, true },
+  { 158939, true },
+  { 158950, true },
+  { 158966, true },
+  { 158978, true },
+  { 158988, true },
+  { 159006, false },
+  { 159019, true },
+  { 159035, true },
+  { 159050, true },
+  { 159061, true },
+  { 159076, true },
+  { 159093, true },
+  { 159107, true },
+  { 159118, true },
+  { 159134, true },
+  { 159151, true },
+  { 159160, true },
+  { 159169, true },
+  { 159182, true },
+  { 159197, true },
+  { 159212, true },
+  { 159233, true },
+  { 159252, false },
+  { 159262, true },
+  { 159277, true },
+  { 159287, true },
+  { 159301, true },
+  { 159315, true },
+  { 159330, true },
+  { 159341, true },
+  { 159358, true },
+  { 159372, true },
+  { 159380, true },
+  { 159388, true },
+  { 159398, true },
+  { 159408, true },
+  { 159416, true },
+  { 159423, true },
+  { 159433, true },
+  { 159445, true },
+  { 159453, true },
+  { 159464, true },
+  { 159472, true },
+  { 159481, false },
+  { 159489, true },
+  { 159515, true },
+  { 159528, true },
+  { 159538, true },
+  { 159546, true },
+  { 159560, true },
+  { 159571, true },
+  { 159581, true },
+  { 159593, true },
+  { 159605, true },
+  { 159622, true },
+  { 159635, true },
+  { 159650, true },
+  { 159672, true },
+  { 159682, true },
+  { 159693, true },
+  { 159702, true },
+  { 159712, true },
+  { 159735, true },
+  { 159751, true },
+  { 159767, true },
+  { 159788, true },
+  { 159808, true },
+  { 159822, true },
+  { 159836, true },
+  { 159848, true },
+  { 159870, true },
+  { 159885, true },
+  { 159896, true },
+  { 159910, true },
+  { 159929, true },
+  { 159941, true },
+  { 159955, true },
+  { 159972, true },
+  { 159988, true },
+  { 160016, true },
+  { 160041, true },
+  { 160058, true },
+  { 160074, true },
+  { 160085, true },
+  { 160106, false },
+  { 160120, true },
+  { 160134, true },
+  { 160155, true },
+  { 160184, true },
+  { 160198, true },
+  { 160209, true },
+  { 160222, true },
+  { 160235, true },
+  { 160249, true },
+  { 160267, true },
+  { 160278, true },
+  { 160299, true },
+  { 160315, true },
+  { 160333, true },
+  { 160360, true },
+  { 160371, true },
+  { 160384, true },
+  { 160401, true },
+  { 160420, true },
+  { 160434, true },
+  { 160448, true },
+  { 160465, true },
+  { 160489, true },
+  { 160505, true },
+  { 160519, true },
+  { 160532, true },
+  { 160565, true },
+  { 160591, true },
+  { 160607, true },
+  { 160627, true },
+  { 160654, true },
+  { 160682, true },
+  { 160693, true },
+  { 160707, true },
+  { 160726, true },
+  { 160737, true },
+  { 160747, true },
+  { 160757, true },
+  { 160767, true },
+  { 160777, true },
+  { 160787, true },
+  { 160797, true },
+  { 160810, true },
+  { 160833, true },
+  { 160846, true },
+  { 160855, true },
+  { 160871, true },
+  { 160888, true },
+  { 160899, true },
+  { 160910, true },
+  { 160923, true },
+  { 160939, true },
+  { 160950, true },
+  { 160964, true },
+  { 160975, true },
+  { 160989, true },
+  { 161003, true },
+  { 161020, true },
+  { 161038, true },
+  { 161052, true },
+  { 161077, true },
+  { 161090, true },
+  { 161103, true },
+  { 161114, true },
+  { 161123, true },
+  { 161133, true },
+  { 161153, true },
+  { 161167, true },
+  { 161176, true },
+  { 161184, true },
+  { 161194, true },
+  { 161206, true },
+  { 161216, true },
+  { 161224, true },
+  { 161231, true },
+  { 161245, true },
+  { 161259, true },
+  { 161272, true },
+  { 161283, true },
+  { 161297, true },
+  { 161311, true },
+  { 161325, true },
+  { 161335, true },
+  { 161345, false },
+  { 161355, true },
+  { 161368, true },
+  { 161378, true },
+  { 161389, true },
+  { 161405, true },
+  { 161412, true },
+  { 161426, true },
+  { 161454, true },
+  { 161477, true },
+  { 161492, true },
+  { 161504, true },
+  { 161515, true },
+  { 161525, true },
+  { 161534, true },
+  { 161541, true },
+  { 161551, true },
+  { 161561, true },
+  { 161567, true },
+  { 161575, false },
+  { 161586, true },
+  { 161598, true },
+  { 161608, true },
+  { 161619, true },
+  { 161628, true },
+  { 161638, true },
+  { 161645, true },
+  { 161663, true },
+  { 161676, true },
+  { 161694, true },
+  { 161712, true },
+  { 161725, true },
+  { 161736, true },
+  { 161752, true },
+  { 161774, true },
+  { 161789, true },
+  { 161801, true },
+  { 161823, true },
+  { 161832, true },
+  { 161855, true },
+  { 161868, true },
+  { 161877, true },
+  { 161890, true },
+  { 161903, true },
+  { 161915, true },
+  { 161934, true },
+  { 161954, true },
+  { 161964, true },
+  { 161976, true },
+  { 161998, true },
+  { 162013, true },
+  { 162028, true },
+  { 162047, true },
+  { 162065, true },
+  { 162074, true },
+  { 162096, true },
+  { 162111, true },
+  { 162130, true },
+  { 162149, true },
+  { 162167, true },
+  { 162184, true },
+  { 162199, true },
+  { 162215, true },
+  { 162226, true },
+  { 162239, true },
+  { 162257, true },
+  { 162273, true },
+  { 162289, true },
+  { 162300, true },
+  { 162318, true },
+  { 162330, true },
+  { 162341, true },
+  { 162357, true },
+  { 162374, true },
+  { 162389, true },
+  { 162405, true },
+  { 162423, false },
+  { 162438, true },
+  { 162447, true },
+  { 162460, true },
+  { 162474, true },
+  { 162491, true },
+  { 162503, true },
+  { 162520, true },
+  { 162544, true },
+  { 162562, true },
+  { 162574, true },
+  { 162591, true },
+  { 162605, true },
+  { 162620, true },
+  { 162636, true },
+  { 162649, true },
+  { 162663, true },
+  { 162678, true },
+  { 162693, true },
+  { 162710, true },
+  { 162725, true },
+  { 162740, true },
+  { 162753, true },
+  { 162772, true },
+  { 162794, true },
+  { 162815, true },
+  { 162831, true },
+  { 162844, true },
+  { 162858, true },
+  { 162875, true },
+  { 162892, true },
+  { 162913, true },
+  { 162937, true },
+  { 162959, true },
+  { 162971, true },
+  { 162984, true },
+  { 162995, true },
+  { 163010, true },
+  { 163029, true },
+  { 163050, true },
+  { 163067, true },
+  { 163083, true },
+  { 163098, true },
+  { 163112, true },
+  { 163122, false },
+  { 163132, false },
+  { 163145, true },
+  { 163161, true },
+  { 163178, true },
+  { 163197, true },
+  { 163217, true },
+  { 163235, true },
+  { 163256, true },
+  { 163279, true },
+  { 163294, false },
+  { 163315, true },
+  { 163333, true },
+  { 163361, true },
+  { 163376, true },
+  { 163392, true },
+  { 163411, true },
+  { 163433, true },
+  { 163448, true },
+  { 163465, false },
+  { 163479, true },
+  { 163494, true },
+  { 163515, true },
+  { 163528, true },
+  { 163539, true },
+  { 163564, true },
+  { 163580, true },
+  { 163595, true },
+  { 163611, true },
+  { 163628, true },
+  { 163648, true },
+  { 163665, true },
+  { 163684, true },
+  { 163698, true },
+  { 163716, true },
+  { 163730, true },
+  { 163748, true },
+  { 163766, true },
+  { 163779, true },
+  { 163797, true },
+  { 163809, true },
+  { 163820, true },
+  { 163838, true },
+  { 163850, true },
+  { 163862, false },
+  { 163873, true },
+  { 163887, true },
+  { 163903, true },
+  { 163912, true },
+  { 163928, true },
+  { 163944, true },
+  { 163958, true },
+  { 163971, true },
+  { 163981, false },
+  { 163998, true },
+  { 164014, true },
+  { 164027, true },
+  { 164040, true },
+  { 164059, true },
+  { 164068, true },
+  { 164083, true },
+  { 164093, true },
+  { 164102, true },
+  { 164108, true },
+  { 164117, true },
+  { 164125, true },
+  { 164134, true },
+  { 164151, true },
+  { 164163, true },
+  { 164172, true },
+  { 164189, true },
+  { 164203, true },
+  { 164214, false },
+  { 164223, true },
+  { 164235, true },
+  { 164242, true },
+  { 164257, true },
+  { 164264, false },
+  { 164273, true },
+  { 164309, true },
+  { 164320, true },
+  { 164334, true },
+  { 164346, true },
+  { 164356, true },
+  { 164366, true },
+  { 164378, true },
+  { 164399, true },
+  { 164419, true },
+  { 164445, true },
+  { 164455, true },
+  { 164464, true },
+  { 164482, true },
+  { 164491, true },
+  { 164515, true },
+  { 164522, true },
+  { 164534, true },
+  { 164542, true },
+  { 164554, true },
+  { 164567, true },
+  { 164581, false },
+  { 164596, true },
+  { 164610, true },
+  { 164628, true },
+  { 164641, true },
+  { 164655, true },
+  { 164667, true },
+  { 164679, true },
+  { 164691, true },
+  { 164701, true },
+  { 164715, true },
+  { 164728, true },
+  { 164742, true },
+  { 164762, true },
+  { 164773, true },
+  { 164782, true },
+  { 164797, true },
+  { 164809, true },
+  { 164817, true },
+  { 164830, true },
+  { 164846, true },
+  { 164859, true },
+  { 164869, true },
+  { 164876, true },
+  { 164888, true },
+  { 164899, true },
+  { 164913, true },
+  { 164923, true },
+  { 164935, true },
+  { 164952, true },
+  { 164962, true },
+  { 164979, true },
+  { 164996, true },
+  { 165006, true },
+  { 165021, true },
+  { 165035, true },
+  { 165052, true },
+  { 165068, true },
+  { 165077, true },
+  { 165094, false },
+  { 165112, true },
+  { 165134, true },
+  { 165152, false },
+  { 165170, true },
+  { 165182, true },
+  { 165204, true },
+  { 165226, true },
+  { 165237, true },
+  { 165250, true },
+  { 165264, true },
+  { 165276, true },
+  { 165291, true },
+  { 165306, true },
+  { 165322, true },
+  { 165338, true },
+  { 165349, true },
+  { 165367, true },
+  { 165383, true },
+  { 165405, true },
+  { 165429, true },
+  { 165454, true },
+  { 165477, true },
+  { 165500, true },
+  { 165520, true },
+  { 165539, true },
+  { 165550, true },
+  { 165568, true },
+  { 165586, true },
+  { 165605, true },
+  { 165632, true },
+  { 165647, true },
+  { 165667, true },
+  { 165690, true },
+  { 165702, true },
+  { 165716, true },
+  { 165743, true },
+  { 165760, true },
+  { 165775, true },
+  { 165787, true },
+  { 165807, true },
+  { 165818, true },
+  { 165837, true },
+  { 165849, true },
+  { 165866, true },
+  { 165884, true },
+  { 165900, true },
+  { 165916, true },
+  { 165930, true },
+  { 165943, true },
+  { 165958, true },
+  { 165985, true },
+  { 165998, true },
+  { 166012, true },
+  { 166026, true },
+  { 166046, true },
+  { 166068, false },
+  { 166083, true },
+  { 166094, true },
+  { 166118, true },
+  { 166146, false },
+  { 166157, true },
+  { 166174, true },
+  { 166185, true },
+  { 166203, true },
+  { 166222, true },
+  { 166240, true },
+  { 166258, true },
+  { 166281, true },
+  { 166305, true },
+  { 166326, true },
+  { 166347, true },
+  { 166368, true },
+  { 166382, true },
+  { 166395, true },
+  { 166407, true },
+  { 166429, true },
+  { 166440, true },
+  { 166459, true },
+  { 166476, true },
+  { 166496, true },
+  { 166511, true },
+  { 166529, true },
+  { 166547, true },
+  { 166566, true },
+  { 166580, true },
+  { 166594, true },
+  { 166612, true },
+  { 166620, true },
+  { 166641, true },
+  { 166662, true },
+  { 166678, true },
+  { 166698, true },
+  { 166708, true },
+  { 166730, true },
+  { 166751, true },
+  { 166767, true },
+  { 166788, true },
+  { 166804, true },
+  { 166815, true },
+  { 166831, true },
+  { 166846, true },
+  { 166860, true },
+  { 166871, true },
+  { 166885, true },
+  { 166895, true },
+  { 166905, true },
+  { 166922, false },
+  { 166935, true },
+  { 166947, true },
+  { 166958, true },
+  { 166975, true },
+  { 166988, true },
+  { 166998, true },
+  { 167012, true },
+  { 167030, true },
+  { 167049, true },
+  { 167067, true },
+  { 167083, true },
+  { 167094, true },
+  { 167114, true },
+  { 167125, true },
+  { 167138, true },
+  { 167151, true },
+  { 167167, true },
+  { 167180, true },
+  { 167190, true },
+  { 167202, true },
+  { 167213, true },
+  { 167227, true },
+  { 167235, true },
+  { 167252, true },
+  { 167267, true },
+  { 167279, true },
+  { 167295, true },
+  { 167313, true },
+  { 167326, true },
+  { 167343, true },
+  { 167362, true },
+  { 167379, true },
+  { 167393, true },
+  { 167408, true },
+  { 167421, true },
+  { 167435, true },
+  { 167447, true },
+  { 167463, true },
+  { 167477, true },
+  { 167486, true },
+  { 167507, true },
+  { 167526, true },
+  { 167539, false },
+  { 167550, true },
+  { 167565, true },
+  { 167576, true },
+  { 167600, true },
+  { 167615, true },
+  { 167629, true },
+  { 167638, true },
+  { 167655, true },
+  { 167681, true },
+  { 167691, true },
+  { 167702, true },
+  { 167715, true },
+  { 167724, true },
+  { 167737, true },
+  { 167750, true },
+  { 167761, true },
+  { 167774, true },
+  { 167788, true },
+  { 167799, true },
+  { 167816, true },
+  { 167825, true },
+  { 167849, true },
+  { 167856, true },
+  { 167870, true },
+  { 167877, true },
+  { 167889, true },
+  { 167896, true },
+  { 167908, true },
+  { 167917, true },
+  { 167932, true },
+  { 167947, true },
+  { 167960, true },
+  { 167980, true },
+  { 167999, true },
+  { 168016, true },
+  { 168032, true },
+  { 168052, true },
+  { 168071, true },
+  { 168087, true },
+  { 168108, true },
+  { 168127, true },
+  { 168140, true },
+  { 168163, true },
+  { 168186, true },
+  { 168199, true },
+  { 168218, true },
+  { 168232, true },
+  { 168242, true },
+  { 168252, true },
+  { 168273, false },
+  { 168285, true },
+  { 168309, true },
+  { 168324, false },
+  { 168338, false },
+  { 168345, true },
+  { 168353, true },
+  { 168367, true },
+  { 168377, true },
+  { 168391, true },
+  { 168408, true },
+  { 168433, true },
+  { 168446, true },
+  { 168461, true },
+  { 168473, true },
+  { 168488, true },
+  { 168515, true },
+  { 168528, true },
+  { 168542, true },
+  { 168555, true },
+  { 168575, true },
+  { 168593, true },
+  { 168615, true },
+  { 168635, true },
+  { 168652, true },
+  { 168662, true },
+  { 168671, true },
+  { 168689, true },
+  { 168701, true },
+  { 168712, true },
+  { 168727, true },
+  { 168741, true },
+  { 168757, true },
+  { 168774, true },
+  { 168791, true },
+  { 168805, true },
+  { 168827, true },
+  { 168845, true },
+  { 168863, true },
+  { 168888, true },
+  { 168901, true },
+  { 168909, true },
+  { 168920, true },
+  { 168935, true },
+  { 168960, true },
+  { 168980, true },
+  { 168994, true },
+  { 169004, true },
+  { 169014, true },
+  { 169024, true },
+  { 169033, true },
+  { 169044, true },
+  { 169057, true },
+  { 169085, true },
+  { 169096, false },
+  { 169109, true },
+  { 169118, true },
+  { 169130, true },
+  { 169147, true },
+  { 169156, true },
+  { 169168, true },
+  { 169188, true },
+  { 169201, false },
+  { 169221, true },
+  { 169235, true },
+  { 169246, true },
+  { 169259, true },
+  { 169272, true },
+  { 169289, false },
+  { 169305, true },
+  { 169316, true },
+  { 169331, true },
+  { 169344, true },
+  { 169357, true },
+  { 169369, true },
+  { 169379, true },
+  { 169392, true },
+  { 169409, true },
+  { 169422, false },
+  { 169433, false },
+  { 169443, true },
+  { 169454, false },
+  { 169474, true },
+  { 169503, true },
+  { 169515, true },
+  { 169530, true },
+  { 169545, true },
+  { 169560, true },
+  { 169576, true },
+  { 169605, true },
+  { 169624, true },
+  { 169641, true },
+  { 169667, true },
+  { 169687, true },
+  { 169700, true },
+  { 169720, true },
+  { 169734, true },
+  { 169750, true },
+  { 169781, true },
+  { 169809, true },
+  { 169824, true },
+  { 169839, true },
+  { 169854, true },
+  { 169868, true },
+  { 169878, true },
+  { 169892, true },
+  { 169909, true },
+  { 169927, true },
+  { 169948, true },
+  { 169958, true },
+  { 169980, true },
+  { 169998, true },
+  { 170019, true },
+  { 170036, true },
+  { 170052, true },
+  { 170086, true },
+  { 170111, true },
+  { 170130, true },
+  { 170153, true },
+  { 170177, true },
+  { 170206, true },
+  { 170230, true },
+  { 170256, true },
+  { 170288, true },
+  { 170304, true },
+  { 170321, true },
+  { 170345, true },
+  { 170370, true },
+  { 170386, true },
+  { 170402, true },
+  { 170413, false },
+  { 170425, true },
+  { 170441, true },
+  { 170461, true },
+  { 170486, true },
+  { 170506, true },
+  { 170530, true },
+  { 170548, true },
+  { 170557, true },
+  { 170569, false },
+  { 170589, false },
+  { 170599, true },
+  { 170614, true },
+  { 170621, true },
+  { 170629, true },
+  { 170638, true },
+  { 170648, true },
+  { 170656, true },
+  { 170666, true },
+  { 170680, true },
+  { 170688, true },
+  { 170704, true },
+  { 170726, true },
+  { 170733, true },
+  { 170740, true },
+  { 170750, true },
+  { 170758, true },
+  { 170765, true },
+  { 170772, true },
+  { 170779, true },
+  { 170787, true },
+  { 170796, true },
+  { 170804, true },
+  { 170816, true },
+  { 170828, true },
+  { 170838, true },
+  { 170851, true },
+  { 170867, true },
+  { 170878, true },
+  { 170886, true },
+  { 170896, true },
+  { 170911, true },
+  { 170921, false },
+  { 170933, true },
+  { 170949, true },
+  { 170968, true },
+  { 170984, true },
+  { 170997, true },
+  { 171011, true },
+  { 171028, true },
+  { 171046, true },
+  { 171061, true },
+  { 171074, true },
+  { 171089, true },
+  { 171098, true },
+  { 171121, true },
+  { 171135, true },
+  { 171146, true },
+  { 171161, true },
+  { 171175, true },
+  { 171200, true },
+  { 171218, true },
+  { 171229, true },
+  { 171244, true },
+  { 171255, true },
+  { 171267, false },
+  { 171279, true },
+  { 171298, true },
+  { 171318, true },
+  { 171332, true },
+  { 171346, true },
+  { 171357, true },
+  { 171368, true },
+  { 171379, true },
+  { 171389, true },
+  { 171410, true },
+  { 171427, true },
+  { 171444, true },
+  { 171462, true },
+  { 171472, true },
+  { 171509, true },
+  { 171535, true },
+  { 171551, true },
+  { 171581, true },
+  { 171604, true },
+  { 171618, true },
+  { 171637, true },
+  { 171650, true },
+  { 171666, true },
+  { 171685, true },
+  { 171702, true },
+  { 171717, true },
+  { 171735, true },
+  { 171748, true },
+  { 171769, true },
+  { 171783, true },
+  { 171796, true },
+  { 171808, true },
+  { 171821, true },
+  { 171838, true },
+  { 171850, true },
+  { 171866, true },
+  { 171877, true },
+  { 171885, true },
+  { 171892, true },
+  { 171906, true },
+  { 171918, true },
+  { 171934, false },
+  { 171948, true },
+  { 171962, true },
+  { 171978, true },
+  { 171993, true },
+  { 172012, true },
+  { 172030, true },
+  { 172049, true },
+  { 172056, true },
+  { 172077, true },
+  { 172094, false },
+  { 172109, true },
+  { 172124, true },
+  { 172141, true },
+  { 172151, true },
+  { 172170, true },
+  { 172181, true },
+  { 172191, true },
+  { 172210, true },
+  { 172223, true },
+  { 172241, true },
+  { 172261, true },
+  { 172271, true },
+  { 172281, true },
+  { 172293, true },
+  { 172301, false },
+  { 172312, true },
+  { 172327, true },
+  { 172338, true },
+  { 172357, true },
+  { 172370, true },
+  { 172389, true },
+  { 172408, true },
+  { 172424, true },
+  { 172446, true },
+  { 172458, true },
+  { 172471, false },
+  { 172485, true },
+  { 172500, true },
+  { 172514, false },
+  { 172529, true },
+  { 172545, true },
+  { 172556, true },
+  { 172568, true },
+  { 172578, true },
+  { 172587, true },
+  { 172604, true },
+  { 172617, true },
+  { 172627, true },
+  { 172644, true },
+  { 172652, true },
+  { 172664, true },
+  { 172676, true },
+  { 172695, true },
+  { 172715, true },
+  { 172722, true },
+  { 172741, true },
+  { 172757, true },
+  { 172771, true },
+  { 172783, false },
+  { 172793, true },
+  { 172811, true },
+  { 172823, true },
+  { 172839, true },
+  { 172864, true },
+  { 172875, true },
+  { 172883, true },
+  { 172903, true },
+  { 172915, true },
+  { 172926, true },
+  { 172938, true },
+  { 172948, true },
+  { 172966, true },
+  { 172985, true },
+  { 172994, false },
+  { 173014, true },
+  { 173023, false },
+  { 173034, true },
+  { 173043, true },
+  { 173057, true },
+  { 173071, true },
+  { 173091, true },
+  { 173110, true },
+  { 173124, true },
+  { 173140, true },
+  { 173155, true },
+  { 173169, true },
+  { 173191, true },
+  { 173205, true },
+  { 173221, true },
+  { 173233, true },
+  { 173246, true },
+  { 173254, true },
+  { 173267, true },
+  { 173278, true },
+  { 173290, true },
+  { 173312, true },
+  { 173326, true },
+  { 173342, false },
+  { 173353, true },
+  { 173368, true },
+  { 173384, false },
+  { 173409, true },
+  { 173425, true },
+  { 173441, true },
+  { 173457, true },
+  { 173476, true },
+  { 173498, true },
+  { 173512, true },
+  { 173526, true },
+  { 173549, true },
+  { 173562, true },
+  { 173587, true },
+  { 173606, true },
+  { 173630, true },
+  { 173646, true },
+  { 173664, true },
+  { 173680, true },
+  { 173696, true },
+  { 173707, true },
+  { 173725, true },
+  { 173737, true },
+  { 173756, true },
+  { 173766, true },
+  { 173786, true },
+  { 173803, true },
+  { 173821, true },
+  { 173835, true },
+  { 173848, true },
+  { 173863, true },
+  { 173883, true },
+  { 173903, true },
+  { 173933, true },
+  { 173947, true },
+  { 173960, true },
+  { 173981, true },
+  { 173999, true },
+  { 174014, true },
+  { 174030, true },
+  { 174058, true },
+  { 174073, true },
+  { 174087, true },
+  { 174102, true },
+  { 174117, true },
+  { 174129, true },
+  { 174146, true },
+  { 174159, true },
+  { 174170, true },
+  { 174189, false },
+  { 174197, true },
+  { 174211, true },
+  { 174230, true },
+  { 174247, true },
+  { 174261, true },
+  { 174273, true },
+  { 174288, true },
+  { 174302, true },
+  { 174315, true },
+  { 174333, true },
+  { 174347, true },
+  { 174362, true },
+  { 174380, true },
+  { 174395, true },
+  { 174410, true },
+  { 174425, true },
+  { 174441, true },
+  { 174472, true },
+  { 174503, true },
+  { 174517, true },
+  { 174536, true },
+  { 174558, true },
+  { 174585, true },
+  { 174607, true },
+  { 174625, true },
+  { 174639, true },
+  { 174661, true },
+  { 174676, true },
+  { 174695, true },
+  { 174709, true },
+  { 174728, true },
+  { 174737, true },
+  { 174747, true },
+  { 174762, true },
+  { 174775, true },
+  { 174790, true },
+  { 174807, true },
+  { 174827, true },
+  { 174854, true },
+  { 174871, true },
+  { 174896, true },
+  { 174917, true },
+  { 174942, true },
+  { 174960, true },
+  { 174971, true },
+  { 174984, true },
+  { 174997, true },
+  { 175007, true },
+  { 175022, true },
+  { 175032, true },
+  { 175043, true },
+  { 175055, true },
+  { 175067, true },
+  { 175078, true },
+  { 175095, true },
+  { 175112, true },
+  { 175127, true },
+  { 175134, true },
+  { 175147, true },
+  { 175157, true },
+  { 175174, true },
+  { 175184, true },
+  { 175194, true },
+  { 175203, true },
+  { 175213, true },
+  { 175232, true },
+  { 175250, true },
+  { 175271, true },
+  { 175291, true },
+  { 175304, true },
+  { 175321, true },
+  { 175334, true },
+  { 175356, true },
+  { 175368, true },
+  { 175386, true },
+  { 175403, true },
+  { 175413, true },
+  { 175426, true },
+  { 175434, true },
+  { 175456, true },
+  { 175470, true },
+  { 175492, true },
+  { 175513, true },
+  { 175533, true },
+  { 175554, true },
+  { 175562, true },
+  { 175574, true },
+  { 175591, true },
+  { 175603, true },
+  { 175632, true },
+  { 175645, true },
+  { 175662, true },
+  { 175677, true },
+  { 175696, true },
+  { 175706, true },
+  { 175725, true },
+  { 175736, true },
+  { 175745, true },
+  { 175755, true },
+  { 175768, true },
+  { 175788, true },
+  { 175805, true },
+  { 175833, true },
+  { 175855, true },
+  { 175880, false },
+  { 175898, true },
+  { 175910, true },
+  { 175928, true },
+  { 175947, true },
+  { 175956, true },
+  { 175971, true },
+  { 175986, true },
+  { 175999, true },
+  { 176020, true },
+  { 176037, true },
+  { 176060, true },
+  { 176074, true },
+  { 176088, true },
+  { 176098, true },
+  { 176112, true },
+  { 176128, true },
+  { 176143, true },
+  { 176158, true },
+  { 176173, true },
+  { 176183, true },
+  { 176195, true },
+  { 176205, true },
+  { 176213, true },
+  { 176225, true },
+  { 176233, true },
+  { 176249, true },
+  { 176267, true },
+  { 176277, true },
+  { 176291, true },
+  { 176307, true },
+  { 176315, true },
+  { 176323, true },
+  { 176332, true },
+  { 176344, true },
+  { 176354, true },
+  { 176368, true },
+  { 176382, true },
+  { 176396, true },
+  { 176408, true },
+  { 176420, true },
+  { 176433, true },
+  { 176449, true },
+  { 176459, false },
+  { 176475, true },
+  { 176488, true },
+  { 176500, true },
+  { 176511, true },
+  { 176538, true },
+  { 176549, true },
+  { 176564, true },
+  { 176585, true },
+  { 176609, true },
+  { 176620, true },
+  { 176629, true },
+  { 176649, true },
+  { 176665, true },
+  { 176686, true },
+  { 176709, true },
+  { 176721, true },
+  { 176738, true },
+  { 176751, true },
+  { 176760, true },
+  { 176769, true },
+  { 176777, true },
+  { 176788, true },
+  { 176798, true },
+  { 176810, true },
+  { 176833, true },
+  { 176859, true },
+  { 176876, true },
+  { 176892, true },
+  { 176915, true },
+  { 176933, true },
+  { 176951, true },
+  { 176961, true },
+  { 176980, false },
+  { 176998, false },
+  { 177016, true },
+  { 177046, true },
+  { 177066, true },
+  { 177083, true },
+  { 177102, false },
+  { 177116, true },
+  { 177147, true },
+  { 177158, true },
+  { 177178, true },
+  { 177190, true },
+  { 177203, true },
+  { 177217, true },
+  { 177245, true },
+  { 177262, true },
+  { 177275, true },
+  { 177283, true },
+  { 177302, true },
+  { 177316, true },
+  { 177328, true },
+  { 177343, true },
+  { 177356, true },
+  { 177366, true },
+  { 177378, false },
+  { 177388, true },
+  { 177398, true },
+  { 177408, true },
+  { 177420, true },
+  { 177435, true },
+  { 177450, true },
+  { 177459, true },
+  { 177470, true },
+  { 177483, true },
+  { 177510, true },
+  { 177518, true },
+  { 177535, true },
+  { 177547, true },
+  { 177564, true },
+  { 177580, true },
+  { 177601, true },
+  { 177616, true },
+  { 177630, true },
+  { 177640, true },
+  { 177648, true },
+  { 177662, true },
+  { 177673, true },
+  { 177686, true },
+  { 177697, true },
+  { 177706, true },
+  { 177715, true },
+  { 177732, true },
+  { 177750, true },
+  { 177762, true },
+  { 177773, true },
+  { 177785, true },
+  { 177797, true },
+  { 177806, true },
+  { 177814, true },
+  { 177826, true },
+  { 177837, true },
+  { 177855, true },
+  { 177872, true },
+  { 177893, true },
+  { 177903, true },
+  { 177918, false },
+  { 177929, true },
+  { 177948, true },
+  { 177962, true },
+  { 177970, true },
+  { 177982, true },
+  { 177994, true },
+  { 178012, true },
+  { 178024, true },
+  { 178035, true },
+  { 178042, true },
+  { 178054, true },
+  { 178066, true },
+  { 178074, true },
+  { 178086, true },
+  { 178095, true },
+  { 178107, true },
+  { 178115, true },
+  { 178122, true },
+  { 178129, true },
+  { 178137, true },
+  { 178145, true },
+  { 178159, true },
+  { 178166, true },
+  { 178173, true },
+  { 178180, false },
+  { 178191, true },
+  { 178198, true },
+  { 178205, true },
+  { 178232, true },
+  { 178243, true },
+  { 178254, true },
+  { 178269, true },
+  { 178279, true },
+  { 178291, true },
+  { 178302, true },
+  { 178316, true },
+  { 178342, true },
+  { 178352, true },
+  { 178362, true },
+  { 178377, true },
+  { 178392, true },
+  { 178407, true },
+  { 178421, true },
+  { 178435, true },
+  { 178449, true },
+  { 178469, true },
+  { 178484, true },
+  { 178496, true },
+  { 178509, true },
+  { 178519, true },
+  { 178530, true },
+  { 178543, true },
+  { 178555, true },
+  { 178569, true },
+  { 178584, true },
+  { 178597, true },
+  { 178615, true },
+  { 178628, true },
+  { 178654, true },
+  { 178681, true },
+  { 178695, true },
+  { 178709, true },
+  { 178726, true },
+  { 178741, true },
+  { 178754, true },
+  { 178772, true },
+  { 178786, true },
+  { 178802, true },
+  { 178812, true },
+  { 178826, true },
+  { 178840, true },
+  { 178857, true },
+  { 178870, true },
+  { 178890, true },
+  { 178900, true },
+  { 178927, true },
+  { 178937, true },
+  { 178949, true },
+  { 178967, true },
+  { 178980, true },
+  { 178989, true },
+  { 179000, true },
+  { 179016, true },
+  { 179031, true },
+  { 179053, true },
+  { 179067, true },
+  { 179079, true },
+  { 179090, true },
+  { 179101, true },
+  { 179115, true },
+  { 179144, true },
+  { 179162, true },
+  { 179173, true },
+  { 179182, true },
+  { 179192, true },
+  { 179213, true },
+  { 179221, true },
+  { 179231, true },
+  { 179243, true },
+  { 179253, true },
+  { 179271, true },
+  { 179281, true },
+  { 179297, true },
+  { 179323, true },
+  { 179350, true },
+  { 179373, true },
+  { 179387, true },
+  { 179402, true },
+  { 179421, true },
+  { 179438, true },
+  { 179456, true },
+  { 179464, true },
+  { 179492, true },
+  { 179507, true },
+  { 179518, true },
+  { 179536, true },
+  { 179546, true },
+  { 179556, true },
+  { 179567, true },
+  { 179583, true },
+  { 179599, true },
+  { 179618, true },
+  { 179633, true },
+  { 179642, true },
+  { 179670, true },
+  { 179686, true },
+  { 179704, true },
+  { 179719, true },
+  { 179730, true },
+  { 179744, true },
+  { 179757, true },
+  { 179774, true },
+  { 179800, true },
+  { 179828, true },
+  { 179843, true },
+  { 179864, true },
+  { 179884, true },
+  { 179905, true },
+  { 179922, true },
+  { 179936, true },
+  { 179963, true },
+  { 179982, true },
+  { 179996, true },
+  { 180011, false },
+  { 180024, true },
+  { 180039, true },
+  { 180055, true },
+  { 180075, true },
+  { 180090, true },
+  { 180107, true },
+  { 180119, true },
+  { 180151, false },
+  { 180163, true },
+  { 180173, true },
+  { 180186, true },
+  { 180202, true },
+  { 180221, true },
+  { 180239, true },
+  { 180250, true },
+  { 180258, true },
+  { 180267, true },
+  { 180277, true },
+  { 180289, true },
+  { 180303, true },
+  { 180317, true },
+  { 180330, true },
+  { 180339, true },
+  { 180351, true },
+  { 180362, true },
+  { 180376, true },
+  { 180390, false },
+  { 180413, true },
+  { 180431, true },
+  { 180444, false },
+  { 180459, true },
+  { 180471, true },
+  { 180486, true },
+  { 180509, true },
+  { 180528, true },
+  { 180547, true },
+  { 180565, true },
+  { 180579, true },
+  { 180593, true },
+  { 180612, true },
+  { 180622, true },
+  { 180636, true },
+  { 180649, true },
+  { 180669, true },
+  { 180688, true },
+  { 180705, true },
+  { 180722, true },
+  { 180734, true },
+  { 180748, true },
+  { 180766, true },
+  { 180782, true },
+  { 180795, true },
+  { 180810, true },
+  { 180824, true },
+  { 180833, true },
+  { 180849, true },
+  { 180865, true },
+  { 180877, true },
+  { 180895, true },
+  { 180911, true },
+  { 180923, true },
+  { 180935, true },
+  { 180949, true },
+  { 180966, true },
+  { 180978, true },
+  { 180993, true },
+  { 181006, true },
+  { 181022, true },
+  { 181039, true },
+  { 181056, false },
+  { 181073, true },
+  { 181095, true },
+  { 181117, true },
+  { 181134, true },
+  { 181153, true },
+  { 181167, true },
+  { 181189, true },
+  { 181216, true },
+  { 181238, true },
+  { 181254, true },
+  { 181268, true },
+  { 181280, true },
+  { 181294, true },
+  { 181312, true },
+  { 181323, true },
+  { 181338, true },
+  { 181351, true },
+  { 181369, true },
+  { 181386, true },
+  { 181403, true },
+  { 181412, true },
+  { 181428, true },
+  { 181445, true },
+  { 181456, true },
+  { 181468, true },
+  { 181479, true },
+  { 181488, true },
+  { 181502, true },
+  { 181515, true },
+  { 181529, true },
+  { 181541, true },
+  { 181561, true },
+  { 181573, true },
+  { 181585, true },
+  { 181595, true },
+  { 181609, true },
+  { 181622, true },
+  { 181644, true },
+  { 181665, true },
+  { 181687, true },
+  { 181698, false },
+  { 181713, true },
+  { 181724, true },
+  { 181735, false },
+  { 181755, true },
+  { 181781, true },
+  { 181801, true },
+  { 181815, true },
+  { 181828, true },
+  { 181843, true },
+  { 181860, true },
+  { 181879, true },
+  { 181899, true },
+  { 181918, true },
+  { 181938, true },
+  { 181961, true },
+  { 181979, true },
+  { 182006, true },
+  { 182024, true },
+  { 182043, true },
+  { 182055, true },
+  { 182076, true },
+  { 182091, true },
+  { 182111, true },
+  { 182123, true },
+  { 182134, true },
+  { 182146, true },
+  { 182165, true },
+  { 182187, true },
+  { 182205, true },
+  { 182220, true },
+  { 182233, false },
+  { 182241, true },
+  { 182253, true },
+  { 182269, true },
+  { 182280, true },
+  { 182295, true },
+  { 182313, true },
+  { 182330, true },
+  { 182338, true },
+  { 182355, true },
+  { 182368, true },
+  { 182379, true },
+  { 182393, true },
+  { 182407, true },
+  { 182417, true },
+  { 182430, true },
+  { 182438, true },
+  { 182456, true },
+  { 182464, true },
+  { 182478, false },
+  { 182494, true },
+  { 182506, true },
+  { 182523, true },
+  { 182533, true },
+  { 182540, true },
+  { 182547, true },
+  { 182559, true },
+  { 182570, true },
+  { 182580, true },
+  { 182593, true },
+  { 182604, true },
+  { 182618, true },
+  { 182632, true },
+  { 182648, true },
+  { 182659, true },
+  { 182666, true },
+  { 182675, true },
+  { 182683, true },
+  { 182697, true },
+  { 182719, true },
+  { 182735, true },
+  { 182755, true },
+  { 182776, true },
+  { 182792, false },
+  { 182807, true },
+  { 182822, true },
+  { 182850, true },
+  { 182864, true },
+  { 182879, true },
+  { 182900, true },
+  { 182915, true },
+  { 182934, true },
+  { 182957, true },
+  { 182973, true },
+  { 182992, true },
+  { 183002, true },
+  { 183015, true },
+  { 183026, true },
+  { 183041, true },
+  { 183055, true },
+  { 183076, true },
+  { 183092, true },
+  { 183107, true },
+  { 183124, true },
+  { 183141, true },
+  { 183153, true },
+  { 183163, true },
+  { 183173, true },
+  { 183183, true },
+  { 183197, true },
+  { 183209, true },
+  { 183219, true },
+  { 183233, true },
+  { 183249, true },
+  { 183267, true },
+  { 183286, true },
+  { 183305, true },
+  { 183325, true },
+  { 183342, true },
+  { 183354, true },
+  { 183366, true },
+  { 183391, true },
+  { 183402, true },
+  { 183415, true },
+  { 183430, true },
+  { 183448, true },
+  { 183465, true },
+  { 183477, true },
+  { 183492, true },
+  { 183505, true },
+  { 183531, true },
+  { 183546, true },
+  { 183559, true },
+  { 183572, true },
+  { 183583, true },
+  { 183594, true },
+  { 183605, true },
+  { 183617, true },
+  { 183628, true },
+  { 183638, true },
+  { 183658, true },
+  { 183672, true },
+  { 183685, true },
+  { 183694, true },
+  { 183703, true },
+  { 183716, true },
+  { 183723, false },
+  { 183731, true },
+  { 183744, true },
+  { 183752, true },
+  { 183769, true },
+  { 183787, true },
+  { 183798, true },
+  { 183817, true },
+  { 183835, true },
+  { 183862, true },
+  { 183874, true },
+  { 183888, false },
+  { 183900, true },
+  { 183915, true },
+  { 183939, true },
+  { 183954, true },
+  { 183965, true },
+  { 183987, true },
+  { 184005, true },
+  { 184020, true },
+  { 184038, true },
+  { 184046, true },
+  { 184066, true },
+  { 184089, true },
+  { 184114, true },
+  { 184126, true },
+  { 184137, true },
+  { 184153, true },
+  { 184165, true },
+  { 184179, true },
+  { 184196, true },
+  { 184205, true },
+  { 184221, true },
+  { 184229, true },
+  { 184247, true },
+  { 184262, true },
+  { 184282, true },
+  { 184299, true },
+  { 184312, true },
+  { 184328, true },
+  { 184342, true },
+  { 184358, true },
+  { 184375, true },
+  { 184393, true },
+  { 184412, true },
+  { 184426, true },
+  { 184441, true },
+  { 184454, true },
+  { 184467, true },
+  { 184481, true },
+  { 184498, true },
+  { 184509, true },
+  { 184524, true },
+  { 184544, true },
+  { 184560, true },
+  { 184570, true },
+  { 184582, true },
+  { 184601, true },
+  { 184611, true },
+  { 184621, true },
+  { 184631, true },
+  { 184642, true },
+  { 184659, true },
+  { 184674, true },
+  { 184694, true },
+  { 184710, true },
+  { 184723, true },
+  { 184737, true },
+  { 184748, false },
+  { 184765, true },
+  { 184791, true },
+  { 184808, true },
+  { 184833, true },
+  { 184844, true },
+  { 184860, true },
+  { 184869, true },
+  { 184882, true },
+  { 184896, true },
+  { 184908, true },
+  { 184917, false },
+  { 184931, true },
+  { 184948, true },
+  { 184981, true },
+  { 185001, true },
+  { 185013, true },
+  { 185027, true },
+  { 185040, true },
+  { 185053, true },
+  { 185063, true },
+  { 185077, true },
+  { 185097, true },
+  { 185108, true },
+  { 185120, true },
+  { 185132, true },
+  { 185144, true },
+  { 185153, true },
+  { 185165, true },
+  { 185182, true },
+  { 185196, true },
+  { 185225, true },
+  { 185242, true },
+  { 185256, true },
+  { 185274, true },
+  { 185285, true },
+  { 185301, true },
+  { 185316, true },
+  { 185333, true },
+  { 185349, true },
+  { 185360, true },
+  { 185378, true },
+  { 185393, true },
+  { 185414, true },
+  { 185428, true },
+  { 185451, true },
+  { 185460, true },
+  { 185470, true },
+  { 185484, true },
+  { 185500, true },
+  { 185510, true },
+  { 185521, true },
+  { 185537, true },
+  { 185554, true },
+  { 185577, true },
+  { 185584, true },
+  { 185595, true },
+  { 185609, true },
+  { 185620, true },
+  { 185629, true },
+  { 185638, true },
+  { 185653, true },
+  { 185662, true },
+  { 185675, true },
+  { 185683, true },
+  { 185694, true },
+  { 185703, true },
+  { 185716, false },
+  { 185727, true },
+  { 185735, true },
+  { 185749, true },
+  { 185760, true },
+  { 185770, true },
+  { 185782, true },
+  { 185794, true },
+  { 185806, true },
+  { 185818, true },
+  { 185830, true },
+  { 185842, true },
+  { 185854, true },
+  { 185866, true },
+  { 185878, true },
+  { 185890, true },
+  { 185902, true },
+  { 185914, true },
+  { 185926, true },
+  { 185938, true },
+  { 185950, true },
+  { 185962, true },
+  { 185974, true },
+  { 185986, true },
+  { 185998, true },
+  { 186010, true },
+  { 186022, true },
+  { 186034, true },
+  { 186046, true },
+  { 186058, true },
+  { 186070, true },
+  { 186082, true },
+  { 186094, true },
+  { 186106, true },
+  { 186118, true },
+  { 186130, true },
+  { 186142, true },
+  { 186154, true },
+  { 186166, true },
+  { 186178, true },
+  { 186188, true },
+  { 186196, true },
+  { 186207, true },
+  { 186220, true },
+  { 186229, true },
+  { 186239, true },
+  { 186249, true },
+  { 186259, true },
+  { 186267, true },
+  { 186279, true },
+  { 186301, true },
+  { 186323, true },
+  { 186332, true },
+  { 186344, true },
+  { 186353, true },
+  { 186379, true },
+  { 186395, true },
+  { 186413, true },
+  { 186427, true },
+  { 186438, true },
+  { 186457, true },
+  { 186474, true },
+  { 186486, true },
+  { 186501, true },
+  { 186522, true },
+  { 186542, true },
+  { 186566, true },
+  { 186582, true },
+  { 186605, true },
+  { 186617, true },
+  { 186639, true },
+  { 186667, true },
+  { 186681, true },
+  { 186699, true },
+  { 186714, true },
+  { 186722, true },
+  { 186733, true },
+  { 186747, true },
+  { 186765, true },
+  { 186775, true },
+  { 186793, true },
+  { 186807, true },
+  { 186819, true },
+  { 186831, true },
+  { 186846, true },
+  { 186859, true },
+  { 186882, true },
+  { 186913, true },
+  { 186927, true },
+  { 186945, true },
+  { 186955, false },
+  { 186964, false },
+  { 186973, false },
+  { 186982, true },
+  { 187011, true },
+  { 187028, false },
+  { 187039, true },
+  { 187063, true },
+  { 187073, true },
+  { 187084, true },
+  { 187107, true },
+  { 187122, true },
+  { 187142, true },
+  { 187152, true },
+  { 187163, true },
+  { 187171, true },
+  { 187186, true },
+  { 187195, true },
+  { 187211, true },
+  { 187230, true },
+  { 187239, true },
+  { 187253, true },
+  { 187268, true },
+  { 187287, true },
+  { 187303, true },
+  { 187316, false },
+  { 187326, true },
+  { 187339, true },
+  { 187355, true },
+  { 187377, true },
+  { 187390, true },
+  { 187414, true },
+  { 187427, true },
+  { 187444, true },
+  { 187457, true },
+  { 187473, true },
+  { 187488, true },
+  { 187498, true },
+  { 187514, true },
+  { 187531, true },
+  { 187552, true },
+  { 187570, true },
+  { 187589, true },
+  { 187600, true },
+  { 187611, true },
+  { 187625, true },
+  { 187636, true },
+  { 187651, true },
+  { 187669, true },
+  { 187683, true },
+  { 187700, true },
+  { 187716, true },
+  { 187732, true },
+  { 187747, true },
+  { 187761, true },
+  { 187771, true },
+  { 187785, true },
+  { 187800, true },
+  { 187814, true },
+  { 187820, true },
+  { 187836, true },
+  { 187848, true },
+  { 187866, true },
+  { 187880, true },
+  { 187897, false },
+  { 187917, true },
+  { 187930, true },
+  { 187939, true },
+  { 187954, true },
+  { 187965, true },
+  { 187981, true },
+  { 187993, true },
+  { 188008, true },
+  { 188026, true },
+  { 188037, true },
+  { 188049, true },
+  { 188071, true },
+  { 188081, true },
+  { 188091, true },
+  { 188101, false },
+  { 188115, true },
+  { 188128, true },
+  { 188144, false },
+  { 188164, true },
+  { 188175, true },
+  { 188195, true },
+  { 188221, true },
+  { 188236, true },
+  { 188248, true },
+  { 188269, true },
+  { 188294, true },
+  { 188324, true },
+  { 188347, true },
+  { 188360, true },
+  { 188376, true },
+  { 188397, true },
+  { 188404, true },
+  { 188428, true },
+  { 188446, true },
+  { 188461, true },
+  { 188477, true },
+  { 188488, true },
+  { 188498, true },
+  { 188509, true },
+  { 188527, true },
+  { 188535, true },
+  { 188546, true },
+  { 188557, true },
+  { 188573, true },
+  { 188590, true },
+  { 188606, true },
+  { 188623, true },
+  { 188633, true },
+  { 188643, true },
+  { 188653, true },
+  { 188672, true },
+  { 188681, true },
+  { 188707, true },
+  { 188723, true },
+  { 188743, true },
+  { 188770, true },
+  { 188788, true },
+  { 188802, true },
+  { 188818, true },
+  { 188832, true },
+  { 188841, true },
+  { 188855, true },
+  { 188871, true },
+  { 188898, true },
+  { 188912, true },
+  { 188921, true },
+  { 188933, true },
+  { 188946, true },
+  { 188958, true },
+  { 188974, true },
+  { 188987, true },
+  { 188999, true },
+  { 189014, true },
+  { 189030, true },
+  { 189053, true },
+  { 189073, true },
+  { 189093, true },
+  { 189107, true },
+  { 189115, true },
+  { 189135, true },
+  { 189154, true },
+  { 189176, true },
+  { 189198, true },
+  { 189211, true },
+  { 189229, true },
+  { 189246, true },
+  { 189260, true },
+  { 189279, true },
+  { 189297, true },
+  { 189320, true },
+  { 189340, true },
+  { 189365, true },
+  { 189390, true },
+  { 189406, true },
+  { 189424, true },
+  { 189447, true },
+  { 189467, true },
+  { 189489, true },
+  { 189504, true },
+  { 189522, true },
+  { 189538, true },
+  { 189554, true },
+  { 189584, true },
+  { 189610, true },
+  { 189625, true },
+  { 189657, true },
+  { 189672, true },
+  { 189687, true },
+  { 189705, true },
+  { 189723, true },
+  { 189738, true },
+  { 189750, true },
+  { 189765, true },
+  { 189784, true },
+  { 189798, false },
+  { 189808, true },
+  { 189825, true },
+  { 189836, true },
+  { 189859, false },
+  { 189874, true },
+  { 189891, true },
+  { 189905, true },
+  { 189918, true },
+  { 189931, true },
+  { 189939, true },
+  { 189952, true },
+  { 189964, true },
+  { 189976, true },
+  { 189987, true },
+  { 190002, true },
+  { 190024, true },
+  { 190036, true },
+  { 190047, true },
+  { 190076, true },
+  { 190088, true },
+  { 190102, true },
+  { 190113, true },
+  { 190128, true },
+  { 190144, true },
+  { 190169, true },
+  { 190181, true },
+  { 190194, true },
+  { 190210, true },
+  { 190219, true },
+  { 190230, true },
+  { 190240, true },
+  { 190253, true },
+  { 190268, true },
+  { 190276, true },
+  { 190289, true },
+  { 190308, true },
+  { 190331, true },
+  { 190341, true },
+  { 190359, true },
+  { 190372, true },
+  { 190383, true },
+  { 190406, true },
+  { 190422, true },
+  { 190440, true },
+  { 190456, true },
+  { 190464, true },
+  { 190474, true },
+  { 190490, true },
+  { 190511, true },
+  { 190526, true },
+  { 190540, true },
+  { 190550, false },
+  { 190568, true },
+  { 190592, true },
+  { 190607, true },
+  { 190619, true },
+  { 190634, true },
+  { 190648, true },
+  { 190667, true },
+  { 190695, true },
+  { 190711, true },
+  { 190724, true },
+  { 190741, true },
+  { 190757, true },
+  { 190774, true },
+  { 190796, true },
+  { 190813, true },
+  { 190828, true },
+  { 190848, true },
+  { 190858, true },
+  { 190868, false },
+  { 190881, true },
+  { 190899, true },
+  { 190917, true },
+  { 190926, true },
+  { 190939, true },
+  { 190953, true },
+  { 190964, true },
+  { 190983, true },
+  { 191002, true },
+  { 191019, true },
+  { 191037, true },
+  { 191056, true },
+  { 191077, true },
+  { 191102, true },
+  { 191118, true },
+  { 191135, true },
+  { 191149, true },
+  { 191162, true },
+  { 191181, true },
+  { 191197, true },
+  { 191212, true },
+  { 191229, true },
+  { 191237, true },
+  { 191246, true },
+  { 191259, true },
+  { 191274, true },
+  { 191285, true },
+  { 191307, true },
+  { 191319, true },
+  { 191342, true },
+  { 191355, true },
+  { 191366, true },
+  { 191392, true },
+  { 191418, true },
+  { 191447, true },
+  { 191466, true },
+  { 191487, true },
+  { 191505, true },
+  { 191525, true },
+  { 191543, true },
+  { 191553, true },
+  { 191566, true },
+  { 191595, true },
+  { 191616, true },
+  { 191629, true },
+  { 191642, true },
+  { 191654, true },
+  { 191665, true },
+  { 191683, true },
+  { 191700, true },
+  { 191723, true },
+  { 191746, true },
+  { 191767, true },
+  { 191793, true },
+  { 191807, true },
+  { 191821, true },
+  { 191840, true },
+  { 191859, true },
+  { 191873, true },
+  { 191890, true },
+  { 191907, true },
+  { 191922, false },
+  { 191932, true },
+  { 191940, true },
+  { 191956, true },
+  { 191964, true },
+  { 191983, true },
+  { 191995, true },
+  { 192014, true },
+  { 192026, true },
+  { 192039, true },
+  { 192046, false },
+  { 192062, true },
+  { 192071, true },
+  { 192086, true },
+  { 192100, true },
+  { 192112, true },
+  { 192125, false },
+  { 192134, true },
+  { 192143, true },
+  { 192157, true },
+  { 192176, true },
+  { 192193, true },
+  { 192210, true },
+  { 192219, true },
+  { 192230, true },
+  { 192241, true },
+  { 192253, true },
+  { 192271, true },
+  { 192291, true },
+  { 192304, true },
+  { 192314, true },
+  { 192327, true },
+  { 192339, true },
+  { 192355, true },
+  { 192363, false },
+  { 192371, true },
+  { 192393, true },
+  { 192401, true },
+  { 192422, true },
+  { 192446, true },
+  { 192462, true },
+  { 192478, true },
+  { 192488, true },
+  { 192505, true },
+  { 192515, true },
+  { 192523, true },
+  { 192534, true },
+  { 192544, true },
+  { 192560, true },
+  { 192575, true },
+  { 192593, true },
+  { 192605, true },
+  { 192615, true },
+  { 192625, true },
+  { 192635, true },
+  { 192644, true },
+  { 192654, true },
+  { 192666, true },
+  { 192680, true },
+  { 192696, true },
+  { 192719, true },
+  { 192732, true },
+  { 192745, true },
+  { 192759, true },
+  { 192774, true },
+  { 192787, false },
+  { 192807, true },
+  { 192818, true },
+  { 192830, true },
+  { 192856, true },
+  { 192865, true },
+  { 192881, true },
+  { 192899, true },
+  { 192915, true },
+  { 192932, true },
+  { 192945, true },
+  { 192956, true },
+  { 192971, true },
+  { 192981, true },
+  { 192991, true },
+  { 193011, true },
+  { 193025, true },
+  { 193037, true },
+  { 193049, true },
+  { 193072, true },
+  { 193084, true },
+  { 193099, true },
+  { 193112, true },
+  { 193120, true },
+  { 193132, true },
+  { 193143, true },
+  { 193155, true },
+  { 193177, true },
+  { 193196, true },
+  { 193207, true },
+  { 193220, true },
+  { 193232, true },
+  { 193252, true },
+  { 193267, true },
+  { 193279, true },
+  { 193291, true },
+  { 193302, true },
+  { 193315, true },
+  { 193335, true },
+  { 193349, true },
+  { 193365, true },
+  { 193381, true },
+  { 193399, true },
+  { 193420, true },
+  { 193433, true },
+  { 193443, true },
+  { 193456, true },
+  { 193469, true },
+  { 193482, true },
+  { 193498, true },
+  { 193515, true },
+  { 193528, true },
+  { 193541, true },
+  { 193554, true },
+  { 193567, true },
+  { 193588, true },
+  { 193601, true },
+  { 193614, true },
+  { 193627, true },
+  { 193640, true },
+  { 193656, true },
+  { 193669, true },
+  { 193682, true },
+  { 193695, true },
+  { 193712, true },
+  { 193733, true },
+  { 193742, true },
+  { 193752, true },
+  { 193760, true },
+  { 193775, true },
+  { 193787, true },
+  { 193797, true },
+  { 193822, true },
+  { 193849, true },
+  { 193864, true },
+  { 193871, true },
+  { 193879, true },
+  { 193887, true },
+  { 193896, true },
+  { 193907, false },
+  { 193925, true },
+  { 193937, true },
+  { 193949, true },
+  { 193959, true },
+  { 193969, true },
+  { 193988, true },
+  { 194000, true },
+  { 194014, true },
+  { 194029, true },
+  { 194044, true },
+  { 194052, true },
+  { 194067, true },
+  { 194084, true },
+  { 194098, true },
+  { 194109, true },
+  { 194119, true },
+  { 194136, true },
+  { 194143, true },
+  { 194157, true },
+  { 194171, true },
+  { 194182, true },
+  { 194193, true },
+  { 194204, true },
+  { 194216, true },
+  { 194224, true },
+  { 194235, true },
+  { 194254, true },
+  { 194271, true },
+  { 194286, true },
+  { 194300, true },
+  { 194314, true },
+  { 194329, true },
+  { 194344, true },
+  { 194355, true },
+  { 194370, true },
+  { 194395, true },
+  { 194406, true },
+  { 194424, true },
+  { 194437, true },
+  { 194452, true },
+  { 194464, true },
+  { 194482, true },
+  { 194495, true },
+  { 194505, true },
+  { 194514, true },
+  { 194521, true },
+  { 194533, true },
+  { 194553, true },
+  { 194562, true },
+  { 194570, true },
+  { 194583, true },
+  { 194600, true },
+  { 194615, true },
+  { 194632, true },
+  { 194670, true },
+  { 194682, true },
+  { 194696, true },
+  { 194711, true },
+  { 194727, true },
+  { 194743, true },
+  { 194756, true },
+  { 194772, true },
+  { 194792, true },
+  { 194815, true },
+  { 194832, true },
+  { 194844, true },
+  { 194863, true },
+  { 194885, true },
+  { 194894, true },
+  { 194904, true },
+  { 194916, true },
+  { 194927, true },
+  { 194942, true },
+  { 194953, true },
+  { 194965, true },
+  { 194978, true },
+  { 194989, true },
+  { 194999, true },
+  { 195011, true },
+  { 195020, true },
+  { 195028, true },
+  { 195041, true },
+  { 195051, true },
+  { 195060, false },
+  { 195067, true },
+  { 195075, true },
+  { 195086, true },
+  { 195096, true },
+  { 195109, true },
+  { 195122, true },
+  { 195131, true },
+  { 195146, true },
+  { 195161, true },
+  { 195173, true },
+  { 195194, true },
+  { 195211, true },
+  { 195218, true },
+  { 195238, true },
+  { 195248, true },
+  { 195259, false },
+  { 195272, true },
+  { 195286, true },
+  { 195301, true },
+  { 195312, true },
+  { 195337, true },
+  { 195350, true },
+  { 195358, true },
+  { 195366, true },
+  { 195386, true },
+  { 195394, true },
+  { 195403, true },
+  { 195413, true },
+  { 195435, true },
+  { 195454, true },
+  { 195463, false },
+  { 195472, true },
+  { 195488, true },
+  { 195504, true },
+  { 195513, true },
+  { 195532, true },
+  { 195540, true },
+  { 195554, true },
+  { 195567, true },
+  { 195579, true },
+  { 195595, true },
+  { 195606, true },
+  { 195623, true },
+  { 195641, true },
+  { 195657, true },
+  { 195670, true },
+  { 195682, true },
+  { 195695, true },
+  { 195707, true },
+  { 195724, true },
+  { 195739, true },
+  { 195752, true },
+  { 195763, true },
+  { 195772, true },
+  { 195785, true },
+  { 195802, true },
+  { 195814, true },
+  { 195826, true },
+  { 195837, true },
+  { 195852, true },
+  { 195868, true },
+  { 195884, true },
+  { 195907, true },
+  { 195926, false },
+  { 195941, true },
+  { 195953, true },
+  { 195967, true },
+  { 195980, true },
+  { 195993, true },
+  { 196012, true },
+  { 196020, true },
+  { 196033, true },
+  { 196046, true },
+  { 196057, true },
+  { 196070, true },
+  { 196078, true },
+  { 196089, true },
+  { 196106, false },
+  { 196122, false },
+  { 196142, true },
+  { 196154, true },
+  { 196161, true },
+  { 196171, true },
+  { 196194, true },
+  { 196206, true },
+  { 196216, true },
+  { 196232, true },
+  { 196245, true },
+  { 196260, true },
+  { 196275, true },
+  { 196301, true },
+  { 196316, true },
+  { 196334, true },
+  { 196351, true },
+  { 196364, true },
+  { 196375, false },
+  { 196390, true },
+  { 196401, true },
+  { 196416, true },
+  { 196437, true },
+  { 196455, true },
+  { 196482, true },
+  { 196492, true },
+  { 196508, true },
+  { 196522, true },
+  { 196530, true },
+  { 196544, true },
+  { 196561, true },
+  { 196578, true },
+  { 196593, true },
+  { 196603, true },
+  { 196614, true },
+  { 196623, true },
+  { 196636, true },
+  { 196648, true },
+  { 196667, true },
+  { 196688, true },
+  { 196706, true },
+  { 196727, true },
+  { 196745, true },
+  { 196758, true },
+  { 196771, true },
+  { 196783, true },
+  { 196793, true },
+  { 196804, true },
+  { 196812, false },
+  { 196832, true },
+  { 196848, true },
+  { 196855, true },
+  { 196865, true },
+  { 196876, true },
+  { 196889, false },
+  { 196897, true },
+  { 196921, false },
+  { 196936, true },
+  { 196945, true },
+  { 196955, true },
+  { 196968, false },
+  { 196980, true },
+  { 196988, false },
+  { 196998, true },
+  { 197007, true },
+  { 197019, true },
+  { 197029, true },
+  { 197040, true },
+  { 197063, true },
+  { 197086, true },
+  { 197109, true },
+  { 197118, true },
+  { 197128, false },
+  { 197145, true },
+  { 197154, true },
+  { 197164, true },
+  { 197174, true },
+  { 197187, true },
+  { 197195, true },
+  { 197205, true },
+  { 197215, true },
+  { 197226, true },
+  { 197238, true },
+  { 197256, true },
+  { 197265, true },
+  { 197277, true },
+  { 197292, true },
+  { 197304, true },
+  { 197320, true },
+  { 197334, true },
+  { 197347, true },
+  { 197354, true },
+  { 197364, true },
+  { 197374, true },
+  { 197386, true },
+  { 197395, true },
+  { 197409, true },
+  { 197423, true },
+  { 197433, true },
+  { 197449, true },
+  { 197459, false },
+  { 197473, true },
+  { 197484, true },
+  { 197496, false },
+  { 197510, true },
+  { 197522, true },
+  { 197536, true },
+  { 197551, true },
+  { 197558, true },
+  { 197567, true },
+  { 197582, true },
+  { 197596, true },
+  { 197608, true },
+  { 197620, true },
+  { 197631, false },
+  { 197641, false },
+  { 197651, true },
+  { 197661, true },
+  { 197668, true },
+  { 197678, true },
+  { 197696, true },
+  { 197709, true },
+  { 197721, true },
+  { 197736, true },
+  { 197747, true },
+  { 197754, true },
+  { 197772, true },
+  { 197785, true },
+  { 197796, true },
+  { 197820, true },
+  { 197827, true },
+  { 197844, true },
+  { 197854, false },
+  { 197865, true },
+  { 197876, true },
+  { 197885, true },
+  { 197907, true },
+  { 197914, true },
+  { 197927, true },
+  { 197943, true },
+  { 197957, true },
+  { 197974, true },
+  { 197991, true },
+  { 198004, true },
+  { 198013, true },
+  { 198026, true },
+  { 198038, true },
+  { 198053, true },
+  { 198068, true },
+  { 198100, true },
+  { 198111, true },
+  { 198122, true },
+  { 198135, true },
+  { 198145, true },
+  { 198159, true },
+  { 198172, true },
+  { 198186, true },
+  { 198198, true },
+  { 198217, true },
+  { 198238, true },
+  { 198250, true },
+  { 198262, true },
+  { 198285, true },
+  { 198295, true },
+  { 198304, true },
+  { 198318, true },
+  { 198327, true },
+  { 198338, true },
+  { 198347, true },
+  { 198358, true },
+  { 198372, true },
+  { 198389, true },
+  { 198400, false },
+  { 198409, true },
+  { 198426, true },
+  { 198436, true },
+  { 198448, true },
+  { 198463, true },
+  { 198472, true },
+  { 198484, true },
+  { 198496, true },
+  { 198512, true },
+  { 198525, true },
+  { 198544, true },
+  { 198557, true },
+  { 198570, true },
+  { 198590, true },
+  { 198614, true },
+  { 198632, true },
+  { 198641, true },
+  { 198660, true },
+  { 198678, true },
+  { 198693, true },
+  { 198709, true },
+  { 198722, true },
+  { 198740, true },
+  { 198753, true },
+  { 198773, true },
+  { 198785, true },
+  { 198798, true },
+  { 198807, true },
+  { 198819, true },
+  { 198828, true },
+  { 198843, true },
+  { 198852, true },
+  { 198874, true },
+  { 198887, true },
+  { 198899, true },
+  { 198907, true },
+  { 198917, true },
+  { 198925, true },
+  { 198935, true },
+  { 198948, true },
+  { 198963, true },
+  { 198979, true },
+  { 198990, true },
+  { 199001, true },
+  { 199010, true },
+  { 199029, true },
+  { 199051, true },
+  { 199078, true },
+  { 199090, true },
+  { 199104, true },
+  { 199118, true },
+  { 199141, true },
+  { 199166, true },
+  { 199183, true },
+  { 199194, true },
+  { 199223, true },
+  { 199244, true },
+  { 199263, true },
+  { 199280, false },
+  { 199293, true },
+  { 199306, true },
+  { 199321, true },
+  { 199332, true },
+  { 199342, true },
+  { 199355, true },
+  { 199372, true },
+  { 199384, true },
+  { 199402, true },
+  { 199415, true },
+  { 199427, true },
+  { 199436, true },
+  { 199449, true },
+  { 199470, true },
+  { 199488, true },
+  { 199512, true },
+  { 199530, true },
+  { 199543, true },
+  { 199561, true },
+  { 199576, true },
+  { 199586, true },
+  { 199598, true },
+  { 199611, true },
+  { 199630, true },
+  { 199648, true },
+  { 199664, true },
+  { 199680, true },
+  { 199696, true },
+  { 199707, true },
+  { 199718, true },
+  { 199728, false },
+  { 199740, true },
+  { 199753, true },
+  { 199765, true },
+  { 199780, true },
+  { 199801, true },
+  { 199815, false },
+  { 199835, false },
+  { 199847, false },
+  { 199860, true },
+  { 199870, true },
+  { 199879, true },
+  { 199893, true },
+  { 199911, true },
+  { 199922, true },
+  { 199935, true },
+  { 199948, true },
+  { 199964, true },
+  { 199981, true },
+  { 199993, true },
+  { 200019, true },
+  { 200048, true },
+  { 200081, true },
+  { 200115, true },
+  { 200127, true },
+  { 200141, true },
+  { 200161, true },
+  { 200175, true },
+  { 200191, true },
+  { 200203, true },
+  { 200210, false },
+  { 200223, true },
+  { 200243, true },
+  { 200268, true },
+  { 200294, true },
+  { 200311, true },
+  { 200332, true },
+  { 200348, true },
+  { 200362, true },
+  { 200382, true },
+  { 200402, true },
+  { 200426, true },
+  { 200442, true },
+  { 200457, true },
+  { 200473, true },
+  { 200491, true },
+  { 200513, true },
+  { 200530, true },
+  { 200543, true },
+  { 200555, false },
+  { 200569, true },
+  { 200591, true },
+  { 200610, true },
+  { 200633, true },
+  { 200649, true },
+  { 200669, true },
+  { 200681, true },
+  { 200703, true },
+  { 200725, true },
+  { 200744, true },
+  { 200754, true },
+  { 200776, true },
+  { 200788, true },
+  { 200805, true },
+  { 200816, true },
+  { 200829, true },
+  { 200849, true },
+  { 200859, true },
+  { 200867, true },
+  { 200878, true },
+  { 200892, true },
+  { 200903, true },
+  { 200915, true },
+  { 200930, true },
+  { 200949, true },
+  { 200978, true },
+  { 201005, true },
+  { 201033, true },
+  { 201058, true },
+  { 201070, true },
+  { 201086, true },
+  { 201105, true },
+  { 201124, true },
+  { 201143, true },
+  { 201173, true },
+  { 201191, true },
+  { 201208, true },
+  { 201222, true },
+  { 201246, true },
+  { 201257, false },
+  { 201270, true },
+  { 201281, true },
+  { 201294, true },
+  { 201310, true },
+  { 201324, true },
+  { 201339, true },
+  { 201354, true },
+  { 201371, true },
+  { 201391, true },
+  { 201409, true },
+  { 201423, true },
+  { 201437, true },
+  { 201449, true },
+  { 201463, true },
+  { 201480, true },
+  { 201505, true },
+  { 201528, true },
+  { 201546, true },
+  { 201563, true },
+  { 201574, true },
+  { 201591, true },
+  { 201605, true },
+  { 201623, true },
+  { 201638, true },
+  { 201650, true },
+  { 201666, true },
+  { 201688, true },
+  { 201699, false },
+  { 201712, true },
+  { 201727, true },
+  { 201739, true },
+  { 201751, true },
+  { 201762, true },
+  { 201772, true },
+  { 201786, true },
+  { 201798, true },
+  { 201810, true },
+  { 201822, true },
+  { 201833, true },
+  { 201853, true },
+  { 201871, true },
+  { 201888, true },
+  { 201903, true },
+  { 201920, true },
+  { 201938, true },
+  { 201951, true },
+  { 201969, true },
+  { 201981, true },
+  { 201991, false },
+  { 202000, true },
+  { 202014, true },
+  { 202024, true },
+  { 202037, true },
+  { 202048, true },
+  { 202059, true },
+  { 202073, true },
+  { 202083, true },
+  { 202098, false },
+  { 202111, true },
+  { 202121, true },
+  { 202139, true },
+  { 202150, true },
+  { 202164, true },
+  { 202180, true },
+  { 202190, true },
+  { 202201, true },
+  { 202218, true },
+  { 202226, true },
+  { 202241, true },
+  { 202252, true },
+  { 202267, true },
+  { 202281, true },
+  { 202300, true },
+  { 202309, true },
+  { 202322, true },
+  { 202345, true },
+  { 202358, true },
+  { 202371, true },
+  { 202385, true },
+  { 202400, true },
+  { 202423, false },
+  { 202438, true },
+  { 202472, true },
+  { 202492, true },
+  { 202507, true },
+  { 202528, true },
+  { 202539, true },
+  { 202549, true },
+  { 202559, true },
+  { 202575, true },
+  { 202585, true },
+  { 202598, true },
+  { 202608, true },
+  { 202620, true },
+  { 202633, true },
+  { 202645, true },
+  { 202663, true },
+  { 202686, true },
+  { 202702, true },
+  { 202716, true },
+  { 202740, false },
+  { 202754, true },
+  { 202770, true },
+  { 202791, true },
+  { 202808, true },
+  { 202821, true },
+  { 202833, true },
+  { 202846, true },
+  { 202858, true },
+  { 202873, true },
+  { 202885, true },
+  { 202897, true },
+  { 202925, true },
+  { 202942, true },
+  { 202954, true },
+  { 202964, true },
+  { 202977, true },
+  { 203004, true },
+  { 203025, true },
+  { 203044, true },
+  { 203062, true },
+  { 203078, true },
+  { 203089, true },
+  { 203107, true },
+  { 203122, true },
+  { 203133, true },
+  { 203145, true },
+  { 203157, true },
+  { 203175, true },
+  { 203187, true },
+  { 203202, true },
+  { 203221, true },
+  { 203256, true },
+  { 203285, true },
+  { 203307, false },
+  { 203321, true },
+  { 203331, true },
+  { 203349, true },
+  { 203359, true },
+  { 203372, true },
+  { 203384, true },
+  { 203401, true },
+  { 203418, true },
+  { 203433, true },
+  { 203461, false },
+  { 203480, true },
+  { 203498, true },
+  { 203512, true },
+  { 203543, true },
+  { 203565, true },
+  { 203582, true },
+  { 203597, true },
+  { 203609, true },
+  { 203621, true },
+  { 203634, true },
+  { 203656, true },
+  { 203683, true },
+  { 203709, true },
+  { 203721, true },
+  { 203742, true },
+  { 203762, true },
+  { 203783, true },
+  { 203800, true },
+  { 203817, true },
+  { 203839, true },
+  { 203855, true },
+  { 203868, true },
+  { 203880, true },
+  { 203901, true },
+  { 203916, true },
+  { 203941, true },
+  { 203960, true },
+  { 203972, true },
+  { 203987, true },
+  { 204006, true },
+  { 204033, true },
+  { 204050, true },
+  { 204066, true },
+  { 204078, true },
+  { 204094, true },
+  { 204110, true },
+  { 204149, true },
+  { 204178, true },
+  { 204194, true },
+  { 204210, true },
+  { 204232, true },
+  { 204257, true },
+  { 204279, true },
+  { 204301, true },
+  { 204316, true },
+  { 204341, true },
+  { 204359, true },
+  { 204388, true },
+  { 204408, true },
+  { 204425, true },
+  { 204448, true },
+  { 204474, true },
+  { 204492, true },
+  { 204513, true },
+  { 204541, true },
+  { 204560, true },
+  { 204575, true },
+  { 204594, true },
+  { 204614, true },
+  { 204627, true },
+  { 204640, true },
+  { 204657, true },
+  { 204672, true },
+  { 204698, true },
+  { 204712, true },
+  { 204733, true },
+  { 204749, true },
+  { 204759, false },
+  { 204775, true },
+  { 204788, true },
+  { 204810, true },
+  { 204829, true },
+  { 204845, true },
+  { 204869, true },
+  { 204883, true },
+  { 204900, true },
+  { 204913, true },
+  { 204937, true },
+  { 204949, false },
+  { 204958, true },
+  { 204973, true },
+  { 204983, true },
+  { 204995, true },
+  { 205016, true },
+  { 205029, true },
+  { 205046, true },
+  { 205060, true },
+  { 205082, true },
+  { 205094, true },
+  { 205116, true },
+  { 205136, true },
+  { 205158, true },
+  { 205177, true },
+  { 205195, true },
+  { 205220, true },
+  { 205238, true },
+  { 205258, true },
+  { 205270, true },
+  { 205288, true },
+  { 205301, true },
+  { 205314, true },
+  { 205327, true },
+  { 205337, true },
+  { 205359, true },
+  { 205373, true },
+  { 205389, true },
+  { 205405, true },
+  { 205421, true },
+  { 205434, true },
+  { 205453, true },
+  { 205471, true },
+  { 205485, true },
+  { 205495, true },
+  { 205506, false },
+  { 205518, true },
+  { 205529, true },
+  { 205537, true },
+  { 205547, true },
+  { 205556, true },
+  { 205568, true },
+  { 205582, true },
+  { 205590, true },
+  { 205601, true },
+  { 205612, true },
+  { 205623, true },
+  { 205633, true },
+  { 205646, true },
+  { 205662, true },
+  { 205674, true },
+  { 205684, true },
+  { 205701, true },
+  { 205712, true },
+  { 205724, true },
+  { 205730, true },
+  { 205746, true },
+  { 205760, true },
+  { 205767, true },
+  { 205775, true },
+  { 205785, true },
+  { 205793, true },
+  { 205802, true },
+  { 205814, true },
+  { 205828, true },
+  { 205837, true },
+  { 205853, true },
+  { 205866, true },
+  { 205874, true },
+  { 205883, true },
+  { 205891, true },
+  { 205907, true },
+  { 205920, true },
+  { 205931, true },
+  { 205941, true },
+  { 205954, true },
+  { 205965, false },
+  { 205983, true },
+  { 205994, true },
+  { 206010, true },
+  { 206022, true },
+  { 206036, true },
+  { 206048, false },
+  { 206059, true },
+  { 206067, true },
+  { 206076, true },
+  { 206085, true },
+  { 206105, true },
+  { 206117, true },
+  { 206133, true },
+  { 206141, true },
+  { 206150, true },
+  { 206158, true },
+  { 206166, true },
+  { 206182, true },
+  { 206199, true },
+  { 206207, true },
+  { 206219, true },
+  { 206230, true },
+  { 206240, true },
+  { 206249, true },
+  { 206268, true },
+  { 206278, true },
+  { 206294, true },
+  { 206305, true },
+  { 206315, true },
+  { 206324, true },
+  { 206339, true },
+  { 206347, true },
+  { 206356, true },
+  { 206365, true },
+  { 206383, true },
+  { 206399, true },
+  { 206412, true },
+  { 206429, true },
+  { 206443, true },
+  { 206471, true },
+  { 206483, true },
+  { 206496, true },
+  { 206510, true },
+  { 206524, true },
+  { 206541, true },
+  { 206550, true },
+  { 206569, true },
+  { 206585, true },
+  { 206600, true },
+  { 206610, true },
+  { 206625, true },
+  { 206642, true },
+  { 206665, true },
+  { 206684, true },
+  { 206697, true },
+  { 206720, true },
+  { 206731, true },
+  { 206740, true },
+  { 206750, true },
+  { 206764, true },
+  { 206778, true },
+  { 206792, true },
+  { 206806, true },
+  { 206820, true },
+  { 206834, true },
+  { 206848, true },
+  { 206871, true },
+  { 206892, true },
+  { 206909, true },
+  { 206930, true },
+  { 206940, true },
+  { 206956, true },
+  { 206972, true },
+  { 206983, true },
+  { 206991, true },
+  { 207001, true },
+  { 207013, true },
+  { 207022, true },
+  { 207035, true },
+  { 207048, true },
+  { 207065, true },
+  { 207076, true },
+  { 207092, true },
+  { 207103, true },
+  { 207113, true },
+  { 207121, true },
+  { 207139, true },
+  { 207153, true },
+  { 207171, true },
+  { 207185, true },
+  { 207203, true },
+  { 207222, true },
+  { 207238, true },
+  { 207260, true },
+  { 207271, true },
+  { 207282, true },
+  { 207293, true },
+  { 207302, true },
+  { 207320, true },
+  { 207339, true },
+  { 207361, true },
+  { 207372, true },
+  { 207385, true },
+  { 207397, true },
+  { 207407, true },
+  { 207414, true },
+  { 207425, true },
+  { 207435, true },
+  { 207451, true },
+  { 207462, true },
+  { 207472, true },
+  { 207482, true },
+  { 207492, true },
+  { 207502, true },
+  { 207513, true },
+  { 207523, true },
+  { 207534, true },
+  { 207552, true },
+  { 207564, true },
+  { 207577, true },
+  { 207589, true },
+  { 207601, true },
+  { 207617, true },
+  { 207629, true },
+  { 207639, true },
+  { 207648, true },
+  { 207665, true },
+  { 207680, true },
+  { 207699, true },
+  { 207714, true },
+  { 207729, true },
+  { 207742, true },
+  { 207752, true },
+  { 207765, true },
+  { 207777, true },
+  { 207796, true },
+  { 207809, true },
+  { 207841, true },
+  { 207855, true },
+  { 207867, true },
+  { 207891, true },
+  { 207914, true },
+  { 207946, true },
+  { 207968, true },
+  { 207993, true },
+  { 208016, true },
+  { 208037, true },
+  { 208064, true },
+  { 208076, true },
+  { 208086, true },
+  { 208099, true },
+  { 208125, true },
+  { 208135, true },
+  { 208156, true },
+  { 208167, true },
+  { 208186, true },
+  { 208195, true },
+  { 208209, true },
+  { 208223, true },
+  { 208237, true },
+  { 208248, true },
+  { 208262, true },
+  { 208275, true },
+  { 208290, true },
+  { 208306, true },
+  { 208322, true },
+  { 208336, true },
+  { 208350, true },
+  { 208364, true },
+  { 208376, false },
+  { 208396, true },
+  { 208408, true },
+  { 208421, true },
+  { 208435, true },
+  { 208452, true },
+  { 208471, true },
+  { 208486, true },
+  { 208515, true },
+  { 208533, true },
+  { 208549, true },
+  { 208566, true },
+  { 208580, true },
+  { 208595, true },
+  { 208608, true },
+  { 208617, true },
+  { 208626, true },
+  { 208642, true },
+  { 208662, true },
+  { 208681, true },
+  { 208700, true },
+  { 208711, true },
+  { 208723, true },
+  { 208732, true },
+  { 208741, true },
+  { 208750, true },
+  { 208759, true },
+  { 208772, true },
+  { 208783, true },
+  { 208795, true },
+  { 208803, true },
+  { 208812, true },
+  { 208823, true },
+  { 208836, true },
+  { 208845, true },
+  { 208865, true },
+  { 208874, true },
+  { 208884, true },
+  { 208897, true },
+  { 208908, true },
+  { 208921, true },
+  { 208935, true },
+  { 208946, true },
+  { 208957, true },
+  { 208968, true },
+  { 208977, true },
+  { 208991, false },
+  { 209001, true },
+  { 209015, true },
+  { 209030, true },
+  { 209047, true },
+  { 209056, true },
+  { 209071, true },
+  { 209091, true },
+  { 209110, true },
+  { 209123, true },
+  { 209135, true },
+  { 209148, false },
+  { 209161, true },
+  { 209176, true },
+  { 209193, true },
+  { 209206, true },
+  { 209219, true },
+  { 209233, true },
+  { 209247, true },
+  { 209272, true },
+  { 209281, true },
+  { 209306, true },
+  { 209338, true },
+  { 209361, true },
+  { 209373, true },
+  { 209386, true },
+  { 209400, true },
+  { 209420, true },
+  { 209434, true },
+  { 209450, true },
+  { 209463, true },
+  { 209478, false },
+  { 209492, true },
+  { 209506, true },
+  { 209517, true },
+  { 209531, true },
+  { 209543, true },
+  { 209560, true },
+  { 209581, true },
+  { 209592, true },
+  { 209603, true },
+  { 209610, true },
+  { 209621, true },
+  { 209628, true },
+  { 209638, true },
+  { 209650, true },
+  { 209660, true },
+  { 209668, true },
+  { 209676, true },
+  { 209692, true },
+  { 209707, true },
+  { 209716, true },
+  { 209724, true },
+  { 209732, true },
+  { 209747, true },
+  { 209760, true },
+  { 209773, true },
+  { 209785, true },
+  { 209794, true },
+  { 209805, true },
+  { 209819, true },
+  { 209827, true },
+  { 209834, true },
+  { 209841, true },
+  { 209850, true },
+  { 209858, true },
+  { 209868, true },
+  { 209886, true },
+  { 209900, true },
+  { 209912, true },
+  { 209923, true },
+  { 209934, true },
+  { 209945, true },
+  { 209958, true },
+  { 209969, true },
+  { 209987, true },
+  { 209998, true },
+  { 210007, true },
+  { 210024, true },
+  { 210035, true },
+  { 210044, true },
+  { 210053, true },
+  { 210069, true },
+  { 210080, true },
+  { 210087, true },
+  { 210094, true },
+  { 210101, true },
+  { 210115, true },
+  { 210123, true },
+  { 210130, true },
+  { 210137, true },
+  { 210148, true },
+  { 210154, true },
+  { 210175, true },
+  { 210187, true },
+  { 210200, true },
+  { 210213, true },
+  { 210223, true },
+  { 210234, true },
+  { 210244, true },
+  { 210254, true },
+  { 210267, true },
+  { 210281, true },
+  { 210299, true },
+  { 210316, true },
+  { 210329, true },
+  { 210339, true },
+  { 210352, true },
+  { 210367, true },
+  { 210386, true },
+  { 210399, true },
+  { 210408, true },
+  { 210434, true },
+  { 210451, true },
+  { 210476, true },
+  { 210492, false },
+  { 210504, true },
+  { 210512, true },
+  { 210526, true },
+  { 210543, true },
+  { 210556, true },
+  { 210571, true },
+  { 210590, true },
+  { 210603, true },
+  { 210618, true },
+  { 210641, true },
+  { 210654, true },
+  { 210678, true },
+  { 210707, true },
+  { 210722, true },
+  { 210738, true },
+  { 210749, true },
+  { 210762, true },
+  { 210790, false },
+  { 210804, false },
+  { 210823, true },
+  { 210838, true },
+  { 210850, true },
+  { 210858, true },
+  { 210870, true },
+  { 210884, true },
+  { 210898, true },
+  { 210912, true },
+  { 210928, true },
+  { 210944, true },
+  { 210959, true },
+  { 210979, true },
+  { 210998, true },
+  { 211016, true },
+  { 211032, true },
+  { 211043, true },
+  { 211052, true },
+  { 211068, true },
+  { 211083, true },
+  { 211097, true },
+  { 211110, true },
+  { 211120, true },
+  { 211140, true },
+  { 211157, true },
+  { 211174, true },
+  { 211193, true },
+  { 211212, true },
+  { 211232, false },
+  { 211249, true },
+  { 211263, true },
+  { 211277, true },
+  { 211297, true },
+  { 211317, true },
+  { 211331, false },
+  { 211344, true },
+  { 211354, true },
+  { 211369, false },
+  { 211387, true },
+  { 211404, true },
+  { 211421, true },
+  { 211436, true },
+  { 211459, true },
+  { 211476, true },
+  { 211490, true },
+  { 211502, true },
+  { 211517, true },
+  { 211534, true },
+  { 211548, true },
+  { 211563, true },
+  { 211576, true },
+  { 211590, true },
+  { 211611, true },
+  { 211620, true },
+  { 211635, false },
+  { 211648, true },
+  { 211663, true },
+  { 211677, true },
+  { 211691, true },
+  { 211702, true },
+  { 211712, true },
+  { 211735, true },
+  { 211749, true },
+  { 211777, true },
+  { 211791, true },
+  { 211812, true },
+  { 211823, true },
+  { 211834, false },
+  { 211844, true },
+  { 211856, true },
+  { 211871, true },
+  { 211886, true },
+  { 211894, true },
+  { 211908, false },
+  { 211922, true },
+  { 211935, true },
+  { 211946, true },
+  { 211962, true },
+  { 211979, true },
+  { 211993, true },
+  { 212003, true },
+  { 212015, true },
+  { 212029, true },
+  { 212051, true },
+  { 212069, false },
+  { 212081, true },
+  { 212101, true },
+  { 212118, true },
+  { 212144, true },
+  { 212161, true },
+  { 212186, false },
+  { 212202, true },
+  { 212221, true },
+  { 212232, true },
+  { 212246, true },
+  { 212257, true },
+  { 212269, true },
+  { 212287, true },
+  { 212299, true },
+  { 212312, true },
+  { 212323, true },
+  { 212342, true },
+  { 212359, true },
+  { 212374, true },
+  { 212393, true },
+  { 212410, true },
+  { 212425, true },
+  { 212442, true },
+  { 212460, true },
+  { 212478, true },
+  { 212500, true },
+  { 212516, true },
+  { 212529, true },
+  { 212540, true },
+  { 212548, true },
+  { 212568, true },
+  { 212580, true },
+  { 212595, true },
+  { 212603, true },
+  { 212620, true },
+  { 212633, true },
+  { 212647, true },
+  { 212657, true },
+  { 212668, true },
+  { 212678, true },
+  { 212696, true },
+  { 212714, true },
+  { 212727, true },
+  { 212746, true },
+  { 212762, true },
+  { 212774, true },
+  { 212784, true },
+  { 212798, true },
+  { 212806, true },
+  { 212819, true },
+  { 212834, true },
+  { 212855, true },
+  { 212867, true },
+  { 212880, true },
+  { 212892, true },
+  { 212903, true },
+  { 212911, true },
+  { 212926, true },
+  { 212933, true },
+  { 212946, true },
+  { 212953, true },
+  { 212972, true },
+  { 212994, true },
+  { 213010, true },
+  { 213019, true },
+  { 213039, true },
+  { 213058, true },
+  { 213068, true },
+  { 213076, true },
+  { 213087, true },
+  { 213104, true },
+  { 213124, true },
+  { 213132, true },
+  { 213142, true },
+  { 213154, true },
+  { 213166, true },
+  { 213176, true },
+  { 213189, true },
+  { 213205, true },
+  { 213227, true },
+  { 213245, true },
+  { 213262, true },
+  { 213280, true },
+  { 213298, true },
+  { 213324, true },
+  { 213339, true },
+  { 213359, true },
+  { 213371, true },
+  { 213385, true },
+  { 213400, true },
+  { 213419, true },
+  { 213428, true },
+  { 213442, true },
+  { 213455, true },
+  { 213463, true },
+  { 213479, false },
+  { 213496, true },
+  { 213517, true },
+  { 213536, true },
+  { 213555, true },
+  { 213570, true },
+  { 213586, true },
+  { 213596, true },
+  { 213612, true },
+  { 213627, true },
+  { 213639, true },
+  { 213650, true },
+  { 213660, true },
+  { 213677, true },
+  { 213687, true },
+  { 213695, true },
+  { 213713, true },
+  { 213722, true },
+  { 213744, true },
+  { 213757, true },
+  { 213767, true },
+  { 213787, true },
+  { 213805, true },
+  { 213820, true },
+  { 213831, false },
+  { 213849, true },
+  { 213866, true },
+  { 213882, true },
+  { 213900, true },
+  { 213913, true },
+  { 213925, true },
+  { 213936, true },
+  { 213964, true },
+  { 213980, true },
+  { 213998, true },
+  { 214014, true },
+  { 214024, true },
+  { 214042, true },
+  { 214058, true },
+  { 214074, true },
+  { 214089, true },
+  { 214101, false },
+  { 214115, true },
+  { 214132, true },
+  { 214154, true },
+  { 214173, true },
+  { 214185, true },
+  { 214196, true },
+  { 214217, true },
+  { 214242, true },
+  { 214260, true },
+  { 214271, true },
+  { 214287, true },
+  { 214304, true },
+  { 214331, true },
+  { 214348, true },
+  { 214364, true },
+  { 214382, true },
+  { 214397, true },
+  { 214412, true },
+  { 214426, true },
+  { 214437, true },
+  { 214454, true },
+  { 214471, true },
+  { 214486, true },
+  { 214502, true },
+  { 214514, true },
+  { 214536, true },
+  { 214549, true },
+  { 214564, true },
+  { 214572, true },
+  { 214584, true },
+  { 214595, true },
+  { 214615, true },
+  { 214622, false },
+  { 214637, true },
+  { 214648, true },
+  { 214655, true },
+  { 214667, true },
+  { 214675, true },
+  { 214683, true },
+  { 214691, true },
+  { 214699, true },
+  { 214712, true },
+  { 214724, true },
+  { 214748, true },
+  { 214755, true },
+  { 214770, true },
+  { 214795, true },
+  { 214805, true },
+  { 214820, false },
+  { 214831, true },
+  { 214844, true },
+  { 214853, true },
+  { 214863, true },
+  { 214886, true },
+  { 214901, true },
+  { 214923, true },
+  { 214935, true },
+  { 214948, true },
+  { 214960, true },
+  { 214976, true },
+  { 214990, true },
+  { 215004, true },
+  { 215015, true },
+  { 215026, true },
+  { 215040, false },
+  { 215053, true },
+  { 215067, true },
+  { 215075, true },
+  { 215089, true },
+  { 215098, true },
+  { 215110, true },
+  { 215123, true },
+  { 215146, true },
+  { 215159, true },
+  { 215169, true },
+  { 215178, true },
+  { 215188, true },
+  { 215201, true },
+  { 215217, true },
+  { 215227, true },
+  { 215238, true },
+  { 215251, true },
+  { 215264, true },
+  { 215273, true },
+  { 215292, true },
+  { 215311, true },
+  { 215328, true },
+  { 215349, true },
+  { 215365, true },
+  { 215374, true },
+  { 215392, true },
+  { 215405, true },
+  { 215413, true },
+  { 215426, true },
+  { 215439, true },
+  { 215454, true },
+  { 215469, true },
+  { 215488, true },
+  { 215501, true },
+  { 215512, true },
+  { 215525, true },
+  { 215539, true },
+  { 215546, true },
+  { 215565, true },
+  { 215585, true },
+  { 215597, true },
+  { 215619, true },
+  { 215626, true },
+  { 215640, true },
+  { 215648, true },
+  { 215668, true },
+  { 215686, true },
+  { 215695, true },
+  { 215705, true },
+  { 215720, true },
+  { 215729, true },
+  { 215738, true },
+  { 215747, true },
+  { 215756, true },
+  { 215766, true },
+  { 215778, true },
+  { 215792, true },
+  { 215811, true },
+  { 215831, true },
+  { 215844, true },
+  { 215855, true },
+  { 215869, true },
+  { 215883, true },
+  { 215895, true },
+  { 215909, true },
+  { 215922, true },
+  { 215939, true },
+  { 215947, true },
+  { 215955, true },
+  { 215969, true },
+  { 215988, true },
+  { 216007, true },
+  { 216022, true },
+  { 216037, true },
+  { 216052, true },
+  { 216067, true },
+  { 216082, true },
+  { 216097, true },
+  { 216110, true },
+  { 216124, true },
+  { 216136, true },
+  { 216150, true },
+  { 216161, true },
+  { 216177, true },
+  { 216191, true },
+  { 216202, true },
+  { 216220, true },
+  { 216234, true },
+  { 216249, true },
+  { 216261, true },
+  { 216274, true },
+  { 216289, true },
+  { 216307, true },
+  { 216323, true },
+  { 216337, true },
+  { 216347, true },
+  { 216357, true },
+  { 216378, true },
+  { 216394, true },
+  { 216411, true },
+  { 216441, true },
+  { 216455, false },
+  { 216469, true },
+  { 216487, true },
+  { 216497, true },
+  { 216517, true },
+  { 216532, true },
+  { 216544, true },
+  { 216558, true },
+  { 216573, false },
+  { 216589, false },
+  { 216611, true },
+  { 216621, true },
+  { 216633, true },
+  { 216651, true },
+  { 216670, true },
+  { 216688, true },
+  { 216700, true },
+  { 216713, true },
+  { 216733, true },
+  { 216746, true },
+  { 216765, true },
+  { 216779, true },
+  { 216796, true },
+  { 216812, true },
+  { 216826, true },
+  { 216842, false },
+  { 216861, true },
+  { 216878, true },
+  { 216888, true },
+  { 216903, true },
+  { 216931, true },
+  { 216945, true },
+  { 216963, true },
+  { 216976, true },
+  { 216991, true },
+  { 217011, true },
+  { 217027, true },
+  { 217039, true },
+  { 217056, true },
+  { 217071, true },
+  { 217082, true },
+  { 217116, true },
+  { 217132, true },
+  { 217143, true },
+  { 217158, true },
+  { 217172, true },
+  { 217187, true },
+  { 217202, true },
+  { 217216, true },
+  { 217243, true },
+  { 217251, true },
+  { 217261, true },
+  { 217284, true },
+  { 217299, true },
+  { 217318, true },
+  { 217332, true },
+  { 217347, true },
+  { 217362, true },
+  { 217380, true },
+  { 217399, true },
+  { 217418, true },
+  { 217437, true },
+  { 217458, true },
+  { 217475, true },
+  { 217494, true },
+  { 217507, true },
+  { 217520, false },
+  { 217543, true },
+  { 217559, true },
+  { 217570, true },
+  { 217583, true },
+  { 217594, true },
+  { 217606, true },
+  { 217621, true },
+  { 217636, true },
+  { 217651, true },
+  { 217666, true },
+  { 217682, true },
+  { 217699, true },
+  { 217711, true },
+  { 217727, true },
+  { 217736, true },
+  { 217750, true },
+  { 217765, true },
+  { 217778, true },
+  { 217796, true },
+  { 217815, true },
+  { 217824, true },
+  { 217835, true },
+  { 217845, true },
+  { 217864, true },
+  { 217878, true },
+  { 217902, true },
+  { 217926, true },
+  { 217943, true },
+  { 217971, true },
+  { 217991, true },
+  { 218003, true },
+  { 218015, true },
+  { 218027, true },
+  { 218040, true },
+  { 218052, true },
+  { 218067, true },
+  { 218081, true },
+  { 218098, true },
+  { 218115, true },
+  { 218129, true },
+  { 218144, true },
+  { 218157, true },
+  { 218169, true },
+  { 218189, true },
+  { 218209, true },
+  { 218229, true },
+  { 218245, true },
+  { 218262, true },
+  { 218279, true },
+  { 218295, true },
+  { 218309, true },
+  { 218335, true },
+  { 218350, true },
+  { 218366, true },
+  { 218384, true },
+  { 218401, true },
+  { 218419, true },
+  { 218436, true },
+  { 218453, true },
+  { 218465, true },
+  { 218473, true },
+  { 218497, true },
+  { 218517, true },
+  { 218538, false },
+  { 218549, true },
+  { 218560, true },
+  { 218574, true },
+  { 218586, true },
+  { 218599, true },
+  { 218625, true },
+  { 218651, true },
+  { 218672, true },
+  { 218687, true },
+  { 218695, true },
+  { 218710, true },
+  { 218724, true },
+  { 218738, true },
+  { 218750, true },
+  { 218765, true },
+  { 218773, true },
+  { 218784, true },
+  { 218804, true },
+  { 218822, true },
+  { 218839, true },
+  { 218849, true },
+  { 218870, true },
+  { 218888, true },
+  { 218903, true },
+  { 218921, true },
+  { 218937, true },
+  { 218945, true },
+  { 218953, true },
+  { 218966, true },
+  { 218975, true },
+  { 218991, true },
+  { 219004, false },
+  { 219018, true },
+  { 219029, true },
+  { 219046, true },
+  { 219058, true },
+  { 219070, true },
+  { 219085, false },
+  { 219096, true },
+  { 219111, true },
+  { 219124, true },
+  { 219140, true },
+  { 219156, true },
+  { 219173, true },
+  { 219186, true },
+  { 219196, true },
+  { 219204, true },
+  { 219214, false },
+  { 219228, true },
+  { 219246, true },
+  { 219257, false },
+  { 219269, true },
+  { 219278, true },
+  { 219292, true },
+  { 219304, true },
+  { 219321, true },
+  { 219337, true },
+  { 219353, true },
+  { 219361, true },
+  { 219381, true },
+  { 219391, true },
+  { 219402, true },
+  { 219417, true },
+  { 219435, true },
+  { 219453, true },
+  { 219471, true },
+  { 219487, true },
+  { 219505, true },
+  { 219522, true },
+  { 219541, true },
+  { 219549, true },
+  { 219562, true },
+  { 219574, true },
+  { 219584, true },
+  { 219598, true },
+  { 219611, true },
+  { 219625, true },
+  { 219640, true },
+  { 219657, true },
+  { 219677, true },
+  { 219692, true },
+  { 219707, true },
+  { 219725, true },
+  { 219743, true },
+  { 219762, true },
+  { 219782, true },
+  { 219798, true },
+  { 219818, true },
+  { 219831, true },
+  { 219841, true },
+  { 219871, true },
+  { 219889, true },
+  { 219906, true },
+  { 219921, true },
+  { 219932, true },
+  { 219950, true },
+  { 219969, true },
+  { 219988, true },
+  { 219999, true },
+  { 220010, true },
+  { 220023, true },
+  { 220039, true },
+  { 220055, false },
+  { 220063, true },
+  { 220072, true },
+  { 220098, true },
+  { 220118, true },
+  { 220152, true },
+  { 220182, true },
+  { 220206, true },
+  { 220221, true },
+  { 220237, true },
+  { 220253, true },
+  { 220270, true },
+  { 220285, true },
+  { 220302, true },
+  { 220330, true },
+  { 220362, true },
+  { 220379, true },
+  { 220399, true },
+  { 220424, true },
+  { 220440, true },
+  { 220454, true },
+  { 220468, true },
+  { 220478, true },
+  { 220501, true },
+  { 220521, true },
+  { 220536, true },
+  { 220561, true },
+  { 220574, true },
+  { 220582, true },
+  { 220598, true },
+  { 220610, true },
+  { 220624, true },
+  { 220643, true },
+  { 220671, true },
+  { 220687, true },
+  { 220702, true },
+  { 220715, true },
+  { 220725, true },
+  { 220734, true },
+  { 220749, true },
+  { 220768, true },
+  { 220783, true },
+  { 220807, true },
+  { 220831, true },
+  { 220854, true },
+  { 220873, true },
+  { 220895, true },
+  { 220907, true },
+  { 220931, true },
+  { 220946, true },
+  { 220960, true },
+  { 220974, false },
+  { 220986, true },
+  { 221006, true },
+  { 221027, true },
+  { 221040, true },
+  { 221060, false },
+  { 221070, true },
+  { 221083, true },
+  { 221097, true },
+  { 221108, true },
+  { 221127, true },
+  { 221148, true },
+  { 221161, true },
+  { 221183, true },
+  { 221203, true },
+  { 221215, true },
+  { 221232, true },
+  { 221243, true },
+  { 221268, false },
+  { 221276, true },
+  { 221299, true },
+  { 221309, true },
+  { 221319, true },
+  { 221326, true },
+  { 221339, true },
+  { 221350, true },
+  { 221365, true },
+  { 221378, true },
+  { 221395, true },
+  { 221403, true },
+  { 221414, true },
+  { 221434, true },
+  { 221443, true },
+  { 221455, true },
+  { 221465, true },
+  { 221475, true },
+  { 221487, true },
+  { 221496, true },
+  { 221507, true },
+  { 221519, true },
+  { 221529, true },
+  { 221537, true },
+  { 221544, true },
+  { 221554, true },
+  { 221574, true },
+  { 221588, true },
+  { 221600, true },
+  { 221619, true },
+  { 221628, true },
+  { 221644, false },
+  { 221658, true },
+  { 221672, true },
+  { 221685, true },
+  { 221695, true },
+  { 221708, true },
+  { 221718, true },
+  { 221733, true },
+  { 221746, true },
+  { 221759, true },
+  { 221770, true },
+  { 221785, true },
+  { 221795, false },
+  { 221805, true },
+  { 221822, true },
+  { 221834, true },
+  { 221847, true },
+  { 221866, true },
+  { 221881, true },
+  { 221894, true },
+  { 221903, true },
+  { 221914, true },
+  { 221928, true },
+  { 221939, true },
+  { 221953, true },
+  { 221973, true },
+  { 221989, true },
+  { 222000, true },
+  { 222011, true },
+  { 222021, true },
+  { 222037, true },
+  { 222054, true },
+  { 222069, true },
+  { 222086, true },
+  { 222102, true },
+  { 222127, true },
+  { 222142, true },
+  { 222151, true },
+  { 222165, true },
+  { 222178, true },
+  { 222197, true },
+  { 222210, true },
+  { 222227, true },
+  { 222244, true },
+  { 222254, true },
+  { 222264, true },
+  { 222289, true },
+  { 222297, true },
+  { 222312, true },
+  { 222323, true },
+  { 222340, true },
+  { 222357, true },
+  { 222372, true },
+  { 222384, true },
+  { 222403, true },
+  { 222417, true },
+  { 222427, true },
+  { 222435, true },
+  { 222454, true },
+  { 222479, true },
+  { 222497, true },
+  { 222517, true },
+  { 222526, true },
+  { 222538, true },
+  { 222552, true },
+  { 222565, true },
+  { 222581, true },
+  { 222595, true },
+  { 222623, true },
+  { 222665, true },
+  { 222685, true },
+  { 222699, true },
+  { 222727, true },
+  { 222752, true },
+  { 222780, true },
+  { 222806, true },
+  { 222838, true },
+  { 222849, true },
+  { 222864, true },
+  { 222873, true },
+  { 222887, true },
+  { 222900, true },
+  { 222909, true },
+  { 222921, true },
+  { 222933, true },
+  { 222951, true },
+  { 222964, true },
+  { 222977, true },
+  { 222989, true },
+  { 223004, true },
+  { 223022, true },
+  { 223032, true },
+  { 223045, true },
+  { 223061, true },
+  { 223074, true },
+  { 223087, true },
+  { 223101, true },
+  { 223121, true },
+  { 223131, true },
+  { 223143, true },
+  { 223157, true },
+  { 223172, true },
+  { 223188, true },
+  { 223200, false },
+  { 223217, true },
+  { 223232, true },
+  { 223245, true },
+  { 223263, true },
+  { 223274, true },
+  { 223287, true },
+  { 223299, true },
+  { 223314, true },
+  { 223327, true },
+  { 223339, true },
+  { 223349, true },
+  { 223365, true },
+  { 223375, true },
+  { 223384, true },
+  { 223399, true },
+  { 223414, true },
+  { 223435, true },
+  { 223451, true },
+  { 223464, true },
+  { 223479, true },
+  { 223497, true },
+  { 223512, true },
+  { 223526, true },
+  { 223544, true },
+  { 223562, true },
+  { 223574, true },
+  { 223585, true },
+  { 223593, true },
+  { 223606, false },
+  { 223623, true },
+  { 223636, true },
+  { 223647, true },
+  { 223667, true },
+  { 223680, true },
+  { 223689, true },
+  { 223703, true },
+  { 223723, false },
+  { 223734, true },
+  { 223743, true },
+  { 223765, true },
+  { 223774, true },
+  { 223792, true },
+  { 223807, true },
+  { 223814, true },
+  { 223833, true },
+  { 223852, true },
+  { 223863, true },
+  { 223878, true },
+  { 223896, true },
+  { 223911, true },
+  { 223925, true },
+  { 223939, true },
+  { 223951, true },
+  { 223968, true },
+  { 223987, true },
+  { 224001, true },
+  { 224019, true },
+  { 224039, true },
+  { 224063, true },
+  { 224074, true },
+  { 224088, true },
+  { 224102, true },
+  { 224120, true },
+  { 224133, true },
+  { 224146, true },
+  { 224159, false },
+  { 224170, true },
+  { 224185, true },
+  { 224198, true },
+  { 224210, true },
+  { 224233, true },
+  { 224248, true },
+  { 224258, true },
+  { 224267, true },
+  { 224284, true },
+  { 224297, true },
+  { 224307, true },
+  { 224341, true },
+  { 224351, true },
+  { 224369, true },
+  { 224381, false },
+  { 224392, true },
+  { 224401, true },
+  { 224412, true },
+  { 224426, true },
+  { 224441, true },
+  { 224456, true },
+  { 224470, true },
+  { 224481, true },
+  { 224501, true },
+  { 224511, true },
+  { 224524, true },
+  { 224532, true },
+  { 224546, true },
+  { 224556, true },
+  { 224581, true },
+  { 224595, true },
+  { 224604, true },
+  { 224612, true },
+  { 224625, true },
+  { 224644, true },
+  { 224662, true },
+  { 224673, true },
+  { 224686, true },
+  { 224696, true },
+  { 224707, true },
+  { 224731, true },
+  { 224741, true },
+  { 224749, true },
+  { 224759, true },
+  { 224769, true },
+  { 224779, true },
+  { 224790, true },
+  { 224807, true },
+  { 224818, true },
+  { 224837, true },
+  { 224855, true },
+  { 224866, true },
+  { 224877, true },
+  { 224895, true },
+  { 224911, true },
+  { 224923, true },
+  { 224937, true },
+  { 224947, true },
+  { 224961, false },
+  { 224976, true },
+  { 224995, true },
+  { 225009, true },
+  { 225021, true },
+  { 225031, true },
+  { 225048, true },
+  { 225063, true },
+  { 225073, true },
+  { 225088, true },
+  { 225118, true },
+  { 225131, true },
+  { 225151, true },
+  { 225163, true },
+  { 225178, true },
+  { 225190, true },
+  { 225203, true },
+  { 225212, true },
+  { 225221, true },
+  { 225230, true },
+  { 225238, true },
+  { 225248, true },
+  { 225272, true },
+  { 225291, true },
+  { 225308, true },
+  { 225328, true },
+  { 225345, true },
+  { 225357, true },
+  { 225372, true },
+  { 225385, true },
+  { 225398, true },
+  { 225418, true },
+  { 225425, true },
+  { 225441, true },
+  { 225469, true },
+  { 225496, true },
+  { 225522, true },
+  { 225547, true },
+  { 225557, true },
+  { 225566, true },
+  { 225581, true },
+  { 225596, true },
+  { 225607, true },
+  { 225619, true },
+  { 225635, true },
+  { 225655, true },
+  { 225669, true },
+  { 225682, true },
+  { 225697, true },
+  { 225705, true },
+  { 225721, false },
+  { 225734, true },
+  { 225744, true },
+  { 225768, true },
+  { 225779, true },
+  { 225792, true },
+  { 225807, true },
+  { 225822, true },
+  { 225840, true },
+  { 225852, true },
+  { 225862, true },
+  { 225877, true },
+  { 225892, true },
+  { 225905, true },
+  { 225921, true },
+  { 225937, true },
+  { 225960, true },
+  { 225974, true },
+  { 225984, true },
+  { 226006, true },
+  { 226025, true },
+  { 226041, true },
+  { 226054, true },
+  { 226067, true },
+  { 226082, true },
+  { 226101, true },
+  { 226113, true },
+  { 226131, true },
+  { 226147, true },
+  { 226161, false },
+  { 226173, true },
+  { 226187, true },
+  { 226202, true },
+  { 226215, true },
+  { 226227, true },
+  { 226243, true },
+  { 226258, true },
+  { 226275, true },
+  { 226291, true },
+  { 226309, true },
+  { 226325, true },
+  { 226335, true },
+  { 226344, true },
+  { 226357, true },
+  { 226368, true },
+  { 226380, true },
+  { 226391, true },
+  { 226408, true },
+  { 226428, true },
+  { 226441, true },
+  { 226466, true },
+  { 226477, true },
+  { 226488, true },
+  { 226505, true },
+  { 226528, true },
+  { 226543, true },
+  { 226558, true },
+  { 226569, false },
+  { 226581, true },
+  { 226598, true },
+  { 226606, true },
+  { 226622, true },
+  { 226633, true },
+  { 226652, true },
+  { 226664, true },
+  { 226677, true },
+  { 226687, true },
+  { 226697, true },
+  { 226708, true },
+  { 226716, true },
+  { 226732, true },
+  { 226744, true },
+  { 226761, true },
+  { 226776, true },
+  { 226786, true },
+  { 226805, true },
+  { 226828, true },
+  { 226839, true },
+  { 226851, true },
+  { 226867, true },
+  { 226878, true },
+  { 226898, true },
+  { 226914, true },
+  { 226929, true },
+  { 226942, true },
+  { 226958, true },
+  { 226975, true },
+  { 226998, true },
+  { 227029, true },
+  { 227042, true },
+  { 227061, true },
+  { 227085, true },
+  { 227113, true },
+  { 227137, true },
+  { 227151, true },
+  { 227172, true },
+  { 227188, true },
+  { 227198, true },
+  { 227217, true },
+  { 227227, true },
+  { 227238, true },
+  { 227249, true },
+  { 227262, true },
+  { 227284, true },
+  { 227296, true },
+  { 227316, true },
+  { 227330, true },
+  { 227341, true },
+  { 227351, true },
+  { 227365, true },
+  { 227373, true },
+  { 227386, true },
+  { 227396, true },
+  { 227414, true },
+  { 227428, true },
+  { 227453, true },
+  { 227465, true },
+  { 227482, true },
+  { 227509, true },
+  { 227523, true },
+  { 227535, true },
+  { 227551, true },
+  { 227564, true },
+  { 227576, true },
+  { 227588, true },
+  { 227599, true },
+  { 227609, false },
+  { 227621, true },
+  { 227638, true },
+  { 227662, true },
+  { 227679, true },
+  { 227687, true },
+  { 227707, true },
+  { 227734, true },
+  { 227759, true },
+  { 227775, true },
+  { 227795, true },
+  { 227807, true },
+  { 227820, true },
+  { 227846, true },
+  { 227870, true },
+  { 227882, true },
+  { 227898, true },
+  { 227913, true },
+  { 227934, false },
+  { 227948, true },
+  { 227967, true },
+  { 227997, true },
+  { 228034, true },
+  { 228066, true },
+  { 228093, true },
+  { 228110, true },
+  { 228127, true },
+  { 228144, true },
+  { 228164, true },
+  { 228174, true },
+  { 228191, true },
+  { 228205, true },
+  { 228222, true },
+  { 228235, true },
+  { 228247, true },
+  { 228259, true },
+  { 228272, true },
+  { 228282, true },
+  { 228305, false },
+  { 228319, true },
+  { 228342, false },
+  { 228356, true },
+  { 228368, true },
+  { 228379, true },
+  { 228397, true },
+  { 228410, true },
+  { 228425, true },
+  { 228439, true },
+  { 228455, true },
+  { 228469, true },
+  { 228487, true },
+  { 228497, true },
+  { 228509, true },
+  { 228532, true },
+  { 228550, true },
+  { 228583, true },
+  { 228593, true },
+  { 228602, false },
+  { 228611, true },
+  { 228630, true },
+  { 228642, true },
+  { 228656, true },
+  { 228669, true },
+  { 228690, true },
+  { 228704, true },
+  { 228718, true },
+  { 228736, true },
+  { 228754, true },
+  { 228771, true },
+  { 228787, true },
+  { 228800, true },
+  { 228813, true },
+  { 228825, true },
+  { 228837, true },
+  { 228851, true },
+  { 228868, true },
+  { 228889, true },
+  { 228906, true },
+  { 228920, true },
+  { 228943, true },
+  { 228961, true },
+  { 228983, true },
+  { 229004, true },
+  { 229027, true },
+  { 229054, true },
+  { 229078, true },
+  { 229101, true },
+  { 229115, true },
+  { 229129, true },
+  { 229147, true },
+  { 229160, true },
+  { 229172, true },
+  { 229183, true },
+  { 229199, true },
+  { 229216, true },
+  { 229230, true },
+  { 229244, true },
+  { 229253, true },
+  { 229263, true },
+  { 229275, true },
+  { 229288, true },
+  { 229300, false },
+  { 229323, true },
+  { 229335, false },
+  { 229348, true },
+  { 229356, true },
+  { 229367, true },
+  { 229384, true },
+  { 229393, true },
+  { 229401, true },
+  { 229414, true },
+  { 229429, true },
+  { 229438, true },
+  { 229461, true },
+  { 229473, true },
+  { 229489, true },
+  { 229501, true },
+  { 229524, true },
+  { 229540, true },
+  { 229556, true },
+  { 229571, true },
+  { 229584, true },
+  { 229594, true },
+  { 229603, true },
+  { 229610, true },
+  { 229622, true },
+  { 229638, true },
+  { 229651, true },
+  { 229668, true },
+  { 229691, true },
+  { 229708, true },
+  { 229726, true },
+  { 229739, true },
+  { 229756, true },
+  { 229770, true },
+  { 229796, true },
+  { 229809, true },
+  { 229823, true },
+  { 229837, true },
+  { 229849, true },
+  { 229858, true },
+  { 229872, true },
+  { 229888, true },
+  { 229905, true },
+  { 229917, true },
+  { 229930, false },
+  { 229945, true },
+  { 229966, true },
+  { 229979, true },
+  { 229994, true },
+  { 230008, true },
+  { 230034, true },
+  { 230044, true },
+  { 230055, true },
+  { 230070, true },
+  { 230088, true },
+  { 230098, true },
+  { 230107, true },
+  { 230121, true },
+  { 230139, true },
+  { 230156, true },
+  { 230164, true },
+  { 230174, true },
+  { 230191, true },
+  { 230199, true },
+  { 230212, true },
+  { 230222, true },
+  { 230233, true },
+  { 230251, true },
+  { 230265, true },
+  { 230279, true },
+  { 230287, true },
+  { 230305, true },
+  { 230324, true },
+  { 230332, true },
+  { 230344, true },
+  { 230358, true },
+  { 230376, true },
+  { 230385, true },
+  { 230396, true },
+  { 230409, true },
+  { 230431, true },
+  { 230446, true },
+  { 230464, true },
+  { 230472, true },
+  { 230486, true },
+  { 230495, true },
+  { 230510, true },
+  { 230528, true },
+  { 230550, true },
+  { 230562, true },
+  { 230572, true },
+  { 230582, true },
+  { 230592, true },
+  { 230603, true },
+  { 230609, true },
+  { 230623, true },
+  { 230634, true },
+  { 230646, true },
+  { 230659, true },
+  { 230672, true },
+  { 230687, true },
+  { 230698, true },
+  { 230712, true },
+  { 230726, true },
+  { 230737, true },
+  { 230745, true },
+  { 230756, true },
+  { 230767, true },
+  { 230781, true },
+  { 230795, true },
+  { 230819, false },
+  { 230840, true },
+  { 230858, true },
+  { 230875, true },
+  { 230892, true },
+  { 230911, true },
+  { 230923, true },
+  { 230935, true },
+  { 230943, true },
+  { 230952, true },
+  { 230965, true },
+  { 230973, true },
+  { 230988, true },
+  { 230996, true },
+  { 231010, true },
+  { 231023, true },
+  { 231035, true },
+  { 231052, true },
+  { 231067, true },
+  { 231080, true },
+  { 231094, true },
+  { 231104, true },
+  { 231119, true },
+  { 231138, true },
+  { 231160, true },
+  { 231171, true },
+  { 231182, true },
+  { 231193, true },
+  { 231204, true },
+  { 231214, true },
+  { 231225, false },
+  { 231246, true },
+  { 231260, true },
+  { 231272, true },
+  { 231286, true },
+  { 231298, true },
+  { 231315, true },
+  { 231327, true },
+  { 231345, true },
+  { 231359, true },
+  { 231370, true },
+  { 231382, true },
+  { 231399, true },
+  { 231410, true },
+  { 231420, true },
+  { 231440, true },
+  { 231451, true },
+  { 231465, true },
+  { 231479, true },
+  { 231490, true },
+  { 231512, true },
+  { 231525, true },
+  { 231536, true },
+  { 231549, true },
+  { 231561, true },
+  { 231580, true },
+  { 231589, true },
+  { 231605, true },
+  { 231618, true },
+  { 231642, true },
+  { 231656, true },
+  { 231671, true },
+  { 231685, true },
+  { 231700, true },
+  { 231714, true },
+  { 231722, true },
+  { 231736, true },
+  { 231746, true },
+  { 231757, true },
+  { 231769, false },
+  { 231782, true },
+  { 231795, true },
+  { 231808, true },
+  { 231820, true },
+  { 231832, true },
+  { 231842, true },
+  { 231857, true },
+  { 231867, true },
+  { 231884, true },
+  { 231892, true },
+  { 231906, true },
+  { 231919, true },
+  { 231930, true },
+  { 231941, true },
+  { 231970, true },
+  { 231980, true },
+  { 231999, true },
+  { 232012, true },
+  { 232025, true },
+  { 232038, false },
+  { 232049, true },
+  { 232059, true },
+  { 232073, true },
+  { 232095, true },
+  { 232109, true },
+  { 232122, true },
+  { 232134, true },
+  { 232146, true },
+  { 232156, true },
+  { 232169, true },
+  { 232183, true },
+  { 232193, true },
+  { 232204, true },
+  { 232214, true },
+  { 232225, true },
+  { 232238, true },
+  { 232250, true },
+  { 232265, true },
+  { 232289, true },
+  { 232302, true },
+  { 232313, true },
+  { 232326, true },
+  { 232341, true },
+  { 232353, true },
+  { 232373, true },
+  { 232384, true },
+  { 232404, true },
+  { 232419, true },
+  { 232427, true },
+  { 232439, true },
+  { 232449, true },
+  { 232457, false },
+  { 232477, true },
+  { 232499, true },
+  { 232511, true },
+  { 232522, true },
+  { 232531, true },
+  { 232539, true },
+  { 232548, true },
+  { 232560, true },
+  { 232572, true },
+  { 232582, true },
+  { 232592, true },
+  { 232609, true },
+  { 232617, true },
+  { 232631, true },
+  { 232641, true },
+  { 232654, true },
+  { 232668, false },
+  { 232679, true },
+  { 232692, true },
+  { 232706, true },
+  { 232718, true },
+  { 232737, true },
+  { 232758, true },
+  { 232781, true },
+  { 232790, true },
+  { 232807, true },
+  { 232823, true },
+  { 232841, true },
+  { 232860, true },
+  { 232873, true },
+  { 232887, true },
+  { 232897, true },
+  { 232914, true },
+  { 232937, true },
+  { 232956, true },
+  { 232965, true },
+  { 232977, true },
+  { 233001, true },
+  { 233014, true },
+  { 233032, true },
+  { 233049, true },
+  { 233067, true },
+  { 233078, true },
+  { 233092, true },
+  { 233110, true },
+  { 233123, true },
+  { 233133, true },
+  { 233147, true },
+  { 233157, true },
+  { 233169, true },
+  { 233182, true },
+  { 233201, true },
+  { 233214, true },
+  { 233224, true },
+  { 233233, true },
+  { 233245, true },
+  { 233257, true },
+  { 233265, true },
+  { 233284, true },
+  { 233296, true },
+  { 233306, true },
+  { 233324, true },
+  { 233332, true },
+  { 233354, false },
+  { 233367, true },
+  { 233377, true },
+  { 233385, true },
+  { 233392, true },
+  { 233399, true },
+  { 233411, true },
+  { 233423, true },
+  { 233433, true },
+  { 233445, true },
+  { 233453, true },
+  { 233465, true },
+  { 233480, true },
+  { 233489, true },
+  { 233497, true },
+  { 233514, true },
+  { 233529, true },
+  { 233542, true },
+  { 233560, true },
+  { 233573, true },
+  { 233580, true },
+  { 233586, true },
+  { 233598, true },
+  { 233608, true },
+  { 233617, true },
+  { 233627, true },
+  { 233634, false },
+  { 233649, true },
+  { 233660, true },
+  { 233671, true },
+  { 233687, true },
+  { 233702, true },
+  { 233721, true },
+  { 233737, true },
+  { 233750, true },
+  { 233772, true },
+  { 233785, true },
+  { 233799, true },
+  { 233817, true },
+  { 233829, true },
+  { 233843, true },
+  { 233856, true },
+  { 233879, true },
+  { 233890, true },
+  { 233899, true },
+  { 233914, true },
+  { 233933, true },
+  { 233943, true },
+  { 233955, true },
+  { 233963, true },
+  { 233976, true },
+  { 233988, true },
+  { 234001, true },
+  { 234021, true },
+  { 234040, true },
+  { 234049, true },
+  { 234065, true },
+  { 234082, true },
+  { 234094, true },
+  { 234114, true },
+  { 234124, true },
+  { 234138, true },
+  { 234150, true },
+  { 234165, true },
+  { 234180, true },
+  { 234193, true },
+  { 234212, true },
+  { 234224, false },
+  { 234239, true },
+  { 234249, true },
+  { 234266, true },
+  { 234278, true },
+  { 234291, true },
+  { 234310, true },
+  { 234329, true },
+  { 234347, true },
+  { 234359, true },
+  { 234370, true },
+  { 234389, true },
+  { 234413, true },
+  { 234424, true },
+  { 234438, true },
+  { 234447, true },
+  { 234464, true },
+  { 234479, true },
+  { 234488, true },
+  { 234498, true },
+  { 234513, true },
+  { 234527, true },
+  { 234546, true },
+  { 234558, true },
+  { 234573, true },
+  { 234584, true },
+  { 234593, true },
+  { 234600, true },
+  { 234612, true },
+  { 234622, true },
+  { 234641, true },
+  { 234656, true },
+  { 234666, true },
+  { 234675, true },
+  { 234685, true },
+  { 234693, true },
+  { 234701, true },
+  { 234711, true },
+  { 234722, true },
+  { 234732, true },
+  { 234744, true },
+  { 234752, true },
+  { 234763, true },
+  { 234775, true },
+  { 234789, true },
+  { 234804, true },
+  { 234818, true },
+  { 234832, true },
+  { 234851, true },
+  { 234865, false },
+  { 234876, true },
+  { 234885, true },
+  { 234901, true },
+  { 234923, true },
+  { 234933, true },
+  { 234950, true },
+  { 234962, true },
+  { 234975, true },
+  { 234989, true },
+  { 235007, true },
+  { 235026, true },
+  { 235046, true },
+  { 235059, true },
+  { 235070, true },
+  { 235077, false },
+  { 235097, true },
+  { 235109, true },
+  { 235119, true },
+  { 235128, true },
+  { 235140, true },
+  { 235158, true },
+  { 235170, true },
+  { 235184, true },
+  { 235202, true },
+  { 235217, true },
+  { 235230, true },
+  { 235243, true },
+  { 235268, true },
+  { 235285, true },
+  { 235297, true },
+  { 235309, true },
+  { 235328, true },
+  { 235339, true },
+  { 235356, true },
+  { 235366, true },
+  { 235393, true },
+  { 235407, true },
+  { 235422, true },
+  { 235447, true },
+  { 235470, true },
+  { 235493, false },
+  { 235548, true },
+  { 235575, true },
+  { 235590, true },
+  { 235618, true },
+  { 235630, true },
+  { 235642, true },
+  { 235656, true },
+  { 235667, true },
+  { 235679, true },
+  { 235701, false },
+  { 235717, true },
+  { 235729, true },
+  { 235742, true },
+  { 235767, true },
+  { 235788, true },
+  { 235798, true },
+  { 235811, true },
+  { 235821, true },
+  { 235836, true },
+  { 235847, true },
+  { 235870, true },
+  { 235882, true },
+  { 235892, true },
+  { 235914, true },
+  { 235937, true },
+  { 235947, true },
+  { 235957, true },
+  { 235969, true },
+  { 235989, true },
+  { 236012, true },
+  { 236025, true },
+  { 236036, false },
+  { 236050, true },
+  { 236072, true },
+  { 236090, true },
+  { 236101, true },
+  { 236120, true },
+  { 236136, true },
+  { 236150, true },
+  { 236171, true },
+  { 236196, true },
+  { 236210, true },
+  { 236223, true },
+  { 236240, true },
+  { 236263, true },
+  { 236298, true },
+  { 236321, true },
+  { 236351, true },
+  { 236378, true },
+  { 236399, true },
+  { 236422, true },
+  { 236449, true },
+  { 236462, true },
+  { 236477, true },
+  { 236487, true },
+  { 236496, true },
+  { 236509, true },
+  { 236529, true },
+  { 236540, true },
+  { 236552, true },
+  { 236574, true },
+  { 236587, false },
+  { 236604, true },
+  { 236618, true },
+  { 236635, true },
+  { 236652, true },
+  { 236664, true },
+  { 236678, true },
+  { 236692, true },
+  { 236702, true },
+  { 236719, true },
+  { 236730, true },
+  { 236741, true },
+  { 236756, true },
+  { 236776, true },
+  { 236789, true },
+  { 236801, true },
+  { 236813, false },
+  { 236822, true },
+  { 236843, true },
+  { 236866, true },
+  { 236878, true },
+  { 236894, true },
+  { 236908, true },
+  { 236920, true },
+  { 236933, true },
+  { 236947, true },
+  { 236960, true },
+  { 236972, true },
+  { 236989, false },
+  { 236999, true },
+  { 237020, true },
+  { 237034, true },
+  { 237043, true },
+  { 237063, true },
+  { 237073, true },
+  { 237086, true },
+  { 237104, true },
+  { 237122, true },
+  { 237134, true },
+  { 237148, true },
+  { 237166, true },
+  { 237177, true },
+  { 237199, true },
+  { 237221, true },
+  { 237233, true },
+  { 237246, true },
+  { 237256, true },
+  { 237279, true },
+  { 237293, true },
+  { 237305, true },
+  { 237324, true },
+  { 237336, true },
+  { 237350, true },
+  { 237369, true },
+  { 237381, true },
+  { 237393, true },
+  { 237413, true },
+  { 237425, true },
+  { 237446, true },
+  { 237459, true },
+  { 237482, true },
+  { 237503, true },
+  { 237519, true },
+  { 237531, true },
+  { 237560, true },
+  { 237573, true },
+  { 237583, true },
+  { 237600, true },
+  { 237615, true },
+  { 237629, true },
+  { 237640, true },
+  { 237654, true },
+  { 237667, true },
+  { 237681, true },
+  { 237694, true },
+  { 237707, true },
+  { 237725, true },
+  { 237738, true },
+  { 237752, true },
+  { 237767, true },
+  { 237779, true },
+  { 237793, true },
+  { 237808, true },
+  { 237831, true },
+  { 237839, true },
+  { 237849, true },
+  { 237862, true },
+  { 237886, true },
+  { 237908, true },
+  { 237920, true },
+  { 237938, true },
+  { 237955, true },
+  { 237973, true },
+  { 237991, true },
+  { 238010, true },
+  { 238033, true },
+  { 238046, false },
+  { 238059, true },
+  { 238078, true },
+  { 238096, true },
+  { 238108, true },
+  { 238115, true },
+  { 238131, true },
+  { 238155, true },
+  { 238173, true },
+  { 238181, true },
+  { 238198, true },
+  { 238220, true },
+  { 238235, false },
+  { 238253, true },
+  { 238273, true },
+  { 238291, true },
+  { 238304, true },
+  { 238319, true },
+  { 238333, true },
+  { 238348, true },
+  { 238373, true },
+  { 238390, true },
+  { 238412, true },
+  { 238429, true },
+  { 238440, true },
+  { 238459, true },
+  { 238475, true },
+  { 238489, true },
+  { 238502, true },
+  { 238516, true },
+  { 238531, true },
+  { 238542, true },
+  { 238570, true },
+  { 238597, true },
+  { 238622, true },
+  { 238650, true },
+  { 238664, true },
+  { 238683, true },
+  { 238704, true },
+  { 238723, true },
+  { 238755, true },
+  { 238771, true },
+  { 238792, true },
+  { 238808, true },
+  { 238827, true },
+  { 238838, true },
+  { 238858, true },
+  { 238876, true },
+  { 238887, true },
+  { 238905, true },
+  { 238916, true },
+  { 238928, true },
+  { 238940, true },
+  { 238950, true },
+  { 238964, true },
+  { 238979, true },
+  { 238989, true },
+  { 239017, true },
+  { 239029, false },
+  { 239040, true },
+  { 239054, true },
+  { 239067, true },
+  { 239082, true },
+  { 239093, true },
+  { 239116, true },
+  { 239132, true },
+  { 239155, true },
+  { 239164, true },
+  { 239180, true },
+  { 239202, true },
+  { 239214, true },
+  { 239225, true },
+  { 239237, true },
+  { 239252, true },
+  { 239266, true },
+  { 239280, true },
+  { 239291, true },
+  { 239303, true },
+  { 239315, true },
+  { 239326, true },
+  { 239333, true },
+  { 239352, true },
+  { 239370, true },
+  { 239378, true },
+  { 239391, true },
+  { 239400, true },
+  { 239409, true },
+  { 239424, true },
+  { 239434, true },
+  { 239449, false },
+  { 239457, true },
+  { 239471, true },
+  { 239489, false },
+  { 239500, true },
+  { 239511, true },
+  { 239522, true },
+  { 239546, true },
+  { 239565, false },
+  { 239575, true },
+  { 239583, true },
+  { 239597, true },
+  { 239610, true },
+  { 239626, true },
+  { 239650, true },
+  { 239657, true },
+  { 239669, true },
+  { 239677, true },
+  { 239689, true },
+  { 239700, true },
+  { 239713, true },
+  { 239731, true },
+  { 239749, true },
+  { 239760, true },
+  { 239774, true },
+  { 239794, true },
+  { 239809, true },
+  { 239826, true },
+  { 239842, true },
+  { 239855, true },
+  { 239866, true },
+  { 239881, true },
+  { 239902, true },
+  { 239913, true },
+  { 239931, true },
+  { 239946, true },
+  { 239964, false },
+  { 239983, true },
+  { 239999, true },
+  { 240014, true },
+  { 240030, true },
+  { 240051, true },
+  { 240071, true },
+  { 240084, true },
+  { 240098, true },
+  { 240111, true },
+  { 240121, true },
+  { 240131, true },
+  { 240156, true },
+  { 240171, true },
+  { 240196, true },
+  { 240216, true },
+  { 240232, true },
+  { 240247, true },
+  { 240263, true },
+  { 240274, true },
+  { 240285, true },
+  { 240296, true },
+  { 240309, true },
+  { 240332, true },
+  { 240348, true },
+  { 240364, true },
+  { 240383, true },
+  { 240401, true },
+  { 240413, false },
+  { 240423, true },
+  { 240440, true },
+  { 240466, true },
+  { 240490, true },
+  { 240516, true },
+  { 240540, true },
+  { 240553, true },
+  { 240568, true },
+  { 240579, true },
+  { 240594, true },
+  { 240603, true },
+  { 240616, true },
+  { 240628, true },
+  { 240640, true },
+  { 240654, true },
+  { 240664, true },
+  { 240677, true },
+  { 240690, true },
+  { 240706, true },
+  { 240720, true },
+  { 240734, true },
+  { 240751, true },
+  { 240767, true },
+  { 240783, true },
+  { 240801, true },
+  { 240817, true },
+  { 240830, true },
+  { 240846, true },
+  { 240861, true },
+  { 240879, true },
+  { 240898, true },
+  { 240913, true },
+  { 240925, true },
+  { 240939, true },
+  { 240956, true },
+  { 240975, true },
+  { 240995, false },
+  { 241011, true },
+  { 241022, true },
+  { 241048, true },
+  { 241057, true },
+  { 241072, true },
+  { 241083, true },
+  { 241103, true },
+  { 241124, true },
+  { 241139, true },
+  { 241160, false },
+  { 241181, true },
+  { 241211, false },
+  { 241228, true },
+  { 241239, true },
+  { 241258, true },
+  { 241273, true },
+  { 241284, true },
+  { 241298, true },
+  { 241312, true },
+  { 241335, true },
+  { 241352, true },
+  { 241380, true },
+  { 241392, true },
+  { 241415, true },
+  { 241438, true },
+  { 241446, true },
+  { 241458, true },
+  { 241471, true },
+  { 241498, true },
+  { 241508, true },
+  { 241519, true },
+  { 241528, true },
+  { 241543, true },
+  { 241555, true },
+  { 241578, true },
+  { 241595, true },
+  { 241609, true },
+  { 241619, true },
+  { 241646, true },
+  { 241658, true },
+  { 241668, true },
+  { 241689, true },
+  { 241700, true },
+  { 241713, true },
+  { 241728, true },
+  { 241741, true },
+  { 241756, true },
+  { 241771, true },
+  { 241789, true },
+  { 241803, true },
+  { 241821, true },
+  { 241832, true },
+  { 241842, true },
+  { 241855, true },
+  { 241864, true },
+  { 241879, true },
+  { 241894, true },
+  { 241903, true },
+  { 241912, false },
+  { 241929, true },
+  { 241943, true },
+  { 241952, false },
+  { 241963, true },
+  { 241974, true },
+  { 241989, true },
+  { 242005, true },
+  { 242020, true },
+  { 242035, true },
+  { 242043, true },
+  { 242060, true },
+  { 242074, true },
+  { 242094, true },
+  { 242106, true },
+  { 242117, true },
+  { 242131, true },
+  { 242143, true },
+  { 242153, true },
+  { 242168, true },
+  { 242193, true },
+  { 242211, true },
+  { 242228, true },
+  { 242245, true },
+  { 242271, true },
+  { 242279, true },
+  { 242306, true },
+  { 242324, true },
+  { 242343, true },
+  { 242355, true },
+  { 242368, true },
+  { 242387, true },
+  { 242402, true },
+  { 242426, true },
+  { 242444, true },
+  { 242459, true },
+  { 242477, true },
+  { 242500, true },
+  { 242511, true },
+  { 242527, true },
+  { 242540, true },
+  { 242555, true },
+  { 242590, true },
+  { 242605, true },
+  { 242626, true },
+  { 242640, true },
+  { 242659, true },
+  { 242670, true },
+  { 242694, true },
+  { 242710, true },
+  { 242720, true },
+  { 242731, true },
+  { 242747, true },
+  { 242767, true },
+  { 242780, true },
+  { 242791, true },
+  { 242799, true },
+  { 242816, true },
+  { 242843, true },
+  { 242855, true },
+  { 242874, true },
+  { 242893, true },
+  { 242918, true },
+  { 242939, true },
+  { 242962, true },
+  { 242982, true },
+  { 242997, true },
+  { 243020, true },
+  { 243041, true },
+  { 243060, true },
+  { 243073, true },
+  { 243088, true },
+  { 243108, true },
+  { 243118, true },
+  { 243137, true },
+  { 243154, true },
+  { 243170, true },
+  { 243186, true },
+  { 243200, true },
+  { 243210, true },
+  { 243223, false },
+  { 243240, true },
+  { 243251, true },
+  { 243258, true },
+  { 243272, true },
+  { 243281, true },
+  { 243303, true },
+  { 243316, true },
+  { 243334, true },
+  { 243349, true },
+  { 243359, true },
+  { 243379, true },
+  { 243396, true },
+  { 243413, true },
+  { 243423, true },
+  { 243433, true },
+  { 243447, true },
+  { 243459, true },
+  { 243469, true },
+  { 243484, true },
+  { 243492, true },
+  { 243516, true },
+  { 243540, true },
+  { 243548, true },
+  { 243561, true },
+  { 243578, false },
+  { 243591, true },
+  { 243605, true },
+  { 243618, true },
+  { 243627, true },
+  { 243639, false },
+  { 243659, true },
+  { 243671, true },
+  { 243683, true },
+  { 243694, true },
+  { 243705, true },
+  { 243716, true },
+  { 243727, true },
+  { 243738, true },
+  { 243749, true },
+  { 243762, true },
+  { 243775, true },
+  { 243785, true },
+  { 243800, true },
+  { 243810, true },
+  { 243821, true },
+  { 243835, true },
+  { 243846, true },
+  { 243865, true },
+  { 243883, true },
+  { 243904, false },
+  { 243930, true },
+  { 243942, true },
+  { 243959, true },
+  { 243973, true },
+  { 243985, true },
+  { 243999, true },
+  { 244012, true },
+  { 244025, true },
+  { 244056, true },
+  { 244085, true },
+  { 244099, true },
+  { 244115, false },
+  { 244128, true },
+  { 244139, true },
+  { 244153, true },
+  { 244165, true },
+  { 244186, true },
+  { 244199, true },
+  { 244211, true },
+  { 244224, true },
+  { 244241, true },
+  { 244256, true },
+  { 244272, true },
+  { 244284, true },
+  { 244294, false },
+  { 244308, true },
+  { 244328, true },
+  { 244346, true },
+  { 244362, true },
+  { 244380, true },
+  { 244393, true },
+  { 244406, true },
+  { 244419, true },
+  { 244432, true },
+  { 244452, true },
+  { 244463, true },
+  { 244473, true },
+  { 244482, true },
+  { 244493, true },
+  { 244504, true },
+  { 244515, true },
+  { 244524, true },
+  { 244538, true },
+  { 244550, true },
+  { 244574, true },
+  { 244587, true },
+  { 244601, true },
+  { 244613, true },
+  { 244630, true },
+  { 244652, true },
+  { 244667, true },
+  { 244681, true },
+  { 244692, true },
+  { 244712, true },
+  { 244730, true },
+  { 244752, true },
+  { 244774, true },
+  { 244792, true },
+  { 244805, true },
+  { 244813, true },
+  { 244825, true },
+  { 244839, true },
+  { 244854, true },
+  { 244877, true },
+  { 244888, true },
+  { 244902, true },
+  { 244915, false },
+  { 244930, true },
+  { 244942, true },
+  { 244966, true },
+  { 244981, true },
+  { 244994, true },
+  { 245006, true },
+  { 245019, true },
+  { 245039, true },
+  { 245049, true },
+  { 245057, true },
+  { 245073, true },
+  { 245085, false },
+  { 245099, true },
+  { 245113, true },
+  { 245125, true },
+  { 245139, true },
+  { 245161, true },
+  { 245183, true },
+  { 245198, true },
+  { 245212, true },
+  { 245230, true },
+  { 245247, true },
+  { 245260, true },
+  { 245286, true },
+  { 245302, true },
+  { 245325, true },
+  { 245335, true },
+  { 245346, true },
+  { 245360, true },
+  { 245372, true },
+  { 245387, true },
+  { 245415, true },
+  { 245443, false },
+  { 245453, true },
+  { 245476, true },
+  { 245503, true },
+  { 245513, true },
+  { 245524, true },
+  { 245537, true },
+  { 245544, true },
+  { 245555, true },
+  { 245569, true },
+  { 245597, true },
+  { 245607, true },
+  { 245620, true },
+  { 245629, true },
+  { 245639, true },
+  { 245659, true },
+  { 245673, true },
+  { 245682, true },
+  { 245693, true },
+  { 245709, true },
+  { 245724, true },
+  { 245746, true },
+  { 245764, true },
+  { 245780, true },
+  { 245802, true },
+  { 245825, true },
+  { 245839, true },
+  { 245852, true },
+  { 245868, true },
+  { 245886, true },
+  { 245905, true },
+  { 245928, true },
+  { 245943, true },
+  { 245957, true },
+  { 245973, true },
+  { 245986, true },
+  { 246000, true },
+  { 246009, true },
+  { 246022, false },
+  { 246033, true },
+  { 246044, true },
+  { 246059, true },
+  { 246069, true },
+  { 246081, true },
+  { 246091, true },
+  { 246102, true },
+  { 246120, true },
+  { 246140, true },
+  { 246154, true },
+  { 246165, true },
+  { 246174, true },
+  { 246188, true },
+  { 246197, true },
+  { 246208, false },
+  { 246222, true },
+  { 246245, true },
+  { 246259, true },
+  { 246275, true },
+  { 246288, true },
+  { 246302, true },
+  { 246323, true },
+  { 246337, true },
+  { 246353, true },
+  { 246373, true },
+  { 246383, true },
+  { 246391, true },
+  { 246400, true },
+  { 246412, true },
+  { 246423, true },
+  { 246438, true },
+  { 246452, true },
+  { 246469, true },
+  { 246479, true },
+  { 246488, true },
+  { 246507, true },
+  { 246516, true },
+  { 246526, true },
+  { 246540, true },
+  { 246558, true },
+  { 246574, true },
+  { 246584, true },
+  { 246604, true },
+  { 246618, true },
+  { 246633, true },
+  { 246650, true },
+  { 246668, true },
+  { 246695, true },
+  { 246707, true },
+  { 246721, true },
+  { 246746, true },
+  { 246771, true },
+  { 246783, true },
+  { 246793, true },
+  { 246812, true },
+  { 246825, true },
+  { 246849, false },
+  { 246868, true },
+  { 246896, true },
+  { 246910, true },
+  { 246928, true },
+  { 246941, true },
+  { 246954, true },
+  { 246968, true },
+  { 246980, true },
+  { 246991, true },
+  { 247005, true },
+  { 247033, true },
+  { 247046, true },
+  { 247062, true },
+  { 247078, true },
+  { 247093, true },
+  { 247119, true },
+  { 247139, true },
+  { 247156, false },
+  { 247170, true },
+  { 247192, true },
+  { 247208, true },
+  { 247245, true },
+  { 247272, true },
+  { 247291, true },
+  { 247309, true },
+  { 247327, true },
+  { 247335, true },
+  { 247351, true },
+  { 247366, true },
+  { 247374, true },
+  { 247385, true },
+  { 247393, true },
+  { 247405, true },
+  { 247416, true },
+  { 247435, true },
+  { 247451, true },
+  { 247464, true },
+  { 247477, true },
+  { 247490, true },
+  { 247504, true },
+  { 247520, true },
+  { 247538, true },
+  { 247554, true },
+  { 247568, true },
+  { 247583, true },
+  { 247598, true },
+  { 247612, true },
+  { 247626, true },
+  { 247639, true },
+  { 247651, true },
+  { 247663, true },
+  { 247675, true },
+  { 247690, true },
+  { 247704, true },
+  { 247717, true },
+  { 247735, true },
+  { 247747, true },
+  { 247773, true },
+  { 247792, true },
+  { 247815, true },
+  { 247828, true },
+  { 247836, true },
+  { 247855, true },
+  { 247867, true },
+  { 247885, true },
+  { 247902, true },
+  { 247912, true },
+  { 247923, true },
+  { 247935, true },
+  { 247955, true },
+  { 247979, true },
+  { 247991, true },
+  { 248002, true },
+  { 248015, true },
+  { 248033, true },
+  { 248042, true },
+  { 248060, true },
+  { 248070, true },
+  { 248077, true },
+  { 248085, true },
+  { 248096, true },
+  { 248110, true },
+  { 248124, true },
+  { 248137, true },
+  { 248147, false },
+  { 248160, true },
+  { 248168, true },
+  { 248181, true },
+  { 248192, true },
+  { 248205, true },
+  { 248215, true },
+  { 248227, true },
+  { 248235, true },
+  { 248241, true },
+  { 248261, true },
+  { 248273, true },
+  { 248282, true },
+  { 248289, true },
+  { 248300, true },
+  { 248311, true },
+  { 248326, true },
+  { 248338, true },
+  { 248356, true },
+  { 248375, true },
+  { 248388, true },
+  { 248402, true },
+  { 248414, true },
+  { 248425, true },
+  { 248443, true },
+  { 248454, true },
+  { 248467, true },
+  { 248482, true },
+  { 248500, true },
+  { 248517, true },
+  { 248539, true },
+  { 248557, true },
+  { 248572, true },
+  { 248585, true },
+  { 248597, true },
+  { 248613, true },
+  { 248627, true },
+  { 248639, true },
+  { 248652, true },
+  { 248664, true },
+  { 248676, true },
+  { 248689, true },
+  { 248698, true },
+  { 248715, true },
+  { 248728, false },
+  { 248739, true },
+  { 248757, true },
+  { 248777, true },
+  { 248791, true },
+  { 248799, true },
+  { 248814, false },
+  { 248821, true },
+  { 248840, true },
+  { 248859, true },
+  { 248885, true },
+  { 248896, true },
+  { 248908, true },
+  { 248932, true },
+  { 248945, false },
+  { 248960, true },
+  { 248971, true },
+  { 248982, true },
+  { 248996, true },
+  { 249027, false },
+  { 249038, false },
+  { 249049, false },
+  { 249061, true },
+  { 249075, true },
+  { 249088, true },
+  { 249101, true },
+  { 249114, true },
+  { 249136, false },
+  { 249146, true },
+  { 249166, true },
+  { 249180, true },
+  { 249197, false },
+  { 249212, false },
+  { 249228, true },
+  { 249241, true },
+  { 249252, true },
+  { 249265, true },
+  { 249287, true },
+  { 249307, true },
+  { 249327, true },
+  { 249341, true },
+  { 249354, true },
+  { 249374, true },
+  { 249385, true },
+  { 249403, true },
+  { 249423, true },
+  { 249443, true },
+  { 249469, true },
+  { 249489, true },
+  { 249512, true },
+  { 249533, true },
+  { 249550, true },
+  { 249569, true },
+  { 249587, true },
+  { 249611, true },
+  { 249631, true },
+  { 249654, true },
+  { 249674, true },
+  { 249696, true },
+  { 249715, true },
+  { 249725, true },
+  { 249733, true },
+  { 249744, true },
+  { 249755, true },
+  { 249767, true },
+  { 249778, true },
+  { 249787, true },
+  { 249796, true },
+  { 249807, true },
+  { 249821, true },
+  { 249832, true },
+  { 249845, true },
+  { 249858, true },
+  { 249868, true },
+  { 249888, true },
+  { 249900, true },
+  { 249913, true },
+  { 249927, true },
+  { 249935, true },
+  { 249950, true },
+  { 249961, true },
+  { 249969, true },
+  { 249979, true },
+  { 249996, true },
+  { 250008, true },
+  { 250022, true },
+  { 250045, true },
+  { 250058, true },
+  { 250088, true },
+  { 250111, true },
+  { 250126, true },
+  { 250143, true },
+  { 250165, true },
+  { 250187, true },
+  { 250208, true },
+  { 250223, true },
+  { 250238, true },
+  { 250250, true },
+  { 250261, true },
+  { 250270, true },
+  { 250282, true },
+  { 250298, true },
+  { 250309, true },
+  { 250321, true },
+  { 250337, true },
+  { 250351, true },
+  { 250364, true },
+  { 250377, true },
+  { 250390, true },
+  { 250403, true },
+  { 250416, true },
+  { 250440, true },
+  { 250453, true },
+  { 250461, true },
+  { 250478, true },
+  { 250489, false },
+  { 250505, true },
+  { 250518, true },
+  { 250532, true },
+  { 250543, true },
+  { 250556, true },
+  { 250566, true },
+  { 250578, true },
+  { 250597, true },
+  { 250620, true },
+  { 250640, true },
+  { 250655, true },
+  { 250666, true },
+  { 250674, true },
+  { 250684, true },
+  { 250700, true },
+  { 250712, true },
+  { 250727, true },
+  { 250742, true },
+  { 250757, true },
+  { 250773, true },
+  { 250783, true },
+  { 250797, true },
+  { 250814, false },
+  { 250833, true },
+  { 250847, true },
+  { 250855, true },
+  { 250863, true },
+  { 250870, true },
+  { 250893, true },
+  { 250909, true },
+  { 250931, true },
+  { 250951, true },
+  { 250961, true },
+  { 250975, true },
+  { 250994, true },
+  { 251009, true },
+  { 251034, true },
+  { 251054, false },
+  { 251068, false },
+  { 251082, false },
+  { 251096, false },
+  { 251110, false },
+  { 251124, false },
+  { 251139, false },
+  { 251153, false },
+  { 251167, false },
+  { 251181, true },
+  { 251201, true },
+  { 251213, true },
+  { 251225, true },
+  { 251243, true },
+  { 251255, true },
+  { 251270, true },
+  { 251290, true },
+  { 251306, true },
+  { 251317, true },
+  { 251330, true },
+  { 251354, true },
+  { 251370, true },
+  { 251387, true },
+  { 251411, true },
+  { 251429, true },
+  { 251447, true },
+  { 251458, true },
+  { 251467, true },
+  { 251482, true },
+  { 251494, true },
+  { 251508, true },
+  { 251527, true },
+  { 251544, true },
+  { 251557, true },
+  { 251572, true },
+  { 251582, true },
+  { 251594, true },
+  { 251608, true },
+  { 251625, false },
+  { 251640, true },
+  { 251651, true },
+  { 251668, true },
+  { 251681, true },
+  { 251696, true },
+  { 251708, true },
+  { 251717, true },
+  { 251734, true },
+  { 251742, true },
+  { 251752, true },
+  { 251762, true },
+  { 251772, true },
+  { 251780, true },
+  { 251789, false },
+  { 251809, true },
+  { 251818, true },
+  { 251830, true },
+  { 251839, true },
+  { 251856, false },
+  { 251876, true },
+  { 251885, true },
+  { 251894, true },
+  { 251918, true },
+  { 251937, false },
+  { 251947, true },
+  { 251962, true },
+  { 251973, true },
+  { 251986, true },
+  { 252005, true },
+  { 252021, true },
+  { 252033, true },
+  { 252049, true },
+  { 252069, true },
+  { 252087, true },
+  { 252097, false },
+  { 252113, true },
+  { 252128, true },
+  { 252148, true },
+  { 252162, true },
+  { 252176, true },
+  { 252192, true },
+  { 252211, true },
+  { 252230, true },
+  { 252243, true },
+  { 252264, true },
+  { 252277, true },
+  { 252289, true },
+  { 252305, true },
+  { 252315, true },
+  { 252330, true },
+  { 252344, true },
+  { 252354, true },
+  { 252368, true },
+  { 252384, true },
+  { 252398, true },
+  { 252421, true },
+  { 252438, true },
+  { 252457, true },
+  { 252467, true },
+  { 252481, true },
+  { 252495, true },
+  { 252504, true },
+  { 252520, true },
+  { 252530, true },
+  { 252543, true },
+  { 252552, true },
+  { 252563, true },
+  { 252580, true },
+  { 252590, true },
+  { 252600, true },
+  { 252619, true },
+  { 252636, true },
+  { 252645, true },
+  { 252658, true },
+  { 252673, true },
+  { 252687, true },
+  { 252701, true },
+  { 252720, true },
+  { 252738, true },
+  { 252754, false },
+  { 252769, true },
+  { 252782, true },
+  { 252792, true },
+  { 252800, true },
+  { 252817, true },
+  { 252828, true },
+  { 252854, true },
+  { 252871, true },
+  { 252888, true },
+  { 252904, true },
+  { 252915, true },
+  { 252927, true },
+  { 252941, true },
+  { 252952, true },
+  { 252964, true },
+  { 252976, true },
+  { 252986, true },
+  { 253001, true },
+  { 253015, true },
+  { 253028, true },
+  { 253039, true },
+  { 253053, true },
+  { 253068, false },
+  { 253079, true },
+  { 253090, true },
+  { 253102, true },
+  { 253113, true },
+  { 253123, true },
+  { 253132, true },
+  { 253144, true },
+  { 253152, true },
+  { 253160, true },
+  { 253168, true },
+  { 253178, true },
+  { 253192, true },
+  { 253204, true },
+  { 253226, true },
+  { 253242, false },
+  { 253255, true },
+  { 253274, true },
+  { 253284, true },
+  { 253295, true },
+  { 253307, false },
+  { 253318, true },
+  { 253329, true },
+  { 253346, true },
+  { 253359, true },
+  { 253369, true },
+  { 253380, true },
+  { 253397, true },
+  { 253413, true },
+  { 253427, true },
+  { 253450, true },
+  { 253461, true },
+  { 253489, true },
+  { 253507, true },
+  { 253525, true },
+  { 253539, true },
+  { 253552, true },
+  { 253562, false },
+  { 253582, true },
+  { 253589, true },
+  { 253597, true },
+  { 253612, true },
+  { 253620, true },
+  { 253630, true },
+  { 253661, true },
+  { 253678, true },
+  { 253690, true },
+  { 253702, true },
+  { 253712, true },
+  { 253722, true },
+  { 253734, true },
+  { 253745, true },
+  { 253771, true },
+  { 253786, true },
+  { 253799, true },
+  { 253807, true },
+  { 253821, true },
+  { 253832, true },
+  { 253853, true },
+  { 253871, true },
+  { 253887, true },
+  { 253897, true },
+  { 253908, true },
+  { 253915, true },
+  { 253929, true },
+  { 253940, true },
+  { 253947, true },
+  { 253953, true },
+  { 253962, true },
+  { 253980, true },
+  { 253996, true },
+  { 254006, false },
+  { 254020, true },
+  { 254030, true },
+  { 254048, true },
+  { 254059, true },
+  { 254068, true },
+  { 254083, true },
+  { 254093, true },
+  { 254098, true },
+  { 254112, true },
+  { 254120, true },
+  { 254131, true },
+  { 254140, true },
+  { 254150, true },
+  { 254160, true },
+  { 254174, true },
+  { 254183, true },
+  { 254207, true },
+  { 254223, true },
+  { 254243, true },
+  { 254252, true },
+  { 254269, true },
+  { 254283, true },
+  { 254296, true },
+  { 254309, true },
+  { 254318, true },
+  { 254334, false },
+  { 254345, true },
+  { 254354, true },
+  { 254365, true },
+  { 254384, true },
+  { 254397, true },
+  { 254413, true },
+  { 254425, true },
+  { 254438, true },
+  { 254451, true },
+  { 254465, false },
+  { 254478, false },
+  { 254500, true },
+  { 254517, true },
+  { 254529, true },
+  { 254551, true },
+  { 254561, true },
+  { 254573, true },
+  { 254585, true },
+  { 254596, true },
+  { 254607, true },
+  { 254621, true },
+  { 254635, true },
+  { 254650, true },
+  { 254662, true },
+  { 254680, true },
+  { 254703, true },
+  { 254713, true },
+  { 254725, true },
+  { 254741, true },
+  { 254750, true },
+  { 254761, true },
+  { 254784, true },
+  { 254800, true },
+  { 254810, true },
+  { 254830, true },
+  { 254846, true },
+  { 254861, true },
+  { 254879, true },
+  { 254897, true },
+  { 254910, true },
+  { 254936, true },
+  { 254945, true },
+  { 254965, true },
+  { 254974, true },
+  { 254985, true },
+  { 254995, true },
+  { 255010, true },
+  { 255020, true },
+  { 255033, true },
+  { 255046, true },
+  { 255061, true },
+  { 255071, true },
+  { 255094, true },
+  { 255115, true },
+  { 255136, true },
+  { 255152, true },
+  { 255174, true },
+  { 255188, true },
+  { 255199, false },
+  { 255209, true },
+  { 255223, true },
+  { 255237, true },
+  { 255255, true },
+  { 255266, true },
+  { 255286, true },
+  { 255308, true },
+  { 255330, true },
+  { 255353, true },
+  { 255376, true },
+  { 255397, true },
+  { 255421, true },
+  { 255431, true },
+  { 255446, false },
+  { 255460, true },
+  { 255471, true },
+  { 255486, true },
+  { 255513, true },
+  { 255526, true },
+  { 255539, true },
+  { 255560, true },
+  { 255580, true },
+  { 255593, true },
+  { 255619, true },
+  { 255634, true },
+  { 255646, true },
+  { 255665, true },
+  { 255691, true },
+  { 255702, true },
+  { 255720, true },
+  { 255740, true },
+  { 255759, true },
+  { 255778, true },
+  { 255791, true },
+  { 255800, true },
+  { 255821, true },
+  { 255837, true },
+  { 255850, true },
+  { 255862, true },
+  { 255873, true },
+  { 255891, true },
+  { 255914, true },
+  { 255929, true },
+  { 255954, true },
+  { 255963, true },
+  { 255971, true },
+  { 255987, false },
+  { 256002, true },
+  { 256016, true },
+  { 256028, true },
+  { 256039, true },
+  { 256051, true },
+  { 256065, true },
+  { 256079, true },
+  { 256093, true },
+  { 256110, true },
+  { 256123, true },
+  { 256143, true },
+  { 256155, true },
+  { 256169, true },
+  { 256182, true },
+  { 256196, true },
+  { 256211, true },
+  { 256233, true },
+  { 256247, true },
+  { 256260, true },
+  { 256281, true },
+  { 256298, true },
+  { 256309, true },
+  { 256325, true },
+  { 256346, true },
+  { 256362, true },
+  { 256388, true },
+  { 256402, true },
+  { 256413, true },
+  { 256427, true },
+  { 256438, true },
+  { 256449, true },
+  { 256462, true },
+  { 256480, true },
+  { 256492, false },
+  { 256505, true },
+  { 256524, true },
+  { 256538, true },
+  { 256555, true },
+  { 256569, true },
+  { 256586, true },
+  { 256597, true },
+  { 256610, true },
+  { 256624, true },
+  { 256636, false },
+  { 256661, true },
+  { 256673, true },
+  { 256691, true },
+  { 256715, true },
+  { 256725, true },
+  { 256737, false },
+  { 256763, true },
+  { 256780, true },
+  { 256792, true },
+  { 256813, true },
+  { 256823, true },
+  { 256844, true },
+  { 256853, true },
+  { 256866, true },
+  { 256882, false },
+  { 256896, true },
+  { 256913, true },
+  { 256927, true },
+  { 256950, true },
+  { 256965, true },
+  { 256973, true },
+  { 256981, true },
+  { 256989, true },
+  { 256997, true },
+  { 257005, true },
+  { 257017, true },
+  { 257031, true },
+  { 257042, true },
+  { 257060, true },
+  { 257075, true },
+  { 257085, true },
+  { 257101, true },
+  { 257117, true },
+  { 257131, true },
+  { 257145, true },
+  { 257164, true },
+  { 257172, true },
+  { 257180, true },
+  { 257194, true },
+  { 257207, true },
+  { 257222, true },
+  { 257233, true },
+  { 257249, true },
+  { 257276, true },
+  { 257289, true },
+  { 257307, true },
+  { 257319, true },
+  { 257330, true },
+  { 257355, true },
+  { 257367, true },
+  { 257382, false },
+  { 257391, true },
+  { 257402, true },
+  { 257411, true },
+  { 257421, true },
+  { 257435, true },
+  { 257458, true },
+  { 257480, true },
+  { 257498, true },
+  { 257521, false },
+  { 257540, true },
+  { 257565, false },
+  { 257584, true },
+  { 257597, true },
+  { 257607, true },
+  { 257620, true },
+  { 257632, true },
+  { 257651, true },
+  { 257663, true },
+  { 257687, true },
+  { 257715, true },
+  { 257735, true },
+  { 257746, true },
+  { 257764, true },
+  { 257783, true },
+  { 257800, true },
+  { 257828, true },
+  { 257841, true },
+  { 257866, true },
+  { 257879, true },
+  { 257894, true },
+  { 257909, true },
+  { 257920, true },
+  { 257940, true },
+  { 257951, true },
+  { 257963, true },
+  { 257978, true },
+  { 257991, true },
+  { 258009, true },
+  { 258031, true },
+  { 258046, true },
+  { 258066, true },
+  { 258081, true },
+  { 258091, true },
+  { 258105, true },
+  { 258118, false },
+  { 258129, true },
+  { 258151, true },
+  { 258170, true },
+  { 258190, true },
+  { 258209, true },
+  { 258220, true },
+  { 258236, true },
+  { 258254, true },
+  { 258269, true },
+  { 258283, true },
+  { 258295, true },
+  { 258311, true },
+  { 258329, true },
+  { 258346, true },
+  { 258357, true },
+  { 258368, true },
+  { 258380, true },
+  { 258390, true },
+  { 258402, true },
+  { 258432, true },
+  { 258443, true },
+  { 258457, true },
+  { 258471, true },
+  { 258483, true },
+  { 258501, true },
+  { 258516, true },
+  { 258535, true },
+  { 258549, true },
+  { 258563, true },
+  { 258578, true },
+  { 258609, true },
+  { 258632, false },
+  { 258649, true },
+  { 258664, true },
+  { 258675, true },
+  { 258699, true },
+  { 258720, true },
+  { 258737, true },
+  { 258755, true },
+  { 258768, true },
+  { 258780, true },
+  { 258797, true },
+  { 258820, true },
+  { 258836, true },
+  { 258854, true },
+  { 258868, true },
+  { 258894, true },
+  { 258918, true },
+  { 258941, true },
+  { 258956, true },
+  { 258978, true },
+  { 258994, true },
+  { 259008, true },
+  { 259024, true },
+  { 259040, true },
+  { 259054, true },
+  { 259073, true },
+  { 259082, true },
+  { 259097, true },
+  { 259114, true },
+  { 259124, true },
+  { 259147, true },
+  { 259159, true },
+  { 259178, true },
+  { 259204, true },
+  { 259221, true },
+  { 259240, true },
+  { 259260, true },
+  { 259275, true },
+  { 259291, true },
+  { 259306, true },
+  { 259317, true },
+  { 259331, true },
+  { 259348, true },
+  { 259364, true },
+  { 259385, true },
+  { 259404, true },
+  { 259429, true },
+  { 259446, true },
+  { 259461, true },
+  { 259484, true },
+  { 259495, true },
+  { 259513, true },
+  { 259530, false },
+  { 259542, true },
+  { 259557, true },
+  { 259573, true },
+  { 259586, true },
+  { 259602, false },
+  { 259616, true },
+  { 259636, true },
+  { 259653, true },
+  { 259668, true },
+  { 259677, true },
+  { 259694, true },
+  { 259713, true },
+  { 259729, true },
+  { 259742, true },
+  { 259761, true },
+  { 259775, true },
+  { 259800, true },
+  { 259818, true },
+  { 259841, true },
+  { 259853, true },
+  { 259868, true },
+  { 259885, true },
+  { 259900, true },
+  { 259912, true },
+  { 259930, true },
+  { 259943, true },
+  { 259953, true },
+  { 259963, true },
+  { 259975, true },
+  { 259988, false },
+  { 259998, true },
+  { 260015, true },
+  { 260043, true },
+  { 260062, true },
+  { 260079, true },
+  { 260093, false },
+  { 260116, true },
+  { 260133, true },
+  { 260148, true },
+  { 260162, true },
+  { 260177, true },
+  { 260195, true },
+  { 260209, true },
+  { 260228, true },
+  { 260242, true },
+  { 260267, true },
+  { 260300, true },
+  { 260328, true },
+  { 260336, true },
+  { 260346, true },
+  { 260372, true },
+  { 260389, true },
+  { 260403, true },
+  { 260422, true },
+  { 260436, true },
+  { 260454, true },
+  { 260469, true },
+  { 260482, true },
+  { 260495, true },
+  { 260516, true },
+  { 260535, true },
+  { 260545, true },
+  { 260564, true },
+  { 260594, true },
+  { 260608, true },
+  { 260622, true },
+  { 260634, true },
+  { 260655, true },
+  { 260670, true },
+  { 260685, true },
+  { 260700, true },
+  { 260720, true },
+  { 260732, true },
+  { 260744, true },
+  { 260764, true },
+  { 260777, true },
+  { 260793, true },
+  { 260811, true },
+  { 260829, true },
+  { 260840, true },
+  { 260857, true },
+  { 260870, true },
+  { 260883, true },
+  { 260896, true },
+  { 260907, true },
+  { 260934, true },
+  { 260950, true },
+  { 260964, true },
+  { 260976, true },
+  { 260992, true },
+  { 261007, true },
+  { 261024, true },
+  { 261051, true },
+  { 261064, true },
+  { 261083, true },
+  { 261097, true },
+  { 261110, true },
+  { 261123, true },
+  { 261134, true },
+  { 261156, true },
+  { 261166, true },
+  { 261183, true },
+  { 261198, true },
+  { 261218, true },
+  { 261232, true },
+  { 261251, true },
+  { 261264, true },
+  { 261274, true },
+  { 261287, true },
+  { 261301, true },
+  { 261312, true },
+  { 261335, true },
+  { 261344, true },
+  { 261354, true },
+  { 261363, false },
+  { 261372, true },
+  { 261382, true },
+  { 261396, true },
+  { 261411, true },
+  { 261429, true },
+  { 261453, true },
+  { 261472, true },
+  { 261486, true },
+  { 261507, true },
+  { 261530, true },
+  { 261545, true },
+  { 261559, true },
+  { 261573, true },
+  { 261598, true },
+  { 261613, true },
+  { 261634, true },
+  { 261643, true },
+  { 261655, false },
+  { 261669, true },
+  { 261684, true },
+  { 261697, true },
+  { 261711, true },
+  { 261727, true },
+  { 261742, true },
+  { 261755, true },
+  { 261764, true },
+  { 261774, true },
+  { 261790, true },
+  { 261802, true },
+  { 261816, true },
+  { 261832, true },
+  { 261856, true },
+  { 261866, true },
+  { 261892, true },
+  { 261920, true },
+  { 261936, true },
+  { 261961, true },
+  { 261974, true },
+  { 261995, true },
+  { 262012, true },
+  { 262032, true },
+  { 262045, true },
+  { 262056, true },
+  { 262073, true },
+  { 262089, true },
+  { 262108, true },
+  { 262121, true },
+  { 262135, true },
+  { 262148, true },
+  { 262172, true },
+  { 262182, true },
+  { 262194, true },
+  { 262205, true },
+  { 262222, true },
+  { 262248, true },
+  { 262266, false },
+  { 262276, true },
+  { 262291, true },
+  { 262305, true },
+  { 262320, true },
+  { 262336, true },
+  { 262348, false },
+  { 262361, true },
+  { 262374, true },
+  { 262394, true },
+  { 262411, true },
+  { 262422, true },
+  { 262437, true },
+  { 262451, true },
+  { 262471, true },
+  { 262487, true },
+  { 262504, true },
+  { 262527, true },
+  { 262546, true },
+  { 262563, true },
+  { 262574, true },
+  { 262588, true },
+  { 262609, true },
+  { 262628, true },
+  { 262644, true },
+  { 262662, true },
+  { 262683, true },
+  { 262700, true },
+  { 262713, true },
+  { 262731, true },
+  { 262745, true },
+  { 262765, true },
+  { 262776, true },
+  { 262785, true },
+  { 262806, false },
+  { 262823, false },
+  { 262846, true },
+  { 262864, true },
+  { 262880, true },
+  { 262898, true },
+  { 262910, true },
+  { 262923, true },
+  { 262936, true },
+  { 262952, true },
+  { 262964, true },
+  { 262972, true },
+  { 262987, true },
+  { 263003, false },
+  { 263015, true },
+  { 263028, true },
+  { 263050, true },
+  { 263060, true },
+  { 263073, true },
+  { 263087, true },
+  { 263102, true },
+  { 263116, true },
+  { 263131, true },
+  { 263141, true },
+  { 263160, true },
+  { 263173, true },
+  { 263188, true },
+  { 263203, true },
+  { 263222, true },
+  { 263244, true },
+  { 263262, true },
+  { 263281, true },
+  { 263299, true },
+  { 263314, true },
+  { 263326, true },
+  { 263337, true },
+  { 263351, true },
+  { 263367, true },
+  { 263380, true },
+  { 263399, false },
+  { 263421, true },
+  { 263438, true },
+  { 263457, true },
+  { 263466, true },
+  { 263479, true },
+  { 263491, true },
+  { 263503, true },
+  { 263521, true },
+  { 263538, true },
+  { 263556, true },
+  { 263578, true },
+  { 263597, true },
+  { 263614, true },
+  { 263627, true },
+  { 263646, true },
+  { 263659, true },
+  { 263667, true },
+  { 263680, true },
+  { 263692, true },
+  { 263706, true },
+  { 263727, true },
+  { 263739, false },
+  { 263759, true },
+  { 263769, true },
+  { 263777, true },
+  { 263788, false },
+  { 263797, false },
+  { 263813, true },
+  { 263829, true },
+  { 263844, true },
+  { 263852, false },
+  { 263870, true },
+  { 263881, true },
+  { 263894, true },
+  { 263910, true },
+  { 263929, true },
+  { 263940, false },
+  { 263955, true },
+  { 263967, true },
+  { 263980, true },
+  { 263996, true },
+  { 264010, true },
+  { 264034, true },
+  { 264046, true },
+  { 264059, true },
+  { 264076, false },
+  { 264093, true },
+  { 264100, true },
+  { 264108, true },
+  { 264117, true },
+  { 264129, true },
+  { 264152, true },
+  { 264166, true },
+  { 264180, true },
+  { 264211, true },
+  { 264228, true },
+  { 264242, true },
+  { 264259, true },
+  { 264270, true },
+  { 264284, true },
+  { 264296, true },
+  { 264308, true },
+  { 264324, true },
+  { 264339, true },
+  { 264346, true },
+  { 264367, true },
+  { 264390, true },
+  { 264401, true },
+  { 264412, true },
+  { 264424, true },
+  { 264432, true },
+  { 264453, true },
+  { 264465, false },
+  { 264475, true },
+  { 264487, true },
+  { 264499, true },
+  { 264511, true },
+  { 264526, true },
+  { 264557, true },
+  { 264586, true },
+  { 264600, true },
+  { 264608, true },
+  { 264620, true },
+  { 264632, true },
+  { 264640, true },
+  { 264649, true },
+  { 264662, true },
+  { 264674, true },
+  { 264684, true },
+  { 264695, true },
+  { 264706, true },
+  { 264717, true },
+  { 264724, true },
+  { 264735, true },
+  { 264744, true },
+  { 264758, true },
+  { 264772, true },
+  { 264782, true },
+  { 264802, true },
+  { 264814, false },
+  { 264824, true },
+  { 264834, true },
+  { 264843, true },
+  { 264860, true },
+  { 264883, true },
+  { 264895, true },
+  { 264918, false },
+  { 264939, true },
+  { 264951, true },
+  { 264964, true },
+  { 264973, true },
+  { 264987, true },
+  { 265000, true },
+  { 265014, true },
+  { 265029, true },
+  { 265041, true },
+  { 265058, true },
+  { 265074, true },
+  { 265094, true },
+  { 265112, true },
+  { 265128, true },
+  { 265146, true },
+  { 265159, true },
+  { 265173, true },
+  { 265190, true },
+  { 265207, true },
+  { 265219, true },
+  { 265234, true },
+  { 265249, true },
+  { 265263, true },
+  { 265278, true },
+  { 265294, true },
+  { 265307, true },
+  { 265321, true },
+  { 265334, true },
+  { 265352, true },
+  { 265366, true },
+  { 265392, true },
+  { 265410, true },
+  { 265424, true },
+  { 265436, true },
+  { 265452, true },
+  { 265479, false },
+  { 265497, true },
+  { 265514, true },
+  { 265534, true },
+  { 265556, true },
+  { 265571, true },
+  { 265582, true },
+  { 265596, true },
+  { 265607, true },
+  { 265621, true },
+  { 265637, true },
+  { 265648, true },
+  { 265659, true },
+  { 265671, true },
+  { 265688, true },
+  { 265702, true },
+  { 265724, true },
+  { 265738, true },
+  { 265749, true },
+  { 265759, true },
+  { 265788, true },
+  { 265800, true },
+  { 265829, true },
+  { 265840, true },
+  { 265855, true },
+  { 265871, true },
+  { 265897, true },
+  { 265915, true },
+  { 265932, true },
+  { 265951, true },
+  { 265965, true },
+  { 265982, true },
+  { 265998, true },
+  { 266018, true },
+  { 266032, true },
+  { 266051, true },
+  { 266067, true },
+  { 266078, true },
+  { 266086, true },
+  { 266098, true },
+  { 266115, true },
+  { 266132, true },
+  { 266151, true },
+  { 266175, true },
+  { 266188, true },
+  { 266200, true },
+  { 266212, true },
+  { 266234, true },
+  { 266248, true },
+  { 266261, true },
+  { 266277, true },
+  { 266291, true },
+  { 266304, true },
+  { 266316, true },
+  { 266328, true },
+  { 266342, true },
+  { 266359, true },
+  { 266375, true },
+  { 266388, true },
+  { 266401, true },
+  { 266411, true },
+  { 266429, true },
+  { 266444, false },
+  { 266457, true },
+  { 266477, true },
+  { 266490, true },
+  { 266502, true },
+  { 266517, true },
+  { 266529, true },
+  { 266540, true },
+  { 266563, true },
+  { 266577, true },
+  { 266601, true },
+  { 266619, true },
+  { 266640, true },
+  { 266667, true },
+  { 266680, true },
+  { 266699, true },
+  { 266725, true },
+  { 266742, true },
+  { 266770, true },
+  { 266792, true },
+  { 266813, true },
+  { 266824, true },
+  { 266834, true },
+  { 266845, true },
+  { 266862, true },
+  { 266875, true },
+  { 266889, true },
+  { 266908, true },
+  { 266929, true },
+  { 266946, true },
+  { 266963, true },
+  { 266991, true },
+  { 267012, true },
+  { 267034, false },
+  { 267056, false },
+  { 267068, true },
+  { 267093, true },
+  { 267108, true },
+  { 267116, true },
+  { 267137, true },
+  { 267169, true },
+  { 267181, true },
+  { 267201, true },
+  { 267219, false },
+  { 267235, true },
+  { 267252, true },
+  { 267264, true },
+  { 267279, true },
+  { 267297, true },
+  { 267309, true },
+  { 267327, true },
+  { 267337, true },
+  { 267349, true },
+  { 267367, true },
+  { 267393, false },
+  { 267422, true },
+  { 267433, true },
+  { 267457, true },
+  { 267465, true },
+  { 267480, true },
+  { 267495, true },
+  { 267510, true },
+  { 267526, true },
+  { 267538, true },
+  { 267549, true },
+  { 267564, true },
+  { 267593, true },
+  { 267608, true },
+  { 267621, true },
+  { 267635, true },
+  { 267647, true },
+  { 267666, true },
+  { 267677, true },
+  { 267703, true },
+  { 267712, true },
+  { 267726, true },
+  { 267737, true },
+  { 267747, true },
+  { 267758, true },
+  { 267781, true },
+  { 267808, true },
+  { 267826, true },
+  { 267854, true },
+  { 267881, true },
+  { 267907, true },
+  { 267923, true },
+  { 267940, true },
+  { 267959, true },
+  { 267990, true },
+  { 268000, true },
+  { 268015, true },
+  { 268026, true },
+  { 268049, true },
+  { 268067, true },
+  { 268080, true },
+  { 268095, true },
+  { 268114, true },
+  { 268136, true },
+  { 268155, true },
+  { 268174, true },
+  { 268190, true },
+  { 268204, true },
+  { 268221, true },
+  { 268236, true },
+  { 268255, false },
+  { 268275, true },
+  { 268294, true },
+  { 268315, true },
+  { 268328, true },
+  { 268338, true },
+  { 268348, true },
+  { 268360, true },
+  { 268374, true },
+  { 268384, true },
+  { 268398, true },
+  { 268416, true },
+  { 268427, true },
+  { 268443, true },
+  { 268459, true },
+  { 268473, true },
+  { 268487, true },
+  { 268496, false },
+  { 268506, true },
+  { 268519, true },
+  { 268531, true },
+  { 268560, true },
+  { 268580, false },
+  { 268594, true },
+  { 268606, true },
+  { 268619, true },
+  { 268634, true },
+  { 268643, true },
+  { 268653, true },
+  { 268665, true },
+  { 268673, true },
+  { 268687, true },
+  { 268700, true },
+  { 268713, true },
+  { 268730, true },
+  { 268744, true },
+  { 268765, true },
+  { 268775, true },
+  { 268787, true },
+  { 268805, true },
+  { 268820, true },
+  { 268836, true },
+  { 268851, true },
+  { 268863, true },
+  { 268875, true },
+  { 268887, true },
+  { 268899, true },
+  { 268911, true },
+  { 268923, true },
+  { 268935, true },
+  { 268947, true },
+  { 268963, true },
+  { 268976, true },
+  { 268990, true },
+  { 269012, true },
+  { 269026, true },
+  { 269037, true },
+  { 269054, true },
+  { 269074, true },
+  { 269090, true },
+  { 269104, true },
+  { 269117, true },
+  { 269129, true },
+  { 269142, true },
+  { 269161, true },
+  { 269179, true },
+  { 269190, true },
+  { 269207, true },
+  { 269220, true },
+  { 269229, true },
+  { 269237, true },
+  { 269252, true },
+  { 269269, true },
+  { 269281, true },
+  { 269295, false },
+  { 269305, true },
+  { 269316, true },
+  { 269329, true },
+  { 269340, true },
+  { 269349, false },
+  { 269365, true },
+  { 269376, true },
+  { 269388, true },
+  { 269403, true },
+  { 269412, true },
+  { 269423, true },
+  { 269435, true },
+  { 269447, true },
+  { 269463, true },
+  { 269475, true },
+  { 269486, true },
+  { 269510, true },
+  { 269525, true },
+  { 269538, true },
+  { 269547, true },
+  { 269554, true },
+  { 269561, true },
+  { 269576, true },
+  { 269596, true },
+  { 269609, true },
+  { 269620, true },
+  { 269635, true },
+  { 269648, true },
+  { 269668, true },
+  { 269686, true },
+  { 269700, false },
+  { 269715, true },
+  { 269727, true },
+  { 269745, true },
+  { 269766, true },
+  { 269787, true },
+  { 269809, true },
+  { 269828, true },
+  { 269847, true },
+  { 269866, true },
+  { 269887, true },
+  { 269906, true },
+  { 269923, true },
+  { 269945, true },
+  { 269964, true },
+  { 269984, true },
+  { 270001, true },
+  { 270021, true },
+  { 270040, true },
+  { 270058, true },
+  { 270076, true },
+  { 270098, true },
+  { 270115, true },
+  { 270133, true },
+  { 270150, true },
+  { 270164, true },
+  { 270181, true },
+  { 270197, true },
+  { 270214, true },
+  { 270231, true },
+  { 270252, true },
+  { 270267, true },
+  { 270277, true },
+  { 270299, true },
+  { 270323, true },
+  { 270344, true },
+  { 270353, true },
+  { 270364, true },
+  { 270381, true },
+  { 270389, true },
+  { 270402, true },
+  { 270437, true },
+  { 270453, true },
+  { 270464, true },
+  { 270485, true },
+  { 270500, true },
+  { 270513, true },
+  { 270528, true },
+  { 270541, true },
+  { 270554, true },
+  { 270592, true },
+  { 270604, true },
+  { 270614, true },
+  { 270629, true },
+  { 270655, true },
+  { 270677, true },
+  { 270703, true },
+  { 270714, true },
+  { 270734, true },
+  { 270756, true },
+  { 270767, true },
+  { 270788, true },
+  { 270808, true },
+  { 270836, true },
+  { 270858, true },
+  { 270874, true },
+  { 270883, true },
+  { 270892, true },
+  { 270902, true },
+  { 270927, true },
+  { 270937, true },
+  { 270955, true },
+  { 270974, true },
+  { 270992, true },
+  { 271010, true },
+  { 271029, true },
+  { 271045, true },
+  { 271055, true },
+  { 271066, true },
+  { 271084, true },
+  { 271104, true },
+  { 271125, true },
+  { 271138, true },
+  { 271156, true },
+  { 271175, true },
+  { 271184, true },
+  { 271193, true },
+  { 271204, true },
+  { 271217, true },
+  { 271232, true },
+  { 271246, true },
+  { 271261, true },
+  { 271271, true },
+  { 271287, true },
+  { 271298, true },
+  { 271316, true },
+  { 271332, true },
+  { 271348, true },
+  { 271373, true },
+  { 271382, true },
+  { 271396, true },
+  { 271411, true },
+  { 271425, true },
+  { 271438, true },
+  { 271452, true },
+  { 271468, true },
+  { 271482, true },
+  { 271490, true },
+  { 271503, true },
+  { 271515, true },
+  { 271528, true },
+  { 271540, true },
+  { 271550, true },
+  { 271573, false },
+  { 271583, true },
+  { 271597, true },
+  { 271611, true },
+  { 271623, true },
+  { 271632, true },
+  { 271647, true },
+  { 271666, true },
+  { 271677, true },
+  { 271690, true },
+  { 271708, true },
+  { 271725, true },
+  { 271739, true },
+  { 271760, true },
+  { 271776, true },
+  { 271789, false },
+  { 271807, true },
+  { 271820, true },
+  { 271832, true },
+  { 271847, true },
+  { 271868, true },
+  { 271892, true },
+  { 271908, true },
+  { 271920, true },
+  { 271933, true },
+  { 271948, true },
+  { 271960, true },
+  { 271970, true },
+  { 271984, true },
+  { 271999, true },
+  { 272016, true },
+  { 272027, true },
+  { 272041, true },
+  { 272052, true },
+  { 272066, true },
+  { 272078, true },
+  { 272089, true },
+  { 272099, true },
+  { 272113, true },
+  { 272127, true },
+  { 272139, true },
+  { 272166, true },
+  { 272180, true },
+  { 272202, true },
+  { 272224, true },
+  { 272238, true },
+  { 272253, true },
+  { 272269, false },
+  { 272282, true },
+  { 272295, true },
+  { 272309, true },
+  { 272323, true },
+  { 272338, true },
+  { 272352, true },
+  { 272364, true },
+  { 272383, true },
+  { 272403, true },
+  { 272421, true },
+  { 272440, true },
+  { 272454, true },
+  { 272463, true },
+  { 272476, true },
+  { 272488, true },
+  { 272500, true },
+  { 272511, true },
+  { 272525, true },
+  { 272538, false },
+  { 272560, true },
+  { 272575, true },
+  { 272587, true },
+  { 272598, true },
+  { 272623, true },
+  { 272632, true },
+  { 272646, true },
+  { 272669, true },
+  { 272692, true },
+  { 272704, true },
+  { 272718, true },
+  { 272731, true },
+  { 272748, true },
+  { 272773, true },
+  { 272789, true },
+  { 272801, true },
+  { 272818, true },
+  { 272833, true },
+  { 272851, true },
+  { 272864, true },
+  { 272888, true },
+  { 272911, true },
+  { 272937, true },
+  { 272949, true },
+  { 272960, true },
+  { 272977, true },
+  { 272991, true },
+  { 273004, true },
+  { 273018, true },
+  { 273027, true },
+  { 273043, true },
+  { 273056, true },
+  { 273069, true },
+  { 273080, true },
+  { 273090, false },
+  { 273104, false },
+  { 273119, true },
+  { 273128, true },
+  { 273147, true },
+  { 273154, true },
+  { 273167, true },
+  { 273183, true },
+  { 273193, true },
+  { 273208, true },
+  { 273224, true },
+  { 273248, true },
+  { 273267, true },
+  { 273281, true },
+  { 273296, true },
+  { 273307, true },
+  { 273319, true },
+  { 273329, true },
+  { 273340, true },
+  { 273349, true },
+  { 273361, true },
+  { 273376, true },
+  { 273388, true },
+  { 273405, true },
+  { 273418, true },
+  { 273442, true },
+  { 273458, true },
+  { 273473, true },
+  { 273491, true },
+  { 273501, true },
+  { 273522, true },
+  { 273540, true },
+  { 273552, true },
+  { 273566, true },
+  { 273578, true },
+  { 273595, true },
+  { 273613, true },
+  { 273633, true },
+  { 273643, true },
+  { 273660, true },
+  { 273672, true },
+  { 273682, true },
+  { 273693, true },
+  { 273710, true },
+  { 273733, true },
+  { 273746, true },
+  { 273762, true },
+  { 273777, true },
+  { 273790, true },
+  { 273803, true },
+  { 273813, true },
+  { 273824, true },
+  { 273836, true },
+  { 273844, true },
+  { 273856, true },
+  { 273887, true },
+  { 273903, true },
+  { 273914, true },
+  { 273929, true },
+  { 273946, true },
+  { 273960, true },
+  { 273975, true },
+  { 273988, true },
+  { 274005, true },
+  { 274017, true },
+  { 274032, true },
+  { 274048, true },
+  { 274077, true },
+  { 274103, true },
+  { 274123, true },
+  { 274147, true },
+  { 274162, true },
+  { 274178, true },
+  { 274200, true },
+  { 274213, true },
+  { 274227, true },
+  { 274241, true },
+  { 274253, true },
+  { 274261, true },
+  { 274277, true },
+  { 274290, true },
+  { 274311, true },
+  { 274330, true },
+  { 274344, true },
+  { 274357, true },
+  { 274367, true },
+  { 274378, true },
+  { 274388, true },
+  { 274402, true },
+  { 274412, true },
+  { 274422, true },
+  { 274431, true },
+  { 274445, true },
+  { 274458, true },
+  { 274466, true },
+  { 274476, true },
+  { 274489, true },
+  { 274499, true },
+  { 274509, true },
+  { 274519, true },
+  { 274541, true },
+  { 274560, true },
+  { 274571, true },
+  { 274578, true },
+  { 274587, true },
+  { 274598, true },
+  { 274610, true },
+  { 274622, true },
+  { 274635, true },
+  { 274654, true },
+  { 274664, true },
+  { 274674, true },
+  { 274686, true },
+  { 274695, true },
+  { 274704, true },
+  { 274720, true },
+  { 274731, true },
+  { 274744, true },
+  { 274751, true },
+  { 274771, true },
+  { 274787, true },
+  { 274798, true },
+  { 274821, true },
+  { 274830, true },
+  { 274843, true },
+  { 274863, true },
+  { 274871, true },
+  { 274881, true },
+  { 274902, true },
+  { 274914, true },
+  { 274923, true },
+  { 274931, true },
+  { 274941, false },
+  { 274949, true },
+  { 274961, true },
+  { 274972, true },
+  { 274983, true },
+  { 274990, true },
+  { 275000, true },
+  { 275011, true },
+  { 275019, true },
+  { 275026, true },
+  { 275034, true },
+  { 275042, true },
+  { 275052, true },
+  { 275061, true },
+  { 275072, true },
+  { 275083, true },
+  { 275092, true },
+  { 275103, true },
+  { 275115, true },
+  { 275123, true },
+  { 275129, true },
+  { 275137, true },
+  { 275147, true },
+  { 275163, true },
+  { 275175, true },
+  { 275189, true },
+  { 275206, true },
+  { 275236, true },
+  { 275256, false },
+  { 275274, false },
+  { 275290, true },
+  { 275305, true },
+  { 275325, true },
+  { 275341, true },
+  { 275356, true },
+  { 275377, true },
+  { 275391, true },
+  { 275417, true },
+  { 275436, true },
+  { 275447, true },
+  { 275457, true },
+  { 275475, true },
+  { 275486, true },
+  { 275500, true },
+  { 275515, true },
+  { 275526, true },
+  { 275542, true },
+  { 275554, true },
+  { 275575, true },
+  { 275589, true },
+  { 275604, true },
+  { 275615, true },
+  { 275628, true },
+  { 275643, true },
+  { 275657, true },
+  { 275673, true },
+  { 275693, true },
+  { 275706, true },
+  { 275726, false },
+  { 275742, true },
+  { 275756, true },
+  { 275771, true },
+  { 275786, true },
+  { 275801, true },
+  { 275817, true },
+  { 275837, true },
+  { 275863, true },
+  { 275886, true },
+  { 275903, true },
+  { 275916, true },
+  { 275940, true },
+  { 275956, true },
+  { 275970, true },
+  { 275977, true },
+  { 275989, true },
+  { 276004, true },
+  { 276014, true },
+  { 276025, true },
+  { 276042, true },
+  { 276055, true },
+  { 276075, true },
+  { 276090, true },
+  { 276105, true },
+  { 276117, true },
+  { 276125, true },
+  { 276140, true },
+  { 276156, true },
+  { 276172, false },
+  { 276190, true },
+  { 276203, true },
+  { 276234, true },
+  { 276245, true },
+  { 276259, true },
+  { 276273, true },
+  { 276291, true },
+  { 276301, true },
+  { 276312, true },
+  { 276325, true },
+  { 276336, true },
+  { 276346, true },
+  { 276360, true },
+  { 276372, true },
+  { 276388, false },
+  { 276404, true },
+  { 276415, true },
+  { 276434, true },
+  { 276443, true },
+  { 276467, true },
+  { 276480, true },
+  { 276489, true },
+  { 276505, true },
+  { 276517, true },
+  { 276534, true },
+  { 276550, true },
+  { 276562, true },
+  { 276582, true },
+  { 276592, false },
+  { 276607, true },
+  { 276622, true },
+  { 276637, true },
+  { 276646, true },
+  { 276663, true },
+  { 276678, true },
+  { 276695, true },
+  { 276708, true },
+  { 276722, true },
+  { 276734, true },
+  { 276753, true },
+  { 276765, true },
+  { 276783, true },
+  { 276795, true },
+  { 276820, true },
+  { 276831, true },
+  { 276845, true },
+  { 276859, true },
+  { 276870, true },
+  { 276892, true },
+  { 276913, true },
+  { 276932, true },
+  { 276953, true },
+  { 276966, true },
+  { 276975, true },
+  { 276990, true },
+  { 277004, true },
+  { 277017, true },
+  { 277033, true },
+  { 277046, true },
+  { 277058, true },
+  { 277077, true },
+  { 277092, true },
+  { 277104, true },
+  { 277121, true },
+  { 277144, true },
+  { 277168, true },
+  { 277189, true },
+  { 277204, true },
+  { 277218, true },
+  { 277231, true },
+  { 277249, true },
+  { 277270, true },
+  { 277290, true },
+  { 277309, true },
+  { 277328, true },
+  { 277345, true },
+  { 277377, true },
+  { 277394, true },
+  { 277415, true },
+  { 277429, true },
+  { 277441, true },
+  { 277459, true },
+  { 277469, true },
+  { 277482, true },
+  { 277495, true },
+  { 277516, true },
+  { 277531, true },
+  { 277548, true },
+  { 277567, true },
+  { 277585, true },
+  { 277592, true },
+  { 277604, true },
+  { 277618, true },
+  { 277633, true },
+  { 277647, true },
+  { 277659, true },
+  { 277672, true },
+  { 277688, true },
+  { 277701, true },
+  { 277712, true },
+  { 277725, true },
+  { 277742, true },
+  { 277757, true },
+  { 277773, true },
+  { 277787, true },
+  { 277801, true },
+  { 277813, true },
+  { 277831, true },
+  { 277851, true },
+  { 277874, true },
+  { 277887, true },
+  { 277907, true },
+  { 277922, true },
+  { 277941, true },
+  { 277960, true },
+  { 277979, true },
+  { 277994, true },
+  { 278009, true },
+  { 278020, true },
+  { 278037, true },
+  { 278047, true },
+  { 278060, false },
+  { 278073, true },
+  { 278087, true },
+  { 278099, true },
+  { 278114, false },
+  { 278124, true },
+  { 278138, true },
+  { 278149, true },
+  { 278160, true },
+  { 278181, true },
+  { 278205, true },
+  { 278216, true },
+  { 278229, true },
+  { 278242, true },
+  { 278263, true },
+  { 278283, true },
+  { 278300, true },
+  { 278309, true },
+  { 278319, true },
+  { 278331, true },
+  { 278346, true },
+  { 278369, true },
+  { 278379, true },
+  { 278396, true },
+  { 278415, true },
+  { 278429, true },
+  { 278439, true },
+  { 278452, true },
+  { 278462, true },
+  { 278478, true },
+  { 278486, true },
+  { 278495, true },
+  { 278508, true },
+  { 278521, true },
+  { 278539, true },
+  { 278558, true },
+  { 278577, true },
+  { 278585, true },
+  { 278602, true },
+  { 278615, true },
+  { 278636, false },
+  { 278649, true },
+  { 278663, true },
+  { 278676, true },
+  { 278692, true },
+  { 278713, true },
+  { 278727, true },
+  { 278744, true },
+  { 278773, true },
+  { 278786, true },
+  { 278801, true },
+  { 278830, true },
+  { 278848, false },
+  { 278864, true },
+  { 278884, true },
+  { 278902, true },
+  { 278911, true },
+  { 278929, true },
+  { 278947, true },
+  { 278964, true },
+  { 278995, true },
+  { 279017, true },
+  { 279032, true },
+  { 279043, true },
+  { 279060, true },
+  { 279073, false },
+  { 279086, true },
+  { 279098, true },
+  { 279114, true },
+  { 279130, true },
+  { 279142, true },
+  { 279155, true },
+  { 279170, true },
+  { 279187, true },
+  { 279204, true },
+  { 279220, true },
+  { 279234, true },
+  { 279248, true },
+  { 279263, true },
+  { 279273, false },
+  { 279292, true },
+  { 279311, true },
+  { 279329, true },
+  { 279340, true },
+  { 279350, true },
+  { 279360, true },
+  { 279370, true },
+  { 279381, true },
+  { 279396, true },
+  { 279406, true },
+  { 279422, true },
+  { 279433, true },
+  { 279450, true },
+  { 279458, true },
+  { 279471, true },
+  { 279489, true },
+  { 279497, true },
+  { 279507, true },
+  { 279527, true },
+  { 279541, true },
+  { 279551, true },
+  { 279562, true },
+  { 279572, true },
+  { 279582, true },
+  { 279599, true },
+  { 279611, true },
+  { 279626, true },
+  { 279643, true },
+  { 279660, true },
+  { 279668, true },
+  { 279684, true },
+  { 279695, true },
+  { 279711, true },
+  { 279722, true },
+  { 279737, true },
+  { 279750, true },
+  { 279778, true },
+  { 279797, true },
+  { 279812, true },
+  { 279829, true },
+  { 279839, true },
+  { 279852, true },
+  { 279869, true },
+  { 279884, true },
+  { 279901, true },
+  { 279916, true },
+  { 279936, true },
+  { 279951, true },
+  { 279965, true },
+  { 279973, true },
+  { 279981, true },
+  { 279994, true },
+  { 280006, true },
+  { 280017, true },
+  { 280025, true },
+  { 280038, true },
+  { 280046, true },
+  { 280063, true },
+  { 280074, true },
+  { 280087, true },
+  { 280095, true },
+  { 280104, true },
+  { 280116, true },
+  { 280124, true },
+  { 280140, true },
+  { 280151, true },
+  { 280161, true },
+  { 280185, true },
+  { 280197, true },
+  { 280211, true },
+  { 280222, true },
+  { 280231, true },
+  { 280240, true },
+  { 280258, true },
+  { 280271, true },
+  { 280280, true },
+  { 280291, true },
+  { 280302, true },
+  { 280311, true },
+  { 280320, true },
+  { 280329, true },
+  { 280339, true },
+  { 280353, true },
+  { 280363, true },
+  { 280373, true },
+  { 280389, true },
+  { 280397, true },
+  { 280415, true },
+  { 280431, false },
+  { 280451, true },
+  { 280462, true },
+  { 280472, true },
+  { 280481, true },
+  { 280489, true },
+  { 280497, true },
+  { 280505, true },
+  { 280522, true },
+  { 280535, true },
+  { 280546, false },
+  { 280554, true },
+  { 280572, true },
+  { 280581, true },
+  { 280592, false },
+  { 280612, true },
+  { 280619, true },
+  { 280629, true },
+  { 280644, true },
+  { 280659, true },
+  { 280670, false },
+  { 280690, false },
+  { 280706, true },
+  { 280724, true },
+  { 280736, true },
+  { 280752, true },
+  { 280768, true },
+  { 280779, false },
+  { 280790, true },
+  { 280805, true },
+  { 280818, true },
+  { 280835, true },
+  { 280847, true },
+  { 280857, true },
+  { 280868, true },
+  { 280882, true },
+  { 280889, true },
+  { 280905, true },
+  { 280914, true },
+  { 280933, true },
+  { 280948, true },
+  { 280958, true },
+  { 280973, true },
+  { 280994, true },
+  { 281004, true },
+  { 281024, true },
+  { 281038, true },
+  { 281051, true },
+  { 281064, true },
+  { 281083, true },
+  { 281100, true },
+  { 281118, true },
+  { 281132, false },
+  { 281149, true },
+  { 281164, true },
+  { 281184, true },
+  { 281203, true },
+  { 281223, true },
+  { 281239, true },
+  { 281251, true },
+  { 281263, true },
+  { 281282, true },
+  { 281298, true },
+  { 281314, true },
+  { 281330, true },
+  { 281342, true },
+  { 281365, true },
+  { 281377, true },
+  { 281399, true },
+  { 281411, true },
+  { 281424, true },
+  { 281438, true },
+  { 281457, true },
+  { 281475, true },
+  { 281493, true },
+  { 281515, true },
+  { 281538, true },
+  { 281553, true },
+  { 281567, true },
+  { 281582, true },
+  { 281597, true },
+  { 281607, true },
+  { 281623, true },
+  { 281636, true },
+  { 281648, true },
+  { 281656, true },
+  { 281681, true },
+  { 281698, true },
+  { 281713, true },
+  { 281724, true },
+  { 281733, true },
+  { 281742, false },
+  { 281752, true },
+  { 281765, true },
+  { 281780, true },
+  { 281796, true },
+  { 281810, true },
+  { 281827, true },
+  { 281849, true },
+  { 281868, true },
+  { 281887, true },
+  { 281901, true },
+  { 281920, true },
+  { 281937, true },
+  { 281953, true },
+  { 281967, true },
+  { 281987, true },
+  { 282004, true },
+  { 282021, true },
+  { 282035, true },
+  { 282048, true },
+  { 282072, true },
+  { 282086, true },
+  { 282105, true },
+  { 282121, true },
+  { 282145, true },
+  { 282167, false },
+  { 282181, true },
+  { 282194, true },
+  { 282218, true },
+  { 282239, false },
+  { 282256, true },
+  { 282271, true },
+  { 282282, true },
+  { 282293, true },
+  { 282307, true },
+  { 282323, true },
+  { 282337, true },
+  { 282348, true },
+  { 282369, true },
+  { 282385, true },
+  { 282403, true },
+  { 282421, true },
+  { 282434, true },
+  { 282446, true },
+  { 282458, true },
+  { 282474, true },
+  { 282492, true },
+  { 282500, true },
+  { 282513, true },
+  { 282524, true },
+  { 282535, true },
+  { 282543, true },
+  { 282557, false },
+  { 282577, true },
+  { 282588, true },
+  { 282620, true },
+  { 282634, true },
+  { 282643, true },
+  { 282650, true },
+  { 282660, true },
+  { 282668, true },
+  { 282678, false },
+  { 282698, true },
+  { 282719, true },
+  { 282729, true },
+  { 282740, true },
+  { 282751, true },
+  { 282758, true },
+  { 282768, true },
+  { 282783, true },
+  { 282800, true },
+  { 282816, true },
+  { 282827, true },
+  { 282840, true },
+  { 282852, true },
+  { 282865, true },
+  { 282877, true },
+  { 282887, true },
+  { 282898, false },
+  { 282917, true },
+  { 282931, true },
+  { 282965, true },
+  { 282999, false },
+  { 283011, false },
+  { 283024, false },
+  { 283035, false },
+  { 283047, false },
+  { 283068, true },
+  { 283090, true },
+  { 283103, true },
+  { 283115, true },
+  { 283136, true },
+  { 283148, true },
+  { 283161, true },
+  { 283177, true },
+  { 283192, true },
+  { 283210, true },
+  { 283219, true },
+  { 283227, true },
+  { 283239, true },
+  { 283250, true },
+  { 283269, true },
+  { 283287, false },
+  { 283296, true },
+  { 283307, false },
+  { 283323, true },
+  { 283341, true },
+  { 283366, true },
+  { 283385, true },
+  { 283403, true },
+  { 283418, true },
+  { 283430, true },
+  { 283446, true },
+  { 283467, true },
+  { 283475, true },
+  { 283504, true },
+  { 283527, true },
+  { 283540, true },
+  { 283559, true },
+  { 283579, true },
+  { 283594, true },
+  { 283607, true },
+  { 283623, true },
+  { 283638, true },
+  { 283651, true },
+  { 283663, true },
+  { 283681, true },
+  { 283698, true },
+  { 283713, true },
+  { 283732, true },
+  { 283751, true },
+  { 283766, true },
+  { 283777, true },
+  { 283788, true },
+  { 283812, true },
+  { 283826, true },
+  { 283840, true },
+  { 283866, true },
+  { 283886, true },
+  { 283902, true },
+  { 283920, true },
+  { 283934, true },
+  { 283944, false },
+  { 283973, true },
+  { 283987, true },
+  { 284011, true },
+  { 284027, true },
+  { 284041, true },
+  { 284055, true },
+  { 284075, true },
+  { 284088, true },
+  { 284102, true },
+  { 284117, true },
+  { 284131, true },
+  { 284144, true },
+  { 284155, true },
+  { 284169, true },
+  { 284189, true },
+  { 284204, true },
+  { 284215, true },
+  { 284233, true },
+  { 284250, true },
+  { 284258, true },
+  { 284271, true },
+  { 284288, true },
+  { 284300, true },
+  { 284317, true },
+  { 284338, true },
+  { 284357, true },
+  { 284373, true },
+  { 284391, true },
+  { 284411, false },
+  { 284425, true },
+  { 284438, true },
+  { 284446, true },
+  { 284455, true },
+  { 284464, true },
+  { 284481, true },
+  { 284492, true },
+  { 284507, true },
+  { 284523, true },
+  { 284531, true },
+  { 284540, true },
+  { 284550, true },
+  { 284558, true },
+  { 284569, true },
+  { 284591, true },
+  { 284605, true },
+  { 284613, true },
+  { 284625, true },
+  { 284646, true },
+  { 284656, true },
+  { 284668, true },
+  { 284688, true },
+  { 284720, true },
+  { 284749, true },
+  { 284759, true },
+  { 284774, true },
+  { 284794, true },
+  { 284817, true },
+  { 284836, true },
+  { 284855, true },
+  { 284874, true },
+  { 284893, true },
+  { 284912, true },
+  { 284931, true },
+  { 284950, true },
+  { 284969, true },
+  { 284983, true },
+  { 284997, true },
+  { 285014, true },
+  { 285027, true },
+  { 285045, true },
+  { 285062, true },
+  { 285086, true },
+  { 285101, true },
+  { 285119, true },
+  { 285130, true },
+  { 285145, true },
+  { 285159, true },
+  { 285172, true },
+  { 285181, true },
+  { 285198, true },
+  { 285212, true },
+  { 285236, true },
+  { 285251, true },
+  { 285265, true },
+  { 285283, true },
+  { 285296, true },
+  { 285306, true },
+  { 285319, true },
+  { 285328, true },
+  { 285337, true },
+  { 285356, true },
+  { 285372, true },
+  { 285390, true },
+  { 285404, true },
+  { 285415, true },
+  { 285428, true },
+  { 285447, true },
+  { 285460, true },
+  { 285477, true },
+  { 285490, false },
+  { 285507, true },
+  { 285520, true },
+  { 285541, true },
+  { 285551, true },
+  { 285566, true },
+  { 285584, true },
+  { 285599, true },
+  { 285614, true },
+  { 285631, true },
+  { 285650, true },
+  { 285667, true },
+  { 285686, true },
+  { 285698, true },
+  { 285709, true },
+  { 285725, true },
+  { 285739, true },
+  { 285762, true },
+  { 285770, true },
+  { 285783, true },
+  { 285802, true },
+  { 285818, true },
+  { 285834, true },
+  { 285848, true },
+  { 285861, true },
+  { 285874, true },
+  { 285887, true },
+  { 285902, true },
+  { 285912, true },
+  { 285923, true },
+  { 285940, true },
+  { 285959, true },
+  { 285979, true },
+  { 285999, true },
+  { 286015, true },
+  { 286035, true },
+  { 286050, true },
+  { 286060, true },
+  { 286071, true },
+  { 286084, false },
+  { 286099, true },
+  { 286114, false },
+  { 286124, true },
+  { 286134, true },
+  { 286141, false },
+  { 286151, true },
+  { 286169, true },
+  { 286181, true },
+  { 286195, true },
+  { 286202, false },
+  { 286212, true },
+  { 286224, true },
+  { 286232, false },
+  { 286243, true },
+  { 286251, true },
+  { 286265, true },
+  { 286277, true },
+  { 286284, true },
+  { 286292, true },
+  { 286298, true },
+  { 286306, true },
+  { 286319, true },
+  { 286332, true },
+  { 286353, true },
+  { 286369, true },
+  { 286386, true },
+  { 286396, true },
+  { 286418, true },
+  { 286429, true },
+  { 286448, true },
+  { 286465, true },
+  { 286486, true },
+  { 286506, true },
+  { 286520, true },
+  { 286530, true },
+  { 286544, true },
+  { 286561, true },
+  { 286572, true },
+  { 286583, true },
+  { 286592, true },
+  { 286601, true },
+  { 286624, true },
+  { 286637, true },
+  { 286648, true },
+  { 286655, true },
+  { 286662, true },
+  { 286673, true },
+  { 286684, true },
+  { 286700, true },
+  { 286715, true },
+  { 286737, true },
+  { 286763, true },
+  { 286773, true },
+  { 286786, true },
+  { 286806, true },
+  { 286825, false },
+  { 286842, true },
+  { 286863, true },
+  { 286877, true },
+  { 286900, true },
+  { 286908, true },
+  { 286926, true },
+  { 286944, true },
+  { 286955, true },
+  { 286970, true },
+  { 286990, false },
+  { 287004, true },
+  { 287026, true },
+  { 287039, true },
+  { 287050, true },
+  { 287063, true },
+  { 287076, true },
+  { 287093, true },
+  { 287106, true },
+  { 287125, true },
+  { 287136, true },
+  { 287146, true },
+  { 287155, true },
+  { 287165, true },
+  { 287176, true },
+  { 287188, true },
+  { 287198, true },
+  { 287211, true },
+  { 287228, true },
+  { 287236, true },
+  { 287257, true },
+  { 287267, true },
+  { 287288, true },
+  { 287300, true },
+  { 287313, true },
+  { 287324, true },
+  { 287334, true },
+  { 287344, true },
+  { 287356, true },
+  { 287366, true },
+  { 287385, true },
+  { 287409, true },
+  { 287420, true },
+  { 287434, true },
+  { 287449, true },
+  { 287462, true },
+  { 287476, true },
+  { 287487, true },
+  { 287499, true },
+  { 287511, true },
+  { 287523, true },
+  { 287533, true },
+  { 287541, true },
+  { 287554, true },
+  { 287576, false },
+  { 287591, true },
+  { 287614, true },
+  { 287623, true },
+  { 287638, false },
+  { 287650, true },
+  { 287666, true },
+  { 287680, true },
+  { 287689, true },
+  { 287703, true },
+  { 287718, true },
+  { 287735, true },
+  { 287757, true },
+  { 287776, false },
+  { 287791, true },
+  { 287808, true },
+  { 287823, true },
+  { 287838, true },
+  { 287846, true },
+  { 287860, true },
+  { 287872, true },
+  { 287883, true },
+  { 287896, true },
+  { 287913, true },
+  { 287938, true },
+  { 287948, true },
+  { 287969, true },
+  { 287987, true },
+  { 288006, true },
+  { 288027, true },
+  { 288053, true },
+  { 288079, true },
+  { 288095, true },
+  { 288118, true },
+  { 288138, true },
+  { 288154, true },
+  { 288164, true },
+  { 288175, true },
+  { 288194, true },
+  { 288209, true },
+  { 288231, true },
+  { 288252, true },
+  { 288275, true },
+  { 288287, true },
+  { 288301, true },
+  { 288325, true },
+  { 288353, true },
+  { 288380, true },
+  { 288394, true },
+  { 288410, true },
+  { 288427, true },
+  { 288444, false },
+  { 288453, true },
+  { 288467, true },
+  { 288481, true },
+  { 288492, true },
+  { 288503, false },
+  { 288516, false },
+  { 288531, false },
+  { 288555, true },
+  { 288566, true },
+  { 288578, true },
+  { 288592, true },
+  { 288603, true },
+  { 288612, true },
+  { 288625, true },
+  { 288635, true },
+  { 288648, true },
+  { 288662, true },
+  { 288670, true },
+  { 288677, true },
+  { 288688, true },
+  { 288702, true },
+  { 288713, true },
+  { 288724, true },
+  { 288737, true },
+  { 288744, true },
+  { 288751, true },
+  { 288758, true },
+  { 288770, true },
+  { 288777, true },
+  { 288786, true },
+  { 288793, true },
+  { 288801, true },
+  { 288811, true },
+  { 288818, true },
+  { 288825, true },
+  { 288834, true },
+  { 288845, true },
+  { 288854, true },
+  { 288863, true },
+  { 288872, true },
+  { 288885, true },
+  { 288900, true },
+  { 288911, true },
+  { 288921, true },
+  { 288934, true },
+  { 288943, true },
+  { 288955, true },
+  { 288969, true },
+  { 288981, true },
+  { 288994, true },
+  { 289006, true },
+  { 289022, true },
+  { 289039, true },
+  { 289051, true },
+  { 289062, true },
+  { 289077, true },
+  { 289087, true },
+  { 289099, true },
+  { 289112, true },
+  { 289122, true },
+  { 289133, true },
+  { 289144, true },
+  { 289158, true },
+  { 289171, true },
+  { 289181, true },
+  { 289191, true },
+  { 289202, true },
+  { 289214, true },
+  { 289224, true },
+  { 289234, true },
+  { 289247, true },
+  { 289258, true },
+  { 289269, true },
+  { 289279, true },
+  { 289296, true },
+  { 289306, true },
+  { 289319, true },
+  { 289330, true },
+  { 289338, true },
+  { 289355, true },
+  { 289366, true },
+  { 289375, true },
+  { 289400, true },
+  { 289415, true },
+  { 289427, true },
+  { 289442, true },
+  { 289455, true },
+  { 289468, true },
+  { 289477, true },
+  { 289488, true },
+  { 289499, true },
+  { 289510, true },
+  { 289524, true },
+  { 289533, true },
+  { 289548, true },
+  { 289564, true },
+  { 289572, true },
+  { 289584, true },
+  { 289604, true },
+  { 289616, true },
+  { 289624, true },
+  { 289634, true },
+  { 289653, true },
+  { 289661, true },
+  { 289674, true },
+  { 289691, true },
+  { 289702, true },
+  { 289714, true },
+  { 289723, true },
+  { 289731, true },
+  { 289744, true },
+  { 289753, true },
+  { 289762, true },
+  { 289773, true },
+  { 289792, true },
+  { 289811, true },
+  { 289841, true },
+  { 289871, true },
+  { 289887, true },
+  { 289902, true },
+  { 289915, true },
+  { 289932, true },
+  { 289944, true },
+  { 289957, true },
+  { 289973, true },
+  { 289985, true },
+  { 289999, true },
+  { 290009, true },
+  { 290022, true },
+  { 290033, true },
+  { 290041, true },
+  { 290052, true },
+  { 290070, true },
+  { 290084, true },
+  { 290103, false },
+  { 290112, true },
+  { 290122, true },
+  { 290144, true },
+  { 290160, true },
+  { 290172, true },
+  { 290187, true },
+  { 290200, true },
+  { 290214, true },
+  { 290222, true },
+  { 290241, true },
+  { 290255, true },
+  { 290263, true },
+  { 290271, true },
+  { 290283, true },
+  { 290293, true },
+  { 290305, true },
+  { 290317, true },
+  { 290328, true },
+  { 290339, true },
+  { 290351, true },
+  { 290369, true },
+  { 290378, true },
+  { 290391, true },
+  { 290404, true },
+  { 290416, true },
+  { 290426, true },
+  { 290436, true },
+  { 290446, true },
+  { 290456, true },
+  { 290465, true },
+  { 290477, true },
+  { 290488, true },
+  { 290499, false },
+  { 290515, true },
+  { 290526, true },
+  { 290540, true },
+  { 290552, true },
+  { 290562, true },
+  { 290575, true },
+  { 290588, true },
+  { 290598, true },
+  { 290612, true },
+  { 290635, true },
+  { 290650, true },
+  { 290662, true },
+  { 290674, true },
+  { 290686, true },
+  { 290706, true },
+  { 290720, true },
+  { 290731, true },
+  { 290767, true },
+  { 290780, true },
+  { 290793, true },
+  { 290805, true },
+  { 290823, true },
+  { 290834, true },
+  { 290857, false },
+  { 290871, true },
+  { 290883, true },
+  { 290896, true },
+  { 290905, true },
+  { 290918, false },
+  { 290928, true },
+  { 290942, true },
+  { 290955, true },
+  { 290967, true },
+  { 290979, true },
+  { 290989, true },
+  { 291003, true },
+  { 291017, true },
+  { 291032, true },
+  { 291047, true },
+  { 291059, true },
+  { 291070, true },
+  { 291080, true },
+  { 291095, true },
+  { 291108, true },
+  { 291120, true },
+  { 291132, true },
+  { 291143, true },
+  { 291155, true },
+  { 291166, true },
+  { 291180, true },
+  { 291197, true },
+  { 291206, true },
+  { 291217, true },
+  { 291227, true },
+  { 291240, true },
+  { 291255, true },
+  { 291265, true },
+  { 291277, false },
+  { 291286, true },
+  { 291305, true },
+  { 291320, true },
+  { 291336, true },
+  { 291351, true },
+  { 291365, true },
+  { 291375, true },
+  { 291392, true },
+  { 291404, true },
+  { 291422, true },
+  { 291437, true },
+  { 291447, true },
+  { 291460, true },
+  { 291475, false },
+  { 291491, true },
+  { 291503, true },
+  { 291520, true },
+  { 291533, true },
+  { 291545, true },
+  { 291556, true },
+  { 291569, false },
+  { 291584, true },
+  { 291599, true },
+  { 291609, true },
+  { 291619, true },
+  { 291636, true },
+  { 291650, true },
+  { 291664, true },
+  { 291687, true },
+  { 291699, true },
+  { 291710, true },
+  { 291726, true },
+  { 291737, true },
+  { 291748, true },
+  { 291761, false },
+  { 291779, true },
+  { 291797, true },
+  { 291810, true },
+  { 291830, false },
+  { 291849, true },
+  { 291869, true },
+  { 291891, true },
+  { 291915, true },
+  { 291934, true },
+  { 291946, true },
+  { 291961, true },
+  { 291979, true },
+  { 291995, true },
+  { 292006, true },
+  { 292022, true },
+  { 292038, true },
+  { 292052, true },
+  { 292071, true },
+  { 292088, true },
+  { 292102, true },
+  { 292117, true },
+  { 292133, true },
+  { 292150, true },
+  { 292172, true },
+  { 292194, true },
+  { 292215, false },
+  { 292229, true },
+  { 292248, true },
+  { 292259, true },
+  { 292278, true },
+  { 292291, true },
+  { 292305, true },
+  { 292316, true },
+  { 292336, true },
+  { 292347, true },
+  { 292362, true },
+  { 292378, true },
+  { 292393, true },
+  { 292408, true },
+  { 292422, true },
+  { 292435, true },
+  { 292458, true },
+  { 292472, true },
+  { 292489, true },
+  { 292516, true },
+  { 292542, true },
+  { 292556, true },
+  { 292571, true },
+  { 292588, true },
+  { 292608, true },
+  { 292620, true },
+  { 292645, true },
+  { 292660, true },
+  { 292676, true },
+  { 292691, true },
+  { 292703, true },
+  { 292713, true },
+  { 292728, true },
+  { 292739, true },
+  { 292754, true },
+  { 292786, true },
+  { 292800, true },
+  { 292816, true },
+  { 292833, true },
+  { 292848, true },
+  { 292877, true },
+  { 292891, true },
+  { 292902, true },
+  { 292922, true },
+  { 292937, true },
+  { 292956, true },
+  { 292975, true },
+  { 292993, true },
+  { 293007, true },
+  { 293020, true },
+  { 293035, true },
+  { 293050, true },
+  { 293057, true },
+  { 293073, true },
+  { 293084, true },
+  { 293097, true },
+  { 293107, true },
+  { 293118, true },
+  { 293132, true },
+  { 293146, true },
+  { 293159, true },
+  { 293171, true },
+  { 293183, true },
+  { 293194, true },
+  { 293209, true },
+  { 293223, true },
+  { 293234, true },
+  { 293247, true },
+  { 293265, true },
+  { 293281, true },
+  { 293297, true },
+  { 293311, true },
+  { 293327, true },
+  { 293356, true },
+  { 293379, true },
+  { 293395, true },
+  { 293419, true },
+  { 293438, true },
+  { 293447, true },
+  { 293462, true },
+  { 293472, true },
+  { 293480, true },
+  { 293493, true },
+  { 293509, true },
+  { 293517, true },
+  { 293527, true },
+  { 293537, true },
+  { 293546, true },
+  { 293554, true },
+  { 293570, true },
+  { 293585, true },
+  { 293594, true },
+  { 293608, true },
+  { 293620, true },
+  { 293629, true },
+  { 293642, true },
+  { 293650, true },
+  { 293661, true },
+  { 293674, true },
+  { 293684, true },
+  { 293698, true },
+  { 293707, true },
+  { 293715, true },
+  { 293727, false },
+  { 293747, true },
+  { 293757, false },
+  { 293768, true },
+  { 293784, true },
+  { 293807, true },
+  { 293826, true },
+  { 293838, true },
+  { 293846, false },
+  { 293858, true },
+  { 293872, false },
+  { 293889, true },
+  { 293902, true },
+  { 293920, true },
+  { 293940, false },
+  { 293960, true },
+  { 293975, true },
+  { 293985, true },
+  { 294002, true },
+  { 294017, true },
+  { 294033, true },
+  { 294048, true },
+  { 294061, true },
+  { 294075, true },
+  { 294093, true },
+  { 294107, true },
+  { 294122, true },
+  { 294137, true },
+  { 294145, true },
+  { 294160, true },
+  { 294174, true },
+  { 294190, true },
+  { 294205, true },
+  { 294229, true },
+  { 294251, true },
+  { 294272, true },
+  { 294291, true },
+  { 294306, true },
+  { 294322, true },
+  { 294341, true },
+  { 294352, true },
+  { 294370, true },
+  { 294379, true },
+  { 294388, true },
+  { 294400, true },
+  { 294415, true },
+  { 294429, true },
+  { 294442, true },
+  { 294461, true },
+  { 294480, true },
+  { 294499, true },
+  { 294507, true },
+  { 294515, true },
+  { 294524, true },
+  { 294536, true },
+  { 294548, true },
+  { 294556, true },
+  { 294565, true },
+  { 294577, true },
+  { 294585, true },
+  { 294599, true },
+  { 294625, true },
+  { 294648, false },
+  { 294664, true },
+  { 294676, true },
+  { 294689, true },
+  { 294703, true },
+  { 294723, true },
+  { 294744, true },
+  { 294755, true },
+  { 294774, true },
+  { 294789, true },
+  { 294803, true },
+  { 294817, true },
+  { 294831, true },
+  { 294846, true },
+  { 294860, true },
+  { 294874, true },
+  { 294888, true },
+  { 294909, true },
+  { 294923, true },
+  { 294940, true },
+  { 294955, true },
+  { 294969, true },
+  { 294987, false },
+  { 295007, false },
+  { 295022, true },
+  { 295035, true },
+  { 295043, true },
+  { 295058, true },
+  { 295073, true },
+  { 295090, true },
+  { 295102, true },
+  { 295113, true },
+  { 295123, true },
+  { 295139, true },
+  { 295156, true },
+  { 295180, false },
+  { 295190, true },
+  { 295198, true },
+  { 295205, true },
+  { 295216, true },
+  { 295229, true },
+  { 295245, true },
+  { 295264, true },
+  { 295280, true },
+  { 295292, true },
+  { 295308, true },
+  { 295322, true },
+  { 295335, true },
+  { 295352, true },
+  { 295369, true },
+  { 295381, true },
+  { 295389, true },
+  { 295406, true },
+  { 295419, true },
+  { 295436, true },
+  { 295451, false },
+  { 295460, true },
+  { 295469, true },
+  { 295485, true },
+  { 295500, true },
+  { 295510, true },
+  { 295519, true },
+  { 295529, true },
+  { 295545, true },
+  { 295565, true },
+  { 295585, true },
+  { 295599, true },
+  { 295625, true },
+  { 295640, true },
+  { 295655, true },
+  { 295665, true },
+  { 295678, true },
+  { 295693, true },
+  { 295706, true },
+  { 295718, true },
+  { 295739, true },
+  { 295747, true },
+  { 295755, true },
+  { 295765, false },
+  { 295776, true },
+  { 295793, true },
+  { 295803, true },
+  { 295813, true },
+  { 295833, true },
+  { 295847, true },
+  { 295857, true },
+  { 295870, true },
+  { 295880, false },
+  { 295900, true },
+  { 295908, true },
+  { 295926, true },
+  { 295937, true },
+  { 295947, true },
+  { 295955, true },
+  { 295964, false },
+  { 295971, true },
+  { 295978, true },
+  { 295986, true },
+  { 295996, true },
+  { 296002, true },
+  { 296013, true },
+  { 296021, true },
+  { 296033, false },
+  { 296053, true },
+  { 296068, true },
+  { 296095, true },
+  { 296104, true },
+  { 296112, true },
+  { 296121, true },
+  { 296130, true },
+  { 296138, true },
+  { 296152, true },
+  { 296169, true },
+  { 296184, true },
+  { 296198, true },
+  { 296210, true },
+  { 296220, true },
+  { 296232, true },
+  { 296254, true },
+  { 296268, true },
+  { 296277, true },
+  { 296293, true },
+  { 296311, true },
+  { 296323, true },
+  { 296335, true },
+  { 296350, true },
+  { 296361, true },
+  { 296383, true },
+  { 296394, true },
+  { 296402, true },
+  { 296418, true },
+  { 296439, true },
+  { 296449, true },
+  { 296459, true },
+  { 296467, true },
+  { 296479, true },
+  { 296488, true },
+  { 296498, false },
+  { 296533, true },
+  { 296552, true },
+  { 296565, true },
+  { 296575, true },
+  { 296587, true },
+  { 296602, true },
+  { 296611, true },
+  { 296622, true },
+  { 296634, true },
+  { 296648, true },
+  { 296664, true },
+  { 296682, true },
+  { 296695, true },
+  { 296711, true },
+  { 296721, true },
+  { 296734, true },
+  { 296751, true },
+  { 296764, true },
+  { 296778, true },
+  { 296793, true },
+  { 296807, true },
+  { 296819, true },
+  { 296843, true },
+  { 296851, true },
+  { 296863, true },
+  { 296882, true },
+  { 296896, true },
+  { 296908, true },
+  { 296920, true },
+  { 296936, true },
+  { 296948, true },
+  { 296964, true },
+  { 296983, true },
+  { 297009, true },
+  { 297021, true },
+  { 297046, true },
+  { 297066, true },
+  { 297084, true },
+  { 297101, true },
+  { 297110, true },
+  { 297121, true },
+  { 297139, true },
+  { 297153, true },
+  { 297177, true },
+  { 297193, true },
+  { 297211, true },
+  { 297228, true },
+  { 297240, true },
+  { 297253, true },
+  { 297269, true },
+  { 297282, true },
+  { 297302, true },
+  { 297333, true },
+  { 297352, true },
+  { 297376, true },
+  { 297406, true },
+  { 297423, true },
+  { 297444, true },
+  { 297463, true },
+  { 297487, true },
+  { 297505, true },
+  { 297531, true },
+  { 297550, true },
+  { 297571, true },
+  { 297587, true },
+  { 297612, true },
+  { 297635, true },
+  { 297654, true },
+  { 297668, true },
+  { 297684, true },
+  { 297697, true },
+  { 297713, true },
+  { 297724, true },
+  { 297736, true },
+  { 297753, true },
+  { 297784, true },
+  { 297814, false },
+  { 297830, true },
+  { 297841, true },
+  { 297853, true },
+  { 297864, true },
+  { 297877, true },
+  { 297886, true },
+  { 297899, true },
+  { 297911, true },
+  { 297922, true },
+  { 297935, true },
+  { 297948, true },
+  { 297968, true },
+  { 297987, true },
+  { 298005, true },
+  { 298022, true },
+  { 298036, true },
+  { 298052, true },
+  { 298077, true },
+  { 298106, true },
+  { 298126, true },
+  { 298141, true },
+  { 298152, true },
+  { 298167, true },
+  { 298183, true },
+  { 298195, true },
+  { 298205, true },
+  { 298222, true },
+  { 298240, true },
+  { 298252, false },
+  { 298266, true },
+  { 298280, true },
+  { 298289, true },
+  { 298302, true },
+  { 298317, true },
+  { 298327, true },
+  { 298341, false },
+  { 298355, true },
+  { 298369, true },
+  { 298383, true },
+  { 298406, true },
+  { 298418, true },
+  { 298428, true },
+  { 298441, true },
+  { 298456, true },
+  { 298469, true },
+  { 298483, true },
+  { 298495, true },
+  { 298508, true },
+  { 298525, true },
+  { 298539, true },
+  { 298556, true },
+  { 298575, true },
+  { 298589, true },
+  { 298601, true },
+  { 298621, false },
+  { 298636, true },
+  { 298648, true },
+  { 298659, true },
+  { 298670, true },
+  { 298684, true },
+  { 298696, true },
+  { 298711, false },
+  { 298731, true },
+  { 298740, true },
+  { 298747, true },
+  { 298758, true },
+  { 298766, true },
+  { 298776, true },
+  { 298783, true },
+  { 298793, true },
+  { 298801, true },
+  { 298809, true },
+  { 298825, true },
+  { 298839, true },
+  { 298847, true },
+  { 298855, true },
+  { 298868, true },
+  { 298883, true },
+  { 298893, true },
+  { 298905, true },
+  { 298920, true },
+  { 298930, true },
+  { 298937, true },
+  { 298949, true },
+  { 298956, true },
+  { 298963, true },
+  { 298975, true },
+  { 298989, true },
+  { 298998, true },
+  { 299017, true },
+  { 299026, true },
+  { 299038, true },
+  { 299050, true },
+  { 299062, true },
+  { 299085, true },
+  { 299096, true },
+  { 299110, true },
+  { 299122, true },
+  { 299133, true },
+  { 299143, true },
+  { 299166, true },
+  { 299181, true },
+  { 299189, true },
+  { 299208, true },
+  { 299223, true },
+  { 299241, true },
+  { 299260, true },
+  { 299276, true },
+  { 299291, true },
+  { 299299, true },
+  { 299324, true },
+  { 299338, true },
+  { 299349, true },
+  { 299364, true },
+  { 299378, true },
+  { 299391, true },
+  { 299411, true },
+  { 299425, true },
+  { 299435, true },
+  { 299450, false },
+  { 299471, true },
+  { 299486, true },
+  { 299503, true },
+  { 299524, true },
+  { 299535, true },
+  { 299555, true },
+  { 299566, true },
+  { 299574, true },
+  { 299585, true },
+  { 299602, true },
+  { 299616, true },
+  { 299625, true },
+  { 299638, true },
+  { 299650, true },
+  { 299662, true },
+  { 299676, true },
+  { 299692, true },
+  { 299702, true },
+  { 299718, true },
+  { 299731, true },
+  { 299763, true },
+  { 299776, true },
+  { 299795, true },
+  { 299809, false },
+  { 299822, true },
+  { 299842, true },
+  { 299856, true },
+  { 299873, true },
+  { 299887, true },
+  { 299898, true },
+  { 299907, true },
+  { 299917, true },
+  { 299924, true },
+  { 299931, true },
+  { 299943, false },
+  { 299952, true },
+  { 299961, true },
+  { 299970, true },
+  { 299978, true },
+  { 299993, true },
+  { 300003, true },
+  { 300011, true },
+  { 300024, true },
+  { 300036, true },
+  { 300049, true },
+  { 300060, true },
+  { 300070, true },
+  { 300080, true },
+  { 300091, true },
+  { 300100, true },
+  { 300109, true },
+  { 300127, true },
+  { 300145, true },
+  { 300155, true },
+  { 300166, false },
+  { 300177, true },
+  { 300188, true },
+  { 300204, true },
+  { 300212, false },
+  { 300220, true },
+  { 300234, true },
+  { 300245, true },
+  { 300254, true },
+  { 300270, true },
+  { 300276, true },
+  { 300289, true },
+  { 300300, true },
+  { 300312, true },
+  { 300327, true },
+  { 300349, true },
+  { 300363, true },
+  { 300382, true },
+  { 300406, true },
+  { 300427, false },
+  { 300439, false },
+  { 300465, true },
+  { 300482, true },
+  { 300500, true },
+  { 300517, true },
+  { 300531, true },
+  { 300541, true },
+  { 300555, true },
+  { 300570, true },
+  { 300583, true },
+  { 300601, true },
+  { 300618, false },
+  { 300630, true },
+  { 300643, true },
+  { 300655, true },
+  { 300668, true },
+  { 300682, true },
+  { 300692, true },
+  { 300707, true },
+  { 300723, true },
+  { 300738, true },
+  { 300749, true },
+  { 300757, true },
+  { 300775, true },
+  { 300792, true },
+  { 300801, true },
+  { 300813, true },
+  { 300824, true },
+  { 300843, true },
+  { 300856, true },
+  { 300867, true },
+  { 300879, true },
+  { 300891, true },
+  { 300904, true },
+  { 300916, true },
+  { 300933, true },
+  { 300945, true },
+  { 300967, true },
+  { 300974, true },
+  { 300987, true },
+  { 301004, true },
+  { 301012, true },
+  { 301034, true },
+  { 301044, true },
+  { 301055, true },
+  { 301065, true },
+  { 301073, true },
+  { 301086, true },
+  { 301094, true },
+  { 301103, true },
+  { 301115, false },
+  { 301126, true },
+  { 301135, true },
+  { 301146, true },
+  { 301163, true },
+  { 301181, true },
+  { 301200, true },
+  { 301214, true },
+  { 301226, true },
+  { 301238, true },
+  { 301249, true },
+  { 301265, true },
+  { 301282, true },
+  { 301295, true },
+  { 301311, true },
+  { 301338, true },
+  { 301350, true },
+  { 301360, true },
+  { 301370, false },
+  { 301381, true },
+  { 301389, true },
+  { 301399, true },
+  { 301428, true },
+  { 301448, true },
+  { 301468, true },
+  { 301482, true },
+  { 301492, true },
+  { 301528, true },
+  { 301561, true },
+  { 301584, true },
+  { 301597, true },
+  { 301609, true },
+  { 301621, true },
+  { 301641, true },
+  { 301651, true },
+  { 301660, true },
+  { 301678, true },
+  { 301695, true },
+  { 301710, true },
+  { 301722, false },
+  { 301745, true },
+  { 301765, true },
+  { 301785, true },
+  { 301803, true },
+  { 301821, false },
+  { 301840, true },
+  { 301854, true },
+  { 301868, true },
+  { 301885, true },
+  { 301900, true },
+  { 301912, true },
+  { 301921, true },
+  { 301935, true },
+  { 301944, true },
+  { 301951, true },
+  { 301959, true },
+  { 301968, true },
+  { 301976, true },
+  { 301985, true },
+  { 301997, true },
+  { 302017, true },
+  { 302026, true },
+  { 302034, true },
+  { 302047, true },
+  { 302055, true },
+  { 302068, true },
+  { 302083, true },
+  { 302090, true },
+  { 302101, true },
+  { 302118, true },
+  { 302143, true },
+  { 302154, true },
+  { 302162, true },
+  { 302176, true },
+  { 302188, true },
+  { 302204, true },
+  { 302225, true },
+  { 302240, true },
+  { 302257, true },
+  { 302267, true },
+  { 302281, true },
+  { 302289, true },
+  { 302304, true },
+  { 302312, true },
+  { 302320, true },
+  { 302332, true },
+  { 302353, true },
+  { 302361, true },
+  { 302373, true },
+  { 302381, true },
+  { 302395, true },
+  { 302408, true },
+  { 302426, true },
+  { 302441, true },
+  { 302456, true },
+  { 302464, true },
+  { 302476, true },
+  { 302506, true },
+  { 302526, false },
+  { 302534, true },
+  { 302552, true },
+  { 302562, true },
+  { 302582, true },
+  { 302594, true },
+  { 302614, true },
+  { 302628, true },
+  { 302639, true },
+  { 302662, true },
+  { 302688, true },
+  { 302714, true },
+  { 302729, true },
+  { 302755, true },
+  { 302767, true },
+  { 302796, true },
+  { 302806, true },
+  { 302815, true },
+  { 302828, true },
+  { 302849, true },
+  { 302861, true },
+  { 302877, true },
+  { 302892, true },
+  { 302902, true },
+  { 302919, true },
+  { 302937, true },
+  { 302968, true },
+  { 302988, true },
+  { 303005, true },
+  { 303022, true },
+  { 303051, true },
+  { 303068, true },
+  { 303086, true },
+  { 303099, true },
+  { 303111, true },
+  { 303120, true },
+  { 303133, true },
+  { 303148, true },
+  { 303163, true },
+  { 303177, true },
+  { 303189, true },
+  { 303199, true },
+  { 303210, true },
+  { 303223, true },
+  { 303240, true },
+  { 303260, true },
+  { 303273, true },
+  { 303294, true },
+  { 303302, true },
+  { 303314, true },
+  { 303324, true },
+  { 303341, true },
+  { 303358, true },
+  { 303375, true },
+  { 303397, true },
+  { 303406, true },
+  { 303432, true },
+  { 303444, true },
+  { 303456, true },
+  { 303465, true },
+  { 303479, true },
+  { 303493, true },
+  { 303505, true },
+  { 303517, false },
+  { 303532, false },
+  { 303550, false },
+  { 303565, true },
+  { 303578, true },
+  { 303592, true },
+  { 303605, true },
+  { 303618, true },
+  { 303631, true },
+  { 303643, true },
+  { 303661, true },
+  { 303674, true },
+  { 303694, true },
+  { 303703, true },
+  { 303717, true },
+  { 303724, true },
+  { 303735, true },
+  { 303746, true },
+  { 303769, true },
+  { 303782, true },
+  { 303799, true },
+  { 303811, true },
+  { 303822, true },
+  { 303839, true },
+  { 303851, true },
+  { 303863, true },
+  { 303876, false },
+  { 303888, true },
+  { 303902, true },
+  { 303913, true },
+  { 303932, true },
+  { 303942, true },
+  { 303961, true },
+  { 303978, true },
+  { 303991, false },
+  { 304009, true },
+  { 304019, false },
+  { 304030, true },
+  { 304045, true },
+  { 304056, true },
+  { 304072, true },
+  { 304089, true },
+  { 304106, true },
+  { 304123, true },
+  { 304143, true },
+  { 304164, true },
+  { 304175, true },
+  { 304188, true },
+  { 304198, true },
+  { 304213, true },
+  { 304223, true },
+  { 304234, true },
+  { 304252, true },
+  { 304263, true },
+  { 304277, true },
+  { 304287, true },
+  { 304299, true },
+  { 304314, true },
+  { 304325, true },
+  { 304350, true },
+  { 304377, true },
+  { 304403, true },
+  { 304428, true },
+  { 304446, true },
+  { 304463, true },
+  { 304480, true },
+  { 304499, true },
+  { 304511, false },
+  { 304531, true },
+  { 304555, true },
+  { 304580, true },
+  { 304601, true },
+  { 304624, true },
+  { 304641, true },
+  { 304666, true },
+  { 304687, true },
+  { 304709, true },
+  { 304739, true },
+  { 304760, true },
+  { 304777, true },
+  { 304799, false },
+  { 304812, true },
+  { 304836, true },
+  { 304858, true },
+  { 304874, true },
+  { 304884, true },
+  { 304907, true },
+  { 304919, true },
+  { 304928, true },
+  { 304935, true },
+  { 304947, true },
+  { 304956, true },
+  { 304975, true },
+  { 304984, true },
+  { 304991, true },
+  { 305004, true },
+  { 305023, true },
+  { 305035, true },
+  { 305052, true },
+  { 305066, true },
+  { 305081, true },
+  { 305100, true },
+  { 305117, true },
+  { 305130, true },
+  { 305139, true },
+  { 305149, true },
+  { 305159, true },
+  { 305170, true },
+  { 305180, true },
+  { 305190, true },
+  { 305201, true },
+  { 305217, true },
+  { 305238, true },
+  { 305254, true },
+  { 305274, true },
+  { 305284, true },
+  { 305295, true },
+  { 305303, true },
+  { 305314, true },
+  { 305324, true },
+  { 305334, true },
+  { 305353, true },
+  { 305365, true },
+  { 305372, true },
+  { 305384, true },
+  { 305395, true },
+  { 305409, true },
+  { 305423, true },
+  { 305438, true },
+  { 305462, true },
+  { 305478, true },
+  { 305492, true },
+  { 305517, true },
+  { 305532, true },
+  { 305540, true },
+  { 305558, true },
+  { 305570, true },
+  { 305583, true },
+  { 305594, true },
+  { 305605, true },
+  { 305620, true },
+  { 305635, true },
+  { 305654, true },
+  { 305675, true },
+  { 305690, true },
+  { 305704, true },
+  { 305715, true },
+  { 305750, true },
+  { 305760, true },
+  { 305775, true },
+  { 305795, true },
+  { 305809, true },
+  { 305824, true },
+  { 305836, true },
+  { 305847, true },
+  { 305862, true },
+  { 305877, true },
+  { 305891, true },
+  { 305907, true },
+  { 305924, true },
+  { 305940, true },
+  { 305956, true },
+  { 305972, true },
+  { 305990, true },
+  { 306004, true },
+  { 306016, true },
+  { 306034, true },
+  { 306053, true },
+  { 306073, true },
+  { 306085, true },
+  { 306101, true },
+  { 306118, true },
+  { 306132, true },
+  { 306147, true },
+  { 306161, true },
+  { 306175, true },
+  { 306186, true },
+  { 306203, true },
+  { 306215, true },
+  { 306232, true },
+  { 306242, true },
+  { 306252, true },
+  { 306263, true },
+  { 306275, true },
+  { 306284, true },
+  { 306292, true },
+  { 306307, true },
+  { 306329, true },
+  { 306350, true },
+  { 306364, true },
+  { 306376, true },
+  { 306394, true },
+  { 306409, true },
+  { 306416, true },
+  { 306427, true },
+  { 306439, true },
+  { 306453, true },
+  { 306474, true },
+  { 306485, true },
+  { 306492, true },
+  { 306503, true },
+  { 306520, true },
+  { 306533, false },
+  { 306545, true },
+  { 306560, true },
+  { 306576, true },
+  { 306590, true },
+  { 306609, true },
+  { 306626, true },
+  { 306644, true },
+  { 306656, true },
+  { 306678, true },
+  { 306689, true },
+  { 306706, true },
+  { 306718, true },
+  { 306728, true },
+  { 306741, true },
+  { 306752, true },
+  { 306767, true },
+  { 306783, true },
+  { 306803, true },
+  { 306824, true },
+  { 306842, true },
+  { 306857, true },
+  { 306871, true },
+  { 306887, true },
+  { 306911, true },
+  { 306922, true },
+  { 306933, true },
+  { 306947, true },
+  { 306969, true },
+  { 306984, true },
+  { 307001, true },
+  { 307018, true },
+  { 307030, true },
+  { 307045, true },
+  { 307057, true },
+  { 307072, true },
+  { 307082, true },
+  { 307095, true },
+  { 307108, true },
+  { 307121, true },
+  { 307134, true },
+  { 307148, true },
+  { 307157, false },
+  { 307180, false },
+  { 307200, true },
+  { 307221, true },
+  { 307236, true },
+  { 307250, true },
+  { 307269, true },
+  { 307280, true },
+  { 307294, true },
+  { 307309, true },
+  { 307319, true },
+  { 307330, false },
+  { 307343, true },
+  { 307358, true },
+  { 307369, true },
+  { 307383, true },
+  { 307402, true },
+  { 307418, true },
+  { 307437, true },
+  { 307451, true },
+  { 307472, true },
+  { 307492, true },
+  { 307503, false },
+  { 307514, true },
+  { 307523, true },
+  { 307539, true },
+  { 307547, true },
+  { 307555, true },
+  { 307569, true },
+  { 307608, true },
+  { 307630, true },
+  { 307641, true },
+  { 307653, true },
+  { 307670, true },
+  { 307678, true },
+  { 307691, true },
+  { 307700, true },
+  { 307708, true },
+  { 307724, true },
+  { 307741, true },
+  { 307755, true },
+  { 307764, true },
+  { 307772, true },
+  { 307787, true },
+  { 307798, true },
+  { 307808, true },
+  { 307819, true },
+  { 307830, true },
+  { 307840, true },
+  { 307854, true },
+  { 307865, true },
+  { 307876, true },
+  { 307886, true },
+  { 307900, true },
+  { 307910, true },
+  { 307921, true },
+  { 307932, true },
+  { 307944, true },
+  { 307951, true },
+  { 307963, true },
+  { 307973, true },
+  { 307984, true },
+  { 308006, true },
+  { 308025, true },
+  { 308033, true },
+  { 308045, true },
+  { 308064, true },
+  { 308078, true },
+  { 308099, true },
+  { 308122, true },
+  { 308137, true },
+  { 308159, true },
+  { 308168, true },
+  { 308177, true },
+  { 308189, true },
+  { 308207, true },
+  { 308220, true },
+  { 308234, true },
+  { 308246, true },
+  { 308257, true },
+  { 308268, true },
+  { 308289, true },
+  { 308308, true },
+  { 308318, true },
+  { 308330, true },
+  { 308339, true },
+  { 308351, true },
+  { 308367, true },
+  { 308374, true },
+  { 308382, true },
+  { 308397, true },
+  { 308417, true },
+  { 308425, true },
+  { 308438, true },
+  { 308457, true },
+  { 308470, true },
+  { 308487, true },
+  { 308496, true },
+  { 308508, true },
+  { 308527, true },
+  { 308541, true },
+  { 308556, true },
+  { 308576, true },
+  { 308601, true },
+  { 308624, true },
+  { 308637, true },
+  { 308647, true },
+  { 308659, true },
+  { 308683, true },
+  { 308699, true },
+  { 308715, true },
+  { 308738, true },
+  { 308752, true },
+  { 308768, true },
+  { 308790, true },
+  { 308807, true },
+  { 308823, true },
+  { 308840, true },
+  { 308854, true },
+  { 308869, true },
+  { 308884, true },
+  { 308899, true },
+  { 308920, true },
+  { 308936, true },
+  { 308955, true },
+  { 308971, true },
+  { 308983, true },
+  { 308991, true },
+  { 309001, true },
+  { 309018, true },
+  { 309036, true },
+  { 309048, true },
+  { 309056, true },
+  { 309072, true },
+  { 309081, true },
+  { 309089, true },
+  { 309101, false },
+  { 309110, true },
+  { 309121, true },
+  { 309133, true },
+  { 309147, true },
+  { 309159, true },
+  { 309170, true },
+  { 309183, true },
+  { 309195, true },
+  { 309205, true },
+  { 309216, true },
+  { 309225, true },
+  { 309248, true },
+  { 309262, true },
+  { 309275, true },
+  { 309288, true },
+  { 309302, true },
+  { 309315, true },
+  { 309328, true },
+  { 309340, true },
+  { 309348, true },
+  { 309358, false },
+  { 309367, true },
+  { 309383, true },
+  { 309390, true },
+  { 309399, true },
+  { 309413, true },
+  { 309421, false },
+  { 309441, true },
+  { 309460, true },
+  { 309472, true },
+  { 309486, true },
+  { 309505, true },
+  { 309522, true },
+  { 309538, true },
+  { 309554, true },
+  { 309571, true },
+  { 309589, true },
+  { 309605, true },
+  { 309615, true },
+  { 309628, true },
+  { 309637, true },
+  { 309649, true },
+  { 309680, true },
+  { 309707, true },
+  { 309735, false },
+  { 309749, true },
+  { 309763, true },
+  { 309773, true },
+  { 309786, true },
+  { 309802, true },
+  { 309818, false },
+  { 309828, true },
+  { 309864, true },
+  { 309874, true },
+  { 309886, true },
+  { 309899, true },
+  { 309911, true },
+  { 309923, true },
+  { 309938, true },
+  { 309951, true },
+  { 309963, true },
+  { 309977, true },
+  { 309991, true },
+  { 310005, true },
+  { 310023, false },
+  { 310040, true },
+  { 310058, true },
+  { 310076, true },
+  { 310095, true },
+  { 310113, true },
+  { 310131, true },
+  { 310149, false },
+  { 310162, true },
+  { 310177, true },
+  { 310191, true },
+  { 310209, true },
+  { 310219, true },
+  { 310230, true },
+  { 310239, true },
+  { 310259, true },
+  { 310271, true },
+  { 310289, true },
+  { 310312, true },
+  { 310325, true },
+  { 310339, true },
+  { 310351, true },
+  { 310371, true },
+  { 310382, true },
+  { 310393, true },
+  { 310415, true },
+  { 310429, true },
+  { 310446, true },
+  { 310457, true },
+  { 310466, true },
+  { 310479, true },
+  { 310492, true },
+  { 310502, true },
+  { 310516, true },
+  { 310527, true },
+  { 310545, true },
+  { 310555, true },
+  { 310568, true },
+  { 310584, true },
+  { 310599, true },
+  { 310608, true },
+  { 310621, true },
+  { 310636, true },
+  { 310648, true },
+  { 310658, true },
+  { 310670, true },
+  { 310681, true },
+  { 310701, true },
+  { 310710, true },
+  { 310726, true },
+  { 310743, true },
+  { 310756, true },
+  { 310775, true },
+  { 310784, true },
+  { 310803, true },
+  { 310811, true },
+  { 310824, false },
+  { 310835, true },
+  { 310853, true },
+  { 310869, true },
+  { 310885, true },
+  { 310905, true },
+  { 310921, false },
+  { 310936, true },
+  { 310953, false },
+  { 310964, true },
+  { 310976, false },
+  { 310983, true },
+  { 310999, true },
+  { 311015, true },
+  { 311034, true },
+  { 311048, true },
+  { 311061, true },
+  { 311079, true },
+  { 311098, true },
+  { 311116, true },
+  { 311130, true },
+  { 311147, true },
+  { 311162, true },
+  { 311179, true },
+  { 311193, true },
+  { 311209, true },
+  { 311230, true },
+  { 311242, true },
+  { 311256, true },
+  { 311272, true },
+  { 311289, true },
+  { 311305, true },
+  { 311327, true },
+  { 311352, true },
+  { 311375, true },
+  { 311392, true },
+  { 311413, true },
+  { 311432, true },
+  { 311444, false },
+  { 311458, true },
+  { 311472, true },
+  { 311486, true },
+  { 311503, true },
+  { 311523, true },
+  { 311536, true },
+  { 311557, true },
+  { 311569, true },
+  { 311581, true },
+  { 311600, true },
+  { 311624, true },
+  { 311637, true },
+  { 311647, true },
+  { 311668, true },
+  { 311688, true },
+  { 311709, true },
+  { 311722, true },
+  { 311743, true },
+  { 311766, true },
+  { 311788, true },
+  { 311810, true },
+  { 311832, true },
+  { 311845, true },
+  { 311864, true },
+  { 311887, true },
+  { 311912, true },
+  { 311930, true },
+  { 311948, true },
+  { 311964, true },
+  { 311978, true },
+  { 311988, true },
+  { 312009, true },
+  { 312023, true },
+  { 312033, true },
+  { 312056, true },
+  { 312072, true },
+  { 312088, true },
+  { 312114, true },
+  { 312142, false },
+  { 312169, true },
+  { 312180, true },
+  { 312196, true },
+  { 312206, true },
+  { 312221, true },
+  { 312237, true },
+  { 312253, true },
+  { 312274, true },
+  { 312293, true },
+  { 312314, true },
+  { 312350, true },
+  { 312372, true },
+  { 312399, true },
+  { 312423, true },
+  { 312450, true },
+  { 312475, true },
+  { 312498, true },
+  { 312515, true },
+  { 312533, true },
+  { 312552, true },
+  { 312568, true },
+  { 312591, true },
+  { 312615, true },
+  { 312627, true },
+  { 312640, true },
+  { 312652, true },
+  { 312670, true },
+  { 312698, true },
+  { 312711, true },
+  { 312730, true },
+  { 312749, true },
+  { 312768, true },
+  { 312787, true },
+  { 312806, true },
+  { 312824, true },
+  { 312841, true },
+  { 312857, true },
+  { 312874, false },
+  { 312891, true },
+  { 312903, true },
+  { 312924, true },
+  { 312939, true },
+  { 312962, true },
+  { 312989, true },
+  { 313008, true },
+  { 313025, true },
+  { 313042, true },
+  { 313058, true },
+  { 313077, true },
+  { 313097, true },
+  { 313120, true },
+  { 313139, true },
+  { 313158, true },
+  { 313177, true },
+  { 313195, true },
+  { 313213, true },
+  { 313224, true },
+  { 313235, true },
+  { 313246, true },
+  { 313266, true },
+  { 313281, true },
+  { 313301, true },
+  { 313315, true },
+  { 313335, true },
+  { 313359, false },
+  { 313380, true },
+  { 313397, true },
+  { 313414, true },
+  { 313436, true },
+  { 313449, true },
+  { 313469, true },
+  { 313488, true },
+  { 313512, true },
+  { 313527, true },
+  { 313541, true },
+  { 313553, true },
+  { 313573, true },
+  { 313603, true },
+  { 313626, true },
+  { 313649, true },
+  { 313678, true },
+  { 313697, true },
+  { 313708, true },
+  { 313725, true },
+  { 313747, false },
+  { 313770, true },
+  { 313782, true },
+  { 313800, true },
+  { 313816, true },
+  { 313835, true },
+  { 313850, true },
+  { 313875, true },
+  { 313894, true },
+  { 313914, true },
+  { 313941, false },
+  { 313953, true },
+  { 313966, true },
+  { 313984, true },
+  { 314002, true },
+  { 314022, true },
+  { 314040, true },
+  { 314057, true },
+  { 314075, true },
+  { 314091, true },
+  { 314111, true },
+  { 314125, true },
+  { 314140, true },
+  { 314149, true },
+  { 314164, true },
+  { 314181, true },
+  { 314193, true },
+  { 314207, true },
+  { 314218, true },
+  { 314230, true },
+  { 314242, true },
+  { 314258, true },
+  { 314271, true },
+  { 314289, true },
+  { 314304, true },
+  { 314319, true },
+  { 314331, true },
+  { 314344, true },
+  { 314358, true },
+  { 314378, true },
+  { 314395, true },
+  { 314406, true },
+  { 314418, true },
+  { 314428, true },
+  { 314444, true },
+  { 314464, true },
+  { 314478, true },
+  { 314496, true },
+  { 314516, true },
+  { 314531, true },
+  { 314547, true },
+  { 314562, true },
+  { 314575, true },
+  { 314590, true },
+  { 314602, true },
+  { 314618, true },
+  { 314630, true },
+  { 314645, true },
+  { 314661, true },
+  { 314671, true },
+  { 314678, true },
+  { 314702, true },
+  { 314719, true },
+  { 314736, true },
+  { 314745, true },
+  { 314760, true },
+  { 314772, true },
+  { 314783, true },
+  { 314796, true },
+  { 314806, true },
+  { 314826, true },
+  { 314838, true },
+  { 314849, true },
+  { 314862, true },
+  { 314872, true },
+  { 314881, true },
+  { 314901, true },
+  { 314921, true },
+  { 314941, true },
+  { 314955, true },
+  { 314967, true },
+  { 314978, true },
+  { 314989, false },
+  { 315000, true },
+  { 315011, false },
+  { 315021, false },
+  { 315038, true },
+  { 315054, false },
+  { 315066, true },
+  { 315082, true },
+  { 315101, true },
+  { 315114, true },
+  { 315123, true },
+  { 315134, true },
+  { 315146, true },
+  { 315155, true },
+  { 315165, true },
+  { 315178, true },
+  { 315190, true },
+  { 315200, true },
+  { 315218, true },
+  { 315231, true },
+  { 315243, true },
+  { 315257, true },
+  { 315268, true },
+  { 315275, true },
+  { 315288, true },
+  { 315300, true },
+  { 315313, true },
+  { 315326, true },
+  { 315335, true },
+  { 315344, true },
+  { 315359, true },
+  { 315370, true },
+  { 315388, true },
+  { 315404, true },
+  { 315424, true },
+  { 315435, true },
+  { 315447, false },
+  { 315457, true },
+  { 315468, true },
+  { 315488, true },
+  { 315521, true },
+  { 315532, true },
+  { 315544, true },
+  { 315558, false },
+  { 315572, true },
+  { 315586, true },
+  { 315598, true },
+  { 315613, true },
+  { 315622, true },
+  { 315635, false },
+  { 315655, true },
+  { 315672, true },
+  { 315686, true },
+  { 315701, true },
+  { 315726, true },
+  { 315740, true },
+  { 315755, true },
+  { 315774, true },
+  { 315783, true },
+  { 315797, true },
+  { 315815, true },
+  { 315837, true },
+  { 315853, true },
+  { 315869, true },
+  { 315885, false },
+  { 315902, true },
+  { 315919, true },
+  { 315931, true },
+  { 315939, true },
+  { 315952, true },
+  { 315965, true },
+  { 315979, true },
+  { 315992, true },
+  { 316005, true },
+  { 316021, true },
+  { 316035, true },
+  { 316048, true },
+  { 316061, true },
+  { 316074, true },
+  { 316087, true },
+  { 316100, true },
+  { 316115, true },
+  { 316128, true },
+  { 316142, true },
+  { 316155, true },
+  { 316169, true },
+  { 316182, true },
+  { 316195, true },
+  { 316208, true },
+  { 316221, true },
+  { 316233, true },
+  { 316246, true },
+  { 316258, true },
+  { 316269, true },
+  { 316280, true },
+  { 316287, true },
+  { 316304, true },
+  { 316317, false },
+  { 316326, true },
+  { 316336, true },
+  { 316354, true },
+  { 316363, true },
+  { 316376, true },
+  { 316387, true },
+  { 316404, true },
+  { 316420, true },
+  { 316435, true },
+  { 316448, true },
+  { 316464, true },
+  { 316477, true },
+  { 316490, true },
+  { 316510, true },
+  { 316521, true },
+  { 316530, true },
+  { 316545, true },
+  { 316557, true },
+  { 316578, true },
+  { 316603, true },
+  { 316627, true },
+  { 316640, true },
+  { 316654, true },
+  { 316674, true },
+  { 316694, true },
+  { 316715, true },
+  { 316732, true },
+  { 316746, true },
+  { 316759, true },
+  { 316770, true },
+  { 316787, true },
+  { 316809, true },
+  { 316820, true },
+  { 316840, true },
+  { 316858, true },
+  { 316879, true },
+  { 316889, true },
+  { 316910, true },
+  { 316923, true },
+  { 316931, true },
+  { 316945, true },
+  { 316959, true },
+  { 316972, true },
+  { 316981, true },
+  { 316989, true },
+  { 317003, true },
+  { 317015, true },
+  { 317033, true },
+  { 317047, true },
+  { 317067, true },
+  { 317084, true },
+  { 317104, true },
+  { 317124, true },
+  { 317142, true },
+  { 317163, true },
+  { 317183, true },
+  { 317206, true },
+  { 317226, true },
+  { 317243, true },
+  { 317257, true },
+  { 317273, true },
+  { 317294, true },
+  { 317307, true },
+  { 317327, true },
+  { 317339, true },
+  { 317357, true },
+  { 317367, true },
+  { 317392, true },
+  { 317418, true },
+  { 317442, true },
+  { 317462, true },
+  { 317475, true },
+  { 317484, true },
+  { 317505, true },
+  { 317515, true },
+  { 317526, true },
+  { 317547, true },
+  { 317567, true },
+  { 317584, true },
+  { 317604, true },
+  { 317621, true },
+  { 317651, true },
+  { 317662, true },
+  { 317673, true },
+  { 317695, true },
+  { 317707, true },
+  { 317719, true },
+  { 317730, true },
+  { 317749, true },
+  { 317762, true },
+  { 317774, true },
+  { 317786, true },
+  { 317801, true },
+  { 317812, true },
+  { 317825, true },
+  { 317846, true },
+  { 317862, true },
+  { 317881, true },
+  { 317896, true },
+  { 317910, true },
+  { 317925, true },
+  { 317941, true },
+  { 317953, true },
+  { 317966, true },
+  { 317986, true },
+  { 318001, true },
+  { 318018, true },
+  { 318038, false },
+  { 318047, true },
+  { 318056, true },
+  { 318068, true },
+  { 318079, true },
+  { 318096, true },
+  { 318108, false },
+  { 318122, true },
+  { 318135, true },
+  { 318153, true },
+  { 318167, true },
+  { 318179, true },
+  { 318194, true },
+  { 318207, true },
+  { 318240, true },
+  { 318252, true },
+  { 318263, true },
+  { 318274, true },
+  { 318284, true },
+  { 318305, true },
+  { 318331, true },
+  { 318359, false },
+  { 318370, true },
+  { 318396, true },
+  { 318416, true },
+  { 318425, true },
+  { 318439, true },
+  { 318446, true },
+  { 318457, true },
+  { 318467, true },
+  { 318479, true },
+  { 318489, true },
+  { 318503, true },
+  { 318514, false },
+  { 318525, true },
+  { 318536, false },
+  { 318556, true },
+  { 318569, true },
+  { 318585, true },
+  { 318604, true },
+  { 318626, true },
+  { 318641, true },
+  { 318657, true },
+  { 318676, true },
+  { 318690, true },
+  { 318705, true },
+  { 318724, true },
+  { 318737, true },
+  { 318753, true },
+  { 318767, true },
+  { 318782, true },
+  { 318798, true },
+  { 318811, true },
+  { 318821, true },
+  { 318830, true },
+  { 318850, true },
+  { 318863, true },
+  { 318882, true },
+  { 318900, true },
+  { 318910, true },
+  { 318924, true },
+  { 318934, true },
+  { 318952, true },
+  { 318972, true },
+  { 319004, true },
+  { 319018, true },
+  { 319031, true },
+  { 319046, true },
+  { 319065, true },
+  { 319085, true },
+  { 319104, true },
+  { 319125, true },
+  { 319144, true },
+  { 319161, true },
+  { 319178, true },
+  { 319195, true },
+  { 319215, true },
+  { 319228, true },
+  { 319243, true },
+  { 319256, true },
+  { 319277, true },
+  { 319298, true },
+  { 319319, true },
+  { 319333, true },
+  { 319349, true },
+  { 319359, true },
+  { 319379, true },
+  { 319404, true },
+  { 319416, true },
+  { 319427, true },
+  { 319444, true },
+  { 319468, true },
+  { 319477, true },
+  { 319491, true },
+  { 319504, true },
+  { 319517, true },
+  { 319529, true },
+  { 319543, true },
+  { 319564, true },
+  { 319582, true },
+  { 319595, true },
+  { 319613, true },
+  { 319630, true },
+  { 319643, true },
+  { 319665, true },
+  { 319690, true },
+  { 319715, true },
+  { 319729, true },
+  { 319751, true },
+  { 319761, true },
+  { 319776, true },
+  { 319790, true },
+  { 319802, true },
+  { 319816, true },
+  { 319830, true },
+  { 319845, true },
+  { 319862, true },
+  { 319882, true },
+  { 319898, true },
+  { 319909, true },
+  { 319926, true },
+  { 319941, true },
+  { 319954, true },
+  { 319969, true },
+  { 319977, true },
+  { 319990, false },
+  { 320003, true },
+  { 320015, true },
+  { 320030, true },
+  { 320044, true },
+  { 320058, true },
+  { 320071, true },
+  { 320080, true },
+  { 320089, true },
+  { 320097, true },
+  { 320113, true },
+  { 320129, true },
+  { 320146, true },
+  { 320160, true },
+  { 320172, true },
+  { 320186, true },
+  { 320204, true },
+  { 320223, true },
+  { 320240, true },
+  { 320259, true },
+  { 320278, true },
+  { 320291, true },
+  { 320299, true },
+  { 320306, true },
+  { 320318, true },
+  { 320333, true },
+  { 320355, true },
+  { 320365, true },
+  { 320381, true },
+  { 320394, true },
+  { 320406, true },
+  { 320419, true },
+  { 320433, true },
+  { 320449, true },
+  { 320462, true },
+  { 320476, true },
+  { 320493, true },
+  { 320504, true },
+  { 320514, true },
+  { 320523, true },
+  { 320536, true },
+  { 320556, true },
+  { 320571, true },
+  { 320583, false },
+  { 320596, true },
+  { 320609, true },
+  { 320626, true },
+  { 320640, true },
+  { 320655, true },
+  { 320667, true },
+  { 320679, true },
+  { 320688, true },
+  { 320702, true },
+  { 320710, true },
+  { 320722, true },
+  { 320733, true },
+  { 320752, true },
+  { 320766, true },
+  { 320787, true },
+  { 320806, true },
+  { 320819, true },
+  { 320838, true },
+  { 320852, true },
+  { 320865, true },
+  { 320874, true },
+  { 320886, true },
+  { 320895, true },
+  { 320907, true },
+  { 320915, true },
+  { 320937, true },
+  { 320947, true },
+  { 320957, true },
+  { 320975, true },
+  { 320988, true },
+  { 320996, true },
+  { 321010, true },
+  { 321029, true },
+  { 321043, true },
+  { 321054, true },
+  { 321067, false },
+  { 321081, true },
+  { 321095, false },
+  { 321110, true },
+  { 321137, true },
+  { 321164, true },
+  { 321184, true },
+  { 321198, true },
+  { 321211, true },
+  { 321224, true },
+  { 321238, true },
+  { 321255, true },
+  { 321266, true },
+  { 321280, true },
+  { 321293, true },
+  { 321310, true },
+  { 321321, true },
+  { 321332, true },
+  { 321346, true },
+  { 321367, true },
+  { 321383, true },
+  { 321402, true },
+  { 321418, true },
+  { 321432, true },
+  { 321450, true },
+  { 321466, true },
+  { 321489, true },
+  { 321505, true },
+  { 321518, true },
+  { 321534, true },
+  { 321548, true },
+  { 321561, true },
+  { 321583, true },
+  { 321596, true },
+  { 321611, true },
+  { 321624, true },
+  { 321636, true },
+  { 321648, true },
+  { 321661, true },
+  { 321675, true },
+  { 321693, true },
+  { 321710, true },
+  { 321729, true },
+  { 321742, true },
+  { 321755, true },
+  { 321771, true },
+  { 321787, true },
+  { 321802, true },
+  { 321818, true },
+  { 321833, true },
+  { 321849, true },
+  { 321864, true },
+  { 321879, true },
+  { 321895, true },
+  { 321910, true },
+  { 321925, true },
+  { 321942, true },
+  { 321952, true },
+  { 321966, true },
+  { 321976, true },
+  { 321989, true },
+  { 322000, true },
+  { 322013, true },
+  { 322029, true },
+  { 322039, true },
+  { 322060, true },
+  { 322071, true },
+  { 322084, true },
+  { 322096, true },
+  { 322108, true },
+  { 322129, true },
+  { 322148, true },
+  { 322167, true },
+  { 322175, false },
+  { 322194, true },
+  { 322211, true },
+  { 322224, true },
+  { 322239, true },
+  { 322253, true },
+  { 322266, true },
+  { 322282, true },
+  { 322296, true },
+  { 322311, true },
+  { 322327, true },
+  { 322342, true },
+  { 322356, true },
+  { 322366, true },
+  { 322378, true },
+  { 322390, true },
+  { 322400, true },
+  { 322416, true },
+  { 322429, true },
+  { 322448, true },
+  { 322463, true },
+  { 322484, true },
+  { 322503, true },
+  { 322516, true },
+  { 322539, true },
+  { 322549, true },
+  { 322565, false },
+  { 322574, false },
+  { 322594, false },
+  { 322602, true },
+  { 322609, true },
+  { 322617, true },
+  { 322637, true },
+  { 322649, false },
+  { 322669, true },
+  { 322689, true },
+  { 322708, true },
+  { 322722, true },
+  { 322735, true },
+  { 322753, false },
+  { 322765, true },
+  { 322777, false },
+  { 322789, true },
+  { 322803, true },
+  { 322820, true },
+  { 322834, true },
+  { 322845, true },
+  { 322864, true },
+  { 322881, true },
+  { 322897, true },
+  { 322922, true },
+  { 322936, true },
+  { 322953, true },
+  { 322969, false },
+  { 322988, true },
+  { 323004, true },
+  { 323021, true },
+  { 323040, true },
+  { 323058, true },
+  { 323075, true },
+  { 323101, true },
+  { 323112, true },
+  { 323124, true },
+  { 323136, true },
+  { 323160, true },
+  { 323180, true },
+  { 323199, true },
+  { 323211, true },
+  { 323234, true },
+  { 323260, true },
+  { 323274, true },
+  { 323291, true },
+  { 323307, true },
+  { 323324, true },
+  { 323339, true },
+  { 323353, true },
+  { 323370, true },
+  { 323390, true },
+  { 323403, true },
+  { 323417, true },
+  { 323442, true },
+  { 323460, true },
+  { 323477, true },
+  { 323491, true },
+  { 323504, true },
+  { 323525, true },
+  { 323545, true },
+  { 323559, true },
+  { 323569, true },
+  { 323585, true },
+  { 323598, true },
+  { 323620, true },
+  { 323642, true },
+  { 323664, true },
+  { 323679, true },
+  { 323708, true },
+  { 323719, true },
+  { 323731, true },
+  { 323747, true },
+  { 323761, true },
+  { 323780, true },
+  { 323794, false },
+  { 323816, true },
+  { 323834, true },
+  { 323862, true },
+  { 323877, true },
+  { 323899, true },
+  { 323923, true },
+  { 323932, true },
+  { 323947, true },
+  { 323981, true },
+  { 324002, true },
+  { 324023, true },
+  { 324031, true },
+  { 324043, true },
+  { 324063, true },
+  { 324079, true },
+  { 324097, true },
+  { 324107, true },
+  { 324120, true },
+  { 324129, true },
+  { 324142, true },
+  { 324151, false },
+  { 324162, true },
+  { 324173, true },
+  { 324192, true },
+  { 324210, true },
+  { 324222, true },
+  { 324230, true },
+  { 324241, true },
+  { 324252, true },
+  { 324261, true },
+  { 324275, false },
+  { 324289, true },
+  { 324305, true },
+  { 324323, true },
+  { 324340, true },
+  { 324358, true },
+  { 324383, true },
+  { 324404, true },
+  { 324421, true },
+  { 324432, false },
+  { 324444, true },
+  { 324455, false },
+  { 324471, true },
+  { 324495, true },
+  { 324505, true },
+  { 324517, true },
+  { 324532, true },
+  { 324559, true },
+  { 324571, true },
+  { 324581, true },
+  { 324592, true },
+  { 324607, true },
+  { 324619, true },
+  { 324647, true },
+  { 324672, true },
+  { 324686, true },
+  { 324705, true },
+  { 324715, true },
+  { 324760, true },
+  { 324805, true },
+  { 324813, true },
+  { 324822, true },
+  { 324834, true },
+  { 324848, true },
+  { 324857, true },
+  { 324873, true },
+  { 324885, true },
+  { 324897, true },
+  { 324922, true },
+  { 324939, true },
+  { 324956, true },
+  { 324971, true },
+  { 324983, true },
+  { 324995, true },
+  { 325008, true },
+  { 325021, true },
+  { 325029, true },
+  { 325047, true },
+  { 325064, true },
+  { 325086, true },
+  { 325102, true },
+  { 325121, true },
+  { 325130, false },
+  { 325138, true },
+  { 325146, true },
+  { 325171, false },
+  { 325185, true },
+  { 325202, true },
+  { 325223, true },
+  { 325240, true },
+  { 325259, true },
+  { 325272, true },
+  { 325286, true },
+  { 325299, true },
+  { 325312, true },
+  { 325324, true },
+  { 325339, true },
+  { 325352, true },
+  { 325364, true },
+  { 325376, true },
+  { 325388, true },
+  { 325401, true },
+  { 325409, true },
+  { 325423, true },
+  { 325438, true },
+  { 325451, true },
+  { 325467, true },
+  { 325480, true },
+  { 325501, true },
+  { 325522, true },
+  { 325541, true },
+  { 325553, true },
+  { 325563, true },
+  { 325588, true },
+  { 325597, true },
+  { 325612, true },
+  { 325625, true },
+  { 325638, true },
+  { 325652, true },
+  { 325682, true },
+  { 325694, true },
+  { 325709, true },
+  { 325717, true },
+  { 325729, true },
+  { 325749, true },
+  { 325765, true },
+  { 325782, false },
+  { 325800, true },
+  { 325817, true },
+  { 325834, true },
+  { 325846, false },
+  { 325855, true },
+  { 325872, true },
+  { 325890, true },
+  { 325909, true },
+  { 325926, false },
+  { 325939, true },
+  { 325955, true },
+  { 325970, true },
+  { 325985, true },
+  { 326001, true },
+  { 326015, true },
+  { 326029, true },
+  { 326043, true },
+  { 326055, true },
+  { 326069, true },
+  { 326082, true },
+  { 326104, true },
+  { 326119, true },
+  { 326134, true },
+  { 326149, true },
+  { 326164, true },
+  { 326185, false },
+  { 326196, true },
+  { 326205, true },
+  { 326220, true },
+  { 326238, true },
+  { 326259, true },
+  { 326272, true },
+  { 326284, true },
+  { 326302, true },
+  { 326319, true },
+  { 326328, true },
+  { 326340, true },
+  { 326359, true },
+  { 326373, true },
+  { 326381, true },
+  { 326394, true },
+  { 326414, true },
+  { 326426, true },
+  { 326437, true },
+  { 326447, true },
+  { 326460, false },
+  { 326484, true },
+  { 326492, true },
+  { 326510, true },
+  { 326522, true },
+  { 326551, true },
+  { 326571, true },
+  { 326582, true },
+  { 326593, true },
+  { 326604, true },
+  { 326615, true },
+  { 326626, true },
+  { 326638, true },
+  { 326652, true },
+  { 326663, true },
+  { 326679, true },
+  { 326701, true },
+  { 326719, true },
+  { 326730, true },
+  { 326738, true },
+  { 326750, true },
+  { 326762, true },
+  { 326776, true },
+  { 326788, true },
+  { 326801, true },
+  { 326815, true },
+  { 326827, false },
+  { 326852, true },
+  { 326865, true },
+  { 326877, true },
+  { 326889, true },
+  { 326905, true },
+  { 326916, true },
+  { 326927, true },
+  { 326942, true },
+  { 326964, true },
+  { 326983, true },
+  { 327002, true },
+  { 327020, true },
+  { 327037, true },
+  { 327054, true },
+  { 327078, true },
+  { 327092, true },
+  { 327118, true },
+  { 327133, true },
+  { 327153, true },
+  { 327169, true },
+  { 327188, true },
+  { 327210, true },
+  { 327240, true },
+  { 327256, true },
+  { 327276, true },
+  { 327288, true },
+  { 327300, true },
+  { 327323, true },
+  { 327337, true },
+  { 327363, true },
+  { 327381, true },
+  { 327398, true },
+  { 327412, true },
+  { 327428, true },
+  { 327458, true },
+  { 327470, true },
+  { 327489, true },
+  { 327508, true },
+  { 327520, true },
+  { 327528, true },
+  { 327539, true },
+  { 327549, true },
+  { 327560, true },
+  { 327572, true },
+  { 327586, true },
+  { 327599, true },
+  { 327619, true },
+  { 327631, true },
+  { 327649, true },
+  { 327667, true },
+  { 327685, true },
+  { 327697, false },
+  { 327707, true },
+  { 327719, true },
+  { 327733, true },
+  { 327760, true },
+  { 327775, true },
+  { 327793, true },
+  { 327802, true },
+  { 327816, true },
+  { 327829, true },
+  { 327841, false },
+  { 327858, true },
+  { 327872, true },
+  { 327883, true },
+  { 327904, true },
+  { 327914, true },
+  { 327923, true },
+  { 327934, true },
+  { 327947, true },
+  { 327968, true },
+  { 327988, true },
+  { 328010, true },
+  { 328035, true },
+  { 328051, true },
+  { 328066, true },
+  { 328075, true },
+  { 328090, true },
+  { 328110, true },
+  { 328122, true },
+  { 328137, true },
+  { 328149, true },
+  { 328164, true },
+  { 328181, true },
+  { 328195, true },
+  { 328218, true },
+  { 328236, true },
+  { 328246, true },
+  { 328268, true },
+  { 328285, true },
+  { 328302, true },
+  { 328321, false },
+  { 328338, true },
+  { 328352, true },
+  { 328377, true },
+  { 328419, true },
+  { 328439, true },
+  { 328459, true },
+  { 328484, true },
+  { 328504, true },
+  { 328529, true },
+  { 328546, true },
+  { 328563, true },
+  { 328579, true },
+  { 328589, true },
+  { 328601, true },
+  { 328614, true },
+  { 328625, true },
+  { 328636, true },
+  { 328651, true },
+  { 328658, false },
+  { 328678, true },
+  { 328688, true },
+  { 328702, true },
+  { 328710, true },
+  { 328730, true },
+  { 328750, true },
+  { 328761, true },
+  { 328770, true },
+  { 328794, true },
+  { 328814, true },
+  { 328829, true },
+  { 328850, true },
+  { 328870, true },
+  { 328884, true },
+  { 328903, true },
+  { 328914, true },
+  { 328932, true },
+  { 328943, true },
+  { 328963, true },
+  { 328988, true },
+  { 329006, true },
+  { 329028, true },
+  { 329040, true },
+  { 329057, true },
+  { 329065, true },
+  { 329087, true },
+  { 329103, true },
+  { 329116, true },
+  { 329138, true },
+  { 329149, true },
+  { 329160, true },
+  { 329174, true },
+  { 329184, true },
+  { 329205, true },
+  { 329215, true },
+  { 329232, true },
+  { 329248, true },
+  { 329263, true },
+  { 329275, true },
+  { 329292, true },
+  { 329318, true },
+  { 329331, true },
+  { 329343, true },
+  { 329354, true },
+  { 329365, true },
+  { 329376, true },
+  { 329387, true },
+  { 329398, true },
+  { 329409, true },
+  { 329420, true },
+  { 329439, true },
+  { 329466, true },
+  { 329483, true },
+  { 329500, true },
+  { 329529, true },
+  { 329546, true },
+  { 329566, false },
+  { 329584, true },
+  { 329612, true },
+  { 329623, true },
+  { 329641, true },
+  { 329657, true },
+  { 329673, true },
+  { 329696, true },
+  { 329720, true },
+  { 329740, false },
+  { 329759, true },
+  { 329771, true },
+  { 329791, true },
+  { 329811, true },
+  { 329825, true },
+  { 329849, true },
+  { 329862, true },
+  { 329875, true },
+  { 329891, true },
+  { 329906, true },
+  { 329917, true },
+  { 329934, true },
+  { 329948, true },
+  { 329966, true },
+  { 329989, true },
+  { 330014, true },
+  { 330034, true },
+  { 330062, true },
+  { 330087, true },
+  { 330110, true },
+  { 330128, true },
+  { 330150, true },
+  { 330167, true },
+  { 330186, true },
+  { 330196, true },
+  { 330217, true },
+  { 330227, true },
+  { 330246, true },
+  { 330258, true },
+  { 330271, true },
+  { 330283, true },
+  { 330298, true },
+  { 330314, true },
+  { 330336, true },
+  { 330356, true },
+  { 330375, true },
+  { 330384, true },
+  { 330404, true },
+  { 330419, true },
+  { 330432, true },
+  { 330445, true },
+  { 330466, true },
+  { 330483, true },
+  { 330512, true },
+  { 330529, true },
+  { 330548, true },
+  { 330569, true },
+  { 330595, true },
+  { 330614, true },
+  { 330635, true },
+  { 330656, true },
+  { 330677, true },
+  { 330697, true },
+  { 330709, true },
+  { 330723, true },
+  { 330735, true },
+  { 330755, true },
+  { 330773, true },
+  { 330792, true },
+  { 330802, true },
+  { 330815, true },
+  { 330828, true },
+  { 330840, true },
+  { 330863, true },
+  { 330884, true },
+  { 330919, true },
+  { 330930, true },
+  { 330951, true },
+  { 330959, true },
+  { 330968, true },
+  { 330991, true },
+  { 331007, true },
+  { 331019, true },
+  { 331037, true },
+  { 331066, true },
+  { 331091, true },
+  { 331105, true },
+  { 331122, true },
+  { 331137, true },
+  { 331152, true },
+  { 331167, true },
+  { 331188, true },
+  { 331200, true },
+  { 331216, true },
+  { 331232, true },
+  { 331248, true },
+  { 331265, true },
+  { 331281, true },
+  { 331303, true },
+  { 331324, true },
+  { 331352, false },
+  { 331369, false },
+  { 331387, true },
+  { 331404, true },
+  { 331418, true },
+  { 331428, true },
+  { 331442, true },
+  { 331451, true },
+  { 331465, true },
+  { 331476, true },
+  { 331489, true },
+  { 331499, true },
+  { 331511, true },
+  { 331523, true },
+  { 331535, true },
+  { 331547, true },
+  { 331559, true },
+  { 331572, true },
+  { 331594, true },
+  { 331605, true },
+  { 331617, true },
+  { 331628, true },
+  { 331638, true },
+  { 331649, true },
+  { 331663, true },
+  { 331674, true },
+  { 331696, true },
+  { 331711, true },
+  { 331726, true },
+  { 331738, true },
+  { 331762, true },
+  { 331776, true },
+  { 331788, true },
+  { 331801, true },
+  { 331815, true },
+  { 331829, true },
+  { 331846, true },
+  { 331866, true },
+  { 331883, true },
+  { 331912, true },
+  { 331927, true },
+  { 331943, true },
+  { 331957, true },
+  { 331974, false },
+  { 331990, true },
+  { 332016, true },
+  { 332042, true },
+  { 332050, true },
+  { 332065, true },
+  { 332092, true },
+  { 332106, true },
+  { 332118, true },
+  { 332129, true },
+  { 332149, true },
+  { 332162, true },
+  { 332188, true },
+  { 332202, true },
+  { 332211, true },
+  { 332223, true },
+  { 332234, true },
+  { 332243, true },
+  { 332262, true },
+  { 332280, true },
+  { 332294, true },
+  { 332313, true },
+  { 332342, true },
+  { 332354, true },
+  { 332373, true },
+  { 332389, true },
+  { 332406, true },
+  { 332430, true },
+  { 332445, true },
+  { 332457, true },
+  { 332475, true },
+  { 332494, true },
+  { 332512, true },
+  { 332527, false },
+  { 332543, false },
+  { 332561, true },
+  { 332581, true },
+  { 332600, true },
+  { 332617, true },
+  { 332638, true },
+  { 332653, true },
+  { 332679, true },
+  { 332705, true },
+  { 332718, true },
+  { 332734, true },
+  { 332753, true },
+  { 332773, true },
+  { 332784, true },
+  { 332792, true },
+  { 332819, true },
+  { 332838, true },
+  { 332857, true },
+  { 332871, true },
+  { 332889, true },
+  { 332904, true },
+  { 332916, true },
+  { 332929, true },
+  { 332944, true },
+  { 332958, true },
+  { 332974, true },
+  { 332992, false },
+  { 333011, true },
+  { 333033, true },
+  { 333044, true },
+  { 333058, true },
+  { 333067, true },
+  { 333078, true },
+  { 333096, true },
+  { 333113, true },
+  { 333134, true },
+  { 333148, true },
+  { 333164, true },
+  { 333181, true },
+  { 333203, true },
+  { 333220, true },
+  { 333235, true },
+  { 333253, true },
+  { 333267, true },
+  { 333286, true },
+  { 333295, true },
+  { 333310, true },
+  { 333334, true },
+  { 333349, true },
+  { 333366, true },
+  { 333388, true },
+  { 333401, true },
+  { 333411, true },
+  { 333426, true },
+  { 333446, true },
+  { 333454, true },
+  { 333472, true },
+  { 333500, true },
+  { 333522, true },
+  { 333537, true },
+  { 333552, true },
+  { 333566, true },
+  { 333584, true },
+  { 333601, true },
+  { 333617, true },
+  { 333631, true },
+  { 333646, true },
+  { 333660, true },
+  { 333677, false },
+  { 333690, false },
+  { 333700, false },
+  { 333713, false },
+  { 333728, true },
+  { 333741, false },
+  { 333753, true },
+  { 333779, true },
+  { 333797, true },
+  { 333814, true },
+  { 333831, true },
+  { 333854, true },
+  { 333867, true },
+  { 333879, true },
+  { 333896, true },
+  { 333908, true },
+  { 333920, true },
+  { 333932, true },
+  { 333950, true },
+  { 333962, true },
+  { 333978, true },
+  { 333990, true },
+  { 334003, true },
+  { 334015, true },
+  { 334030, true },
+  { 334046, true },
+  { 334062, true },
+  { 334081, true },
+  { 334094, true },
+  { 334104, true },
+  { 334116, true },
+  { 334126, true },
+  { 334139, true },
+  { 334154, true },
+  { 334166, true },
+  { 334177, true },
+  { 334195, true },
+  { 334205, true },
+  { 334213, true },
+  { 334221, true },
+  { 334231, true },
+  { 334239, true },
+  { 334249, true },
+  { 334258, true },
+  { 334270, true },
+  { 334282, true },
+  { 334296, true },
+  { 334304, true },
+  { 334317, true },
+  { 334328, true },
+  { 334337, true },
+  { 334351, true },
+  { 334372, true },
+  { 334402, true },
+  { 334429, true },
+  { 334447, true },
+  { 334458, true },
+  { 334469, true },
+  { 334478, true },
+  { 334491, true },
+  { 334499, true },
+  { 334514, true },
+  { 334521, true },
+  { 334539, true },
+  { 334552, true },
+  { 334560, true },
+  { 334570, true },
+  { 334579, true },
+  { 334595, true },
+  { 334612, true },
+  { 334637, true },
+  { 334698, true },
+  { 334720, true },
+  { 334737, true },
+  { 334750, true },
+  { 334767, true },
+  { 334788, true },
+  { 334799, true },
+  { 334807, true },
+  { 334817, true },
+  { 334827, true },
+  { 334838, true },
+  { 334854, true },
+  { 334867, true },
+  { 334875, true },
+  { 334887, true },
+  { 334895, true },
+  { 334912, true },
+  { 334928, false },
+  { 334935, true },
+  { 334949, true },
+  { 334959, true },
+  { 334967, true },
+  { 334977, true },
+  { 334991, true },
+  { 334999, true },
+  { 335013, true },
+  { 335021, true },
+  { 335033, true },
+  { 335045, true },
+  { 335065, true },
+  { 335084, true },
+  { 335101, true },
+  { 335133, true },
+  { 335153, true },
+  { 335176, true },
+  { 335188, true },
+  { 335205, true },
+  { 335218, true },
+  { 335233, true },
+  { 335244, true },
+  { 335259, true },
+  { 335270, true },
+  { 335280, true },
+  { 335291, true },
+  { 335304, true },
+  { 335313, true },
+  { 335325, true },
+  { 335341, true },
+  { 335353, true },
+  { 335374, true },
+  { 335393, true },
+  { 335409, true },
+  { 335428, true },
+  { 335441, true },
+  { 335456, true },
+  { 335470, true },
+  { 335482, true },
+  { 335495, true },
+  { 335507, true },
+  { 335517, true },
+  { 335539, true },
+  { 335555, true },
+  { 335576, true },
+  { 335589, true },
+  { 335607, true },
+  { 335627, true },
+  { 335641, true },
+  { 335658, true },
+  { 335670, true },
+  { 335684, true },
+  { 335699, true },
+  { 335717, true },
+  { 335728, true },
+  { 335740, true },
+  { 335759, true },
+  { 335779, true },
+  { 335796, true },
+  { 335820, true },
+  { 335841, true },
+  { 335856, true },
+  { 335879, true },
+  { 335887, true },
+  { 335894, true },
+  { 335907, true },
+  { 335917, false },
+  { 335937, true },
+  { 335948, true },
+  { 335972, true },
+  { 335986, true },
+  { 335994, true },
+  { 336002, true },
+  { 336017, true },
+  { 336032, true },
+  { 336052, false },
+  { 336067, true },
+  { 336081, true },
+  { 336093, true },
+  { 336107, true },
+  { 336119, true },
+  { 336130, true },
+  { 336143, true },
+  { 336154, true },
+  { 336164, true },
+  { 336174, true },
+  { 336184, true },
+  { 336191, true },
+  { 336202, false },
+  { 336222, true },
+  { 336235, true },
+  { 336247, true },
+  { 336261, true },
+  { 336269, true },
+  { 336277, true },
+  { 336286, true },
+  { 336302, true },
+  { 336321, true },
+  { 336333, true },
+  { 336350, false },
+  { 336361, true },
+  { 336373, true },
+  { 336383, true },
+  { 336392, true },
+  { 336416, true },
+  { 336441, true },
+  { 336462, true },
+  { 336478, false },
+  { 336494, true },
+  { 336506, true },
+  { 336518, true },
+  { 336531, true },
+  { 336539, true },
+  { 336547, false },
+  { 336567, false },
+  { 336586, true },
+  { 336605, false },
+  { 336625, true },
+  { 336635, true },
+  { 336655, false },
+  { 336675, false },
+  { 336694, false },
+  { 336713, true },
+  { 336732, false },
+  { 336743, true },
+  { 336760, true },
+  { 336770, true },
+  { 336782, true },
+  { 336791, true },
+  { 336804, true },
+  { 336826, true },
+  { 336841, true },
+  { 336849, true },
+  { 336861, true },
+  { 336871, true },
+  { 336883, false },
+  { 336894, true },
+  { 336905, true },
+  { 336917, true },
+  { 336935, false },
+  { 336943, true },
+  { 336956, true },
+  { 336964, true },
+  { 336973, true },
+  { 336982, true },
+  { 336997, true },
+  { 337020, true },
+  { 337033, false },
+  { 337044, true },
+  { 337066, true },
+  { 337080, true },
+  { 337092, true },
+  { 337101, true },
+  { 337113, true },
+  { 337121, false },
+  { 337132, true },
+  { 337148, true },
+  { 337157, true },
+  { 337164, true },
+  { 337172, true },
+  { 337183, true },
+  { 337197, true },
+  { 337209, true },
+  { 337221, true },
+  { 337230, true },
+  { 337239, true },
+  { 337265, true },
+  { 337277, true },
+  { 337288, false },
+  { 337299, false },
+  { 337312, true },
+  { 337342, true },
+  { 337358, true },
+  { 337384, true },
+  { 337407, false },
+  { 337427, true },
+  { 337453, true },
+  { 337467, true },
+  { 337480, true },
+  { 337491, true },
+  { 337505, true },
+  { 337524, true },
+  { 337546, true },
+  { 337559, true },
+  { 337578, true },
+  { 337593, true },
+  { 337608, true },
+  { 337619, true },
+  { 337641, true },
+  { 337657, true },
+  { 337681, true },
+  { 337699, true },
+  { 337717, true },
+  { 337730, true },
+  { 337743, true },
+  { 337754, true },
+  { 337770, true },
+  { 337796, true },
+  { 337808, true },
+  { 337823, false },
+  { 337839, true },
+  { 337859, true },
+  { 337879, true },
+  { 337899, true },
+  { 337914, true },
+  { 337931, true },
+  { 337940, true },
+  { 337968, true },
+  { 337986, true },
+  { 337999, true },
+  { 338017, true },
+  { 338032, true },
+  { 338053, true },
+  { 338061, true },
+  { 338082, true },
+  { 338097, true },
+  { 338112, true },
+  { 338127, true },
+  { 338142, true },
+  { 338156, true },
+  { 338169, true },
+  { 338183, true },
+  { 338192, true },
+  { 338207, true },
+  { 338216, false },
+  { 338224, true },
+  { 338238, true },
+  { 338249, true },
+  { 338259, true },
+  { 338268, true },
+  { 338281, true },
+  { 338288, true },
+  { 338299, true },
+  { 338308, true },
+  { 338318, true },
+  { 338327, true },
+  { 338337, true },
+  { 338349, true },
+  { 338359, true },
+  { 338371, true },
+  { 338383, true },
+  { 338396, true },
+  { 338403, true },
+  { 338414, true },
+  { 338423, true },
+  { 338440, true },
+  { 338447, true },
+  { 338458, true },
+  { 338469, true },
+  { 338480, true },
+  { 338494, true },
+  { 338501, true },
+  { 338512, true },
+  { 338519, true },
+  { 338527, true },
+  { 338545, true },
+  { 338554, true },
+  { 338566, true },
+  { 338574, false },
+  { 338587, true },
+  { 338604, true },
+  { 338621, true },
+  { 338633, true },
+  { 338653, true },
+  { 338673, true },
+  { 338689, true },
+  { 338708, true },
+  { 338731, true },
+  { 338750, true },
+  { 338764, true },
+  { 338781, true },
+  { 338808, true },
+  { 338824, true },
+  { 338835, true },
+  { 338849, true },
+  { 338862, true },
+  { 338884, true },
+  { 338894, true },
+  { 338917, true },
+  { 338930, true },
+  { 338939, true },
+  { 338952, true },
+  { 338963, true },
+  { 338978, true },
+  { 339001, true },
+  { 339035, true },
+  { 339047, true },
+  { 339067, true },
+  { 339085, true },
+  { 339096, true },
+  { 339112, true },
+  { 339122, true },
+  { 339138, true },
+  { 339148, true },
+  { 339162, true },
+  { 339182, true },
+  { 339198, true },
+  { 339220, true },
+  { 339233, true },
+  { 339249, true },
+  { 339278, true },
+  { 339305, true },
+  { 339319, true },
+  { 339329, true },
+  { 339337, true },
+  { 339347, true },
+  { 339370, true },
+  { 339380, true },
+  { 339398, true },
+  { 339415, true },
+  { 339424, true },
+  { 339434, true },
+  { 339447, true },
+  { 339466, true },
+  { 339479, true },
+  { 339501, true },
+  { 339512, true },
+  { 339527, true },
+  { 339538, true },
+  { 339561, true },
+  { 339576, true },
+  { 339601, true },
+  { 339621, true },
+  { 339641, true },
+  { 339664, true },
+  { 339678, true },
+  { 339691, true },
+  { 339702, true },
+  { 339720, true },
+  { 339737, true },
+  { 339747, true },
+  { 339768, true },
+  { 339793, true },
+  { 339807, true },
+  { 339825, true },
+  { 339843, true },
+  { 339858, true },
+  { 339872, true },
+  { 339886, true },
+  { 339903, true },
+  { 339921, true },
+  { 339934, true },
+  { 339947, true },
+  { 339964, true },
+  { 339975, true },
+  { 339993, true },
+  { 340003, true },
+  { 340010, true },
+  { 340022, true },
+  { 340032, true },
+  { 340048, true },
+  { 340061, true },
+  { 340071, true },
+  { 340084, true },
+  { 340101, true },
+  { 340111, true },
+  { 340132, true },
+  { 340152, false },
+  { 340165, true },
+  { 340188, true },
+  { 340209, true },
+  { 340231, true },
+  { 340251, true },
+  { 340260, true },
+  { 340271, true },
+  { 340287, true },
+  { 340301, true },
+  { 340314, true },
+  { 340325, true },
+  { 340336, true },
+  { 340350, true },
+  { 340363, true },
+  { 340374, true },
+  { 340392, true },
+  { 340404, true },
+  { 340414, true },
+  { 340428, true },
+  { 340443, true },
+  { 340460, true },
+  { 340474, true },
+  { 340487, true },
+  { 340502, true },
+  { 340524, true },
+  { 340545, true },
+  { 340575, true },
+  { 340585, true },
+  { 340596, true },
+  { 340609, true },
+  { 340633, true },
+  { 340646, true },
+  { 340655, true },
+  { 340664, true },
+  { 340679, true },
+  { 340699, true },
+  { 340711, true },
+  { 340724, true },
+  { 340745, true },
+  { 340761, true },
+  { 340777, true },
+  { 340790, true },
+  { 340804, false },
+  { 340821, true },
+  { 340832, true },
+  { 340847, true },
+  { 340859, true },
+  { 340869, true },
+  { 340882, true },
+  { 340896, true },
+  { 340914, true },
+  { 340927, true },
+  { 340937, true },
+  { 340948, true },
+  { 340958, true },
+  { 340968, true },
+  { 340980, true },
+  { 340993, true },
+  { 341005, true },
+  { 341024, true },
+  { 341039, true },
+  { 341048, true },
+  { 341059, true },
+  { 341076, true },
+  { 341088, true },
+  { 341100, true },
+  { 341113, true },
+  { 341125, true },
+  { 341136, true },
+  { 341151, true },
+  { 341167, true },
+  { 341177, true },
+  { 341187, true },
+  { 341204, true },
+  { 341218, true },
+  { 341233, true },
+  { 341245, true },
+  { 341256, true },
+  { 341263, true },
+  { 341270, true },
+  { 341286, true },
+  { 341297, true },
+  { 341307, true },
+  { 341319, true },
+  { 341332, true },
+  { 341348, true },
+  { 341365, true },
+  { 341372, true },
+  { 341381, false },
+  { 341388, true },
+  { 341396, true },
+  { 341408, true },
+  { 341423, true },
+  { 341436, true },
+  { 341453, true },
+  { 341466, true },
+  { 341481, true },
+  { 341489, true },
+  { 341502, true },
+  { 341526, true },
+  { 341545, true },
+  { 341556, true },
+  { 341568, false },
+  { 341582, true },
+  { 341595, true },
+  { 341609, true },
+  { 341625, true },
+  { 341640, true },
+  { 341658, true },
+  { 341672, true },
+  { 341691, true },
+  { 341702, true },
+  { 341718, true },
+  { 341742, true },
+  { 341766, true },
+  { 341787, false },
+  { 341806, true },
+  { 341825, true },
+  { 341839, true },
+  { 341854, true },
+  { 341867, false },
+  { 341882, true },
+  { 341899, true },
+  { 341918, true },
+  { 341929, true },
+  { 341951, true },
+  { 341961, true },
+  { 341971, true },
+  { 341987, true },
+  { 342008, true },
+  { 342025, true },
+  { 342036, true },
+  { 342046, true },
+  { 342056, true },
+  { 342067, true },
+  { 342083, true },
+  { 342099, true },
+  { 342123, true },
+  { 342138, true },
+  { 342152, true },
+  { 342161, true },
+  { 342171, true },
+  { 342186, true },
+  { 342201, true },
+  { 342211, true },
+  { 342224, true },
+  { 342239, true },
+  { 342255, true },
+  { 342271, true },
+  { 342290, true },
+  { 342300, true },
+  { 342321, true },
+  { 342343, true },
+  { 342362, false },
+  { 342373, true },
+  { 342398, true },
+  { 342424, true },
+  { 342435, true },
+  { 342452, true },
+  { 342467, true },
+  { 342487, true },
+  { 342514, true },
+  { 342541, true },
+  { 342572, true },
+  { 342598, true },
+  { 342622, true },
+  { 342638, true },
+  { 342652, true },
+  { 342662, true },
+  { 342677, true },
+  { 342689, true },
+  { 342709, true },
+  { 342724, true },
+  { 342743, false },
+  { 342760, true },
+  { 342781, true },
+  { 342796, true },
+  { 342812, true },
+  { 342827, true },
+  { 342857, true },
+  { 342885, true },
+  { 342905, true },
+  { 342923, true },
+  { 342935, true },
+  { 342958, true },
+  { 342973, true },
+  { 342989, true },
+  { 342997, true },
+  { 343020, true },
+  { 343032, true },
+  { 343045, true },
+  { 343057, true },
+  { 343070, true },
+  { 343078, true },
+  { 343090, true },
+  { 343102, true },
+  { 343114, true },
+  { 343127, true },
+  { 343143, true },
+  { 343155, true },
+  { 343167, true },
+  { 343179, true },
+  { 343191, true },
+  { 343203, true },
+  { 343215, true },
+  { 343227, true },
+  { 343239, true },
+  { 343265, true },
+  { 343283, true },
+  { 343300, true },
+  { 343313, true },
+  { 343341, true },
+  { 343364, true },
+  { 343386, true },
+  { 343403, true },
+  { 343415, true },
+  { 343424, true },
+  { 343451, true },
+  { 343482, true },
+  { 343493, true },
+  { 343503, true },
+  { 343515, true },
+  { 343527, true },
+  { 343542, true },
+  { 343553, true },
+  { 343573, true },
+  { 343588, true },
+  { 343599, true },
+  { 343616, true },
+  { 343628, true },
+  { 343641, true },
+  { 343669, true },
+  { 343689, true },
+  { 343709, true },
+  { 343722, true },
+  { 343736, true },
+  { 343758, true },
+  { 343771, true },
+  { 343788, true },
+  { 343805, true },
+  { 343817, true },
+  { 343833, true },
+  { 343847, true },
+  { 343858, true },
+  { 343868, true },
+  { 343878, true },
+  { 343890, true },
+  { 343901, true },
+  { 343912, true },
+  { 343923, true },
+  { 343934, true },
+  { 343948, true },
+  { 343964, true },
+  { 343982, true },
+  { 343996, true },
+  { 344017, true },
+  { 344039, true },
+  { 344059, true },
+  { 344076, true },
+  { 344087, true },
+  { 344098, true },
+  { 344108, true },
+  { 344127, true },
+  { 344154, true },
+  { 344175, true },
+  { 344195, true },
+  { 344213, true },
+  { 344228, false },
+  { 344239, true },
+  { 344250, true },
+  { 344274, true },
+  { 344291, true },
+  { 344331, true },
+  { 344353, true },
+  { 344369, false },
+  { 344386, true },
+  { 344402, true },
+  { 344425, true },
+  { 344438, true },
+  { 344448, true },
+  { 344459, true },
+  { 344470, true },
+  { 344488, true },
+  { 344499, true },
+  { 344510, true },
+  { 344526, true },
+  { 344540, true },
+  { 344561, true },
+  { 344582, true },
+  { 344600, true },
+  { 344618, true },
+  { 344625, true },
+  { 344646, true },
+  { 344664, true },
+  { 344682, true },
+  { 344699, false },
+  { 344717, true },
+  { 344727, true },
+  { 344749, true },
+  { 344760, true },
+  { 344771, false },
+  { 344781, true },
+  { 344789, false },
+  { 344811, true },
+  { 344827, true },
+  { 344849, true },
+  { 344864, true },
+  { 344881, true },
+  { 344892, true },
+  { 344907, true },
+  { 344927, true },
+  { 344944, true },
+  { 344963, true },
+  { 344974, true },
+  { 344993, true },
+  { 345017, true },
+  { 345031, true },
+  { 345046, true },
+  { 345065, true },
+  { 345083, true },
+  { 345096, false },
+  { 345115, true },
+  { 345127, true },
+  { 345136, true },
+  { 345149, true },
+  { 345166, true },
+  { 345187, true },
+  { 345199, true },
+  { 345222, true },
+  { 345240, true },
+  { 345260, true },
+  { 345270, true },
+  { 345281, true },
+  { 345292, true },
+  { 345314, true },
+  { 345348, true },
+  { 345364, true },
+  { 345379, false },
+  { 345399, true },
+  { 345421, true },
+  { 345434, true },
+  { 345444, true },
+  { 345464, true },
+  { 345480, true },
+  { 345497, true },
+  { 345518, true },
+  { 345533, true },
+  { 345550, true },
+  { 345564, true },
+  { 345578, true },
+  { 345589, false },
+  { 345599, false },
+  { 345614, true },
+  { 345629, true },
+  { 345650, true },
+  { 345662, true },
+  { 345676, true },
+  { 345686, true },
+  { 345699, true },
+  { 345714, false },
+  { 345728, true },
+  { 345736, true },
+  { 345752, true },
+  { 345772, true },
+  { 345789, true },
+  { 345812, true },
+  { 345838, false },
+  { 345847, true },
+  { 345857, false },
+  { 345865, true },
+  { 345876, true },
+  { 345886, true },
+  { 345898, true },
+  { 345910, true },
+  { 345922, true },
+  { 345936, false },
+  { 345958, true },
+  { 345974, true },
+  { 345989, false },
+  { 346003, true },
+  { 346017, true },
+  { 346030, true },
+  { 346048, true },
+  { 346072, true },
+  { 346100, true },
+  { 346127, true },
+  { 346155, true },
+  { 346182, true },
+  { 346195, true },
+  { 346209, true },
+  { 346221, true },
+  { 346233, true },
+  { 346248, true },
+  { 346273, true },
+  { 346297, true },
+  { 346311, true },
+  { 346332, true },
+  { 346343, true },
+  { 346361, true },
+  { 346376, true },
+  { 346386, true },
+  { 346394, true },
+  { 346412, false },
+  { 346434, true },
+  { 346451, true },
+  { 346467, true },
+  { 346489, true },
+  { 346514, true },
+  { 346524, true },
+  { 346540, true },
+  { 346554, true },
+  { 346566, true },
+  { 346584, true },
+  { 346598, true },
+  { 346618, true },
+  { 346638, true },
+  { 346663, true },
+  { 346683, true },
+  { 346704, true },
+  { 346724, true },
+  { 346734, true },
+  { 346747, false },
+  { 346772, true },
+  { 346789, true },
+  { 346810, true },
+  { 346832, true },
+  { 346858, true },
+  { 346886, true },
+  { 346906, true },
+  { 346926, true },
+  { 346947, true },
+  { 346975, true },
+  { 346988, true },
+  { 347008, true },
+  { 347033, true },
+  { 347047, true },
+  { 347061, false },
+  { 347078, true },
+  { 347091, true },
+  { 347110, true },
+  { 347121, true },
+  { 347135, true },
+  { 347143, true },
+  { 347152, true },
+  { 347160, true },
+  { 347174, true },
+  { 347188, true },
+  { 347200, true },
+  { 347209, true },
+  { 347225, true },
+  { 347238, true },
+  { 347251, true },
+  { 347268, true },
+  { 347284, true },
+  { 347297, true },
+  { 347309, false },
+  { 347320, true },
+  { 347331, true },
+  { 347349, true },
+  { 347369, true },
+  { 347385, true },
+  { 347395, false },
+  { 347407, true },
+  { 347419, true },
+  { 347430, true },
+  { 347448, true },
+  { 347469, true },
+  { 347484, true },
+  { 347505, true },
+  { 347523, true },
+  { 347548, true },
+  { 347571, true },
+  { 347581, true },
+  { 347599, true },
+  { 347629, true },
+  { 347650, true },
+  { 347674, true },
+  { 347686, true },
+  { 347696, true },
+  { 347712, true },
+  { 347736, true },
+  { 347749, true },
+  { 347756, true },
+  { 347763, true },
+  { 347777, true },
+  { 347789, true },
+  { 347801, true },
+  { 347814, true },
+  { 347826, true },
+  { 347832, true },
+  { 347842, true },
+  { 347852, true },
+  { 347870, true },
+  { 347888, true },
+  { 347902, true },
+  { 347911, true },
+  { 347926, true },
+  { 347947, true },
+  { 347960, true },
+  { 347970, true },
+  { 347987, true },
+  { 348004, true },
+  { 348019, true },
+  { 348036, true },
+  { 348052, true },
+  { 348061, true },
+  { 348086, true },
+  { 348096, true },
+  { 348122, true },
+  { 348132, true },
+  { 348152, true },
+  { 348163, true },
+  { 348172, true },
+  { 348183, true },
+  { 348192, true },
+  { 348203, true },
+  { 348218, true },
+  { 348228, true },
+  { 348238, true },
+  { 348254, true },
+  { 348266, true },
+  { 348286, true },
+  { 348303, true },
+  { 348321, true },
+  { 348342, true },
+  { 348359, true },
+  { 348379, true },
+  { 348402, true },
+  { 348422, true },
+  { 348442, true },
+  { 348461, true },
+  { 348482, true },
+  { 348494, true },
+  { 348510, true },
+  { 348527, true },
+  { 348539, true },
+  { 348556, true },
+  { 348568, true },
+  { 348582, true },
+  { 348601, true },
+  { 348616, true },
+  { 348632, false },
+  { 348646, true },
+  { 348655, true },
+  { 348667, true },
+  { 348681, true },
+  { 348692, true },
+  { 348704, true },
+  { 348722, true },
+  { 348741, true },
+  { 348758, true },
+  { 348775, true },
+  { 348793, true },
+  { 348809, true },
+  { 348819, true },
+  { 348835, true },
+  { 348849, true },
+  { 348866, true },
+  { 348882, true },
+  { 348900, true },
+  { 348917, true },
+  { 348930, true },
+  { 348941, true },
+  { 348961, true },
+  { 348978, true },
+  { 349001, true },
+  { 349017, true },
+  { 349035, false },
+  { 349052, false },
+  { 349073, true },
+  { 349088, true },
+  { 349098, true },
+  { 349115, true },
+  { 349124, true },
+  { 349145, true },
+  { 349155, true },
+  { 349165, true },
+  { 349184, true },
+  { 349192, true },
+  { 349203, true },
+  { 349217, true },
+  { 349232, true },
+  { 349245, true },
+  { 349260, true },
+  { 349271, true },
+  { 349278, true },
+  { 349288, true },
+  { 349311, true },
+  { 349326, true },
+  { 349339, true },
+  { 349361, true },
+  { 349372, true },
+  { 349389, true },
+  { 349402, true },
+  { 349416, true },
+  { 349434, true },
+  { 349451, true },
+  { 349466, true },
+  { 349478, true },
+  { 349491, true },
+  { 349515, true },
+  { 349539, true },
+  { 349550, true },
+  { 349561, true },
+  { 349576, true },
+  { 349589, true },
+  { 349603, true },
+  { 349614, true },
+  { 349629, true },
+  { 349653, true },
+  { 349669, true },
+  { 349696, true },
+  { 349713, true },
+  { 349731, true },
+  { 349749, true },
+  { 349767, true },
+  { 349779, true },
+  { 349796, true },
+  { 349805, true },
+  { 349815, true },
+  { 349826, true },
+  { 349837, true },
+  { 349852, true },
+  { 349869, true },
+  { 349892, true },
+  { 349910, true },
+  { 349923, true },
+  { 349931, true },
+  { 349939, true },
+  { 349947, true },
+  { 349957, false },
+  { 349967, true },
+  { 349976, true },
+  { 349983, true },
+  { 349992, true },
+  { 350011, true },
+  { 350018, true },
+  { 350026, true },
+  { 350033, true },
+  { 350048, true },
+  { 350063, true },
+  { 350073, true },
+  { 350082, true },
+  { 350094, true },
+  { 350106, true },
+  { 350118, true },
+  { 350126, true },
+  { 350143, true },
+  { 350155, true },
+  { 350162, false },
+  { 350182, true },
+  { 350195, true },
+  { 350209, true },
+  { 350219, true },
+  { 350230, true },
+  { 350241, true },
+  { 350258, true },
+  { 350271, true },
+  { 350287, true },
+  { 350305, true },
+  { 350324, true },
+  { 350335, true },
+  { 350353, true },
+  { 350371, true },
+  { 350388, true },
+  { 350404, true },
+  { 350426, true },
+  { 350447, true },
+  { 350460, true },
+  { 350485, true },
+  { 350503, true },
+  { 350518, true },
+  { 350537, true },
+  { 350555, true },
+  { 350567, true },
+  { 350578, true },
+  { 350591, true },
+  { 350610, true },
+  { 350627, true },
+  { 350646, true },
+  { 350661, true },
+  { 350682, true },
+  { 350697, true },
+  { 350713, true },
+  { 350729, true },
+  { 350752, true },
+  { 350763, true },
+  { 350783, true },
+  { 350796, true },
+  { 350806, true },
+  { 350822, true },
+  { 350835, true },
+  { 350849, true },
+  { 350862, true },
+  { 350875, true },
+  { 350889, true },
+  { 350904, true },
+  { 350912, true },
+  { 350923, true },
+  { 350932, true },
+  { 350946, true },
+  { 350966, true },
+  { 350985, true },
+  { 350999, true },
+  { 351025, true },
+  { 351037, true },
+  { 351049, true },
+  { 351066, true },
+  { 351093, true },
+  { 351117, true },
+  { 351135, true },
+  { 351155, true },
+  { 351170, true },
+  { 351193, true },
+  { 351205, true },
+  { 351219, true },
+  { 351233, true },
+  { 351250, true },
+  { 351265, true },
+  { 351277, true },
+  { 351288, true },
+  { 351302, true },
+  { 351326, true },
+  { 351348, true },
+  { 351358, true },
+  { 351370, true },
+  { 351385, true },
+  { 351395, true },
+  { 351412, true },
+  { 351422, true },
+  { 351436, true },
+  { 351448, true },
+  { 351464, false },
+  { 351495, true },
+  { 351504, true },
+  { 351516, true },
+  { 351530, true },
+  { 351542, true },
+  { 351554, true },
+  { 351567, true },
+  { 351580, true },
+  { 351593, true },
+  { 351610, true },
+  { 351623, true },
+  { 351644, true },
+  { 351663, true },
+  { 351677, true },
+  { 351689, true },
+  { 351708, true },
+  { 351726, true },
+  { 351742, true },
+  { 351759, true },
+  { 351772, true },
+  { 351785, true },
+  { 351799, true },
+  { 351813, true },
+  { 351822, true },
+  { 351832, true },
+  { 351847, true },
+  { 351857, true },
+  { 351877, true },
+  { 351891, true },
+  { 351907, true },
+  { 351920, true },
+  { 351933, true },
+  { 351949, true },
+  { 351959, true },
+  { 351975, true },
+  { 351996, true },
+  { 352013, true },
+  { 352031, true },
+  { 352053, true },
+  { 352078, true },
+  { 352089, true },
+  { 352101, true },
+  { 352115, true },
+  { 352128, true },
+  { 352140, true },
+  { 352160, true },
+  { 352170, true },
+  { 352182, true },
+  { 352189, true },
+  { 352206, true },
+  { 352228, true },
+  { 352236, true },
+  { 352248, true },
+  { 352259, true },
+  { 352269, true },
+  { 352281, true },
+  { 352292, true },
+  { 352305, true },
+  { 352320, false },
+  { 352333, true },
+  { 352354, true },
+  { 352371, true },
+  { 352379, true },
+  { 352391, true },
+  { 352404, true },
+  { 352420, true },
+  { 352432, true },
+  { 352457, true },
+  { 352470, true },
+  { 352489, true },
+  { 352515, true },
+  { 352524, true },
+  { 352541, true },
+  { 352553, true },
+  { 352569, true },
+  { 352584, true },
+  { 352598, true },
+  { 352614, true },
+  { 352631, true },
+  { 352642, true },
+  { 352657, true },
+  { 352677, true },
+  { 352699, true },
+  { 352718, true },
+  { 352731, true },
+  { 352745, true },
+  { 352758, true },
+  { 352783, true },
+  { 352803, true },
+  { 352819, true },
+  { 352834, true },
+  { 352856, true },
+  { 352873, true },
+  { 352907, true },
+  { 352925, true },
+  { 352940, true },
+  { 352954, true },
+  { 352964, true },
+  { 352975, true },
+  { 352990, true },
+  { 353005, true },
+  { 353015, true },
+  { 353027, true },
+  { 353041, true },
+  { 353054, true },
+  { 353063, true },
+  { 353081, true },
+  { 353097, true },
+  { 353112, true },
+  { 353129, true },
+  { 353144, true },
+  { 353156, true },
+  { 353178, true },
+  { 353188, false },
+  { 353211, true },
+  { 353222, true },
+  { 353233, true },
+  { 353250, true },
+  { 353264, true },
+  { 353280, true },
+  { 353291, true },
+  { 353307, true },
+  { 353320, true },
+  { 353331, true },
+  { 353339, true },
+  { 353368, true },
+  { 353378, true },
+  { 353394, true },
+  { 353411, true },
+  { 353431, true },
+  { 353447, true },
+  { 353464, true },
+  { 353482, true },
+  { 353513, true },
+  { 353534, true },
+  { 353555, true },
+  { 353571, true },
+  { 353590, true },
+  { 353611, true },
+  { 353623, true },
+  { 353637, true },
+  { 353649, true },
+  { 353662, true },
+  { 353672, true },
+  { 353680, true },
+  { 353691, true },
+  { 353700, true },
+  { 353717, true },
+  { 353736, true },
+  { 353751, true },
+  { 353760, true },
+  { 353767, true },
+  { 353775, true },
+  { 353787, true },
+  { 353799, true },
+  { 353807, true },
+  { 353818, true },
+  { 353830, false },
+  { 353837, true },
+  { 353851, true },
+  { 353865, true },
+  { 353872, true },
+  { 353886, true },
+  { 353898, false },
+  { 353905, true },
+  { 353913, true },
+  { 353930, true },
+  { 353953, true },
+  { 353971, true },
+  { 353984, false },
+  { 353993, true },
+  { 354002, true },
+  { 354011, true },
+  { 354020, true },
+  { 354031, true },
+  { 354038, true },
+  { 354048, true },
+  { 354061, true },
+  { 354078, true },
+  { 354098, true },
+  { 354107, true },
+  { 354115, true },
+  { 354126, true },
+  { 354136, true },
+  { 354150, true },
+  { 354162, true },
+  { 354176, true },
+  { 354184, true },
+  { 354205, true },
+  { 354213, true },
+  { 354222, true },
+  { 354236, true },
+  { 354255, false },
+  { 354275, true },
+  { 354285, true },
+  { 354300, true },
+  { 354324, true },
+  { 354345, true },
+  { 354356, true },
+  { 354383, true },
+  { 354392, true },
+  { 354409, true },
+  { 354431, true },
+  { 354447, true },
+  { 354468, true },
+  { 354482, true },
+  { 354500, true },
+  { 354517, true },
+  { 354534, true },
+  { 354547, true },
+  { 354562, true },
+  { 354576, true },
+  { 354583, true },
+  { 354594, true },
+  { 354606, true },
+  { 354635, false },
+  { 354647, true },
+  { 354660, true },
+  { 354681, true },
+  { 354695, true },
+  { 354712, true },
+  { 354720, true },
+  { 354731, true },
+  { 354756, true },
+  { 354770, true },
+  { 354782, true },
+  { 354796, true },
+  { 354808, true },
+  { 354823, true },
+  { 354837, true },
+  { 354845, true },
+  { 354857, false },
+  { 354868, true },
+  { 354876, true },
+  { 354883, true },
+  { 354897, true },
+  { 354909, true },
+  { 354917, true },
+  { 354925, true },
+  { 354936, true },
+  { 354948, true },
+  { 354964, true },
+  { 354989, true },
+  { 355002, true },
+  { 355014, true },
+  { 355030, true },
+  { 355042, true },
+  { 355054, true },
+  { 355073, true },
+  { 355091, true },
+  { 355104, true },
+  { 355121, true },
+  { 355130, true },
+  { 355142, true },
+  { 355150, true },
+  { 355162, true },
+  { 355175, true },
+  { 355188, true },
+  { 355204, true },
+  { 355225, true },
+  { 355236, true },
+  { 355247, true },
+  { 355256, true },
+  { 355279, true },
+  { 355301, true },
+  { 355315, true },
+  { 355343, true },
+  { 355352, true },
+  { 355360, true },
+  { 355373, true },
+  { 355391, true },
+  { 355408, true },
+  { 355421, true },
+  { 355439, true },
+  { 355451, true },
+  { 355467, true },
+  { 355478, true },
+  { 355492, true },
+  { 355511, true },
+  { 355520, true },
+  { 355531, true },
+  { 355542, true },
+  { 355564, true },
+  { 355586, true },
+  { 355606, false },
+  { 355626, false },
+  { 355642, true },
+  { 355651, true },
+  { 355674, false },
+  { 355689, true },
+  { 355697, true },
+  { 355712, true },
+  { 355724, true },
+  { 355743, true },
+  { 355759, true },
+  { 355773, false },
+  { 355789, true },
+  { 355809, true },
+  { 355826, true },
+  { 355837, true },
+  { 355853, true },
+  { 355872, true },
+  { 355883, true },
+  { 355901, false },
+  { 355911, true },
+  { 355922, true },
+  { 355930, true },
+  { 355940, true },
+  { 355958, true },
+  { 355965, true },
+  { 355977, true },
+  { 355991, true },
+  { 356004, true },
+  { 356014, true },
+  { 356022, true },
+  { 356030, true },
+  { 356038, true },
+  { 356046, true },
+  { 356059, true },
+  { 356069, true },
+  { 356082, true },
+  { 356090, true },
+  { 356099, true },
+  { 356110, true },
+  { 356121, true },
+  { 356128, true },
+  { 356135, true },
+  { 356147, true },
+  { 356156, true },
+  { 356182, false },
+  { 356205, true },
+  { 356224, true },
+  { 356249, true },
+  { 356260, true },
+  { 356293, true },
+  { 356310, true },
+  { 356322, true },
+  { 356334, true },
+  { 356348, true },
+  { 356359, true },
+  { 356373, true },
+  { 356392, true },
+  { 356402, true },
+  { 356413, true },
+  { 356428, true },
+  { 356441, true },
+  { 356455, true },
+  { 356468, true },
+  { 356477, true },
+  { 356491, true },
+  { 356500, true },
+  { 356511, true },
+  { 356529, true },
+  { 356558, true },
+  { 356580, false },
+  { 356592, true },
+  { 356607, true },
+  { 356619, true },
+  { 356632, true },
+  { 356645, true },
+  { 356655, true },
+  { 356676, false },
+  { 356693, true },
+  { 356711, true },
+  { 356725, true },
+  { 356738, true },
+  { 356754, true },
+  { 356766, true },
+  { 356781, true },
+  { 356793, true },
+  { 356806, true },
+  { 356830, true },
+  { 356849, true },
+  { 356861, true },
+  { 356879, true },
+  { 356888, true },
+  { 356896, true },
+  { 356909, true },
+  { 356917, true },
+  { 356928, true },
+  { 356937, true },
+  { 356954, true },
+  { 356972, true },
+  { 356985, true },
+  { 356996, true },
+  { 357018, false },
+  { 357039, true },
+  { 357050, true },
+  { 357061, true },
+  { 357077, true },
+  { 357106, true },
+  { 357130, true },
+  { 357140, true },
+  { 357159, true },
+  { 357174, true },
+  { 357187, true },
+  { 357201, true },
+  { 357220, true },
+  { 357236, true },
+  { 357256, true },
+  { 357276, true },
+  { 357286, true },
+  { 357297, true },
+  { 357309, true },
+  { 357329, true },
+  { 357354, true },
+  { 357369, true },
+  { 357385, true },
+  { 357411, true },
+  { 357425, true },
+  { 357440, true },
+  { 357456, true },
+  { 357471, true },
+  { 357486, true },
+  { 357503, true },
+  { 357522, true },
+  { 357542, true },
+  { 357555, true },
+  { 357583, true },
+  { 357600, true },
+  { 357617, false },
+  { 357626, true },
+  { 357642, true },
+  { 357664, true },
+  { 357683, true },
+  { 357700, false },
+  { 357715, true },
+  { 357725, true },
+  { 357738, false },
+  { 357748, true },
+  { 357773, true },
+  { 357789, true },
+  { 357806, true },
+  { 357822, true },
+  { 357838, true },
+  { 357866, true },
+  { 357886, true },
+  { 357902, true },
+  { 357923, true },
+  { 357941, true },
+  { 357962, true },
+  { 357972, true },
+  { 357986, true },
+  { 357999, true },
+  { 358011, true },
+  { 358024, true },
+  { 358033, true },
+  { 358057, true },
+  { 358081, true },
+  { 358095, true },
+  { 358109, true },
+  { 358120, true },
+  { 358132, true },
+  { 358148, true },
+  { 358165, true },
+  { 358177, false },
+  { 358194, true },
+  { 358211, true },
+  { 358219, true },
+  { 358232, true },
+  { 358258, true },
+  { 358273, true },
+  { 358290, true },
+  { 358307, true },
+  { 358322, true },
+  { 358343, true },
+  { 358361, true },
+  { 358380, false },
+  { 358389, true },
+  { 358403, true },
+  { 358418, true },
+  { 358432, true },
+  { 358446, true },
+  { 358468, true },
+  { 358481, true },
+  { 358494, true },
+  { 358528, true },
+  { 358550, true },
+  { 358565, true },
+  { 358574, true },
+  { 358589, true },
+  { 358601, true },
+  { 358620, false },
+  { 358643, true },
+  { 358658, true },
+  { 358674, true },
+  { 358690, true },
+  { 358708, true },
+  { 358726, false },
+  { 358746, true },
+  { 358760, true },
+  { 358777, true },
+  { 358789, true },
+  { 358802, true },
+  { 358818, true },
+  { 358829, true },
+  { 358844, true },
+  { 358869, true },
+  { 358885, true },
+  { 358915, true },
+  { 358934, false },
+  { 358943, true },
+  { 358962, true },
+  { 358973, true },
+  { 358987, true },
+  { 359005, true },
+  { 359024, true },
+  { 359042, false },
+  { 359057, true },
+  { 359075, true },
+  { 359087, true },
+  { 359105, true },
+  { 359123, true },
+  { 359143, true },
+  { 359162, true },
+  { 359183, true },
+  { 359195, true },
+  { 359208, true },
+  { 359220, true },
+  { 359232, true },
+  { 359246, true },
+  { 359259, true },
+  { 359272, true },
+  { 359291, true },
+  { 359308, true },
+  { 359325, true },
+  { 359346, true },
+  { 359357, true },
+  { 359369, true },
+  { 359380, true },
+  { 359393, true },
+  { 359412, true },
+  { 359433, true },
+  { 359442, true },
+  { 359460, true },
+  { 359474, true },
+  { 359487, true },
+  { 359495, true },
+  { 359509, true },
+  { 359525, true },
+  { 359539, true },
+  { 359554, true },
+  { 359562, true },
+  { 359586, false },
+  { 359604, true },
+  { 359622, false },
+  { 359642, true },
+  { 359660, true },
+  { 359674, true },
+  { 359693, true },
+  { 359713, true },
+  { 359723, true },
+  { 359739, true },
+  { 359755, true },
+  { 359763, true },
+  { 359781, true },
+  { 359792, true },
+  { 359814, true },
+  { 359834, true },
+  { 359842, true },
+  { 359856, true },
+  { 359878, true },
+  { 359894, true },
+  { 359904, true },
+  { 359918, true },
+  { 359930, true },
+  { 359939, true },
+  { 359954, true },
+  { 359973, true },
+  { 359983, true },
+  { 359992, true },
+  { 360002, true },
+  { 360018, true },
+  { 360038, true },
+  { 360065, true },
+  { 360086, true },
+  { 360098, true },
+  { 360116, true },
+  { 360142, true },
+  { 360159, true },
+  { 360180, true },
+  { 360198, true },
+  { 360208, true },
+  { 360226, true },
+  { 360242, true },
+  { 360255, true },
+  { 360265, true },
+  { 360275, true },
+  { 360289, true },
+  { 360306, true },
+  { 360334, true },
+  { 360352, true },
+  { 360369, true },
+  { 360384, true },
+  { 360398, true },
+  { 360420, true },
+  { 360432, true },
+  { 360444, true },
+  { 360457, true },
+  { 360476, true },
+  { 360486, true },
+  { 360502, true },
+  { 360520, true },
+  { 360542, true },
+  { 360562, true },
+  { 360584, true },
+  { 360606, true },
+  { 360620, true },
+  { 360638, true },
+  { 360652, true },
+  { 360663, true },
+  { 360679, true },
+  { 360697, true },
+  { 360710, true },
+  { 360724, true },
+  { 360735, true },
+  { 360742, true },
+  { 360751, true },
+  { 360763, true },
+  { 360776, true },
+  { 360782, true },
+  { 360788, true },
+  { 360795, true },
+  { 360806, true },
+  { 360814, true },
+  { 360826, true },
+  { 360837, true },
+  { 360849, true },
+  { 360870, true },
+  { 360882, true },
+  { 360891, true },
+  { 360906, true },
+  { 360914, true },
+  { 360929, true },
+  { 360946, true },
+  { 360957, true },
+  { 360969, true },
+  { 360982, true },
+  { 360994, true },
+  { 361011, true },
+  { 361029, true },
+  { 361059, true },
+  { 361077, true },
+  { 361090, true },
+  { 361109, true },
+  { 361121, true },
+  { 361137, true },
+  { 361148, true },
+  { 361172, true },
+  { 361186, true },
+  { 361198, false },
+  { 361211, true },
+  { 361229, true },
+  { 361244, true },
+  { 361257, true },
+  { 361279, true },
+  { 361295, true },
+  { 361309, true },
+  { 361328, true },
+  { 361346, true },
+  { 361362, true },
+  { 361372, true },
+  { 361380, true },
+  { 361394, true },
+  { 361413, true },
+  { 361427, true },
+  { 361440, true },
+  { 361453, true },
+  { 361467, true },
+  { 361484, true },
+  { 361501, true },
+  { 361515, true },
+  { 361530, true },
+  { 361542, true },
+  { 361554, true },
+  { 361572, true },
+  { 361584, true },
+  { 361598, true },
+  { 361614, true },
+  { 361630, true },
+  { 361644, false },
+  { 361657, true },
+  { 361671, true },
+  { 361686, true },
+  { 361704, true },
+  { 361716, true },
+  { 361728, true },
+  { 361747, true },
+  { 361766, true },
+  { 361788, true },
+  { 361808, true },
+  { 361821, true },
+  { 361842, true },
+  { 361859, true },
+  { 361885, true },
+  { 361903, true },
+  { 361919, true },
+  { 361932, true },
+  { 361945, true },
+  { 361957, true },
+  { 361970, true },
+  { 361986, true },
+  { 361999, true },
+  { 362019, true },
+  { 362038, true },
+  { 362051, true },
+  { 362066, true },
+  { 362081, true },
+  { 362096, true },
+  { 362113, true },
+  { 362126, true },
+  { 362154, true },
+  { 362165, true },
+  { 362178, true },
+  { 362189, true },
+  { 362204, true },
+  { 362217, true },
+  { 362242, true },
+  { 362254, true },
+  { 362268, true },
+  { 362287, true },
+  { 362301, true },
+  { 362316, true },
+  { 362330, true },
+  { 362344, true },
+  { 362358, true },
+  { 362375, true },
+  { 362389, true },
+  { 362405, true },
+  { 362428, true },
+  { 362452, true },
+  { 362467, true },
+  { 362482, true },
+  { 362503, true },
+  { 362524, true },
+  { 362556, true },
+  { 362569, true },
+  { 362580, true },
+  { 362592, true },
+  { 362604, true },
+  { 362626, true },
+  { 362645, true },
+  { 362671, true },
+  { 362684, true },
+  { 362702, true },
+  { 362715, true },
+  { 362732, true },
+  { 362743, true },
+  { 362769, true },
+  { 362779, true },
+  { 362791, true },
+  { 362811, true },
+  { 362823, true },
+  { 362835, true },
+  { 362853, true },
+  { 362870, true },
+  { 362885, true },
+  { 362904, true },
+  { 362916, true },
+  { 362931, true },
+  { 362944, true },
+  { 362966, true },
+  { 362982, true },
+  { 362998, true },
+  { 363019, true },
+  { 363037, true },
+  { 363053, true },
+  { 363069, true },
+  { 363082, true },
+  { 363097, true },
+  { 363117, true },
+  { 363133, true },
+  { 363152, true },
+  { 363174, true },
+  { 363191, true },
+  { 363206, true },
+  { 363227, true },
+  { 363247, true },
+  { 363260, true },
+  { 363270, true },
+  { 363282, true },
+  { 363295, true },
+  { 363316, true },
+  { 363331, true },
+  { 363343, true },
+  { 363358, true },
+  { 363370, true },
+  { 363382, true },
+  { 363395, true },
+  { 363409, true },
+  { 363427, true },
+  { 363442, true },
+  { 363452, true },
+  { 363466, true },
+  { 363479, true },
+  { 363491, true },
+  { 363506, true },
+  { 363523, true },
+  { 363535, true },
+  { 363552, true },
+  { 363567, true },
+  { 363585, false },
+  { 363605, true },
+  { 363616, true },
+  { 363638, true },
+  { 363650, true },
+  { 363672, true },
+  { 363683, true },
+  { 363710, true },
+  { 363723, true },
+  { 363736, true },
+  { 363750, true },
+  { 363759, true },
+  { 363771, true },
+  { 363785, true },
+  { 363797, true },
+  { 363812, true },
+  { 363831, true },
+  { 363846, true },
+  { 363864, true },
+  { 363879, true },
+  { 363891, true },
+  { 363910, true },
+  { 363925, true },
+  { 363942, true },
+  { 363959, true },
+  { 363972, true },
+  { 363991, true },
+  { 364002, true },
+  { 364020, true },
+  { 364043, true },
+  { 364061, true },
+  { 364080, true },
+  { 364088, true },
+  { 364095, true },
+  { 364112, true },
+  { 364126, true },
+  { 364132, true },
+  { 364150, true },
+  { 364159, true },
+  { 364167, true },
+  { 364175, true },
+  { 364192, true },
+  { 364210, true },
+  { 364225, true },
+  { 364234, false },
+  { 364254, true },
+  { 364271, true },
+  { 364288, true },
+  { 364302, true },
+  { 364319, true },
+  { 364333, true },
+  { 364354, true },
+  { 364366, true },
+  { 364385, true },
+  { 364404, true },
+  { 364419, true },
+  { 364440, true },
+  { 364457, true },
+  { 364475, true },
+  { 364489, true },
+  { 364500, false },
+  { 364517, true },
+  { 364535, true },
+  { 364553, true },
+  { 364574, true },
+  { 364593, true },
+  { 364611, true },
+  { 364629, true },
+  { 364647, true },
+  { 364665, true },
+  { 364683, true },
+  { 364701, true },
+  { 364719, true },
+  { 364737, true },
+  { 364756, true },
+  { 364773, true },
+  { 364792, false },
+  { 364803, true },
+  { 364822, true },
+  { 364839, true },
+  { 364862, true },
+  { 364878, true },
+  { 364897, true },
+  { 364923, true },
+  { 364934, true },
+  { 364949, true },
+  { 364969, true },
+  { 364989, true },
+  { 365008, true },
+  { 365028, true },
+  { 365049, true },
+  { 365066, true },
+  { 365085, true },
+  { 365103, true },
+  { 365121, true },
+  { 365129, true },
+  { 365138, true },
+  { 365151, true },
+  { 365168, true },
+  { 365181, true },
+  { 365188, true },
+  { 365195, true },
+  { 365209, true },
+  { 365220, true },
+  { 365232, true },
+  { 365242, true },
+  { 365253, false },
+  { 365273, true },
+  { 365283, true },
+  { 365291, true },
+  { 365302, true },
+  { 365313, true },
+  { 365324, true },
+  { 365335, true },
+  { 365354, true },
+  { 365367, true },
+  { 365379, true },
+  { 365396, true },
+  { 365414, true },
+  { 365429, true },
+  { 365452, true },
+  { 365466, true },
+  { 365483, true },
+  { 365500, true },
+  { 365515, true },
+  { 365526, true },
+  { 365541, true },
+  { 365556, true },
+  { 365568, true },
+  { 365580, true },
+  { 365593, true },
+  { 365604, true },
+  { 365622, true },
+  { 365635, true },
+  { 365661, true },
+  { 365690, true },
+  { 365702, true },
+  { 365715, false },
+  { 365735, true },
+  { 365750, true },
+  { 365771, true },
+  { 365789, false },
+  { 365805, true },
+  { 365821, true },
+  { 365847, true },
+  { 365863, true },
+  { 365878, true },
+  { 365896, true },
+  { 365912, true },
+  { 365929, true },
+  { 365941, true },
+  { 365955, true },
+  { 365973, true },
+  { 365994, true },
+  { 366009, true },
+  { 366029, true },
+  { 366043, true },
+  { 366061, true },
+  { 366077, true },
+  { 366096, true },
+  { 366116, true },
+  { 366137, true },
+  { 366154, true },
+  { 366171, true },
+  { 366191, true },
+  { 366210, false },
+  { 366227, true },
+  { 366242, true },
+  { 366259, true },
+  { 366279, true },
+  { 366297, false },
+  { 366315, true },
+  { 366334, true },
+  { 366353, true },
+  { 366369, true },
+  { 366389, true },
+  { 366410, true },
+  { 366437, true },
+  { 366453, true },
+  { 366467, true },
+  { 366479, true },
+  { 366490, true },
+  { 366501, true },
+  { 366518, true },
+  { 366529, true },
+  { 366540, true },
+  { 366554, true },
+  { 366565, true },
+  { 366585, true },
+  { 366596, true },
+  { 366605, true },
+  { 366617, true },
+  { 366632, true },
+  { 366651, true },
+  { 366664, true },
+  { 366684, true },
+  { 366700, true },
+  { 366709, true },
+  { 366725, true },
+  { 366735, true },
+  { 366748, true },
+  { 366761, false },
+  { 366782, true },
+  { 366799, true },
+  { 366819, true },
+  { 366833, true },
+  { 366842, true },
+  { 366855, true },
+  { 366872, true },
+  { 366890, true },
+  { 366909, true },
+  { 366927, true },
+  { 366944, true },
+  { 366957, true },
+  { 366971, true },
+  { 366994, true },
+  { 367018, true },
+  { 367031, true },
+  { 367043, true },
+  { 367060, true },
+  { 367075, true },
+  { 367085, true },
+  { 367102, true },
+  { 367118, true },
+  { 367126, true },
+  { 367145, true },
+  { 367162, true },
+  { 367178, true },
+  { 367190, true },
+  { 367201, true },
+  { 367217, true },
+  { 367230, true },
+  { 367244, true },
+  { 367264, true },
+  { 367278, true },
+  { 367291, true },
+  { 367302, true },
+  { 367316, true },
+  { 367329, true },
+  { 367341, true },
+  { 367363, true },
+  { 367379, true },
+  { 367394, true },
+  { 367410, true },
+  { 367424, true },
+  { 367436, true },
+  { 367449, true },
+  { 367458, true },
+  { 367471, true },
+  { 367488, true },
+  { 367500, true },
+  { 367512, true },
+  { 367524, true },
+  { 367543, true },
+  { 367552, true },
+  { 367564, true },
+  { 367579, true },
+  { 367591, true },
+  { 367608, true },
+  { 367620, true },
+  { 367630, true },
+  { 367646, true },
+  { 367662, true },
+  { 367683, true },
+  { 367699, true },
+  { 367717, true },
+  { 367733, true },
+  { 367749, true },
+  { 367764, true },
+  { 367776, true },
+  { 367791, true },
+  { 367804, true },
+  { 367823, true },
+  { 367833, true },
+  { 367848, true },
+  { 367864, true },
+  { 367876, true },
+  { 367888, true },
+  { 367902, true },
+  { 367917, true },
+  { 367928, true },
+  { 367935, true },
+  { 367952, true },
+  { 367967, true },
+  { 367983, true },
+  { 367994, true },
+  { 368011, true },
+  { 368022, true },
+  { 368033, true },
+  { 368044, true },
+  { 368055, true },
+  { 368066, true },
+  { 368074, true },
+  { 368089, true },
+  { 368102, true },
+  { 368113, true },
+  { 368126, true },
+  { 368144, true },
+  { 368161, true },
+  { 368171, true },
+  { 368184, true },
+  { 368197, true },
+  { 368209, true },
+  { 368226, true },
+  { 368241, true },
+  { 368255, true },
+  { 368264, true },
+  { 368279, true },
+  { 368293, true },
+  { 368301, true },
+  { 368314, true },
+  { 368327, true },
+  { 368341, true },
+  { 368353, true },
+  { 368366, true },
+  { 368374, true },
+  { 368391, true },
+  { 368410, true },
+  { 368428, true },
+  { 368445, true },
+  { 368455, true },
+  { 368471, true },
+  { 368488, true },
+  { 368508, true },
+  { 368520, true },
+  { 368534, true },
+  { 368551, true },
+  { 368568, true },
+  { 368583, true },
+  { 368597, true },
+  { 368620, true },
+  { 368635, true },
+  { 368649, true },
+  { 368667, true },
+  { 368683, true },
+  { 368699, true },
+  { 368713, true },
+  { 368729, true },
+  { 368752, true },
+  { 368766, true },
+  { 368776, true },
+  { 368793, true },
+  { 368806, true },
+  { 368817, true },
+  { 368831, true },
+  { 368845, false },
+  { 368863, true },
+  { 368881, true },
+  { 368896, true },
+  { 368913, true },
+  { 368928, true },
+  { 368945, true },
+  { 368971, true },
+  { 368983, true },
+  { 368998, true },
+  { 369013, true },
+  { 369031, true },
+  { 369047, true },
+  { 369060, false },
+  { 369073, true },
+  { 369082, true },
+  { 369093, true },
+  { 369108, true },
+  { 369118, true },
+  { 369133, true },
+  { 369147, true },
+  { 369163, true },
+  { 369174, true },
+  { 369186, true },
+  { 369208, true },
+  { 369221, true },
+  { 369232, true },
+  { 369247, true },
+  { 369264, true },
+  { 369279, true },
+  { 369290, true },
+  { 369318, true },
+  { 369335, true },
+  { 369360, true },
+  { 369391, true },
+  { 369402, true },
+  { 369412, true },
+  { 369423, true },
+  { 369440, true },
+  { 369458, true },
+  { 369470, true },
+  { 369488, true },
+  { 369499, true },
+  { 369512, true },
+  { 369524, true },
+  { 369544, true },
+  { 369555, true },
+  { 369569, true },
+  { 369589, true },
+  { 369607, true },
+  { 369623, true },
+  { 369635, true },
+  { 369649, true },
+  { 369661, true },
+  { 369669, true },
+  { 369677, true },
+  { 369690, true },
+  { 369700, true },
+  { 369716, true },
+  { 369725, true },
+  { 369743, true },
+  { 369757, true },
+  { 369768, true },
+  { 369786, true },
+  { 369797, true },
+  { 369811, false },
+  { 369831, true },
+  { 369838, true },
+  { 369858, true },
+  { 369873, true },
+  { 369888, true },
+  { 369903, true },
+  { 369919, true },
+  { 369927, true },
+  { 369944, false },
+  { 369958, true },
+  { 369967, true },
+  { 369976, true },
+  { 369996, true },
+  { 370008, true },
+  { 370028, true },
+  { 370048, true },
+  { 370061, true },
+  { 370075, true },
+  { 370090, true },
+  { 370108, true },
+  { 370128, true },
+  { 370143, true },
+  { 370159, true },
+  { 370178, true },
+  { 370197, true },
+  { 370212, true },
+  { 370233, true },
+  { 370258, true },
+  { 370271, true },
+  { 370290, true },
+  { 370306, true },
+  { 370317, true },
+  { 370327, true },
+  { 370343, true },
+  { 370357, false },
+  { 370372, true },
+  { 370385, false },
+  { 370413, true },
+  { 370432, true },
+  { 370444, true },
+  { 370457, true },
+  { 370470, true },
+  { 370480, false },
+  { 370488, true },
+  { 370498, true },
+  { 370513, true },
+  { 370531, true },
+  { 370550, true },
+  { 370562, true },
+  { 370575, true },
+  { 370588, true },
+  { 370603, true },
+  { 370621, true },
+  { 370635, true },
+  { 370648, true },
+  { 370665, true },
+  { 370680, true },
+  { 370694, true },
+  { 370714, false },
+  { 370731, true },
+  { 370752, true },
+  { 370770, true },
+  { 370784, true },
+  { 370798, true },
+  { 370819, true },
+  { 370840, true },
+  { 370860, true },
+  { 370880, true },
+  { 370895, true },
+  { 370920, true },
+  { 370929, true },
+  { 370940, true },
+  { 370951, true },
+  { 370964, true },
+  { 370974, true },
+  { 370991, true },
+  { 371007, true },
+  { 371015, false },
+  { 371030, true },
+  { 371045, true },
+  { 371071, true },
+  { 371088, true },
+  { 371101, true },
+  { 371115, true },
+  { 371130, true },
+  { 371141, true },
+  { 371158, true },
+  { 371190, true },
+  { 371207, true },
+  { 371219, true },
+  { 371244, true },
+  { 371280, true },
+  { 371292, true },
+  { 371311, true },
+  { 371324, true },
+  { 371334, true },
+  { 371348, true },
+  { 371363, true },
+  { 371376, true },
+  { 371393, true },
+  { 371415, true },
+  { 371437, true },
+  { 371455, false },
+  { 371468, true },
+  { 371480, true },
+  { 371493, true },
+  { 371511, true },
+  { 371519, true },
+  { 371527, true },
+  { 371542, true },
+  { 371549, true },
+  { 371566, true },
+  { 371582, true },
+  { 371598, true },
+  { 371617, true },
+  { 371637, true },
+  { 371654, true },
+  { 371669, true },
+  { 371686, true },
+  { 371696, true },
+  { 371710, true },
+  { 371721, true },
+  { 371735, true },
+  { 371749, true },
+  { 371763, true },
+  { 371773, true },
+  { 371782, true },
+  { 371794, true },
+  { 371807, true },
+  { 371821, true },
+  { 371837, false },
+  { 371855, true },
+  { 371873, true },
+  { 371894, true },
+  { 371908, true },
+  { 371920, true },
+  { 371932, true },
+  { 371943, true },
+  { 371956, true },
+  { 371970, true },
+  { 371984, true },
+  { 372004, true },
+  { 372016, true },
+  { 372031, true },
+  { 372045, true },
+  { 372057, true },
+  { 372070, true },
+  { 372087, true },
+  { 372107, true },
+  { 372126, true },
+  { 372139, true },
+  { 372159, true },
+  { 372170, true },
+  { 372177, true },
+  { 372191, true },
+  { 372212, true },
+  { 372221, true },
+  { 372245, true },
+  { 372255, true },
+  { 372268, true },
+  { 372293, true },
+  { 372305, true },
+  { 372314, true },
+  { 372326, true },
+  { 372348, true },
+  { 372359, true },
+  { 372370, true },
+  { 372384, true },
+  { 372403, true },
+  { 372420, true },
+  { 372438, true },
+  { 372453, true },
+  { 372468, true },
+  { 372483, true },
+  { 372503, true },
+  { 372520, true },
+  { 372533, true },
+  { 372547, true },
+  { 372558, true },
+  { 372572, true },
+  { 372582, true },
+  { 372594, true },
+  { 372615, true },
+  { 372626, true },
+  { 372649, true },
+  { 372663, true },
+  { 372677, true },
+  { 372695, true },
+  { 372705, true },
+  { 372717, true },
+  { 372732, true },
+  { 372753, false },
+  { 372769, true },
+  { 372782, true },
+  { 372804, true },
+  { 372814, true },
+  { 372826, true },
+  { 372838, true },
+  { 372852, false },
+  { 372862, true },
+  { 372881, true },
+  { 372895, true },
+  { 372904, true },
+  { 372916, true },
+  { 372927, true },
+  { 372939, true },
+  { 372950, true },
+  { 372959, true },
+  { 372972, true },
+  { 372991, true },
+  { 373000, true },
+  { 373014, true },
+  { 373020, true },
+  { 373032, true },
+  { 373045, true },
+  { 373058, true },
+  { 373068, true },
+  { 373083, true },
+  { 373109, true },
+  { 373132, true },
+  { 373149, true },
+  { 373159, true },
+  { 373173, true },
+  { 373186, true },
+  { 373202, true },
+  { 373218, true },
+  { 373239, true },
+  { 373260, true },
+  { 373279, true },
+  { 373289, true },
+  { 373301, true },
+  { 373313, true },
+  { 373327, true },
+  { 373337, true },
+  { 373360, true },
+  { 373368, true },
+  { 373389, true },
+  { 373401, true },
+  { 373416, true },
+  { 373430, true },
+  { 373439, true },
+  { 373451, true },
+  { 373474, true },
+  { 373487, true },
+  { 373497, true },
+  { 373511, true },
+  { 373535, true },
+  { 373549, true },
+  { 373557, true },
+  { 373578, true },
+  { 373590, true },
+  { 373601, true },
+  { 373618, true },
+  { 373638, true },
+  { 373660, true },
+  { 373679, true },
+  { 373690, false },
+  { 373718, false },
+  { 373730, true },
+  { 373742, true },
+  { 373753, true },
+  { 373774, true },
+  { 373790, true },
+  { 373806, true },
+  { 373817, true },
+  { 373827, true },
+  { 373840, true },
+  { 373853, true },
+  { 373865, true },
+  { 373884, false },
+  { 373900, true },
+  { 373915, true },
+  { 373930, true },
+  { 373945, true },
+  { 373961, true },
+  { 373978, true },
+  { 373995, true },
+  { 374010, true },
+  { 374033, true },
+  { 374043, true },
+  { 374051, true },
+  { 374070, true },
+  { 374084, true },
+  { 374105, true },
+  { 374125, true },
+  { 374143, true },
+  { 374161, true },
+  { 374179, true },
+  { 374197, true },
+  { 374215, true },
+  { 374233, true },
+  { 374251, true },
+  { 374272, true },
+  { 374293, true },
+  { 374314, true },
+  { 374335, true },
+  { 374354, true },
+  { 374376, true },
+  { 374398, true },
+  { 374420, true },
+  { 374438, true },
+  { 374456, true },
+  { 374474, true },
+  { 374492, true },
+  { 374510, true },
+  { 374528, true },
+  { 374546, true },
+  { 374564, true },
+  { 374582, true },
+  { 374600, true },
+  { 374618, true },
+  { 374636, true },
+  { 374654, true },
+  { 374672, true },
+  { 374690, true },
+  { 374708, true },
+  { 374726, true },
+  { 374744, true },
+  { 374762, true },
+  { 374780, true },
+  { 374798, true },
+  { 374816, true },
+  { 374834, true },
+  { 374852, true },
+  { 374870, true },
+  { 374888, true },
+  { 374906, true },
+  { 374924, true },
+  { 374942, true },
+  { 374960, true },
+  { 374978, true },
+  { 374996, true },
+  { 375014, true },
+  { 375032, true },
+  { 375050, true },
+  { 375068, true },
+  { 375086, true },
+  { 375104, true },
+  { 375122, true },
+  { 375140, true },
+  { 375158, true },
+  { 375176, true },
+  { 375194, true },
+  { 375212, true },
+  { 375230, true },
+  { 375246, true },
+  { 375261, true },
+  { 375278, true },
+  { 375292, true },
+  { 375314, true },
+  { 375326, true },
+  { 375341, true },
+  { 375361, true },
+  { 375374, true },
+  { 375383, true },
+  { 375395, false },
+  { 375409, true },
+  { 375425, true },
+  { 375436, true },
+  { 375447, true },
+  { 375472, true },
+  { 375483, true },
+  { 375493, true },
+  { 375514, true },
+  { 375532, true },
+  { 375549, true },
+  { 375558, true },
+  { 375577, true },
+  { 375591, true },
+  { 375613, true },
+  { 375627, true },
+  { 375645, true },
+  { 375662, true },
+  { 375681, true },
+  { 375699, true },
+  { 375720, true },
+  { 375739, true },
+  { 375753, true },
+  { 375769, true },
+  { 375781, true },
+  { 375796, true },
+  { 375811, true },
+  { 375826, true },
+  { 375842, true },
+  { 375860, true },
+  { 375871, true },
+  { 375881, true },
+  { 375891, true },
+  { 375902, true },
+  { 375914, true },
+  { 375925, false },
+  { 375936, true },
+  { 375955, true },
+  { 375974, true },
+  { 375998, true },
+  { 376014, true },
+  { 376032, true },
+  { 376050, true },
+  { 376063, true },
+  { 376077, true },
+  { 376093, true },
+  { 376104, true },
+  { 376122, true },
+  { 376139, true },
+  { 376160, true },
+  { 376172, true },
+  { 376197, true },
+  { 376212, true },
+  { 376230, true },
+  { 376245, true },
+  { 376265, true },
+  { 376280, true },
+  { 376297, true },
+  { 376308, true },
+  { 376318, true },
+  { 376332, true },
+  { 376344, true },
+  { 376359, true },
+  { 376368, true },
+  { 376390, true },
+  { 376400, true },
+  { 376417, true },
+  { 376435, true },
+  { 376448, true },
+  { 376459, false },
+  { 376472, true },
+  { 376490, true },
+  { 376508, true },
+  { 376520, true },
+  { 376530, true },
+  { 376545, true },
+  { 376568, true },
+  { 376591, true },
+  { 376609, true },
+  { 376624, false },
+  { 376637, true },
+  { 376648, true },
+  { 376660, true },
+  { 376679, true },
+  { 376692, true },
+  { 376704, true },
+  { 376721, true },
+  { 376741, true },
+  { 376764, true },
+  { 376783, true },
+  { 376794, true },
+  { 376808, true },
+  { 376822, true },
+  { 376841, true },
+  { 376863, true },
+  { 376872, true },
+  { 376884, true },
+  { 376911, true },
+  { 376930, true },
+  { 376944, true },
+  { 376957, true },
+  { 376972, true },
+  { 376986, true },
+  { 376996, true },
+  { 377010, true },
+  { 377023, true },
+  { 377033, true },
+  { 377053, true },
+  { 377076, false },
+  { 377089, true },
+  { 377107, true },
+  { 377133, true },
+  { 377141, true },
+  { 377152, true },
+  { 377159, true },
+  { 377167, true },
+  { 377184, true },
+  { 377199, true },
+  { 377212, true },
+  { 377227, true },
+  { 377244, true },
+  { 377261, true },
+  { 377272, false },
+  { 377281, true },
+  { 377294, true },
+  { 377313, true },
+  { 377330, true },
+  { 377345, true },
+  { 377365, true },
+  { 377372, true },
+  { 377383, true },
+  { 377399, true },
+  { 377410, true },
+  { 377418, true },
+  { 377428, true },
+  { 377443, true },
+  { 377454, true },
+  { 377464, true },
+  { 377474, true },
+  { 377485, true },
+  { 377510, true },
+  { 377522, true },
+  { 377539, true },
+  { 377548, true },
+  { 377558, true },
+  { 377568, true },
+  { 377580, true },
+  { 377589, true },
+  { 377609, true },
+  { 377626, true },
+  { 377645, true },
+  { 377658, true },
+  { 377668, false },
+  { 377677, true },
+  { 377693, true },
+  { 377706, true },
+  { 377725, true },
+  { 377734, true },
+  { 377752, true },
+  { 377768, true },
+  { 377781, true },
+  { 377801, true },
+  { 377814, true },
+  { 377827, true },
+  { 377838, true },
+  { 377851, true },
+  { 377868, true },
+  { 377877, true },
+  { 377889, true },
+  { 377902, true },
+  { 377916, true },
+  { 377929, true },
+  { 377939, true },
+  { 377953, true },
+  { 377976, true },
+  { 378000, true },
+  { 378008, true },
+  { 378024, true },
+  { 378039, true },
+  { 378050, true },
+  { 378069, true },
+  { 378084, true },
+  { 378099, true },
+  { 378108, true },
+  { 378118, true },
+  { 378132, true },
+  { 378148, true },
+  { 378160, true },
+  { 378183, false },
+  { 378197, true },
+  { 378206, true },
+  { 378214, true },
+  { 378223, true },
+  { 378237, true },
+  { 378247, false },
+  { 378263, true },
+  { 378276, true },
+  { 378292, true },
+  { 378306, true },
+  { 378320, true },
+  { 378337, false },
+  { 378355, true },
+  { 378368, true },
+  { 378392, true },
+  { 378409, true },
+  { 378428, true },
+  { 378442, true },
+  { 378455, true },
+  { 378468, true },
+  { 378489, true },
+  { 378500, true },
+  { 378510, true },
+  { 378523, true },
+  { 378537, true },
+  { 378547, true },
+  { 378570, true },
+  { 378582, true },
+  { 378594, true },
+  { 378610, true },
+  { 378617, true },
+  { 378633, true },
+  { 378643, false },
+  { 378653, true },
+  { 378666, true },
+  { 378681, true },
+  { 378691, true },
+  { 378700, true },
+  { 378716, true },
+  { 378728, true },
+  { 378742, true },
+  { 378756, true },
+  { 378768, true },
+  { 378779, true },
+  { 378792, true },
+  { 378804, true },
+  { 378815, true },
+  { 378829, true },
+  { 378847, true },
+  { 378863, true },
+  { 378872, true },
+  { 378892, true },
+  { 378904, true },
+  { 378920, true },
+  { 378933, true },
+  { 378943, true },
+  { 378953, true },
+  { 378967, true },
+  { 378979, true },
+  { 378992, true },
+  { 379009, true },
+  { 379024, true },
+  { 379036, true },
+  { 379044, true },
+  { 379056, true },
+  { 379073, true },
+  { 379087, true },
+  { 379102, true },
+  { 379113, true },
+  { 379133, true },
+  { 379147, true },
+  { 379156, true },
+  { 379171, true },
+  { 379187, true },
+  { 379199, true },
+  { 379212, true },
+  { 379225, true },
+  { 379239, true },
+  { 379254, false },
+  { 379266, true },
+  { 379279, true },
+  { 379292, true },
+  { 379303, true },
+  { 379317, true },
+  { 379340, true },
+  { 379350, true },
+  { 379359, true },
+  { 379371, true },
+  { 379385, true },
+  { 379401, true },
+  { 379413, true },
+  { 379430, true },
+  { 379438, true },
+  { 379450, false },
+  { 379468, true },
+  { 379476, true },
+  { 379487, true },
+  { 379495, true },
+  { 379503, true },
+  { 379509, true },
+  { 379519, true },
+  { 379532, true },
+  { 379547, true },
+  { 379566, true },
+  { 379590, true },
+  { 379603, true },
+  { 379618, true },
+  { 379642, true },
+  { 379666, true },
+  { 379688, true },
+  { 379717, true },
+  { 379746, true },
+  { 379756, true },
+  { 379768, true },
+  { 379790, true },
+  { 379809, true },
+  { 379826, true },
+  { 379836, true },
+  { 379852, true },
+  { 379867, true },
+  { 379889, true },
+  { 379901, true },
+  { 379916, true },
+  { 379937, true },
+  { 379949, true },
+  { 379962, true },
+  { 379975, true },
+  { 379991, true },
+  { 380005, true },
+  { 380017, true },
+  { 380033, true },
+  { 380046, true },
+  { 380065, true },
+  { 380085, true },
+  { 380103, true },
+  { 380121, true },
+  { 380134, true },
+  { 380152, true },
+  { 380175, true },
+  { 380199, true },
+  { 380225, true },
+  { 380240, true },
+  { 380257, true },
+  { 380273, true },
+  { 380290, true },
+  { 380307, true },
+  { 380321, true },
+  { 380338, true },
+  { 380353, true },
+  { 380377, true },
+  { 380390, true },
+  { 380404, true },
+  { 380415, true },
+  { 380426, true },
+  { 380437, true },
+  { 380447, true },
+  { 380460, true },
+  { 380478, true },
+  { 380487, true },
+  { 380496, true },
+  { 380509, true },
+  { 380525, true },
+  { 380546, true },
+  { 380567, true },
+  { 380576, true },
+  { 380588, true },
+  { 380598, true },
+  { 380609, true },
+  { 380621, false },
+  { 380642, false },
+  { 380651, true },
+  { 380658, true },
+  { 380666, true },
+  { 380689, true },
+  { 380702, true },
+  { 380716, true },
+  { 380729, true },
+  { 380744, true },
+  { 380758, true },
+  { 380773, true },
+  { 380782, true },
+  { 380790, true },
+  { 380803, true },
+  { 380811, true },
+  { 380830, true },
+  { 380842, true },
+  { 380860, true },
+  { 380875, true },
+  { 380892, true },
+  { 380902, true },
+  { 380913, true },
+  { 380926, true },
+  { 380935, true },
+  { 380948, true },
+  { 380958, true },
+  { 380967, true },
+  { 380988, true },
+  { 381002, true },
+  { 381018, true },
+  { 381030, true },
+  { 381043, true },
+  { 381056, true },
+  { 381065, true },
+  { 381079, true },
+  { 381092, true },
+  { 381103, true },
+  { 381113, true },
+  { 381136, true },
+  { 381149, true },
+  { 381162, true },
+  { 381174, true },
+  { 381189, true },
+  { 381203, false },
+  { 381216, true },
+  { 381230, true },
+  { 381239, true },
+  { 381251, true },
+  { 381262, true },
+  { 381279, true },
+  { 381291, true },
+  { 381301, true },
+  { 381311, true },
+  { 381324, true },
+  { 381339, true },
+  { 381359, true },
+  { 381371, false },
+  { 381383, true },
+  { 381400, true },
+  { 381414, true },
+  { 381427, true },
+  { 381441, true },
+  { 381451, true },
+  { 381461, true },
+  { 381472, true },
+  { 381481, true },
+  { 381488, true },
+  { 381498, true },
+  { 381507, true },
+  { 381519, true },
+  { 381530, true },
+  { 381546, true },
+  { 381561, true },
+  { 381570, true },
+  { 381584, true },
+  { 381598, true },
+  { 381612, true },
+  { 381632, true },
+  { 381642, true },
+  { 381654, true },
+  { 381666, true },
+  { 381679, true },
+  { 381693, true },
+  { 381706, true },
+  { 381715, true },
+  { 381726, true },
+  { 381744, true },
+  { 381751, true },
+  { 381768, true },
+  { 381784, true },
+  { 381800, true },
+  { 381817, true },
+  { 381830, true },
+  { 381839, true },
+  { 381859, false },
+  { 381871, true },
+  { 381884, true },
+  { 381892, true },
+  { 381908, true },
+  { 381926, true },
+  { 381948, true },
+  { 381964, true },
+  { 381972, false },
+  { 381990, true },
+  { 382017, true },
+  { 382029, true },
+  { 382044, true },
+  { 382059, true },
+  { 382075, true },
+  { 382089, true },
+  { 382104, false },
+  { 382123, true },
+  { 382145, true },
+  { 382166, true },
+  { 382185, true },
+  { 382202, true },
+  { 382217, true },
+  { 382228, true },
+  { 382243, true },
+  { 382257, true },
+  { 382269, true },
+  { 382281, true },
+  { 382289, true },
+  { 382299, true },
+  { 382314, true },
+  { 382331, true },
+  { 382346, true },
+  { 382366, true },
+  { 382377, true },
+  { 382399, true },
+  { 382419, true },
+  { 382432, true },
+  { 382452, true },
+  { 382465, true },
+  { 382479, true },
+  { 382499, true },
+  { 382520, true },
+  { 382534, true },
+  { 382547, true },
+  { 382568, true },
+  { 382583, true },
+  { 382602, true },
+  { 382628, true },
+  { 382655, true },
+  { 382671, true },
+  { 382682, true },
+  { 382700, true },
+  { 382715, true },
+  { 382723, true },
+  { 382736, true },
+  { 382744, true },
+  { 382755, true },
+  { 382769, true },
+  { 382783, true },
+  { 382799, true },
+  { 382816, true },
+  { 382826, true },
+  { 382838, true },
+  { 382856, true },
+  { 382877, true },
+  { 382890, true },
+  { 382908, true },
+  { 382926, true },
+  { 382946, true },
+  { 382959, true },
+  { 382975, true },
+  { 383001, true },
+  { 383020, true },
+  { 383049, true },
+  { 383060, true },
+  { 383075, true },
+  { 383085, true },
+  { 383097, true },
+  { 383115, true },
+  { 383131, true },
+  { 383154, true },
+  { 383177, true },
+  { 383201, true },
+  { 383226, true },
+  { 383238, true },
+  { 383250, true },
+  { 383264, true },
+  { 383277, true },
+  { 383288, true },
+  { 383303, true },
+  { 383313, true },
+  { 383330, true },
+  { 383339, true },
+  { 383351, true },
+  { 383364, true },
+  { 383382, true },
+  { 383407, true },
+  { 383419, true },
+  { 383431, true },
+  { 383447, true },
+  { 383459, true },
+  { 383470, true },
+  { 383486, true },
+  { 383503, true },
+  { 383515, true },
+  { 383530, true },
+  { 383548, true },
+  { 383562, true },
+  { 383583, true },
+  { 383607, true },
+  { 383618, true },
+  { 383634, true },
+  { 383650, false },
+  { 383664, true },
+  { 383679, true },
+  { 383691, true },
+  { 383718, true },
+  { 383734, true },
+  { 383752, true },
+  { 383768, true },
+  { 383786, true },
+  { 383800, true },
+  { 383820, true },
+  { 383834, true },
+  { 383848, true },
+  { 383858, true },
+  { 383869, false },
+  { 383879, true },
+  { 383890, true },
+  { 383898, false },
+  { 383910, true },
+  { 383920, true },
+  { 383940, true },
+  { 383957, true },
+  { 383975, true },
+  { 383993, true },
+  { 384000, true },
+  { 384012, true },
+  { 384023, true },
+  { 384048, true },
+  { 384065, true },
+  { 384077, true },
+  { 384094, true },
+  { 384110, true },
+  { 384130, true },
+  { 384153, true },
+  { 384164, true },
+  { 384173, true },
+  { 384190, false },
+  { 384197, true },
+  { 384208, true },
+  { 384225, true },
+  { 384246, true },
+  { 384262, true },
+  { 384274, true },
+  { 384286, true },
+  { 384295, true },
+  { 384310, true },
+  { 384322, true },
+  { 384336, true },
+  { 384346, true },
+  { 384361, true },
+  { 384379, true },
+  { 384396, true },
+  { 384405, true },
+  { 384417, true },
+  { 384435, true },
+  { 384449, true },
+  { 384465, false },
+  { 384478, true },
+  { 384494, true },
+  { 384506, true },
+  { 384520, true },
+  { 384536, true },
+  { 384548, true },
+  { 384560, true },
+  { 384574, false },
+  { 384590, true },
+  { 384607, true },
+  { 384615, true },
+  { 384630, true },
+  { 384643, true },
+  { 384659, true },
+  { 384672, true },
+  { 384685, true },
+  { 384695, true },
+  { 384717, true },
+  { 384737, true },
+  { 384763, true },
+  { 384784, true },
+  { 384809, true },
+  { 384834, true },
+  { 384850, true },
+  { 384878, true },
+  { 384903, true },
+  { 384929, true },
+  { 384958, true },
+  { 384977, true },
+  { 385001, true },
+  { 385020, true },
+  { 385040, true },
+  { 385062, true },
+  { 385071, true },
+  { 385083, true },
+  { 385098, true },
+  { 385110, true },
+  { 385119, true },
+  { 385135, true },
+  { 385145, true },
+  { 385157, true },
+  { 385174, true },
+  { 385188, true },
+  { 385207, true },
+  { 385223, false },
+  { 385236, true },
+  { 385249, true },
+  { 385262, true },
+  { 385280, true },
+  { 385301, true },
+  { 385313, true },
+  { 385332, true },
+  { 385342, true },
+  { 385351, true },
+  { 385365, true },
+  { 385375, true },
+  { 385389, true },
+  { 385402, true },
+  { 385415, true },
+  { 385434, true },
+  { 385453, true },
+  { 385467, true },
+  { 385487, true },
+  { 385507, true },
+  { 385526, true },
+  { 385540, true },
+  { 385560, true },
+  { 385569, true },
+  { 385580, true },
+  { 385603, true },
+  { 385623, true },
+  { 385646, true },
+  { 385655, true },
+  { 385674, true },
+  { 385689, true },
+  { 385708, false },
+  { 385724, true },
+  { 385743, true },
+  { 385758, true },
+  { 385774, false },
+  { 385787, true },
+  { 385801, true },
+  { 385812, true },
+  { 385835, true },
+  { 385852, true },
+  { 385873, true },
+  { 385887, true },
+  { 385902, true },
+  { 385913, true },
+  { 385923, true },
+  { 385940, true },
+  { 385957, true },
+  { 385976, true },
+  { 385989, true },
+  { 386001, true },
+  { 386014, true },
+  { 386033, true },
+  { 386048, true },
+  { 386062, true },
+  { 386075, false },
+  { 386087, true },
+  { 386102, true },
+  { 386116, true },
+  { 386129, true },
+  { 386143, true },
+  { 386158, true },
+  { 386171, true },
+  { 386184, true },
+  { 386199, true },
+  { 386208, true },
+  { 386217, true },
+  { 386226, true },
+  { 386245, true },
+  { 386260, true },
+  { 386274, true },
+  { 386288, true },
+  { 386307, true },
+  { 386331, true },
+  { 386344, true },
+  { 386369, true },
+  { 386386, true },
+  { 386402, true },
+  { 386419, true },
+  { 386436, true },
+  { 386463, true },
+  { 386478, true },
+  { 386494, true },
+  { 386506, true },
+  { 386524, true },
+  { 386543, true },
+  { 386556, true },
+  { 386569, true },
+  { 386589, true },
+  { 386600, true },
+  { 386614, true },
+  { 386629, true },
+  { 386641, true },
+  { 386650, true },
+  { 386658, true },
+  { 386667, true },
+  { 386685, true },
+  { 386701, true },
+  { 386717, true },
+  { 386729, true },
+  { 386743, true },
+  { 386757, true },
+  { 386772, true },
+  { 386784, true },
+  { 386797, true },
+  { 386812, true },
+  { 386832, true },
+  { 386849, true },
+  { 386866, true },
+  { 386883, true },
+  { 386895, true },
+  { 386911, true },
+  { 386926, true },
+  { 386942, true },
+  { 386957, true },
+  { 386972, true },
+  { 386997, true },
+  { 387011, true },
+  { 387030, true },
+  { 387055, true },
+  { 387070, true },
+  { 387081, true },
+  { 387100, true },
+  { 387115, true },
+  { 387136, true },
+  { 387160, true },
+  { 387177, true },
+  { 387189, true },
+  { 387199, true },
+  { 387212, true },
+  { 387226, true },
+  { 387248, true },
+  { 387270, true },
+  { 387292, false },
+  { 387302, true },
+  { 387313, true },
+  { 387322, true },
+  { 387343, true },
+  { 387362, true },
+  { 387391, true },
+  { 387416, true },
+  { 387441, true },
+  { 387470, true },
+  { 387486, true },
+  { 387495, true },
+  { 387507, true },
+  { 387523, true },
+  { 387533, true },
+  { 387545, true },
+  { 387561, true },
+  { 387575, true },
+  { 387589, true },
+  { 387603, true },
+  { 387620, true },
+  { 387633, true },
+  { 387644, true },
+  { 387659, true },
+  { 387672, true },
+  { 387688, true },
+  { 387705, true },
+  { 387715, true },
+  { 387724, true },
+  { 387738, true },
+  { 387756, false },
+  { 387770, false },
+  { 387781, true },
+  { 387794, true },
+  { 387814, false },
+  { 387827, true },
+  { 387837, true },
+  { 387856, true },
+  { 387866, true },
+  { 387881, true },
+  { 387894, true },
+  { 387904, true },
+  { 387913, true },
+  { 387925, true },
+  { 387947, true },
+  { 387969, true },
+  { 387980, true },
+  { 387993, true },
+  { 388007, true },
+  { 388018, true },
+  { 388029, true },
+  { 388039, true },
+  { 388051, true },
+  { 388058, true },
+  { 388066, true },
+  { 388074, true },
+  { 388081, true },
+  { 388087, true },
+  { 388093, true },
+  { 388099, true },
+  { 388108, true },
+  { 388117, true },
+  { 388125, false },
+  { 388133, true },
+  { 388142, true },
+  { 388151, true },
+  { 388159, false },
+  { 388169, true },
+  { 388181, true },
+  { 388197, true },
+  { 388211, true },
+  { 388221, true },
+  { 388229, true },
+  { 388248, true },
+  { 388255, true },
+  { 388266, true },
+  { 388291, true },
+  { 388298, true },
+  { 388311, true },
+  { 388325, true },
+  { 388335, true },
+  { 388345, true },
+  { 388356, true },
+  { 388375, true },
+  { 388387, true },
+  { 388402, true },
+  { 388413, true },
+  { 388425, true },
+  { 388435, true },
+  { 388447, true },
+  { 388460, true },
+  { 388468, true },
+  { 388481, true },
+  { 388493, true },
+  { 388503, true },
+  { 388515, true },
+  { 388525, true },
+  { 388538, true },
+  { 388557, true },
+  { 388574, true },
+  { 388589, true },
+  { 388616, true },
+  { 388627, true },
+  { 388641, true },
+  { 388656, true },
+  { 388672, true },
+  { 388694, true },
+  { 388708, true },
+  { 388727, true },
+  { 388739, true },
+  { 388752, false },
+  { 388765, true },
+  { 388784, true },
+  { 388794, true },
+  { 388809, true },
+  { 388838, true },
+  { 388861, true },
+  { 388874, true },
+  { 388895, false },
+  { 388922, false },
+  { 388938, true },
+  { 388948, true },
+  { 388964, true },
+  { 388979, true },
+  { 388995, true },
+  { 389013, true },
+  { 389032, true },
+  { 389046, true },
+  { 389066, true },
+  { 389075, true },
+  { 389094, true },
+  { 389107, true },
+  { 389120, true },
+  { 389137, true },
+  { 389148, true },
+  { 389166, true },
+  { 389187, true },
+  { 389204, true },
+  { 389217, true },
+  { 389236, true },
+  { 389254, true },
+  { 389277, true },
+  { 389299, true },
+  { 389313, true },
+  { 389331, true },
+  { 389355, true },
+  { 389373, true },
+  { 389389, true },
+  { 389403, true },
+  { 389415, true },
+  { 389431, true },
+  { 389452, true },
+  { 389466, true },
+  { 389496, true },
+  { 389506, true },
+  { 389526, true },
+  { 389539, true },
+  { 389548, true },
+  { 389559, true },
+  { 389569, true },
+  { 389582, true },
+  { 389616, true },
+  { 389630, true },
+  { 389642, true },
+  { 389655, true },
+  { 389679, true },
+  { 389695, true },
+  { 389708, true },
+  { 389722, true },
+  { 389738, true },
+  { 389753, true },
+  { 389783, true },
+  { 389795, true },
+  { 389809, true },
+  { 389824, true },
+  { 389836, true },
+  { 389853, true },
+  { 389869, true },
+  { 389887, true },
+  { 389904, true },
+  { 389924, true },
+  { 389937, true },
+  { 389952, true },
+  { 389967, true },
+  { 389977, true },
+  { 389988, true },
+  { 389997, true },
+  { 390024, true },
+  { 390050, true },
+  { 390069, true },
+  { 390102, true },
+  { 390136, true },
+  { 390170, false },
+  { 390187, true },
+  { 390199, true },
+  { 390223, true },
+  { 390244, true },
+  { 390261, true },
+  { 390274, true },
+  { 390298, true },
+  { 390311, true },
+  { 390325, true },
+  { 390333, true },
+  { 390345, true },
+  { 390357, true },
+  { 390368, true },
+  { 390378, true },
+  { 390395, true },
+  { 390414, true },
+  { 390428, true },
+  { 390437, true },
+  { 390455, true },
+  { 390465, true },
+  { 390474, true },
+  { 390494, true },
+  { 390508, true },
+  { 390521, true },
+  { 390537, true },
+  { 390552, true },
+  { 390566, true },
+  { 390582, true },
+  { 390598, true },
+  { 390610, true },
+  { 390621, false },
+  { 390641, true },
+  { 390650, true },
+  { 390661, true },
+  { 390673, true },
+  { 390691, true },
+  { 390703, true },
+  { 390718, true },
+  { 390734, true },
+  { 390754, true },
+  { 390769, false },
+  { 390784, true },
+  { 390803, true },
+  { 390814, true },
+  { 390829, false },
+  { 390846, true },
+  { 390864, true },
+  { 390877, true },
+  { 390889, true },
+  { 390914, false },
+  { 390937, true },
+  { 390962, true },
+  { 390978, true },
+  { 390989, true },
+  { 391008, true },
+  { 391025, true },
+  { 391042, true },
+  { 391050, true },
+  { 391078, true },
+  { 391091, true },
+  { 391102, true },
+  { 391121, true },
+  { 391136, true },
+  { 391147, true },
+  { 391169, true },
+  { 391186, true },
+  { 391209, true },
+  { 391227, true },
+  { 391248, true },
+  { 391263, true },
+  { 391286, true },
+  { 391306, true },
+  { 391327, true },
+  { 391349, true },
+  { 391370, true },
+  { 391391, true },
+  { 391408, true },
+  { 391422, true },
+  { 391439, true },
+  { 391456, true },
+  { 391475, true },
+  { 391490, true },
+  { 391505, true },
+  { 391525, true },
+  { 391538, true },
+  { 391551, true },
+  { 391564, true },
+  { 391584, true },
+  { 391594, false },
+  { 391608, true },
+  { 391625, true },
+  { 391637, true },
+  { 391657, true },
+  { 391674, true },
+  { 391684, true },
+  { 391695, true },
+  { 391717, true },
+  { 391740, true },
+  { 391751, true },
+  { 391766, true },
+  { 391782, true },
+  { 391799, true },
+  { 391812, true },
+  { 391827, true },
+  { 391848, true },
+  { 391866, true },
+  { 391880, true },
+  { 391891, false },
+  { 391905, true },
+  { 391921, true },
+  { 391939, true },
+  { 391955, true },
+  { 391967, true },
+  { 391999, true },
+  { 392017, true },
+  { 392029, false },
+  { 392041, true },
+  { 392053, true },
+  { 392063, true },
+  { 392080, true },
+  { 392117, true },
+  { 392136, true },
+  { 392150, true },
+  { 392167, true },
+  { 392179, false },
+  { 392200, true },
+  { 392223, true },
+  { 392238, true },
+  { 392254, true },
+  { 392268, true },
+  { 392278, true },
+  { 392289, false },
+  { 392301, true },
+  { 392318, false },
+  { 392333, true },
+  { 392346, true },
+  { 392360, true },
+  { 392368, true },
+  { 392380, true },
+  { 392391, true },
+  { 392403, true },
+  { 392420, true },
+  { 392437, true },
+  { 392454, true },
+  { 392483, true },
+  { 392496, true },
+  { 392512, true },
+  { 392525, true },
+  { 392533, true },
+  { 392551, true },
+  { 392570, true },
+  { 392581, true },
+  { 392597, true },
+  { 392613, true },
+  { 392643, false },
+  { 392651, true },
+  { 392665, true },
+  { 392678, true },
+  { 392694, true },
+  { 392707, true },
+  { 392722, true },
+  { 392735, true },
+  { 392749, true },
+  { 392767, false },
+  { 392778, true },
+  { 392797, true },
+  { 392813, true },
+  { 392829, true },
+  { 392844, true },
+  { 392863, true },
+  { 392883, true },
+  { 392896, true },
+  { 392909, true },
+  { 392919, true },
+  { 392938, true },
+  { 392963, true },
+  { 392980, true },
+  { 392994, true },
+  { 393020, true },
+  { 393035, false },
+  { 393046, true },
+  { 393061, false },
+  { 393072, true },
+  { 393082, true },
+  { 393099, true },
+  { 393112, true },
+  { 393124, true },
+  { 393145, true },
+  { 393164, true },
+  { 393177, true },
+  { 393192, true },
+  { 393205, true },
+  { 393218, true },
+  { 393238, true },
+  { 393257, true },
+  { 393279, true },
+  { 393291, true },
+  { 393311, true },
+  { 393328, true },
+  { 393338, true },
+  { 393362, true },
+  { 393380, true },
+  { 393395, true },
+  { 393410, true },
+  { 393423, true },
+  { 393436, true },
+  { 393451, true },
+  { 393466, true },
+  { 393481, true },
+  { 393495, true },
+  { 393509, true },
+  { 393533, true },
+  { 393557, true },
+  { 393573, true },
+  { 393594, true },
+  { 393610, true },
+  { 393631, true },
+  { 393653, true },
+  { 393664, true },
+  { 393680, true },
+  { 393696, true },
+  { 393709, true },
+  { 393719, true },
+  { 393732, true },
+  { 393750, true },
+  { 393774, true },
+  { 393789, true },
+  { 393803, true },
+  { 393816, true },
+  { 393835, true },
+  { 393849, true },
+  { 393867, true },
+  { 393881, true },
+  { 393892, true },
+  { 393906, true },
+  { 393914, true },
+  { 393931, true },
+  { 393943, true },
+  { 393957, true },
+  { 393973, true },
+  { 393986, false },
+  { 394003, true },
+  { 394014, true },
+  { 394031, true },
+  { 394043, true },
+  { 394054, true },
+  { 394069, true },
+  { 394083, true },
+  { 394092, true },
+  { 394109, true },
+  { 394121, true },
+  { 394130, true },
+  { 394142, true },
+  { 394162, true },
+  { 394179, true },
+  { 394196, true },
+  { 394216, true },
+  { 394234, false },
+  { 394248, true },
+  { 394265, true },
+  { 394291, true },
+  { 394309, true },
+  { 394319, true },
+  { 394334, true },
+  { 394351, true },
+  { 394369, true },
+  { 394385, true },
+  { 394407, true },
+  { 394429, true },
+  { 394457, true },
+  { 394472, true },
+  { 394494, true },
+  { 394510, true },
+  { 394526, true },
+  { 394545, true },
+  { 394563, true },
+  { 394579, true },
+  { 394596, true },
+  { 394613, true },
+  { 394636, true },
+  { 394651, true },
+  { 394662, true },
+  { 394673, true },
+  { 394688, true },
+  { 394711, true },
+  { 394729, true },
+  { 394741, true },
+  { 394756, true },
+  { 394774, true },
+  { 394784, true },
+  { 394797, true },
+  { 394807, true },
+  { 394818, true },
+  { 394833, true },
+  { 394842, true },
+  { 394855, true },
+  { 394877, true },
+  { 394887, true },
+  { 394900, true },
+  { 394914, true },
+  { 394938, true },
+  { 394951, true },
+  { 394965, true },
+  { 394978, false },
+  { 394987, true },
+  { 394997, true },
+  { 395010, false },
+  { 395022, true },
+  { 395033, true },
+  { 395052, true },
+  { 395069, true },
+  { 395079, true },
+  { 395090, true },
+  { 395103, true },
+  { 395117, true },
+  { 395127, true },
+  { 395137, true },
+  { 395148, true },
+  { 395163, true },
+  { 395172, true },
+  { 395183, true },
+  { 395193, true },
+  { 395214, true },
+  { 395225, false },
+  { 395238, true },
+  { 395254, true },
+  { 395266, true },
+  { 395280, true },
+  { 395291, true },
+  { 395305, true },
+  { 395317, false },
+  { 395328, false },
+  { 395339, true },
+  { 395359, true },
+  { 395373, true },
+  { 395396, true },
+  { 395428, true },
+  { 395450, true },
+  { 395458, true },
+  { 395468, true },
+  { 395495, true },
+  { 395514, false },
+  { 395526, true },
+  { 395539, true },
+  { 395561, true },
+  { 395569, true },
+  { 395584, true },
+  { 395601, true },
+  { 395617, true },
+  { 395630, true },
+  { 395639, true },
+  { 395657, true },
+  { 395674, true },
+  { 395691, true },
+  { 395705, true },
+  { 395716, true },
+  { 395729, true },
+  { 395743, true },
+  { 395756, true },
+  { 395765, true },
+  { 395776, true },
+  { 395787, true },
+  { 395797, true },
+  { 395809, true },
+  { 395820, true },
+  { 395837, false },
+  { 395846, true },
+  { 395869, true },
+  { 395887, true },
+  { 395900, true },
+  { 395915, true },
+  { 395930, true },
+  { 395946, true },
+  { 395962, true },
+  { 395984, true },
+  { 396000, true },
+  { 396010, true },
+  { 396023, true },
+  { 396039, true },
+  { 396047, true },
+  { 396060, true },
+  { 396075, true },
+  { 396095, true },
+  { 396106, true },
+  { 396116, true },
+  { 396130, true },
+  { 396147, true },
+  { 396176, true },
+  { 396195, true },
+  { 396211, true },
+  { 396229, true },
+  { 396257, true },
+  { 396285, true },
+  { 396314, true },
+  { 396345, true },
+  { 396378, true },
+  { 396404, true },
+  { 396425, true },
+  { 396444, true },
+  { 396462, true },
+  { 396481, true },
+  { 396498, true },
+  { 396514, true },
+  { 396527, true },
+  { 396539, true },
+  { 396553, true },
+  { 396564, true },
+  { 396584, true },
+  { 396596, true },
+  { 396610, true },
+  { 396634, true },
+  { 396657, true },
+  { 396685, true },
+  { 396696, true },
+  { 396718, true },
+  { 396734, true },
+  { 396746, true },
+  { 396764, true },
+  { 396778, true },
+  { 396792, false },
+  { 396813, true },
+  { 396828, true },
+  { 396848, true },
+  { 396865, true },
+  { 396876, true },
+  { 396886, true },
+  { 396904, true },
+  { 396914, true },
+  { 396923, true },
+  { 396934, true },
+  { 396949, true },
+  { 396961, true },
+  { 396980, true },
+  { 397006, true },
+  { 397019, true },
+  { 397032, true },
+  { 397046, true },
+  { 397063, true },
+  { 397082, true },
+  { 397096, true },
+  { 397113, true },
+  { 397131, true },
+  { 397146, true },
+  { 397167, true },
+  { 397188, true },
+  { 397200, true },
+  { 397213, true },
+  { 397221, true },
+  { 397235, true },
+  { 397249, true },
+  { 397263, true },
+  { 397277, true },
+  { 397297, true },
+  { 397320, true },
+  { 397340, true },
+  { 397373, true },
+  { 397385, true },
+  { 397398, true },
+  { 397409, true },
+  { 397435, true },
+  { 397445, true },
+  { 397461, true },
+  { 397473, true },
+  { 397484, true },
+  { 397506, true },
+  { 397527, true },
+  { 397551, false },
+  { 397571, true },
+  { 397587, true },
+  { 397597, true },
+  { 397609, true },
+  { 397624, true },
+  { 397637, true },
+  { 397651, true },
+  { 397668, true },
+  { 397681, true },
+  { 397695, false },
+  { 397703, true },
+  { 397722, true },
+  { 397737, true },
+  { 397751, true },
+  { 397766, true },
+  { 397783, true },
+  { 397805, true },
+  { 397815, true },
+  { 397831, true },
+  { 397844, false },
+  { 397858, true },
+  { 397875, true },
+  { 397884, true },
+  { 397902, true },
+  { 397911, true },
+  { 397929, true },
+  { 397939, true },
+  { 397954, true },
+  { 397967, true },
+  { 397977, true },
+  { 397991, true },
+  { 398007, true },
+  { 398020, true },
+  { 398038, true },
+  { 398053, true },
+  { 398068, true },
+  { 398085, true },
+  { 398098, true },
+  { 398107, true },
+  { 398118, true },
+  { 398134, true },
+  { 398149, true },
+  { 398162, true },
+  { 398173, true },
+  { 398186, true },
+  { 398199, false },
+  { 398210, true },
+  { 398226, true },
+  { 398238, true },
+  { 398252, true },
+  { 398273, true },
+  { 398284, true },
+  { 398301, true },
+  { 398315, true },
+  { 398330, true },
+  { 398341, true },
+  { 398352, true },
+  { 398368, true },
+  { 398386, true },
+  { 398398, true },
+  { 398414, true },
+  { 398425, true },
+  { 398446, true },
+  { 398467, true },
+  { 398490, true },
+  { 398509, true },
+  { 398522, true },
+  { 398542, true },
+  { 398562, true },
+  { 398582, true },
+  { 398603, true },
+  { 398614, true },
+  { 398629, true },
+  { 398645, true },
+  { 398660, true },
+  { 398671, true },
+  { 398701, true },
+  { 398715, true },
+  { 398726, true },
+  { 398737, true },
+  { 398746, true },
+  { 398754, true },
+  { 398767, true },
+  { 398787, true },
+  { 398798, true },
+  { 398815, true },
+  { 398829, true },
+  { 398840, true },
+  { 398853, true },
+  { 398865, true },
+  { 398875, true },
+  { 398885, true },
+  { 398895, false },
+  { 398909, true },
+  { 398920, true },
+  { 398930, true },
+  { 398942, true },
+  { 398959, true },
+  { 398977, true },
+  { 398987, true },
+  { 399004, true },
+  { 399013, true },
+  { 399021, true },
+  { 399043, true },
+  { 399059, true },
+  { 399082, true },
+  { 399095, true },
+  { 399110, true },
+  { 399120, true },
+  { 399133, true },
+  { 399154, true },
+  { 399165, true },
+  { 399179, true },
+  { 399190, true },
+  { 399201, true },
+  { 399216, true },
+  { 399232, false },
+  { 399243, false },
+  { 399258, true },
+  { 399273, false },
+  { 399292, true },
+  { 399304, true },
+  { 399317, true },
+  { 399334, true },
+  { 399360, true },
+  { 399371, true },
+  { 399381, true },
+  { 399392, true },
+  { 399412, true },
+  { 399434, true },
+  { 399448, true },
+  { 399462, true },
+  { 399476, true },
+  { 399483, true },
+  { 399495, false },
+  { 399507, true },
+  { 399520, true },
+  { 399533, true },
+  { 399543, false },
+  { 399553, true },
+  { 399564, true },
+  { 399576, true },
+  { 399586, true },
+  { 399597, true },
+  { 399609, true },
+  { 399619, true },
+  { 399629, true },
+  { 399641, true },
+  { 399654, true },
+  { 399665, true },
+  { 399680, true },
+  { 399697, true },
+  { 399710, true },
+  { 399727, true },
+  { 399744, true },
+  { 399759, true },
+  { 399772, true },
+  { 399781, true },
+  { 399788, true },
+  { 399807, true },
+  { 399818, true },
+  { 399837, false },
+  { 399848, true },
+  { 399860, true },
+  { 399877, true },
+  { 399894, true },
+  { 399908, true },
+  { 399921, true },
+  { 399932, true },
+  { 399951, true },
+  { 399963, true },
+  { 399974, true },
+  { 399987, true },
+  { 399998, true },
+  { 400015, true },
+  { 400032, false },
+  { 400047, false },
+  { 400056, true },
+  { 400065, true },
+  { 400085, true },
+  { 400108, false },
+  { 400121, true },
+  { 400128, true },
+  { 400135, false },
+  { 400142, true },
+  { 400152, true },
+  { 400166, true },
+  { 400175, true },
+  { 400185, true },
+  { 400203, true },
+  { 400213, true },
+  { 400235, true },
+  { 400256, true },
+  { 400267, true },
+  { 400285, true },
+  { 400305, true },
+  { 400319, true },
+  { 400333, true },
+  { 400349, false },
+  { 400369, false },
+  { 400381, true },
+  { 400393, true },
+  { 400408, true },
+  { 400420, true },
+  { 400437, false },
+  { 400451, true },
+  { 400463, true },
+  { 400482, true },
+  { 400492, true },
+  { 400516, true },
+  { 400529, true },
+  { 400537, true },
+  { 400556, true },
+  { 400579, false },
+  { 400593, true },
+  { 400610, true },
+  { 400626, true },
+  { 400642, true },
+  { 400651, true },
+  { 400661, true },
+  { 400677, true },
+  { 400688, true },
+  { 400703, true },
+  { 400716, true },
+  { 400731, true },
+  { 400739, true },
+  { 400754, true },
+  { 400768, true },
+  { 400784, true },
+  { 400805, true },
+  { 400815, false },
+  { 400830, true },
+  { 400844, true },
+  { 400865, true },
+  { 400885, true },
+  { 400902, true },
+  { 400911, true },
+  { 400931, true },
+  { 400942, true },
+  { 400950, true },
+  { 400964, true },
+  { 400974, true },
+  { 400991, false },
+  { 401001, false },
+  { 401015, true },
+  { 401029, true },
+  { 401041, true },
+  { 401051, false },
+  { 401064, true },
+  { 401080, true },
+  { 401089, true },
+  { 401111, true },
+  { 401124, true },
+  { 401140, true },
+  { 401161, true },
+  { 401175, true },
+  { 401188, true },
+  { 401207, true },
+  { 401217, true },
+  { 401226, true },
+  { 401235, true },
+  { 401245, true },
+  { 401260, true },
+  { 401274, true },
+  { 401287, true },
+  { 401297, true },
+  { 401326, true },
+  { 401338, true },
+  { 401350, true },
+  { 401371, true },
+  { 401392, true },
+  { 401406, true },
+  { 401422, true },
+  { 401439, true },
+  { 401450, true },
+  { 401471, true },
+  { 401485, true },
+  { 401505, true },
+  { 401517, true },
+  { 401531, true },
+  { 401545, true },
+  { 401555, true },
+  { 401569, true },
+  { 401582, true },
+  { 401596, true },
+  { 401606, true },
+  { 401619, true },
+  { 401630, true },
+  { 401641, true },
+  { 401657, true },
+  { 401676, true },
+  { 401693, true },
+  { 401707, false },
+  { 401722, true },
+  { 401732, true },
+  { 401747, true },
+  { 401758, true },
+  { 401780, true },
+  { 401789, true },
+  { 401799, true },
+  { 401823, true },
+  { 401842, true },
+  { 401865, true },
+  { 401875, true },
+  { 401903, true },
+  { 401935, true },
+  { 401950, true },
+  { 401962, true },
+  { 401971, true },
+  { 401986, true },
+  { 402000, true },
+  { 402016, true },
+  { 402030, true },
+  { 402043, true },
+  { 402055, true },
+  { 402069, true },
+  { 402087, true },
+  { 402099, true },
+  { 402113, true },
+  { 402135, true },
+  { 402146, true },
+  { 402158, true },
+  { 402171, true },
+  { 402185, true },
+  { 402202, true },
+  { 402220, true },
+  { 402237, true },
+  { 402255, true },
+  { 402275, true },
+  { 402296, true },
+  { 402315, true },
+  { 402328, true },
+  { 402342, true },
+  { 402357, true },
+  { 402373, false },
+  { 402390, true },
+  { 402412, true },
+  { 402427, true },
+  { 402440, true },
+  { 402452, true },
+  { 402462, false },
+  { 402474, true },
+  { 402483, true },
+  { 402495, true },
+  { 402507, true },
+  { 402517, true },
+  { 402540, true },
+  { 402550, true },
+  { 402562, true },
+  { 402579, true },
+  { 402585, true },
+  { 402601, true },
+  { 402611, true },
+  { 402621, true },
+  { 402629, true },
+  { 402645, true },
+  { 402655, true },
+  { 402666, true },
+  { 402680, true },
+  { 402700, true },
+  { 402711, true },
+  { 402723, true },
+  { 402742, true },
+  { 402762, true },
+  { 402772, true },
+  { 402793, true },
+  { 402802, true },
+  { 402821, true },
+  { 402849, true },
+  { 402863, true },
+  { 402877, true },
+  { 402896, true },
+  { 402918, true },
+  { 402940, true },
+  { 402962, true },
+  { 402980, true },
+  { 402997, true },
+  { 403013, true },
+  { 403035, true },
+  { 403046, true },
+  { 403062, true },
+  { 403075, true },
+  { 403091, true },
+  { 403104, true },
+  { 403120, true },
+  { 403132, true },
+  { 403144, true },
+  { 403157, true },
+  { 403169, true },
+  { 403184, true },
+  { 403199, true },
+  { 403213, true },
+  { 403231, true },
+  { 403247, true },
+  { 403262, true },
+  { 403287, true },
+  { 403307, true },
+  { 403326, true },
+  { 403345, true },
+  { 403361, true },
+  { 403374, true },
+  { 403389, true },
+  { 403404, true },
+  { 403420, true },
+  { 403432, true },
+  { 403449, true },
+  { 403468, true },
+  { 403483, true },
+  { 403494, true },
+  { 403510, true },
+  { 403527, true },
+  { 403540, true },
+  { 403557, true },
+  { 403572, true },
+  { 403589, true },
+  { 403608, true },
+  { 403621, true },
+  { 403637, true },
+  { 403651, true },
+  { 403668, true },
+  { 403679, true },
+  { 403692, true },
+  { 403704, true },
+  { 403718, false },
+  { 403734, true },
+  { 403749, false },
+  { 403768, false },
+  { 403788, false },
+  { 403808, true },
+  { 403822, true },
+  { 403834, true },
+  { 403849, true },
+  { 403860, true },
+  { 403873, true },
+  { 403891, true },
+  { 403904, true },
+  { 403916, true },
+  { 403927, true },
+  { 403943, true },
+  { 403958, false },
+  { 403975, true },
+  { 403989, true },
+  { 404011, true },
+  { 404031, true },
+  { 404053, true },
+  { 404069, true },
+  { 404084, true },
+  { 404103, true },
+  { 404129, true },
+  { 404146, true },
+  { 404163, true },
+  { 404184, true },
+  { 404201, true },
+  { 404219, true },
+  { 404237, true },
+  { 404248, true },
+  { 404264, true },
+  { 404285, true },
+  { 404299, true },
+  { 404314, true },
+  { 404327, true },
+  { 404340, true },
+  { 404353, true },
+  { 404366, true },
+  { 404380, true },
+  { 404393, true },
+  { 404406, true },
+  { 404424, true },
+  { 404437, true },
+  { 404450, true },
+  { 404459, true },
+  { 404468, true },
+  { 404485, true },
+  { 404508, true },
+  { 404523, true },
+  { 404533, true },
+  { 404541, true },
+  { 404550, true },
+  { 404568, true },
+  { 404581, true },
+  { 404591, true },
+  { 404612, true },
+  { 404624, true },
+  { 404638, true },
+  { 404647, true },
+  { 404656, true },
+  { 404669, true },
+  { 404685, true },
+  { 404704, true },
+  { 404718, true },
+  { 404739, true },
+  { 404748, true },
+  { 404767, true },
+  { 404780, true },
+  { 404794, false },
+  { 404809, true },
+  { 404827, true },
+  { 404843, true },
+  { 404857, true },
+  { 404868, true },
+  { 404886, true },
+  { 404896, true },
+  { 404909, true },
+  { 404929, true },
+  { 404941, true },
+  { 404953, true },
+  { 404968, true },
+  { 404987, true },
+  { 405003, true },
+  { 405017, true },
+  { 405037, false },
+  { 405052, true },
+  { 405080, true },
+  { 405103, true },
+  { 405122, true },
+  { 405135, true },
+  { 405150, true },
+  { 405164, true },
+  { 405184, true },
+  { 405206, true },
+  { 405236, true },
+  { 405258, false },
+  { 405281, true },
+  { 405297, true },
+  { 405309, true },
+  { 405321, true },
+  { 405332, true },
+  { 405347, true },
+  { 405356, true },
+  { 405376, true },
+  { 405389, true },
+  { 405396, true },
+  { 405410, true },
+  { 405418, true },
+  { 405432, true },
+  { 405451, true },
+  { 405472, false },
+  { 405488, true },
+  { 405506, true },
+  { 405521, true },
+  { 405533, true },
+  { 405543, true },
+  { 405563, true },
+  { 405580, true },
+  { 405593, true },
+  { 405604, true },
+  { 405616, true },
+  { 405631, true },
+  { 405643, true },
+  { 405659, true },
+  { 405678, true },
+  { 405691, true },
+  { 405703, true },
+  { 405724, true },
+  { 405732, true },
+  { 405742, true },
+  { 405759, false },
+  { 405782, true },
+  { 405805, true },
+  { 405814, true },
+  { 405824, true },
+  { 405837, true },
+  { 405847, true },
+  { 405858, true },
+  { 405873, true },
+  { 405886, true },
+  { 405905, true },
+  { 405916, true },
+  { 405937, true },
+  { 405952, true },
+  { 405975, true },
+  { 405993, true },
+  { 406010, false },
+  { 406020, false },
+  { 406034, true },
+  { 406054, true },
+  { 406069, true },
+  { 406082, true },
+  { 406102, true },
+  { 406118, true },
+  { 406133, true },
+  { 406147, true },
+  { 406163, false },
+  { 406186, true },
+  { 406199, true },
+  { 406211, true },
+  { 406230, true },
+  { 406241, true },
+  { 406249, true },
+  { 406260, true },
+  { 406278, true },
+  { 406303, true },
+  { 406316, true },
+  { 406330, true },
+  { 406344, true },
+  { 406354, true },
+  { 406364, true },
+  { 406372, true },
+  { 406386, true },
+  { 406400, true },
+  { 406414, true },
+  { 406427, true },
+  { 406440, true },
+  { 406454, true },
+  { 406465, false },
+  { 406480, false },
+  { 406493, true },
+  { 406507, true },
+  { 406532, true },
+  { 406549, true },
+  { 406563, true },
+  { 406575, true },
+  { 406593, true },
+  { 406605, true },
+  { 406625, true },
+  { 406639, true },
+  { 406649, true },
+  { 406669, true },
+  { 406681, true },
+  { 406697, true },
+  { 406727, true },
+  { 406744, true },
+  { 406772, true },
+  { 406796, true },
+  { 406824, true },
+  { 406834, true },
+  { 406849, true },
+  { 406864, true },
+  { 406878, true },
+  { 406893, true },
+  { 406906, true },
+  { 406919, true },
+  { 406933, true },
+  { 406948, true },
+  { 406963, true },
+  { 406972, true },
+  { 406982, true },
+  { 406994, true },
+  { 407007, true },
+  { 407017, true },
+  { 407031, true },
+  { 407040, true },
+  { 407058, true },
+  { 407080, true },
+  { 407089, true },
+  { 407100, true },
+  { 407111, true },
+  { 407122, true },
+  { 407129, true },
+  { 407144, true },
+  { 407162, true },
+  { 407180, true },
+  { 407191, true },
+  { 407201, true },
+  { 407213, true },
+  { 407226, true },
+  { 407234, true },
+  { 407242, true },
+  { 407250, true },
+  { 407259, true },
+  { 407267, false },
+  { 407287, true },
+  { 407299, true },
+  { 407311, true },
+  { 407323, false },
+  { 407333, true },
+  { 407348, true },
+  { 407367, true },
+  { 407381, true },
+  { 407401, true },
+  { 407422, true },
+  { 407447, true },
+  { 407462, true },
+  { 407472, true },
+  { 407485, true },
+  { 407499, true },
+  { 407514, true },
+  { 407540, true },
+  { 407551, true },
+  { 407565, true },
+  { 407583, true },
+  { 407600, true },
+  { 407615, true },
+  { 407628, true },
+  { 407636, true },
+  { 407651, false },
+  { 407668, false },
+  { 407686, true },
+  { 407708, true },
+  { 407724, true },
+  { 407739, true },
+  { 407752, true },
+  { 407770, true },
+  { 407783, true },
+  { 407792, true },
+  { 407811, true },
+  { 407827, true },
+  { 407844, true },
+  { 407858, true },
+  { 407871, true },
+  { 407882, true },
+  { 407899, true },
+  { 407922, true },
+  { 407937, true },
+  { 407959, true },
+  { 407973, true },
+  { 407994, true },
+  { 408008, true },
+  { 408020, true },
+  { 408044, true },
+  { 408065, true },
+  { 408091, true },
+  { 408110, true },
+  { 408129, true },
+  { 408147, true },
+  { 408164, true },
+  { 408175, true },
+  { 408196, true },
+  { 408215, true },
+  { 408241, true },
+  { 408258, true },
+  { 408278, true },
+  { 408294, true },
+  { 408320, true },
+  { 408340, true },
+  { 408361, true },
+  { 408384, true },
+  { 408403, true },
+  { 408427, true },
+  { 408444, true },
+  { 408463, true },
+  { 408481, true },
+  { 408500, true },
+  { 408521, true },
+  { 408543, true },
+  { 408554, true },
+  { 408565, true },
+  { 408586, true },
+  { 408604, true },
+  { 408628, true },
+  { 408647, true },
+  { 408663, true },
+  { 408684, true },
+  { 408706, false },
+  { 408732, true },
+  { 408751, true },
+  { 408762, true },
+  { 408779, true },
+  { 408803, true },
+  { 408825, true },
+  { 408851, true },
+  { 408864, true },
+  { 408882, true },
+  { 408904, true },
+  { 408926, true },
+  { 408948, true },
+  { 408973, true },
+  { 408999, true },
+  { 409015, true },
+  { 409032, true },
+  { 409050, true },
+  { 409067, true },
+  { 409085, true },
+  { 409103, true },
+  { 409122, true },
+  { 409136, true },
+  { 409146, true },
+  { 409163, true },
+  { 409184, true },
+  { 409199, true },
+  { 409216, true },
+  { 409232, true },
+  { 409255, true },
+  { 409267, true },
+  { 409286, true },
+  { 409304, true },
+  { 409327, true },
+  { 409340, true },
+  { 409356, true },
+  { 409367, true },
+  { 409385, true },
+  { 409401, true },
+  { 409417, true },
+  { 409435, true },
+  { 409453, true },
+  { 409472, true },
+  { 409485, true },
+  { 409503, true },
+  { 409527, true },
+  { 409550, true },
+  { 409565, true },
+  { 409582, true },
+  { 409616, true },
+  { 409643, true },
+  { 409653, true },
+  { 409669, true },
+  { 409687, true },
+  { 409705, true },
+  { 409721, true },
+  { 409737, true },
+  { 409757, true },
+  { 409773, true },
+  { 409791, true },
+  { 409808, true },
+  { 409827, true },
+  { 409840, true },
+  { 409860, true },
+  { 409877, true },
+  { 409900, true },
+  { 409915, true },
+  { 409933, true },
+  { 409949, true },
+  { 409966, true },
+  { 409985, true },
+  { 409996, true },
+  { 410007, true },
+  { 410029, true },
+  { 410047, true },
+  { 410077, true },
+  { 410102, true },
+  { 410122, true },
+  { 410137, true },
+  { 410161, true },
+  { 410176, true },
+  { 410187, true },
+  { 410204, true },
+  { 410218, true },
+  { 410232, true },
+  { 410247, true },
+  { 410263, true },
+  { 410283, true },
+  { 410297, true },
+  { 410312, true },
+  { 410325, true },
+  { 410342, true },
+  { 410363, true },
+  { 410382, true },
+  { 410407, true },
+  { 410418, true },
+  { 410431, true },
+  { 410454, true },
+  { 410469, true },
+  { 410483, true },
+  { 410495, true },
+  { 410512, true },
+  { 410534, true },
+  { 410547, true },
+  { 410571, true },
+  { 410592, true },
+  { 410615, true },
+  { 410624, true },
+  { 410645, true },
+  { 410667, true },
+  { 410677, true },
+  { 410690, true },
+  { 410707, true },
+  { 410728, true },
+  { 410767, true },
+  { 410788, true },
+  { 410806, true },
+  { 410830, true },
+  { 410856, true },
+  { 410873, true },
+  { 410893, true },
+  { 410909, true },
+  { 410922, true },
+  { 410933, true },
+  { 410950, true },
+  { 410968, true },
+  { 410983, true },
+  { 410999, true },
+  { 411016, true },
+  { 411030, true },
+  { 411043, true },
+  { 411056, true },
+  { 411072, true },
+  { 411084, true },
+  { 411114, true },
+  { 411128, true },
+  { 411147, true },
+  { 411169, false },
+  { 411187, true },
+  { 411211, true },
+  { 411224, true },
+  { 411244, true },
+  { 411255, true },
+  { 411270, true },
+  { 411289, true },
+  { 411309, true },
+  { 411326, false },
+  { 411341, true },
+  { 411359, true },
+  { 411377, true },
+  { 411396, true },
+  { 411418, true },
+  { 411430, true },
+  { 411449, true },
+  { 411464, true },
+  { 411479, true },
+  { 411491, true },
+  { 411517, true },
+  { 411536, true },
+  { 411548, true },
+  { 411566, true },
+  { 411591, true },
+  { 411605, true },
+  { 411625, true },
+  { 411640, true },
+  { 411659, true },
+  { 411677, true },
+  { 411695, true },
+  { 411715, true },
+  { 411735, false },
+  { 411751, true },
+  { 411770, true },
+  { 411784, true },
+  { 411813, false },
+  { 411824, true },
+  { 411836, true },
+  { 411853, true },
+  { 411869, true },
+  { 411893, true },
+  { 411923, true },
+  { 411940, true },
+  { 411961, true },
+  { 411981, true },
+  { 411995, true },
+  { 412013, true },
+  { 412029, true },
+  { 412049, true },
+  { 412059, true },
+  { 412076, false },
+  { 412094, true },
+  { 412110, true },
+  { 412134, true },
+  { 412145, true },
+  { 412157, true },
+  { 412183, true },
+  { 412201, true },
+  { 412220, true },
+  { 412237, true },
+  { 412261, true },
+  { 412278, true },
+  { 412291, true },
+  { 412311, true },
+  { 412325, true },
+  { 412346, true },
+  { 412371, true },
+  { 412390, true },
+  { 412418, true },
+  { 412436, true },
+  { 412452, true },
+  { 412468, true },
+  { 412482, true },
+  { 412495, true },
+  { 412510, true },
+  { 412532, true },
+  { 412549, false },
+  { 412569, true },
+  { 412584, true },
+  { 412601, false },
+  { 412616, true },
+  { 412636, true },
+  { 412655, true },
+  { 412681, true },
+  { 412698, true },
+  { 412723, true },
+  { 412744, true },
+  { 412751, true },
+  { 412761, true },
+  { 412773, true },
+  { 412788, true },
+  { 412807, true },
+  { 412823, true },
+  { 412842, true },
+  { 412859, true },
+  { 412876, true },
+  { 412894, true },
+  { 412910, true },
+  { 412927, false },
+  { 412945, true },
+  { 412961, true },
+  { 412974, true },
+  { 412997, true },
+  { 413021, true },
+  { 413039, true },
+  { 413052, true },
+  { 413066, true },
+  { 413089, true },
+  { 413104, true },
+  { 413119, true },
+  { 413128, true },
+  { 413140, true },
+  { 413165, true },
+  { 413178, true },
+  { 413192, true },
+  { 413214, true },
+  { 413236, true },
+  { 413247, true },
+  { 413258, true },
+  { 413277, true },
+  { 413303, true },
+  { 413320, true },
+  { 413337, true },
+  { 413354, true },
+  { 413364, true },
+  { 413391, true },
+  { 413408, true },
+  { 413433, true },
+  { 413452, true },
+  { 413465, true },
+  { 413480, true },
+  { 413494, true },
+  { 413511, true },
+  { 413528, true },
+  { 413541, true },
+  { 413555, true },
+  { 413577, true },
+  { 413592, true },
+  { 413606, true },
+  { 413615, true },
+  { 413624, true },
+  { 413652, true },
+  { 413666, true },
+  { 413690, true },
+  { 413704, true },
+  { 413720, true },
+  { 413730, true },
+  { 413742, false },
+  { 413753, true },
+  { 413769, true },
+  { 413785, true },
+  { 413801, true },
+  { 413817, true },
+  { 413830, true },
+  { 413844, true },
+  { 413853, true },
+  { 413863, true },
+  { 413874, true },
+  { 413888, true },
+  { 413906, true },
+  { 413920, true },
+  { 413930, true },
+  { 413945, true },
+  { 413958, true },
+  { 413976, true },
+  { 413991, true },
+  { 414002, true },
+  { 414020, true },
+  { 414033, true },
+  { 414048, true },
+  { 414067, true },
+  { 414080, true },
+  { 414097, true },
+  { 414113, true },
+  { 414132, true },
+  { 414148, true },
+  { 414164, true },
+  { 414187, true },
+  { 414209, true },
+  { 414219, true },
+  { 414226, true },
+  { 414241, true },
+  { 414255, true },
+  { 414276, true },
+  { 414294, true },
+  { 414306, true },
+  { 414330, true },
+  { 414360, true },
+  { 414386, true },
+  { 414399, true },
+  { 414408, true },
+  { 414416, true },
+  { 414426, true },
+  { 414445, true },
+  { 414459, true },
+  { 414473, true },
+  { 414489, true },
+  { 414501, true },
+  { 414511, true },
+  { 414519, true },
+  { 414530, true },
+  { 414539, true },
+  { 414554, true },
+  { 414572, true },
+  { 414585, true },
+  { 414602, true },
+  { 414613, true },
+  { 414625, true },
+  { 414636, true },
+  { 414649, true },
+  { 414661, true },
+  { 414669, true },
+  { 414681, true },
+  { 414708, true },
+  { 414727, true },
+  { 414752, true },
+  { 414768, true },
+  { 414782, true },
+  { 414802, true },
+  { 414814, true },
+  { 414829, true },
+  { 414843, true },
+  { 414855, true },
+  { 414867, true },
+  { 414878, true },
+  { 414893, true },
+  { 414904, true },
+  { 414917, true },
+  { 414927, true },
+  { 414942, true },
+  { 414954, true },
+  { 414970, true },
+  { 414985, true },
+  { 415000, true },
+  { 415014, true },
+  { 415030, true },
+  { 415039, true },
+  { 415048, true },
+  { 415059, true },
+  { 415073, true },
+  { 415084, false },
+  { 415099, true },
+  { 415113, true },
+  { 415127, true },
+  { 415136, true },
+  { 415149, true },
+  { 415159, true },
+  { 415172, true },
+  { 415192, true },
+  { 415204, false },
+  { 415224, true },
+  { 415238, true },
+  { 415252, true },
+  { 415268, true },
+  { 415282, true },
+  { 415293, true },
+  { 415310, true },
+  { 415324, true },
+  { 415337, true },
+  { 415351, true },
+  { 415375, true },
+  { 415387, true },
+  { 415401, true },
+  { 415413, true },
+  { 415425, true },
+  { 415448, true },
+  { 415460, true },
+  { 415472, true },
+  { 415482, true },
+  { 415492, true },
+  { 415502, true },
+  { 415517, true },
+  { 415530, true },
+  { 415547, true },
+  { 415574, true },
+  { 415587, true },
+  { 415601, true },
+  { 415620, true },
+  { 415645, true },
+  { 415661, true },
+  { 415678, true },
+  { 415705, true },
+  { 415716, true },
+  { 415724, true },
+  { 415746, true },
+  { 415756, true },
+  { 415768, true },
+  { 415781, true },
+  { 415795, true },
+  { 415822, false },
+  { 415836, true },
+  { 415858, true },
+  { 415868, true },
+  { 415882, true },
+  { 415900, true },
+  { 415914, true },
+  { 415924, true },
+  { 415931, true },
+  { 415938, true },
+  { 415961, true },
+  { 415974, true },
+  { 415984, true },
+  { 415998, true },
+  { 416006, true },
+  { 416016, true },
+  { 416024, true },
+  { 416031, true },
+  { 416039, true },
+  { 416050, true },
+  { 416062, true },
+  { 416071, true },
+  { 416080, true },
+  { 416092, true },
+  { 416109, true },
+  { 416117, true },
+  { 416130, true },
+  { 416143, true },
+  { 416156, true },
+  { 416165, true },
+  { 416177, true },
+  { 416189, true },
+  { 416202, true },
+  { 416210, true },
+  { 416219, true },
+  { 416229, true },
+  { 416239, true },
+  { 416249, true },
+  { 416259, true },
+  { 416269, true },
+  { 416280, true },
+  { 416295, true },
+  { 416315, true },
+  { 416333, true },
+  { 416342, true },
+  { 416349, true },
+  { 416358, true },
+  { 416374, true },
+  { 416391, true },
+  { 416400, true },
+  { 416408, true },
+  { 416415, true },
+  { 416431, true },
+  { 416445, true },
+  { 416462, true },
+  { 416474, true },
+  { 416483, true },
+  { 416491, false },
+  { 416504, true },
+  { 416516, true },
+  { 416525, true },
+  { 416533, false },
+  { 416542, true },
+  { 416555, true },
+  { 416567, true },
+  { 416578, true },
+  { 416592, true },
+  { 416608, true },
+  { 416625, true },
+  { 416642, true },
+  { 416658, true },
+  { 416674, true },
+  { 416693, true },
+  { 416703, true },
+  { 416720, true },
+  { 416738, true },
+  { 416756, true },
+  { 416774, true },
+  { 416791, true },
+  { 416805, true },
+  { 416820, true },
+  { 416838, true },
+  { 416855, true },
+  { 416875, true },
+  { 416895, true },
+  { 416907, true },
+  { 416921, true },
+  { 416938, true },
+  { 416948, true },
+  { 416957, true },
+  { 416966, true },
+  { 416976, true },
+  { 416986, true },
+  { 416996, true },
+  { 417008, true },
+  { 417026, true },
+  { 417042, true },
+  { 417061, true },
+  { 417075, true },
+  { 417089, true },
+  { 417104, true },
+  { 417116, true },
+  { 417125, true },
+  { 417139, true },
+  { 417161, true },
+  { 417175, true },
+  { 417183, true },
+  { 417197, true },
+  { 417207, true },
+  { 417220, true },
+  { 417229, true },
+  { 417246, true },
+  { 417256, true },
+  { 417266, true },
+  { 417281, true },
+  { 417293, true },
+  { 417307, true },
+  { 417325, true },
+  { 417343, true },
+  { 417352, true },
+  { 417361, true },
+  { 417370, true },
+  { 417395, true },
+  { 417416, true },
+  { 417439, true },
+  { 417468, true },
+  { 417483, true },
+  { 417494, true },
+  { 417509, true },
+  { 417532, true },
+  { 417545, true },
+  { 417561, true },
+  { 417577, true },
+  { 417588, true },
+  { 417602, true },
+  { 417622, true },
+  { 417637, true },
+  { 417655, true },
+  { 417669, true },
+  { 417682, true },
+  { 417698, true },
+  { 417708, true },
+  { 417722, true },
+  { 417740, true },
+  { 417754, true },
+  { 417770, true },
+  { 417785, true },
+  { 417807, true },
+  { 417826, true },
+  { 417836, true },
+  { 417845, true },
+  { 417857, true },
+  { 417871, true },
+  { 417887, true },
+  { 417899, true },
+  { 417915, true },
+  { 417925, true },
+  { 417941, true },
+  { 417954, true },
+  { 417971, true },
+  { 417985, true },
+  { 418000, true },
+  { 418008, true },
+  { 418018, true },
+  { 418030, true },
+  { 418041, true },
+  { 418055, true },
+  { 418067, true },
+  { 418078, true },
+  { 418088, true },
+  { 418104, true },
+  { 418116, false },
+  { 418124, true },
+  { 418137, true },
+  { 418152, true },
+  { 418163, true },
+  { 418179, true },
+  { 418194, true },
+  { 418205, true },
+  { 418219, true },
+  { 418233, true },
+  { 418246, true },
+  { 418258, true },
+  { 418276, true },
+  { 418293, false },
+  { 418307, true },
+  { 418320, true },
+  { 418332, true },
+  { 418343, true },
+  { 418353, true },
+  { 418365, true },
+  { 418384, true },
+  { 418395, true },
+  { 418409, true },
+  { 418420, true },
+  { 418431, true },
+  { 418442, true },
+  { 418453, true },
+  { 418464, true },
+  { 418478, true },
+  { 418490, true },
+  { 418505, true },
+  { 418519, true },
+  { 418534, true },
+  { 418547, true },
+  { 418563, true },
+  { 418572, true },
+  { 418581, true },
+  { 418595, true },
+  { 418628, true },
+  { 418639, true },
+  { 418650, true },
+  { 418666, false },
+  { 418682, true },
+  { 418693, true },
+  { 418704, true },
+  { 418720, true },
+  { 418730, true },
+  { 418746, true },
+  { 418753, true },
+  { 418764, false },
+  { 418778, true },
+  { 418786, true },
+  { 418799, true },
+  { 418808, true },
+  { 418818, true },
+  { 418828, true },
+  { 418841, true },
+  { 418859, true },
+  { 418877, true },
+  { 418901, true },
+  { 418909, true },
+  { 418922, true },
+  { 418932, true },
+  { 418945, false },
+  { 418964, true },
+  { 418978, true },
+  { 419001, true },
+  { 419015, true },
+  { 419030, true },
+  { 419042, true },
+  { 419056, true },
+  { 419081, true },
+  { 419097, true },
+  { 419118, true },
+  { 419130, true },
+  { 419150, true },
+  { 419161, true },
+  { 419172, true },
+  { 419187, true },
+  { 419199, true },
+  { 419211, true },
+  { 419234, false },
+  { 419251, true },
+  { 419265, true },
+  { 419280, true },
+  { 419293, true },
+  { 419303, true },
+  { 419315, true },
+  { 419325, true },
+  { 419334, true },
+  { 419350, true },
+  { 419362, true },
+  { 419379, true },
+  { 419398, true },
+  { 419407, true },
+  { 419437, false },
+  { 419452, true },
+  { 419468, false },
+  { 419480, true },
+  { 419506, true },
+  { 419517, true },
+  { 419538, true },
+  { 419553, true },
+  { 419566, true },
+  { 419587, true },
+  { 419603, true },
+  { 419618, true },
+  { 419638, true },
+  { 419653, true },
+  { 419675, true },
+  { 419691, true },
+  { 419706, true },
+  { 419716, true },
+  { 419732, true },
+  { 419744, true },
+  { 419757, true },
+  { 419766, true },
+  { 419776, true },
+  { 419794, true },
+  { 419811, true },
+  { 419831, true },
+  { 419850, true },
+  { 419868, true },
+  { 419889, true },
+  { 419917, true },
+  { 419933, true },
+  { 419951, true },
+  { 419965, true },
+  { 419984, true },
+  { 420008, true },
+  { 420022, false },
+  { 420041, true },
+  { 420055, true },
+  { 420070, true },
+  { 420091, true },
+  { 420103, true },
+  { 420113, true },
+  { 420132, true },
+  { 420149, true },
+  { 420170, true },
+  { 420188, true },
+  { 420201, true },
+  { 420214, true },
+  { 420235, true },
+  { 420251, true },
+  { 420266, true },
+  { 420284, true },
+  { 420303, true },
+  { 420322, true },
+  { 420334, true },
+  { 420345, true },
+  { 420360, true },
+  { 420375, true },
+  { 420386, true },
+  { 420407, true },
+  { 420426, true },
+  { 420437, true },
+  { 420458, true },
+  { 420487, true },
+  { 420512, true },
+  { 420533, true },
+  { 420551, true },
+  { 420558, true },
+  { 420572, true },
+  { 420584, true },
+  { 420599, true },
+  { 420615, true },
+  { 420632, true },
+  { 420654, true },
+  { 420664, true },
+  { 420677, true },
+  { 420689, true },
+  { 420706, true },
+  { 420715, true },
+  { 420728, true },
+  { 420737, false },
+  { 420750, true },
+  { 420760, false },
+  { 420780, true },
+  { 420789, true },
+  { 420799, true },
+  { 420818, true },
+  { 420839, true },
+  { 420851, true },
+  { 420864, true },
+  { 420875, true },
+  { 420889, true },
+  { 420905, true },
+  { 420921, true },
+  { 420940, true },
+  { 420950, true },
+  { 420966, true },
+  { 420992, true },
+  { 421010, true },
+  { 421025, true },
+  { 421042, true },
+  { 421063, true },
+  { 421075, true },
+  { 421088, true },
+  { 421109, true },
+  { 421126, true },
+  { 421139, true },
+  { 421155, true },
+  { 421173, true },
+  { 421185, true },
+  { 421204, true },
+  { 421223, true },
+  { 421237, true },
+  { 421250, true },
+  { 421271, false },
+  { 421288, true },
+  { 421318, true },
+  { 421329, false },
+  { 421349, true },
+  { 421360, true },
+  { 421371, true },
+  { 421390, true },
+  { 421416, true },
+  { 421432, true },
+  { 421451, true },
+  { 421461, true },
+  { 421478, true },
+  { 421493, true },
+  { 421511, true },
+  { 421523, true },
+  { 421543, true },
+  { 421559, true },
+  { 421588, true },
+  { 421601, true },
+  { 421614, true },
+  { 421631, true },
+  { 421648, true },
+  { 421661, true },
+  { 421674, true },
+  { 421687, true },
+  { 421700, true },
+  { 421713, true },
+  { 421726, true },
+  { 421739, true },
+  { 421752, true },
+  { 421765, true },
+  { 421778, true },
+  { 421791, true },
+  { 421804, true },
+  { 421828, true },
+  { 421839, true },
+  { 421851, true },
+  { 421859, true },
+  { 421876, true },
+  { 421894, true },
+  { 421907, true },
+  { 421923, true },
+  { 421936, true },
+  { 421958, true },
+  { 421972, true },
+  { 421990, true },
+  { 422002, true },
+  { 422016, true },
+  { 422029, true },
+  { 422047, true },
+  { 422066, true },
+  { 422088, true },
+  { 422101, true },
+  { 422123, true },
+  { 422151, true },
+  { 422171, true },
+  { 422191, true },
+  { 422209, true },
+  { 422227, true },
+  { 422245, true },
+  { 422262, true },
+  { 422282, true },
+  { 422298, true },
+  { 422326, true },
+  { 422351, true },
+  { 422383, true },
+  { 422403, true },
+  { 422422, true },
+  { 422443, true },
+  { 422463, true },
+  { 422478, true },
+  { 422493, true },
+  { 422513, true },
+  { 422526, true },
+  { 422546, true },
+  { 422571, true },
+  { 422587, true },
+  { 422604, true },
+  { 422613, true },
+  { 422632, true },
+  { 422649, true },
+  { 422661, true },
+  { 422674, true },
+  { 422697, true },
+  { 422713, true },
+  { 422733, true },
+  { 422746, true },
+  { 422764, true },
+  { 422788, true },
+  { 422806, true },
+  { 422824, true },
+  { 422838, true },
+  { 422852, true },
+  { 422873, true },
+  { 422883, true },
+  { 422895, true },
+  { 422910, true },
+  { 422927, true },
+  { 422939, true },
+  { 422951, true },
+  { 422970, true },
+  { 422987, true },
+  { 423005, true },
+  { 423020, true },
+  { 423042, true },
+  { 423061, true },
+  { 423072, true },
+  { 423086, true },
+  { 423097, true },
+  { 423116, false },
+  { 423133, true },
+  { 423148, true },
+  { 423163, true },
+  { 423178, true },
+  { 423190, true },
+  { 423210, true },
+  { 423224, true },
+  { 423242, true },
+  { 423257, true },
+  { 423271, true },
+  { 423286, true },
+  { 423300, true },
+  { 423310, true },
+  { 423326, true },
+  { 423339, true },
+  { 423358, true },
+  { 423370, true },
+  { 423384, true },
+  { 423393, true },
+  { 423407, true },
+  { 423418, true },
+  { 423433, true },
+  { 423453, true },
+  { 423475, true },
+  { 423485, true },
+  { 423499, true },
+  { 423509, true },
+  { 423521, true },
+  { 423537, true },
+  { 423548, true },
+  { 423566, true },
+  { 423583, true },
+  { 423597, true },
+  { 423613, true },
+  { 423625, false },
+  { 423633, true },
+  { 423649, true },
+  { 423661, true },
+  { 423681, true },
+  { 423692, true },
+  { 423704, true },
+  { 423715, true },
+  { 423734, true },
+  { 423759, true },
+  { 423771, true },
+  { 423783, true },
+  { 423792, true },
+  { 423802, true },
+  { 423816, true },
+  { 423830, true },
+  { 423844, true },
+  { 423857, true },
+  { 423871, true },
+  { 423886, true },
+  { 423904, true },
+  { 423915, true },
+  { 423930, true },
+  { 423941, true },
+  { 423956, true },
+  { 423974, true },
+  { 423991, true },
+  { 424007, true },
+  { 424030, true },
+  { 424050, true },
+  { 424062, true },
+  { 424080, true },
+  { 424100, true },
+  { 424113, true },
+  { 424126, true },
+  { 424147, true },
+  { 424166, true },
+  { 424177, true },
+  { 424200, true },
+  { 424215, true },
+  { 424230, true },
+  { 424248, true },
+  { 424255, true },
+  { 424270, true },
+  { 424278, true },
+  { 424293, false },
+  { 424311, false },
+  { 424332, true },
+  { 424344, true },
+  { 424367, true },
+  { 424384, true },
+  { 424396, true },
+  { 424408, true },
+  { 424420, true },
+  { 424441, true },
+  { 424467, true },
+  { 424480, true },
+  { 424497, true },
+  { 424514, true },
+  { 424534, true },
+  { 424547, true },
+  { 424565, true },
+  { 424577, true },
+  { 424592, true },
+  { 424605, true },
+  { 424614, true },
+  { 424627, true },
+  { 424641, true },
+  { 424655, true },
+  { 424672, true },
+  { 424689, true },
+  { 424708, true },
+  { 424728, true },
+  { 424753, true },
+  { 424778, true },
+  { 424789, true },
+  { 424805, true },
+  { 424816, true },
+  { 424827, true },
+  { 424842, true },
+  { 424858, true },
+  { 424869, true },
+  { 424887, true },
+  { 424901, true },
+  { 424916, true },
+  { 424927, true },
+  { 424938, true },
+  { 424950, true },
+  { 424966, true },
+  { 424988, true },
+  { 425000, true },
+  { 425011, true },
+  { 425030, true },
+  { 425039, true },
+  { 425052, true },
+  { 425062, true },
+  { 425076, true },
+  { 425090, true },
+  { 425099, true },
+  { 425109, true },
+  { 425122, true },
+  { 425132, true },
+  { 425154, true },
+  { 425166, true },
+  { 425174, true },
+  { 425188, true },
+  { 425202, true },
+  { 425210, true },
+  { 425221, true },
+  { 425239, true },
+  { 425247, true },
+  { 425257, true },
+  { 425268, true },
+  { 425275, true },
+  { 425286, true },
+  { 425298, true },
+  { 425308, true },
+  { 425315, true },
+  { 425322, true },
+  { 425334, true },
+  { 425345, true },
+  { 425357, true },
+  { 425368, true },
+  { 425381, true },
+  { 425396, true },
+  { 425406, true },
+  { 425416, true },
+  { 425430, true },
+  { 425441, true },
+  { 425459, true },
+  { 425476, true },
+  { 425490, true },
+  { 425501, true },
+  { 425520, false },
+  { 425543, true },
+  { 425554, true },
+  { 425562, true },
+  { 425583, true },
+  { 425596, true },
+  { 425611, true },
+  { 425623, true },
+  { 425634, true },
+  { 425649, true },
+  { 425663, true },
+  { 425675, true },
+  { 425701, true },
+  { 425713, true },
+  { 425743, false },
+  { 425757, true },
+  { 425773, true },
+  { 425789, true },
+  { 425802, true },
+  { 425819, true },
+  { 425836, true },
+  { 425853, true },
+  { 425865, true },
+  { 425877, true },
+  { 425888, true },
+  { 425903, true },
+  { 425919, true },
+  { 425940, true },
+  { 425957, true },
+  { 425973, true },
+  { 425985, true },
+  { 425995, true },
+  { 426017, true },
+  { 426031, true },
+  { 426042, true },
+  { 426055, true },
+  { 426070, true },
+  { 426086, true },
+  { 426103, true },
+  { 426114, true },
+  { 426127, true },
+  { 426142, true },
+  { 426159, true },
+  { 426176, true },
+  { 426189, true },
+  { 426200, false },
+  { 426211, true },
+  { 426221, true },
+  { 426233, true },
+  { 426250, true },
+  { 426262, true },
+  { 426273, true },
+  { 426287, false },
+  { 426298, false },
+  { 426311, true },
+  { 426319, true },
+  { 426329, true },
+  { 426346, true },
+  { 426358, true },
+  { 426378, true },
+  { 426391, true },
+  { 426406, true },
+  { 426423, false },
+  { 426443, true },
+  { 426453, true },
+  { 426464, true },
+  { 426472, false },
+  { 426481, true },
+  { 426494, true },
+  { 426511, true },
+  { 426525, true },
+  { 426538, true },
+  { 426551, true },
+  { 426565, true },
+  { 426578, true },
+  { 426601, true },
+  { 426614, true },
+  { 426640, true },
+  { 426656, true },
+  { 426668, true },
+  { 426681, true },
+  { 426700, true },
+  { 426716, true },
+  { 426726, true },
+  { 426741, false },
+  { 426753, true },
+  { 426770, true },
+  { 426797, true },
+  { 426807, true },
+  { 426824, true },
+  { 426842, true },
+  { 426853, true },
+  { 426867, true },
+  { 426885, true },
+  { 426894, true },
+  { 426905, true },
+  { 426916, true },
+  { 426924, true },
+  { 426934, true },
+  { 426944, true },
+  { 426958, true },
+  { 426965, true },
+  { 426975, true },
+  { 426982, true },
+  { 426991, true },
+  { 427001, true },
+  { 427009, true },
+  { 427019, true },
+  { 427026, true },
+  { 427035, true },
+  { 427051, true },
+  { 427069, true },
+  { 427086, true },
+  { 427104, true },
+  { 427122, true },
+  { 427138, true },
+  { 427157, true },
+  { 427170, true },
+  { 427183, true },
+  { 427196, true },
+  { 427209, true },
+  { 427223, true },
+  { 427235, true },
+  { 427250, true },
+  { 427265, true },
+  { 427280, true },
+  { 427292, true },
+  { 427305, true },
+  { 427316, true },
+  { 427328, true },
+  { 427338, true },
+  { 427356, true },
+  { 427371, true },
+  { 427386, true },
+  { 427401, true },
+  { 427410, true },
+  { 427427, true },
+  { 427438, true },
+  { 427451, true },
+  { 427464, true },
+  { 427469, true },
+  { 427476, true },
+  { 427486, true },
+  { 427496, true },
+  { 427510, true },
+  { 427530, true },
+  { 427574, true },
+  { 427608, false },
+  { 427615, true },
+  { 427622, false },
+  { 427642, true },
+  { 427666, true },
+  { 427680, false },
+  { 427690, true },
+  { 427707, true },
+  { 427720, false },
+  { 427735, true },
+  { 427747, true },
+  { 427761, true },
+  { 427775, true },
+  { 427787, true },
+  { 427798, true },
+  { 427810, true },
+  { 427822, true },
+  { 427836, true },
+  { 427848, true },
+  { 427858, false },
+  { 427866, true },
+  { 427881, true },
+  { 427889, true },
+  { 427900, true },
+  { 427915, true },
+  { 427937, true },
+  { 427947, true },
+  { 427963, true },
+  { 427978, true },
+  { 427988, true },
+  { 428007, true },
+  { 428019, false },
+  { 428026, true },
+  { 428042, true },
+  { 428054, true },
+  { 428076, true },
+  { 428091, true },
+  { 428116, true },
+  { 428125, true },
+  { 428140, true },
+  { 428163, true },
+  { 428173, true },
+  { 428180, true },
+  { 428191, true },
+  { 428202, true },
+  { 428214, true },
+  { 428222, true },
+  { 428236, true },
+  { 428246, true },
+  { 428258, true },
+  { 428265, true },
+  { 428277, true },
+  { 428294, true },
+  { 428302, true },
+  { 428313, true },
+  { 428323, true },
+  { 428345, true },
+  { 428357, true },
+  { 428367, false },
+  { 428387, false },
+  { 428410, true },
+  { 428425, true },
+  { 428449, true },
+  { 428459, true },
+  { 428477, true },
+  { 428503, true },
+  { 428522, true },
+  { 428546, true },
+  { 428557, true },
+  { 428569, true },
+  { 428582, true },
+  { 428596, true },
+  { 428610, true },
+  { 428623, true },
+  { 428636, true },
+  { 428647, true },
+  { 428658, true },
+  { 428674, true },
+  { 428683, true },
+  { 428693, false },
+  { 428704, true },
+  { 428720, true },
+  { 428736, true },
+  { 428754, true },
+  { 428770, true },
+  { 428785, true },
+  { 428797, true },
+  { 428811, true },
+  { 428825, true },
+  { 428839, true },
+  { 428849, true },
+  { 428863, true },
+  { 428872, true },
+  { 428894, true },
+  { 428909, true },
+  { 428922, true },
+  { 428936, true },
+  { 428950, true },
+  { 428965, true },
+  { 428979, true },
+  { 428993, true },
+  { 429008, true },
+  { 429022, true },
+  { 429035, true },
+  { 429049, true },
+  { 429063, true },
+  { 429077, true },
+  { 429090, true },
+  { 429104, true },
+  { 429122, true },
+  { 429136, true },
+  { 429153, true },
+  { 429171, true },
+  { 429187, true },
+  { 429202, true },
+  { 429227, true },
+  { 429251, true },
+  { 429273, true },
+  { 429287, false },
+  { 429299, true },
+  { 429315, true },
+  { 429326, true },
+  { 429336, false },
+  { 429360, true },
+  { 429380, false },
+  { 429395, true },
+  { 429407, true },
+  { 429415, true },
+  { 429429, true },
+  { 429446, true },
+  { 429456, true },
+  { 429471, true },
+  { 429486, true },
+  { 429501, true },
+  { 429516, true },
+  { 429531, true },
+  { 429546, true },
+  { 429564, true },
+  { 429581, true },
+  { 429604, true },
+  { 429624, true },
+  { 429638, true },
+  { 429658, true },
+  { 429676, true },
+  { 429693, true },
+  { 429706, true },
+  { 429719, true },
+  { 429736, true },
+  { 429753, false },
+  { 429770, true },
+  { 429787, true },
+  { 429800, true },
+  { 429817, true },
+  { 429847, true },
+  { 429867, true },
+  { 429895, true },
+  { 429911, true },
+  { 429922, true },
+  { 429935, true },
+  { 429948, true },
+  { 429958, true },
+  { 429976, true },
+  { 429986, true },
+  { 430014, true },
+  { 430033, true },
+  { 430053, true },
+  { 430071, true },
+  { 430084, true },
+  { 430098, true },
+  { 430112, true },
+  { 430124, true },
+  { 430143, false },
+  { 430154, true },
+  { 430171, true },
+  { 430195, true },
+  { 430209, true },
+  { 430223, true },
+  { 430247, true },
+  { 430270, true },
+  { 430298, true },
+  { 430317, true },
+  { 430333, true },
+  { 430346, true },
+  { 430354, true },
+  { 430366, true },
+  { 430380, false },
+  { 430393, true },
+  { 430407, true },
+  { 430421, true },
+  { 430431, true },
+  { 430442, true },
+  { 430451, false },
+  { 430466, true },
+  { 430478, true },
+  { 430494, true },
+  { 430507, true },
+  { 430520, true },
+  { 430538, true },
+  { 430554, true },
+  { 430564, true },
+  { 430579, true },
+  { 430587, true },
+  { 430598, true },
+  { 430613, true },
+  { 430630, true },
+  { 430643, true },
+  { 430652, true },
+  { 430659, true },
+  { 430677, true },
+  { 430695, true },
+  { 430704, true },
+  { 430714, true },
+  { 430724, true },
+  { 430745, true },
+  { 430764, true },
+  { 430784, true },
+  { 430800, true },
+  { 430816, true },
+  { 430834, true },
+  { 430849, true },
+  { 430857, true },
+  { 430876, true },
+  { 430895, true },
+  { 430907, true },
+  { 430914, true },
+  { 430930, true },
+  { 430945, true },
+  { 430955, true },
+  { 430963, true },
+  { 430973, true },
+  { 430989, true },
+  { 431004, true },
+  { 431011, true },
+  { 431029, true },
+  { 431050, true },
+  { 431068, true },
+  { 431081, true },
+  { 431092, true },
+  { 431107, true },
+  { 431122, true },
+  { 431133, false },
+  { 431153, true },
+  { 431168, true },
+  { 431190, true },
+  { 431200, true },
+  { 431225, true },
+  { 431240, true },
+  { 431253, true },
+  { 431264, true },
+  { 431278, true },
+  { 431290, true },
+  { 431314, true },
+  { 431336, true },
+  { 431349, true },
+  { 431359, true },
+  { 431378, true },
+  { 431391, true },
+  { 431403, true },
+  { 431415, true },
+  { 431426, true },
+  { 431432, true },
+  { 431439, true },
+  { 431453, true },
+  { 431464, true },
+  { 431481, true },
+  { 431503, true },
+  { 431519, true },
+  { 431538, true },
+  { 431549, true },
+  { 431567, true },
+  { 431591, true },
+  { 431611, true },
+  { 431632, true },
+  { 431648, true },
+  { 431674, true },
+  { 431685, true },
+  { 431699, true },
+  { 431713, true },
+  { 431723, true },
+  { 431742, true },
+  { 431753, true },
+  { 431766, true },
+  { 431774, true },
+  { 431781, true },
+  { 431788, true },
+  { 431795, true },
+  { 431803, true },
+  { 431823, true },
+  { 431841, true },
+  { 431852, true },
+  { 431865, true },
+  { 431885, true },
+  { 431894, true },
+  { 431908, true },
+  { 431923, true },
+  { 431939, false },
+  { 431948, true },
+  { 431966, true },
+  { 431980, true },
+  { 431998, true },
+  { 432017, true },
+  { 432029, true },
+  { 432041, true },
+  { 432068, false },
+  { 432077, true },
+  { 432090, true },
+  { 432106, true },
+  { 432117, true },
+  { 432124, true },
+  { 432133, true },
+  { 432140, true },
+  { 432152, true },
+  { 432163, true },
+  { 432172, true },
+  { 432188, true },
+  { 432201, true },
+  { 432217, true },
+  { 432229, true },
+  { 432247, true },
+  { 432257, true },
+  { 432274, true },
+  { 432284, true },
+  { 432299, true },
+  { 432310, true },
+  { 432321, true },
+  { 432339, true },
+  { 432351, true },
+  { 432360, true },
+  { 432371, true },
+  { 432381, true },
+  { 432397, true },
+  { 432409, true },
+  { 432425, true },
+  { 432442, true },
+  { 432456, true },
+  { 432468, true },
+  { 432479, true },
+  { 432492, true },
+  { 432508, true },
+  { 432524, true },
+  { 432540, true },
+  { 432559, true },
+  { 432578, true },
+  { 432595, true },
+  { 432612, true },
+  { 432627, true },
+  { 432644, true },
+  { 432654, true },
+  { 432671, true },
+  { 432690, true },
+  { 432698, true },
+  { 432708, true },
+  { 432715, true },
+  { 432725, true },
+  { 432733, true },
+  { 432745, true },
+  { 432756, true },
+  { 432779, true },
+  { 432796, true },
+  { 432815, false },
+  { 432835, false },
+  { 432855, true },
+  { 432872, true },
+  { 432882, true },
+  { 432891, true },
+  { 432900, true },
+  { 432911, true },
+  { 432920, true },
+  { 432929, true },
+  { 432938, true },
+  { 432957, true },
+  { 432980, true },
+  { 432993, true },
+  { 433009, true },
+  { 433026, true },
+  { 433059, true },
+  { 433092, true },
+  { 433101, true },
+  { 433113, true },
+  { 433129, true },
+  { 433141, true },
+  { 433153, true },
+  { 433164, true },
+  { 433179, true },
+  { 433196, true },
+  { 433210, true },
+  { 433222, true },
+  { 433243, true },
+  { 433258, true },
+  { 433276, true },
+  { 433288, true },
+  { 433298, true },
+  { 433322, true },
+  { 433340, true },
+  { 433363, true },
+  { 433383, true },
+  { 433404, true },
+  { 433430, true },
+  { 433445, true },
+  { 433464, true },
+  { 433481, true },
+  { 433501, true },
+  { 433510, true },
+  { 433523, true },
+  { 433540, true },
+  { 433554, true },
+  { 433567, true },
+  { 433583, true },
+  { 433593, true },
+  { 433602, true },
+  { 433616, true },
+  { 433627, true },
+  { 433644, true },
+  { 433663, true },
+  { 433678, true },
+  { 433691, true },
+  { 433710, true },
+  { 433720, true },
+  { 433742, true },
+  { 433757, true },
+  { 433771, true },
+  { 433786, true },
+  { 433799, true },
+  { 433808, true },
+  { 433819, true },
+  { 433832, true },
+  { 433844, true },
+  { 433858, true },
+  { 433879, false },
+  { 433893, false },
+  { 433907, true },
+  { 433918, true },
+  { 433934, true },
+  { 433962, true },
+  { 433976, true },
+  { 433986, true },
+  { 434011, true },
+  { 434023, true },
+  { 434041, true },
+  { 434056, true },
+  { 434071, true },
+  { 434085, true },
+  { 434100, true },
+  { 434117, true },
+  { 434139, true },
+  { 434150, true },
+  { 434173, true },
+  { 434194, false },
+  { 434207, true },
+  { 434219, true },
+  { 434233, true },
+  { 434248, true },
+  { 434260, true },
+  { 434272, true },
+  { 434285, true },
+  { 434302, true },
+  { 434311, true },
+  { 434323, true },
+  { 434333, false },
+  { 434344, true },
+  { 434358, true },
+  { 434375, true },
+  { 434388, true },
+  { 434401, true },
+  { 434415, true },
+  { 434431, true },
+  { 434442, false },
+  { 434454, true },
+  { 434468, true },
+  { 434479, true },
+  { 434491, true },
+  { 434513, true },
+  { 434536, true },
+  { 434548, true },
+  { 434564, true },
+  { 434585, true },
+  { 434601, true },
+  { 434619, true },
+  { 434645, true },
+  { 434660, true },
+  { 434678, true },
+  { 434687, false },
+  { 434700, true },
+  { 434718, true },
+  { 434728, true },
+  { 434742, true },
+  { 434752, true },
+  { 434769, true },
+  { 434788, true },
+  { 434804, true },
+  { 434828, true },
+  { 434842, true },
+  { 434853, true },
+  { 434866, true },
+  { 434881, true },
+  { 434896, true },
+  { 434908, true },
+  { 434924, true },
+  { 434932, true },
+  { 434942, true },
+  { 434952, true },
+  { 434967, true },
+  { 434980, true },
+  { 434992, true },
+  { 435002, true },
+  { 435014, true },
+  { 435024, true },
+  { 435041, true },
+  { 435051, true },
+  { 435057, true },
+  { 435066, true },
+  { 435079, true },
+  { 435088, true },
+  { 435108, true },
+  { 435116, false },
+  { 435137, true },
+  { 435151, true },
+  { 435163, true },
+  { 435175, true },
+  { 435190, true },
+  { 435203, true },
+  { 435214, true },
+  { 435223, true },
+  { 435237, true },
+  { 435247, true },
+  { 435260, true },
+  { 435270, true },
+  { 435281, true },
+  { 435297, true },
+  { 435308, false },
+  { 435328, true },
+  { 435338, true },
+  { 435345, false },
+  { 435355, true },
+  { 435372, true },
+  { 435382, true },
+  { 435397, true },
+  { 435407, true },
+  { 435421, true },
+  { 435438, true },
+  { 435458, true },
+  { 435473, true },
+  { 435488, true },
+  { 435501, true },
+  { 435512, true },
+  { 435523, true },
+  { 435553, true },
+  { 435579, true },
+  { 435587, true },
+  { 435606, true },
+  { 435614, true },
+  { 435625, true },
+  { 435639, true },
+  { 435661, true },
+  { 435675, true },
+  { 435690, true },
+  { 435705, true },
+  { 435723, true },
+  { 435736, true },
+  { 435761, true },
+  { 435792, true },
+  { 435811, true },
+  { 435826, true },
+  { 435841, true },
+  { 435866, true },
+  { 435887, true },
+  { 435899, true },
+  { 435912, true },
+  { 435924, true },
+  { 435936, true },
+  { 435949, true },
+  { 435957, true },
+  { 435973, true },
+  { 435985, true },
+  { 436005, true },
+  { 436016, true },
+  { 436031, true },
+  { 436048, true },
+  { 436066, true },
+  { 436082, true },
+  { 436102, true },
+  { 436123, true },
+  { 436134, true },
+  { 436147, true },
+  { 436157, true },
+  { 436170, true },
+  { 436192, true },
+  { 436214, true },
+  { 436232, true },
+  { 436261, true },
+  { 436282, true },
+  { 436301, true },
+  { 436320, true },
+  { 436333, true },
+  { 436354, true },
+  { 436371, true },
+  { 436386, true },
+  { 436410, true },
+  { 436431, true },
+  { 436453, true },
+  { 436480, true },
+  { 436507, true },
+  { 436532, true },
+  { 436553, true },
+  { 436577, true },
+  { 436586, true },
+  { 436603, true },
+  { 436616, true },
+  { 436640, true },
+  { 436651, true },
+  { 436674, true },
+  { 436690, true },
+  { 436713, true },
+  { 436726, true },
+  { 436738, true },
+  { 436750, true },
+  { 436763, true },
+  { 436775, true },
+  { 436785, true },
+  { 436799, true },
+  { 436813, true },
+  { 436831, true },
+  { 436851, true },
+  { 436863, true },
+  { 436874, true },
+  { 436887, true },
+  { 436896, true },
+  { 436909, true },
+  { 436922, true },
+  { 436933, true },
+  { 436944, true },
+  { 436957, true },
+  { 436967, true },
+  { 436978, true },
+  { 436989, true },
+  { 437003, true },
+  { 437022, true },
+  { 437040, true },
+  { 437057, true },
+  { 437071, true },
+  { 437084, true },
+  { 437104, true },
+  { 437121, true },
+  { 437133, false },
+  { 437143, true },
+  { 437160, true },
+  { 437181, true },
+  { 437191, true },
+  { 437208, true },
+  { 437222, true },
+  { 437240, true },
+  { 437262, true },
+  { 437277, true },
+  { 437295, true },
+  { 437313, true },
+  { 437330, true },
+  { 437347, true },
+  { 437360, true },
+  { 437377, true },
+  { 437387, true },
+  { 437405, true },
+  { 437417, true },
+  { 437425, true },
+  { 437440, false },
+  { 437458, false },
+  { 437476, false },
+  { 437493, true },
+  { 437514, true },
+  { 437536, true },
+  { 437554, true },
+  { 437567, true },
+  { 437577, true },
+  { 437593, true },
+  { 437605, true },
+  { 437617, true },
+  { 437633, true },
+  { 437650, true },
+  { 437660, false },
+  { 437674, false },
+  { 437686, true },
+  { 437701, true },
+  { 437716, true },
+  { 437728, true },
+  { 437741, true },
+  { 437753, true },
+  { 437772, true },
+  { 437786, true },
+  { 437803, true },
+  { 437821, true },
+  { 437839, false },
+  { 437854, true },
+  { 437879, true },
+  { 437889, true },
+  { 437902, true },
+  { 437920, true },
+  { 437932, true },
+  { 437940, true },
+  { 437954, true },
+  { 437970, true },
+  { 437983, true },
+  { 438011, true },
+  { 438026, true },
+  { 438036, true },
+  { 438054, true },
+  { 438065, true },
+  { 438075, true },
+  { 438099, true },
+  { 438122, true },
+  { 438129, true },
+  { 438144, true },
+  { 438160, true },
+  { 438172, true },
+  { 438184, true },
+  { 438202, true },
+  { 438225, true },
+  { 438241, true },
+  { 438270, true },
+  { 438288, true },
+  { 438309, true },
+  { 438324, true },
+  { 438348, true },
+  { 438366, true },
+  { 438385, true },
+  { 438408, true },
+  { 438418, true },
+  { 438437, true },
+  { 438446, true },
+  { 438457, true },
+  { 438465, true },
+  { 438475, true },
+  { 438486, true },
+  { 438510, false },
+  { 438525, true },
+  { 438543, true },
+  { 438561, true },
+  { 438575, true },
+  { 438587, true },
+  { 438610, true },
+  { 438624, true },
+  { 438635, true },
+  { 438647, true },
+  { 438672, true },
+  { 438689, true },
+  { 438712, true },
+  { 438737, true },
+  { 438749, true },
+  { 438761, true },
+  { 438773, true },
+  { 438789, true },
+  { 438801, true },
+  { 438824, true },
+  { 438842, true },
+  { 438856, true },
+  { 438872, true },
+  { 438884, true },
+  { 438892, true },
+  { 438916, true },
+  { 438928, true },
+  { 438941, true },
+  { 438952, true },
+  { 438969, true },
+  { 438981, true },
+  { 438998, true },
+  { 439008, true },
+  { 439027, true },
+  { 439047, false },
+  { 439070, true },
+  { 439090, true },
+  { 439104, true },
+  { 439122, true },
+  { 439140, true },
+  { 439153, true },
+  { 439168, true },
+  { 439178, true },
+  { 439195, true },
+  { 439212, true },
+  { 439225, true },
+  { 439236, true },
+  { 439256, true },
+  { 439270, true },
+  { 439291, true },
+  { 439304, true },
+  { 439325, true },
+  { 439336, true },
+  { 439347, true },
+  { 439369, true },
+  { 439387, false },
+  { 439401, true },
+  { 439420, true },
+  { 439435, true },
+  { 439462, true },
+  { 439471, true },
+  { 439489, true },
+  { 439503, false },
+  { 439525, true },
+  { 439534, true },
+  { 439553, true },
+  { 439569, true },
+  { 439582, true },
+  { 439594, true },
+  { 439610, true },
+  { 439623, true },
+  { 439636, true },
+  { 439650, true },
+  { 439663, true },
+  { 439681, true },
+  { 439696, true },
+  { 439716, true },
+  { 439731, true },
+  { 439744, true },
+  { 439756, true },
+  { 439769, true },
+  { 439781, true },
+  { 439793, true },
+  { 439804, true },
+  { 439822, true },
+  { 439833, true },
+  { 439844, true },
+  { 439857, true },
+  { 439870, true },
+  { 439890, true },
+  { 439904, true },
+  { 439915, true },
+  { 439930, true },
+  { 439948, true },
+  { 439971, true },
+  { 439986, true },
+  { 440007, true },
+  { 440026, true },
+  { 440034, true },
+  { 440045, true },
+  { 440053, true },
+  { 440066, true },
+  { 440080, true },
+  { 440090, true },
+  { 440100, true },
+  { 440114, true },
+  { 440126, false },
+  { 440136, true },
+  { 440153, true },
+  { 440162, true },
+  { 440179, true },
+  { 440195, true },
+  { 440217, true },
+  { 440227, true },
+  { 440237, true },
+  { 440250, true },
+  { 440259, true },
+  { 440281, true },
+  { 440291, true },
+  { 440301, true },
+  { 440309, true },
+  { 440317, true },
+  { 440327, true },
+  { 440336, true },
+  { 440345, true },
+  { 440355, false },
+  { 440363, true },
+  { 440375, false },
+  { 440386, true },
+  { 440394, false },
+  { 440408, true },
+  { 440418, true },
+  { 440426, false },
+  { 440446, true },
+  { 440456, true },
+  { 440470, true },
+  { 440480, true },
+  { 440491, true },
+  { 440503, true },
+  { 440518, true },
+  { 440529, true },
+  { 440540, true },
+  { 440551, true },
+  { 440563, true },
+  { 440583, true },
+  { 440592, true },
+  { 440603, true },
+  { 440617, true },
+  { 440629, true },
+  { 440641, true },
+  { 440653, true },
+  { 440664, true },
+  { 440674, true },
+  { 440688, true },
+  { 440699, true },
+  { 440711, false },
+  { 440723, true },
+  { 440735, true },
+  { 440755, true },
+  { 440764, false },
+  { 440778, false },
+  { 440794, true },
+  { 440810, true },
+  { 440825, true },
+  { 440850, true },
+  { 440871, true },
+  { 440885, true },
+  { 440899, true },
+  { 440914, true },
+  { 440923, true },
+  { 440936, true },
+  { 440945, true },
+  { 440957, true },
+  { 440968, true },
+  { 440989, false },
+  { 441004, true },
+  { 441018, true },
+  { 441035, true },
+  { 441045, true },
+  { 441060, true },
+  { 441067, true },
+  { 441080, true },
+  { 441092, true },
+  { 441102, true },
+  { 441116, true },
+  { 441131, true },
+  { 441141, true },
+  { 441150, true },
+  { 441164, true },
+  { 441178, true },
+  { 441194, true },
+  { 441216, true },
+  { 441227, true },
+  { 441240, true },
+  { 441251, true },
+  { 441274, true },
+  { 441281, true },
+  { 441300, true },
+  { 441310, false },
+  { 441325, true },
+  { 441346, true },
+  { 441362, true },
+  { 441386, true },
+  { 441403, true },
+  { 441423, true },
+  { 441434, true },
+  { 441450, true },
+  { 441460, true },
+  { 441467, true },
+  { 441481, true },
+  { 441493, true },
+  { 441506, true },
+  { 441518, true },
+  { 441532, true },
+  { 441547, true },
+  { 441559, true },
+  { 441574, true },
+  { 441597, false },
+  { 441608, true },
+  { 441626, true },
+  { 441642, true },
+  { 441658, true },
+  { 441671, true },
+  { 441680, true },
+  { 441694, true },
+  { 441704, true },
+  { 441714, true },
+  { 441741, true },
+  { 441764, true },
+  { 441776, true },
+  { 441792, true },
+  { 441802, true },
+  { 441811, true },
+  { 441818, true },
+  { 441834, true },
+  { 441843, true },
+  { 441860, true },
+  { 441877, true },
+  { 441889, true },
+  { 441902, true },
+  { 441915, true },
+  { 441928, true },
+  { 441942, true },
+  { 441969, true },
+  { 441982, true },
+  { 441989, true },
+  { 441997, true },
+  { 442015, true },
+  { 442032, true },
+  { 442044, true },
+  { 442056, true },
+  { 442076, true },
+  { 442086, true },
+  { 442099, true },
+  { 442108, true },
+  { 442125, true },
+  { 442142, true },
+  { 442158, true },
+  { 442169, true },
+  { 442189, true },
+  { 442198, true },
+  { 442210, true },
+  { 442222, true },
+  { 442232, true },
+  { 442241, true },
+  { 442254, true },
+  { 442263, true },
+  { 442287, true },
+  { 442299, true },
+  { 442306, true },
+  { 442318, true },
+  { 442329, true },
+  { 442337, true },
+  { 442343, true },
+  { 442350, true },
+  { 442358, true },
+  { 442368, true },
+  { 442375, true },
+  { 442385, true },
+  { 442405, true },
+  { 442413, true },
+  { 442425, true },
+  { 442437, true },
+  { 442447, true },
+  { 442458, true },
+  { 442476, true },
+  { 442489, true },
+  { 442501, true },
+  { 442512, true },
+  { 442522, true },
+  { 442534, true },
+  { 442553, true },
+  { 442563, true },
+  { 442573, true },
+  { 442588, true },
+  { 442600, true },
+  { 442620, true },
+  { 442642, true },
+  { 442653, true },
+  { 442664, true },
+  { 442673, true },
+  { 442681, true },
+  { 442698, true },
+  { 442707, true },
+  { 442726, true },
+  { 442733, true },
+  { 442747, true },
+  { 442758, true },
+  { 442779, true },
+  { 442792, true },
+  { 442801, true },
+  { 442829, true },
+  { 442853, true },
+  { 442868, true },
+  { 442882, true },
+  { 442900, true },
+  { 442918, true },
+  { 442931, false },
+  { 442945, true },
+  { 442961, true },
+  { 442976, true },
+  { 442992, true },
+  { 443001, true },
+  { 443010, true },
+  { 443037, true },
+  { 443054, true },
+  { 443067, true },
+  { 443082, true },
+  { 443095, true },
+  { 443109, false },
+  { 443119, true },
+  { 443129, true },
+  { 443143, true },
+  { 443157, true },
+  { 443165, true },
+  { 443183, true },
+  { 443199, true },
+  { 443209, true },
+  { 443220, true },
+  { 443230, true },
+  { 443243, true },
+  { 443259, true },
+  { 443270, true },
+  { 443280, true },
+  { 443293, true },
+  { 443304, true },
+  { 443328, true },
+  { 443340, true },
+  { 443351, true },
+  { 443363, true },
+  { 443379, true },
+  { 443400, true },
+  { 443414, true },
+  { 443431, false },
+  { 443447, true },
+  { 443463, true },
+  { 443475, true },
+  { 443509, true },
+  { 443523, true },
+  { 443541, true },
+  { 443563, true },
+  { 443586, true },
+  { 443597, true },
+  { 443610, true },
+  { 443639, true },
+  { 443659, true },
+  { 443671, true },
+  { 443690, true },
+  { 443700, true },
+  { 443710, true },
+  { 443727, true },
+  { 443742, true },
+  { 443752, true },
+  { 443763, true },
+  { 443775, true },
+  { 443790, true },
+  { 443806, true },
+  { 443828, true },
+  { 443847, true },
+  { 443882, true },
+  { 443897, true },
+  { 443915, true },
+  { 443932, true },
+  { 443952, true },
+  { 443969, true },
+  { 443981, true },
+  { 444002, true },
+  { 444017, true },
+  { 444038, true },
+  { 444052, true },
+  { 444067, true },
+  { 444079, true },
+  { 444095, true },
+  { 444106, true },
+  { 444115, true },
+  { 444132, false },
+  { 444144, true },
+  { 444156, true },
+  { 444168, true },
+  { 444177, true },
+  { 444186, true },
+  { 444194, true },
+  { 444204, true },
+  { 444215, true },
+  { 444232, true },
+  { 444250, true },
+  { 444261, true },
+  { 444269, true },
+  { 444281, true },
+  { 444291, true },
+  { 444300, true },
+  { 444310, true },
+  { 444320, true },
+  { 444343, true },
+  { 444358, true },
+  { 444368, true },
+  { 444380, true },
+  { 444392, true },
+  { 444402, false },
+  { 444409, true },
+  { 444416, true },
+  { 444426, true },
+  { 444442, true },
+  { 444458, true },
+  { 444477, true },
+  { 444498, false },
+  { 444516, true },
+  { 444536, true },
+  { 444559, true },
+  { 444579, true },
+  { 444595, true },
+  { 444614, true },
+  { 444634, true },
+  { 444649, true },
+  { 444667, true },
+  { 444690, true },
+  { 444707, true },
+  { 444718, false },
+  { 444742, true },
+  { 444761, true },
+  { 444778, true },
+  { 444796, true },
+  { 444813, true },
+  { 444826, true },
+  { 444840, true },
+  { 444854, true },
+  { 444873, true },
+  { 444885, true },
+  { 444893, false },
+  { 444900, true },
+  { 444907, true },
+  { 444919, true },
+  { 444931, true },
+  { 444945, true },
+  { 444956, true },
+  { 444968, true },
+  { 444984, true },
+  { 444994, true },
+  { 445008, false },
+  { 445022, true },
+  { 445033, true },
+  { 445045, true },
+  { 445057, false },
+  { 445070, true },
+  { 445083, true },
+  { 445098, true },
+  { 445112, true },
+  { 445127, true },
+  { 445142, true },
+  { 445160, true },
+  { 445183, true },
+  { 445198, true },
+  { 445209, true },
+  { 445225, true },
+  { 445248, true },
+  { 445280, true },
+  { 445298, true },
+  { 445321, true },
+  { 445344, true },
+  { 445359, true },
+  { 445372, true },
+  { 445384, true },
+  { 445395, true },
+  { 445420, true },
+  { 445431, true },
+  { 445464, true },
+  { 445490, true },
+  { 445524, true },
+  { 445547, true },
+  { 445561, true },
+  { 445574, true },
+  { 445587, true },
+  { 445604, true },
+  { 445621, true },
+  { 445638, true },
+  { 445656, true },
+  { 445668, true },
+  { 445682, true },
+  { 445694, true },
+  { 445706, true },
+  { 445720, true },
+  { 445732, true },
+  { 445748, false },
+  { 445768, true },
+  { 445781, false },
+  { 445799, false },
+  { 445822, true },
+  { 445842, true },
+  { 445858, true },
+  { 445872, true },
+  { 445893, true },
+  { 445904, true },
+  { 445919, true },
+  { 445933, true },
+  { 445950, true },
+  { 445962, true },
+  { 445975, true },
+  { 445987, true },
+  { 445999, true },
+  { 446013, true },
+  { 446028, true },
+  { 446040, false },
+  { 446053, true },
+  { 446072, true },
+  { 446090, true },
+  { 446112, true },
+  { 446127, true },
+  { 446139, true },
+  { 446153, true },
+  { 446167, true },
+  { 446183, true },
+  { 446196, true },
+  { 446211, false },
+  { 446223, true },
+  { 446239, true },
+  { 446254, false },
+  { 446276, true },
+  { 446296, true },
+  { 446308, true },
+  { 446322, true },
+  { 446343, true },
+  { 446362, true },
+  { 446376, true },
+  { 446391, true },
+  { 446406, true },
+  { 446427, true },
+  { 446446, true },
+  { 446465, true },
+  { 446478, true },
+  { 446491, true },
+  { 446505, false },
+  { 446517, true },
+  { 446527, true },
+  { 446543, true },
+  { 446561, true },
+  { 446577, true },
+  { 446589, true },
+  { 446603, true },
+  { 446613, true },
+  { 446627, true },
+  { 446644, true },
+  { 446658, true },
+  { 446668, false },
+  { 446682, true },
+  { 446696, true },
+  { 446717, true },
+  { 446727, true },
+  { 446741, true },
+  { 446762, true },
+  { 446775, true },
+  { 446791, true },
+  { 446804, true },
+  { 446817, true },
+  { 446835, true },
+  { 446856, true },
+  { 446869, true },
+  { 446879, true },
+  { 446890, true },
+  { 446906, true },
+  { 446920, true },
+  { 446932, true },
+  { 446945, true },
+  { 446966, true },
+  { 446981, true },
+  { 446996, true },
+  { 447007, true },
+  { 447020, true },
+  { 447033, true },
+  { 447043, true },
+  { 447067, true },
+  { 447087, true },
+  { 447104, true },
+  { 447121, true },
+  { 447135, true },
+  { 447145, true },
+  { 447162, true },
+  { 447177, true },
+  { 447191, true },
+  { 447208, true },
+  { 447218, true },
+  { 447234, true },
+  { 447262, true },
+  { 447274, true },
+  { 447292, true },
+  { 447302, true },
+  { 447320, true },
+  { 447330, true },
+  { 447338, true },
+  { 447349, true },
+  { 447372, true },
+  { 447396, true },
+  { 447412, true },
+  { 447428, true },
+  { 447444, true },
+  { 447460, true },
+  { 447481, true },
+  { 447493, true },
+  { 447506, true },
+  { 447531, true },
+  { 447550, true },
+  { 447572, true },
+  { 447593, true },
+  { 447606, true },
+  { 447621, true },
+  { 447632, true },
+  { 447652, true },
+  { 447672, true },
+  { 447686, true },
+  { 447700, true },
+  { 447715, true },
+  { 447725, true },
+  { 447737, true },
+  { 447759, true },
+  { 447777, true },
+  { 447789, true },
+  { 447813, true },
+  { 447833, true },
+  { 447848, true },
+  { 447863, true },
+  { 447876, true },
+  { 447894, true },
+  { 447909, true },
+  { 447925, true },
+  { 447946, true },
+  { 447967, true },
+  { 447983, true },
+  { 448007, true },
+  { 448018, true },
+  { 448027, true },
+  { 448042, true },
+  { 448051, true },
+  { 448062, false },
+  { 448072, true },
+  { 448084, true },
+  { 448099, true },
+  { 448116, true },
+  { 448128, true },
+  { 448153, true },
+  { 448180, true },
+  { 448196, true },
+  { 448206, true },
+  { 448218, true },
+  { 448234, true },
+  { 448245, true },
+  { 448261, true },
+  { 448282, true },
+  { 448299, true },
+  { 448323, true },
+  { 448334, true },
+  { 448347, true },
+  { 448366, true },
+  { 448378, true },
+  { 448390, true },
+  { 448404, true },
+  { 448424, true },
+  { 448443, true },
+  { 448466, true },
+  { 448482, true },
+  { 448502, true },
+  { 448514, true },
+  { 448526, true },
+  { 448536, true },
+  { 448551, true },
+  { 448571, true },
+  { 448582, true },
+  { 448594, true },
+  { 448608, true },
+  { 448627, true },
+  { 448654, true },
+  { 448675, true },
+  { 448699, true },
+  { 448715, true },
+  { 448727, true },
+  { 448759, true },
+  { 448783, true },
+  { 448813, true },
+  { 448828, true },
+  { 448841, true },
+  { 448867, true },
+  { 448902, true },
+  { 448932, true },
+  { 448953, true },
+  { 448967, true },
+  { 448979, true },
+  { 449004, true },
+  { 449027, true },
+  { 449038, true },
+  { 449051, true },
+  { 449075, true },
+  { 449094, true },
+  { 449107, true },
+  { 449136, true },
+  { 449159, true },
+  { 449183, true },
+  { 449210, true },
+  { 449224, true },
+  { 449247, true },
+  { 449273, true },
+  { 449301, true },
+  { 449332, true },
+  { 449357, true },
+  { 449365, true },
+  { 449372, true },
+  { 449380, true },
+  { 449389, true },
+  { 449402, true },
+  { 449414, true },
+  { 449425, true },
+  { 449447, true },
+  { 449460, true },
+  { 449482, true },
+  { 449494, true },
+  { 449515, true },
+  { 449529, true },
+  { 449542, true },
+  { 449563, true },
+  { 449582, true },
+  { 449601, true },
+  { 449620, true },
+  { 449631, true },
+  { 449644, true },
+  { 449656, true },
+  { 449668, true },
+  { 449684, true },
+  { 449700, true },
+  { 449714, true },
+  { 449730, true },
+  { 449747, true },
+  { 449755, true },
+  { 449770, true },
+  { 449787, false },
+  { 449802, true },
+  { 449818, true },
+  { 449832, true },
+  { 449842, true },
+  { 449854, true },
+  { 449873, true },
+  { 449887, false },
+  { 449896, true },
+  { 449908, true },
+  { 449932, true },
+  { 449947, true },
+  { 449960, true },
+  { 449978, true },
+  { 449997, true },
+  { 450010, true },
+  { 450023, true },
+  { 450036, true },
+  { 450049, true },
+  { 450062, true },
+  { 450076, true },
+  { 450087, true },
+  { 450110, true },
+  { 450125, true },
+  { 450138, true },
+  { 450155, true },
+  { 450177, true },
+  { 450199, true },
+  { 450219, true },
+  { 450236, true },
+  { 450260, true },
+  { 450282, true },
+  { 450304, true },
+  { 450321, true },
+  { 450335, true },
+  { 450352, true },
+  { 450359, true },
+  { 450372, true },
+  { 450385, true },
+  { 450396, true },
+  { 450418, true },
+  { 450430, false },
+  { 450453, true },
+  { 450470, true },
+  { 450482, true },
+  { 450510, true },
+  { 450521, true },
+  { 450547, true },
+  { 450562, true },
+  { 450576, true },
+  { 450596, true },
+  { 450617, true },
+  { 450633, true },
+  { 450645, true },
+  { 450656, true },
+  { 450666, true },
+  { 450679, true },
+  { 450693, false },
+  { 450710, true },
+  { 450722, true },
+  { 450735, true },
+  { 450747, true },
+  { 450762, true },
+  { 450775, true },
+  { 450785, true },
+  { 450794, true },
+  { 450811, true },
+  { 450827, true },
+  { 450840, true },
+  { 450850, true },
+  { 450864, true },
+  { 450874, true },
+  { 450897, true },
+  { 450914, true },
+  { 450940, true },
+  { 450958, true },
+  { 450972, true },
+  { 450987, true },
+  { 451000, true },
+  { 451018, true },
+  { 451030, true },
+  { 451040, true },
+  { 451051, true },
+  { 451061, true },
+  { 451072, true },
+  { 451085, false },
+  { 451101, true },
+  { 451114, true },
+  { 451130, true },
+  { 451144, true },
+  { 451157, true },
+  { 451170, false },
+  { 451187, true },
+  { 451201, true },
+  { 451215, true },
+  { 451229, true },
+  { 451253, true },
+  { 451266, true },
+  { 451279, true },
+  { 451293, true },
+  { 451307, true },
+  { 451322, true },
+  { 451338, true },
+  { 451355, true },
+  { 451370, true },
+  { 451385, true },
+  { 451403, true },
+  { 451414, true },
+  { 451429, true },
+  { 451452, true },
+  { 451469, true },
+  { 451482, true },
+  { 451503, true },
+  { 451515, true },
+  { 451535, true },
+  { 451566, true },
+  { 451585, true },
+  { 451599, true },
+  { 451618, true },
+  { 451637, true },
+  { 451645, true },
+  { 451658, true },
+  { 451686, true },
+  { 451702, true },
+  { 451718, true },
+  { 451732, true },
+  { 451755, true },
+  { 451770, true },
+  { 451785, true },
+  { 451809, true },
+  { 451826, true },
+  { 451847, true },
+  { 451865, true },
+  { 451889, true },
+  { 451909, true },
+  { 451935, true },
+  { 451950, true },
+  { 451968, true },
+  { 451988, true },
+  { 452000, true },
+  { 452017, true },
+  { 452036, true },
+  { 452053, true },
+  { 452067, true },
+  { 452086, true },
+  { 452095, true },
+  { 452112, false },
+  { 452133, true },
+  { 452147, true },
+  { 452156, true },
+  { 452175, false },
+  { 452188, true },
+  { 452200, true },
+  { 452226, true },
+  { 452247, true },
+  { 452263, true },
+  { 452278, true },
+  { 452299, true },
+  { 452321, true },
+  { 452335, true },
+  { 452350, true },
+  { 452367, true },
+  { 452385, true },
+  { 452401, true },
+  { 452422, true },
+  { 452439, true },
+  { 452451, true },
+  { 452471, true },
+  { 452487, false },
+  { 452500, true },
+  { 452521, true },
+  { 452535, true },
+  { 452548, true },
+  { 452566, true },
+  { 452580, true },
+  { 452592, true },
+  { 452610, false },
+  { 452629, true },
+  { 452651, true },
+  { 452666, true },
+  { 452685, true },
+  { 452711, true },
+  { 452726, true },
+  { 452742, true },
+  { 452756, true },
+  { 452768, true },
+  { 452783, true },
+  { 452795, true },
+  { 452810, true },
+  { 452823, true },
+  { 452839, true },
+  { 452867, true },
+  { 452888, true },
+  { 452902, true },
+  { 452914, true },
+  { 452926, true },
+  { 452943, true },
+  { 452961, true },
+  { 452987, true },
+  { 452998, true },
+  { 453005, true },
+  { 453018, true },
+  { 453031, true },
+  { 453045, true },
+  { 453064, true },
+  { 453072, true },
+  { 453082, true },
+  { 453089, true },
+  { 453099, true },
+  { 453114, true },
+  { 453133, true },
+  { 453148, true },
+  { 453172, true },
+  { 453188, true },
+  { 453211, true },
+  { 453236, true },
+  { 453252, true },
+  { 453263, false },
+  { 453273, true },
+  { 453282, true },
+  { 453289, true },
+  { 453298, true },
+  { 453309, true },
+  { 453335, true },
+  { 453351, false },
+  { 453363, true },
+  { 453372, true },
+  { 453383, true },
+  { 453396, true },
+  { 453410, true },
+  { 453417, true },
+  { 453424, true },
+  { 453436, true },
+  { 453447, true },
+  { 453457, true },
+  { 453473, true },
+  { 453481, true },
+  { 453488, true },
+  { 453498, true },
+  { 453507, true },
+  { 453515, true },
+  { 453525, true },
+  { 453532, true },
+  { 453542, true },
+  { 453554, true },
+  { 453567, true },
+  { 453586, true },
+  { 453596, true },
+  { 453609, true },
+  { 453622, true },
+  { 453630, true },
+  { 453648, true },
+  { 453660, true },
+  { 453673, true },
+  { 453693, true },
+  { 453710, true },
+  { 453724, true },
+  { 453736, true },
+  { 453748, true },
+  { 453766, true },
+  { 453779, true },
+  { 453795, true },
+  { 453804, true },
+  { 453813, true },
+  { 453823, true },
+  { 453840, true },
+  { 453858, true },
+  { 453879, true },
+  { 453890, true },
+  { 453901, false },
+  { 453915, true },
+  { 453936, true },
+  { 453959, true },
+  { 453979, true },
+  { 454004, true },
+  { 454030, true },
+  { 454056, true },
+  { 454077, true },
+  { 454088, true },
+  { 454098, true },
+  { 454109, true },
+  { 454121, true },
+  { 454135, true },
+  { 454154, true },
+  { 454167, true },
+  { 454195, true },
+  { 454208, true },
+  { 454219, true },
+  { 454229, true },
+  { 454247, true },
+  { 454259, true },
+  { 454274, true },
+  { 454300, true },
+  { 454311, true },
+  { 454326, true },
+  { 454344, true },
+  { 454360, true },
+  { 454376, true },
+  { 454396, true },
+  { 454411, true },
+  { 454427, true },
+  { 454439, true },
+  { 454449, true },
+  { 454477, true },
+  { 454499, true },
+  { 454516, true },
+  { 454536, true },
+  { 454549, true },
+  { 454568, true },
+  { 454576, true },
+  { 454590, true },
+  { 454609, true },
+  { 454626, true },
+  { 454641, true },
+  { 454653, true },
+  { 454685, true },
+  { 454714, true },
+  { 454733, true },
+  { 454757, true },
+  { 454774, true },
+  { 454787, true },
+  { 454803, true },
+  { 454815, true },
+  { 454828, false },
+  { 454842, true },
+  { 454858, true },
+  { 454871, true },
+  { 454890, true },
+  { 454902, true },
+  { 454915, true },
+  { 454940, true },
+  { 454958, true },
+  { 454971, true },
+  { 454991, true },
+  { 455009, true },
+  { 455021, true },
+  { 455033, true },
+  { 455048, true },
+  { 455067, true },
+  { 455082, true },
+  { 455114, true },
+  { 455135, true },
+  { 455153, true },
+  { 455172, true },
+  { 455188, true },
+  { 455213, true },
+  { 455229, true },
+  { 455254, true },
+  { 455270, true },
+  { 455286, true },
+  { 455307, true },
+  { 455324, true },
+  { 455339, true },
+  { 455359, true },
+  { 455385, true },
+  { 455413, true },
+  { 455434, true },
+  { 455452, true },
+  { 455465, true },
+  { 455478, true },
+  { 455494, false },
+  { 455506, true },
+  { 455521, true },
+  { 455535, true },
+  { 455553, true },
+  { 455572, true },
+  { 455586, true },
+  { 455598, true },
+  { 455616, true },
+  { 455630, true },
+  { 455644, true },
+  { 455660, true },
+  { 455683, true },
+  { 455694, true },
+  { 455706, true },
+  { 455716, true },
+  { 455725, true },
+  { 455739, true },
+  { 455753, true },
+  { 455767, true },
+  { 455781, true },
+  { 455792, true },
+  { 455813, true },
+  { 455826, true },
+  { 455839, true },
+  { 455850, true },
+  { 455858, true },
+  { 455870, true },
+  { 455883, true },
+  { 455897, true },
+  { 455911, true },
+  { 455925, true },
+  { 455937, true },
+  { 455954, true },
+  { 455965, true },
+  { 455977, true },
+  { 455986, false },
+  { 455998, true },
+  { 456017, true },
+  { 456030, true },
+  { 456041, true },
+  { 456053, true },
+  { 456064, true },
+  { 456077, true },
+  { 456091, true },
+  { 456102, true },
+  { 456114, true },
+  { 456127, true },
+  { 456133, true },
+  { 456148, true },
+  { 456158, true },
+  { 456174, true },
+  { 456187, true },
+  { 456202, true },
+  { 456213, true },
+  { 456223, true },
+  { 456234, true },
+  { 456250, true },
+  { 456275, true },
+  { 456296, true },
+  { 456314, true },
+  { 456332, true },
+  { 456352, true },
+  { 456374, true },
+  { 456386, true },
+  { 456401, true },
+  { 456414, true },
+  { 456431, true },
+  { 456450, true },
+  { 456473, true },
+  { 456491, true },
+  { 456510, true },
+  { 456523, true },
+  { 456535, true },
+  { 456548, true },
+  { 456561, true },
+  { 456569, true },
+  { 456583, true },
+  { 456595, true },
+  { 456607, true },
+  { 456622, true },
+  { 456635, true },
+  { 456646, true },
+  { 456657, true },
+  { 456671, true },
+  { 456679, true },
+  { 456690, true },
+  { 456699, true },
+  { 456715, true },
+  { 456725, true },
+  { 456739, true },
+  { 456749, true },
+  { 456763, true },
+  { 456770, true },
+  { 456780, true },
+  { 456787, true },
+  { 456798, true },
+  { 456809, true },
+  { 456824, false },
+  { 456833, true },
+  { 456845, true },
+  { 456852, true },
+  { 456861, true },
+  { 456869, false },
+  { 456884, true },
+  { 456893, true },
+  { 456905, true },
+  { 456914, true },
+  { 456923, true },
+  { 456934, true },
+  { 456943, true },
+  { 456952, true },
+  { 456968, true },
+  { 456983, true },
+  { 456993, true },
+  { 457006, true },
+  { 457018, true },
+  { 457026, true },
+  { 457038, true },
+  { 457051, true },
+  { 457062, true },
+  { 457076, true },
+  { 457092, true },
+  { 457104, true },
+  { 457117, true },
+  { 457131, true },
+  { 457145, true },
+  { 457159, true },
+  { 457171, true },
+  { 457184, false },
+  { 457197, true },
+  { 457212, true },
+  { 457226, true },
+  { 457240, true },
+  { 457257, true },
+  { 457274, true },
+  { 457289, true },
+  { 457307, true },
+  { 457325, true },
+  { 457343, true },
+  { 457357, true },
+  { 457371, true },
+  { 457385, true },
+  { 457399, true },
+  { 457413, false },
+  { 457433, false },
+  { 457451, false },
+  { 457477, false },
+  { 457500, false },
+  { 457523, false },
+  { 457544, true },
+  { 457557, true },
+  { 457573, false },
+  { 457589, false },
+  { 457605, true },
+  { 457627, true },
+  { 457640, false },
+  { 457657, false },
+  { 457674, true },
+  { 457691, false },
+  { 457708, false },
+  { 457722, false },
+  { 457741, false },
+  { 457752, false },
+  { 457764, false },
+  { 457783, true },
+  { 457801, true },
+  { 457816, false },
+  { 457830, false },
+  { 457844, true },
+  { 457860, false },
+  { 457877, false },
+  { 457894, false },
+  { 457909, false },
+  { 457925, true },
+  { 457946, true },
+  { 457964, false },
+  { 457983, false },
+  { 458001, true },
+  { 458021, true },
+  { 458037, false },
+  { 458052, true },
+  { 458067, true },
+  { 458091, false },
+  { 458109, false },
+  { 458124, true },
+  { 458144, true },
+  { 458165, false },
+  { 458189, false },
+  { 458208, false },
+  { 458223, false },
+  { 458239, true },
+  { 458254, false },
+  { 458267, false },
+  { 458282, false },
+  { 458296, false },
+  { 458314, true },
+  { 458327, true },
+  { 458338, true },
+  { 458345, true },
+  { 458356, true },
+  { 458367, true },
+  { 458375, true },
+  { 458383, true },
+  { 458393, true },
+  { 458406, true },
+  { 458419, true },
+  { 458431, true },
+  { 458448, true },
+  { 458464, true },
+  { 458478, true },
+  { 458485, true },
+  { 458505, true },
+  { 458513, true },
+  { 458524, true },
+  { 458534, true },
+  { 458543, true },
+  { 458561, true },
+  { 458566, true },
+  { 458571, true },
+  { 458578, true },
+  { 458586, true },
+  { 458595, true },
+  { 458603, true },
+  { 458611, true },
+  { 458619, true },
+  { 458639, true },
+  { 458647, true },
+  { 458656, true },
+  { 458667, false },
+  { 458687, true },
+  { 458694, true },
+  { 458713, false },
+  { 458724, true },
+  { 458734, true },
+  { 458741, true },
+  { 458748, true },
+  { 458758, true },
+  { 458779, true },
+  { 458799, true },
+  { 458813, true },
+  { 458837, true },
+  { 458844, true },
+  { 458854, false },
+  { 458867, true },
+  { 458884, true },
+  { 458901, true },
+  { 458921, true },
+  { 458940, true },
+  { 458946, true },
+  { 458952, true },
+  { 458964, true },
+  { 458976, true },
+  { 458985, true },
+  { 458997, true },
+  { 459010, true },
+  { 459022, true },
+  { 459031, true },
+  { 459042, true },
+  { 459055, true },
+  { 459070, true },
+  { 459084, true },
+  { 459103, true },
+  { 459116, true },
+  { 459129, true },
+  { 459140, true },
+  { 459151, true },
+  { 459162, true },
+  { 459174, true },
+  { 459182, false },
+  { 459201, false },
+  { 459212, true },
+  { 459225, true },
+  { 459236, true },
+  { 459243, true },
+  { 459254, true },
+  { 459261, true },
+  { 459284, true },
+  { 459296, true },
+  { 459310, true },
+  { 459329, true },
+  { 459345, true },
+  { 459361, false },
+  { 459373, true },
+  { 459384, true },
+  { 459401, true },
+  { 459411, true },
+  { 459427, true },
+  { 459441, true },
+  { 459452, true },
+  { 459468, true },
+  { 459482, false },
+  { 459497, true },
+  { 459512, true },
+  { 459522, true },
+  { 459532, true },
+  { 459544, true },
+  { 459555, false },
+  { 459565, true },
+  { 459575, true },
+  { 459593, true },
+  { 459601, true },
+  { 459612, false },
+  { 459620, true },
+  { 459631, true },
+  { 459642, true },
+  { 459654, true },
+  { 459663, true },
+  { 459678, true },
+  { 459689, true },
+  { 459697, true },
+  { 459707, true },
+  { 459717, true },
+  { 459725, true },
+  { 459736, true },
+  { 459746, true },
+  { 459758, true },
+  { 459769, true },
+  { 459780, false },
+  { 459792, true },
+  { 459803, true },
+  { 459822, true },
+  { 459833, true },
+  { 459843, true },
+  { 459855, false },
+  { 459865, true },
+  { 459873, true },
+  { 459887, true },
+  { 459894, true },
+  { 459928, true },
+  { 459953, true },
+  { 459981, true },
+  { 459999, true },
+  { 460013, true },
+  { 460042, true },
+  { 460053, true },
+  { 460072, true },
+  { 460104, true },
+  { 460127, true },
+  { 460148, true },
+  { 460181, true },
+  { 460213, true },
+  { 460239, true },
+  { 460272, true },
+  { 460295, true },
+  { 460314, true },
+  { 460342, true },
+  { 460370, true },
+  { 460390, true },
+  { 460408, true },
+  { 460426, true },
+  { 460451, true },
+  { 460483, true },
+  { 460510, true },
+  { 460532, true },
+  { 460560, true },
+  { 460582, true },
+  { 460603, true },
+  { 460628, true },
+  { 460653, true },
+  { 460677, true },
+  { 460695, true },
+  { 460721, true },
+  { 460749, true },
+  { 460780, true },
+  { 460808, true },
+  { 460834, true },
+  { 460862, true },
+  { 460889, true },
+  { 460929, true },
+  { 460956, true },
+  { 460986, true },
+  { 461005, true },
+  { 461023, true },
+  { 461048, true },
+  { 461063, true },
+  { 461074, true },
+  { 461089, true },
+  { 461115, true },
+  { 461126, false },
+  { 461147, true },
+  { 461173, true },
+  { 461193, true },
+  { 461213, true },
+  { 461237, true },
+  { 461255, true },
+  { 461273, true },
+  { 461299, true },
+  { 461317, true },
+  { 461354, false },
+  { 461383, true },
+  { 461402, true },
+  { 461422, true },
+  { 461455, true },
+  { 461476, true },
+  { 461503, true },
+  { 461517, true },
+  { 461540, true },
+  { 461554, true },
+  { 461582, true },
+  { 461617, true },
+  { 461632, true },
+  { 461646, true },
+  { 461669, true },
+  { 461696, true },
+  { 461728, true },
+  { 461748, true },
+  { 461769, true },
+  { 461783, true },
+  { 461797, true },
+  { 461814, true },
+  { 461836, true },
+  { 461862, true },
+  { 461886, true },
+  { 461911, true },
+  { 461924, true },
+  { 461952, true },
+  { 461994, true },
+  { 462024, true },
+  { 462035, true },
+  { 462054, true },
+  { 462075, true },
+  { 462110, true },
+  { 462133, true },
+  { 462159, true },
+  { 462182, true },
+  { 462198, true },
+  { 462220, true },
+  { 462244, true },
+  { 462270, true },
+  { 462301, true },
+  { 462327, true },
+  { 462339, true },
+  { 462363, true },
+  { 462390, true },
+  { 462411, true },
+  { 462432, true },
+  { 462439, true },
+  { 462450, true },
+  { 462461, true },
+  { 462468, true },
+  { 462479, true },
+  { 462489, true },
+  { 462500, true },
+  { 462506, true },
+  { 462517, true },
+  { 462533, true },
+  { 462549, true },
+  { 462557, true },
+  { 462567, true },
+  { 462574, true },
+  { 462581, true },
+  { 462598, true },
+  { 462611, true },
+  { 462619, true },
+  { 462634, true },
+  { 462645, true },
+  { 462660, true },
+  { 462679, true },
+  { 462693, true },
+  { 462702, true },
+  { 462708, true },
+  { 462722, true },
+  { 462732, true },
+  { 462742, true },
+  { 462750, true },
+  { 462763, true },
+  { 462776, true },
+  { 462788, true },
+  { 462795, true },
+  { 462802, true },
+  { 462813, true },
+  { 462822, true },
+  { 462829, true },
+  { 462835, true },
+  { 462846, true },
+  { 462856, true },
+  { 462865, true },
+  { 462877, true },
+  { 462885, true },
+  { 462903, true },
+  { 462932, true },
+  { 462948, true },
+  { 462961, true },
+  { 462970, true },
+  { 462982, true },
+  { 462991, true },
+  { 463001, true },
+  { 463010, true },
+  { 463022, true },
+  { 463029, true },
+  { 463043, true },
+  { 463054, true },
+  { 463064, false },
+  { 463072, true },
+  { 463084, true },
+  { 463094, true },
+  { 463102, true },
+  { 463112, true },
+  { 463121, true },
+  { 463135, true },
+  { 463155, true },
+  { 463165, true },
+  { 463177, true },
+  { 463197, true },
+  { 463206, true },
+  { 463214, true },
+  { 463229, true },
+  { 463239, true },
+  { 463248, true },
+  { 463260, true },
+  { 463272, true },
+  { 463283, true },
+  { 463297, true },
+  { 463308, true },
+  { 463322, true },
+  { 463333, true },
+  { 463347, true },
+  { 463357, true },
+  { 463373, true },
+  { 463380, true },
+  { 463390, true },
+  { 463402, true },
+  { 463412, true },
+  { 463419, true },
+  { 463428, true },
+  { 463443, true },
+  { 463454, true },
+  { 463462, true },
+  { 463474, true },
+  { 463485, true },
+  { 463506, true },
+  { 463516, true },
+  { 463524, true },
+  { 463538, true },
+  { 463550, true },
+  { 463565, true },
+  { 463577, true },
+  { 463590, true },
+  { 463603, true },
+  { 463616, true },
+  { 463632, true },
+  { 463647, true },
+  { 463659, false },
+  { 463669, true },
+  { 463682, true },
+  { 463710, true },
+  { 463719, true },
+  { 463731, true },
+  { 463743, true },
+  { 463759, true },
+  { 463767, true },
+  { 463776, true },
+  { 463788, true },
+  { 463798, true },
+  { 463806, true },
+  { 463819, true },
+  { 463829, true },
+  { 463838, true },
+  { 463848, true },
+  { 463856, true },
+  { 463866, true },
+  { 463877, true },
+  { 463887, true },
+  { 463900, true },
+  { 463912, true },
+  { 463927, true },
+  { 463935, true },
+  { 463943, true },
+  { 463951, true },
+  { 463959, true },
+  { 463967, true },
+  { 463978, true },
+  { 463989, true },
+  { 464000, true },
+  { 464009, true },
+  { 464021, true },
+  { 464033, true },
+  { 464045, true },
+  { 464057, true },
+  { 464069, true },
+  { 464081, true },
+  { 464093, true },
+  { 464105, true },
+  { 464117, true },
+  { 464125, true },
+  { 464133, true },
+  { 464141, true },
+  { 464149, true },
+  { 464157, true },
+  { 464165, true },
+  { 464173, true },
+  { 464181, true },
+  { 464189, true },
+  { 464197, true },
+  { 464205, true },
+  { 464213, true },
+  { 464221, true },
+  { 464229, true },
+  { 464240, true },
+  { 464259, true },
+  { 464269, true },
+  { 464280, true },
+  { 464295, true },
+  { 464305, true },
+  { 464321, true },
+  { 464335, true },
+  { 464345, false },
+  { 464354, true },
+  { 464361, true },
+  { 464372, true },
+  { 464388, true },
+  { 464395, true },
+  { 464404, true },
+  { 464413, true },
+  { 464430, true },
+  { 464441, true },
+  { 464449, true },
+  { 464462, true },
+  { 464473, true },
+  { 464484, true },
+  { 464493, true },
+  { 464507, true },
+  { 464522, true },
+  { 464533, true },
+  { 464549, true },
+  { 464559, true },
+  { 464569, true },
+  { 464580, true },
+  { 464602, true },
+  { 464615, true },
+  { 464630, true },
+  { 464641, true },
+  { 464652, true },
+  { 464660, true },
+  { 464675, true },
+  { 464685, true },
+  { 464703, true },
+  { 464715, true },
+  { 464731, true },
+  { 464742, true },
+  { 464756, true },
+  { 464772, true },
+  { 464789, true },
+  { 464801, true },
+  { 464826, true },
+  { 464848, true },
+  { 464867, true },
+  { 464891, true },
+  { 464904, true },
+  { 464918, true },
+  { 464930, true },
+  { 464943, true },
+  { 464954, true },
+  { 464978, true },
+  { 464989, true },
+  { 465001, false },
+  { 465016, true },
+  { 465027, true },
+  { 465037, true },
+  { 465047, true },
+  { 465058, true },
+  { 465070, true },
+  { 465090, false },
+  { 465100, true },
+  { 465111, true },
+  { 465143, true },
+  { 465170, true },
+  { 465194, true },
+  { 465205, true },
+  { 465217, true },
+  { 465227, true },
+  { 465244, true },
+  { 465261, true },
+  { 465276, true },
+  { 465287, true },
+  { 465307, true },
+  { 465319, true },
+  { 465335, true },
+  { 465352, true },
+  { 465367, true },
+  { 465385, true },
+  { 465401, true },
+  { 465414, false },
+  { 465427, true },
+  { 465441, true },
+  { 465457, true },
+  { 465467, true },
+  { 465477, true },
+  { 465490, true },
+  { 465507, true },
+  { 465517, true },
+  { 465532, true },
+  { 465547, true },
+  { 465559, true },
+  { 465571, true },
+  { 465583, true },
+  { 465592, true },
+  { 465610, true },
+  { 465624, true },
+  { 465637, true },
+  { 465651, true },
+  { 465665, true },
+  { 465676, true },
+  { 465686, true },
+  { 465699, true },
+  { 465717, true },
+  { 465730, true },
+  { 465744, true },
+  { 465757, true },
+  { 465775, true },
+  { 465790, true },
+  { 465812, true },
+  { 465831, true },
+  { 465840, true },
+  { 465854, true },
+  { 465865, true },
+  { 465882, true },
+  { 465894, true },
+  { 465916, true },
+  { 465933, true },
+  { 465946, true },
+  { 465966, true },
+  { 465975, true },
+  { 465983, true },
+  { 465991, true },
+  { 466004, true },
+  { 466015, true },
+  { 466028, true },
+  { 466037, true },
+  { 466049, true },
+  { 466061, true },
+  { 466075, true },
+  { 466084, true },
+  { 466095, true },
+  { 466106, true },
+  { 466114, true },
+  { 466125, true },
+  { 466135, true },
+  { 466144, true },
+  { 466154, true },
+  { 466169, false },
+  { 466175, true },
+  { 466181, true },
+  { 466189, true },
+  { 466200, true },
+  { 466216, true },
+  { 466224, true },
+  { 466237, true },
+  { 466247, true },
+  { 466257, true },
+  { 466267, true },
+  { 466278, true },
+  { 466291, true },
+  { 466304, true },
+  { 466317, true },
+  { 466328, true },
+  { 466338, true },
+  { 466348, true },
+  { 466358, true },
+  { 466368, true },
+  { 466380, true },
+  { 466390, true },
+  { 466402, true },
+  { 466413, true },
+  { 466427, true },
+  { 466438, true },
+  { 466448, true },
+  { 466458, true },
+  { 466468, true },
+  { 466483, true },
+  { 466494, true },
+  { 466507, true },
+  { 466518, true },
+  { 466530, true },
+  { 466541, true },
+  { 466552, true },
+  { 466563, true },
+  { 466575, true },
+  { 466586, true },
+  { 466597, true },
+  { 466610, true },
+  { 466617, true },
+  { 466626, true },
+  { 466636, true },
+  { 466646, true },
+  { 466655, true },
+  { 466664, true },
+  { 466683, true },
+  { 466696, true },
+  { 466709, true },
+  { 466725, true },
+  { 466735, true },
+  { 466743, true },
+  { 466754, true },
+  { 466768, true },
+  { 466786, true },
+  { 466799, true },
+  { 466812, true },
+  { 466824, true },
+  { 466832, true },
+  { 466845, true },
+  { 466859, true },
+  { 466869, true },
+  { 466879, true },
+  { 466893, true },
+  { 466904, true },
+  { 466912, true },
+  { 466920, true },
+  { 466934, true },
+  { 466950, true },
+  { 466960, true },
+  { 466978, true },
+  { 466987, true },
+  { 466996, true },
+  { 467009, true },
+  { 467021, true },
+  { 467044, true },
+  { 467057, true },
+  { 467062, true },
+  { 467072, true },
+  { 467079, true },
+  { 467086, true },
+  { 467093, true },
+  { 467105, false },
+  { 467125, false },
+  { 467144, true },
+  { 467155, true },
+  { 467170, true },
+  { 467186, true },
+  { 467200, true },
+  { 467211, false },
+  { 467228, false },
+  { 467245, false },
+  { 467263, true },
+  { 467277, true },
+  { 467292, true },
+  { 467308, true },
+  { 467323, true },
+  { 467334, true },
+  { 467348, true },
+  { 467361, true },
+  { 467374, true },
+  { 467382, false },
+  { 467405, true },
+  { 467415, true },
+  { 467425, true },
+  { 467440, true },
+  { 467454, true },
+  { 467482, true },
+  { 467493, true },
+  { 467506, true },
+  { 467518, true },
+  { 467531, true },
+  { 467539, true },
+  { 467564, true },
+  { 467575, true },
+  { 467584, true },
+  { 467594, true },
+  { 467616, true },
+  { 467625, true },
+  { 467638, true },
+  { 467650, true },
+  { 467661, false },
+  { 467679, true },
+  { 467690, true },
+  { 467706, true },
+  { 467720, true },
+  { 467733, true },
+  { 467741, true },
+  { 467765, true },
+  { 467778, true },
+  { 467790, true },
+  { 467807, true },
+  { 467819, true },
+  { 467832, false },
+  { 467839, true },
+  { 467857, true },
+  { 467864, true },
+  { 467873, false },
+  { 467882, true },
+  { 467893, true },
+  { 467905, true },
+  { 467916, true },
+  { 467924, true },
+  { 467931, true },
+  { 467939, true },
+  { 467955, true },
+  { 467974, true },
+  { 467989, true },
+  { 468000, true },
+  { 468007, true },
+  { 468017, true },
+  { 468025, true },
+  { 468047, true },
+  { 468065, true },
+  { 468091, true },
+  { 468100, true },
+  { 468113, true },
+  { 468138, true },
+  { 468155, true },
+  { 468166, true },
+  { 468188, true },
+  { 468215, true },
+  { 468234, false },
+  { 468245, true },
+  { 468267, true },
+  { 468278, true },
+  { 468288, true },
+  { 468299, true },
+  { 468311, true },
+  { 468323, true },
+  { 468336, true },
+  { 468349, true },
+  { 468364, true },
+  { 468382, true },
+  { 468395, true },
+  { 468410, true },
+  { 468426, true },
+  { 468439, true },
+  { 468450, true },
+  { 468468, true },
+  { 468482, true },
+  { 468493, true },
+  { 468503, true },
+  { 468515, true },
+  { 468523, true },
+  { 468536, true },
+  { 468551, true },
+  { 468563, true },
+  { 468573, true },
+  { 468586, true },
+  { 468597, true },
+  { 468610, true },
+  { 468622, true },
+  { 468634, true },
+  { 468648, true },
+  { 468658, false },
+  { 468668, true },
+  { 468685, true },
+  { 468698, false },
+  { 468713, true },
+  { 468723, true },
+  { 468736, true },
+  { 468751, true },
+  { 468759, true },
+  { 468771, true },
+  { 468782, true },
+  { 468795, true },
+  { 468803, true },
+  { 468810, true },
+  { 468822, true },
+  { 468832, false },
+  { 468852, true },
+  { 468866, true },
+  { 468875, true },
+  { 468887, true },
+  { 468902, true },
+  { 468917, true },
+  { 468932, true },
+  { 468944, true },
+  { 468962, true },
+  { 468976, true },
+  { 468989, true },
+  { 469000, true },
+  { 469009, true },
+  { 469023, true },
+  { 469035, true },
+  { 469045, true },
+  { 469062, true },
+  { 469068, true },
+  { 469087, true },
+  { 469116, true },
+  { 469135, true },
+  { 469153, true },
+  { 469161, true },
+  { 469176, false },
+  { 469184, true },
+  { 469194, true },
+  { 469215, true },
+  { 469228, true },
+  { 469239, true },
+  { 469250, true },
+  { 469258, true },
+  { 469269, true },
+  { 469286, true },
+  { 469300, true },
+  { 469314, true },
+  { 469325, true },
+  { 469342, false },
+  { 469354, true },
+  { 469361, true },
+  { 469372, true },
+  { 469384, true },
+  { 469393, true },
+  { 469413, true },
+  { 469423, true },
+  { 469438, true },
+  { 469449, false },
+  { 469464, true },
+  { 469476, true },
+  { 469484, true },
+  { 469490, true },
+  { 469497, true },
+  { 469507, true },
+  { 469519, true },
+  { 469534, true },
+  { 469546, true },
+  { 469558, true },
+  { 469570, true },
+  { 469581, true },
+  { 469594, true },
+  { 469618, true },
+  { 469636, true },
+  { 469647, true },
+  { 469658, true },
+  { 469669, true },
+  { 469680, true },
+  { 469695, true },
+  { 469704, true },
+  { 469717, true },
+  { 469729, true },
+  { 469747, true },
+  { 469762, true },
+  { 469777, false },
+  { 469794, true },
+  { 469805, true },
+  { 469816, true },
+  { 469830, true },
+  { 469845, true },
+  { 469857, true },
+  { 469873, true },
+  { 469882, true },
+  { 469896, true },
+  { 469907, true },
+  { 469916, true },
+  { 469938, true },
+  { 469949, true },
+  { 469960, true },
+  { 469980, true },
+  { 470004, true },
+  { 470029, true },
+  { 470044, true },
+  { 470056, true },
+  { 470068, true },
+  { 470079, true },
+  { 470092, true },
+  { 470104, true },
+  { 470114, true },
+  { 470122, true },
+  { 470141, true },
+  { 470152, true },
+  { 470162, true },
+  { 470172, true },
+  { 470183, true },
+  { 470193, true },
+  { 470207, false },
+  { 470214, true },
+  { 470234, true },
+  { 470246, true },
+  { 470257, true },
+  { 470273, true },
+  { 470288, true },
+  { 470299, true },
+  { 470308, true },
+  { 470317, true },
+  { 470329, true },
+  { 470343, true },
+  { 470354, true },
+  { 470368, true },
+  { 470375, true },
+  { 470382, true },
+  { 470400, true },
+  { 470411, true },
+  { 470421, true },
+  { 470429, true },
+  { 470439, true },
+  { 470452, true },
+  { 470466, true },
+  { 470487, true },
+  { 470497, true },
+  { 470504, true },
+  { 470515, true },
+  { 470525, true },
+  { 470534, true },
+  { 470547, true },
+  { 470557, true },
+  { 470579, true },
+  { 470589, true },
+  { 470608, true },
+  { 470623, true },
+  { 470634, true },
+  { 470642, true },
+  { 470651, true },
+  { 470658, true },
+  { 470678, true },
+  { 470701, true },
+  { 470709, true },
+  { 470722, true },
+  { 470735, true },
+  { 470742, true },
+  { 470755, true },
+  { 470763, true },
+  { 470775, true },
+  { 470785, true },
+  { 470794, true },
+  { 470806, true },
+  { 470816, true },
+  { 470836, true },
+  { 470846, true },
+  { 470863, true },
+  { 470871, true },
+  { 470880, true },
+  { 470894, true },
+  { 470906, true },
+};
diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.cpp b/security/manager/ssl/nsSecureBrowserUIImpl.cpp
new file mode 100644
index 000000000..4202a0142
--- /dev/null
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.cpp
@@ -0,0 +1,1191 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSecureBrowserUIImpl.h"
+
+#include "imgIRequest.h"
+#include "mozilla/Logging.h"
+#include "nsCURILoader.h"
+#include "nsIAssociatedContentSecurity.h"
+#include "nsIChannel.h"
+#include "nsIDOMWindow.h"
+#include "nsIDocShell.h"
+#include "nsIDocShellTreeItem.h"
+#include "nsIDocument.h"
+#include "nsIFTPChannel.h"
+#include "nsIFileChannel.h"
+#include "nsIHttpChannel.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIProtocolHandler.h"
+#include "nsISSLStatus.h"
+#include "nsISecurityInfoProvider.h"
+#include "nsIServiceManager.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIWebProgress.h"
+#include "nsIWyciwygChannel.h"
+#include "nsNetCID.h"
+#include "nsNetUtil.h"
+#include "nsPIDOMWindow.h"
+#include "nsThreadUtils.h"
+#include "nspr.h"
+#include "nsString.h"
+
+using namespace mozilla;
+
+LazyLogModule gSecureDocLog("nsSecureBrowserUI");
+
+struct RequestHashEntry : PLDHashEntryHdr {
+    void *r;
+};
+
+static bool
+RequestMapMatchEntry(const PLDHashEntryHdr *hdr, const void *key)
+{
+  const RequestHashEntry *entry = static_cast<const RequestHashEntry*>(hdr);
+  return entry->r == key;
+}
+
+static void
+RequestMapInitEntry(PLDHashEntryHdr *hdr, const void *key)
+{
+  RequestHashEntry *entry = static_cast<RequestHashEntry*>(hdr);
+  entry->r = (void*)key;
+}
+
+static const PLDHashTableOps gMapOps = {
+  PLDHashTable::HashVoidPtrKeyStub,
+  RequestMapMatchEntry,
+  PLDHashTable::MoveEntryStub,
+  PLDHashTable::ClearEntryStub,
+  RequestMapInitEntry
+};
+
+nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
+  : mNotifiedSecurityState(lis_no_security)
+  , mNotifiedToplevelIsEV(false)
+  , mNewToplevelSecurityState(STATE_IS_INSECURE)
+  , mNewToplevelIsEV(false)
+  , mNewToplevelSecurityStateKnown(true)
+  , mIsViewSource(false)
+  , mSubRequestsBrokenSecurity(0)
+  , mSubRequestsNoSecurity(0)
+  , mCertUserOverridden(false)
+  , mRestoreSubrequests(false)
+  , mOnLocationChangeSeen(false)
+#ifdef DEBUG
+  , mEntered(false)
+#endif
+  , mTransferringRequests(&gMapOps, sizeof(RequestHashEntry))
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  ResetStateTracking();
+}
+
+NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl,
+                  nsISecureBrowserUI,
+                  nsIWebProgressListener,
+                  nsISupportsWeakReference,
+                  nsISSLStatusProvider)
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::Init(mozIDOMWindowProxy* aWindow)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  if (MOZ_LOG_TEST(gSecureDocLog, LogLevel::Debug)) {
+    nsCOMPtr<nsIDOMWindow> window(do_QueryReferent(mWindow));
+
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: Init: mWindow: %p, aWindow: %p\n", this,
+            window.get(), aWindow));
+  }
+
+  if (!aWindow) {
+    NS_WARNING("Null window passed to nsSecureBrowserUIImpl::Init()");
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  if (mWindow) {
+    NS_WARNING("Trying to init an nsSecureBrowserUIImpl twice");
+    return NS_ERROR_ALREADY_INITIALIZED;
+  }
+
+  nsresult rv;
+  mWindow = do_GetWeakReference(aWindow, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  auto* piwindow = nsPIDOMWindowOuter::From(aWindow);
+  nsIDocShell *docShell = piwindow->GetDocShell();
+
+  // The Docshell will own the SecureBrowserUI object
+  if (!docShell)
+    return NS_ERROR_FAILURE;
+
+  docShell->SetSecurityUI(this);
+
+  /* GetWebProgress(mWindow) */
+  // hook up to the webprogress notifications.
+  nsCOMPtr<nsIWebProgress> wp(do_GetInterface(docShell));
+  if (!wp) return NS_ERROR_FAILURE;
+  /* end GetWebProgress */
+  
+  wp->AddProgressListener(static_cast<nsIWebProgressListener*>(this),
+                          nsIWebProgress::NOTIFY_STATE_ALL | 
+                          nsIWebProgress::NOTIFY_LOCATION  |
+                          nsIWebProgress::NOTIFY_SECURITY);
+
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::GetState(uint32_t* aState)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  return MapInternalToExternalState(aState, mNotifiedSecurityState,
+                                    mNotifiedToplevelIsEV);
+}
+
+// static
+already_AddRefed<nsISupports> 
+nsSecureBrowserUIImpl::ExtractSecurityInfo(nsIRequest* aRequest)
+{
+  nsCOMPtr<nsISupports> retval;
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (channel)
+    channel->GetSecurityInfo(getter_AddRefs(retval));
+  
+  if (!retval) {
+    nsCOMPtr<nsISecurityInfoProvider> provider(do_QueryInterface(aRequest));
+    if (provider)
+      provider->GetSecurityInfo(getter_AddRefs(retval));
+  }
+
+  return retval.forget();
+}
+
+nsresult
+nsSecureBrowserUIImpl::MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev)
+{
+  NS_ENSURE_ARG(aState);
+
+  switch (lock)
+  {
+    case lis_broken_security:
+      *aState = STATE_IS_BROKEN;
+      break;
+
+    case lis_mixed_security:
+      *aState = STATE_IS_BROKEN;
+      break;
+
+    case lis_high_security:
+      *aState = STATE_IS_SECURE | STATE_SECURE_HIGH;
+      break;
+
+    default:
+    case lis_no_security:
+      *aState = STATE_IS_INSECURE;
+      break;
+  }
+
+  if (ev && (*aState & STATE_IS_SECURE))
+    *aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL;
+
+  if (mCertUserOverridden && (*aState & STATE_IS_SECURE)) {
+    *aState |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN;
+  }
+
+  nsCOMPtr<nsIDocShell> docShell = do_QueryReferent(mDocShell);
+  if (!docShell)
+    return NS_OK;
+
+  // For content docShell's, the mixed content security state is set on the root docShell.
+  if (docShell->ItemType() == nsIDocShellTreeItem::typeContent) {
+    nsCOMPtr<nsIDocShellTreeItem> docShellTreeItem(do_QueryInterface(docShell));
+    nsCOMPtr<nsIDocShellTreeItem> sameTypeRoot;
+    docShellTreeItem->GetSameTypeRootTreeItem(getter_AddRefs(sameTypeRoot));
+    NS_ASSERTION(sameTypeRoot, "No document shell root tree item from document shell tree item!");
+    docShell = do_QueryInterface(sameTypeRoot);
+    if (!docShell)
+      return NS_OK;
+  }
+
+  // Has a Mixed Content Load initiated in nsMixedContentBlocker?
+  // * If not, the state should not be broken because of mixed content;
+  // overriding the previous state if it is inaccurately flagged as mixed.
+  if (lock == lis_mixed_security &&
+      !docShell->GetHasMixedActiveContentLoaded() &&
+      !docShell->GetHasMixedDisplayContentLoaded() &&
+      !docShell->GetHasMixedActiveContentBlocked() &&
+      !docShell->GetHasMixedDisplayContentBlocked()) {
+    *aState = STATE_IS_SECURE;
+    if (ev) {
+      *aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL;
+    }
+  }
+  // * If so, the state should be broken or insecure; overriding the previous
+  // state set by the lock parameter.
+  uint32_t tempState = STATE_IS_BROKEN;
+  if (lock == lis_no_security) {
+      // this is to ensure that http: pages with mixed content in nested
+      // iframes don't get marked as broken instead of insecure
+      tempState = STATE_IS_INSECURE;
+  }
+  if (docShell->GetHasMixedActiveContentLoaded() &&
+      docShell->GetHasMixedDisplayContentLoaded()) {
+      *aState = tempState |
+                nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT |
+                nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT;
+  } else if (docShell->GetHasMixedActiveContentLoaded()) {
+      *aState = tempState |
+                nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT;
+  } else if (docShell->GetHasMixedDisplayContentLoaded()) {
+      *aState = tempState |
+                nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT;
+  }
+
+  if (mCertUserOverridden) {
+    *aState |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN;
+  }
+
+  // Has Mixed Content Been Blocked in nsMixedContentBlocker?
+  if (docShell->GetHasMixedActiveContentBlocked())
+    *aState |= nsIWebProgressListener::STATE_BLOCKED_MIXED_ACTIVE_CONTENT;
+
+  if (docShell->GetHasMixedDisplayContentBlocked())
+    *aState |= nsIWebProgressListener::STATE_BLOCKED_MIXED_DISPLAY_CONTENT;
+
+  // Has Tracking Content been Blocked?
+  if (docShell->GetHasTrackingContentBlocked())
+    *aState |= nsIWebProgressListener::STATE_BLOCKED_TRACKING_CONTENT;
+
+  if (docShell->GetHasTrackingContentLoaded())
+    *aState |= nsIWebProgressListener::STATE_LOADED_TRACKING_CONTENT;
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::SetDocShell(nsIDocShell* aDocShell)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsresult rv;
+  mDocShell = do_GetWeakReference(aDocShell, &rv);
+  return rv;
+}
+
+static uint32_t GetSecurityStateFromSecurityInfoAndRequest(nsISupports* info,
+                                                           nsIRequest* request)
+{
+  nsresult res;
+  uint32_t securityState;
+
+  nsCOMPtr<nsITransportSecurityInfo> psmInfo(do_QueryInterface(info));
+  if (!psmInfo) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - no nsITransportSecurityInfo for %p\n",
+                                         (nsISupports *)info));
+    return nsIWebProgressListener::STATE_IS_INSECURE;
+  }
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - info is %p\n", 
+                                       (nsISupports *)info));
+  
+  res = psmInfo->GetSecurityState(&securityState);
+  if (NS_FAILED(res)) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - GetSecurityState failed: %d\n",
+                                         res));
+    securityState = nsIWebProgressListener::STATE_IS_BROKEN;
+  }
+
+  if (securityState != nsIWebProgressListener::STATE_IS_INSECURE) {
+    // A secure connection does not yield a secure per-uri channel if the
+    // scheme is plain http.
+
+    nsCOMPtr<nsIURI> uri;
+    nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
+    if (channel) {
+      channel->GetURI(getter_AddRefs(uri));
+    } else {
+      nsCOMPtr<imgIRequest> imgRequest(do_QueryInterface(request));
+      if (imgRequest) {
+        imgRequest->GetURI(getter_AddRefs(uri));
+      }
+    }
+    if (uri) {
+      bool isHttp, isFtp;
+      if ((NS_SUCCEEDED(uri->SchemeIs("http", &isHttp)) && isHttp) ||
+          (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtp)) && isFtp)) {
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - "
+                                             "channel scheme is insecure.\n"));
+        securityState = nsIWebProgressListener::STATE_IS_INSECURE;
+      }
+    }
+  }
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - Returning %d\n", 
+                                       securityState));
+  return securityState;
+}
+
+
+//  nsIWebProgressListener
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress,
+                                        nsIRequest* aRequest,
+                                        int32_t aCurSelfProgress,
+                                        int32_t aMaxSelfProgress,
+                                        int32_t aCurTotalProgress,
+                                        int32_t aMaxTotalProgress)
+{
+  NS_NOTREACHED("notification excluded in AddProgressListener(...)");
+  return NS_OK;
+}
+
+void
+nsSecureBrowserUIImpl::ResetStateTracking()
+{
+  mDocumentRequestsInProgress = 0;
+  mTransferringRequests.Clear();
+}
+
+void
+nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest* aRequest,
+                                                      nsISupports* info,
+                                                      bool withNewLocation,
+                                                      bool withNewSink)
+{
+  mNewToplevelIsEV = false;
+
+  bool updateStatus = false;
+  nsCOMPtr<nsISSLStatus> temp_SSLStatus;
+
+  mNewToplevelSecurityState =
+    GetSecurityStateFromSecurityInfoAndRequest(info, aRequest);
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+          ("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n",
+           this, mNewToplevelSecurityState));
+
+  nsCOMPtr<nsISSLStatusProvider> sp(do_QueryInterface(info));
+  if (sp) {
+    // Ignore result
+    updateStatus = true;
+    (void) sp->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
+    if (temp_SSLStatus) {
+      bool aTemp;
+      if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) {
+        mNewToplevelIsEV = aTemp;
+      }
+    }
+  }
+
+  mNewToplevelSecurityStateKnown = true;
+  if (updateStatus) {
+    mSSLStatus = temp_SSLStatus;
+  }
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: remember securityInfo %p\n", this,
+          info));
+  nsCOMPtr<nsIAssociatedContentSecurity> associatedContentSecurityFromRequest(
+    do_QueryInterface(aRequest));
+  if (associatedContentSecurityFromRequest) {
+    mCurrentToplevelSecurityInfo = aRequest;
+  } else {
+    mCurrentToplevelSecurityInfo = info;
+  }
+
+  // The subrequest counters are now in sync with mCurrentToplevelSecurityInfo,
+  // don't restore after top level document load finishes.
+  mRestoreSubrequests = false;
+
+  UpdateSecurityState(aRequest, withNewLocation, withNewSink || updateStatus);
+}
+
+void
+nsSecureBrowserUIImpl::UpdateSubrequestMembers(nsISupports* securityInfo,
+                                               nsIRequest* request)
+{
+  // For wyciwyg channels in subdocuments we only update our
+  // subrequest state members.
+  uint32_t reqState = GetSecurityStateFromSecurityInfoAndRequest(securityInfo,
+                                                                 request);
+
+  if (reqState & STATE_IS_SECURE) {
+    // do nothing
+  } else if (reqState & STATE_IS_BROKEN) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: subreq BROKEN\n", this));
+    ++mSubRequestsBrokenSecurity;
+  } else {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: subreq INSECURE\n", this));
+    ++mSubRequestsNoSecurity;
+  }
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
+                                     nsIRequest* aRequest,
+                                     uint32_t aProgressStateFlags,
+                                     nsresult aStatus)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  ReentrancyGuard guard(*this);
+  /*
+    All discussion, unless otherwise mentioned, only refers to
+    http, https, file or wyciwig requests.
+
+
+    Redirects are evil, well, some of them.
+    There are multiple forms of redirects.
+
+    Redirects caused by http refresh content are ok, because experiments show,
+    with those redirects, the old page contents and their requests will come to STOP
+    completely, before any progress from new refreshed page content is reported.
+    So we can safely treat them as separate page loading transactions.
+
+    Evil are redirects at the http protocol level, like code 302.
+
+    If the toplevel documents gets replaced, i.e. redirected with 302, we do not care for the 
+    security state of the initial transaction, which has now been redirected, 
+    we only care for the new page load.
+    
+    For the implementation of the security UI, we make an assumption, that is hopefully true.
+    
+    Imagine, the received page that was delivered with the 302 redirection answer,
+    also delivered html content.
+
+    What happens if the parser starts to analyze the content and tries to load contained sub objects?
+    
+    In that case we would see start and stop requests for subdocuments, some for the previous document,
+    some for the new target document. And only those for the new toplevel document may be
+    taken into consideration, when deciding about the security state of the next toplevel document.
+    
+    Because security state is being looked at, when loading stops for (sub)documents, this 
+    could cause real confusion, because we have to decide, whether an incoming progress 
+    belongs to the new toplevel page, or the previous, already redirected page.
+    
+    Can we simplify here?
+    
+    If a redirect at the http protocol level is seen, can we safely assume, its html content
+    will not be parsed, anylzed, and no embedded objects will get loaded (css, js, images),
+    because the redirect is already happening?
+    
+    If we can assume that, this really simplify things. Because we will never see notification
+    for sub requests that need to get ignored.
+    
+    I would like to make this assumption for now, but please let me (kaie) know if I'm wrong.
+    
+    Excurse:
+      If my assumption is wrong, then we would require more tracking information.
+      We need to keep lists of all pointers to request object that had been seen since the
+      last toplevel start event.
+      If the start for a redirected page is seen, the list of releveant object must be cleared,
+      and only progress for requests which start after it must be analyzed.
+      All other events must be ignored, as they belong to now irrelevant previous top level documents.
+
+
+    Frames are also evil.
+
+    First we need a decision.
+    kaie thinks: 
+      Only if the toplevel frame is secure, we should try to display secure lock icons.
+      If some of the inner contents are insecure, we display mixed mode.
+      
+      But if the top level frame is not secure, why indicate a mixed lock icon at all?
+      I think we should always display an open lock icon, if the top level frameset is insecure.
+      
+      That's the way Netscape Communicator behaves, and I think we should do the same.
+      
+      The user will not know which parts are secure and which are not,
+      and any certificate information, displayed in the tooltip or in the "page info"
+      will only be relevant for some subframe(s), and the user will not know which ones,
+      so we shouldn't display it as a general attribute of the displayed page.
+
+    Why are frames evil?
+    
+    Because the progress for the toplevel frame document is not easily distinguishable
+    from subframes. The same STATE bits are reported.
+
+    While at first sight, when a new page load happens,
+    the toplevel frameset document has also the STATE_IS_NETWORK bit in it.
+    But this can't really be used. Because in case that document causes a http 302 redirect, 
+    the real top level frameset will no longer have that bit.
+    
+    But we need some way to distinguish top level frames from inner frames.
+    
+    I saw that the web progress we get delivered has a reference to the toplevel DOM window.
+    
+    I suggest, we look at all incoming requests.
+    If a request is NOT for the toplevel DOM window, we will always treat it as a subdocument request,
+    regardless of whether the load flags indicate a top level document.
+  */
+
+  nsCOMPtr<mozIDOMWindowProxy> windowForProgress;
+  aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress));
+
+  nsCOMPtr<mozIDOMWindowProxy> window(do_QueryReferent(mWindow));
+  NS_ASSERTION(window, "Window has gone away?!");
+
+  if (!mIOService) {
+    mIOService = do_GetService(NS_IOSERVICE_CONTRACTID);
+  }
+
+  bool isNoContentResponse = false;
+  nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aRequest);
+  if (httpChannel) 
+  {
+    uint32_t response;
+    isNoContentResponse = NS_SUCCEEDED(httpChannel->GetResponseStatus(&response)) &&
+        (response == 204 || response == 205);
+  }
+  const bool isToplevelProgress = (windowForProgress.get() == window.get()) && !isNoContentResponse;
+  
+  if (windowForProgress)
+  {
+    if (isToplevelProgress)
+    {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: progress: for toplevel\n", this));
+    }
+    else
+    {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: progress: for something else\n", this));
+    }
+  }
+  else
+  {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: progress: no window known\n", this));
+  }
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: OnStateChange\n", this));
+
+  if (mIsViewSource) {
+    return NS_OK;
+  }
+
+  if (!aRequest)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange with null request\n", this));
+    return NS_ERROR_NULL_POINTER;
+  }
+
+  if (MOZ_LOG_TEST(gSecureDocLog, LogLevel::Debug)) {
+    nsXPIDLCString reqname;
+    aRequest->GetName(reqname);
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: %p %p OnStateChange %x %s\n", this, aWebProgress,
+            aRequest, aProgressStateFlags, reqname.get()));
+  }
+
+  nsCOMPtr<nsISupports> securityInfo(ExtractSecurityInfo(aRequest));
+
+  nsCOMPtr<nsIURI> uri;
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (channel) {
+    channel->GetURI(getter_AddRefs(uri));
+  }
+
+  nsCOMPtr<imgIRequest> imgRequest(do_QueryInterface(aRequest));
+  if (imgRequest) {
+    NS_ASSERTION(!channel, "How did that happen, exactly?");
+    // for image requests, we get the URI from here
+    imgRequest->GetURI(getter_AddRefs(uri));
+  }
+  
+  if (uri) {
+    bool vs;
+    if (NS_SUCCEEDED(uri->SchemeIs("javascript", &vs)) && vs) {
+      // We ignore the progress events for javascript URLs.
+      // If a document loading gets triggered, we will see more events.
+      return NS_OK;
+    }
+  }
+
+  uint32_t loadFlags = 0;
+  aRequest->GetLoadFlags(&loadFlags);
+
+  if (aProgressStateFlags & STATE_START
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: SOMETHING STARTS FOR TOPMOST DOCUMENT\n", this));
+  }
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: SOMETHING STOPS FOR TOPMOST DOCUMENT\n", this));
+  }
+
+  bool isSubDocumentRelevant = true;
+
+  // We are only interested in requests that load in the browser window...
+  if (!imgRequest) { // is not imgRequest
+    nsCOMPtr<nsIHttpChannel> httpRequest(do_QueryInterface(aRequest));
+    if (!httpRequest) {
+      nsCOMPtr<nsIFileChannel> fileRequest(do_QueryInterface(aRequest));
+      if (!fileRequest) {
+        nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
+        if (!wyciwygRequest) {
+          nsCOMPtr<nsIFTPChannel> ftpRequest(do_QueryInterface(aRequest));
+          if (!ftpRequest) {
+            MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+                   ("SecureUI:%p: OnStateChange: not relevant for sub content\n", this));
+            isSubDocumentRelevant = false;
+          }
+        }
+      }
+    }
+  }
+
+  // This will ignore all resource, chrome, data, file, moz-icon, and anno
+  // protocols. Local resources are treated as trusted.
+  if (uri && mIOService) {
+    bool hasFlag;
+    nsresult rv =
+      mIOService->URIChainHasFlags(uri,
+                                   nsIProtocolHandler::URI_IS_LOCAL_RESOURCE,
+                                   &hasFlag);
+    if (NS_SUCCEEDED(rv) && hasFlag) {
+      isSubDocumentRelevant = false;
+    }
+  }
+
+#if defined(DEBUG)
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      channel)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: seeing STOP with security state: %d\n", this,
+            GetSecurityStateFromSecurityInfoAndRequest(securityInfo, aRequest)
+            ));
+  }
+#endif
+
+  if (aProgressStateFlags & STATE_TRANSFERRING
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST)
+  {
+    // The listing of a request in mTransferringRequests
+    // means, there has already been data transfered.
+    mTransferringRequests.Add(aRequest, fallible);
+
+    return NS_OK;
+  }
+
+  bool requestHasTransferedData = false;
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST)
+  {
+    PLDHashEntryHdr* entry = mTransferringRequests.Search(aRequest);
+    if (entry) {
+      mTransferringRequests.RemoveEntry(entry);
+      requestHasTransferedData = true;
+    }
+
+    if (!requestHasTransferedData) {
+      // Because image loads doesn't support any TRANSFERRING notifications but
+      // only START and STOP we must ask them directly whether content was
+      // transferred.  See bug 432685 for details.
+      nsCOMPtr<nsISecurityInfoProvider> securityInfoProvider =
+        do_QueryInterface(aRequest);
+      // Guess true in all failure cases to be safe.  But if we're not
+      // an nsISecurityInfoProvider, then we just haven't transferred
+      // any data.
+      bool hasTransferred;
+      requestHasTransferedData =
+        securityInfoProvider &&
+        (NS_FAILED(securityInfoProvider->GetHasTransferredData(&hasTransferred)) ||
+         hasTransferred);
+    }
+  }
+
+  bool allowSecurityStateChange = true;
+  if (loadFlags & nsIChannel::LOAD_RETARGETED_DOCUMENT_URI)
+  {
+    // The original consumer (this) is no longer the target of the load.
+    // Ignore any events with this flag, do not allow them to update
+    // our secure UI state.
+    allowSecurityStateChange = false;
+  }
+
+  if (aProgressStateFlags & STATE_START
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    int32_t saveSubBroken;
+    int32_t saveSubNo;
+    nsCOMPtr<nsIAssociatedContentSecurity> prevContentSecurity;
+
+    int32_t newSubBroken = 0;
+    int32_t newSubNo = 0;
+
+    bool inProgress = (mDocumentRequestsInProgress != 0);
+
+    if (allowSecurityStateChange && !inProgress) {
+      saveSubBroken = mSubRequestsBrokenSecurity;
+      saveSubNo = mSubRequestsNoSecurity;
+      prevContentSecurity = do_QueryInterface(mCurrentToplevelSecurityInfo);
+    }
+
+    if (allowSecurityStateChange && !inProgress)
+    {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: start for toplevel document\n", this
+              ));
+
+      if (prevContentSecurity)
+      {
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+               ("SecureUI:%p: OnStateChange: start, saving current sub state\n", this
+                ));
+  
+        // before resetting our state, let's save information about
+        // sub element loads, so we can restore it later
+        prevContentSecurity->SetCountSubRequestsBrokenSecurity(saveSubBroken);
+        prevContentSecurity->SetCountSubRequestsNoSecurity(saveSubNo);
+        prevContentSecurity->Flush();
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Saving subs in START to %p as %d,%d\n", 
+          this, prevContentSecurity.get(), saveSubBroken, saveSubNo));      
+      }
+
+      bool retrieveAssociatedState = false;
+
+      if (securityInfo &&
+          (aProgressStateFlags & nsIWebProgressListener::STATE_RESTORING) != 0) {
+        retrieveAssociatedState = true;
+      } else {
+        nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
+        if (wyciwygRequest) {
+          retrieveAssociatedState = true;
+        }
+      }
+
+      if (retrieveAssociatedState)
+      {
+        // When restoring from bfcache, we will not get events for the 
+        // page's sub elements, so let's load the state of sub elements
+        // from the cache.
+    
+        nsCOMPtr<nsIAssociatedContentSecurity> 
+          newContentSecurity(do_QueryInterface(securityInfo));
+    
+        if (newContentSecurity)
+        {
+          MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+                 ("SecureUI:%p: OnStateChange: start, loading old sub state\n", this
+                  ));
+    
+          newContentSecurity->GetCountSubRequestsBrokenSecurity(&newSubBroken);
+          newContentSecurity->GetCountSubRequestsNoSecurity(&newSubNo);
+          MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Restoring subs in START from %p to %d,%d\n", 
+            this, newContentSecurity.get(), newSubBroken, newSubNo));      
+        }
+      }
+      else
+      {
+        // If we don't get OnLocationChange for this top level load later,
+        // it didn't get rendered.  But we reset the state to unknown and
+        // mSubRequests* to zeros.  If we would have left these values after 
+        // this top level load stoped, we would override the original top level
+        // load with all zeros and break mixed content state on back and forward.
+        mRestoreSubrequests = true;
+      }
+    }
+
+    if (allowSecurityStateChange && !inProgress) {
+      ResetStateTracking();
+      mSubRequestsBrokenSecurity = newSubBroken;
+      mSubRequestsNoSecurity = newSubNo;
+      mNewToplevelSecurityStateKnown = false;
+    }
+
+    // By using a counter, this code also works when the toplevel
+    // document get's redirected, but the STOP request for the 
+    // previous toplevel document has not yet have been received.
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: ++mDocumentRequestsInProgress\n", this
+            ));
+    ++mDocumentRequestsInProgress;
+
+    return NS_OK;
+  }
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    nsCOMPtr<nsISecurityEventSink> temp_ToplevelEventSink;
+
+    if (allowSecurityStateChange) {
+      temp_ToplevelEventSink = mToplevelEventSink;
+    }
+
+    if (mDocumentRequestsInProgress <= 0) {
+      // Ignore stop requests unless a document load is in progress
+      // Unfortunately on application start, see some stops without having seen any starts...
+      return NS_OK;
+    }
+
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: --mDocumentRequestsInProgress\n", this
+            ));
+
+    if (!temp_ToplevelEventSink && channel)
+    {
+      if (allowSecurityStateChange)
+      {
+        ObtainEventSink(channel, temp_ToplevelEventSink);
+      }
+    }
+
+    bool sinkChanged = false;
+    bool inProgress;
+    if (allowSecurityStateChange) {
+      sinkChanged = (mToplevelEventSink != temp_ToplevelEventSink);
+      mToplevelEventSink = temp_ToplevelEventSink;
+    }
+    --mDocumentRequestsInProgress;
+    inProgress = mDocumentRequestsInProgress > 0;
+
+    if (allowSecurityStateChange && requestHasTransferedData) {
+      // Data has been transferred for the single toplevel
+      // request. Evaluate the security state.
+
+      // Do this only when the sink has changed.  We update and notify
+      // the state from OnLacationChange, this is actually redundant.
+      // But when the target sink changes between OnLocationChange and
+      // OnStateChange, we have to fire the notification here (again).
+
+      if (sinkChanged || mOnLocationChangeSeen) {
+        EvaluateAndUpdateSecurityState(aRequest, securityInfo, false,
+                                       sinkChanged);
+        return NS_OK;
+      }
+    }
+    mOnLocationChangeSeen = false;
+
+    if (mRestoreSubrequests && !inProgress)
+    {
+      // We get here when there were no OnLocationChange between 
+      // OnStateChange(START) and OnStateChange(STOP).  Then the load has not
+      // been rendered but has been retargeted in some other way then by external
+      // app handler.  Restore mSubRequests* members to what the current security 
+      // state info holds (it was reset to all zero in OnStateChange(START) 
+      // before).
+      nsCOMPtr<nsIAssociatedContentSecurity> currentContentSecurity(
+        do_QueryInterface(mCurrentToplevelSecurityInfo));
+
+      // Drop this indication flag, the restore operation is just being done.
+      mRestoreSubrequests = false;
+
+      // We can do this since the state didn't actually change.
+      mNewToplevelSecurityStateKnown = true;
+
+      int32_t subBroken = 0;
+      int32_t subNo = 0;
+
+      if (currentContentSecurity)
+      {
+        currentContentSecurity->GetCountSubRequestsBrokenSecurity(&subBroken);
+        currentContentSecurity->GetCountSubRequestsNoSecurity(&subNo);
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Restoring subs in STOP from %p to %d,%d\n", 
+          this, currentContentSecurity.get(), subBroken, subNo));      
+      }
+
+      mSubRequestsBrokenSecurity = subBroken;
+      mSubRequestsNoSecurity = subNo;
+    }
+
+    return NS_OK;
+  }
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST)
+  {
+    if (!isSubDocumentRelevant)
+      return NS_OK;
+
+    // if we arrive here, LOAD_DOCUMENT_URI is not set
+
+    // We only care for the security state of sub requests which have actually transfered data.
+
+    if (allowSecurityStateChange && requestHasTransferedData)
+    {  
+      UpdateSubrequestMembers(securityInfo, aRequest);
+
+      // Care for the following scenario:
+      // A new top level document load might have already started,
+      // but the security state of the new top level document might not yet been known.
+      // 
+      // At this point, we are learning about the security state of a sub-document.
+      // We must not update the security state based on the sub content,
+      // if the new top level state is not yet known.
+      //
+      // We skip updating the security state in this case.
+
+      if (mNewToplevelSecurityStateKnown) {
+        UpdateSecurityState(aRequest, false, false);
+      }
+    }
+
+    return NS_OK;
+  }
+
+  return NS_OK;
+}
+
+// I'm keeping this as a separate function, in order to simplify the review
+// for bug 412456. We should inline this in a follow up patch.
+void nsSecureBrowserUIImpl::ObtainEventSink(nsIChannel *channel, 
+                                            nsCOMPtr<nsISecurityEventSink> &sink)
+{
+  if (!sink)
+    NS_QueryNotificationCallbacks(channel, sink);
+}
+
+void
+nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest,
+                                           bool withNewLocation,
+                                           bool withUpdateStatus)
+{
+  lockIconState newSecurityState = lis_no_security;
+  if (mNewToplevelSecurityState & STATE_IS_SECURE) {
+    // If a subresoure/request was insecure, then we have mixed security.
+    if (mSubRequestsBrokenSecurity || mSubRequestsNoSecurity) {
+      newSecurityState = lis_mixed_security;
+    } else {
+      newSecurityState = lis_high_security;
+    }
+  }
+
+  if (mNewToplevelSecurityState & STATE_IS_BROKEN) {
+    newSecurityState = lis_broken_security;
+  }
+
+  mCertUserOverridden =
+    mNewToplevelSecurityState & STATE_CERT_USER_OVERRIDDEN;
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: UpdateSecurityState:  old-new  %d - %d\n", this,
+          mNotifiedSecurityState, newSecurityState));
+
+  bool flagsChanged = false;
+  if (mNotifiedSecurityState != newSecurityState) {
+    // Something changed since the last time.
+    flagsChanged = true;
+    mNotifiedSecurityState = newSecurityState;
+
+    // If we have no security, we also shouldn't have any SSL status.
+    if (newSecurityState == lis_no_security) {
+      mSSLStatus = nullptr;
+    }
+  }
+
+  if (mNotifiedToplevelIsEV != mNewToplevelIsEV) {
+    flagsChanged = true;
+    mNotifiedToplevelIsEV = mNewToplevelIsEV;
+  }
+
+  if (flagsChanged || withNewLocation || withUpdateStatus) {
+    TellTheWorld(aRequest);
+  }
+}
+
+void
+nsSecureBrowserUIImpl::TellTheWorld(nsIRequest* aRequest)
+{
+  uint32_t state = STATE_IS_INSECURE;
+  GetState(&state);
+
+  if (mToplevelEventSink) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: UpdateSecurityState: calling OnSecurityChange\n",
+            this));
+
+    mToplevelEventSink->OnSecurityChange(aRequest, state);
+  } else {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: UpdateSecurityState: NO mToplevelEventSink!\n",
+            this));
+
+  }
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
+                                        nsIRequest* aRequest,
+                                        nsIURI* aLocation,
+                                        uint32_t aFlags)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  ReentrancyGuard guard(*this);
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: OnLocationChange\n", this));
+
+  bool updateIsViewSource = false;
+  bool temp_IsViewSource = false;
+  nsCOMPtr<mozIDOMWindowProxy> window;
+
+  if (aLocation)
+  {
+    bool vs;
+
+    nsresult rv = aLocation->SchemeIs("view-source", &vs);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (vs) {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnLocationChange: view-source\n", this));
+    }
+
+    updateIsViewSource = true;
+    temp_IsViewSource = vs;
+  }
+
+  if (updateIsViewSource) {
+    mIsViewSource = temp_IsViewSource;
+  }
+  mCurrentURI = aLocation;
+  window = do_QueryReferent(mWindow);
+  NS_ASSERTION(window, "Window has gone away?!");
+
+  // When |aRequest| is null, basically we don't trust that document. But if
+  // docshell insists that the document has not changed at all, we will reuse
+  // the previous security state, no matter what |aRequest| may be.
+  if (aFlags & LOCATION_CHANGE_SAME_DOCUMENT)
+    return NS_OK;
+
+  // The location bar has changed, so we must update the security state.  The
+  // only concern with doing this here is that a page may transition from being
+  // reported as completely secure to being reported as partially secure
+  // (mixed).  This may be confusing for users, and it may bother users who
+  // like seeing security dialogs.  However, it seems prudent given that page
+  // loading may never end in some edge cases (perhaps by a site with malicious
+  // intent).
+
+  nsCOMPtr<mozIDOMWindowProxy> windowForProgress;
+  aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress));
+
+  nsCOMPtr<nsISupports> securityInfo(ExtractSecurityInfo(aRequest));
+
+  if (windowForProgress.get() == window.get()) {
+    // For toplevel channels, update the security state right away.
+    mOnLocationChangeSeen = true;
+    EvaluateAndUpdateSecurityState(aRequest, securityInfo, true, false);
+    return NS_OK;
+  }
+
+  // For channels in subdocuments we only update our subrequest state members.
+  UpdateSubrequestMembers(securityInfo, aRequest);
+
+  // Care for the following scenario:
+
+  // A new toplevel document load might have already started, but the security
+  // state of the new toplevel document might not yet be known.
+  // 
+  // At this point, we are learning about the security state of a sub-document.
+  // We must not update the security state based on the sub content, if the new
+  // top level state is not yet known.
+  //
+  // We skip updating the security state in this case.
+
+  if (mNewToplevelSecurityStateKnown) {
+    UpdateSecurityState(aRequest, true, false);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::OnStatusChange(nsIWebProgress* aWebProgress,
+                                      nsIRequest* aRequest,
+                                      nsresult aStatus,
+                                      const char16_t* aMessage)
+{
+  NS_NOTREACHED("notification excluded in AddProgressListener(...)");
+  return NS_OK;
+}
+
+nsresult
+nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress* aWebProgress,
+                                        nsIRequest* aRequest,
+                                        uint32_t state)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+#if defined(DEBUG)
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (!channel)
+    return NS_OK;
+
+  nsCOMPtr<nsIURI> aURI;
+  channel->GetURI(getter_AddRefs(aURI));
+
+  if (aURI) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnSecurityChange: (%x) %s\n", this,
+            state, aURI->GetSpecOrDefault().get()));
+  }
+#endif
+
+  return NS_OK;
+}
+
+// nsISSLStatusProvider methods
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
+{
+  NS_ENSURE_ARG_POINTER(_result);
+  MOZ_ASSERT(NS_IsMainThread());
+
+  switch (mNotifiedSecurityState)
+  {
+    case lis_broken_security:
+    case lis_mixed_security:
+    case lis_high_security:
+      break;
+
+    default:
+      MOZ_FALLTHROUGH_ASSERT("if this is reached you must add more entries to the switch");
+    case lis_no_security:
+      *_result = nullptr;
+      return NS_OK;
+  }
+
+  *_result = mSSLStatus;
+  NS_IF_ADDREF(*_result);
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.h b/security/manager/ssl/nsSecureBrowserUIImpl.h
new file mode 100644
index 000000000..905e89474
--- /dev/null
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.h
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSecureBrowserUIImpl_h
+#define nsSecureBrowserUIImpl_h
+
+#include "PLDHashTable.h"
+#include "mozilla/ReentrancyGuard.h"
+#include "nsCOMPtr.h"
+#include "nsINetUtil.h"
+#include "nsISSLStatusProvider.h"
+#include "nsISecureBrowserUI.h"
+#include "nsISecurityEventSink.h"
+#include "nsIURI.h"
+#include "nsIWebProgressListener.h"
+#include "nsWeakReference.h"
+
+class nsISSLStatus;
+class nsIChannel;
+
+#define NS_SECURE_BROWSER_UI_CID \
+{ 0xcc75499a, 0x1dd1, 0x11b2, {0x8a, 0x82, 0xca, 0x41, 0x0a, 0xc9, 0x07, 0xb8}}
+
+
+class nsSecureBrowserUIImpl : public nsISecureBrowserUI,
+                              public nsIWebProgressListener,
+                              public nsSupportsWeakReference,
+                              public nsISSLStatusProvider
+{
+  friend class mozilla::ReentrancyGuard;
+
+public:
+  nsSecureBrowserUIImpl();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIWEBPROGRESSLISTENER
+  NS_DECL_NSISECUREBROWSERUI
+  NS_DECL_NSISSLSTATUSPROVIDER
+
+protected:
+  virtual ~nsSecureBrowserUIImpl() {};
+
+  nsWeakPtr mWindow;
+  nsWeakPtr mDocShell;
+  nsCOMPtr<nsINetUtil> mIOService;
+  nsCOMPtr<nsIURI> mCurrentURI;
+  nsCOMPtr<nsISecurityEventSink> mToplevelEventSink;
+
+  enum lockIconState {
+    lis_no_security,
+    lis_broken_security,
+    lis_mixed_security,
+    lis_high_security
+  };
+
+  lockIconState mNotifiedSecurityState;
+  bool mNotifiedToplevelIsEV;
+
+  void ResetStateTracking();
+  uint32_t mNewToplevelSecurityState;
+  bool mNewToplevelIsEV;
+  bool mNewToplevelSecurityStateKnown;
+  bool mIsViewSource;
+
+  int32_t mDocumentRequestsInProgress;
+  int32_t mSubRequestsBrokenSecurity;
+  int32_t mSubRequestsNoSecurity;
+  bool mCertUserOverridden;
+  bool mRestoreSubrequests;
+  bool mOnLocationChangeSeen;
+#ifdef DEBUG
+  bool mEntered; // For ReentrancyGuard.
+#endif
+
+  static already_AddRefed<nsISupports> ExtractSecurityInfo(nsIRequest* aRequest);
+  nsresult MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev);
+  void UpdateSecurityState(nsIRequest* aRequest, bool withNewLocation,
+                           bool withUpdateStatus);
+  void TellTheWorld(nsIRequest* aRequest);
+
+  void EvaluateAndUpdateSecurityState(nsIRequest* aRequest, nsISupports *info,
+                                      bool withNewLocation, bool withNewSink);
+  void UpdateSubrequestMembers(nsISupports* securityInfo, nsIRequest* request);
+
+  void ObtainEventSink(nsIChannel *channel, 
+                       nsCOMPtr<nsISecurityEventSink> &sink);
+
+  nsCOMPtr<nsISSLStatus> mSSLStatus;
+  nsCOMPtr<nsISupports> mCurrentToplevelSecurityInfo;
+
+  PLDHashTable mTransferringRequests;
+};
+
+#endif // nsSecureBrowserUIImpl_h
diff --git a/security/manager/ssl/nsSecurityHeaderParser.cpp b/security/manager/ssl/nsSecurityHeaderParser.cpp
new file mode 100644
index 000000000..9fb9f0d6d
--- /dev/null
+++ b/security/manager/ssl/nsSecurityHeaderParser.cpp
@@ -0,0 +1,244 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSecurityHeaderParser.h"
+#include "mozilla/Logging.h"
+
+// The character classes in this file are informed by [RFC2616], Section 2.2.
+// signed char is a signed data type one byte (8 bits) wide, so its value can
+// never be greater than 127. The following implicitly makes use of this.
+
+// A token is one or more CHAR except CTLs or separators.
+// A CHAR is any US-ASCII character (octets 0 - 127).
+// A CTL is any US-ASCII control character (octets 0 - 31) and DEL (127).
+// A separator is one of ()<>@,;:\"/[]?={} as well as space and
+// horizontal-tab (32 and 9, respectively).
+// So, this returns true if chr is any octet 33-126 except ()<>@,;:\"/[]?={}
+bool
+IsTokenSymbol(signed char chr) {
+  if (chr < 33 || chr == 127 ||
+      chr == '(' || chr == ')' || chr == '<' || chr == '>' ||
+      chr == '@' || chr == ',' || chr == ';' || chr == ':' ||
+      chr == '"' || chr == '/' || chr == '[' || chr == ']' ||
+      chr == '?' || chr == '=' || chr == '{' || chr == '}' || chr == '\\') {
+    return false;
+  }
+  return true;
+}
+
+// A quoted-string consists of a quote (") followed by any amount of
+// qdtext or quoted-pair, followed by a quote.
+// qdtext is any TEXT except a quote.
+// TEXT is any 8-bit octet except CTLs, but including LWS.
+// quoted-pair is a backslash (\) followed by a CHAR.
+// So, it turns out, \ can't really be a qdtext symbol for our purposes.
+// This returns true if chr is any octet 9,10,13,32-126 except <"> or "\"
+bool
+IsQuotedTextSymbol(signed char chr) {
+  return ((chr >= 32 && chr != '"' && chr != '\\' && chr != 127) ||
+          chr == 0x9 || chr == 0xa || chr == 0xd);
+}
+
+// The octet following the "\" in a quoted pair can be anything 0-127.
+bool
+IsQuotedPairSymbol(signed char chr) {
+  return (chr >= 0);
+}
+
+static mozilla::LazyLogModule sSHParserLog("nsSecurityHeaderParser");
+
+#define SHPARSERLOG(args) MOZ_LOG(sSHParserLog, mozilla::LogLevel::Debug, args)
+
+nsSecurityHeaderParser::nsSecurityHeaderParser(const char *aHeader)
+  : mCursor(aHeader)
+  , mError(false)
+{
+}
+
+nsSecurityHeaderParser::~nsSecurityHeaderParser() {
+  nsSecurityHeaderDirective *directive;
+  while ((directive = mDirectives.popFirst())) {
+    delete directive;
+  }
+}
+
+mozilla::LinkedList<nsSecurityHeaderDirective> *
+nsSecurityHeaderParser::GetDirectives() {
+  return &mDirectives;
+}
+
+nsresult
+nsSecurityHeaderParser::Parse() {
+  MOZ_ASSERT(mDirectives.isEmpty());
+  SHPARSERLOG(("trying to parse '%s'", mCursor));
+
+  Header();
+
+  // if we didn't consume the entire input, we were unable to parse it => error
+  if (mError || *mCursor) {
+    return NS_ERROR_FAILURE;
+  } else {
+    return NS_OK;
+  }
+}
+
+bool
+nsSecurityHeaderParser::Accept(char aChr)
+{
+  if (*mCursor == aChr) {
+    Advance();
+    return true;
+  }
+
+  return false;
+}
+
+bool
+nsSecurityHeaderParser::Accept(bool (*aClassifier) (signed char))
+{
+  if (aClassifier(*mCursor)) {
+    Advance();
+    return true;
+  }
+
+  return false;
+}
+
+void
+nsSecurityHeaderParser::Expect(char aChr)
+{
+  if (*mCursor != aChr) {
+    mError = true;
+  } else {
+    Advance();
+  }
+}
+
+void
+nsSecurityHeaderParser::Advance()
+{
+  // Technically, 0 is valid in quoted-pair, but we were handed a
+  // null-terminated const char *, so this doesn't handle that.
+  if (*mCursor) {
+    mOutput.Append(*mCursor);
+    mCursor++;
+  } else {
+    mError = true;
+  }
+}
+
+void
+nsSecurityHeaderParser::Header()
+{
+  Directive();
+  while (Accept(';')) {
+    Directive();
+  }
+}
+
+void
+nsSecurityHeaderParser::Directive()
+{
+  mDirective = new nsSecurityHeaderDirective();
+  LWSMultiple();
+  DirectiveName();
+  LWSMultiple();
+  if (Accept('=')) {
+    LWSMultiple();
+    DirectiveValue();
+    LWSMultiple();
+  }
+  mDirectives.insertBack(mDirective);
+  SHPARSERLOG(("read directive name '%s', value '%s'",
+               mDirective->mName.Data(), mDirective->mValue.Data()));
+}
+
+void
+nsSecurityHeaderParser::DirectiveName()
+{
+  mOutput.Truncate(0);
+  Token();
+  mDirective->mName.Assign(mOutput);
+}
+
+void
+nsSecurityHeaderParser::DirectiveValue()
+{
+  mOutput.Truncate(0);
+  if (Accept(IsTokenSymbol)) {
+    Token();
+    mDirective->mValue.Assign(mOutput);
+  } else if (Accept('"')) {
+    // Accept advances the cursor if successful, which appends a character to
+    // mOutput. The " is not part of what we want to capture, so truncate
+    // mOutput again.
+    mOutput.Truncate(0);
+    QuotedString();
+    mDirective->mValue.Assign(mOutput);
+    Expect('"');
+  }
+}
+
+void
+nsSecurityHeaderParser::Token()
+{
+  while (Accept(IsTokenSymbol));
+}
+
+void
+nsSecurityHeaderParser::QuotedString()
+{
+  while (true) {
+    if (Accept(IsQuotedTextSymbol)) {
+      QuotedText();
+    } else if (Accept('\\')) {
+      QuotedPair();
+    } else {
+      break;
+    }
+  }
+}
+
+void
+nsSecurityHeaderParser::QuotedText()
+{
+  while (Accept(IsQuotedTextSymbol));
+}
+
+void
+nsSecurityHeaderParser::QuotedPair()
+{
+  Accept(IsQuotedPairSymbol);
+}
+
+void
+nsSecurityHeaderParser::LWSMultiple()
+{
+  while (true) {
+    if (Accept('\r')) {
+      LWSCRLF();
+    } else if (Accept(' ') || Accept('\t')) {
+      LWS();
+    } else {
+      break;
+    }
+  }
+}
+
+void
+nsSecurityHeaderParser::LWSCRLF() {
+  Expect('\n');
+  if (!(Accept(' ') || Accept('\t'))) {
+    mError = true;
+  }
+  LWS();
+}
+
+void
+nsSecurityHeaderParser::LWS()
+{
+  // Note that becaue of how we're called, we don't have to check for
+  // the mandatory presense of at least one of SP or HT.
+  while (Accept(' ') || Accept('\t'));
+}
diff --git a/security/manager/ssl/nsSecurityHeaderParser.h b/security/manager/ssl/nsSecurityHeaderParser.h
new file mode 100644
index 000000000..eee29127e
--- /dev/null
+++ b/security/manager/ssl/nsSecurityHeaderParser.h
@@ -0,0 +1,74 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSecurityHeaderParser_h__
+#define nsSecurityHeaderParser_h__
+
+#include "nsString.h"
+#include "mozilla/LinkedList.h"
+#include "nsCOMPtr.h"
+
+// Utility class for handing back parsed directives and (optional) values
+class nsSecurityHeaderDirective : public mozilla::LinkedListElement<nsSecurityHeaderDirective> {
+public:
+  nsCString mName;
+  nsCString mValue;
+};
+
+// This class parses security-related HTTP headers like
+// Strict-Transport-Security. The Augmented Backus-Naur Form syntax for this
+// header is reproduced below, for reference:
+//
+//   Strict-Transport-Security = "Strict-Transport-Security" ":"
+//                               [ directive ]  *( ";" [ directive ] )
+//
+//   directive                 = directive-name [ "=" directive-value ]
+//   directive-name            = token
+//   directive-value           = token | quoted-string
+//
+//   where:
+//
+//   token          = <token, defined in [RFC2616], Section 2.2>
+//   quoted-string  = <quoted-string, defined in [RFC2616], Section 2.2>/
+//
+// For further reference, see [RFC6797], Section 6.1
+
+class nsSecurityHeaderParser {
+public:
+  explicit nsSecurityHeaderParser(const char *aHeader);
+  ~nsSecurityHeaderParser();
+
+  // Only call Parse once.
+  nsresult Parse();
+  // The caller does not take ownership of the memory returned here.
+  mozilla::LinkedList<nsSecurityHeaderDirective> *GetDirectives();
+
+private:
+  bool Accept(char aChr);
+  bool Accept(bool (*aClassifier) (signed char));
+  void Expect(char aChr);
+  void Advance();
+  void Header();         // header = [ directive ] *( ";" [ directive ] )
+  void Directive();      // directive = directive-name [ "=" directive-value ]
+  void DirectiveName();  // directive-name = token
+  void DirectiveValue(); // directive-value = token | quoted-string
+  void Token();          // token = 1*<any CHAR except CTLs or separators>
+  void QuotedString();   // quoted-string = (<"> *( qdtext | quoted-pair ) <">)
+  void QuotedText();     // qdtext = <any TEXT except <"> and "\">
+  void QuotedPair();     // quoted-pair = "\" CHAR
+
+                         // LWS = [CRLF] 1*( SP | HT )
+  void LWSMultiple();    // Handles *( LWS )
+  void LWSCRLF();        // Handles the [CRLF] part of LWS
+  void LWS();            // Handles the 1*( SP | HT ) part of LWS
+
+  mozilla::LinkedList<nsSecurityHeaderDirective> mDirectives;
+  const char *mCursor;
+  nsSecurityHeaderDirective *mDirective;
+
+  nsCString mOutput;
+  bool mError;
+};
+
+#endif /* nsSecurityHeaderParser_h__ */
diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
new file mode 100644
index 000000000..322ef6570
--- /dev/null
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -0,0 +1,1302 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSiteSecurityService.h"
+
+#include "mozilla/LinkedList.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Base64.h"
+#include "base64.h"
+#include "CertVerifier.h"
+#include "nsCRTGlue.h"
+#include "nsISSLStatus.h"
+#include "nsISocketProvider.h"
+#include "nsIURI.h"
+#include "nsIX509Cert.h"
+#include "nsNetUtil.h"
+#include "nsNSSComponent.h"
+#include "nsSecurityHeaderParser.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+#include "nsXULAppAPI.h"
+#include "pkix/pkixtypes.h"
+#include "plstr.h"
+#include "mozilla/Logging.h"
+#include "prnetdb.h"
+#include "prprf.h"
+#include "PublicKeyPinningService.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+
+// A note about the preload list:
+// When a site specifically disables HSTS by sending a header with
+// 'max-age: 0', we keep a "knockout" value that means "we have no information
+// regarding the HSTS state of this host" (any ancestor of "this host" can still
+// influence its HSTS status via include subdomains, however).
+// This prevents the preload list from overriding the site's current
+// desired HSTS status.
+#include "nsSTSPreloadList.inc"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+static LazyLogModule gSSSLog("nsSSService");
+
+#define SSSLOG(args) MOZ_LOG(gSSSLog, mozilla::LogLevel::Debug, args)
+
+////////////////////////////////////////////////////////////////////////////////
+
+SiteHSTSState::SiteHSTSState(nsCString& aStateString)
+  : mHSTSExpireTime(0)
+  , mHSTSState(SecurityPropertyUnset)
+  , mHSTSIncludeSubdomains(false)
+{
+  uint32_t hstsState = 0;
+  uint32_t hstsIncludeSubdomains = 0; // PR_sscanf doesn't handle bools.
+  int32_t matches = PR_sscanf(aStateString.get(), "%lld,%lu,%lu",
+                              &mHSTSExpireTime, &hstsState,
+                              &hstsIncludeSubdomains);
+  bool valid = (matches == 3 &&
+                (hstsIncludeSubdomains == 0 || hstsIncludeSubdomains == 1) &&
+                ((SecurityPropertyState)hstsState == SecurityPropertyUnset ||
+                 (SecurityPropertyState)hstsState == SecurityPropertySet ||
+                 (SecurityPropertyState)hstsState == SecurityPropertyKnockout ||
+                 (SecurityPropertyState)hstsState == SecurityPropertyNegative));
+  if (valid) {
+    mHSTSState = (SecurityPropertyState)hstsState;
+    mHSTSIncludeSubdomains = (hstsIncludeSubdomains == 1);
+  } else {
+    SSSLOG(("%s is not a valid SiteHSTSState", aStateString.get()));
+    mHSTSExpireTime = 0;
+    mHSTSState = SecurityPropertyUnset;
+    mHSTSIncludeSubdomains = false;
+  }
+}
+
+SiteHSTSState::SiteHSTSState(PRTime aHSTSExpireTime,
+                             SecurityPropertyState aHSTSState,
+                             bool aHSTSIncludeSubdomains)
+
+  : mHSTSExpireTime(aHSTSExpireTime)
+  , mHSTSState(aHSTSState)
+  , mHSTSIncludeSubdomains(aHSTSIncludeSubdomains)
+{
+}
+
+void
+SiteHSTSState::ToString(nsCString& aString)
+{
+  aString.Truncate();
+  aString.AppendInt(mHSTSExpireTime);
+  aString.Append(',');
+  aString.AppendInt(mHSTSState);
+  aString.Append(',');
+  aString.AppendInt(static_cast<uint32_t>(mHSTSIncludeSubdomains));
+}
+
+////////////////////////////////////////////////////////////////////////////////
+static bool
+stringIsBase64EncodingOf256bitValue(nsCString& encodedString) {
+  nsAutoCString binaryValue;
+  nsresult rv = mozilla::Base64Decode(encodedString, binaryValue);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+  if (binaryValue.Length() != SHA256_LENGTH) {
+    return false;
+  }
+  return true;
+}
+
+SiteHPKPState::SiteHPKPState()
+  : mExpireTime(0)
+  , mState(SecurityPropertyUnset)
+  , mIncludeSubdomains(false)
+{
+}
+
+SiteHPKPState::SiteHPKPState(nsCString& aStateString)
+  : mExpireTime(0)
+  , mState(SecurityPropertyUnset)
+  , mIncludeSubdomains(false)
+{
+  uint32_t hpkpState = 0;
+  uint32_t hpkpIncludeSubdomains = 0; // PR_sscanf doesn't handle bools.
+  const uint32_t MaxMergedHPKPPinSize = 1024;
+  char mergedHPKPins[MaxMergedHPKPPinSize];
+  memset(mergedHPKPins, 0, MaxMergedHPKPPinSize);
+
+  if (aStateString.Length() >= MaxMergedHPKPPinSize) {
+    SSSLOG(("SSS: Cannot parse PKPState string, too large\n"));
+    return;
+  }
+
+  int32_t matches = PR_sscanf(aStateString.get(), "%lld,%lu,%lu,%s",
+                              &mExpireTime, &hpkpState,
+                              &hpkpIncludeSubdomains, mergedHPKPins);
+  bool valid = (matches == 4 &&
+                (hpkpIncludeSubdomains == 0 || hpkpIncludeSubdomains == 1) &&
+                ((SecurityPropertyState)hpkpState == SecurityPropertyUnset ||
+                 (SecurityPropertyState)hpkpState == SecurityPropertySet ||
+                 (SecurityPropertyState)hpkpState == SecurityPropertyKnockout));
+
+  SSSLOG(("SSS: loading SiteHPKPState matches=%d\n", matches));
+  const uint32_t SHA256Base64Len = 44;
+
+  if (valid && (SecurityPropertyState)hpkpState == SecurityPropertySet) {
+    // try to expand the merged PKPins
+    const char* cur = mergedHPKPins;
+    nsAutoCString pin;
+    uint32_t collectedLen = 0;
+    mergedHPKPins[MaxMergedHPKPPinSize - 1] = 0;
+    size_t totalLen = strlen(mergedHPKPins);
+    while (collectedLen + SHA256Base64Len <= totalLen) {
+      pin.Assign(cur, SHA256Base64Len);
+      if (stringIsBase64EncodingOf256bitValue(pin)) {
+        mSHA256keys.AppendElement(pin);
+      }
+      cur += SHA256Base64Len;
+      collectedLen += SHA256Base64Len;
+    }
+    if (mSHA256keys.IsEmpty()) {
+      valid = false;
+    }
+  }
+  if (valid) {
+    mState = (SecurityPropertyState)hpkpState;
+    mIncludeSubdomains = (hpkpIncludeSubdomains == 1);
+  } else {
+    SSSLOG(("%s is not a valid SiteHPKPState", aStateString.get()));
+    mExpireTime = 0;
+    mState = SecurityPropertyUnset;
+    mIncludeSubdomains = false;
+    if (!mSHA256keys.IsEmpty()) {
+      mSHA256keys.Clear();
+    }
+  }
+}
+
+SiteHPKPState::SiteHPKPState(PRTime aExpireTime,
+                             SecurityPropertyState aState,
+                             bool aIncludeSubdomains,
+                             nsTArray<nsCString>& aSHA256keys)
+  : mExpireTime(aExpireTime)
+  , mState(aState)
+  , mIncludeSubdomains(aIncludeSubdomains)
+  , mSHA256keys(aSHA256keys)
+{
+}
+
+void
+SiteHPKPState::ToString(nsCString& aString)
+{
+  aString.Truncate();
+  aString.AppendInt(mExpireTime);
+  aString.Append(',');
+  aString.AppendInt(mState);
+  aString.Append(',');
+  aString.AppendInt(static_cast<uint32_t>(mIncludeSubdomains));
+  aString.Append(',');
+  for (unsigned int i = 0; i < mSHA256keys.Length(); i++) {
+    aString.Append(mSHA256keys[i]);
+  }
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+const uint64_t kSixtyDaysInSeconds = 60 * 24 * 60 * 60;
+
+nsSiteSecurityService::nsSiteSecurityService()
+  : mMaxMaxAge(kSixtyDaysInSeconds)
+  , mUsePreloadList(true)
+  , mPreloadListTimeOffset(0)
+{
+}
+
+nsSiteSecurityService::~nsSiteSecurityService()
+{
+}
+
+NS_IMPL_ISUPPORTS(nsSiteSecurityService,
+                  nsIObserver,
+                  nsISiteSecurityService)
+
+nsresult
+nsSiteSecurityService::Init()
+{
+  // Don't access Preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("nsSiteSecurityService initialized off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  mMaxMaxAge = mozilla::Preferences::GetInt(
+    "security.cert_pinning.max_max_age_seconds", kSixtyDaysInSeconds);
+  mozilla::Preferences::AddStrongObserver(this,
+    "security.cert_pinning.max_max_age_seconds");
+  mUsePreloadList = mozilla::Preferences::GetBool(
+    "network.stricttransportsecurity.preloadlist", true);
+  mozilla::Preferences::AddStrongObserver(this,
+    "network.stricttransportsecurity.preloadlist");
+  mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
+    "security.cert_pinning.process_headers_from_non_builtin_roots", false);
+  mozilla::Preferences::AddStrongObserver(this,
+    "security.cert_pinning.process_headers_from_non_builtin_roots");
+  mPreloadListTimeOffset = mozilla::Preferences::GetInt(
+    "test.currentTimeOffsetSeconds", 0);
+  mozilla::Preferences::AddStrongObserver(this,
+    "test.currentTimeOffsetSeconds");
+  mSiteStateStorage =
+    mozilla::DataStorage::Get(NS_LITERAL_STRING("SiteSecurityServiceState.txt"));
+  mPreloadStateStorage =
+    mozilla::DataStorage::Get(NS_LITERAL_STRING("SecurityPreloadState.txt"));
+  bool storageWillPersist = false;
+  bool preloadStorageWillPersist = false;
+  nsresult rv = mSiteStateStorage->Init(storageWillPersist);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  rv = mPreloadStateStorage->Init(preloadStorageWillPersist);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  // This is not fatal. There are some cases where there won't be a
+  // profile directory (e.g. running xpcshell). There isn't the
+  // expectation that site information will be presisted in those cases.
+  if (!storageWillPersist || !preloadStorageWillPersist) {
+    NS_WARNING("site security information will not be persisted");
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsSiteSecurityService::GetHost(nsIURI* aURI, nsACString& aResult)
+{
+  nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI);
+  if (!innerURI) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoCString host;
+  nsresult rv = innerURI->GetAsciiHost(host);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  aResult.Assign(PublicKeyPinningService::CanonicalizeHostname(host.get()));
+  if (aResult.IsEmpty()) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+static void
+SetStorageKey(nsAutoCString& storageKey, nsCString& hostname, uint32_t aType)
+{
+  storageKey = hostname;
+  switch (aType) {
+    case nsISiteSecurityService::HEADER_HSTS:
+      storageKey.AppendLiteral(":HSTS");
+      break;
+    case nsISiteSecurityService::HEADER_HPKP:
+      storageKey.AppendLiteral(":HPKP");
+      break;
+    default:
+      NS_ASSERTION(false, "SSS:SetStorageKey got invalid type");
+  }
+}
+
+// Expire times are in millis.  Since Headers max-age is in seconds, and
+// PR_Now() is in micros, normalize the units at milliseconds.
+static int64_t
+ExpireTimeFromMaxAge(uint64_t maxAge)
+{
+  return (PR_Now() / PR_USEC_PER_MSEC) + ((int64_t)maxAge * PR_MSEC_PER_SEC);
+}
+
+nsresult
+nsSiteSecurityService::SetHSTSState(uint32_t aType,
+                                    nsIURI* aSourceURI,
+                                    int64_t maxage,
+                                    bool includeSubdomains,
+                                    uint32_t flags,
+                                    SecurityPropertyState aHSTSState)
+{
+  // If max-age is zero, that's an indication to immediately remove the
+  // security state, so here's a shortcut.
+  if (!maxage) {
+    return RemoveState(aType, aSourceURI, flags);
+  }
+
+  MOZ_ASSERT((aHSTSState == SecurityPropertySet ||
+              aHSTSState == SecurityPropertyNegative),
+      "HSTS State must be SecurityPropertySet or SecurityPropertyNegative");
+
+  int64_t expiretime = ExpireTimeFromMaxAge(maxage);
+  SiteHSTSState siteState(expiretime, aHSTSState, includeSubdomains);
+  nsAutoCString stateString;
+  siteState.ToString(stateString);
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aSourceURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+  SSSLOG(("SSS: setting state for %s", hostname.get()));
+  bool isPrivate = flags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, hostname, aType);
+  rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::CacheNegativeHSTSResult(nsIURI* aSourceURI,
+                                               uint64_t aMaxAge)
+{
+  return SetHSTSState(nsISiteSecurityService::HEADER_HSTS, aSourceURI,
+                      aMaxAge, false, 0, SecurityPropertyNegative);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI,
+                                   uint32_t aFlags)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::RemoveState");
+   }
+
+  // Only HSTS is supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  // If this host is in the preload list, we have to store a knockout entry.
+  if (GetPreloadListEntry(hostname.get())) {
+    SSSLOG(("SSS: storing knockout entry for %s", hostname.get()));
+    SiteHSTSState siteState(0, SecurityPropertyKnockout, false);
+    nsAutoCString stateString;
+    siteState.ToString(stateString);
+    nsAutoCString storageKey;
+    SetStorageKey(storageKey, hostname, aType);
+    rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else {
+    SSSLOG(("SSS: removing entry for %s", hostname.get()));
+    nsAutoCString storageKey;
+    SetStorageKey(storageKey, hostname, aType);
+    mSiteStateStorage->Remove(storageKey, storageType);
+  }
+
+  return NS_OK;
+}
+
+static bool
+HostIsIPAddress(const char *hostname)
+{
+  PRNetAddr hostAddr;
+  return (PR_StringToNetAddr(hostname, &hostAddr) == PR_SUCCESS);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ProcessHeader(uint32_t aType,
+                                     nsIURI* aSourceURI,
+                                     const char* aHeader,
+                                     nsISSLStatus* aSSLStatus,
+                                     uint32_t aFlags,
+                                     uint64_t* aMaxAge,
+                                     bool* aIncludeSubdomains,
+                                     uint32_t* aFailureResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ProcessHeader");
+   }
+
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  NS_ENSURE_ARG(aSSLStatus);
+  return ProcessHeaderInternal(aType, aSourceURI, aHeader, aSSLStatus, aFlags,
+                               aMaxAge, aIncludeSubdomains, aFailureResult);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType,
+                                           nsIURI* aSourceURI,
+                                           const char* aHeader,
+                                           uint32_t aFlags,
+                                           uint64_t* aMaxAge,
+                                           bool* aIncludeSubdomains,
+                                           uint32_t* aFailureResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::UnsafeProcessHeader");
+   }
+
+  return ProcessHeaderInternal(aType, aSourceURI, aHeader, nullptr, aFlags,
+                               aMaxAge, aIncludeSubdomains, aFailureResult);
+}
+
+nsresult
+nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
+                                             nsIURI* aSourceURI,
+                                             const char* aHeader,
+                                             nsISSLStatus* aSSLStatus,
+                                             uint32_t aFlags,
+                                             uint64_t* aMaxAge,
+                                             bool* aIncludeSubdomains,
+                                             uint32_t* aFailureResult)
+{
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  // Only HSTS and HPKP are supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  if (aMaxAge != nullptr) {
+    *aMaxAge = 0;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = false;
+  }
+
+  if (aSSLStatus) {
+    bool tlsIsBroken = false;
+    bool trustcheck;
+    nsresult rv;
+    rv = aSSLStatus->GetIsDomainMismatch(&trustcheck);
+    NS_ENSURE_SUCCESS(rv, rv);
+    tlsIsBroken = tlsIsBroken || trustcheck;
+
+    rv = aSSLStatus->GetIsNotValidAtThisTime(&trustcheck);
+    NS_ENSURE_SUCCESS(rv, rv);
+    tlsIsBroken = tlsIsBroken || trustcheck;
+
+    rv = aSSLStatus->GetIsUntrusted(&trustcheck);
+    NS_ENSURE_SUCCESS(rv, rv);
+    tlsIsBroken = tlsIsBroken || trustcheck;
+    if (tlsIsBroken) {
+       SSSLOG(("SSS: discarding header from untrustworthy connection"));
+       if (aFailureResult) {
+         *aFailureResult = nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION;
+       }
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  nsAutoCString host;
+  nsresult rv = GetHost(aSourceURI, host);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (HostIsIPAddress(host.get())) {
+    /* Don't process headers if a site is accessed by IP address. */
+    return NS_OK;
+  }
+
+  switch (aType) {
+    case nsISiteSecurityService::HEADER_HSTS:
+      rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aMaxAge,
+                            aIncludeSubdomains, aFailureResult);
+      break;
+    case nsISiteSecurityService::HEADER_HPKP:
+      rv = ProcessPKPHeader(aSourceURI, aHeader, aSSLStatus, aFlags, aMaxAge,
+                            aIncludeSubdomains, aFailureResult);
+      break;
+    default:
+      MOZ_CRASH("unexpected header type");
+  }
+  return rv;
+}
+
+static uint32_t
+ParseSSSHeaders(uint32_t aType,
+                const char* aHeader,
+                bool& foundIncludeSubdomains,
+                bool& foundMaxAge,
+                bool& foundUnrecognizedDirective,
+                uint64_t& maxAge,
+                nsTArray<nsCString>& sha256keys)
+{
+  // Strict transport security and Public Key Pinning have very similar
+  // Header formats.
+
+  // "Strict-Transport-Security" ":" OWS
+  //      STS-d  *( OWS ";" OWS STS-d  OWS)
+  //
+  //  ; STS directive
+  //  STS-d      = maxAge / includeSubDomains
+  //
+  //  maxAge     = "max-age" "=" delta-seconds v-ext
+  //
+  //  includeSubDomains = [ "includeSubDomains" ]
+  //
+
+  // "Public-Key-Pins ":" OWS
+  //      PKP-d  *( OWS ";" OWS PKP-d  OWS)
+  //
+  //  ; PKP directive
+  //  PKP-d      = maxAge / includeSubDomains / reportUri / pin-directive
+  //
+  //  maxAge     = "max-age" "=" delta-seconds v-ext
+  //
+  //  includeSubDomains = [ "includeSubDomains" ]
+  //
+  //  reportURi  = "report-uri" "=" quoted-string
+  //
+  //  pin-directive = "pin-" token "=" quoted-string
+  //
+  //  the only valid token currently specified is sha256
+  //  the quoted string for a pin directive is the base64 encoding
+  //  of the hash of the public key of the fingerprint
+  //
+
+  //  The order of the directives is not significant.
+  //  All directives must appear only once.
+  //  Directive names are case-insensitive.
+  //  The entire header is invalid if a directive not conforming to the
+  //  syntax is encountered.
+  //  Unrecognized directives (that are otherwise syntactically valid) are
+  //  ignored, and the rest of the header is parsed as normal.
+
+  bool foundReportURI = false;
+
+  NS_NAMED_LITERAL_CSTRING(max_age_var, "max-age");
+  NS_NAMED_LITERAL_CSTRING(include_subd_var, "includesubdomains");
+  NS_NAMED_LITERAL_CSTRING(pin_sha256_var, "pin-sha256");
+  NS_NAMED_LITERAL_CSTRING(report_uri_var, "report-uri");
+
+  nsSecurityHeaderParser parser(aHeader);
+  nsresult rv = parser.Parse();
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: could not parse header"));
+    return nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER;
+  }
+  mozilla::LinkedList<nsSecurityHeaderDirective>* directives = parser.GetDirectives();
+
+  for (nsSecurityHeaderDirective* directive = directives->getFirst();
+       directive != nullptr; directive = directive->getNext()) {
+    SSSLOG(("SSS: found directive %s\n", directive->mName.get()));
+    if (directive->mName.Length() == max_age_var.Length() &&
+        directive->mName.EqualsIgnoreCase(max_age_var.get(),
+                                          max_age_var.Length())) {
+      if (foundMaxAge) {
+        SSSLOG(("SSS: found two max-age directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES;
+      }
+
+      SSSLOG(("SSS: found max-age directive"));
+      foundMaxAge = true;
+
+      size_t len = directive->mValue.Length();
+      for (size_t i = 0; i < len; i++) {
+        char chr = directive->mValue.CharAt(i);
+        if (chr < '0' || chr > '9') {
+          SSSLOG(("SSS: invalid value for max-age directive"));
+          return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
+        }
+      }
+
+      if (PR_sscanf(directive->mValue.get(), "%llu", &maxAge) != 1) {
+        SSSLOG(("SSS: could not parse delta-seconds"));
+        return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
+      }
+
+      SSSLOG(("SSS: parsed delta-seconds: %llu", maxAge));
+    } else if (directive->mName.Length() == include_subd_var.Length() &&
+               directive->mName.EqualsIgnoreCase(include_subd_var.get(),
+                                                 include_subd_var.Length())) {
+      if (foundIncludeSubdomains) {
+        SSSLOG(("SSS: found two includeSubdomains directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS;
+      }
+
+      SSSLOG(("SSS: found includeSubdomains directive"));
+      foundIncludeSubdomains = true;
+
+      if (directive->mValue.Length() != 0) {
+        SSSLOG(("SSS: includeSubdomains directive unexpectedly had value '%s'",
+                directive->mValue.get()));
+        return nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS;
+      }
+    } else if (aType == nsISiteSecurityService::HEADER_HPKP &&
+               directive->mName.Length() == pin_sha256_var.Length() &&
+               directive->mName.EqualsIgnoreCase(pin_sha256_var.get(),
+                                                 pin_sha256_var.Length())) {
+       SSSLOG(("SSS: found pinning entry '%s' length=%d",
+               directive->mValue.get(), directive->mValue.Length()));
+       if (!stringIsBase64EncodingOf256bitValue(directive->mValue)) {
+         return nsISiteSecurityService::ERROR_INVALID_PIN;
+       }
+       sha256keys.AppendElement(directive->mValue);
+   } else if (aType == nsISiteSecurityService::HEADER_HPKP &&
+              directive->mName.Length() == report_uri_var.Length() &&
+              directive->mName.EqualsIgnoreCase(report_uri_var.get(),
+                                                report_uri_var.Length())) {
+       // We don't support the report-uri yet, but to avoid unrecognized
+       // directive warnings, we still have to handle its presence
+      if (foundReportURI) {
+        SSSLOG(("SSS: found two report-uri directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_REPORT_URIS;
+      }
+      SSSLOG(("SSS: found report-uri directive"));
+      foundReportURI = true;
+   } else {
+      SSSLOG(("SSS: ignoring unrecognized directive '%s'",
+              directive->mName.get()));
+      foundUnrecognizedDirective = true;
+    }
+  }
+  return nsISiteSecurityService::Success;
+}
+
+nsresult
+nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
+                                        const char* aHeader,
+                                        nsISSLStatus* aSSLStatus,
+                                        uint32_t aFlags,
+                                        uint64_t* aMaxAge,
+                                        bool* aIncludeSubdomains,
+                                        uint32_t* aFailureResult)
+{
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  SSSLOG(("SSS: processing HPKP header '%s'", aHeader));
+  NS_ENSURE_ARG(aSSLStatus);
+
+  const uint32_t aType = nsISiteSecurityService::HEADER_HPKP;
+  bool foundMaxAge = false;
+  bool foundIncludeSubdomains = false;
+  bool foundUnrecognizedDirective = false;
+  uint64_t maxAge = 0;
+  nsTArray<nsCString> sha256keys;
+  uint32_t sssrv = ParseSSSHeaders(aType, aHeader, foundIncludeSubdomains,
+                                   foundMaxAge, foundUnrecognizedDirective,
+                                   maxAge, sha256keys);
+  if (sssrv != nsISiteSecurityService::Success) {
+    if (aFailureResult) {
+      *aFailureResult = sssrv;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // after processing all the directives, make sure we came across max-age
+  // somewhere.
+  if (!foundMaxAge) {
+    SSSLOG(("SSS: did not encounter required max-age directive"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_NO_MAX_AGE;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // before we add the pin we need to ensure it will not break the site as
+  // currently visited so:
+  // 1. recompute a valid chain (no external ocsp)
+  // 2. use this chain to check if things would have broken!
+  nsAutoCString host;
+  nsresult rv = GetHost(aSourceURI, host);
+  NS_ENSURE_SUCCESS(rv, rv);
+  nsCOMPtr<nsIX509Cert> cert;
+  rv = aSSLStatus->GetServerCert(getter_AddRefs(cert));
+  NS_ENSURE_SUCCESS(rv, rv);
+  NS_ENSURE_TRUE(cert, NS_ERROR_FAILURE);
+  UniqueCERTCertificate nssCert(cert->GetCert());
+  NS_ENSURE_TRUE(nssCert, NS_ERROR_FAILURE);
+
+  mozilla::pkix::Time now(mozilla::pkix::Now());
+  UniqueCERTCertList certList;
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+  // We don't want this verification to cause any network traffic that would
+  // block execution. Also, since we don't have access to the original stapled
+  // OCSP response, we can't enforce this aspect of the TLS Feature extension.
+  // This is ok, because it will have been enforced when we originally connected
+  // to the site (or it's disabled, in which case we wouldn't want to enforce it
+  // anyway).
+  CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY |
+                              CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  if (certVerifier->VerifySSLServerCert(nssCert,
+                                        nullptr, // stapledOCSPResponse
+                                        nullptr, // sctsFromTLSExtension
+                                        now, nullptr, // pinarg
+                                        host.get(), // hostname
+                                        certList,
+                                        false, // don't store intermediates
+                                        flags)
+        != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  if (CERT_LIST_END(rootNode, certList)) {
+    return NS_ERROR_FAILURE;
+  }
+  bool isBuiltIn = false;
+  mozilla::pkix::Result result = IsCertBuiltInRoot(rootNode->cert, isBuiltIn);
+  if (result != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!isBuiltIn && !mProcessPKPHeadersFromNonBuiltInRoots) {
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_ROOT_NOT_BUILT_IN;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // if maxAge == 0 we must delete all state, for now no hole-punching
+  if (maxAge == 0) {
+    return RemoveState(aType, aSourceURI, aFlags);
+  }
+
+  // clamp maxAge to the maximum set by pref
+  if (maxAge > mMaxMaxAge) {
+    maxAge = mMaxMaxAge;
+  }
+
+  bool chainMatchesPinset;
+  rv = PublicKeyPinningService::ChainMatchesPinset(certList, sha256keys,
+                                                   chainMatchesPinset);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!chainMatchesPinset) {
+    // is invalid
+    SSSLOG(("SSS: Pins provided by %s are invalid no match with certList\n", host.get()));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_PINSET_DOES_NOT_MATCH_CHAIN;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // finally we need to ensure that there is a "backup pin" ie. There must be
+  // at least one fingerprint hash that does NOT validate against the verified
+  // chain (Section 2.5 of the spec)
+  bool hasBackupPin = false;
+  for (uint32_t i = 0; i < sha256keys.Length(); i++) {
+    nsTArray<nsCString> singlePin;
+    singlePin.AppendElement(sha256keys[i]);
+    rv = PublicKeyPinningService::ChainMatchesPinset(certList, singlePin,
+                                                     chainMatchesPinset);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (!chainMatchesPinset) {
+      hasBackupPin = true;
+    }
+  }
+  if (!hasBackupPin) {
+     // is invalid
+    SSSLOG(("SSS: Pins provided by %s are invalid no backupPin\n", host.get()));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_NO_BACKUP_PIN;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  int64_t expireTime = ExpireTimeFromMaxAge(maxAge);
+  SiteHPKPState dynamicEntry(expireTime, SecurityPropertySet,
+                             foundIncludeSubdomains, sha256keys);
+  SSSLOG(("SSS: about to set pins for  %s, expires=%ld now=%ld maxAge=%lu\n",
+           host.get(), expireTime, PR_Now() / PR_USEC_PER_MSEC, maxAge));
+
+  rv = SetHPKPState(host.get(), dynamicEntry, aFlags, false);
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: failed to set pins for %s\n", host.get()));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE;
+    }
+    return rv;
+  }
+
+  if (aMaxAge != nullptr) {
+    *aMaxAge = maxAge;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = foundIncludeSubdomains;
+  }
+
+  return foundUnrecognizedDirective
+           ? NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+           : NS_OK;
+}
+
+nsresult
+nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI,
+                                        const char* aHeader,
+                                        uint32_t aFlags,
+                                        uint64_t* aMaxAge,
+                                        bool* aIncludeSubdomains,
+                                        uint32_t* aFailureResult)
+{
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  SSSLOG(("SSS: processing HSTS header '%s'", aHeader));
+
+  const uint32_t aType = nsISiteSecurityService::HEADER_HSTS;
+  bool foundMaxAge = false;
+  bool foundIncludeSubdomains = false;
+  bool foundUnrecognizedDirective = false;
+  uint64_t maxAge = 0;
+  nsTArray<nsCString> unusedSHA256keys; // Required for sane internal interface
+
+  uint32_t sssrv = ParseSSSHeaders(aType, aHeader, foundIncludeSubdomains,
+                                   foundMaxAge, foundUnrecognizedDirective,
+                                   maxAge, unusedSHA256keys);
+  if (sssrv != nsISiteSecurityService::Success) {
+    if (aFailureResult) {
+      *aFailureResult = sssrv;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // after processing all the directives, make sure we came across max-age
+  // somewhere.
+  if (!foundMaxAge) {
+    SSSLOG(("SSS: did not encounter required max-age directive"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_NO_MAX_AGE;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // record the successfully parsed header data.
+  nsresult rv = SetHSTSState(aType, aSourceURI, maxAge, foundIncludeSubdomains,
+                             aFlags, SecurityPropertySet);
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: failed to set STS state"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE;
+    }
+    return rv;
+  }
+
+  if (aMaxAge != nullptr) {
+    *aMaxAge = maxAge;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = foundIncludeSubdomains;
+  }
+
+  return foundUnrecognizedDirective
+           ? NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+           : NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI,
+                                   uint32_t aFlags, bool* aCached,
+                                   bool* aResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::IsSecureURI for non-HSTS entries");
+   }
+
+  NS_ENSURE_ARG(aURI);
+  NS_ENSURE_ARG(aResult);
+
+  // Only HSTS and HPKP are supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+  /* An IP address never qualifies as a secure URI. */
+  if (HostIsIPAddress(hostname.get())) {
+    *aResult = false;
+    return NS_OK;
+  }
+
+  return IsSecureHost(aType, hostname.get(), aFlags, aCached, aResult);
+}
+
+int STSPreloadCompare(const void *key, const void *entry)
+{
+  const char *keyStr = (const char *)key;
+  const nsSTSPreload *preloadEntry = (const nsSTSPreload *)entry;
+  return strcmp(keyStr, &kSTSHostTable[preloadEntry->mHostIndex]);
+}
+
+// Returns the preload list entry for the given host, if it exists.
+// Only does exact host matching - the user must decide how to use the returned
+// data. May return null.
+const nsSTSPreload *
+nsSiteSecurityService::GetPreloadListEntry(const char *aHost)
+{
+  PRTime currentTime = PR_Now() + (mPreloadListTimeOffset * PR_USEC_PER_SEC);
+  if (mUsePreloadList && currentTime < gPreloadListExpirationTime) {
+    return (const nsSTSPreload *) bsearch(aHost,
+                                          kSTSPreloadList,
+                                          mozilla::ArrayLength(kSTSPreloadList),
+                                          sizeof(nsSTSPreload),
+                                          STSPreloadCompare);
+  }
+
+  return nullptr;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost,
+                                    uint32_t aFlags, bool* aCached,
+                                    bool* aResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::IsSecureHost for non-HSTS entries");
+   }
+
+  NS_ENSURE_ARG(aHost);
+  NS_ENSURE_ARG(aResult);
+
+  // Only HSTS and HPKP are supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  // set default in case if we can't find any STS information
+  *aResult = false;
+  if (aCached) {
+    *aCached = false;
+  }
+
+  /* An IP address never qualifies as a secure URI. */
+  if (HostIsIPAddress(aHost)) {
+    return NS_OK;
+  }
+
+  if (aType == nsISiteSecurityService::HEADER_HPKP) {
+    RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+    if (!certVerifier) {
+      return NS_ERROR_FAILURE;
+    }
+    if (certVerifier->mPinningMode ==
+        CertVerifier::PinningMode::pinningDisabled) {
+      return NS_OK;
+    }
+    bool enforceTestMode = certVerifier->mPinningMode ==
+                           CertVerifier::PinningMode::pinningEnforceTestMode;
+    return PublicKeyPinningService::HostHasPins(aHost, mozilla::pkix::Now(),
+                                                enforceTestMode, *aResult);
+  }
+
+  // Holepunch chart.apis.google.com and subdomains.
+  nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost));
+  if (host.EqualsLiteral("chart.apis.google.com") ||
+      StringEndsWith(host, NS_LITERAL_CSTRING(".chart.apis.google.com"))) {
+    if (aCached) {
+      *aCached = true;
+    }
+    return NS_OK;
+  }
+
+  const nsSTSPreload *preload = nullptr;
+
+  // First check the exact host. This involves first checking for an entry in
+  // site security storage. If that entry exists, we don't want to check
+  // in the preload list. We only want to use the stored value if it is not a
+  // knockout entry, however.
+  // Additionally, if it is a knockout entry, we want to stop looking for data
+  // on the host, because the knockout entry indicates "we have no information
+  // regarding the security status of this host".
+  bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, host, aType);
+  nsCString value = mSiteStateStorage->Get(storageKey, storageType);
+  SiteHSTSState siteState(value);
+  if (siteState.mHSTSState != SecurityPropertyUnset) {
+    SSSLOG(("Found entry for %s", host.get()));
+    bool expired = siteState.IsExpired(aType);
+    if (!expired) {
+      if (aCached) {
+        *aCached = true;
+      }
+      if (siteState.mHSTSState == SecurityPropertySet) {
+        *aResult = true;
+        return NS_OK;
+      } else if (siteState.mHSTSState == SecurityPropertyNegative) {
+        *aResult = false;
+        return NS_OK;
+      }
+    }
+
+    // If the entry is expired and not in the preload list, we can remove it.
+    if (expired && !GetPreloadListEntry(host.get())) {
+      mSiteStateStorage->Remove(storageKey, storageType);
+    }
+  }
+  // Finally look in the preloaded list. This is the exact host,
+  // so if an entry exists at all, this host is HSTS.
+  else if (GetPreloadListEntry(host.get())) {
+    SSSLOG(("%s is a preloaded STS host", host.get()));
+    *aResult = true;
+    if (aCached) {
+      *aCached = true;
+    }
+    return NS_OK;
+  }
+
+  SSSLOG(("no HSTS data for %s found, walking up domain", host.get()));
+  const char *subdomain;
+
+  uint32_t offset = 0;
+  for (offset = host.FindChar('.', offset) + 1;
+       offset > 0;
+       offset = host.FindChar('.', offset) + 1) {
+
+    subdomain = host.get() + offset;
+
+    // If we get an empty string, don't continue.
+    if (strlen(subdomain) < 1) {
+      break;
+    }
+
+    // Do the same thing as with the exact host, except now we're looking at
+    // ancestor domains of the original host. So, we have to look at the
+    // include subdomains flag (although we still have to check for a
+    // SecurityPropertySet flag first to check that this is a secure host and
+    // not a knockout entry - and again, if it is a knockout entry, we stop
+    // looking for data on it and skip to the next higher up ancestor domain).
+    nsCString subdomainString(subdomain);
+    nsAutoCString storageKey;
+    SetStorageKey(storageKey, subdomainString, aType);
+    value = mSiteStateStorage->Get(storageKey, storageType);
+    SiteHSTSState siteState(value);
+    if (siteState.mHSTSState != SecurityPropertyUnset) {
+      SSSLOG(("Found entry for %s", subdomain));
+      bool expired = siteState.IsExpired(aType);
+      if (!expired) {
+        if (aCached) {
+          *aCached = true;
+        }
+        if (siteState.mHSTSState == SecurityPropertySet) {
+          *aResult = siteState.mHSTSIncludeSubdomains;
+          break;
+        } else if (siteState.mHSTSState == SecurityPropertyNegative) {
+          *aResult = false;
+          break;
+        }
+      }
+
+      // If the entry is expired and not in the preload list, we can remove it.
+      if (expired && !GetPreloadListEntry(subdomain)) {
+        mSiteStateStorage->Remove(storageKey, storageType);
+      }
+    }
+    // This is an ancestor, so if we get a match, we have to check if the
+    // preloaded entry includes subdomains.
+    else if ((preload = GetPreloadListEntry(subdomain)) != nullptr) {
+      if (preload->mIncludeSubdomains) {
+        SSSLOG(("%s is a preloaded STS host", subdomain));
+        *aResult = true;
+        if (aCached) {
+          *aCached = true;
+        }
+        break;
+      }
+    }
+
+    SSSLOG(("no HSTS data for %s found, walking up domain", subdomain));
+  }
+
+  // Use whatever we ended up with, which defaults to false.
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ClearAll()
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ClearAll");
+   }
+
+  return mSiteStateStorage->Clear();
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ClearPreloads()
+{
+  // Child processes are not allowed direct access to this.
+  if (!XRE_IsParentProcess()) {
+    MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ClearPreloads");
+  }
+
+  return mPreloadStateStorage->Clear();
+}
+
+bool entryStateNotOK(SiteHPKPState& state, mozilla::pkix::Time& aEvalTime) {
+  return state.mState != SecurityPropertySet || state.IsExpired(aEvalTime) ||
+         state.mSHA256keys.Length() < 1;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname,
+                                             mozilla::pkix::Time& aEvalTime,
+                                             /*out*/ nsTArray<nsCString>& pinArray,
+                                             /*out*/ bool* aIncludeSubdomains,
+                                             /*out*/ bool* afound) {
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::GetKeyPinsForHostname");
+   }
+
+  NS_ENSURE_ARG(afound);
+  NS_ENSURE_ARG(aHostname);
+
+  SSSLOG(("Top of GetKeyPinsForHostname for %s", aHostname));
+  *afound = false;
+  *aIncludeSubdomains = false;
+  pinArray.Clear();
+
+  nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHostname));
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP);
+
+  SSSLOG(("storagekey '%s'\n", storageKey.get()));
+  mozilla::DataStorageType storageType = mozilla::DataStorage_Persistent;
+  nsCString value = mSiteStateStorage->Get(storageKey, storageType);
+
+  // decode now
+  SiteHPKPState foundEntry(value);
+  if (entryStateNotOK(foundEntry, aEvalTime)) {
+    // not in permanent storage, try now private
+    value = mSiteStateStorage->Get(storageKey, mozilla::DataStorage_Private);
+    SiteHPKPState privateEntry(value);
+    if (entryStateNotOK(privateEntry, aEvalTime)) {
+      // not in private storage, try dynamic preload
+      value = mPreloadStateStorage->Get(storageKey,
+                                        mozilla::DataStorage_Persistent);
+      SiteHPKPState preloadEntry(value);
+      if (entryStateNotOK(preloadEntry, aEvalTime)) {
+        return NS_OK;
+      }
+      foundEntry = preloadEntry;
+    } else {
+      foundEntry = privateEntry;
+    }
+  }
+  pinArray = foundEntry.mSHA256keys;
+  *aIncludeSubdomains = foundEntry.mIncludeSubdomains;
+  *afound = true;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::SetKeyPins(const char* aHost, bool aIncludeSubdomains,
+                                  int64_t aExpires, uint32_t aPinCount,
+                                  const char** aSha256Pins,
+                                  bool aIsPreload,
+                                  /*out*/ bool* aResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::SetKeyPins");
+   }
+
+  NS_ENSURE_ARG_POINTER(aHost);
+  NS_ENSURE_ARG_POINTER(aResult);
+  NS_ENSURE_ARG_POINTER(aSha256Pins);
+
+  SSSLOG(("Top of SetPins"));
+
+  nsTArray<nsCString> sha256keys;
+  for (unsigned int i = 0; i < aPinCount; i++) {
+    nsAutoCString pin(aSha256Pins[i]);
+    SSSLOG(("SetPins pin=%s\n", pin.get()));
+    if (!stringIsBase64EncodingOf256bitValue(pin)) {
+      return NS_ERROR_INVALID_ARG;
+    }
+    sha256keys.AppendElement(pin);
+  }
+  SiteHPKPState dynamicEntry(aExpires, SecurityPropertySet,
+                             aIncludeSubdomains, sha256keys);
+  // we always store data in permanent storage (ie no flags)
+  nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost));
+  return SetHPKPState(host.get(), dynamicEntry, 0, aIsPreload);
+}
+
+nsresult
+nsSiteSecurityService::SetHPKPState(const char* aHost, SiteHPKPState& entry,
+                                    uint32_t aFlags, bool aIsPreload)
+{
+  SSSLOG(("Top of SetPKPState"));
+  nsAutoCString host(aHost);
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP);
+  bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  nsAutoCString stateString;
+  entry.ToString(stateString);
+
+  nsresult rv;
+  if (aIsPreload) {
+    rv = mPreloadStateStorage->Put(storageKey, stateString, storageType);
+  } else {
+    rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+  }
+  NS_ENSURE_SUCCESS(rv, rv);
+  return NS_OK;
+}
+
+//------------------------------------------------------------
+// nsSiteSecurityService::nsIObserver
+//------------------------------------------------------------
+
+NS_IMETHODIMP
+nsSiteSecurityService::Observe(nsISupports *subject,
+                               const char *topic,
+                               const char16_t *data)
+{
+  // Don't access Preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("Preferences accessed off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (strcmp(topic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    mUsePreloadList = mozilla::Preferences::GetBool(
+      "network.stricttransportsecurity.preloadlist", true);
+    mPreloadListTimeOffset =
+      mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
+    mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
+      "security.cert_pinning.process_headers_from_non_builtin_roots", false);
+    mMaxMaxAge = mozilla::Preferences::GetInt(
+      "security.cert_pinning.max_max_age_seconds", kSixtyDaysInSeconds);
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h
new file mode 100644
index 000000000..f100a8f40
--- /dev/null
+++ b/security/manager/ssl/nsSiteSecurityService.h
@@ -0,0 +1,159 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __nsSiteSecurityService_h__
+#define __nsSiteSecurityService_h__
+
+#include "mozilla/DataStorage.h"
+#include "nsCOMPtr.h"
+#include "nsIObserver.h"
+#include "nsISiteSecurityService.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "pkix/pkixtypes.h"
+#include "prtime.h"
+
+class nsIURI;
+class nsISSLStatus;
+
+// {16955eee-6c48-4152-9309-c42a465138a1}
+#define NS_SITE_SECURITY_SERVICE_CID \
+  {0x16955eee, 0x6c48, 0x4152, \
+    {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
+
+/**
+ * SecurityPropertyState: A utility enum for representing the different states
+ * a security property can be in.
+ * SecurityPropertySet and SecurityPropertyUnset correspond to indicating
+ * a site has or does not have the security property in question, respectively.
+ * SecurityPropertyKnockout indicates a value on a preloaded list is being
+ * overridden, and the associated site does not have the security property
+ * in question.
+ */
+enum SecurityPropertyState {
+  SecurityPropertyUnset = 0,
+  SecurityPropertySet = 1,
+  SecurityPropertyKnockout = 2,
+  SecurityPropertyNegative = 3,
+};
+
+/**
+ * SiteHPKPState: A utility class that encodes/decodes a string describing
+ * the public key pins of a site.
+ * HPKP state consists of:
+ *  - Expiry time (PRTime (aka int64_t) in milliseconds)
+ *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
+ *  - An include subdomains flag (bool, default false)
+ *  - An array of sha-256 hashed base 64 encoded fingerprints of required keys
+ */
+class SiteHPKPState
+{
+public:
+  SiteHPKPState();
+  explicit SiteHPKPState(nsCString& aStateString);
+  SiteHPKPState(PRTime aExpireTime, SecurityPropertyState aState,
+                bool aIncludeSubdomains, nsTArray<nsCString>& SHA256keys);
+
+  PRTime mExpireTime;
+  SecurityPropertyState mState;
+  bool mIncludeSubdomains;
+  nsTArray<nsCString> mSHA256keys;
+
+  bool IsExpired(mozilla::pkix::Time aTime)
+  {
+    if (aTime > mozilla::pkix::TimeFromEpochInSeconds(mExpireTime /
+                                                      PR_MSEC_PER_SEC)) {
+      return true;
+    }
+    return false;
+  }
+
+  void ToString(nsCString& aString);
+};
+
+/**
+ * SiteHSTSState: A utility class that encodes/decodes a string describing
+ * the security state of a site. Currently only handles HSTS.
+ * HSTS state consists of:
+ *  - Expiry time (PRTime (aka int64_t) in milliseconds)
+ *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
+ *  - An include subdomains flag (bool, default false)
+ */
+class SiteHSTSState
+{
+public:
+  explicit SiteHSTSState(nsCString& aStateString);
+  SiteHSTSState(PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
+                bool aHSTSIncludeSubdomains);
+
+  PRTime mHSTSExpireTime;
+  SecurityPropertyState mHSTSState;
+  bool mHSTSIncludeSubdomains;
+
+  bool IsExpired(uint32_t aType)
+  {
+    // If mHSTSExpireTime is 0, this entry never expires (this is the case for
+    // knockout entries).
+    if (mHSTSExpireTime == 0) {
+      return false;
+    }
+
+    PRTime now = PR_Now() / PR_USEC_PER_MSEC;
+    if (now > mHSTSExpireTime) {
+      return true;
+    }
+
+    return false;
+  }
+
+  void ToString(nsCString &aString);
+};
+
+struct nsSTSPreload;
+
+class nsSiteSecurityService : public nsISiteSecurityService
+                            , public nsIObserver
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  NS_DECL_NSISITESECURITYSERVICE
+
+  nsSiteSecurityService();
+  nsresult Init();
+
+protected:
+  virtual ~nsSiteSecurityService();
+
+private:
+  nsresult GetHost(nsIURI *aURI, nsACString &aResult);
+  nsresult SetHSTSState(uint32_t aType, nsIURI* aSourceURI, int64_t maxage,
+                        bool includeSubdomains, uint32_t flags,
+                        SecurityPropertyState aHSTSState);
+  nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI,
+                                 const char* aHeader, nsISSLStatus* aSSLStatus,
+                                 uint32_t aFlags, uint64_t* aMaxAge,
+                                 bool* aIncludeSubdomains,
+                                 uint32_t* aFailureResult);
+  nsresult ProcessSTSHeader(nsIURI* aSourceURI, const char* aHeader,
+                            uint32_t flags, uint64_t* aMaxAge,
+                            bool* aIncludeSubdomains, uint32_t* aFailureResult);
+  nsresult ProcessPKPHeader(nsIURI* aSourceURI, const char* aHeader,
+                            nsISSLStatus* aSSLStatus, uint32_t flags,
+                            uint64_t* aMaxAge, bool* aIncludeSubdomains,
+                            uint32_t* aFailureResult);
+  nsresult SetHPKPState(const char* aHost, SiteHPKPState& entry, uint32_t flags,
+                        bool aIsPreload);
+
+  const nsSTSPreload *GetPreloadListEntry(const char *aHost);
+
+  uint64_t mMaxMaxAge;
+  bool mUsePreloadList;
+  int64_t mPreloadListTimeOffset;
+  bool mProcessPKPHeadersFromNonBuiltInRoots;
+  RefPtr<mozilla::DataStorage> mSiteStateStorage;
+  RefPtr<mozilla::DataStorage> mPreloadStateStorage;
+};
+
+#endif // __nsSiteSecurityService_h__
diff --git a/security/manager/ssl/nsSmartCardMonitor.cpp b/security/manager/ssl/nsSmartCardMonitor.cpp
new file mode 100644
index 000000000..3423d4f5f
--- /dev/null
+++ b/security/manager/ssl/nsSmartCardMonitor.cpp
@@ -0,0 +1,396 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSmartCardMonitor.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Services.h"
+#include "mozilla/Unused.h"
+#include "nsIObserverService.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "nspr.h"
+#include "pk11func.h"
+
+using namespace mozilla;
+
+//
+// The SmartCard monitoring thread should start up for each module we load
+// that has removable tokens. This code calls an NSS function which waits
+// until there is a change in the token state. NSS uses the
+// C_WaitForSlotEvent() call in PKCS #11 if the module implements the call,
+// otherwise NSS will poll the token in a loop with a delay of 'latency'
+// between polls. Note that the C_WaitForSlotEvent() may wake up on any type
+// of token event, so it's necessary to filter these events down to just the
+// insertion and removal events we are looking for.
+//
+// Once the event is found, it is dispatched to the main thread to notify
+// any window where window.crypto.enableSmartCardEvents is true.
+// Additionally, all observers of the topics "smartcard-insert" and
+// "smartcard-remove" are notified by the observer service of the appropriate
+// event.
+//
+
+class nsTokenEventRunnable : public nsIRunnable {
+public:
+  nsTokenEventRunnable(const nsAString& aType, const nsAString& aTokenName)
+    : mType(aType)
+    , mTokenName(aTokenName)
+  {
+  }
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIRUNNABLE
+
+private:
+  virtual ~nsTokenEventRunnable() {}
+
+  nsString mType;
+  nsString mTokenName;
+};
+
+NS_IMPL_ISUPPORTS(nsTokenEventRunnable, nsIRunnable)
+
+NS_IMETHODIMP
+nsTokenEventRunnable::Run()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  nsCOMPtr<nsIObserverService> observerService =
+    mozilla::services::GetObserverService();
+  if (!observerService) {
+    return NS_ERROR_FAILURE;
+  }
+  // This conversion is safe because mType can only be "smartcard-insert"
+  // or "smartcard-remove".
+  NS_ConvertUTF16toUTF8 eventTypeUTF8(mType);
+  return observerService->NotifyObservers(nullptr, eventTypeUTF8.get(),
+                                          mTokenName.get());
+}
+
+// self linking and removing double linked entry
+// adopts the thread it is passed.
+class SmartCardThreadEntry
+{
+public:
+  friend class SmartCardThreadList;
+  SmartCardThreadEntry(SmartCardMonitoringThread *thread,
+                       SmartCardThreadEntry *next,
+                       SmartCardThreadEntry *prev,
+                       SmartCardThreadEntry **head)
+    : next(next)
+    , prev(prev)
+    , head(head)
+    , thread(thread)
+  {
+    if (prev) {
+      prev->next = this;
+    } else {
+      *head = this;
+    }
+    if (next) {
+      next->prev = this;
+    }
+  }
+
+  ~SmartCardThreadEntry()
+  {
+    if (prev) {
+      prev->next = next;
+    } else {
+      *head = next;
+    }
+    if (next) {
+      next->prev = prev;
+    }
+    // NOTE: automatically stops the thread
+    delete thread;
+  }
+
+private:
+  SmartCardThreadEntry *next;
+  SmartCardThreadEntry *prev;
+  SmartCardThreadEntry **head;
+  SmartCardMonitoringThread *thread;
+};
+
+//
+// SmartCardThreadList is a class to help manage the running threads.
+// That way new threads could be started and old ones terminated as we
+// load and unload modules.
+//
+SmartCardThreadList::SmartCardThreadList() : head(0)
+{
+}
+
+SmartCardThreadList::~SmartCardThreadList()
+{
+  // the head is self linking and unlinking, the following
+  // loop removes all entries on the list.
+  // it will also stop the thread if it happens to be running
+  while (head) {
+    delete head;
+  }
+}
+
+void
+SmartCardThreadList::Remove(SECMODModule *aModule)
+{
+  for (SmartCardThreadEntry* current = head; current;
+       current = current->next) {
+    if (current->thread->GetModule() == aModule) {
+      // NOTE: automatically stops the thread and dequeues it from the list
+      delete current;
+      return;
+    }
+  }
+}
+
+// adopts the thread passed to it. Starts the thread as well
+nsresult
+SmartCardThreadList::Add(SmartCardMonitoringThread* thread)
+{
+  SmartCardThreadEntry* current = new SmartCardThreadEntry(thread, head,
+                                                           nullptr, &head);
+  // OK to forget current here, it's on the list.
+  Unused << current;
+
+  return thread->Start();
+}
+
+
+// We really should have a Unity PL Hash function...
+static PLHashNumber
+unity(const void* key) { return PLHashNumber(NS_PTR_TO_INT32(key)); }
+
+SmartCardMonitoringThread::SmartCardMonitoringThread(SECMODModule* module_)
+  : mThread(nullptr)
+{
+  mModule = SECMOD_ReferenceModule(module_);
+  // simple hash functions, most modules have less than 3 slots, so 10 buckets
+  // should be plenty
+  mHash = PL_NewHashTable(10, unity, PL_CompareValues, PL_CompareStrings,
+                          nullptr, 0);
+}
+
+//
+// when we shutdown the thread, be sure to stop it first. If not, it just might
+// crash when the mModule it is looking at disappears.
+//
+SmartCardMonitoringThread::~SmartCardMonitoringThread()
+{
+  Stop();
+  SECMOD_DestroyModule(mModule);
+  if (mHash) {
+    PL_HashTableDestroy(mHash);
+  }
+}
+
+nsresult
+SmartCardMonitoringThread::Start()
+{
+  if (!mThread) {
+    mThread = PR_CreateThread(PR_SYSTEM_THREAD, LaunchExecute, this,
+                              PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+                              PR_JOINABLE_THREAD, 0);
+  }
+  return mThread ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+//
+// Should only stop if we are through with the module.
+// CancelWait has the side effect of losing all the keys and
+// current operations on the module!. (See the comment in
+// SECMOD_CancelWait for why this is so..).
+//
+void SmartCardMonitoringThread::Stop()
+{
+  SECStatus rv;
+
+  rv = SECMOD_CancelWait(mModule);
+  if (rv != SECSuccess) {
+    // we didn't wake up the Wait, so don't try to join the thread
+    // otherwise we will hang forever...
+    return;
+  }
+
+  // confused about the memory model here? NSPR owns the memory for
+  // threads. non-joinable threads are freed when the thread dies.
+  // joinable threads are freed after the call to PR_JoinThread.
+  // That means if SECMOD_CancelWait fails, we'll leak the mThread
+  // structure. this is considered preferable to hanging (which is
+  // what will happen if we try to join a thread that blocked).
+  if (mThread) {
+    PR_JoinThread(mThread);
+    mThread = 0;
+  }
+}
+
+//
+// remember the name and series of a token in a particular slot.
+// This is important because the name is no longer available when
+// the token is removed. If listeners depended on this information,
+// They would be out of luck. It also is a handy way of making sure
+// we don't generate spurious insertion and removal events as the slot
+// cycles through various states.
+//
+void
+SmartCardMonitoringThread::SetTokenName(CK_SLOT_ID slotid,
+                                       const char* tokenName, uint32_t series)
+{
+  if (mHash) {
+    if (tokenName) {
+      int len = strlen(tokenName) + 1;
+      /* this must match the allocator used in
+       * PLHashAllocOps.freeEntry DefaultFreeEntry */
+      char* entry = (char*)PR_Malloc(len + sizeof(uint32_t));
+
+      if (entry) {
+        memcpy(entry, &series, sizeof(uint32_t));
+        memcpy(&entry[sizeof(uint32_t)], tokenName, len);
+
+        PL_HashTableAdd(mHash, (void*)(uintptr_t)slotid, entry); /* adopt */
+        return;
+      }
+    } else {
+      // if tokenName was not provided, remove the old one (implicit delete)
+      PL_HashTableRemove(mHash, (void*)(uintptr_t)slotid);
+    }
+  }
+}
+
+// retrieve the name saved above
+const char*
+SmartCardMonitoringThread::GetTokenName(CK_SLOT_ID slotid)
+{
+  const char* tokenName = nullptr;
+  const char* entry;
+
+  if (mHash) {
+    entry = (const char*)PL_HashTableLookupConst(mHash,
+                                                 (void*)(uintptr_t)slotid);
+    if (entry) {
+      tokenName = &entry[sizeof(uint32_t)];
+    }
+  }
+  return tokenName;
+}
+
+// retrieve the series saved in SetTokenName above
+uint32_t
+SmartCardMonitoringThread::GetTokenSeries(CK_SLOT_ID slotid)
+{
+  uint32_t series = 0;
+  const char* entry;
+
+  if (mHash) {
+    entry = (const char*)PL_HashTableLookupConst(mHash,
+                                                 (void*)(uintptr_t)slotid);
+    if (entry) {
+      memcpy(&series, entry, sizeof(uint32_t));
+    }
+  }
+  return series;
+}
+
+//
+// helper function to pass the event off to nsNSSComponent.
+//
+void
+SmartCardMonitoringThread::SendEvent(const nsAString& eventType,
+                                     const char* tokenName)
+{
+  // The token name should be UTF8, but it's not clear that this is enforced
+  // by NSS. To be safe, we explicitly check here before converting it to
+  // UTF16. If it isn't UTF8, we just use an empty string with the idea that
+  // consumers of these events should at least be notified that something
+  // happened.
+  nsAutoString tokenNameUTF16(NS_LITERAL_STRING(""));
+  if (IsUTF8(nsDependentCString(tokenName))) {
+    tokenNameUTF16.Assign(NS_ConvertUTF8toUTF16(tokenName));
+  }
+  nsCOMPtr<nsIRunnable> runnable(new nsTokenEventRunnable(eventType,
+                                                          tokenNameUTF16));
+  NS_DispatchToMainThread(runnable);
+}
+
+//
+// This is the main loop.
+//
+void SmartCardMonitoringThread::Execute()
+{
+  const char* tokenName;
+
+  //
+  // populate token names for already inserted tokens.
+  //
+  PK11SlotList* sl = PK11_FindSlotsByNames(mModule->dllName, nullptr, nullptr,
+                                           true);
+
+  PK11SlotListElement* sle;
+  if (sl) {
+    for (sle = PK11_GetFirstSafe(sl); sle;
+         sle = PK11_GetNextSafe(sl, sle, false)) {
+      SetTokenName(PK11_GetSlotID(sle->slot), PK11_GetTokenName(sle->slot),
+                   PK11_GetSlotSeries(sle->slot));
+    }
+    PK11_FreeSlotList(sl);
+  }
+
+  // loop starts..
+  do {
+    UniquePK11SlotInfo slot(
+      SECMOD_WaitForAnyTokenEvent(mModule, 0, PR_SecondsToInterval(1)));
+    if (!slot) {
+      break;
+    }
+
+    // now we have a potential insertion or removal event, see if the slot
+    // is present to determine which it is...
+    if (PK11_IsPresent(slot.get())) {
+      // insertion
+      CK_SLOT_ID slotID = PK11_GetSlotID(slot.get());
+      uint32_t series = PK11_GetSlotSeries(slot.get());
+
+      // skip spurious insertion events...
+      if (series != GetTokenSeries(slotID)) {
+        // if there's a token name, then we have not yet issued a remove
+        // event for the previous token, do so now...
+        tokenName = GetTokenName(slotID);
+        if (tokenName) {
+          SendEvent(NS_LITERAL_STRING("smartcard-remove"), tokenName);
+        }
+        tokenName = PK11_GetTokenName(slot.get());
+        // save the token name and series
+        SetTokenName(slotID, tokenName, series);
+        SendEvent(NS_LITERAL_STRING("smartcard-insert"), tokenName);
+      }
+    } else {
+      // retrieve token name
+      CK_SLOT_ID slotID = PK11_GetSlotID(slot.get());
+      tokenName = GetTokenName(slotID);
+      // if there's not a token name, then the software isn't expecting
+      // a (or another) remove event.
+      if (tokenName) {
+        SendEvent(NS_LITERAL_STRING("smartcard-remove"), tokenName);
+        // clear the token name (after we send it)
+        SetTokenName(slotID, nullptr, 0);
+      }
+    }
+  } while (1);
+}
+
+// accessor to help searching active Monitoring threads
+const SECMODModule* SmartCardMonitoringThread::GetModule()
+{
+  return mModule;
+}
+
+// C-like calling sequence to glue into PR_CreateThread.
+void SmartCardMonitoringThread::LaunchExecute(void* arg)
+{
+  PR_SetCurrentThreadName("SmartCard");
+
+  ((SmartCardMonitoringThread*)arg)->Execute();
+}
diff --git a/security/manager/ssl/nsSmartCardMonitor.h b/security/manager/ssl/nsSmartCardMonitor.h
new file mode 100644
index 000000000..bfadf31e8
--- /dev/null
+++ b/security/manager/ssl/nsSmartCardMonitor.h
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSmartCardMonitor_h
+#define nsSmartCardMonitor_h
+
+#include "prthread.h"
+#include "secmod.h"
+#include "plhash.h"
+#include "pkcs11t.h"
+
+class SmartCardThreadEntry;
+class SmartCardMonitoringThread;
+
+//
+// manage a group of SmartCardMonitoringThreads
+//
+class SmartCardThreadList {
+public:
+  SmartCardThreadList();
+  ~SmartCardThreadList();
+  void Remove(SECMODModule* module);
+  nsresult Add(SmartCardMonitoringThread* thread);
+
+private:
+  SmartCardThreadEntry* head;
+};
+
+//
+// monitor a Module for token insertion and removal
+//
+// NOTE: this provides the application the ability to dynamically add slots
+// on the fly as necessary.
+//
+class SmartCardMonitoringThread
+{
+ public:
+  explicit SmartCardMonitoringThread(SECMODModule* module);
+  ~SmartCardMonitoringThread();
+  
+  nsresult Start();
+  void Stop();
+  
+  void Execute();
+  void Interrupt();
+  
+  const SECMODModule* GetModule();
+
+ private:
+  static void LaunchExecute(void* arg);
+  void SetTokenName(CK_SLOT_ID slotid, const char* tokenName, uint32_t series);
+  const char* GetTokenName(CK_SLOT_ID slotid);
+  uint32_t GetTokenSeries(CK_SLOT_ID slotid);
+  void SendEvent(const nsAString& type, const char* tokenName);
+  
+  SECMODModule* mModule;
+  PLHashTable* mHash;
+  PRThread* mThread;
+};
+
+#endif // nsSmartCardMonitor_h
diff --git a/security/manager/ssl/nsTLSSocketProvider.cpp b/security/manager/ssl/nsTLSSocketProvider.cpp
new file mode 100644
index 000000000..190dd7769
--- /dev/null
+++ b/security/manager/ssl/nsTLSSocketProvider.cpp
@@ -0,0 +1,69 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/BasePrincipal.h"
+#include "nsTLSSocketProvider.h"
+#include "nsNSSIOLayer.h"
+#include "nsError.h"
+
+using mozilla::NeckoOriginAttributes;
+
+nsTLSSocketProvider::nsTLSSocketProvider()
+{
+}
+
+nsTLSSocketProvider::~nsTLSSocketProvider()
+{
+}
+
+NS_IMPL_ISUPPORTS(nsTLSSocketProvider, nsISocketProvider)
+
+NS_IMETHODIMP
+nsTLSSocketProvider::NewSocket(int32_t family,
+                               const char *host,
+                               int32_t port,
+                               nsIProxyInfo *proxy,
+                               const NeckoOriginAttributes &originAttributes,
+                               uint32_t flags,
+                               PRFileDesc **_result,
+                               nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerNewSocket(family,
+                                      host,
+                                      port,
+                                      proxy,
+                                      originAttributes,
+                                      _result,
+                                      securityInfo,
+                                      true,
+                                      flags);
+  
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
+
+// Add the SSL IO layer to an existing socket
+NS_IMETHODIMP
+nsTLSSocketProvider::AddToSocket(int32_t family,
+                                 const char *host,
+                                 int32_t port,
+                                 nsIProxyInfo *proxy,
+                                 const NeckoOriginAttributes &originAttributes,
+                                 uint32_t flags,
+                                 PRFileDesc *aSocket,
+                                 nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerAddToSocket(family,
+                                        host,
+                                        port,
+                                        proxy,
+                                        originAttributes,
+                                        aSocket,
+                                        securityInfo,
+                                        true,
+                                        flags);
+  
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
diff --git a/security/manager/ssl/nsTLSSocketProvider.h b/security/manager/ssl/nsTLSSocketProvider.h
new file mode 100644
index 000000000..5fa6e670b
--- /dev/null
+++ b/security/manager/ssl/nsTLSSocketProvider.h
@@ -0,0 +1,34 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSTLSSOCKETPROVIDER_H_
+#define _NSTLSSOCKETPROVIDER_H_
+
+#include "nsISocketProvider.h"
+
+
+#define NS_STARTTLSSOCKETPROVIDER_CID \
+{ /* b9507aec-1dd1-11b2-8cd5-c48ee0c50307 */         \
+     0xb9507aec,                                     \
+     0x1dd1,                                         \
+     0x11b2,                                         \
+    {0x8c, 0xd5, 0xc4, 0x8e, 0xe0, 0xc5, 0x03, 0x07} \
+}
+
+class nsTLSSocketProvider : public nsISocketProvider
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISOCKETPROVIDER
+
+  // nsTLSSocketProvider methods:
+  nsTLSSocketProvider();
+
+protected:
+  virtual ~nsTLSSocketProvider();
+};
+
+#endif /* _NSTLSSOCKETPROVIDER_H_ */
diff --git a/security/manager/ssl/nsVerificationJob.h b/security/manager/ssl/nsVerificationJob.h
new file mode 100644
index 000000000..3bf4c6a5b
--- /dev/null
+++ b/security/manager/ssl/nsVerificationJob.h
@@ -0,0 +1,51 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _INC_NSVERIFICATIONJOB_H
+#define _INC_NSVERIFICATIONJOB_H
+
+#include "nspr.h"
+
+#include "nsIX509Cert.h"
+#include "nsProxyRelease.h"
+
+class nsBaseVerificationJob
+{
+public:
+  virtual ~nsBaseVerificationJob() {}
+  virtual void Run() = 0;
+};
+
+class nsCertVerificationJob : public nsBaseVerificationJob
+{
+public:
+  nsCOMPtr<nsIX509Cert> mCert;
+  nsMainThreadPtrHandle<nsICertVerificationListener> mListener;
+
+  void Run();
+};
+
+class nsCertVerificationResult : public nsICertVerificationResult
+{
+public:
+  nsCertVerificationResult();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTVERIFICATIONRESULT
+
+protected:
+  virtual ~nsCertVerificationResult();
+
+private:
+  nsresult mRV;
+  uint32_t mVerified;
+  uint32_t mCount;
+  char16_t **mUsages;
+
+friend class nsCertVerificationJob;
+};
+
+#endif
diff --git a/security/manager/ssl/tests/.eslintrc.js b/security/manager/ssl/tests/.eslintrc.js
new file mode 100644
index 000000000..a2a4eb389
--- /dev/null
+++ b/security/manager/ssl/tests/.eslintrc.js
@@ -0,0 +1,8 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "rules": {
+    // Disallow non-top level |var| declarations.
+    "mozilla/var-only-at-top-level": "error"
+  }
+};
diff --git a/security/manager/ssl/tests/gtest/CertDBTest.cpp b/security/manager/ssl/tests/gtest/CertDBTest.cpp
new file mode 100644
index 000000000..e6b773cd6
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/CertDBTest.cpp
@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+#include "nsCOMPtr.h"
+#include "nsIPrefService.h"
+#include "nsISimpleEnumerator.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509CertList.h"
+#include "nsServiceManagerUtils.h"
+
+TEST(psm_CertDB, Test)
+{
+  {
+    nsCOMPtr<nsIPrefBranch> prefs(do_GetService(NS_PREFSERVICE_CONTRACTID));
+    ASSERT_TRUE(prefs) << "couldn't get nsIPrefBranch";
+
+    // When PSM initializes, it attempts to get some localized strings.
+    // As a result, Android flips out if this isn't set.
+    nsresult rv = prefs->SetBoolPref("intl.locale.matchOS", true);
+    ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't set pref 'intl.locale.matchOS'";
+
+    nsCOMPtr<nsIX509CertDB> certdb(do_GetService(NS_X509CERTDB_CONTRACTID));
+    ASSERT_TRUE(certdb) << "couldn't get certdb";
+
+    nsCOMPtr<nsIX509CertList> certList;
+    rv = certdb->GetCerts(getter_AddRefs(certList));
+    ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't get list of certificates";
+
+    nsCOMPtr<nsISimpleEnumerator> enumerator;
+    rv = certList->GetEnumerator(getter_AddRefs(enumerator));
+    ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't enumerate certificate list";
+
+    bool foundBuiltIn = false;
+    bool hasMore = false;
+    while (NS_SUCCEEDED(enumerator->HasMoreElements(&hasMore)) && hasMore) {
+      nsCOMPtr<nsISupports> supports;
+      ASSERT_TRUE(NS_SUCCEEDED(enumerator->GetNext(getter_AddRefs(supports))))
+        << "couldn't get next certificate";
+
+      nsCOMPtr<nsIX509Cert> cert(do_QueryInterface(supports));
+      ASSERT_TRUE(cert) << "couldn't QI to nsIX509Cert";
+
+      ASSERT_TRUE(NS_SUCCEEDED(cert->GetIsBuiltInRoot(&foundBuiltIn))) <<
+        "GetIsBuiltInRoot failed";
+
+      if (foundBuiltIn) {
+        break;
+      }
+    }
+
+    ASSERT_TRUE(foundBuiltIn) << "didn't load any built-in certificates";
+
+    printf("successfully loaded at least one built-in certificate\n");
+
+  } // this scopes the nsCOMPtrs
+}
diff --git a/security/manager/ssl/tests/gtest/DataStorageTest.cpp b/security/manager/ssl/tests/gtest/DataStorageTest.cpp
new file mode 100644
index 000000000..eaab50878
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/DataStorageTest.cpp
@@ -0,0 +1,225 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "mozilla/DataStorage.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsNetUtil.h"
+#include "nsPrintfCString.h"
+#include "nsStreamUtils.h"
+#include "prtime.h"
+
+using namespace mozilla;
+
+class psm_DataStorageTest : public ::testing::Test
+{
+protected:
+  virtual void SetUp()
+  {
+    const ::testing::TestInfo* const testInfo =
+      ::testing::UnitTest::GetInstance()->current_test_info();
+    NS_ConvertUTF8toUTF16 testName(testInfo->name());
+    storage = DataStorage::Get(testName);
+    storage->Init(dataWillPersist);
+  }
+
+  RefPtr<DataStorage> storage;
+  bool dataWillPersist;
+};
+
+NS_NAMED_LITERAL_CSTRING(testKey, "test");
+NS_NAMED_LITERAL_CSTRING(testValue, "value");
+NS_NAMED_LITERAL_CSTRING(privateTestValue, "private");
+
+TEST_F(psm_DataStorageTest, GetPutRemove)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  // Test Put/Get on Persistent data
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  // Don't re-use testKey / testValue here, to make sure that this works as
+  // expected with objects that have the same semantic value but are not
+  // literally the same object.
+  nsCString result = storage->Get(NS_LITERAL_CSTRING("test"),
+                                  DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+
+  // Get on Temporary/Private data with the same key should give nothing
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_TRUE(result.IsEmpty());
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+
+  // Put with Temporary/Private data shouldn't affect Persistent data
+  NS_NAMED_LITERAL_CSTRING(temporaryTestValue, "temporary");
+  EXPECT_EQ(NS_OK, storage->Put(testKey, temporaryTestValue,
+                                DataStorage_Temporary));
+  EXPECT_EQ(NS_OK, storage->Put(testKey, privateTestValue,
+                                DataStorage_Private));
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_STREQ("temporary", result.get());
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+
+  // Put of a previously-present key overwrites it (if of the same type)
+  NS_NAMED_LITERAL_CSTRING(newValue, "new");
+  EXPECT_EQ(NS_OK, storage->Put(testKey, newValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("new", result.get());
+
+  // Removal should work
+  storage->Remove(testKey, DataStorage_Temporary);
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_TRUE(result.IsEmpty());
+  // But removing one type shouldn't affect the others
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("new", result.get());
+  // Test removing the other types as well
+  storage->Remove(testKey, DataStorage_Private);
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+  storage->Remove(testKey, DataStorage_Persistent);
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, InputValidation)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  // Keys may not have tabs or newlines
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(NS_LITERAL_CSTRING("key\thas tab"), testValue,
+                   DataStorage_Persistent));
+  nsCString result = storage->Get(NS_LITERAL_CSTRING("key\thas tab"),
+                            DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(NS_LITERAL_CSTRING("key has\nnewline"), testValue,
+                   DataStorage_Persistent));
+  result = storage->Get(NS_LITERAL_CSTRING("keyhas\nnewline"),
+                  DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+  // Values may not have newlines
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(testKey, NS_LITERAL_CSTRING("value\nhas newline"),
+                   DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  // Values may have tabs
+  EXPECT_TRUE(result.IsEmpty());
+  EXPECT_EQ(NS_OK, storage->Put(testKey,
+                                NS_LITERAL_CSTRING("val\thas tab; this is ok"),
+                                DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("val\thas tab; this is ok", result.get());
+
+  nsCString longKey("a");
+  for (int i = 0; i < 8; i++) {
+    longKey.Append(longKey);
+  }
+  // A key of length 256 will work
+  EXPECT_EQ(NS_OK, storage->Put(longKey, testValue, DataStorage_Persistent));
+  result = storage->Get(longKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+  longKey.Append("a");
+  // A key longer than that will not work
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(longKey, testValue, DataStorage_Persistent));
+  result = storage->Get(longKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+
+  nsCString longValue("a");
+  for (int i = 0; i < 10; i++) {
+    longValue.Append(longValue);
+  }
+  // A value of length 1024 will work
+  EXPECT_EQ(NS_OK, storage->Put(testKey, longValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ(longValue.get(), result.get());
+  longValue.Append("a");
+  // A value longer than that will not work
+  storage->Remove(testKey, DataStorage_Persistent);
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(testKey, longValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, Eviction)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  // Eviction is on a per-table basis. Tables shouldn't affect each other.
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  for (int i = 0; i < 1025; i++) {
+    EXPECT_EQ(NS_OK, storage->Put(nsPrintfCString("%d", i),
+                                  nsPrintfCString("%d", i),
+                                  DataStorage_Temporary));
+    nsCString result = storage->Get(nsPrintfCString("%d", i),
+                                    DataStorage_Temporary);
+    EXPECT_STREQ(nsPrintfCString("%d", i).get(), result.get());
+  }
+  // We don't know which entry got evicted, but we can count them.
+  int entries = 0;
+  for (int i = 0; i < 1025; i++) {
+    nsCString result = storage->Get(nsPrintfCString("%d", i),
+                                    DataStorage_Temporary);
+    if (!result.IsEmpty()) {
+      entries++;
+    }
+  }
+  EXPECT_EQ(entries, 1024);
+  nsCString result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+}
+
+TEST_F(psm_DataStorageTest, ClearPrivateData)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  EXPECT_EQ(NS_OK, storage->Put(testKey, privateTestValue,
+                                DataStorage_Private));
+  nsCString result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  storage->Observe(nullptr, "last-pb-context-exited", nullptr);
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, Shutdown)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  nsCString result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+  // Get "now" (in days) close to when the data was last touched, so we won't
+  // get intermittent failures with the day not matching.
+  int64_t microsecondsPerDay = 24 * 60 * 60 * int64_t(PR_USEC_PER_SEC);
+  int32_t nowInDays = int32_t(PR_Now() / microsecondsPerDay);
+  storage->Observe(nullptr, "profile-before-change", nullptr);
+  nsCOMPtr<nsIFile> backingFile;
+  EXPECT_EQ(NS_OK, NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                          getter_AddRefs(backingFile)));
+  const ::testing::TestInfo* const testInfo =
+    ::testing::UnitTest::GetInstance()->current_test_info();
+  NS_ConvertUTF8toUTF16 testName(testInfo->name());
+  EXPECT_EQ(NS_OK, backingFile->Append(testName));
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  EXPECT_EQ(NS_OK, NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream),
+                                              backingFile));
+  nsCString data;
+  EXPECT_EQ(NS_OK, NS_ConsumeStream(fileInputStream, UINT32_MAX, data));
+  // The data will be of the form 'test\t0\t<days since the epoch>\tvalue'
+  EXPECT_STREQ(nsPrintfCString("test\t0\t%d\tvalue\n", nowInDays).get(),
+               data.get());
+}
diff --git a/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp
new file mode 100644
index 000000000..868ecdba6
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+#include "nsCOMPtr.h"
+#include "nsString.h"
+#include "nsSerializationHelper.h"
+
+// These tests verify that we can still deserialize old binary strings
+// generated for security info.  This is necessary because service workers
+// stores these strings on disk.
+//
+// If you make a change and start breaking these tests, you will need to
+// add a compat fix for loading the old versions.  For things that affect
+// the UUID, but do not break the rest of the format you can simply add
+// another hack condition in nsBinaryInputStream::ReadObject().  If you
+// change the overall format of the serialization then we will need more
+// complex handling in the security info concrete classes.
+//
+// We would like to move away from this binary compatibility requirement
+// in service workers.  See bug 1248628.
+
+TEST(psm_DeserializeCert, gecko33)
+{
+  // Gecko 33+ vintage Security info serialized with UUIDs:
+  //  - nsISupports  00000000-0000-0000-c000-000000000046
+  //  - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8
+  //  - nsIX509Cert  f8ed8364-ced9-4c6e-86ba-48af53c393e6
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA"
+  "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8F+O2DZM7ZTG6GukivU8OT5gAAAAIAAAWpMII"
+  "FpTCCBI2gAwIBAgIQD4svsaKEC+QtqtsU2TF8ITANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN"
+  "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN"
+  "lcnZlciBDQTAeFw0xNTAyMjMwMDAwMDBaFw0xNjAzMDIxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRYwFAYDVQQHEw1TYW4gRnJhbmN"
+  "pc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII"
+  "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ"
+  "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh"
+  "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B"
+  "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICPzCCAjs"
+  "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK"
+  "CDnd3dy5naXRodWIuY29tggpnaXRodWIuY29tggwqLmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV"
+  "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM"
+  "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3J"
+  "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb"
+  "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQc"
+  "wAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUN"
+  "lcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAc4dbVmuKvyI7"
+  "KZ4Txk+ZqcAYToJGKUIVaPL94e5SZGweUisjaCbplAOihnf6Mxt8n6vnuH2IsCaz2NRHqhdcosjT3CwAiJpJNkXPKWVL/txgdSTV"
+  "2cqB1GG4esFOalvI52dzn+J4fTIYZvNF+AtGyHSLm2XRXYZCw455laUKf6Sk9RDShDgUvzhOKL4GXfTwKXv12MyMknJybH8UCpjC"
+  "HZmFBVHMcUN/87HsQo20PdOekeEvkjrrMIxW+gxw22Yb67yF/qKgwrWr+43bLN709iyw+LWiU7sQcHL2xk9SYiWQDj2tYz2soObV"
+  "QYTJm0VUZMEVFhtALq46cx92Zu4vFwC8AAwAAAAABAQAA");
+
+  nsCOMPtr<nsISupports> cert;
+  nsresult rv = NS_DeserializeObject(base64Serialization, getter_AddRefs(cert));
+  ASSERT_EQ(NS_OK, rv);
+  ASSERT_TRUE(cert);
+}
+
+TEST(psm_DeserializeCert, gecko46)
+{
+  // Gecko 46+ vintage Security info serialized with UUIDs:
+  //  - nsISupports  00000000-0000-0000-c000-000000000046
+  //  - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8
+  //  - nsIX509Cert  bdc3979a-5422-4cd5-8589-696b6e96ea83
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA"
+  "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAIAAAWzMII"
+  "FrzCCBJegAwIBAgIQB3pdwzYjAfmJ/lT3+G8+ZDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN"
+  "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN"
+  "lcnZlciBDQTAeFw0xNjAxMjAwMDAwMDBaFw0xNzA0MDYxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybml"
+  "hMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII"
+  "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ"
+  "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh"
+  "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B"
+  "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICSTCCAkU"
+  "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK"
+  "CDnd3dy5naXRodWIuY29tggwqLmdpdGh1Yi5jb22CCmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV"
+  "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM"
+  "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3J"
+  "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb"
+  "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHU"
+  "wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQ"
+  "uY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQE"
+  "ATxbRdPg+o49+96/P+rbdp4ie+CGtfCgUubT/Z9C54k+BfQO0nbxVgCSM5WZQuLgo2Q+0lcxisod8zxZeU0j5wviQINwOln/iN89"
+  "Bx3VmDRynTe4CqhsAwOoO1ERmCAmsAJBwY/rNr4mK22p8erBrqMW0nYXYU5NFynI+pNTjojhKD4II8PNV8G2yMWwYOb/u4+WPzUA"
+  "HC9DpZdrWTEH/W69Cr/KxRqGsWPwpgMv2Wqav8jaT35JxqTXjOlhQqzo6fNn3eYOeCf4PkCxZKwckWjy10qDaRbjhwAMHAGj2TPr"
+  "idlvOj/7QyyX5m8up/1US8z1fRW4yoCSOt6V2bwuH6cAvAAMAAAAAAQEAAA==");
+
+  nsCOMPtr<nsISupports> cert;
+  nsresult rv = NS_DeserializeObject(base64Serialization, getter_AddRefs(cert));
+  ASSERT_EQ(NS_OK, rv);
+  ASSERT_TRUE(cert);
+}
diff --git a/security/manager/ssl/tests/gtest/MD4Test.cpp b/security/manager/ssl/tests/gtest/MD4Test.cpp
new file mode 100644
index 000000000..1b635a757
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/MD4Test.cpp
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This file tests the md4.c implementation.
+
+#include "gtest/gtest.h"
+#include "md4.h"
+#include "mozilla/Casting.h"
+#include "mozilla/PodOperations.h"
+
+struct RFC1320TestParams
+{
+  const char* data;
+  const uint8_t expectedHash[16];
+};
+
+static const RFC1320TestParams RFC1320_TEST_PARAMS[] =
+{
+  {
+    "",
+    { 0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
+      0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 }
+  },
+  {
+    "a",
+    { 0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
+      0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 }
+  },
+  {
+    "abc",
+    { 0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
+      0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d }
+  },
+  {
+    "message digest",
+    { 0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
+      0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b }
+  },
+  {
+    "abcdefghijklmnopqrstuvwxyz",
+    { 0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
+      0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 },
+  },
+  {
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+    { 0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
+      0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 },
+  },
+  {
+    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+    { 0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
+      0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 },
+  }
+};
+
+class psm_MD4
+  : public ::testing::Test
+  , public ::testing::WithParamInterface<RFC1320TestParams>
+{
+};
+
+TEST_P(psm_MD4, RFC1320TestValues)
+{
+  const RFC1320TestParams& params(GetParam());
+  uint8_t actualHash[16];
+  md4sum(mozilla::BitwiseCast<const uint8_t*, const char*>(params.data),
+         strlen(params.data), actualHash);
+  EXPECT_TRUE(mozilla::PodEqual(actualHash, params.expectedHash))
+    << "MD4 hashes aren't equal for input: '" << params.data << "'";
+}
+
+INSTANTIATE_TEST_CASE_P(psm_MD4, psm_MD4,
+                        testing::ValuesIn(RFC1320_TEST_PARAMS));
diff --git a/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
new file mode 100644
index 000000000..2b7dc946c
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
@@ -0,0 +1,337 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertVerifier.h"
+#include "OCSPCache.h"
+#include "gtest/gtest.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Sprintf.h"
+#include "nss.h"
+#include "pkix/pkixtypes.h"
+#include "pkixtestutil.h"
+#include "prerr.h"
+#include "secerr.h"
+
+using namespace mozilla::pkix;
+using namespace mozilla::pkix::test;
+
+using mozilla::NeckoOriginAttributes;
+
+template <size_t N>
+inline Input
+LiteralInput(const char(&valueString)[N])
+{
+  // Ideally we would use mozilla::BitwiseCast() here rather than
+  // reinterpret_cast for better type checking, but the |N - 1| part trips
+  // static asserts.
+  return Input(reinterpret_cast<const uint8_t(&)[N - 1]>(valueString));
+}
+
+const int MaxCacheEntries = 1024;
+
+class psm_OCSPCacheTest : public ::testing::Test
+{
+protected:
+  psm_OCSPCacheTest() : now(Now()) { }
+
+  static void SetUpTestCase()
+  {
+    NSS_NoDB_Init(nullptr);
+  }
+
+  const Time now;
+  mozilla::psm::OCSPCache cache;
+};
+
+static void
+PutAndGet(mozilla::psm::OCSPCache& cache, const CertID& certID, Result result,
+          Time time,
+          const NeckoOriginAttributes& originAttributes = NeckoOriginAttributes())
+{
+  // The first time is thisUpdate. The second is validUntil.
+  // The caller is expecting the validUntil returned with Get
+  // to be equal to the passed-in time. Since these values will
+  // be different in practice, make thisUpdate less than validUntil.
+  Time thisUpdate(time);
+  ASSERT_EQ(Success, thisUpdate.SubtractSeconds(10));
+  Result rv = cache.Put(certID, originAttributes, result, thisUpdate, time);
+  ASSERT_TRUE(rv == Success);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, originAttributes, resultOut, timeOut));
+  ASSERT_EQ(result, resultOut);
+  ASSERT_EQ(time, timeOut);
+}
+
+Input fakeIssuer1(LiteralInput("CN=issuer1"));
+Input fakeKey000(LiteralInput("key000"));
+Input fakeKey001(LiteralInput("key001"));
+Input fakeSerial0000(LiteralInput("0000"));
+
+TEST_F(psm_OCSPCacheTest, TestPutAndGet)
+{
+  Input fakeSerial000(LiteralInput("000"));
+  Input fakeSerial001(LiteralInput("001"));
+
+  SCOPED_TRACE("");
+  PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial001),
+            Success, now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial000),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestVariousGets)
+{
+  SCOPED_TRACE("");
+  for (int i = 0; i < MaxCacheEntries; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Success, timeIn);
+  }
+
+  Time timeIn(now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+
+  // This will be at the end of the list in the cache
+  CertID cert0000(fakeIssuer1, fakeKey000, fakeSerial0000);
+  ASSERT_TRUE(cache.Get(cert0000, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+  // Once we access it, it goes to the front
+  ASSERT_TRUE(cache.Get(cert0000, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+
+  // This will be in the middle
+  Time timeInPlus512(now);
+  ASSERT_EQ(Success, timeInPlus512.AddSeconds(512));
+
+  static const Input fakeSerial0512(LiteralInput("0512"));
+  CertID cert0512(fakeIssuer1, fakeKey000, fakeSerial0512);
+  ASSERT_TRUE(cache.Get(cert0512, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeInPlus512, timeOut);
+  ASSERT_TRUE(cache.Get(cert0512, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeInPlus512, timeOut);
+
+  // We've never seen this certificate
+  static const Input fakeSerial1111(LiteralInput("1111"));
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey000, fakeSerial1111),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestEviction)
+{
+  SCOPED_TRACE("");
+  // By putting more distinct entries in the cache than it can hold,
+  // we cause the least recently used entry to be evicted.
+  for (int i = 0; i < MaxCacheEntries + 1; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Success, timeIn);
+  }
+
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial0000),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestNoEvictionForRevokedResponses)
+{
+  SCOPED_TRACE("");
+  CertID notEvicted(fakeIssuer1, fakeKey000, fakeSerial0000);
+  Time timeIn(now);
+  PutAndGet(cache, notEvicted, Result::ERROR_REVOKED_CERTIFICATE, timeIn);
+  // By putting more distinct entries in the cache than it can hold,
+  // we cause the least recently used entry that isn't revoked to be evicted.
+  for (int i = 1; i < MaxCacheEntries + 1; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Success, timeIn);
+  }
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(notEvicted, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+
+  Input fakeSerial0001(LiteralInput("0001"));
+  CertID evicted(fakeIssuer1, fakeKey000, fakeSerial0001);
+  ASSERT_FALSE(cache.Get(evicted, NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestEverythingIsRevoked)
+{
+  SCOPED_TRACE("");
+  Time timeIn(now);
+  // Fill up the cache with revoked responses.
+  for (int i = 0; i < MaxCacheEntries; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Result::ERROR_REVOKED_CERTIFICATE, timeIn);
+  }
+  static const Input fakeSerial1025(LiteralInput("1025"));
+  CertID good(fakeIssuer1, fakeKey000, fakeSerial1025);
+  // This will "succeed", allowing verification to continue. However,
+  // nothing was actually put in the cache.
+  Time timeInPlus1025(timeIn);
+  ASSERT_EQ(Success, timeInPlus1025.AddSeconds(1025));
+  Time timeInPlus1025Minus50(timeInPlus1025);
+  ASSERT_EQ(Success, timeInPlus1025Minus50.SubtractSeconds(50));
+  Result result = cache.Put(good, NeckoOriginAttributes(), Success, timeInPlus1025Minus50,
+                            timeInPlus1025);
+  ASSERT_EQ(Success, result);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(good, NeckoOriginAttributes(), resultOut, timeOut));
+
+  static const Input fakeSerial1026(LiteralInput("1026"));
+  CertID revoked(fakeIssuer1, fakeKey000, fakeSerial1026);
+  // This will fail, causing verification to fail.
+  Time timeInPlus1026(timeIn);
+  ASSERT_EQ(Success, timeInPlus1026.AddSeconds(1026));
+  Time timeInPlus1026Minus50(timeInPlus1026);
+  ASSERT_EQ(Success, timeInPlus1026Minus50.SubtractSeconds(50));
+  result = cache.Put(revoked, NeckoOriginAttributes(), Result::ERROR_REVOKED_CERTIFICATE,
+                     timeInPlus1026Minus50, timeInPlus1026);
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, result);
+}
+
+TEST_F(psm_OCSPCacheTest, VariousIssuers)
+{
+  SCOPED_TRACE("");
+  Time timeIn(now);
+  static const Input fakeIssuer2(LiteralInput("CN=issuer2"));
+  static const Input fakeSerial001(LiteralInput("001"));
+  CertID subject(fakeIssuer1, fakeKey000, fakeSerial001);
+  PutAndGet(cache, subject, Success, now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(subject, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+  // Test that we don't match a different issuer DN
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer2, fakeKey000, fakeSerial001),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+  // Test that we don't match a different issuer key
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial001),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, Times)
+{
+  SCOPED_TRACE("");
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+  PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT,
+            TimeFromElapsedSecondsAD(100));
+  PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200));
+  // This should not override the more recent entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_OCSP_UNKNOWN_CERT,
+                      TimeFromElapsedSecondsAD(100),
+                      TimeFromElapsedSecondsAD(100)));
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  // Here we see the more recent time.
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut);
+
+  // Result::ERROR_REVOKED_CERTIFICATE overrides everything
+  PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE,
+            TimeFromElapsedSecondsAD(50));
+}
+
+TEST_F(psm_OCSPCacheTest, NetworkFailure)
+{
+  SCOPED_TRACE("");
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+  PutAndGet(cache, certID, Result::ERROR_CONNECT_REFUSED,
+            TimeFromElapsedSecondsAD(100));
+  PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200));
+  // This should not override the already present entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                      TimeFromElapsedSecondsAD(300),
+                      TimeFromElapsedSecondsAD(350)));
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut);
+
+  PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT,
+            TimeFromElapsedSecondsAD(400));
+  // This should not override the already present entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                      TimeFromElapsedSecondsAD(500),
+                      TimeFromElapsedSecondsAD(550)));
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_OCSP_UNKNOWN_CERT, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(400), timeOut);
+
+  PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE,
+            TimeFromElapsedSecondsAD(600));
+  // This should not override the already present entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                      TimeFromElapsedSecondsAD(700),
+                      TimeFromElapsedSecondsAD(750)));
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(600), timeOut);
+}
+
+TEST_F(psm_OCSPCacheTest, TestOriginAttributes)
+{
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+
+  SCOPED_TRACE("");
+  NeckoOriginAttributes attrs;
+  attrs.mFirstPartyDomain.AssignLiteral("foo.com");
+  PutAndGet(cache, certID, Success, now, attrs);
+
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  attrs.mFirstPartyDomain.AssignLiteral("bar.com");
+  ASSERT_FALSE(cache.Get(certID, attrs, resultOut, timeOut));
+
+  // OCSP cache should not be isolated by containers.
+  attrs.mUserContextId = 1;
+  attrs.mFirstPartyDomain.AssignLiteral("foo.com");
+  ASSERT_TRUE(cache.Get(certID, attrs, resultOut, timeOut));
+}
diff --git a/security/manager/ssl/tests/gtest/README.txt b/security/manager/ssl/tests/gtest/README.txt
new file mode 100644
index 000000000..0e5132269
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/README.txt
@@ -0,0 +1,2 @@
+Please name all test cases in this directory with the prefix "psm". This makes
+it easier to run all PSM related GTests at once.
diff --git a/security/manager/ssl/tests/gtest/STSParserTest.cpp b/security/manager/ssl/tests/gtest/STSParserTest.cpp
new file mode 100644
index 000000000..bedf57fea
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/STSParserTest.cpp
@@ -0,0 +1,144 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+#include "nsNetUtil.h"
+#include "nsISiteSecurityService.h"
+#include "nsIURI.h"
+
+void
+TestSuccess(const char* hdr, bool extraTokens,
+            uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
+            nsISiteSecurityService* sss)
+{
+  nsCOMPtr<nsIURI> dummyUri;
+  nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
+  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
+
+  uint64_t maxAge = 0;
+  bool includeSubdomains = false;
+  rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+                                hdr, 0, &maxAge, &includeSubdomains, nullptr);
+  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr;
+
+  ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge";
+  EXPECT_EQ(includeSubdomains, expectedIncludeSubdomains) <<
+    "Did not correctly parse presence/absence of includeSubdomains";
+
+  if (extraTokens) {
+    EXPECT_EQ(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA) <<
+      "Extra tokens were expected when parsing, but were not encountered.";
+  } else {
+    EXPECT_EQ(rv, NS_OK) << "Unexpected tokens found during parsing.";
+  }
+
+  printf("%s\n", hdr);
+}
+
+void TestFailure(const char* hdr,
+                 nsISiteSecurityService* sss)
+{
+  nsCOMPtr<nsIURI> dummyUri;
+  nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
+  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
+
+  rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+                                hdr, 0, nullptr, nullptr, nullptr);
+  ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr;
+
+  printf("%s\n", hdr);
+}
+
+TEST(psm_STSParser, Test)
+{
+    nsresult rv;
+
+    // grab handle to the service
+    nsCOMPtr<nsISiteSecurityService> sss;
+    sss = do_GetService("@mozilla.org/ssservice;1", &rv);
+    ASSERT_TRUE(NS_SUCCEEDED(rv));
+
+    // *** parsing tests
+    printf("*** Attempting to parse valid STS headers ...\n");
+
+    // SHOULD SUCCEED:
+    TestSuccess("max-age=100", false, 100, false, sss);
+    TestSuccess("max-age  =100", false, 100, false, sss);
+    TestSuccess(" max-age=100", false, 100, false, sss);
+    TestSuccess("max-age = 100 ", false, 100, false, sss);
+    TestSuccess("max-age = \"100\" ", false, 100, false, sss);
+    TestSuccess("max-age=\"100\"", false, 100, false, sss);
+    TestSuccess(" max-age =\"100\" ", false, 100, false, sss);
+    TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss);
+    TestSuccess("max-age  =       100             ", false, 100, false, sss);
+
+    TestSuccess("maX-aGe=100", false, 100, false, sss);
+    TestSuccess("MAX-age  =100", false, 100, false, sss);
+    TestSuccess("max-AGE=100", false, 100, false, sss);
+    TestSuccess("Max-Age = 100 ", false, 100, false, sss);
+    TestSuccess("MAX-AGE = 100 ", false, 100, false, sss);
+
+    TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss);
+    TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss);
+    TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss);
+    TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss);
+    TestSuccess("max-age  =       100             ; includeSubdomains",
+                false, 100, true, sss);
+
+    TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss);
+    TestSuccess("MAX-age  =100; includeSubDomains", false, 100, true, sss);
+    TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss);
+    TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss);
+    TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss);
+    // Turns out, the actual directive is entirely optional (hence the
+    // trailing semicolon)
+    TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss);
+
+    // these are weird tests, but are testing that some extended syntax is
+    // still allowed (but it is ignored)
+    TestSuccess("max-age=100 ; includesubdomainsSomeStuff",
+                true, 100, false, sss);
+    TestSuccess("\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103"
+                "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t",
+                true, 34520103, true, sss);
+    TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"",
+                true, 100, false, sss);
+
+    // SHOULD FAIL:
+    printf("* Attempting to parse invalid STS headers (should not parse)...\n");
+    // invalid max-ages
+    TestFailure("max-age", sss);
+    TestFailure("max-age ", sss);
+    TestFailure("max-age=p", sss);
+    TestFailure("max-age=*1p2", sss);
+    TestFailure("max-age=.20032", sss);
+    TestFailure("max-age=!20032", sss);
+    TestFailure("max-age==20032", sss);
+
+    // invalid headers
+    TestFailure("foobar", sss);
+    TestFailure("maxage=100", sss);
+    TestFailure("maxa-ge=100", sss);
+    TestFailure("max-ag=100", sss);
+    TestFailure("includesubdomains", sss);
+    TestFailure(";", sss);
+    TestFailure("max-age=\"100", sss);
+    // The max-age directive here doesn't conform to the spec, so it MUST
+    // be ignored. Consequently, the REQUIRED max-age directive is not
+    // present in this header, and so it is invalid.
+    TestFailure("max-age=100, max-age=200; includeSubdomains", sss);
+    TestFailure("max-age=100 includesubdomains", sss);
+    TestFailure("max-age=100 bar foo", sss);
+    TestFailure("max-age=100randomstuffhere", sss);
+    // All directives MUST appear only once in an STS header field.
+    TestFailure("max-age=100; max-age=200", sss);
+    TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss);
+    TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss);
+    // The includeSubdomains directive is valueless.
+    TestFailure("max-age=100; includeSubdomains=unexpected", sss);
+    // LWS must have at least one space or horizontal tab
+    TestFailure("\r\nmax-age=200", sss);
+}
diff --git a/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
new file mode 100644
index 000000000..65f5257fb
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
@@ -0,0 +1,568 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSIOLayer.h"
+#include "sslproto.h"
+#include "sslerr.h"
+
+#include "gtest/gtest.h"
+
+NS_NAMED_LITERAL_CSTRING(HOST, "example.org");
+const int16_t PORT = 443;
+
+class psm_TLSIntoleranceTest : public ::testing::Test
+{
+protected:
+  nsSSLIOLayerHelpers helpers;
+};
+
+TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess)
+{
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, helpers.mVersionFallbackLimit);
+
+  // No adjustment made when there is no entry for the site.
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+
+    ASSERT_TRUE(
+      helpers.rememberStrongCiphersFailed(
+        HOST, PORT, SSL_ERROR_NO_CYPHER_OVERLAP));
+    ASSERT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP,
+              helpers.getIntoleranceReason(HOST, PORT));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+    ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                     range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    // When rememberIntolerantAtVersion returns false, it also resets the
+    // intolerance information for the server.
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, DisableFallbackWithHighLimit)
+{
+  // this value disables version fallback entirely: with this value, all efforts
+  // to mark an origin as version intolerant fail
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_2,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, FallbackLimitBelowMin)
+{
+  // check that we still respect the minimum version,
+  // when it is higher than the fallback limit
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                  SSL_LIBRARY_VERSION_TLS_1_1,
+                                                  SSL_LIBRARY_VERSION_TLS_1_2,
+                                                  0));
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant1)
+{
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                  SSL_LIBRARY_VERSION_TLS_1_0,
+                                                  SSL_LIBRARY_VERSION_TLS_1_1,
+                                                  0));
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant2)
+{
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                  SSL_LIBRARY_VERSION_TLS_1_0,
+                                                  SSL_LIBRARY_VERSION_TLS_1_1,
+                                                  0));
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2);
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntolerantDoesNotOverrideTolerant)
+{
+  // No adjustment made when there is no entry for the site.
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  // false because we reached the floor set by rememberTolerantAtVersion.
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, PortIsRelevant)
+{
+  helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_2,
+                                                   0));
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2,
+                                                  SSL_LIBRARY_VERSION_TLS_1_0,
+                                                  SSL_LIBRARY_VERSION_TLS_1_2,
+                                                  0));
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, 1, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, 2, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonInitial)
+{
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberTolerantAtVersion(HOST, 2, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 2));
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonStored)
+{
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_2,
+                                      SSL_ERROR_BAD_SERVER);
+  ASSERT_EQ(SSL_ERROR_BAD_SERVER, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_1,
+                                      SSL_ERROR_BAD_MAC_READ);
+  ASSERT_EQ(SSL_ERROR_BAD_MAC_READ, helpers.getIntoleranceReason(HOST, 1));
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonCleared)
+{
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_2,
+                                      SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+  ASSERT_EQ(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT,
+            helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+}
+
+TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailed)
+{
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_1;
+
+  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                     range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    // When rememberIntolerantAtVersion returns false, it also resets the
+    // intolerance information for the server.
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedAt1_1)
+{
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0;
+
+  // No adjustment made when there is no entry for the site.
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedWithHighLimit)
+{
+  // this value disables version fallback entirely: with this value, all efforts
+  // to mark an origin as version intolerant fail
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+  // ...but weak ciphers fallback will not be disabled
+  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_2,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantDoesNotOverrideWeakCiphersFallback)
+{
+  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  // No adjustment made when intolerant is zero.
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, WeakCiphersFallbackDoesNotOverrideTolerant)
+{
+  // No adjustment made when there is no entry for the site.
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  // false because strongCipherWorked is set by rememberTolerantAtVersion.
+  ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance)
+{
+  {
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    SSL_LIBRARY_VERSION_TLS_1_0,
+                                                    SSL_LIBRARY_VERSION_TLS_1_2,
+                                                    0));
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSForgetStrongCipherFailed)
+{
+  {
+    ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance)
+{
+  {
+    helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+  }
+
+  {
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    SSL_LIBRARY_VERSION_TLS_1_0,
+                                                    SSL_LIBRARY_VERSION_TLS_1_2,
+                                                    0));
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSPerSiteFallbackLimit)
+{
+  NS_NAMED_LITERAL_CSTRING(example_com, "example.com");
+  NS_NAMED_LITERAL_CSTRING(example_net, "example.net");
+  NS_NAMED_LITERAL_CSTRING(example_org, "example.org");
+
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0;
+
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(example_com);
+
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(NS_LITERAL_CSTRING("example.com,example.net"));
+
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(example_net);
+
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(EmptyCString());
+
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+}
diff --git a/security/manager/ssl/tests/gtest/moz.build b/security/manager/ssl/tests/gtest/moz.build
new file mode 100644
index 000000000..735ab2971
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/moz.build
@@ -0,0 +1,29 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SOURCES += [
+    'CertDBTest.cpp',
+    'DataStorageTest.cpp',
+    'DeserializeCertTest.cpp',
+    'MD4Test.cpp',
+    'OCSPCacheTest.cpp',
+    'STSParserTest.cpp',
+    'TLSIntoleranceTest.cpp',
+]
+
+LOCAL_INCLUDES += [
+    '/security/certverifier',
+    '/security/manager/ssl',
+    '/security/pkix/include',
+    '/security/pkix/test/lib',
+]
+
+include('/ipc/chromium/chromium-config.mozbuild')
+
+FINAL_LIBRARY = 'xul-gtest'
+
+if CONFIG['GNU_CXX']:
+    CXXFLAGS += ['-Wno-error=shadow']
diff --git a/security/manager/ssl/tests/mochitest/browser/.eslintrc.js b/security/manager/ssl/tests/mochitest/browser/.eslintrc.js
new file mode 100644
index 000000000..c15988365
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/.eslintrc.js
@@ -0,0 +1,5 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "extends": "../../../../../../testing/mochitest/browser.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/mochitest/browser/browser.ini b/security/manager/ssl/tests/mochitest/browser/browser.ini
new file mode 100644
index 000000000..3c91ceb80
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser.ini
@@ -0,0 +1,18 @@
+[DEFAULT]
+tags = psm
+support-files =
+  head.js
+  *.pem
+
+[browser_bug627234_perwindowpb.js]
+[browser_certificateManagerLeak.js]
+[browser_certViewer.js]
+[browser_clientAuth_connection.js]
+[browser_clientAuth_ui.js]
+[browser_deleteCert_ui.js]
+[browser_downloadCert_ui.js]
+[browser_editCACertTrust.js]
+# An earlier attempt at landing this test resulted in frequent intermittent
+# failures, almost entirely on Linux. See Bug 1309519.
+skip-if = os == "linux"
+[browser_exportP12_passwordUI.js]
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
new file mode 100644
index 000000000..081521ca9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
@@ -0,0 +1,102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+var FakeSSLStatus = function() {
+};
+
+FakeSSLStatus.prototype = {
+  serverCert: null,
+  cipherName: null,
+  keyLength: 2048,
+  isDomainMismatch: false,
+  isNotValidAtThisTime: false,
+  isUntrusted: false,
+  isExtendedValidation: false,
+  getInterface: function(aIID) {
+    return this.QueryInterface(aIID);
+  },
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Ci.nsISSLStatus) ||
+        aIID.equals(Ci.nsISupports)) {
+      return this;
+    }
+    throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+  },
+};
+
+function whenNewWindowLoaded(aOptions, aCallback) {
+  let win = OpenBrowserWindow(aOptions);
+  win.addEventListener("load", function onLoad() {
+    win.removeEventListener("load", onLoad, false);
+    aCallback(win);
+  }, false);
+}
+
+// This is a template to help porting global private browsing tests
+// to per-window private browsing tests
+function test() {
+  // initialization
+  waitForExplicitFinish();
+  let windowsToClose = [];
+  let testURI = "about:blank";
+  let uri;
+  let gSSService = Cc["@mozilla.org/ssservice;1"].
+                   getService(Ci.nsISiteSecurityService);
+
+  function privacyFlags(aIsPrivateMode) {
+    return aIsPrivateMode ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
+  }
+
+  function doTest(aIsPrivateMode, aWindow, aCallback) {
+    aWindow.gBrowser.selectedBrowser.addEventListener("load", function onLoad() {
+      aWindow.gBrowser.selectedBrowser.removeEventListener("load", onLoad, true);
+      let sslStatus = new FakeSSLStatus();
+      uri = aWindow.Services.io.newURI("https://localhost/img.png", null, null);
+      gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                               "max-age=1000", sslStatus, privacyFlags(aIsPrivateMode));
+      ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "localhost", privacyFlags(aIsPrivateMode)), "checking sts host");
+
+      aCallback();
+    }, true);
+
+    aWindow.gBrowser.selectedBrowser.loadURI(testURI);
+  }
+
+  function testOnWindow(aOptions, aCallback) {
+    whenNewWindowLoaded(aOptions, function(aWin) {
+      windowsToClose.push(aWin);
+      // execute should only be called when need, like when you are opening
+      // web pages on the test. If calling executeSoon() is not necesary, then
+      // call whenNewWindowLoaded() instead of testOnWindow() on your test.
+      executeSoon(function() { aCallback(aWin); });
+    });
+  }
+
+   // this function is called after calling finish() on the test.
+  registerCleanupFunction(function() {
+    windowsToClose.forEach(function(aWin) {
+      aWin.close();
+    });
+    uri = Services.io.newURI("http://localhost", null, null);
+    gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+  });
+
+  // test first when on private mode
+  testOnWindow({private: true}, function(aWin) {
+    doTest(true, aWin, function() {
+      //test when not on private mode
+      testOnWindow({}, function(aWin) {
+        doTest(false, aWin, function() {
+          //test again when on private mode
+          testOnWindow({private: true}, function(aWin) {
+            doTest(true, aWin, function () {
+              finish();
+            });
+          });
+        });
+      });
+    });
+  });
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
new file mode 100644
index 000000000..d75f9f207
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@@ -0,0 +1,224 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Repeatedly opens the certificate viewer dialog with various certificates and
+// determines that the viewer correctly identifies either what usages those
+// certificates are valid for or what errors prevented the certificates from
+// being verified.
+
+var { OS } = Cu.import("resource://gre/modules/osfile.jsm", {});
+
+add_task(function* testCAandTitle() {
+  let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["SSL Certificate Authority"]);
+
+  // There's no real need to test the title for every cert, so we just test it
+  // once here.
+  Assert.equal(win.document.title, "Certificate Viewer: \u201Cca\u201D",
+               "Actual and expected title should match");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testSSLEndEntity() {
+  let cert = yield readCertificate("ssl-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["SSL Server Certificate", "SSL Client Certificate"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testEmailEndEntity() {
+  let cert = yield readCertificate("email-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testCodeSignEndEntity() {
+  let cert = yield readCertificate("code-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["Object Signer"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testExpired() {
+  let cert = yield readCertificate("expired-ca.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win, "Could not verify this certificate because it has expired.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testIssuerExpired() {
+  let cert = yield readCertificate("ee-from-expired-ca.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because the CA certificate " +
+             "is invalid.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testUnknownIssuer() {
+  let cert = yield readCertificate("unknown-issuer.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because the issuer is " +
+             "unknown.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testInsecureAlgo() {
+  let cert = yield readCertificate("md5-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because it was signed using " +
+             "a signature algorithm that was disabled because that algorithm " +
+             "is not secure.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testUntrusted() {
+  let cert = yield readCertificate("untrusted-ca.pem", "p,p,p");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because it is not trusted.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testUntrustedIssuer() {
+  let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because the issuer is not " +
+             "trusted.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testRevoked() {
+  // Note that there's currently no way to un-do this. This should only be a
+  // problem if another test re-uses a certificate with this same key (perhaps
+  // likely) and subject (less likely).
+  let certBlocklist = Cc["@mozilla.org/security/certblocklist;1"]
+                        .getService(Ci.nsICertBlocklist);
+  certBlocklist.revokeCertBySubjectAndPubKey(
+    "MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
+    "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="); // hash of the shared key
+  let cert = yield readCertificate("revoked.pem", ",,");
+  let win = yield displayCertificate(cert);
+  // As of bug 1312827, OneCRL only applies to TLS web server certificates, so
+  // this certificate will actually verify successfully for every end-entity
+  // usage except TLS web server.
+  checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate",
+                    "Object Signer", "SSL Client Certificate"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testInvalid() {
+  // This certificate has a keyUsage extension asserting cRLSign and
+  // keyCertSign, but it doesn't have a basicConstraints extension. This
+  // shouldn't be valid for any usage. Sadly, we give a pretty lame error
+  // message in this case.
+  let cert = yield readCertificate("invalid.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win, "Could not verify this certificate for unknown reasons.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * Given a certificate, returns a promise that will resolve when the certificate
+ * viewer has opened is displaying that certificate, and has finished
+ * determining its valid usages.
+ *
+ * @param {nsIX509Cert} certificate
+ *        The certificate to view and determine usages for.
+ * @return {Promise}
+ *         A promise that will resolve with a handle on the opened certificate
+ *         viewer window when the usages have been determined.
+ */
+function displayCertificate(certificate) {
+  let win = window.openDialog("chrome://pippki/content/certViewer.xul", "",
+                              "", certificate);
+  return TestUtils.topicObserved("ViewCertDetails:CertUsagesDone",
+                                 (subject, data) => subject == win)
+  .then(([subject, data]) => subject, error => { throw error; });
+}
+
+/**
+ * Given a certificate viewer window, finds the usages the certificate is valid
+ * for.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @return {String[]}
+ *         An array of strings describing the usages the certificate is valid
+ *         for.
+ */
+function getUsages(win) {
+  let determinedUsages = [];
+  let verifyInfoBox = win.document.getElementById("verify_info_box");
+  Array.from(verifyInfoBox.children).forEach(child => {
+    if (child.getAttribute("hidden") != "true" &&
+        child.getAttribute("id") != "verified") {
+      determinedUsages.push(child.getAttribute("value"));
+    }
+  });
+  return determinedUsages.sort();
+}
+
+/**
+ * Given a certificate viewer window, returns the error string describing a
+ * failure encountered when determining the certificate's usages. It will be
+ * "This certificate has been verified for the following uses:" when the
+ * certificate has successfully verified for at least one usage.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @return {String}
+ *         A string describing the error encountered, or the success message if
+ *         the certificate is valid for at least one usage.
+ */
+function getError(win) {
+  return win.document.getElementById("verified").textContent;
+}
+
+/**
+ * Given a certificate viewer window and an array of expected usage
+ * descriptions, verifies that the window is actually showing that the
+ * certificate has validated for those usages.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @param {String[]} usages
+ *        An array of expected usage descriptions.
+ */
+function checkUsages(win, usages) {
+  Assert.equal(getError(win),
+               "This certificate has been verified for the following uses:",
+               "should have successful verification message");
+  let determinedUsages = getUsages(win);
+  usages.sort();
+  Assert.equal(determinedUsages.length, usages.length,
+               "number of usages as determined by cert viewer should be equal");
+  while (usages.length > 0) {
+    Assert.equal(determinedUsages.pop(), usages.pop(),
+                 "usages as determined by cert viewer should be equal");
+  }
+}
+
+/**
+ * Given a certificate viewer window and an expected error, verifies that the
+ * window is actually showing that error.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @param {String} error
+ *        The expected error message.
+ */
+function checkError(win, error) {
+  let determinedUsages = getUsages(win);
+  Assert.equal(determinedUsages.length, 0,
+               "should not have any successful usages in error case");
+  Assert.equal(getError(win), error,
+               "determined error should be the same as expected error");
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js b/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js
new file mode 100644
index 000000000..d1db319d0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js
@@ -0,0 +1,32 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+var gBugWindow;
+
+function onLoad() {
+  gBugWindow.removeEventListener("load", onLoad);
+  gBugWindow.addEventListener("unload", onUnload);
+  gBugWindow.close();
+}
+
+function onUnload() {
+  gBugWindow.removeEventListener("unload", onUnload);
+  window.focus();
+  finish();
+}
+
+// This test opens and then closes the certificate manager to test that it
+// does not leak. The test harness keeps track of and reports leaks, so
+// there are no actual checks here.
+function test() {
+  waitForExplicitFinish();
+
+  // This test relies on the test timing out in order to indicate failure so
+  // let's add a dummy pass.
+  ok(true, "Each test requires at least one pass, fail or todo so here is a pass.");
+
+  gBugWindow = window.openDialog("chrome://pippki/content/certManager.xul");
+  gBugWindow.addEventListener("load", onLoad);
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
new file mode 100644
index 000000000..6362fd34d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
@@ -0,0 +1,135 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various scenarios connecting to a server that requires client cert
+// authentication. Also tests that nsIClientAuthDialogs.chooseCertificate
+// is called at the appropriate times and with the correct arguments.
+
+const { MockRegistrar } =
+  Cu.import("resource://testing-common/MockRegistrar.jsm", {});
+
+const DialogState = {
+  // Assert that chooseCertificate() is never called.
+  ASSERT_NOT_CALLED: "ASSERT_NOT_CALLED",
+  // Return that the user selected the first given cert.
+  RETURN_CERT_SELECTED: "RETURN_CERT_SELECTED",
+  // Return that the user canceled.
+  RETURN_CERT_NOT_SELECTED: "RETURN_CERT_NOT_SELECTED",
+};
+
+let sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing);
+
+// Mock implementation of nsIClientAuthDialogs.
+const gClientAuthDialogs = {
+  _state: DialogState.ASSERT_NOT_CALLED,
+
+  set state(newState) {
+    info(`old state: ${this._state}`);
+    this._state = newState;
+    info(`new state: ${this._state}`);
+  },
+
+  get state() {
+    return this._state;
+  },
+
+  chooseCertificate(ctx, hostname, port, organization, issuerOrg, certList,
+                    selectedIndex) {
+    Assert.notEqual(this.state, DialogState.ASSERT_NOT_CALLED,
+                    "chooseCertificate() should be called only when expected");
+
+    let caud = ctx.QueryInterface(Ci.nsIClientAuthUserDecision);
+    Assert.notEqual(caud, null,
+                    "nsIClientAuthUserDecision should be queryable from the " +
+                    "given context");
+    caud.rememberClientAuthCertificate = false;
+
+    Assert.equal(hostname, "requireclientcert.example.com",
+                 "Hostname should be 'requireclientcert.example.com'");
+    Assert.equal(port, 443, "Port should be 443");
+    Assert.equal(organization, "",
+                 "Server cert Organization should be empty/not present");
+    Assert.equal(issuerOrg, "Mozilla Testing",
+                 "Server cert issuer Organization should be 'Mozilla Testing'");
+
+    // For mochitests, only the cert at build/pgo/certs/mochitest.client should
+    // be selectable, so we do some brief checks to confirm this.
+    Assert.notEqual(certList, null, "Cert list should not be null");
+    Assert.equal(certList.length, 1, "Only 1 certificate should be available");
+    let cert = certList.queryElementAt(0, Ci.nsIX509Cert);
+    Assert.notEqual(cert, null, "Cert list should contain an nsIX509Cert");
+    Assert.equal(cert.commonName, "Mochitest client",
+                 "Cert CN should be 'Mochitest client'");
+
+    if (this.state == DialogState.RETURN_CERT_SELECTED) {
+      selectedIndex.value = 0;
+      return true;
+    }
+    return false;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIClientAuthDialogs])
+};
+
+add_task(function* setup() {
+  let clientAuthDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsClientAuthDialogs;1",
+                           gClientAuthDialogs);
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(clientAuthDialogsCID);
+  });
+});
+
+/**
+ * Test helper for the tests below.
+ *
+ * @param {String} prefValue
+ *        Value to set the "security.default_personal_cert" pref to.
+ * @param {String} expectedURL
+ *        If the connection is expected to load successfully, the URL that
+ *        should load. If the connection is expected to fail and result in an
+ *        error page, |undefined|.
+ */
+function* testHelper(prefValue, expectedURL) {
+  yield SpecialPowers.pushPrefEnv({"set": [
+    ["security.default_personal_cert", prefValue],
+  ]});
+
+  yield BrowserTestUtils.loadURI(gBrowser.selectedBrowser,
+                                 "https://requireclientcert.example.com:443");
+
+  // |loadedURL| will be a string URL if browserLoaded() wins the race, or
+  // |undefined| if waitForErrorPage() wins the race.
+  let loadedURL = yield Promise.race([
+    BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser),
+    BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser),
+  ]);
+  Assert.equal(expectedURL, loadedURL, "Expected and actual URLs should match");
+
+  // Ensure previously successful connections don't influence future tests.
+  sdr.logoutAndTeardown();
+}
+
+// Test that if a certificate is chosen automatically the connection succeeds,
+// and that nsIClientAuthDialogs.chooseCertificate() is never called.
+add_task(function* testCertChosenAutomatically() {
+  gClientAuthDialogs.state = DialogState.ASSERT_NOT_CALLED;
+  yield* testHelper("Select Automatically",
+                    "https://requireclientcert.example.com/");
+});
+
+// Test that if the user doesn't choose a certificate, the connection fails and
+// an error page is displayed.
+add_task(function* testCertNotChosenByUser() {
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_NOT_SELECTED;
+  yield* testHelper("Ask Every Time", undefined);
+});
+
+// Test that if the user chooses a certificate the connection suceeeds.
+add_task(function* testCertChosenByUser() {
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_SELECTED;
+  yield* testHelper("Ask Every Time",
+                    "https://requireclientcert.example.com/");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
new file mode 100644
index 000000000..bf4f179c0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
@@ -0,0 +1,137 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the client authentication certificate chooser correctly displays
+// provided information and correctly returns user input.
+
+const TEST_HOSTNAME = "Test Hostname";
+const TEST_ORG = "Test Org";
+const TEST_ISSUER_ORG = "Test Issuer Org";
+const TEST_PORT = 123;
+
+var certDB = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+/**
+ * Test certificate (i.e. build/pgo/certs/mochitest.client).
+ * @type nsIX509Cert
+ */
+var cert;
+
+/**
+ * Opens the client auth cert chooser dialog.
+ *
+ * @param {nsIX509Cert} cert The cert to pass to the dialog for display.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openClientAuthDialog(cert) {
+  let certList = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
+  certList.appendElement(cert, false);
+
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
+                     .createInstance(Ci.nsIWritablePropertyBag2);
+  let win = window.openDialog("chrome://pippki/content/clientauthask.xul", "",
+                              "", TEST_HOSTNAME, TEST_ORG, TEST_ISSUER_ORG,
+                              TEST_PORT, certList, returnVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, returnVals]);
+    });
+  });
+}
+
+/**
+ * Checks that the contents of the given cert chooser dialog match the details
+ * of build/pgo/certs/mochitest.client.
+ *
+ * @param {window} win The cert chooser window.
+ * @param {String} notBefore
+ *        The notBeforeLocalTime attribute of mochitest.client.
+ * @param {String} notAfter
+ *        The notAfterLocalTime attribute of mochitest.client.
+ */
+function checkDialogContents(win, notBefore, notAfter) {
+  Assert.equal(win.document.getElementById("hostname").textContent,
+               `${TEST_HOSTNAME}:${TEST_PORT}`,
+               "Actual and expected hostname and port should be equal");
+  // “ and ” don't seem to work when embedded in the following literals, which
+  // is why escape codes are used instead.
+  Assert.equal(win.document.getElementById("organization").textContent,
+               `Organization: \u201C${TEST_ORG}\u201D`,
+               "Actual and expected organization should be equal");
+  Assert.equal(win.document.getElementById("issuer").textContent,
+               `Issued Under: \u201C${TEST_ISSUER_ORG}\u201D`,
+               "Actual and expected issuer organization should be equal");
+
+  Assert.equal(win.document.getElementById("nicknames").label,
+               "test client certificate [03]",
+               "Actual and expected selected cert nickname and serial should " +
+               "be equal");
+
+  let [subject, serialNum, validity, issuer, tokenName] =
+    win.document.getElementById("details").value.split("\n");
+  Assert.equal(subject, "Issued to: CN=Mochitest client",
+               "Actual and expected subject should be equal");
+  Assert.equal(serialNum, "Serial number: 03",
+               "Actual and expected serial number should be equal");
+  Assert.equal(validity, `Valid from ${notBefore} to ${notAfter}`,
+               "Actual and expected validity should be equal");
+  Assert.equal(issuer,
+               "Issued by: CN=Temporary Certificate Authority,O=Mozilla " +
+               "Testing,OU=Profile Guided Optimization",
+               "Actual and expected issuer should be equal");
+  Assert.equal(tokenName, "Stored on: Software Security Device",
+               "Actual and expected token name should be equal");
+}
+
+add_task(function* setup() {
+  cert = certDB.findCertByNickname("test client certificate");
+  Assert.notEqual(cert, null, "Should be able to find the test client cert");
+});
+
+// Test that the contents of the dialog correspond to the details of the
+// provided cert.
+add_task(function* testContents() {
+  let [win, retVals] = yield openClientAuthDialog(cert);
+  checkDialogContents(win, cert.validity.notBeforeLocalTime,
+                      cert.validity.notAfterLocalTime);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openClientAuthDialog(cert);
+  win.document.getElementById("rememberBox").checked = true;
+  info("Accepting dialog");
+  win.document.getElementById("certAuthAsk").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.get("certChosen"),
+            "Return value should signal user chose a certificate");
+  Assert.equal(retVals.get("selectedIndex"), 0,
+               "0 should be returned as the selected index");
+  Assert.ok(retVals.get("rememberSelection"),
+            "Return value should signal 'Remember this decision' checkbox was" +
+            "checked");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openClientAuthDialog(cert);
+  win.document.getElementById("rememberBox").checked = false;
+  info("Canceling dialog");
+  win.document.getElementById("certAuthAsk").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.get("certChosen"),
+            "Return value should signal user did not choose a certificate");
+  Assert.ok(!retVals.get("rememberSelection"),
+            "Return value should signal 'Remember this decision' checkbox was" +
+            "unchecked");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
new file mode 100644
index 000000000..b0ac8f95c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
@@ -0,0 +1,215 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various aspects of the cert delete confirmation dialog.
+// Among other things, tests that for each type of cert that can be deleted:
+// 1. The various lines of explanation text are correctly set.
+// 2. The implementation correctly falls back through multiple cert attributes
+//    to determine what to display to represent a cert.
+
+/**
+ * An array of tree items corresponding to TEST_CASES.
+ * @type nsICertTreeItem[]
+ */
+var gCertArray = [];
+
+const FAKE_HOST_PORT = "Fake host and port";
+
+/**
+ * @typedef {TestCase}
+ * @type Object
+ * @property {String} certFilename
+ *           Filename of the cert, or null if we don't want to import a cert for
+ *           this test case (i.e. we expect the hostPort attribute of
+ *           nsICertTreeItem to be used).
+ * @property {String} expectedDisplayString
+ *           The string we expect the UI to display to represent the given cert.
+ */
+
+/**
+ * A list of test cases representing certs that get "deleted".
+ * @type TestCase[]
+ */
+const TEST_CASES = [
+  { certFilename: null,
+    expectedDisplayString: FAKE_HOST_PORT },
+  { certFilename: "has-cn.pem",
+    expectedDisplayString: "Foo" },
+  { certFilename: "has-ou.pem",
+    expectedDisplayString: "Bar" },
+  { certFilename: "has-o.pem",
+    expectedDisplayString: "Baz" },
+  { certFilename: "has-non-empty-subject.pem",
+    expectedDisplayString: "C=US" },
+  { certFilename: "has-empty-subject.pem",
+    expectedDisplayString: "Certificate with serial number: 0A" },
+];
+
+/**
+ * Opens the cert delete confirmation dialog.
+ *
+ * @param {String} tabID
+ *        The ID of the cert category tab the certs to delete belong to.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value object passed to the dialog.
+ */
+function openDeleteCertConfirmDialog(tabID) {
+  let retVals = {
+    deleteConfirmed: false,
+  };
+  let win = window.openDialog("chrome://pippki/content/deletecert.xul", "", "",
+                              tabID, gCertArray, retVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, retVals]);
+    });
+  });
+}
+
+add_task(function* setup() {
+  for (let testCase of TEST_CASES) {
+    let cert = null;
+    if (testCase.certFilename) {
+      cert = yield readCertificate(testCase.certFilename, ",,");
+    }
+    let certTreeItem = {
+      hostPort: FAKE_HOST_PORT,
+      cert: cert,
+      QueryInterface(iid) {
+        if (iid.equals(Ci.nsICertTreeItem)) {
+          return this;
+        }
+
+        throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+      }
+    };
+    gCertArray.push(certTreeItem);
+  }
+});
+
+/**
+ * Test helper for the below test cases.
+ *
+ * @param {String} tabID
+ *        ID of the cert category tab the certs to delete belong to.
+ * @param {String} expectedTitle
+ *        Title the dialog is expected to have.
+ * @param {String} expectedConfirmMsg
+ *        Confirmation message the dialog is expected to show.
+ * @param {String} expectedImpact
+ *        Impact the dialog is expected to show.
+ */
+function* testHelper(tabID, expectedTitle, expectedConfirmMsg, expectedImpact) {
+  let [win, retVals] = yield openDeleteCertConfirmDialog(tabID);
+  let certList = win.document.getElementById("certlist");
+
+  Assert.equal(win.document.title, expectedTitle,
+               `Actual and expected titles should match for ${tabID}`);
+  Assert.equal(win.document.getElementById("confirm").textContent,
+               expectedConfirmMsg,
+               `Actual and expected confirm message should match for ${tabID}`);
+  Assert.equal(win.document.getElementById("impact").textContent,
+               expectedImpact,
+               `Actual and expected impact should match for ${tabID}`);
+
+  Assert.equal(certList.itemCount, TEST_CASES.length,
+               `No. of certs displayed should match for ${tabID}`);
+  for (let i = 0; i < certList.itemCount; i++) {
+    Assert.equal(certList.getItemAtIndex(i).label,
+                 TEST_CASES[i].expectedDisplayString,
+                 "Actual and expected display string should match for " +
+                 `index ${i} for ${tabID}`);
+  }
+
+  yield BrowserTestUtils.closeWindow(win);
+}
+
+// Test deleting certs from the "Your Certificates" tab.
+add_task(function* testDeletePersonalCerts() {
+  const expectedTitle = "Delete your Certificates";
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these certificates?";
+  const expectedImpact =
+    "If you delete one of your own certificates, you can no longer use it to " +
+    "identify yourself.";
+  yield* testHelper("mine_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "People" tab.
+add_task(function* testDeleteOtherPeopleCerts() {
+  const expectedTitle = "Delete E-Mail Certificates";
+  // ’ doesn't seem to work when embedded in the following literals, which is
+  // why escape codes are used instead.
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these people\u2019s e-mail certificates?";
+  const expectedImpact =
+    "If you delete a person\u2019s e-mail certificate, you will no longer be " +
+    "able to send encrypted e-mail to that person.";
+  yield* testHelper("others_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "Servers" tab.
+add_task(function* testDeleteServerCerts() {
+  const expectedTitle = "Delete Server Certificate Exceptions";
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these server exceptions?";
+  const expectedImpact =
+    "If you delete a server exception, you restore the usual security checks " +
+    "for that server and require it uses a valid certificate.";
+  yield* testHelper("websites_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "Authorities" tab.
+add_task(function* testDeleteCACerts() {
+  const expectedTitle = "Delete or Distrust CA Certificates";
+  const expectedConfirmMsg =
+    "You have requested to delete these CA certificates. For built-in " +
+    "certificates all trust will be removed, which has the same effect. Are " +
+    "you sure you want to delete or distrust?";
+  const expectedImpact =
+    "If you delete or distrust a certificate authority (CA) certificate, " +
+    "this application will no longer trust any certificates issued by that CA.";
+  yield* testHelper("ca_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "Other" tab.
+add_task(function* testDeleteOtherCerts() {
+  const expectedTitle = "Delete Certificates";
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these certificates?";
+  const expectedImpact = "";
+  yield* testHelper("orphan_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openDeleteCertConfirmDialog("ca_tab" /*arbitrary*/);
+  info("Accepting dialog");
+  win.document.getElementById("deleteCertificate").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.deleteConfirmed,
+            "Return value should signal user accepted");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openDeleteCertConfirmDialog("ca_tab" /*arbitrary*/);
+  info("Canceling dialog");
+  win.document.getElementById("deleteCertificate").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.deleteConfirmed,
+            "Return value should signal user did not accept");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
new file mode 100644
index 000000000..cbd59f883
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
@@ -0,0 +1,150 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the cert download/import UI correctly identifies the cert being
+// downloaded, and allows the trust of the cert to be specified.
+
+const { MockRegistrar } =
+  Cu.import("resource://testing-common/MockRegistrar.jsm", {});
+
+/**
+ * @typedef {TestCase}
+ * @type Object
+ * @property {String} certFilename
+ *           Filename of the cert for this test case.
+ * @property {String} expectedDisplayString
+ *           The string we expect the UI to display to represent the given cert.
+ * @property {nsIX509Cert} cert
+ *           Handle to the cert once read in setup().
+ */
+
+/**
+ * A list of test cases representing certs that get "downloaded".
+ * @type TestCase[]
+ */
+const TEST_CASES = [
+  { certFilename: "has-cn.pem",
+    expectedDisplayString: "Foo",
+    cert: null },
+  { certFilename: "has-empty-subject.pem",
+    expectedDisplayString: "Certificate Authority (unnamed)",
+    cert: null },
+];
+
+/**
+ * Opens the cert download dialog.
+ *
+ * @param {nsIX509Cert} cert
+ *        The cert to pass to the dialog for display.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openCertDownloadDialog(cert) {
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
+                     .createInstance(Ci.nsIWritablePropertyBag2);
+  let win = window.openDialog("chrome://pippki/content/downloadcert.xul", "",
+                              "", cert, returnVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, returnVals]);
+    });
+  });
+}
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  expectedCert: null,
+  viewCertCallCount: 0,
+  confirmDownloadCACert(ctx, cert, trust) {
+    Assert.ok(false, "confirmDownloadCACert() should not have been called");
+  },
+  setPKCS12FilePassword(ctx, password) {
+    Assert.ok(false, "setPKCS12FilePassword() should not have been called");
+  },
+  getPKCS12FilePassword(ctx, password) {
+    Assert.ok(false, "getPKCS12FilePassword() should not have been called");
+  },
+  viewCert(ctx, cert) {
+    this.viewCertCallCount++;
+    Assert.notEqual(cert, null, "Cert to view should not be null");
+    Assert.equal(cert, this.expectedCert,
+                 "Actual and expected cert should match");
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs])
+};
+
+add_task(function* setup() {
+  for (let testCase of TEST_CASES) {
+    testCase.cert = yield readCertificate(testCase.certFilename, ",,");
+    Assert.notEqual(testCase.cert, null,
+                    `'${testCase.certFilename}' should have been read`);
+  }
+
+  let certificateDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
+                           gCertificateDialogs);
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+  });
+});
+
+// Test that the trust header message corresponds to the provided cert, and that
+// the View Cert button launches the cert viewer for the provided cert.
+add_task(function* testTrustHeaderAndViewCertButton() {
+  for (let testCase of TEST_CASES) {
+    let [win, retVals] = yield openCertDownloadDialog(testCase.cert);
+    let expectedTrustHeaderString =
+      `Do you want to trust \u201C${testCase.expectedDisplayString}\u201D ` +
+      "for the following purposes?";
+    Assert.equal(win.document.getElementById("trustHeader").textContent,
+                 expectedTrustHeaderString,
+                 "Actual and expected trust header text should match for " +
+                 `${testCase.certFilename}`);
+
+    gCertificateDialogs.viewCertCallCount = 0;
+    gCertificateDialogs.expectedCert = testCase.cert;
+    info("Pressing View Cert button");
+    win.document.getElementById("viewC-button").doCommand();
+    Assert.equal(gCertificateDialogs.viewCertCallCount, 1,
+                 "viewCert() should've been called once");
+
+    yield BrowserTestUtils.closeWindow(win);
+  }
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openCertDownloadDialog(TEST_CASES[0].cert);
+  win.document.getElementById("trustSSL").checked = true;
+  win.document.getElementById("trustEmail").checked = false;
+  win.document.getElementById("trustObjSign").checked = true;
+  info("Accepting dialog");
+  win.document.getElementById("download_cert").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.get("importConfirmed"),
+            "Return value should signal user chose to import the cert");
+  Assert.ok(retVals.get("trustForSSL"),
+            "Return value should signal SSL trust checkbox was checked");
+  Assert.ok(!retVals.get("trustForEmail"),
+            "Return value should signal E-mail trust checkbox was unchecked");
+  Assert.ok(retVals.get("trustForObjSign"),
+            "Return value should signal Obj Sign trust checkbox was checked");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openCertDownloadDialog(TEST_CASES[0].cert);
+  info("Canceling dialog");
+  win.document.getElementById("download_cert").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.get("importConfirmed"),
+            "Return value should signal user chose not to import the cert");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
new file mode 100644
index 000000000..bc87732a5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
@@ -0,0 +1,119 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the UI for editing the trust of a CA certificate correctly
+// reflects trust in the cert DB, and correctly updates trust in the cert DB
+// when requested.
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                .getService(Ci.nsIX509CertDB);
+
+/**
+ * The cert we're editing the trust of.
+ * @type nsIX509Cert
+ */
+var gCert;
+
+/**
+ * Opens the cert trust editing dialog.
+ *
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading with
+ *          the window of the opened dialog.
+ */
+function openEditCertTrustDialog() {
+  let win = window.openDialog("chrome://pippki/content/editcacert.xul", "", "",
+                              gCert);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve(win);
+    });
+  });
+}
+
+add_task(function* setup() {
+  // Initially trust ca.pem for SSL, but not e-mail or object signing.
+  gCert = yield readCertificate("ca.pem", "CT,,");
+  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_SSL),
+            "Sanity check: ca.pem should be trusted for SSL");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_EMAIL),
+            "Sanity check: ca.pem should not be trusted for e-mail");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_OBJSIGN),
+            "Sanity check: ca.pem should not be trusted for object signing");
+});
+
+// Tests the following:
+// 1. The checkboxes correctly reflect the trust set in setup().
+// 2. Accepting the dialog after flipping some of the checkboxes results in the
+//    correct trust being set in the cert DB.
+add_task(function* testAcceptDialog() {
+  let win = yield openEditCertTrustDialog();
+
+  let sslCheckbox = win.document.getElementById("trustSSL");
+  let emailCheckbox = win.document.getElementById("trustEmail");
+  let objSignCheckbox = win.document.getElementById("trustObjSign");
+  Assert.ok(sslCheckbox.checked,
+            "Cert should be trusted for SSL in UI");
+  Assert.ok(!emailCheckbox.checked,
+            "Cert should not be trusted for e-mail in UI");
+  Assert.ok(!objSignCheckbox.checked,
+            "Cert should not be trusted for object signing in UI");
+
+  sslCheckbox.checked = false;
+  emailCheckbox.checked = true;
+
+  info("Accepting dialog");
+  win.document.getElementById("editCaCert").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_SSL),
+            "Cert should no longer be trusted for SSL");
+  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_EMAIL),
+            "Cert should now be trusted for e-mail");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_OBJSIGN),
+            "Cert should still not be trusted for object signing");
+});
+
+// Tests the following:
+// 1. The checkboxes correctly reflect the trust set in testAcceptDialog().
+// 2. Canceling the dialog even after flipping the checkboxes doesn't result in
+//    a change of trust in the cert DB.
+add_task(function* testCancelDialog() {
+  let win = yield openEditCertTrustDialog();
+
+  let sslCheckbox = win.document.getElementById("trustSSL");
+  let emailCheckbox = win.document.getElementById("trustEmail");
+  let objSignCheckbox = win.document.getElementById("trustObjSign");
+  Assert.ok(!sslCheckbox.checked,
+            "Cert should not be trusted for SSL in UI");
+  Assert.ok(emailCheckbox.checked,
+            "Cert should be trusted for e-mail in UI");
+  Assert.ok(!objSignCheckbox.checked,
+            "Cert should not be trusted for object signing in UI");
+
+  sslCheckbox.checked = true;
+  emailCheckbox.checked = false;
+  objSignCheckbox.checked = true;
+
+  info("Canceling dialog");
+  win.document.getElementById("editCaCert").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_SSL),
+            "Cert should still not be trusted for SSL");
+  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_EMAIL),
+            "Cert should still be trusted for e-mail");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_OBJSIGN),
+            "Cert should still not be trusted for object signing");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
new file mode 100644
index 000000000..fc7591ece
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
@@ -0,0 +1,142 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the UI for setting the password on a to be exported PKCS #12 file:
+//   1. Correctly requires the password to be typed in twice as confirmation.
+//   2. Calculates and displays the strength of said password.
+
+/**
+ * @typedef {TestCase}
+ * @type Object
+ * @property {String} name
+ *           The name of the test case for display purposes.
+ * @property {String} password1
+ *           The password to enter into the first password textbox.
+ * @property {String} password2
+ *           The password to enter into the second password textbox.
+ * @property {String} strength
+ *           The expected strength of the password in the range [0, 100].
+ */
+
+/**
+ * A list of test cases representing various inputs to the password textboxes.
+ * @type TestCase[]
+ */
+const TEST_CASES = [
+  { name: "empty",
+    password1: "",
+    password2: "",
+    strength: "0" },
+  { name: "match-weak",
+    password1: "foo",
+    password2: "foo",
+    strength: "10" },
+  { name: "match-medium",
+    password1: "foo123",
+    password2: "foo123",
+    strength: "60" },
+  { name: "match-strong",
+    password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    password2: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    strength: "100" },
+  { name: "mismatch-weak",
+    password1: "foo",
+    password2: "bar",
+    strength: "10" },
+  { name: "mismatch-medium",
+    password1: "foo123",
+    password2: "bar",
+    strength: "60" },
+  { name: "mismatch-strong",
+    password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    password2: "bar",
+    strength: "100" },
+];
+
+/**
+ * Opens the dialog shown to set the password on a PKCS #12 file being exported.
+ *
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openSetP12PasswordDialog() {
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
+                     .createInstance(Ci.nsIWritablePropertyBag2);
+  let win = window.openDialog("chrome://pippki/content/setp12password.xul", "",
+                              "", returnVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, returnVals]);
+    });
+  });
+}
+
+// Tests that the first password textbox is the element that is initially
+// focused.
+add_task(function* testFocus() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  Assert.equal(win.document.activeElement,
+               win.document.getElementById("pw1").inputField,
+               "First password textbox should have focus");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+// Tests that the password strength algorithm used is reasonable, and that the
+// Accept button is only enabled if the two passwords match.
+add_task(function* testPasswordStrengthAndEquality() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  let password1Textbox = win.document.getElementById("pw1");
+  let password2Textbox = win.document.getElementById("pw2");
+  let strengthProgressBar = win.document.getElementById("pwmeter");
+
+  for (let testCase of TEST_CASES) {
+    password1Textbox.value = testCase.password1;
+    password2Textbox.value = testCase.password2;
+    // Setting the value of the password textboxes via |.value| apparently
+    // doesn't cause the oninput handlers to be called, so we do it here.
+    password1Textbox.oninput();
+    password2Textbox.oninput();
+
+    Assert.equal(win.document.documentElement.getButton("accept").disabled,
+                 password1Textbox.value != password2Textbox.value,
+                 "Actual and expected accept button disable state should " +
+                 `match for ${testCase.name}`);
+    Assert.equal(strengthProgressBar.value, testCase.strength,
+                 "Actual and expected strength value should match for" +
+                 `${testCase.name}`);
+  }
+
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  const password = "fooBAR 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三";
+  win.document.getElementById("pw1").value = password;
+  win.document.getElementById("pw2").value = password;
+  info("Accepting dialog");
+  win.document.getElementById("setp12password").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.get("confirmedPassword"),
+            "Return value should signal user confirmed a password");
+  Assert.equal(retVals.get("password"), password,
+               "Actual and expected password should match");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  info("Canceling dialog");
+  win.document.getElementById("setp12password").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.get("confirmedPassword"),
+            "Return value should signal user didn't confirm a password");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem b/security/manager/ssl/tests/mochitest/browser/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem b/security/manager/ssl/tests/mochitest/browser/code-ee.pem
new file mode 100644
index 000000000..a4fdfaed7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxDCCAa6gAwIBAgIUSbYQoLY1s6wWqgbKhxQZ3XME7ukwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB2NvZGUtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG
+AQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAV69uBbyc/d1eBdZlT7eAw4onQzkdndd8
+kEXdmP3hd+jJm1+/F733IflLLqE5mmUL9l7q7EJ+TgdZa19T6JHEaVjdJcIuwJO/
+kKSJXXqADQXoxHOZADDWjAFStiR3xd78BzYfuUANgozG6hq7QuVh0cYBx/8Q9gx/
+pGtuCJiN0d2Mknu0SoQzIZlXTuqmnFj7G/88O5Yh5MaFZxbvIJJSIWQoS396GrI6
+yXAdqHNoVM9mwwaMcnG5QeeKSIPuvEkZncQsxFc0zqIjeOVx/zEx2Bocx71dLuVB
+fqrIrAXLpwparoSxLzNqq8UgtXF8NQOuAcUu7ok0r1VbdMbSZHZ3Gg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec
new file mode 100644
index 000000000..93f9a8426
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:code-ee
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem
new file mode 100644
index 000000000..5b2cfd940
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvjCCAaigAwIBAgIUGzSP8KEmmRm3sIPiyQW35sazlHEwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCmV4cGlyZWQtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwSZWUtZnJvbS1leHBpcmVkLWNhMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+MAsGCSqGSIb3DQEBCwOCAQEAZ6Nrb/1fit8cALMhcbmuZ5kd3J34d0o9p3g3E7m7
+8RsTbYLA4xp9UmSzpO/10x9q4TUZ8jxW1dotoCVf7OqYYxQewrU2x3qoxKvP/Fvf
+8ssWSIang91w+app+fv7QYDySymT6DJMLWyCmxyhaFjYnmr67GKldcgK9hbyjfDB
+Rj382czI/HMSvw/vCB6rRKchzr5hsDGl+YN0MMI4M7/3b5wvMUmxlXqKu1VlslDZ
+8Ez6ONuMdPJD3aQZMxmEph05pEMvhjFhLh+0n7kfLR+9n0D7IR9paVc6LgHLLxsP
+ENoZLGOwJYNdAwwkd6fIa9E6KCpaRgyvWslm+iFCg3XxoA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec
new file mode 100644
index 000000000..3e280fc4f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec
@@ -0,0 +1,2 @@
+issuer:expired-ca
+subject:ee-from-expired-ca
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem
new file mode 100644
index 000000000..ad2d988e0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUI/4Y+KSEZo8YGQK6Ptrdmev5FO0wCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDHVudHJ1c3RlZC1jYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRlZS1mcm9tLXVudHJ1c3RlZC1jYTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAATALBgkqhkiG9w0BAQsDggEBAJqsDDoJqxrmV4Mlt815HmJwhr/SuYhPwhoQ
+RyU56Ci5kY/8fYa3F1uxSrpzuiYBX4bq6g8keXmltPZGN9gexPP2QJDAecNt0NKW
++04ZKSiz6Tbu+MEyBaXCINDKaAHVPRnbMWR1eCyHzYpZRKZW2Sb2NinWGebzq0mI
+wt5l7veMkL5ZbeYF8u8bNFsdvhl1PM7/AfAZLJL4+fncaqQeDRyVffxrl4mCooS9
+DYajnw7AhFvN0XtXb5vK3HYiz9mv/OnXeoeWxYcWI6aY6LR0OwHHQQptKQSIOP87
+2mo64IbAwzuBrhxNrdrQKCnf1mtyDZig+2r6R4TP3EM3sCNAoiU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec
new file mode 100644
index 000000000..833e1a23a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec
@@ -0,0 +1,2 @@
+issuer:untrusted-ca
+subject:ee-from-untrusted-ca
diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem b/security/manager/ssl/tests/mochitest/browser/email-ee.pem
new file mode 100644
index 000000000..4211ef27d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUJctkeS6qP+WqsgOLbjATJuPlN40wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBMxETAPBgNVBAMMCGVtYWlsLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggr
+BgEFBQcDBDALBgkqhkiG9w0BAQsDggEBAIFmRk4ZfcxWjetAoyYp0bIFLr5AjGqv
+ecmc0khsRkW7NR23ywJsRsCU1u82JIGrE0bpDu/KQPAMJsi6QMc9hZEOzO1t1QmG
+OJFLhCNTe+wf+5X+UKHKo01lEp7vDcO7DjuZIgEZSyOp9qbV88AtEiqESIzRBWYp
+dL15cS1PDH8fa5k7MHCAh0C/HeDRD5EP8derIWWrFIesEdJAhwzMRzJrCWIqzLPP
+Lv2gsXhehXCN7U14zkoGU97sSE09k5BopHd4fgqZesSApJrd2OenQAzdRIs3+UQy
+iCs7oLH16lOl/yeRxVjcHRWaSRM47eGpn5+YOnGkoE/lqfux+jjB3rc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec
new file mode 100644
index 000000000..82e329670
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:email-ee
+extension:extKeyUsage:emailProtection
diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem
new file mode 100644
index 000000000..2da553a56
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUAfElDw37NeFULPHd+G2eoaHpvEYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjAxMTAxMDEwMDAw
+MDBaMBUxEzARBgNVBAMMCmV4cGlyZWQtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAde8CQNB8dVo5ly7Lu8x9
+5yDz2hpzAqqPDxP3+UqxzEgXeA4vfv1Bzvmxx69XEd+884M9Lkt2WBTrc+OrAgqX
+pCCt4X8bjV2t+mG1shtYEGKk5BtRVnorHhZyf6+5xtOfpV9DeWkf/aA1SJK1Kpt3
+cNSDW10PwaGuaNiUMEtIFLD/MYZCM98RFOSVDWjqafbfUBn4ZSeoyRi1C2d3lg0C
+jRFmOc1I4DQOUezp3C0WyCumJ0SLTIoYJGdAshMbDWPr0OOaB4GmI8miKhS6LM59
+o6C3fU8MJrRYKctYj0k9gW0DI6KuEFZj2AY8brv6Ufx1TKy5Z2pqIPeUbuJInCXM
+qA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec
new file mode 100644
index 000000000..15bdcd7d7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:expired-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+validity:20100101-20110101
diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem b/security/manager/ssl/tests/mochitest/browser/has-cn.pem
new file mode 100644
index 000000000..8e7c479ae
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAbqgAwIBAgIUfQIwxuYCoWiJuu/qTiEf7fbljnswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMDcxDDAKBgNVBAMMA0ZvbzEMMAoGA1UECwwDQmFyMQwwCgYDVQQKDANCYXox
+CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAJ2fIigbkc2Lh5Z/s
+Y7s4o0D9UnzttXjjEqKYhttk6PJnmVYG3zn3MBmyWPhDcXYW9fJwx7IOcC0woVdJ
+yjkVZUIlJY6xAqIC6kVNtbI3PJ+mji8qQk/ecXCwhTGk0H2lZXrUtc6WMmD3GUIP
+yNQGN/qAniRLnXzzVY3MJPLKKSlWSJEJCY4F4uDwBtwudPc+1yRIR6XblEL3dazS
+H2kuIzGwIu6/i3AN2WIFWFhcuRTfLZINlNeH9gYEaUrwI3MS0aMPqGXtOHz+imZl
+RwNng0xaiDxZXcEPjrRw5HEZcIEGBc6X8WtSzbWufiWBqMue1ltEpc1AkvUamuB3
+KJxYPA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec
new file mode 100644
index 000000000..a4a0fcb5f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/CN=Foo/OU=Bar/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem
new file mode 100644
index 000000000..8800bfb73
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChjCCAXCgAwIBAgIBCjALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowADCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAF/OD4h9UNl2afVbw/Hv2dCV5uMyDV3T8iEUI9eiCvYDMAOElkAN
+NZbDfGfQdg8rNLKG6r7Vz8VBu0T/Vn2lswtKYPll63ANv9qZVtKGsDTGzN8JSC0k
+xgMbtVsj+OsJs81hmNnW6xw7wehpPw3l1UakAEb6dbYuYCanR/p/u/hvTz7phe9D
+AsJyRAo4a+QDyeqgAPKrzTatawshNnz9O4QhNzUqj53fMkpUq2ebOyIGMOvbh/N5
+nT6AVT2wn95mWawnS5v2VTRPALyMkgbl+0bb/VzXHN6CjDHO+n239lL2uQlAZFHe
+8pKr4lmb82dLU9qUFbY7exLyV1aUyYSXSNU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec
new file mode 100644
index 000000000..6346f7b83
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:
+serialNumber:10
diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem
new file mode 100644
index 000000000..16964b1c0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAZCgAwIBAgIUCwPRyN8HCSE5XEIq7e2eEEe1OdIwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAt2CF0E7d
+QYnfn/kc8hb6GF6sYpCFA6egEzr6OsYMYE7jt5mKlMJdbIxw57L8jg8IZ1fjH5AQ
+KA5cchGcgjCkHoJ7jOYfMZCubCBdrsNKx2YYWcna8WIAZjwOIfNC0Ajs3IDiRDWm
+vlBrFP9Z6bGuzNrvLFAB0lU2dM2b99DqzaYNZeQP5DcP6ZjaPkSvqOWr3Lf6ZAvO
+tU70OcTelx74Hj9bI75bxVYd71Vorv5qB77zrl7GHb36f2pkludDOKeZ6XhRgy9e
+vN6DLctM0v6fJprG50xrILDhqsTydTdjhETLaIWhF9aUHzFybpFArp8TLoWbXiX1
+eAVaASutFVprhA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec
new file mode 100644
index 000000000..cc1b668a6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem b/security/manager/ssl/tests/mochitest/browser/has-o.pem
new file mode 100644
index 000000000..755d3cdae
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUeXeYs5jw41bNt0btBeEFNbUQonAwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxDDAKBgNVBAoMA0JhejELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQAs60sU1VqjaVQbGBHvBNyiQn9oTugmuEx9ogwVKhnmgRK+hYw+wgBn
+H4yYZF1gF4xG7Rt+ut+EruSd4ht8vY9ZMvKrbgMrZ6HbNIZg9oIX+u0i9Bba2lh7
+p87mCePS5L7U1gPbg/fZ8jd0FvW8EusC/TX5tOeeUnawXWE4ciqPZfIVriU0iCP1
+nKzvFtawYzWwgN+QZ1ruzBi7qqrHNDAhgLu9+3g+9QyBd40XV7/EhDQ18kViaTSj
+WmaUX7jJD1FUkGBkxjqHfgGkaYnt7UXGMDTeQ8vFeja11PJJIdRT8hSu0oTMdE6M
+WCEw02+Fc+qsYH5I6vp3MOV8wyBqIqYc
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec
new file mode 100644
index 000000000..f7cc3ffc7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem b/security/manager/ssl/tests/mochitest/browser/has-ou.pem
new file mode 100644
index 000000000..06f663b3f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUU/td7MxWYwvdFLfgNUraIpy3GP8wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCkxDDAKBgNVBAsMA0JhcjEMMAoGA1UECgwDQmF6MQswCQYDVQQGEwJVUzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAATALBgkqhkiG9w0BAQsDggEBAGbVHQ19S6R62HovLt9Ltir1z9KJ4QXWNAEu
+FKicntKaId+jJY42y1+iAqQHy3FpjfLfx5eVKPW8vHbyTQSL/y0jJ9bPKepYsSay
+5McWggOxMxVFazUCOntZN282WYIg3H/OFaeRarjeHlraZjwmNxrfHKzyBJ6bBqBJ
+2vtmDez/+h+f0reutgnY1v4bJ02x/5YuG39+i08uRI0Vc+lrDiqDPYMxlmzwVvJM
+xqo9TZu9gU4XFbK8c8EUsPjMMO1gKyroiBhthtEZ8a9Q4jdeD92cOZRcPrHtYyvR
+qw9VhFLJRgLJ0DVOWqCHqYXUFfYngFezem1eeNxrz2eAbaURdCs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec
new file mode 100644
index 000000000..8879dabf5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/OU=Bar/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/head.js b/security/manager/ssl/tests/mochitest/browser/head.js
new file mode 100644
index 000000000..d488e6eeb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/head.js
@@ -0,0 +1,59 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                .getService(Ci.nsIX509CertDB);
+
+/**
+ * List of certs imported via readCertificate(). Certs in this list are
+ * automatically deleted from the cert DB when a test including this head file
+ * finishes.
+ * @type nsIX509Cert[]
+ */
+var gImportedCerts = [];
+
+registerCleanupFunction(() => {
+  for (let cert of gImportedCerts) {
+    gCertDB.deleteCertificate(cert);
+  }
+});
+
+/**
+ * This function serves the same purpose as the one defined in head_psm.js.
+ */
+function pemToBase64(pem) {
+  return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
+            .replace(/-----END CERTIFICATE-----/, "")
+            .replace(/[\r\n]/g, "");
+}
+
+/**
+ * Given the filename of a certificate, returns a promise that will resolve with
+ * a handle to the certificate when that certificate has been read and imported
+ * with the given trust settings.
+ *
+ * Certs imported via this function will automatically be deleted from the cert
+ * DB once the calling test finishes.
+ *
+ * @param {String} filename
+ *        The filename of the certificate (assumed to be in the same directory).
+ * @param {String} trustString
+ *        A string describing how the certificate should be trusted (see
+ *        `certutil -A --help`).
+ * @return {Promise}
+ *         A promise that will resolve with a handle to the certificate.
+ */
+function readCertificate(filename, trustString) {
+  return OS.File.read(getTestFilePath(filename)).then(data => {
+    let decoder = new TextDecoder();
+    let pem = decoder.decode(data);
+    let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                   .getService(Ci.nsIX509CertDB);
+    let base64 = pemToBase64(pem);
+    certdb.addCertFromBase64(base64, trustString, "unused");
+    let cert = certdb.constructX509FromBase64(base64);
+    gImportedCerts.push(cert);
+    return cert;
+  }, error => { throw error; });
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem b/security/manager/ssl/tests/mochitest/browser/invalid.pem
new file mode 100644
index 000000000..1911098ef
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvDCCAaagAwIBAgIUcy9NBl2j6kWrXfJ6Na36AnwN2Q8wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB2ludmFsaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwIBBjAL
+BgkqhkiG9w0BAQsDggEBAHw1PeRKbGVaiNBPlshPnuEjJ5XN+ls3Lv8CVplvuFgM
+uvOAfuXNcLcQmqU4QZm9PvIboCAe2FTFMJ+szDbCIFaBzzJ4RnuJ0FnBZDf1fKJm
+/Nj4XikPePo5DnsqSs53aNKM7Nf5dcdCCA8kfpMm50Nw6ufWrr8HAEqQbDixecv1
+6as6xc458UU8AXKZb30VfLFAm0uPz2Y/ZjROnSqrNSB5ZRx9m4MqS3/4H7fSnlFU
+yMcetH5ovGk3xJg65qWhaRlaoeExco9E5x1nUr+eK4OmP3MXlGbxxMQx1R43Ea11
+zSyaqlhGUs06uDOl4rk4b2FmkPgGV+A26gtjMYD005k=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec
new file mode 100644
index 000000000..71a1707c3
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:invalid
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem
new file mode 100644
index 000000000..27bf90085
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZSgAwIBAgIURZ4xXpmcV9oh3RekbTwkCGv62NowCwYJKoZIhvcNAQEE
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBm1kNS1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQQDggEBAKs7
+7/g5m901xqDth2t0tDTFWlfh/h94KLk8d8JAAa8AMdVwpMUMc2IKPk+H+f7JkBeE
+hhJ/r4ZEbQkjZuoLSkAR6aKRprE97Ddw1LJLVish39DitEXxpyDemCIl8V6E8FpW
+CWqbOZtvUScOQOlJ2uJfPwHkh93RJbzP9EY8Hd2arFYKuExi5z8Z465feZ53mdOe
+17WG9IKKIQirr4OAxD+ab1EdMuPuXKQ9qfg4fSW/LDsb97x0/ElRfHwFDxsbEiVi
+zR/gGMW9AQhc+eW2qchjYkO0v/ps7dzjDQFDJzLAd/mlb90cK1cpUz6XVn/HagvZ
+0MRczu3MnE6KRPVpW8Y=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec
new file mode 100644
index 000000000..279c15802
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:md5-ee
+signature:md5WithRSAEncryption
diff --git a/security/manager/ssl/tests/mochitest/browser/moz.build b/security/manager/ssl/tests/mochitest/browser/moz.build
new file mode 100644
index 000000000..49d7d5a11
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/moz.build
@@ -0,0 +1,35 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+BROWSER_CHROME_MANIFESTS += ['browser.ini']
+
+# Temporarily disabled. See bug 1256495.
+# (Note that when this gets enabled, some extra work will have to happen so
+# that the mochitest harness knows where to get the generated certificates -
+# right now it assumes they're in the source directory, which isn't the case
+# when they're automatically generated.)
+#test_certificates = (
+#    'ca.pem',
+#    'code-ee.pem',
+#    'ee-from-expired-ca.pem',
+#    'ee-from-untrusted-ca.pem',
+#    'email-ee.pem',
+#    'expired-ca.pem',
+#    'has-cn.pem',
+#    'has-empty-subject.pem',
+#    'has-non-empty-subject.pem',
+#    'has-o.pem',
+#    'has-ou.pem',
+#    'invalid.pem',
+#    'md5-ee.pem',
+#    'revoked.pem',
+#    'ssl-ee.pem',
+#    'unknown-issuer.pem',
+#    'untrusted-ca.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem b/security/manager/ssl/tests/mochitest/browser/revoked.pem
new file mode 100644
index 000000000..b212e8250
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqzCCAZWgAwIBAgIUD1t15yWPBLIhosAm9w9++t/F/fkwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB3Jldm9rZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQCy
+eobd3+MhGhQvhKQax5XNBqAEmogtsv6G1ZCoAx0kKU83r3Oj9ha4VfGN0syP8NQV
+nmkecZ630QXQcyCD3RRiiLqU07N3nC5djm8v+vM5RhuDADkIwddH3WNWB+8KUJEd
+3Sym1EN6xAYdQEAwWdPno73sUsFebuoL/c4gpTjD7PF+/vPzN0c3KVanlrMhayKe
+3PLq8jST2OSdLvooa8qMYsFFG2S4A+gmp9Cx30moMG2+w1GBKZdtY2tlFx5DppIU
+AoQzUl9pvT6AFDcY2RO6UvsWF9Pzr4dTjjgk8SO05jKcmj2GnBm480ZezDx5N5zm
++XVGgonJZRAucaVuJY79
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec
new file mode 100644
index 000000000..daf75c670
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:revoked
diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem
new file mode 100644
index 000000000..76a688034
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUYfe94xSwDUoffRodCo1TPdV/PaswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBnNzbC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAsGCSqGSIb3DQEBCwOCAQEAprVI8tGWBHIN2SV66ZnC
+vOfWcQguUQg8QO3Al+O4X5U18hzgsmCjqt99b+oJCJD0qWBnPPBgqY52pckCgmTY
+w73TZ5w3Rnr3v+BlQ5xPTyAQoUeutm1LMxY/Ju7m1XV44tyDnq6GZbOZLVWtRLXe
+W4UEqVex4qbCw3GOvFyHmubSNUk81v4Iexe1SmIJN8glZsVmWJdaC2Xo7qhz+vvq
+HljfO+/ejiBtZOJSf9qG6HcGW/Rf15Io0e+IA6jbZWrlAzIjBcYKumZF8LjRONHZ
+vwiCwWit/IP6KvmsHAb7wj5c0U/p1TuyGdvu/ccp6nCdx8Ya7/QKfAEQTZXnloBG
+4w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec
new file mode 100644
index 000000000..c4037675f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ssl-ee
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem
new file mode 100644
index 000000000..d8e750551
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtzCCAaGgAwIBAgIUEfR3vHTQuzModYBSMepORIL++2gwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB3Vua25vd24wIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGTEXMBUGA1UEAwwOdW5rbm93bi1pc3N1ZXIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZI
+hvcNAQELA4IBAQB4pRQvglUpzNZ2fH0oj5bcqfcTjE3dwEzGg7WaMD2t50zKgCRp
+2sDObvEB1Nv5SHSkebxDeS9xQ6Dghf+TvuCnkapi/6q9etP51lkIOhl6okAGUwdZ
+vO3duIvXCVUWbut3ATQghKovDYuJXKMx1OYapxyLKKCsdvTQ8LNQpPcwbpVtqWKC
+jLYpa1i/vtn4Pv8xs/ceOf10z5AdydpFBgZ8JpY0CbRI73WHR5fr1yYI7tfzaAA8
+d+OBZ7nqlg81khD/Oepl/h6/IJ3L2eB+lUZx6+yWML9jRD0HX1xRje19u2vxCuQ+
+tNo6lQr9fTRG76Md1d4fdg9+F9LGqDd+yBBv
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec
new file mode 100644
index 000000000..c76a4e2c7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec
@@ -0,0 +1,2 @@
+issuer:unknown
+subject:unknown-issuer
diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem
new file mode 100644
index 000000000..0f874d9a9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUT/T//UMr8YnbQBWj+61OMGPKRC4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDHVudHJ1c3RlZC1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCiDFgskGRygaarkruu
+gTwsX59ULb7yhXyYKZLTdsUitHi8Zk4KUmsbkBHGaek30Ud9A1GyLzuP3hb1/M7M
+FdARYO8qrl414tW3hiON36R47qtw5cO6a2YZfvxU79esuoa6uxChhHLUugqNotJb
+bbGwSMszKzkGtOQ5ZTFNc8+t1kWeQfFoPMznjg5WC2oq9Pl45Rt9lFrU3SD8MkVA
+8fLAGR5TEOY2ZvjDDMKg+ceJNIaA3SPXDTVSXWNIakJU2vsdUXThTyfnoCw0sMQG
+ZwkmKbCXioYXDB/nrjoVBgJh85JSc4KX137y5m2FK+wHzkKMgf4yn6Ql2eg/yTen
+CaeK
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec
new file mode 100644
index 000000000..04f443057
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:untrusted-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js
new file mode 100644
index 000000000..d61bb2044
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js
@@ -0,0 +1,5 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "extends": "../../../../../../testing/mochitest/mochitest.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
new file mode 100644
index 000000000..8e9afb098
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
@@ -0,0 +1,6 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Access-Control-Allow-Origin", "*");
+  response.write("<html><body>hello!</body></html>");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/backward.html b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
new file mode 100644
index 000000000..825c2aa80
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <script type="text/javascript">
+  "use strict";
+  window.onload = function()
+  {
+    window.setTimeout(function()
+    {
+      SpecialPowers.wrap(window).QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor)
+        .getInterface(SpecialPowers.Ci.nsIWebNavigation)
+        .goBack();
+    }, 100);
+  };
+
+  </script>
+</head>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
new file mode 100644
index 000000000..fd888504a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
@@ -0,0 +1,7 @@
+/* import-globals-from mixedContentTest.js */
+"use strict";
+
+document.open();
+document.write("This is insecure XSS script " + document.cookie);
+isSecurityState("broken", "security broken after document write from unsecure script");
+finish();
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
new file mode 100644
index 000000000..c2ebce364
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
@@ -0,0 +1,29 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, step 2</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/does_not_exist.css">
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  window.onload = function runTest() {
+    window.setTimeout(function () {
+      window.location =
+        "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html?runtest";
+    }, 0);
+  };
+
+  function afterNavigationTest()
+  {
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
new file mode 100644
index 000000000..1acafcd2f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
@@ -0,0 +1,30 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, final step</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure", "secure page after insecure download and insecure subcontent still secure");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "still secure after back/forward");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
new file mode 100644
index 000000000..4d2fb7d5a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
@@ -0,0 +1 @@
+Temporary file for security/mixedconent tests
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
new file mode 100644
index 000000000..9c3159e15
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
@@ -0,0 +1,2 @@
+Content-disposition: "attachment"
+Content-type: application/x-auto-download
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
new file mode 100644
index 000000000..5cce2826f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  //response.setHeader("Content-type", "image/gif");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
new file mode 100644
index 000000000..20d9dea82
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
@@ -0,0 +1,13 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-type", "image/bitmap");
+  
+  let bmpheader = "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+  let bmpdatapiece = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+  response.bodyOutputStream.write(bmpheader, 54);
+  // Fill 640*480*3 nulls
+  for (let i = 0; i < (640 * 480 * 3) / 64; ++i)
+    response.bodyOutputStream.write(bmpdatapiece, 64);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
new file mode 100644
index 000000000..d67eb6a7a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 1: 
+  <script>
+    "use strict";
+    document.write(location.href);
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
new file mode 100644
index 000000000..048ed811b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 2: 
+  <script>
+    "use strict";
+    document.write(location.href);
+  </script>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
new file mode 100644
index 000000000..d033f5b00
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
@@ -0,0 +1,8 @@
+<!DOCTYPE HTML>
+<META http-equiv="Refresh"
+      Content="0; URL=http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html">
+<html>
+  <body>
+    Redirecting by meta tag...
+  </body>
+</html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
new file mode 100644
index 000000000..ea93b80b7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
new file mode 100644
index 000000000..937e29954
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
new file mode 100644
index 000000000..7af6116e1
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
new file mode 100644
index 000000000..a8eb26642
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
new file mode 100644
index 000000000..74c592e59
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -0,0 +1,204 @@
+"use strict";
+
+/**
+ * Helper script for mixed content testing. It opens a new top-level window
+ * from a secure origin and '?runtest' query. That tells us to run the test
+ * body, function runTest(). Then we wait for call of finish(). On its first
+ * call it loads helper page 'backward.html' that immediately navigates
+ * back to the test secure test. This checks the bfcache. We got second call
+ * to onload and this time we call afterNavigationTest() function to let the
+ * test check security state after re-navigation back. Then we again wait for
+ * finish() call, that this time finishes completelly the test.
+ */
+
+// Tells the framework if to load the test in an insecure page (http://)
+var loadAsInsecure = false;
+// Set true to bypass the navigation forward/back test
+var bypassNavigationTest = false;
+// Set true to do forward/back navigation over an http:// page, test state leaks
+var navigateToInsecure = false;
+// Open the test in two separate windows, test requests sharing among windows
+var openTwoWindows = false;
+// Override the name of the test page to load, useful e.g. to prevent load
+// of images or other content before the test starts; this is actually
+// a 'redirect' to a different test page.
+var testPage = "";
+// Assign a function to this variable to have a clean up at the end
+var testCleanUp = null;
+// Contains mixed active content that needs to load to run the test
+var hasMixedActiveContent = false;
+
+
+// Internal variables
+var _windowCount = 0;
+
+window.onload = function onLoad() {
+  if (location.search == "?runtest") {
+    try {
+      if (history.length == 1) {
+        // Each test that includes this helper file is supposed to define
+        // runTest(). See the top level comment.
+        runTest(); // eslint-disable-line no-undef
+      } else {
+        // Each test that includes this helper file is supposed to define
+        // afterNavigationTest(). See the top level comment.
+        afterNavigationTest(); // eslint-disable-line no-undef
+      }
+    } catch (ex) {
+      ok(false, "Exception thrown during test: " + ex);
+      finish();
+    }
+  } else {
+    window.addEventListener("message", onMessageReceived, false);
+
+    let secureTestLocation = loadAsInsecure ? "http://example.com"
+                                            : "https://example.com";
+    secureTestLocation += location.pathname;
+    if (testPage != "") {
+      let array = secureTestLocation.split("/");
+      array.pop();
+      array.push(testPage);
+      secureTestLocation = array.join("/");
+    }
+    secureTestLocation += "?runtest";
+
+    if (hasMixedActiveContent) {
+      SpecialPowers.pushPrefEnv(
+        {"set": [["security.mixed_content.block_active_content", false]]},
+        null);
+    }
+    if (openTwoWindows) {
+      _windowCount = 2;
+      window.open(secureTestLocation, "_new1", "");
+      window.open(secureTestLocation, "_new2", "");
+    } else {
+      _windowCount = 1;
+      window.open(secureTestLocation);
+    }
+  }
+};
+
+function onMessageReceived(event)
+{
+  switch (event.data) {
+    // Indication of all test parts finish (from any of the frames)
+    case "done":
+      if (--_windowCount == 0) {
+        if (testCleanUp) {
+          testCleanUp();
+        }
+        if (hasMixedActiveContent) {
+          SpecialPowers.popPrefEnv(null);
+        }
+
+        SimpleTest.finish();
+      }
+      break;
+
+    // Any other message is an error or success message of a test.
+    default:
+      SimpleTest.ok(!event.data.match(/^FAILURE/), event.data);
+      break;
+  }
+}
+
+function postMsg(message)
+{
+  opener.postMessage(message, "http://mochi.test:8888");
+}
+
+function finish()
+{
+  if (history.length == 1 && !bypassNavigationTest) {
+    window.setTimeout(() => {
+      window.location.assign(navigateToInsecure ?
+        "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html" :
+        "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html");
+    }, 0);
+  } else {
+    postMsg("done");
+    window.close();
+  }
+}
+
+function ok(a, message)
+{
+  if (!a) {
+    postMsg("FAILURE: " + message);
+  } else {
+    postMsg(message);
+  }
+}
+
+function is(a, b, message)
+{
+  if (a != b) {
+    postMsg(`FAILURE: ${message}, expected ${b} got ${a}`);
+  } else {
+    postMsg(`${message}, expected ${b} got ${a}`);
+  }
+}
+
+function isSecurityState(expectedState, message, test)
+{
+  if (!test) {
+    test = ok;
+  }
+
+  let ui = SpecialPowers.wrap(window)
+    .QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor)
+    .getInterface(SpecialPowers.Ci.nsIWebNavigation)
+    .QueryInterface(SpecialPowers.Ci.nsIDocShell)
+    .securityUI;
+
+  let isInsecure = !ui ||
+    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE);
+  let isBroken = ui &&
+    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN);
+  let isEV = ui &&
+    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
+
+  let gotState = "secure";
+  if (isInsecure) {
+    gotState = "insecure";
+  } else if (isBroken) {
+    gotState = "broken";
+  } else if (isEV) {
+    gotState = "EV";
+  }
+
+  test(gotState == expectedState, (message || "") + ", " + "expected " + expectedState + " got " + gotState);
+
+  switch (expectedState) {
+    case "insecure":
+      test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || ""));
+      break;
+    case "broken":
+      test(ui && !isInsecure && isBroken && !isEV, "for 'broken' expected  flags [0,1,0], " + (message || ""));
+      break;
+    case "secure":
+      test(ui && !isInsecure && !isBroken && !isEV, "for 'secure' expected flags [0,0,0], " + (message || ""));
+      break;
+    case "EV":
+      test(ui && !isInsecure && !isBroken && isEV, "for 'EV' expected flags [0,0,1], " + (message || ""));
+      break;
+    default:
+      throw new Error("Invalid isSecurityState state");
+  }
+}
+
+function waitForSecurityState(expectedState, callback)
+{
+  let roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
+  let interval = window.setInterval(() => {
+    isSecurityState(expectedState, "", isok => {
+      if (isok) {
+        roundsLeft = 0;
+      }
+    });
+    if (!roundsLeft--) {
+      window.clearInterval(interval);
+      callback();
+    }
+  }, 100);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
new file mode 100644
index 000000000..c7a352eb8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
@@ -0,0 +1,62 @@
+[DEFAULT]
+skip-if = toolkit == 'android' #TIMED_OUT
+support-files =
+  alloworigin.sjs
+  backward.html
+  bug329869.js
+  bug383369step2.html
+  bug383369step3.html
+  download.auto
+  download.auto^headers^
+  emptyimage.sjs
+  hugebmp.sjs
+  iframe.html
+  iframe2.html
+  iframeMetaRedirect.html
+  iframesecredirect.sjs
+  iframeunsecredirect.sjs
+  imgsecredirect.sjs
+  imgunsecredirect.sjs
+  mixedContentTest.js
+  moonsurface.jpg
+  nocontent.sjs
+  redirecttoemptyimage.sjs
+  somestyle.css
+  unsecureIframe.html
+  unsecurePictureDup.html
+
+[test_bug329869.html]
+[test_bug383369.html]
+[test_bug455367.html]
+[test_bug472986.html]
+[test_bug477118.html]
+[test_bug521461.html]
+[test_cssBefore1.html]
+[test_cssContent1.html]
+[test_cssContent2.html]
+[test_documentWrite1.html]
+[test_documentWrite2.html]
+[test_dynDelayedUnsecurePicture.html]
+[test_dynDelayedUnsecureXHR.html]
+[test_dynUnsecureBackground.html]
+[test_dynUnsecureIframeRedirect.html]
+[test_dynUnsecurePicture.html]
+[test_dynUnsecurePicturePreload.html]
+# [test_dynUnsecureRedirect.html]
+# intermitently fails, quite often, bug 487402
+[test_innerHtmlDelayedUnsecurePicture.html]
+[test_innerHtmlUnsecurePicture.html]
+[test_javascriptPicture.html]
+[test_secureAll.html]
+[test_securePicture.html]
+[test_unsecureBackground.html]
+[test_unsecureCSS.html]
+[test_unsecureIframe.html]
+[test_unsecureIframe2.html]
+# [test_unsecureIframeMetaRedirect.html]
+# intermittently fails, less often, bug 487632
+[test_unsecureIframeRedirect.html]
+[test_unsecurePicture.html]
+[test_unsecurePictureDup.html]
+[test_unsecurePictureInIframe.html]
+[test_unsecureRedirect.html]
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
new file mode 100644
index 000000000..c0ffca256
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moz.build b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
new file mode 100644
index 000000000..8e5cb5d71
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
@@ -0,0 +1,8 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ['mochitest.ini']
+
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
new file mode 100644
index 000000000..53fa4bc0c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
@@ -0,0 +1,4 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 204, "No Content");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
new file mode 100644
index 000000000..4d85e1658
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
new file mode 100644
index 000000000..9867e3c41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
@@ -0,0 +1,4 @@
+body
+{
+  background-color: lightBlue;
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
new file mode 100644
index 000000000..3b8fae25e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>dymanic script load</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    window.setTimeout(function () {
+      let newElement = document.createElement("script");
+      newElement.src = "http://example.org/tests/security/manager/ssl/tests/" +
+                       "mochitest/mixedcontent/bug329869.js";
+      document.body.appendChild(newElement);
+    }, 0);
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
new file mode 100644
index 000000000..b68546d0a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
@@ -0,0 +1,102 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* sendAsyncMessage isn't actually a global - this just mollifies eslint */
+  /* global sendAsyncMessage */
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // We want to start this test from an insecure context
+  loadAsInsecure = true;
+  // We don't want to go through the navigation back/forward test
+  bypassNavigationTest = true;
+
+  function runTest() {
+    let script = SpecialPowers.loadChromeScript(function() {
+      const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
+      // Force download to be w/o user assistance for our testing mime type
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+      handlerInfo.preferredAction = Ci.nsIHandlerInfo.saveToDisk;
+      handlerInfo.alwaysAskBeforeHandling = false;
+      handlerInfo.preferredApplicationHandler = null;
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.store(handlerInfo);
+
+      let dirProvider = Cc["@mozilla.org/file/directory_service;1"]
+                          .getService(Ci.nsIProperties);
+      let profileDir = dirProvider.get("ProfDS", Ci.nsIFile);
+      profileDir.append("downloads");
+
+      let prefs = Cc["@mozilla.org/preferences-service;1"]
+                    .getService(Ci.nsIPrefService);
+      let prefBranch = prefs.getBranch("browser.download.");
+
+      prefBranch.setCharPref("dir", profileDir.path);
+      prefBranch.setBoolPref("useDownloadDir", true);
+      prefBranch.setIntPref("folderList", 2);
+      prefBranch.setBoolPref("manager.closeWhenDone", true);
+      prefBranch.setBoolPref("manager.showWhenStarting", false);
+
+      const { Downloads } =
+        Cu.import("resource://gre/modules/Downloads.jsm", {});
+      Downloads.getList(Downloads.PUBLIC).then(list => {
+        list.addView({
+          onDownloadAdded: function (aDownload) {
+            list.removeView(this);
+            aDownload.whenSucceeded().then(() => {
+              list.removeFinished();
+              sendAsyncMessage("navigate", "bug383369step2.html");
+            });
+          },
+        });
+        sendAsyncMessage("navigate", "download.auto");
+      }).then(null, Cu.reportError);
+    });
+    script.addMessageListener("navigate", function(url) {
+      window.location = url;
+    });
+  }
+
+  function afterNavigationTest() {}
+
+  testCleanUp = function cleanup() {
+    SpecialPowers.loadChromeScript(function() {
+      const { classes: Cc, interfaces: Ci } = Components;
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.remove(handlerInfo);
+
+      let prefs = Cc["@mozilla.org/preferences-service;1"]
+                    .getService(Ci.nsIPrefService);
+      let prefBranch = prefs.getBranch("browser.download.");
+
+      const prefKeys = ["dir", "useDownloadDir", "folderList",
+                        "manager.closeWhenDone", "manager.showWhenStarting"];
+      for (let prefKey of prefKeys) {
+        if (prefBranch.prefHasUserValue(prefKey)) {
+          prefBranch.clearUserPref(prefKey);
+        }
+      }
+    });
+  };
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
new file mode 100644
index 000000000..ec2b8590a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>No content image doesn't break security</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "broken");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
new file mode 100644
index 000000000..b95cfcf65
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src replace</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  SimpleTest.expectAssertions(0, 4);
+
+  // Clear the default onload assigned to test start because we must
+  // wait for replaced image to load and only after that test the security state
+  var onLoadFunction = window.onload;
+  window.onload = function()
+  {
+    let img1 = document.getElementById("img1");
+    img1.addEventListener("load", onLoadFunction, false);
+    img1.src = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+  };
+
+  function runTest()
+  {
+    isSecurityState("secure", "secure");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="img1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
new file mode 100644
index 000000000..51a13a4b8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 477118</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure", "data <img> doesn't break security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "still secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1wAADdcBQiibeAAAAAd0SU1FB9kBDxIAOdxBIbcAAAI+SURBVDjLxZO7TxRhFMV/M/PN7EPYhS02yytggo+ERAgxERsNhYnGzsQojaHT3r9F0cTaUjs6NUQLBRKDi4I8FEwkLMgO+5rdeX3XAoVYiZWnP797cu69Bv8gqZ+0QTqIdRpl1VHGvnV884CJwQgwicVtoB/ku/H4ycOnURgP/Q1g21Fw4+r0RjbbNmaq4ayO35UkXp9S2UzHxK2bE4QNl82FVwD0D49jn+hERBCRgwTiIX7pvGUGYF/BlO327d3ENfV7wuL0AyjPICIsfPvAmev3qdVqlMtlCoUCGxurDPT1kEnPomQKkRTFpXOjh4DN4kvGLuSJ/JC38y/ouXyXYrGIiBDHMVtbu1SrvXTlbfp6HcQcoVwp5hRAaWedPXFYfL+E1lAKswSRy+joKEEQICLkcjm01hiGgRcksW0b4SMKYHb+OSt6ma+VffxWRF3S5OeeMX7pHkqpwy5EBK31H90ogFODF1lbm8OtlEhloDORpbdnhDAMaTabhwbbtkkkEkRRhGVZR4BCfojJO4+o1VwQAItEIolpmliWRVtbG7s/dlDKotGo47U8CvkuAEwA3/eJoxhE0WyGuO4+nucRBAHVahXDMKg3agRhQBAGVKsVtNZHCRzHwTAMcrnc0eX9it3e3g7A6cGzhx0AKHWwQOV5jdXXb2ZOaa3BOP5ffF5ZptVqflG+3xpbWv5kh2FolEo7dnmv7Lium6zXG0nf95MiguM4QTqd9jPZTCvX2eF393QHqVRKZ7KZkP+unzPGLX8Jr7F8AAAAAElFTkSuQmCC" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
new file mode 100644
index 000000000..523b97f59
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 521461</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  loadAsInsecure = true;
+
+  function runTest()
+  {
+    window.location = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs";
+    window.setTimeout(function() {
+      isSecurityState("insecure", "location.href doesn't effect the security state");
+      is(document.body.innerHTML, "This is an unsecure page!", "Document has not changed content");
+      finish();
+    }, 1000);
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("insecure", "still not secure after navigation");
+    is(document.body.innerHTML, "This is an unsecure page!", "Document has not changed content");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>This is an unsecure page!</body></html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
new file mode 100644
index 000000000..72046e032
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS :before styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+  <style type="text/css">
+    p:before
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p>
+    There is a moon surface left to this text
+  </p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
new file mode 100644
index 000000000..364d652f4
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <style type="text/css">
+    p
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
new file mode 100644
index 000000000..c57410b74
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 2</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  if (navigator.platform.startsWith("Mac")) {
+    SimpleTest.expectAssertions(0, 1);
+  }
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.getElementById("para").style.content =
+      "url('http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg')";
+
+    waitForSecurityState("broken", function()
+    {
+      isSecurityState("broken", "insecure content added by styling breaks security");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("para").style.content, "");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p id="para"></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
new file mode 100644
index 000000000..64eec0890
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<img src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> written dynamically breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  document.write(
+    "<img src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
new file mode 100644
index 000000000..41878d292
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<iframe src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure iframe written dynamically breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  document.write(
+    "<iframe src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html'></iframe>");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
new file mode 100644
index 000000000..4f7305f41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    window.setTimeout(function() {
+      // Don't do this synchronously from onload handler
+      document.getElementById("image1").src =
+        "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+    }, 0);
+
+    waitForSecurityState("broken", function()
+    {
+      isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
new file mode 100644
index 000000000..7dbfdf4da
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -0,0 +1,49 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>unsecure XHR test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    window.setTimeout(() => {
+      try {
+        let req = new XMLHttpRequest();
+        req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
+        req.send(null);
+
+        // Change should be immediate, the request was sent synchronously
+        isSecurityState("broken", "security broken after insecure XHR");
+      } catch (ex) {
+        ok(false, ex);
+      }
+
+      finish();
+    }, 0);
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
new file mode 100644
index 000000000..6d06f1a64
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>body.background changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.body.background =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    waitForSecurityState("broken", function () {
+      isSecurityState("broken", "document.body.background='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.body.background,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "document backround secure again");
+    isSecurityState("secure", "secure after re-navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
new file mode 100644
index 000000000..f846f8919
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>iframe.src changes to unsecure redirect test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    let self = window;
+    let iframe = document.getElementById("iframe1");
+    iframe.onload = function() {
+      self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      self.finish();
+    };
+
+    iframe.src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs";
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe id="iframe1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
new file mode 100644
index 000000000..cbb5dccf8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.getElementById("image1").src =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    window.setTimeout(function() {
+      isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
new file mode 100644
index 000000000..64a7a4abe
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  (new Image()).src =
+    "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+  function runTest()
+  {
+    isSecurityState("broken", "(new Image()).src='http://...' changed to broken");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
new file mode 100644
index 000000000..c1af7b29d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure redirect test</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.getElementById("image1").src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs";
+
+    window.setTimeout(function() {
+      isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
new file mode 100644
index 000000000..5e408b2aa
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+
+    window.setTimeout(function () {
+      document.getElementById("buddy").innerHTML =
+        "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+    }, 1);
+
+    waitForSecurityState("broken", function () {
+      isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
+    isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
new file mode 100644
index 000000000..ff3592542
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+
+    document.getElementById("buddy").innerHTML =
+      "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+
+    window.setTimeout(function() {
+      isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
+    isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
new file mode 100644
index 000000000..1efbe4d73
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure", "javascript: <img> should not break security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "Still secure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="javascript:'Random data'" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
new file mode 100644
index 000000000..cd9f1d0d7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>All secure anti-regression check</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // Navigation test goes over an insecure page, test state leak
+  navigateToInsecure = true;
+
+  function runTest()
+  {
+    isSecurityState("secure", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs" />
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
new file mode 100644
index 000000000..96ef9a3c7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  loadAsInsecure = true;
+
+  function runTest()
+  {
+    isSecurityState("insecure", "left insecure");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("insecure", "left insecure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
new file mode 100644
index 000000000..0f741f9b8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>background unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  function runTest()
+  {
+    isSecurityState("broken", "security broken");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
new file mode 100644
index 000000000..19d1379ea
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure css load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
new file mode 100644
index 000000000..dd4bd2d8f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
new file mode 100644
index 000000000..cdd59ce15
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
new file mode 100644
index 000000000..288526437
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    window.setTimeout(function()
+    {
+      isSecurityState("broken", "insecure meta-tag <iframe> load breaks security");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    window.setTimeout(function()
+    {
+      isSecurityState("broken", "security still broken after navigation");
+      finish();
+    }, 500);
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html"></iframe>
+</body>
+</html>
+ 
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
new file mode 100644
index 000000000..1095c769f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs"></iframe>
+</body>
+</html>
+ 
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
new file mode 100644
index 000000000..dc18efa29
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
new file mode 100644
index 000000000..5d02de95c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
@@ -0,0 +1,21 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  openTwoWindows = true;
+  testPage = "unsecurePictureDup.html";
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
new file mode 100644
index 000000000..2ece07342
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img in iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> in an <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
new file mode 100644
index 000000000..a796b41b5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Redirect from secure to unsecure img</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
new file mode 100644
index 000000000..228267741
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
new file mode 100644
index 000000000..f53fb4830
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/moz.build b/security/manager/ssl/tests/mochitest/moz.build
new file mode 100644
index 000000000..05c6b7906
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/moz.build
@@ -0,0 +1,11 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TEST_DIRS += [
+    'browser',
+    'mixedcontent',
+    'stricttransportsecurity',
+]
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js b/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js
new file mode 100644
index 000000000..74b7a1a07
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js
@@ -0,0 +1,9 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  // mochitest-chrome tests also exist in this directory, but don't appear to
+  // use anything not also available to plain mochitests. Since plain mochitests
+  // are the majority, we take the safer option and only extend the
+  // mochitest-plain eslintrc file.
+  "extends": "../../../../../../testing/mochitest/mochitest.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini b/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini
new file mode 100644
index 000000000..b2ce8fef0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini
@@ -0,0 +1,6 @@
+[DEFAULT]
+tags = psm
+skip-if = os == 'android'
+support-files = page_blank.html
+
+[test_sts_privatebrowsing_perwindowpb.html]
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini b/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini
new file mode 100644
index 000000000..100f45840
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini
@@ -0,0 +1,13 @@
+[DEFAULT]
+tags = psm
+support-files =
+  nosts_bootstrap.html
+  nosts_bootstrap.html^headers^
+  plain_bootstrap.html
+  plain_bootstrap.html^headers^
+  subdom_bootstrap.html
+  subdom_bootstrap.html^headers^
+  verify.sjs
+
+[test_stricttransportsecurity.html]
+skip-if = toolkit == 'android' #TIMED_OUT
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build b/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build
new file mode 100644
index 000000000..cd73f7716
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build
@@ -0,0 +1,10 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ['mochitest.ini']
+
+MOCHITEST_CHROME_MANIFESTS += ['chrome.ini']
+
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html
new file mode 100644
index 000000000..f9b0f9381
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html
@@ -0,0 +1,26 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>STS test iframe</title>
+    <script>
+      "use strict";
+      let windowRef = window;
+      window.addEventListener("load", function() {
+        windowRef.parent.postMessage("BOOTSTRAP plain",
+                                     "http://mochi.test:8888");
+      }, false);
+    </script>
+  </head>
+  <body>
+    <!-- This frame should be loaded over HTTPS to set the STS header. -->
+    This frame was loaded using 
+    <script>
+      document.write(document.location.protocol);
+    </script>
+    and set the STS header to force this site and allow subdomain upgrading.
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^
new file mode 100644
index 000000000..9e23c73b7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^
@@ -0,0 +1 @@
+Cache-Control: no-cache
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html
new file mode 100644
index 000000000..db5d31a96
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html
@@ -0,0 +1,5 @@
+<html>
+<body>
+  PAGE BLANK
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html
new file mode 100644
index 000000000..f9b0f9381
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html
@@ -0,0 +1,26 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>STS test iframe</title>
+    <script>
+      "use strict";
+      let windowRef = window;
+      window.addEventListener("load", function() {
+        windowRef.parent.postMessage("BOOTSTRAP plain",
+                                     "http://mochi.test:8888");
+      }, false);
+    </script>
+  </head>
+  <body>
+    <!-- This frame should be loaded over HTTPS to set the STS header. -->
+    This frame was loaded using 
+    <script>
+      document.write(document.location.protocol);
+    </script>
+    and set the STS header to force this site and allow subdomain upgrading.
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^
new file mode 100644
index 000000000..a46bf65bd
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^
@@ -0,0 +1,2 @@
+Cache-Control: no-cache
+Strict-Transport-Security: max-age=60
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html
new file mode 100644
index 000000000..24a364158
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html
@@ -0,0 +1,26 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>STS test iframe</title>
+    <script>
+      "use strict";
+      let windowRef = window;
+      window.addEventListener("load", function() {
+        windowRef.parent.postMessage("BOOTSTRAP subdom",
+                                     "http://mochi.test:8888");
+      }, false);
+    </script>
+  </head>
+  <body>
+    <!-- This frame should be loaded over HTTPS to set the STS header. -->
+    This frame was loaded using 
+    <script>
+      document.write(document.location.protocol);
+    </script>
+    and set the STS header to force this site and allow subdomain upgrading.
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^
new file mode 100644
index 000000000..e54fc6a1d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^
@@ -0,0 +1,2 @@
+Cache-Control: no-cache
+Strict-Transport-Security: max-age=60; includeSubDomains
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
new file mode 100644
index 000000000..675688638
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
@@ -0,0 +1,120 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>opens additional content that should be converted to https</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  SimpleTest.waitForExplicitFinish();
+
+  const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
+
+  // initialized manually here
+  var testsleft = {'plain': 4, 'subdom': 4};
+  var roundsLeft = 2;
+
+  var testframes = {
+    'samedom':
+      {'url':     "http://example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
+    'subdom':
+      {'url':     "http://test1.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE', 'subdom': 'SECURE'}},
+    'otherdom':
+      {'url':     "http://example.org" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE', 'subdom': 'INSECURE'}},
+    'alreadysecure':
+      {'url':     "https://test2.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
+  };
+
+  function startRound(round) {
+    let frame = document.createElement("iframe");
+    frame.setAttribute('id', 'ifr_bootstrap');
+    frame.setAttribute('src', "https://example.com" + STSPATH + "/" + round + "_bootstrap.html");
+    document.body.appendChild(frame);
+  }
+
+  function endRound(round) {
+    // remove all the iframes in the document
+    document.body.removeChild(document.getElementById('ifr_bootstrap'));
+    for (let test in testframes) {
+      document.body.removeChild(document.getElementById('ifr_' + test));
+    }
+
+    // clean up the STS state
+    SpecialPowers.cleanUpSTSData("http://example.com");
+  }
+
+  function loadVerifyFrames(round) {
+    for (let test in testframes) {
+      let frame = document.createElement("iframe");
+      frame.setAttribute('id', 'ifr_' + test);
+      frame.setAttribute('src', testframes[test].url + '?id=' + test);
+      document.body.appendChild(frame);
+    }
+  }
+
+  /* Messages received are in this format:
+   *  (BOOTSTRAP|SECURE|INSECURE) testid
+   * For example: "BOOTSTRAP plain"
+   *          or: "INSECURE otherdom"
+   */
+  function onMessageReceived(event) {
+    let result = event.data.split(/\s+/);
+    if (result.length != 2) {
+      SimpleTest.ok(false, event.data);
+      return;
+    }
+
+    // figure out which round of tests we're in
+    let round = (roundsLeft == 2) ? "plain" : "subdom";
+
+    if (result[0] === "BOOTSTRAP") {
+      loadVerifyFrames(round);
+      return;
+    }
+
+    // check if the result (SECURE/INSECURE) is expected for this round/test combo
+    SimpleTest.is(result[0], testframes[result[1]].expected[round],
+                  "in ROUND " + round + ", test " + result[1]);
+    testsleft[round]--;
+
+    // check if there are more tests to run.
+    if (testsleft[round] < 1) {
+      // if not, advance to next round
+      endRound(round);
+      roundsLeft--;
+
+      // defer this so it doesn't muck with the stack too much.
+      if (roundsLeft == 1) {
+        setTimeout(function () {
+          startRound("subdom");
+        }, 0);
+      }
+    }
+
+    if (roundsLeft < 1) {
+      SimpleTest.finish();
+    }
+  }
+
+  // listen for calls back from the sts-setting iframe and then
+  // the verification frames.
+  window.addEventListener("message", onMessageReceived, false);
+  window.addEventListener("load", () => { startRound("plain"); }, false);
+  </script>
+</head>
+
+<body>
+  This test will load some iframes and do some tests.
+
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
new file mode 100644
index 000000000..882030b67
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
@@ -0,0 +1,275 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>opens additional content that should be converted to https</title>
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css"
+        href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // We define |content| as a global as a hack to prevent use of |content|
+  // inside a ContentTask tripping ESLint no-undef checks.
+  /* global content */
+
+  SimpleTest.waitForExplicitFinish();
+
+  const Cc = Components.classes;
+  const Ci = Components.interfaces;
+  const Cu = Components.utils;
+  const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
+  const NUM_TEST_FRAMES = 4;
+  const CONTENT_PAGE =
+    "http://mochi.test:8888/chrome/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html";
+
+  Cu.import("resource://testing-common/BrowserTestUtils.jsm");
+  Cu.import("resource://testing-common/ContentTask.jsm");
+  Cu.import("resource://gre/modules/Task.jsm");
+
+  // This is how many sub-tests (testframes) in each round.
+  // When the round begins, this will be initialized.
+  var testsleftinround = 0;
+  var currentround = "";
+  var mainWindow =
+    window.QueryInterface(Ci.nsIInterfaceRequestor).
+    getInterface(Ci.nsIWebNavigation).QueryInterface(Ci.nsIDocShellTreeItem).
+    rootTreeItem.QueryInterface(Ci.nsIInterfaceRequestor).
+    getInterface(Ci.nsIDOMWindow);
+
+  SpecialPowers.Services.prefs.setIntPref("browser.startup.page", 0);
+
+  var testframes = {
+    'samedom':
+      {'url':     "http://example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE',
+                     'subdom': 'SECURE',
+                     'nosts': 'INSECURE'}},
+    'subdom':
+      {'url':     "http://test1.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE',
+                     'subdom': 'SECURE',
+                     'nosts': 'INSECURE'}},
+    'otherdom':
+      {'url':     "http://example.org" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE',
+                     'subdom': 'INSECURE',
+                     'nosts': 'INSECURE'}},
+    'alreadysecure':
+      {'url':     "https://test2.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE',
+                     'subdom': 'SECURE',
+                     'nosts': 'SECURE'}},
+  };
+
+  function whenDelayedStartupFinished(aWindow, aCallback) {
+    SpecialPowers.Services.obs.addObserver(function observer(aSubject, aTopic) {
+      if (aWindow == aSubject) {
+        SpecialPowers.Services.obs.removeObserver(observer, aTopic);
+        SimpleTest.executeSoon(aCallback);
+      }
+    }, "browser-delayed-startup-finished", false);
+  }
+
+  function testOnWindow(aIsPrivate, aCallback) {
+    let win = mainWindow.OpenBrowserWindow({private: aIsPrivate});
+
+    Task.spawn(function* () {
+      yield new Promise(resolve => whenDelayedStartupFinished(win, resolve));
+
+      let browser = win.gBrowser.selectedBrowser;
+      yield BrowserTestUtils.loadURI(browser, CONTENT_PAGE);
+      yield BrowserTestUtils.browserLoaded(browser);
+
+      aCallback(win);
+    });
+  }
+
+  function startRound(win, isPrivate, round) {
+    currentround = round;
+    testsleftinround = NUM_TEST_FRAMES;
+    SimpleTest.info("TESTS LEFT IN ROUND " + currentround + ": " + testsleftinround);
+
+    let browser = win.gBrowser.selectedBrowser;
+    let src = "https://example.com" + STSPATH + "/" + round + "_bootstrap.html";
+
+    ContentTask.spawn(browser, src, function* (contentSrc) {
+      let frame = content.document.createElement("iframe");
+      frame.setAttribute('id', 'ifr_bootstrap');
+      frame.setAttribute('src', contentSrc);
+
+      return new Promise(resolve => {
+        frame.addEventListener("load", resolve);
+        content.document.body.appendChild(frame);
+      });
+    }).then(() => {
+      onMessageReceived(win, isPrivate, "BOOTSTRAP " + round);
+    });
+  }
+
+  function loadVerifyFrames(win, isPrivate, round) {
+    loadVerifyFrame(win, isPrivate, testframes.samedom, 'samedom', function() {
+      loadVerifyFrame(win, isPrivate, testframes.subdom, 'subdom', function() {
+        loadVerifyFrame(win, isPrivate, testframes.otherdom, 'otherdom', function() {
+          loadVerifyFrame(win, isPrivate, testframes.alreadysecure, 'alreadysecure');
+        });
+      });
+    });
+  }
+
+  function loadVerifyFrame(win, isPrivate, test, testName, aCallback) {
+    let id = 'ifr_' + testName;
+    let src = test.url + '?id=' + testName;
+    let browser = win.gBrowser.selectedBrowser;
+
+    ContentTask.spawn(browser, [id, src], function* ([contentId, contentSrc]) {
+      let frame = content.document.createElement("iframe");
+      frame.setAttribute('id', contentId);
+      frame.setAttribute('src', contentSrc);
+
+      return new Promise(resolve => {
+        frame.addEventListener("load", () => {
+          resolve(frame.contentDocument.location.protocol);
+        });
+
+        content.document.body.appendChild(frame);
+      });
+    }).then(scheme => {
+      if (scheme == 'https:') {
+        onMessageReceived(win, isPrivate, "SECURE " + testName);
+      } else {
+        onMessageReceived(win, isPrivate, "INSECURE " + testName);
+      }
+
+      if (aCallback) {
+        aCallback();
+      }
+    });
+  }
+
+  /**
+   * Messages received are in this format:
+   *  (BOOTSTRAP|SECURE|INSECURE) testid
+   * For example: "BOOTSTRAP subdom"
+   *          or: "INSECURE otherdom"
+   */
+  function onMessageReceived(win, isPrivate, data) {
+    let result = data.split(/\s+/);
+    if (result.length != 2) {
+      SimpleTest.ok(false, data);
+      return;
+    }
+
+    if (result[0] === "BOOTSTRAP") {
+      loadVerifyFrames(win, isPrivate, currentround);
+      return;
+    }
+
+    // check if the result (SECURE/INSECURE) is expected for this round/test
+    // combo
+    dump_STSState(isPrivate);
+    SimpleTest.is(result[0], testframes[result[1]].expected[currentround],
+                             "in ROUND " + currentround +
+                             ", test " + result[1]);
+    testsleftinround--;
+
+    // if this round is complete...
+    if (testsleftinround < 1) {
+      SimpleTest.info("DONE WITH ROUND " + currentround);
+      // remove all the iframes in the document
+      let browser = win.gBrowser.selectedBrowser;
+      ContentTask.spawn(browser, testframes, function* (contentTestFrames) {
+        content.document.body.removeChild(
+          content.document.getElementById('ifr_bootstrap'));
+        for (let test in contentTestFrames) {
+          content.document.body.removeChild(
+            content.document.getElementById('ifr_' + test));
+        }
+      }).then(() => {
+        currentround = "";
+
+        if (!isPrivate) {
+          clean_up_sts_state(isPrivate);
+        }
+        // Close test window.
+        win.close();
+        // And advance to the next test.
+        // Defer this so it doesn't muck with the stack too much.
+        SimpleTest.executeSoon(nextTest);
+      });
+    }
+  }
+
+  function test_sts_before_private_mode() {
+    testOnWindow(false, function(win) {
+      SimpleTest.info("In public window");
+      dump_STSState(false);
+      startRound(win, false, 'plain');
+    });
+  }
+
+  function test_sts_in_private_mode() {
+    testOnWindow(true, function(win) {
+      SimpleTest.info("In private window");
+      dump_STSState(true);
+      startRound(win, true, 'subdom');
+    });
+  }
+
+  function test_sts_after_exiting_private_mode() {
+    testOnWindow(false, function(win) {
+      SimpleTest.info("In a new public window");
+      dump_STSState(false);
+      startRound(win, false, 'nosts');
+    });
+  }
+
+  function clean_up_sts_state(isPrivate) {
+    // erase all signs that this test ran.
+    SimpleTest.info("Cleaning up STS data");
+    let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
+    SpecialPowers.cleanUpSTSData("http://example.com", flags);
+    dump_STSState(isPrivate);
+  }
+
+  function dump_STSState(isPrivate) {
+    let sss = Cc["@mozilla.org/ssservice;1"]
+                .getService(Ci.nsISiteSecurityService);
+    let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
+    SimpleTest.info("State of example.com: " + sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "example.com", flags));
+  }
+
+  // These are executed in the order presented.
+  // 0.  test that STS works before entering private browsing mode.
+  //     (load sts-bootstrapped "plain" tests)
+  //  ... clear any STS data ...
+  // 1.  test that STS works in private browsing mode
+  //     (load sts-bootstrapped "subdomain" tests)
+  // 2.  test that after exiting private browsing, STS data is forgotten
+  //     (verified with non-sts-bootstrapped pages)
+  //  ... clear any STS data ...
+  var tests = [
+    test_sts_before_private_mode,
+    test_sts_in_private_mode,
+    test_sts_after_exiting_private_mode
+  ];
+
+  function finish() {
+    SpecialPowers.Services.prefs.clearUserPref("browser.startup.page");
+    SimpleTest.finish();
+  }
+  function nextTest() {
+    SimpleTest.executeSoon(tests.length ? tests.shift() : finish);
+  }
+  window.addEventListener('load', nextTest, false);
+  </script>
+</head>
+
+<body>
+  This test will load some iframes and do some tests.
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs b/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs
new file mode 100644
index 000000000..e5e4eb5f6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// SJS file that serves un-cacheable responses for STS tests that postMessage
+// to the parent saying whether or not they were loaded securely.
+
+function handleRequest(request, response)
+{
+  var query = {};
+  request.queryString.split('&').forEach(function (val) {
+      var [name, value] = val.split('=');
+      query[name] = unescape(value);
+  });
+
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Content-Type", "text/html", false);
+
+  if ('id' in query) {
+    var outstr = [
+       " <!DOCTYPE html>",
+       " <html> <head> <title>subframe for STS</title>",
+       " <script type='text/javascript'>",
+       " var self = window;",
+       " window.addEventListener('load', function() {",
+       "     if (document.location.protocol === 'https:') {",
+       "       self.parent.postMessage('SECURE " + query['id'] + "',",
+       "                               'http://mochi.test:8888');",
+       "     } else {",
+       "       self.parent.postMessage('INSECURE " + query['id'] + "',",
+       "                               'http://mochi.test:8888');",
+       "     }",
+       "   }, false);",
+       "   </script>",
+       "   </head>",
+       " <body>",
+       "   STS state verification frame loaded via",
+       " <script>",
+       "   document.write(document.location.protocol);",
+       " </script>",
+       " </body>",
+       " </html>"].join("\n");
+    response.write(outstr);
+  } else {
+    response.write("ERROR: no id provided");
+  }
+}
diff --git a/security/manager/ssl/tests/moz.build b/security/manager/ssl/tests/moz.build
new file mode 100644
index 000000000..e7c06c21e
--- /dev/null
+++ b/security/manager/ssl/tests/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ['unit']
+
+TEST_DIRS += [
+    'gtest',
+    'mochitest',
+]
+
+XPCSHELL_TESTS_MANIFESTS += ['unit/xpcshell.ini']
+
+if not CONFIG['MOZ_NO_SMART_CARDS']:
+    XPCSHELL_TESTS_MANIFESTS += ['unit/xpcshell-smartcards.ini']
diff --git a/security/manager/ssl/tests/unit/.eslintrc.js b/security/manager/ssl/tests/unit/.eslintrc.js
new file mode 100644
index 000000000..1f96e7821
--- /dev/null
+++ b/security/manager/ssl/tests/unit/.eslintrc.js
@@ -0,0 +1,5 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "extends": "../../../../../testing/xpcshell/xpcshell.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem
new file mode 100644
index 000000000..62406aaac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUaauScBIwFX7ueYmCXknl2gMYElAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowJjEkMCIGA1UEAwwbRUUgd2l0aCBiYWQgc3ViamVjdEFsdE5hbWVz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABox4wHDAaBgNVHREEEzARgg8qLiouZXhhbXBsZS5jb20wCwYJKoZIhvcN
+AQELA4IBAQBQsZKhZe/1VkfifLqD4bni/7VY8xfXQO4DDu9HSkFmeJOhaIzfdQls
+q4LN+HVuJcJQZD1ni24UbJib+Jh8cbuzRA8l6w+PUBB6XPeF8BfYDkSbDoIYxj6h
+OclX4HInco4O4Ul+1K0u7qF9xtMYK+xaAZqiEzU638nW2n5EWV8v7y5dJsmx7rz3
+s7boQNkjgZo7R0Lw5Z8zzKYE0jVp+dRztP/f0X9uG6YW3thFIfHbewXBKP1kiIv6
+jymQMdcdnc+LhtM5/+KJcCstGA1YUaZ7pNkU7/KyB0Ch1m+b40EOSnZKelUFkmvp
+yaMC1hUND9LZjKwnGKNwuF5HR4OX/w0g
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
new file mode 100644
index 000000000..1b368c26f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:EE with bad subjectAltNames
+extension:subjectAlternativeName:*.*.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem
new file mode 100644
index 000000000..ffb961c45
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJzCCAhGgAwIBAgIUdXLIuQ4fxP+03n9N/HH0ZlV0c7owCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMTk0NjAyMTQwMDAwMDBaGA8yMDMxMDEw
+MTAwMDAwMFowLDEqMCgGA1UEAwwhQmVmb3JlIFVOSVggRXBvY2ggVGVzdCBFbmQt
+ZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB
+/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRx
+CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC
+OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm
+Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz
+ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD
+rNoYCjXtjQIDAQABo1swWTAjBgNVHREEHDAaghhiZWZvcmUtZXBvY2guZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAgkj+Gwj2oJbjTvT8ivsSVfs1XHg6
+VOkPc8+DvFUY9l+lffyGUf8JQV0HuHHWOdPkSNAthqCYvsvzn1p21OFVo8EB7f5/
+mCz+u/YiWDDDjRfIYPUxvKIL4qqz+1dW3YcYOCG7luyNgajR9M9ivHGh7pX23Loa
+726oYYXWaY0KU2/CkLWLSvrdbcEiw/mUMrpKa7H2Zh0OVg6pcL1LNlUTGOWoyl9X
+u50M4iKLlb1wHiBTqXskKu6lM3yob6fVQ53S6Q6vKPsmD0hiKzGP5k8NLp5m0tHm
+a18x76ggEprPxGI3XXOCejGBbBIdswEX+WA904jMRwrrbLXxXLKSG72UKg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
new file mode 100644
index 000000000..ac97b2231
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Before UNIX Epoch Test End-entity
+validity:19460214-20310101
+extension:subjectAlternativeName:before-epoch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem
new file mode 100644
index 000000000..62ddea52a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdWgAwIBAgIUewecPPOfV1pIxDqNQZDAK7WnmikwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMTk0NjAyMTQwMDAwMDBaGA8yMDMxMDEw
+MTAwMDAwMFowLjEsMCoGA1UEAwwjQmVmb3JlIFVOSVggRXBvY2ggVGVzdCBJbnRl
+cm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsG
+CSqGSIb3DQEBCwOCAQEAZOcbi3DKkzazT2A2ZlqHdeY7tgVL8fiQnPvzfYpNgB+R
+pM3gkZRagkliv8o0ZKlkaoLDula6Q5Rhe2hY2+PSQNi/BkDdg/ituWOnH2ruX8Dm
+cWFFWJfGehf12dpJWhW+lovgQvbUmAVeMKMDfNIHgGZmwdVarYTN4LV7uu1abtIP
+mxFLc8x2CkGk9XQJXbts3cLwtZJiqAdMCuX5P4fmnLkaFAw+Vs+6aLBLOOD5WMF9
+vqwTRPDedtG+xmOhZ+J0YijRRfm4go5gCZj3XF3RgA35V7A/i3MCX2jPRfXDRywV
+8bsqZlIgILgdm4YCHlXpF9aqHJxz9AMKZs3Wk8mu7Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
new file mode 100644
index 000000000..835e63f2b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Before UNIX Epoch Test Intermediate
+validity:19460214-20310101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem
new file mode 100644
index 000000000..c234f9365
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVjCCAkCgAwIBAgIUHY/2g5fyvV2MONrnjGi3fWc83j0wCwYJKoZIhvcNAQEL
+MC4xLDAqBgNVBAMMI0JlZm9yZSBVTklYIEVwb2NoIFRlc3QgSW50ZXJtZWRpYXRl
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDgxNjA0BgNVBAMM
+LVRlc3QgRW5kLWVudGl0eSB3aXRoIEJlZm9yZSBVTklYIEVwb2NoIGlzc3VlcjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaNiMGAwKgYDVR0RBCMwIYIfYmVmb3JlLWVwb2NoLWlzc3Vlci5leGFtcGxl
+LmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhv
+c3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAAYmpIy15lrWSrorG+HfjZNckhAsCG
+1BOVYRr+s1Zks4wj1aMXFSzblgNgdRuZA20TkRfJKw40cyuNLfm5DhKZUbo+0LAN
+jthu2cHFBaQn+XV6xMb2tEKTU8rBqzAYIAnmEIlLukYQBVICL9tirC1JJhqe1/S8
+U139izFYNnSqNmss2cJOuI4VM7B951v1h4mQYfcX1Sv27qWaKBK7k9fKBWWE0DCX
+YR1nB4RlI+92ncTOwbjtXR92gqR/z1wGDOPj/0VNNUn4SKo5Xif9TqXh4LhnY9fD
+HgoZSMDxftXou1MjN0cWnIP6QMyLfg2kSN0vnQpVle6KgsxpfrgLiMoU
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
new file mode 100644
index 000000000..9aabe2162
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Before UNIX Epoch Test Intermediate
+subject:Test End-entity with Before UNIX Epoch issuer
+extension:subjectAlternativeName:before-epoch-issuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem
new file mode 100644
index 000000000..ae40112c3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAiugAwIBAgIUBUmy5jtGrDso26TeIelwmtF+KFAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBJbnRlcm1lZGlhdGUgdXNlZCBhcyBF
+bmQtRW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo3IwcDAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYw
+JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAsBgNVHREEJTAj
+giFjYS11c2VkLWFzLWVuZC1lbnRpdHkuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEL
+A4IBAQApr3pPS4uWz6oPEhrTO73K+JTP2VRTKgtbooPhOZ6tCRz75P729RzVOEZF
+Vf87VSFTTXUdG5Q6+SDNuCdDuyyPR4q38s+8jgv3OVfsEbhPuSx73pLAzYg727Ip
+U2ROGoVysc3JrUfwPZSvQ/i4iqdb2sVwtqR5LM1nApy5+p6Ef8cwjfm9qsdrHlnx
+3VdiioEOp+8SKH5rzfZe+1jepRODlqvFEO9gFbaqjHLzL005xAcfpsZPH5JzDhqD
+g4QiIFlm+wwQ9pTBpk1ZmbgDyk4frrxughFsbR4zDDTfJCREa5RlwH34xOkx/cTu
+ee/qZzerx61VI88GvLK87eX2ZiH1
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
new file mode 100644
index 000000000..8e16705b5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate used as End-Entity
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:ca-used-as-end-entity.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key b/security/manager/ssl/tests/unit/bad_certs/default-ee.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem
new file mode 100644
index 000000000..0a9eaebb5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm+gAwIBAgIUNRvpOhsDHEYbRf6bsiAPbvKe2VAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHH
+MIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbYIVKi5waW5u
+aW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4
+YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUu
+Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z
+dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAH6+Qe/y1TTCx2w6f31VWp5lcizPkS8s
+ODfbgT9pKYqqvYDeiDu3q8SLGHTTsHWWewBCu5Jd0mXPXfZ4FEHcwbVJZUZBvQVr
+1aNBCriuzhNUyfjkvfCgM4OuxgNwjbihGDE8VzfxTiz8mDN0AgACCZaUTQnybQc0
+SW+ldxspBgQJom0tkZ+TGi80L3/5P5J2+7AchxhAZzQmebDnxNYDZXCJH8w15was
+OzM5BrQzz3vuxupO7lsRzZIzAU+uQD4bjcMpz3oMdj3/0lb0HZGMdU22Ub36PvLC
+6mYbTtf0IS5TVyLnbCNeliE6zoPnQPBzAUfoOeD1Tn6HQUQUT8oTf2E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
new file mode 100644
index 000000000..554339ff5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem
new file mode 100644
index 000000000..08c574fd1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgugAwIBAgIURex/TuOH9TNqma6czhjn0gJqzqwwCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD1Rlc3QgRW5kLWVudGl0eTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNFRSBJc3N1ZWQgYnkgbm9uLUNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABo1swWTAjBgNVHREEHDAagglsb2NhbGhvc3SCDSouZXhhbXBsZS5jb20w
+MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4
+ODgvMAsGCSqGSIb3DQEBCwOCAQEAnLI+egtdtaCj/pGgINrEi98m6gvK+wANDhDS
+RhX2IztG/xuLCXIEcecjl2ifppklo6BnGqMebuLxndygkEGXiuvTvAbtd8Ac3s7O
+Cln/JW3OOBs6a3UJJeo1rpADn5F7tSXJshnVFNshZlXACnb25JIvKKIZwEhNKCmz
+whfX5xVW7RumZ5I4BYrE16YkQKQ9Fc7orioPbcTfH/zmoBBseMFi9UHCsI/u6P2/
+2DpdD2hlld/Cy0cEzb8IJFnx1CYIpfKCP2OZR+YEn8i1P6WwEyYy47YlFmZGkVmQ
+t1zEXNWT6xdW9+jREoyvl2pb/4BzQDzUhUg6P1jbFqHKtBgFqg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
new file mode 100644
index 000000000..63c36d34b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test End-entity
+subject:EE Issued by non-CA
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem
new file mode 100644
index 000000000..e24448493
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUWdJEDrMcdJcIJoGstXeNPWoUzCcwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1YxIENlcnQwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowHzEdMBsGA1UEAwwURUUgSXNzdWVkIGJ5IFYxIENlcnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+JzAlMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTALBgkqhkiG
+9w0BAQsDggEBAFlYTwajTjFg0lvULVveYmWQWzPlRjdDi+TM/guuC13D9sDXN9vi
+y5ofPdtqlGo2owjEe8XII/3enZHJqJAk/zDcjVg7ErXoui54K5q6eZGN+6hdhiGB
+iT4TxrHAQXPfkXgLr6AQx0JkIO5G8l/PZDETLkxNMoFssQwb1x2D28LxYhqcGQJY
+A7h8M8kMNZiltGqLUBXdYdmM1IljJb/BlqULV7QbCh8jXsvdP3leIQCRK+vUONcK
+MjnLEzAYhNhRYWkjCBF/Q+qsPlL/aSbkupr6z4lXuCUIPF8TWs8q0V0uwGeOT0MZ
+aWkw8tsi1UYRR9Z5WdTe8l0dYF0G/kpD44Q=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
new file mode 100644
index 000000000..9ed9b33db
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
@@ -0,0 +1,3 @@
+issuer:V1 Cert
+subject:EE Issued by V1 Cert
+extension:subjectAlternativeName:localhost,*.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem
new file mode 100644
index 000000000..719f4e760
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUWcXPQzwjDQvgxBhAb1cUwuJNgfswCwYJKoZIhvcNAQEL
+MAAwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLTErMCkGA1UE
+AwwiRW5kIGVudGl0eSBzaWduZWQgYnkgZW1wdHkgbmFtZSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMqMCgw
+JgYDVR0RBB8wHYIbZW1wdHlpc3N1ZXJuYW1lLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAqbRuhfV+zSaD8FqWMaaX3Q0V08aazNE+xt/4z0E79Ap0LWUs8h2j
+IVC61EsJKrgYMseNd6DqyzhucQYgH1yuyZjb9VC+BuEA/GvcbzxMKr9jf9hMFXvf
+PtyrAPDKbkscfjF1Xpq0nfTld0zxDaa01lZEyY175Ga8OM0oUaOr9tsa/m6d4/qT
+2J1qOus/doyoD8CJB5vOAFjK1C0u4EMmZoayjiOQori61wsmcn6I077Pdwbhi49d
+iuZGc3UU9VBPyQ6CWN5tP2e2OSfT3p1ep/7gb7RJXQXEHksokq53Rg8HM97wQxLi
+134jJOJFJmeq+8pZ9NSTwrA6mo1nLfiPwA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec
new file mode 100644
index 000000000..a99d84b79
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec
@@ -0,0 +1,3 @@
+issuer:
+subject:End entity signed by empty name CA
+extension:subjectAlternativeName:emptyissuername.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem
new file mode 100644
index 000000000..1946feeb1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvTCCAaegAwIBAgIUQYl3Nyjq38ZPBpJZBi8APD7LGXcwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw
+CwYJKoZIhvcNAQELA4IBAQAbXSUfUwpYXLieOce+6P1Sqtcg0nuDf46vmR+1vykN
+sRZNnvsO32PNCh+WgsvJ/Yy6SPS3LKG/NwBK2yH0fiq/b+JPK15cvV/hRkb23ght
+4D1+CZ6hMgirvMDFMk9wb24zUMn1MshHSfed5RM01GCnSTsBUldM93bFaMNlghyH
+AIFz3aj2VTMZvL8XeoytDChfE/RYoI4eFD8O2MPyRCkJ1grN8PmpoU5xdiDIpKIp
+4UK5/SnRnyci6oBpjJTECnboTv0qyfpODr/QBU5iO+8Yg02Uco27fiy5MmcejRg1
+7+pRFfrvBU7DP3uJhGOTKZzsrgsrYK6qSo7zbPyhD8oJ
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec
new file mode 100644
index 000000000..0a7cfdfd8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem
new file mode 100644
index 000000000..dc231eafb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAiGgAwIBAgIUeWc23T2mQmvsb7b3an7jH8J3eAwwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAfMR0wGwYDVQQDDBRldi10ZXN0LWludGVybWVkaWF0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaN5
+MHcwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwRwYIKwYBBQUHAQEEOzA5MDcG
+CCsGAQUFBzABhitodHRwOi8vbG9jYWxob3N0Ojg4ODgvZXYtdGVzdC1pbnRlcm1l
+ZGlhdGUvMBEGA1UdIAQKMAgwBgYEVR0gADALBgkqhkiG9w0BAQsDggEBAHZl5S4d
+aiBNutInbA5t4qjcyhimG10JI70r14ijN5RXNf0TjCJjE1GDCEz3/VGAH+TFMO+c
+6jAKGro2hojGPwnth49D359dMMgppcpRGq+G4paB8PuXcmTlF3slFfDa8KIay4bB
++g2db724ctqtXEHE5/FcmpTNkZftO1lHCEw+O1Sle1Firulo75WivLWyNsOh2znO
++pBQ98oYqb3q+LmKnlFw61cFLcpJ6qOs9d0X0IvGHbh7KL9Hc97orLZ5qH3UsV7k
+Ews3BJjSqjZj75nciNzQUfEAYCK+t/I/tDSgebn/Ka5bVAv0iuglYHQksc4oXVgB
+WIn/SxQDsNphGGQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec
new file mode 100644
index 000000000..d5b585967
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:ev-test-intermediate
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://localhost:8888/ev-test-intermediate/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem
new file mode 100644
index 000000000..7bdcf4d4d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiigAwIBAgIUJ/RiEbbZUXgHnSnds1C7ViloXtQwCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFGV2LXRlc3QtaW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB2V2LXRlc3QwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+fzB9MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2xvY2FsaG9z
+dDo4ODg4L2V2LXRlc3QvMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkB
+MB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQELA4IB
+AQBvoPaWE/YaF3sD+tYoAGdjNDbmQcP8QRhVG8wlIWSAfk9RRbvUbs8RNjdXntYV
+8J4ikq9/ajwHN85rJsRq3054qbqjit2Cn73tVhTzhe/h8xnXjLA357w/jXXXx1lD
+VZKxUvWqTvC9tHPjF3w17A2a1/3OltdLHPfzWF0Zf6Zo4uaaI8x+ayMMF6MCS3ZC
+FM2fNvIW/euVhjtLC3b+++5lMq/ZZCuJGB1kANDsX5LpXSZ23AXNhPrPxvgkmfoB
+TPoBoy2kD814qljp8G8RguNYpaz5wSYXZNROnVBCqafEbE8VlIAwAxWp5H5qN6Et
+F3OoQMb5dBIffK3lNw6UjFaZ
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec
new file mode 100644
index 000000000..10f802258
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev-test-intermediate
+subject:ev-test
+extension:authorityInformationAccess:http://localhost:8888/ev-test/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key b/security/manager/ssl/tests/unit/bad_certs/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem b/security/manager/ssl/tests/unit/bad_certs/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem
new file mode 100644
index 000000000..3c97dc9f3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgKgAwIBAgIUW6mdE/nOX+M5zMEeIHpOn0cOWLgwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMzAxMDEwMDAwMDBaGA8yMDE0MDEw
+MTAwMDAwMFowIjEgMB4GA1UEAwwXRXhwaXJlZCBUZXN0IEVuZC1lbnRpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjVjBUMB4GA1UdEQQXMBWCE2V4cGlyZWQuZXhhbXBsZS5jb20wMgYIKwYBBQUH
+AQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqG
+SIb3DQEBCwOCAQEAsojdWfBBJsaUmPKLdSCOn3/7PMoWE7m1mmKXf2dz+qW4SKWb
+b2cVxoDMzU/AooTDRnrYveB1ir4Ej/e1a7Wjs8iZgHL9udIlQ7Yw7N7EB/Vt6dM8
+yEkwuiCd1XmiEEkUQtRk0DmJxCCyxrFNDGUDt7HOWX+jvbpnULKL9J26ax3exBpk
+J6F7WlmxFynroxHdxFPzxRCC+oUYt1jfvGjASIBl7tMJ/z8wO2ISMLaHpRX8iOIz
+e2bg02Z97zf63lTOtDa3034MUjBxcAuouHjgzKhyWQI0jZlWCeJSnM5MuhDbpiD+
+N3uDz6VBj13PpCGpA1esoM1ojrkQbmvHvWT+3A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
new file mode 100644
index 000000000..0a03bc36f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Expired Test End-entity
+validity:20130101-20140101
+extension:subjectAlternativeName:expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem
new file mode 100644
index 000000000..c6e51c000
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUP/xjJPJw5E0F3vjDGmPIDtk82ggwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8yMDEzMDEw
+MTAwMDAwMFowJDEiMCAGA1UEAwwZRXhwaXJlZCBUZXN0IEludGVybWVkaWF0ZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQEL
+A4IBAQAUWUmrK2X6alxQ6fWuj/3HNONQMipMDk7CQB/MhoWll+7tCHUMxck/QKaC
+1cnI0EY/c/ibX0J/NBm4AO1u3+qHfo5heFana/ybSj1trGEYWXXnDnRFr8SSRSjx
+VATBHBd1m9lckd+zDhLSk/lnYXyzJX8D39yYp2udP0cVGrbCT58aUXHwsEhfQpYY
+LN6xNYLcDCLtkrtZs4uwzFteL4NE8WflIlOTe+2Y/s1RTEzhs0+8avkaLyMzM+MI
+XDiVO3tFcX3ygsb+ndQaIL8vFUhLFEdr8xrjRuFuzbUu9EiR2oKiiNq1gZTyInqz
+S57UfV5LyaUa8mv2qNF2b3/FySXR
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
new file mode 100644
index 000000000..38a0abd8a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Expired Test Intermediate
+validity:20110101-20130101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem
new file mode 100644
index 000000000..ff00cc00b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAiagAwIBAgIUS9fUW0vPRYOaV8nstqC62Y6Qk08wCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGUV4cGlyZWQgVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLjEsMCoGA1UEAwwjVGVzdCBFbmQt
+ZW50aXR5IHdpdGggZXhwaXJlZCBpc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjXDBaMCQGA1UdEQQdMBuC
+GWV4cGlyZWRpc3N1ZXIuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsG
+AQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEA
+alq65e2NhGZhr/ph19pR7V6Tijqwd5ZubfMOQX/kVex5EerZGYWvc31+wBk6nf5r
+0z6MscHAtu/M6kN/obrFoYYro7cWFCBd6GeaSG6aDBqrjT2nnBuZ2TGICRc4h8jM
+274y1x9qzC3/kzXKS0XqeFQmbwJ9eEaqn3m9Kb8jQPbyC+hZyUFatGhcKYbFPaAo
+fdgZL2FQpJ9uG1QsblYQ1ERBvbabN4Y0jg5XFza5nQftFkY6xevmYt7asc+npNkv
+qh2aNL3pmG9E0hXZD5N3LMbndP8rzG6vnBq/6SO2eGtos2AjEVXGypJzFhBGNOfs
+mwNzXXuiatkIHp2r5pyQuw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
new file mode 100644
index 000000000..855f45422
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Expired Test Intermediate
+subject:Test End-entity with expired issuer
+extension:subjectAlternativeName:expiredissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem
new file mode 100644
index 000000000..f8baeea9f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeOgAwIBAgIUPxkDf9AiLxVWjs21J/3by0oWUJcwCwYJKoZIhvcNAQEL
+MBkxFzAVBgNVBAMMDlVua25vd24gSXNzdWVyMCIYDzIwMTUxMTI4MDAwMDAwWhgP
+MjAxODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD0lETiBDZXJ0aWZpY2F0ZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaM4MDYwNAYDVR0RBC0wK4IpYnVnNDEzOTA5LnhuLS1oeGFqYmhlZzJhejNhbC54
+bi0tanhhbHBkbHAwCwYJKoZIhvcNAQELA4IBAQBOBtdU6gEu6bu2pVN4QobNL1eS
+TFEGDazNKDq2s/90ddUz7DL029rhnzaIJib7dc4/dxgl5TgcL/8PwPUHRZXteRTX
+3hAA+XCunBacQYfZDiG8Bpp1ClslU0FVOngivFHw/mseM7hxOCAJg++1oa1uCqBz
+bcVvau/ISa/fApWBICmfRjaD7ztrdVyE5b2M90T7ywedBJHShk8gpJKp3s2/neQB
+CcBp3LNoIb0JDMZCk4pVCNTRB9DOpa5zMTu/Emd3EpV9wISEGvDmNUGmuunrgr2h
+xZ01TDSLknEJyZR7IbMjkhS4SFpIc6bK19h9yblzDUcCJj+ZH1Po23Fk6muT
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec
new file mode 100644
index 000000000..b3d840fbd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Unknown Issuer
+subject:IDN Certificate
+extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key
new file mode 100644
index 000000000..d10324fb3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl
+GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ
+BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh
+WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK
+1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2
+s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV
+nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+
+gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr
+QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA
+Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh
+AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur
+SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx
+vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx
+nmTT4A==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
new file mode 100644
index 000000000..21ed73d60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
@@ -0,0 +1 @@
+rsa1016
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem
new file mode 100644
index 000000000..2ad219824
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZ2gAwIBAgIULXNWBRUzJ/V70VPd4+9U6rf/lYswCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCkxJzAlBgNVBAMMHkluYWRlcXVhdGUgS2V5IFNp
+emUgRW5kLUVudGl0eTCBnjANBgkqhkiG9w0BAQEFAAOBjAAwgYgCgYAA0puxL7hP
+3c0ps6UZy2bEO42Pi+VFunk4TOZj7QPfdZkWAOuSB5DSUwzs5UTbmacfBYlqPtIH
+FlU0qpkFfkfEfjvIGtpvoeEuNyaLUEalUmj52tfMtIXYGi4Z1Q1PC2hUrK9te+ad
+mggxNuFa+o9TwcjIT8YHcnndDlXXNppb3QIDAQABo2UwYzAtBgNVHREEJjAkgiJp
+bmFkZXF1YXRlLWtleS1zaXplLWVlLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYw
+JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0B
+AQsDggEBALhNoeoHzQoeaGR/5bxF8VGE2XrCPoDatHwanND8rp1esVsmkkOSLof1
+DXgjZpg9ZJWw1PnprkYkV3XU1PIZWfUh/B/ir7QnsjRrORfJ+BP3Az+Sf1vX8fTB
+rfInVWtmRzTkzX/taouPBwJj+CN14hncbaT1FxX74XXmkZXHf2MfRjHjzuB1dNPP
+dAu+YVJSxZMv7QD/6qYZoy81dfqcN31IjxoFO0039ZmKrLpUjOZzOnmqzy0+wJpc
+Gz7lBvoHNv8SjVeUslb9IpP0uAqkpVYNZhWpPFpJ7xOdVKSWAUG1jDeMAD1tXC7R
+N0iiOloMHZ70o84Z6b7IB10IpoymVt4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
new file mode 100644
index 000000000..02b595dc9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test Intermediate
+subject:Inadequate Key Size End-Entity
+subjectKey:rsa1016
+extension:subjectAlternativeName:inadequate-key-size-ee.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem
new file mode 100644
index 000000000..7e73075c1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPTCCAiegAwIBAgIUOTTgOhTYLxvzfXf1OSZs5pCrnTUwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkSW5hZGVxdWF0ZSBLZXkgVXNhZ2UgVGVzdCBF
+bmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo24wbDALBgNVHQ8EBAMCAQIwKQYDVR0RBCIwIIIeaW5h
+ZGVxdWF0ZWtleXVzYWdlLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggr
+BgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEB
+ABOkyemfFGxIC9qMI5B7cYQJ7Mrc8qG1wlnc5aKFZ65wnBURgQUw2TtVwBOweLGz
+82qR+MnDho8inUTyilydw7WwyLAi2A2jlqcgCaBcyRh8g7/BBJ9dEP2u1BNp2r9R
+8VvTlUKj/4Ta8/GG2mEKqyhd8bpevZaaTyjQUGcFYr76/XZ0D6TxtOM0SBLrybNg
+A/hbKste6MIXE0rJwUzN2+xWBvfeFqMwzRYZ3F/393qT3vWMgHZt4ZBo/RqQzEM4
+I8k6n3s7zssdPOXHy0lezYwkCtnya2OPdGEAyABviARZjIl9Hn+0nsymZmFUkV9A
+vUw83907j7buWerBFwnAxuo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
new file mode 100644
index 000000000..4d553890b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Inadequate Key Usage Test End-entity
+extension:keyUsage:cRLSign
+extension:subjectAlternativeName:inadequatekeyusage.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem
new file mode 100644
index 000000000..6b7c848a1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICzDCCAbagAwIBAgIUaWHoyJhhB4GixK3MP8mpJLbOZYMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowFDESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxgwFjAUBgNVHREE
+DTALggkxMjcuMC4wLjEwCwYJKoZIhvcNAQELA4IBAQCFFyBe938Z1/1WFILrNZ//
+3YlpJW0ww46JXCD+RheG2IdI2zdnbNOr7hUnLt4KprntLwmzWFYJInj+sq886c6x
+yKImpnVvjB0yDxJki85lNX6ARRHQrTNNf3wczSHdUmGlpzFUUuDkjYZS5Y6P//ms
+wPBxppkYguZVvU1s6nvHnuG2wDPKogeD5wmBSfJf8oVo03M6TqNYRK5socyeQ740
+LxXjlLYqQaUI+FEQLrCfv4LLrWpoH6mKg3hyKWoG6bEcCyvMBBJ+vDxCCpGE7b2L
+tMLn8BML+23CQ5SO53FR7dnWOuxSjnR+GRoFxw5E0qOZEGt+Fb9An5+R4xxRENfB
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
new file mode 100644
index 000000000..766233847
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:127.0.0.1
+extension:subjectAlternativeName:127.0.0.1
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem
new file mode 100644
index 000000000..b81dbafa4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhygAwIBAgIUO/qAw3/gzbpGANaN0lKQaxLhTPwwCwYJKoZIhvcNAQEE
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8yMDEzMDEw
+MTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBNRDVTaWduYXR1cmUtRXhwaXJlZCBF
+bmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo2MwYTArBgNVHREEJDAigiBtZDVzaWduYXR1cmUtZXhw
+aXJlZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0
+dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQEEA4IBAQCJtN322gHdXy56
+sBTdOg+d3AS8AlXpOkm1yDyhICQznqsjdCz5qIUZQI+qm8cHVlLUjioTHWLds1i3
+wCQy4+l4VFFdP3Y7I2V49l3U9FPCHuZY1j8fyGyczAgKv/OYA2aQbcOPt1iR1S3J
+hji6e/bbxftBAXedt3QmvOmtqXRxuaiAaWgnL+nA2GfS3HQBaI0B13hxboPT9G8a
+u70eMAkBvloAwyrS2O/1cAZUPzCrqHeTVMidziHOXHHh4vFxBFICXYxG9ocFcWOb
+pA7E/QrHsTKI0OAr7336EWx1P5XITFZfe/SbBySCj088fMqW0yUuPN8+fvYMVoQr
+ifC5kUCZ
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
new file mode 100644
index 000000000..e4c2b7008
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Test CA
+subject:Test MD5Signature-Expired End-entity
+validity:20110101-20130101
+signature:md5WithRSAEncryption
+extension:subjectAlternativeName:md5signature-expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem
new file mode 100644
index 000000000..de1317577
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKDCCAhKgAwIBAgIUCcBjO7AcpbQJxZbg9Jic6+Wjd88wCwYJKoZIhvcNAQEE
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLTErMCkGA1UEAwwiVGVzdCBFbmQtZW50aXR5IHdpdGggTUQ1IHNp
+Z25hdHVyZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0RBBwwGoIYbWQ1c2lnbmF0dXJlLmV4YW1w
+bGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2Fs
+aG9zdDo4ODg4LzALBgkqhkiG9w0BAQQDggEBAGEUSKisSADWzD5jGCfvXOoUsYdh
+AuGaJqbQFQ+D3hJlmuPXcqOFV8oZNAaaMt0tcyH6Ak4KjpLcitRLQE2W6ChF2nQK
+qxz0OWYuFhtDg6c7JBXIT0c0/nM1NCoyDxZLK7oTpjAR5Ji6LIwuvj6uW0CLFZz2
+CqwlS+7RirFyzHr279ylFJxoGmApJjIG4Fds0BJoAdU8V4ZbDNE8LwcrYfI+h817
+y0IGGkrfpZ2eT94Ih+UfuYhKWyJ5pkxNtoG85It63MN+8i2flxSazuEk9sqRJznF
+OTYfaktXXlgBTlvr9m7P8kg+JQbwf915GMN3cgHuN00NiRqsvOQxJQl1BHs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
new file mode 100644
index 000000000..02742d910
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test End-entity with MD5 signature
+signature:md5WithRSAEncryption
+extension:subjectAlternativeName:md5signature.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem
new file mode 100644
index 000000000..9924dfb7e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAg+gAwIBAgIUE8pDZuVKk0GpcycnYoniDg5yXqwwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMzAxMDEwMDAwMDBaGA8yMDE0MDEw
+MTAwMDAwMFowKzEpMCcGA1UEAwwgTWlzbWF0Y2gtRXhwaXJlZCBUZXN0IEVuZC1l
+bnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF2RvZXNudG1hdGNoLmV4YW1wbGUu
+Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z
+dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBACTILZlbbJ0JN8lnC7ckWE6+/l/y2WOl
+uF23jWbhElQrqJS/YHLqeu1we1LJYQAdN+w/Ro2F6bpxmGea2kZV8jLWRVL1e8ek
+b8+AwSMDmMLcWV6eS+3XLxCF9YPHNIIM3mrUAcI3Oc1Pmf9xWiNxrHukuAk8CJbp
+6Q/Xrdtt4sgpYRDEsciB1Vn14NEDP1SoPi86dcFNpNfuheG/Bjdosi5CAxKfLakr
+WWQbTmCR1m+1OyNsiGEsUisIOXyCTTehTuhcZp+EyR5SHy0cNg6tVStMU49k4XsC
+jG+UmcQRsNHgNqJK+k2KM7yvGjuonokDfKUrQ6EtgWSvkqcFasmCPbQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
new file mode 100644
index 000000000..262f08d6b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Mismatch-Expired Test End-entity
+validity:20130101-20140101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem
new file mode 100644
index 000000000..bfbb973c1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAhWgAwIBAgIUT/IgcHtYb6NXOgazofG+tsSh5RcwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMzAxMDEwMDAwMDBaGA8yMDM0MDEw
+MTAwMDAwMFowMTEvMC0GA1UEAwwmTWlzbWF0Y2gtTm90IFlldCBWYWxpZCBUZXN0
+IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF2RvZXNudG1hdGNoLmV4
+YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xv
+Y2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAE12bvoPuLY/rJGy1ijqXgTe
+1JkVgsL9YxL3yqUsNwvLwdtOA9OtvUprqNaq90niYJ2P58c9ZrloGy5YSjl0cNDv
+GbWiNJoxmY0jsR7Ql45t7uWOEArw81rMeqBjs0dNB99IoJ7xxSNWvmpOGprHw3An
+nVTSmQF4L5qQVAgf1ki2Y43I1ahu04BTAWgzaTppwfX8tAJhZ62HQ+44FetYHnIa
+FZMh/LLiuI0FadRLVaH6uxo7BcvrO8s5zDZ+9W08Fqv60Trl6k+y/N229g+txVhQ
+LULSLizQNoJeSDBVcbq0uYTGvvr/VhPdFDLbR6KOtYGy6VtJgnziQFlL5JS7EGM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
new file mode 100644
index 000000000..947eb7d67
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Mismatch-Not Yet Valid Test End-entity
+validity:20330101-20340101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem
new file mode 100644
index 000000000..47c8d4c3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh+gAwIBAgIUBRVeuOJA+GTXgxh+UUrNUeli1lowCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8y
+MDEzMDEwMTAwMDAwMFowNTEzMDEGA1UEAwwqTWlzbWF0Y2gtVW50cnVzdGVkLUV4
+cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1owWDAiBgNVHREEGzAZghdkb2Vz
+bnRtYXRjaC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG
+Fmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAP9DQC50r0
+B5xvOnkJxB+IFlr8dv2bLNg5Dm3ITmobaHvjEywXzP8RwYVwqgZsVG1Z6FyNBgey
+qJXDXHbrPI81G6286p+rQgEeu7DcoFoHL2umpAXSEVzLw/MyIqbsD9tXKe7fYKvu
+R7Vz/OhQsZMy+ShHGn0Ze6mRdFbdmUYzcrYuCyAKLfqsvpnQ9y7+bd0lgMSHxPG3
+kruIQs5MZ/VUraVtvdoLUxoUy3v7oaCyUJgCS6Wls3nlAECpDTEg986HOVaysKtH
+hRG82KctN5RK40H6EuUGa83Yxp0zF6OnqiOVtm7vHmkk4WNIP2i+gG+/zex78/P6
+EhZHLdk5fS/M
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
new file mode 100644
index 000000000..adc8ebaf8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Other test CA
+subject:Mismatch-Untrusted-Expired Test End-entity
+validity:20110101-20130101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem
new file mode 100644
index 000000000..723ed4dae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLTCCAhegAwIBAgIUBUkHM4qYlHhlajaquYXsh/XJw+swCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiTWlzbWF0Y2gtVW50cnVzdGVkIFRl
+c3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaNaMFgwIgYDVR0RBBswGYIXZG9lc250bWF0Y2gu
+ZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8v
+bG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAstqHR4upkLa4tJcDD4vH
+cUAJrMT+FzazHXIe4ukUiWG1HtyCjUiFI+NhS7YhCY2+rigO58UKgNkaG6BkrlJM
+I81gnyfljMUmukNDmOmsOtXHhP8MXdEa6ye266M/CflTI1oAnLir/6ZJm8AwcLVW
+vh4rhEjARMMPpmUC7vpf2aK4qTAcxuymei9Q7uy2tjJT4PExwa4aMBc195yXAyat
+oMnVQWZqcQE1Gq/AUzQpHsZAvZOPzEQVLk1gAnZrDLZCQucEbd0P2cJ929cK5Zz0
+8t13hDTRa4NpHeaqCTz1l8tVf70FyeQn/tpRQT3uw6aUTbVpELONOFsgt/n/7RBb
+Tg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
new file mode 100644
index 000000000..91c5f548b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Other test CA
+subject:Mismatch-Untrusted Test End-entity
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem
new file mode 100644
index 000000000..205fa23b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAiagAwIBAgIUexDM8FvRSX/MKvVCro1JmGq023EwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIzEhMB8GA1UEAwwYTWlzbWF0Y2ggVGVzdCBFbmQtZW50aXR5MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABo3kwdzBBBgNVHREEOjA4ghdkb2VzbnRtYXRjaC5leGFtcGxlLmNvbYIdKi5h
+bHNvZG9lc250bWF0Y2guZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsG
+AQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEA
+CGnfn+l13zgSEIzCmZL2JLUHCKH7OilQ0tE7QjGTXo12KXUML8uNhoxXgH/z7ZnG
+0N2ya+Y1pGOyAFsj37nAipH5xsM2mP1aAlPEjgrmoskyhiMszKxr8OD8TFHOfvkS
+BlRjnGVjWpwkc2sAbHneN/aitkWDoQ2nacipdQl0OuW4jEjNXa1GE60kCmlfI72b
+aP0yN0NPnIcx8Q4M++tfQ7imJbnonxIdQGJdjHHjIRE2CNFyt2Qeb66IyK/pnEDm
+oVjx5VZPLUr0g1Ubg6W65LbIuNzalpzPBP30CAEqLXNNZ6wqKTgEHB5UB8sQnFTS
+2AZeBlTZ42e5UpU/+h8Mog==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
new file mode 100644
index 000000000..b93599fc8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Mismatch Test End-entity
+extension:subjectAlternativeName:doesntmatch.example.com,*.alsodoesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem
new file mode 100644
index 000000000..004ce48e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAgIUJzlO5E47g+NUJjL7EcrQMDmXq04wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIjEgMB4GA1UEAwwXZG9lc250bWF0Y2guZXhhbXBsZS5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAEwCwYJKoZIhvcNAQELA4IBAQBy/KCwjrh0emnzBnuw+yEZElSD23wKKhAjUISO
+27ndrI6Gmv/wKHdgUP2yBPZbTcUT7RrzamdkOrsVASL2vAFAI1r/wHp/PXEnuNY5
+mUWVZLH3kCzJjvZXvGbdQUJhNraNbvDgV+GI/AAo+67QnSmYM0bqhaMsgbGHILGl
+qZNOE6GZdWDFBSdNIdKz3AXeKiTXduR7rb03CiuGkG+RmByPEARiUdt2xdZMxx+Q
+nhOTnBEu3KsyvJ0Y79Z6T8s3qo2dUsjHF9Kn77CKNYQFTbyoDMsBnulZZuL3uL0A
+Fn7CB+VWzVooOhq+BvbeynWGDj3rHsMQUPyP8DMKuwJZwSxa
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
new file mode 100644
index 000000000..86ef45b7c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
@@ -0,0 +1,2 @@
+issuer:Test CA
+subject:doesntmatch.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/moz.build b/security/manager/ssl/tests/unit/bad_certs/moz.build
new file mode 100644
index 000000000..5402f3c21
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/moz.build
@@ -0,0 +1,68 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'badSubjectAltNames.pem',
+#    'beforeEpoch.pem',
+#    'beforeEpochINT.pem',
+#    'beforeEpochIssuer.pem',
+#    'ca-used-as-end-entity.pem',
+#    'default-ee.pem',
+#    'eeIssuedByNonCA.pem',
+#    'eeIssuedByV1Cert.pem',
+#    'emptyIssuerName.pem',
+#    'emptyNameCA.pem',
+#    'ev-test-intermediate.pem',
+#    'ev-test.pem',
+#    'evroot.pem',
+#    'expired-ee.pem',
+#    'expiredINT.pem',
+#    'expiredissuer.pem',
+#    'idn-certificate.pem',
+#    'inadequateKeySizeEE.pem',
+#    'inadequatekeyusage-ee.pem',
+#    'ipAddressAsDNSNameInSAN.pem',
+#    'md5signature-expired.pem',
+#    'md5signature.pem',
+#    'mismatchCN.pem',
+#    'mismatch-expired.pem',
+#    'mismatch-notYetValid.pem',
+#    'mismatch.pem',
+#    'mismatch-untrusted-expired.pem',
+#    'mismatch-untrusted.pem',
+#    'notYetValidINT.pem',
+#    'notYetValidIssuer.pem',
+#    'notYetValid.pem',
+#    'noValidNames.pem',
+#    'nsCertTypeCritical.pem',
+#    'nsCertTypeCriticalWithExtKeyUsage.pem',
+#    'nsCertTypeNotCritical.pem',
+#    'other-issuer-ee.pem',
+#    'other-test-ca.pem',
+#    'self-signed-EE-with-cA-true.pem',
+#    'selfsigned-inadequateEKU.pem',
+#    'selfsigned.pem',
+#    'test-ca.pem',
+#    'test-int.pem',
+#    'unknownissuer.pem',
+#    'untrusted-expired.pem',
+#    'untrustedissuer.pem',
+#    'v1Cert.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'default-ee.key',
+#    'evroot.key',
+#    'inadequateKeySizeEE.key',
+#    'other-test-ca.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem
new file mode 100644
index 000000000..36d258cb0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAemgAwIBAgIUD8+FcBmecy2K1vllEQ2SgGucJCQwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowKTEnMCUGA1UEAwweRW5kLWVudGl0eSB3aXRoIG5vIHZhbGlkIG5h
+bWVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABozYwNDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6
+Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQBiwTfHRmir5VnSNxOs
+S806Ao1xXqaz7ff/qi32Nnio855qHulmKjsRfmEv09N7/PNFkAa6yILe0/8YdroC
+aOd1iOdawsNMoeud7mD0FjuOYcjSnCx0WTeW5LZ/yXkgKwA8+shZzhr9TYiXQtnt
+TIgQma15CyjpFp9ztHj6MtInVFhjDxe9DzJsgLv8EAxbLacPN6ZFB6DevvI+NL6M
+wsy27OMdFvW7M4AWlWIyCFJg1moxaw8Ht8vUooe3EWbRknuM5IasgwZDt5YUeXkO
+0nQF4IKtLoASla3UOL7exkMLJA7kE4zTlOKADXi56lNZd/2ck/+wd9hrwo8aXLsO
+T34M
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
new file mode 100644
index 000000000..87088e87e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:End-entity with no valid names
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem
new file mode 100644
index 000000000..a380ffc9a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAgygAwIBAgIUM4uC0JcSpF7UST7x6F6ZPc9KOrswCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMTAxMDEwMDAwMDBaGA8yMDMyMDEw
+MTAwMDAwMFowKDEmMCQGA1UEAwwdTm90IFlldCBWYWxpZCBUZXN0IEVuZC1lbnRp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF25vdHlldHZhbGlkLmV4YW1wbGUuY29t
+MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4
+ODg4LzALBgkqhkiG9w0BAQsDggEBALSZFFaWXBJQZrEnbKcmqL4FKsB4/ZNK7fXd
+KI0LpaFtOwjXV6HxmuoBQ3PH87XXF5wpbsibZd7Ua4ZnKV0w7aW7BJSphIfkFVzK
+dJFAiMPKVTCGOQzRZeXPjSrGzExyVHq2IAvcWIogN5vXxR3icS6fb9WbJEtdmEdZ
+LtS9FfFxTBQBVnJKldMqbotpKS7gUm4KHUF57Q6f9Az41PlUaSqpXbnqsQ5BTCzv
+d3PjsYAwkdlN8TSUC6iDfQnEP6zo9L49jsUxAOoOEaIVP5SJEASYq4uvcl8Z7IoY
+PXpypjIP56Q5FKA1hrU0KwjZYcR4KRIhvTHEybgxK/XUA1znaf0=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
new file mode 100644
index 000000000..5b60c29eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Not Yet Valid Test End-entity
+validity:20310101-20320101
+extension:subjectAlternativeName:notyetvalid.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem
new file mode 100644
index 000000000..aa4a031d3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAdGgAwIBAgIULzhHWvpIqD6LDAt8W+Os9YEJmkwwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMTAxMDEwMDAwMDBaGA8yMDMzMDEw
+MTAwMDAwMFowKjEoMCYGA1UEAwwfTm90IFlldCBWYWxpZCBUZXN0IEludGVybWVk
+aWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u
+togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6
+pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL
+KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq
+fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv
+Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za
+GAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZI
+hvcNAQELA4IBAQCkGkkzHDXywFs2/YUNbwEttgV//Rj74yqYZJeiAfUapIIMyocs
+hgKqSWGhtSyDzBzZhoNE8hzFtJ7c7OxZynpDpS/fhjLqX/dCiA2BlPkeliewdiaT
+lpH45OjdaU5u0s/p9qn5CZMe5OFKR7tIj+fDrz79sO3Z749WXdyyCd97wDc37BMo
+uTHIs07D5cJmG5vLYQRPE+RU0YZgk4QW4gmKp2tlcpkardFv1nTuc9fYokU98+87
+woE1nAZRS6JPnYekwxz2ToOCXyh/CKhhrrnxvGCXvVcaoDg5okI2Ri75nqXL9770
+dTyzwv3wPEOcmcqX2vwN5RaNzUCMOY4x/qzU
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
new file mode 100644
index 000000000..8a00f2ee2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Not Yet Valid Test Intermediate
+validity:20310101-20330101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem
new file mode 100644
index 000000000..10e11c82c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjagAwIBAgIUd2Xdl3VR8l0IU2OPSgy6zPCjvaQwCwYJKoZIhvcNAQEL
+MCoxKDAmBgNVBAMMH05vdCBZZXQgVmFsaWQgVGVzdCBJbnRlcm1lZGlhdGUwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowNDEyMDAGA1UEAwwpVGVz
+dCBFbmQtZW50aXR5IHdpdGggbm90IHlldCB2YWxpZCBpc3N1ZXIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjYDBe
+MCgGA1UdEQQhMB+CHW5vdHlldHZhbGlkaXNzdWVyLmV4YW1wbGUuY29tMDIGCCsG
+AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAL
+BgkqhkiG9w0BAQsDggEBAEI5yQNpc3afAa4iN9uVBBDv9gT3X2FbhrWKCNYbLsRD
+dtntFIuZMHJvH0IuKqgUoDnFMJciOkhY8GrJUi6bZIOd15YL/jsodJHxYO9g0vT0
+0E33/Ka+0DEy4g/skJTy7xQsF0OTw042Aoe23RFxwbAmzqQn0BDRzJ6Qhx4WLQ2f
+QVhmDrvwF+VRshrp6bJKjcTZRmgIX3nVYAR0THuJu+zcB8de7G3lOH7YCl0rpboI
+fFkQxnTSt/MtU3FEJaajmz3PvzLkCI4FHFv8SouQ3ZIp/XRHk6luW0QWO3z6cy5l
+3V9BkhP0jkPpr9wfCZcmqu8EkCWZCfiu0Rf+k2uR2wo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
new file mode 100644
index 000000000..d8420898e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Not Yet Valid Test Intermediate
+subject:Test End-entity with not yet valid issuer
+extension:subjectAlternativeName:notyetvalidissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem
new file mode 100644
index 000000000..0602dbb8f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeWgAwIBAgIUQaNz+iusE21wkn6JJ/qLaB6Q8gEwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowHjEcMBoGA1UEAwwTbnNDZXJ0VHlwZSBDcml0aWNhbDCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM9
+MDswIwYDVR0RBBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMBQGCWCGSAGG
++EIBAQEB/wQEAwIGQDALBgkqhkiG9w0BAQsDggEBAKWjJlobJfQhQxSNmvhokt1f
+rSWbHFyePtawqHSBKIOG9RrNB9E+nbDsI/gVvgVwi1GVu7cmg5SJDAuK19dpWXTh
+Pf4FPTm+FrLXwfPUOay5S3aGSwg29/PjnVayuBrJbMeYvtMJd7NGtadyv5wg3K3P
+SSFqYjUKOeWewt2NrX07LII68uctBja3BVpAPVvcoYsnR30ozuuiZTy6rBu0n4g0
+KU2stuuOnVLf7A7C2clj/ls0uX0hbSAaFH2RNQPsu+TL2ziSEEV9DYUm4pPMnpuO
+dhSDgTDkCTMqzS84FFTemzbkOUxBechMogtPkEhr157kbBXYzjytYgGLL7FGGRc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
new file mode 100644
index 000000000..b236bdea4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:nsCertType Critical
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType[critical]:sslServer
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem
new file mode 100644
index 000000000..24d6ba742
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLzCCAhmgAwIBAgIUL0RNPgFGtsQZxanRCa2IGPqVWZIwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkbnNDZXJ0VHlwZSBDcml0aWNhbCBXaXRoIGV4
+dEtleVVzYWdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo2AwXjAjBgNVHREEHDAagglsb2NhbGhvc3SCDSouZXhh
+bXBsZS5jb20wFAYJYIZIAYb4QgEBAQH/BAQDAgZAMAwGA1UdEwQFMAMBAQAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwCwYJKoZIhvcNAQELA4IBAQAO+rOEK3vhTmoLNg5w
+upxSODlCFghBLZ1qui7RWJME62JG/1sxZw4rHa0Pl2NP1U/Wy0ErAT/QQLyIahBL
+mjggdD3Vh9wfx4Qf4FwHGzJEopfsx6YQlHcXR1v5qb7lLeuywhA6m7agn9DWBGlg
+lLFNqtHmofQFaileQOA50Uu9qOAdbea5+rjZn9rBBvUUVeSc9hNWjDRCMk/5PSm4
+6ONpFjal4npPA8V/U7LleJR+VNbiCWNHaQD/9H+xBoay81m8GL0CdM9udBjbyf9W
+NlYtu87XanZn2//LghGGUW4HQn1YXWD6UeZngo91UdQeIOs+dCiTI8CldgpGafld
+8UdC
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
new file mode 100644
index 000000000..0ae63e20f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Test CA
+subject:nsCertType Critical With extKeyUsage
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType[critical]:sslServer
+extension:basicConstraints:,
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem
new file mode 100644
index 000000000..b894c0bce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeagAwIBAgIUSeaDecTuqo807NV7Z4OGuTUEoKowCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIjEgMB4GA1UEAwwXbnNDZXJ0VHlwZSBOb3QgQ3JpdGljYWwwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjOjA4MCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTARBglg
+hkgBhvhCAQEEBAMCBkAwCwYJKoZIhvcNAQELA4IBAQBUkcVO1xXJv8/BR5tUyQDt
+Y6gQMH9hfg2MZwR7mKj/ZdTEUMUqpOo4zfxRj8j3WNAF01g88D/oQw3IcDay9kpE
+EZDSLLQpVYW6l9xEWuCl+p9jNbFDmNxyPe2KOD+Pmp0ggkyeKyfC2l1cZS9kuQjW
+rIYgGdDVcXvBH/cfi8Dxl4IjWa/Fmkpw/W4uvcKcpLdtwZkGAa2CH1ymmeE3gtE8
++uYJuWWP9RE1cwXtwoGTPoU2fxBP8V2gRgPrlHQlhlJzyWthJ30Cv+RBNU6IkzNT
+ZO10f39iPQScLbrcaDULX44vhUGhXlaXsOBWZnyX7exBWdUxNNpIjReO1nrZxufi
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
new file mode 100644
index 000000000..a44a1feee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:nsCertType Not Critical
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType:sslServer
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem
new file mode 100644
index 000000000..13ba23a19
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmWgAwIBAgIUNVbKGlj3T9hCc0QZzD1Zs4cFzeUwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJzElMCMGA1UEAwwcV3JvbmcgQ0EgUGluIFRlc3QgRW5k
+LUVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93
+CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8
+EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbL
+PMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmV
+hmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+
+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8d
+HhkdcSFo07sCAwEAAaOBrTCBqjB0BgNVHREEbTBrgigqLmluY2x1ZGUtc3ViZG9t
+YWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5w
+aW5uaW5nLmV4YW1wbGUuY29tghUqLnBpbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYB
+BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsG
+CSqGSIb3DQEBCwOCAQEArJqM6iooFNCAk11WMdPCxa4iGkG4V5zYuFjdd2K3LTLM
+ai5SZS875tXNol+YZgUh6cdTbVARdsB4saYGH1v5pAmK+VJniYQHWYsSLofgBfFw
+yAk1Ymj5pz8y6+ExYzWPBV5ihevtyCRPGG8xgZqRbERTdB2uBZGmQ441LLnZZZFX
+BByEFQ4M7qYmOTZaIxncSGZbwVncBYkLbYmOIPdcahVtnK1mIm1q7ET0KeUEPTLB
+5UEdNa7bd5ULWeCIVZxRWdawzktWdF7CfBVO2KeWiEE6wkL1Y3N29mUOynWKRs7w
+wo5ETwxEw/6UqOaGCmbCTN5Xa+N+ZE5/4g0gEEcFUg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
new file mode 100644
index 000000000..a905a66ac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Other test CA
+subject:Wrong CA Pin Test End-Entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com,*.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key
new file mode 100644
index 000000000..6db74b5c5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq
+Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC
+RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH
+BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm
+JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW
+8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z
+HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw
+aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL
+GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH
+R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8
+/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q
+5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ
+xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG
+8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l
+Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ
++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk
+IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52
+TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH
+4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY
+T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM
+RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x
+hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8
+oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS
+vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6
+S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r
+KVFR3kS3f+Vaew3yceGaZcA=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
new file mode 100644
index 000000000..cbd5f309c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem
new file mode 100644
index 000000000..09bd4bb04
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUexJUIJpq50jgqOwQluhVrAzTF74wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8y
+MDI1MDEwMTAwMDAwMFowGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCL
+jKgNGmCVYhntJo024WL8bF6hekERMYQbu/CK9moz6wlOpRMOQX1x7U/ianPW9Whi
+yoMAgAgNhLr2+t4ewqU2xRxMY0DvMSOuF9l08mptCW5sd/ocrRZuv/RcBmLcRnJm
+Y+HuaVOvf1ac32pNN5HYagGQbvvpAaHB5/DyYcywqUM7SttK1QF+AOsGePZdYUK2
+Od5wJwB7yE1Fpgf6O4vZaE0JkTVh8GQipwoPms2GYk2E1sJXu9eUrLBfioVVN0TF
+QF4xJxSwyxY8ys5E4+ftIVixVdetrcotUdYR64x9Hd5OPr5Q7VaAvd85ZvuB7xeK
+eHxNGBjaJMf1tkamLr3p
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
new file mode 100644
index 000000000..3bc975aa2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
@@ -0,0 +1,7 @@
+issuer:Other test CA
+subject:Other test CA
+issuerKey:alternate
+subjectKey:alternate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem
new file mode 100644
index 000000000..badc58376
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl+gAwIBAgIUOZxBsWqmNkNX1bk4vwjN7oalyxcwCwYJKoZIhvcNAQEL
+MDMxMTAvBgNVBAMMKFRlc3QgU2VsZi1zaWduZWQgRW5kLWVudGl0eSB3aXRoIENB
+IHRydWUwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMzExMC8G
+A1UEAwwoVGVzdCBTZWxmLXNpZ25lZCBFbmQtZW50aXR5IHdpdGggQ0EgdHJ1ZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaOBgDB+MAwGA1UdEwQFMAMBAf8wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUF
+BzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMDoGA1UdEQQzMDGCL3NlbGYtc2ln
+bmVkLWVuZC1lbnRpdHktd2l0aC1jQS10cnVlLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAOOiI4FYCOj5N75+ix87qQQjtyG//CTUi8SMRAIG9sQId7fRtXAcl
+qEtWKxdcNy4RYVoEQTNPrY6gr9amiPEpZ9IobtX1WW8gJiVj3EFLfXBKTE3B6Kxp
+Qim7bJvrqoumLgXtH7eljHdfN86I6Xnyk7L4tl30UhlOSd24jiQ8T5FxF7lcmEnT
+w+AthUUhOyKyDRXvV3jUpM3SKv6mz0rzm19A/qBOYM6Q+bAS5n47d/TPbmCff8T/
+zKU/Su7WYXsw7gU208DhWrqLjpUzPuGSRRTZgHCG35KpOlNcN81iZsvEYIyL+b68
+G2rlSZK2C3LaGi/0t7s3O8gUep20KSF7WA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
new file mode 100644
index 000000000..0ca92d7fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test Self-signed End-entity with CA true
+subject:Test Self-signed End-entity with CA true
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:self-signed-end-entity-with-cA-true.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem
new file mode 100644
index 000000000..87b0ca2e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAm2gAwIBAgIUV9yIaHMDuAdDCVBEzuEE5tSGIncwCwYJKoZIhvcNAQEL
+MDUxMzAxBgNVBAMMKlNlbGYtc2lnbmVkIEluYWRlcXVhdGUgRUtVIFRlc3QgRW5k
+LWVudGl0eTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA1MTMw
+MQYDVQQDDCpTZWxmLXNpZ25lZCBJbmFkZXF1YXRlIEVLVSBUZXN0IEVuZC1lbnRp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjgYowgYcwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMB
+MC8GA1UdEQQoMCaCJHNlbGZzaWduZWQtaW5hZGVxdWF0ZUVLVS5leGFtcGxlLmNv
+bTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6
+ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAhtt1BOrCjch5fzJ+OIvqSF2qERDB7CJDA
+avhypMbCVCEabM1JBD8vtA5U7izjWpAJVlOwFBUPtGpeCtXkCZEyy6/JPOdc5hhJ
+1h0+c9CeKkmjwyydqqz3v4quXAI0WX7ChuO5WfsVY1swFcp6TYtGYBsjMVpVQaTw
+CGNFZ73EEksRWP0NH/SKABo+6dlvOghivAa3Wx1HEOVTFUo8u6odwZ596Xl/IhY4
+I0G/GuGCwMhBE/5GGpSI8qH8DxRXT7nrvdHZmuiRB2SJYeuF4Cs08KHO+ymiST/d
+OLnAKR1WWgslQbxZu3zdBDqKuKf2vOKS9xo6sQXP3TsLsSPxY1v2
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
new file mode 100644
index 000000000..477b90ce1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Self-signed Inadequate EKU Test End-entity
+subject:Self-signed Inadequate EKU Test End-entity
+extension:keyUsage:keyEncipherment,dataEncipherment
+extension:extKeyUsage:serverAuth
+extension:subjectAlternativeName:selfsigned-inadequateEKU.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem
new file mode 100644
index 000000000..436f9ef8e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAh2gAwIBAgIUFdYBQ3rk5hXCs0Bz6ERmayqrMTYwCwYJKoZIhvcNAQEL
+MCYxJDAiBgNVBAMMG1NlbGYtc2lnbmVkIFRlc3QgRW5kLWVudGl0eTAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAmMSQwIgYDVQQDDBtTZWxmLXNp
+Z25lZCBUZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjWTBXMCEGA1UdEQQaMBiCFnNlbGZz
+aWduZWQuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo
+dHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAiPY8Ka4thJkS
+6HzgnIpJyd09rmAls/LwAPRwhk8s652FEEGpZzkreDjOJ9LGYx01JWGQPDxOgddt
+ynYtbZVzwnSuJnISglU/mAsmgG47hSeBamOm9zg2KAC1+64nVgpkmYMEDGQC4h79
+cADh5g5ay0E47x/9u7F02z4ovXyJCDC/bOTFKv4WCkHEaIKhnbrv4EGT+lkfCFol
+obLR6h4mwclIDycIR9D2hg4ZSrnace1JzF0OALMVshwtclmJMS4yH+yACSeovT6t
+fN1CTvLAY8nYtyuxWc3D/gv0T5MWVvkSSfbrvt+nCUvrEsLFnDgKqMzh7S/iph3M
+UyeHQjtRIQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
new file mode 100644
index 000000000..99a814be1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Self-signed Test End-entity
+subject:Self-signed Test End-entity
+extension:subjectAlternativeName:selfsigned.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem
new file mode 100644
index 000000000..1d50176e4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUH9DaznYx1NE1Cu9I8cBqxV9VgF4wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowEjEQMA4GA1UEAwwHVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA1o3GayNFRlVTrsoj2
+Ag06YatbGe94M/FT0MXngjlmrMkGZqHaDlrii7Jz+JP16CBjaIZ0ZP7I56Nn/l8y
+/kfe++zvr1uwRaKjtRGBiFpCjx10rI508wzSnOox3+bOtv9qjYaY7UjkBV3F40IS
+P8qKMtNspsR4tjS/D1jbculhngkPqhskefZFQQvcgG54L5j921GFKNeeX6i9QAzV
+jjM6i/iQYpAWCuh5+CetwUnfFuZCM80npp/qHMESkT3PyPpwqT9A5K+xQdVfpXq5
+SmVy5+QGWALuSV1sfIRXRwOh+2jCWwWPbyi9TlHrvlO5mL38qikdYBDPat3ve4cq
+5viq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
new file mode 100644
index 000000000..5d2435d7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test CA
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem b/security/manager/ssl/tests/unit/bad_certs/test-int.pem
new file mode 100644
index 000000000..df9ad3ddb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcOgAwIBAgIUBVio/iQ21GCi2iUven8oJ/gae74wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDI1MDEw
+MTAwMDAwMFowHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAb
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAry6Z
+DoUhexYUJTzWwN1ZIwWeXW/QxJR5u4DvK6pBPInDdyfv20EuxXKODYWXXPGbOY8X
+5SEsUtS+1WUlMAXenmejPvDcjeEGLS8tfJQbgHtPrDhQR43fnYGZrA2pWVmxQ+TJ
+Lrg18uGIuMcfAr3RwMzeK+uj81bybeYZN5haISWa6bF2a81vMx/WDgyFSYYBOYph
+nCPWVSqPTK/6NwbyWZORs474Flx45uzo7g9mMCmbwz9IzdJYpVrViVAFTU1gSbNQ
+ED3LzwGkS7eO8Lqzk9a94uIGqhxtGDvxFe+6Be/Il3M/5d2WC2Jmqzv8cU/u4GLb
+dKrXnD3epofIjHnOUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
new file mode 100644
index 000000000..33b42c2f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem
new file mode 100644
index 000000000..d9ba29653
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo+gAwIBAgIUHccbzbbSEhGlmiWbLlfHcRQFD7MwCwYJKoZIhvcNAQEL
+MCYxJDAiBgNVBAMMG1Rlc3QgSW50ZXJtZWRpYXRlIHRvIGRlbGV0ZTAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAuMSwwKgYDVQQDDCNUZXN0IEVu
+ZC1lbnRpdHkgZnJvbSB1bmtub3duIGlzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBwjCBvzCBiAYDVR0R
+BIGAMH6CGXVua25vd25pc3N1ZXIuZXhhbXBsZS5jb22CNHVua25vd25pc3N1ZXIu
+aW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb22CK3Vua25vd25p
+c3N1ZXIudGVzdC1tb2RlLnBpbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEE
+JjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3
+DQEBCwOCAQEAjvk1a9yDZSYDNilWlvRcUk6stPfmjG7p0Owu0a+Lh8JIxOZXflZ1
+/hpVp0L5ds6mc74Q5VBJgqpkrpYBIVDPa3LJzW4HX8y7FtDo71Ca/ob+Xyc4hFdg
+3G2DqLePZXqkV+h6bsg/Rqv2FUt/GbUmv4sIkTwL5KgMEjLJGxwRTyrQZJlTMC5N
+uSxtWiCv+wLnP9NbkMgBHE1NnBQjF5nR/mJC7HUGykGYe+oJHuozq+/VCn3bXFUm
+kq9YXS0R84LcQH7gHtOlp5xwxiYXPH3C2cxobaJNdo5qsyOZYc5Diq/ukCN5rg0N
+5IOg9SPThtEzlCjTFRVHKE7ncgo7JxJ3gw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
new file mode 100644
index 000000000..a735c730c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate to delete
+subject:Test End-entity from unknown issuer
+extension:subjectAlternativeName:unknownissuer.example.com,unknownissuer.include-subdomains.pinning.example.com,unknownissuer.test-mode.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem
new file mode 100644
index 000000000..497b3472c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhygAwIBAgIUEb4CKRVPjI1eurD3IgLllUvomHgwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8y
+MDEzMDEwMTAwMDAwMFowLDEqMCgGA1UEAwwhVW50cnVzdGVkLUV4cGlyZWQgVGVz
+dCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABo2AwXjAoBgNVHREEITAfgh11bnRydXN0ZWQtZXhw
+aXJlZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0
+dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQB+nHMbzEEVQFPF
+ahU0cR3xT8hyv0R0rNFTFQzGmAJpLz+xJN+GsOLuqGHqZ7Yc8lSOEQq4m/EDNncL
+SWnNbQHZPb4BAgz6n84gKazPfvkQmzx2QFqJs8s/Nfj8kxygUbCF5h+R+KBQbQd3
+qjAEeJK7pUoJjBB236JwBlM0Rqbv7QgTibm5VnNcfkZcwlBpwfCXdc6jtG9hkyhD
+h/8H0mZ+gvMpgnXx3TascLWJuPrYpDSgayRClfvs+FQtY8Lv5qkCR2TLLU779O8f
+TNTZLWogZ/tlOy268M5iFaOS71g0dQM9sU++XpUjtQlf6T1a2HtyZ8CmiG+Ffsym
+mAJNGYT8
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
new file mode 100644
index 000000000..3efd1ce67
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Other test CA
+subject:Untrusted-Expired Test End-entity
+validity:20110101-20130101
+extension:subjectAlternativeName:untrusted-expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem
new file mode 100644
index 000000000..842e7e7bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAh6gAwIBAgIUC7+ekJBbfCa4+95t1Lc9QFnFM00wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlVGVzdCBFbmQtZW50aXR5IHdpdGgg
+dW50cnVzdGVkIGlzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNeMFwwJgYDVR0RBB8wHYIbdW50cnVzdGVk
+aXNzdWVyLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
+aHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBADoMA0m+eXNs
+tdp2WpRyK3F9+FXIYbZGdlQFi+G9Dku/8J/cysb3jnN7zdSiCwkSJ38XR/8z4M0O
+x4i3/alFWP1HTvQmVOwP7U31u1h56QlS8ltFasZtd+lOELWvaj9WzG2glcFGTynT
+iIIl3LCm47O6u501xZsp5XPRaeY9956vuP7TwVIx8v2JR5H3hFhk9fR/mhR8QCOB
+HVu/iW9ux7g/9Up1Fi5mYAq6cmArpJ2LzEr57gdV1lfgKObTE++ZWtRa5N+zMZGX
+TU6WARBPH+vVHC1VKxY2SYENxswFtkgCSVoRFzn7sj/8jQ6iaJ86sf9poK0NrHdg
+P0ybC9Y8juA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
new file mode 100644
index 000000000..5ba0bc253
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Other test CA
+subject:Test End-entity with untrusted issuer
+extension:subjectAlternativeName:untrustedissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem
new file mode 100644
index 000000000..c6e59a7a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqzCCAZUCFDt6FYWPwMbZVlZa329PtAVVBtsnMAsGCSqGSIb3DQEBCzASMRAw
+DgYDVQQDDAdUZXN0IENBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB1YxIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQCW
+fJUaT3AtmftAlBtS3e1hs6V1XoQNaeSiff8PR6ootvISg5MpU1b2whEvNalJCUMD
+zBXkM7y3ERSgAvROu+CbBFOrOTPPStg88iZFm4WDrgotADxepbYd+x3IOL0vGq7F
+vcqdiQCRuhVRoopipqmowWF4KZtm0SnXoce7GnDhIjLtGxwz+zq3ls/2MrdaxdpL
+ggRkBUNfbTmDMvsjc3GxFHsXuX5cJUKVM2V8x5gNvtDBINiavy8HyQjhwSyTprRM
+KBConOKsh/WntsiakcsefVpc9kAR6DJjVvhFmLqHBUMrpBtDf5pb2JVgp/qn0oCw
+YqD30umtSUWyZaW1I1Nh
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
new file mode 100644
index 000000000..7824630bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:V1 Cert
+version:1
diff --git a/security/manager/ssl/tests/unit/head_psm.js b/security/manager/ssl/tests/unit/head_psm.js
new file mode 100644
index 000000000..b6489d605
--- /dev/null
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -0,0 +1,863 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+const { AppConstants } =
+  Cu.import("resource://gre/modules/AppConstants.jsm", {});
+const { ctypes } = Cu.import("resource://gre/modules/ctypes.jsm", {});
+const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
+const { HttpServer } = Cu.import("resource://testing-common/httpd.js", {});
+const { MockRegistrar } =
+  Cu.import("resource://testing-common/MockRegistrar.jsm", {});
+const { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
+const { Promise } = Cu.import("resource://gre/modules/Promise.jsm", {});
+const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+const { XPCOMUtils } = Cu.import("resource://gre/modules/XPCOMUtils.jsm", {});
+
+const isDebugBuild = Cc["@mozilla.org/xpcom/debug;1"]
+                       .getService(Ci.nsIDebug2).isDebugBuild;
+
+// The test EV roots are only enabled in debug builds as a security measure.
+//
+// Bug 1008316: B2G doesn't have EV enabled, so EV is not expected even in debug
+// builds.
+const gEVExpected = isDebugBuild && !("@mozilla.org/b2g-process-global;1" in Cc);
+
+const SSS_STATE_FILE_NAME = "SiteSecurityServiceState.txt";
+const PRELOAD_STATE_FILE_NAME = "SecurityPreloadState.txt";
+
+const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
+const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
+const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
+
+// This isn't really a valid PRErrorCode, but is useful for signalling that
+// a test is expected to succeed.
+const PRErrorCodeSuccess = 0;
+
+// Sort in numerical order
+const SEC_ERROR_INVALID_TIME                            = SEC_ERROR_BASE + 8;
+const SEC_ERROR_BAD_DER                                 = SEC_ERROR_BASE + 9;
+const SEC_ERROR_BAD_SIGNATURE                           = SEC_ERROR_BASE + 10;
+const SEC_ERROR_EXPIRED_CERTIFICATE                     = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE                     = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CA_CERT_INVALID                         = SEC_ERROR_BASE + 36;
+const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION              = SEC_ERROR_BASE + 41;
+const SEC_ERROR_INADEQUATE_KEY_USAGE                    = SEC_ERROR_BASE + 90;
+const SEC_ERROR_INADEQUATE_CERT_TYPE                    = SEC_ERROR_BASE + 91;
+const SEC_ERROR_CERT_NOT_IN_NAME_SPACE                  = SEC_ERROR_BASE + 112;
+const SEC_ERROR_CERT_BAD_ACCESS_LOCATION                = SEC_ERROR_BASE + 117;
+const SEC_ERROR_OCSP_MALFORMED_REQUEST                  = SEC_ERROR_BASE + 120;
+const SEC_ERROR_OCSP_SERVER_ERROR                       = SEC_ERROR_BASE + 121;
+const SEC_ERROR_OCSP_TRY_SERVER_LATER                   = SEC_ERROR_BASE + 122;
+const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG                  = SEC_ERROR_BASE + 123;
+const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST               = SEC_ERROR_BASE + 124;
+const SEC_ERROR_OCSP_UNKNOWN_CERT                       = SEC_ERROR_BASE + 126;
+const SEC_ERROR_OCSP_MALFORMED_RESPONSE                 = SEC_ERROR_BASE + 129;
+const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE              = SEC_ERROR_BASE + 130;
+const SEC_ERROR_OCSP_OLD_RESPONSE                       = SEC_ERROR_BASE + 132;
+const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE              = SEC_ERROR_BASE + 141;
+const SEC_ERROR_OCSP_INVALID_SIGNING_CERT               = SEC_ERROR_BASE + 144;
+const SEC_ERROR_POLICY_VALIDATION_FAILED                = SEC_ERROR_BASE + 160;
+const SEC_ERROR_OCSP_BAD_SIGNATURE                      = SEC_ERROR_BASE + 157;
+const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED       = SEC_ERROR_BASE + 176;
+
+const SSL_ERROR_NO_CYPHER_OVERLAP                       = SSL_ERROR_BASE + 2;
+const SSL_ERROR_BAD_CERT_DOMAIN                         = SSL_ERROR_BASE + 12;
+const SSL_ERROR_BAD_CERT_ALERT                          = SSL_ERROR_BASE + 17;
+const SSL_ERROR_WEAK_SERVER_CERT_KEY                    = SSL_ERROR_BASE + 132;
+
+const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE            = MOZILLA_PKIX_ERROR_BASE + 0;
+const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY     = MOZILLA_PKIX_ERROR_BASE + 1;
+const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE            = MOZILLA_PKIX_ERROR_BASE + 2;
+const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA             = MOZILLA_PKIX_ERROR_BASE + 3;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE      = MOZILLA_PKIX_ERROR_BASE + 5;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 6;
+const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE + 8;
+const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING   = MOZILLA_PKIX_ERROR_BASE + 10;
+const MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME              = MOZILLA_PKIX_ERROR_BASE + 12;
+
+// Supported Certificate Usages
+const certificateUsageSSLClient              = 0x0001;
+const certificateUsageSSLServer              = 0x0002;
+const certificateUsageSSLCA                  = 0x0008;
+const certificateUsageEmailSigner            = 0x0010;
+const certificateUsageEmailRecipient         = 0x0020;
+const certificateUsageObjectSigner           = 0x0040;
+const certificateUsageVerifyCA               = 0x0100;
+const certificateUsageStatusResponder        = 0x0400;
+
+// A map from the name of a certificate usage to the value of the usage.
+// Useful for printing debugging information and for enumerating all supported
+// usages.
+const allCertificateUsages = {
+  certificateUsageSSLClient,
+  certificateUsageSSLServer,
+  certificateUsageSSLCA,
+  certificateUsageEmailSigner,
+  certificateUsageEmailRecipient,
+  certificateUsageObjectSigner,
+  certificateUsageVerifyCA,
+  certificateUsageStatusResponder
+};
+
+const NO_FLAGS = 0;
+
+// Commonly certificates are represented as PEM. The format is roughly as
+// follows:
+//
+// -----BEGIN CERTIFICATE-----
+// [some lines of base64, each typically 64 characters long]
+// -----END CERTIFICATE-----
+//
+// However, nsIX509CertDB.constructX509FromBase64 and related functions do not
+// handle input of this form. Instead, they require a single string of base64
+// with no newlines or BEGIN/END headers. This is a helper function to convert
+// PEM to the format that nsIX509CertDB requires.
+function pemToBase64(pem) {
+  return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
+            .replace(/-----END CERTIFICATE-----/, "")
+            .replace(/[\r\n]/g, "");
+}
+
+function readFile(file) {
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
+                  .createInstance(Ci.nsIFileInputStream);
+  fstream.init(file, -1, 0, 0);
+  let data = NetUtil.readInputStreamToString(fstream, fstream.available());
+  fstream.close();
+  return data;
+}
+
+function addCertFromFile(certdb, filename, trustString) {
+  let certFile = do_get_file(filename, false);
+  let certBytes = readFile(certFile);
+  let successful = false;
+  try {
+    certdb.addCert(certBytes, trustString, null);
+    successful = true;
+  } catch (e) {}
+  if (!successful) {
+    // It might be PEM instead of DER.
+    certdb.addCertFromBase64(pemToBase64(certBytes), trustString, null);
+  }
+}
+
+function constructCertFromFile(filename) {
+  let certFile = do_get_file(filename, false);
+  let certBytes = readFile(certFile);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  try {
+    return certdb.constructX509(certBytes, certBytes.length);
+  } catch (e) {}
+  // It might be PEM instead of DER.
+  return certdb.constructX509FromBase64(pemToBase64(certBytes));
+}
+
+function setCertTrust(cert, trustString) {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+  certdb.setCertTrustFromString(cert, trustString);
+}
+
+function getXPCOMStatusFromNSS(statusNSS) {
+  let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"]
+                           .getService(Ci.nsINSSErrorsService);
+  return nssErrorsService.getXPCOMFromNSSError(statusNSS);
+}
+
+// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
+// In particular, hostname is optional.
+function checkCertErrorGenericAtTime(certdb, cert, expectedError, usage, time,
+                                     /*optional*/ hasEVPolicy,
+                                     /*optional*/ hostname) {
+  do_print(`cert cn=${cert.commonName}`);
+  do_print(`cert issuer cn=${cert.issuerCommonName}`);
+  let verifiedChain = {};
+  let error = certdb.verifyCertAtTime(cert, usage, NO_FLAGS, hostname, time,
+                                      verifiedChain, hasEVPolicy || {});
+  Assert.equal(error, expectedError,
+               "Actual and expected error should match");
+}
+
+// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
+// In particular, hostname is optional.
+function checkCertErrorGeneric(certdb, cert, expectedError, usage,
+                               /*optional*/ hasEVPolicy,
+                               /*optional*/ hostname) {
+  do_print(`cert cn=${cert.commonName}`);
+  do_print(`cert issuer cn=${cert.issuerCommonName}`);
+  let verifiedChain = {};
+  let error = certdb.verifyCertNow(cert, usage, NO_FLAGS, hostname,
+                                   verifiedChain, hasEVPolicy || {});
+  Assert.equal(error, expectedError,
+               "Actual and expected error should match");
+}
+
+function checkEVStatus(certDB, cert, usage, isEVExpected) {
+  let hasEVPolicy = {};
+  checkCertErrorGeneric(certDB, cert, PRErrorCodeSuccess, usage, hasEVPolicy);
+  Assert.equal(hasEVPolicy.value, isEVExpected,
+               "Actual and expected EV status should match");
+}
+
+function _getLibraryFunctionWithNoArguments(functionName, libraryName,
+                                            returnType) {
+  // Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js
+  let path = ctypes.libraryName(libraryName);
+
+  // XXX really want to be able to pass specific dlopen flags here.
+  let nsslib;
+  try {
+    nsslib = ctypes.open(path);
+  } catch (e) {
+    // In case opening the library without a full path fails,
+    // try again with a full path.
+    let file = Services.dirsvc.get("GreBinD", Ci.nsILocalFile);
+    file.append(path);
+    nsslib = ctypes.open(file.path);
+  }
+
+  let SECStatus = ctypes.int;
+  let func = nsslib.declare(functionName, ctypes.default_abi,
+                            returnType || SECStatus);
+  return func;
+}
+
+function clearOCSPCache() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  certdb.clearOCSPCache();
+}
+
+function clearSessionCache() {
+  let SSL_ClearSessionCache = null;
+  try {
+    SSL_ClearSessionCache =
+      _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "ssl3");
+  } catch (e) {
+    // On Windows, this is actually in the nss3 library.
+    SSL_ClearSessionCache =
+      _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "nss3");
+  }
+  if (!SSL_ClearSessionCache || SSL_ClearSessionCache() != 0) {
+    throw new Error("Failed to clear SSL session cache");
+  }
+}
+
+function getSSLStatistics() {
+  let SSL3Statistics = new ctypes.StructType("SSL3Statistics",
+                           [ { "sch_sid_cache_hits": ctypes.long },
+                             { "sch_sid_cache_misses": ctypes.long },
+                             { "sch_sid_cache_not_ok": ctypes.long },
+                             { "hsh_sid_cache_hits": ctypes.long },
+                             { "hsh_sid_cache_misses": ctypes.long },
+                             { "hsh_sid_cache_not_ok": ctypes.long },
+                             { "hch_sid_cache_hits": ctypes.long },
+                             { "hch_sid_cache_misses": ctypes.long },
+                             { "hch_sid_cache_not_ok": ctypes.long },
+                             { "sch_sid_stateless_resumes": ctypes.long },
+                             { "hsh_sid_stateless_resumes": ctypes.long },
+                             { "hch_sid_stateless_resumes": ctypes.long },
+                             { "hch_sid_ticket_parse_failures": ctypes.long }]);
+  let SSL3StatisticsPtr = new ctypes.PointerType(SSL3Statistics);
+  let SSL_GetStatistics = null;
+  try {
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics",
+                                                           "ssl3",
+                                                           SSL3StatisticsPtr);
+  } catch (e) {
+    // On Windows, this is actually in the nss3 library.
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics",
+                                                           "nss3",
+                                                           SSL3StatisticsPtr);
+  }
+  if (!SSL_GetStatistics) {
+    throw new Error("Failed to get SSL statistics");
+  }
+  return SSL_GetStatistics();
+}
+
+// Set up a TLS testing environment that has a TLS server running and
+// ready to accept connections. This async function starts the server and
+// waits for the server to indicate that it is ready.
+//
+// Each test should have its own subdomain of example.com, for example
+// my-first-connection-test.example.com. The server can use the server
+// name (passed through the SNI TLS extension) to determine what behavior
+// the server side of the text should exhibit. See TLSServer.h for more
+// information on how to write the server side of tests.
+//
+// Create a new source file for your new server executable in
+// security/manager/ssl/tests/unit/tlsserver/cmd similar to the other ones in
+// that directory, and add a reference to it to the sources variable in that
+// directory's moz.build.
+//
+// Modify TEST_HARNESS_BINS in
+// testing/mochitest/Makefile.in and NO_PKG_FILES in
+// toolkit/mozapps/installer/packager.mk to make sure the new executable
+// gets included in the packages used for shipping the tests to the test
+// runners in our build/test farm. (Things will work fine locally without
+// these changes but will break on TBPL.)
+//
+// Your test script should look something like this:
+/*
+
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// <documentation on your test>
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("<test-server-name>", "<path-to-certificate-directory>");
+
+  add_connection_test("<test-name-1>.example.com",
+                      SEC_ERROR_xxx,
+                      function() { ... },
+                      function(aTransportSecurityInfo) { ... },
+                      function(aTransport) { ... });
+  [...]
+  add_connection_test("<test-name-n>.example.com", PRErrorCodeSuccess);
+
+  run_next_test();
+}
+*/
+
+function add_tls_server_setup(serverBinName, certsPath) {
+  add_test(function() {
+    _setupTLSServerTest(serverBinName, certsPath);
+  });
+}
+
+/**
+ * Add a TLS connection test case.
+ *
+ * @param {String} aHost
+ *   The hostname to pass in the SNI TLS extension; this should unambiguously
+ *   identify which test is being run.
+ * @param {PRErrorCode} aExpectedResult
+ *   The expected result of the connection. If an error is not expected, pass
+ *   in PRErrorCodeSuccess.
+ * @param {Function} aBeforeConnect
+ *   A callback function that takes no arguments that will be called before the
+ *   connection is attempted.
+ * @param {Function} aWithSecurityInfo
+ *   A callback function that takes an nsITransportSecurityInfo, which is called
+ *   after the TLS handshake succeeds.
+ * @param {Function} aAfterStreamOpen
+ *   A callback function that is called with the nsISocketTransport once the
+ *   output stream is ready.
+ * @param {OriginAttributes} aOriginAttributes (optional)
+ *   The origin attributes that the socket transport will have. This parameter
+ *   affects OCSP because OCSP cache is double-keyed by origin attributes' first
+ *   party domain.
+ */
+function add_connection_test(aHost, aExpectedResult,
+                             aBeforeConnect, aWithSecurityInfo,
+                             aAfterStreamOpen,
+                             /*optional*/ aOriginAttributes) {
+  const REMOTE_PORT = 8443;
+
+  function Connection(host) {
+    this.host = host;
+    let threadManager = Cc["@mozilla.org/thread-manager;1"]
+                          .getService(Ci.nsIThreadManager);
+    this.thread = threadManager.currentThread;
+    this.defer = Promise.defer();
+    let sts = Cc["@mozilla.org/network/socket-transport-service;1"]
+                .getService(Ci.nsISocketTransportService);
+    this.transport = sts.createTransport(["ssl"], 1, host, REMOTE_PORT, null);
+    // See bug 1129771 - attempting to connect to [::1] when the server is
+    // listening on 127.0.0.1 causes frequent failures on OS X 10.10.
+    this.transport.connectionFlags |= Ci.nsISocketTransport.DISABLE_IPV6;
+    this.transport.setEventSink(this, this.thread);
+    if (aOriginAttributes) {
+      this.transport.originAttributes = aOriginAttributes;
+    }
+    this.inputStream = null;
+    this.outputStream = null;
+    this.connected = false;
+  }
+
+  Connection.prototype = {
+    // nsITransportEventSink
+    onTransportStatus: function(aTransport, aStatus, aProgress, aProgressMax) {
+      if (!this.connected && aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+        this.connected = true;
+        this.outputStream.asyncWait(this, 0, 0, this.thread);
+      }
+    },
+
+    // nsIInputStreamCallback
+    onInputStreamReady: function(aStream) {
+      try {
+        // this will throw if the stream has been closed by an error
+        let str = NetUtil.readInputStreamToString(aStream, aStream.available());
+        Assert.equal(str, "0",
+                     "Should have received ASCII '0' from server");
+        this.inputStream.close();
+        this.outputStream.close();
+        this.result = Cr.NS_OK;
+      } catch (e) {
+        this.result = e.result;
+      }
+      this.defer.resolve(this);
+    },
+
+    // nsIOutputStreamCallback
+    onOutputStreamReady: function(aStream) {
+      if (aAfterStreamOpen) {
+        aAfterStreamOpen(this.transport);
+      }
+      let sslSocketControl = this.transport.securityInfo
+                               .QueryInterface(Ci.nsISSLSocketControl);
+      sslSocketControl.proxyStartSSL();
+      this.outputStream.write("0", 1);
+      let inStream = this.transport.openInputStream(0, 0, 0)
+                       .QueryInterface(Ci.nsIAsyncInputStream);
+      this.inputStream = inStream;
+      this.inputStream.asyncWait(this, 0, 0, this.thread);
+    },
+
+    go: function() {
+      this.outputStream = this.transport.openOutputStream(0, 0, 0)
+                            .QueryInterface(Ci.nsIAsyncOutputStream);
+      return this.defer.promise;
+    }
+  };
+
+  /* Returns a promise to connect to host that resolves to the result of that
+   * connection */
+  function connectTo(host) {
+    Services.prefs.setCharPref("network.dns.localDomains", host);
+    let connection = new Connection(host);
+    return connection.go();
+  }
+
+  add_test(function() {
+    if (aBeforeConnect) {
+      aBeforeConnect();
+    }
+    connectTo(aHost).then(function(conn) {
+      do_print("handling " + aHost);
+      let expectedNSResult = aExpectedResult == PRErrorCodeSuccess
+                           ? Cr.NS_OK
+                           : getXPCOMStatusFromNSS(aExpectedResult);
+      Assert.equal(conn.result, expectedNSResult,
+                   "Actual and expected connection result should match");
+      if (aWithSecurityInfo) {
+        aWithSecurityInfo(conn.transport.securityInfo
+                              .QueryInterface(Ci.nsITransportSecurityInfo));
+      }
+      run_next_test();
+    });
+  });
+}
+
+function _getBinaryUtil(binaryUtilName) {
+  let directoryService = Cc["@mozilla.org/file/directory_service;1"]
+                           .getService(Ci.nsIProperties);
+
+  let utilBin = directoryService.get("CurProcD", Ci.nsILocalFile);
+  utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  // If we're testing locally, the above works. If not, the server executable
+  // is in another location.
+  if (!utilBin.exists()) {
+    utilBin = directoryService.get("CurWorkD", Ci.nsILocalFile);
+    while (utilBin.path.indexOf("xpcshell") != -1) {
+      utilBin = utilBin.parent;
+    }
+    utilBin.append("bin");
+    utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  }
+  // But maybe we're on Android or B2G, where binaries are in /data/local/xpcb.
+  if (!utilBin.exists()) {
+    utilBin.initWithPath("/data/local/xpcb/");
+    utilBin.append(binaryUtilName);
+  }
+  Assert.ok(utilBin.exists(), `Binary util ${binaryUtilName} should exist`);
+  return utilBin;
+}
+
+// Do not call this directly; use add_tls_server_setup
+function _setupTLSServerTest(serverBinName, certsPath)
+{
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+  // The trusted CA that is typically used for "good" certificates.
+  addCertFromFile(certdb, `${certsPath}/test-ca.pem`, "CTu,u,u");
+
+  const CALLBACK_PORT = 8444;
+
+  let directoryService = Cc["@mozilla.org/file/directory_service;1"]
+                           .getService(Ci.nsIProperties);
+  let envSvc = Cc["@mozilla.org/process/environment;1"]
+                 .getService(Ci.nsIEnvironment);
+  let greBinDir = directoryService.get("GreBinD", Ci.nsIFile);
+  envSvc.set("DYLD_LIBRARY_PATH", greBinDir.path);
+  // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD"
+  // does not return this path on Android, so hard code it here.
+  envSvc.set("LD_LIBRARY_PATH", greBinDir.path + ":/data/local/xpcb");
+  envSvc.set("MOZ_TLS_SERVER_DEBUG_LEVEL", "3");
+  envSvc.set("MOZ_TLS_SERVER_CALLBACK_PORT", CALLBACK_PORT);
+
+  let httpServer = new HttpServer();
+  httpServer.registerPathHandler("/",
+      function handleServerCallback(aRequest, aResponse) {
+        aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+        aResponse.setHeader("Content-Type", "text/plain");
+        let responseBody = "OK!";
+        aResponse.bodyOutputStream.write(responseBody, responseBody.length);
+        do_execute_soon(function() {
+          httpServer.stop(run_next_test);
+        });
+      });
+  httpServer.start(CALLBACK_PORT);
+
+  let serverBin = _getBinaryUtil(serverBinName);
+  let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess);
+  process.init(serverBin);
+  let certDir = directoryService.get("CurWorkD", Ci.nsILocalFile);
+  certDir.append(`${certsPath}`);
+  Assert.ok(certDir.exists(), `certificate folder (${certsPath}) should exist`);
+  // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
+  process.run(false, [ "sql:" + certDir.path ], 1);
+
+  do_register_cleanup(function() {
+    process.kill();
+  });
+}
+
+// Returns an Array of OCSP responses for a given ocspRespArray and a location
+// for a nssDB where the certs and public keys are prepopulated.
+// ocspRespArray is an array of arrays like:
+// [ [typeOfResponse, certnick, extracertnick]...]
+function generateOCSPResponses(ocspRespArray, nssDBlocation)
+{
+  let utilBinName = "GenerateOCSPResponse";
+  let ocspGenBin = _getBinaryUtil(utilBinName);
+  let retArray = [];
+
+  for (let i = 0; i < ocspRespArray.length; i++) {
+    let argArray = [];
+    let ocspFilepre = do_get_file(i.toString() + ".ocsp", true);
+    let filename = ocspFilepre.path;
+    // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
+    argArray.push("sql:" + nssDBlocation);
+    argArray.push(ocspRespArray[i][0]); // ocsRespType;
+    argArray.push(ocspRespArray[i][1]); // nick;
+    argArray.push(ocspRespArray[i][2]); // extranickname
+    argArray.push(filename);
+    do_print("argArray = " + argArray);
+
+    let process = Cc["@mozilla.org/process/util;1"]
+                    .createInstance(Ci.nsIProcess);
+    process.init(ocspGenBin);
+    process.run(true, argArray, 5);
+    Assert.equal(0, process.exitValue, "Process exit value should be 0");
+    let ocspFile = do_get_file(i.toString() + ".ocsp", false);
+    retArray.push(readFile(ocspFile));
+    ocspFile.remove(false);
+  }
+  return retArray;
+}
+
+// Starts and returns an http responder that will cause a test failure if it is
+// queried. The server identities are given by a non-empty array
+// serverIdentities.
+function getFailingHttpServer(serverPort, serverIdentities) {
+  let httpServer = new HttpServer();
+  httpServer.registerPrefixHandler("/", function(request, response) {
+    Assert.ok(false, "HTTP responder should not have been queried");
+  });
+  httpServer.identity.setPrimary("http", serverIdentities.shift(), serverPort);
+  serverIdentities.forEach(function(identity) {
+    httpServer.identity.add("http", identity, serverPort);
+  });
+  httpServer.start(serverPort);
+  return httpServer;
+}
+
+// Starts an http OCSP responder that serves good OCSP responses and
+// returns an object with a method stop that should be called to stop
+// the http server.
+// NB: Because generating OCSP responses inside the HTTP request
+// handler can cause timeouts, the expected responses are pre-generated
+// all at once before starting the server. This means that their producedAt
+// times will all be the same. If a test depends on this not being the case,
+// perhaps calling startOCSPResponder twice (at different times) will be
+// necessary.
+//
+// serverPort is the port of the http OCSP responder
+// identity is the http hostname that will answer the OCSP requests
+// nssDBLocation is the location of the NSS database from where the OCSP
+//   responses will be generated (assumes appropiate keys are present)
+// expectedCertNames is an array of nicks of the certs to be responsed
+// expectedBasePaths is an optional array that is used to indicate
+//   what is the expected base path of the OCSP request.
+// expectedMethods is an optional array of methods ("GET" or "POST") indicating
+//   by which HTTP method the server is expected to be queried.
+// expectedResponseTypes is an optional array of OCSP response types to use (see
+//   GenerateOCSPResponse.cpp).
+function startOCSPResponder(serverPort, identity, nssDBLocation,
+                            expectedCertNames, expectedBasePaths,
+                            expectedMethods, expectedResponseTypes) {
+  let ocspResponseGenerationArgs = expectedCertNames.map(
+    function(expectedNick) {
+      let responseType = "good";
+      if (expectedResponseTypes && expectedResponseTypes.length >= 1) {
+        responseType = expectedResponseTypes.shift();
+      }
+      return [responseType, expectedNick, "unused"];
+    }
+  );
+  let ocspResponses = generateOCSPResponses(ocspResponseGenerationArgs,
+                                            nssDBLocation);
+  let httpServer = new HttpServer();
+  httpServer.registerPrefixHandler("/",
+    function handleServerCallback(aRequest, aResponse) {
+      do_print("got request for: " + aRequest.path);
+      let basePath = aRequest.path.slice(1).split("/")[0];
+      if (expectedBasePaths.length >= 1) {
+        Assert.equal(basePath, expectedBasePaths.shift(),
+                     "Actual and expected base path should match");
+      }
+      Assert.ok(expectedCertNames.length >= 1,
+                "expectedCertNames should contain >= 1 entries");
+      if (expectedMethods && expectedMethods.length >= 1) {
+        Assert.equal(aRequest.method, expectedMethods.shift(),
+                     "Actual and expected fetch method should match");
+      }
+      aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+      aResponse.setHeader("Content-Type", "application/ocsp-response");
+      aResponse.write(ocspResponses.shift());
+    });
+  httpServer.identity.setPrimary("http", identity, serverPort);
+  httpServer.start(serverPort);
+  return {
+    stop: function(callback) {
+      // make sure we consumed each expected response
+      Assert.equal(ocspResponses.length, 0,
+                   "Should have 0 remaining expected OCSP responses");
+      if (expectedMethods) {
+        Assert.equal(expectedMethods.length, 0,
+                     "Should have 0 remaining expected fetch methods");
+      }
+      if (expectedBasePaths) {
+        Assert.equal(expectedBasePaths.length, 0,
+                     "Should have 0 remaining expected base paths");
+      }
+      if (expectedResponseTypes) {
+        Assert.equal(expectedResponseTypes.length, 0,
+                     "Should have 0 remaining expected response types");
+      }
+      httpServer.stop(callback);
+    }
+  };
+}
+
+// A prototype for a fake, error-free sslstatus
+var FakeSSLStatus = function(certificate) {
+  this.serverCert = certificate;
+};
+
+FakeSSLStatus.prototype = {
+  serverCert: null,
+  cipherName: null,
+  keyLength: 2048,
+  isDomainMismatch: false,
+  isNotValidAtThisTime: false,
+  isUntrusted: false,
+  isExtendedValidation: false,
+  getInterface: function(aIID) {
+    return this.QueryInterface(aIID);
+  },
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Ci.nsISSLStatus) ||
+        aIID.equals(Ci.nsISupports)) {
+      return this;
+    }
+    throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+  },
+};
+
+// Utility functions for adding tests relating to certificate error overrides
+
+// Helper function for add_cert_override_test. Probably doesn't need to be
+// called directly.
+function add_cert_override(aHost, aExpectedBits, aExpectedErrorRegexp,
+                           aSecurityInfo) {
+  if (aExpectedErrorRegexp) {
+    do_print(aSecurityInfo.errorMessage);
+    Assert.ok(aExpectedErrorRegexp.test(aSecurityInfo.errorMessage),
+              "Actual error message should match expected error regexp");
+  }
+  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+                               .SSLStatus;
+  let bits =
+    (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
+    (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
+    (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
+  Assert.equal(bits, aExpectedBits,
+               "Actual and expected override bits should match");
+  let cert = sslstatus.serverCert;
+  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                              .getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
+                                               true);
+}
+
+// Given a host, expected error bits (see nsICertOverrideService.idl), an
+// expected error code, and optionally a regular expression that the resulting
+// error message must match, tests that an initial connection to the host fails
+// with the expected errors and that adding an override results in a subsequent
+// connection succeeding.
+function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
+                                aExpectedErrorRegexp = undefined) {
+  add_connection_test(aHost, aExpectedError, null,
+                      add_cert_override.bind(this, aHost, aExpectedBits,
+                                             aExpectedErrorRegexp));
+  add_connection_test(aHost, PRErrorCodeSuccess, null, aSecurityInfo => {
+    Assert.ok(aSecurityInfo.securityState &
+              Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+              "Cert override flag should be set on the security state");
+  });
+}
+
+// Helper function for add_prevented_cert_override_test. This is much like
+// add_cert_override except it may not be the case that the connection has an
+// SSLStatus set on it. In this case, the error was not overridable anyway, so
+// we consider it a success.
+function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
+  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+                               .SSLStatus;
+  if (sslstatus) {
+    let bits =
+      (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
+      (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
+      (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
+    Assert.equal(bits, aExpectedBits,
+                 "Actual and expected override bits should match");
+    let cert = sslstatus.serverCert;
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
+                                                 true);
+  }
+}
+
+// Given a host, expected error bits (see nsICertOverrideService.idl), and
+// an expected error code, tests that an initial connection to the host fails
+// with the expected errors and that adding an override does not result in a
+// subsequent connection succeeding (i.e. the same error code is encountered).
+// The idea here is that for HSTS hosts or hosts with key pins, no error is
+// overridable, even if an entry is added to the override service.
+function add_prevented_cert_override_test(aHost, aExpectedBits, aExpectedError) {
+  add_connection_test(aHost, aExpectedError, null,
+                      attempt_adding_cert_override.bind(this, aHost, aExpectedBits));
+  add_connection_test(aHost, aExpectedError);
+}
+
+function loginToDBWithDefaultPassword() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+  let token = tokenDB.getInternalKeyToken();
+  token.initPassword("");
+  token.login(/*force*/ false);
+}
+
+// Helper for asyncTestCertificateUsages.
+class CertVerificationResult {
+  constructor(certName, usageString, successExpected, resolve) {
+    this.certName = certName;
+    this.usageString = usageString;
+    this.successExpected = successExpected;
+    this.resolve = resolve;
+  }
+
+  verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) {
+    if (this.successExpected) {
+      equal(aPRErrorCode, PRErrorCodeSuccess,
+            `verifying ${this.certName} for ${this.usageString} should succeed`);
+    } else {
+      notEqual(aPRErrorCode, PRErrorCodeSuccess,
+               `verifying ${this.certName} for ${this.usageString} should fail`);
+    }
+    this.resolve();
+  }
+}
+
+/**
+ * Asynchronously attempts to verify the given certificate for all supported
+ * usages (see allCertificateUsages). Verifies that the results match the
+ * expected successful usages. Returns a promise that will resolve when all
+ * verifications have been performed.
+ * Verification happens "now" with no specified flags or hostname.
+ *
+ * @param {nsIX509CertDB} certdb
+ *   The certificate database to use to verify the certificate.
+ * @param {nsIX509Cert} cert
+ *   The certificate to be verified.
+ * @param {Number[]} expectedUsages
+ *   A list of usages (as their integer values) that are expected to verify
+ *   successfully.
+ * @return {Promise}
+ *   A promise that will resolve with no value when all asynchronous operations
+ *   have completed.
+ */
+function asyncTestCertificateUsages(certdb, cert, expectedUsages) {
+  let now = (new Date()).getTime() / 1000;
+  let promises = [];
+  Object.keys(allCertificateUsages).forEach(usageString => {
+    let promise = new Promise((resolve, reject) => {
+      let usage = allCertificateUsages[usageString];
+      let successExpected = expectedUsages.includes(usage);
+      let result = new CertVerificationResult(cert.commonName, usageString,
+                                              successExpected, resolve);
+      certdb.asyncVerifyCertAtTime(cert, usage, 0, null, now, result);
+    });
+    promises.push(promise);
+  });
+  return Promise.all(promises);
+}
+
+/**
+ * Loads the pkcs11testmodule.cpp test PKCS #11 module, and registers a cleanup
+ * function that unloads it once the calling test completes.
+ *
+ * @param {Boolean} expectModuleUnloadToFail
+ *                  Should be set to true for tests that manually unload the
+ *                  test module, so the attempt to auto unload the test module
+ *                  doesn't cause a test failure. Should be set to false
+ *                  otherwise, so failure to automatically unload the test
+ *                  module gets reported.
+ */
+function loadPKCS11TestModule(expectModuleUnloadToFail) {
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(ctypes.libraryName("pkcs11testmodule"));
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
+
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  do_register_cleanup(() => {
+    try {
+      pkcs11.deleteModule("PKCS11 Test Module");
+    } catch (e) {
+      Assert.ok(expectModuleUnloadToFail,
+                `Module unload should suceed only when expected: ${e}`);
+    }
+  });
+  pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
+}
diff --git a/security/manager/ssl/tests/unit/moz.build b/security/manager/ssl/tests/unit/moz.build
new file mode 100644
index 000000000..8a97120c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/moz.build
@@ -0,0 +1,37 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ['tlsserver']
+
+if not CONFIG['MOZ_NO_SMART_CARDS']:
+    DIRS += ['pkcs11testmodule']
+
+TEST_DIRS += [
+    'bad_certs',
+    'ocsp_certs',
+    'test_baseline_requirements',
+    'test_cert_eku',
+    'test_cert_embedded_null',
+    'test_cert_keyUsage',
+    'test_cert_sha1',
+    'test_cert_signatures',
+    'test_cert_trust',
+    'test_cert_version',
+    'test_certDB_import',
+    'test_content_signing',
+    'test_ev_certs',
+    'test_getchain',
+    'test_intermediate_basic_usage_constraints',
+    'test_keysize',
+    'test_keysize_ev',
+    'test_name_constraints',
+    'test_ocsp_fetch_method',
+    'test_ocsp_url',
+    'test_onecrl',
+    'test_pinning_dynamic',
+    'test_startcom_wosign',
+    'test_validity',
+]
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem
new file mode 100644
index 000000000..ae40112c3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAiugAwIBAgIUBUmy5jtGrDso26TeIelwmtF+KFAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBJbnRlcm1lZGlhdGUgdXNlZCBhcyBF
+bmQtRW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo3IwcDAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYw
+JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAsBgNVHREEJTAj
+giFjYS11c2VkLWFzLWVuZC1lbnRpdHkuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEL
+A4IBAQApr3pPS4uWz6oPEhrTO73K+JTP2VRTKgtbooPhOZ6tCRz75P729RzVOEZF
+Vf87VSFTTXUdG5Q6+SDNuCdDuyyPR4q38s+8jgv3OVfsEbhPuSx73pLAzYg727Ip
+U2ROGoVysc3JrUfwPZSvQ/i4iqdb2sVwtqR5LM1nApy5+p6Ef8cwjfm9qsdrHlnx
+3VdiioEOp+8SKH5rzfZe+1jepRODlqvFEO9gFbaqjHLzL005xAcfpsZPH5JzDhqD
+g4QiIFlm+wwQ9pTBpk1ZmbgDyk4frrxughFsbR4zDDTfJCREa5RlwH34xOkx/cTu
+ee/qZzerx61VI88GvLK87eX2ZiH1
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
new file mode 100644
index 000000000..8e16705b5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate used as End-Entity
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:ca-used-as-end-entity.example.com
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem
new file mode 100644
index 000000000..0a9eaebb5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm+gAwIBAgIUNRvpOhsDHEYbRf6bsiAPbvKe2VAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHH
+MIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbYIVKi5waW5u
+aW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4
+YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUu
+Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z
+dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAH6+Qe/y1TTCx2w6f31VWp5lcizPkS8s
+ODfbgT9pKYqqvYDeiDu3q8SLGHTTsHWWewBCu5Jd0mXPXfZ4FEHcwbVJZUZBvQVr
+1aNBCriuzhNUyfjkvfCgM4OuxgNwjbihGDE8VzfxTiz8mDN0AgACCZaUTQnybQc0
+SW+ldxspBgQJom0tkZ+TGi80L3/5P5J2+7AchxhAZzQmebDnxNYDZXCJH8w15was
+OzM5BrQzz3vuxupO7lsRzZIzAU+uQD4bjcMpz3oMdj3/0lb0HZGMdU22Ub36PvLC
+6mYbTtf0IS5TVyLnbCNeliE6zoPnQPBzAUfoOeD1Tn6HQUQUT8oTf2E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
new file mode 100644
index 000000000..554339ff5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem
new file mode 100644
index 000000000..c002ab376
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUIxRG1UWRha0HYTAhwhrKHkbqmyMwCwYJKoZIhvcNAQEF
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowKDEmMCQGA1UEAwwdVGVzdCBTSEExIERlbGVnYXRlZCBSZXNwb25k
+ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBdcZSZgmfdwgqZ5Hx
+uHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBICRMWE
+pMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzHBuvN
+MHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZmJUeX
+7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW8YfN
+1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4ZHXEh
+aNO7AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAsGCSqGSIb3DQEBBQOC
+AQEANLgtJ15k2R80tTTbdC1m/ZASP24kA5t+lMUcZ2nBrIAKivNshI8oI3BVqq6a
+/SP+0D1A0OGkOy8NwwlXhTb5ZAJj8SJyMrfanuGzZQhzFrQc55KeETCm8nPyzGQ9
+bqQs1LETdVsdYXIsY+ODCIHHc3GrC7M4AcfeWobi+fANOYiTkohu+xMrwkNk0cpC
+7rGru+XJwmljnc0OwcMeClLOpqRGVXV7bVBQmM731dBSqQabDkOANqEzSD9R7cJN
+I/UXxZ24i80bErMcgYQIKA6JwS9deLrx1PVc5s5rsZjMtDT8vuDiRXNbjtbINYFw
+MncXL0zcoBe7IV3rdJwY+y3Snw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
new file mode 100644
index 000000000..bdf3e2ee4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test SHA1 Delegated Responder
+subjectKey:alternate
+signature:sha1WithRSAEncryption
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem
new file mode 100644
index 000000000..a89c8d2f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2jCCAcSgAwIBAgIUQXEL+8VLzS0MV1fxD5oqP+1e6jMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIzEhMB8GA1UEAwwYVGVzdCBEZWxlZ2F0ZWQgUmVzcG9uZGVyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c
+5TiwbErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF
+5ROMAQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM
+5AqlkdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiI
+CBFCIGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1
+uJMPdLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwID
+AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBABNl
+rZcaJMbZvRzFDOZ7ZFjf/hqf/VxFBwiP7JOY3ZpvUTkvZkHdEQIaps9Lg0PRWsVj
+Q23PgVUJnsRL1qIFsYHDJ0NB3X+ly7IV2kjH0LBshN+8/xHgCzZy6FXtC5tNa3gT
+7GFQONTVRoVnnI8JlGMgFFrgY4H/Eyz9YlD6Sgf/zmouPCftajAyKLIrn0wDZXLv
+6Cla7n71vDVp8XsdyNZsDVa3x3eU83zzhvQkZz14ScoDzdC0S6Rk9fUTZIm4x/lJ
+LV93G6M7AyfnK51EKJR2woG/shfpLXV7Wvc/1122vTQaBqvXwervYKfndf3IRx6U
+JkHz9cSPh0zZyGpaY3Y=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
new file mode 100644
index 000000000..19971eeb4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Delegated Responder
+subjectKey:alternate
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem
new file mode 100644
index 000000000..ace363638
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/jCCAeigAwIBAgIUfRaj/hxb3Q6v50uP5RoPLfCSeqkwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMD0xOzA5BgNVBAMMMlRlc3QgSW52YWxpZCBEZWxl
+Z2F0ZWQgUmVzcG9uZGVyIEZyb20gSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+m
+Wtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidg
+uuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5m
+aR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izm
+h4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWck
+KrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABoxcwFTATBgNV
+HSUEDDAKBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBAJqijOH0m68uOc5OkrTx
+R4TW6UKEE4FluKJj4WmS5REzWs1IBn/9JYPJEVyvCfVAiEqlxJEaY0Rie+L57Sqt
+l57QSIprq2oAqjMHgmNljA7oXumsuGtIMn3E504jCjnejpIXjrLZYcfFTEub8c/A
+FF/6Vx7w3Lz9WUdSnC99k5Iu4sa/5OnwUP4/DqchHK3+hx3pOQCgRIBB0imcucjW
+XVJnJhI2S1Dny9bNRXm3uj4wk4QgbZPHEyAbTbqSQzBCtA2oir5dODffciqVa12C
+FfMjcYYGZI7gJ9BvT5zb2GFWIKOwcEBL/4lcm/NQToNF/0FFNAThlVLp6NEEYkIj
+QbE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
new file mode 100644
index 000000000..be0d3e9e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate
+subject:Test Invalid Delegated Responder From Intermediate
+subjectKey:alternate
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem
new file mode 100644
index 000000000..e3ce67d25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUe3gW1PDzhB2nX+14539sWNQNpuQwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowPzE9MDsGA1UEAww0VGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw
+b25kZXIga2V5VXNhZ2UgY3JsU2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJ
+isSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF
+2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElE
+WQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzS
+g3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0Y
+xMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMPMA0wCwYDVR0PBAQDAgEC
+MAsGCSqGSIb3DQEBCwOCAQEAO0hG0xJvxlFc9STPEUfmQezbGJt242zAUVyDT0ZS
+K/gQhhWAjjnfVdUz0dWG/RyH9eaIg4SYc+8+igmKyZL+dvhiEgc0dEWk7nCj+G9/
+SomG+QanABPo7S63HnNjSHq0Z3+j1UNFi1Nu3Neeo3yRgwBwHUVerT/iEaKX6s6V
+vYaDvPYDK3F5jxE3IUi2zwCMWssm77qOfAMoHx9DZ4Y0Hy5YeYS17mhRpUhYo8Qu
+EoEnQVt5+bwBQOsHB86zpjN/8GX9iQGrh/F+31W3qgZYhNwT0dxBgZ8+1/hymzha
+rudGgX7xhPC/qaui7LejAFoJZXz7t2s8QP4oqp/gOZ0oyA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
new file mode 100644
index 000000000..2833ed9b5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder keyUsage crlSigning
+subjectKey:alternate
+extension:keyUsage:cRLSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem
new file mode 100644
index 000000000..3f00a11b7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAcKgAwIBAgIUeekP5v4eDV4Q3Mhxh7hyoRYhoYMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowOjE4MDYGA1UEAwwvVGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw
+b25kZXIgTm8gZXh0S2V5VXNhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB
+9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nf
+rzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPq
+Sf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+T
+KxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaP
+w3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAEwCwYJKoZIhvcNAQELA4IBAQBgElte
++KdSalMaq0BsyEkiYRwnsC+LlVJCHffa8RdLZ6av4/k6VFBhP/ssQZOjefG6GAB4
+bNvP/Cll878+fq9whu/3X9ZznL1TLZA1Ej7clSbiCP3TfmPmUeXu6/KMD22o/k/0
+L2cZjABi+Uctu2XxvAn9yN0+I/yulmrVUPcJJLhcMA/L3Drud+ePzjztXpn9DEuO
+zJvbT69gWuj61XshHgolczSkALsavYOs9tF9XQYClOcNrr6SiiMBYcarHyB1H+6G
+lyd+acDokI0uMuYu+25ucTf0HX8qG6K83Dr6sTCraIKnq59/zbplMsgtocklddJn
+5sWaGwVtmt1twn2c
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
new file mode 100644
index 000000000..92444c94a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder No extKeyUsage
+subjectKey:alternate
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem
new file mode 100644
index 000000000..b1a665aa9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9DCCAd6gAwIBAgIUaaTPCaYAcxp4TZ4q8Wcjz6W7UW0wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowPTE7MDkGA1UEAwwyVGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw
+b25kZXIgV3JvbmcgZXh0S2V5VXNhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrE
+o7PB9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmD
+E7nfrzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkL
+xaPqSf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1
+Ex+TKxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTA
+uMaPw3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG
+AQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAq7dWVM5N/G6AfpGNEGjK0tGgCzZdcUtt
+669gV+c45zUlmBFhoQ7P8i/491qaSH5LOOQFzkEzJ0hseylLKZraSC+dxIdc5CA1
+b53vBmjHxhba44C8eEEipG8K/7dljQGprF/0RMNlG9XLaukzVb/QeUK7hJ2EpKeB
+rq49TBH0nOirVaPO3xSSwXxNxE0X25zgAl/7Qju2mjMAXzvayN3RYTo/OhAyKXr4
+y5SVoXgQ1ZtlArHFjGCD2vcwWSXJBrJCZaVV0x3EzwKRZA7lGm4F9q0ZGCrBwmBk
+rXbL0JlESZPbMxHbE2rcQ6iI3u2mLUJ7qamLjs1Gc6YGnCOc7z2wCg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
new file mode 100644
index 000000000..bc704fbd4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder Wrong extKeyUsage
+subjectKey:alternate
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/moz.build b/security/manager/ssl/tests/unit/ocsp_certs/moz.build
new file mode 100644
index 000000000..187518829
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/moz.build
@@ -0,0 +1,42 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-used-as-end-entity.pem',
+#    'default-ee.pem',
+#    'delegatedSHA1Signer.pem',
+#    'delegatedSigner.pem',
+#    'invalidDelegatedSignerFromIntermediate.pem',
+#    'invalidDelegatedSignerKeyUsageCrlSigning.pem',
+#    'invalidDelegatedSignerNoExtKeyUsage.pem',
+#    'invalidDelegatedSignerWrongExtKeyUsage.pem',
+#    'multi-tls-feature-bad-ee.pem',
+#    'multi-tls-feature-good-ee.pem',
+#    'must-staple-ee.pem',
+#    'must-staple-ee-with-must-staple-int.pem',
+#    'must-staple-missing-ee.pem',
+#    'ocspEEWithIntermediate.pem',
+#    'ocspOtherEndEntity.pem',
+#    'other-test-ca.pem',
+#    'rsa-1016-keysizeDelegatedSigner.pem',
+#    'test-ca.pem',
+#    'test-int.pem',
+#    'test-multi-tls-feature-int.pem',
+#    'test-must-staple-int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'default-ee.key',
+#    'other-test-ca.key',
+#    'rsa-1016-keysizeDelegatedSigner.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem
new file mode 100644
index 000000000..3590df90b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgqgAwIBAgIUAc3BKte7ynCOlcIdQ7skOfR97WUwCwYJKoZIhvcNAQEL
+MDcxNTAzBgNVBAMMLFRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVsdGlwbGUgVExT
+IEZlYXR1cmVzMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCwx
+KjAoBgNVBAMMIU11bHRpIFRMUyBGZWF0dXJlIFRlc3QgRW5kLUVudGl0eTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaMvMC0wGAYDVR0RBBEwD4INKi5leGFtcGxlLmNvbTARBggrBgEFBQcBGAQFMAMC
+AQUwCwYJKoZIhvcNAQELA4IBAQAcse6lHIyWBVFBP3H4s35RrYiYkmcOVHundfO8
+uvLU+eKh4fFHiBMIHgBrwMH5NWC+ahAe/rc5mcT4tCh95p9TOLYf4Hl7sAAQBBVY
+eoReFpIor30mitKZ9XS/nBh2WtNCY7UN9oNdgo+MwW15OXSya0ayAZob/hdJqttR
+6+8y63CzBDe/LnUzZcHn/ecQpzjfPAjeFdFrH1ubhSgO/z/E8XOWh0BzwB8dFIw8
+cKHXAFz8vpp/OI+4ZLsfd8edXaCfJ8ysyHhJn3hq8A0KJCxRxaaw4LV+SZlq8TDH
+7Auel4lK2LVRLt9px+FoVOp2ySAHQ+ZJXVm9kGgKchFjFTpT
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec
new file mode 100644
index 000000000..3fa2793b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Multiple TLS Features
+subject:Multi TLS Feature Test End-Entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem
new file mode 100644
index 000000000..9902cf34e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAg2gAwIBAgIUTUm5ul0tN4EwdDlukUalvORwf9cwCwYJKoZIhvcNAQEL
+MDcxNTAzBgNVBAMMLFRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVsdGlwbGUgVExT
+IEZlYXR1cmVzMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCwx
+KjAoBgNVBAMMIU11bHRpIFRMUyBGZWF0dXJlIFRlc3QgRW5kLUVudGl0eTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaMyMDAwGAYDVR0RBBEwD4INKi5leGFtcGxlLmNvbTAUBggrBgEFBQcBGAQIMAYC
+AQUCAQYwCwYJKoZIhvcNAQELA4IBAQAQYR5dlm5vViftK6q+RRFU+SRr9UduirxU
+Kykrf1IhrnhnGs+XSf6awTrSWvPRZgnLgGOK+X8VTjTTFNPEHDBfXgSydj5hEEk2
+aqZThJYrtObYTLIOaFsfn72mitEhojFg1mUq3TvAVNQZrh1SKKEAH6fFTyTh7MG7
+JVkt44aU0KVXlvqr6wZ+lZ/C1rvUaVVVwanyd0OodvSjNT/3o/Y3F5MxNVH1JwE/
+MgixwIqBkxHva07XmpSCD+GoF2jnBd0kTJOiDd+hVbIqkDN1/b00zI8l9Gu5JIoh
+KDDIi2rkJ3khaGjHk934j8IHdGhq281/jTelNDak1FNcKZbhtIH6
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec
new file mode 100644
index 000000000..7a8dd223d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Multiple TLS Features
+subject:Multi TLS Feature Test End-Entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple,6
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem
new file mode 100644
index 000000000..f11b4b0cf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAe6gAwIBAgIUI5EYmGMBogOQ/tZl8X6zfFiEEzgwCwYJKoZIhvcNAQEL
+MC0xKzApBgNVBAMMIlRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVzdC1TdGFwbGUw
+IhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwP
+VGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAYBgNVHREEETAPgg0qLmV4YW1wbGUu
+Y29tMBEGCCsGAQUFBwEYBAUwAwIBBTALBgkqhkiG9w0BAQsDggEBADnrurEZfGFH
+wRvnU4iAJf3JOdzUIAB2vPZh1dE7lI1/uqkdoVU7yJJ8ATfH1enD30S1mYOMJM7K
+GpWZXRPMSu8VLTmSc5e55GIGXUw/TlNQQ9XL/P1DTFU73Q/AzbxNOR4KO1UOyZAk
+EOFvYaDsMnx7WOlqKcg8ad5pi3UWqW97kAPNaGwnd6PVoeF+SZSoMgNJdNeupjYf
+izckdD0iP7kFCjlJn+NJNkiwE1WNabqgiWAJUfgH7ck5CR98+1DlGqqZP4FuyQW3
+2AGZYrKC1LZR623le9TZjHsfAWFcBFhrf+QoqRVhBsBLKWWKrRqEo2Erpj8najTe
+Q756exgcc5o=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec
new file mode 100644
index 000000000..352a60675
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Must-Staple
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem
new file mode 100644
index 000000000..9ad410a12
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUV0syO5TM/Hi/n/3k2+YYxrJdoUkwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAY
+BgNVHREEETAPgg0qLmV4YW1wbGUuY29tMBEGCCsGAQUFBwEYBAUwAwIBBTALBgkq
+hkiG9w0BAQsDggEBAIUrl9TwMdyfzqh7QH65lQ84r/+fdhYZmTAQC+Rb43aZBwCR
+WlhmJdcNSq6vIGorap0dAPC9+COLcOA6L0YcqaGxIf1fJdiCPuOR1r6Gnns2DnLi
+NkxEF8BfKi3POeGK5oEgAbvdvnZgL/GMMST9508WHMY6StjbyGZCE9nQh1dcVme1
+sJ6681Q3CnPYN6D2C/D5mJi8sgdjCPRvntHjfE8uHfvJ7r5/FjsXmY0r056QFPb6
+pi7YhaJP179c5jxQEfakz8zwu4vxkdCwyuj+WK0AjmVTp0vghiX9mHXyXvqTEQuz
+tO9XdoIyDDbG7Ki0CFkAObPBnSyf1kWaAHrjmVs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec
new file mode 100644
index 000000000..2cda40dc0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem
new file mode 100644
index 000000000..356235d2c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdugAwIBAgIUV9dOwBwg2FhF47/4B7qXwQrm1WowCwYJKoZIhvcNAQEL
+MC0xKzApBgNVBAMMIlRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVzdC1TdGFwbGUw
+IhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwP
+VGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABoxwwGjAYBgNVHREEETAPgg0qLmV4YW1wbGUu
+Y29tMAsGCSqGSIb3DQEBCwOCAQEAswPptGhoxspv+EZLQd99afqMGGOwoHVS3Chz
+HWRXD0CA41nqI+qjr6dAHPsCETwdmV/Mt0Nrm67p/LMQFRrlI8uXLu/l5dtbh4NT
+qBK3n8j/OTzdTxUh9YsXCa+k8sOQKTLnqgNQDJmrjQZ7L1i/N5xqc9LSG32e6wqr
+6gU3IKv5jWp7lhalkDg+z3VNyvkrPzh9VVWn5IhiHLb88eIEO8XCZ+4CdPR+m+6N
+x16VoWRDo0f2wp6vkQga/ow161mjNCXCaFrTOF7oR5qk+cJ6S46YFn3lS0qrmaee
+9kTQpvhsNpso1Oat9xPaaW7VUmREO8/X5YcFUPBXnkK023s33g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec
new file mode 100644
index 000000000..8e4a6ac0c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate With Must-Staple
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem
new file mode 100644
index 000000000..af8f05578
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhugAwIBAgIUC5PMK/apYIhhJmSJ5REzi1z8GkwwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCwxKjAoBgNVBAMMIVRlc3QgRW5kLWVudGl0eSB3
+aXRoIEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0RBBwwGoIJbG9jYWxob3N0
+gg0qLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0
+cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAKQk077vTRXtYJIB
+DlyrzAF/hGVjs1dw5DHiExEBcNs5VRqhx419dX+UBbTOGVakWWNCY3JVkuEU19yf
+W2iAAHLuwxmBs+bAJ9N2NvKg8cFH9NNtMfRc0V/9sFscOtRcws9EPHWK4KwQ/86F
+EIsm/hkAysKMOaS7+hz/Wk8zS0hTMXQaAnUTGs680gD2SflZBjD17oHpYAJ98qsu
+pUWHWRGM6aqb3nExTbwWW0KA6KV6LgpLnTuRzINLIICsShD+ILNGn3dmxL4XqlSq
+Fyt1Z/xfs/bsdYnGT8Q/6+cBVEvUNhb2dL+ASVMHVC0eLlIzB/lqNt2T1X3J4jZE
+AYgJ+oM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
new file mode 100644
index 000000000..ae3a51565
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate
+subject:Test End-entity with Intermediate
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem
new file mode 100644
index 000000000..0e9090fec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEDCCAfqgAwIBAgIUFUjNmE1SFk2rDh8tqRDSpaELFlMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowFTETMBEGA1UEAwwKT3RoZXIgQ2VydDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0R
+BBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAi
+BggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsD
+ggEBALNTenHEPdfs+i78r4CBw+GMnpFXBXnMp1nqVwnZfVTCz/XtWjwJr3Oxw1ws
+aaypMgtUgkiXGzpdt+OxwdZqH+Z+uaO5EU1e3VzCYvWTUVJ9HLsL0VMsy4OQCX76
+QlvGNr4wIeXu4mOIQRkxPfQHs/SYNo21brxu4oTZ3XJELLvMxKNguX/+FtkzSl/o
+jilWj9Pc6gKSiaAbgc3lowS7NvkpxCsz9wTsi/66UhqDg7/dqaQEktApAZEFO6w7
+Mhbm2FGb4d/2t24SlrtETt15MoyKd2vvySzsLcQtRRAug8w2PDqyL5i/EoJhWC5q
+MziTfNeX4JKbaasP/25bscXYqng=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
new file mode 100644
index 000000000..5756f6ab5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Other Cert
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key
new file mode 100644
index 000000000..6db74b5c5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq
+Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC
+RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH
+BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm
+JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW
+8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z
+HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw
+aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL
+GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH
+R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8
+/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q
+5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ
+xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG
+8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l
+Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ
++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk
+IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52
+TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH
+4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY
+T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM
+RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x
+hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8
+oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS
+vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6
+S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r
+KVFR3kS3f+Vaew3yceGaZcA=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
new file mode 100644
index 000000000..cbd5f309c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem
new file mode 100644
index 000000000..09bd4bb04
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUexJUIJpq50jgqOwQluhVrAzTF74wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8y
+MDI1MDEwMTAwMDAwMFowGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCL
+jKgNGmCVYhntJo024WL8bF6hekERMYQbu/CK9moz6wlOpRMOQX1x7U/ianPW9Whi
+yoMAgAgNhLr2+t4ewqU2xRxMY0DvMSOuF9l08mptCW5sd/ocrRZuv/RcBmLcRnJm
+Y+HuaVOvf1ac32pNN5HYagGQbvvpAaHB5/DyYcywqUM7SttK1QF+AOsGePZdYUK2
+Od5wJwB7yE1Fpgf6O4vZaE0JkTVh8GQipwoPms2GYk2E1sJXu9eUrLBfioVVN0TF
+QF4xJxSwyxY8ys5E4+ftIVixVdetrcotUdYR64x9Hd5OPr5Q7VaAvd85ZvuB7xeK
+eHxNGBjaJMf1tkamLr3p
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
new file mode 100644
index 000000000..3bc975aa2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
@@ -0,0 +1,7 @@
+issuer:Other test CA
+subject:Other test CA
+issuerKey:alternate
+subjectKey:alternate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key
new file mode 100644
index 000000000..d10324fb3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl
+GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ
+BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh
+WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK
+1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2
+s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV
+nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+
+gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr
+QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA
+Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh
+AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur
+SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx
+vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx
+nmTT4A==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
new file mode 100644
index 000000000..21ed73d60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
@@ -0,0 +1 @@
+rsa1016
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem
new file mode 100644
index 000000000..a6951536f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZzCCAVGgAwIBAgIUSX19XEIdc7camdQ5y1SkxOjYv7kwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowNTEzMDEGA1UEAwwqUlNBIDEwMTYgS2V5IFNpemUgVGVzdCBEZWxl
+Z2F0ZWQgUmVzcG9uZGVyMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgADSm7Ev
+uE/dzSmzpRnLZsQ7jY+L5UW6eThM5mPtA991mRYA65IHkNJTDOzlRNuZpx8FiWo+
+0gcWVTSqmQV+R8R+O8ga2m+h4S43JotQRqVSaPna18y0hdgaLhnVDU8LaFSsr217
+5p2aCDE24Vr6j1PByMhPxgdyed0OVdc2mlvdAgMBAAGjFzAVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMJMAsGCSqGSIb3DQEBCwOCAQEAIsDgLYgpTge+vmb/dIvx4F+F5fZm
+N+WmVDn+f4JMHBEOxzWp67x19WkAbvVgj661qo53XtOjjVX80gDfur2fXDdqHF8G
+v2N+bKNxKJjxn8SojcXvy2unb3A7VbKcedMvwsesBHky/WPsBK9cQjNGxv4/jRfN
+/5q7AQeUaRlN97iEU0JGjIIta6qs/FCLobg5+bhmGdsP2HRacfeCbCkjfdA0QToz
+gyOM5g1rlDxXk8mdcnesQxLMi3cka/u8JqYiMjRb3khTjIlHtOcWuTFiPO8zKd/Y
+wvJ17FlqgdSHoCCpVP7kQk245umgsJZivphQ2RWKh1X4lhLZhzFP/5+rxw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
new file mode 100644
index 000000000..05f73368a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:RSA 1016 Key Size Test Delegated Responder
+subjectKey:rsa1016
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem
new file mode 100644
index 000000000..1d50176e4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUH9DaznYx1NE1Cu9I8cBqxV9VgF4wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowEjEQMA4GA1UEAwwHVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA1o3GayNFRlVTrsoj2
+Ag06YatbGe94M/FT0MXngjlmrMkGZqHaDlrii7Jz+JP16CBjaIZ0ZP7I56Nn/l8y
+/kfe++zvr1uwRaKjtRGBiFpCjx10rI508wzSnOox3+bOtv9qjYaY7UjkBV3F40IS
+P8qKMtNspsR4tjS/D1jbculhngkPqhskefZFQQvcgG54L5j921GFKNeeX6i9QAzV
+jjM6i/iQYpAWCuh5+CetwUnfFuZCM80npp/qHMESkT3PyPpwqT9A5K+xQdVfpXq5
+SmVy5+QGWALuSV1sfIRXRwOh+2jCWwWPbyi9TlHrvlO5mL38qikdYBDPat3ve4cq
+5viq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
new file mode 100644
index 000000000..5d2435d7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test CA
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem
new file mode 100644
index 000000000..df9ad3ddb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcOgAwIBAgIUBVio/iQ21GCi2iUven8oJ/gae74wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDI1MDEw
+MTAwMDAwMFowHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAb
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAry6Z
+DoUhexYUJTzWwN1ZIwWeXW/QxJR5u4DvK6pBPInDdyfv20EuxXKODYWXXPGbOY8X
+5SEsUtS+1WUlMAXenmejPvDcjeEGLS8tfJQbgHtPrDhQR43fnYGZrA2pWVmxQ+TJ
+Lrg18uGIuMcfAr3RwMzeK+uj81bybeYZN5haISWa6bF2a81vMx/WDgyFSYYBOYph
+nCPWVSqPTK/6NwbyWZORs474Flx45uzo7g9mMCmbwz9IzdJYpVrViVAFTU1gSbNQ
+ED3LzwGkS7eO8Lqzk9a94uIGqhxtGDvxFe+6Be/Il3M/5d2WC2Jmqzv8cU/u4GLb
+dKrXnD3epofIjHnOUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
new file mode 100644
index 000000000..33b42c2f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem
new file mode 100644
index 000000000..bed4aa01f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCjCCAfSgAwIBAgIUF6PsbfnmMCcksq3bK0t3nzIF7tUwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowNzE1MDMGA1UEAwwsVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdWx0
+aXBsZSBUTFMgRmVhdHVyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjMzAxMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMBQGCCsGAQUFBwEYBAgwBgIBBQIBBjALBgkqhkiG9w0BAQsDggEBACXM
+X1+QvZrthE9BrtXJMI2wNwZTzvAiGIqcqxtD9a6oTP1OAM+U7+3iANV4BT+IOS1z
+9KhPBwzdFxQTxHO7mx34T+ImN5WeIn/Hhm1RrBe67Jqvi+Pu1bHparQCoQl1OjH8
+mtSaV+VA7pciTvyU9GwMMsCyiOMElt/j8GjtbyMAQmQ9+xbyVV30kQCEZaNgzgf6
+ilNPTtVtzofi6Y4gUZ3tGYVQaDvVJRhdS64w+A2rXSDREykU114P+qY9M6TkRYI7
+KPvPIVSUz0ry3RPazPdDYbyRAqHUi1e5yxBn/Lhx8bGSrnCe4Au2PNDnU7d8rzZl
+yaBFzeN4UoHzO47kZAw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec
new file mode 100644
index 000000000..3f0e925aa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate With Multiple TLS Features
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:TLSFeature:OCSPMustStaple,6
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem
new file mode 100644
index 000000000..d00c3d101
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeegAwIBAgIUexXLwzeuuZ7h9L7rPOqB8bmBqKswCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLTErMCkGA1UEAwwiVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdXN0
+LVN0YXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMwMC4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYI
+KwYBBQUHARgEBTADAgEFMAsGCSqGSIb3DQEBCwOCAQEAtJc7b/hr44cTKye9RzeU
+9HJmYyrdbTxVlQ2elV07NZ1i4K6HuCs4shQ997z+ALGOsSWny6MoP+C3u91rn90b
+QO5SpVCj4wMjB7Lao8XuO47OWqcdMzCqqA51+3pCF6qq8U2jBe/lbDZYvOyTwk/9
++PuasYUaXc5Lr/cdjMqJu1bBncdZny+cBqWqUJ3H4AFRSgZ4nbgkyksrgHiUW6aE
+VzejhDcE06cn3N7cp6VyA0mh1qH7cOSWGk8ORo8hzmoY6dKIBTkncYOu2psAnfkU
+99CODDCmfQd9uwp3bBX/MPPkxXjA72SVream3ULGa7o9gpoI5A6eOollJCox49DJ
+ow==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec
new file mode 100644
index 000000000..7c29aa0ad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate With Must-Staple
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build
new file mode 100644
index 000000000..4935c0781
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+FINAL_TARGET = '_tests/xpcshell/security/manager/ssl/tests/unit/pkcs11testmodule'
+
+UNIFIED_SOURCES += [
+    'pkcs11testmodule.cpp',
+]
+
+SharedLibrary('pkcs11testmodule')
+
+# C_GetFunctionList needs to be exported. As it turns out, it's much easier to
+# just export all the symbols.
+NO_VISIBILITY_FLAGS = True
+SYMBOLS_FILE = 'pkcs11testmodule.symbols'
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp
new file mode 100644
index 000000000..531da1308
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp
@@ -0,0 +1,633 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a testing PKCS #11 module that simulates a token being inserted and
+// removed from a slot every 50ms. This is achieved mainly in
+// Test_C_WaitForSlotEvent. The smartcard monitoring code essentially calls
+// this function in a tight loop. Each time, this module waits for 50ms and
+// returns, having changed its internal state to report that the token has
+// either been inserted or removed, as appropriate.
+// This module also provides an alternate token that is always present for tests
+// that don't want the cyclic behavior described above.
+
+#include <string.h>
+
+#if defined(WIN32)
+#  include <windows.h> // for Sleep
+#else
+#  include <unistd.h> // for usleep
+#endif
+
+#include "pkcs11.h"
+
+CK_RV Test_C_Initialize(CK_VOID_PTR)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_Finalize(CK_VOID_PTR)
+{
+  return CKR_OK;
+}
+
+static const CK_VERSION CryptokiVersion = { 2, 2 };
+static const CK_VERSION TestLibraryVersion = { 0, 0 };
+static const char TestLibraryDescription[] = "Test PKCS11 Library";
+static const char TestManufacturerID[] = "Test PKCS11 Manufacturer ID";
+
+/* The dest buffer is one in the CK_INFO or CK_TOKEN_INFO structs.
+ * Those buffers are padded with spaces. DestSize corresponds to the declared
+ * size for those buffers (e.g. 32 for `char foo[32]`).
+ * The src buffer is a string literal. SrcSize includes the string
+ * termination character (e.g. 4 for `const char foo[] = "foo"` */
+template <size_t DestSize, size_t SrcSize>
+void CopyString(unsigned char (&dest)[DestSize], const char (&src)[SrcSize])
+{
+  static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
+  memcpy(dest, src, SrcSize - 1);
+  memset(dest + SrcSize - 1, ' ', DestSize - SrcSize + 1);
+}
+
+CK_RV Test_C_GetInfo(CK_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->cryptokiVersion = CryptokiVersion;
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->flags = 0; // must be 0
+  CopyString(pInfo->libraryDescription, TestLibraryDescription);
+  pInfo->libraryVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR)
+{
+  return CKR_OK;
+}
+
+static int tokenPresent = 0;
+
+CK_RV Test_C_GetSlotList(CK_BBOOL limitToTokensPresent,
+                         CK_SLOT_ID_PTR pSlotList,
+                         CK_ULONG_PTR pulCount)
+{
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  // Slot 2 is always present, while slot 1 may or may not be present.
+  CK_ULONG slotCount = (!limitToTokensPresent || tokenPresent ? 1 : 0) + 1;
+
+  if (pSlotList) {
+    if (*pulCount < slotCount) {
+      return CKR_BUFFER_TOO_SMALL;
+    }
+    // apparently CK_SLOT_IDs are integers [1,N] because
+    // who likes counting from 0 all the time?
+    if (slotCount == 1) {
+      pSlotList[0] = 2;
+    } else {
+      pSlotList[0] = 1;
+      pSlotList[1] = 2;
+    }
+  }
+
+  *pulCount = slotCount;
+  return CKR_OK;
+}
+
+static const char TestSlotDescription[] = "Test PKCS11 Slot";
+static const char TestSlot2Description[] = "Test PKCS11 Slot 二";
+
+CK_RV Test_C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->slotDescription, TestSlotDescription);
+      pInfo->flags = (tokenPresent ? CKF_TOKEN_PRESENT : 0) |
+                     CKF_REMOVABLE_DEVICE;
+      break;
+    case 2:
+      CopyString(pInfo->slotDescription, TestSlot2Description);
+      pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+// Deliberately include énye to ensure we're handling encoding correctly.
+// The PKCS #11 base specification v2.20 specifies that strings be encoded
+// as UTF-8.
+static const char TestTokenLabel[] = "Test PKCS11 Tokeñ Label";
+static const char TestToken2Label[] = "Test PKCS11 Tokeñ 2 Label";
+static const char TestTokenModel[] = "Test Model";
+
+CK_RV Test_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->label, TestTokenLabel);
+      break;
+    case 2:
+      CopyString(pInfo->label, TestToken2Label);
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  CopyString(pInfo->model, TestTokenModel);
+  memset(pInfo->serialNumber, 0, sizeof(pInfo->serialNumber));
+  pInfo->flags = CKF_TOKEN_INITIALIZED;
+  pInfo->ulMaxSessionCount = 1;
+  pInfo->ulSessionCount = 0;
+  pInfo->ulMaxRwSessionCount = 1;
+  pInfo->ulRwSessionCount = 0;
+  pInfo->ulMaxPinLen = 4;
+  pInfo->ulMinPinLen = 4;
+  pInfo->ulTotalPublicMemory = 1024;
+  pInfo->ulFreePublicMemory = 1024;
+  pInfo->ulTotalPrivateMemory = 1024;
+  pInfo->ulFreePrivateMemory = 1024;
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  memset(pInfo->utcTime, 0, sizeof(pInfo->utcTime));
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismList(CK_SLOT_ID,
+                              CK_MECHANISM_TYPE_PTR,
+                              CK_ULONG_PTR pulCount)
+{
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  *pulCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE,
+                              CK_MECHANISM_INFO_PTR)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitToken(CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG,
+                    CK_UTF8CHAR_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY,
+                         CK_SESSION_HANDLE_PTR phSession)
+{
+  switch (slotID) {
+    case 1:
+      *phSession = 1;
+      break;
+    case 2:
+      *phSession = 2;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  return CKR_OK;
+}
+
+CK_RV Test_C_CloseSession(CK_SESSION_HANDLE)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_CloseAllSessions(CK_SLOT_ID)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                            CK_SESSION_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (hSession) {
+    case 1:
+      pInfo->slotID = 1;
+      break;
+    case 2:
+      pInfo->slotID = 2;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->state = CKS_RO_PUBLIC_SESSION;
+  pInfo->flags = CKF_SERIAL_SESSION;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_OBJECT_HANDLE, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Logout(CK_SESSION_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG,
+                          CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR,
+                        CK_ULONG, CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_FindObjectsInit(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjects(CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG,
+                         CK_ULONG_PTR pulObjectCount)
+{
+  *pulObjectCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjectsFinal(CK_SESSION_HANDLE)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Encrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Decrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Digest(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Sign(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                  CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                         CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Verify(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                               CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR,
+                         CK_ULONG, CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR,
+                             CK_ULONG, CK_OBJECT_HANDLE_PTR,
+                             CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                     CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_BYTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG,
+                       CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetFunctionStatus(CK_SESSION_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CancelFunction(CK_SESSION_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR)
+{
+#ifdef WIN32
+  Sleep(50); // Sleep takes the duration argument as milliseconds
+#else
+  usleep(50000); // usleep takes the duration argument as microseconds
+#endif
+  *pSlot = 1;
+  tokenPresent = !tokenPresent;
+  return CKR_OK;
+}
+
+static CK_FUNCTION_LIST FunctionList = {
+  { 2, 2 },
+  Test_C_Initialize,
+  Test_C_Finalize,
+  Test_C_GetInfo,
+  Test_C_GetFunctionList,
+  Test_C_GetSlotList,
+  Test_C_GetSlotInfo,
+  Test_C_GetTokenInfo,
+  Test_C_GetMechanismList,
+  Test_C_GetMechanismInfo,
+  Test_C_InitToken,
+  Test_C_InitPIN,
+  Test_C_SetPIN,
+  Test_C_OpenSession,
+  Test_C_CloseSession,
+  Test_C_CloseAllSessions,
+  Test_C_GetSessionInfo,
+  Test_C_GetOperationState,
+  Test_C_SetOperationState,
+  Test_C_Login,
+  Test_C_Logout,
+  Test_C_CreateObject,
+  Test_C_CopyObject,
+  Test_C_DestroyObject,
+  Test_C_GetObjectSize,
+  Test_C_GetAttributeValue,
+  Test_C_SetAttributeValue,
+  Test_C_FindObjectsInit,
+  Test_C_FindObjects,
+  Test_C_FindObjectsFinal,
+  Test_C_EncryptInit,
+  Test_C_Encrypt,
+  Test_C_EncryptUpdate,
+  Test_C_EncryptFinal,
+  Test_C_DecryptInit,
+  Test_C_Decrypt,
+  Test_C_DecryptUpdate,
+  Test_C_DecryptFinal,
+  Test_C_DigestInit,
+  Test_C_Digest,
+  Test_C_DigestUpdate,
+  Test_C_DigestKey,
+  Test_C_DigestFinal,
+  Test_C_SignInit,
+  Test_C_Sign,
+  Test_C_SignUpdate,
+  Test_C_SignFinal,
+  Test_C_SignRecoverInit,
+  Test_C_SignRecover,
+  Test_C_VerifyInit,
+  Test_C_Verify,
+  Test_C_VerifyUpdate,
+  Test_C_VerifyFinal,
+  Test_C_VerifyRecoverInit,
+  Test_C_VerifyRecover,
+  Test_C_DigestEncryptUpdate,
+  Test_C_DecryptDigestUpdate,
+  Test_C_SignEncryptUpdate,
+  Test_C_DecryptVerifyUpdate,
+  Test_C_GenerateKey,
+  Test_C_GenerateKeyPair,
+  Test_C_WrapKey,
+  Test_C_UnwrapKey,
+  Test_C_DeriveKey,
+  Test_C_SeedRandom,
+  Test_C_GenerateRandom,
+  Test_C_GetFunctionStatus,
+  Test_C_CancelFunction,
+  Test_C_WaitForSlotEvent
+};
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
+{
+  *ppFunctionList = &FunctionList;
+  return CKR_OK;
+}
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols
new file mode 100644
index 000000000..562ecea21
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols
@@ -0,0 +1 @@
+C_GetFunctionList
diff --git a/security/manager/ssl/tests/unit/pycert.py b/security/manager/ssl/tests/unit/pycert.py
new file mode 100755
index 000000000..9c8efa915
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pycert.py
@@ -0,0 +1,697 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a certificate specification from stdin or a file and outputs a
+signed x509 certificate with the desired properties.
+
+The input format is as follows:
+
+issuer:<issuer distinguished name specification>
+subject:<subject distinguished name specification>
+[version:{1,2,3,4}]
+[validity:<YYYYMMDD-YYYYMMDD|duration in days>]
+[issuerKey:<key specification>]
+[subjectKey:<key specification>]
+[signature:{sha256WithRSAEncryption,sha1WithRSAEncryption,
+            md5WithRSAEncryption,ecdsaWithSHA256}]
+[serialNumber:<integer in the interval [1, 127]>]
+[extension:<extension name:<extension-specific data>>]
+[...]
+
+Known extensions are:
+basicConstraints:[cA],[pathLenConstraint]
+keyUsage:[digitalSignature,nonRepudiation,keyEncipherment,
+          dataEncipherment,keyAgreement,keyCertSign,cRLSign]
+extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection
+             nsSGC, # Netscape Server Gated Crypto
+             OCSPSigning,timeStamping]
+subjectAlternativeName:[<dNSName|directoryName>,...]
+authorityInformationAccess:<OCSP URI>
+certificatePolicies:[<policy OID>,...]
+nameConstraints:{permitted,excluded}:[<dNSName|directoryName>,...]
+nsCertType:sslServer
+TLSFeature:[<TLSFeature>,...]
+
+Where:
+  [] indicates an optional field or component of a field
+  <> indicates a required component of a field
+  {} indicates a choice of exactly one value among a set of values
+  [a,b,c] indicates a list of potential values, of which zero or more
+          may be used
+
+For instance, the version field is optional. However, if it is
+specified, it must have exactly one value from the set {1,2,3,4}.
+
+Most fields have reasonable default values. By default one shared RSA
+key is used for all signatures and subject public key information
+fields. Using "issuerKey:<key specification>" or
+"subjectKey:<key specification>" causes a different key be used for
+signing or as the subject public key information field, respectively.
+See pykey.py for the list of available specifications.
+The signature algorithm is sha256WithRSAEncryption by default.
+
+The validity period may be specified as either concrete notBefore and
+notAfter values or as a validity period centered around 'now'. For the
+latter, this will result in a notBefore of 'now' - duration/2 and a
+notAfter of 'now' + duration/2.
+
+Issuer and subject distinguished name specifications are of the form
+'[stringEncoding]/C=XX/O=Example/CN=example.com'. C (country name), ST
+(state or province name), L (locality name), O (organization name), OU
+(organizational unit name), CN (common name) and emailAddress (email
+address) are currently supported. The optional stringEncoding field may
+be 'utf8String' or 'printableString'. If the given string does not
+contain a '/', it is assumed to represent a common name. If an empty
+string is provided, then an empty distinguished name is returned.
+DirectoryNames also use this format. When specifying a directoryName in
+a nameConstraints extension, the implicit form may not be used.
+
+If an extension name has '[critical]' after it, it will be marked as
+critical. Otherwise (by default), it will not be marked as critical.
+
+TLSFeature values can either consist of a named value (currently only
+'OCSPMustStaple' which corresponds to status_request) or a numeric TLS
+feature value (see rfc7633 for more information).
+
+If a serial number is not explicitly specified, it is automatically
+generated based on the contents of the certificate.
+"""
+
+from pyasn1.codec.der import decoder
+from pyasn1.codec.der import encoder
+from pyasn1.type import constraint, namedtype, tag, univ, useful
+from pyasn1_modules import rfc2459
+import base64
+import datetime
+import hashlib
+import re
+import sys
+
+import pykey
+
+# The GeneralSubtree definition in pyasn1_modules.rfc2459 is incorrect.
+# Where this definition uses a DefaultedNamedType, pyasn1_modules uses
+# a NamedType, which results in the default value being explicitly
+# encoded, which is incorrect for DER.
+class GeneralSubtree(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('base', rfc2459.GeneralName()),
+        namedtype.DefaultedNamedType('minimum', rfc2459.BaseDistance(0).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('maximum', rfc2459.BaseDistance().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+# The NameConstraints definition in pyasn1_modules.rfc2459 is incorrect.
+# excludedSubtrees has a tag value of 1, not 0.
+class NameConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('permittedSubtrees', rfc2459.GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('excludedSubtrees', rfc2459.GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class Error(Exception):
+    """Base class for exceptions in this module."""
+    pass
+
+
+class UnknownBaseError(Error):
+    """Base class for handling unexpected input in this module."""
+    def __init__(self, value):
+        super(UnknownBaseError, self).__init__()
+        self.value = value
+        self.category = 'input'
+
+    def __str__(self):
+        return 'Unknown %s type "%s"' % (self.category, repr(self.value))
+
+
+class UnknownAlgorithmTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown algorithm types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'algorithm'
+
+
+class UnknownParameterTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown input parameters."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'parameter'
+
+
+class UnknownExtensionTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown input extensions."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'extension'
+
+
+class UnknownKeyPurposeTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown key purposes."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'keyPurpose'
+
+
+class UnknownKeyTargetError(UnknownBaseError):
+    """Helper exception type to handle unknown key targets."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'key target'
+
+
+class UnknownVersionError(UnknownBaseError):
+    """Helper exception type to handle unknown specified versions."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'version'
+
+
+class UnknownNameConstraintsSpecificationError(UnknownBaseError):
+    """Helper exception type to handle unknown specified
+    nameConstraints."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'nameConstraints specification'
+
+
+class UnknownDNTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown DN types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'DN'
+
+
+class UnknownNSCertTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown nsCertType types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'nsCertType'
+
+
+class UnknownTLSFeature(UnknownBaseError):
+    """Helper exception type to handle unknown TLS Features."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'TLSFeature'
+
+
+class InvalidSerialNumber(Error):
+    """Exception type to handle invalid serial numbers."""
+
+    def __init__(self, value):
+        super(InvalidSerialNumber, self).__init__()
+        self.value = value
+
+    def __str__(self):
+        return repr(self.value)
+
+
+def getASN1Tag(asn1Type):
+    """Helper function for returning the base tag value of a given
+    type from the pyasn1 package"""
+    return asn1Type.baseTagSet.getBaseTag().asTuple()[2]
+
+def stringToAccessDescription(string):
+    """Helper function that takes a string representing a URI
+    presumably identifying an OCSP authority information access
+    location. Returns an AccessDescription usable by pyasn1."""
+    accessMethod = rfc2459.id_ad_ocsp
+    accessLocation = rfc2459.GeneralName()
+    accessLocation.setComponentByName('uniformResourceIdentifier', string)
+    sequence = univ.Sequence()
+    sequence.setComponentByPosition(0, accessMethod)
+    sequence.setComponentByPosition(1, accessLocation)
+    return sequence
+
+def stringToDN(string, tag=None):
+    """Takes a string representing a distinguished name or directory
+    name and returns a Name for use by pyasn1. See the documentation
+    for the issuer and subject fields for more details. Takes an
+    optional implicit tag in cases where the Name needs to be tagged
+    differently."""
+    if string and '/' not in string:
+        string = '/CN=%s' % string
+    rdns = rfc2459.RDNSequence()
+    pattern = '/(C|ST|L|O|OU|CN|emailAddress)='
+    split = re.split(pattern, string)
+    # split should now be [[encoding], <type>, <value>, <type>, <value>, ...]
+    if split[0]:
+        encoding = split[0]
+    else:
+        encoding = 'utf8String'
+    for pos, (nameType, value) in enumerate(zip(split[1::2], split[2::2])):
+        ava = rfc2459.AttributeTypeAndValue()
+        if nameType == 'C':
+            ava.setComponentByName('type', rfc2459.id_at_countryName)
+            nameComponent = rfc2459.X520countryName(value)
+        elif nameType == 'ST':
+            ava.setComponentByName('type', rfc2459.id_at_stateOrProvinceName)
+            nameComponent = rfc2459.X520StateOrProvinceName()
+        elif nameType == 'L':
+            ava.setComponentByName('type', rfc2459.id_at_localityName)
+            nameComponent = rfc2459.X520LocalityName()
+        elif nameType == 'O':
+            ava.setComponentByName('type', rfc2459.id_at_organizationName)
+            nameComponent = rfc2459.X520OrganizationName()
+        elif nameType == 'OU':
+            ava.setComponentByName('type', rfc2459.id_at_organizationalUnitName)
+            nameComponent = rfc2459.X520OrganizationalUnitName()
+        elif nameType == 'CN':
+            ava.setComponentByName('type', rfc2459.id_at_commonName)
+            nameComponent = rfc2459.X520CommonName()
+        elif nameType == 'emailAddress':
+            ava.setComponentByName('type', rfc2459.emailAddress)
+            nameComponent = rfc2459.Pkcs9email(value)
+        else:
+            raise UnknownDNTypeError(nameType)
+        if not nameType == 'C' and not nameType == 'emailAddress':
+            # The value may have things like '\0' (i.e. a slash followed by
+            # the number zero) that have to be decoded into the resulting
+            # '\x00' (i.e. a byte with value zero).
+            nameComponent.setComponentByName(encoding, value.decode(encoding='string_escape'))
+        ava.setComponentByName('value', nameComponent)
+        rdn = rfc2459.RelativeDistinguishedName()
+        rdn.setComponentByPosition(0, ava)
+        rdns.setComponentByPosition(pos, rdn)
+    if tag:
+        name = rfc2459.Name().subtype(implicitTag=tag)
+    else:
+        name = rfc2459.Name()
+    name.setComponentByPosition(0, rdns)
+    return name
+
+def stringToAlgorithmIdentifiers(string):
+    """Helper function that converts a description of an algorithm
+    to a representation usable by the pyasn1 package and a hash
+    algorithm name for use by pykey."""
+    algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+    algorithmName = None
+    algorithm = None
+    if string == 'sha1WithRSAEncryption':
+        algorithmName = 'SHA-1'
+        algorithm = rfc2459.sha1WithRSAEncryption
+    elif string == 'sha256WithRSAEncryption':
+        algorithmName = 'SHA-256'
+        algorithm = univ.ObjectIdentifier('1.2.840.113549.1.1.11')
+    elif string == 'md5WithRSAEncryption':
+        algorithmName = 'MD5'
+        algorithm = rfc2459.md5WithRSAEncryption
+    elif string == 'ecdsaWithSHA256':
+        algorithmName = 'sha256'
+        algorithm = univ.ObjectIdentifier('1.2.840.10045.4.3.2')
+    else:
+        raise UnknownAlgorithmTypeError(string)
+    algorithmIdentifier.setComponentByName('algorithm', algorithm)
+    return (algorithmIdentifier, algorithmName)
+
+def datetimeToTime(dt):
+    """Takes a datetime object and returns an rfc2459.Time object with
+    that time as its value as a GeneralizedTime"""
+    time = rfc2459.Time()
+    time.setComponentByName('generalTime', useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ')))
+    return time
+
+def serialBytesToString(serialBytes):
+    """Takes a list of integers in the interval [0, 255] and returns
+    the corresponding serial number string."""
+    serialBytesLen = len(serialBytes)
+    if serialBytesLen > 127:
+        raise InvalidSerialNumber("{} bytes is too long".format(serialBytesLen))
+    # Prepend the ASN.1 INTEGER tag and length bytes.
+    stringBytes = [getASN1Tag(univ.Integer), serialBytesLen] + serialBytes
+    return ''.join(chr(b) for b in stringBytes)
+
+class Certificate(object):
+    """Utility class for reading a certificate specification and
+    generating a signed x509 certificate"""
+
+    def __init__(self, paramStream):
+        self.versionValue = 2 # a value of 2 is X509v3
+        self.signature = 'sha256WithRSAEncryption'
+        self.issuer = 'Default Issuer'
+        actualNow = datetime.datetime.utcnow()
+        self.now = datetime.datetime.strptime(str(actualNow.year), '%Y')
+        aYearAndAWhile = datetime.timedelta(days=400)
+        self.notBefore = self.now - aYearAndAWhile
+        self.notAfter = self.now + aYearAndAWhile
+        self.subject = 'Default Subject'
+        self.extensions = None
+        self.subjectKey = pykey.keyFromSpecification('default')
+        self.issuerKey = pykey.keyFromSpecification('default')
+        self.serialNumber = None
+        self.decodeParams(paramStream)
+        # If a serial number wasn't specified, generate one based on
+        # the certificate contents.
+        if not self.serialNumber:
+            self.serialNumber = self.generateSerialNumber()
+
+    def generateSerialNumber(self):
+        """Generates a serial number for this certificate based on its
+        contents. Intended to be reproducible for compatibility with
+        the build system on OS X (see the comment above main, later in
+        this file)."""
+        hasher = hashlib.sha256()
+        hasher.update(str(self.versionValue))
+        hasher.update(self.signature)
+        hasher.update(self.issuer)
+        hasher.update(str(self.notBefore))
+        hasher.update(str(self.notAfter))
+        hasher.update(self.subject)
+        if self.extensions:
+            for extension in self.extensions:
+                hasher.update(str(extension))
+        serialBytes = [ord(c) for c in hasher.digest()[:20]]
+        # Ensure that the most significant bit isn't set (which would
+        # indicate a negative number, which isn't valid for serial
+        # numbers).
+        serialBytes[0] &= 0x7f
+        # Also ensure that the least significant bit on the most
+        # significant byte is set (to prevent a leading zero byte,
+        # which also wouldn't be valid).
+        serialBytes[0] |= 0x01
+        return serialBytesToString(serialBytes)
+
+    def decodeParams(self, paramStream):
+        for line in paramStream.readlines():
+            self.decodeParam(line.strip())
+
+    def decodeParam(self, line):
+        param = line.split(':')[0]
+        value = ':'.join(line.split(':')[1:])
+        if param == 'version':
+            self.setVersion(value)
+        elif param == 'subject':
+            self.subject = value
+        elif param == 'issuer':
+            self.issuer = value
+        elif param == 'validity':
+            self.decodeValidity(value)
+        elif param == 'extension':
+            self.decodeExtension(value)
+        elif param == 'issuerKey':
+            self.setupKey('issuer', value)
+        elif param == 'subjectKey':
+            self.setupKey('subject', value)
+        elif param == 'signature':
+            self.signature = value
+        elif param == 'serialNumber':
+            serialNumber = int(value)
+            # Ensure only serial numbers that conform to the rules listed in
+            # generateSerialNumber() are permitted.
+            if serialNumber < 1 or serialNumber > 127:
+                raise InvalidSerialNumber(value)
+            self.serialNumber = serialBytesToString([serialNumber])
+        else:
+            raise UnknownParameterTypeError(param)
+
+    def setVersion(self, version):
+        intVersion = int(version)
+        if intVersion >= 1 and intVersion <= 4:
+            self.versionValue = intVersion - 1
+        else:
+            raise UnknownVersionError(version)
+
+    def decodeValidity(self, duration):
+        match = re.search('([0-9]{8})-([0-9]{8})', duration)
+        if match:
+            self.notBefore = datetime.datetime.strptime(match.group(1), '%Y%m%d')
+            self.notAfter = datetime.datetime.strptime(match.group(2), '%Y%m%d')
+        else:
+            delta = datetime.timedelta(days=(int(duration) / 2))
+            self.notBefore = self.now - delta
+            self.notAfter = self.now + delta
+
+    def decodeExtension(self, extension):
+        match = re.search(r'([a-zA-Z]+)(\[critical\])?:(.*)', extension)
+        if not match:
+            raise UnknownExtensionTypeError(extension)
+        extensionType = match.group(1)
+        critical = match.group(2)
+        value = match.group(3)
+        if extensionType == 'basicConstraints':
+            self.addBasicConstraints(value, critical)
+        elif extensionType == 'keyUsage':
+            self.addKeyUsage(value, critical)
+        elif extensionType == 'extKeyUsage':
+            self.addExtKeyUsage(value, critical)
+        elif extensionType == 'subjectAlternativeName':
+            self.addSubjectAlternativeName(value, critical)
+        elif extensionType == 'authorityInformationAccess':
+            self.addAuthorityInformationAccess(value, critical)
+        elif extensionType == 'certificatePolicies':
+            self.addCertificatePolicies(value, critical)
+        elif extensionType == 'nameConstraints':
+            self.addNameConstraints(value, critical)
+        elif extensionType == 'nsCertType':
+            self.addNSCertType(value, critical)
+        elif extensionType == 'TLSFeature':
+            self.addTLSFeature(value, critical)
+        else:
+            raise UnknownExtensionTypeError(extensionType)
+
+    def setupKey(self, subjectOrIssuer, value):
+        if subjectOrIssuer == 'subject':
+            self.subjectKey = pykey.keyFromSpecification(value)
+        elif subjectOrIssuer == 'issuer':
+            self.issuerKey = pykey.keyFromSpecification(value)
+        else:
+            raise UnknownKeyTargetError(subjectOrIssuer)
+
+    def addExtension(self, extensionType, extensionValue, critical):
+        if not self.extensions:
+            self.extensions = []
+        encapsulated = univ.OctetString(encoder.encode(extensionValue))
+        extension = rfc2459.Extension()
+        extension.setComponentByName('extnID', extensionType)
+        # critical is either the string '[critical]' or None.
+        # We only care whether or not it is truthy.
+        if critical:
+            extension.setComponentByName('critical', True)
+        extension.setComponentByName('extnValue', encapsulated)
+        self.extensions.append(extension)
+
+    def addBasicConstraints(self, basicConstraints, critical):
+        cA = basicConstraints.split(',')[0]
+        pathLenConstraint = basicConstraints.split(',')[1]
+        basicConstraintsExtension = rfc2459.BasicConstraints()
+        basicConstraintsExtension.setComponentByName('cA', cA == 'cA')
+        if pathLenConstraint:
+            pathLenConstraintValue = \
+                univ.Integer(int(pathLenConstraint)).subtype(
+                    subtypeSpec=constraint.ValueRangeConstraint(0, 64))
+            basicConstraintsExtension.setComponentByName('pathLenConstraint',
+                                                         pathLenConstraintValue)
+        self.addExtension(rfc2459.id_ce_basicConstraints, basicConstraintsExtension, critical)
+
+    def addKeyUsage(self, keyUsage, critical):
+        keyUsageExtension = rfc2459.KeyUsage(keyUsage)
+        self.addExtension(rfc2459.id_ce_keyUsage, keyUsageExtension, critical)
+
+    def keyPurposeToOID(self, keyPurpose):
+        if keyPurpose == 'serverAuth':
+            # the OID for id_kp_serverAuth is incorrect in the
+            # pyasn1-modules implementation
+            return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1')
+        if keyPurpose == 'clientAuth':
+            return rfc2459.id_kp_clientAuth
+        if keyPurpose == 'codeSigning':
+            return rfc2459.id_kp_codeSigning
+        if keyPurpose == 'emailProtection':
+            return rfc2459.id_kp_emailProtection
+        if keyPurpose == 'nsSGC':
+            return univ.ObjectIdentifier('2.16.840.1.113730.4.1')
+        if keyPurpose == 'OCSPSigning':
+            return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.9')
+        if keyPurpose == 'timeStamping':
+            return rfc2459.id_kp_timeStamping
+        raise UnknownKeyPurposeTypeError(keyPurpose)
+
+    def addExtKeyUsage(self, extKeyUsage, critical):
+        extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax()
+        for count, keyPurpose in enumerate(extKeyUsage.split(',')):
+            extKeyUsageExtension.setComponentByPosition(count, self.keyPurposeToOID(keyPurpose))
+        self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension, critical)
+
+    def addSubjectAlternativeName(self, names, critical):
+        subjectAlternativeName = rfc2459.SubjectAltName()
+        for count, name in enumerate(names.split(',')):
+            generalName = rfc2459.GeneralName()
+            if '/' in name:
+                directoryName = stringToDN(name,
+                                           tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))
+                generalName.setComponentByName('directoryName', directoryName)
+            else:
+                # The string may have things like '\0' (i.e. a slash
+                # followed by the number zero) that have to be decoded into
+                # the resulting '\x00' (i.e. a byte with value zero).
+                generalName.setComponentByName('dNSName', name.decode(encoding='string_escape'))
+            subjectAlternativeName.setComponentByPosition(count, generalName)
+        self.addExtension(rfc2459.id_ce_subjectAltName, subjectAlternativeName, critical)
+
+    def addAuthorityInformationAccess(self, ocspURI, critical):
+        sequence = univ.Sequence()
+        accessDescription = stringToAccessDescription(ocspURI)
+        sequence.setComponentByPosition(0, accessDescription)
+        self.addExtension(rfc2459.id_pe_authorityInfoAccess, sequence, critical)
+
+    def addCertificatePolicies(self, policyOIDs, critical):
+        policies = rfc2459.CertificatePolicies()
+        for pos, policyOID in enumerate(policyOIDs.split(',')):
+            if policyOID == 'any':
+                policyOID = '2.5.29.32.0'
+            policy = rfc2459.PolicyInformation()
+            policyIdentifier = rfc2459.CertPolicyId(policyOID)
+            policy.setComponentByName('policyIdentifier', policyIdentifier)
+            policies.setComponentByPosition(pos, policy)
+        self.addExtension(rfc2459.id_ce_certificatePolicies, policies, critical)
+
+    def addNameConstraints(self, constraints, critical):
+        nameConstraints = NameConstraints()
+        if constraints.startswith('permitted:'):
+            (subtreesType, subtreesTag) = ('permittedSubtrees', 0)
+        elif constraints.startswith('excluded:'):
+            (subtreesType, subtreesTag) = ('excludedSubtrees', 1)
+        else:
+            raise UnknownNameConstraintsSpecificationError(constraints)
+        generalSubtrees = rfc2459.GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, subtreesTag))
+        subtrees = constraints[(constraints.find(':') + 1):]
+        for pos, name in enumerate(subtrees.split(',')):
+            generalName = rfc2459.GeneralName()
+            if '/' in name:
+                directoryName = stringToDN(name,
+                                           tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))
+                generalName.setComponentByName('directoryName', directoryName)
+            else:
+                generalName.setComponentByName('dNSName', name)
+            generalSubtree = GeneralSubtree()
+            generalSubtree.setComponentByName('base', generalName)
+            generalSubtrees.setComponentByPosition(pos, generalSubtree)
+        nameConstraints.setComponentByName(subtreesType, generalSubtrees)
+        self.addExtension(rfc2459.id_ce_nameConstraints, nameConstraints, critical)
+
+    def addNSCertType(self, certType, critical):
+        if certType != 'sslServer':
+            raise UnknownNSCertTypeError(certType)
+        self.addExtension(univ.ObjectIdentifier('2.16.840.1.113730.1.1'), univ.BitString("'01'B"),
+                          critical)
+
+    def addTLSFeature(self, features, critical):
+        namedFeatures = {'OCSPMustStaple': 5}
+        featureList = [f.strip() for f in features.split(',')]
+        sequence = univ.Sequence()
+        for feature in featureList:
+            featureValue = 0
+            try:
+                featureValue = int(feature)
+            except ValueError:
+                try:
+                    featureValue = namedFeatures[feature]
+                except:
+                    raise UnknownTLSFeature(feature)
+            sequence.setComponentByPosition(len(sequence),
+                                            univ.Integer(featureValue))
+        self.addExtension(univ.ObjectIdentifier('1.3.6.1.5.5.7.1.24'), sequence,
+                          critical)
+
+    def getVersion(self):
+        return rfc2459.Version(self.versionValue).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+
+    def getSerialNumber(self):
+        return decoder.decode(self.serialNumber)[0]
+
+    def getIssuer(self):
+        return stringToDN(self.issuer)
+
+    def getValidity(self):
+        validity = rfc2459.Validity()
+        validity.setComponentByName('notBefore', self.getNotBefore())
+        validity.setComponentByName('notAfter', self.getNotAfter())
+        return validity
+
+    def getNotBefore(self):
+        return datetimeToTime(self.notBefore)
+
+    def getNotAfter(self):
+        return datetimeToTime(self.notAfter)
+
+    def getSubject(self):
+        return stringToDN(self.subject)
+
+    def toDER(self):
+        (signatureOID, hashName) = stringToAlgorithmIdentifiers(self.signature)
+        tbsCertificate = rfc2459.TBSCertificate()
+        tbsCertificate.setComponentByName('version', self.getVersion())
+        tbsCertificate.setComponentByName('serialNumber', self.getSerialNumber())
+        tbsCertificate.setComponentByName('signature', signatureOID)
+        tbsCertificate.setComponentByName('issuer', self.getIssuer())
+        tbsCertificate.setComponentByName('validity', self.getValidity())
+        tbsCertificate.setComponentByName('subject', self.getSubject())
+        tbsCertificate.setComponentByName('subjectPublicKeyInfo',
+                                          self.subjectKey.asSubjectPublicKeyInfo())
+        if self.extensions:
+            extensions = rfc2459.Extensions().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))
+            for count, extension in enumerate(self.extensions):
+                extensions.setComponentByPosition(count, extension)
+            tbsCertificate.setComponentByName('extensions', extensions)
+        certificate = rfc2459.Certificate()
+        certificate.setComponentByName('tbsCertificate', tbsCertificate)
+        certificate.setComponentByName('signatureAlgorithm', signatureOID)
+        tbsDER = encoder.encode(tbsCertificate)
+        certificate.setComponentByName('signatureValue', self.issuerKey.sign(tbsDER, hashName))
+        return encoder.encode(certificate)
+
+    def toPEM(self):
+        output = '-----BEGIN CERTIFICATE-----'
+        der = self.toDER()
+        b64 = base64.b64encode(der)
+        while b64:
+            output += '\n' + b64[:64]
+            b64 = b64[64:]
+        output += '\n-----END CERTIFICATE-----'
+        return output
+
+
+# The build harness will call this function with an output
+# file-like object and a path to a file containing a
+# specification. This will read the specification and output
+# the certificate as PEM.
+# This utility tries as hard as possible to ensure that two
+# runs with the same input will have the same output. This is
+# particularly important when building on OS X, where we
+# generate everything twice for unified builds. During the
+# unification step, if any pair of input files differ, the build
+# system throws an error.
+# The one concrete failure mode is if one run happens before
+# midnight on New Year's Eve and the next run happens after
+# midnight.
+def main(output, inputPath):
+    with open(inputPath) as configStream:
+        output.write(Certificate(configStream).toPEM())
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the certificate as PEM to stdout.
+if __name__ == '__main__':
+    print Certificate(sys.stdin).toPEM()
diff --git a/security/manager/ssl/tests/unit/pykey.py b/security/manager/ssl/tests/unit/pykey.py
new file mode 100755
index 000000000..d3c43deb4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pykey.py
@@ -0,0 +1,706 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a key specification from stdin or a file and outputs a
+PKCS #8 file representing the (private) key. Also provides
+methods for signing data and representing the key as a subject
+public key info for use with pyasn1.
+
+The key specification format is as follows:
+
+default: a 2048-bit RSA key
+alternate: a different 2048-bit RSA key
+ev: a 2048-bit RSA key that, when combined with the right pycert
+    specification, results in a certificate that is enabled for
+    extended validation in debug Firefox (see ExtendedValidation.cpp).
+evRSA2040: a 2040-bit RSA key that, when combined with the right pycert
+           specification, results in a certificate that is enabled for
+           extended validation in debug Firefox.
+rsa2040: a 2040-bit RSA key
+rsa1024: a 1024-bit RSA key
+rsa1016: a 1016-bit RSA key
+secp256k1: an ECC key on the curve secp256k1
+secp244r1: an ECC key on the curve secp244r1
+secp256r1: an ECC key on the curve secp256r1
+secp384r1: an ECC key on the curve secp384r1
+secp521r1: an ECC key on the curve secp521r1
+"""
+
+from pyasn1.codec.der import encoder
+from pyasn1.type import univ, namedtype
+from pyasn1_modules import rfc2459
+from ecc import encoding
+from ecc import Key
+import base64
+import binascii
+import mock
+import rsa
+import sys
+
+def byteStringToHexifiedBitString(string):
+    """Takes a string of bytes and returns a hex string representing
+    those bytes for use with pyasn1.type.univ.BitString. It must be of
+    the form "'<hex bytes>'H", where the trailing 'H' indicates to
+    pyasn1 that the input is a hex string."""
+    return "'%s'H" % binascii.hexlify(string)
+
+class UnknownBaseError(Exception):
+    """Base class for handling unexpected input in this module."""
+    def __init__(self, value):
+        super(UnknownBaseError, self).__init__()
+        self.value = value
+        self.category = 'input'
+
+    def __str__(self):
+        return 'Unknown %s type "%s"' % (self.category, repr(self.value))
+
+
+class UnknownKeySpecificationError(UnknownBaseError):
+    """Helper exception type to handle unknown key specifications."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'key specification'
+
+class RSAPublicKey(univ.Sequence):
+    """Helper type for encoding an RSA public key"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('N', univ.Integer()),
+        namedtype.NamedType('E', univ.Integer()))
+
+
+class RSAPrivateKey(univ.Sequence):
+    """Helper type for encoding an RSA private key"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer()),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer()),
+    )
+
+
+class ECPoint(univ.Sequence):
+    """Helper type for encoding a EC point"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x', univ.Integer()),
+        namedtype.NamedType('y', univ.Integer())
+    )
+
+
+class PrivateKeyInfo(univ.Sequence):
+    """Helper type for encoding a PKCS #8 private key info"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer()),
+        namedtype.NamedType('privateKeyAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('privateKey', univ.OctetString())
+    )
+
+
+class RSAKey(object):
+    # For reference, when encoded as a subject public key info, the
+    # base64-encoded sha-256 hash of this key is
+    # VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=
+    sharedRSA_N = long(
+        '00ba8851a8448e16d641fd6eb6880636103d3c13d9eae4354ab4ecf56857'
+        '6c247bc1c725a8e0d81fbdb19c069b6e1a86f26be2af5a756b6a6471087a'
+        'a55aa74587f71cd5249c027ecd43fc1e69d038202993ab20c349e4dbb94c'
+        'c26b6c0eed15820ff17ead691ab1d3023a8b2a41eea770e00f0d8dfd660b'
+        '2bb02492a47db988617990b157903dd23bc5e0b8481fa837d38843ef2716'
+        'd855b7665aaa7e02902f3a7b10800624cc1c6c97ad96615bb7e29612c075'
+        '31a30c91ddb4caf7fcad1d25d309efb9170ea768e1b37b2f226f69e3b48a'
+        '95611dee26d6259dab91084e36cb1c24042cbf168b2fe5f18f991731b8b3'
+        'fe4923fa7251c431d503acda180a35ed8d', 16)
+    sharedRSA_E = 65537L
+    sharedRSA_D = long(
+        '009ecbce3861a454ecb1e0fe8f85dd43c92f5825ce2e997884d0e1a949da'
+        'a2c5ac559b240450e5ac9fe0c3e31c0eefa6525a65f0c22194004ee1ab46'
+        '3dde9ee82287cc93e746a91929c5e6ac3d88753f6c25ba5979e73e5d8fb2'
+        '39111a3cdab8a4b0cdf5f9cab05f1233a38335c64b5560525e7e3b92ad7c'
+        '7504cf1dc7cb005788afcbe1e8f95df7402a151530d5808346864eb370aa'
+        '79956a587862cb533791307f70d91c96d22d001a69009b923c683388c9f3'
+        '6cb9b5ebe64302041c78d908206b87009cb8cabacad3dbdb2792fb911b2c'
+        'f4db6603585be9ae0ca3b8e6417aa04b06e470ea1a3b581ca03a6781c931'
+        '5b62b30e6011f224725946eec57c6d9441', 16)
+    sharedRSA_P = long(
+        '00dd6e1d4fffebf68d889c4d114cdaaa9caa63a59374286c8a5c29a717bb'
+        'a60375644d5caa674c4b8bc7326358646220e4550d7608ac27d55b6db74f'
+        '8d8127ef8fa09098b69147de065573447e183d22fe7d885aceb513d9581d'
+        'd5e07c1a90f5ce0879de131371ecefc9ce72e9c43dc127d238190de81177'
+        '3ca5d19301f48c742b', 16)
+    sharedRSA_Q = long(
+        '00d7a773d9ebc380a767d2fec0934ad4e8b5667240771acdebb5ad796f47'
+        '8fec4d45985efbc9532968289c8d89102fadf21f34e2dd4940eba8c09d6d'
+        '1f16dcc29729774c43275e9251ddbe4909e1fd3bf1e4bedf46a39b8b3833'
+        '28ef4ae3b95b92f2070af26c9e7c5c9b587fedde05e8e7d86ca57886fb16'
+        '5810a77b9845bc3127', 16)
+    sharedRSA_exp1 = long(
+        '0096472b41a610c0ade1af2266c1600e3671355ba42d4b5a0eb4e9d7eb35'
+        '81400ba5dd132cdb1a5e9328c7bbc0bbb0155ea192972edf97d12751d8fc'
+        'f6ae572a30b1ea309a8712dd4e33241db1ee455fc093f5bc9b592d756e66'
+        '21474f32c07af22fb275d340792b32ba2590bbb261aefb95a258eea53765'
+        '5315be9c24d191992d', 16)
+    sharedRSA_exp2 = long(
+        '28b450a7a75a856413b2bda6f7a63e3d964fb9ecf50e3823ef6cc8e8fa26'
+        'ee413f8b9d1205540f12bbe7a0c76828b7ba65ad83cca4d0fe2a220114e1'
+        'b35d03d5a85bfe2706bd50fce6cfcdd571b46ca621b8ed47d605bbe765b0'
+        'aa4a0665ac25364da20154032e1204b8559d3e34fb5b177c9a56ff93510a'
+        '5a4a6287c151de2d', 16)
+    sharedRSA_coef = long(
+        '28067b9355801d2ef52dfa96d8adb589673cf8ee8a9c6ff72aeeabe9ef6b'
+        'e58a4f4abf05f788947dc851fdaa34542147a71a246bfb054ee76aa346ab'
+        'cd2692cfc9e44c51e6f069c735e073ba019f6a7214961c91b26871caeabf'
+        '8f064418a02690e39a8d5ff3067b7cdb7f50b1f53418a703966c4fc774bf'
+        '7402af6c43247f43', 16)
+
+    # For reference, when encoded as a subject public key info, the
+    # base64-encoded sha-256 hash of this key is
+    # MQj2tt1yGAfwFpWETYUCVrZxk2CD2705NKBQUlAaKJI=
+    alternateRSA_N = long(
+        '00c175c65266099f77082a6791f1b876c37f5ce538b06c4acd22b1cbd46f'
+        'a65ada2add41c8c2498ac4a3b3c1f61487f41b698941bd80a51c3c120244'
+        'c584a4c4483305e5138c0106cf08be9a862760bae6a2e8f36f23c5d98313'
+        'b9dfaf378345dace51d4d6dcd2a6cb3cc706ebcd3070ec98cce40aa591d7'
+        '295a7f71c5be66691d2b2dfec84944590bc5a3ea49fd93b1d753405f1773'
+        '7699958666254797ed426908880811422069988a43fee48ce68781dd22b6'
+        'a69cd28375131f932b128ce286fa7d251c062ad27ef016f187cdd54e832b'
+        '35b8930f74ba90aa8bc76167242ab1fd6d62140d18c4c0b8c68fc3748457'
+        '324ad7de86e6552f1d1e191d712168d3bb', 16)
+    alternateRSA_E = 65537L
+    alternateRSA_D = long(
+        '7e3f6d7cb839ef66ae5d7dd92ff5410bb341dc14728d39034570e1a37079'
+        '0f30f0681355fff41e2ad4e9a9d9fcebfbd127bdfab8c00affb1f3cea732'
+        '7ead47aa1621f2ac1ee14ca02f04b3b2786017980b181a449d03b03e69d1'
+        '12b83571e55434f012056575d2832ed6731dce799e37c83f6d51c55ab71e'
+        'b58015af05e1af15c747603ef7f27d03a6ff049d96bbf854c1e4e50ef5b0'
+        '58d0fb08180e0ac7f7be8f2ff1673d97fc9e55dba838077bbf8a7cff2962'
+        '857785269cd9d5bad2b57469e4afcd33c4ca2d2f699f11e7c8fbdcd484f0'
+        '8d8efb8a3cb8a972eb24bed972efaae4bb712093e48fe94a46eb629a8750'
+        '78c4021a9a2c93c9a70390e9d0a54401', 16)
+    alternateRSA_P = long(
+        '00e63fc725a6ba76925a7ff8cb59c4f56dd7ec83fe85bf1f53e11cac9a81'
+        '258bcfc0ae819077b0f2d1477aaf868de6a8ecbeaf7bb22b196f2a9ad82d'
+        '3286f0d0cc29de719e5f2be8e509b7284d5963edd362f927887a4c4a8979'
+        '9d340d51b301ac7601ab27179024fcaadd38bf6522af63eb16461ec02a7f'
+        '27b06fe09ddda7c0a1', 16)
+    alternateRSA_Q = long(
+        '00d718b1fe9f8f99f00e832ae1fbdc6fe2ab27f34e049c498010fa0eb708'
+        '4852182346083b5c96c3eee5592c014a410c6b930b165c13b5c26aa32eac'
+        '6e7c925a8551c25134f2f4a72c6421f19a73148a0edfaba5d3a6888b35cb'
+        'a18c00fd38ee5aaf0b545731d720761bbccdee744a52ca415e98e4de01cd'
+        'fe764c1967b3e8cadb', 16)
+    alternateRSA_exp1 = long(
+        '01e5aca266c94a88d22e13c2b92ea247116c657a076817bdfd30db4b3a9d'
+        '3095b9a4b6749647e2f84e7a784fc7838b08c85971cf7a036fa30e3b91c3'
+        'c4d0df278f80c1b6e859d8456adb137defaa9f1f0ac5bac9a9184fd4ea27'
+        '9d722ea626f160d78aad7bc83845ccb29df115c83f61b7622b99bd439c60'
+        '9b5790a63c595181', 16)
+    alternateRSA_exp2 = long(
+        '0080cc45d10d2484ee0d1297fc07bf80b3beff461ea27e1f38f371789c3a'
+        'f66b4a0edd2192c227791db4f1c77ae246bf342f31856b0f56581b58a95b'
+        '1131c0c5396db2a8c3c6f39ea2e336bc205ae6a2a0b36869fca98cbba733'
+        'cf01319a6f9bb26b7ca23d3017fc551cd8da8afdd17f6fa2e30d34868798'
+        '1cd6234d571e90b7df', 16)
+    alternateRSA_coef = long(
+        '6f77c0c1f2ae7ac169561cca499c52bdfbe04cddccdbdc12aec5a85691e8'
+        '594b7ee29908f30e7b96aa6254b80ed4aeec9b993782bdfc79b69d8d58c6'
+        '8870fa4be1bc0c3527288c5c82bb4aebaf15edff110403fc78e6ace6a828'
+        '27bf42f0cfa751e507651c5638db9393dd23dd1f6b295151de44b77fe55a'
+        '7b0df271e19a65c0', 16)
+
+    evRSA_N = long(
+        '00b549895c9d00108d11a1f99f87a9e3d1a5db5dfaecf188da57bf641368'
+        '8f2ce4722cff109038c17402c93a2a473dbd286aed3fdcd363cf5a291477'
+        '01bdd818d7615bf9356bd5d3c8336aaa8c0971368a06c3cd4461b93e5142'
+        '4e1744bb2eaad46aab38ce196821961f87714a1663693f09761cdf4d6ba1'
+        '25eacec7be270d388f789f6cdf78ae3144ed28c45e79293863a7a22a4898'
+        '0a36a40e72d579c9b925dff8c793362ffd6897a7c1754c5e97c967c3eadd'
+        '1aae8aa2ccce348a0169b80e28a2d70c1a960c6f335f2da09b9b643f5abf'
+        'ba49e8aaa981e960e27d87480bdd55dd9417fa18509fbb554ccf81a4397e'
+        '8ba8128a34bdf27865c189e5734fb22905', 16)
+    evRSA_E = 65537L
+    evRSA_D = long(
+        '00983d54f94d6f4c76eb23d6f93d78523530cf73b0d16254c6e781768d45'
+        'f55681d1d02fb2bd2aac6abc1c389860935c52a0d8f41482010394778314'
+        '1d864bff30803638a5c0152570ae9d18f3d8ca163efb475b0dddf32e7e16'
+        'ec7565e6bb5e025c41c5c66e57a03cede554221f83045347a2c4c451c3dc'
+        'e476b787ce0c057244be9e04ef13118dbbb3d5e0a6cc87029eafd4a69ed9'
+        'b14759b15e39d8a9884e56f54d2f9ab013f0d15f318a9ab6b2f73d1ec3c9'
+        'fe274ae89431a10640be7899b0011c5e5093a1834708689de100634dabde'
+        '60fbd6aaefa3a33df34a1f36f60c043036b748d1c9ee98c4031a0afec60e'
+        'fda0a990be524f5614eac4fdb34a52f951', 16)
+    evRSA_P = long(
+        '00eadc2cb33e5ff1ca376bbd95bd6a1777d2cf4fac47545e92d11a6209b9'
+        'd5e4ded47834581c169b3c884742a09ea187505c1ca55414d8d25b497632'
+        'd5ec2aaa05233430fad49892777a7d68e038f561a3b8969e60b0a263defb'
+        'fda48a9b0ff39d95bc88b15267c8ade97b5107948e41e433249d87f7db10'
+        '9d5d74584d86bcc1d7', 16)
+    evRSA_Q = long(
+        '00c59ae576a216470248d944a55b9e9bf93299da341ec56e558eba821abc'
+        'e1bf57b79cf411d2904c774f9dba1f15185f607b0574a08205d6ec28b66a'
+        '36d634232eaaf2fea37561abaf9d644b68db38c9964cb8c96ec0ac61eba6'
+        '4d05b446542f423976f5acde4ecc95536d2df578954f93f0cfd9c58fb78b'
+        'a2a76dd5ac284dc883', 16)
+    evRSA_exp1 = long(
+        '00c1d2ef3906331c52aca64811f9fe425beb2898322fb3db51032ce8d7e9'
+        'fc32240be92019cf2480fcd5e329837127118b2a59a1bfe06c883e3a4447'
+        'f3f031cd9aebd0b8d368fc79740d2cce8eadb324df7f091eafe1564361d5'
+        '4920b01b0471230e5e47d93f8ed33963c517bc4fc78f6d8b1f9eba85bcce'
+        'db7033026508db6285', 16)
+    evRSA_exp2 = long(
+        '008521b8db5694dfbe804a315f9efc9b65275c5490acf2a3456d65e6e610'
+        'bf9f647fc67501d4f5772f232ac70ccdef9fc2a6dfa415c7c41b6afc7af9'
+        'd07c3ca03f7ed93c09f0b99f2c304434322f1071709bbc1baa4c91575fa6'
+        'a959e07d4996956d95e22b57938b6e47c8d51ffedfc9bf888ce0d1a3e42b'
+        '65a89bed4b91d3e5f5', 16)
+    evRSA_coef = long(
+        '00dc497b06b920c8be0b0077b798e977eef744a90ec2c5d7e6cbb22448fa'
+        'c72da81a33180e0d8a02e831460c7fc7fd3a612f7b9930b61b799f8e908e'
+        '632e9ba0409b6aa70b03a3ba787426263b5bd5843df8476edb5d14f6a861'
+        '3ebaf5b9cd5ca42f5fbd2802e08e4e49e5709f5151510caa5ab2c1c6eb3e'
+        'fe9295d16e8c25c916', 16)
+
+    evRSA2040_N = long(
+        '00ca7020dc215f57914d343fae4a015111697af997a5ece91866499fc23f'
+        '1b88a118cbd30b10d91c7b9a0d4ee8972fcae56caf57f25fc1275a2a4dbc'
+        'b982428c32ef587bf2387410330a0ffb16b8029bd783969ef675f6de38c1'
+        '8f67193cb6c072f8b23d0b3374112627a57b90055771d9e62603f53788d7'
+        'f63afa724f5d108096df31f89f26b1eb5f7c4357980e008fcd55d827dd26'
+        '2395ca2f526a07897cc40c593b38716ebc0caa596719c6f29ac9b73a7a94'
+        '4748a3aa3e09e9eb4d461ea0027e540926614728b9d243975cf9a0541bef'
+        'd25e76b51f951110b0e7644fc7e38441791b6d2227384cb8004e23342372'
+        'b1cf5cc3e73e31b7bbefa160e6862ebb', 16)
+    evRSA2040_E = 65537L
+    evRSA2040_D = long(
+        '00b2db74bce92362abf72955a638ae8720ba3033bb7f971caf39188d7542'
+        'eaa1c1abb5d205b1e2111f4791c08911a2e141e8cfd7054702d23100b564'
+        '2c06e1a31b118afd1f9a2f396cced425c501d91435ca8656766ced2b93bb'
+        'b8669fce9bacd727d1dacb3dafabc3293e35389eef8ea0b58e1aeb1a20e6'
+        'a61f9fcd453f7567fe31d123b616a26fef4df1d6c9f7490111d028eefd1d'
+        '972045b1a242273dd7a67ebf111db2741a5a93c7b2289cc4a236f5a99a6e'
+        'c7a8206fdae1c1d04bdbb1980d4a298c5a17dae4186474a5f7835d882bce'
+        'f24aef4ed6f149f94d96c9f7d78e647fc778a9017ff208d3b4a1768b1821'
+        '62102cdab032fabbab38d5200a324649', 16)
+    evRSA2040_P = long(
+        '0f3844d0d4d4d6a21acd76a6fc370b8550e1d7ec5a6234172e790f0029ae'
+        '651f6d5c59330ab19802b9d7a207de7a1fb778e3774fdbdc411750633d8d'
+        '1b3fe075006ffcfd1d10e763c7a9227d2d5f0c2dade1c9e659c350a159d3'
+        '6bb986f12636d4f9942b288bc0fe21da8799477173144249ca2e389e6c5c'
+        '25aa78c8cad7d4df', 16)
+    evRSA2040_Q = long(
+        '0d4d0bedd1962f07a1ead6b23a4ed67aeaf1270f052a6d29ba074945c636'
+        '1a5c4f8f07bf859e067aed3f4e6e323ef2aa8a6acd340b0bdc7cfe4fd329'
+        'e3c97f870c7f7735792c6aa9d0f7e7542a28ed6f01b0e55a2b8d9c24a65c'
+        '6da314c95484f5c7c3954a81bb016b07ed17ee9b06039695bca059a79f8d'
+        'c2423d328d5265a5', 16)
+    evRSA2040_exp1 = long(
+        '09f29a2ff05be8a96d614ba31b08935420a86c6bc42b99a6692ea0da5763'
+        'f01e596959b7ddce73ef9c2e4f6e5b40710887500d44ba0c3cd3132cba27'
+        '475f39c2df7552e2d123a2497a4f97064028769a48a3624657f72bf539f3'
+        'd0de234feccd3be8a0aa90c6bf6e9b0bed43070a24d061ff3ed1751a3ef2'
+        'ff7f6b90b9dbd5fb', 16)
+    evRSA2040_exp2 = long(
+        '01a659e170cac120a03be1cf8f9df1caa353b03593bd7476e5853bd874c2'
+        '87388601c6c341ce9d1d284a5eef1a3a669d32b816a5eaecd8b7844fe070'
+        '64b9bca0c2b318d540277b3f7f1510d386bb36e03b04771e5d229e88893e'
+        '13b753bfb94518bb638e2404bd6e6a993c1668d93fc0b82ff08aaf34347d'
+        '3fe8397108c87ca5', 16)
+    evRSA2040_coef = long(
+        '040257c0d4a21c0b9843297c65652db66304fb263773d728b6abfa06d37a'
+        'c0ca62c628023e09e37dc0a901e4ce1224180e2582a3aa4b6a1a7b98e2bd'
+        '70077aec14ac8ab66a755c71e0fc102471f9bbc1b46a95aa0b645f2c38e7'
+        '6450289619ea3f5e8ae61037bffcf8249f22aa4e76e2a01909f3feb290ce'
+        '93edf57b10ebe796', 16)
+
+    rsa2040_N = long(
+        '00bac0652fdfbc0055882ffbaeaceec88fa2d083c297dd5d40664dd3d90f'
+        '52f9aa02bd8a50fba16e0fd991878ef475f9b350d9f8e3eb2abd717ce327'
+        'b09788531f13df8e3e4e3b9d616bb8a41e5306eed2472163161051180127'
+        '6a4eb66f07331b5cbc8bcae7016a8f9b3d4f2ac4553c624cf5263bcb348e'
+        '8840de6612870960a792191b138fb217f765cec7bff8e94f16b39419bf75'
+        '04c59a7e4f79bd6d173e9c7bf3d9d2a4e73cc180b0590a73d584fb7fc9b5'
+        '4fa544607e53fc685c7a55fd44a81d4142b6af51ea6fa6cea52965a2e8c5'
+        'd84f3ca024d6fbb9b005b9651ce5d9f2ecf40ed404981a9ffc02636e311b'
+        '095c6332a0c87dc39271b5551481774b', 16)
+    rsa2040_E = 65537L
+    rsa2040_D = long(
+        '603db267df97555cbed86b8df355034af28f1eb7f3e7829d239bcc273a7c'
+        '7a69a10be8f21f1b6c4b02c6bae3731c3158b5bbff4605f57ab7b7b2a0cb'
+        'a2ec005a2db5b1ea6e0aceea5bc745dcd2d0e9d6b80d7eb0ea2bc08127bc'
+        'e35fa50c42cc411871ba591e23ba6a38484a33eff1347f907ee9a5a92a23'
+        '11bb0b435510020f78e3bb00099db4d1182928096505fcba84f3ca1238fd'
+        '1eba5eea1f391bbbcc5424b168063fc17e1ca6e1912ccba44f9d0292308a'
+        '1fedb80612529b39f59d0a3f8180b5ba201132197f93a5815ded938df8e7'
+        'd93c9b15766588f339bb59100afda494a7e452d7dd4c9a19ce2ec3a33a18'
+        'b20f0b4dade172bee19f26f0dcbe41', 16)
+    rsa2040_P = long(
+        '0ec3869cb92d406caddf7a319ab29448bc505a05913707873361fc5b986a'
+        '499fb65eeb815a7e37687d19f128087289d9bb8818e7bcca502c4900ad9a'
+        'ece1179be12ff3e467d606fc820ea8f07ac9ebffe2236e38168412028822'
+        '3e42dbe68dfd972a85a6447e51695f234da7911c67c9ab9531f33df3b994'
+        '32d4ee88c9a4efbb', 16)
+    rsa2040_Q = long(
+        '0ca63934549e85feac8e0f5604303fd1849fe88af4b7f7e1213283bbc7a2'
+        'c2a509f9273c428c68de3db93e6145f1b400bd6d4a262614e9043ad362d4'
+        'eba4a6b995399c8934a399912199e841d8e8dbff0489f69e663796730b29'
+        '80530b31cb70695a21625ea2adccc09d930516fa872211a91e22dd89fd9e'
+        'b7da8574b72235b1', 16)
+    rsa2040_exp1 = long(
+        '0d7d3a75e17f65f8a658a485c4095c10a4f66979e2b73bca9cf8ef21253e'
+        '1facac6d4791f58392ce8656f88f1240cc90c29653e3100c6d7a38ed44b1'
+        '63b339e5f3b6e38912126c69b3ceff2e5192426d9649b6ffca1abb75d2ba'
+        '2ed6d9a26aa383c5973d56216ff2edb90ccf887742a0f183ac92c94cf187'
+        '657645c7772d9ad7', 16)
+    rsa2040_exp2 = long(
+        '03f550194c117f24bea285b209058032f42985ff55acebe88b16df9a3752'
+        '7b4e61dc91a68dbc9a645134528ce5f248bda2893c96cb7be79ee73996c7'
+        'c22577f6c2f790406f3472adb3b211b7e94494f32c5c6fcc0978839fe472'
+        '4c31b06318a2489567b4fca0337acb1b841227aaa5f6c74800a2306929f0'
+        '2ce038bad943df41', 16)
+    rsa2040_coef = long(
+        '080a7dbfa8c2584814c71664c56eb62ce4caf16afe88d4499159d674774a'
+        '3a3ecddf1256c02fc91525c527692422d0aba94e5c41ee12dc71bb66f867'
+        '9fa17e096f28080851ba046eb31885c1414e8985ade599d907af17453d1c'
+        'caea2c0d06443f8367a6be154b125e390ee0d90f746f08801dd3f5367f59'
+        'fba2e5a67c05f375', 16)
+
+    rsa1024_N = long(
+        '00d3a97440101eba8c5df9503e6f935eb52ffeb3ebe9d0dc5cace26f973c'
+        'a94cbc0d9c31d66c0c013bce9c82d0d480328df05fb6bcd7990a5312ddae'
+        '6152ad6ee61c8c1bdd8663c68bd36224a9882ae78e89f556dfdbe6f51da6'
+        '112cbfc27c8a49336b41afdb75321b52b24a7344d1348e646351a551c757'
+        '1ccda0b8fe35f61a75', 16)
+    rsa1024_E = 65537L
+    rsa1024_D = long(
+        '5b6708e185548fc07ff062dba3792363e106ff9177d60ee3227162391024'
+        '1813f958a318f26db8b6a801646863ebbc69190d6c2f5e7723433e99666d'
+        '76b3987892cd568f1f18451e8dc05477c0607ee348380ebb7f4c98d0c036'
+        'a0260bc67b2dab46cbaa4ce87636d839d8fddcbae2da3e02e8009a21225d'
+        'd7e47aff2f82699d', 16)
+    rsa1024_P = long(
+        '00fcdee570323e8fc399dbfc63d8c1569546fb3cd6886c628668ab1e1d0f'
+        'ca71058febdf76d702970ad6579d80ac2f9521075e40ef8f3f39983bd819'
+        '07e898bad3', 16)
+    rsa1024_Q = long(
+        '00d64801c955b4eb75fbae230faa8b28c9cc5e258be63747ff5ac8d2af25'
+        '3e9f6d6ce03ea2eb13ae0eb32572feb848c32ca00743635374338fedacd8'
+        'c5885f7897', 16)
+    rsa1024_exp1 = long(
+        '76c0526d5b1b28368a75d5d42a01b9a086e20b9310241e2cd2d0b166a278'
+        'c694ff1e9d25d9193d47789b52bb0fa194de1af0b77c09007f12afdfeef9'
+        '58d108c3', 16)
+    rsa1024_exp2 = long(
+        '008a41898d8b14217c4d782cbd15ef95d0a660f45ed09a4884f4e170367b'
+        '946d2f20398b907896890e88fe17b54bd7febe133ebc7720c86fe0649cca'
+        '7ca121e05f', 16)
+    rsa1024_coef = long(
+        '22db133445f7442ea2a0f582031ee214ff5f661972986f172651d8d6b4ec'
+        '3163e99bff1c82fe58ec3d075c6d8f26f277020edb77c3ba821b9ba3ae18'
+        'ff8cb2cb', 16)
+
+    rsa1016_N = long(
+        '00d29bb12fb84fddcd29b3a519cb66c43b8d8f8be545ba79384ce663ed03'
+        'df75991600eb920790d2530cece544db99a71f05896a3ed207165534aa99'
+        '057e47c47e3bc81ada6fa1e12e37268b5046a55268f9dad7ccb485d81a2e'
+        '19d50d4f0b6854acaf6d7be69d9a083136e15afa8f53c1c8c84fc6077279'
+        'dd0e55d7369a5bdd', 16)
+    rsa1016_E = 65537L
+    rsa1016_D = long(
+        '3c4965070bf390c251d5a2c5277c5b5fd0bdee85cad7fe2b27982bb28511'
+        '4a507004036ae1cf8ae54b25e4db39215abd7e903f618c2d8b2f08cc6cd1'
+        '2dbccd72205e4945b6b3df389e5e43de0a148bb2c84e2431fdbe5920b044'
+        'bb272f45ecff0721b7dfb60397fc613a9ea35c22300530cae8f9159c534d'
+        'f3bf0910951901', 16)
+    rsa1016_P = long(
+        '0f9f17597c85b8051b9c69afb55ef576c996dbd09047d0ccde5b9d60ea5c'
+        '67fe4fac67be803f4b6ac5a3f050f76b966fb14f5cf105761e5ade6dd960'
+        'b183ba55', 16)
+    rsa1016_Q = long(
+        '0d7b637112ce61a55168c0f9c9386fb279ab40cba0d549336bba65277263'
+        'aac782611a2c81d9b635cf78c40018859e018c5e9006d12e3d2ee6f346e7'
+        '9fa43369', 16)
+    rsa1016_exp1 = long(
+        '09fd6c9a3ea6e91ae32070f9fc1c210ff9352f97be5d1eeb951bb39681e9'
+        'dc5b672a532221b3d8900c9a9d99b9d0a4e102dc450ca1b87b0b1389de65'
+        '16c0ae0d', 16)
+    rsa1016_exp2 = long(
+        '0141b832491b7dd4a83308920024c79cae64bd447df883bb4c5672a96bab'
+        '48b7123b34f26324452cdceb17f21e570e347cbe2fd4c2d8f9910eac2cb6'
+        'd895b8c9', 16)
+    rsa1016_coef = long(
+        '0458dd6aee18c88b2f9b81f1bc3075ae20dc1f9973d20724f20b06043d61'
+        '47c8789d4a07ae88bc82c8438c893e017b13947f62e0b18958a31eb664b1'
+        '9e64d3e0', 16)
+
+    def __init__(self, specification):
+        if specification == 'default':
+            self.RSA_N = self.sharedRSA_N
+            self.RSA_E = self.sharedRSA_E
+            self.RSA_D = self.sharedRSA_D
+            self.RSA_P = self.sharedRSA_P
+            self.RSA_Q = self.sharedRSA_Q
+            self.RSA_exp1 = self.sharedRSA_exp1
+            self.RSA_exp2 = self.sharedRSA_exp2
+            self.RSA_coef = self.sharedRSA_coef
+        elif specification == 'alternate':
+            self.RSA_N = self.alternateRSA_N
+            self.RSA_E = self.alternateRSA_E
+            self.RSA_D = self.alternateRSA_D
+            self.RSA_P = self.alternateRSA_P
+            self.RSA_Q = self.alternateRSA_Q
+            self.RSA_exp1 = self.alternateRSA_exp1
+            self.RSA_exp2 = self.alternateRSA_exp2
+            self.RSA_coef = self.alternateRSA_coef
+        elif specification == 'ev':
+            self.RSA_N = self.evRSA_N
+            self.RSA_E = self.evRSA_E
+            self.RSA_D = self.evRSA_D
+            self.RSA_P = self.evRSA_P
+            self.RSA_Q = self.evRSA_Q
+            self.RSA_exp1 = self.evRSA_exp1
+            self.RSA_exp2 = self.evRSA_exp2
+            self.RSA_coef = self.evRSA_coef
+        elif specification == 'evRSA2040':
+            self.RSA_N = self.evRSA2040_N
+            self.RSA_E = self.evRSA2040_E
+            self.RSA_D = self.evRSA2040_D
+            self.RSA_P = self.evRSA2040_P
+            self.RSA_Q = self.evRSA2040_Q
+            self.RSA_exp1 = self.evRSA2040_exp1
+            self.RSA_exp2 = self.evRSA2040_exp2
+            self.RSA_coef = self.evRSA2040_coef
+        elif specification == 'rsa2040':
+            self.RSA_N = self.rsa2040_N
+            self.RSA_E = self.rsa2040_E
+            self.RSA_D = self.rsa2040_D
+            self.RSA_P = self.rsa2040_P
+            self.RSA_Q = self.rsa2040_Q
+            self.RSA_exp1 = self.rsa2040_exp1
+            self.RSA_exp2 = self.rsa2040_exp2
+            self.RSA_coef = self.rsa2040_coef
+        elif specification == 'rsa1024':
+            self.RSA_N = self.rsa1024_N
+            self.RSA_E = self.rsa1024_E
+            self.RSA_D = self.rsa1024_D
+            self.RSA_P = self.rsa1024_P
+            self.RSA_Q = self.rsa1024_Q
+            self.RSA_exp1 = self.rsa1024_exp1
+            self.RSA_exp2 = self.rsa1024_exp2
+            self.RSA_coef = self.rsa1024_coef
+        elif specification == 'rsa1016':
+            self.RSA_N = self.rsa1016_N
+            self.RSA_E = self.rsa1016_E
+            self.RSA_D = self.rsa1016_D
+            self.RSA_P = self.rsa1016_P
+            self.RSA_Q = self.rsa1016_Q
+            self.RSA_exp1 = self.rsa1016_exp1
+            self.RSA_exp2 = self.rsa1016_exp2
+            self.RSA_coef = self.rsa1016_coef
+        else:
+            raise UnknownKeySpecificationError(specification)
+
+    def toDER(self):
+        privateKeyInfo = PrivateKeyInfo()
+        privateKeyInfo.setComponentByName('version', 0)
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier.setComponentByName('algorithm', rfc2459.rsaEncryption)
+        algorithmIdentifier.setComponentByName('parameters', univ.Null())
+        privateKeyInfo.setComponentByName('privateKeyAlgorithm', algorithmIdentifier)
+        rsaPrivateKey = RSAPrivateKey()
+        rsaPrivateKey.setComponentByName('version', 0)
+        rsaPrivateKey.setComponentByName('modulus', self.RSA_N)
+        rsaPrivateKey.setComponentByName('publicExponent', self.RSA_E)
+        rsaPrivateKey.setComponentByName('privateExponent', self.RSA_D)
+        rsaPrivateKey.setComponentByName('prime1', self.RSA_P)
+        rsaPrivateKey.setComponentByName('prime2', self.RSA_Q)
+        rsaPrivateKey.setComponentByName('exponent1', self.RSA_exp1)
+        rsaPrivateKey.setComponentByName('exponent2', self.RSA_exp2)
+        rsaPrivateKey.setComponentByName('coefficient', self.RSA_coef)
+        rsaPrivateKeyEncoded = encoder.encode(rsaPrivateKey)
+        privateKeyInfo.setComponentByName('privateKey', univ.OctetString(rsaPrivateKeyEncoded))
+        return encoder.encode(privateKeyInfo)
+
+    def toPEM(self):
+        output = '-----BEGIN PRIVATE KEY-----'
+        der = self.toDER()
+        b64 = base64.b64encode(der)
+        while b64:
+            output += '\n' + b64[:64]
+            b64 = b64[64:]
+        output += '\n-----END PRIVATE KEY-----'
+        return output
+
+    def asSubjectPublicKeyInfo(self):
+        """Returns a subject public key info representing
+        this key for use by pyasn1."""
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier.setComponentByName('algorithm', rfc2459.rsaEncryption)
+        algorithmIdentifier.setComponentByName('parameters', univ.Null())
+        spki = rfc2459.SubjectPublicKeyInfo()
+        spki.setComponentByName('algorithm', algorithmIdentifier)
+        rsaKey = RSAPublicKey()
+        rsaKey.setComponentByName('N', univ.Integer(self.RSA_N))
+        rsaKey.setComponentByName('E', univ.Integer(self.RSA_E))
+        subjectPublicKey = univ.BitString(byteStringToHexifiedBitString(encoder.encode(rsaKey)))
+        spki.setComponentByName('subjectPublicKey', subjectPublicKey)
+        return spki
+
+    def sign(self, data, hashAlgorithmName):
+        """Returns a hexified bit string representing a
+        signature by this key over the specified data.
+        Intended for use with pyasn1.type.univ.BitString"""
+        rsaPrivateKey = rsa.PrivateKey(self.RSA_N, self.RSA_E, self.RSA_D, self.RSA_P, self.RSA_Q)
+        signature = rsa.sign(data, rsaPrivateKey, hashAlgorithmName)
+        return byteStringToHexifiedBitString(signature)
+
+
+ecPublicKey = univ.ObjectIdentifier('1.2.840.10045.2.1')
+secp256k1 = univ.ObjectIdentifier('1.3.132.0.10')
+secp224r1 = univ.ObjectIdentifier('1.3.132.0.33')
+secp256r1 = univ.ObjectIdentifier('1.2.840.10045.3.1.7')
+secp384r1 = univ.ObjectIdentifier('1.3.132.0.34')
+secp521r1 = univ.ObjectIdentifier('1.3.132.0.35')
+
+# ecc.curves.DOMAINS uses a 5-tuple to define curves.
+# The first number is p where F_p is the finite field of the curve.
+# The second number is the order n of the base point G.
+# The third number is the parameter b of the definition of the curve
+#   E: y^2 = x^3 + ax + b (a in this case is 0)
+# The fourth and fifth numbers constitute the base point G.
+secp256k1Params = (long('fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 16),
+                   long('fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16),
+                   7,
+                   long('79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', 16),
+                   long('483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', 16))
+
+def longToEvenLengthHexString(val):
+    h = format(val, 'x')
+    if not len(h) % 2 == 0:
+        h = '0' + h
+    return h
+
+def notRandom(n):
+    return n * '\x04'
+
+class ECCKey(object):
+    secp256k1Encoded = str('08fd87b04fba98090100004035ee7c7289d8fef7a8'
+        '6afe5da66d8bc2ebb6a8543fd2fead089f45ce7acd0fa64382a9500c41dad'
+        '770ffd4b511bf4b492eb1238800c32c4f76c73a3f3294e7c5002067cebc20'
+        '8a5fa3df16ec2bb34acc59a42ab4abb0538575ca99b92b6a2149a04f')
+
+    secp224r1Encoded = str('0ee5587c4d18526f00e00038668d72cca6fd6a1b35'
+        '57b5366104d84408ecb637f08e8c86bbff82cc00e88f0066d7af63c3298ba'
+        '377348a1202b03b37fd6b1ff415aa311e001c04389459926c3296c242b83e'
+        '10a6cd2011c8fe2dae1b772ea5b21067')
+
+    secp256r1Encoded = str('cb872ac99cd31827010000404fbfbbbb61e0f8f9b1'
+        'a60a59ac8704e2ec050b423e3cf72e923f2c4f794b455c2a69d233456c36c'
+        '4119d0706e00eedc8d19390d7991b7b2d07a304eaa04aa6c000202191403d'
+        '5710bf15a265818cd42ed6fedf09add92d78b18e7a1e9feb95524702')
+
+    secp384r1Encoded = str('d3103f5ac81741e801800060a1687243362b5c7b18'
+        '89f379154615a1c73fb48dee863e022915db608e252de4b7132da8ce98e83'
+        '1534e6a9c0c0b09c8d639ade83206e5ba813473a11fa330e05da8c96e4383'
+        'fe27873da97103be2888cff002f05af71a1fddcc8374aa6ea9ce0030035c7'
+        'a1b10d9fafe837b64ad92f22f5ced0789186538669b5c6d872cec3d926122'
+        'b393772b57602ff31365efe1393246')
+
+    secp521r1Encoded = str('77f4b0ac81948ddc02090084014cdc9cacc4794109'
+        '6bc9cc66752ec27f597734fa66c62b792f88c519d6d37f0d16ea1c483a182'
+        '7a010b9128e3a08070ca33ef5f57835b7c1ba251f6cc3521dc42b01065345'
+        '1981b445d343eed3782a35d6cff0ff484f5a883d209f1b9042b726703568b'
+        '2f326e18b833bdd8aa0734392bcd19501e10d698a79f53e11e0a22bdd2aad'
+        '900042014f3284fa698dd9fe1118dd331851cdfaac5a3829278eb8994839d'
+        'e9471c940b858c69d2d05e8c01788a7d0b6e235aa5e783fc1bee807dcc386'
+        '5f920e12cf8f2d29')
+
+    def __init__(self, specification=None):
+        if specification == 'secp256k1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp256k1Encoded))
+            self.keyOID = secp256k1
+        elif specification == 'secp224r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp224r1Encoded))
+            self.keyOID = secp224r1
+        elif specification == 'secp256r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp256r1Encoded))
+            self.keyOID = secp256r1
+        elif specification == 'secp384r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp384r1Encoded))
+            self.keyOID = secp384r1
+        elif specification == 'secp521r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp521r1Encoded))
+            self.keyOID = secp521r1
+        else:
+            raise UnknownKeySpecificationError(specification)
+
+    def asSubjectPublicKeyInfo(self):
+        """Returns a subject public key info representing
+        this key for use by pyasn1."""
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier.setComponentByName('algorithm', ecPublicKey)
+        algorithmIdentifier.setComponentByName('parameters', self.keyOID)
+        spki = rfc2459.SubjectPublicKeyInfo()
+        spki.setComponentByName('algorithm', algorithmIdentifier)
+        # We need to extract the point that represents this key.
+        # The library encoding of the key is an 8-byte id, followed by 2
+        # bytes for the key length in bits, followed by the point on the
+        # curve (represented by two python longs). There appear to also
+        # be 2 bytes indicating the length of the point as encoded, but
+        # Decoder takes care of that.
+        encoded = self.key.encode()
+        _, _, points = encoding.Decoder(encoded).int(8).int(2).point(2).out()
+        # '04' indicates that the points are in uncompressed form.
+        hexifiedBitString = "'%s%s%s'H" % ('04', longToEvenLengthHexString(points[0]),
+                                           longToEvenLengthHexString(points[1]))
+        subjectPublicKey = univ.BitString(hexifiedBitString)
+        spki.setComponentByName('subjectPublicKey', subjectPublicKey)
+        return spki
+
+    def sign(self, data, hashAlgorithmName):
+        """Returns a hexified bit string representing a
+        signature by this key over the specified data.
+        Intended for use with pyasn1.type.univ.BitString"""
+        # There is some non-determinism in ECDSA signatures. Work around
+        # this by patching ecc.ecdsa.urandom to not be random.
+        with mock.patch('ecc.ecdsa.urandom', side_effect=notRandom):
+            # For some reason Key.sign returns an encoded point.
+            # Decode it so we can encode it as a BITSTRING consisting
+            # of a SEQUENCE of two INTEGERs.
+            # Also patch in secp256k1 if applicable.
+            if self.keyOID == secp256k1:
+                with mock.patch('ecc.curves.DOMAINS', {256: secp256k1Params}):
+                    x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName))
+            else:
+                x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName))
+            point = ECPoint()
+            point.setComponentByName('x', x)
+            point.setComponentByName('y', y)
+            return byteStringToHexifiedBitString(encoder.encode(point))
+
+
+def keyFromSpecification(specification):
+    """Pass in a specification, get the appropriate key back."""
+    if specification.startswith('secp'):
+        return ECCKey(specification)
+    else:
+        return RSAKey(specification)
+
+# The build harness will call this function with an output file-like
+# object and a path to a file containing a specification. This will
+# read the specification and output the key as ASCII-encoded PKCS #8.
+def main(output, inputPath):
+    with open(inputPath) as configStream:
+        output.write(keyFromSpecification(configStream.read().strip()).toPEM())
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the certificate as PEM to stdout.
+if __name__ == '__main__':
+    print keyFromSpecification(sys.stdin.read()).toPEM()
diff --git a/security/manager/ssl/tests/unit/sss_readstate_child_worker.js b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
new file mode 100644
index 000000000..166ab9ed3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
@@ -0,0 +1,25 @@
+/* import-globals-from head_psm.js */
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "expired.example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "notexpired.example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "includesubdomains.preloaded.test", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains.preloaded.test", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "incsubdomain.example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "sub.incsubdomain.example.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains2.preloaded.test", 0));
+  do_test_finished();
+}
diff --git a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
new file mode 100644
index 000000000..2b07828c8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
@@ -0,0 +1,45 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests that adding a certificate already present in the certificate database
+// with different trust bits than those stored in the database does not result
+// in the new trust bits being ignored.
+
+do_get_profile();
+var certDB = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+function load_cert(cert, trust) {
+  let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem";
+  addCertFromFile(certDB, file, trust);
+}
+
+function getDERString(cert) {
+  let derString = "";
+  for (let rawByte of cert.getRawDER({})) {
+    derString += String.fromCharCode(rawByte);
+  }
+  return derString;
+}
+
+function run_test() {
+  load_cert("ca", "CTu,CTu,CTu");
+  load_cert("int-limited-depth", "CTu,CTu,CTu");
+  let file = "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem";
+  let cert_pem = readFile(do_get_file(file));
+  let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem));
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  // Change the already existing intermediate certificate's trust using
+  // addCertFromBase64(). We use findCertByNickname first to ensure that the
+  // certificate already exists.
+  let int_cert = certDB.findCertByNickname("int-limited-depth");
+  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
+  let base64_cert = btoa(getDERString(int_cert));
+  certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
+  checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLServer);
+}
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build b/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build
new file mode 100644
index 000000000..b911380a4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build
@@ -0,0 +1,19 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'no-san-old.pem',
+#    'no-san-older.pem',
+#    'no-san-recent.pem',
+#    'san-contains-no-hostnames-old.pem',
+#    'san-contains-no-hostnames-older.pem',
+#    'san-contains-no-hostnames-recent.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem
new file mode 100644
index 000000000..4a0032f43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUS00fexo4Y4FagP1oiKQiGCJKd/swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAnooFCIG4D5EQxpe6EcB3gXE2Cj5kMBvO5H+OobaVRd4kIxET+MChwsN2nuwy
+xooA/P2M+9W/S3KP/K8L1tlyf/8J2xlr349MhULhCKG7XxpEQZl6sVjaeDLwWrEK
+2Ts1jPgCTufdfPYBcO3rb4HSdHNfFlhB98dfgSakXqXzUZ9sz2VxmAeL6tLvspG9
+tH5viWFc+lv1J3/Jtzk79hleDsiIdcjTjC/bM/Y49jkNOBxru4Qrw5AZuveoVy/G
+2axz89wBpjLYjI0KtVxCf8dutcVW7UwFKQywmo7QDqha61f0f8I6oCYXsDPK9FPf
+WLIrK1TT3YxdhN7QIRu6J8ttBQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec
new file mode 100644
index 000000000..7a34d0758
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20160724-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem
new file mode 100644
index 000000000..370cafc8f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUZ3gdKZRvWFYArMRStT2zAGE6JDQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAn81HiHxHv7Mhq16XWoD6ttEu9sllOHssw452wRdIieM2XcMIi5DPI81XDhqk
+5Zw/pUDfWxNFLq92JM2UArF7RtWICBYqi4UJcdnrMb84rwOVdgt9sDQYdamqj5qF
+90XpTOIA+ZyfAMXxJpJTEC9WN1rc3cK6Epv0+7KqE6FBa5aH8uAYXAb/+eKmtwY/
+ELQWT2jsoplihEw8aJsXTR9M9y2UudxPhqgA7lPpstbOMNuw2xg8oWBnqgZGRGvH
+7Afu2CoxEmYbxXnO6cJ30/pAuVLnVpmJg1n7DLT8is+2fUiOMyuve7KAjxuAo3KT
+XEiTdgDBOOO+gIY532x/jErbRA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec
new file mode 100644
index 000000000..aa682a7af
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20150724-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem
new file mode 100644
index 000000000..f901f613b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUWxGwhSb8roUQoLNpJajl0X8jk10wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEADs0POeb1wJthEcg1nRYRcPgcNHsV1yVCkHMyfmssA1rgWXsp93PRVaCyZYgI
+Dq+8QJtAYpdcChFcEYeGjcjLv49Dh+yiiZPPbRWKJB0y3v+13A74M1q+IQFoQWAh
+L5GzAEjApsB1j/csRfDNjIwcP1WApN1iZ2NPxFU+PAIFhcmm+uD2doDtQfpMN9vi
+HEg5H1x7JOufOZlN+zbnPK+Ob7N13pFd/P/IO8XhA/X8by4G45oh0deyELf9zVcW
+4flslHPYthp4LDEyPvTP52jHn/yTO/m8cxKmCZOuwiw4DWfSVUy6irUs8W5SlfS8
+gI2Ctb+G5YvSffsPYwkUg3Hg7g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec
new file mode 100644
index 000000000..e38478165
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20160824-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem
new file mode 100644
index 000000000..2d6821a7c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUL/Gibj3iILbh9idTh3u9XTSwzqIwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj
+pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL
+A4IBAQAtCjzHSdXdAyaC5Qyw77gFwQKECHDAimgze1Nvgkyiv4LJLSuFZ84jnLIL
+PM+iRxrxeBOdNy8PNIaDadFb5NoovmdLTG08ZjNjJoXOt5JufIHQrUzrcZy1aP7z
+rWXED1QcwyKkoOAOqr5hOZ3pmu67a1vJgjZ8H4dVhfFkmSVGPG/6mTvn9H4N/AEo
+K+M7BW1WMnNexsV5mMvlUUdfZP0J3o9oI9msH6uH92xU6jIHpgcm6plXfpOBGQfB
+g6EUGD4znDe24ljbaohFATWw5c09kkOQNg/H6DQpb1Vi6k+X62Zgj5UR79zx53e+
+3Wo3Iu+hJUfNwyNk7KVF+r1wsUdA
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec
new file mode 100644
index 000000000..41817bde7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20160724-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem
new file mode 100644
index 000000000..0465f5da5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUTePOoF7EmrE46xg5zgyv8RLxEhYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj
+pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL
+A4IBAQCdicLQK5tTHkNs58IySxDedV+BqQYxvNZN3cfrqzFdehS4OzVe8hQkwKhJ
+5PpOfkh86KxoBActVL8AtP+mIBZ765qEFPhGEFMfEhqattsO6BluMNTB7ZP8HeDm
+/oCI7Ae5u+Yr5IvjBNSv5fpY7sfDiM4oqXBolJYkR+YTu+GSKYhLZTtiHhG1/Jgw
+yzBzWkfYxIW7EOe2t99krNWpPaf1MyUXO3Pj/7qfURMDeocaAvPGw7tqCZ0nsbOe
+rJvNVZDMaPbOVQKsSSyIrEDfBlQViG10eQIUaURuAY4hJs6AoLvS5b3EaxAQAWtJ
+okbLuSVbj7giOF84hkcFM3hE1FTs
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec
new file mode 100644
index 000000000..65acf0b02
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20150724-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem
new file mode 100644
index 000000000..fc8b5b48a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUUwz+d++GVy8L6Lxi9GVnzG6yUCEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj
+pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL
+A4IBAQCdKXA+1XhcpKdyjeJjEEUm9ptoS8tKJt/vdGUPCByzlD71OJGsiXorTcGY
+V2sgbGCmxA8dnxG8bPQMFdAZ2hRjWjZ/Hs18SDbMAONjzgiPlwUWRZldb2Th7WX3
+7a+1uMsT1rEsgmip7FuJjqW0qEyuHFRTt47aK0GJRX42VC5kJVMX8ujl8ucqSSNa
+PRh6IPQgIxSchu79weP+YIxMz3GDvNuu6z4QWdkzQrnYqSJpLgNGPAdAxFCgsok3
+5rFNhadGNv6RqrG00HmXPBTTq6T8rQEsbQZQZ4eensb0HxdiQyX4XGnMeEpElTwO
+LHziGIW2jBA9v5FJVBCC9QQysNby
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec
new file mode 100644
index 000000000..140c20143
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20160824-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
new file mode 100644
index 000000000..8917671b8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
@@ -0,0 +1,188 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// The preference security.pki.name_matching_mode controls whether or not
+// mozilla::pkix will fall back to using a certificate's subject common name
+// during name matching. If the Baseline Requirements are followed, fallback
+// should not be necessary (because any name information in the subject common
+// name should be present in the subject alternative name extension). Due to
+// compatibility concerns, the platform can be configured to fall back for
+// certificates that are valid before 23 August 2016. Note that for certificates
+// issued by an imported root, the platform will fall back if necessary,
+// regardless of the value of the preference.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+function certFromFile(certName) {
+  return constructCertFromFile(`test_baseline_requirements/${certName}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(gCertDB, `test_baseline_requirements/${certName}.pem`,
+                  trustString);
+}
+
+function checkCertOn25August2016(cert, expectedResult) {
+  // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
+  const VALIDATION_TIME = 1472083200;
+  checkCertErrorGenericAtTime(gCertDB, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME, {},
+                              "example.com");
+}
+
+function run_test() {
+  do_register_cleanup(() => {
+    Services.prefs.clearUserPref("security.pki.name_matching_mode");
+    Services.prefs.clearUserPref("security.test.built_in_root_hash");
+  });
+
+  loadCertWithTrust("ca", "CTu,,");
+
+  // When verifying a certificate, if the trust anchor is not a built-in root,
+  // name matching will fall back to using the subject common name if necessary
+  // (i.e. if there is no subject alternative name extension or it does not
+  // contain any dNSName or iPAddress entries). Thus, since imported roots are
+  // not in general treated as built-ins, these should all successfully verify
+  // regardless of the value of the pref.
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
+  do_print("current mode: always fall back, root not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
+  do_print("current mode: fall back for notBefore < August 23, 2016, root " +
+           "not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
+  do_print("current mode: fall back for notBefore < August 23, 2015, root " +
+           "not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
+  do_print("current mode: never fall back, root not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  // In debug builds, we can treat an imported root as a built-in, and thus we
+  // can actually test the different values of the pref.
+  if (isDebugBuild) {
+    let root = certFromFile("ca");
+    Services.prefs.setCharPref("security.test.built_in_root_hash",
+                               root.sha256Fingerprint);
+
+    // Always fall back if necessary.
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
+    do_print("current mode: always fall back, root built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            PRErrorCodeSuccess);
+
+    // Only fall back if notBefore < 23 August 2016
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
+    do_print("current mode: fall back for notBefore < August 23, 2016, root " +
+             "built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            PRErrorCodeSuccess);
+
+    // Only fall back if notBefore < 23 August 2015
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
+    do_print("current mode: fall back for notBefore < August 23, 2015, root " +
+             "built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            PRErrorCodeSuccess);
+
+    // Never fall back.
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
+    do_print("current mode: never fall back, root built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import.js b/security/manager/ssl/tests/unit/test_certDB_import.js
new file mode 100644
index 000000000..f53fbf0ef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import.js
@@ -0,0 +1,118 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the various nsIX509CertDB import methods.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+const CA_CERT_COMMON_NAME = "importedCA";
+const TEST_EMAIL_ADDRESS = "test@example.com";
+
+let gCACertImportDialogCount = 0;
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  confirmDownloadCACert: (ctx, cert, trust) => {
+    gCACertImportDialogCount++;
+    equal(cert.commonName, CA_CERT_COMMON_NAME,
+          "CA cert to import should have the correct CN");
+    trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
+    return true;
+  },
+  setPKCS12FilePassword: (ctx, password) => {
+    // This is only relevant to exporting.
+    ok(false, "setPKCS12FilePassword() should not have been called");
+  },
+  getPKCS12FilePassword: (ctx, password) => {
+    // We don't test anything that calls this method yet.
+    ok(false, "getPKCS12FilePassword() should not have been called");
+  },
+  viewCert: (ctx, cert) => {
+    // This shouldn't be called for import methods.
+    ok(false, "viewCert() should not have been called");
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs])
+};
+
+// Implements nsIInterfaceRequestor. Mostly serves to mock nsIPrompt.
+const gInterfaceRequestor = {
+  alert: (title, text) => {
+    // We don't test anything that calls this method yet.
+    ok(false, `alert() should not have been called: ${text}`);
+  },
+
+  getInterface: iid => {
+    if (iid.equals(Ci.nsIPrompt)) {
+      return this;
+    }
+
+    throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+  }
+};
+
+function getCertAsByteArray(certPath) {
+  let certFile = do_get_file(certPath, false);
+  let certBytes = readFile(certFile);
+
+  let byteArray = [];
+  for (let i = 0; i < certBytes.length; i++) {
+    byteArray.push(certBytes.charCodeAt(i));
+  }
+
+  return byteArray;
+}
+
+function testImportCACert() {
+  // Sanity check the CA cert is missing.
+  throws(() => gCertDB.findCertByNickname(CA_CERT_COMMON_NAME),
+         /NS_ERROR_FAILURE/,
+         "CA cert should not be in the database before import");
+
+  // Import and check for success.
+  let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem");
+  gCertDB.importCertificates(caArray, caArray.length, Ci.nsIX509Cert.CA_CERT,
+                             gInterfaceRequestor);
+  equal(gCACertImportDialogCount, 1,
+        "Confirmation dialog for the CA cert should only be shown once");
+
+  let caCert = gCertDB.findCertByNickname(CA_CERT_COMMON_NAME);
+  notEqual(caCert, null, "CA cert should now be found in the database");
+  ok(gCertDB.isCertTrusted(caCert, Ci.nsIX509Cert.CA_CERT,
+                           Ci.nsIX509CertDB.TRUSTED_EMAIL),
+     "CA cert should be trusted for e-mail");
+}
+
+function run_test() {
+  // We have to set a password and login before we attempt to import anything.
+  // In particular, the SQL NSS DB requires the user to be authenticated to set
+  // certificate trust settings, which we do when we import CA certs.
+  loginToDBWithDefaultPassword();
+
+  let certificateDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
+                           gCertificateDialogs);
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+  });
+
+  // Sanity check the e-mail cert is missing.
+  throws(() => gCertDB.findCertByEmailAddress(TEST_EMAIL_ADDRESS),
+         /NS_ERROR_FAILURE/,
+         "E-mail cert should not be in the database before import");
+
+  // Import the CA cert so that the e-mail import succeeds.
+  testImportCACert();
+
+  // Import the e-mail cert and check for success.
+  let emailArray = getCertAsByteArray("test_certDB_import/emailEE.pem");
+  gCertDB.importEmailCertificate(emailArray, emailArray.length,
+                                 gInterfaceRequestor);
+  notEqual(gCertDB.findCertByEmailAddress(TEST_EMAIL_ADDRESS), null,
+           "E-mail cert should now be found in the database");
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx
new file mode 100644
index 000000000..e969d672d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
new file mode 100644
index 000000000..72b6371e2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUKTBs2ocwnIM+g29rcb+FMc8RTWswCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCmltcG9ydGVkQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowITEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAATALBgkqhkiG9w0BAQsDggEBAFbtBnvVJEYh/Zq1mZuQXasaqD0Xp0s3hxEr
+hDkrSh2uQ/lm3lvHuDLodI2cSYJz9A/ona2QHt9Rb9X7CmWFQ8DJtF1aiWLFlqgd
+muaib0gSusRZr2cC+N7N35tmVO/gLlESlhQh40ORgSgMg+K8Vj3QwML5NSc91B7I
+dCxZx5sZFl2HacOlQ0BFHqyk4tyPXxFLm5Ky56e2g52pCbWRkUbD2ScuxpoAd79E
+n3FQYSZFn/AdrbSoko/+3AzNvHNCtqs8XAC4rE2dEuRYBjTF+ge4hGJqMFCRiCzN
+2thjCmenbilKlLWL5fqNdaJqrMKD0Yp9AQhkICoIKXIJFquf9eQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec
new file mode 100644
index 000000000..0528bc624
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec
@@ -0,0 +1,2 @@
+issuer:importedCA
+subject:/emailAddress=test@example.com
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
new file mode 100644
index 000000000..77ec4cbac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAbKgAwIBAgIUe4uNcR4KmHzd+jhffWz/NeLVWEUwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCmltcG9ydGVkQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKaW1wb3J0ZWRDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYD
+VR0TBAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAKENtK8hNu6JqM9B5OZWOrS8HT+j
+ij9DiGh/rY9vf+2RywnR3RKq7yUO/GalAVbPP6OQBF+6qUJ4kQ6DO6XX7hKiB46n
+XeVsxE9PawM/tsZszu/u2f3252AhDKgiy+doqtx4dbjBlCZxjtNEAu6EVHbseyBT
+0C7+ILcmWXw6ZR4m9u7KoeHc2PMbYtj0YLveWgCXm7vIGw0Tl3eMZqsY1dG4LC3z
+7vbr9HcLCpxOiUVfmLKs0l6nhbdoedNZ8zQDPFAI4ME3Em+7MNf+SRL0L45J0Sok
+CqDbTn2fPlwEVsZqhq2475CXIzRpHxeF4Z0bB0vtXWH2oq+T3x7xqGxEmDU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec
new file mode 100644
index 000000000..b16825354
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:importedCA
+subject:importedCA
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/moz.build b/security/manager/ssl/tests/unit/test_certDB_import/moz.build
new file mode 100644
index 000000000..0c973c9e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See Bug 1256495.
+#test_certificates = (
+#    'emailEE.pem',
+#    'importedCA.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
new file mode 100644
index 000000000..56e17855a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
@@ -0,0 +1,92 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests import PKCS12 file by nsIX509CertDB.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+const CERT_COMMON_NAME = "test_cert_from_windows";
+const TEST_CERT_PASSWORD = "黒い";
+
+let gGetPKCS12Password = false;
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs]),
+
+  getPKCS12FilePassword: (ctx, password) => {
+    ok(!gGetPKCS12Password,
+       "getPKCS12FilePassword should be called only once.");
+
+    password.value = TEST_CERT_PASSWORD;
+    do_print("getPKCS12FilePassword() is called");
+    gGetPKCS12Password = true;
+    return true;
+  },
+};
+
+const gPrompt = {
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIPrompt]),
+  alert: (title, text) => {
+    do_print("alert('" + text + "')");
+  },
+};
+
+const gPromptFactory = {
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIPromptFactory]),
+  getPrompt: (aWindow, aIID) => gPrompt,
+};
+
+function doesCertExist(commonName) {
+  let allCerts = gCertDB.getCerts();
+  let enumerator = allCerts.getEnumerator();
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+    if (cert.isBuiltInRoot) {
+      continue;
+    }
+    if (cert.commonName == commonName) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+function testImportPKCS12Cert() {
+  ok(!doesCertExist(CERT_COMMON_NAME),
+     "Cert should not be in the database before import");
+
+  // Import and check for success.
+  let certFile = do_get_file("test_certDB_import/cert_from_windows.pfx");
+  gCertDB.importPKCS12File(null, certFile);
+
+  ok(gGetPKCS12Password, "PKCS12 password should be asked");
+
+  ok(doesCertExist(CERT_COMMON_NAME),
+     "Cert should now be found in the database");
+}
+
+function run_test() {
+  // We have to set a password and login before we attempt to import anything.
+  loginToDBWithDefaultPassword();
+
+  let certificateDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
+                           gCertificateDialogs);
+  let promptFactoryCID =
+    MockRegistrar.register("@mozilla.org/prompter;1", gPromptFactory);
+
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+    MockRegistrar.unregister(promptFactoryCID);
+  });
+
+  // Import PKCS12 file with utf-8 password
+  testImportPKCS12Cert();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_blocklist.js b/security/manager/ssl/tests/unit/test_cert_blocklist.js
new file mode 100644
index 000000000..75688b58a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@@ -0,0 +1,362 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test checks a number of things:
+// * it ensures that data loaded from revocations.txt on startup is present
+// * it ensures that certItems in blocklist.xml are persisted correctly
+// * it ensures that items in the CertBlocklist are seen as revoked by the
+//   cert verifier
+// * it does a sanity check to ensure other cert verifier behavior is
+//   unmodified
+
+// First, we need to setup appInfo for the blocklist service to work
+var id = "xpcshell@tests.mozilla.org";
+var appName = "XPCShell";
+var version = "1";
+var platformVersion = "1.9.2";
+Cu.import("resource://testing-common/AppInfo.jsm", this);
+/*global updateAppInfo:false*/ // Imported via AppInfo.jsm.
+updateAppInfo({
+  name: appName,
+  ID: id,
+  version: version,
+  platformVersion: platformVersion ? platformVersion : "1.0",
+  crashReporter: true,
+});
+
+// we need to ensure we setup revocation data before certDB, or we'll start with
+// no revocation.txt in the profile
+var gProfile = do_get_profile();
+
+// Write out an empty blocklist.xml file to the profile to ensure nothing
+// is blocklisted by default
+var blockFile = gProfile.clone();
+blockFile.append("blocklist.xml");
+var stream = Cc["@mozilla.org/network/file-output-stream;1"]
+               .createInstance(Ci.nsIFileOutputStream);
+stream.init(blockFile,
+  FileUtils.MODE_WRONLY | FileUtils.MODE_CREATE | FileUtils.MODE_TRUNCATE,
+  FileUtils.PERMS_FILE, 0);
+
+var data = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+           "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">\n" +
+           "</blocklist>\n";
+stream.write(data, data.length);
+stream.close();
+
+const PREF_BLOCKLIST_UPDATE_ENABLED = "services.blocklist.update_enabled";
+const PREF_ONECRL_VIA_AMO = "security.onecrl.via.amo";
+
+var gRevocations = gProfile.clone();
+gRevocations.append("revocations.txt");
+if (!gRevocations.exists()) {
+  let existing = do_get_file("test_onecrl/sample_revocations.txt", false);
+  existing.copyTo(gProfile, "revocations.txt");
+}
+
+var certDB = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+// set up a test server to serve the blocklist.xml
+var testserver = new HttpServer();
+
+var initialBlocklist = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+    "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">" +
+    // test with some bad data ...
+    "<certItems><certItem issuerName='Some nonsense in issuer'>" +
+    "<serialNumber>AkHVNA==</serialNumber>" +
+    "</certItem><certItem issuerName='MA0xCzAJBgNVBAMMAmNh'>" +
+    "<serialNumber>some nonsense in serial</serialNumber>" +
+    "</certItem><certItem issuerName='some nonsense in both issuer'>" +
+    "<serialNumber>and serial</serialNumber></certItem>" +
+    // some mixed
+    // In this case, the issuer name and the valid serialNumber correspond
+    // to test-int.pem in bad_certs/
+    "<certItem issuerName='MBIxEDAOBgNVBAMMB1Rlc3QgQ0E='>" +
+    "<serialNumber>oops! more nonsense.</serialNumber>" +
+    "<serialNumber>BVio/iQ21GCi2iUven8oJ/gae74=</serialNumber></certItem>" +
+    // ... and some good
+    // In this case, the issuer name and the valid serialNumber correspond
+    // to other-test-ca.pem in bad_certs/ (for testing root revocation)
+    "<certItem issuerName='MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E='>" +
+    "<serialNumber>exJUIJpq50jgqOwQluhVrAzTF74=</serialNumber></certItem>" +
+    // This item corresponds to an entry in sample_revocations.txt where:
+    // isser name is "another imaginary issuer" base-64 encoded, and
+    // serialNumbers are:
+    // "serial2." base-64 encoded, and
+    // "another serial." base-64 encoded
+    // We need this to ensure that existing items are retained if they're
+    // also in the blocklist
+    "<certItem issuerName='YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy'>" +
+    "<serialNumber>c2VyaWFsMi4=</serialNumber>" +
+    "<serialNumber>YW5vdGhlciBzZXJpYWwu</serialNumber></certItem>" +
+    // This item revokes same-issuer-ee.pem by subject and pubKeyHash.
+    "<certItem subject='MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5'" +
+    " pubKeyHash='VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8='>" +
+    "</certItem></certItems></blocklist>";
+
+var updatedBlocklist = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+    "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">" +
+    "<certItems>" +
+    "<certItem issuerName='something new in both the issuer'>" +
+    "<serialNumber>and the serial number</serialNumber></certItem>" +
+    "</certItems></blocklist>";
+
+
+var blocklists = {
+  "/initialBlocklist/": initialBlocklist,
+  "/updatedBlocklist/": updatedBlocklist
+};
+
+function serveResponse(request, response) {
+  do_print("Serving for path " + request.path + "\n");
+  response.write(blocklists[request.path]);
+}
+
+for (var path in blocklists) {
+  testserver.registerPathHandler(path, serveResponse);
+}
+
+// start the test server
+testserver.start(-1);
+var port = testserver.identity.primaryPort;
+
+// Setup the addonManager
+var addonManager = Cc["@mozilla.org/addons/integration;1"]
+                     .getService(Ci.nsIObserver)
+                     .QueryInterface(Ci.nsITimerCallback);
+addonManager.observe(null, "addons-startup", null);
+
+var converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                  .createInstance(Ci.nsIScriptableUnicodeConverter);
+converter.charset = "UTF-8";
+
+function verify_cert(file, expectedError) {
+  let ee = constructCertFromFile(file);
+  checkCertErrorGeneric(certDB, ee, expectedError, certificateUsageSSLServer);
+}
+
+// The certificate blocklist currently only applies to TLS server certificates.
+function verify_non_tls_usage_succeeds(file) {
+  let ee = constructCertFromFile(file);
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+}
+
+function load_cert(cert, trust) {
+  let file = "bad_certs/" + cert + ".pem";
+  addCertFromFile(certDB, file, trust);
+}
+
+function test_is_revoked(certList, issuerString, serialString, subjectString,
+                         pubKeyString) {
+  let issuer = converter.convertToByteArray(issuerString ? issuerString : '',
+                                            {});
+
+  let serial = converter.convertToByteArray(serialString ? serialString : '',
+                                            {});
+
+  let subject = converter.convertToByteArray(subjectString ? subjectString : '',
+                                             {});
+
+  let pubKey = converter.convertToByteArray(pubKeyString ? pubKeyString : '',
+                                            {});
+
+  return certList.isCertRevoked(issuer,
+                                issuerString ? issuerString.length : 0,
+                                serial,
+                                serialString ? serialString.length : 0,
+                                subject,
+                                subjectString ? subjectString.length : 0,
+                                pubKey,
+                                pubKeyString ? pubKeyString.length : 0);
+}
+
+function fetch_blocklist(blocklistPath) {
+  do_print("path is " + blocklistPath + "\n");
+  let certblockObserver = {
+    observe: function(aSubject, aTopic, aData) {
+      Services.obs.removeObserver(this, "blocklist-updated");
+      run_next_test();
+    }
+  };
+
+  Services.obs.addObserver(certblockObserver, "blocklist-updated", false);
+  Services.prefs.setCharPref("extensions.blocklist.url",
+                              `http://localhost:${port}/${blocklistPath}`);
+  let blocklist = Cc["@mozilla.org/extensions/blocklist;1"]
+                    .getService(Ci.nsITimerCallback);
+  blocklist.notify(null);
+}
+
+function check_revocations_txt_contents(expected) {
+  let profile = do_get_profile();
+  let revocations = profile.clone();
+  revocations.append("revocations.txt");
+  ok(revocations.exists(), "the revocations file should exist");
+  let inputStream = Cc["@mozilla.org/network/file-input-stream;1"]
+                      .createInstance(Ci.nsIFileInputStream);
+  inputStream.init(revocations, -1, -1, 0);
+  inputStream.QueryInterface(Ci.nsILineInputStream);
+  let contents = "";
+  let hasmore = false;
+  do {
+    let line = {};
+    hasmore = inputStream.readLine(line);
+    contents += (contents.length == 0 ? "" : "\n") + line.value;
+  } while (hasmore);
+  equal(contents, expected, "revocations.txt should be as expected");
+}
+
+function run_test() {
+  // import the certificates we need
+  load_cert("test-ca", "CTu,CTu,CTu");
+  load_cert("test-int", ",,");
+  load_cert("other-test-ca", "CTu,CTu,CTu");
+
+  let certList = Cc["@mozilla.org/security/certblocklist;1"]
+                  .getService(Ci.nsICertBlocklist);
+
+  let expected = "# Auto generated contents. Do not edit.\n" +
+                 "MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5\n" +
+                 "\tVCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=\n" +
+                 "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=\n" +
+                 " BVio/iQ21GCi2iUven8oJ/gae74=\n" +
+                 "MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E=\n" +
+                 " exJUIJpq50jgqOwQluhVrAzTF74=\n" +
+                 "YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" +
+                 " YW5vdGhlciBzZXJpYWwu\n" +
+                 " c2VyaWFsMi4=";
+
+  // This test assumes OneCRL updates via AMO
+  Services.prefs.setBoolPref(PREF_BLOCKLIST_UPDATE_ENABLED, false);
+  Services.prefs.setBoolPref(PREF_ONECRL_VIA_AMO, true);
+
+  add_test(function () {
+    // check some existing items in revocations.txt are blocked. Since the
+    // CertBlocklistItems don't know about the data they contain, we can use
+    // arbitrary data (not necessarily DER) to test if items are revoked or not.
+    // This test corresponds to:
+    // issuer: c29tZSBpbWFnaW5hcnkgaXNzdWVy
+    // serial: c2VyaWFsLg==
+    ok(test_is_revoked(certList, "some imaginary issuer", "serial."),
+      "issuer / serial pair should be blocked");
+
+    // This test corresponds to:
+    // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+    // serial: c2VyaWFsLg==
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial."),
+      "issuer / serial pair should be blocked");
+
+    // And this test corresponds to:
+    // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+    // serial: c2VyaWFsMi4=
+    // (we test this issuer twice to ensure we can read multiple serials)
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+      "issuer / serial pair should be blocked");
+
+    // Soon we'll load a blocklist which revokes test-int.pem, which issued
+    // test-int-ee.pem.
+    // Check the cert validates before we load the blocklist
+    let file = "test_onecrl/test-int-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    // The blocklist also revokes other-test-ca.pem, which issued
+    // other-ca-ee.pem. Check the cert validates before we load the blocklist
+    file = "bad_certs/other-issuer-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    // The blocklist will revoke same-issuer-ee.pem via subject / pubKeyHash.
+    // Check the cert validates before we load the blocklist
+    file = "test_onecrl/same-issuer-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    run_next_test();
+  });
+
+  // blocklist load is async so we must use add_test from here
+  add_test(function() {
+    fetch_blocklist("initialBlocklist/");
+  });
+
+  add_test(function() {
+    // The blocklist will be loaded now. Let's check the data is sane.
+    // In particular, we should still have the revoked issuer / serial pair
+    // that was in both revocations.txt and the blocklist.xml
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+      "issuer / serial pair should be blocked");
+
+    // Check that both serials in the certItem with multiple serials were read
+    // properly
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+       "issuer / serial pair should be blocked");
+    ok(test_is_revoked(certList, "another imaginary issuer", "another serial."),
+       "issuer / serial pair should be blocked");
+
+    // test a subject / pubKey revocation
+    ok(test_is_revoked(certList, "nonsense", "more nonsense",
+       "some imaginary subject", "some imaginary pubkey"),
+       "issuer / serial pair should be blocked");
+
+    // Check the blocklist entry has been persisted properly to the backing
+    // file
+    check_revocations_txt_contents(expected);
+
+    // Check the blocklisted intermediate now causes a failure
+    let file = "test_onecrl/test-int-ee.pem";
+    verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    verify_non_tls_usage_succeeds(file);
+
+    // Check the ee with the blocklisted root also causes a failure
+    file = "bad_certs/other-issuer-ee.pem";
+    verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    verify_non_tls_usage_succeeds(file);
+
+    // Check the ee blocked by subject / pubKey causes a failure
+    file = "test_onecrl/same-issuer-ee.pem";
+    verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    verify_non_tls_usage_succeeds(file);
+
+    // Check a non-blocklisted chain still validates OK
+    file = "bad_certs/default-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    // Check a bad cert is still bad (unknown issuer)
+    file = "bad_certs/unknownissuer.pem";
+    verify_cert(file, SEC_ERROR_UNKNOWN_ISSUER);
+
+    // check that save with no further update is a no-op
+    let lastModified = gRevocations.lastModifiedTime;
+    // add an already existing entry
+    certList.revokeCertByIssuerAndSerial("YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy",
+                                         "c2VyaWFsMi4=");
+    certList.saveEntries();
+    let newModified = gRevocations.lastModifiedTime;
+    equal(lastModified, newModified,
+          "saveEntries with no modifications should not update the backing file");
+
+    run_next_test();
+  });
+
+  // disable AMO cert blocklist - and check blocklist.xml changes do not
+  // affect the data stored.
+  add_test(function() {
+    Services.prefs.setBoolPref("security.onecrl.via.amo", false);
+    fetch_blocklist("updatedBlocklist/");
+  });
+
+  add_test(function() {
+    // Check the blocklist entry has not changed
+    check_revocations_txt_contents(expected);
+    run_next_test();
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_chains.js b/security/manager/ssl/tests/unit/test_cert_chains.js
new file mode 100644
index 000000000..8abcb4e65
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -0,0 +1,134 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+function build_cert_chain(certNames) {
+  let certList = Cc["@mozilla.org/security/x509certlist;1"]
+                   .createInstance(Ci.nsIX509CertList);
+  certNames.forEach(function(certName) {
+    let cert = constructCertFromFile("bad_certs/" + certName + ".pem");
+    certList.addCert(cert);
+  });
+  return certList;
+}
+
+function test_cert_equals() {
+  let certA = constructCertFromFile("bad_certs/default-ee.pem");
+  let certB = constructCertFromFile("bad_certs/default-ee.pem");
+  let certC = constructCertFromFile("bad_certs/expired-ee.pem");
+
+  ok(certA != certB,
+     "Cert objects constructed from the same file should not be equal" +
+     " according to the equality operators");
+  ok(certA.equals(certB),
+     "equals() on cert objects constructed from the same cert file should" +
+     " return true");
+  ok(!certA.equals(certC),
+     "equals() on cert objects constructed from files for different certs" +
+     " should return false");
+}
+
+function test_cert_list_serialization() {
+  let certList = build_cert_chain(['default-ee', 'expired-ee']);
+
+  // Serialize the cert list to a string
+  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
+                    .getService(Ci.nsISerializationHelper);
+  certList.QueryInterface(Ci.nsISerializable);
+  let serialized = serHelper.serializeToString(certList);
+
+  // Deserialize from the string and compare to the original object
+  let deserialized = serHelper.deserializeObject(serialized);
+  deserialized.QueryInterface(Ci.nsIX509CertList);
+  ok(certList.equals(deserialized),
+     "Deserialized cert list should equal the original");
+}
+
+function test_security_info_serialization(securityInfo, expectedErrorCode) {
+  // Serialize the securityInfo to a string
+  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
+                    .getService(Ci.nsISerializationHelper);
+  let serialized = serHelper.serializeToString(securityInfo);
+
+  // Deserialize from the string and compare to the original object
+  let deserialized = serHelper.deserializeObject(serialized);
+  deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
+  equal(securityInfo.securityState, deserialized.securityState,
+        "Original and deserialized security state should match");
+  equal(securityInfo.errorMessage, deserialized.errorMessage,
+        "Original and deserialized error message should match");
+  equal(securityInfo.errorCode, expectedErrorCode,
+        "Original and expected error code should match");
+  equal(deserialized.errorCode, expectedErrorCode,
+        "Deserialized and expected error code should match");
+}
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  // Test nsIX509Cert.equals
+  add_test(function() {
+    test_cert_equals();
+    run_next_test();
+  });
+
+  // Test serialization of nsIX509CertList
+  add_test(function() {
+    test_cert_list_serialization();
+    run_next_test();
+  });
+
+  // Test successful connection (failedCertChain should be null)
+  add_connection_test(
+    // re-use pinning certs (keeler)
+    "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
+    function withSecurityInfo(aTransportSecurityInfo) {
+      aTransportSecurityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+      test_security_info_serialization(aTransportSecurityInfo, 0);
+      equal(aTransportSecurityInfo.failedCertChain, null,
+            "failedCertChain for a successful connection should be null");
+    }
+  );
+
+  // Test overrideable connection failure (failedCertChain should be non-null)
+  add_connection_test(
+    "expired.example.com",
+    SEC_ERROR_EXPIRED_CERTIFICATE,
+    null,
+    function withSecurityInfo(securityInfo) {
+      securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+      test_security_info_serialization(securityInfo, SEC_ERROR_EXPIRED_CERTIFICATE);
+      notEqual(securityInfo.failedCertChain, null,
+               "failedCertChain should not be null for an overrideable" +
+               " connection failure");
+      let originalCertChain = build_cert_chain(["expired-ee", "test-ca"]);
+      ok(originalCertChain.equals(securityInfo.failedCertChain),
+         "failedCertChain should equal the original cert chain for an" +
+         " overrideable connection failure");
+    }
+  );
+
+  // Test non-overrideable error (failedCertChain should be non-null)
+  add_connection_test(
+    "inadequatekeyusage.example.com",
+    SEC_ERROR_INADEQUATE_KEY_USAGE,
+    null,
+    function withSecurityInfo(securityInfo) {
+      securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+      test_security_info_serialization(securityInfo, SEC_ERROR_INADEQUATE_KEY_USAGE);
+      notEqual(securityInfo.failedCertChain, null,
+               "failedCertChain should not be null for a non-overrideable" +
+               " connection failure");
+      let originalCertChain = build_cert_chain(["inadequatekeyusage-ee", "test-ca"]);
+      ok(originalCertChain.equals(securityInfo.failedCertChain),
+         "failedCertChain should equal the original cert chain for a" +
+         " non-overrideable connection failure");
+    }
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_dbKey.js b/security/manager/ssl/tests/unit/test_cert_dbKey.js
new file mode 100644
index 000000000..ca47a4997
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_dbKey.js
@@ -0,0 +1,146 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// This test tests that the nsIX509Cert.dbKey and nsIX509CertDB.findCertByDBKey
+// APIs work as expected. That is, getting a certificate's dbKey and using it
+// in findCertByDBKey should return the same certificate. Also, for backwards
+// compatibility, findCertByDBKey should ignore any whitespace in its input
+// (even though now nsIX509Cert.dbKey will never have whitespace in it).
+
+function hexStringToBytes(hex) {
+  let bytes = [];
+  for (let hexByteStr of hex.split(":")) {
+    bytes.push(parseInt(hexByteStr, 16));
+  }
+  return bytes;
+}
+
+function encodeCommonNameAsBytes(commonName) {
+  // The encoding will look something like this (in hex):
+  // 30 (SEQUENCE) <length of contents>
+  //    31 (SET) <length of contents>
+  //       30 (SEQUENCE) <length of contents>
+  //          06 (OID) 03 (length)
+  //             55 04 03 (id-at-commonName)
+  //          0C (UTF8String) <length of common name>
+  //             <common name bytes>
+  // To make things simple, it would be nice to have the length of each
+  // component be less than 128 bytes (so we can have single-byte lengths).
+  // For this to hold, the maximum length of the contents of the outermost
+  // SEQUENCE must be 127. Everything not in the contents of the common name
+  // will take up 11 bytes, so the value of the common name itself can be at
+  // most 116 bytes.
+  ok(commonName.length <= 116,
+     "test assumption: common name can't be longer than 116 bytes (makes " +
+     "DER encoding easier)");
+  let commonNameOIDBytes = [ 0x06, 0x03, 0x55, 0x04, 0x03 ];
+  let commonNameBytes = [ 0x0C, commonName.length ];
+  for (let i = 0; i < commonName.length; i++) {
+    commonNameBytes.push(commonName.charCodeAt(i));
+  }
+  let bytes = commonNameOIDBytes.concat(commonNameBytes);
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x30); // SEQUENCE
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x31); // SET
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x30); // SEQUENCE
+  return bytes;
+}
+
+function testInvalidDBKey(certDB, dbKey) {
+  throws(() => certDB.findCertByDBKey(dbKey), /NS_ERROR_ILLEGAL_INPUT/,
+         `findCertByDBKey(${dbKey}) should raise NS_ERROR_ILLEGAL_INPUT`);
+}
+
+function testDBKeyForNonexistentCert(certDB, dbKey) {
+  let cert = certDB.findCertByDBKey(dbKey);
+  ok(!cert, "shouldn't find cert for given dbKey");
+}
+
+function byteArrayToByteString(bytes) {
+  let byteString = "";
+  for (let b of bytes) {
+    byteString += String.fromCharCode(b);
+  }
+  return byteString;
+}
+
+function run_test() {
+  do_get_profile();
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  let cert = constructCertFromFile("bad_certs/test-ca.pem");
+  equal(cert.issuerName, "CN=" + cert.issuerCommonName,
+        "test assumption: this certificate's issuer distinguished name " +
+        "consists only of a common name");
+  let issuerBytes = encodeCommonNameAsBytes(cert.issuerCommonName);
+  ok(issuerBytes.length < 256,
+     "test assumption: length of encoded issuer is less than 256 bytes");
+  let serialNumberBytes = hexStringToBytes(cert.serialNumber);
+  ok(serialNumberBytes.length < 256,
+     "test assumption: length of encoded serial number is less than 256 bytes");
+  let dbKeyHeader = [ 0, 0, 0, 0, 0, 0, 0, 0,
+                      0, 0, 0, serialNumberBytes.length,
+                      0, 0, 0, issuerBytes.length ];
+  let expectedDbKeyBytes = dbKeyHeader.concat(serialNumberBytes, issuerBytes);
+  let expectedDbKey = btoa(byteArrayToByteString(expectedDbKeyBytes));
+  equal(cert.dbKey, expectedDbKey,
+        "actual and expected dbKey values should match");
+
+  let certFromDbKey = certDB.findCertByDBKey(expectedDbKey);
+  ok(certFromDbKey.equals(cert),
+     "nsIX509CertDB.findCertByDBKey should find the right certificate");
+
+  ok(expectedDbKey.length > 64,
+     "test assumption: dbKey should be longer than 64 characters");
+  let expectedDbKeyWithCRLF = expectedDbKey.replace(/(.{64})/, "$1\r\n");
+  ok(expectedDbKeyWithCRLF.indexOf("\r\n") == 64,
+     "test self-check: adding CRLF to dbKey should succeed");
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF);
+  ok(certFromDbKey.equals(cert),
+     "nsIX509CertDB.findCertByDBKey should work with dbKey with CRLF");
+
+  let expectedDbKeyWithSpaces = expectedDbKey.replace(/(.{64})/, "$1  ");
+  ok(expectedDbKeyWithSpaces.indexOf("  ") == 64,
+     "test self-check: adding spaces to dbKey should succeed");
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces);
+  ok(certFromDbKey.equals(cert),
+     "nsIX509CertDB.findCertByDBKey should work with dbKey with spaces");
+
+  // Test some invalid dbKey values.
+  testInvalidDBKey(certDB, "AAAA"); // Not long enough.
+  // No header.
+  testInvalidDBKey(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, serialNumberBytes.length,
+      0, 0, 0, issuerBytes.length ].concat(serialNumberBytes, issuerBytes))));
+  testInvalidDBKey(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      255, 255, 255, 255, // serial number length is way too long
+      255, 255, 255, 255, // issuer length is way too long
+      0, 0, 0, 0 ])));
+  // Truncated issuer.
+  testInvalidDBKey(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      0, 0, 0, 1,
+      0, 0, 0, 10,
+      1,
+      1, 2, 3 ])));
+  // Issuer doesn't decode to valid common name.
+  testDBKeyForNonexistentCert(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      0, 0, 0, 1,
+      0, 0, 0, 3,
+      1,
+      1, 2, 3 ])));
+
+  // zero-length serial number and issuer -> no such certificate
+  testDBKeyForNonexistentCert(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      0, 0, 0, 0,
+      0, 0, 0, 0 ])));
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_eku.js b/security/manager/ssl/tests/unit/test_cert_eku.js
new file mode 100644
index 000000000..5a7e28de1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku.js
@@ -0,0 +1,131 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that the extended key usage extension is properly processed by the
+// platform when verifying certificates. There are already comprehensive tests
+// in mozilla::pkix itself, but these tests serve as integration tests to ensure
+// that the cases we're particularly concerned about are correctly handled.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(certName) {
+  return constructCertFromFile(`test_cert_eku/${certName}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, `test_cert_eku/${certName}.pem`, trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLServer);
+}
+
+function checkCertOn25August2016(cert, expectedResult) {
+  // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
+  const VALIDATION_TIME = 1472083200;
+  checkCertErrorGenericAtTime(certdb, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME);
+}
+
+function run_test() {
+  loadCertWithTrust("ca", "CTu,,");
+  // end-entity has id-kp-serverAuth => success
+  checkEndEntity(certFromFile("ee-SA"), PRErrorCodeSuccess);
+  // end-entity has id-kp-serverAuth => success
+  checkEndEntity(certFromFile("ee-SA-CA"), PRErrorCodeSuccess);
+  // end-entity has extended key usage, but id-kp-serverAuth is not present =>
+  // failure
+  checkEndEntity(certFromFile("ee-CA"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // end-entity has id-kp-serverAuth => success
+  checkEndEntity(certFromFile("ee-SA-nsSGC"), PRErrorCodeSuccess);
+
+  // end-entity has extended key usage, but id-kp-serverAuth is not present =>
+  // failure (in particular, Netscape Server Gated Crypto (also known as
+  // Netscape Step Up) is not an acceptable substitute for end-entity
+  // certificates).
+  // Verify this for all Netscape Step Up policy configurations.
+  // 0 = "always accept nsSGC in place of serverAuth for CA certificates"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // 1 = "accept nsSGC before 23 August 2016"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // 2 = "accept nsSGC before 23 August 2015"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // 3 = "never accept nsSGC"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+
+  // end-entity has id-kp-OCSPSigning, which is not acceptable for end-entity
+  // certificates being verified as TLS server certificates => failure
+  checkEndEntity(certFromFile("ee-SA-OCSP"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA", ",,");
+  checkEndEntity(certFromFile("ee-int-SA"), PRErrorCodeSuccess);
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA-CA", ",,");
+  checkEndEntity(certFromFile("ee-int-SA-CA"), PRErrorCodeSuccess);
+  // intermediate has extended key usage, but id-kp-serverAuth is not present
+  // => failure
+  loadCertWithTrust("int-CA", ",,");
+  checkEndEntity(certFromFile("ee-int-CA"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA-nsSGC", ",,");
+  checkEndEntity(certFromFile("ee-int-SA-nsSGC"), PRErrorCodeSuccess);
+
+  // Intermediate has Netscape Server Gated Crypto. Success will depend on the
+  // Netscape Step Up policy configuration and the notBefore property of the
+  // intermediate.
+  loadCertWithTrust("int-nsSGC-recent", ",,");
+  loadCertWithTrust("int-nsSGC-old", ",,");
+  loadCertWithTrust("int-nsSGC-older", ",,");
+  // 0 = "always accept nsSGC in place of serverAuth for CA certificates"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0);
+  do_print("Netscape Step Up policy: always accept");
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          PRErrorCodeSuccess);
+  // 1 = "accept nsSGC before 23 August 2016"
+  do_print("Netscape Step Up policy: accept before 23 August 2016");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          PRErrorCodeSuccess);
+  // 2 = "accept nsSGC before 23 August 2015"
+  do_print("Netscape Step Up policy: accept before 23 August 2015");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          PRErrorCodeSuccess);
+  // 3 = "never accept nsSGC"
+  do_print("Netscape Step Up policy: never accept");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+
+  // intermediate has id-kp-OCSPSigning, which is acceptable for CA
+  // certificates => success
+  loadCertWithTrust("int-SA-OCSP", ",,");
+  checkEndEntity(certFromFile("ee-int-SA-OCSP"), PRErrorCodeSuccess);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem
new file mode 100644
index 000000000..f9bc514d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaKgAwIBAgIUNRoMRQGf1ZJA3n83kdc6L92/CEowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MAsGCSqG
+SIb3DQEBCwOCAQEAs/WSLtD9nmferqrktS7n94DuJKXYIyVwANS+HUSP515q0zTY
+12Poo6n4UAJpAcO+MK2DhBREa3qtQBxxazmC6zAqvyOCE6l7YlzDXbjqLSfKn3ti
+JrltsfR/0P5zqLDPu2TaXaYey+dtGqvGINjRccB9OknroUH+jX7jWqGBL4Gz8IOR
+5I30FWKfDZTuhMNyBCVpCo5IL5VUdEgZsOlBe5jnGPtN7Q3LmFU91yoRXoOtp+e6
+94pZNhJqGfqLpH8ArRi5qr4QteCRSfvYFBusniJOLnGDi6K3Nh6iBvwPM8qSfQ5A
+Cj361pbNvT+OPpdlm9DFCh6k8jKhZ2fXXMHdtg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec
new file mode 100644
index 000000000..eb7c4b4be
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem
new file mode 100644
index 000000000..a92b75aab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUNTNJjnkkZVkSqyxFevGNL4LSwUowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBAxDjAMBgNVBAMMBWVlLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgkqhkiG9w0BAQsDggEBABqY2vFn+HYKesMyzER/V6bypmpBTSNerPdh
+cUaLKr0dIXqwhcNi1C/e4RVnMH/mQIru/ts5Q8g6FErgNaDk78fE329xvlxUF4d8
+3tagpgo58YXz0O+cTb9MjSb4esoq8wSb5/7XJwIOOUekGDucou3SJmjhc5PJsz1M
+tC0LZdS9/dW9isNC7cucG3iqqc7JeWi5wjnaDOlDa97fn307PDhoxpa/RCBOQHIu
+c4HAdZmVa7bfq3xHTCo7/tyDGRSVBkJoNPVQq87sHPUKjBETUFiIvwhwkQdE+Xav
+0cJeEbpH/v8dBtnIqSPdz/pNym0RAbj3vUxUefrwHf9vRkGI540=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec
new file mode 100644
index 000000000..d49cabaa2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-CA
+extension:extKeyUsage:clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem
new file mode 100644
index 000000000..e213e4494
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUJ0QK+zSmb5HCuQ8LczjgBonFNKgwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBMxETAPBgNVBAMMCGVlLVNBLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyEwHzAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IBAQBrWrTkqS66uaIJtips
+SYF7wyReLJVmft0oAR2cWejAJcW00smFFkAttsxhMw1ttSKF3y2++zfPe24ufIjL
+w1l2xa5dDPaHHS5dNvbcjmNWjb6zjErWd7d9fpMpeWA828Yy51hXViuj+DktVz+z
+XF+Q0v8oVgaIPRClhwzt40rjNUlXG7S6ZJP6pcCZuWeMryRfmCt4SBgqjUsFZBHu
+U2iPv+624W/Ov0jnpHi7TmHQY1veAvUEllnxXABMosWyrY2L8TPKIhi/5wWUtliH
+BWKJR5x4mS4tIrLUPPDB3tX/rATaX1MPO1x30UsYmj4PJg84j1o1mGdes1bKTTpb
+gwJF
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec
new file mode 100644
index 000000000..5250cc4a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-CA
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem
new file mode 100644
index 000000000..926ccbe8e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUF5x+VY327TZW9Rb4sP1wubzN60kwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLVNBLU9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjITAfMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBAA4WIwtwzwVqvYG6
+zemLkiA2Po4Y3gjucKY9WY/ko7PjSRjZs4CM4JbIEtnWJUe0HlDyDRO7csv8WABo
+15lrLhqGW/1vPVVuUUnpsDTiJN4cJnF7CLpT2GO/teYvmt1ZY+n5JhfI4FDO6t2x
+xsIgRv7SFMqwKv5OiqGAFScgkYnsNZa9q+aqzGNcTJbJXvLuiTpdUL1vxoT2iiYo
+rO/tlCnqAG9ryCS7/ZbiNytd3aOV0+Y64Sh7NoFbs3RJMNqGUklTL8qpaHgO3v0c
+mzI9eh7683imPMZ7o7EeEOHix0M/6G7fFP7XF46ww6skQKfPqhPtoGoxN0/zpJWI
+7VMlXFA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec
new file mode 100644
index 000000000..3b3eff9ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-OCSP
+extension:extKeyUsage:serverAuth,OCSPSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem
new file mode 100644
index 000000000..177e17a7f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAgIUO/vVDR6vZfT1VN3k7nnF9d2DfaQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLVNBLW5zU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyIwIDAeBgNVHSUEFzAV
+BggrBgEFBQcDAQYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEASeKD1BrhVCUv
+xLJWGeeMLQEmhC9jzTqPnkhVgdnQLVgbT6uGUBfb6thCqUwzkmqeSS3FwDlHrcuW
+mZtvRVjmTJtkXnqW0ItmrfmGBzcky6Yf1JFIKh4zcj2dWDX7Z2jL/G80M0Sd92gA
+dGNFK/7hJi8fK7GEwCsZuXrOF5V2tIJuBgSbadDP/BXkQQzdgJuymPlNNOQ2AUle
+UJdlMMeAHN46ElQmTJ5qFO/q+73RXx2X7GKh/zMjnFoZmOjv6kcHNVirLghwyn5A
+TzhUqyxYJIOesx2iToh3eounF5+ON+Tv24GZwHt8+LpywN4pbrvwdubiuTDgYBRC
+U8xbVBqd0Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec
new file mode 100644
index 000000000..4c51425ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-nsSGC
+extension:extKeyUsage:serverAuth,nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem
new file mode 100644
index 000000000..0b01c231a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUWQVaB4XyLq+dtmI7YOOKHIfM+xowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBAxDjAMBgNVBAMMBWVlLVNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgkqhkiG9w0BAQsDggEBAJqJhFqbvu7bF39gdfgp7zkiESuvlR1O9YNR
+42QE9E8vzXz7Yc3D6EDT54WmSRtbPa2y/LAeOQkUFV3vp5oFnHpU2dV5QH/p4clh
+oRG1hCr5sicPGTNpUuD/ZQrYAzFt/EtfdhNEq81lPS2GZ/mCy+mWE8jNBUnOVO2Y
+TtkAGJJafLEPghu5X4xQuxPJuPT1IycADL4bFxZUqRqoGUhcVeeGhUidz4I2q3rn
+qRvdMGbWXx4o343M4H3auQMiVAnUzkCZIyUN0n0T35JfckIwthZSffFF6oBy0RDJ
+bS/DoluvZ2NlJ8HIujgn0LOcJpKvxh7Yx1+5iBAM5+Hiwr0lQ6E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec
new file mode 100644
index 000000000..690f579af
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem
new file mode 100644
index 000000000..3e37a4a72
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZugAwIBAgIUGaRSC/MYTPhfTuLxPkyLSJSeh8swCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL
+A4IBAQAVnl1ZyAFD1Q9U9sWZZ4xqSV22f4eG8ox79yvIIQkb1kj4hsopxeRjwVMU
+uND1/J1ravsvPoTy/fdawYFTmeW65XzzXypnreSxM4O0J6DTEE1UNrvj3yb8RaWh
+JNBbjmcGKHDfU4CpQ28vgWKgPH4NzVnqvy9mMzbfkwBInfK1z+6PT9iQGaw5w1UI
+ML0uD15Vd7Tcx2YjUdxCeqBnyS295soWVHRqI32HsPRVSG0Xt7JVzmVtrGS/dyPk
+jrTFh6gd9tdcQf7sKDOQpwIRo5iE/uvRndXUe1kE48RQnt+VMJupQWA03Gxu3a0P
+pCx8oCJbwVyfNk+p6obXosFOTrPG
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec
new file mode 100644
index 000000000..670973930
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-CA
+subject:ee-int-CA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem
new file mode 100644
index 000000000..0c95864e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtzCCAaGgAwIBAgIUC68xy9MKWn3DXtSpmvrui0OyNr0wCwYJKoZIhvcNAQEL
+MBQxEjAQBgNVBAMMCWludC1TQS1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgw
+MjA1MDAwMDAwWjAXMRUwEwYDVQQDDAxlZS1pbnQtU0EtQ0EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZI
+hvcNAQELA4IBAQAVhShahEDEtyapGsFV7MvyyS9dqsmklEsnNAfJ+3yXb81yfYDG
+maQdAxVf/nNH71PYlOJOxTb9JeV26vf/mSFJOcwrODP5vMrUJdopo011QKsgm046
+qumgVfqPqPHhzpWBoQTNfQHpOV/iVKjBRZu+hD/x4LLlt4G8jVXwayG58t/d1/7Q
+Yv8a/2Dv+b07Q25EW0tgC8WraaP/KXPnbYArOu0sgWoRGMhc8fpswwSPas3xqrwz
+MtLDyfllAPZthvthTeeIUWdWClvpJqrBSqlTPBaS8AFCntaROQHNaAbzBCIdZZKg
+uZ9K9l3lUeUsDaNvVNuUKy5SXuno/wO/mr3Q
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec
new file mode 100644
index 000000000..bd012ab71
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-CA
+subject:ee-int-SA-CA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem
new file mode 100644
index 000000000..6f6b17601
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuzCCAaWgAwIBAgIUARy1oarqQUJskMjRknN9jLVwVHQwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC1TQS1PQ1NQMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBkxFzAVBgNVBAMMDmVlLWludC1TQS1PQ1NQMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsG
+CSqGSIb3DQEBCwOCAQEASPYSc13k95EbV7+XmbxGacDe4LXWsy4P+oUsbNaSLtA/
+3ojBL3IaznMNZ3O7fVdQoPGtN7SxPKZtC44GLx8va6i32pXhwBp29mcc3vjAUwnl
+3GsJmw7/KP9C/KGZpf46ofw7ORDSs+32NB7QuKssh+FMpIYblDMVISX2fNqEQ5qB
+BktkgWh8EsgwbCLqHapgtfY2i/y1MtKBLxpIfCqx59iMCbA90ZvuELpA+2F6ZtR8
+7BvgC4zJ0YgkYrQApPjM00aFBAtjGEnsFBCRfpBGDIavqgfZoUlzh1jw9pTbF5ux
+1jX+GL3TOF3DG2qhylJh+w2Dogyyc7G2n7mvGIHfSQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec
new file mode 100644
index 000000000..2374d248f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-OCSP
+subject:ee-int-SA-OCSP
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem
new file mode 100644
index 000000000..4345d995c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvTCCAaegAwIBAgIUTR//dWc2i2WpKXdEqfs1MgNXtVEwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC1TQS1uc1NHQzAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9lZS1pbnQtU0EtbnNTR0MwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEw
+CwYJKoZIhvcNAQELA4IBAQANPvkHZK6XUFOFNO0ZWRCOd8ZA4btmK1vttAOEMVWy
+GDVu2SoYDN6JW11wJr6L+V1P7cTF7e3+4sC0oS9LoTCPxie/6UAsyBUOQvl45dHw
+udRHJBPH04E8KWAa+odOK9McKgNt4oUA0DHm20eXDuISUEiV7R5N8XrpUweIgkFg
+iXJnOebZYV4lrIAC5CvFJ6ubUVdJ3rqQfrTMmJm4DYaS0zGEqglP/TGwLb9r9QdQ
+iJ0kktUZb3jiZYQAYZnSfGyiyy20bstt2WlXXTKKB5MBoDYW6mzL0NwwQOl6Nf6V
+UfglFYd9/E8bsa69VIlvGekfYcOdrAxsTMliayTIwKjG
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec
new file mode 100644
index 000000000..6c3cb6473
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-nsSGC
+subject:ee-int-SA-nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem
new file mode 100644
index 000000000..97ea224d6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZugAwIBAgIUczLFMp0nvVMly27yYa/Y6nG0kpEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1TQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtU0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL
+A4IBAQCaGWv/SDygA6tYqxX/ild+418YW5bTpTzUoWppENrVQ7WRdLAz91/9dhPS
+Y9znou5eLMVa7IoOqaNG4x7DvefqenYhKGDyQbVahOalsVVYTke901B9I6ci9wfp
+wsKBYkLDzedlOCZVzU8aWH+uBi5ZOOD0T8NcTQE5x9T0gExu7rUOLa91+4h8NRTY
+m1yyX9zSpZuY65qveSX47FR0QbPAjq5KNyUcGuQSjEf9fUsVXEC9QAuaQHJEROR2
+CKzbaqtRlLqv89B9OKVsbdstLTW/L7tRTQNpkjH2lLgxfGBPDy8eHSpVW/WvBKlu
+/WxDnqx2W8TrJKA/RIQ56MeaOP+b
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec
new file mode 100644
index 000000000..72ddb78df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA
+subject:ee-int-SA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem
new file mode 100644
index 000000000..703d5b29b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAamgAwIBAgIUG7btAHXGerwL88Jd7sb8IkeFKBkwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWludC1uc1NHQy1vbGQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGzEZMBcGA1UEAwwQZWUtaW50LW5zU0dDLW9sZDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+ATALBgkqhkiG9w0BAQsDggEBAA/82zxrEW1c/neIl0E5/KOr0NL/F4lAdN+WUTT+
+P2DSf8Ke0EKO9lgMZKDBptlPT/XzTvmzvT3tM8vjFdcOF+1QQtFqoQ2pwpg7lXTA
+2hh/gSNklJfWCSQkgVr07fCX0/ip7TM7R9pBhL+x5MSQxdF7xW9eFP8lE8dq3L93
+1iIApcexVSjb/MbGBr9rRe0LvdY5wRjbGPxCEyp/316CxXg29vWwYalW96CnZHnR
+SAl34xTEaLeHjC6eeDSt4Fna5obAEw/p8dcC6TnGkKHEcZ/wSRNU42K8kIR0Rjdh
+EyWRvajemwXDlKsLgRcWqN+nL8hn0O0yI9mKLxo6oQNsApA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec
new file mode 100644
index 000000000..c8444d337
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-nsSGC-old
+subject:ee-int-nsSGC-old
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem
new file mode 100644
index 000000000..45bab52a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwzCCAa2gAwIBAgIUV1Eo/pl5MBWjV8NHjvDSYjdoz9cwCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD2ludC1uc1NHQy1vbGRlcjAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAdMRswGQYDVQQDDBJlZS1pbnQtbnNTR0Mtb2xkZXIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAEwCwYJKoZIhvcNAQELA4IBAQCoka+kd2S/FnF34++D0mZ4xSeFqNU9ookP
+oKqeQp8wXUtemulTI0MKOFavJjzq82Vm1LJLoFf46lU3q6oTuH/ylj9VMJn9/Etm
+v+kJyjydlx1MVQUacQ+v+9QxwsYvt9KjgqSUDlwoh6BX8dKKFHgYKJJx7JyvyeHp
+5FfSlEEIFdwWb42bzx4a6Va3lA6svpWP5mDZOOwp6b9wP8Bw7WxXQgjYP8pOmwYy
+Q9inlnGCdTC2GhV5CNL+eq43eGdL/gAvQ1aCZPKovICxMzkv9f5Sx2nGcDUnqcJD
+kICrqJ6gjTm+Q86UOSxiIioVSDt2BZjbyhBj4wgjCzsM4zeMcx+l
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec
new file mode 100644
index 000000000..c5b12e8da
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-nsSGC-older
+subject:ee-int-nsSGC-older
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem
new file mode 100644
index 000000000..3bf0f2bac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUe35zCPUg4TWN0gQjqfNVjK8KFqgwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC1uc1NHQy1yZWNlbnQwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtaW50LW5zU0dDLXJlY2Vu
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAATALBgkqhkiG9w0BAQsDggEBAF2ltx1XJtzG/bhTsu/bo9qr3p9Um2Yr
+2aXMzX8GNR/wmxBHVhNjBMHzQeuDBbYOkssDXQThFn3qAvLixNkD3cFez5D2LG0o
+fR/Ftb7XDsEw6MdBNmjgrM1Sse3v6DOVKMcdoJ+HS7FZ4USbeJ0dkWvv4f1Secjk
+yo1mZx3nq9cw1qI5pnH95YncD8u2rzErWeZHpIRW7SxfabpPxhlUFFyywST11WEa
+bZa2H4h5oFBmE84gDteDjM8BA9PbuPkwqS7MmfvdPHT9mwH+ppln4Ays/v9HnjmU
+qRRyYP73/S8/J/N6DDXAQCJ3yWLIm08pFC0RS+mF729M0B0g4F52NpU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
new file mode 100644
index 000000000..6e736adc0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-nsSGC-recent
+subject:ee-int-nsSGC-recent
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem
new file mode 100644
index 000000000..6849a15ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUeS+Bwx6kFrNZMCbqJdx6V/Dd4pIwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBMxETAPBgNVBAMMCGVlLW5zU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxgwFjAUBgNVHSUEDTALBglg
+hkgBhvhCBAEwCwYJKoZIhvcNAQELA4IBAQA/aXkP4qYhXpfW4Vk+Y4L8ufv0/LzR
+VkObq/K9xdbt53X5i1cur+VmE8BQlaDTJ0lZ+efSvKZsBHLjLJWs7ghzBEQY0zW9
+bh56nwwEgv91GMUJeb4krm8Pe0N5b15QrtQE4nFCHQs9Bkkhmhm9Dormw20fa1A/
+82ADTMMhTen4bJYpKbcWP9z0pv3wattrfKpsNHYprgV7eqznjAsr2hClc089CsFl
+msc+2gbiz+yk2TO7naaWhuNc5p8zevPb5m4UzOVKqnXqGdjJ2ev8j5N7LYAB6IJh
+68vieEO/P1ovkSUUmR69jaI0eIiWEfYqbW4v9d8/pMutmyeOZh3RT5u+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec
new file mode 100644
index 000000000..43d58ab6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-nsSGC
+extension:extKeyUsage:nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem
new file mode 100644
index 000000000..67125227d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUafQ18/NBMv9lR5wdiAdnVzIZvWkwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBmludC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgkqhkiG9w0BAQsDggEBAHljHawI2YeWnSsd
+ERqVkdmQKh+VKosuBp7RwiEZcLk8lRMtmgIkrCShc1HNsGW2X1QDk3btC0GRXXO4
+UFmpDFrcnblhCfkD73Gann6uk/1P7J7B+cG9HOrw9e8keazclz/FXgPXcTr061SO
+fhJaPB6/6sYWw2f6o6lBg5uGZKrJtZiEjEqUAI0/eh7QJ0N8jdG8kzgOAFsvaS6C
+LWtDAr1HwTRitb6AFeI+jP/hhAPQkuxbts1RmJUFQdTBmM/GwyT1LwBUpxgXW0xM
+ta/7BP7TaBtsZx9N3hH7L4ADMU3E0rb7yYtN7RF40eRXB9RvnYy4Tn4YTIsaZFnR
+xC6WzJ4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec
new file mode 100644
index 000000000..e5bc18198
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem
new file mode 100644
index 000000000..aaa392db5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUAepQZqbEvSiQSE1cR9U5YmUbq48wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBQxEjAQBgNVBAMMCWludC1TQS1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMvMC0wDAYDVR0TBAUwAwEB
+/zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IB
+AQAl23nZRqJVVi1D4CrC3FPJyitFtZF+ss85jSvtNIH1DK0tZHYpTqouVdBCVyz3
+31vb5Yq+33V0Lg4LS39Q7gYz3ofcyCCuTpSvYL6dV0EEbiYX6AVwFXXD8jeV16/V
+7QFI/pae7sjr/2v2WJVmupdt1lT2hWVd/rilYBZPgri11QSiZVJP6qmf5AcA9dkg
+pyZ5su1SwOaFN0XdrwvnW1+SSFYQtOWTfffr9ctMAXF0uGv/duGHLxPt2MIXvwWg
+83che74+n8mYuZNUCTOh+BG/bR572KWDFY/hwBDpWXJUmFh5GtF/z29NDnY9IFyQ
+HyE5qtltjnv0D2vSA2f7eoyH
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec
new file mode 100644
index 000000000..94e9a42d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem
new file mode 100644
index 000000000..e487b8ef6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcqgAwIBAgIUY0Zp7/A39C/kccD4uV3b1yP2K1swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC1TQS1PQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAMBgNVHRMEBTAD
+AQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDCTALBgkqhkiG9w0BAQsD
+ggEBAEwVcLGSPMdCLiXXgXqDdEU81Ti3bfp3pEzI+g5X6H27cbLwNMb+DM1Qu6wt
+w8UpXCxP6i8F3XnrKZCdfJG7caDlDoylCPpXaVd37B4lPcnd2j1sfb3PwG4cp2x7
+Qv4ur3sjG3nVn3kSKgrTVCojyo876Iy/ZKQpQAtiggS4pG7ztRPIPOVIZHzNEUfQ
+RUpD9RFuoezM2aAPaTjTixKtIWjL1Fc+OCWHn4uAkPAnRuTm3SRIgVPREk2671oo
+9OAtXwaNsEn9+P6FBdV69BE68n2Tl6bv8scE0JvSBJg3NfCq7gZJ16rpQXW0fEGV
+ZqQiPT0JAJFYcK/l0ynVFZ4k9ZE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec
new file mode 100644
index 000000000..c38a640b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-OCSP
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,OCSPSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem
new file mode 100644
index 000000000..29c734bb6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUUazTcP2+J+/snjciQqhPNClvzlAwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC1TQS1uc1NHQzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMwMC4wDAYDVR0TBAUw
+AwEB/zAeBgNVHSUEFzAVBggrBgEFBQcDAQYJYIZIAYb4QgQBMAsGCSqGSIb3DQEB
+CwOCAQEArh/GECvDvQVnv2UdZUx5nL1VTxr1GS30/e83nTmTrIeN+lV9M4UR8UL5
+ecEl9eDBxGnTAAlvK1PupSQgZJzzDFD2tkqMWNrKwMMHTt4zPCx2gA6KBQcp9Dsj
+ThB2jUAwcK24eXAcfEj2XRROhoKkKScd2Qo9FsFBl7r91KWTlHTsdkdT3wSJ73DP
+jYn4S7Y82OiNgIY5KacH+L9VqY1MHI1TDlMb+MBYDniUbmpMMB0lE1EIt0oiu6XQ
+n20+81inwxonsMikHI0YGdttWPotm8Yu/PxvwIeiOYd8fOPZkzD5rhd5aJLmOoMk
+GuVcrNke+iBvK6Fc6A2uTj6t9CV6zg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec
new file mode 100644
index 000000000..c84201d87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-nsSGC
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem
new file mode 100644
index 000000000..538b6d2ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUfYQTgJQVjmkz6KfdBM+7rJ9TXLQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBmludC1TQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT
+BgNVHSUEDDAKBggrBgEFBQcDATALBgkqhkiG9w0BAQsDggEBALnNW8RtP4S8LNYc
+fpYdeArseY6SkVXSiYLWb7kUVuhGcJPO11FVfU4SCVdYqz1f1+4bev41ao/K5/dn
+hs9koIzRFqErl7kP6Xi6jSwLKpl/rD3BH9waa7k57rJHrt6KCzOMICaIXQBPxzlg
+hZBp9BFeuOxb8lJjSWXbplgAsU4FhAHVbTUWw9BfjbTAyoIx9N4r3X8ah5TDLlUN
+NPp/aPKuC2jpRb9yEnOMvw8ziXmCjEFEIT8D+Z00OLOaCJ2dmsR6vWtE3qKwxFTG
+14zYiG6pqTUwrg9F/F0mi4AoRkCIqNbiHvvZGaVLTpgOOG0EZgLH9WXMf+30RsDD
++DinBfU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec
new file mode 100644
index 000000000..74bec2b21
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem
new file mode 100644
index 000000000..0d20e07ec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcOgAwIBAgIUbcXBg0y82WEm7Yor5jl0vYp6sLQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBgxFjAUBgNVBAMMDWludC1uc1NHQy1vbGQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjJjAkMAwGA1UdEwQF
+MAMBAf8wFAYDVR0lBA0wCwYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEAM+vf
+k8pAexjnMg1N5zp/X53Q6CaDseUj3FWnO/prJiMSWa2pcE+09naIc2gR7YsuapRr
++7Z1cOrF7uKVRnSKHmmZHGr+/EtoUuhwtkMpcbaCL5061Of6Un8UnK5sAQTECUip
+CMChu0kX/qVlBiE/eJG2lrq8lycCdhjjjQjS0Fk1Jikh33/JeJCCay/pWOoiagv2
+ansOq+gUWiG55jTGT4b+0TdY70rLX7WDpliqieTfd7xVB0Zv4U41ydI/tcP5lo3g
+/X4szNbZNyu9dRmLjVqDS3lhGGnRPiDblxlKm6vafrsd3zk4vg+UJlrHPP1q94Bh
+Fbax9mimAkqXvI/F+A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec
new file mode 100644
index 000000000..35f61671e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-old
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20160724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem
new file mode 100644
index 000000000..f42288896
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUDUfr/LSKxxp6n1UoiDvmm9b4cCswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBoxGDAWBgNVBAMMD2ludC1uc1NHQy1vbGRlcjCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMmMCQwDAYDVR0T
+BAUwAwEB/zAUBgNVHSUEDTALBglghkgBhvhCBAEwCwYJKoZIhvcNAQELA4IBAQAY
+46wuAov03l8b+soIfL0TR+7LMwHnekiaa6M52nToHE8oDyH0NgFx4mMbdQYxKHvi
+xn9Lgp650JN0ofkJ2Z5lduakAW8n316+bfimkJVCHst7jhSEc7qWAb96kLabZD7U
+N+8cpelepAbfe8vpH043qon8tg9fYABZ4RrXCEQvhb+nHbNnW+GgnnnrtD7GM165
+krU12IDIOO/rQ04/vrKOa0p+Zv+oaLJMLhPPeXlQTno/bRY9VRq0oQej3iOyd6vH
+wfq2PUCmTeOziI8YO6V9Ddtc/TYPwh3yF0AtKFXsl9MZ3xrlD17pl1BsVdIGANQf
+qus1PdEkVZc8fRGBCJKv
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec
new file mode 100644
index 000000000..f7a870c0f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-older
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20150724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem
new file mode 100644
index 000000000..a2a6dfd89
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUE3ByAD3ROipiblgZuY8BtAMhi6swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNzA4MjQwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC1uc1NHQy1yZWNlbnQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjJjAkMAwGA1Ud
+EwQFMAMBAf8wFAYDVR0lBA0wCwYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEA
+VPtQzyrS2EDjCT6V7b8KKEXAyl70GZe1rD2s/xS+Uj43la5vVQyB0PtabDTh4lVy
+hut0M0o3E9hQ39qswMOcmNQdTnXTrhUzJPuGUnXxb8Jxjv+FR6+M8cmcdIlnFfXF
+HQXwVn9LzvxwlbMatY3xQXrKQz6RzrMQ0V6tYKZZSHZvecy1iCbr2CIpU7I3D2aR
+NatT1GYjaU+8u2afAoYKd+euB7pVMew7JuAxJ13iM1IMWyMil+/36ZOv5MBSSWRU
+7ts0vZeH5Ne0kEYf5uOY7LWaw7fCo7HKiyOcB0xSvQL1BvjTf6NqbCO4a29BYQF6
+Ieyp6ItfrpIuwcpfyq1d7A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
new file mode 100644
index 000000000..f421ddc1a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-recent
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20160824-20170824
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/moz.build b/security/manager/ssl/tests/unit/test_cert_eku/moz.build
new file mode 100644
index 000000000..7a4124e02
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/moz.build
@@ -0,0 +1,35 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee-CA.pem',
+#    'ee-SA-CA.pem',
+#    'ee-SA-OCSP.pem',
+#    'ee-SA-nsSGC.pem',
+#    'ee-SA.pem',
+#    'ee-int-CA.pem',
+#    'ee-int-SA-CA.pem',
+#    'ee-int-SA-OCSP.pem',
+#    'ee-int-SA-nsSGC.pem',
+#    'ee-int-SA.pem',
+#    'ee-int-nsSGC-old.pem',
+#    'ee-int-nsSGC-older.pem',
+#    'ee-int-nsSGC-recent.pem',
+#    'ee-nsSGC.pem',
+#    'int-CA.pem',
+#    'int-SA-CA.pem',
+#    'int-SA-OCSP.pem',
+#    'int-SA-nsSGC.pem',
+#    'int-SA.pem',
+#    'int-nsSGC-old.pem',
+#    'int-nsSGC-older.pem',
+#    'int-nsSGC-recent.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null.js b/security/manager/ssl/tests/unit/test_cert_embedded_null.js
new file mode 100644
index 000000000..4e4767560
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null.js
@@ -0,0 +1,38 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that a certificate with a clever subject common name like
+// 'www.bank1.com[NUL]www.bad-guy.com' (where [NUL] is a single byte with
+// value 0) will not be treated as valid for www.bank1.com.
+// Includes a similar test case but for the subject alternative name extension.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function do_testcase(certname, checkCommonName) {
+  let cert = constructCertFromFile(`test_cert_embedded_null/${certname}.pem`);
+  // Where applicable, check that the testcase is meaningful (i.e. that the
+  // certificate's subject common name has an embedded NUL in it).
+  if (checkCommonName) {
+    equal(cert.commonName, "www.bank1.com\\00www.bad-guy.com",
+          "certificate subject common name should have an embedded NUL byte");
+  }
+  checkCertErrorGeneric(certdb, cert, SSL_ERROR_BAD_CERT_DOMAIN,
+                        certificateUsageSSLServer, {}, "www.bank1.com");
+  checkCertErrorGeneric(certdb, cert, SSL_ERROR_BAD_CERT_DOMAIN,
+                        certificateUsageSSLServer, {}, "www.bad-guy.com");
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_cert_embedded_null/ca.pem", "CTu,,");
+
+  do_testcase("embeddedNull", true);
+  do_testcase("embeddedNullSAN", false);
+  do_testcase("embeddedNullCNAndSAN", true);
+  do_testcase("embeddedNullSAN2", false);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem
new file mode 100644
index 000000000..7e846ed83
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAgIUPzul3x9eLLB//njMNwnlOFqHCCcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCgxJjAkBgNVBAMMHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABMAsGCSqGSIb3DQEBCwOCAQEAbPT/bQi9B1F3k6Xa8b8yG56+KqssBjA/BQXp
+TbXHd2xwtlbpiCzA6pI/MTiTzR4y9dj7mD9kj/vcD4GEcrhe0IBJ/juim68EhbFM
+QQ5KRSITj51+hPAvK2E79AAvyCweRndxqvlAak9PfJX4zEUoo07pQ6qE6tDaLgCN
+dZ3hV0syAE29Gtj86ew8Z6fPOoA3Sd9xw9wqULdZk+XG4rWMQzuoXLR1OHzvHQs0
+sP1mMhTCRdXwD7xmbhY4Zhsey2tagADlLTIVCKZDWdTjwVACxuRkvqX9Iy1/W16Y
+f0K7j6omyj/ziRnrNfKkCAl/REuTCrAWV8M0o/854RwFCg6UEQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec
new file mode 100644
index 000000000..d1a32349a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem
new file mode 100644
index 000000000..af4572d66
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdmgAwIBAgIUX4OgrL3nEzXRzIfkNVd6fxsHvDcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCgxJjAkBgNVBAMMHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABoywwKjAoBgNVHREEITAfgh13d3cuYmFuazEuY29tAHd3dy5iYWQtZ3V5LmNv
+bTALBgkqhkiG9w0BAQsDggEBAKyN7qvmdcryAaKPxDKEpIEg7emhEigt7sNYq41I
+ZteYbYRSsJDIKs+n7TmaQ2Qtxdb3KNJGxU5jd6nBqh+WZrhjWJjZNFP9VT29pZpf
+H+D2yHvJV8It5OU86IaAjNxEopGJABXf1EwP3RSsmbI8PFrSLzzkV7qY+kgMbVLX
+Txswvv5nITzWu4BXmznusDf/xdY9kR9EK2KZo9fCbBgzqoCFB9dtPsZmzDSHerYi
+o0Mh33JwVgDLi05yd/RVyi3TYjaSNDA0TcnyPirKPJDDFzHWyqP/Yd0G6WI0Ke9G
+ka0v/vIh+cLqMozHPO4Ks1MfRqWqsbCTRYnlqOW0iYZghR8=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec
new file mode 100644
index 000000000..1029d6cdd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:www.bank1.com\0www.bad-guy.com
+extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem
new file mode 100644
index 000000000..b0e05c6b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUGytwo7XSf4hWQWGePWi/WuFru/4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMB4xHDAaBgNVBAMME2VtYmVkZGVkIE5VTCBpbiBTQU4wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjLDAqMCgG
+A1UdEQQhMB+CHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAWYQZ0QVwm0rjYpWNZqD6gDOYFOo/DdaGgRWYF9wSueJaSqIY7Jwm
+GAwwDBqcyCZdqssZKtDogt2lgwG8Rt1uqQ46I/JNvFvNwujwHNtrh8FO/sKSs+v1
+I1+b9S7D8Kg6RrKcUXA2cUU+qPlt4J+WXlvVxgUmruJXdJqplerxs8gk9hic0Bc7
+Zo30xzScfp0WpqdMxnc2FupW3y5MfgGpf/98u1gvdS1gnOdyZWAfhtcPEyb+PSOU
+4nmtkDH83QKJ1QvHbjI2XqD57Ge3c+T2f4LpWw5+zn7K9kExNHsoPV4yqd87K5Ty
+j4keE9h15zF/CUBF37wYfK9hBxxis+SW4A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec
new file mode 100644
index 000000000..f224888ee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:embedded NUL in SAN
+extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem
new file mode 100644
index 000000000..b0672452f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdSgAwIBAgIULbAjgyFkKYWb9Jl7dYe85tJgrq4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2JhZC1ndXkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozkwNzA1BgNVHREELjAs
+ggtiYWQtZ3V5LmNvbYIdd3d3LmJhbmsxLmNvbQB3d3cuYmFkLWd1eS5jb20wCwYJ
+KoZIhvcNAQELA4IBAQCemALDXRTm0lPpWiP1xCJVhCA1SqhCMNRgwZtxClRr10FC
+l5qkR4Fy9RZoWSOO/obSid1tT6AKly8e49tUHaJ7b1KBPe0EAGPgNJPmlDafHFrC
+wSOsIoiboLrrs9R+xWL0/7nruo2OqlpAbOajBnfvJ65t6JGWPVlSzvbXigwgL2EE
+AfQQydWy5UDCW1/pQuAjd8WD3ZEz9IAgdM49zEeDss6a5t6RE4U+/acSTJBbZOOV
+q7k2tCKEWQwHhWWWQSeiS+JW4PXYXy/N8DYABPHaZ6nK1HoBRCnT2TMvKeDwhv0o
+Cw/NE/ytz6/STzYNV203SnVzmpkuvE4oG0IbGrZd
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec
new file mode 100644
index 000000000..d352d034b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:bad-guy.com
+extension:subjectAlternativeName:bad-guy.com,www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build b/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build
new file mode 100644
index 000000000..9e2821867
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'embeddedNull.pem',
+#    'embeddedNullCNAndSAN.pem',
+#    'embeddedNullSAN.pem',
+#    'embeddedNullSAN2.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
new file mode 100644
index 000000000..148ee4b27
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
@@ -0,0 +1,71 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that nsIX509Cert.isBuiltInRoot works as expected.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+// This is a certificate that (currently) ships with the platform.
+// It should be considered a built-in root.
+const sGeoTrustBase64 = "" +
+  "MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL" +
+  "MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj" +
+  "KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2" +
+  "MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0" +
+  "eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV" +
+  "BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw" +
+  "NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV" +
+  "BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH" +
+  "MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL" +
+  "So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal" +
+  "tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO" +
+  "BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG" +
+  "CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT" +
+  "qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz" +
+  "rD6ogRLQy7rQkgu2npaqBA+K";
+
+
+// This is a certificate that does not ship with the platform.
+// It should not be considered a built-in root.
+const sLetsEncryptBase64 = "" +
+  "MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw" +
+  "PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD" +
+  "Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa" +
+  "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD" +
+  "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD" +
+  "ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB" +
+  "BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg" +
+  "PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG" +
+  "dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1" +
+  "gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4" +
+  "4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud" +
+  "EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy" +
+  "BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j" +
+  "b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv" +
+  "ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ" +
+  "MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH" +
+  "AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw" +
+  "MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM" +
+  "LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3" +
+  "pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd" +
+  "v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd" +
+  "ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW" +
+  "ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk" +
+  "6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj" +
+  "f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=";
+
+function run_test() {
+  let builtInCert = certdb.constructX509FromBase64(sGeoTrustBase64);
+  ok(builtInCert, "should be able to decode base-64 of built-in cert");
+  ok(builtInCert.isBuiltInRoot, "cert should be considered built-in");
+
+  let notBuiltInCert = certdb.constructX509FromBase64(sLetsEncryptBase64);
+  ok(notBuiltInCert, "should be able to decode base-64 of built-in cert");
+  ok(!notBuiltInCert.isBuiltInRoot, "cert should not be considered built-in");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
new file mode 100644
index 000000000..b17c592ee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
@@ -0,0 +1,123 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that nsIX509Cert.isBuiltInRoot works as expected. Differs from
+// test_cert_isBuiltInRoot.js in that this test uses a preexisting NSS
+// certificate DB that already contains some of the certificates in question.
+//
+// To create the necessary preexisting files, obtain the "GeoTrust Primary
+// Certification Authority - G2" certificate and the "Let's Encrypt Authority
+// X1" certificate (copied below for reference) and perform the following steps:
+//
+// `certutil -d . -N` (use an empty password)
+// `certutil -d . -A -n "GeoTrust Primary Certification Authority - G2" -t ,, \
+//   -a -i GeoTrust.pem`
+// `certutil -d . -A -n "Let's Encrypt Authority X1" -t ,, -a \
+//   -i LetsEncrypt.pem`
+//
+// This should create cert8.db and key3.db files for use on non-Android
+// platforms. Perform the same steps with "sql:." as the argument to the "-d"
+// flag to create cert9.db and key4.db for use with Android.
+//
+// (The crucial property of the first certificate is that it is a built-in trust
+// anchor, so any replacement must also have this property. The second
+// certificate is not a built-in trust anchor, so any replacement must not be a
+// built-in trust anchor.)
+//
+// GeoTrust Primary Certification Authority - G2:
+// -----BEGIN CERTIFICATE-----
+// MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
+// MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+// KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+// MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+// eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
+// BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
+// NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
+// BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+// MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
+// So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
+// tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+// BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
+// CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
+// qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
+// rD6ogRLQy7rQkgu2npaqBA+K
+// -----END CERTIFICATE-----
+//
+// Let's Encrypt Authority X1:
+// -----BEGIN CERTIFICATE-----
+// MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+// PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+// Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+// MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+// ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+// ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+// BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+// PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+// dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+// gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+// 4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+// EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+// BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+// b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+// ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+// MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+// AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+// MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+// LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+// pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+// v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+// ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+// ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+// 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+// f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+// -----END CERTIFICATE-----
+
+"use strict";
+
+function run_test() {
+  const isAndroid = AppConstants.platform == "android";
+  const certDBName =  isAndroid ? "cert9.db" : "cert8.db";
+  const keyDBName = isAndroid ? "key4.db" : "key3.db";
+  let profile = do_get_profile();
+  let certDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${certDBName}`);
+  certDBFile.copyTo(profile, certDBName);
+  let keyDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${keyDBName}`);
+  keyDBFile.copyTo(profile, keyDBName);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+  // This is a built-in root, but not one that was added to the preexisting
+  // certificate DB.
+  const veriSignCertDBKey = `AAAAAAAAAAAAAAAQAAAAzS+A/iOM
+    DiIPSGcSKJGHrLMwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg
+    SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMx
+    KGMpIDIwMDcgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+    eTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0
+    aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0`;
+  let veriSignCert = certdb.findCertByDBKey(veriSignCertDBKey);
+  ok(veriSignCert, "Should be able to find VeriSign root");
+  ok(veriSignCert.isBuiltInRoot, "VeriSign root is a built-in");
+
+  // This is a built-in root. It was added to the preexisting certificate DB. It
+  // should still be considered a built-in.
+  const geoTrustCertDBKey = `AAAAAAAAAAAAAAAQAAAAmzyy9EgK
+    AOL+6yQ7XmA+w2swgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJ
+    bmMuMTkwNwYDVQQLEzAoYykgMjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhv
+    cml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlm
+    aWNhdGlvbiBBdXRob3JpdHkgLSBHMg==`;
+  let geoTrustCert = certdb.findCertByDBKey(geoTrustCertDBKey);
+  ok(geoTrustCert, "Should be able to find GeoTrust root");
+  ok(geoTrustCert.isBuiltInRoot, "GeoTrust root is a built-in");
+
+  // This is not a built-in root. It was added to the preexisting certificate
+  // DB. It should not be considered a built-in root.
+  const letsEncryptCertDBKey = `AAAAAAAAAAAAAAARAAAAQQCYE
+    /R1E+V1C0PnQx6XHkS9MD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRyd
+    XN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDM=`;
+  let letsEncryptCert = certdb.findCertByDBKey(letsEncryptCertDBKey);
+  ok(letsEncryptCert, "Should be able to find LetsEncrypt root");
+  ok(!letsEncryptCert.isBuiltInRoot, "LetsEncrypt root is not a built-in");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db
new file mode 100644
index 000000000..87abcf35a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db
new file mode 100644
index 000000000..b4567566d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db
new file mode 100644
index 000000000..37241a743
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db
new file mode 100644
index 000000000..ed8747112
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage.js b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
new file mode 100644
index 000000000..dd6fc4274
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
@@ -0,0 +1,57 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+var certdb = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+const caList = [ "ca-no-keyUsage-extension", "ca-missing-keyCertSign",
+                 "ca-all-usages" ];
+const eeList = [ "ee-no-keyUsage-extension", "ee-keyCertSign-only",
+                 "ee-keyEncipherment-only", "ee-keyCertSign-and-keyEncipherment" ];
+
+const caUsage = [ certificateUsageSSLCA, certificateUsageVerifyCA ];
+const allEEUsages = [ certificateUsageSSLClient, certificateUsageSSLServer,
+                      certificateUsageEmailSigner, certificateUsageEmailRecipient,
+                      certificateUsageObjectSigner ];
+const serverEEUsages = [ certificateUsageSSLServer,
+                         certificateUsageEmailRecipient ];
+
+const expectedUsagesMap = {
+  "ca-no-keyUsage-extension": caUsage,
+  "ca-missing-keyCertSign": [],
+  "ca-all-usages": caUsage,
+
+  "ee-no-keyUsage-extension-ca-no-keyUsage-extension": allEEUsages,
+  "ee-no-keyUsage-extension-ca-missing-keyCertSign": [],
+  "ee-no-keyUsage-extension-ca-all-usages": allEEUsages,
+
+  "ee-keyCertSign-only-ca-no-keyUsage-extension": [],
+  "ee-keyCertSign-only-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-only-ca-all-usages": [],
+
+  "ee-keyEncipherment-only-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyEncipherment-only-ca-missing-keyCertSign": [],
+  "ee-keyEncipherment-only-ca-all-usages": serverEEUsages,
+
+  "ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-and-keyEncipherment-ca-all-usages": serverEEUsages,
+};
+
+add_task(function* () {
+  for (let ca of caList) {
+    addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem", "CTu,CTu,CTu");
+    let caCert = constructCertFromFile("test_cert_keyUsage/" + ca + ".pem");
+    yield asyncTestCertificateUsages(certdb, caCert, expectedUsagesMap[ca]);
+    for (let ee of eeList) {
+      let eeFullName = ee + "-" + ca;
+      let eeCert = constructCertFromFile("test_cert_keyUsage/" + eeFullName + ".pem");
+      yield asyncTestCertificateUsages(certdb, eeCert, expectedUsagesMap[eeFullName]);
+    }
+  }
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem
new file mode 100644
index 000000000..68cfd91f3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUdys2hGpJxVbK3B7BShZ/+fevEdwwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wCwYJKoZIhvcNAQELA4IBAQB3
+PnTXfyK1lZATja9ooGeUFCvJlscLeOSqHoy2NfvZ8EgQYgRFwIyoqKnDvNxoc/tG
+5K4SItulTTK2rG9g5e9NCVrbUThj3AMevJn9YpY/MWc+e8bsLO+djeKPYGGtgOAo
+kj8O5jxoFPItElLIOC9yEQEM02AohkZu4AaoCL2RHsdYDGGqJJHNsjjpumtu5WWR
+/sz2+sxfbnxub+IMk2TgoN/1/OeyFJ/BHPPi3jjiwi/fY9mtBSpYltArZsWu9Moa
+qxqj0b62YfiiqbPPPMy3nqRtcnta8GvKB7j51ONbnwb/pE0Zaijeb286a2JOyItH
+6mpoeFIefyemcfMwFChc
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec
new file mode 100644
index 000000000..2ca523c74
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-all-usages
+subject:ca-all-usages
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..b2f21337e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdegAwIBAgIUNZz9C1mmhSFhZ3hsQHPCZYTR78owCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWY2EtbWlzc2luZy1r
+ZXlDZXJ0U2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAfow
+CwYJKoZIhvcNAQELA4IBAQCigLN4JNjaNQUV2oR8T/hBi0oYuPHnNsdKOlC1RJXI
+ol12HE7fI9Yhdp25Nt48fxDu76e19nF+SBpE1hcnE8Bt9BLiyV0Na572f/lrLTx+
+sMDZ+Fq9+tAjagxJgmozXEoLPqDZDR0IlZzeNyqhcrSomqKie4AHxjaXKk32Kwip
+eJfPolWij8NTX+M8JGiNVdMNakMhW4h7ulKvTDXjS1OhWd64tlPAuR/TZCZcfpz6
+Z08CgLcCUT928SG3Wz25FIZK9qiQkMEn7QNtIsF8SmAru0z7AEVuLFUnA71XP084
+hnAO09l608qaSq+xHq5GZ20mzP4ZllomqTKoBufBJ5J0
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..26e0158eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-missing-keyCertSign
+subject:ca-missing-keyCertSign
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..42b620d4e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUJYmyGPLkKFkTp5JuDYcONVz01gowCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhjYS1uby1rZXlV
+c2FnZS1leHRlbnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcN
+AQELA4IBAQAEWzxixVODFWyBRURV4lePTqSy6lTKdiuClufSPtjVv6SVo1ZzfcYy
+71dMnGdQ0zaEAj/twPAYB6RG8Ri7gb+Iven3tYMGDAhAwwcrKQovphLlc5ccRkXw
+Sbw03aacwLoLbheElOBRYM7RInNV/K76SSUXkVVSKfB39nob0vL7je22UUR/1WjO
+6WOsYS6AsgLTzQLLhhDpHXUQVyfHHJ2EivwceGtJPmcHbBRognDybUK1lt/5hKqo
+zHUx7oa5qvAN1rZ/CtrEnSoaqY5BwmUqINalL0sAPwsd6FZM9G0kZaQpVjW3LgnY
+orFxjJ1rrHx8dMjEK0bUT3JcvwfA+Rqv
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..d32e6a649
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ca-no-keyUsage-extension
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem
new file mode 100644
index 000000000..bdf9b0969
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUL2/9azGOStHNpzE5OuF9/eXyXgYwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiZWUta2V5Q2VydFNpZ24tYW5kLWtl
+eUVuY2lwaGVybWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIkMAsGCSqGSIb3DQEB
+CwOCAQEALRuAiMMiGyBra0dMzHR/98nFyiKriXYhp30XGU5hOb3nlumGuQoR6huq
+mUnOFD7PjIeLRfvSyT0HisAr3xR0Cx2AlM8XV8iyyT5S3Obe5z6St5+mLWEtiiBg
+BFPedxTz4M4npdKwEcc6fKhNknZdl/6QtbLWJbV9pqZWkNM+BoZNePo/vVl0ovKG
+7cF4eZilmXD10MzMOQbgZwUOqfP9L6r49mCs7xuJBEAkwE/pnfnFuJyE8bbfGUzY
+BkOj3ZnfOGk1sr8wSGK6LF7ArG2BUokOSstrjoT6v1Y5aXpCwEa/WECEpqphlAe9
+hloiRSezmE2LeOQS+bD0hQXfPvN6gw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..0bb2721a3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..07af0afad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdWgAwIBAgIUZWIH141D/q0jpqLy24q/Z/V5Q24wCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiZWUta2V5Q2VydFNp
+Z24tYW5kLWtleUVuY2lwaGVybWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIkMAsG
+CSqGSIb3DQEBCwOCAQEAYW3PJELJRWf/BpPb8gWUlGt0e3CIwjQqy/OsrXokniYE
+0wDGDQBBBwWUtZ+2Y9b9Buu83NfdYLdLO5fG1ZMSWudSpAvGNoFAbkbyMovnxMuA
+JdV36gfuyxl0nQ86iv3NgRaU7fDG2+wgukd6ugjX3KgKcgskZNS/qyyJNOCWl6M+
+JSC2Jpsz8ES9x8YsqblM/ERsrMXIWJd2r1/TZ0RT6yHIgkZcem0OyypJoMcfvwyA
+92OYV29xCMUjGahOPd3b2WeP1xfIDOQu06/W1u3Ut2locR8/irKPSkgADNFN72/7
+usjX3lxFPwbpTlj4ehDizqQM8/Zjd7TSuT5U8mGGUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..567ab0ce2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..c5fafc299
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdegAwIBAgIUTVrDE/LymICBYiBG+hIxeTNzILMwCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAtMSswKQYDVQQDDCJlZS1rZXlDZXJ0
+U2lnbi1hbmQta2V5RW5jaXBoZXJtZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAiQw
+CwYJKoZIhvcNAQELA4IBAQB+abMJm5HdoKeMDzcqQpSLvSJKhbqrmujR8AKyHF9H
+DQyvFHARUL6GoOxvaILJCTUWGqobHdTFQjhWCOuYjtqQf1CXbgtXAUVL8/EOncnS
+UXcsti2r8h1WT/cDsXbnbmjloO1e/NEHHSK9Cm4zPSaoKQSYVSuXvKr8D9XZXvzj
+JJh0lkmVyhq79kw3aXWg75VQOllhQ7kplPjlbs4XAjWgmyCUJ2v/M5yDn9nNxnqG
+UyNLBEJkoaztUMZnEbx92cGD8FS721kaAZo5pslWx93+sHhHbwA9i5L1VG8UPX+T
+mb/DZkhekaPXrecmw4DZlhdbx0DiDbKpnzYM71YYbmUe
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..c48ef6612
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem
new file mode 100644
index 000000000..7f6c21909
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAgIUEYlPxi8Q+zUVKvxclDzrfiQ+PcEwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUta2V5Q2VydFNpZ24tb25seTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaMPMA0wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEAcPa8SfjBKZd8
+qiQeFZSeBUWQB99PcTmJm87XvRH02p5pYzyIydHQ+Esv+kAOjOnZRbrVsd/2jvc+
+/Ae8HpJ/HcNjcSZPWsZ/qCQ/VAi1KkLtW4ETjECOUccCdY2hwBZ0l0XO6XZ3jutR
+GjOngZ91INAcrTv9eq1JKVyc9AxIkNid7vHQ7re1GWp01zBm2c8O8yw8HshTD7JC
+sD+2fiImj/nRsUZT9FPKRh6e1231ZQt4k1IF6Hfrke6vGnHGsOKcISwATMaidk28
+fb+UOopqL+LCxyKXjuNG7jx6EPLTaoN4zDQ3/ZBYAcscdoykzzMHMn7dgqUGgPxu
+kjrUn+ycag==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..c495ca6d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..6a3e4ee0e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUG3wZGBaOAqM35Kdlf4GoCOK353owCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUta2V5Q2VydFNp
+Z24tb25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEA
+SeCJZFpmZUB53Cdu+/E8VarNp6jgZVf9KwOP3ihTWkvm7lRtlde8N5aTOP4cfrLp
+se8Xh+ODEo3oNYY9WfvXigDKC1zMc+7+flx53TesO7SUVK5FASCoP5MfVWh+J+4k
+dF6mbtXTOWkrIGSTmkjkGu7LmHYu8RVDagu3UU2zkFwZ/XruUB9ya9ABL6Bx5Th2
+KNcOVqTzdPYi9Uthz/imXbc5xBf6R47CuDu72zOoJJv4mLj6O1Qu3c5S1vrs3/l8
+HvoKu5J+yZRWmneJRJaIcKNBNWoKVQd++r6LlRa5kKMwYUe1tysc/mstGadeJhQB
+kFqHtTynqrDY9dp4oPCXGQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..23ddd0eb8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..0f4446e8c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUKfpiB0n/DY53n/8um9gvIXVTf7wwCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNlZS1rZXlDZXJ0
+U2lnbi1vbmx5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAgQwCwYJKoZIhvcNAQELA4IB
+AQAdgSy6hksLymW1pdbptv7dR/9LZt9pvBfXh2mJo+rt3FAO6Pc2hQdap3hZjOP4
+a3mlJXkQ+xhXt+mUBzEn/zeKWvAG0/RX7WqGhHU9BR2BIdfxUAYmZSoTnK0Q+8sn
+vtV+gQhVTB4FiAyvcE0Xno23Ge0HXTjL4PBsmEmTSrI0mgIpCY+LgOUs0Px3fu6S
+OIHGKmiCqprDaOk8vA7cXfqF0i6/aOuAgu9yP6PtdgORdkEj1SRcbP3L4BX6DkZ4
+8RxdP7Us9zJc8JbXaNYsVmGhs1K1U4P7IeDqK99+idqkv5IZOGmRH6XSDNSKAWGL
+7q/AnWlxjKyP1PXHQDs6fI0D
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..a5a2d62a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem
new file mode 100644
index 000000000..5cb293924
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAcGgAwIBAgIUCagPpigas5zVKduGrpGcKSE3bs0wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZWUta2V5RW5jaXBoZXJtZW50LW9u
+bHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjDzANMAsGA1UdDwQEAwIFIDALBgkqhkiG9w0BAQsDggEBADVINQwH
+c6c0CNWqnwCuW+lwsFZ53TlZAeSzqCwnd/wRtBEAAz8KSmfoy158l1gz7M/1RpEn
+I0cdEWDOGzqXea1nIBHP3JBoHRe/ZVm6VWW4KgNgXfi1X7wN0UWjADX1XBhebo4f
+qVFRm4vatqyGEbm+sNvnJy2OXlC6g8VYeTmfXeLFmcHzWwJ59d3UYLB7fuW2R8GQ
+xQSJnkR1vAUJNX2U9WUriiTalLP7DkoYoPODqSmC2S2W/gaU3R2Lv/EwX/o+I9xe
+luxL8Zm6YctCfNNWdDDe8cqa1+h1meVr1QJww8Bmt8K9WIqDWjr+Lq5N/ZNbnt9f
+HzdZ40d5wD/9Cxc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..08154a53e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..75e64e3b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcqgAwIBAgIUA37iPfJhzPzGvR57p7UZYQrfgUIwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZWUta2V5RW5jaXBo
+ZXJtZW50LW9ubHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwIFIDALBgkqhkiG9w0BAQsD
+ggEBAKjvH8ZfuHOX5TvQfjhWK4bItjHec6pZeRDF0V2cGAVOu66Qk6ZJc8oUtH/N
+zAV0WLJ+CmJa4BU2fc56LWbomPO5bqSgbVJuf72bPr/ppWIpXxtVJJXbnY0UWcFs
+rNLBQfUlJzhApfsm/DgkRN/9ztHFi7MfgdpOaKjmFfy2WtOJnLzPH3/vsH2VAlDV
+2YAdMSwCiK52FLBhGel+S63FagTNtkozPY83ePU0nstSakdfXfLEpM0vnJCUQgFJ
+7SR/Eg1UbRSu/RWppEoFjEUnc+utXM8++9RlbO+0O5g3QpoVjI0iAgI5mMpAdYOj
+ZfovJrJ1KiU3NFgCu2KS7QNbo4g=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..9bdcf4b7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..7707ffa36
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUVaKLSYOm33xK4veKbBmaWOu6OoowCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAiMSAwHgYDVQQDDBdlZS1rZXlFbmNp
+cGhlcm1lbnQtb25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgUgMAsGCSqGSIb3DQEB
+CwOCAQEAcH/p+TMlDVgnQ6pHcYKDaPcHOTxbVAF/WO5Zx8jtXZQZq3Ls7HzKh7Nb
+vF1nLvdNiAXmz58ynA83SQAj9dzU4etX4PRBqFFNVUXJngsWTqPBeBoPUK2rgWdE
+BpsqczEkBtLGX3+MdVFoc76x66oVoHItUP2bTcEPCRrivPjPE4FvQMMzenbz9iH/
+z5n4IiwYE3KHnkzv/SI3fR7ZB/JEy1DcQ9eSsHAauS9N+FB1RI+tmi7dsPUPxEsu
+PZ+YMoKF/qUvsLC8bFLm9Lxaj76F60ZDJib/Q+Lfll0D9zuKLtYUcYnVJOxExasE
+PPPsmL1LO2t4GR6Ohr0scBp2DouuTw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..a2383ecfd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem
new file mode 100644
index 000000000..37a0b68b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxzCCAbGgAwIBAgIUGbQXZixwJI9yhFsp9KXc1wHRU60wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowIzEhMB8GA1UEAwwYZWUtbm8ta2V5VXNhZ2UtZXh0ZW5z
+aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEANC3lB6czGJeL8EiQbEf+DUGDXETg
+pTfbnV4si7kJ2ft5bXhltO92pus+v6jUjCFfQdxWfyzoJKX7FNlfRqtAPXXnjV9+
+UdvleX2IXtyGuvWb1J8wp9Ky+Yx1OBAEFtvGhjFnvYdt2/30S6eW3UmRfyBKshx7
+ZOASwi04RRWTvuvUN76UD+Fiy5RpLOHFAxb1o4oscTsncVarFqxQ76FviskjH8jH
+LcMWOAG4KIqQuteWhdUEO2B0MVsj6JYDCZEiXU2WGRlvzd3GcQqffxcQatyVkX7y
+hz/j+C/JEkCp9KN9g7DHbXehusONkmU/LgwkmKBtiU9yJMyK2PU/0qKFoQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..6d2e67296
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-all-usages
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..bc192ff9c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAbqgAwIBAgIUC6nvDJKsdXHlkcwJjyB1tgpBS8owCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIzEhMB8GA1UEAwwYZWUtbm8ta2V5VXNh
+Z2UtZXh0ZW5zaW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAr86WOKGBV6SUEBuH
+/jEA5AWdo/iv6Y6l3qJxCR2QxLu9WU5T95FwimLDvnc9YfDXb8Y7skLZVutkpVQ3
+jUZ86jF30c0/gT1x/4MhqJGMKZ+bWLgQkL+Odv1rpP/M9FhDmQz35T9IkedFE+QT
+znUH6BkOAd4KII1QGDKP34iFwtzdmypTZIWcw2Qvg+OSB/Z+MBdDq0giiabpSd2e
+xWfKsZAP+XmltADeZhF2Iicle7m6seajfQDaQam8j3F0Tktj4n62JGfcxQdjEcpO
+wbSIz3QkhJi2IAyEYaJNa4O6d/GG8qLo8ouvppB8nQxWeDr3PKOI0PGDlZT/2qzs
+rPWlfQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..3cba2f0d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-missing-keyCertSign
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..340de5e33
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAgIUdTpgn8FIg/Q9On6r92BmokOw4U8wCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1uby1rZXlV
+c2FnZS1leHRlbnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQAki2UmEYnRUxwj
+U7WHSwJKfzl42K/sMceI1VICE00QEhkyFenM3tuxqr8S2H3QlqjHPPORlyEcuP5T
+mchTpgU2lIbPxbNQjALSp2OOxo5WDBsl5G4H+Mw5OqgvcvH9Ko0hnxVMYuDvrziC
+4V6yoj6P+LS9NQ0yOHMgMkXG10DAXTEp/L8KHd8STaT8FNIC/kFJWq24yodASdwJ
+ak9RRPpMkC0XMT+LFhjjWrJvzyJKsyMnDB7RtH++MxnlwpqkHHX/Kq46yMPUheWC
+jJBIRJRHn1eED+6fatv89/2hqCLimGYA3FaFSxtm+UITHqLpnGCRNlLIwiMwNT6L
+K9zvsxW1
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..c850725a6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build b/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build
new file mode 100644
index 000000000..7fe54a9cc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build
@@ -0,0 +1,27 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-all-usages.pem',
+#    'ca-missing-keyCertSign.pem',
+#    'ca-no-keyUsage-extension.pem',
+#    'ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem',
+#    'ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem',
+#    'ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem',
+#    'ee-keyCertSign-only-ca-all-usages.pem',
+#    'ee-keyCertSign-only-ca-missing-keyCertSign.pem',
+#    'ee-keyCertSign-only-ca-no-keyUsage-extension.pem',
+#    'ee-keyEncipherment-only-ca-all-usages.pem',
+#    'ee-keyEncipherment-only-ca-missing-keyCertSign.pem',
+#    'ee-keyEncipherment-only-ca-no-keyUsage-extension.pem',
+#    'ee-no-keyUsage-extension-ca-all-usages.pem',
+#    'ee-no-keyUsage-extension-ca-missing-keyCertSign.pem',
+#    'ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js b/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js
new file mode 100644
index 000000000..83b4fdbc6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js
@@ -0,0 +1,89 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Test that when an override exists for a (host, certificate) pair,
+// connections will succeed only if the set of error bits in the override
+// contains each bit in the set of encountered error bits.
+// Strangely, it is possible to store an override with an empty set of error
+// bits, so this tests that too.
+
+do_get_profile();
+
+function add_override_bits_mismatch_test(host, certPath, expectedBits,
+                                         expectedError) {
+  const MAX_BITS = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                   Ci.nsICertOverrideService.ERROR_MISMATCH |
+                   Ci.nsICertOverrideService.ERROR_TIME;
+  let cert = constructCertFromFile(certPath);
+  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                              .getService(Ci.nsICertOverrideService);
+  for (let overrideBits = 0; overrideBits <= MAX_BITS; overrideBits++) {
+    add_test(function() {
+      certOverrideService.clearValidityOverride(host, 8443);
+      certOverrideService.rememberValidityOverride(host, 8443, cert,
+                                                   overrideBits, true);
+      run_next_test();
+    });
+    // The override will succeed only if the set of error bits in the override
+    // contains each bit in the set of expected error bits.
+    let successExpected = (overrideBits | expectedBits) == overrideBits;
+    add_connection_test(host, successExpected ? PRErrorCodeSuccess
+                                              : expectedError);
+  }
+}
+
+function run_test() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_override_bits_mismatch_test("unknownissuer.example.com",
+                                  "bad_certs/unknownissuer.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+  add_override_bits_mismatch_test("mismatch.example.com",
+                                  "bad_certs/mismatch.pem",
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH,
+                                  SSL_ERROR_BAD_CERT_DOMAIN);
+  add_override_bits_mismatch_test("expired.example.com",
+                                  "bad_certs/expired-ee.pem",
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SEC_ERROR_EXPIRED_CERTIFICATE);
+
+  add_override_bits_mismatch_test("mismatch-untrusted.example.com",
+                                  "bad_certs/mismatch-untrusted.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+  add_override_bits_mismatch_test("untrusted-expired.example.com",
+                                  "bad_certs/untrusted-expired.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+  add_override_bits_mismatch_test("mismatch-expired.example.com",
+                                  "bad_certs/mismatch-expired.pem",
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH |
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SSL_ERROR_BAD_CERT_DOMAIN);
+
+  add_override_bits_mismatch_test("mismatch-untrusted-expired.example.com",
+                                  "bad_certs/mismatch-untrusted-expired.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH |
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_test(function () {
+    fakeOCSPResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_overrides.js b/security/manager/ssl/tests/unit/test_cert_overrides.js
new file mode 100644
index 000000000..038ca814f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -0,0 +1,340 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests the certificate overrides we allow.
+// add_cert_override_test will queue a test that does the following:
+// 1. Attempt to connect to the given host. This should fail with the
+//    given error and override bits.
+// 2. Add an override for that host/port/certificate/override bits.
+// 3. Connect again. This should succeed.
+
+do_get_profile();
+
+function check_telemetry() {
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
+                    .getHistogramById("SSL_CERT_ERROR_OVERRIDES")
+                    .snapshot();
+  equal(histogram.counts[0], 0, "Should have 0 unclassified counts");
+  equal(histogram.counts[2], 8,
+        "Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
+  equal(histogram.counts[3], 1,
+        "Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match");
+  equal(histogram.counts[4], 0,
+        "Actual and expected SEC_ERROR_UNTRUSTED_ISSUER counts should match");
+  equal(histogram.counts[5], 1,
+        "Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE counts should match");
+  equal(histogram.counts[6], 0,
+        "Actual and expected SEC_ERROR_UNTRUSTED_CERT counts should match");
+  equal(histogram.counts[7], 0,
+        "Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE counts should match");
+  equal(histogram.counts[8], 2,
+        "Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED counts should match");
+  equal(histogram.counts[9], 10,
+        "Actual and expected SSL_ERROR_BAD_CERT_DOMAIN counts should match");
+  equal(histogram.counts[10], 5,
+        "Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE counts should match");
+  equal(histogram.counts[11], 2,
+        "Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY counts should match");
+  equal(histogram.counts[12], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA counts should match");
+  equal(histogram.counts[13], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE counts should match");
+  equal(histogram.counts[14], 2,
+        "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE counts should match");
+  equal(histogram.counts[15], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE counts should match");
+  equal(histogram.counts[16], 2,
+        "Actual and expected SEC_ERROR_INVALID_TIME counts should match");
+  equal(histogram.counts[17], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME counts should match");
+
+  let keySizeHistogram = Cc["@mozilla.org/base/telemetry;1"]
+                           .getService(Ci.nsITelemetry)
+                           .getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS")
+                           .snapshot();
+  equal(keySizeHistogram.counts[0], 0,
+        "Actual and expected unchecked key size counts should match");
+  equal(keySizeHistogram.counts[1], 12,
+        "Actual and expected successful verifications of 2048-bit keys should match");
+  equal(keySizeHistogram.counts[2], 0,
+        "Actual and expected successful verifications of 1024-bit keys should match");
+  equal(keySizeHistogram.counts[3], 58,
+        "Actual and expected verification failures unrelated to key size should match");
+
+  run_next_test();
+}
+
+// Internally, specifying "port" -1 is the same as port 443. This tests that.
+function run_port_equivalency_test(inPort, outPort) {
+  Assert.ok((inPort == 443 && outPort == -1) || (inPort == -1 && outPort == 443),
+            "The two specified ports must be -1 and 443 (in any order)");
+  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                              .getService(Ci.nsICertOverrideService);
+  let cert = constructCertFromFile("bad_certs/default-ee.pem");
+  let expectedBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED;
+  let expectedTemporary = true;
+  certOverrideService.rememberValidityOverride("example.com", inPort, cert,
+                                               expectedBits, expectedTemporary);
+  let actualBits = {};
+  let actualTemporary = {};
+  Assert.ok(certOverrideService.hasMatchingOverride("example.com", outPort,
+                                                    cert, actualBits,
+                                                    actualTemporary),
+            `override set on port ${inPort} should match port ${outPort}`);
+  equal(actualBits.value, expectedBits,
+        "input override bits should match output bits");
+  equal(actualTemporary.value, expectedTemporary,
+        "input override temporary value should match output temporary value");
+  Assert.ok(!certOverrideService.hasMatchingOverride("example.com", 563,
+                                                     cert, {}, {}),
+            `override set on port ${inPort} should not match port 563`);
+  certOverrideService.clearValidityOverride("example.com", inPort);
+  Assert.ok(!certOverrideService.hasMatchingOverride("example.com", outPort,
+                                                     cert, actualBits, {}),
+            `override cleared on port ${inPort} should match port ${outPort}`);
+  equal(actualBits.value, 0, "should have no bits set if there is no override");
+}
+
+function run_test() {
+  run_port_equivalency_test(-1, 443);
+  run_port_equivalency_test(443, -1);
+
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_simple_tests();
+  add_combo_tests();
+  add_distrust_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(check_telemetry);
+  });
+
+  run_next_test();
+}
+
+function add_simple_tests() {
+  add_cert_override_test("expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_EXPIRED_CERTIFICATE);
+  add_cert_override_test("notyetvalid.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE);
+  add_cert_override_test("before-epoch.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_INVALID_TIME);
+  add_cert_override_test("selfsigned.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("unknownissuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("expiredissuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
+  add_cert_override_test("notyetvalidissuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE);
+  add_cert_override_test("before-epoch-issuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_INVALID_TIME);
+  add_cert_override_test("md5signature.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  add_cert_override_test("emptyissuername.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME);
+  // This has name information in the subject alternative names extension,
+  // but not the subject common name.
+  add_cert_override_test("mismatch.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is only valid for the following names:\s*doesntmatch\.example\.com, \*\.alsodoesntmatch\.example\.com/);
+  // This has name information in the subject common name but not the subject
+  // alternative names extension.
+  add_cert_override_test("mismatch-CN.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is not valid for the name mismatch-CN\.example\.com/);
+
+  // A Microsoft IIS utility generates self-signed certificates with
+  // properties similar to the one this "host" will present.
+  add_cert_override_test("selfsigned-inadequateEKU.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_prevented_cert_override_test("inadequatekeyusage.example.com",
+                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                   SEC_ERROR_INADEQUATE_KEY_USAGE);
+
+  // This is intended to test the case where a verification has failed for one
+  // overridable reason (e.g. unknown issuer) but then, in the process of
+  // reporting that error, a non-overridable error is encountered. The
+  // non-overridable error should be prioritized.
+  add_test(function() {
+    let rootCert = constructCertFromFile("bad_certs/test-ca.pem");
+    setCertTrust(rootCert, ",,");
+    run_next_test();
+  });
+  add_prevented_cert_override_test("nsCertTypeCritical.example.com",
+                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                   SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+  add_test(function() {
+    let rootCert = constructCertFromFile("bad_certs/test-ca.pem");
+    setCertTrust(rootCert, "CTu,,");
+    run_next_test();
+  });
+
+  // Bug 990603: Apache documentation has recommended generating a self-signed
+  // test certificate with basic constraints: CA:true. For compatibility, this
+  // is a scenario in which an override is allowed.
+  add_cert_override_test("self-signed-end-entity-with-cA-true.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_cert_override_test("ca-used-as-end-entity.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+
+  // If an X.509 version 1 certificate is not a trust anchor, we will
+  // encounter an overridable error.
+  add_cert_override_test("end-entity-issued-by-v1-cert.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA);
+  // If we make that certificate a trust anchor, the connection will succeed.
+  add_test(function() {
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride("end-entity-issued-by-v1-cert.example.com", 8443);
+    let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem");
+    setCertTrust(v1Cert, "CTu,,");
+    clearSessionCache();
+    run_next_test();
+  });
+  add_connection_test("end-entity-issued-by-v1-cert.example.com",
+                      PRErrorCodeSuccess);
+  // Reset the trust for that certificate.
+  add_test(function() {
+    let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem");
+    setCertTrust(v1Cert, ",,");
+    clearSessionCache();
+    run_next_test();
+  });
+
+  // Due to compatibility issues, we allow overrides for certificates issued by
+  // certificates that are not valid CAs.
+  add_cert_override_test("end-entity-issued-by-non-CA.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_CA_CERT_INVALID);
+
+  // This host presents a 1016-bit RSA key.
+  add_cert_override_test("inadequate-key-size-ee.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+
+  add_cert_override_test("ipAddressAsDNSNameInSAN.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN);
+  add_cert_override_test("noValidNames.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is not valid for the name noValidNames\.example\.com/);
+  add_cert_override_test("badSubjectAltNames.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN);
+
+  add_cert_override_test("bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_test(function() {
+    // At this point, the override for bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
+    // is still valid. Do some additional tests relating to IDN handling.
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    let uri = Services.io.newURI("https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", null, null);
+    let cert = constructCertFromFile("bad_certs/idn-certificate.pem");
+    Assert.ok(certOverrideService.hasMatchingOverride(uri.asciiHost, 8443, cert, {}, {}),
+              "IDN certificate should have matching override using ascii host");
+    Assert.ok(!certOverrideService.hasMatchingOverride(uri.host, 8443, cert, {}, {}),
+              "IDN certificate should not have matching override using (non-ascii) host");
+    run_next_test();
+  });
+}
+
+function add_combo_tests() {
+  add_cert_override_test("mismatch-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is only valid for <a id="cert_domain_link" title="doesntmatch\.example\.com">doesntmatch\.example\.com<\/a>/);
+  add_cert_override_test("mismatch-notYetValid.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SSL_ERROR_BAD_CERT_DOMAIN);
+  add_cert_override_test("mismatch-untrusted.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("untrusted-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("mismatch-untrusted-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_cert_override_test("md5signature-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+
+  add_cert_override_test("ca-used-as-end-entity-name-mismatch.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+}
+
+function add_distrust_tests() {
+  // Before we specifically distrust this certificate, it should be trusted.
+  add_connection_test("untrusted.example.com", PRErrorCodeSuccess);
+
+  add_distrust_test("bad_certs/default-ee.pem", "untrusted.example.com",
+                    SEC_ERROR_UNTRUSTED_CERT);
+
+  add_distrust_test("bad_certs/other-test-ca.pem",
+                    "untrustedissuer.example.com", SEC_ERROR_UNTRUSTED_ISSUER);
+
+  add_distrust_test("bad_certs/test-ca.pem",
+                    "ca-used-as-end-entity.example.com",
+                    SEC_ERROR_UNTRUSTED_ISSUER);
+}
+
+function add_distrust_test(certFileName, hostName, expectedResult) {
+  let certToDistrust = constructCertFromFile(certFileName);
+
+  add_test(function () {
+    // Add an entry to the NSS certDB that says to distrust the cert
+    setCertTrust(certToDistrust, "pu,,");
+    clearSessionCache();
+    run_next_test();
+  });
+  add_prevented_cert_override_test(hostName,
+                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                   expectedResult);
+  add_test(function () {
+    setCertTrust(certToDistrust, "u,,");
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1.js b/security/manager/ssl/tests/unit/test_cert_sha1.js
new file mode 100644
index 000000000..f0d7c570a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1.js
@@ -0,0 +1,142 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests the rejection of SHA-1 certificates based on the preference
+// security.pki.sha1_enforcement_level.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+// We need to test as if we are at a fixed time, so that we are testing the
+// 2016 checks on SHA-1, not the notBefore checks.
+//
+// (new Date("2016-03-01")).getTime() / 1000
+const VALIDATION_TIME = 1456790400;
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_cert_sha1/" + certName + ".pem");
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  checkCertErrorGenericAtTime(certdb, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME);
+}
+
+function run_test() {
+  loadCertWithTrust("ca", "CTu,,");
+  loadCertWithTrust("int-pre", ",,");
+  loadCertWithTrust("int-post", ",,");
+
+  // Test cases per pref setting
+  //
+  // root  intermed.  end entity
+  // ===========================
+  // root
+  //  |
+  //  +--- pre-2016
+  //  |       |
+  //  |       +----- pre-2016   <--- (a)
+  //  |       +----- post-2016  <--- (b)
+  //  |
+  //  +--- post-2016
+  //          |
+  //          +----- post-2016  <--- (c)
+  //
+  // Expected outcomes (accept / reject):
+  //
+  //                              a      b      c
+  // Allowed (0)                  Accept Accept Accept
+  // Forbidden (1)                Reject Reject Reject
+  // (2) is no longer available and is treated as Forbidden (1) internally.
+  // ImportedRoot (3)             Reject Reject Reject (for built-in roots)
+  // ImportedRoot                 Accept Accept Accept (for non-built-in roots)
+  // ImportedRootOrBefore2016 (4) Accept Reject Reject (for built-in roots)
+  // ImportedRootOrBefore2016     Accept Accept Accept (for non-built-in roots)
+  //
+  // The pref setting of ImportedRoot accepts usage of SHA-1 only for
+  // certificates issued by non-built-in roots. By default, the testing
+  // certificates are all considered issued by a non-built-in root. However, we
+  // have the ability to treat a given non-built-in root as built-in. We test
+  // both of these situations below.
+  //
+  // As a historical note, a policy option (Before2016) was previously available
+  // that only allowed SHA-1 for certificates with a notBefore before 2016.
+  // However, to enable the policy of only allowing SHA-1 from non-built-in
+  // roots in the most straightforward way (while still having a time-based
+  // policy that users could enable if this new policy were problematic),
+  // Before2016 was shifted to also allow SHA-1 from non-built-in roots, hence
+  // ImportedRootOrBefore2016.
+  //
+  // A note about intermediate certificates: the certificate verifier has the
+  // ability to directly verify a given certificate for the purpose of issuing
+  // TLS web server certificates. However, when asked to do so, the certificate
+  // verifier does not take into account the currently configured SHA-1 policy.
+  // This is in part due to implementation complexity and because this isn't
+  // actually how TLS web server certificates are verified in the TLS handshake
+  // (which makes a full implementation that supports heeding the SHA-1 policy
+  // unnecessary).
+
+  // SHA-1 allowed
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 0);
+  checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess);
+
+  // SHA-1 forbidden
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 1);
+  checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+
+  // SHA-1 forbidden (test the case where the pref has been set to 2)
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 2);
+  checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+
+  // SHA-1 allowed only when issued by an imported root. First test with the
+  // test root considered a built-in (on debug only - this functionality is
+  // disabled on non-debug builds).
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 3);
+  if (isDebugBuild) {
+    let root = certFromFile("ca");
+    Services.prefs.setCharPref("security.test.built_in_root_hash", root.sha256Fingerprint);
+    checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    Services.prefs.clearUserPref("security.test.built_in_root_hash");
+  }
+
+  // SHA-1 still allowed only when issued by an imported root.
+  // Now test with the test root considered a non-built-in.
+  checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess);
+
+  // SHA-1 allowed before 2016 or when issued by an imported root. First test
+  // with the test root considered a built-in.
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4);
+  if (isDebugBuild) {
+    let root = certFromFile("ca");
+    Services.prefs.setCharPref("security.test.built_in_root_hash", root.sha256Fingerprint);
+    checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+    checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    Services.prefs.clearUserPref("security.test.built_in_root_hash");
+  }
+
+  // SHA-1 still only allowed before 2016 or when issued by an imported root.
+  // Now test with the test root considered a non-built-in.
+  checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem
new file mode 100644
index 000000000..3eb86849d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUM2w8iT4pElSjs7q3vwwClj34aqcwCwYJKoZIhvcNAQEF
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQUDggEBAGOFkUTVsazVYYVZn3v9wIKlEZYMfJ7B
+V+INq12QVUgENBzIfQ/TPIYz+mkY5uCr94v5YUmW0eeyaSwJPlNaKWOyR0pQYd03
+Bd6gltdcdRkHs2FBaSOOli9vR0IZt2FAKE6w/05xcV4XSZOpztAf1wXFCF+OF3F3
+TdRzcbUj2iVFH0Vh99oBL/CXAJ3yiJQZo/8W9433GuRLDFcvtInMfzjX1N+NxIbR
+TLXqjB/gOV8rcmnRtvloEEWibj7628QxaiOoN08VPSI8+9t1Fd2EkJzF9jmffrwG
+v3e9kb4X/08YG6hFRwjhQGgF/kcs2LMD5BiYAxPqc3KP3VrwmhVqQ6w=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec
new file mode 100644
index 000000000..7e65e9ee3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:ca
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem
new file mode 100644
index 000000000..19d8f096a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZugAwIBAgIUJWQl8gkrLL7gPn47YYMdN7qBP5wwCwYJKoZIhvcNAQEF
+MBMxETAPBgNVBAMMCGludC1wb3N0MCIYDzIwMTYwMTAyMDAwMDAwWhgPMjAxNzAy
+MDEwMDAwMDBaMBIxEDAOBgNVBAMMB2VlLXBvc3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEF
+A4IBAQAuEj6tFW9t1D7+X7uAP6yb/rO0dKB9ZIkisPyxzKgOtl1yTyfeNOnylwLY
+W/et09JkBOqcp/lP8J30F4dciAdmff02FCd6uMnxPnihWRpnPZH6Fo5ZpbkUuRUk
+ufPmYx2qP4kZnsz/oHJKOpDPZCvLOYggkQEM4EOcds3DxAXYwoxjqEJ3H/n3/Bt0
+y78WvwJ3GV2N2uxL40r99tMM9dovujXwgPCxl27MCoAUIB0jDq3CboLLk9T55iVO
+HknFyCDjOcwOF4tSXyVWqp67pnHcwPKfF1IkDkGK5bBbT5+RS/md3PTh+7zsz7sN
+b22AlQXylN9RhPHywIK4RY4OX0Kx
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec
new file mode 100644
index 000000000..76834f844
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-post
+subject:ee-post
+validity:20160102-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem
new file mode 100644
index 000000000..2d1ff2d2e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUIVsTCuql4BDO2r4O5zePBEoHg3QwCwYJKoZIhvcNAQEF
+MBIxEDAOBgNVBAMMB2ludC1wcmUwIhgPMjAxNjAxMDEwMDAwMDBaGA8yMDE3MDIw
+MTAwMDAwMFowEjEQMA4GA1UEAwwHZWUtcG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQUD
+ggEBADyJnTjky3W6jcfsSv9AS+aVYpJHzLexTI1wzv+ntg6zUFbpDb/RFerp61Wb
+zef+72XEJJtRQO28udN59OOnytX71ulvmmgSOeFNb/znLzGyIGf9ag8qIbt8m7/r
+jR3010kh9zruD1RE0QbTTPXeeFlh0yUT69ZvxRMWJxaASY/vibCjmR22hpiHjM+1
+bpXgUEtj4u8WFRVpHwGsca1uXjQQDgPaLv/7byiC1DtBHP1P5wdYtNXY+dL/W4mn
+y3Lqe96ddO9dIDetEdzzk7PLzqIkDJM1DiGrYxGgM70GjF1BiMGkskGMwfMfe6Pt
+UmMzpYci8vcbHF8lj+Ja8Aw3SHo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec
new file mode 100644
index 000000000..1e8bb35b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-pre
+subject:ee-post
+validity:20160101-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem
new file mode 100644
index 000000000..a992d8272
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUOU+CyYnf3GRRgGHvbeJB8HTUvJ4wCwYJKoZIhvcNAQEF
+MBIxEDAOBgNVBAMMB2ludC1wcmUwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDE3MDIw
+MTAwMDAwMFowETEPMA0GA1UEAwwGZWUtcHJlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBBQOC
+AQEAn0lp9zXbe2pAVI8aR/+xFD8AOTB0bzlD6xNIQahBPd/JE93ni1oi3N6PUKRp
+vtDECKigcX4OLOZid8rt82CS6I6/OiKYqfZrMmr3BMjpNFNOFZqhEGtm4y6j+hjo
+HV8FEXmse06hZkwIkqacF16+P9boBCP2mF5zrUuIML48GnwPCtb7KIEmZTl8dsXn
+oUMrAQXPZYTcCb6U8GVU3WQRMRLsZ+WenATuOZPZeDQRrYUkoaJ+KfGG/ZNnmw6u
+ribqtEPBu3CqXj5BZiF3rcr+QjSlluuGDWrR0TpGTJmBiTXilUYSWv/lKOJR7rJA
+89uNoWp/kCkbxWLlguPWAEx+kg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec
new file mode 100644
index 000000000..0f4a6ec25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-pre
+subject:ee-pre
+validity:20150101-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem
new file mode 100644
index 000000000..c1a9ab2fa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAbWgAwIBAgIUU3gwFYS/POd5EH541PQ4aTV8eN8wCwYJKoZIhvcNAQEF
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwMTAxMDAwMDAwWhgPMjAyNjAxMDEwMDAw
+MDBaMBMxETAPBgNVBAMMCGludC1wb3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYw
+DAYDVR0TBAUwAwEB/zALBgkqhkiG9w0BAQUDggEBAFwbiQ3x7M+JecpGomrBJ6uu
+ajH2cU5B6q3+842jNRTJ8kjE5sXvaaF5Zasdlp/pOq5Xu3tgniDuLbr280MxDx/i
+eyDBfZefJRskgBl/a4F7w0i0LlwYGJkyr++XWckEutO06ou6ATzsA6WAhh+O3fSB
+tLaf0V9Pof3pglNETpSlIFzQytoIc5aICMjt9Ur72S/IpM7sHkJoPpKwscOovTCp
+4k6jDTOHAHr8ck0X89KPHT/nRmm6bAQHsGMjSnrpEgXQ+ZuwVLEEdQPZ2L5028Uq
+RJn0mFu6Z53EYYrZURWdiq/p5N67TknC28REilfoG3PPqFD/CLbEMq5lrA5IGxM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec
new file mode 100644
index 000000000..50156c9f6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:int-post
+validity:20160101-20260101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem
new file mode 100644
index 000000000..41170f837
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAgIUGZVI6HsbDll1DnYoYIZ0eqi4ZPwwCwYJKoZIhvcNAQEF
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjAyMDAxMDEwMDAw
+MDBaMBIxEDAOBgNVBAMMB2ludC1wcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBBQOCAQEAjpiGO9woF0OKiGVLk/SjpU3M
+NFbLNsFYGL6PQfpZHHCxc78qtZZ6uVM8fh9tRzlFbRx0eGWVFqcjxTrsAVopM+wJ
+1lRa8O4VXrtzhBoknPIBpdLvLYTdipLOL8qxCad6DdlX31JwQYgdmSUQ3YyqoCaC
+C3b3cVEF4h2A7hbBIxOTl1Xvs/aVbllYdnoO0HEs4FBrQVfQsjTPzJeF42GNW/OV
+KvX9XQ/Oq8r9sxyyGRKILj9yTqKtwXNU50QxW9MxN1vMY9w1skmMAMqrwn3FgjIU
+cxv3oqfeTwAa9V2S0B+4k3lX6Ku5ON1YRX+w5oD9RruHMu+qzJZMhrdQjhf34w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec
new file mode 100644
index 000000000..9f0a59ee9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:int-pre
+validity:20100101-20200101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/moz.build b/security/manager/ssl/tests/unit/test_cert_sha1/moz.build
new file mode 100644
index 000000000..d94bb0498
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'int-pre.pem',
+#    'ee-pre_int-pre.pem',
+#    'ee-post_int-pre.pem',
+#    'int-post.pem',
+#    'ee-post_int-post.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures.js b/security/manager/ssl/tests/unit/test_cert_signatures.js
new file mode 100644
index 000000000..8be89c8a2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures.js
@@ -0,0 +1,121 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that certificates cannot be tampered with without being detected.
+// Tests a combination of cases: RSA signatures, ECDSA signatures, certificate
+// chains where the intermediate has been tampered with, chains where the
+// end-entity has been tampered, tampering of the signature, and tampering in
+// the rest of the certificate.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+var certdb = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+// Reads a PEM-encoded certificate, modifies the nth byte (0-indexed), and
+// returns the base64-encoded bytes of the certificate. Negative indices may be
+// specified to modify a byte from the end of the certificate.
+function readAndTamperWithNthByte(certificatePath, n) {
+  let pem = readFile(do_get_file(certificatePath, false));
+  let der = atob(pemToBase64(pem));
+  if (n < 0) {
+    // remember, n is negative at this point
+    n = der.length + n;
+  }
+  let replacement = '\x22';
+  if (der.charCodeAt(n) == replacement) {
+    replacement = '\x23';
+  }
+  der = der.substring(0, n) + replacement + der.substring(n + 1);
+  return btoa(der);
+}
+
+// The signature on certificates appears last. This should modify the contents
+// of the signature such that it no longer validates correctly while still
+// resulting in a structurally valid certificate.
+const BYTE_IN_SIGNATURE = -8;
+function addSignatureTamperedCertificate(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE);
+  certdb.addCertFromBase64(base64, ",,", null);
+}
+
+function ensureSignatureVerificationFailure(certificatePath) {
+  let cert = constructCertFromFile(certificatePath);
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE,
+                        certificateUsageSSLServer);
+}
+
+function tamperWithSignatureAndEnsureVerificationFailure(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE);
+  let cert = certdb.constructX509FromBase64(base64);
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE,
+                        certificateUsageSSLServer);
+}
+
+// The beginning of a certificate looks like this (in hex, using DER):
+// 30 XX XX XX [the XX encode length - there are probably 3 bytes here]
+//    30 XX XX XX [length again]
+//       A0 03
+//          02 01
+//             02
+//       02 XX [length again - 1 byte as long as we're using pycert]
+//          XX XX ... [serial number - 20 bytes as long as we're using pycert]
+// Since we want to modify the serial number, we need to change something from
+// byte 15 to byte 34 (0-indexed). If it turns out that the two length sections
+// we assumed were 3 bytes are shorter (they can't be longer), modifying
+// something from byte 15 to byte 30 will still get us what we want. Since the
+// serial number is a DER INTEGER and because it must be positive, it's best to
+// skip the first two bytes of the serial number so as to not run into any
+// issues there. Thus byte 17 is a good byte to modify.
+const BYTE_IN_SERIAL_NUMBER = 17;
+function addSerialNumberTamperedCertificate(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath,
+                                        BYTE_IN_SERIAL_NUMBER);
+  certdb.addCertFromBase64(base64, ",,", null);
+}
+
+function tamperWithSerialNumberAndEnsureVerificationFailure(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath,
+                                        BYTE_IN_SERIAL_NUMBER);
+  let cert = certdb.constructX509FromBase64(base64);
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE,
+                        certificateUsageSSLServer);
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_cert_signatures/ca-rsa.pem", "CTu,,");
+  addCertFromFile(certdb, "test_cert_signatures/ca-secp384r1.pem", "CTu,,");
+
+  // Tamper with the signatures on intermediate certificates and ensure that
+  // end-entity certificates issued by those intermediates do not validate
+  // successfully.
+  addSignatureTamperedCertificate("test_cert_signatures/int-rsa.pem");
+  addSignatureTamperedCertificate("test_cert_signatures/int-secp384r1.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-secp384r1.pem");
+
+  // Tamper with the signatures on end-entity certificates and ensure that they
+  // do not validate successfully.
+  tamperWithSignatureAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-rsa-direct.pem");
+  tamperWithSignatureAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1-direct.pem");
+
+  // Tamper with the serial numbers of intermediate certificates and ensure
+  // that end-entity certificates issued by those intermediates do not validate
+  // successfully.
+  addSerialNumberTamperedCertificate("test_cert_signatures/int-rsa.pem");
+  addSerialNumberTamperedCertificate("test_cert_signatures/int-secp384r1.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-secp384r1.pem");
+
+  // Tamper with the serial numbers of end-entity certificates and ensure that
+  // they do not validate successfully.
+  tamperWithSerialNumberAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-rsa-direct.pem");
+  tamperWithSerialNumberAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1-direct.pem");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem
new file mode 100644
index 000000000..d69aa25b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUO2lYN9PBRm2JcO9v6CRF34O3zf4wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjARMQ8wDQYDVQQDDAZjYS1yc2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEALKYfcXwaFc61IDWngVq6
+3PdKTQHw31/w7GyBo19DE5MDVxyrXZq+fRAhGre8ge1gKrOlMcmLIoEVcK+y1MwY
+f4yIpStfOg+6Tf1C2e8UUTzhsolQxKFU0rtEJXPlRgMA2pcO6RjFhK2/D79icYra
+0U0OQrMnGGw46QPZkynKw4RwTZpCaJTkN8+LzXyik6Pj0mjpb7Xeo5FCmI6eEIkF
+n8Ni6pepA+kHCRqPQIkbl5tzrfVTUEKAVxnv2TeCrTCdDK6dRGVycrOfNlma34in
+Poo/6uDgjGyMp2c2zOpg6igYED/8SDMFzyHVQ52Db8xaPxOyNykyGTWEE3IW8cpB
+NA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec
new file mode 100644
index 000000000..5890d2db6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-rsa
+subject:ca-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem
new file mode 100644
index 000000000..efa00a41b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjjCCARSgAwIBAgIUUVp8W0nO+hAF/W78cEBWzlRXvGAwCgYIKoZIzj0EAwIw
+FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGNhLXNlY3AzODRyMTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt
+qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC
+8Fr3Gh/dzIN0qm6pzqMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYI
+KoZIzj0EAwIDaAAwZQIxAO0GJz6haDpUtNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ
+1OxFRuhW515lVbeTqfcA8wIwFdIanp6v61Q6pot5X6fHyn7G+ZIsEbHDPOZPaq0U
+QR5t1/Y5Fe4hDulAXXt+jvE0
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec
new file mode 100644
index 000000000..0701c23c1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ca-secp384r1
+subject:ca-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem
new file mode 100644
index 000000000..17c1eddac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ+gAwIBAgIULa69PvpLSrw920lPhbLY+O4VRUEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAYMRYwFAYDVQQDDA1lZS1yc2EtZGlyZWN0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3
+DQEBCwOCAQEAF1HRj4EAiAQcWXyOijM6CkccZiCnnWGDJaEv2okPC5vYrDnhcrqi
+xmaYAtpyU60GzYslxy52f3n7kzykXB7Uv0fUFX3ZUedCNwEh8WTfks8mEDUeibt/
+eSK6uLuhe9njiWQv1b71QySUjcWDTfJ8JhpS1Dr8BdpEuWc7CUSwoQqS72iF4wou
+vjP7AD8WkmyoAlPSCAnL5P5n6iPdeFpupnQQ7apbH+6uhq0p9r6tuTWGdCJN8CHk
+hfQGuhERyTbmC0wOcE9NmVGM9MB0fn/W92GSr8ZWnQoudrH3H+HR3ULjV9TpB2W2
+RpfmOWnsPDTUM3q4qqYZcz1O+1CGgSe2qg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec
new file mode 100644
index 000000000..4e25ddcf9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-rsa
+subject:ee-rsa-direct
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem
new file mode 100644
index 000000000..85a3256bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUS+9dGZZa6H0mcsDNp90hmo3/2IIwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB2ludC1yc2EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowETEPMA0GA1UEAwwGZWUtcnNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAdFA74biUzEKaexSV4U6UKgXlDez+YUjqZyPg+XJ88Zdt3ldBD2YFZLBYYX+B
+Mls6i5s+UsmH7X0OFD9JJf9ti1n/lNEriyj9tF35w020OtLrYRhTdiafGgwKZXj1
+FWgQpA8+lDXoVrSYOozfIZCR5RwTraJ676jy5l8+f+fY06gGfNOA+Raj3WI0veh/
+HZhXtF9K+qFzyYSX1c6YFFEUo3horxyyuEgPDF9gsmxHzErbPkbbTkgihdZKwXYg
+FUCIjKFNOtLTm+yESBi5YN69hO33mr5RbYsqu2Wwh+m0405dp7U0+zxOhoYVEpYb
+MIZgbeJrQjO6n/+sHPZXkYOhpQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec
new file mode 100644
index 000000000..b974a0a0a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-rsa
+subject:ee-rsa
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem
new file mode 100644
index 000000000..373e3227f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdTCB/KADAgECAhQ/DpvvKy1cb0ww9HrO6/Ao0FwezjAKBggqhkjOPQQDAjAX
+MRUwEwYDVQQDDAxjYS1zZWNwMzg0cjEwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtc2VjcDM4NHIxLWRpcmVjdDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22CO
+JS3ktxMtqM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXED
+viiIz/AC8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNoADBlAjEA7QYnPqFoOlS0
+2BpDdIRIljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAjAboNLdytrv
+bPTA8IfMt71/9F/w9GqjK0616TVZY9I/DiERYT6X6PE2il/eMGaQEgg=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec
new file mode 100644
index 000000000..386ab95f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-secp384r1
+subject:ee-secp384r1-direct
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem
new file mode 100644
index 000000000..b11cfd53c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbjCB9qADAgECAhQ7FJ+9gQKCxkNdRiyOldB2DMRpnjAKBggqhkjOPQQDAjAY
+MRYwFAYDVQQDDA1pbnQtc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGVlLXNlY3AzODRyMTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt
+qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC
+8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNnADBkAjEA7QYnPqFoOlS02BpDdIRI
+ljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAi9/y9J21YfiwsBalvKh
++ruL6jHmzpxdR7p5IORvNQEHWl6/H8cHmi3Wn8GieN5RgA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec
new file mode 100644
index 000000000..b8f7993be
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-secp384r1
+subject:ee-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem
new file mode 100644
index 000000000..f01885f4b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbigAwIBAgIUET5f4owvO60JtJUbi1xFtlVRRaQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjASMRAwDgYDVQQDDAdpbnQtcnNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTAD
+AQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAEHH8NBKQ0v8G/ad07vk
+v1LbgP5oEj2NXbFPCAgNez4M7XDgCPEtbiKCt1bBXtLrZPggCzyH9cTZjzJFMoNr
+6sB7x76+E+y6+jkKPCeMhsR4WL1GY4IFX7YueNQ94Twb+RAjHPJqEyI7GoTpRKhi
+0hix8QgPVOTdItp4Sm9AZiyHjlTIo5Lvphm708SFKT4iQco256zjLog7LE7NLZxo
+IZdUoUClnNXj0Ua4P4hbGf4uRIldSUV82Xbz6VNcVJ0fCB11YqlNsyXa3Nj5HyTN
+uBXMOItSedvOQmwwRM9QM5a/Uy5vUhZeHuY/MpXpQoj43D3s1qQWXCe7TYSYEpOl
+Gwc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec
new file mode 100644
index 000000000..a86d28b44
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-rsa
+subject:int-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem
new file mode 100644
index 000000000..5893cf191
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCARWgAwIBAgIUTZPJwmeUhMvv2i6MC21jYsZd1E8wCgYIKoZIzj0EAwIw
+FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBgxFjAUBgNVBAMMDWludC1zZWNwMzg0cjEwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcT
+LajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/w
+AvBa9xof3cyDdKpuqc6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA2kAMGYCMQDtBic+oWg6VLTYGkN0hEiWPOY+voEXA+zXPXLwolQG
+WdTsRUboVudeZVW3k6n3APMCMQDsCu5UY7Sp5LHK9qsrKLL5YD8FhYR0oQCOAzgX
+/AbvvDsssBIBBT5McBixnMHuYDU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec
new file mode 100644
index 000000000..e002a1569
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ca-secp384r1
+subject:int-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/moz.build b/security/manager/ssl/tests/unit/test_cert_signatures/moz.build
new file mode 100644
index 000000000..779339bec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/moz.build
@@ -0,0 +1,20 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-rsa.pem',
+#    'ca-secp384r1.pem',
+#    'ee-rsa-direct.pem',
+#    'ee-rsa.pem',
+#    'ee-secp384r1-direct.pem',
+#    'ee-secp384r1.pem',
+#    'int-rsa.pem',
+#    'int-secp384r1.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_trust.js b/security/manager/ssl/tests/unit/test_cert_trust.js
new file mode 100644
index 000000000..622678c7a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust.js
@@ -0,0 +1,216 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb  = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+var certList = [
+  'ee',
+  'int',
+  'ca',
+];
+
+function load_cert(cert_name, trust_string) {
+  let cert_filename = cert_name + ".pem";
+  addCertFromFile(certdb, "test_cert_trust/" + cert_filename, trust_string);
+}
+
+function setup_basic_trusts(ca_cert, int_cert) {
+  certdb.setCertTrust(ca_cert, Ci.nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_SSL |
+                      Ci.nsIX509CertDB.TRUSTED_EMAIL |
+                      Ci.nsIX509CertDB.TRUSTED_OBJSIGN);
+
+  certdb.setCertTrust(int_cert, Ci.nsIX509Cert.CA_CERT, 0);
+}
+
+function test_ca_distrust(ee_cert, cert_to_modify_trust, isRootCA) {
+  // On reset most usages are successful
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+
+  // Test of active distrust. No usage should pass.
+  setCertTrust(cert_to_modify_trust, 'p,p,p');
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageStatusResponder);
+
+  // Trust set to T  -  trusted CA to issue client certs, where client cert is
+  // usageSSLClient.
+  setCertTrust(cert_to_modify_trust, 'T,T,T');
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+
+  // XXX(Bug 982340)
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert,
+                        isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                 : SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+
+  // Now tests on the SSL trust bit
+  setCertTrust(cert_to_modify_trust, 'p,C,C');
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLServer);
+
+  //XXX(Bug 982340)
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageStatusResponder);
+
+  // Inherited trust SSL
+  setCertTrust(cert_to_modify_trust, ',C,C');
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  // XXX(Bug 982340)
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+  // Now tests on the EMAIL trust bit
+  setCertTrust(cert_to_modify_trust, 'C,p,C');
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+
+  //inherited EMAIL Trust
+  setCertTrust(cert_to_modify_trust, 'C,,C');
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+}
+
+
+function run_test() {
+  for (let i = 0 ; i < certList.length; i++) {
+    load_cert(certList[i], ',,');
+  }
+
+  let ca_cert = certdb.findCertByNickname('ca');
+  notEqual(ca_cert, null, "CA cert should be in the cert DB");
+  let int_cert = certdb.findCertByNickname('int');
+  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
+  let ee_cert = certdb.findCertByNickname('ee');
+  notEqual(ee_cert, null, "EE cert should be in the cert DB");
+
+  setup_basic_trusts(ca_cert, int_cert);
+  test_ca_distrust(ee_cert, ca_cert, true);
+
+  setup_basic_trusts(ca_cert, int_cert);
+  test_ca_distrust(ee_cert, int_cert, false);
+
+  // Reset trust to default ("inherit trust")
+  setCertTrust(ca_cert, ",,");
+  setCertTrust(int_cert, ",,");
+
+  // It turns out that if an end-entity certificate is manually trusted, it can
+  // be the root of its own verified chain. This will be removed in bug 1294580.
+  setCertTrust(ee_cert, "C,,");
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec
new file mode 100644
index 000000000..d809dbd63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem
new file mode 100644
index 000000000..91c1ffcab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUYfpH7OFfqiJDcQnM/gVlKieeyOAwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM1MDMwMQYDVR0lBCowKAYIKwYBBQUH
+AwEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMwCwYJKoZIhvcNAQELA4IB
+AQCqaSdnhHXFqLkMT5eU8FiyfpJeMDmyl0UFSB0yXrjh4dsiCayLECagJyVtxFJ/
+K8XBZz3USUOIaK3j8VADK7o6s7dKSy68EacYEF4MtGUpL3Bn7353RSB3hFRfpMuD
+rohMZ8ZBDpvRPddOchpd9OW798duxJWYmotY4wrbK5E+xXhJaaJk4utbx8hqo+xz
+gKusj3w33uYbGQgCNPZ9zbFeyP+1K0vDV5NKC8JdL+KqbECdc9OcpA3jg17owubM
+yovO/bYKzy6bWMpEdzr64JK2n2fDoEQgfwi6O5iC0A7JjOfAkyWYgbrgve5qWamd
+6v71Lnux30zRSwsliFhUl6Md
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec
new file mode 100644
index 000000000..9666c1806
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:ee
+extension:extKeyUsage:serverAuth,clientAuth,emailProtection,codeSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem b/security/manager/ssl/tests/unit/test_cert_trust/int.pem
new file mode 100644
index 000000000..fd60e5fe2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn
+4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g
+krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh
++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO
+MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh
+++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec
new file mode 100644
index 000000000..a7f6d8141
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/moz.build b/security/manager/ssl/tests/unit/test_cert_trust/moz.build
new file mode 100644
index 000000000..a075d0cb3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee.pem',
+#    'int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_version.js b/security/manager/ssl/tests/unit/test_cert_version.js
new file mode 100644
index 000000000..063bcb1cc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version.js
@@ -0,0 +1,190 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests the interaction between the basic constraints extension and the
+// certificate version field. In general, the testcases consist of verifying
+// certificate chains of the form:
+//
+// end-entity (issued by) intermediate (issued by) trusted X509v3 root
+//
+// where the intermediate is one of X509 v1, v2, v3, or v4, and either does or
+// does not have the basic constraints extension. If it has the extension, it
+// either does or does not specify that it is a CA.
+//
+// To test cases where the trust anchor has a different version and/or does or
+// does not have the basic constraint extension, there are testcases where the
+// intermediate is trusted as an anchor and the verification is repeated.
+// (Loading a certificate with trust "CTu,," means that it is a trust anchor
+// for SSL. Loading a certificate with trust ",," means that it inherits its
+// trust.)
+//
+// There are also testcases for end-entities issued by a trusted X509v3 root
+// where the end-entities similarly cover the range of versions and basic
+// constraint extensions.
+//
+// Finally, there are testcases for self-signed certificates that, again, cover
+// the range of versions and basic constraint extensions.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_cert_version/" + certName + ".pem");
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, "test_cert_version/" + certName + ".pem", trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLServer);
+}
+
+function checkIntermediate(cert, expectedResult) {
+  checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLCA);
+}
+
+// Test that the code that decodes certificates to display them in the
+// certificate manager correctly handles the version field.
+function checkCertVersion(cert, expectedVersionString) {
+  let asn1 = cert.ASN1Structure.QueryInterface(Ci.nsIASN1Sequence);
+  let tbsCertificate = asn1.ASN1Objects.queryElementAt(0, Ci.nsIASN1Sequence);
+  let version = tbsCertificate.ASN1Objects.queryElementAt(0, Ci.nsIASN1Object);
+  equal(version.displayValue, expectedVersionString,
+        "Actual and expected version strings should match");
+}
+
+function run_test() {
+  loadCertWithTrust("ca", "CTu,,");
+
+  // Section for CAs lacking the basicConstraints extension entirely:
+  loadCertWithTrust("int-v1-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v1-noBC_ca"), MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA);
+  checkEndEntity(certFromFile("ee_int-v1-noBC"), MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA);
+  // A v1 certificate with no basicConstraints extension may issue certificates
+  // if it is a trust anchor.
+  loadCertWithTrust("int-v1-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v1-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v1-noBC"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v2-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v2-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-noBC"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v2-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v2-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-noBC"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v3-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v3-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-noBC"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v3-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v3-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-noBC"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v4-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v4-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-noBC"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v4-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v4-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-noBC"), SEC_ERROR_CA_CERT_INVALID);
+
+  // Section for CAs with basicConstraints not specifying cA:
+  loadCertWithTrust("int-v1-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v1-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v1-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v1-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v1-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v1-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v2-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v2-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v2-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v2-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v3-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v3-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v3-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v3-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v4-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v4-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v4-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v4-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  // Section for CAs with basicConstraints specifying cA:
+  loadCertWithTrust("int-v1-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v1-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v2-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v2-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v3-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v3-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v4-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v4-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess);
+
+  // Section for end-entity certificates with various basicConstraints:
+  checkEndEntity(certFromFile("ee-v1-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v2-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v3-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v4-noBC_ca"), PRErrorCodeSuccess);
+
+  checkEndEntity(certFromFile("ee-v1-BC-not-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v2-BC-not-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v3-BC-not-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v4-BC-not-cA_ca"), PRErrorCodeSuccess);
+
+  checkEndEntity(certFromFile("ee-v1-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+  checkEndEntity(certFromFile("ee-v2-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+  checkEndEntity(certFromFile("ee-v3-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+  checkEndEntity(certFromFile("ee-v4-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+
+  // Section for self-signed certificates:
+  checkEndEntity(certFromFile("ss-v1-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v2-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v3-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v4-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+
+  checkEndEntity(certFromFile("ss-v1-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v2-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v3-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v4-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+
+  checkEndEntity(certFromFile("ss-v1-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v2-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v3-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v4-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+
+  checkCertVersion(certFromFile("ss-v1-noBC"), "Version 1");
+  checkCertVersion(certFromFile("int-v2-BC-cA_ca"), "Version 2");
+  checkCertVersion(certFromFile("ee-v3-BC-not-cA_ca"), "Version 3");
+  checkCertVersion(certFromFile("int-v4-BC-not-cA_ca"), "Version 4");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ca.pem
new file mode 100644
index 000000000..d5d688220
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUGamqdMD0Nm1H+VfFhPYfXjLHRokwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAvQClqGp0semC/2XyWMk9xUJfroOET9
+beRv7cv8KUZnG3PaE+J5F7ER7f8COvvamkdeaatPcUc3+6JSErSibRZuwSNu7y55
+8D2DW5tVYNpni/bQCeR2S1SX2wQXOLTDZgYYnAP6dfUUoWIcoqRoQdFo4/clhTCc
+Cdbi7YYMRgiPX1Lr2Wlr6lzA78ri6jul1Xv+x01qDuSGYshXWLy3s4Rn8KcCNdt0
+qeCHYOKY/HdDv4xX/kHrkCm8qxfqLRG6GkbXahySaNm7gaTjFN9tn/n8z1SOz4fQ
+c/lWMN8xE4W645GavbrrTCYG3sMBLF3uXULlIaQb1imtoj/T+cEA/6o=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec
new file mode 100644
index 000000000..8689ef9ea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem
new file mode 100644
index 000000000..2b606ba68
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvDCCAaYCFAGWmOxUiv3Wiz/EpnGMkzvZ1CC4MAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAW
+MRQwEgYDVQQDDAtlZS12MS1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAL
+BgkqhkiG9w0BAQsDggEBAJoTmk+UuRV8BjvLAikw3jMlQLRZksGVezou/oWY6xB0
+5cBhexPniE5Wloareu929H7GroKodIS7byou7brNOFid1WufroaahmS2eKaDoEEr
+OQ7q6KsCKTh7fIi4JOHB43bRpumqAAC/F+PMpyH9breHoMRw70emfbPssbf0sJLt
+fcw6UtxiCLKZ75gQSYvZxwTdzEVon0FMVE/eXpG7TI+5ruzwPhpWbk+NVPTQByjd
+7aBXRjt7IsSM1s4k86FVOFCJW23e+NirdBhpXcIV8JhxOCaDEWlhAK6vGH/cvdHe
+zRU03uzpl4OAngMfjsol790KiyBR6ZcpDeBURiVd1Ms=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..4570e6e3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v1-BC-cA
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem
new file mode 100644
index 000000000..8fccea824
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaoCFE1BLhsmfyyB2fW6gUjQwrgYB0uOMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAa
+MRgwFgYDVQQDDA9lZS12MS1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMB
+AQAwCwYJKoZIhvcNAQELA4IBAQCfLK68eVDBxO0+W/ye0RgZHwRXn5nTaIj8s1iu
+CttV8uBYM1Hw5NUrmpI2bVlZA262qvbKTbhvIPOYz0wD1WkqMabQbuY32XRYKcaM
+cUec2RPy5ZWnZIT4AcYDSGaz8s24223GnlPgresZBhaQ0LzzbSJwtC8S2Fpt5pa1
+V1TenVU1KcjnyiDpGQSj5BsTJG/JONq5eIbP4T1k26Hi9VM8q8bjO0oKBFAxaw6/
+YulGByT8/BoNZXW8yGZu4h2KII7Mun4S13qNgLuGFTT6OJ6/zEwRR3x19o/NhHVm
+pbjyfxFfqnd6HDMAlW1uZt0FtejGPG0ZUL7FlhBy/vTt8Ju+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..f4257841f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v1-BC-not-cA
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem
new file mode 100644
index 000000000..c65444481
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqTCCAZMCFDG06FmDxQmJyGqH60Gs9a/BJSTTMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAV
+MRMwEQYDVQQDDAplZS12MS1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEANnkU
+K6FLFlD2tKjK8Ky22ATkd68zdLs1HxDbVCa57fsToBwAiZdme+mIjQW+w42Zep4Y
+3E0GfjfVNyjVVaEPdLpQiZN8NKB9c/omwoMRyQEq6uhYGTg6o8FcYiQ3/WFBXGc+
+07YmEe9jmhozobUnJ5At5tkymL448qUQ7z9kNHu9L0p2fgEJa146RAyHQ+sXpz4X
+us/+IyqQGaI7q0Hz89clL6tUM9c5Z7r/Jp2UAhpm58ytMpKR0RJuQ5gfDKQKMjPk
+rEfjcxeA40TB5OhKVXYAy2yMJ7hiGByZed3FBSAId/Xmn+ltnaLUocXltgLyB9pG
+TfO49CA2VK0a2vhtaA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec
new file mode 100644
index 000000000..48fe9e541
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v1-noBC
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem
new file mode 100644
index 000000000..2d16032b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAQIUfQVCkqBjryqY0hxn56/dGr7n01wwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLXYyLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD
+AQH/MAsGCSqGSIb3DQEBCwOCAQEABme7cHcrv89ZFbbeOZH3sTrjNOGyAJhRczT2
+muEbJlLCAstllOrIY/KbJHFEi9p7NoEb57ubRweVzhZn7slriY1N8s+jkR3LFlLS
+1e0Xp82FEATF6C/SBhKdnTrz3NBsIG4WPI99x7BTBgCiHYucpOUhd72tpho3wdmK
+/4gPqWIoUyULRJB1NXaDtil3766DBA143mnuIgS34cQerK+vTgxWoUwBKfEzDkzZ
+sl9at4DsZefP7rYOmQ95B0kpM+uI6UUpJYdC9jX/c3JkoZgOZG1sDpQT4quqjoNO
+Hg58ZJ69Vj2GbS8i9tKKVPQLySmiU3L4W0y4XdBMMOfWAdj2qA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..f714725d2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v2-BC-cA
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem
new file mode 100644
index 000000000..224e4f075
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAQIUf+XAs2m7oSCNvUK7DEGaRr2dTwYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBoxGDAWBgNVBAMMD2VlLXYyLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEBADALBgkqhkiG9w0BAQsDggEBALAH32l8H1kmrrw2syJ0p9BTp60bRKty
+1l+kCu7P8ZSH7+eGqROJpvYty9Ao1OrOSyQAfcj0BUn5IsgEDgTogF1PveZlvRtA
+YNd2AFQqP6/lbU8+licG46D0NjUcZRzZZb/daAo91I2qcdIj8VluDhDA4yVh1G/L
+PMIvJ+I/Zscz2M/IlDlH9pdb408YPVOxoK1OdzC7eFsT25hiH+lyn1faPkauY+GF
+m3IVSlUQUOrjpJOQluPKii0j3fdJWGawy7W9Rou9RqcHpEdFx1tdC3Gie/DLrsmJ
+eAfuyJlkK5++IgdlQwLHsTWW/6o6mTfqS7TAsxcBt9tJnLw4fOlaA9s=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..db7228881
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v2-BC-not-cA
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem
new file mode 100644
index 000000000..b54cfd23c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZigAwIBAQIUdQe+ZPF/+uPABp+LHcJbzs80mlUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLXYyLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB
+AQBUaAqzcDmmrd4Wep1/lRJU9qzvkTNfYjE+kjIyW+KlQoh1ESoIgKgMEkIAZ8gW
+VgMwwcLJqqrTyr/Do5gYLzGlSvgi7HWHhu5NbxbbDZ/jKjytVNA/PEGJ7nIh1ka4
+vlwTJBQ/5A4r+2C+IMp2/cAUFHsf2N0ng8ubtl9O9rA5W2Hfz0KMVZ46clcCKCP8
+6KsNqA52FU9s6/z6r2m11YX/QWpO9jVOYcguc4s2PiDPn2R2s/Ok7JqkpVglLehr
+vSlPpeAfqoeSHCr7FfMH/csZ10Ax3XbnPQTnDEfjNxVHcIS3HkUZM5y8X/xm2om3
+BNvtFytBamlQ8Xb/erQ5pmX2
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec
new file mode 100644
index 000000000..cc304ab87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v2-noBC
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem
new file mode 100644
index 000000000..0db92cab3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAgIUB8OP2Jy4CAmKxxBski29TdDy3JUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLXYzLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD
+AQH/MAsGCSqGSIb3DQEBCwOCAQEAlZW+VCvoVVjk61KPrCGT/npj/xlOkXRO+G3E
+DvvoSEaeq9r5YcSWlb8cuYtLVqWP2S3S5HdgLk8ziIDI/z3y4cEn8j2wyBdYezAy
+N6zpFRwEuWTmdeMQ+xTKf/nyOHGcSyIlXvj6Y2B0T8anAS/vdAa2sfkERt4nMFwd
+Kmwmg+QAnh6MXwb/0EXmX2z5B0qyWlsPy3+CsR+qgWBAOCAUVwjbgMP44XyhgKeX
+bTHJhuIm3yO2ItB5YwDt1DbeH2+Q7+hdnUf1jPKtVha2cnKfnngn10QK4ZApVChg
+OX5fB8CjvMLp5bOa4Pgn962s2KBB2Wy7PV25AbfXKt/Hc3ovuQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..6f69c3574
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v3-BC-cA
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem
new file mode 100644
index 000000000..768871d74
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUJ20yvWlIyReCYJ+kcsG+DkJ640UwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBoxGDAWBgNVBAMMD2VlLXYzLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEBADALBgkqhkiG9w0BAQsDggEBAIOkqY4yOoyfH40DXCLBXL0rrmflioBT
+dl9oRE65btGHLQUn15BQZugBVSbyIdMAv4aeBEt1oqSAB6I4e20rKDeslwexLQtr
+yV2nuAlMTYOBp64UpcG2kG6mAdhYOYICYa67NBNQpc8uvU3hAIoD6kpv+0b3ytRD
+xV4X6cWUcYbqCFIJkans/FrQG/Gy+5Mg2lmdqE1KtkVzq7Tt/QXGaPxhr2rYmuPE
+cNiMAknatOwA4KSaclNkuxkq9axtGCwIa5NNV+4mXrPglWhU6ke5DgO/dln+mfO2
+UB2aj4romZScF2qo9uNaBKyGRAE8yaCxanOGUiwKyl8mOBJ424Xqxkw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..4a9de0635
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v3-BC-not-cA
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem
new file mode 100644
index 000000000..2be86fcdb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZigAwIBAgIUWQH07Krh10EOvFLY8UBqyG5xYBYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLXYzLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB
+AQCQXyyODh2FWO4TxBiuaQdFnFk+2zeqV2iWqpQGFDmgrHCZXrlJM+BVuAFzw0LQ
+hOf9qd33+f2sBDc4lf0qxu5/5Xqt8zERkvK0/zdMz3EpSoLMKvXv+7Z8YH3Ajt3O
+D4SV+3/Pk+/oweJ4XPMTeBhJ7qbU5/aALIzB5hqJHopmkqr8Zi4XTg/VgeZPM9zQ
+47HcOIvWnos99OxRte3xBxOU7aLmXOU4CMvAvzyFI0QCR9yh6UL2f0rICkagfLaB
+vMzUfgCg6dc/yJfroEebIwIJfBdjKNtzkWcIjXKZoNfRwpW7u6qxoopvuQmplg5n
+XnaTJFmePQ15kF2iDzb1hZ4W
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec
new file mode 100644
index 000000000..9d385900f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v3-noBC
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem
new file mode 100644
index 000000000..e766ae395
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAwIUUfTQFSAC8qOhLbeI7Wqaa6VG0fAwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLXY0LUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD
+AQH/MAsGCSqGSIb3DQEBCwOCAQEAOPqznyrSXvk8Dcw2Y1shbinmUKgIodAD1eHe
+ydM9c77RVLYCtzivERid2WMDVSVtPkniQBSpHh8rq75fUDwUXoUNnlUDi+hE5HBC
+eYc8duCo3Is7FofCqxych1M+WRz/Vr+Dme45/1+7o2YLnp972Vd5WqnNRPBx6B89
+uU1pp7mS1EfNPObYImAD0mHfTLYa4nCoGWrp4tLxChQ79FnOZlZtTykyQoutPeGI
+GI7BW60ABF9t9Z2LNX5hL0idV8jwcQy8XuqRxOgwkdUL5ErezWgN1J6M3zBa4cBX
+aZsU3VuAkImdubbIpPeHQX2Chj4rLXmKxibgJCqKsQqNaTdRFA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..1f44c1dd2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v4-BC-cA
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem
new file mode 100644
index 000000000..627429ed7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAwIUPW7xxyFS8KpDVIUpRpqCNCmBOuUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBoxGDAWBgNVBAMMD2VlLXY0LUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEBADALBgkqhkiG9w0BAQsDggEBALbzCIRcwRjqa1a2Y1wTPVSSSLD80lcW
+il7AGT/hEJ6+uuy9sSl3M+LUU6BMG3XeEERRZg5iWoSvRp0UHGo1ViM+fsgm+C7D
+uby2iVv4nMokrAEZ10azZrgDjEuKQlmdarPzdakoL6YaOXrkP9P4/6v5HeLmxd7I
+Q/iry5TKPFrfkk5xrQwZw8zr8P6ygsnNGZO/MH3+yR4cuSS1piC0i9lO9RAyNk1I
+sAKedwB1sirklVldeWcll9L9WLtYINsn5cWEVKxT2goF0BrkIxNSZLH64tWuIGHG
+Y+QHZqGJum8tYddNuoES8nsKZZ+zAzJ4IrA0NE7MknHrD1Ph7FmnX40=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..e9659153e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v4-BC-not-cA
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem
new file mode 100644
index 000000000..1852ea6ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZigAwIBAwIUVfwLTWJ99GNH7nvKMDko2v0xjCowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLXY0LW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB
+AQCCJPLfbxTQnHMP1Wl/XpCifu2deo9tcoEb9Hvpc5y9oJUS0qumTMq0H3dVLsnv
++UQ7/YghsGChqveMKVdaeL2UhNvw4nasPLYq2s8nor4+s00moSysgogauvUrQxB+
+SFO09zcX3bVy6/MPrnMVRXlXTCDji8EnI9hcMhQbFfbgd8V+k1oyuDD06PPak5DB
+yR1J+Z673Cp2KhcwIJUNbbOS3wqUU72lanXMzGj8xkhf4GsYYF7e+eWfMDIIlZuj
+mKM1fSCe1m9p9EUVZI3uzuP2NUJbdCsoe8VWGe9TUOEfokmHAykMgKVpbMKsd0Fc
+GAGDU8/x0mGGrA9Jk9T7iagp
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec
new file mode 100644
index 000000000..19229ba76
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v4-noBC
+version:4
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem
new file mode 100644
index 000000000..1347bc1ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUE6KjPmbDFR43gm22W31CxcYLnNYwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12MS1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAB5f3BeuLOxnnFy7ivHW6k197ycHOS/ilmtfZHxnf6ypIzqq32ooMNfF4+/4
+M3IMfXwe0NuZHiTxwohV58ZEVtfYXQ+tM9E39YQMHemludT4rKgINAEwCHZCXvvn
+txaLMWN1UgQc2aPdlyWagBF6YhmTFExmIUSbe9BnbuIhP00kOls45RnFfcsJJffQ
+lCniEIo+hwRWMjnajh+ecNNFlM3ToTH7+ZUGX6KtfpiBX+kFEtgevNbyghifZ/eY
+HcXNA2LlXbRzKD/xspyk2BnNTaniBwqGQjwWd5IJzEHpvOrqDjEyvx8cGjUFOxsC
++BFqPQs9lD/SOmlPmk66sNw+iMU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec
new file mode 100644
index 000000000..6a7dc5c43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem
new file mode 100644
index 000000000..c42913f1f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUcUd8DHziTDCWlJ6HrPIr/B8aaUQwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12MS1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQAuPQwVmkSWN1A59vPXjQNaM+sVKeEiEpRZKbCfhYR0aeutl7MAg5sM
+RiHz2p3H4VALW1J2BdL7CM6X2A101UDY7LO2AEyrzYdm/+fvgd3XFWBeMx/UBZdh
+09I06b0p8tZrQgIk4xIcw/fP5YeYKVnMWcietQ0EnZl9jmqwjvHKTh0x8hkkIDu3
+uY+aByZC4InIcpfgBkqZaJgI7qAGmIokMMs+RHOlGwrOKbsCuvRw/xHIArgmHNfj
++BigwjBIrxW4IT2d0/65O3vlQ9HhMaS+UjXiubny2TZ9I2kvWfLQvAqtPE7DOibe
+zw2iooLP75X/UzNmLpYtr20S9Ea+S3RS
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..639f83d66
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem
new file mode 100644
index 000000000..39cf67e24
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUCeeMurpySlbHPa/G6N9eg9Af8+gwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12MS1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAlYbGEgRSFPynbiDuMRskGkoV+9/53fmP+y8S2YfEGjziuKZOeOIKjG+unU1e
+/2Gz3pktpNr5TwqnDZEIYDvAAy8ByZ9mVUb060rac+7iQxVJCy0epakYA1aIyvXR
+Fk7W3Ivjm6cvl10OqKRySQTqSq708kxg2abLmjqza6AlZlPDCprylVXy9S3op4a5
+TsIiD3R0cmg12AAH19lJVd1jhdKARBaC8d7vXC77+bb4MYngGm3iOX2ZyFkF/0Zp
+OH+xKSVgGHXyfjaecY6JDgyk9zxxeYpPLUSKY8O7KW/2knGxWh5l4rk9+j3oJY2Y
+MvpxLCpOSeibhcsrWXH2UTMosA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec
new file mode 100644
index 000000000..d704f3086
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem
new file mode 100644
index 000000000..5147e4587
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUG9+HDLQWRsQlo2lXC8I4+9uWrlYwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12Mi1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAJjwaeFl75mff+lYb8Gc15TfPZohz05jFR8g4MHuPePn92IpRYsPQfJL/Op4
+dYZJihih/G+1umck/TYExbX1KeY9QGVc6Bb2yVxwPf3t9yv0yhGsOqC055sf6Orl
+1qEgWcjGOnCW4wEe5Tft+K1+1l2J9OMgtcvNs0ctR65D8tdmyFBLQDhvnodaOYDn
+S6RNx9iNPT5jxQHZnBHL6oIwYgSf8xTAPS2+Z+xm4juKHy9T5vW7lujImDWQv+/V
+ugCKgsip92uKKIr+/KbNDXU2x541ewwUm4OxE0x+drHhV8al3VPsnk9VoS9o1Ul1
+aOouSF+BAz3e59YdoNXWPcf9F+M=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec
new file mode 100644
index 000000000..5d3a65e65
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem
new file mode 100644
index 000000000..4f7042bcf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIULcr3aXyX5SxQEEPGtPM3p8VlT18wCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12Mi1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQCBsDwvDLVDaEf6o3xzqy5BdF6AcfmqDZNLs1BmcH31yP7eTcXsYHyT
++qUorVz5m1lOfcBJkCQbMDRotZeie9kgQ6APZywD93mC2ELjP8+9WIERy70gPtEn
+L7LvTHT92gdj5tHzhbIsn2TvoGXOYYAH9uQ/5gn/3L74GUoZwMjGWufcqkOEHJJO
+kmrYgOTWy7B64kfuAXzqU2SbUlQ3lxb5ZVv86PPzqPf9JQGXODH/nAzAVq8L9Kdq
+iy0PNK759Xw/1EOpp6vWAMHja2LErji4CWWDmXx/mnvIj7QBPvVAuO0w5/PqrZuz
+i4n84WFh4FYDBUpW6l9Uvek7Zk6xNp1r
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..591a16aca
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem
new file mode 100644
index 000000000..0612422f0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUPQUSp52t9MpVcbwvzmrn0rnXe+0wCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12Mi1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEASPKWPlQLYrodnYnFhtEdkne0AK3A/D8KlUrEbUl+SPbI/ORJONH362MSjsWZ
+RKqTz4fYdtqF43iIqlvYaZeLrkGSLTeJ2C+IAeOhiri3b8XjwFF+iXjIYGWnlhyH
+ollM3n7XOJSBOC4S6gMNfofuK7no4H78P82M5wFX6rOCCm9rxv8cvOO+SNlKkaEA
+IWy+taZcj4BOhgl+38VbTs+9ACG+FsLFru62twNQx59j3MbDbHfrIVzY47plHUPU
+jz9s/CCSkUA32ZvbF2rlFQQQf/8Z2oaW/xrWmp2eESLEd4F9NzY+Fvo4PY3k2kkt
+IzRZVoKot3yCAtzPJp0SJ2abgQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec
new file mode 100644
index 000000000..7f99393cf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem
new file mode 100644
index 000000000..ab530840e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUaal9Ye64U6vI3odKwwGkoWeVLnYwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12My1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAG69rgBi4gPJVvu0KAmdgyadfG+89pgH6VyRlP2ZAb26E/UC2vf/fbhFPt1v
+kASTstsxrkmJeTc8aQXjpFqH2uDWoKDNmUmatzka7vFAjwEhKDLeBwihQhepJJCu
+e6Vm0ZnVNsfdXUc4xOdk9w2R91/cF/qxk8OTuB6oSLzpQ3rfvLAXa41GBDHQTQJJ
+R1Y6uYkJRJgyS6aIpZ2x5VCfhTlhKKYalKphZeBj7Ll29/vp04X/42102YpBdN+s
+h/8vqhdQNKFh5A3SvnWeNZTNRt8NizGqqGuv4yHmFPO7Gy+vDg7kj/hI1t+CBQy/
+kb3WFKNABDT7L1NY6kMUGiM5iZg=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec
new file mode 100644
index 000000000..13af934f2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem
new file mode 100644
index 000000000..4982b6454
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUDZZXSGXaQ/utX4RW88viJd7twPIwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12My1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQAgLJgacqqpseEVlZtg8EM79BOC74xpPk2ggXxlh8+eNc0x9E8yqUR9
++eGPbVpTfDhNO8f1EXHyclW7RSmfYPqZlOFUl0VrqBLF4nHmc3DlXy4xKpNxWrHR
+/dY6WMvfryLba5dNp/aLbVShgGR4o79YnKVioUk8m+Hf26s94Ekn4PQPE/LXAic7
+gvrGYG2V9AXxokuGqBPY08DqMUwYNjPcgctOsoyqZb0VsgxytKv4KGo1q8aEr7at
+9R8vc0bgp6isLU9pDH0LXvSljS1SCZsurDWsWfR+0j2OSFWCBgxvb5oqPc9Jutrb
+4SGvtpYijCq+6ygiRn9dN1JV0RHuGoRl
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..8539715a0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem
new file mode 100644
index 000000000..65f4c3697
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUOT2vbH70RwEQY4WI7uJiyJBo3yMwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12My1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAV1ofl/U7R48I9NqjR3h0ie37k2xQc28cqk2DF+320aO24r2t5JWgSBytewoq
+iCg54QZD7oqdq0JdkHxzNCId1WNFyVFe2+nTiomSJESa/e1Ukbc+vQe0xTqt9dJC
+0ygRdpa3OwNO/8DeYyVZe/XX44p4bLLbsunAr7HFcnWsKFGAOpd1yhEmB7QXW+w6
+xgL+TWmcFHq5FLezt93dFulUQcs394OoUdZ8qKTF0Ge9jZ7CZO3pvudTZ8skMYSY
+j3olnDyQ94tv/y1H8Kxn5chMGbFS4lf4QsRDIBJ6OpPKpEP/St+tY/7yQAHjtjmF
+6buVZsBqPRs39xMJMs2PePp7Cg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec
new file mode 100644
index 000000000..a65e41cea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem
new file mode 100644
index 000000000..9405db2dd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUJevhGs7hqJR5QVzZzE+05L+1S70wCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12NC1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAFkfOzERPOpqPPPuPc+xawfkrg0jx7wktbNnws1FcgF6p0eHL+eDpoQ2DMfE
+jabozGSjj4ZQQ6Ai68gIThllDWMCHCSjLhlxHOPEFWDjeP0mTSdOZTulZxMdbIUm
+zRf+q6FI/2Tv2U7F807xMokMQgw+ndGISpSkKRPIl/PorWh5TU6eUazrrbyegHCW
+xPmNoDhU4SUkdcpe7qDKnbTOb7RYTyFBGU4eMKMA7L0ZqynKo7Wvs5+EWovQSha9
+qeeXdD0wvi2HI7jNXIsYJD5mC1Rocj47/wmppd30iNcIQJu8VNI4YkgS88Y+ogEt
+TzxFJMhZBB+H8Ub8x2Gz3qt4QnE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec
new file mode 100644
index 000000000..35a3a9ff3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem
new file mode 100644
index 000000000..767219577
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUU3doWVdrXHM0k/ANaNuyVJhR8GwwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12NC1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQCGs+8b9J0JfOUVFuN15n65KqJadCjcxBn3qBUw5AIYzi10sIFVteG9
+LDN10s92aXwTVYSoVe6ZGM5cJ3MUezHeIrkNklCvsusRvoT4pEoDy/kTmLGLb5z6
+OwBEGYrSB5/jPtcstOBTN0FEbCc8XEGLEQymdB1detTDzmUbWseWvkEnBlf2EYMz
+BdbcE067feMtW9SLo/xCqCHmloEiZ1z8castW0X1tHU4y+T67jgMdE4wwVb5frTm
+8tgg8JPlJlWrtywdAcu2zTW7FiFnmLQ92NFjqIOeb8VybkgcTXX8FxiAbtYLbqpd
+JZ5fpJiTnslxKY1m23DQaG7Yl+Jkif0s
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..7627d3a8a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem
new file mode 100644
index 000000000..30ee60821
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUYz+f8vqMyWzBNKoQl03ncht2cIIwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12NC1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEArnYzwre41yL4hGRL/xlHQMNsblZK89GB0tovUsHvWScxizomaBN7Nai8Y1JB
+U+6zXjMb3HP8h18Buxvuc0I/+RIUGRhxZ4PbSd/yi1yKaTL1smf5hVscbyMRajvp
+Ws+CBmuwPOcNwvJH4acul2ljySSKX50itQuaKMqjWLmNYPz0PET683QijtQjEre1
+oMIVdq/z438Sv1mdUtRIb38bLzR2PO919lu2WN8ZAI7pQTCLFTg7FdHao4R5QtXp
+n3zqzPgO1xgcvtgMWkeuqC1eUefJrD6+rn7mUFFtEwOzneNIb+xUuBgt5l33OTGn
+v5sHclUaB2LM0cqGtvVkNd3P0Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec
new file mode 100644
index 000000000..a78033753
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/generate.py b/security/manager/ssl/tests/unit/test_cert_version/generate.py
new file mode 100755
index 000000000..7e4747d63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/generate.py
@@ -0,0 +1,82 @@
+#!/usr/bin/env python
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This file generates the certspec files for test_cert_version.js. The naming
+# convention for those files is generally of the form
+# "<subject-description>_<issuer-description>.pem.certspec". End-entity
+# certificates are generally called "ee". Intermediates are called
+# "int". The root CA is called "ca" and self-signed certificates are called
+# "ss".
+# In the case that the subject and issuer are the same, the redundant part is
+# not repeated.
+# If there is nothing particularly special about a certificate, it has no
+# description ("nothing particularly special" meaning the certificate is X509v3
+# and has or does not have the basic constraints extension as expected by where
+# it is in the hierarchy). Otherwise, the description includes its version and
+# details about the extension. If the extension is not present, the string
+# "noBC" is used. If it is present but the cA bit is not asserted, the string
+# "BC-not-cA" is used. If it is present with the cA bit asserted, the string
+# "BC-cA" is used.
+# For example, a v1 intermediate that does not have the extension that was
+# issued by the root CA has the name "int-v1-noBC_ca.pem.certspec".
+# A v4 end-entity that does have the extension but does not assert the cA bit
+# that was issued by the root CA has the name
+# "ee-v4-BC-not-cA_ca.pem.certspec".
+# An end-entity issued by a v3 intermediate with the extension that asserts the
+# cA bit has the name "ee_int-v3-BC-cA.pem.certspec".
+
+versions = {
+    'v1': 1,
+    'v2': 2,
+    'v3': 3,
+    'v4': 4
+}
+
+basicConstraintsTypes = {
+    'noBC': '',
+    'BC-not-cA': 'extension:basicConstraints:,',
+    'BC-cA': 'extension:basicConstraints:cA,'
+}
+
+def writeCertspec(issuer, subject, fields):
+    filename = '%s_%s.pem.certspec' % (subject, issuer)
+    if issuer == subject:
+        filename = '%s.pem.certspec' % subject
+    with open(filename, 'w') as f:
+        f.write('issuer:%s\n' % issuer)
+        f.write('subject:%s\n' % subject)
+        for field in fields:
+            if len(field) > 0:
+                f.write('%s\n' % field)
+
+keyUsage = 'extension:keyUsage:keyCertSign,cRLSign'
+basicConstraintsCA = 'extension:basicConstraints:cA,'
+
+writeCertspec('ca', 'ca', [keyUsage, basicConstraintsCA])
+
+for versionStr, versionVal in versions.iteritems():
+    # intermediates
+    versionText = 'version:%s' % versionVal
+    for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems():
+        intermediateName = 'int-%s-%s' % (versionStr, basicConstraintsType)
+        writeCertspec('ca', intermediateName,
+                      [keyUsage, versionText, basicConstraintsExtension])
+        writeCertspec(intermediateName, 'ee', [])
+
+    # end-entities
+    versionText = 'version:%s' % versionVal
+    for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems():
+        writeCertspec('ca', 'ee-%s-%s' % (versionStr, basicConstraintsType),
+                      [versionText, basicConstraintsExtension])
+
+    # self-signed certificates
+    versionText = 'version:%s' % versionVal
+    for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems():
+        selfSignedName = 'ss-%s-%s' % (versionStr, basicConstraintsType)
+        writeCertspec(selfSignedName, selfSignedName,
+                      [versionText, basicConstraintsExtension])
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem
new file mode 100644
index 000000000..26e57b926
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbQCFG9flwxK3L28b9SwsYwGidUsf/MtMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAX
+MRUwEwYDVQQDDAxpbnQtdjEtQkMtY0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAYnkJ8m2Q5ercVLL3DPZXrD/i
+zuIn7/ZhtNRrv/CGUOge36bk/6RfYN+rRadM9wHbKKgjXLgA4jDNhjdRXN3QlqKV
+5jxTJuLlu2vX9d81NmmhEk1cs9NMfkKdpXhOFR4nJvVfc0U1UqVpN4yf+U1x/CsT
+KJ2pporpPCIYUwnXiizRXNbUvZJ/GF2HMRZQn+ude87Rm0Q8ifD3yz7CZVKPf6Kk
+Sr9iJubTzLfKfJ1IkLe2yhvrbB5s00OW+kVnudjrFu7ZWKYVM2PJlF40zwYJl4Lr
+o99VmsPFOvBHOAZoV/iQljY2DgauwtBmsa1K8iEPc3osALFM6acD9J4NBTahKw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..77f3ae914
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v1-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem
new file mode 100644
index 000000000..59ffb040f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbgCFB/qdSZShwQLqEJWGZti66J8bY/MMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAb
+MRkwFwYDVQQDDBBpbnQtdjEtQkMtbm90LWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMC
+AQYwDAYDVR0TBAUwAwEBADALBgkqhkiG9w0BAQsDggEBAEHdkfOCOr648UTiqsPG
+Q2bgBpfQR9q+sloaInyuhUkikrcVEFyDfX906yXpdAOd5vCof/1aC0Uj9rEOfGed
+qqRGELrBP8hJWlUdISOuwSsP9YzdvvDUXCHYK9P0v4vFKN0FPpQ5jXbRbxt2Hlof
+TvcDhd/IwRMT09bM6MuW/UCP7Amg60e9wNCYj+n3SpQcudlQwn3nsDrDeQfdaXqt
+6JEAr7wujeOaLiA0e+i1EG2qeYJ8khEbLjXxeHmuuW40W14rUGygvdv6fLflGvYH
+ZyHNi8pxFryfxet5S45pVPL0i2d0ebbYjOGBp5//CKeN6rwZsP32CMDgTp93lwjL
+ELM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..2a366535b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v1-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem
new file mode 100644
index 000000000..4f11b699b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuzCCAaUCFBkI5w3s6jLLXnulpMK+fY1ARXT4MAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAW
+MRQwEgYDVQQDDAtpbnQtdjEtbm9CQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgEGMAsG
+CSqGSIb3DQEBCwOCAQEAPLtcxQ6cE/ujKoes5ANvhdVSLvu9yLtV3nB0cFi/9JXj
+3duFxIiGyfvci0NdOlg1OQwbO/zTsCDW2zK/xL66QV5UtcEZAWatzI6/2/aqp1PF
++dXbMsieNsVyIjStexjxvEj5flwtA06P0u/i/bMXtEiIIUSwmZ/GPDIyBlcBaJjg
+vBwRXnbPYLE/zKqRz/7rsQvAbrSiGbjeLHTU5jcnXtafEmm9vSAY1fw4fq1Dyz6f
+OwPCdc945ENuo7N+gEMItYw7TKyS5ROmlqDSnhWvL3nrhv9HyxLHKC8MJwRrjKpU
+EocizMzyjzcjY3Gzdc0B3sBBrgcLMEcoFf1v+wrbdw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec
new file mode 100644
index 000000000..63bf6ed73
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v1-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem
new file mode 100644
index 000000000..ee4285cbf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAQIUT7iE9WTjWgXtMmDtZcXlv4QzJ8AwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC12Mi1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD
+AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQAU6AtsSDtT36xwdLKs
+KaiJNQjCrsqYzBYcRKyKHDiTm8naR4sLT27VRIhzPxsz149VF9iFriU+WEdelZSV
+9Ql3bXNX/02TRQxrRP0LMg/3JQq4PexJph2I93W6LQmsGsNgWqwzPInZfUoXu2nK
+wdRxPAGA30PXqzN7e2kGXzD2Nci8ynjsU6EqKwSW9XArD40DRoBJN6OiBwUo9Bem
+EsbVfytYX2bCPkjcFHk0TbhToSFmweGwAOcRO/A6+XM6pjd48kwA9H9CIx7g0NQ9
+q2TNLsvoS9aH7U3S53l8CyVu6hmKF1klQkkZAxa2Mz5KteLOxRxdLnsmRLZ7vwuT
+2tUU
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..ca1bf67a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v2-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem
new file mode 100644
index 000000000..f4159d5aa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAQIUSwfORMpfA9q1z6/EWOfUSx66zNEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC12Mi1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud
+DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAc4IWi7g4uc37
+S3NGcizKEZYsQdSzk4GwMxgX+mdWe2qqnJCer+E3dGrINEMb1blIaah4HGWFfLM5
+2XbBLnp0Jfj0ummvnAcZk5YVqixRgjr1RfzMavZOrCiGFbel4FAO7ht+ICB5AmbM
+W9SzE9z+yMg/bOHur2rbaqZzsQ1a3crBJjWvbGulYm7HYskQx99HPyrib5H3r7Xr
+H98haIpPn8hzYCZBb36iWfSSXvsfmGqGiAn2W2u+L/LwNMo8G3hpNB668myEmKe/
+D1Wdxg15KFLitsE9IaaIoMPQZw0Ir0/dKanAPSqG0hWw2Djw/S1yIwgoq9ylHxxn
+0fq+xxZJXA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..fc28ff150
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v2-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem
new file mode 100644
index 000000000..93d83a2b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAQIUK0Spe0lKn+U0xO5jDNCuI6z3d+UwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC12Mi1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC
+AQYwCwYJKoZIhvcNAQELA4IBAQAuydEs4UV5LclC5FsN97v3zL13tWT1+zgaHyxm
+fyGDfNcWXgha2Y2LFc5lqKwZSqMZEL1f5UUAS5Mft64oak7loWKmFrE4oyVRrpGd
+RnzOzmdtztmQxglYIIV4Am7c8pXUtwP7muWrd5myG9LZHwY9I6ZH+tjwV9QlSWaY
+fV+N1Js9auYTb1yhNVGIcRdmdbnutBn5rj+h1b/PsO8CPW4IHxHh3AW7hAnBLhF7
+lMneMbmyodHzpGJRCSjtklgNOG9cMvMoUabGrhVnYQzcTp/Qf8qlKvC51sNeamzj
+ZzUnaZWgU3holgbI6O/1g5uzRaMDAv2zGRPOsU8SMTINunv+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec
new file mode 100644
index 000000000..2d3fe59ff
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v2-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem
new file mode 100644
index 000000000..a27e8058d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUAaoaQ4IPqjRVOQz/4vo5JrDzcA4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC12My1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD
+AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBwyEbiIyk6KMwWZyq5
+F2BxTInFKwnup+Rpmbwa+8o6NzQwjJ1cWszSPiN4akCO5GchrrDulAM6/kRANriA
+5N+J+V5W0+Lr9Skl4kUBEDE0AWj41QW5YTrIli1bjFyfwKydP2almStnYOXmvDaL
+Znlcm81azW5gibGeiLdCMo2RNajW1C2CMZs0TFE1NVbnw85Oaq5/RcUqx8sQ5OyX
+5lkRGWoblzMUp7fY+fle+wgyyJdXSeSAp7SNJbm417SyEFTU2qx+6wqi6R5CE6M1
+R/uYGYH0SyXCGZ6Msng9w4ZAT7XX/ECEC9hfZqDRf/1XS21JOzz6F5y9hkh88Slk
+GwPj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..56fcb21a0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v3-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem
new file mode 100644
index 000000000..a7cadbebd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAgIUSZQ7USLXyTqZmjspcuxv8RjZtp4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC12My1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud
+DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAEshHw+MsZRxQ
+2Ozv2sJHTwedcCks2jbm4T9D3/UbMfReMG1s4zjM84O7a1ZxV7SuudtfarwVK9EI
+6atRV4qLSAjZ3VfGjWo/1+rIN+LYTB10MZFefSVvh4BTr+vTEG9va0f0Q70KIwBU
+d9F1iOZiYKvuzmv8mTbVRXAU74CcyGJeyhaGm6+qv4VztdxrUB/fSMTR5lltDJZU
+MKTy3+n5fttP2mnwc5Za7A8Jn0Mqz2TVI2YI8CmCUdvaGqPdTcnQ0Xw31qEu4R9Z
+dzfcLQPZg05VqOTOZzZqr45qIqVhdnOO/rhziIaFPPFkyEejr1vjeqtZW2hiScjX
+h0t+rS7HEA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..a2def8d32
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v3-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem
new file mode 100644
index 000000000..9e342a0d7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAgIUfcNfM4j7uUnlrqBNMfIcXy9g3zUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC12My1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC
+AQYwCwYJKoZIhvcNAQELA4IBAQCIsW22mHe+LWhIQm6Ess8r6O68O7G8RW1ELeL5
+Kg+iFXnmRVuC3gK4LH1G1VNIsVj1tGXtYxCJiJ5I4Aybvd+26reA2dCeQRJ6Ja/Q
++RQ5UW2HcbV9E67wYvbvXQlUk5MoY9vOqHAKXksEGxUnqmg2t9K4kFXAe2q9/i2g
+syzV3EtbxADKW4mSLnLyC0AOmNcNB6Sc7/te69GY3BkDriJn5ayj0Xbio6qgfyY9
+jEAXPEnL6fggTB3XBUw3dlez9tweGLwjq4ei0dVymv+q+15qk7FmwJtRSGPYSU9C
+gS7yPOLt4WP14kU3BLV5pPMHgm6Ff+l3UMTBPaHuYnvEHMZW
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec
new file mode 100644
index 000000000..b336397ab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v3-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem
new file mode 100644
index 000000000..a687058bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAwIUF3WP7b7JOaJWcP3tKFhcerw7104wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC12NC1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD
+AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQA/+1qhIMJIE46IOGAX
+E6mqNDfKlgv3neuzz7LvO8BwDXKN5c899Y1fQAPG9vvH4x6LfibZuansSKuYlQuo
+ty3+9uD22ZMyva61re+zQQXasxBm+lQ+YqjuTQO9XYwWCcoiW1k9UgwY331Be59Q
+vb4G5MTkIK4IkfXLI1rXywcfYUL551YESILSrfB9YGyfQM87waniXMgYlTVMWjze
+xhf41flw23eA6DspXlIMDIphDjrsdlNLt6M8Kq8ZX2pWNv3bHRW2GXPFTujO3ZX7
+KtEoKDVnRRoLKZUGV800HRvxnxQHix21g7zOh+P7OROsLpqMy8JFyq48RzFbcjRL
+zxX+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..12b94e63a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v4-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem
new file mode 100644
index 000000000..ed8fd32d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAwIUVaZ2niPZ6DLRtuiwINlg8Jk1dZ4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC12NC1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud
+DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAk9BrF+WBvw8N
+Mq2rS506ozxY6ns/n0rD+eOD6lsurV6naqZpu74jagfMqlLBIppFe93yV/epDkPa
+E84mDq6QT+smmosWlG4+HQ2+GnsNC3+savT5WXNCcLZCwWQeZWWndey2Bg0T/flN
+g+2bHUrtGtz+GxfMV2/fwXiC0AD3F/thrrupl4SrS6wcYlaA7RJbGx8y47u1W0Zw
+F0GL+cflyzoZOlXQrcXeCBCSFSQWlmyqOXKsXIHuPjPk4SVo7+IXH/4OQTpMFMVU
+77+brGacqro+d/G83wEMM1mBur2XFYmXRdVAhDOarM3abFcXF3+23xZtv9qRNMRt
+giMNReL6kQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..43a04f70f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v4-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem
new file mode 100644
index 000000000..037046a8b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAwIUFToW9dVGyhNcvbGEpVtHhT1WhgcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC12NC1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC
+AQYwCwYJKoZIhvcNAQELA4IBAQAkki/4bWRgG61BREyFJh6R94w2DBEH4J99Fvyu
+T8UaAxbi688qDuKmA7kCZpmtZKRna/d6UWCrU1kHOFpLtRBGcQIDFHAJYuuqsV45
+1tWQXkM/lpt/ZwV8yORiAzMrRgVup7krAolMsQkIK14pLwigwHFGRbZWsU7/dVhD
+JIwAazsl1PVBNYkxGG10GlMdLtXN2xj5aBuxLpOBNIa7l8HSUDS5xU8iO+vRG9Y/
+mMBPcMaQY87GOqTdNTVMZZlp/pLhSZsoMJc5Adm1qDTr5LX0fBcr3ljPoy+WLMOY
+/jSMhLoB+g3A5+N++ac9s4txNh3SSQ5kZ5F9p5z0h0nvfiGP
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec
new file mode 100644
index 000000000..4970d1e94
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v4-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:4
diff --git a/security/manager/ssl/tests/unit/test_cert_version/moz.build b/security/manager/ssl/tests/unit/test_cert_version/moz.build
new file mode 100644
index 000000000..acea4142a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/moz.build
@@ -0,0 +1,61 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee_int-v1-BC-cA.pem',
+#    'ee_int-v1-BC-not-cA.pem',
+#    'ee_int-v1-noBC.pem',
+#    'ee_int-v2-BC-cA.pem',
+#    'ee_int-v2-BC-not-cA.pem',
+#    'ee_int-v2-noBC.pem',
+#    'ee_int-v3-BC-cA.pem',
+#    'ee_int-v3-BC-not-cA.pem',
+#    'ee_int-v3-noBC.pem',
+#    'ee_int-v4-BC-cA.pem',
+#    'ee_int-v4-BC-not-cA.pem',
+#    'ee_int-v4-noBC.pem',
+#    'ee-v1-BC-cA_ca.pem',
+#    'ee-v1-BC-not-cA_ca.pem',
+#    'ee-v1-noBC_ca.pem',
+#    'ee-v2-BC-cA_ca.pem',
+#    'ee-v2-BC-not-cA_ca.pem',
+#    'ee-v2-noBC_ca.pem',
+#    'ee-v3-BC-cA_ca.pem',
+#    'ee-v3-BC-not-cA_ca.pem',
+#    'ee-v3-noBC_ca.pem',
+#    'ee-v4-BC-cA_ca.pem',
+#    'ee-v4-BC-not-cA_ca.pem',
+#    'ee-v4-noBC_ca.pem',
+#    'int-v1-BC-cA_ca.pem',
+#    'int-v1-BC-not-cA_ca.pem',
+#    'int-v1-noBC_ca.pem',
+#    'int-v2-BC-cA_ca.pem',
+#    'int-v2-BC-not-cA_ca.pem',
+#    'int-v2-noBC_ca.pem',
+#    'int-v3-BC-cA_ca.pem',
+#    'int-v3-BC-not-cA_ca.pem',
+#    'int-v3-noBC_ca.pem',
+#    'int-v4-BC-cA_ca.pem',
+#    'int-v4-BC-not-cA_ca.pem',
+#    'int-v4-noBC_ca.pem',
+#    'ss-v1-BC-cA.pem',
+#    'ss-v1-BC-not-cA.pem',
+#    'ss-v1-noBC.pem',
+#    'ss-v2-BC-cA.pem',
+#    'ss-v2-BC-not-cA.pem',
+#    'ss-v2-noBC.pem',
+#    'ss-v3-BC-cA.pem',
+#    'ss-v3-BC-not-cA.pem',
+#    'ss-v3-noBC.pem',
+#    'ss-v4-BC-cA.pem',
+#    'ss-v4-BC-not-cA.pem',
+#    'ss-v4-noBC.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem
new file mode 100644
index 000000000..46f82cebf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa8CFG+MGH0v81ssRXWoQbbMgVkHEf6zMAsGCSqGSIb3DQEBCzAWMRQw
+EgYDVQQDDAtzcy12MS1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAWMRQwEgYDVQQDDAtzcy12MS1CQy1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAtZZ5v+5mleP10vnCziNlRqOprKwxmG
+t/tn5sOjQRxHMS6J/SV1zuIM0jkgubN785jj07QorkyTgxyNVumdUq3G0RutzGpq
+paJXYHg0UYJ22N6scGIwuXE/fOh58XNaFpVytGaZIeGAeFcG4lFEHIzOKmRBZAlu
+ba8ger2Vykmm9H7WdYdtUA35jKWNwkF1HABwbxrAFiMLSNt6AWDTYLgoyva77MWP
+6sAN7Vhs8fGqHvSTfwVb1xKPiEyj9R4OWFcyQIfwRrNL9N/9qIfSp0NeQd1duVcu
+MNQSQ/0fCir7rvaz8Wz24jJb+NaAvHpfdzPmvpoI7IuwPv87K2PgPPM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec
new file mode 100644
index 000000000..731396f03
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v1-BC-cA
+subject:ss-v1-BC-cA
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem
new file mode 100644
index 000000000..5f9d30fba
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbcCFDNyQtXuElhDbK7NjNVK30/fBucMMAsGCSqGSIb3DQEBCzAaMRgw
+FgYDVQQDDA9zcy12MS1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPc3MtdjEtQkMtbm90LWNBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAw
+DjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEACAgAx20D/LCFt+PpWXMJ
+6ZBaYaoLSZx6oDFeo+6zo4wjEyIhS+l5v5W4f+FnTL4h+DrugV2h2YlgoV2EeQSV
+z/aCd1Q9GG77ui8uGNTnA5iHBYefJFDMxB/n5gm1qJagfLwbQICdJoVEXvRvfrSj
+Y0y0qvzeFBI6tUZ5XwUdsigr6fto1tRHYpZORwJOWvy6m//NQxILBvRWnjsUDD/y
+Yt5yZWxf0/r9md8hyKMBXZ8BqS6xFxoezRLIC4hqhoJNFN3gkxlogFiSi8FtRa86
+ld7vO51lKA9LqtiYlCB/jReEhsE+kGpUspL4f9FXvvnCr7LLqsXI6VoSrCWmsOMP
+rg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..20d716d49
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v1-BC-not-cA
+subject:ss-v1-BC-not-cA
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem
new file mode 100644
index 000000000..a117460d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZsCFA+72QOdH75J3hB9qKX0pOJInjg5MAsGCSqGSIb3DQEBCzAVMRMw
+EQYDVQQDDApzcy12MS1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBUxEzARBgNVBAMMCnNzLXYxLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL
+A4IBAQA0Erbg1IXfPrT6ZHl2txIcza4gXrvKHu+Ahq0XIYvJBPVDvwWTQlktJGcq
+BDndGLOYIHkm5CyeOeCIkjGH/6EFg8jLjBrc2RGoaFmhvi9QuDP1DN/082DV69ql
+cJZSYX5usTMRuWECy8k3t8Mf2TqwoGEaTP7tF9chxItJUEjlkuZRbcLf22pb1Hby
+heEVm0m/JHelm1eQI5j0DySS+Am5OTxvCx2WXOyITN7KDHitWalu29DUHNOBLndb
+kMxCHLHLWicpkDrc9o5TRWR+UiQ8fucfaGCgGLK0RIC3AwMSFKmyky1Xx1d5pX5C
+9vfJsSHoJfm86RPkJ37ZRiN3zwJm
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec
new file mode 100644
index 000000000..58d2f0d7f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v1-noBC
+subject:ss-v1-noBC
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem
new file mode 100644
index 000000000..c23ff6607
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAQIUG6ex4GpeLkOdyG0kcXwahQ2TJgkwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3NzLXYyLUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXYyLUJDLWNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAomxNmMoe4s7X2giV3QWVdOUg
+XHye6mFnfsFFZBAnJbYWAy9NcrmKMEReo0APujdZuZkx3LTokBW3A5jAfdeb0l3f
+vxkzgTBSd8XNDm/VnqpMf8ZABWEYpofiMV7fXq1lox2ePyCvh8Ksc22A2ceDy0r3
+gONnMeqRpfb8702R7ZaZzAba3S2kL63Ca40W+Ut1on9hkVxLBb6CM9HKnWl4AacE
+OPtJrJwrwYJKP5Xg3yIOwydHFSVPb9puiBqE+5Da9EcKH3FlXkuMbVcPLQNnQswV
+ThHdBRAZAyXzc/T6CraJiJX8jjFJjX0/JIwZ3LQR+nK2oQ6KoEy33xYi5Gvyqw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec
new file mode 100644
index 000000000..8dbb3a65a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v2-BC-cA
+subject:ss-v2-BC-cA
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem
new file mode 100644
index 000000000..2ba60c464
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAQIUBXBWOFiYgovlJC6xNnzLkhSbBi8wCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD3NzLXYyLUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12Mi1CQy1ub3QtY0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQAY8GDCVpMGM7xQ
+GjpedV3hiJ47d5ybVaJubldz082/5RhqRtfvZpC3RwzLQzkGsLvqxH87E6KJRHDq
+X5MkAZzuFv49dtQX5BXAiUSDbC33dLNX/+e75LZ7jo3CZQxaHNNu9tlXFiy+661c
+GH4FHDT8mvzDX5lJlmJ1fecPPndH/nnbcgcAVKZgi40xDx87MlrF7R23KXqbxFJ7
+cj8m7cS5t+LlNxCxR2vjPpfVGqA/LgTvOQPm1cn6zji0URDqxRZ+D/3m515lFWu4
+OkV7sf6iEgUo/2mtjvt6I/tbpqc5DKJRrRXXVJXQdXDGptdNIGt3jckOiUKYrLIU
+kzzOuL1s
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..2b8f4bcc5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v2-BC-not-cA
+subject:ss-v2-BC-not-cA
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem
new file mode 100644
index 000000000..1cd6979a6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtjCCAaCgAwIBAQIUAYdFdolsf3VTBZ0ZsXUBgHZHnHQwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCnNzLXYyLW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjItbm9CQzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAJFhWwC68S3SAhj2d/wI3LhqlnFgaL0MYBENqhs4RhqUkhIzbQ1f
+6Jc78Gd275ftrR8tcZ4PlQYrJY/rJuLzfq0JL8gCjv4K0SS/l5+LKZE6wjmoVjbZ
+VZaErdkslU/lRczACBA08F7w+rHBQ6oj6pVaKXXbIZscduFvHentJENSyvgPqhOs
+X1pAxIT2klwAeYwajCm1UmjlXNtKSFJZHDG6qCf/ZPplXt/rRdH89t9r1lttZLNV
++eVzbYYcpjY25eOo87FAYOBG/8fjMt3XTs0WtlxnvFA8cieB+cJ7LyIO9TWasaWc
+YX2IonPVrXSUj4APt2tknTcHF/PIcx69diQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec
new file mode 100644
index 000000000..7656115a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v2-noBC
+subject:ss-v2-noBC
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem
new file mode 100644
index 000000000..ea4a18024
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAgIUG8cSSK9riYlFB7ouvuMQGSlW+UcwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3NzLXYzLUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXYzLUJDLWNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAf59Fuz/pD+aAq2EpVeVNNhNW
+ACZLNmzlM7xiodW2Nd5g9w521u58wzmMp7d8jIIzjG4Io3kpK35hcQQaacI7QzQf
+mOOtT2s4KtlpKmnm6X4eGHO5Wjyn7mkfZ/s75RP21CB9d5989Yz+eB2kBfXU0dja
+TBeFKoPnX+MMzucm9JMLhZ4YbxMXbuQOmm5wl4kq44aaQ8m6GsHNIwz5x0XPoCVN
+0VCUxF4f79+LBW7L7MlH1u+iaI82jemwMud2mymBy+nr+3K0mARqAhjjJzF2GEKX
+B8FL2Q2/fHubMK/UmLJQI0L9WS02nuafIGl20xOndFEaTLNKFjrrsCip5Updnw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec
new file mode 100644
index 000000000..df822e99b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v3-BC-cA
+subject:ss-v3-BC-cA
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem
new file mode 100644
index 000000000..f612c29fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAgIUD1Zrxy5fGFnW0HiU7Wd4Lr2CuQwwCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD3NzLXYzLUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12My1CQy1ub3QtY0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQCSHxtOuFzFQjXj
+uYkrCHQ+7h7j5AZi3p3XZvuo8oxzbBb6vmwvTguRkeZzwgN+FWE8IhXMlqE+avh9
+hnDZOygI+w3gtfXtevlnh3ngnr85op4nJ2CJ0O5X6s8wRsX544mM8d8NxriP1tr0
+fB3Dq0Y8WkUkocdV/NuvTnw4gldDl67Imj2J6lYXDfLmCFQYKga1b+OTX/KOUXIy
+VsUwOX1aPY6PUO2IVdX8n/sY8NcGJkf37DxqgcE410GvGHJw4qOgjJxMT0/xDYP8
+FY8yiB/y/mWWw/W1+duWOUO0BfmYH+MrSduUb1IXM06DWZgTbECjcVaqLYnRjgR8
+/ARSmye4
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..0b2b57557
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v3-BC-not-cA
+subject:ss-v3-BC-not-cA
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem
new file mode 100644
index 000000000..849fbcda2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtjCCAaCgAwIBAgIUG/zabaMDrPkuXBAyLcu1A8K/9Q8wCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCnNzLXYzLW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjMtbm9CQzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAFzvJODJBLHGofBQQN0lF3DnB3LOcUMT7noPkAx/fTwjLaomazG+
+pvHOxQTUAXg4SHVQRM+z8y16FertnjVKRBdAQrdWzPFWYxdgafUBTXqpIbZFGbKY
+swQSBBrq6AhjNAx309Y9qW5RfOFer0KNWXV01892euHjL288n+Nn6Kzu2re/Bf29
++uqqpceA2oGgsB83Jcl6LxI2rmF6g38fBtL/TzDmNxcP1lrxUlehosm4sC79dSKJ
+ckbKWSl+IpMI4u3h2MNEOhK5Ip8T2gG0CBI0SZZt7iz4tu4h23KS8RYvQVrySTY7
+5Z2518kyyjVKuhaHcQRN3W/7egP24QRobL8=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec
new file mode 100644
index 000000000..96314e51a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v3-noBC
+subject:ss-v3-noBC
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem
new file mode 100644
index 000000000..01e952442
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAwIUH+0Y+pqW4DjsOBgkkQppZLmj5PcwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3NzLXY0LUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXY0LUJDLWNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEALzgRDh0qh5j+RMgGQcWEPwcB
+0BElZ/R2uZkLppQkFE++NXW/c55ze+58AL9SiE2KcvcuPXcawOutofca1d00msEd
+NIACsU4/R0di4OuxeZEG/3TMT9s45zNgIEScuHN9TG51DYMi+9weNjOohScutTa1
+SZzqxysC8sU6nvjaDKz2CUzp6f4Ihmrs8pf2yn5JGiyL8huPl55pQyjBfhP3kDB4
+w9XnuL3c10RutYpU6PjHYy7ISQRMCkMypTQauOdwlEnQZss8vo3Unb0INyYssHct
+X9owoNW3VZ1QRs5rbzDjhA5x+z9pOcabfnQCEnDaV+3r9bZmHIkQIFQMugJbfg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec
new file mode 100644
index 000000000..54269184e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v4-BC-cA
+subject:ss-v4-BC-cA
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem
new file mode 100644
index 000000000..b876791f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAwIUT5RKOqGvbweUZwI3IGU68VrjHL0wCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD3NzLXY0LUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12NC1CQy1ub3QtY0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQBuALYv+/5x11NR
+7e3rxtG5sT2+hUF63oeJMfGEzP1pBtTpokNKTSQSOzJ96816MTCBbHEjt5VEjYk6
+yj5Kswws38XWMOBv21t4HNYzrdUqVVVRJxfQ6waQN5uAgUS8Wo8tSSXN+pAQ9dpB
+GCMvhPaCmi0F601hU6RnpJNsgoIORMtwJupH11VY11W+zrqOhP1Jnob5x2IIakvD
+/HqSANIhpNjmCKgA5ZQqfFbs0AF/tNGqQ9ikGOBZqBP47sOo9c9FHfchcrq0u+D3
+N4OO0909F5lgb4RQ/g9prlR5CIYh/g1dWG7FPCRaYDPt4DySe26UE60+JBP2re2U
+NiSd3N/5
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..3d6533531
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v4-BC-not-cA
+subject:ss-v4-BC-not-cA
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem
new file mode 100644
index 000000000..317319c72
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtjCCAaCgAwIBAwIUb9qH5069BVlQbXHC3yvfCnwPbAEwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCnNzLXY0LW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjQtbm9CQzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAGx6Hb+TuW/T3OAjH1ZgpUxfWqFthTXoIioS6VhSkUQHa0Ay6xc3
+ieaYhIzOS52IYbqLQLgyOLHb2TxMsmHltlnGAgpJrlnon/48OPkmYsUOA3XpqXfo
+KBiCr6QNK+wPunPKPA2stHsqykC1///Hjrz9G8ZibDH5ESu96vgMjxqkpI1bgRyS
+69XrzctGnwwLaXzhrsNPlP+D/VkSyhrRGih3AHXXdda6s5hqEu8yaSN0kP4oG7gL
+wZcbMRttpIW/ZvihypwUyHSgVsZFeuW8PnDzQF7QwMg88rIBExaTz1RQA9zF7Ft7
+AXbf39HewK1XfLnuZdtYlu5zZBz1Qc/7Q4M=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec
new file mode 100644
index 000000000..d02e04de5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v4-noBC
+subject:ss-v4-noBC
+version:4
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js
new file mode 100644
index 000000000..2c244aad7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js
@@ -0,0 +1,62 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that invalid OID encodings are detected in the Cert Viewer Details tab.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_certviewer_invalid_oids/${filename}.pem`);
+}
+
+function test(certFilename, expectedOIDText) {
+  let cert = certFromFile(certFilename);
+  let certDumpTree = Cc["@mozilla.org/security/nsASN1Tree;1"]
+                       .createInstance(Ci.nsIASN1Tree);
+  certDumpTree.loadASN1Structure(cert.ASN1Structure);
+  let actualOIDText = certDumpTree.getDisplayData(9);
+
+  equal(actualOIDText, expectedOIDText,
+        "Actual and expected OID text should match");
+}
+
+function run_test() {
+  test("bug483440-attack2b",
+       "Object Identifier (2 5 4 Unknown) = www.bank.com\n" +
+       "OU = Hacking Division\n" +
+       "CN = www.badguy.com\nO = Badguy Inc\n");
+
+  test("bug483440-pk10oflo",
+       "Object Identifier (2 5 4 Unknown) = www.bank.com\n" +
+       "OU = Hacking Division\n" +
+       "CN = www.badguy.com\nO = Badguy Inc\n");
+
+  test("bug483440-attack7",
+
+       // Check 88 80 80 80 01, not leading, have to pass
+       "Object Identifier (2 5 4 2147483649) = attack1\n" +
+
+       // Check 90 80 80 80 01, not leading, have to fail
+       "Object Identifier (2 5 4 Unknown) = attack2\n" +
+
+       // Check 80 80 80 80 80, not leading, have to fail
+       "Object Identifier (2 5 4 Unknown) = attack3\n" +
+
+       // Check 81 81, trailing, have to fail
+       "Object Identifier (2 5 4 3 Unknown) = attack4\n" +
+
+       // Check FF FF FF 7F, not leading, have to pass
+       "Object Identifier (2 5 4 268435455) = attack5\n" +
+
+       // Check 80 leading, have to fail
+       "Object Identifier (Unknown 3) = attack6\n" +
+
+       // Check 14757 = 2*40 + 14677 leading single byte encoded as F325,
+       // have to pass
+       "Object Identifier (2 14677 4 3) = attack7\n");
+}
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem
new file mode 100644
index 000000000..8adcf2ac1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKDCCAZGgAwIBAgIFAIyjFPowDQYJKoZIhvcNAQEFBQAwKDEXMBUGA1UEAwwO

+KgB3d3cubXlDQS5vcmcxDTALBgNVBAMTBG15Q0EwHhcNMDkwMzE0MTg0NzU2WhcN

+MTkwMzE0MTg0NzU2WjBhMRMwEQYDVQQKEwpCYWRndXkgSW5jMRcwFQYDVQQDEw53

+d3cuYmFkZ3V5LmNvbTEZMBcGA1UECxMQSGFja2luZyBEaXZpc2lvbjEWMBQGBFUE

+gAMTDHd3dy5iYW5rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2YvL

+GgmF0OTLBKz0nYTvR+DlnZai7b2MqAIM9IUEpMfqzJPNYCsXziYXgHtr/do9ppJP

+BhDjeyIGEOSpgBqdkWItxlLopUHnf8VKwnDPPj4KkNyXuTLm60X/ph+/zrjTw+kU

+m+/kVYstgGMuTIoTuu7loxCqqeVlAgc5lzTpUhkCAwEAAaMlMCMwDAYDVR0TAQH/

+BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAKHl1G

+vaXftj5QPK3eIT6Q3fWuGKR39grlg5GL/WocPanYycOlm9zvT1Hx95cY6msIXSKp

+xycndJ02ODX35DDgolV6VHUsM9yoagk+eqs5kCqW2qiv3moIshL0yWVhuCobMA+E

+D3wHFCPqVU+igRdCrEQDxZHoFOR4J/DKHfGANg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem
new file mode 100644
index 000000000..778e7aced
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkDERMA8GBPMlBAMTB2F0

+dGFjazcxEDAOBgOABAMTB2F0dGFjazYxEzARBgZVBP///38TB2F0dGFjazUxEjAQ

+BgVVBAOBgRMHYXR0YWNrNDEUMBIGB1UEgICAgIATB2F0dGFjazMxFDASBgdVBJCA

+gIABEwdhdHRhY2syMRQwEgYHVQSIgICAARMHYXR0YWNrMTAeFw0wOTA0MTMxNDAw

+MzdaFw0yOTA0MTMxNDAwMzdaMIGQMREwDwYE8yUEAxMHYXR0YWNrNzEQMA4GA4AE

+AxMHYXR0YWNrNjETMBEGBlUE////fxMHYXR0YWNrNTESMBAGBVUEA4GBEwdhdHRh

+Y2s0MRQwEgYHVQSAgICAgBMHYXR0YWNrMzEUMBIGB1UEkICAgAETB2F0dGFjazIx

+FDASBgdVBIiAgIABEwdhdHRhY2sxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

+gQC77fQ1wrywBnVmr8XO0/78/qFOz+sjnMlpBvLx5UImittgMNSgEqNulRDbO0qG

+K4tlFF2sNsS7aOun6Cq7yl2+a8mIljmjzs+iwCLOEAkQTOM4RsdCosJVy/fjwmH1

+xI0uXt5cPkA0FM7B/IZSzWSC+2gY1+u1AhRJ35bXDhu92wIDAQABMA0GCSqGSIb3

+DQEBBQUAA4GBAFZitQjsQJ1+XsxKchBefilaHsi4oncc05P29IXcRbHI8wK2vNk8

+kkG2c6M4a4Rx1R4C3n99NwXH4vyNUbA9FuMSAdjaS3TW3zm8lKNCuIWGuI2Vvefy

++wNcCfb8B4AuP8pZOqqKsspgiBAE1EPPErnb7nMVLCnf+ts9ARXLBZTi
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem
new file mode 100644
index 000000000..7daef524b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZqgAwIBAgIFAIyjFTAwDQYJKoZIhvcNAQEFBQAwKDEXMBUGA1UEAwwO

+KgB3d3cubXlDQS5vcmcxDTALBgNVBAMTBG15Q0EwHhcNMDkwMzE0MTg0ODI0WhcN

+MTkwMzE0MTg0ODI0WjBqMRMwEQYDVQQKEwpCYWRndXkgSW5jMRcwFQYDVQQDEw53

+d3cuYmFkZ3V5LmNvbTEZMBcGA1UECxMQSGFja2luZyBEaXZpc2lvbjEfMB0GDVUE

+goCAgICAgICAgAMTDHd3dy5iYW5rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw

+gYkCgYEA2YvLGgmF0OTLBKz0nYTvR+DlnZai7b2MqAIM9IUEpMfqzJPNYCsXziYX

+gHtr/do9ppJPBhDjeyIGEOSpgBqdkWItxlLopUHnf8VKwnDPPj4KkNyXuTLm60X/

+ph+/zrjTw+kUm+/kVYstgGMuTIoTuu7loxCqqeVlAgc5lzTpUhkCAwEAAaMlMCMw

+DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF

+AAOBgQBr+ekYoADBm6kbHBR1oc/6O9ZciRsTbxIAl3xjA3kNEeiUXXSoe+1dlt3Z

+7D6EaQztqR8usCW728J3vi8p/XxociK3r4aq0Sxu29gp21N1V/Um8y3ssI+Yt9Im

+oHlo5ikUXra5PtGAwi4FymrU5dWlHxYk1PlNP5nsvxdElPZnZA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_constructX509FromBase64.js b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
new file mode 100644
index 000000000..d44e249c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
@@ -0,0 +1,69 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that ConstructX509FromBase64() accepts valid input and rejects invalid
+// input.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function excMessage(e) {
+  if (e.message) {
+    let msg = e.message;
+    if (e.data) {
+      msg = msg + ": " + e.data;
+    }
+    return msg;
+  }
+
+  return e.toString();
+}
+
+function testGood(data) {
+  try {
+    let cert = certDB.constructX509FromBase64(data.cert);
+    equal(cert.commonName, data.cn,
+          "Actual and expected commonName should match");
+  } catch (e) {
+    do_print(`Exception: ${excMessage(e)}`);
+    ok(false, `Should not have gotten an exception for "CN=${data.cn}"`);
+  }
+}
+
+function testBad(data) {
+  throws(() => certDB.constructX509FromBase64(data.input), data.result,
+         `Should get "${data.result}" for "${data.input}"`);
+}
+
+function run_test() {
+  const badCases = [
+    // Wrong type or too short
+    { input: null, result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "=", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "==", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    // Not base64
+    { input: "forty-four dead stone lions", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    // Not a cert
+    { input: "Zm9ydHktZm91ciBkZWFkIHN0b25lIGxpb25z",
+      result: /NS_ERROR_FAILURE/ },
+  ];
+
+  // Real certs with all three padding levels
+  const goodCases = [
+    { cn: "A", cert: "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t" },
+    { cn: "Bo", cert: "MIHjMIGeAgEAMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNVBAMTAkJvMB4XDTExMDMyMzIzMjYwMloXDTExMDQyMjIzMjYwMlowDTELMAkGA1UEAxMCQm8wTDANBgkqhkiG9w0BAQEFAAM7ADA4AjEA1FoSl9w9HqMqVgk2K0J3OTiRsgHeNsQdPUl6S82ME33gH+E56PcWZA3nse+fpS3NAgMBAAEwDQYJKoZIhvcNAQEFBQADMQAo/e3BvQAmygiATljQ68tWPoWcbMwa1xxAvpWTEc1LOvMqeDBinBUqbAbSmPhGWb4=" },
+    { cn: "Cid", cert: "MIHlMIGgAgEAMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNVBAMTA0NpZDAeFw0xMTAzMjMyMzI2MzJaFw0xMTA0MjIyMzI2MzJaMA4xDDAKBgNVBAMTA0NpZDBMMA0GCSqGSIb3DQEBAQUAAzsAMDgCMQDUUxlF5xKN+8KCSsR83sN+SRwJmZdliXsnBB7PU0OgbmOWN0u8yehRkmu39kN9tzcCAwEAATANBgkqhkiG9w0BAQUFAAMxAJ3UScNqRcjHFrNu4nuwRldZLJlVJvRYXp982V4/kYodQEGN4gJ+Qyj+HTsaXy5x/w==" }
+  ];
+
+  for (let badCase of badCases) {
+    testBad(badCase);
+  }
+  for (let goodCase of goodCases) {
+    testGood(goodCase);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_content_signing.js b/security/manager/ssl/tests/unit/test_content_signing.js
new file mode 100644
index 000000000..99ea33a3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing.js
@@ -0,0 +1,266 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// These tests ensure content signatures are working correctly.
+
+// First, we need to set up some data
+const PREF_SIGNATURE_ROOT = "security.content.signature.root_hash";
+
+const TEST_DATA_DIR = "test_content_signing/";
+
+const ONECRL_NAME = "oneCRL-signer.mozilla.org";
+const ABOUT_NEWTAB_NAME = "remotenewtab.content-signature.mozilla.org";
+
+function getSignatureVerifier() {
+  return Cc["@mozilla.org/security/contentsignatureverifier;1"]
+           .createInstance(Ci.nsIContentSignatureVerifier);
+}
+
+function setRoot(filename) {
+  let cert = constructCertFromFile(filename);
+  Services.prefs.setCharPref(PREF_SIGNATURE_ROOT, cert.sha256Fingerprint);
+}
+
+function loadChain(prefix, names) {
+  let chain = [];
+  for (let name of names) {
+    let filename = `${prefix}_${name}.pem`;
+    chain.push(readFile(do_get_file(filename)));
+  }
+  return chain;
+}
+
+function run_test() {
+  // set up some data
+  const DATA = readFile(do_get_file(TEST_DATA_DIR + 'test.txt'));
+  const GOOD_SIGNATURE = "p384ecdsa=" +
+      readFile(do_get_file(TEST_DATA_DIR + 'test.txt.signature'))
+      .trim();
+
+  const BAD_SIGNATURE = "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2r" +
+                        "UWM4GJke4pE8ecHiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1G" +
+                        "q25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L";
+
+  let remoteNewTabChain = loadChain(TEST_DATA_DIR + "content_signing",
+                                    ["remote_newtab_ee", "int", "root"]);
+
+  let oneCRLChain = loadChain(TEST_DATA_DIR + "content_signing",
+                              ["onecrl_ee", "int", "root"]);
+
+  let oneCRLBadKeyChain = loadChain(TEST_DATA_DIR + "content_signing",
+                                    ["onecrl_wrong_key_ee", "int", "root"]);
+
+  let oneCRLRSAKeyChain = loadChain(TEST_DATA_DIR + "content_signing",
+                                    ["onecrl_RSA_ee", "int", "root"]);
+
+  let noSANChain = loadChain(TEST_DATA_DIR + "content_signing",
+                             ["onecrl_no_SAN_ee", "int", "root"]);
+
+  // Check signature verification works without error before the root is set
+  let chain1 = oneCRLChain.join("\n");
+  let verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME),
+     "Before the root is set, signatures should fail to verify but not throw.");
+
+  setRoot(TEST_DATA_DIR + "content_signing_root.pem");
+
+  // Check good signatures from good certificates with the correct SAN
+  verifier = getSignatureVerifier();
+  ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME),
+     "A OneCRL signature should verify with the OneCRL chain");
+  let chain2 = remoteNewTabChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain2,
+                                     ABOUT_NEWTAB_NAME),
+     "A newtab signature should verify with the newtab chain");
+
+  // Check a bad signature when a good chain is provided
+  chain1 = oneCRLChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, BAD_SIGNATURE, chain1, ONECRL_NAME),
+     "A bad signature should not verify");
+
+  // Check a good signature from cert with good SAN but a different key than the
+  // one used to create the signature
+  let badKeyChain = oneCRLBadKeyChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, badKeyChain,
+                                      ONECRL_NAME),
+     "A signature should not verify if the signing key is wrong");
+
+  // Check a good signature from cert with good SAN but a different key than the
+  // one used to create the signature (this time, an RSA key)
+  let rsaKeyChain = oneCRLBadKeyChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, rsaKeyChain,
+                                      ONECRL_NAME),
+     "A signature should not verify if the signing key is wrong (RSA)");
+
+  // Check a good signature from cert with good SAN but with chain missing root
+  let missingRoot = [oneCRLChain[0], oneCRLChain[1]].join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, missingRoot,
+                                      ONECRL_NAME),
+     "A signature should not verify if the chain is incomplete (missing root)");
+
+  // Check a good signature from cert with good SAN but with no path to root
+  let missingInt = [oneCRLChain[0], oneCRLChain[2]].join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, missingInt,
+                                      ONECRL_NAME),
+     "A signature should not verify if the chain is incomplete (missing int)");
+
+  // Check good signatures from good certificates with the wrong SANs
+  chain1 = oneCRLChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
+                                      ABOUT_NEWTAB_NAME),
+     "A OneCRL signature should not verify if we require the newtab SAN");
+
+  chain2 = remoteNewTabChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain2,
+                                      ONECRL_NAME),
+     "A newtab signature should not verify if we require the OneCRL SAN");
+
+  // Check good signatures with good chains with some other invalid names
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ""),
+     "A signature should not verify if the SANs do not match an empty name");
+
+  let relatedName = "subdomain." + ONECRL_NAME;
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
+                                      relatedName),
+     "A signature should not verify if the SANs do not match a related name");
+
+  let randomName = "\xb1\x9bU\x1c\xae\xaa3\x19H\xdb\xed\xa1\xa1\xe0\x81\xfb" +
+                   "\xb2\x8f\x1cP\xe5\x8b\x9c\xc2s\xd3\x1f\x8e\xbbN";
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, randomName),
+     "A signature should not verify if the SANs do not match a random name");
+
+  // check good signatures with chains that have strange or missing SANs
+  chain1 = noSANChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
+                                      ONECRL_NAME),
+     "A signature should not verify if the SANs do not match a supplied name");
+
+  // Check malformed signature data
+  chain1 = oneCRLChain.join("\n");
+  let bad_signatures = [
+    // wrong length
+    "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi-" +
+    "7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L==",
+    // incorrectly encoded
+    "p384ecdsa='WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi" +
+    "-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L=",
+    // missing directive
+    "other_directive=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ec" +
+    "HiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L",
+    // actually sha256 with RSA
+    "p384ecdsa=XS_jiQsS5qlzQyUKaA1nAnQn_OvxhvDfKybflB8Xe5gNH1wNmPGK1qN-jpeTfK" +
+    "6ob3l3gCTXrsMnOXMeht0kPP3wLfVgXbuuO135pQnsv0c-ltRMWLe56Cm4S4Z6E7WWKLPWaj" +
+    "jhAcG5dZxjffP9g7tuPP4lTUJztyc4d1z_zQZakEG7R0vN7P5_CaX9MiMzP4R7nC3H4Ba6yi" +
+    "yjlGvsZwJ_C5zDQzWWs95czUbMzbDScEZ_7AWnidw91jZn-fUK3xLb6m-Zb_b4GAqZ-vnXIf" +
+    "LpLB1Nzal42BQZn7i4rhAldYdcVvy7rOMlsTUb5Zz6vpVW9LCT9lMJ7Sq1xbU-0g=="
+    ];
+  for (let badSig of bad_signatures) {
+    throws(() => {
+      verifier = getSignatureVerifier();
+      verifier.verifyContentSignature(DATA, badSig, chain1, ONECRL_NAME);
+    }, /NS_ERROR/, `Bad or malformed signature "${badSig}" should be rejected`);
+  }
+
+  // Check malformed and missing certificate chain data
+  let chainSuffix = [oneCRLChain[1], oneCRLChain[2]].join("\n");
+  let badChains = [
+    // no data
+    "",
+    // completely wrong data
+    "blah blah \n blah",
+    ];
+
+  let badSections = [
+    // data that looks like PEM but isn't
+    "-----BEGIN CERTIFICATE-----\nBSsPRlYp5+gaFMRIczwUzaioRfteCjr94xyz0g==\n",
+    "-----BEGIN CERTIFICATE-----\nBSsPRlYp5+gaFMRIczwUzaioRfteCjr94xyz0g==\n-----END CERTIFICATE-----",
+    // data that will start to parse but won't base64decode
+    "-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n-----END CERTIFICATE-----",
+    // data with garbage outside of PEM sections
+    "this data is garbage\n-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n" +
+    "-----END CERTIFICATE-----",
+    ];
+
+  for (let badSection of badSections) {
+    // ensure we test each bad section on its own...
+    badChains.push(badSection);
+    // ... and as part of a chain with good certificates
+    badChains.push(badSection + '\n' + chainSuffix);
+  }
+
+  for (let badChain of badChains) {
+    throws(() => {
+      verifier = getSignatureVerifier();
+      verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, badChain,
+                                      ONECRL_NAME);
+    }, /NS_ERROR/, `Bad chain data starting "${badChain.substring(0, 80)}" ` +
+                   "should be rejected");
+  }
+
+  // Check the streaming interface works OK when a good chain / data
+  // combination is provided
+  chain1 = oneCRLChain.join("\n");
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  verifier.update(DATA);
+  ok(verifier.end(),
+     "A good signature should verify using the stream interface");
+
+  // Check that the streaming interface works with multiple update calls
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  for (let c of DATA) {
+    verifier.update(c);
+  }
+  ok(verifier.end(),
+     "A good signature should verify using multiple updates");
+
+  // Check that the streaming interface works with multiple update calls and
+  // some data provided in CreateContext
+  verifier = getSignatureVerifier();
+  let start = DATA.substring(0, 5);
+  let rest = DATA.substring(start.length);
+  verifier.createContext(start, GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  for (let c of rest) {
+    verifier.update(c);
+  }
+  ok(verifier.end(),
+     "A good signature should verify using data in CreateContext and updates");
+
+  // Check that a bad chain / data combination fails
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  ok(!verifier.end(),
+     "A bad signature should fail using the stream interface");
+
+  // Check that re-creating a context throws ...
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+
+  // ... firstly, creating a context explicitly
+  throws(() => {
+    verifier.createContext(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  }, /NS_ERROR/, "Ensure a verifier cannot be re-used with createContext");
+
+  // ... secondly, by calling verifyContentSignature
+  throws(() => {
+    verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  }, /NS_ERROR/, "Ensure a verifier cannot be re-used with verifyContentSignature");
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem
new file mode 100644
index 000000000..f58505cd3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUPcKbBQpKwTzrrlqzM+d3z5DWiNUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBmludC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT
+BgNVHSUEDDAKBggrBgEFBQcDAzALBgkqhkiG9w0BAQsDggEBADDPjITgz8joxLRW
+wpLxELKSgO/KQ6iAXztjMHq9ovT7Fy0fqBnQ1mMVFr+sBXLgtUCM45aip6PjhUXc
+zs5Dq5STg+kz7qtmAjEQvOPcyictbgdu/K7+uMhXQhlzhOgyW88Uk5vrAezNTc/e
+TvSmWp1FcgVAfaeMN/90nzD1KIHoUt7zqZIz9ub8jXPVzQNZq4vh33smZhmbdTdV
+DaHUyef5cR1VTEGB+L1qzUIQqpHmD4UkMNP1nYedWfauiQhRt6Ql3rJSCRuEvsOA
+iBTJlwai/EFwfyfHkOV2GNgv+A5wHHEjBtF5c4PCxQEL5Vw+mfZHLsDVqF3279ZY
+lQ6jQ9g=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec
new file mode 100644
index 000000000..4134a73c6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem
new file mode 100644
index 000000000..fbd0d7980
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8DCCAdqgAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjPTA7MBMGA1UdJQQM
+MAoGCCsGAQUFBwMDMCQGA1UdEQQdMBuCGW9uZUNSTC1zaWduZXIubW96aWxsYS5v
+cmcwCwYJKoZIhvcNAQELA4IBAQBTTQDoiUsS4p1kfxxqOaL1vUTZyVEDKqiKq1W0
+2smYooB7KrL4yG5zKCwVKXpRlOHG/933jrEWo0SRacY09Qdj/VL1VdPpF6HbQHNc
++znwW4bGZFqtQozlHCYn6+1+3vOI4Y82RfczvqgaJK9rJ4PLuvdZbjAddW79KKdP
+0JEsrMzroPGjgAr/iudYAR4lnqYUxpe878O8ncWtKD3jontIxiC58nzgYZBSMCVw
+R/T9WwO2XFGGZ3y0DvO02svVfOAF7P8smV/cD7ACgwI0udG9JDwrd3fyMIh92lbU
+bIVcCdPNWlFZKJNP8WULSbde4p6WKX1tqnXSDdSZ3b0et4T6
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec
new file mode 100644
index 000000000..b69737823
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-CA
+subject:ee-int-CA
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem
new file mode 100644
index 000000000..999885dcf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICQjCCASygAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q
+nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD
+dKpuqc6jPTA7MBMGA1UdJQQMMAoGCCsGAQUFBwMDMCQGA1UdEQQdMBuCGW9uZUNS
+TC1zaWduZXIubW96aWxsYS5vcmcwCwYJKoZIhvcNAQELA4IBAQAdPgCR5gCHDNv/
+RXgLEcsGDS/kvBpVilsz6+DQpg/9tfDoMb4QOM/BDXqrm3ndt6mBs61cImvd3R29
+47Kej5a/BlFHqdM4Il2iqmjb7CfICAtnQ46dxGamQwr4fR8iD7Etlc71bcygsSL9
+u4CvD1pUTm2xyDfLMAy9phkI6RouvSnt5hk8MI7q1x6RCfJDflU1EdGdeJyOajeD
+fYAW6kanTkcjnOkpBCQrfK2xY27OVgWqw/yoBUHrtxDHIV5cE9+SckF5gTP9JbNq
+MjATfQx6XeLC8TbtuhK4Vo5RLfbKzP74748ko9qwKRK3F5hGOqFBaCxyTX7jVblS
+Td7ydc86
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec
new file mode 100644
index 000000000..2034a7299
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem
new file mode 100644
index 000000000..725374c14
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHDCCAQagAwIBAgIUNVa2/jSdRUf8hvS8AEu+NWYfnwkwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q
+nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD
+dKpuqc6jFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEA
+h0470fGH1d3Gmeu1LCTH44p7FRvTx/+MR7X8Ava3wzl593jpLlBd0vJY6JWL7z4u
+kfnSAvTh2S96Dx3jPv0dZLUTHSyTQAWsWmnD2lyjQ/SIoFIE+NewJLdoEqcWflbh
+Q49IIIsTC3OfUIYa1dxhhOpYNtj2esWM7JePnVIxk3+G8QYUfnFIEutZvXaBjAib
+6dk4NZncXZjMTMOm9VvgbCP7gGie8k+30Q0Y7mRAQQxbU9HIWv/9tUzLw7qR5ZyV
+1eIP8w00ReO8Jmk7Tfq9xRmIMBlDymM8IBh1Khi/0vvrhgCHEXTjrVsjFQZ2JYvB
+Qn8GjIS109A7WVE8xhUbMQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec
new file mode 100644
index 000000000..fc0874be0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem
new file mode 100644
index 000000000..91f5e2dea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICJTCCAQ+gAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAARPv7u7YeD4+bGmClmshwTi7AULQj489y6SPyxPeUtFXCpp0jNFbDbE
+EZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbAoz0wOzATBgNVHSUEDDAKBggrBgEFBQcD
+AzAkBgNVHREEHTAbghlvbmVDUkwtc2lnbmVyLm1vemlsbGEub3JnMAsGCSqGSIb3
+DQEBCwOCAQEAZdHYo1BBgUO2sRvPIC3AQz+7MIdEFHoOZapM7eDK+G/4mnIEj5z5
+XW/n5hLop160K4hr+kUcW63XxisuuOBBvclnE9dgg0Sb0rFvJCVz7t1D4QHwWdou
+Sd0wXXTT+zeh40KPt2LSS6rT37o8TI1VTE7XkjfXGufKDQHk08sKEDgyab6Hy8gz
+eVcm2sMv+hwaMvFTjUws4o7zvcTqEvTa+4KxyySYDXB29jcKu60Sdjcm4hlNgJjU
+tQZTTV+k+yjg8oQKuNM0YWiKisJO/HtkHLTUyHwjiY+OV2krzoPCHvmUeSOhf2Gk
+bdOy6AgcCgqmjOFiCmWMJMKb7EvXfvVMXQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec
new file mode 100644
index 000000000..f5cb96226
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp256r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem
new file mode 100644
index 000000000..7bac9e8c7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUzCCAT2gAwIBAgIUJ1BtYqWRwUsVaZCGPp9eTHIC04QwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q
+nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD
+dKpuqc6jTjBMMBMGA1UdJQQMMAoGCCsGAQUFBwMDMDUGA1UdEQQuMCyCKnJlbW90
+ZW5ld3RhYi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzALBgkqhkiG9w0B
+AQsDggEBALiLck6k50ok9ahVq45P3feY1PeUXcIYZkJd8aPDYM+0kfg5+JyJBykA
+mtHWPE1QQjs7VRMfaLfu04E4UJMI2V1AON1qtgR9BQLctW85KFACg2omfiCKwJh0
+5Q8cxBFx9BpNMayqLJwHttB6oluxZFTB8CL/hfpbYpHz1bMEDCVSRP588YBrc8mV
+OLqzQK+k3ewwGvfD6SvXmTny37MxqwxdTPFJNnpqzKAsQIvz8Skic9BkA1NFk0Oq
+lsKKoiibbOCmwS9XY/laAkBaC3winuhciYAC0ImAopZ4PBCU0AOHGrNbhZXWYQxt
+uHBj34FqvIRCqgM06JCEwN0ULgix4kI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec
new file mode 100644
index 000000000..44fa64518
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:remotenewtab.content-signature.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem
new file mode 100644
index 000000000..b1ac172b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUKRLJoCmk0A6PHrNc8CxFn//4BYcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyUwIzAMBgNVHRMEBTADAQH/MBMGA1Ud
+JQQMMAoGCCsGAQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAABgMK6EyVIXTjD5qaxPO
+DWz6yREACmAQBcowKWvfhwgi27DPSXyFGDbzTPEo+7RrIcXJkVAhLouGT51fCwTZ
+zb6Sgf6ztX7VSppY9AT4utvlZKP1xQ5WhIYsMtdHCHLHIkRjeWyoBEfUx50UXNLK
+Snl+A02GKYWiX+TLLg2DPN2s7v/mm8NLMQNgUlL7KakB2FHFyPa8otPpL4llg7UJ
+iBTVQ0c3JoiVbwZaY1Z8QinfMXUrTK9egUC4BAcId1dE8glzA5RRlw1fTLWpGApt
+hUmbDnl9N2a9NhGX323ypNzIATexafipzWe7bc4u/+bFdrUqnKUoEka73pZBdHdA
+FQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec
new file mode 100644
index 000000000..f5e387b0c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/moz.build b/security/manager/ssl/tests/unit/test_content_signing/moz.build
new file mode 100644
index 000000000..83e797900
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/moz.build
@@ -0,0 +1,19 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'content_signing_int.pem',
+#    'content_signing_onecrl_RSA_ee.pem',
+#    'content_signing_onecrl_ee.pem',
+#    'content_signing_onecrl_no_SAN_ee.pem',
+#    'content_signing_onecrl_wrong_key_ee.pem',
+#    'content_signing_remote_newtab_ee.pem',
+#    'content_signing_root.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_content_signing/pysign.py b/security/manager/ssl/tests/unit/test_content_signing/pysign.py
new file mode 100644
index 000000000..c68c45b52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/pysign.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Create an ECDSA signature on the P-384 curve using the SHA-384 hash of data from
+stdin. The key used for the signature is the secp384r1Encoded key used in pykey
+and pycert.
+
+The certificates for the content signature tests make use of this program.
+You can use pysign.py like this:
+
+cat test.txt | python pysign.py > test.txt.signature
+"""
+
+import base64
+import binascii
+import ecc
+import pykey
+
+from sys import stdin
+
+data = stdin.read()
+
+key = ecc.Key.Key.decode(binascii.unhexlify(pykey.ECCKey.secp384r1Encoded))
+sig = key.sign("Content-Signature:\00" + data, 'sha384')
+print base64.b64encode(sig).replace('+', '-').replace('/', '_')
diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt b/security/manager/ssl/tests/unit/test_content_signing/test.txt
new file mode 100644
index 000000000..2daac1cb0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt
@@ -0,0 +1 @@
+This is a test file to test content-signature verification with a PKI.
diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature
new file mode 100644
index 000000000..e61398147
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature
@@ -0,0 +1 @@
+hSvmvvA7_QLedDsjRJGBevqLwjPILx1EtWSPP4A0fepaWWPuuZRB8VfDT2j07bKDacRsbmJjmvg_R4CpKmnoWF8-2w5lSszlFFDqYSvQVQxpKhu-HMM_qquu_l0KecQ2
diff --git a/security/manager/ssl/tests/unit/test_datasignatureverifier.js b/security/manager/ssl/tests/unit/test_datasignatureverifier.js
new file mode 100644
index 000000000..0479c4d3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_datasignatureverifier.js
@@ -0,0 +1,193 @@
+"use strict";
+
+const keys = [
+// RSA key
+"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK426erD/H3XtsjvaB5+PJqbhj" +
+"Zc9EDI5OCJS8R3FIObJ9ZHJK1TXeaE7JWqt9WUmBWTEFvwS+FI9vWu8058N9CHhD" +
+"NyeP6i4LuUYjTURnn7Yw/IgzyIJ2oKsYa32RuxAyteqAWqPT/J63wBixIeCxmysf" +
+"awB/zH4KaPiY3vnrzQIDAQAB",
+
+// RSA key
+"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHe69VsjNCwnGF9YGZLgnobp3D" +
+"c1KgWzpbT+f12vVKkV3YBpA9KMVMy6wpxlDjvLJjfp/0HvaH7aaz/7kgxZw70Y60" +
+"LaJtkAcl1ZVAxS2lQKRTAzZ0RhoTSI1xVqGTjiQakgVdUeghtnqqwp5o1inZv3Qh" +
+"nUOMNPyAV8zGt+ZQHQIDAQAB",
+
+// Invalid key data ("foobar" base 64 encoded)
+"Zm9vYmFy"
+];
+
+const data = [
+"Test data for data signature verifier",
+"The quick brown fox jumps over the lazy dog..."
+];
+
+const signatures = [
+// Key 0, Data 0, MD2 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBAgUAA4GBALe3hO76UCpI8b1/oJUCIPmC6AbnMAMlAqo7" +
+"pc3TaWmU9wISWmXSrwNmr/QQNjWDn4nzQn8/K/Ac+tszaXib6fVLKA1a6e+/E0qE" +
+"OIKFwUiDWCkGDgxM8aYiTgoSZub/5rokgse+ivuCRSVTv9mSxRzKwj+Cvp1EjKCT" +
+"iIl3nnTh",
+
+// Key 0, Data 0, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAGGb2QkA8LcA+QZj1SoVFmMpVTd9P5Ac0Rjb" +
+"ldouMmngztMV/dxymVKCpknqelhsxTQ/zaqGZ4KKzcIffJa9jXi5XUD8XzDIKcFE" +
+"dQvti8oUNDPb6l1ybETI8LKh2ywyBCSZ/Q5BwUeS9nfx+4cAnu9YZf29SGljit+Y" +
+"XLPKZ+of",
+
+// Key 0, Data 0, SHA1 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBQUAA4GBAHcl6tqR5yjTDUJ5NiLOdIB4I6/C/rS2WW5a" +
+"7MVhYYhBgaZyGaem4LLT/REloOOLwPNMcmSEpwexqMSATbl9AAoJPq/wO3l4cZpO" +
+"tDkLlafsiwnqK156YvHp50zUq5Os28d6Bq/Nl2qjH1yizwlIEo0o9qo8Cq6QK3j2" +
+"MdFCopgk",
+
+// Key 0, Data 0, SHA256 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBCwUAA4GBAAOtDvzWwbYK7zLUz0F3e3wmkL1YWXuD/GzQ" +
+"LgwOg6VWtn9v54M9nfv/+iX+m4udzIwHZU7utYM31vtwqRC36l0QKo2VMbiLySX+" +
+"uHnSK40Kk4SfBvMF1wuz6BQ8ia8uTjPPfC764dB1N7gQdgdRevLTrh2EU6+DLmSS" +
+"Sm1QJm9/",
+
+// Key 0, Data 0, SHA384 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDAUAA4GBAMWB3DskcGuGXpi3TO2Pm0g915EIvm5aOeXQ" +
+"sbs0ZGOwPyzYN1kKOmEpGHMeRhcIIBcF80ZC5N6dsTxeMGkFGOqhvB/HNl7gXMqF" +
+"OA8mG9vAcwfMeJlY4H5WbYD8bUn72UbIuS+sURLvWVhuIFBYPHHU7KVUaGAWl0rp" +
+"hCa4Dk37",
+
+// Key 0, Data 0, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAFkm61zH8Y0J5PA4GtOvoZA6w/SzHg5jFP11" +
+"gmXki81VgKwLF7Gyj4wRBX7Q9c8cNrNeoGZb12NUUxlR+u6J6VxcosVPKrCz7Xfj" +
+"LPi6+A1dNV5eH2B6tZR6wIiEatAWNIXxQZEJbj9BWefRFq6NnKhR5A/MEPnrZyoR" +
+"Da3YsDV3",
+
+// Key 0, Data 1, MD2 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBAgUAA4GBAJjwosJK6jV9Bt6HhrFn7+48LRhamjWjzs7a" +
+"cf5D/GTuul6aQQvQJ4Lt26KTyh3VglaQJFToH0Ik/fR1lOJS3tCPr1RRH06cKZgK" +
+"haoUaGR8rmtn678wX067q7ACmKPeqmgj71pHm7O5YgN3z45iAazbUHP4erdbFUf9" +
+"4rOr3L2f",
+
+// Key 0, Data 1, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAC0EAoHWTb4CC+gw7fs5zMaZw7PWoDH1rXMD" +
+"dKoMBDmAW1EXZTfUGUTv0ga3VzuPJKuHHZOFVyFDnt4qFrefzzWs17LiPpN+yVgo" +
+"6vBnpXLeIp7D9n94bz56gv9NZZmy02XQVKDaRc3E4JBC7Ze7RAHuKtWuZRTUKF86" +
+"VXakwW3a",
+
+// Key 0, Data 1, SHA1 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBQUAA4GBABkClr0Ot3aXBKYIiARdwpX8etDQO/Eqjxe8" +
+"pJyaqwj/P+x8j9/CbtJKJJTxvYmV9AhdgLPgoWjcTkfvqKdb1vpKKbV30QC/TEnu" +
+"ON+66MJgkwrZw6NCDyBRgMTjf4FWR75Ot1DLuu3+7uCswKCJe8la0HMm/AcqUzu1" +
+"SKOPMseI",
+
+// Key 0, Data 1, SHA256 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBCwUAA4GBAE2cIr6Uzo7RISkGgCA5m4K8s9+0iHwzr2u/" +
+"3ICUrTPe4RY2g9RLd6qkwaHD101LW5TQw71fhePIxfWHEhWtTCLS5DnGiucxfGKW" +
+"47gOBJIYf0DG7o5N4lA99j2Zuj+V+yjAcLfq7Su5FwASbD30KqCue1/F03qdXUxj" +
+"ciJeGo2b",
+
+// Key 0, Data 1, SHA384 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDAUAA4GBAK+JfKJNBjw2d2iXT/pe9xMXPkLSkf+gjG2i" +
+"F7B0kBvMGyOVxuvQ4TCx+NFhAUevQugDHgBMkmAieg8mApcWWFWQ+8rbdUFv/hD7" +
+"fHW+QukMgcfLMquh0GtDuoM8ZKFBBvwnPGLLUh+ZMy8fEOjjH+s6bQQSpf072SSJ" +
+"K+Uo8DG2",
+
+// Key 0, Data 1, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAEEvDpyBssG0qFfRamNwkwSjhqYRVFdIa6+E" +
+"xfxdRqW/nxN5HuzFA8aajgSMXX0YFWPXV7OuVjCCJfZWhq7kQpTy96AmI/04rVdr" +
+"9gc5mc2tdLl3Yk/Qd+Xq8WYcQIZ5Ewyo7sr8eKtVhtEM8OtPR54FO2s1pkZwJdVf" +
+"ymMzHBoE",
+
+// Key 1, Data 0, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAAIzLho2i5jfJ5SPPV/u2gUuefzhjEAsUhlL" +
+"Nir4FKhNzB2DZNbME9DtgNvdmZd00IjydYlaJ0dnLiMigXIaRJsyncYazULZdY6i" +
+"i7oP6llbXbszSTbHGolr5kQ+6cZPBBATOkJ+wekDdlvh5cZ+B0Lux4LevUDlGWAy" +
+"uR7bqrc5",
+
+// Key 1, Data 0, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBABsjF8K/SIaY3KTeIGpPEwl1+ZXLKBaHxlRT" +
+"b37PhorSfqW1KFjquCEASUUeFwCQ14uUIBaRQV2haRGA0dRpuWr4zrWZMcDKOsmX" +
+"r5XRvcti9/lNqoIID/Mq0tKtS6aVFZpoHIrwbXpV4hV+BRGhaPxV3RBzEIzM7bWJ" +
+"tN3JY9+1",
+
+// Key 1, Data 1, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAIAxRPXDAT2LBcOo7yTNr5uIZbPW9rkSX0Ba" +
+"h4sq6YRcxlnohaE2VO0CLGXFNwaBihhkkp+2dA76EvbMo/+O9XTWwroqtWWwvmxs" +
+"tWK6HvwYKnGFKOOZMOjNjmXjk446UVvxYCbU+NPM1LZTewT1/UpPWWRowF/lwX7m" +
+"SnT8d2ds",
+
+// Key 1, Data 1, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAF0+XYD/r0Annz1GJ24GTkAlWY/OixCSV6Ix" +
+"OMM7P2d/jgOP+ICKIpxqaSE0CbkLiegUiidIOWvFqDxQJWlAAukDUWISGFfJMFxX" +
+"3jzJ0bBfeNY/1Qo8jMQopcNco/NlNgoSKAUOBtk31aFgNoVC3kWUk6pO97KEiJ+e" +
+"bQp9Z2/M",
+
+// Invalid signature data ("foobar" base 64 encoded)
+"Zm9vYmFy"
+];
+
+const tests = [
+// Data   Signature  Key   Expected   Throws
+// Pass cases
+  [0,     0,         0,    true,      false], //0
+  [0,     1,         0,    true,      false], //1
+  [0,     2,         0,    true,      false], //2
+  [0,     3,         0,    true,      false], //3
+  [0,     4,         0,    true,      false], //4
+  [0,     5,         0,    true,      false], //5
+  [1,     6,         0,    true,      false], //6
+  [1,     7,         0,    true,      false], //7
+  [1,     8,         0,    true,      false], //8
+  [1,     9,         0,    true,      false], //9
+  [1,     10,        0,    true,      false], //10
+  [1,     11,        0,    true,      false], //11
+  [0,     12,        1,    true,      false], //12
+  [0,     13,        1,    true,      false], //13
+  [1,     14,        1,    true,      false], //14
+  [1,     15,        1,    true,      false], //15
+// Incorrect data cases
+  [1,     0,         0,    false,     false], //16
+  [1,     1,         0,    false,     false], //17
+  [1,     2,         0,    false,     false], //18
+  [1,     3,         0,    false,     false], //19
+  [1,     4,         0,    false,     false], //20
+  [1,     5,         0,    false,     false], //21
+  [0,     6,         0,    false,     false], //22
+  [0,     7,         0,    false,     false], //23
+  [0,     8,         0,    false,     false], //24
+  [0,     9,         0,    false,     false], //25
+  [0,     10,        0,    false,     false], //26
+  [0,     11,        0,    false,     false], //27
+// Incorrect key cases
+  [0,     1,         1,    false,     false], //28
+  [0,     5,         1,    false,     false], //29
+  [1,     7,         1,    false,     false], //30
+  [1,     11,        1,    false,     false], //31
+  [0,     12,        0,    false,     false], //32
+  [0,     13,        0,    false,     false], //33
+  [1,     14,        0,    false,     false], //34
+  [1,     15,        0,    false,     false], //35
+// Invalid data cases
+  [0,     0,         2,    false,     true],  //36
+  [0,     1,         2,    false,     true],  //37
+  [0,     16,        0,    false,     true],  //38
+  [1,     16,        0,    false,     true],  //39
+];
+
+function run_test() {
+  let verifier = Cc["@mozilla.org/security/datasignatureverifier;1"]
+                   .createInstance(Ci.nsIDataSignatureVerifier);
+
+  for (let testCase of tests) {
+    let testShouldThrow = testCase[4];
+    if (testShouldThrow) {
+      throws(() => {
+        verifier.verifyData(data[testCase[0]], signatures[testCase[1]],
+                            keys[testCase[2]]);
+      }, /NS_ERROR_FAILURE/, `Test "${testCase}" should throw`);
+    } else {
+      let result = verifier.verifyData(data[testCase[0]],
+                                       signatures[testCase[1]],
+                                       keys[testCase[2]]);
+      equal(result, testCase[3],
+            `Actual and expected result should match for test "${testCase}"`);
+    }
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_der.js b/security/manager/ssl/tests/unit/test_der.js
new file mode 100644
index 000000000..674e939d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_der.js
@@ -0,0 +1,219 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests DER.jsm functionality.
+
+var { DER } = Cu.import("resource://gre/modules/psm/DER.jsm", {});
+
+function run_simple_tests() {
+  throws(() => new DER.DER("this is not an array"), /invalid input/,
+         "should throw given non-array input");
+  throws(() => new DER.DER([0, "invalid input", 1]), /invalid input/,
+         "should throw given non-byte data (string case)");
+  throws(() => new DER.DER([31, 1, {}]), /invalid input/,
+         "should throw given non-byte data (object case)");
+  throws(() => new DER.DER([0.1, 3, 1]), /invalid input/,
+         "should throw given non-byte data (non-integer case)");
+  throws(() => new DER.DER([1, 3, -1]), /invalid input/,
+         "should throw given non-byte data (negative integer case)");
+  throws(() => new DER.DER([1, 300, 79]), /invalid input/,
+         "should throw given non-byte data (large integer case)");
+
+  let testReadByte = new DER.DER([0x0a, 0x0b]);
+  equal(testReadByte.readByte(), 0x0a, "should read 0x0a");
+  equal(testReadByte.readByte(), 0x0b, "should read 0x0b");
+  throws(() => testReadByte.readByte(), /data truncated/,
+         "reading more data than is available should fail");
+
+  let testReadBytes = new DER.DER([0x0c, 0x0d, 0x0e]);
+  deepEqual(testReadBytes.readBytes(3), [0x0c, 0x0d, 0x0e],
+            "should read correct sequence of bytes");
+
+  let testReadNegativeBytes = new DER.DER([0xff, 0xaf]);
+  throws(() => testReadNegativeBytes.readBytes(-4), /invalid length/,
+         "reading a negative number of bytes should fail");
+
+  let testReadZeroBytes = new DER.DER([]);
+  equal(testReadZeroBytes.readBytes(0).length, 0,
+        "reading zero bytes should result in a zero-length array");
+
+  let testReadTooManyBytes = new DER.DER([0xab, 0xcd, 0xef]);
+  throws(() => testReadTooManyBytes.readBytes(4), /data truncated/,
+         "reading too many bytes should fail");
+
+  let testSEQUENCE = new DER.DER([0x30, 0x01, 0x01]);
+  let content = testSEQUENCE.readTagAndGetContents(DER.SEQUENCE);
+  equal(content.length, 1, "content should have length 1");
+  equal(content[0], 1, "value of content should be [1]");
+  ok(testSEQUENCE.atEnd(), "testSEQUENCE should be at the end of its input");
+  testSEQUENCE.assertAtEnd();
+
+  // The length purports to be 4 bytes, but there are only 2 available.
+  let truncatedSEQUENCE = new DER.DER([0x30, 0x04, 0x00, 0x00]);
+  throws(() => truncatedSEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+         /data truncated/, "should get 'data truncated' error");
+
+  // With 2 bytes of content, there is 1 remaining after reading the content.
+  let extraDataSEQUENCE = new DER.DER([0x30, 0x02, 0xab, 0xcd, 0xef]);
+  content = extraDataSEQUENCE.readTagAndGetContents(DER.SEQUENCE);
+  equal(content.length, 2, "content should have length 2");
+  deepEqual(content, [0xab, 0xcd], "value of content should be [0xab, 0xcd]");
+  ok(!extraDataSEQUENCE.atEnd(),
+     "extraDataSEQUENCE should not be at the end of its input");
+  throws(() => extraDataSEQUENCE.assertAtEnd(), /extra data/,
+         "should get 'extra data' error");
+
+  // The length of 0x81 0x01 is invalid because it could be encoded as just
+  // 0x01, which is shorter.
+  let invalidLengthSEQUENCE1 = new DER.DER([0x30, 0x81, 0x01, 0x00]);
+  throws(() => invalidLengthSEQUENCE1.readTagAndGetContents(DER.SEQUENCE),
+         /invalid length/, "should get 'invalid length' error");
+
+  // Similarly, 0x82 0x00 0x01 could be encoded as just 0x01, which is shorter.
+  let invalidLengthSEQUENCE2 = new DER.DER([0x30, 0x82, 0x00, 0x01, 0x00]);
+  throws(() => invalidLengthSEQUENCE2.readTagAndGetContents(DER.SEQUENCE),
+         /invalid length/, "should get 'invalid length' error");
+
+  // Lengths requiring 4 bytes to encode are not supported.
+  let unsupportedLengthSEQUENCE = new DER.DER([0x30, 0x83, 0x01, 0x01, 0x01]);
+  throws(() => unsupportedLengthSEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+         /unsupported length/, "should get 'unsupported length' error");
+
+  // Indefinite lengths are not supported (and aren't DER anyway).
+  let unsupportedASN1SEQUENCE = new DER.DER([0x30, 0x80, 0x01, 0x00, 0x00]);
+  throws(() => unsupportedASN1SEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+         /unsupported asn.1/, "should get 'unsupported asn.1' error");
+
+  let unexpectedTag = new DER.DER([0x31, 0x01, 0x00]);
+  throws(() => unexpectedTag.readTagAndGetContents(DER.SEQUENCE),
+         /unexpected tag/, "should get 'unexpected tag' error");
+
+  let readTLVTestcase = new DER.DER([0x02, 0x03, 0x45, 0x67, 0x89]);
+  let bytes = readTLVTestcase.readTLV();
+  deepEqual(bytes, [0x02, 0x03, 0x45, 0x67, 0x89],
+            "bytes read with readTLV should be equal to expected value");
+
+  let peekTagTestcase = new DER.DER([0x30, 0x01, 0x00]);
+  ok(peekTagTestcase.peekTag(DER.SEQUENCE),
+     "peekTag should return true for peeking with a SEQUENCE at a SEQUENCE");
+  ok(!peekTagTestcase.peekTag(DER.SET),
+     "peekTag should return false for peeking with a SET at a SEQUENCE");
+  peekTagTestcase.readTLV();
+  ok(!peekTagTestcase.peekTag(DER.SEQUENCE),
+     "peekTag should return false for peeking at a DER with no more data");
+
+  let tlvChoiceTestcase = new DER.DER([0x31, 0x02, 0xaa, 0xbb]);
+  let tlvChoiceContents = tlvChoiceTestcase.readTLVChoice([DER.NULL, DER.SET]);
+  deepEqual(tlvChoiceContents, [0x31, 0x02, 0xaa, 0xbb],
+            "readTLVChoice should return expected bytes");
+
+  let tlvChoiceNoMatchTestcase = new DER.DER([0x30, 0x01, 0xff]);
+  throws(() => tlvChoiceNoMatchTestcase.readTLVChoice([DER.NULL, DER.SET]),
+         /unexpected tag/,
+         "readTLVChoice should throw if no matching tag is found");
+}
+
+function run_bit_string_tests() {
+  let bitstringDER = new DER.DER([0x03, 0x04, 0x03, 0x01, 0x02, 0xf8]);
+  let bitstring = bitstringDER.readBIT_STRING();
+  equal(bitstring.unusedBits, 3, "BIT STRING should have 3 unused bits");
+  deepEqual(bitstring.contents, [0x01, 0x02, 0xf8],
+            "BIT STRING should have expected contents");
+
+  let bitstringTooManyUnusedBits = new DER.DER([0x03, 0x02, 0x08, 0x00]);
+  throws(() => bitstringTooManyUnusedBits.readBIT_STRING(),
+         /invalid BIT STRING encoding/,
+         "BIT STRING with too many unused bits should throw");
+
+  // A BIT STRING must have the unused bits byte, and so its length must be at
+  // least one.
+  let bitstringMissingUnusedBits = new DER.DER([0x03, 0x00]);
+  throws(() => bitstringMissingUnusedBits.readBIT_STRING(),
+         /invalid BIT STRING encoding/,
+         "BIT STRING with missing unused bits (and no contents) should throw");
+
+  // The minimal BIT STRING is 03 01 00 (zero bits of padding and zero bytes of
+  // content).
+  let minimalBitstringDER = new DER.DER([0x03, 0x01, 0x00]);
+  let minimalBitstring = minimalBitstringDER.readBIT_STRING();
+  equal(minimalBitstring.unusedBits, 0,
+       "minimal BIT STRING should have 0 unused bits");
+  equal(minimalBitstring.contents.length, 0,
+        "minimal BIT STRING should have empty contents");
+
+  // However, a BIT STRING with zero bytes of content can't have any padding,
+  // because that makes no sense.
+  let noContentsPaddedBitstringDER = new DER.DER([0x03, 0x01, 0x03]);
+  throws(() => noContentsPaddedBitstringDER.readBIT_STRING(),
+          /invalid BIT STRING encoding/,
+         "BIT STRING with no contents with non-zero padding should throw");
+}
+
+function run_compound_tests() {
+  let derBytes =
+    [ 0x30, 0x1a,                       // SEQUENCE
+        0x02, 0x02, 0x77, 0xff,         //   INTEGER
+        0x06, 0x03, 0x2b, 0x01, 0x01,   //   OBJECT IDENTIFIER
+        0x30, 0x07,                     //   SEQUENCE
+          0x05, 0x00,                   //     NULL
+          0x02, 0x03, 0x45, 0x46, 0x47, //     INTEGER
+        0x30, 0x06,                     //   SEQUENCE
+          0x02, 0x02, 0x00, 0xff,       //     INTEGER
+          0x05, 0x00 ];                 //     NULL
+  let der = new DER.DER(derBytes);
+  let contents = new DER.DER(der.readTagAndGetContents(DER.SEQUENCE));
+  let firstINTEGER = contents.readTagAndGetContents(DER.INTEGER);
+  deepEqual(firstINTEGER, [0x77, 0xff],
+            "first INTEGER should have expected value");
+  let oid = contents.readTagAndGetContents(DER.OBJECT_IDENTIFIER);
+  deepEqual(oid, [0x2b, 0x01, 0x01],
+            "OBJECT IDENTIFIER should have expected value");
+
+  let firstNested = new DER.DER(contents.readTagAndGetContents(DER.SEQUENCE));
+  let firstNestedNULL = firstNested.readTagAndGetContents(DER.NULL);
+  equal(firstNestedNULL.length, 0,
+        "first nested NULL should have expected value (empty array)");
+  let firstNestedINTEGER = firstNested.readTagAndGetContents(DER.INTEGER);
+  deepEqual(firstNestedINTEGER, [0x45, 0x46, 0x47],
+            "first nested INTEGER should have expected value");
+  firstNested.assertAtEnd();
+
+  let secondNested = new DER.DER(contents.readTagAndGetContents(DER.SEQUENCE));
+  let secondNestedINTEGER = secondNested.readTagAndGetContents(DER.INTEGER);
+  deepEqual(secondNestedINTEGER, [0x00, 0xff],
+            "second nested INTEGER should have expected value");
+  let secondNestedNULL = secondNested.readTagAndGetContents(DER.NULL);
+  equal(secondNestedNULL.length, 0,
+        "second nested NULL should have expected value (empty array)");
+  secondNested.assertAtEnd();
+
+  contents.assertAtEnd();
+  der.assertAtEnd();
+
+  let invalidDERBytes =
+    [ 0x30, 0x06,     // SEQUENCE
+        0x30, 0x02,   //   SEQUENCE
+          0x02, 0x01, //     INTEGER (missing data)
+        0x05, 0x00,   //   NULL
+      0x00, 0x00 ];   // (extra data)
+  let invalidDER = new DER.DER(invalidDERBytes);
+  let invalidContents = new DER.DER(
+    invalidDER.readTagAndGetContents(DER.SEQUENCE));
+  let invalidContentsContents = new DER.DER(
+    invalidContents.readTagAndGetContents(DER.SEQUENCE));
+  throws(() => invalidContentsContents.readTagAndGetContents(DER.INTEGER),
+         /data truncated/, "should throw due to missing data");
+  let nestedNULL = invalidContents.readTagAndGetContents(DER.NULL);
+  equal(nestedNULL.length, 0, "nested NULL should have expected value");
+  invalidContents.assertAtEnd();
+  throws(() => invalidDER.assertAtEnd(), /extra data/,
+         "should throw due to extra data");
+}
+
+function run_test() {
+  run_simple_tests();
+  run_bit_string_tests();
+  run_compound_tests();
+}
diff --git a/security/manager/ssl/tests/unit/test_enterprise_roots.js b/security/manager/ssl/tests/unit/test_enterprise_roots.js
new file mode 100644
index 000000000..de1b3a529
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_enterprise_roots.js
@@ -0,0 +1,58 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests enterprise root certificate support. When configured to do so, the
+// platform will attempt to find and import enterprise root certificates. This
+// feature is specific to Windows.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+function check_no_enterprise_roots_imported(certDB, dbKey = undefined) {
+  let enterpriseRoots = certDB.getEnterpriseRoots();
+  equal(enterpriseRoots, null, "should not have imported any enterprise roots");
+  if (dbKey) {
+    let cert = certDB.findCertByDBKey(dbKey);
+    // If the garbage-collector hasn't run, there may be reachable copies of
+    // imported enterprise root certificates. If so, they shouldn't be trusted
+    // to issue TLS server auth certificates.
+    if (cert) {
+      ok(!certDB.isCertTrusted(cert, Ci.nsIX509Cert.CA_CERT,
+                               Ci.nsIX509CertDB.TRUSTED_SSL),
+         "previously-imported enterprise root shouldn't be trusted to issue " +
+         "TLS server auth certificates");
+    }
+  }
+}
+
+function check_some_enterprise_roots_imported(certDB) {
+  let enterpriseRoots = certDB.getEnterpriseRoots();
+  notEqual(enterpriseRoots, null, "should have imported some enterprise roots");
+  let enumerator = enterpriseRoots.getEnumerator();
+  let foundNonBuiltIn = false;
+  let savedDBKey = null;
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+    if (!cert.isBuiltInRoot && !savedDBKey) {
+      foundNonBuiltIn = true;
+      savedDBKey = cert.dbKey;
+      do_print("saving dbKey from " + cert.commonName);
+    }
+  }
+  ok(foundNonBuiltIn, "should have found non-built-in root");
+  return savedDBKey;
+}
+
+function run_test() {
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+  check_no_enterprise_roots_imported(certDB);
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", true);
+  let savedDBKey = check_some_enterprise_roots_imported(certDB);
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+  check_no_enterprise_roots_imported(certDB, savedDBKey);
+}
diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js
new file mode 100644
index 000000000..d4aabd888
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -0,0 +1,356 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that end-entity certificates that should successfully verify as EV
+// (Extended Validation) do so and that end-entity certificates that should not
+// successfully verify as EV do not. Also tests related situations (e.g. that
+// failure to fetch an OCSP response results in no EV treatment).
+//
+// A quick note about the certificates in these tests: generally, an EV
+// certificate chain will have an end-entity with a specific policy OID followed
+// by an intermediate with the anyPolicy OID chaining to a root with no policy
+// OID (since it's a trust anchor, it can be omitted). In these tests, the
+// specific policy OID is 1.3.6.1.4.1.13769.666.666.666.1.500.9.1 and is
+// referred to as the test OID. In order to reflect what will commonly be
+// encountered, the end-entity of any given test path will have the test OID
+// unless otherwise specified in the name of the test path. Similarly, the
+// intermediate will have the anyPolicy OID, again unless otherwise specified.
+// For example, for the path where the end-entity does not have an OCSP URI
+// (referred to as "no-ocsp-ee-path-{ee,int}", the end-entity has the test OID
+// whereas the intermediate has the anyPolicy OID.
+// For another example, for the test OID path ("test-oid-path-{ee,int}"), both
+// the end-entity and the intermediate have the test OID.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+do_register_cleanup(() => {
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+});
+
+Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+addCertFromFile(certdb, "test_ev_certs/evroot.pem", "CTu,,");
+addCertFromFile(certdb, "test_ev_certs/non-evroot-ca.pem", "CTu,,");
+
+const SERVER_PORT = 8888;
+
+function failingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+class EVCertVerificationResult {
+  constructor(testcase, expectedPRErrorCode, expectedEV, resolve,
+              ocspResponder) {
+    this.testcase = testcase;
+    this.expectedPRErrorCode = expectedPRErrorCode;
+    this.expectedEV = expectedEV;
+    this.resolve = resolve;
+    this.ocspResponder = ocspResponder;
+  }
+
+  verifyCertFinished(prErrorCode, verifiedChain, hasEVPolicy) {
+    equal(prErrorCode, this.expectedPRErrorCode,
+          `${this.testcase} should have expected error code`);
+    equal(hasEVPolicy, this.expectedEV,
+          `${this.testcase} should result in expected EV status`);
+    this.ocspResponder.stop(this.resolve);
+  }
+}
+
+function asyncTestEV(cert, expectedPRErrorCode, expectedEV,
+                     expectedOCSPRequestPaths, ocspResponseTypes = undefined)
+{
+  let now = Date.now() / 1000;
+  return new Promise((resolve, reject) => {
+    let ocspResponder = expectedOCSPRequestPaths.length > 0
+                      ? startOCSPResponder(SERVER_PORT, "www.example.com",
+                                           "test_ev_certs",
+                                           expectedOCSPRequestPaths,
+                                           expectedOCSPRequestPaths.slice(),
+                                           null, ocspResponseTypes)
+                      : failingOCSPResponder();
+    let result = new EVCertVerificationResult(cert.subjectName,
+                                              expectedPRErrorCode, expectedEV,
+                                              resolve, ocspResponder);
+    certdb.asyncVerifyCertAtTime(cert, certificateUsageSSLServer, 0,
+                                 "ev-test.example.com", now, result);
+  });
+}
+
+function ensureVerifiesAsEV(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let expectedOCSPRequestPaths = gEVExpected
+                               ? [ `${testcase}-int`, `${testcase}-ee` ]
+                               : [ `${testcase}-ee` ];
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected,
+                     expectedOCSPRequestPaths);
+}
+
+function ensureVerifiesAsEVWithNoOCSPRequests(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected, []);
+}
+
+function ensureVerifiesAsDV(testcase, expectedOCSPRequestPaths = undefined) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, PRErrorCodeSuccess, false,
+                     expectedOCSPRequestPaths ? expectedOCSPRequestPaths
+                                              : [ `${testcase}-ee` ]);
+}
+
+function ensureVerificationFails(testcase, expectedPRErrorCode) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, expectedPRErrorCode, false, []);
+}
+
+function verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, expectSuccess) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let now = Date.now() / 1000;
+  let expectedErrorCode = SEC_ERROR_POLICY_VALIDATION_FAILED;
+  if (expectSuccess && gEVExpected) {
+    expectedErrorCode = PRErrorCodeSuccess;
+  }
+  return new Promise((resolve, reject) => {
+    let ocspResponder = failingOCSPResponder();
+    let result = new EVCertVerificationResult(
+      cert.subjectName, expectedErrorCode, expectSuccess && gEVExpected,
+      resolve, ocspResponder);
+    let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY |
+                Ci.nsIX509CertDB.FLAG_MUST_BE_EV;
+    certdb.asyncVerifyCertAtTime(cert, certificateUsageSSLServer, flags,
+                                 "ev-test.example.com", now, result);
+  });
+}
+
+function ensureNoOCSPMeansNoEV(testcase) {
+  return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, false);
+}
+
+function ensureVerifiesAsEVWithFLAG_LOCAL_ONLY(testcase) {
+  return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, true);
+}
+
+function ensureOneCRLSkipsOCSPForIntermediates(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected,
+                     [ `${testcase}-ee` ]);
+}
+
+function verifyWithDifferentOCSPResponseTypes(testcase, responses, expectEV) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let expectedOCSPRequestPaths = gEVExpected
+                               ? [ `${testcase}-int`, `${testcase}-ee` ]
+                               : [ `${testcase}-ee` ];
+  let ocspResponseTypes = gEVExpected ? responses : responses.slice(1);
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected && expectEV,
+                     expectedOCSPRequestPaths, ocspResponseTypes);
+}
+
+function ensureVerifiesAsEVWithOldIntermediateOCSPResponse(testcase) {
+  return verifyWithDifferentOCSPResponseTypes(
+    testcase, [ "longvalidityalmostold", "good" ], true);
+}
+
+function ensureVerifiesAsDVWithOldEndEntityOCSPResponse(testcase) {
+  return verifyWithDifferentOCSPResponseTypes(
+    testcase, [ "good", "longvalidityalmostold" ], false);
+}
+
+function ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(testcase) {
+  return verifyWithDifferentOCSPResponseTypes(
+    testcase, [ "good", "ancientstillvalid" ], false);
+}
+
+// These should all verify as EV.
+add_task(function* plainExpectSuccessEVTests() {
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+  yield ensureVerifiesAsEV("cabforum-oid-path");
+  yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-path");
+  yield ensureVerifiesAsEV("test-and-cabforum-oid-ee-path");
+  yield ensureVerifiesAsEV("reverse-order-oids-path");
+  // In this case, the end-entity has both the CA/B Forum OID and the test OID
+  // (in that order). The intermediate has the CA/B Forum OID. Since the
+  // implementation uses the first EV policy it encounters in the end-entity as
+  // the required one, this successfully verifies as EV.
+  yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-cabforum-oid-int-path");
+});
+
+// These fail for various reasons to verify as EV, but fallback to DV should
+// succeed.
+add_task(function* expectDVFallbackTests() {
+  yield ensureVerifiesAsDV("anyPolicy-ee-path");
+  yield ensureVerifiesAsDV("non-ev-root-path");
+  yield ensureVerifiesAsDV("no-ocsp-ee-path",
+                           gEVExpected ? [ "no-ocsp-ee-path-int" ] : []);
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  // In this case, the end-entity has the test OID and the intermediate has the
+  // CA/B Forum OID. Since the CA/B Forum OID is not treated the same as the
+  // anyPolicy OID, this will not verify as EV.
+  yield ensureVerifiesAsDV("test-oid-ee-cabforum-oid-int-path");
+  // In this case, the end-entity has both the test OID and the CA/B Forum OID
+  // (in that order). The intermediate has only the CA/B Forum OID. Since the
+  // implementation uses the first EV policy it encounters in the end-entity as
+  // the required one, this fails to verify as EV.
+  yield ensureVerifiesAsDV("test-and-cabforum-oid-ee-cabforum-oid-int-path");
+});
+
+// Test that removing the trust bits from an EV root causes verifications
+// relying on that root to fail (and then test that adding back the trust bits
+// causes the verifications to succeed again).
+add_task(function* evRootTrustTests() {
+  clearOCSPCache();
+  let evroot = certdb.findCertByNickname("evroot");
+  do_print("untrusting evroot");
+  certdb.setCertTrust(evroot, Ci.nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.UNTRUSTED);
+  yield ensureVerificationFails("test-oid-path", SEC_ERROR_UNKNOWN_ISSUER);
+  do_print("re-trusting evroot");
+  certdb.setCertTrust(evroot, Ci.nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_SSL);
+  yield ensureVerifiesAsEV("test-oid-path");
+});
+
+// Test that if FLAG_LOCAL_ONLY and FLAG_MUST_BE_EV are specified, that no OCSP
+// requests are made (this also means that nothing will verify as EV).
+add_task(function* localOnlyMustBeEVTests() {
+  clearOCSPCache();
+  yield ensureNoOCSPMeansNoEV("anyPolicy-ee-path");
+  yield ensureNoOCSPMeansNoEV("anyPolicy-int-path");
+  yield ensureNoOCSPMeansNoEV("non-ev-root-path");
+  yield ensureNoOCSPMeansNoEV("no-ocsp-ee-path");
+  yield ensureNoOCSPMeansNoEV("no-ocsp-int-path");
+  yield ensureNoOCSPMeansNoEV("test-oid-path");
+});
+
+
+// Under certain conditions, OneCRL allows us to skip OCSP requests for
+// intermediates.
+add_task(function* oneCRLTests() {
+  clearOCSPCache();
+
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // set the blocklist-background-update-timer value to the recent past
+  Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+                            Math.floor(Date.now() / 1000) - 1);
+  Services.prefs.setIntPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer",
+    Math.floor(Date.now() / 1000) - 1);
+
+  yield ensureOneCRLSkipsOCSPForIntermediates("anyPolicy-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("no-ocsp-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("test-oid-path");
+
+  clearOCSPCache();
+  // disable OneCRL OCSP Skipping (no staleness allowed)
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 0);
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  // Because the intermediate in this case is missing an OCSP URI, it will not
+  // validate as EV, but it should fall back to DV.
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  clearOCSPCache();
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // set the blocklist-background-update-timer value to the more distant past
+  Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+                            Math.floor(Date.now() / 1000) - 108080);
+  Services.prefs.setIntPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer",
+    Math.floor(Date.now() / 1000) - 108080);
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  clearOCSPCache();
+  // test that setting "security.onecrl.via.amo" results in the correct
+  // OCSP behavior when services.blocklist.onecrl.checked is in the distant past
+  // and blacklist-background-update-timer is recent
+  Services.prefs.setBoolPref("security.onecrl.via.amo", false);
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // set the blocklist-background-update-timer value to the recent past
+  // (services.blocklist.onecrl.checked defaults to 0)
+  Services.prefs.setIntPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer",
+    Math.floor(Date.now() / 1000) - 1);
+
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  clearOCSPCache();
+  // test that setting "security.onecrl.via.amo" results in the correct
+  // OCSP behavior when services.blocklist.onecrl.checked is recent
+  Services.prefs.setBoolPref("security.onecrl.via.amo", false);
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // now set services.blocklist.onecrl.checked to a recent value
+  Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+                            Math.floor(Date.now() / 1000) - 1);
+  yield ensureOneCRLSkipsOCSPForIntermediates("anyPolicy-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("no-ocsp-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("test-oid-path");
+
+  Services.prefs.clearUserPref("security.onecrl.via.amo");
+  Services.prefs.clearUserPref("security.onecrl.maximum_staleness_in_seconds");
+  Services.prefs.clearUserPref("services.blocklist.onecrl.checked");
+  Services.prefs.clearUserPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer");
+});
+
+// Prime the OCSP cache and then ensure that we can validate certificates as EV
+// without hitting the network. There's two cases here: one where we simply
+// validate like normal and then check that the network was never accessed and
+// another where we use flags to mandate that the network not be used.
+add_task(function* ocspCachingTests() {
+  clearOCSPCache();
+
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  yield ensureVerifiesAsEVWithNoOCSPRequests("anyPolicy-int-path");
+  yield ensureVerifiesAsEVWithNoOCSPRequests("test-oid-path");
+
+  yield ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("anyPolicy-int-path");
+  yield ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("test-oid-path");
+});
+
+// Old-but-still-valid OCSP responses are accepted for intermediates but not
+// end-entity certificates (because of OCSP soft-fail this results in DV
+// fallback).
+add_task(function* oldOCSPResponseTests() {
+  clearOCSPCache();
+
+  yield ensureVerifiesAsEVWithOldIntermediateOCSPResponse("anyPolicy-int-path");
+  yield ensureVerifiesAsEVWithOldIntermediateOCSPResponse("test-oid-path");
+
+  clearOCSPCache();
+  yield ensureVerifiesAsDVWithOldEndEntityOCSPResponse("anyPolicy-int-path");
+  yield ensureVerifiesAsDVWithOldEndEntityOCSPResponse("test-oid-path");
+
+  clearOCSPCache();
+  yield ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(
+    "anyPolicy-int-path");
+  yield ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse("test-oid-path");
+});
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem
new file mode 100644
index 000000000..16c8578ba
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAj2gAwIBAgIUdTRdmHF1nt5GeEIkzoOGqryTsYEwCwYJKoZIhvcNAQEL
+MCAxHjAcBgNVBAMMFWFueVBvbGljeS1lZS1wYXRoLWludDAiGA8yMDE1MTEyODAw
+MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRhbnlQb2xpY3ktZWUt
+cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBhTCBgjBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGG
+MWh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9hbnlQb2xpY3ktZWUtcGF0aC1l
+ZS8wEQYDVR0gBAowCDAGBgRVHSAAMB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhhbXBs
+ZS5jb20wCwYJKoZIhvcNAQELA4IBAQCc4ivLkr+56RCJVvd+Rf/LccwmQAPVUSkF
+wE7UsIhzQAUbQSHZcNaNMTI1HmhpysH0FLbxDoIo26L7xQAuBDJ23Vqot15Iizg/
+anfFUFGf2ZWs6R37m1s9VaCUONX/+vpOrPQgqTIGRu7KCWiXw1EgbBsxuRmUDl8S
+gxYf1Bv5kTdKo7Bmns3kErlqQn4d42uCl/LEtXi7r3hUHN8VfcmFeN1JjHzVbTg0
+KaLmKVTmF8emaJZFcZrPL3ijrseoqfgpw620pq7Yl6QW68d49l/RvjKrf02UmTut
+0048te+z2fmKe/yrTDLiMIQ8gJMiocg2YU0TB7G4b2Y6dsp4A/Mh
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..a9175c32e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:anyPolicy-ee-path-int
+subject:anyPolicy-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-ee/
+extension:certificatePolicies:any
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem
new file mode 100644
index 000000000..bcab0c65a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiqgAwIBAgIUD6vIeK5yuQLyDr+zHpbaW+0wD3EwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAgMR4wHAYDVQQDDBVhbnlQb2xpY3ktZWUtcGF0aC1pbnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+gYAwfjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBOBggrBgEFBQcBAQRCMEAw
+PgYIKwYBBQUHMAGGMmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9hbnlQb2xp
+Y3ktZWUtcGF0aC1pbnQvMBEGA1UdIAQKMAgwBgYEVR0gADALBgkqhkiG9w0BAQsD
+ggEBADc8HhaxO180zcQ2zVqrD7h42/c3KQKf5hcfqdVfcQjcca14TbXuPzVGFa9v
++Qrwf/YCPY95Gt/a4DIU3gX33dCceGTe7psvKN0hivLiRgubCnoGKR20Aig2TmMh
+OPoRHvPw1wIR74WEijENVPs8SnMVEoK31Xkj/XgX6v3MhTb5GPDHrgOcrHV1+jtq
+Ko4LJwLR0HlkUC+vH70uQf8f/Nz1lPqJiRlh9Vn2t4RQDag2ILDBdH+lo1vJjezH
+mizIIpbJQfOEakpWhIrBg1M/6WjfqPK6VBejWqAs75WMNNQ8NKiuPbhY+N6PKj/8
+S6XMJ95yBEzu06da061MBelmcQU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec
new file mode 100644
index 000000000..c49f6c4bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:anyPolicy-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
new file mode 100644
index 000000000..d68714416
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAk6gAwIBAgIUSyt03+W1sNq92wKRpi8je9wO0iAwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmFueVBvbGljeS1pbnQtcGF0aC1pbnQwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIDEeMBwGA1UEAwwVYW55UG9saWN5LWlu
+dC1wYXRoLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo4GUMIGRME4GCCsGAQUFBwEBBEIwQDA+BggrBgEFBQcw
+AYYyaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2FueVBvbGljeS1pbnQtcGF0
+aC1lZS8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcw
+FYITZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBADg1ogV4XMjH
+vcAxesEyvOWWvxsqNHh1aIovsVzYSTiIrHw8uLsP9ZQ8lyESXwIjGDIj2889k3pa
+KifGDAWhakTs8GLaHwwU8Qpu5EF/5QrLhniz9mIeo+jkP0icn81tUhb5k+s46+q3
+7zcJFbQxCFxRROLEZk+ZX/cVqZYXgZKtXELHei4Log0j8kaMAGoTR+/x+dbXTX+o
+wnNUXGDrY8KpSZdQZw1bvp0pHYDYPE5nt9t8eg94oE/3nGFkho4Jh8fJmxSbnUQY
+FBZQ2ySM/I8H9Cz0b1CX+aQK4uVLH0LtHKe2uF4xeYcfgp9KfcmztDLHNYhQXTnx
+WZxgHyA+BmU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
new file mode 100644
index 000000000..1c643c2f9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:anyPolicy-int-path-int
+subject:anyPolicy-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
new file mode 100644
index 000000000..b4a54cebc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiygAwIBAgIUTejPNCi+ZldwCAjvftiELTX+uBAwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAhMR8wHQYDVQQDDBZhbnlQb2xpY3ktaW50LXBhdGgtaW50MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+o4GBMH8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTwYIKwYBBQUHAQEEQzBB
+MD8GCCsGAQUFBzABhjNodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvYW55UG9s
+aWN5LWludC1wYXRoLWludC8wEQYDVR0gBAowCDAGBgRVHSAAMAsGCSqGSIb3DQEB
+CwOCAQEAZSGuT569hIFwu/Us43pVEaZr7G2ZLiU40GkBlSKb/bTaTx96TBLZlaNR
+twUhF1/A3GW5lThUGUsG0QliX9JCWpi2xkpOGT3de3l+lG9IMAWU+nsNKqJCkssd
+R31IsyUMQii9BRmecHAIQRtHC6qS4no1ihu3w5aouVFhvsL+A5Te8ZEzDpiwR+2k
++urptl3fbl9jY5SnzCkVJtO6DFYq4S/PmiYa/hxhWHq3m6vi7/NKrYI6/ujIlC1a
+Q+/1146/SNT72PBxwsE6pMNYP65U4KZpXnAPHqtUvz3qx25ARQPX9N36EPJcWXOJ
+mxqiK2IShzSnwPTtRLW0v33qWMT41A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
new file mode 100644
index 000000000..5f5adacc7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:anyPolicy-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 000000000..5bbfba9e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqugAwIBAgIUP6b4yk51KguhcdxInOQFqDVQnyEwCwYJKoZIhvcNAQEL
+MD0xOzA5BgNVBAMMMmNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1bS1v
+aWQtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMDwxOjA4BgNVBAMMMWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1
+bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG
+CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvY2FiZm9ydW0t
+YW5kLXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g
+BCEwHzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT
+ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAAfSIEX8CSplrc33
+aoWe2NEuQMunJNSHhUk+M00k+4nTTCClTNC7YW8tcNdZ6aliPBVGVN23Sv0lrs08
+lCS04wk+/Dtm45bQ+dhklADIofvyMzhHXTYK6hqN1eXQ+0cMrvZc+A9t7xi/V/J5
+f4e2Vf15UEsjDjILrBxpNvUzJu9XBmpMA2tFwrG5p+PyUlK945umfjqLObd8pLU0
+NK/Wf3uT3Q/ZrsaTf9xFT/+723pweyHCqPK0SbV4CcAVgXnmQVhi25rgZPsNskM4
+rRQ3oKKCdlEX5U1usc4+1H9IPunVK4Q0tsW0Anvnn284ShRM+7k2WxhC9HyGc5K9
+Jcn8jeY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 000000000..c72237e45
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-and-test-oid-ee-cabforum-oid-int-path-int
+subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 000000000..95c8be6cd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmagAwIBAgIUO7XOeVsNdvHXnjEwzmBWRhwYLVcwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjA9MTswOQYDVQQDDDJjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtY2Fi
+Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/
+MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6
+Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUt
+Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL
+BgkqhkiG9w0BAQsDggEBAKuq7oEHz2AZ1kD2Y6xx1twwhGa1Iii+l0SjOw3fr6w4
+264nVoCSK8unI0DBXFj4xv3ugKSiYqqV2EFaJUOXcVK8ofq03GSwVKEos5HVHYx9
+A/nVmvxNnIc7wdaHlrWOc0wdWHSUx3s9Gtt2L3XXZ7qhtvv4CGABVphP7cZDewZX
++06/A/js8sHcKCeQp+o6RlqsCRJpJO0t2i7sP0TDGAFKOj86mXG1Bii+1R9W8FzU
+IcQZYJV1ht4l32zndRVR2anhHxY+sqZBC4+Tn2Hph6FsnVvV7q5iedyV2NAkQ+xA
+DJFsUOokGNad1xn8gR3eFWvz/Zp3M1+UAO7jakZKiIA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 000000000..92ebdb37f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem
new file mode 100644
index 000000000..1ccb37723
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnigAwIBAgIUDTSMnfcFGBwaZXHlyI/kKWHPyXkwCwYJKoZIhvcNAQEL
+MCwxKjAoBgNVBAMMIWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1wYXRoLWludDAi
+GA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjArMSkwJwYDVQQDDCBj
+YWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr
+BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206
+ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw
+HzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBABb8sKuyt3smMp0C8iMc
+aJm3zuS5Rjwv1h7Nd8E/eSOA14p/V62DWFNdF13Apxy6DsZOb2O5uyKYrZ/7A/8i
+ipCwhpC8Fv3fcfBW6nSkQfzxNSYQ9AwBAYs2JTEc2/MRX3U7o6qbxVpVyQu4QYA5
+QU8HlPsq87Ai6wC32M2+BdHlu5y0Qv5MnXYlahJbpABmEKwGZ4eSo1A5IKBZbClV
+y+VvmInHMv/P3bi27SBGhLMT/ohHWJ0gmjxWmbSgU+LkyPdsTm7kfFYM83C6o9S7
+MCNFNLMXwfIKLrDPpayWHPlQeYS3r0ywsSF6stm8lKUwPvp+YL/dVB2+SdKf+idt
+kus=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..36f80e017
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-and-test-oid-ee-path-int
+subject:cabforum-and-test-oid-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem
new file mode 100644
index 000000000..7f6ac062f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkOgAwIBAgIUY/r3cjSLbcqZBXaLaZ3P+1fOgVowCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAsMSowKAYDVQQDDCFjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0
+aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI
+KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t
+Ojg4ODgvY2FiZm9ydW0tYW5kLXRlc3Qtb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE
+CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQAW1rhYpmdW1ZyMbwBmUZmgUQt2
+Ux66oSK0sIV4r9A6jkh0CiWBSycfINVVXZIwpr+Nf3Ahgk+i9Y2GGrXhG73VPpt1
+G1onjO4lA+BIk/mn7KiewPMEiyyhxr0KAo1xlQlv38XbWtrhUERPiO1F0SCH0eR1
+X0Zz+jIxwl11moFyYtyclD8PLTMoXK2WlAfg0dBbY3VO0KFpb4m0XI9XM2Uj/7SI
+tENZ8G3udR/4D7rDtSxlFwNxoL4keB+CFLyDJeUt+3yzM3vlmpfk4kNQiNAiMwHI
+zxpqnKTG7myxPscGJV2V9PtUftet8b779e3k4xOxYGbSO2wmjjH1Y0cCbM/w
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec
new file mode 100644
index 000000000..79ae7ae80
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-and-test-oid-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem
new file mode 100644
index 000000000..d0ccbac0a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAj6gAwIBAgIUd4mge/NQNkIIbQbJ3HKDOf/OPIIwCwYJKoZIhvcNAQEL
+MCAxHjAcBgNVBAMMFWNhYmZvcnVtLW9pZC1wYXRoLWludDAiGA8yMDE1MTEyODAw
+MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRjYWJmb3J1bS1vaWQt
+cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBhjCBgzBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGG
+MWh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1vaWQtcGF0aC1l
+ZS8wEgYDVR0gBAswCTAHBgVngQwBATAeBgNVHREEFzAVghNldi10ZXN0LmV4YW1w
+bGUuY29tMAsGCSqGSIb3DQEBCwOCAQEAUIxXzjuDVuDBhhzc3js1G/R4nfZwOfjB
+e3FXx8ayy5SzfYnH7hPadAUKQTFVwmMYg3rOKza0/FmOstv/k/EF7DYhti0jmLHs
+vXBzPp5Py0YYX56Dcu56khagh/SBBXvrb8/1ew4a39+4QRQ5c0q8dv6Jlyl2MS9f
+gfZ+LhNelFDV0TCnHV2kMMSBVxUuPzxEmZdUP3nSLar0uHfr86tf/B5v88PWFvbE
+APWxGSK8IZRqoEFRa+E4uFI77rBCi/xAMmz3j+a7Yn+Jwk/erLA8S1EqxaNJfbit
+Z33ZtK6A113HhL7H3HG7b60S/wOHHtZC6SwZKgKe31thRjw5yowokA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec
new file mode 100644
index 000000000..86fd9aca3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-oid-path-int
+subject:cabforum-oid-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-ee/
+extension:certificatePolicies:2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem
new file mode 100644
index 000000000..e377615fa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAiugAwIBAgIUXUOtQK+aJ2J+V0n3URZbsU6P6CEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAgMR4wHAYDVQQDDBVjYWJmb3J1bS1vaWQtcGF0aC1pbnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+gYEwfzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBOBggrBgEFBQcBAQRCMEAw
+PgYIKwYBBQUHMAGGMmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1
+bS1vaWQtcGF0aC1pbnQvMBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQEL
+A4IBAQBzhdaDee1NHVryrmDv4qRvpNX08ogylFYwBfmEZWSbBMTO0znLIzk34/AR
+UpHq1AaeirhGTB9jh6j1jzMAI284J9pgstl9Hy+SmmIzk3KLsD5A4vCepBKKgAJO
+1XP3ie4L0/Ra1b7aSF7GlhJH7niIGnfOGwvRYem/ckcbS0DsLhZvTgYKJ0oIkgJH
+SvEhhL/Npf4/77G1+CHykXTR2tIyQM/HwUm+kurcRw0bf548T77hQpgKNW5aieNE
+TJA1ISYEa7el3WBBOc73b68V7M5ph5DXegi7a5xbMpjn5efCBvE2UUS9KETBVuxc
+tkinQaqkzDlPr+5PFByURXyz45C/
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec
new file mode 100644
index 000000000..343307164
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-oid-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/moz.build b/security/manager/ssl/tests/unit/test_ev_certs/moz.build
new file mode 100644
index 000000000..286097c1c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/moz.build
@@ -0,0 +1,48 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'anyPolicy-ee-path-ee.pem',
+#    'anyPolicy-ee-path-int.pem',
+#    'anyPolicy-int-path-ee.pem',
+#    'anyPolicy-int-path-int.pem',
+#    'cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem',
+#    'cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem',
+#    'cabforum-and-test-oid-ee-path-ee.pem',
+#    'cabforum-and-test-oid-ee-path-int.pem',
+#    'cabforum-oid-path-ee.pem',
+#    'cabforum-oid-path-int.pem',
+#    'evroot.pem',
+#    'no-ocsp-ee-path-ee.pem',
+#    'no-ocsp-ee-path-int.pem',
+#    'no-ocsp-int-path-ee.pem',
+#    'no-ocsp-int-path-int.pem',
+#    'non-ev-root-path-ee.pem',
+#    'non-ev-root-path-int.pem',
+#    'non-evroot-ca.pem',
+#    'reverse-order-oids-path-ee.pem',
+#    'reverse-order-oids-path-int.pem',
+#    'test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem',
+#    'test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem',
+#    'test-and-cabforum-oid-ee-path-ee.pem',
+#    'test-and-cabforum-oid-ee-path-int.pem',
+#    'test-oid-ee-cabforum-oid-int-path-ee.pem',
+#    'test-oid-ee-cabforum-oid-int-path-int.pem',
+#    'test-oid-path-ee.pem',
+#    'test-oid-path-int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'evroot.key',
+#    'test-oid-path-int.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
new file mode 100644
index 000000000..bdb27bc87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfagAwIBAgIUX8e03l3JoXPCHh9CMl58PfYnzkowCwYJKoZIhvcNAQEL
+MB4xHDAaBgNVBAMME25vLW9jc3AtZWUtcGF0aC1pbnQwIhgPMjAxNTExMjgwMDAw
+MDBaGA8yMDE4MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwSbm8tb2NzcC1lZS1wYXRo
+LWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABo0MwQTAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAe
+BgNVHREEFzAVghNldi10ZXN0LmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA
+ciXsc2FRYi4E0cofGtumXR2SzIitXdAXUwSvXz6407BEYIFOv/DnDr+EmpDF7a/Y
+rd+7ewODY19FYjw4tcsWY3Yz1key68TFn+BuudyGwuTS2Uq3wQTkP0PMtBNQLQ0S
+qZRjH5wJkqn/WSeuYqv4f5bTu2fgfloiCAfKA3Pisrmg0iJ5O7k0QN3QhiCkgbab
+LzmssU/YpiS8KwbUPIC5cmt/Y2OLMI4R3GMdNKEm+ykJ79mNysGahtFP8klfcOk4
+F4GYQu1Rmb+sNXvMnFMh5TkforL4rqv/ItGcQx3mvtAhtpZAI65O+oURoXmaQdN1
+6DUFil8O/ybcKph4NE5P0w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..ece1cf816
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:no-ocsp-ee-path-int
+subject:no-ocsp-ee-path-ee
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem
new file mode 100644
index 000000000..77f66fa60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiWgAwIBAgIUX0+dCnv5fVmpIQhV708UOhoqNBcwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAeMRwwGgYDVQQDDBNuby1vY3NwLWVlLXBhdGgtaW50MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo34w
+fDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBMBggrBgEFBQcBAQRAMD4wPAYI
+KwYBBQUHMAGGMGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9uby1vY3NwLWVl
+LXBhdGgtaW50LzARBgNVHSAECjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQBW
+nipIWEgiTZ1MNbN/1+lrhxExtkFdF6nzD3ob1Gsc2oJ3tCa2Oq7uUT6AMJ7aGPz/
+XnFkl6hmzLP0EyVR9un/nL9gkynGFsHzl7OFndE4SriD9ynAdNA1lPE2+gRqYhN4
+O2RxZx+Q61jWmWvPxUi/ihX9EVxYNOwrlu4t1K0G5HhFKMaXnx8dQFLxYGW8y9BF
+4c/Met9ocpV+p2b5kaiqEigZWzg14/jjeVkrFggycZOrfjwKOU5ICYY0Ap87yFT0
+ilefvG6syp+1swrM2yKwQIRpfDDjNi0ZxoKkzQ8bENuC6u0okcQs/rttlfRFqkl7
+g+aKagJNH0XrpaNPTsM9
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec
new file mode 100644
index 000000000..5eb952a9a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:no-ocsp-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem
new file mode 100644
index 000000000..19b8e6bd1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXjCCAkigAwIBAgIUU04Uw7andDfJBFPO0TwReJsY/VowCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFG5vLW9jc3AtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME25vLW9jc3AtaW50LXBh
+dGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgZIwgY8wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBo
+dHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvbm8tb2NzcC1pbnQtcGF0aC1lZS8w
+HwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBADN46jobibbTxmEdbvG6
+JS8+vofUrsLIWfEfagl9R+i5Ix33sJRHF+4yrFN1DT7Eg7LJV+cGJh4wyOf0sgJR
+LIjQxjIQadvCnEezhrZ7j0TUCZqV9iiO7O/ROo3qgwH8nCrl6qnKQA18FGyJttni
+DFGkR1PyvMc3CAPcDfdGODVRLWgQUXtFNOdRrG9IKI2BCAMLr3sItW7aJ9BiO6ow
+hqg3XdHUn4kzVbuGuiJsg60oSxNYawKd4oYg2yQctgSVHg/3ZFRDO02ntxUppoem
+uQtB+4qHaZgk7m8OFKMQlbq48rpkPHRLIBdIRJJc8WKj+XNsVrezzoU37XE2AFPp
+dhI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec
new file mode 100644
index 000000000..623057e9e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:no-ocsp-int-path-int
+subject:no-ocsp-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem
new file mode 100644
index 000000000..cd496900b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUfbT9i6G6QnOCLGdEg6DChw0RBrwwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAfMR0wGwYDVQQDDBRuby1vY3NwLWludC1wYXRoLWludDCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMw
+MC4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
+MAsGCSqGSIb3DQEBCwOCAQEAb9WQQmnK6eJUDK/ez/oEKfGxVSw/J6KlPCwHbUtC
+JQ6smyBs8E4eq1buQxtRkRDMIsDifSsnCiVXQaMwNR7V+AbJiDl3bU+1lmUtWcP+
+2khUqafvD29OHFcP0EyJ5i4icPJd5/7Kx6rXuTn8avV8oe+Ugq4H0yL7lliL+jvZ
+efcLNaeNT5E4jFj2l0cOoWBDdZ2Y8r6cHYDjWxOq1xi8vg4iDNGZKYuyeGwxf9fl
+gNG9rUyFxs/kv6pQSiREc4OtqkI9tw3L5wf6UrfZ3553BgfSZX6XdVdWpcGZaetd
+rm21WF9oMb5F3PJsUgf/Ustee38VcYO1DVbnEIVumQ3qlQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec
new file mode 100644
index 000000000..548241de3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec
@@ -0,0 +1,6 @@
+issuer:evroot
+subject:no-ocsp-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
new file mode 100644
index 000000000..ffb8a6d3b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXjCCAkigAwIBAgIUD597e4LEXa+njJfkqWZ9MlmV2PgwCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFG5vbi1ldi1yb290LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME25vbi1ldi1yb290LXBh
+dGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgZIwgY8wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBo
+dHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvbm9uLWV2LXJvb3QtcGF0aC1lZS8w
+HwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAJ3Cc5jhMe0FBvQ1y0dT
+/Jj5VYqFfaYpEEHu3vWfOQ0miY07FjTZmbEmuNGs1pSKuGOpqQwpX97TxIPUH1l+
+31vZqHy4wWhZI7Vt38baPlY1I0+fVb+85+WeBQfgiTMUF2Or/cfj1NtHAzTNOmyb
+/H5/41oBydLVLRRh9NQmas3meEtnv1j/TYCuZM+UA31pJIr063kAB2U+vSuVWbSc
+gN0Xeq88d3IKW8M02+OQtPGqGwcYnyZgkKjr9ndjB4irRn5yoC/2ruhJEuGw1k84
+zfuArdbfYlNJaPzyWKpPQChA3I7CaYRFwCJ3+8nKTliDiTPuTba/zxisRLIv9ZX+
+FYA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
new file mode 100644
index 000000000..9895732b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:non-ev-root-path-int
+subject:non-ev-root-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
new file mode 100644
index 000000000..2223a424c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAi6gAwIBAgIUbeCcNZk/68aHlCaLR0Mgh09gK9MwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDW5vbi1ldnJvb3QtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowHzEdMBsGA1UEAwwUbm9uLWV2LXJvb3QtcGF0aC1pbnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjfzB9MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME0GCCsGAQUFBwEB
+BEEwPzA9BggrBgEFBQcwAYYxaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L25v
+bi1ldi1yb290LXBhdGgtaW50LzARBgNVHSAECjAIMAYGBFUdIAAwCwYJKoZIhvcN
+AQELA4IBAQAo5g/5usQqBIfpaeOFV5X8om69PQdcyke2/hWuTBXciSCZ0VhpgloL
+p4EBdh72UZ+HNqiuQ7oKEOBYeA02k11TqZ6kokurabpZjcwrlbkqGSpf+afhK8DK
+lhJdXa9WLBZuY87YPXA0pnpAEQMiDchJAa/gG3Qg2yvtEYAYH+MJT3jIMbYlXeep
+aLNdcG6E0ByrFYAQCi0WIEvwv7krCEliRgp/a1k+s6V84lNkeBzqfflygOXBXPTY
+ws9sg6RxeYBFL3YNU63jonzWfcp9dMusL/Jwdak0r/iwQoSfQGm6X8spjHFKnXUm
+Fp/ccMKeWAZl8mQYisK0vQwlclxfPFeO
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
new file mode 100644
index 000000000..5ce035ae1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
@@ -0,0 +1,6 @@
+issuer:non-evroot-ca
+subject:non-ev-root-path-int
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem
new file mode 100644
index 000000000..b7560f2dc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUGeBAgifObFMlBPIYGTQEPMZ7W9YwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDW5vbi1ldnJvb3QtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNbm9uLWV2cm9vdC1jYTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCz
+X8XmbNmo5v9uMdsHOc7656UJPBX01AkXTAvR9Ny+rCIC70R520o2u43TLcLO3S5e
+KkTzqtQUovzMEmbH543Z/7rgQVsd99YrDd24wLpX439D/PJlsx6gBkBiiqJ+8GfG
+uGdHTW8ov7fvx20dWlZxdjQXrHdkP8wf0X2VfLC/4PI8fzpWY8LqpJ9GSoKYtBKE
+nxSxNr/SJTeEzSUwbNOh1KU4TuYh/GMsZKP5T+08OpTBuFHbcvsOqvyWXSEjRjwf
+PmC95zA2ucn57OmFc+CLcnYsmOd5B6Uc/LzWiOIOLtKpslcJz3xB6+2hEv7LnHUp
+LKCBs95/9OOqJxO/jYhf
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec
new file mode 100644
index 000000000..7b61447a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:non-evroot-ca
+subject:non-evroot-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem
new file mode 100644
index 000000000..8bfe3c24c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmagAwIBAgIUb0DaaKRK60LnPyfYQvv3fv7MDNUwCwYJKoZIhvcNAQEL
+MCYxJDAiBgNVBAMMG3JldmVyc2Utb3JkZXItb2lkcy1wYXRoLWludDAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAlMSMwIQYDVQQDDBpyZXZlcnNl
+LW9yZGVyLW9pZHMtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBojCBnzBTBggrBgEFBQcBAQRHMEUw
+QwYIKwYBBQUHMAGGN2h0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9yZXZlcnNl
+LW9yZGVyLW9pZHMtcGF0aC1lZS8wKAYDVR0gBCEwHzAHBgVngQwBATAUBhIrBgEE
+AetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFtcGxlLmNvbTAL
+BgkqhkiG9w0BAQsDggEBAFHaYdZpIkhnlR8HeiLgSVXhhOh+51dJCMQPGa5GA09W
+90/Tct1J28/7DfVUjdvzX80bWTUkbrEsB12qYPJm+d3B3YSqAS2NHWp7eHwMmTbe
+F3Hxqvu+maLCX/fm7X8t5vCugKrqbbmIMBZ8mrNasR8B3tKIPBFZOt4p+lUfM3rL
+qm7CmQ6OheMcq4pblx6LJMt3CCMPdzyPm6+3Gw9mvBaCXU9exrV1QxxSg8hEpWLw
+/ue3cLx9D6zDITlZZxUXJZOegvKFuVit2JIAv6l2zVIp9IzNnANF2oIOOyVMPP4+
+vDRJTKVchp6fxORk2sCexiEHf6pqj2kmUSMdbsSWxsQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec
new file mode 100644
index 000000000..31e3e69e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:reverse-order-oids-path-int
+subject:reverse-order-oids-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem
new file mode 100644
index 000000000..105064c6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAk6gAwIBAgIUY0aJPcvdA0d7Xu3Ph5O2pk4D5tYwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAmMSQwIgYDVQQDDBtyZXZlcnNlLW9yZGVyLW9pZHMtcGF0aC1pbnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjgZ4wgZswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwVAYIKwYBBQUH
+AQEESDBGMEQGCCsGAQUFBzABhjhodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgv
+cmV2ZXJzZS1vcmRlci1vaWRzLXBhdGgtaW50LzAoBgNVHSAEITAfMBQGEisGAQQB
+60mFGoUahRoBg3QJATAHBgVngQwBATALBgkqhkiG9w0BAQsDggEBADCsEQZgIoiq
+5XqNnz400S/+sVaHPKl+Zh2mtQiKq2hbIre7rYsO6KISoh52DuAZgrjAd7vbn38g
+8iPCZ2qaytaAZzy8UiUuZK4R5pow0aGEbq6AdtHu40lSUsfQ+a0rj7E0zOyGQjVl
+PrKlAirzX4YkMyYH0trSvOZgwwIsroIfYhXnxJpqo9fW900z+JUGSWTQbA1tFHPN
+9OsM4zyFepbZUqWtf2RZMME63JgUFy3Uvk2vHolEX9OGAegUx7hX0nHIdBCLa5GC
+W2Y99olh0T+bk7aULnwAXFmJozIWdpkLmUeNcjWuGvQAniHIm2YhOxg0BVs43VRK
+t2759N2s5Lk=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec
new file mode 100644
index 000000000..a2b523073
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:reverse-order-oids-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-int/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 000000000..1fe162bc7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqugAwIBAgIUC4dd0cUXmrLGZVPePwZkFohfd2kwCwYJKoZIhvcNAQEL
+MD0xOzA5BgNVBAMMMnRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1bS1v
+aWQtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMDwxOjA4BgNVBAMMMXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1
+bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG
+CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvdGVzdC1hbmQt
+Y2FiZm9ydW0tb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g
+BCEwHzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYIT
+ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBALBmgZSBw+XV/TrF
+oSJ1IG5kK1en9TYe+8baPhnoPXODSLfO11ljh69VVVgSOexbuEZ0/8g4BOYKjfZ8
+rZxMgBsBbK0lmDcsKsfE4+JVP8YcZ9xK9PTtNSEpLCv0pOaSs0cyhk/VIrlKnK/v
+oEqvrcTKpezU8lgfRnG+e3riFfjMhMNZn1oGaPPgHNF0CAU29qdVvkrPySsWIeVk
+WbOCh5XfaDZqmSwYWWn7AbVeiCs07bzd0R14/KY1gxVYsoiy/1uSG7QQj82cIt75
+sJja57AGHVtwd43829RYPhNgcDOorSCfErZ5HPQBM75y2Nlsc4f7P6DBrJ8m+Q0E
+5+i3niw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 000000000..edac2fc1a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-and-cabforum-oid-ee-cabforum-oid-int-path-int
+subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 000000000..ce757742d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmagAwIBAgIUKz60qRXEfxjvGay98Cp6DRZMIywwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjA9MTswOQYDVQQDDDJ0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtY2Fi
+Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/
+MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6
+Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUt
+Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL
+BgkqhkiG9w0BAQsDggEBAKgWYdHF4n8WXZ9ZYtEZDF9YYh8jI/KMjKK52jqyvh7u
+Hxbv9SJe6H0sDqKvoIisRzv4QSMoS2QTHUalFgEXAexPK75mpITiCnShpUx+QFnR
+fFjG2Gy4ffC+vxuVThpJtut3SD/a7RAyYc6wP1hjohrtvJdOTmMWIZ7spA/BQaCz
+XxiSreJQiNvbuCImC4t9s95xpwcyTD7yWQD2BrJJP69eM/afkF5lKenAVvQhTKa+
+FT/Br5yVyf8lMgjdYK5FljZGJViy7O4KqoUmttgOttFv9EhcqfbGD/Kh6dJ8aJlD
+sHAjNsHzyyPij28pN5zmXiKtjuvh4L8juZYVePWG0Fw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 000000000..68dfd0057
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem
new file mode 100644
index 000000000..ab86be7d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnigAwIBAgIUfYDrsxuoLVA2xXI6wiQM1Ho1ekcwCwYJKoZIhvcNAQEL
+MCwxKjAoBgNVBAMMIXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1wYXRoLWludDAi
+GA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjArMSkwJwYDVQQDDCB0
+ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr
+BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206
+ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw
+HzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAGxfWJtZkbvUXRKb6ZEw
+2gq44URxeB9DuLfLd1qfEINW+NzhXhyd6BZ7ytLMIQjB55MKc3EM1ZNiU59C+BkV
+IYQF41p5SqKw7Niq4IcnaAGOfCrvZuRJYhU3jxIeLGLI42jk6yuvg/OZjJ61pi0W
+x4CSC3gSJ0oRh/Yg9ZRKo7goNRjH5/UmSGTRF8XqL8+zwTDmUlscON4jKHgZW3iE
+01FUS/haX3S/tUHe8cvu0BGrnhlfUvAr8lMeNIV1B89JYyLdwPi4Ce8prOzRQzqp
+u1jEu2e62t19SaB3PWyTbDHks6RygVrDdIzZ6dtJUmbl7d8Z7VVuvMNGSq6O+inR
+vk4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..affbd8745
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-and-cabforum-oid-ee-path-int
+subject:test-and-cabforum-oid-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem
new file mode 100644
index 000000000..e508339df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkOgAwIBAgIUW3yHLCNMorwxWwyF6vrFuNsEdAQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAsMSowKAYDVQQDDCF0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0
+aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI
+KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t
+Ojg4ODgvdGVzdC1hbmQtY2FiZm9ydW0tb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE
+CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQAXnGkBYTc9jiL1YE4teF+ZRxfk
+Tf2AteJYk53suuAUtQ3xgG4UWY9KHIMF/HLT+ZN3SAsJNgAgg/zBLNaTvt6C52hb
+TUtfW/803g1AUmHAhWg5lruffYpRnKNJdsi6IvWAQec5EDGT8hwq6F28VmgDr3RT
+Je/jgBNzVSifYKQm89f1TJWvdDqWSam0b2ags8l0UPzqHI+GzAn7E2KWamnCXWfD
+BZE9VA/KNc13I/K2tv5zZ/m/LKnTUeSS9qCKCWNjZGI0UIChVcie1t4NJbUf8IUD
+VyUYTm3Z5rO4PUzcR1q8CWzqgb0aKUoq60BWjnr+eipsE0dmc+9OGVAGh3me
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec
new file mode 100644
index 000000000..11630b4b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-and-cabforum-oid-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 000000000..d130202d7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnugAwIBAgIUZXXAUcIl4AT9QKUpEiBvQEk7MZswCwYJKoZIhvcNAQEL
+MDAxLjAsBgNVBAMMJXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1p
+bnQwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLzEtMCsGA1UE
+AwwkdGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRoLWVlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4Gj
+MIGgMF0GCCsGAQUFBwEBBFEwTzBNBggrBgEFBQcwAYZBaHR0cDovL3d3dy5leGFt
+cGxlLmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1l
+ZS8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT
+ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBACBZnkQzVzZgGJRb
+CMAhvJSq9tWlaze1wTsCTo9YJu4/Np2MHdOZqh66saV+6KcNpmuibGwC516ooO9B
+OUBXq3fGurYwMuSQmONQ+i8eDIRDGJHrhSPqlEvZzW5tOMzUMgf8e1YeIVIEy4bz
+KEbDyc7o4fXpVewOqeD52TdR6RmJjXpbGDlSEqWoH6idvvnIMRuXAwTP3BWtZfRd
+w0RM+sEUozTeM1IuWQWe2wJtugLULxroMGJzjyyW0xBPGtrWqi3rdMdz8bKgV0qz
+LOC5OClY9gvEScjBS46RwahMLj5gK8K0Cxoqicx87it/mKrh0/IuJAZLHd/MMzAJ
+eF525sY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 000000000..bd0f955ad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-oid-ee-cabforum-oid-int-path-int
+subject:test-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 000000000..60f9e2855
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkygAwIBAgIUT58S8MhTFBFpWcGoT3Ni9HEDT6IwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAwMS4wLAYDVQQDDCV0ZXN0LW9pZC1lZS1jYWJmb3J1bS1vaWQtaW50
+LXBhdGgtaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo4GSMIGPMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEG
+MF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxl
+LmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1pbnQv
+MBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQELA4IBAQBwXLEGvl0aJ3Wf
+nVJoV9EzL+df9oY0IBpZVpkNSyWQ+111lKMftznJct+mJsuAf23PcHJtUwSWQzaS
+W5DTzF32B6FiPPqS2N8v1eIIM/fjNdZXrMEFGfR5MwwoU4IPwjvIgoFT2LGv9PvP
+82o5PcEurK/HEhWCvn2r1rLAi1sr0sjd/yHJ6otwweWf6U6fREqzoVqB0HxhbToH
+BgR/YmTrFFCvUar/zwH6/G0ZMkJR98q7XairdCDgjlwY6Nk6gXR2noMMHwFeJP+h
+QCkXy2/w6332rmEHzokU3z/p0Y3NtEHK8n0+LIxg6akVovHTvLVJy+THUGQjPe0B
+pxlHKwek
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 000000000..37d4d133a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
new file mode 100644
index 000000000..67e14e875
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj+gAwIBAgIUBR6mXmzAxA30s74v94EkKkcvL/AwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEXRlc3Qtb2lkLXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMBsxGTAXBgNVBAMMEHRlc3Qtb2lkLXBhdGgtZWUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjgY8wgYwwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRwOi8v
+d3d3LmV4YW1wbGUuY29tOjg4ODgvdGVzdC1vaWQtcGF0aC1lZS8wHwYDVR0gBBgw
+FjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFt
+cGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAKMkVA1VZlzajbBFNqwzSGfUipM1TzqH
+YjumITzJSBESfRZPfrtTEFtelfHUVq9Oh4oO8e2RPAgECw/tchZcJW4oYT2+wi1h
+rcHK8DutOC5rMpM3HP0tQlSCVtnb5maF9y/Z7mXrYKB3bYsA5gG022b/w91aiA6a
+MJqhRe8uv5dA1+SVMjgdJTDn+x8TBBwZlmoPSd2I21mC0C2URXRRZkTM1ZRZWnFQ
+brZ94cwfshjpONjPglOiM0p+uVSKhatnP3EqjfQVaTow7+RNPyHXNnaTsgz03j3w
+tnNRDhYZuSZzNZcugylGzt/U9nbE5B2VVjFuAw9DuCeUnPUm0EGxwF4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
new file mode 100644
index 000000000..a9d62c65e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-oid-path-int
+subject:test-oid-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
new file mode 100644
index 000000000..cbfd53b47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAjGgAwIBAgIURUX21bPV9r+a9MgTdgH/Z0JF7fEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAcMRowGAYDVQQDDBF0ZXN0LW9pZC1wYXRoLWludDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBizCB
+iDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBKBggrBgEFBQcBAQQ+MDwwOgYI
+KwYBBQUHMAGGLmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LW9pZC1w
+YXRoLWludC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwCwYJKoZI
+hvcNAQELA4IBAQAZpXz9L80yAL7c4NxT761VSaAxlL7djEAFx8XzTRI3Npd7pH9J
+GjD08pBw4fJoRkVaZhHMfTylYLR/trURFsBF/P9CCqcKUBk6P2hReEsmSV+nG8xp
+zs8M0JEoJbD3gWytwV0LZgc8INkmwo91CYlgvpBqpRrowdyYEc/+pE0lyn6kwjJE
+k6OwDnI1sbl3Aid9iMILITqvt9pRTh2ZbcpgXXRifk+LJNNgo+U54+VHEy1sGjFp
+/tXOqCeKAV5peEbWnXfewaitKTGBE/6zuEBQTeWzNDcwQwSYvS9oRcLxNn/qIyrj
+OIaT9QQeDT0AbHNIRj8npCaZrSxWRMPH12/4
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
new file mode 100644
index 000000000..53534eb52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-oid-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-int/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
new file mode 100644
index 000000000..4db133e43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
@@ -0,0 +1,100 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * vim: sw=2 ts=2 sts=2
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Ensures that HSTS (HTTP Strict Transport Security) and HPKP (HTTP Public key
+// pinning) are cleared when using "Forget About This Site".
+
+var { ForgetAboutSite } = Cu.import("resource://gre/modules/ForgetAboutSite.jsm", {});
+
+do_register_cleanup(() => {
+  Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
+  Services.prefs.clearUserPref(
+    "security.cert_pinning.process_headers_from_non_builtin_roots");
+});
+
+const GOOD_MAX_AGE_SECONDS = 69403;
+const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+const VALID_PIN = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`;
+const BACKUP_PIN = `pin-sha256="${NON_ISSUED_KEY_HASH}";`;
+const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
+
+do_get_profile(); // must be done before instantiating nsIX509CertDB
+
+Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+Services.prefs.setBoolPref(
+  "security.cert_pinning.process_headers_from_non_builtin_roots", true);
+
+var certdb = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+addCertFromFile(certdb, "test_pinning_dynamic/pinningroot.pem", "CTu,CTu,CTu");
+
+var sss = Cc["@mozilla.org/ssservice;1"]
+            .getService(Ci.nsISiteSecurityService);
+var uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
+
+// This test re-uses certificates from pinning tests because that's easier and
+// simpler than recreating new certificates, hence the slightly longer than
+// necessary domain name.
+var sslStatus = new FakeSSLStatus(constructCertFromFile(
+  "test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem"));
+
+// Test the normal case of processing HSTS and HPKP headers for
+// a.pinning2.example.com, using "Forget About Site" on a.pinning2.example.com,
+// and then checking that the platform doesn't consider a.pinning2.example.com
+// to be HSTS or HPKP any longer.
+add_task(function* () {
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE,
+                    sslStatus, 0);
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                    GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
+
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HSTS");
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HPKP");
+
+  yield ForgetAboutSite.removeDataFromDomain("a.pinning2.example.com");
+
+  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should not be HSTS now");
+  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                              "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should not be HPKP now");
+});
+
+// TODO (bug 1290529): the platform does not support this yet.
+// Test the case of processing HSTS and HPKP headers for a.pinning2.example.com,
+// using "Forget About Site" on example.com, and then checking that the platform
+// doesn't consider the subdomain to be HSTS or HPKP any longer.
+add_task(function* () {
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE,
+                    sslStatus, 0);
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                    GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
+
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HSTS (subdomain case)");
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HPKP (subdomain case)");
+
+  yield ForgetAboutSite.removeDataFromDomain("example.com");
+
+  // TODO (bug 1290529):
+  // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  //                             "a.pinning2.example.com", 0),
+  //           "a.pinning2.example.com should not be HSTS now (subdomain case)");
+  // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  //                             "a.pinning2.example.com", 0),
+  //           "a.pinning2.example.com should not be HPKP now (subdomain case)");
+});
diff --git a/security/manager/ssl/tests/unit/test_getchain.js b/security/manager/ssl/tests/unit/test_getchain.js
new file mode 100644
index 000000000..2851c3a70
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain.js
@@ -0,0 +1,82 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb  = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+// This is the list of certificates needed for the test.
+var certList = [
+  'ee',
+  'ca-1',
+  'ca-2',
+];
+
+// Since all the ca's are identical expect for the serial number
+// I have to grab them by enumerating all the certs and then finding
+// the ones that I am interested in.
+function get_ca_array() {
+  let ret_array = [];
+  let allCerts = certdb.getCerts();
+  let enumerator = allCerts.getEnumerator();
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+    if (cert.commonName == 'ca') {
+      ret_array[parseInt(cert.serialNumber, 16)] = cert;
+    }
+  }
+  return ret_array;
+}
+
+
+function check_matching_issuer_and_getchain(expected_issuer_serial, cert) {
+  const nsIX509Cert = Components.interfaces.nsIX509Cert;
+
+  equal(expected_issuer_serial, cert.issuer.serialNumber,
+        "Expected and actual issuer serial numbers should match");
+  let chain = cert.getChain();
+  let issuer_via_getchain = chain.queryElementAt(1, nsIX509Cert);
+  // The issuer returned by cert.issuer or cert.getchain should be consistent.
+  equal(cert.issuer.serialNumber, issuer_via_getchain.serialNumber,
+        "Serial numbers via cert.issuer and via getChain() should match");
+}
+
+function check_getchain(ee_cert, ssl_ca, email_ca) {
+  // A certificate should first build a chain/issuer to
+  // a SSL trust domain, then an EMAIL trust domain and then
+  // an object signer trust domain.
+
+  const nsIX509Cert = Components.interfaces.nsIX509Cert;
+  certdb.setCertTrust(ssl_ca, nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_SSL);
+  certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_EMAIL);
+  check_matching_issuer_and_getchain(ssl_ca.serialNumber, ee_cert);
+  certdb.setCertTrust(ssl_ca, nsIX509Cert.CA_CERT, 0);
+  check_matching_issuer_and_getchain(email_ca.serialNumber, ee_cert);
+  certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, 0);
+  // Do a final test on the case of no trust. The results must
+  // be consistent (the actual value is non-deterministic).
+  check_matching_issuer_and_getchain(ee_cert.issuer.serialNumber, ee_cert);
+}
+
+function run_test() {
+  clearOCSPCache();
+  clearSessionCache();
+
+  for (let cert of certList) {
+    addCertFromFile(certdb, `test_getchain/${cert}.pem`, ",,");
+  }
+
+  let ee_cert = certdb.findCertByNickname('ee');
+  notEqual(ee_cert, null, "EE cert should be in the cert DB");
+
+  let ca = get_ca_array();
+
+  check_getchain(ee_cert, ca[1], ca[2]);
+  // Swap ca certs to deal alternate trust settings.
+  check_getchain(ee_cert, ca[2], ca[1]);
+}
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-1.pem b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem
new file mode 100644
index 000000000..a3dcb268c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZygAwIBAgIBATALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCY2Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB
+CwOCAQEAchHf1yV+blE6fvS53L3DGmvxEpn9+t+xwOvWczBmLFEzUPdncakdaWlQ
+v7q81BPyjBqkYbQi15Ws81hY3dnXn8LT1QktCL9guvc3z4fMdQbRjpjcIReCYt3E
+PB22Jl2FCm6ii4XL0qDFD26WK3zMe2Uks6t55f8VeDTBGNoPp2JMsWY1Pi4vR6wK
+AY96WoXS/qrYkmMEOgFu907pApeAeE8VJzXjqMLF6/W1VN7ISnGzWQ8zKQnlp3YA
+mvWZQcD6INK8mvpZxIeu6NtHaKEXGw7tlGekmkVhapPtQZYnWcsXybRrZf5g3hOh
+JFPl8kW42VoxXL11PP5NX2ylTsJ//g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec
new file mode 100644
index 000000000..6062931cd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+serialNumber:1
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-2.pem b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem
new file mode 100644
index 000000000..fab9f209e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZygAwIBAgIBAjALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCY2Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB
+CwOCAQEAXjVM9rVj8ZtTUvdKGMWaYkLGKqvi4dwK2ZwvAqeybTK7XCRKmXYksAxT
+NVKx2DgHn0r0nYk7gu3TYKpFfI4i1zSriq4FXd8Z5fhbRGToyU6nFBqWnDET+haJ
++jrI34kLG1oXqZMbbcUZX7sXnVYafxr/MYBVhtIwwUV8tgX+5SzdRsZ85REiBGbZ
+Y915NAo7ZNfGkjOSNS3BycdHPMgEHqONq+BSAwYAuKT05LI/KgSZK+8vfNrcvvMV
+TO1T4HC3vmOuKZkMWTj6JKyGO07R3CNypW+9Fi5LjRjVFf2acZM0VVPsSdiIp1EZ
+xa6RkYqPfRLrTKUkti6BFJlXozfnNA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec
new file mode 100644
index 000000000..bb599046e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+serialNumber:2
diff --git a/security/manager/ssl/tests/unit/test_getchain/ee.pem b/security/manager/ssl/tests/unit/test_getchain/ee.pem
new file mode 100644
index 000000000..237e36bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAZCgAwIBAgIUQ9aT0/eKZXjA2Ma4sq+QU+/srsowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAEWMrrsgZ
+yxJk3jvJA5l7J6L9yspBBY/bpi7x4YTWssHemTdJVQAX4p+9rKCa5CfEy5LrE4up
+KnNyMYJzlFuLvcu4ExOmj5ceGRiD5s++g5R4OHzn9QNUeav9b3dFPT3q7dLg2Emm
+RClgZGiwgBXZsaa+urw7Y4oi8DhMePHt523Wv6JFacV42tq0TqIzDIH61nhGamJC
+TafTmYZqGTaNxweBy9m3JJot3zwqTId98TlJStY+oHYI9vGBD8ug0xQWd233d1k9
+BH5axHeYUu2GKLauWH49zSBv+hAeYKmjU3p1qIEzFsQ7ezUNJu5/x+kiClTclITJ
+IrtAUwHJuatuWQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec
new file mode 100644
index 000000000..34e99782b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_getchain/moz.build b/security/manager/ssl/tests/unit/test_getchain/moz.build
new file mode 100644
index 000000000..8bf3d1082
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-1.pem',
+#    'ca-2.pem',
+#    'ee.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms.js b/security/manager/ssl/tests/unit/test_hash_algorithms.js
new file mode 100644
index 000000000..17ccd0781
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms.js
@@ -0,0 +1,87 @@
+"use strict";
+
+const messages = [
+  "The quick brown fox jumps over the lazy dog",
+  ""
+];
+const hashes = {
+  md2: [
+    "03d85a0d629d2c442e987525319fc471",
+    "8350e5a3e24c153df2275c9f80692773"
+  ],
+  md5: [
+    "9e107d9d372bb6826bd81d3542a419d6",
+    "d41d8cd98f00b204e9800998ecf8427e"
+  ],
+  sha1: [
+    "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
+    "da39a3ee5e6b4b0d3255bfef95601890afd80709"
+  ],
+  sha256: [
+    "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+  ],
+  sha384: [
+   "ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1",
+   "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
+  ],
+  sha512: [
+    "07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6",
+    "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
+  ]
+};
+
+function hexdigest(data) {
+  // |slice(-2)| chomps off the last two characters of a string.
+  //
+  // Therefore, if the Unicode value is < 10, we have a single-character hex
+  // string when we want one that's two characters, and unconditionally
+  // prepending a "0" solves the problem.
+  return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join("");
+}
+
+function doHash(algo, value, cmp) {
+  let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  hash.initWithString(algo);
+
+  let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                    .createInstance(Ci.nsIScriptableUnicodeConverter);
+  converter.charset = 'utf8';
+  value = converter.convertToByteArray(value);
+  hash.update(value, value.length);
+  equal(hexdigest(hash.finish(false)), cmp,
+        `Actual and expected hash for ${algo} should match`);
+
+  hash.initWithString(algo);
+  hash.update(value, value.length);
+  equal(hexdigest(hash.finish(false)), cmp,
+        `Actual and expected hash for ${algo} should match after re-init`);
+}
+
+function doHashStream(algo, value, cmp) {
+  let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  hash.initWithString(algo);
+
+  let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                    .createInstance(Ci.nsIScriptableUnicodeConverter);
+  converter.charset = 'utf8';
+  let stream = converter.convertToInputStream(value);
+  hash.updateFromStream(stream, stream.available());
+  equal(hexdigest(hash.finish(false)), cmp,
+        `Actual and expected hash for ${algo} should match updating from stream`);
+}
+
+function run_test() {
+  for (let algo in hashes) {
+    hashes[algo].forEach(
+      function(e, i) {
+        doHash(algo, messages[i], e);
+
+        if (messages[i].length) {
+          // this test doesn't work for empty string/stream
+          doHashStream(algo, messages[i], e);
+        }
+      }
+    );
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js
new file mode 100644
index 000000000..f2b7016c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js
@@ -0,0 +1,5 @@
+"use strict";
+
+function run_test() {
+  run_test_in_child("test_hash_algorithms.js");
+}
diff --git a/security/manager/ssl/tests/unit/test_hmac.js b/security/manager/ssl/tests/unit/test_hmac.js
new file mode 100644
index 000000000..7adc46190
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hmac.js
@@ -0,0 +1,88 @@
+"use strict";
+
+var ScriptableUnicodeConverter =
+  Components.Constructor("@mozilla.org/intl/scriptableunicodeconverter",
+                         "nsIScriptableUnicodeConverter");
+
+function getHMAC(data, key, alg) {
+  let converter = new ScriptableUnicodeConverter();
+  converter.charset = "utf8";
+  let dataArray = converter.convertToByteArray(data);
+
+  let keyObject = Cc["@mozilla.org/security/keyobjectfactory;1"]
+                    .getService(Ci.nsIKeyObjectFactory)
+                    .keyFromString(Ci.nsIKeyObject.HMAC, key);
+
+  let cryptoHMAC = Cc["@mozilla.org/security/hmac;1"]
+                     .createInstance(Ci.nsICryptoHMAC);
+
+  cryptoHMAC.init(alg, keyObject);
+  cryptoHMAC.update(dataArray, dataArray.length);
+  let digest1 = cryptoHMAC.finish(false);
+
+  cryptoHMAC.reset();
+  cryptoHMAC.update(dataArray, dataArray.length);
+  let digest2 = cryptoHMAC.finish(false);
+
+  equal(digest1, digest2,
+        "Initial digest and digest after calling reset() should match");
+
+  return digest1;
+}
+
+function testHMAC(alg) {
+  const key1 = 'MyKey_ABCDEFGHIJKLMN';
+  const key2 = 'MyKey_01234567890123';
+
+  const dataA = "Secret message";
+  const dataB = "Secres message";
+
+  let digest1a = getHMAC(key1, dataA, alg);
+  let digest2 = getHMAC(key2, dataA, alg);
+  let digest1b = getHMAC(key1, dataA, alg);
+
+  equal(digest1a, digest1b,
+        "The digests for the same key, data and algorithm should match");
+  notEqual(digest1a, digest2, "The digests for different keys should not match");
+
+  let digest1 = getHMAC(key1, dataA, alg);
+  digest2 = getHMAC(key1, dataB, alg);
+
+  notEqual(digest1, digest2, "The digests for different data should not match");
+}
+
+function hexdigest(data) {
+  return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join("");
+}
+
+function testVectors() {
+  // These are test vectors taken from RFC 4231, section 4.3. (Test Case 2)
+  const keyTestVector = "Jefe";
+  const dataTestVector = "what do ya want for nothing?";
+
+  let digest = hexdigest(getHMAC(dataTestVector, keyTestVector,
+                                 Ci.nsICryptoHMAC.SHA256));
+  equal(digest,
+        "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
+        "Actual and expected SHA-256 digests should match");
+
+  digest = hexdigest(getHMAC(dataTestVector, keyTestVector,
+                             Ci.nsICryptoHMAC.SHA384));
+  equal(digest,
+        "af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649",
+        "Actual and expected SHA-384 digests should match");
+
+  digest = hexdigest(getHMAC(dataTestVector, keyTestVector,
+                             Ci.nsICryptoHMAC.SHA512));
+  equal(digest,
+        "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737",
+        "Actual and expected SHA-512 digests should match");
+}
+
+function run_test() {
+  testVectors();
+
+  testHMAC(Ci.nsICryptoHMAC.SHA1);
+  testHMAC(Ci.nsICryptoHMAC.SHA512);
+  testHMAC(Ci.nsICryptoHMAC.MD5);
+}
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
new file mode 100644
index 000000000..5ebc1546b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
@@ -0,0 +1,111 @@
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function load_cert(name, trust) {
+  let filename = "test_intermediate_basic_usage_constraints/" + name + ".pem";
+  addCertFromFile(certdb, filename, trust);
+}
+
+function test_cert_for_usages(certChainNicks, expected_usages) {
+  let certs = [];
+  for (let i in certChainNicks) {
+    let certNick = certChainNicks[i];
+    let certPEM = readFile(
+                    do_get_file("test_intermediate_basic_usage_constraints/"
+                                + certNick + ".pem"), false);
+    certs.push(certdb.constructX509FromBase64(pemToBase64(certPEM)));
+  }
+
+  let cert = certs[0];
+  return asyncTestCertificateUsages(certdb, cert, expected_usages);
+}
+
+add_task(function* () {
+  let ee_usages = [ certificateUsageSSLClient, certificateUsageSSLServer,
+                    certificateUsageEmailSigner, certificateUsageEmailRecipient,
+                    certificateUsageObjectSigner ];
+  let ca_usages = [ certificateUsageSSLCA, certificateUsageVerifyCA ];
+  let eku_usages = [ certificateUsageSSLClient, certificateUsageSSLServer ];
+
+  // Load the ca into mem
+  let ca_name = "ca";
+  load_cert(ca_name, "CTu,CTu,CTu");
+  yield test_cert_for_usages([ca_name], ca_usages);
+
+  // A certificate with no basicConstraints extension is considered an EE.
+  yield test_cert_for_usages(["int-no-extensions"], ee_usages);
+
+  // int-no-extensions is an EE (see previous case), so no certs can chain to
+  // it.
+  yield test_cert_for_usages(["ee-int-no-extensions", "int-no-extensions"], []);
+
+  // a certificate with basicConstraints.cA==false is considered an EE.
+  yield test_cert_for_usages(["int-not-a-ca"], ee_usages);
+
+  // int-not-a-ca is an EE (see previous case), so no certs can chain to it.
+  yield test_cert_for_usages(["ee-int-not-a-ca", "int-not-a-ca"], []);
+
+  // a certificate with basicConstraints.cA==false but with the keyCertSign
+  // key usage may not act as a CA (it can act like an end-entity).
+  yield test_cert_for_usages(["int-cA-FALSE-asserts-keyCertSign"], ee_usages);
+  yield test_cert_for_usages(["ee-int-cA-FALSE-asserts-keyCertSign",
+                              "int-cA-FALSE-asserts-keyCertSign"], []);
+
+
+  // int-limited-depth has cA==true and a path length constraint of zero.
+  yield test_cert_for_usages(["int-limited-depth"], ca_usages);
+
+  // path length constraints do not affect the ability of a non-CA cert to
+  // chain to to the CA cert.
+  yield test_cert_for_usages(["ee-int-limited-depth", "int-limited-depth"],
+                             ee_usages);
+
+  // ca
+  //   int-limited-depth (cA==true, pathLenConstraint==0)
+  //      int-limited-depth-invalid (cA==true)
+  //
+  yield test_cert_for_usages(["int-limited-depth-invalid", "int-limited-depth"],
+                             []);
+  yield test_cert_for_usages(["ee-int-limited-depth-invalid",
+                              "int-limited-depth-invalid", "int-limited-depth"],
+                             []);
+
+  // int-valid-ku-no-eku has keyCertSign
+  yield test_cert_for_usages(["int-valid-ku-no-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-valid-ku-no-eku", "int-valid-ku-no-eku"],
+                             ee_usages);
+
+  // int-bad-ku-no-eku has basicConstraints.cA==true and has a KU extension
+  // but the KU extension is missing keyCertSign. Note that mozilla::pkix
+  // doesn't validate certificates with basicConstraints.Ca==true for non-CA
+  // uses.
+  yield test_cert_for_usages(["int-bad-ku-no-eku"], []);
+  yield test_cert_for_usages(["ee-int-bad-ku-no-eku", "int-bad-ku-no-eku"], []);
+
+  // int-no-ku-no-eku has basicConstraints.cA==true and no KU extension.
+  // We treat a missing KU as "any key usage is OK".
+  yield test_cert_for_usages(["int-no-ku-no-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-no-ku-no-eku", "int-no-ku-no-eku"],
+                             ee_usages);
+
+  // int-valid-ku-server-eku has basicConstraints.cA==true, keyCertSign in KU,
+  // and EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  yield test_cert_for_usages(["int-valid-ku-server-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-valid-ku-server-eku",
+                              "int-valid-ku-server-eku"], eku_usages);
+
+  // int-bad-ku-server-eku has basicConstraints.cA==true, a KU without
+  // keyCertSign, and EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  yield test_cert_for_usages(["int-bad-ku-server-eku"], []);
+  yield test_cert_for_usages(["ee-int-bad-ku-server-eku",
+                              "int-bad-ku-server-eku"], []);
+
+  // int-bad-ku-server-eku has basicConstraints.cA==true, no KU, and
+  // EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  yield test_cert_for_usages(["int-no-ku-server-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-no-ku-server-eku",
+                              "int-no-ku-server-eku"], eku_usages);
+});
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem
new file mode 100644
index 000000000..f9bc514d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaKgAwIBAgIUNRoMRQGf1ZJA3n83kdc6L92/CEowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MAsGCSqG
+SIb3DQEBCwOCAQEAs/WSLtD9nmferqrktS7n94DuJKXYIyVwANS+HUSP515q0zTY
+12Poo6n4UAJpAcO+MK2DhBREa3qtQBxxazmC6zAqvyOCE6l7YlzDXbjqLSfKn3ti
+JrltsfR/0P5zqLDPu2TaXaYey+dtGqvGINjRccB9OknroUH+jX7jWqGBL4Gz8IOR
+5I30FWKfDZTuhMNyBCVpCo5IL5VUdEgZsOlBe5jnGPtN7Q3LmFU91yoRXoOtp+e6
+94pZNhJqGfqLpH8ArRi5qr4QteCRSfvYFBusniJOLnGDi6K3Nh6iBvwPM8qSfQ5A
+Cj361pbNvT+OPpdlm9DFCh6k8jKhZ2fXXMHdtg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec
new file mode 100644
index 000000000..eb7c4b4be
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem
new file mode 100644
index 000000000..7204416fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUK7AF47QInCeFM5oGehLpWlwykXswCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1iYWQta3Utbm8tZWt1MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1iYWQta3Utbm8t
+ZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG
+9w0BAQsDggEBAJ03z0DxaMoamG4vjSJmVCVD5fg10BGbE59JqcA8IxjXMe4cbR7M
+eTBKx1SkwMIF5YblRtDJ486Xv+jddU+Ahtggbm5DQJ1y1q/Aqq1o4YVAqNoAbJ0o
+xapRfv/qzxqjKTnUdO0f4MLdAmR+62JFrUgw9CYQ/ve3DagsO07BYXEjtHVIB0Wx
+ur68eVQofh+3GkNJwP5g66wCIwbfMAZa50Z+0F8xRLPbAcObdvAxkuPDjsY0a3g+
+Jkkv2mnDm5ABmeqihCNBd5RAgC3xOToWosk4PlJGslydA339L5/K47wdGYLcWC5R
+VgAshQo/kwWTpHu3qbUkIEtFbYxJ7ab7Gak=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..390adf234
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-bad-ku-no-eku
+subject:ee-int-bad-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem
new file mode 100644
index 000000000..0d39a7832
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUXYbRaawTt2Kjb5NY/aIyZ9Us5m4wCwYJKoZIhvcNAQEL
+MCAxHjAcBgNVBAMMFWludC1iYWQta3Utc2VydmVyLWVrdTAiGA8yMDE1MTEyODAw
+MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1pbnQtYmFkLWt1
+LXNlcnZlci1la3UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAQAwCwYDVR0PBAQDAgP4
+MAsGCSqGSIb3DQEBCwOCAQEAq/zm5gIun6D8nAuEgmuXzmLoc8RorZg0f+6mPTFA
+Kld8ewwAxf1VkmEKxX1vBAh6XGtGmuFfoYp5HjcT/4w4Xsv/Tiht1vB40o23fD/Y
+URRdG1oTYErw0DX2cxcBdQMZygth5xOfW7X1Ts14Zl97l3JErgXo82KnT+S+Ohot
+GEMea4j1vnxLgZx+QB1d26BfOn58qeEad09YwS3NRj3AaFrY6VuvUPLIj/DfducW
+JLbC5ns5l8hf8Vk+oZNsKaynMUpYEZi4L6b7lCpL5bwEWoPR0ryNU3aGZNrCL3c6
+V/hTsg6CFojkRAmTzI2OLMsy51/JNMM0azRtVJ8i+WggGQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..32bb6c248
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-bad-ku-server-eku
+subject:ee-int-bad-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem
new file mode 100644
index 000000000..d60e8e8fc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAe6gAwIBAgIUH3DA15ZPfcaH0zDIfSBoT4pcTUwwCwYJKoZIhvcNAQEL
+MCsxKTAnBgNVBAMMIGludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWduMCIY
+DzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMC4xLDAqBgNVBAMMI2Vl
+LWludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWduMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNV
+HRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG9w0BAQsDggEBAJ6rNJFZaniL
+SWRKFdwG1vx/GPXLDl+/0VNyCVaTyYdT2tUt7A+jeJzDxv9/ELWiAhCPl77FwWOj
+xieY6CBJtQk+3Wxc9Ofc6kap5/5RtogfBsr26pfeDkKEPVFxwWTPa+tzd/Beapvg
+mew//Sp0Q3SdS0cxBQJp+u/aSEglM/Bh+l3q6sBrSGPY4/0mWQD4R/rq74sZ2TnL
+wshxO48fk1Map5kqg6L2vBNuDqr08/lrXnv1BzlgbL7UTa52BUtbPce3uegL8sIh
+5NQUW0UTIHBuBI3Ce46f5Rzeq0W7/yeDVdc6W/B/8+B5G+A2Xwlm+8AcMFsG2GFD
+K3mdAuGZW+A=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec
new file mode 100644
index 000000000..9e0fb65fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-cA-FALSE-asserts-keyCertSign
+subject:ee-int-cA-FALSE-asserts-keyCertSign
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem
new file mode 100644
index 000000000..10068137f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAeCgAwIBAgIUddKEywO/Eq38I1xoGyTjg9hFzi8wCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1saW1pdGVkLWRlcHRoLWludmFsaWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowJzElMCMGA1UEAwwcZWUtaW50LWxp
+bWl0ZWQtZGVwdGgtaW52YWxpZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNV
+HQ8EBAMCA/gwCwYJKoZIhvcNAQELA4IBAQAXnxXnkz6FPrXqw2XSvhy5YPEdGM5z
+qg+7A7nMLkGa3yLdsYXGKoxurlfBKfTNg7f/4vl3JHefS9dRJuSCHd/ie/mIr0Xt
+GFHoaZhl7LfEIMIe9caXgg2yWTSNCyFBh0Mxgvt1mHin0cWEV9qGiSmFiGzb8l0S
+ScNGFsBicFdnDa9I4cTGy9KNG4SAXSq5Mq8PyJ6ET6Iq7Z387T58yQtQke2/xIWB
+mnmZSnhCwBKqx5FntoIlhRWUfwSf0Z4H2UwZrU/Csv1cszRpgcYKGasRHNTg1TAj
+rIyTNmq7z/DAqdecE0js9SpD6Ht3MHSFPdhCsV+ev+H6i/IXWvxbYkgV
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec
new file mode 100644
index 000000000..f00b4d159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-limited-depth-invalid
+subject:ee-int-limited-depth-invalid
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem
new file mode 100644
index 000000000..23904452a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUXec5ZMQORrk2Pmi+OTo4ybN6MHowCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1saW1pdGVkLWRl
+cHRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG
+9w0BAQsDggEBAB557gwbSdb6slyiiKsSMDjGN1hfg6i77yvl4fJRYTdYrzvulc5k
+5GNCkM0FzmXeU2ZEqkvHpLRqBdtWmMeP1DoRMrwBMCDRuytrMFjNUdSfNl24ddU7
+qJ0VHzHzJsRX+4IQl3LLU46EtI9dtOkuftmZdgx+em0Ts/9cRVgT8DlzqtS7Zt6C
+ZaIg0Azle1k7eSndlzFeaEtdW7I8V0JUpBupKbFZejlccAT4Y9NBxw9QOJ7yd4kL
+P3do/lXOzc++Qh3OkJI1x69fzn5XyFuVac1tEzHS+9ODNWpFxsQtvQQ1WsjeznB2
+eWdV+jkakbbFJd733lEDoHcTa8nVLcY//GQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec
new file mode 100644
index 000000000..df85342d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-limited-depth
+subject:ee-int-limited-depth
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem
new file mode 100644
index 000000000..b284989f9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUBwoOpsgnbx58BjjIE/5qb5aWuEEwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1uby1leHRlbnNpb25zMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1uby1leHRlbnNp
+b25zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG
+9w0BAQsDggEBAHPL8KLxeqX6z1G+2515iGSngTOR8CGYLjn990NWHQU8uCJPH1bu
+Q3ZaA8+E9qjVnOk79WaZ7xnD2TYEqIztDo9MbCOhsfggnF0lkoSbroVodN14Grob
+Dq+82SBC2LMtPuU1I7WR2S0svi6lAIVjTPCF6cV+2EzaGXip+R6QYpWButmtiP16
+LxtNyWqDd02C2VOSy7bX1Gk1ZFE65R97VRqVHN1ZCZQapxOySiw4+fhoBZknMX7g
+k6891BAoAiietKufOJyI3JOokTRzo8ML98grjZgAbf+/1TKTkm02ZOWC8daquuzt
+fWD4HfakwF94AsCdPjH1zIM9S3eNFsGqK5Q=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec
new file mode 100644
index 000000000..c5279046d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-extensions
+subject:ee-int-no-extensions
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem
new file mode 100644
index 000000000..3169edf91
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUWXP9FsYmaGVIbwIJTUw0C5a0GDUwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC1uby1rdS1uby1la3UwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtaW50LW5vLWt1LW5vLWVr
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNVHQ8EBAMCA/gwCwYJKoZIhvcN
+AQELA4IBAQBMW1+NpE+LWxquW2XsX+A4Dmi7Dy47Q89pX+YoWU+BIXCP6XIRSKJX
+FS3IPG3Gmd1a8SgzZxnnTCmUGDu5NtYM+vab1efNDzxjCf0JFsdjJy+sDMxh6p8f
+ffPpa8bbEjNUBC3C6z8GRWpjnDkRjco8osJkjH98GNPN3nsQhTaS6of0RLegfNQW
+PymuisSek2iW061L0z8GR8U6HB/Vh76FxMV9inZYHh0l9h1AlypYomAfnJ6l6fa8
+LLUhbqCJbPVTXIfJCgy8Mpc5vuD4OZ8/IDX/TANQsT5e3h4NLV5QjgPe0KxdLI0l
+AaiiwCz7dF2OXMEVRQe0+by4mmDjKer2
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..92ee3cc6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-ku-no-eku
+subject:ee-int-no-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem
new file mode 100644
index 000000000..1037a03fa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdagAwIBAgIUHQBwtK4YHGAX9lNXBBwc8zRAG+QwCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFGludC1uby1rdS1zZXJ2ZXItZWt1MCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMCIxIDAeBgNVBAMMF2VlLWludC1uby1rdS1z
+ZXJ2ZXItZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DAL
+BgkqhkiG9w0BAQsDggEBADyWiWIqd+ZAJLr9CTltk07maWEBfiojcboDFHdBbpuo
+9/WNyNXyQ5zNeVBx5t6VreVpFC283IIeTRpT2JRpwDMH0PrSrpaHMLuEBzitau+a
+lTujLC6oPkktRQIguqibIeqmaLc0aJfhCLpdVByQ8IA0lvn2/hSS60Lczi8/j9lf
+CBi8KR9Vbu4TE9gA2YPnX5QpUMPUVXNQFKhkNEOI4znDnWrWR+YqaxPOJJN4Y7+n
+tdR1ZAm7M4V759hEdPm3R6ailnZG1tHx+yiYlkavIz7YFqsod23KkKA2NIfms4U/
+0prBJQ31FlFJA4xIkqmv9QV37oLJY+PHT4779ess8Cg=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..c14889671
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-ku-server-eku
+subject:ee-int-no-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem
new file mode 100644
index 000000000..5a959c953
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUZQzo04Yam+J7Cj0ABLKpTriWOOkwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC1ub3QtYS1jYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9lZS1pbnQtbm90LWEtY2EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+HTAbMAwGA1UdEwQFMAMBAQAwCwYDVR0PBAQDAgP4MAsGCSqGSIb3DQEBCwOCAQEA
+l0yZ9gi1DSU1UCjhZqTwBBJXTq5DUgRdMB8D2XU8WTvFR419ttsp0eyEBBG2+Gk5
+IueA711TE+zRSgWePjlwRFK0ZalDZ0aRXXNGH5vrLYoigXHz+yrgAMIyxabl/RUT
+pw6wTQmt5iKN0cUICY7PgfjAiugkD5551KanWim/jnu/g1QbVCWIErawzB4kTbQj
+coWeFLL5RRL/tK1DnUWrvjynt/uBqilrqazdGYD3DwSx1r32nohK8YlvxsKzfEsR
+D8j9i/fM3HnuY9PnGh6w7Q0v8Ybx4PiXCZcTecPWjoHHDl0rGNbNOKF2BkMnuG38
+HennrEzAZa2Byk+8BKJx0g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec
new file mode 100644
index 000000000..a95b0dc26
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-not-a-ca
+subject:ee-int-not-a-ca
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem
new file mode 100644
index 000000000..97708b4b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdSgAwIBAgIUNdjCSw3sRlBVn+bb2BRT2/86rUwwCwYJKoZIhvcNAQEL
+MB4xHDAaBgNVBAMME2ludC12YWxpZC1rdS1uby1la3UwIhgPMjAxNTExMjgwMDAw
+MDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWZWUtaW50LXZhbGlkLWt1
+LW5vLWVrdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNVHQ8EBAMCA/gwCwYJ
+KoZIhvcNAQELA4IBAQAJUHbGqWQWF/nXvq/x5V8hzM18GvrGoAToXcssHCpGDUL1
+76IQBEn5LwIdv/x+/vtWpIK+9n8sDeOwetba732nIHoMqVSVTSUa6VCc5arvXYUs
+FJ7fsAzJII21roEXtahd4cdJq9r3UUewERZvFjxnHU+FF43R8DsLZqGie97LQYAL
+DhJXWVJENp5RgQv0w7wWduqZNhnocKSfpwY4vy/4x4VRdS/4P0nv/qOYPO1JAwGg
+3xggbVGArL07dPBcV+/dVFYPv4LLAlaSsgcp3QUX4GS2RWnFuxa2N3oV2VEi6AtL
+qYAjzsVTlZajWS0bI3YDPoF1fA5D5I2UjLaqE+Xx
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..89a66b9f9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-valid-ku-no-eku
+subject:ee-int-valid-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem
new file mode 100644
index 000000000..ba523f64d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAdygAwIBAgIUSWvWguZEz9NZBXX1ZCoChzAjiikwCwYJKoZIhvcNAQEL
+MCIxIDAeBgNVBAMMF2ludC12YWxpZC1rdS1zZXJ2ZXItZWt1MCIYDzIwMTUxMTI4
+MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCUxIzAhBgNVBAMMGmVlLWludC12YWxp
+ZC1rdS1zZXJ2ZXItZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQE
+AwID+DALBgkqhkiG9w0BAQsDggEBAFzS8Zf5e20Y3lpfm8vtfp6tYUE/Jafc7eXM
+OzIazcBDB9hpiLPeeliw1nVhVnN+C/cdVDtVkh7jfMzmq0bEv/fFTZLH0UcEXVKt
+AhV0P98PKxPcB8G0Q4AL0DL+hXy0vomGPWhnNdj7do/a2WlZUyFxnDtUOMwYkYkp
+V8ii4NOPGWK+5Oc6j/MpeTWeP5HtfYs4b1nuGW4dbklY/CjekRHWmWSwTVnQelAF
+bn9Cs1bXa+KntGX9iE8hK+4WLNM15/Ch9RRNbL3HGfntakHsjcqR8GL1cF3GrZkL
+L5hUuX6fzS04s6Lrqxnb5+KMGgEWgdbF5+bmPS0oAP4eAjrzqvs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..43e83a336
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-valid-ku-server-eku
+subject:ee-int-valid-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem
new file mode 100644
index 000000000..87c9e7783
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAb6gAwIBAgIUYS3pOmOM6SjbT2+LSutSEZcu/T0wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBwxGjAYBgNVBAMMEWludC1iYWQta3Utbm8tZWt1MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIB+jALBgkqhkiG9w0BAQsDggEBAClZ/nt4DWBg
+s+370ym6UwtUi/rCqg2XztXbRPrnIZ3EwDCM4IEUnIhDb8mBu6yoT+GETyGGzINq
+XAue37I78nQoKsGiBX5itGGI3XvAuP0a5c/sYmHZD4uqjgRypGo6XLlM2ZZU9B1g
+vrY7oH9knLQzf9kcpo5IXQkzZbEy5KTmiyqHX4bSXZwHATDmXRFZNT4ojUV/8ozD
+KWgBWJBIiA1EpbWj1VoMTwWGp2UkPOyXTpmMe6nma+Swn4HAlYJlImwEtdBLZsIx
+vPRseb9zO3hLyeVMd3uHeOtgFcBWVx0vkX9taoGEhfds5i3m1vYMi1QD3cgmJTJO
+bTqfFO0+5Xo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..f6525449b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-bad-ku-no-eku
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem
new file mode 100644
index 000000000..f2550274a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9zCCAeGgAwIBAgIUV7jmxQiYVnYXubm3dfP58HTCLAYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCAxHjAcBgNVBAMMFWludC1iYWQta3Utc2VydmVyLWVrdTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM8MDow
+DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAfowHQYDVR0lBBYwFAYIKwYBBQUHAwEG
+CCsGAQUFBwMCMAsGCSqGSIb3DQEBCwOCAQEAiWJSUz5NGSIGIBxnft0wa7D0Yu9K
+qx1vw4JfBnr2RFxb7Z4uLM4dQcyfqgvyEQks4yIDv/ygLZ4jUDoorVodnh/vEmeo
+HRUiCRFbTxhZjlepotgvwO8BjuPtRvswziVSEdglUYeWKirYuI8b3uaRnukoxP1c
+Y1yHz+khiu7gvF4I0qKVbZAPIGlveypPoliAVls1V80pDRYRJZQQGDkfr4Pt7U8j
+tWWD1N7LeTctyOnjJa5jBGruhzncRXv2yrgmQSxeHWvckdp8dbsp7jA8sFpvr8IB
+8APo5I/zKt76xZAes1AhRcsSQ+f25tAoLfERqCY+fQXs/ANe8VIOLZSNmw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..2d324508d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-bad-ku-server-eku
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem
new file mode 100644
index 000000000..be9eeba00
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAc2gAwIBAgIUfwtPS7BE2BHyTLJHGoXUsWPKb4IwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCsxKTAnBgNVBAMMIGludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWdu
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwIB/jALBgkqhkiG9w0B
+AQsDggEBAKFcTDGv9WuNnIkWlpJt2zy0YxKGkRvDUtmQxx1pjUZgrYDAP/e24nzb
+IDYovT6Yy/2OUQCRKyrM8z36x8nhoS5Ulqrybbsn0qvR9pbydxNk9NFvj7HGiXOA
+6qbMCxu+ta5TIU8zA8Sz+6SmRcFS0ZtZdif9HPd4ALh4M9PyvUI/209HACc6FRY4
+Yl+A6EII5zasC/lQ51IHDJQ97JpLNUHD7yJ84rceGeqBh9VcV1rSpb2EQ4tb7884
+YHdeJ8be3Yw9Tomj0nOCOkbpzRgjrYqOGfnOrclZNODwRrDRJmiaa7pix6EFgech
+PQ6c9hZQB59oRzFVzr/+YK6e7NbbE1Q=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec
new file mode 100644
index 000000000..39785d8a4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-cA-FALSE-asserts-keyCertSign
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem
new file mode 100644
index 000000000..a7e980c85
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUC8p0CGJ9TpHnf4VF+SR1JBOadzEwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCQxIjAgBgNVBAMMGWludC1saW1pdGVkLWRlcHRo
+LWludmFsaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IB
+AQBiWZ2hrIIfeEAdXMatxKUw7JVb+YC5WZNiSMBEAxZHvsRrgxNnkruZfgdLvZ6c
+SSwE3ZelLCALkursSkYmJVbOXbMjo0Uxi3T2PPkU2sc7GgkGOeDnJ0EosZuOSi3R
+O95t+bqjHRXNzzdCbYELWiOlx1LwEXvoiBA/Ey/KYaNMflPnFZej9Xf9QMoP3/QF
+IOqP4DABiyz1zQmUDZMSB/63T0MV9QySIXYzumtrWSbxDdgfK7HDy7xYyZDLYchA
+NhkQT0ze6SOkplit4UDIUneK7r82jAkc94I+nyTr36oC4s23/NJh4OS8bUUkZmY+
+rjzdzQQ/Qn8DdAD3jhmvwSjF
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec
new file mode 100644
index 000000000..9fdb2a248
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-limited-depth
+subject:int-limited-depth-invalid
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem
new file mode 100644
index 000000000..d8e06a572
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAgIUQ73/9r+OdKC4qNSYd5RxWvXEYiYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxMwETAPBgNV
+HRMECDAGAQH/AgEAMAsGCSqGSIb3DQEBCwOCAQEAiBj74DBM3fQRjWjEs5k0+JDi
+8+sL+nzQjRxEULR9KoMPhKbI6htoZIj/Otbtay47Cl95T1QGBz7sJF0mOhM4Ubml
+lJ0BIV4rBxaLAN/3NxLZ1ATJVFAUTnJrA0/AkPPNNjq2RBU/dFlLUhZhXJS800Gx
+SS1OERNSvXMkOq13ZZ1hiVdrUBmilCtS5cxXCeFw2PeKQwWunKmJZjHInrteJHYB
+L5XkEfj4cP2hmQo/ZtviarLFQH/HSd8kfR7/IgPt664znUo7aFUJ5Hki7jNCjxBq
+tdDWPFT+TUWeWWbYzcVOk7PKT/aKLNRF/MEFBQMBH9ygUlMwVovwU7IKZAe/1g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec
new file mode 100644
index 000000000..64f54b044
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-limited-depth
+extension:basicConstraints:cA,0
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem
new file mode 100644
index 000000000..76930d04d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ+gAwIBAgIUdSMRoahH5nOZT7+cJre+BOvTLh4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBwxGjAYBgNVBAMMEWludC1uby1leHRlbnNpb25zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3
+DQEBCwOCAQEAr3GUaY4QbqbKhXNArKMycwIPVYKzOzppwbfwbI5un65xI8e9GSDk
+qDYU6aV6c4ruqAY4Kzs/T/aHmJpTIusL+uUr8BfWVHUef+psJgSuBFKMnNcgTyO6
+XlBn9/PnjTYgy6jfbiXVY8OZe7WAIVhVY0YP9jOaL3f3/GjYVW/iWM5XEhW8LSQ5
+RekRVRwdDvdOXQMQfeWTc6gH6FrtUcxrU6+axA8rzIPE5HuUwE7BCyG/SRI49mXw
+285FxNKrNhX9Hb6O19OqAc4+qI7Tdqtgb6+BXer01tXb079IpzxavZ5VhaskBNpK
+Br1uFqwzrT231bCjBdDuxpPlALZ+EQQG7Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec
new file mode 100644
index 000000000..c99626bd5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:int-no-extensions
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem
new file mode 100644
index 000000000..53437b1de
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUH0pq51lOBUG6WhqGNAD+IlHKyxswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC1uby1rdS1uby1la3UwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1Ud
+EwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBaV/7LFkIry4xDVcci1ssw5D9mfgqR
+6qp1YX+zKsiNVmiCQnBJPrQmGubZptuAKS7QdviBHxtfKm/gMCC2X9fDt9v5DAfp
+UtPeWUc1BCaJyEPtHQwcaCT9WkwxlMzMzJEitoxSo6Hug4xt2Qib8Ou5+inLfVqR
+dsb5rZav6c2SRU0patnr8+WWP6OqWqcwFn6H517KpyRP0XchCPlgbGC2gsmNct4o
+9BWhP2bpjDp9F2xelPgSe5Uo/ti/Q+Y2KrEQElmI6Uxnvj235BhPv0+KDFn/1vqr
+25RQcEoZOV6dYlBIzVP1AzkfXVUW3g5fN6PUdj2RmsktKd7rVfSUvsNw
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..306a218db
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-no-ku-no-eku
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem
new file mode 100644
index 000000000..6cd516927
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUTRygOfB3FLI5SJlQo+2t4dEYwkYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMB8xHTAbBgNVBAMMFGludC1uby1rdS1zZXJ2ZXItZWt1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAM
+BgNVHRMEBTADAQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgkq
+hkiG9w0BAQsDggEBAFnLVXAuHBhxNxmvn1TMA6kLSosQGei12Xd8wA6iuRDrD1qj
+nIZlaIJkZncxDocWo1a2vISQPyNe/dBVGC1HpGGUXSmDswQ5h6P0837buhsW2v9m
+/oYvcZwqjO+qvIpgTCN71QR7aPlvv4kgX/fJ6goGK7IPovcYX0U1LmZGZBIaqoCR
+8rG+orm8Aek+rqfKMV0fhMLFMiRHO/ly/ZZUfcd4M4ObW1l/SB4EKLNU4a3jH/ob
+CHrIu1umvn4SXUJBcEV3a+WLIuGexrLYFzkOV8doA/KAoE4xaArNKJFfCtgzzcRq
+uCqf96q8f5eLo4B5f00+Lqmxj72/8heCTunv/TA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..1482b627c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-no-ku-server-eku
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem
new file mode 100644
index 000000000..3be0c2916
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUXw5voQbjEKOz94iKt4vgWrxBWDMwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC1ub3QtYS1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUw
+AwEBADALBgkqhkiG9w0BAQsDggEBAAcZ3izf+oLdjuYRPuBerrZMZZVacWp0mPgV
+iPBcEiJMnpExTolvwGRR9rUfbGZcoaxkr+vMv1n1X4ORmXQmKEkzbsGykwNJ72x8
+PayxV1lpDkL0LAWL16jaUhbFIu5D8t0AfissJ/0bC+xdKQqZdAlDJaCz5p5247Gw
+Um0vS10JAI2ykVMkZwgOPvV9YYIiZG7voBBlCrY32M9f5fTi75J4DGGCt0VSdkf0
+XAe6kM84BdQ0lDyitV5YaLAfahWKb6VPzcoeuwlLodXa1eoh8WBPQMmpn/eT9bcg
+W2BTrEMf/JpL+r36j5UsSzSNFktq5/RfpnaKX7mhw4IR3T19khw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec
new file mode 100644
index 000000000..3161680b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-not-a-ca
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem
new file mode 100644
index 000000000..84cd61105
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1jCCAcCgAwIBAgIUWQyWw8pJuxrZYnP/bZs+HBxFt0swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMB4xHDAaBgNVBAMME2ludC12YWxpZC1rdS1uby1la3UwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwG
+A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEAaqysdeSM
+/kLPK1LgrOP5GsclIs9Ss0gB+sgSCWxRkrcs6JPxIblQjI0CYkWNVbtS6PSoa2TZ
+aRH3/mLKrdUEWrimZrapDkmwO2RmkS+oHEjxOIL3kla1khKf8IcmZYIS4OKXr+KT
+wJKlh6kjt2o40hMUA/jRVN52HCCIsZiAaYVqyQ9avyDf12zdQP3PBEe9pbwNbKme
+CDi7YtWDBG1uvSGrC6APzzXJe0GY/grLt9qOig6Kb2hmxdKT141ekjDX9Ju9P53J
+tLoQqgH56rMTfJfI87fWVyq0FGpAqdJbE8XnDI1n9S/XoSmDDifYt/GPo7vtGbX3
+KEXKaOqalzDy3w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..d7f9b0387
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-valid-ku-no-eku
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem
new file mode 100644
index 000000000..34818f172
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeOgAwIBAgIUIwJxO+LBUmT20OYpAC6REFDuQ0swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCIxIDAeBgNVBAMMF2ludC12YWxpZC1rdS1zZXJ2ZXItZWt1MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozww
+OjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IBAQAP6RTfp/yTGvXtgPj34EZAptB4
+EyMT+ozD9EEKHXvHMfavy+nn21WiCuDzjp7r7bic/H8UEYUo3h+8M11hou7Abu4R
+1PtefBdT9NLndrkSD3XFqpAm+t5EmfXhMxIrYidPcXI1jOEjRCYDND41jZ5wQ41A
+Mlbe9sUAFV/gWFO/HCn1VLE9bzjelLJWMszAgraodyoDBQocUcNcA/E/iiTBofz2
+S6FncJfNFYSdXpfytk4apKpSitg6L+g5ELso6INK5Vo0okNaY8wLxKpCpn3zz3C6
+o6gGidSOdq8Vpdi8X93+JTuW/sNazHnYia3+uP8NxUbsh/zqRVEOOOJU2RQq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..84314bfa4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-valid-ku-server-eku
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build
new file mode 100644
index 000000000..59f5749a2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build
@@ -0,0 +1,35 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee-int-bad-ku-no-eku.pem',
+#    'ee-int-bad-ku-server-eku.pem',
+#    'ee-int-cA-FALSE-asserts-keyCertSign.pem',
+#    'ee-int-limited-depth.pem',
+#    'ee-int-limited-depth-invalid.pem',
+#    'ee-int-no-extensions.pem',
+#    'ee-int-no-ku-no-eku.pem',
+#    'ee-int-no-ku-server-eku.pem',
+#    'ee-int-not-a-ca.pem',
+#    'ee-int-valid-ku-no-eku.pem',
+#    'ee-int-valid-ku-server-eku.pem',
+#    'int-bad-ku-no-eku.pem',
+#    'int-bad-ku-server-eku.pem',
+#    'int-cA-FALSE-asserts-keyCertSign.pem',
+#    'int-limited-depth.pem',
+#    'int-limited-depth-invalid.pem',
+#    'int-no-extensions.pem',
+#    'int-no-ku-no-eku.pem',
+#    'int-no-ku-server-eku.pem',
+#    'int-not-a-ca.pem',
+#    'int-valid-ku-no-eku.pem',
+#    'int-valid-ku-server-eku.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_js_cert_override_service.js b/security/manager/ssl/tests/unit/test_js_cert_override_service.js
new file mode 100644
index 000000000..d085f0242
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_js_cert_override_service.js
@@ -0,0 +1,56 @@
+/* -*- tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+// This test ensures that nsICertOverrideService can be implemented in JS.
+// It does so by creating and registering a mock implementation that indicates
+// a specific host ("expired.example.com") has a matching override (ERROR_TIME).
+// Connections to that host should succeed.
+
+// Mock implementation of nsICertOverrideService
+const gCertOverrideService = {
+  rememberValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  rememberTemporaryValidityOverrideUsingFingerprint() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  hasMatchingOverride(hostname, port, cert, overrideBits, isTemporary) {
+    Assert.equal(hostname, "expired.example.com",
+                 "hasMatchingOverride: hostname should be expired.example.com");
+    overrideBits.value = Ci.nsICertOverrideService.ERROR_TIME;
+    isTemporary.value = false;
+    return true;
+  },
+
+  getValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  clearValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  isCertUsedForOverrides() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertOverrideService])
+};
+
+function run_test() {
+  do_get_profile();
+  let certOverrideServiceCID =
+    MockRegistrar.register("@mozilla.org/security/certoverride;1",
+                           gCertOverrideService);
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(certOverrideServiceCID);
+  });
+  add_tls_server_setup("BadCertServer", "bad_certs");
+  add_connection_test("expired.example.com", PRErrorCodeSuccess);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_keysize.js b/security/manager/ssl/tests/unit/test_keysize.js
new file mode 100644
index 000000000..3a8e28e87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize.js
@@ -0,0 +1,127 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that RSA certs with key sizes below 1024 bits are rejected.
+// Checks that ECC certs using curves other than the NIST P-256, P-384 or P-521
+// curves are rejected.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+/**
+ * Tests a cert chain.
+ *
+ * @param {String} rootKeyType
+ *        The key type of the root certificate, or the name of an elliptic
+ *        curve, as output by the 'openssl ecparam -list_curves' command.
+ * @param {Number} rootKeySize
+ * @param {String} intKeyType
+ * @param {Number} intKeySize
+ * @param {String} eeKeyType
+ * @param {Number} eeKeySize
+ * @param {PRErrorCode} eeExpectedError
+ */
+function checkChain(rootKeyType, rootKeySize, intKeyType, intKeySize,
+                    eeKeyType, eeKeySize, eeExpectedError) {
+  let rootName = "root_" + rootKeyType + "_" + rootKeySize;
+  let intName = "int_" + intKeyType + "_" + intKeySize;
+  let eeName = "ee_" + eeKeyType + "_" + eeKeySize;
+
+  let intFullName = intName + "-" + rootName;
+  let eeFullName = eeName + "-" + intName + "-" + rootName;
+
+  addCertFromFile(certdb, `test_keysize/${rootName}.pem`, "CTu,CTu,CTu");
+  addCertFromFile(certdb, `test_keysize/${intFullName}.pem`, ",,");
+  let eeCert = constructCertFromFile(`test_keysize/${eeFullName}.pem`);
+
+  do_print("cert o=" + eeCert.organization);
+  do_print("cert issuer o=" + eeCert.issuerOrganization);
+  checkCertErrorGeneric(certdb, eeCert, eeExpectedError,
+                        certificateUsageSSLServer);
+}
+
+/**
+ * Tests various RSA chains.
+ *
+ * @param {Number} inadequateKeySize
+ * @param {Number} adequateKeySize
+ */
+function checkRSAChains(inadequateKeySize, adequateKeySize) {
+  // Chain with certs that have adequate sizes for DV
+  checkChain("rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             PRErrorCodeSuccess);
+
+  // Chain with a root cert that has an inadequate size for DV
+  checkChain("rsa", inadequateKeySize,
+             "rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+
+  // Chain with an intermediate cert that has an inadequate size for DV
+  checkChain("rsa", adequateKeySize,
+             "rsa", inadequateKeySize,
+             "rsa", adequateKeySize,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+
+  // Chain with an end entity cert that has an inadequate size for DV
+  checkChain("rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             "rsa", inadequateKeySize,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+}
+
+function checkECCChains() {
+  checkChain("secp256r1", 256,
+             "secp384r1", 384,
+             "secp521r1", 521,
+             PRErrorCodeSuccess);
+  checkChain("secp256r1", 256,
+             "secp224r1", 224,
+             "secp256r1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256r1", 256,
+             "secp256r1", 256,
+             "secp224r1", 224,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp224r1", 224,
+             "secp256r1", 256,
+             "secp256r1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256r1", 256,
+             "secp256r1", 256,
+             "secp256k1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256k1", 256,
+             "secp256r1", 256,
+             "secp256r1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+}
+
+function checkCombinationChains() {
+  checkChain("rsa", 2048,
+             "secp256r1", 256,
+             "secp384r1", 384,
+             PRErrorCodeSuccess);
+  checkChain("rsa", 2048,
+             "secp256r1", 256,
+             "secp224r1", 224,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256r1", 256,
+             "rsa", 1016,
+             "secp256r1", 256,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+}
+
+function run_test() {
+  checkRSAChains(1016, 1024);
+  checkECCChains();
+  checkCombinationChains();
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 000000000..020e46819
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAUegAwIBAgIUeW3ngaE/CNhaakp8m4ETFPagv6IwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x
+MDE2LWludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MIGeMA0GCSqGSIb3DQEBAQUA
+A4GMADCBiAKBgADSm7EvuE/dzSmzpRnLZsQ7jY+L5UW6eThM5mPtA991mRYA65IH
+kNJTDOzlRNuZpx8FiWo+0gcWVTSqmQV+R8R+O8ga2m+h4S43JotQRqVSaPna18y0
+hdgaLhnVDU8LaFSsr2175p2aCDE24Vr6j1PByMhPxgdyed0OVdc2mlvdAgMBAAEw
+CwYJKoZIhvcNAQELA4GBACY8sq6EZJpNutOwEli+1sAFY+TEv/vKOUx0YVWOAPDG
+Fz/E7FlEzWHoCEgUTkloECJcgZnrJgp6at4X/Bpn6eS3aqDgYqCg/Ec1J3/sroiz
+GToe0ts9SsOyb+GEQ1+7AGSDc15AQQ1F6yVSLPtlCTvVy0wGl5hKWESb7LRc//6W
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..7b86ef786
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1024
+subject:ee_rsa_1016-int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1016
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem
new file mode 100644
index 000000000..7c36379fe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAUigAwIBAgIUN5wiZ+RfSwcvb1a7l8ucBCzFcnAwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAxNi1yb290X3JzYV8xMDI0MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x
+MDI0LWludF9yc2FfMTAxNi1yb290X3JzYV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDTqXRAEB66jF35UD5vk161L/6z6+nQ3Fys4m+XPKlMvA2cMdZs
+DAE7zpyC0NSAMo3wX7a815kKUxLdrmFSrW7mHIwb3YZjxovTYiSpiCrnjon1Vt/b
+5vUdphEsv8J8ikkza0Gv23UyG1KySnNE0TSOZGNRpVHHVxzNoLj+NfYadQIDAQAB
+MAsGCSqGSIb3DQEBCwOBgAB5LmLQhlHBqC31K1lP4+/DdPMeiYY5lN6sIyEhwHOU
+nRw6AFk6jt2MA6zOVTsK4xcPkRUiB+4hoUrxnwdup2Tv5x594LIl58dDgG6U0+gS
+mMmuOhxkhbdOJZDbHU2OrfS7540M5tPIMWxrG0JsUgQqHryVMxx/B7x+dQaIujjV
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..326d665dc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1016-root_rsa_1024
+subject:ee_rsa_1024-int_rsa_1016-root_rsa_1024
+issuerKey:rsa1016
+subjectKey:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem
new file mode 100644
index 000000000..6020cf3ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICQjCCAa2gAwIBAgIUD/XcUH+cenVky6AuBp4QqnIEB3QwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDE2MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB3JzYTEwMjQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAEwCwYJKoZIhvcNAQELA4GBAJZyjN7rSepxVDNQRLWwdmf6McLXL4ihB+ib
+jqCOEHOLEoiB18juTh6bsB+Y5BTHAWWmqBOEcRX88R+ICTuHDbh76Y1yWsFw/4Xi
+is+yTvZkmtNEzEM4GWXRRBq0WuWFWMGAeFOPXNhs1UDYvrcpRd6byjohkFrj0zQc
+LtWo6gR0
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec
new file mode 100644
index 000000000..c44a089ed
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1016
+subject:ee_rsa_1024-int_rsa_1024-root_rsa_1016
+issuerKey:rsa1024
+subject:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 000000000..020b749b0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3TCCAUigAwIBAgIUNzU3VQCyiT+NrgvVMkBnUSgebnYwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x
+MDI0LWludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDTqXRAEB66jF35UD5vk161L/6z6+nQ3Fys4m+XPKlMvA2cMdZs
+DAE7zpyC0NSAMo3wX7a815kKUxLdrmFSrW7mHIwb3YZjxovTYiSpiCrnjon1Vt/b
+5vUdphEsv8J8ikkza0Gv23UyG1KySnNE0TSOZGNRpVHHVxzNoLj+NfYadQIDAQAB
+MAsGCSqGSIb3DQEBCwOBgQCUvRKlj6hAjRSMr6KjNfSIiDErCt9lkWT+Xoknz+OW
+VACuTjBO5xOLabaYhGxHDlaDGw6hZOvF29e8cid5eEogNiSBtCgjh34w1mHQ2LVf
+SuG7GFRQLvzOHUQqgzftnVzw/ak+SVgnh9UyzHVv8CR9ljB1jNu7AAFB4s1IXlC7
++w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..a6ee408ec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1024
+subject:ee_rsa_1024-int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 000000000..18adf9859
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXTCCAQOgAwIBAgIUIY9dtWlq0GcuLIMvwadTnAygONIwCgYIKoZIzj0EAwIw
+KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y
+MDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z
+ZWNwMjI0cjFfMjI0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwTTAQ
+BgcqhkjOPQIBBgUrgQQAIQM5AARmjXLMpv1qGzVXtTZhBNhECOy2N/COjIa7/4LM
+6I8AZtevY8Mpi6N3NIoSArA7N/1rH/QVqjEeMAoGCCqGSM49BAMCA0gAMEUCIFx1
+UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEA8WmMKFZiEqHpzhBMF56W
+ohttkzkw5Pim1A3Pg+M+EgQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..87d2f6733
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_rsa_2048
+subject:ee_secp224r1_224-int_secp256r1_256-root_rsa_2048
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 000000000..04b630f61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBZjCCAQ2gAwIBAgIUceEyhHgm6jvAxRjgPB7TZEUD6+cwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyMjRyMV8yMjQtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+cjFfMjU2ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjs
+tjfwjoyGu/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHjAKBggqhkjOPQQD
+AgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw5gIgSy0oqg4P
+75DkJCciEqnZbDsjC82PJPWEC0VfaspSdcs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..1aadce076
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256r1_256
+subject:ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 000000000..b90be0ce3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbzCCARagAwIBAgIUUwzZV7XszL/aVykB1Ozw35aJd3YwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZrMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+cjFfMjU2MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAENe58conY/veoav5dpm2Lwuu2
+qFQ/0v6tCJ9FznrND6ZDgqlQDEHa13D/1LURv0tJLrEjiADDLE92xzo/MpTnxTAK
+BggqhkjOPQQDAgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw
+5gIgVFxK6Odv9UpwqHXdT8lB+8UfLtaQlfo2r343SK9X9sI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..ba999e8f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256r1_256
+subject:ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256k1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem
new file mode 100644
index 000000000..024ca3e4c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBpDCCARCgAwIBAgIUabB6dOZPUb0d2XR3LNB3Cd/AuwgwCwYJKoZIhvcNAQEL
+MCoxKDAmBgNVBAMMH2ludF9yc2FfMTAxNi1yb290X3NlY3AyNTZyMV8yNTYwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowOzE5MDcGA1UEAwwwZWVf
+c2VjcDI1NnIxXzI1Ni1pbnRfcnNhXzEwMTYtcm9vdF9zZWNwMjU2cjFfMjU2MFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE4uwFC0I+PPcu
+kj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqmwDALBgkqhkiG
+9w0BAQsDgYAApXG0yYRLpX60cYFkYhTIEc05prxaID/hQeDNxfCqaBpH2SojlDX1
+rud/Iu3siUy4FUQK00Dfl8mYwo88xah/uCQnmmVuC8BAdnYYQ3Qnf+wM3NWeXKW4
+8+uk/PnloAlOXBaNUeUeaq0ohQctWGuutT0oJSeDv3GfkpJJ0dkGTg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..1e2e0a375
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1016-root_secp256r1_256
+subject:ee_secp256r1_256-int_rsa_1016-root_secp256r1_256
+issuerKey:rsa1016
+subjectKey:secp256r1
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem
new file mode 100644
index 000000000..f8e48209c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBazCCARmgAwIBAgIUP9OfNyc0D57T6dGzurRvtWWkKtswCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2
+cjFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNAADA9Ah0Amjxv8EbbcPJV9S/WmFIc1y28BSBjT5W2S7JS
+VAIcAlACd6sAyqbCmlQSNaKuHGiqQ2yNdWctbBudVg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..bd7bc770c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp224r1_224-root_secp256r1_256
+subject:ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256
+issuerKey:secp224r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem
new file mode 100644
index 000000000..907017269
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBczCCARmgAwIBAgIULSjU8D5+HqVNW0P/AVRxquSuYOQwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0cjFfMjI0
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0
+cjFfMjI0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC
+gApw5gIhAOOBpYoI2SObZwV+QABdwsb4CKb/p/BUPvBpLZl7qsyq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
new file mode 100644
index 000000000..fe7b7f748
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp224r1_224
+subject:ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem
new file mode 100644
index 000000000..37060f122
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBczCCARmgAwIBAgIUH1IpzZfvEpF2JmV7KBKHG0jM9HUwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2azFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+azFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC
+gApw5gIhALrNUdttA6aKyReemPg5+7blFCdkym+iRE4ZY4r4v7Dj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
new file mode 100644
index 000000000..aefffd981
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256k1_256
+subject:ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 000000000..c2d227243
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBhjCCASygAwIBAgIUTXVKaNjXdPHww35r4Jei7lctp3kwCgYIKoZIzj0EAwIw
+KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y
+MDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z
+ZWNwMzg0cjFfMzg0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtg
+jiUt5LcTLajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalx
+A74oiM/wAvBa9xof3cyDdKpuqc4wCgYIKoZIzj0EAwIDSAAwRQIgXHVRnxMRUM1d
+it4go7wGMJH/snN1XzFk7P3LQoAKcOYCIQCRU+DcUMuYV2efLWpgVoL6JAEeudGB
+jHb72NkQZb/BNg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..615818d08
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_rsa_2048
+subject:ee_secp384r1_384-int_secp256r1_256-root_rsa_2048
+issuerKey:secp256r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem
new file mode 100644
index 000000000..5f5416365
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1jCCAVygAwIBAgIUEcVF5BYUztPG7i0t9PxIGg6o6dwwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3A1MjFyMV81MjEtaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2
+cjFfMjU2MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBTNycrMR5QQlrycxmdS7C
+f1l3NPpmxit5L4jFGdbTfw0W6hxIOhgnoBC5Eo46CAcMoz719Xg1t8G6JR9sw1Id
+xCsBBlNFGYG0RdND7tN4KjXWz/D/SE9aiD0gnxuQQrcmcDVosvMm4YuDO92KoHND
+krzRlQHhDWmKefU+EeCiK90qrZAwCgYIKoZIzj0EAwIDaAAwZQIxAO0GJz6haDpU
+tNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ1OxFRuhW515lVbeTqfcA8wIwSn3QMxb0
+JD+pr9shd7R0F9hefLnHrygMF241qnEEwG0NqwPoe2gdQMFv/B7QntvX
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..b2ae9d0c8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp384r1_384-root_secp256r1_256
+subject:ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256
+issuerKey:secp384r1
+subjectKey:secp521r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem
new file mode 100644
index 000000000..4e3b0d034
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4jCCAU2gAwIBAgIUZwdE3TaQiMsy82qMqZoGP6z0CwwwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDE2LXJvb3RfcnNh
+XzEwMjQwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKbsS+4T93NKbOlGctm
+xDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZBX5H
+xH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbhWvqP
+U8HIyE/GB3J53Q5V1zaaW90CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8E
+BAMCAQYwCwYJKoZIhvcNAQELA4GBAGHDJkpCPHfVaQBBRoNWB4xLqnatAEx00jlS
+APUs7bJ6YFjrGElxTmtac5zB6+NpaEZL5JhUEPSEz/V3g0vaO+/W84pDiLQZgf+R
+ZwG0KmxFOfetZCIKPvue/f+aWaU+SHV9ioPz647iDYJOvEBHfWj7Iz7cjw4y7bUN
+cBOGkoOc
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..c6e77116b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:int_rsa_1016-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1016
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem
new file mode 100644
index 000000000..261ca6448
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrzCCAVagAwIBAgIUExAlIjL69OL4W35uYWfbpzZ207YwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCoxKDAmBgNVBAMMH2ludF9yc2FfMTAxNi1yb290
+X3NlY3AyNTZyMV8yNTYwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKbsS+4
+T93NKbOlGctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7S
+BxZVNKqZBX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvm
+nZoIMTbhWvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAaMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDRwAwRAIgXHVRnxMRUM1dit4go7wG
+MJH/snN1XzFk7P3LQoAKcOYCIDmD30j813c64HuW9WnjhZWMPRLqIiAMD+u9hWOm
+17If
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..27728ca37
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_rsa_1016-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:rsa1016
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem
new file mode 100644
index 000000000..eff1ee721
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4jCCAU6gAwIBAgIUeTtd4gq+pnMumaH8M1hJb7WxuRAwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMTYwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNh
+XzEwMTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+T
+XrUv/rPr6dDcXKzib5c8qUy8DZwx1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKt
+buYcjBvdhmPGi9NiJKmIKueOifVW39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TR
+NI5kY1GlUcdXHM2guP419hp1AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMAsGCSqGSIb3DQEBCwOBgACvCVg2KCtiE/g+PkXU3bn7mj4hGwOxH+2P
+NnyhAnlx3kEEEJIHaCIS3s56wiWtwf0P4DG1qHn+IZR6zbZ+0ALzZneREtGvLCNI
+M7+GCoOmkPWbR4I+2wYpBgRtHDeK06EWbrSQF9V+P+Z9hXW7NJ/npxD40+fs27Ot
+hjVyw0ex
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec
new file mode 100644
index 000000000..fafb393bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1016
+subject:int_rsa_1024-root_rsa_1016
+issuerKey:rsa1016
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 000000000..3c6264488
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAU6gAwIBAgIUKd2Q3DzwYKrXasi5yQdWvgSatdgwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNh
+XzEwMjQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+T
+XrUv/rPr6dDcXKzib5c8qUy8DZwx1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKt
+buYcjBvdhmPGi9NiJKmIKueOifVW39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TR
+NI5kY1GlUcdXHM2guP419hp1AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMAsGCSqGSIb3DQEBCwOBgQBpJC20/N+v3Xb66ZpiGiwrh2zAo940Fvmo
+UXPG5+jwTCSowU8aDXGq+PeHsu+X58NTigSU37zhu4xOATCL06w71FnJTfVFseF1
+FUnYPQahSARRlMGyz3AfcTcexTqiJCIn7Owvsjj9eEUKiMnwOY5z+vc11g3pW2Q4
+ALoRuo9ETg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..66891f979
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem
new file mode 100644
index 000000000..cfd1fc33a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYzCCAQmgAwIBAgIUMfmdT1oaX8JMXd4bb7glStZfa0AwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjI0cjFfMjI0
+LXJvb3Rfc2VjcDI1NnIxXzI1NjBNMBAGByqGSM49AgEGBSuBBAAhAzkABGaNcsym
+/WobNVe1NmEE2EQI7LY38I6Mhrv/gszojwBm169jwymLo3c0ihICsDs3/Wsf9BWq
+MR6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gA
+MEUCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEAv+3koyIlSx0a
+SY0agquE0R53+/Q+kNJwlvdfEMNYjs4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..89d77d3b8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp224r1_224-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 000000000..5cda1057d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIjCCAQygAwIBAgIUUyCpJPo1OBfUzS63URCB8jij4wYwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzIwNDgwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowKjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9v
+dF9yc2FfMjA0ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYK
+WayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME
+6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB
+CwOCAQEAQFZl1Ogt4U76JlyY3Iuw3xKnOUyU+Mmt1oD+WXuHuwuxBbd29n0at+Qi
+wOomkgbbudIiVF+X+AXb/PKXmQhUqQxQzROt77cU8JV7upVf0NaN26rrwLgoGFI0
+ipmxbzev2nMrJMkzH2cAEXKCE92VPaQGsuLR0SlGFsHTDRPk5bNI8RL5CxPjw0VA
+89wLF+DB1yqtuWIuqvgIG38BQCnRyZiql9eH+EQtonPm+L+PAa5MJAHNF+C7vHEN
+TB6gjO2J6Pt6tt50ByikmTjQcIMLkG6Y63XUpNZYMToUSnd+BvcuJDY1nDHv2BG2
+l1s7rOMeHUKiDjhKnhiyOBemiwjomQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..44a65ef5a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:root_rsa_2048
+subject:int_secp256r1_256-root_rsa_2048
+subjectKey:secp256r1
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem
new file mode 100644
index 000000000..2d04da2e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBaDCCARWgAwIBAgIUFW655tKQ8N76G2Fs4e+yyy9HSu0wCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDIyNHIxXzIyNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0EAMD4CHQCaPG/wRttw8lX1L9aYUhzXLbwFIGNPlbZLslJUAh0A
+sdRLm9WH7E0AswZO3oBFsoiZgtUXKojJjBOlhQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
new file mode 100644
index 000000000..66ebc1b93
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp224r1_224
+subject:int_secp256r1_256-root_secp224r1_224
+issuerKey:secp224r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem
new file mode 100644
index 000000000..dba78878f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbjCCARWgAwIBAgIUYTlSrggMzCP6DVELNF4gN3/2PagwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDI1NmsxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0cAMEQCIGNZAgGJ1z5b/9EWTuPiCuBK2HWvd1yTYLoQH5fdJy0k
+AiBNdBxpWObwfdKgHCLH8gHgQEBLLT5lpWwSlvTGnjknKQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
new file mode 100644
index 000000000..c7e190ab0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256k1_256
+subject:int_secp256r1_256-root_secp256k1_256
+issuerKey:secp256k1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 000000000..b415487ef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbzCCARWgAwIBAgIUZ1LG/akVEjMI75EV2IrvSQz2ONgwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDI1NnIxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0gAMEUCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDm
+AiEA3SQoQJXCBse68NgRuB1mVoMTEJOAe+qrkoRGsx5dNDY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..6854d2187
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem
new file mode 100644
index 000000000..c2958dc6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjDCCATKgAwIBAgIURykYBB7pd62OS//UuN+CSn+WSwwwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMzg0cjFfMzg0
+LXJvb3Rfc2VjcDI1NnIxXzI1NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKFockM2
+K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMtqM6Y6DFTTmqcDAsJyNY5regy
+BuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC8Fr3Gh/dzIN0qm6pzqMdMBsw
+DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIgXHVR
+nxMRUM1dit4go7wGMJH/snN1XzFk7P3LQoAKcOYCIQDQJQ6/wj2o6teiKvbzgn63
+QDv+vT1n/+9GOhIWeo1FSw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..de8e85198
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp384r1_384-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/moz.build b/security/manager/ssl/tests/unit/test_keysize/moz.build
new file mode 100644
index 000000000..a69bf43a9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/moz.build
@@ -0,0 +1,41 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem',
+#    'ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem',
+#    'ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem',
+#    'ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem',
+#    'ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem',
+#    'ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem',
+#    'ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem',
+#    'ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem',
+#    'ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem',
+#    'ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem',
+#    'ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem',
+#    'ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem',
+#    'ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem',
+#    'int_rsa_1016-root_rsa_1024.pem',
+#    'int_rsa_1016-root_secp256r1_256.pem',
+#    'int_rsa_1024-root_rsa_1016.pem',
+#    'int_rsa_1024-root_rsa_1024.pem',
+#    'int_secp224r1_224-root_secp256r1_256.pem',
+#    'int_secp256r1_256-root_rsa_2048.pem',
+#    'int_secp256r1_256-root_secp224r1_224.pem',
+#    'int_secp256r1_256-root_secp256k1_256.pem',
+#    'int_secp256r1_256-root_secp256r1_256.pem',
+#    'int_secp384r1_384-root_secp256r1_256.pem',
+#    'root_rsa_1016.pem',
+#    'root_rsa_1024.pem',
+#    'root_rsa_2048.pem',
+#    'root_secp224r1_224.pem',
+#    'root_secp256k1_256.pem',
+#    'root_secp256r1_256.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem
new file mode 100644
index 000000000..0a72087f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1DCCAUCgAwIBAgIUM7Lg6QmOdkt261MCbyFKi45pe74wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMTYwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAxNjCBnjANBgkq
+hkiG9w0BAQEFAAOBjAAwgYgCgYAA0puxL7hP3c0ps6UZy2bEO42Pi+VFunk4TOZj
+7QPfdZkWAOuSB5DSUwzs5UTbmacfBYlqPtIHFlU0qpkFfkfEfjvIGtpvoeEuNyaL
+UEalUmj52tfMtIXYGi4Z1Q1PC2hUrK9te+admggxNuFa+o9TwcjIT8YHcnndDlXX
+Nppb3QIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG
+9w0BAQsDgYAAg+CxStL2zK/003mV+gzN6dSgozHCdJyVQLN9LbsqvAHu/Ker02zl
+Ngsq7TZmpCKfa2VYRpNJbzW0095UGnD/qVS876pNzQPmUlg5QVWda6y2esKwksxO
+7yEShApyGMgxL4VEkCNxz40+NfU2falPeXtjkZU6CuOTWSU/cWRs1w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec
new file mode 100644
index 000000000..b0b5ba8e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1016
+subject:root_rsa_1016
+issuerKey:rsa1016
+subjectKey:rsa1016
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem
new file mode 100644
index 000000000..4057c0d02
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1jCCAUGgAwIBAgIUN4fAqdmb7z7NLWF0XiUi1tHIHQ0wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAyNDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA06l0QBAeuoxd+VA+b5NetS/+s+vp0NxcrOJv
+lzypTLwNnDHWbAwBO86cgtDUgDKN8F+2vNeZClMS3a5hUq1u5hyMG92GY8aL02Ik
+qYgq546J9Vbf2+b1HaYRLL/CfIpJM2tBr9t1MhtSskpzRNE0jmRjUaVRx1cczaC4
+/jX2GnUCAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZI
+hvcNAQELA4GBABaze8o5xyNFgdXvK0pFIj+ZfG634ATqddoE7x1C89M3Mh4j5nJv
+/zuKwz1NS4uty584WWCODuu1iAqwKYeOmg2aejN3k/cVWMEqmRG5DRL9CdYs8/Jt
+eFS05lsRzHVRq9m7nEOgv5Xhbn5egMwGxEjmI0Bu/o1YJ/2hxrhXit5W
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..09cd420f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem
new file mode 100644
index 000000000..f08030ecc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUL9RaZAoENJalu9ROFdxp+1zeK3wwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzIwNDgwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMjA0ODCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQAG
+/Ky5Qkbd1EjvW6h/wvxOP5jj5FQiN4c+kxP5IpiXZr2YyjZIVRShExNfzpCmLuPq
+rkaY/IZVHT32bwW87BudscCL9lTqZbsDXayEh2KuWDbw/+FfXd+KpKWi6jweyjyW
+159Im2POWzi9XyKtwY6GdVKhsrL5LwCO9nhNBwVoQ+2WiFvc5eggNPl7WTbywgV3
+eDfDVN+3NVAoDw6tcTkFYbmjJpF3w+c839wtiIJEvQ6okv5cZOLF4pW+3PoYAEaI
+jVfGtGF8QnzSBeetTliQcCy0Ce/mVZ+N0+bYeHrTm4Bm5YySszKs+1vxdzm9+fH3
+jZ6//NQm+C+GVbNGj8Nm
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..cebc2f8e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec
@@ -0,0 +1,4 @@
+issuer:root_rsa_2048
+subject:root_rsa_2048
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem
new file mode 100644
index 000000000..afc387bf1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBSDCB96ADAgECAhQJ0gm/8w+13dcPEBRcKlEAdi1aKjAKBggqhkjOPQQDAjAd
+MRswGQYDVQQDDBJyb290X3NlY3AyMjRyMV8yMjQwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0
+ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjstjfwjoyG
+u/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHqMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDQAAwPQIdAJo8b/BG23DyVfUv1phS
+HNctvAUgY0+VtkuyUlQCHFuyUCiwjmlUwEFrlJJcS0k4ErhiiH2J96FdTCw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec
new file mode 100644
index 000000000..31370f6f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp224r1_224
+subject:root_secp224r1_224
+issuerKey:secp224r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem
new file mode 100644
index 000000000..19cbdc712
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWTCCAQCgAwIBAgIUDZ1MSO282sT4cTPmUNrRED65xiAwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NmsxXzI1
+NjBWMBAGByqGSM49AgEGBSuBBAAKA0IABDXufHKJ2P73qGr+XaZti8LrtqhUP9L+
+rQifRc56zQ+mQ4KpUAxB2tdw/9S1Eb9LSS6xI4gAwyxPdsc6PzKU58WjHTAbMAwG
+A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIGNZAgGJ
+1z5b/9EWTuPiCuBK2HWvd1yTYLoQH5fdJy0kAiBbbODJAli2zU6pkhPi4lq9+jKA
+l32sv96VWrOsyrAFjg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec
new file mode 100644
index 000000000..c78aa61bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256k1_256
+subject:root_secp256k1_256
+issuerKey:secp256k1
+subjectKey:secp256k1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem
new file mode 100644
index 000000000..2417685dd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXTCCAQOgAwIBAgIUHe1Ak9B5RX1dDhygSBpPrhZ9JEowCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NnIxXzI1
+NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYKWayHBOLsBQtC
+Pjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME6qBKpsCjHTAb
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gAMEUCIFx1
+UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEA/cwfybIBowGnPXI58HEd
+4kEWa8IF3nFuEFBja30LxhI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..4447fc4b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev.js b/security/manager/ssl/tests/unit/test_keysize_ev.js
new file mode 100644
index 000000000..b6b4ccade
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@@ -0,0 +1,146 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Checks that RSA certs with key sizes below 2048 bits when verifying for EV
+// are rejected.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function getOCSPResponder(expectedCertNames) {
+  let expectedPaths = expectedCertNames.slice();
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_keysize_ev/",
+                            expectedCertNames, expectedPaths);
+}
+
+function loadCert(certName, trustString) {
+  let certFilename = "test_keysize_ev/" + certName + ".pem";
+  addCertFromFile(certDB, certFilename, trustString);
+  return constructCertFromFile(certFilename);
+}
+
+/**
+ * Adds a single EV key size test.
+ *
+ * @param {Array} expectedNamesForOCSP
+ *        An array of nicknames of the certs to be responded to.
+ * @param {String} rootCertFileName
+ *        The file name of the root cert. Can begin with ".." to reference
+ *        certs in folders other than "test_keysize_ev/".
+ * @param {Array} intCertFileNames
+ *        An array of file names of any intermediate certificates.
+ * @param {String} endEntityCertFileName
+ *        The file name of the end entity cert.
+ * @param {Boolean} expectedResult
+ *        Whether the chain is expected to validate as EV.
+ */
+function addKeySizeTestForEV(expectedNamesForOCSP,
+                             rootCertFileName, intCertFileNames,
+                             endEntityCertFileName, expectedResult)
+{
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = getOCSPResponder(expectedNamesForOCSP);
+
+    loadCert(rootCertFileName, "CTu,CTu,CTu");
+    for (let intCertFileName of intCertFileNames) {
+      loadCert(intCertFileName, ",,");
+    }
+    checkEVStatus(
+      certDB,
+      constructCertFromFile(`test_keysize_ev/${endEntityCertFileName}.pem`),
+      certificateUsageSSLServer,
+      expectedResult);
+
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+/**
+ * For debug builds which have the test EV roots compiled in, checks RSA chains
+ * which contain certs with key sizes adequate for EV are validated as such,
+ * while chains that contain any cert with an inadequate key size fail EV and
+ * validate as DV.
+ * For opt builds which don't have the test EV roots compiled in, checks that
+ * none of the chains validate as EV.
+ *
+ * Note: This function assumes that the key size requirements for EV are greater
+ * than the requirements for DV.
+ *
+ * @param {Number} inadequateKeySize
+ *        The inadequate key size of the generated certs.
+ * @param {Number} adequateKeySize
+ *        The adequate key size of the generated certs.
+ */
+function checkRSAChains(inadequateKeySize, adequateKeySize) {
+  // Reuse the existing test RSA EV root
+  let rootOKCertFileName = "../test_ev_certs/evroot";
+  let rootOKName = "evroot";
+  let rootNotOKName = "ev_root_rsa_" + inadequateKeySize;
+  let intOKName = "ev_int_rsa_" + adequateKeySize;
+  let intNotOKName = "ev_int_rsa_" + inadequateKeySize;
+  let eeOKName = "ev_ee_rsa_" + adequateKeySize;
+  let eeNotOKName = "ev_ee_rsa_" + inadequateKeySize;
+
+  // Chain with certs that have adequate sizes for EV and DV
+  // In opt builds, this chain is only validated for DV. Hence, an OCSP fetch
+  // will for example not be done for the "ev_int_rsa_2048-evroot" intermediate
+  // in such a build.
+  let intFullName = intOKName + "-" + rootOKName;
+  let eeFullName = eeOKName + "-" + intOKName + "-" + rootOKName;
+  let expectedNamesForOCSP = gEVExpected
+                           ? [ intFullName,
+                               eeFullName ]
+                           : [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
+                      [ intFullName ], eeFullName, gEVExpected);
+
+  // Chain with a root cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intOKName + "-" + rootNotOKName;
+  eeFullName = eeOKName + "-" + intOKName + "-" + rootNotOKName;
+  expectedNamesForOCSP = [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootNotOKName,
+                      [ intFullName ], eeFullName, false);
+
+  // Chain with an intermediate cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intNotOKName + "-" + rootOKName;
+  eeFullName = eeOKName + "-" + intNotOKName + "-" + rootOKName;
+  expectedNamesForOCSP = [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
+                      [ intFullName ], eeFullName, false);
+
+  // Chain with an end entity cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intOKName + "-" + rootOKName;
+  eeFullName = eeNotOKName + "-" + intOKName + "-" + rootOKName;
+  expectedNamesForOCSP = gEVExpected
+                       ? [ intFullName,
+                           eeFullName ]
+                       : [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
+                      [ intFullName ], eeFullName, false);
+}
+
+function run_test() {
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  let smallKeyEVRoot =
+    constructCertFromFile("test_keysize_ev/ev_root_rsa_2040.pem");
+  equal(smallKeyEVRoot.sha256Fingerprint,
+        "49:46:10:F4:F5:B1:96:E7:FB:FA:4D:A6:34:03:D0:99:" +
+        "22:D4:77:20:3F:84:E0:DF:1C:AD:B4:C2:76:BB:63:24",
+        "test sanity check: the small-key EV root must have the same " +
+        "fingerprint as the corresponding entry in ExtendedValidation.cpp");
+
+  checkRSAChains(2040, 2048);
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem
new file mode 100644
index 000000000..1e231157c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYzCCAk2gAwIBAgIUYWcJYs/7lzpBLFqmhT8F7LPbOLAwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0OC1ldnJvb3QwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw
+NDAtZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDCCASEwDQYJKoZIhvcNAQEBBQADggEO
+ADCCAQkCggEAALrAZS/fvABViC/7rqzuyI+i0IPCl91dQGZN09kPUvmqAr2KUPuh
+bg/ZkYeO9HX5s1DZ+OPrKr1xfOMnsJeIUx8T344+TjudYWu4pB5TBu7SRyFjFhBR
+GAEnak62bwczG1y8i8rnAWqPmz1PKsRVPGJM9SY7yzSOiEDeZhKHCWCnkhkbE4+y
+F/dlzse/+OlPFrOUGb91BMWafk95vW0XPpx789nSpOc8wYCwWQpz1YT7f8m1T6VE
+YH5T/GhcelX9RKgdQUK2r1Hqb6bOpSlloujF2E88oCTW+7mwBbllHOXZ8uz0DtQE
+mBqf/AJjbjEbCVxjMqDIfcOScbVVFIF3SwIDAQABo4GEMIGBMF4GCCsGAQUFBwEB
+BFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2V2
+X2VlX3JzYV8yMDQwLWV2X2ludF9yc2FfMjA0OC1ldnJvb3QvMB8GA1UdIAQYMBYw
+FAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEACeVAAm2UDFMG
+vuYyPdPhGr7DBIAbk2RHE+k/KKZvOC2AgK1USid4/lOdFVcFijDS46t97otxVYvA
+NDuPj/O3uYf+Gjw4rATdiA6YTXtumOfC2nwhJ9zBSFsDLEajynStYcUtJClentys
+b08EGO3cUr40aWMXZMIG4mjZhQgfTu6TJ9OlDwzexb0/L2AF8PyEd8wrO1RUTU2e
+Tb3/d15AgDccaBfrEg72Mb7oDGr/QIdTgqdtLqMF9BTQRat3O6J4LRf2UMpot9Pr
+j4eKG/93p+TymG6SdosjWavD5EQngZ7ihayl9xPZ7nAnPfLI43KNqVHDALxT8ROA
+HNBIjUe9pw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 000000000..e64c651bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_rsa_2048-evroot
+subject:ev_ee_rsa_2040-ev_int_rsa_2048-evroot
+subjectKey:rsa2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2040-ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem
new file mode 100644
index 000000000..4c66b2252
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYzCCAk6gAwIBAgIUX1WnK44zi+RzvEojjYi3bcyvC34wCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0MC1ldnJvb3QwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw
+NDgtZXZfaW50X3JzYV8yMDQwLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhDCBgTBeBggrBgEFBQcB
+AQRSMFAwTgYIKwYBBQUHMAGGQmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9l
+dl9lZV9yc2FfMjA0OC1ldl9pbnRfcnNhXzIwNDAtZXZyb290LzAfBgNVHSAEGDAW
+MBQGEisGAQQB60mFGoUahRoBg3QJATALBgkqhkiG9w0BAQsDggEAAErvI4rRV3Xf
+3NzWWiiryrNpibL3bYmzXsF3+jZWBobx21Qrck7nGeHAuZ7M90Aw9HdPxlIOnwNA
+jHv141zXE2vntVhKUTgS4TLou8+7A5Al8azWMAj9M7fqtx1Y9b4j+NK26KEOHSF0
+8MtxEYaiQfAOZEA3m0Z60w0XyQ4ULZKUEVJkrwY7sJUSzExd2dyFVQDM5uZXN/0n
+ZyGAWIj57xwxf4aXgR4y6WgBf7AZqTFc4F/YUzH9HlpRSD0uWolUB4dqNuZ2ApXZ
+arj4rqV/4Pub9IAi0AmzWDZxGkQk3E4BGHkk6unVniuQlnCMNIn/uKj2PqetX9nx
+k+dj1HE2ig==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec
new file mode 100644
index 000000000..0b7bfd426
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_rsa_2040-evroot
+subject:ev_ee_rsa_2048-ev_int_rsa_2040-evroot
+issuerKey:rsa2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2040-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem
new file mode 100644
index 000000000..3b579102a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmygAwIBAgIUa/PALQU+SWg3PCw8ajeVDsqyk+IwCwYJKoZIhvcNAQEL
+MCsxKTAnBgNVBAMMIGV2X2ludF9yc2FfMjA0OC1ldl9yb290X3JzYV8yMDQwMCIY
+DzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDoxODA2BgNVBAMML2V2
+X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0OC1ldl9yb290X3JzYV8yMDQwMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABo4GOMIGLMGgGCCsGAQUFBwEBBFwwWjBYBggrBgEFBQcwAYZMaHR0cDovL3d3
+dy5leGFtcGxlLmNvbTo4ODg4L2V2X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0
+OC1ldl9yb290X3JzYV8yMDQwLzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoB
+g3QJATALBgkqhkiG9w0BAQsDggEBAIol9cdHyFph1UFZIuQTdAgBr5GGyZP/9cHt
+ffmjqSz4TIlZPN4+FC+yh+wC/KeZiFDWuyGtdnfADkbbuG0hzSppx8EcctiKUbwE
+VnEgmX+P0nQGsdpPek8WgjZriAHJGdlFN4wJfECBgSa7SL8uwvY5VrI/4BQTRXq1
+b4fzHEZtJX5pPwoQSfHmjD6uMSK/FwTCSWNCIcA+tfwc7V31jmuc3Nz+gg5QMJFc
+5vzei1jgc0o4FxoFJhKbNQzgOMMOFdrercVcdM5HkEdlkoEo3Ae9hidP9DnHUoFZ
+lz9iVgvQiFoEYqa1Z1OFxmIGnzbwCCAq727elUxDZB3fnBeZeWc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
new file mode 100644
index 000000000..a36acf887
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ev_int_rsa_2048-ev_root_rsa_2040
+subject:ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem
new file mode 100644
index 000000000..47d86baf5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAk6gAwIBAgIUNQdpgL87vkOZHNiFDZ66Q1FTBqMwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0OC1ldnJvb3QwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw
+NDgtZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhDCBgTBeBggrBgEFBQcB
+AQRSMFAwTgYIKwYBBQUHMAGGQmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9l
+dl9lZV9yc2FfMjA0OC1ldl9pbnRfcnNhXzIwNDgtZXZyb290LzAfBgNVHSAEGDAW
+MBQGEisGAQQB60mFGoUahRoBg3QJATALBgkqhkiG9w0BAQsDggEBAH9rJ2oLLQfB
+e2pBzFw73x5QvhVbNl3O9gFTov/97zU8mfpdKoBjcf32d8/AvJ8qzCLve+4zlT5i
+6ZNwyxZpjb/dJpgZ35dbV9+qXI14m1604r4gcmpQjLDpjgAUUI15EvBkPmCmfVP2
+biIHTPGZZrcqjVh6uCs7UdBM/WtHC8Tn+cmUJZzj5kpmK0hNk26BsW+vsXXwias5
+SxR0oW1hKA4sCoqs9VByyMujiVjVivc1HzINRtiHYdQVlEPrUsYoKFh2zYS6oi6K
+wiFOzv6cLFv2j2TwBI8tD1LXjUBJA/fq8Q/8AOwZ/KUgjhz9ifV1d/FRKBqLT0Vs
+l/RXjR75s38=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 000000000..0b34be6db
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ev_int_rsa_2048-evroot
+subject:ev_ee_rsa_2048-ev_int_rsa_2048-evroot
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem
new file mode 100644
index 000000000..db935fd24
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAjqgAwIBAgIUdSW9+f5SZzr700VP9vbhznUgRHMwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAhMR8wHQYDVQQDDBZldl9pbnRfcnNhXzIwNDAtZXZyb290MIIBITAN
+BgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQAAusBlL9+8AFWIL/uurO7Ij6LQg8KX
+3V1AZk3T2Q9S+aoCvYpQ+6FuD9mRh470dfmzUNn44+sqvXF84yewl4hTHxPfjj5O
+O51ha7ikHlMG7tJHIWMWEFEYASdqTrZvBzMbXLyLyucBao+bPU8qxFU8Ykz1JjvL
+NI6IQN5mEocJYKeSGRsTj7IX92XOx7/46U8Ws5QZv3UExZp+T3m9bRc+nHvz2dKk
+5zzBgLBZCnPVhPt/ybVPpURgflP8aFx6Vf1EqB1BQravUepvps6lKWWi6MXYTzyg
+JNb7ubAFuWUc5dny7PQO1ASYGp/8AmNuMRsJXGMyoMh9w5JxtVUUgXdLAgMBAAGj
+gZAwgY0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTwYIKwYBBQUHAQEEQzBB
+MD8GCCsGAQUFBzABhjNodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvZXZfaW50
+X3JzYV8yMDQwLWV2cm9vdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0
+CQEwCwYJKoZIhvcNAQELA4IBAQAdKlRgP4yJ9q9zCdpE//xy6P9GnaT+yrmoM7CA
++sF9Jao0iM5EaF/VVYKg6sM/sBeG+RGgkIp7A3DfLXXR83a6EyXrhSLiEKOWi5xe
+WY2Q/CaRd4U05p5fvFsL88hY/Wvlj/mcCNLQ2GUYsdR/OL0XK1jHVTixGxRzRsN9
+mI+6rnA8swDZ2FTNLZ3DheNxsaIDYAZwpOaRLh6NTgbP0e0t3RvzV1dKvbXRv7QI
+HXV4KOdKAl5QMI43M4UhxSSszURZDxNRqlcyaVeNAenaiN3SiSng7HwVmb/jlpvp
+eEoXyl/+TEZebH2yniK/lzfVr3rcXm8own5V6ZHu/jucdZFT
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec
new file mode 100644
index 000000000..80be71174
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec
@@ -0,0 +1,8 @@
+issuer:evroot
+subject:ev_int_rsa_2040-evroot
+issuerKey:ev
+subjectKey:rsa2040
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2040-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key
new file mode 100644
index 000000000..e9010b691
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEtwIBADANBgkqhkiG9w0BAQEFAASCBKEwggSdAgEAAoIBAAC6wGUv37wAVYgv
++66s7siPotCDwpfdXUBmTdPZD1L5qgK9ilD7oW4P2ZGHjvR1+bNQ2fjj6yq9cXzj
+J7CXiFMfE9+OPk47nWFruKQeUwbu0kchYxYQURgBJ2pOtm8HMxtcvIvK5wFqj5s9
+TyrEVTxiTPUmO8s0johA3mYShwlgp5IZGxOPshf3Zc7Hv/jpTxazlBm/dQTFmn5P
+eb1tFz6ce/PZ0qTnPMGAsFkKc9WE+3/JtU+lRGB+U/xoXHpV/USoHUFCtq9R6m+m
+zqUpZaLoxdhPPKAk1vu5sAW5ZRzl2fLs9A7UBJgan/wCY24xGwlcYzKgyH3DknG1
+VRSBd0sCAwEAAQKB/2A9smffl1VcvthrjfNVA0ryjx638+eCnSObzCc6fHppoQvo
+8h8bbEsCxrrjcxwxWLW7/0YF9Xq3t7Kgy6LsAFottbHqbgrO6lvHRdzS0OnWuA1+
+sOorwIEnvONfpQxCzEEYcbpZHiO6ajhISjPv8TR/kH7ppakqIxG7C0NVEAIPeOO7
+AAmdtNEYKSgJZQX8uoTzyhI4/R66XuofORu7zFQksWgGP8F+HKbhkSzLpE+dApIw
+ih/tuAYSUps59Z0KP4GAtbogETIZf5OlgV3tk43459k8mxV2ZYjzObtZEAr9pJSn
+5FLX3UyaGc4uw6M6GLIPC02t4XK+4Z8m8Ny+QQKBgA7Dhpy5LUBsrd96MZqylEi8
+UFoFkTcHhzNh/FuYakmftl7rgVp+N2h9GfEoCHKJ2buIGOe8ylAsSQCtmuzhF5vh
+L/PkZ9YG/IIOqPB6yev/4iNuOBaEEgKIIj5C2+aN/ZcqhaZEflFpXyNNp5EcZ8mr
+lTHzPfO5lDLU7ojJpO+7AoGADKY5NFSehf6sjg9WBDA/0YSf6Ir0t/fhITKDu8ei
+wqUJ+Sc8Qoxo3j25PmFF8bQAvW1KJiYU6QQ602LU66SmuZU5nIk0o5mRIZnoQdjo
+2/8EifaeZjeWcwspgFMLMctwaVohYl6irczAnZMFFvqHIhGpHiLdif2et9qFdLci
+NbECgYANfTp14X9l+KZYpIXECVwQpPZpeeK3O8qc+O8hJT4frKxtR5H1g5LOhlb4
+jxJAzJDCllPjEAxtejjtRLFjsznl87bjiRISbGmzzv8uUZJCbZZJtv/KGrt10rou
+1tmiaqODxZc9ViFv8u25DM+Id0Kg8YOskslM8YdldkXHdy2a1wKBgAP1UBlMEX8k
+vqKFsgkFgDL0KYX/Vazr6IsW35o3UntOYdyRpo28mmRRNFKM5fJIvaKJPJbLe+ee
+5zmWx8Ild/bC95BAbzRyrbOyEbfpRJTzLFxvzAl4g5/kckwxsGMYokiVZ7T8oDN6
+yxuEEieqpfbHSACiMGkp8CzgOLrZQ99BAoGACAp9v6jCWEgUxxZkxW62LOTK8Wr+
+iNRJkVnWdHdKOj7N3xJWwC/JFSXFJ2kkItCrqU5cQe4S3HG7Zvhnn6F+CW8oCAhR
+ugRusxiFwUFOiYWt5ZnZB68XRT0cyuosDQZEP4Nnpr4VSxJeOQ7g2Q90bwiAHdP1
+Nn9Z+6LlpnwF83U=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec
new file mode 100644
index 000000000..f488e73a9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec
@@ -0,0 +1 @@
+rsa2040
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem
new file mode 100644
index 000000000..3de3f13d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlmgAwIBAgIUAeu/QCFxArrPIMJNFvRH8DQpIB8wCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDAwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowKzEpMCcGA1UEAwwgZXZfaW50X3JzYV8yMDQ4LWV2
+X3Jvb3RfcnNhXzIwNDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjgZowgZcwDAYDVR0TBAUwAwEB/zALBgNVHQ8E
+BAMCAQYwWQYIKwYBBQUHAQEETTBLMEkGCCsGAQUFBzABhj1odHRwOi8vd3d3LmV4
+YW1wbGUuY29tOjg4ODgvZXZfaW50X3JzYV8yMDQ4LWV2X3Jvb3RfcnNhXzIwNDAv
+MB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOC
+AQAAGu+2My8IJ62el8ZSd8XObf5FZdc9mSKPDrUx9lbNfiYivNPW7IZ4G1Ku9ejt
+KCTlBGFYeiRX80lAmnn4uqjNFyr83P2iMnTGu4A602DdZHidnrNIoukyOlrO8ve8
+OiKZ2P42nb0+XRuMUSsfVo+MqegBQJSQx6NRoJZ9xsDA+58KLL/e7hZBE9IZocMd
+6IzGfGuu86CkfiJehlMFph0fkY9NaWVuthMzE8YJMOCZ6nb0ymHxKO+EqbliiyuI
+lvMR3i1WfDPF0YN4/YILt+72hFDqI8EvFYl9xqXkkOtkLVArVDMvhrdHWJOeV8n4
+5Lyiu5+Iy63klHNJxlfx7tWh
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
new file mode 100644
index 000000000..5bc5674b2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ev_root_rsa_2040
+subject:ev_int_rsa_2048-ev_root_rsa_2040
+issuerKey:evRSA2040
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-ev_root_rsa_2040/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem
new file mode 100644
index 000000000..28ef9a63f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAjugAwIBAgIUIUhiWxj3v86Cc27pFN9+AFjY11owCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAhMR8wHQYDVQQDDBZldl9pbnRfcnNhXzIwNDgtZXZyb290MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+o4GQMIGNMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME8GCCsGAQUFBwEBBEMw
+QTA/BggrBgEFBQcwAYYzaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2V2X2lu
+dF9yc2FfMjA0OC1ldnJvb3QvMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGD
+dAkBMAsGCSqGSIb3DQEBCwOCAQEAkDJICQpDQGnSlRP4irr/shKc0CdSlp/Ub/zl
+pJ9g218t/mCjQKcWJakb2ClzFJq3FJvpLB9h1gy9b1bZ3sVtGW8DvFI0XRztmNXN
+3hNHQLAPr6oz9bl4OYUzbp7yYjMmkm1bnZQPhlQx5R8tIlFOZJP2vh98fUZSY9kh
+WWrqaUQNZckvGYvJLOa9fhxesrDYuY05WZH0E2JUC5V7v7gP7NvkW8/5yc/82af8
+xqNGWic+9+wmHA7J5PpW/owqKOe35WpQOclafg42XH/3qT5bLms6+X2iV3Ys3SuB
+qmFU9n5zMCvDn4r4sPSYuaq8q3QNTNcT4inos++rfHtFyjWhjQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 000000000..a0cb6250d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:ev_int_rsa_2048-evroot
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key
new file mode 100644
index 000000000..bb8708bfd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEuQIBADANBgkqhkiG9w0BAQEFAASCBKMwggSfAgEAAoIBAADKcCDcIV9XkU00
+P65KAVERaXr5l6Xs6RhmSZ/CPxuIoRjL0wsQ2Rx7mg1O6JcvyuVsr1fyX8EnWipN
+vLmCQowy71h78jh0EDMKD/sWuAKb14OWnvZ19t44wY9nGTy2wHL4sj0LM3QRJiel
+e5AFV3HZ5iYD9TeI1/Y6+nJPXRCAlt8x+J8msetffENXmA4Aj81V2CfdJiOVyi9S
+ageJfMQMWTs4cW68DKpZZxnG8prJtzp6lEdIo6o+CenrTUYeoAJ+VAkmYUcoudJD
+l1z5oFQb79JedrUflREQsOdkT8fjhEF5G20iJzhMuABOIzQjcrHPXMPnPjG3u++h
+YOaGLrsCAwEAAQKCAQAAstt0vOkjYqv3KVWmOK6HILowM7t/lxyvORiNdULqocGr
+tdIFseIRH0eRwIkRouFB6M/XBUcC0jEAtWQsBuGjGxGK/R+aLzlsztQlxQHZFDXK
+hlZ2bO0rk7u4Zp/Om6zXJ9Hayz2vq8MpPjU4nu+OoLWOGusaIOamH5/NRT91Z/4x
+0SO2FqJv703x1sn3SQER0Cju/R2XIEWxokInPdemfr8RHbJ0GlqTx7IonMSiNvWp
+mm7HqCBv2uHB0EvbsZgNSimMWhfa5BhkdKX3g12IK87ySu9O1vFJ+U2WyffXjmR/
+x3ipAX/yCNO0oXaLGCFiECzasDL6u6s41SAKMkZJAoGADzhE0NTU1qIazXam/DcL
+hVDh1+xaYjQXLnkPACmuZR9tXFkzCrGYArnXogfeeh+3eON3T9vcQRdQYz2NGz/g
+dQBv/P0dEOdjx6kifS1fDC2t4cnmWcNQoVnTa7mG8SY21PmUKyiLwP4h2oeZR3Fz
+FEJJyi44nmxcJap4yMrX1N8CgYANTQvt0ZYvB6Hq1rI6TtZ66vEnDwUqbSm6B0lF
+xjYaXE+PB7+FngZ67T9ObjI+8qqKas00CwvcfP5P0ynjyX+HDH93NXksaqnQ9+dU
+KijtbwGw5VorjZwkplxtoxTJVIT1x8OVSoG7AWsH7RfumwYDlpW8oFmnn43CQj0y
+jVJlpQKBgAnymi/wW+ipbWFLoxsIk1QgqGxrxCuZpmkuoNpXY/AeWWlZt93Oc++c
+Lk9uW0BxCIdQDUS6DDzTEyy6J0dfOcLfdVLi0SOiSXpPlwZAKHaaSKNiRlf3K/U5
+89DeI0/szTvooKqQxr9umwvtQwcKJNBh/z7RdRo+8v9/a5C529X7AoGAAaZZ4XDK
+wSCgO+HPj53xyqNTsDWTvXR25YU72HTChziGAcbDQc6dHShKXu8aOmadMrgWpers
+2LeET+BwZLm8oMKzGNVAJ3s/fxUQ04a7NuA7BHceXSKeiIk+E7dTv7lFGLtjjiQE
+vW5qmTwWaNk/wLgv8IqvNDR9P+g5cQjIfKUCgYAEAlfA1KIcC5hDKXxlZS22YwT7
+Jjdz1yi2q/oG03rAymLGKAI+CeN9wKkB5M4SJBgOJYKjqktqGnuY4r1wB3rsFKyK
+tmp1XHHg/BAkcfm7wbRqlaoLZF8sOOdkUCiWGeo/XormEDe//PgknyKqTnbioBkJ
+8/6ykM6T7fV7EOvnlg==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec
new file mode 100644
index 000000000..a85e16858
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec
@@ -0,0 +1 @@
+evRSA2040
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem
new file mode 100644
index 000000000..e8640696e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcqgAwIBAgIUP1iIBgxk6kH+x64EUBTV3qoHuaswCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDAwIhgPMjAxNTAxMDEwMDAwMDBa
+GA8yMDM1MDEwMTAwMDAwMFowGzEZMBcGA1UEAwwQZXZfcm9vdF9yc2FfMjA0MDCC
+ASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAAMpwINwhX1eRTTQ/rkoBURFp
+evmXpezpGGZJn8I/G4ihGMvTCxDZHHuaDU7oly/K5WyvV/JfwSdaKk28uYJCjDLv
+WHvyOHQQMwoP+xa4ApvXg5ae9nX23jjBj2cZPLbAcviyPQszdBEmJ6V7kAVXcdnm
+JgP1N4jX9jr6ck9dEICW3zH4nyax6198Q1eYDgCPzVXYJ90mI5XKL1JqB4l8xAxZ
+OzhxbrwMqllnGcbymsm3OnqUR0ijqj4J6etNRh6gAn5UCSZhRyi50kOXXPmgVBvv
+0l52tR+VERCw52RPx+OEQXkbbSInOEy4AE4jNCNysc9cw+c+Mbe776Fg5oYuuwID
+AQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsD
+ggEAAKNwPHDMqBevLghX34q3XuZSQuR4ZTmYBA/f79+1eGM9ljJFyVVYNPPu8a1u
+ePKCZrsrc7H8PqQTyg87XlLi9gwkERZqL1DDKI9LQEf7AK7eA1fgpabc4b/YARQf
+06bd+bRMUjEf5ZS0DaGib3GgOC4HU9L9tFfvxLI0CyZkQQoMcWWNEd0iQEp+0hBX
+Pt8avMmO7IrAkcXroLBYtFdU0nf3OQlCBAHMOupWo/cguPoQO62+dVgz5O/msMQk
+tYpgwH126xnWGP5+pjHmjssycbBLOJgCU2gvQa8aGM7tFvAUGiflsQIGgx8c9aBG
+jhTdA+xV2I+gY8rv98s2Dr5gMQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec
new file mode 100644
index 000000000..fd1ade8de
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ev_root_rsa_2040
+subject:ev_root_rsa_2040
+issuerKey:evRSA2040
+subjectKey:evRSA2040
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/moz.build b/security/manager/ssl/tests/unit/test_keysize_ev/moz.build
new file mode 100644
index 000000000..85dc78a3c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/moz.build
@@ -0,0 +1,31 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem',
+#    'ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem',
+#    'ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem',
+#    'ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem',
+#    'ev_int_rsa_2040-evroot.pem',
+#    'ev_int_rsa_2048-ev_root_rsa_2040.pem',
+#    'ev_int_rsa_2048-evroot.pem',
+#    'ev_root_rsa_2040.pem',
+#    'evroot.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'ev_int_rsa_2040.key',
+#    'ev_int_rsa_2048.key',
+#    'ev_root_rsa_2040.key',
+#    'evroot.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_local_cert.js b/security/manager/ssl/tests/unit/test_local_cert.js
new file mode 100644
index 000000000..937c0432b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_local_cert.js
@@ -0,0 +1,83 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const certService = Cc["@mozilla.org/security/local-cert-service;1"]
+                    .getService(Ci.nsILocalCertService);
+
+const gNickname = "local-cert-test";
+
+function run_test() {
+  // Need profile dir to store the key / cert
+  do_get_profile();
+  // Ensure PSM is initialized
+  Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+  run_next_test();
+}
+
+function getOrCreateCert(nickname) {
+  return new Promise((resolve, reject) => {
+    certService.getOrCreateCert(nickname, {
+      handleCert: function(c, rv) {
+        if (rv) {
+          reject(rv);
+          return;
+        }
+        resolve(c);
+      }
+    });
+  });
+}
+
+function removeCert(nickname) {
+  return new Promise((resolve, reject) => {
+    certService.removeCert(nickname, {
+      handleResult: function(rv) {
+        if (rv) {
+          reject(rv);
+          return;
+        }
+        resolve();
+      }
+    });
+  });
+}
+
+add_task(function* () {
+  // No master password, so no prompt required here
+  ok(!certService.loginPromptRequired);
+
+  let certA = yield getOrCreateCert(gNickname);
+  equal(certA.nickname, gNickname);
+
+  // Getting again should give the same cert
+  let certB = yield getOrCreateCert(gNickname);
+  equal(certB.nickname, gNickname);
+
+  // Should be matching instances
+  ok(certA.equals(certB));
+
+  // Check a few expected attributes
+  ok(certA.isSelfSigned);
+  equal(certA.certType, Ci.nsIX509Cert.USER_CERT);
+
+  // New nickname should give a different cert
+  let diffNameCert = yield getOrCreateCert("cool-stuff");
+  ok(!diffNameCert.equals(certA));
+
+  // Remove the cert, and get a new one again
+  yield removeCert(gNickname);
+  let newCert = yield getOrCreateCert(gNickname);
+  ok(!newCert.equals(certA));
+
+  // Drop all cert references and GC
+  let serial = newCert.serialNumber;
+  certA = certB = diffNameCert = newCert = null;
+  Cu.forceGC();
+  Cu.forceCC();
+
+  // Should still get the same cert back
+  let certAfterGC = yield getOrCreateCert(gNickname);
+  equal(certAfterGC.serialNumber, serial);
+});
diff --git a/security/manager/ssl/tests/unit/test_logoutAndTeardown.js b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
new file mode 100644
index 000000000..2bf8855fe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
@@ -0,0 +1,55 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+do_get_profile();
+
+function connect_and_teardown() {
+  let socketTransportService =
+    Cc["@mozilla.org/network/socket-transport-service;1"]
+      .getService(Ci.nsISocketTransportService);
+
+  let tearDown = false;
+
+  let reader = {
+    onInputStreamReady: function(stream) {
+      throws(() => stream.available(), /NS_ERROR_FAILURE/,
+             "stream should be in an error state");
+      ok(tearDown, "A tear down attempt should have occurred");
+      run_next_test();
+    }
+  };
+
+  let sink = {
+    onTransportStatus: function(transport, status, progress, progressmax) {
+      if (status == Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+        // Try to logout and tear down the secure decoder ring.
+        // This should close and stream and notify the reader.
+        // The test will time out if this fails.
+        tearDown = true;
+        Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing)
+          .logoutAndTeardown();
+      }
+    }
+  };
+
+  Services.prefs.setCharPref("network.dns.localDomains",
+                             "ocsp-stapling-none.example.com");
+  let transport = socketTransportService.createTransport(
+    ["ssl"], 1, "ocsp-stapling-none.example.com", 8443, null);
+  transport.setEventSink(sink, Services.tm.currentThread);
+
+  let inStream = transport.openInputStream(0, 0, 0)
+                          .QueryInterface(Ci.nsIAsyncInputStream);
+  inStream.asyncWait(reader, Ci.nsIAsyncInputStream.WAIT_CLOSURE_ONLY, 0,
+                     Services.tm.currentThread);
+}
+
+function run_test() {
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+  add_test(connect_and_teardown);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_name_constraints.js b/security/manager/ssl/tests/unit/test_name_constraints.js
new file mode 100644
index 000000000..e75c89740
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints.js
@@ -0,0 +1,63 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// This test tests two specific items:
+// 1. Are name constraints properly enforced across the entire constructed
+// certificate chain? This makes use of a certificate hierarchy like so:
+//  - (trusted) root CA with permitted subtree dNSName example.com
+//  - intermediate CA with permitted subtree dNSName example.org
+//    a. end-entity with dNSNames example.com and example.org
+//       (the first entry is allowed by the root but not by the intermediate,
+//        and the second entry is allowed by the intermediate but not by the
+//        root)
+//    b. end-entity with dNSName example.com (not allowed by the intermediate)
+//    c. end-entity with dNSName examle.org (not allowed by the root)
+//    d. end-entity with dNSName example.test (not allowed by either)
+//  All of these cases should fail to verify with the error that the
+//  end-entity is not in the name space permitted by the hierarchy.
+//
+// 2. Are externally-imposed name constraints properly enforced? This makes use
+// of a certificate hierarchy rooted by a certificate with the same DN as an
+// existing hierarchy that has externally-imposed name constraints (DCISS).
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(name) {
+  return constructCertFromFile(`test_name_constraints/${name}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, `test_name_constraints/${certName}.pem`,
+                  trustString);
+}
+
+function checkCertNotInNameSpace(cert) {
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_CERT_NOT_IN_NAME_SPACE,
+                        certificateUsageSSLServer);
+}
+
+function checkCertInNameSpace(cert) {
+  checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+}
+
+function run_test() {
+  // Test that name constraints from the entire certificate chain are enforced.
+  loadCertWithTrust("ca-example-com-permitted", "CTu,,");
+  loadCertWithTrust("int-example-org-permitted", ",,");
+  checkCertNotInNameSpace(certFromFile("ee-example-com-and-org"));
+  checkCertNotInNameSpace(certFromFile("ee-example-com"));
+  checkCertNotInNameSpace(certFromFile("ee-example-org"));
+  checkCertNotInNameSpace(certFromFile("ee-example-test"));
+
+  // Test that externally-imposed name constraints are enforced (DCISS tests).
+  loadCertWithTrust("dciss", "CTu,,");
+  checkCertInNameSpace(certFromFile("NameConstraints.dcissallowed"));
+  checkCertNotInNameSpace(certFromFile("NameConstraints.dcissblocked"));
+}
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem
new file mode 100644
index 000000000..9eb316736
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAj2gAwIBAgIUayXt32lO6eul4Qcp7fVRAg5vETEwCwYJKoZIhvcNAQEL
+MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp
+czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH
+Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjBBMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCQ0ExDDAKBgNVBAoMA0ZvbzEXMBUGA1UEAwwOZm9vLmV4YW1wbGUuZnIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAEwCwYJKoZIhvcNAQELA4IBAQBUTnm4u9mzMIaSUdrQ+pSM0dtQAP/7b93e
+/fpICLB65fjxUxQMvRG65i4vn6HG+FFbDi/n/kURSN8r1VItjq+QUK55VL/F7bh7
+6P9xi4o1h6qb4tiXKb3YE2D7+zRENWGvTidDV1u3e2Tfuu0pu0NkD5PUvb0dtScW
+LvruBaJdRJgx9z1BIYN5uqQhOa4hHV46z7hAVyJyhsdwRO3NG/OYFmdlcIUTwcvF
+Qb+YgeviFlLdqRqt4vxT54Ko3GGqx2l609PZslD3F9vcP31n/VbowU256HSTjral
+DL9dS/KG2XFWySC9vrFjyLx8eR9SOMfasCIG835f81YI2E7UjGBH
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec
new file mode 100644
index 000000000..1a02a0cc1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec
@@ -0,0 +1,2 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:/C=US/ST=CA/O=Foo/CN=foo.example.fr
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem
new file mode 100644
index 000000000..044a8205d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAj6gAwIBAgIUB0a84yh5MqyYUB0tMRJgU70UqzEwCwYJKoZIhvcNAQEL
+MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp
+czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH
+Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjBCMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCQ0ExDDAKBgNVBAoMA0ZvbzEYMBYGA1UEAwwPZm9vLmV4YW1wbGUuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAmvWg9zOGlCX5ZjPFoX0wpfQ2pSAPsbv9
+sC4uDLBQj6Tx/bmm5JRI3p/+hceC+y5gVmA30dOBVAGm9Bzj/M7tY1+eYH9fXnhO
+asM3onOEAd7R26Dztl3/RaKIZzIDALc/0fOeCHfRKmh5Ao/9MHIBH8vyyCvyHRZV
+ixaX5zhSA6u8PrC36Hwbu40LNaVgV/S7xWiE5bAOT4zhS61C+Sjji0wmK9vgEgCT
+8e3UFCWEGgr6zavD0E5dvZIbyM8q8TMdTe5FDV9e1Jivk2WcDli39eYiOhyglqaF
+PZ4pRuvNO2+2VJxakjzfrTeQA7k/ZWX6ljwFSMypgEm/m7HC8BQ7qQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec
new file mode 100644
index 000000000..eabee87e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec
@@ -0,0 +1,2 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:/C=US/ST=CA/O=Foo/CN=foo.example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem
new file mode 100644
index 000000000..a82688fd8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAfegAwIBAgIUadTGcLSWi68lBexbnxxJdH4o7S4wCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLWV4YW1wbGUtY29tLXBlcm1pdHRlZDAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhjYS1leGFtcGxl
+LWNvbS1wZXJtaXR0ZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjOTA3MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
+AgEGMBoGA1UdHgQTMBGgDzANggtleGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB
+ABqsSZFz9PEgN6+qyElJbM3P/NEy4HSfNOybDbKspySnBlYC9cZXgY3EJ0FSeKSQ
+hDM9CvMKtAhTJjj9PDQHnh0jevD0USO6riqkkENo+c3tL8cAZbLT8oPe4Q52PRii
+Yqi4XZiigtQmLxdyS4ryuSvhRs0IcNDqp7f23uLgGQpv7GUpoc4hg14JxIW1Bz42
+x60m+jTVMkpHj01uUJ9J4bTDoxLjjPI6ED/lXaccJCpl3smMPErEKM3K6LBfL6g7
+r+IkdTAhsQmPgnhi07SSV34ZXto8cpjSpJDl3LKBUmHF82XqJNHxwYZ7VjwnSc5c
+9sw3hmmmt7Su7dEeScCKPW0=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec
new file mode 100644
index 000000000..1cc3c1d81
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-example-com-permitted
+subject:ca-example-com-permitted
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:nameConstraints:permitted:example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem
new file mode 100644
index 000000000..2d8fc903a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAqGgAwIBAgIUfbbH+o/snQqIZa44UsC8vi+3+EgwCwYJKoZIhvcNAQEL
+MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp
+czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH
+Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjCBhTELMAkGA1UEBhMCRlIxDzAN
+BgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMFUGFyaXMxEDAOBgNVBAoTB1BNL1NHRE4x
+DjAMBgNVBAsTBURDU1NJMQ4wDAYDVQQDEwVJR0MvQTEjMCEGCSqGSIb3DQEJARYU
+aWdjYUBzZ2RuLnBtLmdvdXYuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAHyAZhHXZ7L+pJAMKXiMpxLf+bt8w
+3EfZ+y7htjiDsDLLB9T3A/zj0V2LlVGJ8RfQOT690czYqidFL7bQayJuC5S1MBxt
+Q6W0GsHHVR2v/uCPFntzVhKFSeGyao+V2t/ZTYQ4MIiZTRkK0QWGL2XFGjRhfGMf
+6WDBjnndyVg0fXnvlYTCfZFp7yZ9pkdS3kgLTfq4PAknm9eU/bJ+DjHedGb6GWY3
+X0+xXw2u6Td1UdupliEOX6mGC7P3E6g8Dmrxn36OiKeh3kHmVIyyUrpLI/XM67B8
+9RG2d7e8gBlKKSwcwynM/snRco9AWgiaSZEmmb2a9+FQ/qGwtZVwvgkAuQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec
new file mode 100644
index 000000000..5d53706bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem
new file mode 100644
index 000000000..d0442e004
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAeSgAwIBAgIUaRmgL0d90KT16jbz/DDS4TvGvwEwCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWZWUtZXhhbXBs
+ZS1jb20tYW5kLW9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMnMCUwIwYDVR0RBBwwGoILZXhhbXBsZS5jb22C
+C2V4YW1wbGUub3JnMAsGCSqGSIb3DQEBCwOCAQEAnnaFdrE6UGQCmCtMEhHicq9Y
+NE/TGItWvGqP+iU/7+fpTRF5TvrB9mieRPZgU2FQPbHbVs4f3Akaiv7gwnBdE6+d
+HL0v7qoVSGofmZh9GbE+i3kqXSyylOFhjCuQ92+5lMIQ/hxumyUuQSfw/SRs5I2c
+l7otGokpxOqRfw9oFusF1AccSm0ynVbdanjfMZFBc0Hwfy4qYXGqP1AmiNJgjves
+MEjCfwsoFv4Y23CSdTBduo5P6JzLS2Ay99NTG1UOto+UIDSZwIylSjphc0XOMJ2+
+TbbCo9XHmhWN8i9xw0anSOXvz66yWFBbtuvjPweHAOoSWsqdQ5GoReoqqF5xSw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec
new file mode 100644
index 000000000..904ca6595
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-com-and-org
+extension:subjectAlternativeName:example.com,example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem
new file mode 100644
index 000000000..fad336b1c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUGQSGboQn0O+dvd3cf/FaobEeoiEwCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGTEXMBUGA1UEAwwOZWUtZXhhbXBs
+ZS1jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAP24kpBxa9l3+LpfmIc4UsSpXvY+DGt5bjM0TzuNHR6FMQhLnYdF1
+0Lbl6TYFd62kA2GANMGkLImIGJCP9XEEJYF0lQQ3w06rofsnEVbrraF0UjhyMSdt
++IBWwn/ZD37/D2iYUXInEWLNsiTe/ggrfk4VCy48l40toW0CdW0xTorYHrmtTmcg
+Ie7i6ODcA7avSdsw/mbZqbSqNHBdDnydUgkwZUJKlp2DH85MoVrHcNVW6mVlRZ96
+I31+EyLS5NlYb1e4CiEo2uvhvrAxeDw9mvNKWrV4BXc58vq8N48/r83lBdV09OyP
+tymoRevjFD3M5fcR8VzXVg/diItDZ15fUw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec
new file mode 100644
index 000000000..46630c4a1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-com
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem
new file mode 100644
index 000000000..7e366f8ca
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUcZBzsxoUEYUZlsKZQdyvAEhTgaswCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGTEXMBUGA1UEAwwOZWUtZXhhbXBs
+ZS1vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUub3JnMAsGCSqGSIb3
+DQEBCwOCAQEAJwtc0BV1zdS6BO2he4SbTeDvHxkNqlkgRbrcT5kSgQgqlH6rcnoe
+QHrIsbGeHBoWJKI2tsmeKkGyswPsxyktEXKLb53J8EGpc72XwazhTFQTKCfLeB0n
+GlYfdI65ipwnqo46Juj6WHcFjf964eNhVLBun/535CcT5I7Y8bVDDakSkAfdxY8k
+JjRVe73yAt7pjpQ70Gq39tiuMD16pJ8+M6FJvbYKFmelhWcusRo56fJsx4jkN0zo
+I75MJ1cjr+UL1ixMVXjj5WQzZw+Ec+SBAL4fR8JTkkdjRNJTWB5Pr1eH4xa6vQsB
+wc3PCSdU0y80ihL2AcxNKZiOVAftJM9lIw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec
new file mode 100644
index 000000000..6a24090e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-org
+extension:subjectAlternativeName:example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem
new file mode 100644
index 000000000..0b65d0f3d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAdGgAwIBAgIUVQNQFeYcunS/xUPvzDd6P51z7PEwCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPZWUtZXhhbXBs
+ZS10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB
+/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRx
+CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC
+OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm
+Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz
+ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD
+rNoYCjXtjQIDAQABoxswGTAXBgNVHREEEDAOggxleGFtcGxlLnRlc3QwCwYJKoZI
+hvcNAQELA4IBAQAcdgKZ3Dp2Q6EMCWw+5VgzS2lEwf+LgxwNWLKnI0sX1YYuP3oq
+6t+UMcYelMwaYISXy+v8ZCrey1nJidjuRZHigQun7aqnQ4ugyPATbCrO/3eJZ6K0
+JVDPCt8hYSrogDWGG3KqX5z0lyjcWMGSDL+z6sWxLneOIdNFD6WsY8leM1jbaGD6
+fTJyHzaJ7m2kvp67Doqb8XzMlAY3nX3S/qD/mW0fO/IOAmogVZgG/5KbyQeJC0uu
+qoFmeRFoAuoNhRY2XuHh4I3OQCRtUGujNeC9AzVUQGI69saKvq96W/M5ij9JKfnP
+K6woylFDR67heaevocc4EcbSE7Y4e2LUURtL
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec
new file mode 100644
index 000000000..0926ce477
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-test
+extension:subjectAlternativeName:example.test
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem
new file mode 100644
index 000000000..4f12c9a61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfigAwIBAgIUa0ZhHpbuqgjJTZfVUN+proqgaCQwCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLWV4YW1wbGUtY29tLXBlcm1pdHRlZDAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAkMSIwIAYDVQQDDBlpbnQtZXhhbXBs
+ZS1vcmctcGVybWl0dGVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABozkwNzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
+AwIBBjAaBgNVHR4EEzARoA8wDYILZXhhbXBsZS5vcmcwCwYJKoZIhvcNAQELA4IB
+AQB1roD4dkWf/+8VEomThWmJaQiemqbSpv1T2pwy7dp/FhmqSHuJMYjL+2Whh8Nd
+j/b2fC9TAB3Q02WgF4ZCt53rr2wztO5JWel3uEZRlt5AIXJNkSYjfYuSoKcvntWS
+aenDy8+HTFZ4XqItv4qpRBCo/qguiohJ7wjPPCOuG/LFNgJdssC7TNHwhuPdnqCr
+B4EGFo6swUA4zJqS4kJdMQHnyhDRT0hVNSZF0Ql19bF69M9obqfrFbCMvuTj2kxo
+7hCG0C+Ws4bL+EA2ohjwPXgkFZcph/MRhLAa5U9s8G3TFLuJvOGZ6CAaSfQCJoAG
+nzgVDB82G7c1g67m186RSXzt
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec
new file mode 100644
index 000000000..87e2cf8a5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-example-com-permitted
+subject:int-example-org-permitted
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:nameConstraints:permitted:example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/moz.build b/security/manager/ssl/tests/unit/test_name_constraints/moz.build
new file mode 100644
index 000000000..3eb064111
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/moz.build
@@ -0,0 +1,21 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'NameConstraints.dcissallowed.pem',
+#    'NameConstraints.dcissblocked.pem',
+#    'ca-example-com-permitted.pem',
+#    'int-example-org-permitted.pem',
+#    'ee-example-com-and-org.pem',
+#    'ee-example-com.pem',
+#    'ee-example-org.pem',
+#    'ee-example-test.pem',
+#    'dciss.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_nsCertType.js b/security/manager/ssl/tests/unit/test_nsCertType.js
new file mode 100644
index 000000000..2e378541d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsCertType.js
@@ -0,0 +1,28 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// While the Netscape certificate type extension is not a standard and has been
+// discouraged from use for quite some time, it is still encountered. Thus, we
+// handle it slightly differently from other unknown extensions.
+// If it is not marked critical, we ignore it.
+// If it is marked critical:
+//   If the basic constraints and extended key usage extensions are also
+//   present, we ignore it, because they are standardized and should convey the
+//   same information.
+//   Otherwise, we reject it with an error indicating an unknown critical
+//   extension.
+
+"use strict";
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("BadCertServer", "bad_certs");
+  add_connection_test("nsCertTypeNotCritical.example.com", PRErrorCodeSuccess);
+  add_connection_test("nsCertTypeCriticalWithExtKeyUsage.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("nsCertTypeCritical.example.com",
+                      SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
new file mode 100644
index 000000000..f35f5d97b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
@@ -0,0 +1,49 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// This file tests the nsIX509CertValidity implementation.
+
+function fuzzyEqual(attributeName, dateString, expectedTime) {
+  do_print(`${attributeName}: ${dateString}`);
+  let absTimeDiff = Math.abs(expectedTime - Date.parse(dateString));
+  const ONE_DAY_IN_MS = 24 * 60 * 60 * 1000;
+  lessOrEqual(absTimeDiff, ONE_DAY_IN_MS,
+              `Time difference for ${attributeName} should be <= one day`);
+}
+
+function run_test() {
+  // Date.parse("2013-01-01T00:00:00Z")
+  const NOT_BEFORE_IN_MS = 1356998400000;
+  // Date.parse("2014-01-01T00:00:00Z")
+  const NOT_AFTER_IN_MS = 1388534400000;
+  let cert = constructCertFromFile("bad_certs/expired-ee.pem");
+
+  equal(cert.validity.notBefore, NOT_BEFORE_IN_MS * 1000,
+        "Actual and expected notBefore should be equal");
+  equal(cert.validity.notAfter, NOT_AFTER_IN_MS * 1000,
+        "Actual and expected notAfter should be equal");
+
+  // The following tests rely on the implementation of nsIX509CertValidity
+  // providing long formatted dates to work. If this is not true, a returned
+  // short formatted date such as "12/31/12" may be interpreted as something
+  // other than the expected "December 31st, 2012".
+  //
+  // On Android, the implementation of nsIDateTimeFormat currently does not
+  // return a long formatted date even if it is asked to. This, combined with
+  // the reason above is why the following tests are disabled on Android.
+  if (AppConstants.platform != "android") {
+    fuzzyEqual("notBeforeLocalTime", cert.validity.notBeforeLocalTime,
+               NOT_BEFORE_IN_MS);
+    fuzzyEqual("notBeforeLocalDay", cert.validity.notBeforeLocalDay,
+               NOT_BEFORE_IN_MS);
+    fuzzyEqual("notBeforeGMT", cert.validity.notBeforeGMT, NOT_BEFORE_IN_MS);
+
+    fuzzyEqual("notAfterLocalTime", cert.validity.notAfterLocalTime,
+               NOT_AFTER_IN_MS);
+    fuzzyEqual("notAfterLocalDay", cert.validity.notAfterLocalDay,
+               NOT_AFTER_IN_MS);
+    fuzzyEqual("notAfterGMT", cert.validity.notAfterGMT, NOT_AFTER_IN_MS);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
new file mode 100644
index 000000000..b4b0d6f37
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
@@ -0,0 +1,70 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that various nsIX509Cert attributes correctly handle UTF-8.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function run_test() {
+  let cert = certDB.constructX509FromBase64(
+    "MIIF3DCCBMSgAwIBAgIEAJiZbzANBgkqhkiG9w0BAQUFADCCAQ0xYTBfBgNVBAMM" +
+    "WEkuQ0EgLSBRdWFsaWZpZWQgcm9vdCBjZXJ0aWZpY2F0ZSAoa3ZhbGlmaWtvdmFu" +
+    "w70gY2VydGlmaWvDoXQgcG9za3l0b3ZhdGVsZSkgLSBQU0VVRE9OWU0xCzAJBgNV" +
+    "BAYTAkNaMS8wLQYDVQQHDCZQb2R2aW5uw70gbWzDvW4gMjE3OC82LCAxOTAgMDAg" +
+    "UHJhaGEgOTEsMCoGA1UECgwjUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRh" +
+    "IGEucy4xPDA6BgNVBAsMM0FrcmVkaXRvdmFuw70gcG9za3l0b3ZhdGVsIGNlcnRp" +
+    "ZmlrYcSNbsOtY2ggc2x1xb5lYjAeFw0wMjEyMTIxMzMzNDZaFw0wMzEyMTIxMzMz" +
+    "NDZaMIIBFDELMAkGA1UEBhMCQ1oxHzAdBgNVBAMeFgBMAHUAZAEbAGsAIABSAGEB" +
+    "YQBlAGsxGTAXBgNVBAgeEABWAHkAcwBvAQ0AaQBuAGExLzAtBgNVBAceJgBQAGEA" +
+    "YwBvAHYALAAgAE4A4QBkAHIAYQF+AG4A7QAgADcANgA5MSUwIwYJKoZIhvcNAQkB" +
+    "FhZsdWRlay5yYXNla0BjZW50cnVtLmN6MRMwEQYDVQQqHgoATAB1AGQBGwBrMQ0w" +
+    "CwYDVQQrHgQATABSMR8wHQYDVQQpHhYATAB1AGQBGwBrACAAUgBhAWEAZQBrMRMw" +
+    "EQYDVQQEHgoAUgBhAWEAZQBrMRcwFQYDVQQFEw5JQ0EgLSAxMDAwMzc2OTCBnzAN" +
+    "BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxc7dGd0cNlHZ7tUUl5k30bfYlY3lnOD0" +
+    "49JGbTXSt4jNFMRLj6s/777W3kcIdcIwdKxjQULBKgryDvZJ1DAWp2TwzhPDVYj3" +
+    "sU4Niqb7mOUcp/4ckteUxGF6FmXtJR9+XHTuLZ+omF9HOUefheBKnXvZuqrLM16y" +
+    "nbJn4sPwwdcCAwEAAaOCAbswggG3MCUGA1UdEQQeMBygGgYKKwMGAQQB3BkCAaAM" +
+    "DAoxNzYyODk2ODgzMGkGA1UdHwRiMGAwHqAcoBqGGGh0dHA6Ly9xLmljYS5jei9x" +
+    "aWNhLmNybDAeoBygGoYYaHR0cDovL2IuaWNhLmN6L3FpY2EuY3JsMB6gHKAahhho" +
+    "dHRwOi8vci5pY2EuY3ovcWljYS5jcmwwHwYDVR0jBBgwFoAUK1oKfvvlDYUsZTBy" +
+    "vGN701mca/UwHQYDVR0OBBYEFPAs70DB+LS0PnA6niPUfJ5wdQH5MIG4BgNVHSAE" +
+    "gbAwga0wgaoGCysGAQQBs2EBAQQEMIGaMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3" +
+    "LmljYS5jei9xY3AvY3BxcGljYTAyLnBkZjBnBggrBgEFBQcCAjBbGllUZW50byBj" +
+    "ZXJ0aWZpa2F0IGplIHZ5ZGFuIGpha28gS3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0" +
+    "IHYgc291bGFkdSBzZSB6YWtvbmVtIDIyNy8yMDAwIFNiLjAYBggrBgEFBQcBAwQM" +
+    "MAowCAYGBACORgEBMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOCAQEA" +
+    "v2V+nnYYMIgabmmgHx49CtlZIHdGS3TuWKXw130xFhbXDnNhEbx3alaskNsvjQQR" +
+    "Lqs1ZwKy58yynse+eJYHqenmHDACpAfVpCF9PXC/mDarVsoQw7NTcUpsAFhSd/zT" +
+    "v9jIf3twECyxx/RVzONVcob7nPePESHiKoG4FbtcuUh0wSHvCmTwRIQqPDCIuHcF" +
+    "StSt3Jr9iXcbXEhe4mSccOZ8N+r7Rv3ncKcevlRl7uFfDKDTyd43SZeRS/7J8KRf" +
+    "hD/h2nawrCFwc5gJW10aLJGFL/mcS7ViAIT9HCVk23j4TuBjsVmnZ0VKxB5edux+" +
+    "LIEqtU428UVHZWU/I5ngLw==");
+
+  equal(cert.nickname, "(no nickname)",
+        "Actual and expected nickname should match");
+  equal(cert.emailAddress, "ludek.rasek@centrum.cz",
+        "Actual and expected emailAddress should match");
+  equal(cert.subjectName, "serialNumber=ICA - 10003769,SN=Rašek,name=Luděk Rašek,initials=LR,givenName=Luděk,E=ludek.rasek@centrum.cz,L=\"Pacov, Nádražní 769\",ST=Vysočina,CN=Luděk Rašek,C=CZ",
+        "Actual and expected subjectName should match");
+  equal(cert.commonName, "Luděk Rašek",
+        "Actual and expected commonName should match");
+  equal(cert.organization, "",
+        "Actual and expected organization should match");
+  equal(cert.organizationalUnit, "",
+        "Actual and expected organizationalUnit should match");
+  equal(cert.windowTitle, "Luděk Rašek",
+        "Actual and expected windowTitle should match");
+  equal(cert.issuerName, "OU=Akreditovaný poskytovatel certifikačních služeb,O=První certifikační autorita a.s.,L=\"Podvinný mlýn 2178/6, 190 00 Praha 9\",C=CZ,CN=I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM",
+        "Actual and expected issuerName should match");
+  equal(cert.issuerCommonName, "I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM",
+        "Actual and expected issuerCommonName should match");
+  equal(cert.issuerOrganization, "První certifikační autorita a.s.",
+        "Actual and expected issuerOrganization should match");
+  equal(cert.issuerOrganizationUnit, "Akreditovaný poskytovatel certifikačních služeb",
+        "Actual and expected issuerOrganizationUnit should match");
+}
diff --git a/security/manager/ssl/tests/unit/test_nss_shutdown.js b/security/manager/ssl/tests/unit/test_nss_shutdown.js
new file mode 100644
index 000000000..0c467cbd4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nss_shutdown.js
@@ -0,0 +1,44 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test attempts to ensure that PSM doesn't deadlock or crash when shutting
+// down NSS while a background thread is attempting to use NSS.
+// Uses test_signed_apps/valid_app_1.zip from test_signed_apps.js.
+
+function startAsyncNSSOperation(certdb, appFile) {
+  return new Promise((resolve, reject) => {
+    certdb.openSignedAppFileAsync(Ci.nsIX509CertDB.AppXPCShellRoot, appFile,
+      function(rv, aZipReader, aSignerCert) {
+        // rv will either indicate success (if NSS hasn't been shut down yet) or
+        // it will be some error code that varies depending on when NSS got shut
+        // down. As such, there's nothing really to check here. Just resolve the
+        // promise to continue execution.
+        resolve();
+      });
+  });
+}
+
+add_task(function* () {
+  do_get_profile();
+  let psm = Cc["@mozilla.org/psm;1"]
+              .getService(Ci.nsISupports)
+              .QueryInterface(Ci.nsIObserver);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  let appFile = do_get_file("test_signed_apps/valid_app_1.zip");
+
+  let promises = [];
+  for (let i = 0; i < 25; i++) {
+    promises.push(startAsyncNSSOperation(certdb, appFile));
+  }
+  // Trick PSM into thinking it should shut down NSS. If this test doesn't
+  // hang or crash, we're good.
+  psm.observe(null, "profile-before-change", null);
+  for (let i = 0; i < 25; i++) {
+    promises.push(startAsyncNSSOperation(certdb, appFile));
+  }
+  yield Promise.all(promises);
+});
diff --git a/security/manager/ssl/tests/unit/test_ocsp_caching.js b/security/manager/ssl/tests/unit/test_ocsp_caching.js
new file mode 100644
index 000000000..d0897fccd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_caching.js
@@ -0,0 +1,299 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks various aspects of the OCSP cache, mainly to to ensure we do not fetch
+// responses more than necessary.
+
+var gFetchCount = 0;
+var gGoodOCSPResponse = null;
+var gResponsePattern = [];
+var gMessage = "";
+
+function respondWithGoodOCSP(request, response) {
+  do_print("returning 200 OK");
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/ocsp-response");
+  response.write(gGoodOCSPResponse);
+}
+
+function respondWithSHA1OCSP(request, response) {
+  do_print("returning 200 OK with sha-1 delegated response");
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/ocsp-response");
+
+  let args = [ ["good-delegated", "default-ee", "delegatedSHA1Signer" ] ];
+  let responses = generateOCSPResponses(args, "ocsp_certs");
+  response.write(responses[0]);
+}
+
+function respondWithError(request, response) {
+  do_print("returning 500 Internal Server Error");
+  response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  let body = "Refusing to return a response";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function generateGoodOCSPResponse() {
+  let args = [ ["good", "default-ee", "unused" ] ];
+  let responses = generateOCSPResponses(args, "ocsp_certs");
+  return responses[0];
+}
+
+function add_ocsp_test(aHost, aExpectedResult, aResponses, aMessage,
+                       aOriginAttributes) {
+  add_connection_test(aHost, aExpectedResult,
+      function() {
+        clearSessionCache();
+        gFetchCount = 0;
+        gResponsePattern = aResponses;
+        gMessage = aMessage;
+      },
+      function() {
+        // check the number of requests matches the size of aResponses
+        equal(gFetchCount, aResponses.length,
+              "should have made " + aResponses.length +
+              " OCSP request" + (aResponses.length == 1 ? "" : "s"));
+      }, null, aOriginAttributes);
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4);
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function(request, response) {
+
+    do_print("gFetchCount: " + gFetchCount);
+    let responseFunction = gResponsePattern[gFetchCount];
+    Assert.notEqual(undefined, responseFunction);
+
+    ++gFetchCount;
+    responseFunction(request, response);
+  });
+  ocspResponder.start(8888);
+
+  add_tests();
+
+  add_test(function() { ocspResponder.stop(run_next_test); });
+  run_next_test();
+}
+
+function add_tests() {
+  // Test that verifying a certificate with a "short lifetime" doesn't result
+  // in OCSP fetching. Due to longevity requirements in our testing
+  // infrastructure, the certificate we encounter is valid for a very long
+  // time, so we have to define a "short lifetime" as something very long.
+  add_test(function() {
+    Services.prefs.setIntPref("security.pki.cert_short_lifetime_in_days",
+                              12000);
+    run_next_test();
+  });
+
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [],
+                "expected zero OCSP requests for a short-lived certificate");
+
+  add_test(function() {
+    Services.prefs.setIntPref("security.pki.cert_short_lifetime_in_days", 100);
+    run_next_test();
+  });
+
+  // If a "short lifetime" is something more reasonable, ensure that we do OCSP
+  // fetching for this long-lived certificate.
+
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithError],
+                "expected one OCSP request for a long-lived certificate");
+  add_test(function() {
+    Services.prefs.clearUserPref("security.pki.cert_short_lifetime_in_days");
+    run_next_test();
+  });
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+
+  // This test assumes that OCSPStaplingServer uses the same cert for
+  // ocsp-stapling-unknown.example.com and ocsp-stapling-none.example.com.
+
+  // Get an Unknown response for the *.example.com cert and put it in the
+  // OCSP cache.
+  add_ocsp_test("ocsp-stapling-unknown.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT, [],
+                "Stapled Unknown response -> a fetch should not have been" +
+                " attempted");
+
+  // A failure to retrieve an OCSP response must result in the cached Unknown
+  // response being recognized and honored.
+  add_ocsp_test("ocsp-stapling-none.example.com", SEC_ERROR_OCSP_UNKNOWN_CERT,
+                [
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                ],
+                "No stapled response -> a fetch should have been attempted");
+
+  // A valid Good response from the OCSP responder must override the cached
+  // Unknown response.
+  //
+  // Note that We need to make sure that the Unknown response and the Good
+  // response have different thisUpdate timestamps; otherwise, the Good
+  // response will be seen as "not newer" and it won't replace the existing
+  // entry.
+  add_test(function() {
+    let duration = 1200;
+    do_print("Sleeping for " + duration + "ms");
+    let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
+    timer.initWithCallback(run_next_test, duration, Ci.nsITimer.TYPE_ONE_SHOT);
+  });
+  add_test(function() {
+    gGoodOCSPResponse = generateGoodOCSPResponse();
+    run_next_test();
+  });
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithGoodOCSP],
+                "Cached Unknown response, no stapled response -> a fetch" +
+                " should have been attempted");
+
+  // The Good response retrieved from the previous fetch must have replaced
+  // the Unknown response in the cache, resulting in the catched Good response
+  // being returned and no fetch.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [],
+                "Cached Good response -> a fetch should not have been" +
+                " attempted");
+
+
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+
+  // A failure to retrieve an OCSP response will result in an error entry being
+  // added to the cache.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithError],
+                "No stapled response -> a fetch should have been attempted");
+
+  // The error entry will prevent a fetch from happening for a while.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [],
+                "Noted OCSP server failure -> a fetch should not have been" +
+                " attempted");
+
+  // The error entry must not prevent a stapled OCSP response from being
+  // honored.
+  add_ocsp_test("ocsp-stapling-revoked.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, [],
+                "Stapled Revoked response -> a fetch should not have been" +
+                " attempted");
+
+  //---------------------------------------------------------------------------
+
+  // Ensure OCSP responses from signers with SHA1 certificates are OK. This
+  // is included in the OCSP caching tests since there were OCSP cache-related
+  // regressions when sha-1 telemetry probes were added.
+  add_test(function() {
+    clearOCSPCache();
+    // set security.OCSP.require so that checking the OCSP signature fails
+    Services.prefs.setBoolPref("security.OCSP.require", true);
+    run_next_test();
+  });
+
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithSHA1OCSP],
+                "signing cert is good (though sha1) - should succeed");
+
+  add_test(function() {
+    Services.prefs.setBoolPref("security.OCSP.require", false);
+    run_next_test();
+  });
+
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+
+  // This test makes sure that OCSP cache are isolated by firstPartyDomain.
+
+  let gObservedCnt = 0;
+  let protocolProxyService = Cc["@mozilla.org/network/protocol-proxy-service;1"]
+                               .getService(Ci.nsIProtocolProxyService);
+
+  // Observe all channels and make sure the firstPartyDomain in their loadInfo's
+  // origin attributes are aFirstPartyDomain.
+  function startObservingChannels(aFirstPartyDomain) {
+    // We use a dummy proxy filter to catch all channels, even those that do not
+    // generate an "http-on-modify-request" notification.
+    let proxyFilter = {
+      applyFilter: function (aProxyService, aChannel, aProxy) {
+        // We have the channel; provide it to the callback.
+        if (aChannel.originalURI.spec == "http://localhost:8888/") {
+          gObservedCnt++;
+          equal(aChannel.loadInfo.originAttributes.firstPartyDomain,
+                aFirstPartyDomain, "firstPartyDomain should match");
+        }
+        // Pass on aProxy unmodified.
+        return aProxy;
+      }
+    };
+    protocolProxyService.registerChannelFilter(proxyFilter, 0);
+    // Return the stop() function:
+    return () => protocolProxyService.unregisterChannelFilter(proxyFilter);
+  }
+
+  let stopObservingChannels;
+  add_test(function() {
+    stopObservingChannels = startObservingChannels("foo.com");
+    run_next_test();
+  });
+
+  // A good OCSP response will be cached.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithGoodOCSP],
+                "No stapled response (firstPartyDomain = foo.com) -> a fetch " +
+                "should have been attempted", { firstPartyDomain: "foo.com" });
+
+  // The cache will prevent a fetch from happening.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [],
+                "Noted OCSP server failure (firstPartyDomain = foo.com) -> a " +
+                "fetch should not have been attempted",
+                { firstPartyDomain: "foo.com" });
+
+  add_test(function() {
+    stopObservingChannels();
+    equal(gObservedCnt, 1, "should have observed only 1 OCSP requests");
+    gObservedCnt = 0;
+    run_next_test();
+  });
+
+  add_test(function() {
+    stopObservingChannels = startObservingChannels("bar.com");
+    run_next_test();
+  });
+
+  // But using a different firstPartyDomain should result in a fetch.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithGoodOCSP],
+                "No stapled response (firstPartyDomain = bar.com) -> a fetch " +
+                "should have been attempted", { firstPartyDomain: "bar.com" });
+
+  add_test(function() {
+    stopObservingChannels();
+    equal(gObservedCnt, 1, "should have observed only 1 OCSP requests");
+    gObservedCnt = 0;
+    run_next_test();
+  });
+
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
new file mode 100644
index 000000000..ba648b9e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
@@ -0,0 +1,141 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Checks that the security.OCSP.enabled pref correctly controls OCSP fetching
+// behavior.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_ev_certs/${filename}.pem`);
+}
+
+function loadCert(certName, trustString) {
+  addCertFromFile(gCertDB, `test_ev_certs/${certName}.pem`, trustString);
+}
+
+function getFailingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+function getOCSPResponder(expectedCertNames) {
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_ev_certs",
+                            expectedCertNames, []);
+}
+
+// Tests that in ocspOff mode, OCSP fetches are never done.
+function testOff() {
+  add_test(() => {
+    Services.prefs.setIntPref("security.OCSP.enabled", 0);
+    do_print("Setting security.OCSP.enabled to 0");
+    run_next_test();
+  });
+
+  // EV chains should verify successfully but never get EV status.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getFailingOCSPResponder();
+    checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer,
+                  false);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // A DV chain should verify successfully.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getFailingOCSPResponder();
+    checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"),
+                          PRErrorCodeSuccess, certificateUsageSSLServer);
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+// Tests that in ocspOn mode, OCSP fetches are done for both EV and DV certs.
+function testOn() {
+  add_test(() => {
+    Services.prefs.setIntPref("security.OCSP.enabled", 1);
+    do_print("Setting security.OCSP.enabled to 1");
+    run_next_test();
+  });
+
+  // If a successful OCSP response is fetched, then an EV chain should verify
+  // successfully and get EV status as well.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder =
+      getOCSPResponder(gEVExpected ? ["test-oid-path-int", "test-oid-path-ee"]
+                                   : ["test-oid-path-ee"]);
+    checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer,
+                  gEVExpected);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // If a successful OCSP response is fetched, then a DV chain should verify
+  // successfully.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getOCSPResponder(["non-ev-root-path-ee"]);
+    checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"),
+                          PRErrorCodeSuccess, certificateUsageSSLServer);
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+// Tests that in ocspEVOnly mode, OCSP fetches are done for EV certs only.
+function testEVOnly() {
+  add_test(() => {
+    Services.prefs.setIntPref("security.OCSP.enabled", 2);
+    do_print("Setting security.OCSP.enabled to 2");
+    run_next_test();
+  });
+
+  // If a successful OCSP response is fetched, then an EV chain should verify
+  // successfully and get EV status as well.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = gEVExpected
+                      ? getOCSPResponder(["test-oid-path-int", "test-oid-path-ee"])
+                      : getFailingOCSPResponder();
+    checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer,
+                  gEVExpected);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // A DV chain should verify successfully even without doing OCSP fetches.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getFailingOCSPResponder();
+    checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"),
+                          PRErrorCodeSuccess, certificateUsageSSLServer);
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+function run_test() {
+  do_register_cleanup(() => {
+    Services.prefs.clearUserPref("network.dns.localDomains");
+    Services.prefs.clearUserPref("security.OCSP.enabled");
+    Services.prefs.clearUserPref("security.OCSP.require");
+  });
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  // Enable hard fail to ensure chains that should only succeed because they get
+  // a good OCSP response do not succeed due to soft fail leniency.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  loadCert("evroot", "CTu,,");
+  loadCert("test-oid-path-int", ",,");
+  loadCert("non-evroot-ca", "CTu,,");
+  loadCert("non-ev-root-path-int", ",,");
+
+  testOff();
+  testOn();
+  testEVOnly();
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
new file mode 100644
index 000000000..de89a4131
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
@@ -0,0 +1,59 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// In which we try to validate several ocsp responses, checking in particular
+// that we use the specified method for fetching ocsp. We also check what
+// POST fallback when an invalid GET response is received.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function start_ocsp_responder(expectedCertNames, expectedPaths,
+                              expectedMethods) {
+  return startOCSPResponder(SERVER_PORT, "www.example.com",
+                            "test_ocsp_fetch_method", expectedCertNames,
+                            expectedPaths, expectedMethods);
+}
+
+function check_cert_err(cert_name, expected_error) {
+  let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
+  return checkCertErrorGeneric(certdb, cert, expected_error,
+                               certificateUsageSSLServer);
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_ocsp_fetch_method/ca.pem", 'CTu,CTu,CTu');
+  addCertFromFile(certdb, "test_ocsp_fetch_method/int.pem", ',,');
+
+  // Enabled so that we can force ocsp failure responses.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  Services.prefs.setCharPref("network.dns.localDomains",
+                             "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  add_test(function() {
+    clearOCSPCache();
+    Services.prefs.setBoolPref("security.OCSP.GET.enabled", false);
+    let ocspResponder = start_ocsp_responder(["a"], [], ["POST"]);
+    check_cert_err("a", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    Services.prefs.setBoolPref("security.OCSP.GET.enabled", true);
+    let ocspResponder = start_ocsp_responder(["a"], [], ["GET"]);
+    check_cert_err("a", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem
new file mode 100644
index 000000000..67961e695
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUG4s0As2WcZndVBOEXzU8uA26EUIwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAMMQowCAYDVQQDDAFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozwwOjA4BggrBgEFBQcBAQQsMCowKAYI
+KwYBBQUHMAGGHGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC8wCwYJKoZIhvcN
+AQELA4IBAQAbh10OV6scfCpc71hMzfOhmxFlicFVlqWr9saGAg6renUfoq/ZDsDK
+F+gQOMyv4gtO0nAoXJ206ONNJZwAEFAusNFlfjk/sxKvmDwkGWwi/lSCtwk41loG
+UNH4YV2Y6IDLIuzvHzQgkhRJZ98nQhyPiBSZy5LoqGIi1+zTQkhYtB9yR0hwoFey
+JVTso2OwSwasZixBQ0NZ9WGOSupihYBJJI4BQyOwf75u2WWqTP4Yj59eZTEOIoP0
+u+5fG+mUKOrxVuZoEh6zse49IpuaOok0dW+o3soEVQqos/GuOL/sYhARfwCQT1MW
+kBdICJFXSTDPuXoOk58Y2QwUtsYq3Ifb
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec
new file mode 100644
index 000000000..d3a3f86ef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:a
+extension:authorityInformationAccess:http://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem
new file mode 100644
index 000000000..fd60e5fe2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn
+4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g
+krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh
++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO
+MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh
+++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec
new file mode 100644
index 000000000..ebb4c376d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build
new file mode 100644
index 000000000..c7a62b6f2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build
@@ -0,0 +1,22 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'a.pem',
+#    'ca.pem',
+#    'int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'int.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_ocsp_must_staple.js b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
new file mode 100644
index 000000000..24b32d6bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
@@ -0,0 +1,116 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests OCSP Must Staple handling by connecting to various domains (as faked by
+// a server running locally) that correspond to combinations of whether the
+// extension is present in intermediate and end-entity certificates.
+
+var gExpectOCSPRequest;
+
+function add_ocsp_test(aHost, aExpectedResult, aStaplingEnabled) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      gExpectOCSPRequest = !aStaplingEnabled;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling",
+                                 aStaplingEnabled);
+    });
+}
+
+function add_tests() {
+  // ensure that the chain is checked for required features in children:
+  // First a case where intermediate and ee both have the extension
+  add_ocsp_test("ocsp-stapling-must-staple-ee-with-must-staple-int.example.com",
+                PRErrorCodeSuccess, true);
+
+  add_test(() => {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1);
+    Services.prefs.setBoolPref("security.cert_pinning.process_headers_from_non_builtin_roots", true);
+    let uri = Services.io.newURI("https://ocsp-stapling-must-staple-ee-with-must-staple-int.example.com",
+                                 null, null);
+    let keyHash = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+    let backupKeyHash = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN=";
+    let header = `max-age=1000; pin-sha256="${keyHash}"; pin-sha256="${backupKeyHash}"`;
+    let ssservice = Cc["@mozilla.org/ssservice;1"]
+                      .getService(Ci.nsISiteSecurityService);
+    let sslStatus = new FakeSSLStatus();
+    sslStatus.serverCert = constructCertFromFile("ocsp_certs/must-staple-ee-with-must-staple-int.pem");
+    ssservice.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, header, sslStatus, 0);
+    ok(ssservice.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
+       "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com should have HPKP set");
+
+    // Clear accumulated state.
+    ssservice.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
+    Services.prefs.clearUserPref("security.cert_pinning.process_headers_from_non_builtin_roots");
+    Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
+    run_next_test();
+  });
+
+  // Next, a case where it's present in the intermediate, not the ee
+  add_ocsp_test("ocsp-stapling-plain-ee-with-must-staple-int.example.com",
+                MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, true);
+
+  // We disable OCSP stapling in the next two tests so we can perform checks
+  // on TLS Features in the chain without needing to support the TLS
+  // extension values used.
+  // Test an issuer with multiple TLS features in matched in the EE
+  add_ocsp_test("multi-tls-feature-good.example.com",
+                PRErrorCodeSuccess, false);
+
+  // Finally, an issuer with multiple TLS features not matched by the EE.
+  add_ocsp_test("multi-tls-feature-bad.example.com",
+                MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, false);
+
+  // Now a bunch of operations with only a must-staple ee
+  add_ocsp_test("ocsp-stapling-must-staple.example.com",
+                PRErrorCodeSuccess, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-revoked.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-missing.example.com",
+                MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-empty.example.com",
+                SEC_ERROR_OCSP_MALFORMED_RESPONSE, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-missing.example.com",
+                PRErrorCodeSuccess, false);
+
+  // check that disabling must-staple works
+  add_test(function() {
+    clearSessionCache();
+    Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", false);
+    run_next_test();
+  });
+
+  add_ocsp_test("ocsp-stapling-must-staple-missing.example.com",
+                PRErrorCodeSuccess, true);
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", true);
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    ok(gExpectOCSPRequest,
+       "Should be getting an OCSP request only when expected");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
new file mode 100644
index 000000000..62ff1ba25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
@@ -0,0 +1,54 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Test that if an OCSP request is made to a domain that (erroneously)
+// has HSTS status, the request is not upgraded from HTTP to HTTPS.
+
+function run_test() {
+  do_get_profile();
+  // OCSP required means this test will only pass if the request succeeds.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  // We don't actually make use of stapling in this test. This is just how we
+  // get a TLS connection.
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let args = [["good", "default-ee", "unused"]];
+  let ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+  let goodOCSPResponse = ocspResponses[0];
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "application/ocsp-response");
+    response.write(goodOCSPResponse);
+  });
+  ocspResponder.start(8888);
+
+  // ocsp-stapling-none.example.com does not staple an OCSP response in the
+  // handshake, so the revocation checking code will attempt to fetch one.
+  // Since the domain of the certificate's OCSP AIA URI is an HSTS host
+  // (as added in the setup of this test, below), a buggy implementation would
+  // upgrade the OCSP request to HTTPS. We specifically prevent this. This
+  // test demonstrates that our implementation is correct in this regard.
+  add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess);
+  add_test(function () { run_next_test(); });
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  let uri = Services.io.newURI("http://localhost", null, null);
+  let sslStatus = new FakeSSLStatus();
+  SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                          "max-age=10000", sslStatus, 0);
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "localhost", 0),
+     "Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" +
+     " we wouldn't be testing what we think we're testing");
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_required.js b/security/manager/ssl/tests/unit/test_ocsp_required.js
new file mode 100644
index 000000000..81b8677bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_required.js
@@ -0,0 +1,55 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a domain (as faked by a server running locally)
+// and start up an OCSP responder (also basically faked) that gives a
+// response with a bad signature. With security.OCSP.require set to true,
+// this should fail (but it also shouldn't cause assertion failures).
+
+var gOCSPRequestCount = 0;
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  // We don't actually make use of stapling in this test. This is just how we
+  // get a TLS connection.
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let args = [["bad-signature", "default-ee", "unused"]];
+  let ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+  let ocspResponseBadSignature = ocspResponses[0];
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "application/ocsp-response");
+    response.write(ocspResponseBadSignature);
+    gOCSPRequestCount++;
+  });
+  ocspResponder.start(8888);
+
+  add_tests();
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+
+  run_next_test();
+}
+
+function add_tests()
+{
+  add_connection_test("ocsp-stapling-none.example.com",
+                      SEC_ERROR_OCSP_BAD_SIGNATURE);
+  add_connection_test("ocsp-stapling-none.example.com",
+                      SEC_ERROR_OCSP_BAD_SIGNATURE);
+  add_test(function () {
+    equal(gOCSPRequestCount, 1,
+          "OCSP request count should be 1 due to OCSP response caching");
+    gOCSPRequestCount = 0;
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling.js b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
new file mode 100644
index 000000000..36c8aeaaf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
@@ -0,0 +1,209 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a number of domains (as faked by a server running
+// locally) with and without OCSP stapling enabled to determine that good
+// things happen and bad things don't.
+
+var gExpectOCSPRequest;
+
+function add_ocsp_test(aHost, aExpectedResult, aStaplingEnabled) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      gExpectOCSPRequest = !aStaplingEnabled;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling",
+                                 aStaplingEnabled);
+    });
+}
+
+function add_tests() {
+  // In the absence of OCSP stapling, these should actually all work.
+  add_ocsp_test("ocsp-stapling-good.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-revoked.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-malformed.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-srverr.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-trylater.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-needssig.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-unauthorized.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-unknown.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-good-other.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-none.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-skip-responseBytes.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-critical-extension.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-noncritical-extension.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-empty-extensions.example.com",
+                PRErrorCodeSuccess, false);
+
+  // Now test OCSP stapling
+  // The following error codes are defined in security/nss/lib/util/SECerrs.h
+
+  add_ocsp_test("ocsp-stapling-good.example.com", PRErrorCodeSuccess, true);
+
+  add_ocsp_test("ocsp-stapling-revoked.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, true);
+
+  // SEC_ERROR_OCSP_INVALID_SIGNING_CERT vs SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
+  // depends on whether the CA that signed the response is a trusted CA
+  // (but only with the classic implementation - mozilla::pkix always
+  // results in the error SEC_ERROR_OCSP_INVALID_SIGNING_CERT).
+
+  // This stapled response is from a CA that is untrusted and did not issue
+  // the server's certificate.
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+  let otherTestCA = constructCertFromFile("ocsp_certs/other-test-ca.pem");
+  add_test(function() {
+    certDB.setCertTrust(otherTestCA, Ci.nsIX509Cert.CA_CERT,
+                        Ci.nsIX509CertDB.UNTRUSTED);
+    run_next_test();
+  });
+  add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  // The stapled response is from a CA that is trusted but did not issue the
+  // server's certificate.
+  add_test(function() {
+    certDB.setCertTrust(otherTestCA, Ci.nsIX509Cert.CA_CERT,
+                        Ci.nsIX509CertDB.TRUSTED_SSL);
+    run_next_test();
+  });
+  // TODO(bug 979055): When using ByName instead of ByKey, the error here is
+  // SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE. We should be testing both cases.
+  add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  // TODO: Test the case where the signing cert can't be found at all, which
+  // will result in SEC_ERROR_BAD_DATABASE in the NSS classic case.
+
+  add_ocsp_test("ocsp-stapling-malformed.example.com",
+                SEC_ERROR_OCSP_MALFORMED_REQUEST, true);
+  add_ocsp_test("ocsp-stapling-srverr.example.com",
+                SEC_ERROR_OCSP_SERVER_ERROR, true);
+  add_ocsp_test("ocsp-stapling-trylater.example.com",
+                SEC_ERROR_OCSP_TRY_SERVER_LATER, true);
+  add_ocsp_test("ocsp-stapling-needssig.example.com",
+                SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, true);
+  add_ocsp_test("ocsp-stapling-unauthorized.example.com",
+                SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, true);
+  add_ocsp_test("ocsp-stapling-unknown.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT, true);
+  add_ocsp_test("ocsp-stapling-good-other.example.com",
+                MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING, true);
+  // If the server doesn't staple an OCSP response, we continue as normal
+  // (this means that even though stapling is enabled, we expect an OCSP
+  // request).
+  add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+    function() {
+      gExpectOCSPRequest = true;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+    }
+  );
+  add_ocsp_test("ocsp-stapling-empty.example.com",
+                SEC_ERROR_OCSP_MALFORMED_RESPONSE, true);
+
+  add_ocsp_test("ocsp-stapling-skip-responseBytes.example.com",
+                SEC_ERROR_OCSP_MALFORMED_RESPONSE, true);
+
+  add_ocsp_test("ocsp-stapling-critical-extension.example.com",
+                SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, true);
+  add_ocsp_test("ocsp-stapling-noncritical-extension.example.com",
+                PRErrorCodeSuccess, true);
+  // TODO(bug 997994): Disallow empty Extensions in responses
+  add_ocsp_test("ocsp-stapling-empty-extensions.example.com",
+                PRErrorCodeSuccess, true);
+
+  add_ocsp_test("ocsp-stapling-delegated-included.example.com",
+                PRErrorCodeSuccess, true);
+  add_ocsp_test("ocsp-stapling-delegated-included-last.example.com",
+                PRErrorCodeSuccess, true);
+  add_ocsp_test("ocsp-stapling-delegated-missing.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-missing-multiple.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-no-extKeyUsage.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-from-intermediate.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-keyUsage-crlSigning.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-wrong-extKeyUsage.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  // ocsp-stapling-expired.example.com and
+  // ocsp-stapling-expired-fresh-ca.example.com are handled in
+  // test_ocsp_stapling_expired.js
+
+  // Check that OCSP responder certificates with key sizes below 1024 bits are
+  // rejected, even when the main certificate chain keys are at least 1024 bits.
+  add_ocsp_test("keysize-ocsp-delegated.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  add_ocsp_test("revoked-ca-cert-used-as-end-entity.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, true);
+}
+
+function check_ocsp_stapling_telemetry() {
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
+                    .getHistogramById("SSL_OCSP_STAPLING")
+                    .snapshot();
+  equal(histogram.counts[0], 0,
+        "Should have 0 connections for unused histogram bucket 0");
+  equal(histogram.counts[1], 5,
+        "Actual and expected connections with a good response should match");
+  equal(histogram.counts[2], 18,
+        "Actual and expected connections with no stapled response should match");
+  equal(histogram.counts[3], 0,
+        "Actual and expected connections with an expired response should match");
+  equal(histogram.counts[4], 21,
+        "Actual and expected connections with bad responses should match");
+  run_next_test();
+}
+
+function run_test() {
+  do_get_profile();
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    ok(gExpectOCSPRequest,
+       "Should be getting an OCSP request only when expected");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(check_ocsp_stapling_telemetry);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
new file mode 100644
index 000000000..b49be85e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
@@ -0,0 +1,184 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a number of domains (as faked by a server running
+// locally) with OCSP stapling enabled to determine that good things happen
+// and bad things don't, specifically with respect to various expired OCSP
+// responses (stapled and otherwise).
+
+var gCurrentOCSPResponse = null;
+var gOCSPRequestCount = 0;
+
+function add_ocsp_test(aHost, aExpectedResult, aOCSPResponseToServe,
+                       aExpectedRequestCount) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      clearOCSPCache();
+      clearSessionCache();
+      gCurrentOCSPResponse = aOCSPResponseToServe;
+      gOCSPRequestCount = 0;
+    },
+    function() {
+      equal(gOCSPRequestCount, aExpectedRequestCount,
+            "Should have made " + aExpectedRequestCount +
+            " fallback OCSP request" + (aExpectedRequestCount == 1 ? "" : "s"));
+    });
+}
+
+do_get_profile();
+Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4);
+var args = [["good", "default-ee", "unused"],
+             ["expiredresponse", "default-ee", "unused"],
+             ["oldvalidperiod", "default-ee", "unused"],
+             ["revoked", "default-ee", "unused"],
+             ["unknown", "default-ee", "unused"],
+            ];
+var ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+// Fresh response, certificate is good.
+var ocspResponseGood = ocspResponses[0];
+// Expired response, certificate is good.
+var expiredOCSPResponseGood = ocspResponses[1];
+// Fresh signature, old validity period, certificate is good.
+var oldValidityPeriodOCSPResponseGood = ocspResponses[2];
+// Fresh signature, certificate is revoked.
+var ocspResponseRevoked = ocspResponses[3];
+// Fresh signature, certificate is unknown.
+var ocspResponseUnknown = ocspResponses[4];
+
+// sometimes we expect a result without re-fetch
+var willNotRetry = 1;
+// but sometimes, since a bad response is in the cache, OCSP fetch will be
+// attempted for each validation - in practice, for these test certs, this
+// means 6 requests because various hash algorithm and key size combinations
+// are tried.
+var willRetry = 6;
+
+function run_test() {
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function(request, response) {
+    if (gCurrentOCSPResponse) {
+      response.setStatusLine(request.httpVersion, 200, "OK");
+      response.setHeader("Content-Type", "application/ocsp-response");
+      response.write(gCurrentOCSPResponse);
+    } else {
+      response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+      response.write("Internal Server Error");
+    }
+    gOCSPRequestCount++;
+  });
+  ocspResponder.start(8888);
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  // In these tests, the OCSP stapling server gives us a stapled
+  // response based on the host name ("ocsp-stapling-expired" or
+  // "ocsp-stapling-expired-fresh-ca"). We then ensure that we're
+  // properly falling back to fetching revocation information.
+  // For ocsp-stapling-expired.example.com, the OCSP stapling server
+  // staples an expired OCSP response. The certificate has not expired.
+  // For ocsp-stapling-expired-fresh-ca.example.com, the OCSP stapling
+  // server staples an OCSP response with a recent signature but with an
+  // out-of-date validity period. The certificate has not expired.
+  add_ocsp_test("ocsp-stapling-expired.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  // if we can't fetch a more recent response when
+  // given an expired stapled response, we terminate the connection.
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                expiredOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                expiredOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                oldValidityPeriodOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                oldValidityPeriodOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                null, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                null, willNotRetry);
+  // Of course, if the newer response indicates Revoked or Unknown,
+  // that status must be returned.
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                ocspResponseRevoked, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                ocspResponseRevoked, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                ocspResponseUnknown, willRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                ocspResponseUnknown, willRetry);
+
+  // If the response is expired but indicates Revoked or Unknown and a
+  // newer status can't be fetched, the Revoked or Unknown status will
+  // be returned.
+  add_ocsp_test("ocsp-stapling-revoked-old.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                null, willNotRetry);
+  add_ocsp_test("ocsp-stapling-unknown-old.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                null, willNotRetry);
+  // If the response is expired but indicates Revoked or Unknown and
+  // a newer status can be fetched and successfully verified, this
+  // should result in a successful certificate verification.
+  add_ocsp_test("ocsp-stapling-revoked-old.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  add_ocsp_test("ocsp-stapling-unknown-old.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  // If a newer status can be fetched but it fails to verify, the
+  // Revoked or Unknown status of the expired stapled response
+  // should be returned.
+  add_ocsp_test("ocsp-stapling-revoked-old.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                expiredOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-unknown-old.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                expiredOCSPResponseGood, willRetry);
+
+  // These tests are verifying that an valid but very old response
+  // is rejected as a valid stapled response, requiring a fetch
+  // from the ocsp responder.
+  add_ocsp_test("ocsp-stapling-ancient-valid.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  add_ocsp_test("ocsp-stapling-ancient-valid.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                ocspResponseRevoked, willNotRetry);
+  add_ocsp_test("ocsp-stapling-ancient-valid.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                ocspResponseUnknown, willRetry);
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+  add_test(check_ocsp_stapling_telemetry);
+  run_next_test();
+}
+
+function check_ocsp_stapling_telemetry() {
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
+                    .getHistogramById("SSL_OCSP_STAPLING")
+                    .snapshot();
+  equal(histogram.counts[0], 0,
+        "Should have 0 connections for unused histogram bucket 0");
+  equal(histogram.counts[1], 0,
+        "Actual and expected connections with a good response should match");
+  equal(histogram.counts[2], 0,
+        "Actual and expected connections with no stapled response should match");
+  equal(histogram.counts[3], 21,
+        "Actual and expected connections with an expired response should match");
+  equal(histogram.counts[4], 0,
+        "Actual and expected connections with bad responses should match");
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
new file mode 100644
index 000000000..21676f1d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
@@ -0,0 +1,45 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a server that staples an OCSP response for a
+// certificate signed by an intermediate that has an OCSP AIA to ensure
+// that an OCSP request is not made for the intermediate.
+
+var gOCSPRequestCount = 0;
+
+function add_ocsp_test(aHost, aExpectedResult) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      clearOCSPCache();
+      clearSessionCache();
+    });
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function(request, response) {
+    gOCSPRequestCount++;
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    let body = "Refusing to return a response";
+    response.bodyOutputStream.write(body, body.length);
+  });
+  ocspResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_ocsp_test("ocsp-stapling-with-intermediate.example.com",
+                PRErrorCodeSuccess);
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+  add_test(function() {
+    equal(gOCSPRequestCount, 0, "No OCSP requests should have been made");
+    run_next_test();
+  });
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_timeout.js b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
new file mode 100644
index 000000000..1c4803371
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
@@ -0,0 +1,88 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// This test connects to ocsp-stapling-none.example.com to test that OCSP
+// requests are cancelled if they're taking too long.
+// ocsp-stapling-none.example.com doesn't staple an OCSP response, so
+// connecting to it will cause a request to the OCSP responder. As with all of
+// these tests, the OCSP AIA (i.e. the url of the responder) in the certificate
+// is http://localhost:8888. Since this test opens a TCP socket listening on
+// port 8888 that just accepts connections and then ignores them (with
+// connect/read/write timeouts of 30 seconds), the OCSP requests should cancel
+// themselves. When OCSP hard-fail is enabled, connections will be terminated.
+// Otherwise, they will succeed.
+
+var gSocketListener = {
+  onSocketAccepted: function(serverSocket, socketTransport) {
+    socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_CONNECT, 30);
+    socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, 30);
+  },
+
+  onStopListening: function(serverSocket, status) {}
+};
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let socket = Cc["@mozilla.org/network/server-socket;1"]
+                 .createInstance(Ci.nsIServerSocket);
+  socket.init(8888, true, -1);
+  socket.asyncListen(gSocketListener);
+
+  add_tests_in_mode(true);
+  add_tests_in_mode(false);
+
+  add_test(function() { socket.close(); run_next_test(); });
+  run_next_test();
+}
+
+function add_tests_in_mode(useHardFail) {
+  let startTime;
+  add_test(function () {
+    Services.prefs.setBoolPref("security.OCSP.require", useHardFail);
+    startTime = new Date();
+    run_next_test();
+  });
+
+  add_connection_test("ocsp-stapling-none.example.com", useHardFail
+                      ? SEC_ERROR_OCSP_SERVER_ERROR
+                      : PRErrorCodeSuccess, clearSessionCache);
+
+  // Reset state
+  add_test(function() {
+    let endTime = new Date();
+    let timeDifference = endTime - startTime;
+    do_print(`useHardFail = ${useHardFail}`);
+    do_print(`startTime = ${startTime.getTime()} (${startTime})`);
+    do_print(`endTime = ${endTime.getTime()} (${endTime})`);
+    do_print(`timeDifference = ${timeDifference}ms`);
+
+    // With OCSP hard-fail on, we timeout after 10 seconds.
+    // With OCSP soft-fail, we timeout after 2 seconds.
+    // Date() is not guaranteed to be monotonic, so add extra fuzz time to
+    // prevent intermittent failures (this only appeared to be a problem on
+    // Windows XP). See Bug 1121117.
+    const FUZZ_MS = 300;
+    if (useHardFail) {
+      ok(timeDifference + FUZZ_MS > 10000,
+         "Automatic OCSP timeout should be about 10s for hard-fail");
+    } else {
+      ok(timeDifference + FUZZ_MS > 2000,
+         "Automatic OCSP timeout should be about 2s for soft-fail");
+    }
+    // Make sure we didn't wait too long.
+    // (Unfortunately, we probably can't have a tight upper bound on
+    // how long is too long for this test, because we might be running
+    // on slow hardware.)
+    ok(timeDifference < 60000,
+       "Automatic OCSP timeout shouldn't be more than 60s");
+    clearOCSPCache();
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url.js b/security/manager/ssl/tests/unit/test_ocsp_url.js
new file mode 100644
index 000000000..799c934d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url.js
@@ -0,0 +1,137 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// In which we try to validate several ocsp responses, checking in particular
+// if the ocsp url is valid and the path expressed is correctly passed to
+// the caller.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function failingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+function start_ocsp_responder(expectedCertNames, expectedPaths) {
+  return startOCSPResponder(SERVER_PORT, "www.example.com",
+                            "test_ocsp_url", expectedCertNames, expectedPaths);
+}
+
+function check_cert_err(cert_name, expected_error) {
+  let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem");
+  return checkCertErrorGeneric(certdb, cert, expected_error,
+                               certificateUsageSSLServer);
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_ocsp_url/ca.pem", 'CTu,CTu,CTu');
+  addCertFromFile(certdb, "test_ocsp_url/int.pem", ',,');
+
+  // Enabled so that we can force ocsp failure responses.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  Services.prefs.setCharPref("network.dns.localDomains",
+                             "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  // Note: We don't test the case of a well-formed HTTP URL with an empty port
+  //       because the OCSP code would then send a request to port 80, which we
+  //       can't use in tests.
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("bad-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("empty-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("ftp-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("https-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = start_ocsp_responder(["hTTp-url"], ["hTTp-url"]);
+    check_cert_err("hTTp-url", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("negative-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    // XXX Bug 1013615 parser accepts ":8888" as hostname
+    check_cert_err("no-host-url", SEC_ERROR_OCSP_SERVER_ERROR);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = start_ocsp_responder(["no-path-url"], ['']);
+    check_cert_err("no-path-url", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("no-scheme-host-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("no-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("unknown-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // Note: We currently don't have anything that ensures user:pass sections
+  //       weren't sent. The following test simply checks that such sections
+  //       don't cause failures.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = start_ocsp_responder(["user-pass"], [""]);
+    check_cert_err("user-pass", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
new file mode 100644
index 000000000..861b9aafa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUCaJzhLV6+ZV0VKdbJAcMFrvd69gwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAVMRMwEQYDVQQDDApiYWQtc2NoZW1lMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozEwLzAtBggrBgEFBQcB
+AQQhMB8wHQYIKwYBBQUHMAGGES93d3cuZXhhbXBsZS5jb20vMAsGCSqGSIb3DQEB
+CwOCAQEAXYD4EqSv7TXWNlkAHZHg5LCCmbM9pRzAsw/tkYPAiW0OvWQsIfqQpQQG
+1e5A4ENvTtOmZbvLTsqjx4k6+mAFHUl/Q/FaelMAHYSGOLivbWeAAVKz6gB862Vy
+tP9+vkhT6KvefbylPNMXpa0vJME5n+CbA0NM2s0DRaE/rfADfYS8sh2rC0RaJ0yz
+aqy833FmHhMgwkzOICo/RJawd+9qBbksa5O+Dq1ybYMVKA3m4IkeIBup/5AHz30n
+hKX1oU/kO+/eDb9nr/lzEmRwBPP9w93rBdEE6210278nzfTj6qzIHYAqpxt60eqR
+BDL9i3piPxTmjj46SHBwQ29i5bcbuA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
new file mode 100644
index 000000000..12cc07279
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:bad-scheme
+extension:authorityInformationAccess:/www.example.com/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec
new file mode 100644
index 000000000..d809dbd63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem
new file mode 100644
index 000000000..94d4ba65e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdmgAwIBAgIUOTJ+sDQz8pANxE2LQvwLOgmcu/EwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAbMRkwFwYDVQQDDBBlbXB0eS1zY2hlbWUtdXJsMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozgwNjA0Bggr
+BgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGDovL3d3dy5leGFtcGxlLmNvbTo4ODg4
+LzALBgkqhkiG9w0BAQsDggEBAGVsX7ECTXpR66t/SCCb+ff6dAjsrc2FxrsToTav
+WNMumGFeVeBE/oTi2c1UNuWM1Lui1Dm6ZpK8Meau7r97ZtumhLF1T0Mqg9cr2ZPf
+WCGaaO/BS/bby4e9o2pxWkGcSD10vXjwZvEPVBB6JF6CW9vSV1bqutig08aNw7na
++73sRHgWbeXMDBbcbtbgR4F0CY5SCqkrPvclP89mC8Qn1yWjM0xuJLAcIaNupdzr
+H7RHiUVTmf6VIBjuOuSGpXGTpxPCn63rDo1DO0o4z/UFwjrEUrSnQ4/4ouRc3V2/
+BdUN/myc0Ao/kPKK/w/oB4YchP44YxTIwKL22I5DhsOJuGE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec
new file mode 100644
index 000000000..e8959653f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:empty-scheme-url
+extension:authorityInformationAccess:://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem
new file mode 100644
index 000000000..4ddeaa0e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUX8TTEyzTjyKkXvlNDjfOeVgdwUkwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjASMRAwDgYDVQQDDAdmdHAtdXJsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozswOTA3BggrBgEFBQcBAQQr
+MCkwJwYIKwYBBQUHMAGGG2Z0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4LzALBgkq
+hkiG9w0BAQsDggEBAD8v/SRKYMHiPDPVJayeugI6KhLXFpXFxwzUK5Aq1mjGjIz1
+ibRoY2JcrXFrZ13V8Gtb+MjMLIi72UcLyIVvEaUhFo7X8rcP5zajmaetGuaKKV61
+E7LOuXLaGY/zQOidgpHgU7QCix/MyGoVuqHvOrwGH9V5UalxZKTOrJ4Dd66XTd3p
++5cy158BhzJRbi1y0XST/ePfQAlA3dQmI0m7UINiAQofSvzZbybR/dyDWhLQTNsG
+NtQ2QbilokejHOqrt/XJ+BGx5ebvY8U9pS26+r0k4CfDtxSYgIc7/mK9LIT5KyhU
+LuTdXpdddngkOMKHQ0XgF39F3cgkg3IcjjAbjOE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec
new file mode 100644
index 000000000..9f50a7d79
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:ftp-url
+extension:authorityInformationAccess:ftp://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem
new file mode 100644
index 000000000..35b5b0fbf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAd2gAwIBAgIUDVa/q45VECP/2micfLYGBWXE7aMwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjATMREwDwYDVQQDDAhoVFRwLXVybDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNEMEIwQAYIKwYBBQUHAQEE
+NDAyMDAGCCsGAQUFBzABhiRoVFRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvaFRU
+cC11cmwwCwYJKoZIhvcNAQELA4IBAQCPVRLwtymkJVeBFO8jZ/WitBfyAqTH3PN8
+8HXxYbN3Cx49MqEwET+zUj/irQsKx59vZcY5UUO3icqgbcUGidxgMoOxlXxdsQjZ
+Xe6ThY27HPnV5c7mI2SQwdr/IAhHxml7OfjiZ0VoFl4RsUKghU77z0x0NMDQWN6m
+Tg19Hqyy5t2fC4zpRUQifBNEaz9tHYKN/AC8Fu2iFYPOQcz+g+KGDvwCiKdSZJba
+9yVMJolq6DWbKr20aSdJIOqQV0S4Ww2G88uxUcpwZ5wRa2WOW8a/FnusNP3Anhiy
+RrEJh/Dzdpsi24YBfQ9m6+D9SFfqEjfKJLLcLI6jrCc68v2OfJfa
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec
new file mode 100644
index 000000000..10b1504b2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:hTTp-url
+extension:authorityInformationAccess:hTTp://www.example.com:8888/hTTp-url
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem
new file mode 100644
index 000000000..3229f8b6b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAeCgAwIBAgIUdyMaqHO/yYxno+R+AgpRtlTqEHEwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAUMRIwEAYDVQQDDAlodHRwcy11cmwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjRjBEMEIGCCsGAQUFBwEB
+BDYwNDAyBggrBgEFBQcwAYYmaHR0cHM6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9o
+dHRwcy11cmwwCwYJKoZIhvcNAQELA4IBAQB4H70+zX9CJm7Y6AitWnaUheWOow2l
+JdO+iOAFM6HsxWu/X/ukZ+p6IEj79KiwyYJuyDPxms3ZUYmKEGHfChFalJbZqT8U
+DNhgKUZYGMM4VK94plUGl8yaiW0r7kCygLrsWT7+NkkLdsZ8AV2R64brTa6BcvO6
+msbyHZ6XX+W0IzlWvnNVTbTVaHu+YIi5oY+z9Zn7Q9cn8mUGn3Txk6/o7iZ8HSGo
+f0RHw6WphwniPmYy6En8mOHJca30iu960Q4KVHZ0NzrVSvRjZugbkSdEp5XPbzn1
+27jMaOWtst30JTMmLtKKkeb6rhDgIhF8jhSbFaygIERYLSuTryh31yRn
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec
new file mode 100644
index 000000000..891005bf5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:https-url
+extension:authorityInformationAccess:https://www.example.com:8888/https-url
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key b/security/manager/ssl/tests/unit/test_ocsp_url/int.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem
new file mode 100644
index 000000000..fd60e5fe2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn
+4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g
+krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh
++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO
+MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh
+++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec
new file mode 100644
index 000000000..a7f6d8141
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/moz.build b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
new file mode 100644
index 000000000..5fd0335fb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
@@ -0,0 +1,33 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'bad-scheme.pem',
+#    'ca.pem',
+#    'empty-scheme-url.pem',
+#    'ftp-url.pem',
+#    'hTTp-url.pem',
+#    'https-url.pem',
+#    'int.pem',
+#    'negative-port.pem',
+#    'no-host-url.pem',
+#    'no-path-url.pem',
+#    'no-scheme-host-port.pem',
+#    'no-scheme-url.pem',
+#    'unknown-scheme.pem',
+#    'user-pass.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'int.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
new file mode 100644
index 000000000..d5da47063
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUOYKMbwiA6Ox6tlyXbkCVolKaQrUwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAYMRYwFAYDVQQDDA1uZWdhdGl2ZS1wb3J0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozowODA2BggrBgEF
+BQcBAQQqMCgwJgYIKwYBBQUHMAGGGmh0dHA6Ly93d3cuZXhhbXBsZS5jb206LTEv
+MAsGCSqGSIb3DQEBCwOCAQEADBQNEPkXMARLS21MqOa2IrMxwTEJruvmt52cmdpP
+5g3D6U+YNrCS3sBXz4iHOpTJzPq6bcA4l2MsozaXuNXGxtYmqKVAOQaeZEkfkidH
+VRRrYlDx9krWWmbwMdXpHMdEvaa8ALbmdVHZGFvr/SULQJZ0bOJlS0T9QsbGvPJN
+85O5sB92GF3xX1/PfSEE4adoNHjoi3iBwkCHbt8l+8Yrxi0NFv+jyZ1Cjl6HgA4H
+/5QAdQK1QRSOcWdoiUKZnmS7R7lV4TUZ4ddmd1xKo6ZkM7lqKJWZRJaYyBk/2oLC
+J1VpmiIPGzU8pqavEiJkI73wsKqIvLhzXE30+cmHu6lx/Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
new file mode 100644
index 000000000..fce6d4384
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:negative-port
+extension:authorityInformationAccess:http://www.example.com:-1/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem
new file mode 100644
index 000000000..e1dd6e432
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUdxTe9sPzOgKwgY0vD+1x2d7atJkwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAWMRQwEgYDVQQDDAtuby1ob3N0LXVybDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMtMCswKQYIKwYBBQUH
+AQEEHTAbMBkGCCsGAQUFBzABhg1odHRwOi8vOjg4ODgvMAsGCSqGSIb3DQEBCwOC
+AQEAYLCyovqbhUruG91y2BOZo79Hios1jHFDSQQaiJPnCWv5wwDo6ZNaIDO4HZGz
+WOyHUVeau3OHN2j1xSPJa2e9q+mHocU7NPMYT9GTbFOrvq6wKNl0ySpPDA87EqFa
+Xumc/iMxIEqbTM85MTBQoMwBXH7Dn4YGbiGyKldHTeiHdBNYk7ck3810hTh5In6n
+sJjeH04x6HnX2bN87w5ydW8IupdQtRRlyi7D+Xrh5/P6DgKQeBYYgZYP8pm1c1sv
+ElZJ5HC8zNSdpbox8NQ+TeKJSH66Uzp4xzC5fC387bhT3pqF+L0mXey5+PAirPwe
+2qCSHS1Wrob1dEOL2F2OtxCc7A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec
new file mode 100644
index 000000000..4ac76e7eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-host-url
+extension:authorityInformationAccess:http://:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem
new file mode 100644
index 000000000..0a2b18870
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdegAwIBAgIUAXS6lqxRzJJJN9dWf3AQsJXfmrQwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAWMRQwEgYDVQQDDAtuby1wYXRoLXVybDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM7MDkwNwYIKwYBBQUH
+AQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgw
+CwYJKoZIhvcNAQELA4IBAQARmP6mnoEp1iAK4icGW3lqQK4bv94YAIn+h2d6lWqS
+I1ccW2lfzPowYNfcbvdPqgytOkBzxVZGjMfWhtWQrTHhxKh+qp8oQPEtGcGMYma7
+tuaeN5BZnoRMbRmGw/i/Wl7MgByjGRvrcwyZF+zb5SxUqgt4fRYY0IsaWQP5Zdmu
+tk31gvNbRhT4aFeteb8XuyEt4zRwk30bjXHRWSbWO29fqTx5PpVXJzdRYZr1fLqL
+6ytWx/Wri5WgvQgqYCL8aHng9qOzJPz8/ASNXzwmHjiPxEKf+Ebw3Nxo4NZ/3NdW
+AcWN8hLLSnGun0gkTEuzYhgN/lglftInFXvEWYCLc/a7
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec
new file mode 100644
index 000000000..497bb2879
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-path-url
+extension:authorityInformationAccess:http://www.example.com:8888
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem
new file mode 100644
index 000000000..cee29837d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUP1Op7k2Kxth54BUkOFVzyl/3GBgwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAeMRwwGgYDVQQDDBNuby1zY2hlbWUtaG9zdC1wb3J0MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyEwHzAd
+BggrBgEFBQcBAQQRMA8wDQYIKwYBBQUHMAGGAS8wCwYJKoZIhvcNAQELA4IBAQAQ
+t9S6Ca0G+iUIlFzRZWzt/yrSSYNqKN0GZkMEEQc0CuPK7y55UxsO0reNHatBjFMN
+6UMJa6GpIimFOcRmEvGHo5N26O0glZr+lUv66Z+/YszzG6EY3W3QLo9TUBIfkonv
+Fvt5F/EygyjUq8JoOMjuFZrGrGuLA2wkbD/xQZdZSwZKfOVuPcShPnCZZIFm6Wyu
+qzg7IKcHonKqt4ClHnCWJp1gSjbpGLwZnnjkQWOpOavnVdCxMFh+soPUqmZfomAd
+NMM/OXt3T8SqTh6zLykKPmT7mLvdT0oK/wMOQAAqYnZ1lL/TaDl9JiWmiUHJV6wK
+Iwd64wWH42VHvJa7RkGx
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec
new file mode 100644
index 000000000..42a555e41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-scheme-host-port
+extension:authorityInformationAccess:/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem
new file mode 100644
index 000000000..58d799cb1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUU9pq10HPzAkXsubwVrSbSByUa0MwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAYMRYwFAYDVQQDDA1uby1zY2hlbWUtdXJsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozUwMzAxBggrBgEF
+BQcBAQQlMCMwIQYIKwYBBQUHMAGGFXd3dy5leGFtcGxlLmNvbTo4ODg4LzALBgkq
+hkiG9w0BAQsDggEBAKpD33VUYjJ48aRC30LmPfcncPdPb6TshHzLEWVk17sojkVl
+UqzljaHcoE5yj76qG30POy/Kdy3XC7Ml3divY3feIPF9OhW5Ajt1pMMLPbIhGTK2
+vW3VXR4eD3VesXyPaJqm6xp0kKjOi0E/tHmnVCVeSdv9VxPmiBcEK8vfnA0H5qHH
+KeV/ZX1DQSAS+naG8aEPhUFKa9x815Xj1t7r6xDkGOvLfvVtw1Md9lP62numDRc0
+nDC/qu8qcZUGXDJgEpqWgBpF6jfjqIAWQfioMI02xFIOqq5fSq6BCbKgpHAkVKp7
+rWobSHnjDNlPTfjW7m9U/0evheZ6ICz404fUENw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec
new file mode 100644
index 000000000..a82196a6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-scheme-url
+extension:authorityInformationAccess:www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
new file mode 100644
index 000000000..1ab089a8c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdWgAwIBAgIUK9u6obbJ2SPIjRSDpKRrgdRN/awwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAZMRcwFQYDVQQDDA51bmtub3duLXNjaGVtZTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM2MDQwMgYIKwYB
+BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZ0dHA6Ly93d3cuZXhhbXBsZS5jb20vMAsG
+CSqGSIb3DQEBCwOCAQEANVw4eInvNA1+4oQxbmPEZ7IDm/Cq5u2kn0/Dm6NqI1YS
+YmQtw7F6ooE1MDKuCo0nVvvbRjlv68WiIYSaGZjpD8mcZJEDGXXUaVivcPO9jakQ
+pu+wzUjo41YmvvSCgBlHu7w0QWvQL4Ybk6hxZxDGIBM9HoiNnxaxKPehfc2Knb8V
+RyAZvPA/0Nwtm3L+lZYmNA3i9WBWSC3p2jblCTt62UhevnmKX9ASX2TNpLDI6Brn
+hoBpQUzQrXWYklC2GxBL28kx0in4NrQ264vNLO9weJacQY/Hxn/gJNyUguFDE/hk
+nhc9SA29F8YtLJ6fKzizMypqQEtn1oTW3wPORruoDw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
new file mode 100644
index 000000000..008945539
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:unknown-scheme
+extension:authorityInformationAccess:ttp://www.example.com/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
new file mode 100644
index 000000000..aead46e41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAeCgAwIBAgIUJYO4u8rbDNc65pazTgjE2dK2ZPgwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAUMRIwEAYDVQQDDAl1c2VyLXBhc3MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjRjBEMEIGCCsGAQUFBwEB
+BDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3VzZXI6cGFzc0B3d3cuZXhhbXBsZS5j
+b206ODg4OC8wCwYJKoZIhvcNAQELA4IBAQA4qxh5V92DpwQWEvVz0NH9NPwQdIyv
+vgAtHigtX7BEtLp3HfLZX4xb8vOmg9X2Qd921zJIBgMIFtmn2oHjeKrceu2sL7pj
+tccHrCYabr5IlcRH8oub8RerRV6tW6X3Ulo6lcdY2LvZJkYuvLyKKuTB6qSfNyD2
+2xzxgSUMRtT6eBMZoCU+N6MQiwv0FzR67dZrXOkpYnKQ95+NVC2eiXnjPi4eLAv1
+7Qvafih2nXmZ0LL3oGcls8WITBNCdqYyXolAIJJQau73Yrhal0nQJGbSSedguhsG
+CEpuoTou4gFhR0DTiLuWMNfF4WNTIUvmnNYfqvSzUUyFyA9msyQ0YkAj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
new file mode 100644
index 000000000..337e67e5f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:user-pass
+extension:authorityInformationAccess:http://user:pass@www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_onecrl/moz.build b/security/manager/ssl/tests/unit/test_onecrl/moz.build
new file mode 100644
index 000000000..560826d89
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'same-issuer-ee.pem',
+#    'test-int-ee.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem
new file mode 100644
index 000000000..c48cd895b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgegAwIBAgIUI9484x9tR8knqKhzbTfed86/unswCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIjEgMB4GA1UEAwwXQW5vdGhlciBUZXN0IEVuZC1lbnRpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjWzBZMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTAyBggr
+BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8w
+CwYJKoZIhvcNAQELA4IBAQB5uSG64u2JLPE1TsnPQfJT8bmzhov2VGvdyHHS1ANM
+zj900qpH4qNDGAaJwHSPhGdvPuJkd7Gzz/1i3kEKX/4FFkl0Md7O2xnqMn6shzKn
+kt4QAWFE+3Y5qloHLZxLAJ7xoCqxTsh+BXBgsnxR0YIJsjTXomB7kiyw5YWgRVlG
+iBlDCLuv/BEmOWXADF1Ly3qXPKWsr+tXfNl5IKjUUDdDcGHKFNYq6QyScgDokCE+
+PXEZwSiHdPpHhK1/eMIegl2rMycvw0vptPznr8MqF5COXGI9/W4ObHtXJnt6/I/C
+re6JOK6abYxpOJsLRXSovFc+RQQPrb6J7QA8Imt7FDkX
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
new file mode 100644
index 000000000..8b20f03f5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Another Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
new file mode 100644
index 000000000..e8d9db746
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
@@ -0,0 +1,39 @@
+# a sample revocations.txt for tests
+# Lines starting with '#' are ignored - as are empty lines like this:
+
+# otherwise:
+# non-empty lines are treated as base-64 encoded DER DN data (e.g. issuer or
+# subject)
+# ...unless the line starts with a ' ' (space) character, in which case it's
+# assumed to be base-64 encoded DER serial data, or
+# the line starts with a '\t' (tab) character, in which case it's assumed to
+# be a base-64 encoded SHA256 hash of a public key
+
+# First a serial with no issuer to ensure this doesn't cause parsing to fail
+# (there should be an issuer first, but we need to test this won't fail)
+ dGVzdA==
+# next, let's ensure data that isn't valid base64 doesn't cause breakage.
+ this serial isn't valid base64 (but then there's no issuer anyway)
+Neither is this issuer, though the serial is fine
+ dGVzdA==
+dGVzdA==
+ in this case, issuer is fine but not the serial
+# Next two entries; we can add valid base-64 encoded data for some basic tests:
+# issuer is "some imaginary issuer" base-64 encoded
+# and serial "serial." base-64 encoded
+c29tZSBpbWFnaW5hcnkgaXNzdWVy
+ c2VyaWFsLg==
+# issuer is "another imaginary issuer" base-64 encoded
+# serials are "serial." and "serial2." base-64 encoded
+YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+ c2VyaWFsLg==
+ c2VyaWFsMi4=
+# subject is "some imaginary subject", base-64 encoded
+# pubKeyHash is the sha256 hash of "some imaginary pubkey" base-64 encoded
+c29tZSBpbWFnaW5hcnkgc3ViamVjdA==
+	blBNgTxORaii2Sqe9bQcYsmfJ3kiXOLiKLzQNJ2wZYE=
+# and some more data to ensure that mixed items don't cause parsing failure
+a DN
+ a serial
+	a hash
+ another serial
diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem
new file mode 100644
index 000000000..34d2cf669
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUQyYXainIoMjK+7Pogg88tLd6ERgwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCQxIjAgBgNVBAMMGUVFIGlzc3VlZCBieSBpbnRl
+cm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDALBgkqhkiG
+9w0BAQsDggEBAG5fRtX3qlA/A0hm3SwbARbljUehHxdHTeiz8qAbX5aEo7LRCxjr
+BccpjzVqwiZxfwqcAyHT/+CrFrgKvpN6rnuNnmNvScH3BeTmXEkImiHc0nZTYyOH
+Xep3I0ZEDa+2H5WDXfCbwF6JIQKJ2j3TR+c5/PzS3RLIkXG8wKcmv6Ldi5vwrIM7
+DDZ+k3a65JYSQwg9Q8gZoEBKmcalVD86+OQcs1HijU7ylS9PO8HB/sYakDPuKqRM
+xZgIBTDctRET07KtAIpBEnbfiWkI6xh4tTYj4IrRA5Yz8ajRImdn0IhJSld5Wgoy
+cQ1L2ia/hgcTIdQ+pIIV2lcepTaNMeIpCoI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
new file mode 100644
index 000000000..24792d540
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate
+subject:EE issued by intermediate
+extension:subjectAlternativeName:localhost
diff --git a/security/manager/ssl/tests/unit/test_password_prompt.js b/security/manager/ssl/tests/unit/test_password_prompt.js
new file mode 100644
index 000000000..cdf4227cb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_password_prompt.js
@@ -0,0 +1,78 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that PSM can successfully ask for a password from the user and relay it
+// back to NSS. Does so by mocking out the actual dialog and "filling in" the
+// password. Also tests that providing an incorrect password will fail (well,
+// technically the user will just get prompted again, but if they then cancel
+// the dialog the overall operation will fail).
+
+var gMockPrompter = {
+  passwordToTry: null,
+  numPrompts: 0,
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gMockPrompter| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  promptPassword: function(dialogTitle, text, password, checkMsg, checkValue) {
+    this.numPrompts++;
+    if (this.numPrompts > 1) { // don't keep retrying a bad password
+      return false;
+    }
+    equal(text,
+          "Please enter the master password for the Software Security Device.",
+          "password prompt text should be as expected");
+    equal(checkMsg, null, "checkMsg should be null");
+    ok(this.passwordToTry, "passwordToTry should be non-null");
+    password.value = this.passwordToTry;
+    return true;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIPrompt]),
+};
+
+// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
+// to call promptPassword. We return the mock one, above.
+var gWindowWatcher = {
+  getNewPrompter: () => gMockPrompter,
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIWindowWatcher]),
+};
+
+function run_test() {
+  do_get_profile();
+
+  let windowWatcherCID =
+    MockRegistrar.register("@mozilla.org/embedcomp/window-watcher;1",
+                           gWindowWatcher);
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(windowWatcherCID);
+  });
+
+  // Set an initial password.
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+  let token = tokenDB.getInternalKeyToken();
+  token.initPassword("hunter2");
+  token.logoutSimple();
+
+  // Try with the correct password.
+  gMockPrompter.passwordToTry = "hunter2";
+  // Using nsISecretDecoderRing will cause the password prompt to come up if the
+  // token has a password and is logged out.
+  let sdr = Cc["@mozilla.org/security/sdr;1"]
+              .getService(Ci.nsISecretDecoderRing);
+  sdr.encryptString("poke");
+  equal(gMockPrompter.numPrompts, 1, "should have prompted for password once");
+
+  // Reset state.
+  gMockPrompter.numPrompts = 0;
+  token.logoutSimple();
+
+  // Try with an incorrect password.
+  gMockPrompter.passwordToTry = "*******";
+  throws(() => sdr.encryptString("poke2"), /NS_ERROR_FAILURE/,
+         "logging in with the wrong password should fail");
+  equal(gMockPrompter.numPrompts, 2, "should have prompted for password twice");
+}
diff --git a/security/manager/ssl/tests/unit/test_pinning.js b/security/manager/ssl/tests/unit/test_pinning.js
new file mode 100644
index 000000000..4d3c2fac8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning.js
@@ -0,0 +1,263 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// For all cases, the acceptable pinset includes only certificates pinned to
+// Test End Entity Cert (signed by issuer testCA). Other certificates
+// are issued by otherCA, which is never in the pinset but is a user-specified
+// trust anchor. This test covers multiple cases:
+//
+// Pinned domain include-subdomains.pinning.example.com includes subdomains
+// - PASS: include-subdomains.pinning.example.com serves a correct cert
+// - PASS: good.include-subdomains.pinning.example.com serves a correct cert
+// - FAIL (strict): bad.include-subdomains.pinning.example.com serves a cert
+// not in the pinset
+// - PASS (mitm): bad.include-subdomains.pinning.example.com serves a cert not
+// in the pinset, but issued by a user-specified trust domain
+//
+// Pinned domain exclude-subdomains.pinning.example.com excludes subdomains
+// - PASS: exclude-subdomains.pinning.example.com serves a correct cert
+// - FAIL: exclude-subdomains.pinning.example.com serves an incorrect cert
+// (TODO: test using verifyCertNow)
+// - PASS: sub.exclude-subdomains.pinning.example.com serves an incorrect cert
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+function add_clear_override(host) {
+  add_test(function() {
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride(host, 8443);
+    run_next_test();
+  });
+}
+
+function test_strict() {
+  // In strict mode, we always evaluate pinning data, regardless of whether the
+  // issuer is a built-in trust anchor. We only enforce pins that are not in
+  // test mode.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+    run_next_test();
+  });
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // Issued by otherCA, which is not in the pinset for pinning.example.com.
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+
+  // Check that using a FQDN doesn't bypass pinning.
+  add_connection_test("bad.include-subdomains.pinning.example.com.",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+  // For some reason this is also navigable (see bug 1118522).
+  add_connection_test("bad.include-subdomains.pinning.example.com..",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+
+  // These domains serve certs that match the pinset.
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain serves a cert that doesn't match the pinset, but subdomains
+  // are excluded.
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain's pinset is exactly the same as
+  // include-subdomains.pinning.example.com, serves the same cert as
+  // bad.include-subdomains.pinning.example.com, but it should pass because
+  // it's in test_mode.
+  add_connection_test("test-mode.pinning.example.com",
+                      PRErrorCodeSuccess);
+  // Similarly, this pin is in test-mode, so it should be overridable.
+  add_cert_override_test("unknownissuer.test-mode.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_mitm() {
+  // In MITM mode, we allow pinning to pass if the chain resolves to any
+  // user-specified trust anchor, even if it is not in the pinset.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1);
+    run_next_test();
+  });
+
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides (since building a trusted chain fails,
+  // we have no reason to believe this was issued by a user-added trust
+  // anchor, so we can't allow overrides for it).
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // In this case, even though otherCA is not in the pinset, it is a
+  // user-specified trust anchor and the pinning check succeeds.
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess);
+  add_cert_override_test("unknownissuer.test-mode.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_disabled() {
+  // Disable pinning.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 0);
+    run_next_test();
+  });
+
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess);
+
+  add_cert_override_test("unknownissuer.include-subdomains.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+  add_cert_override_test("unknownissuer.test-mode.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_enforce_test_mode() {
+  // In enforce test mode, we always enforce all pins, even test pins.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 3);
+    run_next_test();
+  });
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // Issued by otherCA, which is not in the pinset for pinning.example.com.
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+
+  // These domains serve certs that match the pinset.
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain serves a cert that doesn't match the pinset, but subdomains
+  // are excluded.
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain's pinset is exactly the same as
+  // include-subdomains.pinning.example.com, serves the same cert as
+  // bad.include-subdomains.pinning.example.com, is in test-mode, but we are
+  // enforcing test mode pins.
+  add_connection_test("test-mode.pinning.example.com",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+  // Normally this is overridable. But, since we have pinning information for
+  // this host (and since we're enforcing test mode), we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.test-mode.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function check_pinning_telemetry() {
+  let service = Cc["@mozilla.org/base/telemetry;1"].getService(Ci.nsITelemetry);
+  let prod_histogram = service.getHistogramById("CERT_PINNING_RESULTS")
+                         .snapshot();
+  let test_histogram = service.getHistogramById("CERT_PINNING_TEST_RESULTS")
+                         .snapshot();
+  // Because all of our test domains are pinned to user-specified trust
+  // anchors, effectively only strict mode and enforce test-mode get evaluated
+  equal(prod_histogram.counts[0], 4,
+        "Actual and expected prod (non-Mozilla) failure count should match");
+  equal(prod_histogram.counts[1], 4,
+        "Actual and expected prod (non-Mozilla) success count should match");
+  equal(test_histogram.counts[0], 2,
+        "Actual and expected test (non-Mozilla) failure count should match");
+  equal(test_histogram.counts[1], 0,
+        "Actual and expected test (non-Mozilla) success count should match");
+
+  let moz_prod_histogram = service.getHistogramById("CERT_PINNING_MOZ_RESULTS")
+                             .snapshot();
+  let moz_test_histogram =
+    service.getHistogramById("CERT_PINNING_MOZ_TEST_RESULTS").snapshot();
+  equal(moz_prod_histogram.counts[0], 0,
+        "Actual and expected prod (Mozilla) failure count should match");
+  equal(moz_prod_histogram.counts[1], 0,
+        "Actual and expected prod (Mozilla) success count should match");
+  equal(moz_test_histogram.counts[0], 0,
+        "Actual and expected test (Mozilla) failure count should match");
+  equal(moz_test_histogram.counts[1], 0,
+        "Actual and expected test (Mozilla) success count should match");
+
+  let per_host_histogram =
+    service.getHistogramById("CERT_PINNING_MOZ_RESULTS_BY_HOST").snapshot();
+  equal(per_host_histogram.counts[0], 0,
+        "Actual and expected per host (Mozilla) failure count should match");
+  equal(per_host_histogram.counts[1], 2,
+        "Actual and expected per host (Mozilla) success count should match");
+  run_next_test();
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  // Add a user-specified trust anchor.
+  addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u");
+
+  test_strict();
+  test_mitm();
+  test_disabled();
+  test_enforce_test_mode();
+
+  add_test(function () {
+    check_pinning_telemetry();
+  });
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic.js b/security/manager/ssl/tests/unit/test_pinning_dynamic.js
new file mode 100644
index 000000000..2c314b53a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic.js
@@ -0,0 +1,246 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// and see that the site security service reads it properly.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+var gSSSStateSeen = false;
+var gPreloadStateSeen = false;
+
+var profileDir = do_get_profile();
+var certdb;
+
+function certFromFile(cert_name) {
+  return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
+}
+
+function loadCert(cert_name, trust_string) {
+  let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
+  addCertFromFile(certdb, cert_filename, trust_string);
+  return constructCertFromFile(cert_filename);
+}
+
+function checkOK(cert, hostname) {
+  return checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
+                               certificateUsageSSLServer, {}, hostname);
+}
+
+function checkFail(cert, hostname) {
+  return checkCertErrorGeneric(certdb, cert, MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE,
+                               certificateUsageSSLServer, {}, hostname);
+}
+
+const NON_ISSUED_KEY_HASH = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN=";
+const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+
+function run_test() {
+  Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the SSS_STATE file shouldn't
+  // exist until we create it.
+  ok(!stateFile.exists(),
+     "State file should not exist when working with a clean slate");
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine(`a.pinning2.example.com:HPKP\t0\t0\t${now + 100000},1,0,${PINNING_ROOT_KEY_HASH}\n`, outputStream);
+  writeLine(`b.pinning2.example.com:HPKP\t0\t0\t${now + 100000},1,1,${PINNING_ROOT_KEY_HASH}\n`, outputStream);
+
+  outputStream.close();
+
+  let preloadFile = profileDir.clone();
+  preloadFile.append(PRELOAD_STATE_FILE_NAME);
+  ok(!preloadFile.exists(),
+     "Preload file should not exist when working with a clean slate");
+
+  outputStream = FileUtils.openFileOutputStream(preloadFile);
+  writeLine(`a.preload.example.com:HPKP\t0\t0\t${now + 100000},1,1,${PINNING_ROOT_KEY_HASH}\n`, outputStream);
+  outputStream.close();
+
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null,
+           "SiteSecurityService should have initialized successfully using" +
+           " the generated state file");
+}
+
+function checkDefaultSiteHPKPStatus() {
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+     "a.pinning2.example.com should have HPKP status");
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                              "x.a.pinning2.example.com", 0),
+     "x.a.pinning2.example.com should not have HPKP status");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "b.pinning2.example.com", 0),
+     "b.pinning2.example.com should have HPKP status");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "x.b.pinning2.example.com", 0),
+     "x.b.pinning2.example.com should have HPKP status");
+}
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == SSS_STATE_FILE_NAME) {
+    gSSSStateSeen = true;
+  } else if (aData == PRELOAD_STATE_FILE_NAME) {
+    gPreloadStateSeen = true;
+  } else {
+    throw new Error("Observed data should either be the Site Security " +
+                    "Service state file name or the preload file name");
+  }
+
+  if (!gSSSStateSeen || !gPreloadStateSeen) {
+    return;
+  }
+
+  notEqual(gSSService, null, "SiteSecurityService should be initialized");
+
+  // Initializing the certificate DB will cause NSS-initialization, which in
+  // turn initializes the site security service. Since we're in part testing
+  // that the site security service correctly reads its state file, we have to
+  // make sure it doesn't start up before we've populated the file
+  certdb = Cc["@mozilla.org/security/x509certdb;1"]
+             .getService(Ci.nsIX509CertDB);
+
+  loadCert("pinningroot", "CTu,CTu,CTu");
+  loadCert("badca", "CTu,CTu,CTu");
+
+  // the written entry is for a.pinning2.example.com without subdomains
+  // and b.pinning2.example.com with subdomains
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  checkDefaultSiteHPKPStatus();
+
+
+  // add includeSubdomains to a.pinning2.example.com
+  gSSService.setKeyPins("a.pinning2.example.com", true,
+                        new Date().getTime() + 1000000, 2,
+                        [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]);
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkFail(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+     "a.pinning2.example.com should still have HPKP status after adding" +
+     " includeSubdomains to a.pinning2.example.com");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "x.a.pinning2.example.com", 0),
+     "x.a.pinning2.example.com should now have HPKP status after adding" +
+     " includeSubdomains to a.pinning2.example.com");
+
+  // Now setpins without subdomains
+  gSSService.setKeyPins("a.pinning2.example.com", false,
+                        new Date().getTime() + 1000000, 2,
+                        [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]);
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  checkDefaultSiteHPKPStatus();
+
+  // failure to insert new pin entry leaves previous pin behavior
+  throws(() => {
+    gSSService.setKeyPins("a.pinning2.example.com", true,
+                          new Date().getTime() + 1000000, 1, ["not a hash"]);
+  }, /NS_ERROR_ILLEGAL_VALUE/, "Attempting to set an invalid pin should fail");
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  checkDefaultSiteHPKPStatus();
+
+  // Incorrect size results in failure
+  throws(() => {
+    gSSService.setKeyPins("a.pinning2.example.com", true,
+                          new Date().getTime() + 1000000, 2, ["not a hash"]);
+  }, /NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY/,
+     "Attempting to set a pin with an incorrect size should fail");
+
+  // Ensure built-in pins work as expected
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                              "nonexistent.example.com", 0),
+     "Not built-in nonexistent.example.com should not have HPKP status");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "include-subdomains.pinning.example.com", 0),
+     "Built-in include-subdomains.pinning.example.com should have HPKP status");
+
+  gSSService.setKeyPins("a.pinning2.example.com", false, new Date().getTime(),
+                        1, [NON_ISSUED_KEY_HASH]);
+
+  // Check that a preload pin loaded from file works as expected
+  checkFail(certFromFile("a.preload.example.com-badca"), "a.preload.example.com");
+  checkOK(certFromFile("a.preload.example.com-pinningroot"), "a.preload.example.com");
+
+  // Check a dynamic addition works as expected
+  // first, it should succeed with the badCA - because there's no pin
+  checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+  // then we add a pin, and we should get a failure (ensuring the expiry is
+  // after the test timeout)
+  gSSService.setKeyPins("b.preload.example.com", false,
+                        new Date().getTime() + 1000000, 2,
+                        [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH], true);
+  checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+
+  do_timeout(1250, checkExpiredState);
+}
+
+function checkExpiredState() {
+  checkOK(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+  checkPreloadClear();
+}
+
+function checkPreloadClear() {
+  // Check that the preloaded pins still work after private data is cleared
+  gSSService.clearAll();
+  checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+
+  // Check that the preloaded pins are cleared when we clear preloads
+  gSSService.clearPreloads();
+  checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+
+  do_test_finished();
+}
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..102a3bbda
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcegAwIBAgIUXdB7LgBGZoRV1UmEFcsOhMigpB0wCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMlMCMwIQYD
+VR0RBBowGIIWYS5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB
+AAKhpX2t/Bz9//u1DYyLZ6dLSJt121Vb58s8gQvI/7n6MdUP1IniQLbtPW+7wnV0
+6LYagJQ11ZUJMxYUs6lB91yhwAO9NoN4QJWWB0i23DoZ6cg4dHmYKmQQ/HRndwm+
+EATkJSnBAk8O2xmIm8CXbJ0W0lvaXEjzRfeoiEjQ0/THeo4hXvGOMPm31d+r4ji5
+/u2+9jrpTII0kjCwFjqC97lPID14s9QRMqMB1CCV6fgT19EGYi9I7H6mnyukkmfX
+9wOhLHSk6A2l5+5eJrZYXLOhcS31VBd54sb1Vvg+Bp05HMYjo051JcRlvxoIUsHT
+JQDn8QrzwZBDBh4Pie3AwOM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..f365b8a18
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..2439b5775
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAc2gAwIBAgIUPQgjdPeWdWy/0oKRi+5Lr7JJorMwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMl
+MCMwIQYDVR0RBBowGIIWYS5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0B
+AQsDggEBAFUlxnwpxOFbSxtsBthWu6xmDxeFAzP+u5YOfuKeiIGnAx70k8ODQufJ
+Vm1rXvKtN5r8jR6AZh/hdA+tGhnu4+pGi9/aqWnaF1FEs2mW0saUV8atQZwNGRBO
+E9FXdAHA8WmGIfRf8TOuWpmEWejjJt5Zsfs+V3ARIxjCrVE7ixyfJ/hYpmthLtYJ
+5vgp0iiPjzorKeFnqooLVAfzeayRX0bE5H79NISIWq4CN/9J50ZFkRORURlANU95
+2Dcuw416b3BGrWVmWlKWOpA6NZ+Rj+AI+z9UTDpqCczTfMXMabX4EveW1GKMMYiA
+eLD8SY4VQ4403eaCp6rxYFrCNOeDczs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..aef72ce39
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem
new file mode 100644
index 000000000..2a157d8e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUKUG7kBZ72CvuLQ0uPfjKHLkKDQAwCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMkMCIwIAYD
+VR0RBBkwF4IVYS5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA
+tx5YO8uvYac92scnMEswv4ZIslou8UYV/2mtxA+MaXf/g+MizOKeZgTI1+b9hR48
+IDOgvrqPCbn1hKY6gb2gtRI1mC5dg9T8EYEXcC1TM+ncY/l4SZUjfMhzY2iOf62x
+jhDqMMt4V5uaHUxVmJQI82X5qpxH3yJ3WOC87iGZNfMB8MSbLM3lxor9OHeTlTHQ
+vPb/r7cLW+ikxirDGyBBvThkvDA/8qyN5Qp6Ae1BiPeEMoScNf3fChvNV6Jyb8g8
+e9q0LnTlTuVgaDWtg7PVOxeiI+wf3Jhv9uqXQLX8JHZDKebLbQEkNcbR4DK/8wsP
+uFhj0j8DY6+/YZbcF7Jgfw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec
new file mode 100644
index 000000000..c1cb36576
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:a.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem
new file mode 100644
index 000000000..5fa43f052
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIURV3mf9Dz42lALe31OAm2SYbpFaEwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMk
+MCIwIAYDVR0RBBkwF4IVYS5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEB
+CwOCAQEATOA0bbfg81JieQkTzr4oxBqPuFamtLSAsLpbKakikYQo2znMGNnHV7Xe
+uxMGMhCIPRsiJ6jj6ZTQJNqQRKzXWEiBgREsarmJxA53ITIcO2cK2rqyetNAAwzZ
+oViENmK3tLA5KT2VC9IGgMXdSE7IfXn+5yCdpKZ2ohwtkYHNkCbQIU+4KaCPa/dB
+yAelZZPE0mVHJLkd5HoOsFmjFOBQuOkn9/AAOmkgBZIk1Dp833ywn/mnwLZdVsdV
++TjqWKenDJXxhO2+aCCtZbUVxKMn0TACpAA+rhjS5vigCyIZh7V4rxki9UXaOfVq
+EVy4rFlRIYYtXV40HavDZoPgxuCHDw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..5c1865314
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:a.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..cffb37c1f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcegAwIBAgIUV89JsAhywp3graSGqjeSpMzd1B0wCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMlMCMwIQYD
+VR0RBBowGIIWYi5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB
+ABevzhH9/hjTBgTtUk4ytZX0A7Tu0DR5F9ooFnlUwzupHFihO+9NzEoCSIvCy3L9
++i3LbkaiUWEHQItLjIg+aice13ZkuMp+DeZ+D/YR9ulxyY1QBYeZLQj/gSdkj/fK
+uDm0Izgt8OBsgP+KFX2c2cGZyOcXmFFAwSfkLz7p2qzrmuM7r5ploNpxeHBUIxUW
+jJzSFeQMfy5wflcKDBY+PDejzN9Ik4weRyERsckVgmZSJXuodb8xgYkNPvl/GOVJ
+o+eDw+E3uOsdBIDrsyb+bcQTG7nBkQoSqG8M0610h0OqFhksfv/0HcB/wfW8VdU+
++C4+tR2KfvqTCm3T6gzRWX8=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..5aa8aaa5e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..791f64b4c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAc2gAwIBAgIUVQNTrx+mRE96ggRLuZeFm+9uBdcwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMl
+MCMwIQYDVR0RBBowGIIWYi5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0B
+AQsDggEBAHYCfQaolF6z4IicBDTEQQVfYi4A3BcCNLTdInQlal/DHNytNRufM5TB
+ccNpau5U9e10NBYWbMqRUBb/7wtYE4O7jhEWxjaHBOz5KTYLv8hjEc2wcHXfhlYM
+QKmxOnA7SguSNYBdfXywav//ssLmDnB06nc2vv5NaKvIWbUv3HvfM8oRAr+NICUs
+UMcIb+hjY+u/qrnOeFJxXzeqPYKMa7H+33baRgy7xnL95PxAwkz0XL8vcMFupTX5
+dL5HsSKku23C0BoE6pK39TVh758fQjCAnD+QRTH/o+dfE2sIFpRiyszdXGmh2IRR
+gMSy+gJbH+zh0D9ncL0Kev0PyEuBYR4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..17f22dab5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem
new file mode 100644
index 000000000..4ef23a2c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUf2T4BVvxeCgWVp/FL3tCFNjuZYQwCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMkMCIwIAYD
+VR0RBBkwF4IVYi5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA
+okmxK2NDRYWSAn6b1YZpLiZnoaNrM0HXHY6fkARY/9EiAApvNPxT663EKtTZn27a
+JtwXP2zzlYQDRc9cxa1zBX9Tp+0sn5aqokqzoVWx4VIe/emzi9FDf3lgaYewHLez
+RINv3kUZmqlw6tmMQxjd51UGyvNsi52+gcet1cPr5kBzGQv/q7iNs/lcetL3+KQF
+klJ3PfI4VjFwRRYNhScxiRczklPVDySvxSNw+csUxNRunFLXIi3+WqQzYhw7R8ga
+ASwozTfvVAUySOmDipCZZXAHFtlpBr6vAllfD9v8hAsrE7Bkivafr+i5HMD3DtJE
+4ZedqFCkTkqKvd0fMIbOIA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec
new file mode 100644
index 000000000..9901ead60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:b.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem
new file mode 100644
index 000000000..c6ea38a12
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUI5rdRX/x0w0bDx6hQhc8ZhGLfqQwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMk
+MCIwIAYDVR0RBBkwF4IVYi5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEB
+CwOCAQEAg2VdHBLmFLJ03N9VT4uUrnpjuYY9bsvPJF2JCk9817nxBbeMf+Qn0C/o
+OeoQnZRqsaFbKZ80JXmh/j4RO6T/aaQUMpk+NXrdSPddy2B3eUByF/NJqipV3M2a
+CRNWUUVF+msjRWwbzJafju2nEZcD4d4cUkHHYAaRRxAHH3ylEvWmdv/brgfAPCPH
+WDVaCMc3OXgHkyrLAfkMKSYTNPJ7DJn/BXET5tCzqYGRUgRnME4ON2Mmp19lsdig
+dIFbm76wg6l5M+s9pqiYzODUxJXUOd6BkAR5pqB9WyIRVfBr5LGT72nv00LHVcSm
+hnsti9nAtFdJx4E1lJilrnQwu0q4Iw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..6f5807700
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:b.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem
new file mode 100644
index 000000000..9443a4c91
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAbWgAwIBAgIUXQevdaeXMieCrG6ZqhI2yfACBq4wCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBAxDjAMBgNVBAMMBWJhZGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+mWtoq3UHIwkmK
+xKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidguuai6PNvI8XZ
+gxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5maR0rLf7ISURZ
+C8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izmh4HdIramnNKD
+dRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWckKrH9bWIUDRjE
+wLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABox0wGzAMBgNVHRMEBTADAQH/
+MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHitWfZzPxR/UWEKQgz9zzm2
+NXszG7nV82w8qfC9pq8mU3f7eqbHJ2HNFkZzttJsH9DNl30OK2Y5IVLUiZHckz2e
+OFUyxK0tBCCBYd79FiK4BgP/Ys/7LK+4UaDhbRQP//MGuofwjsrNxgPgtkNaeKtF
+EXKCuDrHoa4ua7afrkUWKzPZ6JbDOEjJIyuJ3ISI0Q20Oc3ERxGwG1SQ1EldgWBr
+0dJJWBHZtNpIVvSm1dRfjMYtSrBoUXwbn6kDrdk4T98OHnFP0V0KW4j4umLHK7Gi
+OSAwvWtir3fSJaLJClTCFe1XoNvJnQ53PJs0JR26mAixV2VuylStO2KlbYy7fOc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec
new file mode 100644
index 000000000..311bbb3f8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec
@@ -0,0 +1,6 @@
+issuer:badca
+subject:badca
+issuerKey:alternate
+subjectKey:alternate
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build b/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build
new file mode 100644
index 000000000..eb8b582f5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build
@@ -0,0 +1,26 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'badca.pem',
+#    'a.pinning2.example.com-badca.pem',
+#    'a.pinning2.example.com-pinningroot.pem',
+#    'a.preload.example.com-badca.pem',
+#    'a.preload.example.com-pinningroot.pem',
+#    'b.pinning2.example.com-badca.pem',
+#    'b.pinning2.example.com-pinningroot.pem',
+#    'b.preload.example.com-badca.pem',
+#    'b.preload.example.com-pinningroot.pem',
+#    'x.a.pinning2.example.com-badca.pem',
+#    'x.a.pinning2.example.com-pinningroot.pem',
+#    'x.b.pinning2.example.com-badca.pem',
+#    'x.b.pinning2.example.com-pinningroot.pem',
+#    'pinningroot.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem
new file mode 100644
index 000000000..9a041991a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAcGgAwIBAgIUMwSUmBShbg5sMNZSTiPd5Tb1udkwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAM
+BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBADNuQnKg
+y8zWnKlfBq/50UOtdSlvevg6u6tsUTvay2kVgB8BRTvm76aw4yOLgk84eHHkrX5c
+TqdutWh2JZarUWbO7JnPTdDE2CAkDh1smSe9L/XJENbgVXleg/VYLgnfnuSQCCnK
+WjjExcorX6IKDks1ZoBJ1HIvBzMRMWzIQgBL9B2Y1V05lgfn0bwZD+TjUJBmN1w0
+NTaPgrxE7FWZ2CTcowrYRKEEDAUX4cTFoce5YMwALCgW59KfVQfQdHaiCCcdNbfi
+qSQGZu+59JrrasmgK9VTahukYWcaQCz8HBCasdknGodLAzThuWMkjXU3D2IZYl15
+GfE5yrRFop/89xo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec
new file mode 100644
index 000000000..86500e16b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:pinningroot
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..e4b6e72c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUe11LKIzCrdnRTgrLsfuGMoOpL1QwCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMnMCUwIwYD
+VR0RBBwwGoIYeC5hLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOC
+AQEAgdFC/SwBLRp6A+n3znR+sEuU8UvmbgbXp7pIFVh6cbC6lNF0nXk9ywPeIWyh
+B7TCn3YHj4uc/PbvzRj9Py0gQLXcimKpmLoxclV5g1uTAydgXPiPulv/kaL9NOME
+lm88pyQeDwfEkUz7VijabIzFRTEVRmOudb8mX4SuzjhxsdzSMjffpae335beJ4Im
+lxgJgMsuJdEoK0WyG5nlBhVdzrT/kwdiwULeVNV//UHid1YZy56G5Lo22Hgd4wT3
+1W3LXQelBdHhee7Hf7mg4rjCUPulFAr8qBLdywf1Hnu1o7rXUcn46PLwKLOWJPOM
+SKpiqRKqvzlrzLaHPejfT0IMrw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..ad8636d43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:x.a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..ed58de323
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUefEeE+Sj5fBSec+97B6UmZFQEncwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMn
+MCUwIwYDVR0RBBwwGoIYeC5hLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAT2fxisiLJvVdFTba07a2Pc6UHBE+O0tOaLfMmHx/ET2FZdd9sLTL
+X2f+hQCmXEBQ7Au2eYTew8hTyXYGYFauMJNk+XHHUIaSOhmnYTccye4d6j5bXRCp
+7zA1qPlReCDLjp7o/34whkvngvdgdLYf60EkBO/NJfj+zsR1JTVfyVzIKXl6veLz
+0xKicBAq9vS0Yqq10japVYKKqAw6gDpbNkSAd3xsl4+EbMRq+BnMB4W2anw1gM/e
+hV11JQVA/MREtmUiTkvJFF6chHVCn5aL7JzVM2miZjZC8Ix59LUBoyO3SrxgrzZw
+xeYuwoDhzTCrcFxn8gdKNajbGHuW5ekQpg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..260f2184b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:x.a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..dc24247e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUYcTc5Pz7KlQldGOO+KzbuBdf8TswCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMnMCUwIwYD
+VR0RBBwwGoIYeC5iLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOC
+AQEAd6HusXqftFBpSUzivIY6icTZ95+wY+xIOsf1QOgyzZ/CDx4Tly+rgue2xSNT
+59FmnFvh8jW202K8TykamsAX20A8ArzubNoc/+soA752YEvrMmOgWjmH2arqTfqg
+zcfNdgUDESwnOoy123F+PkT3rRDXwINzCwftxhKbvmqhO6YENteqyWWmSZoMClsJ
+xtm+bmPN+m26k6zMMYWzIu2HIXI3CgqOmJltfyqea02Y58S1+XlajrcewPpC17xD
+r5a1sizecCFrmV0ssbK8wvEYo9Xs+PNj8Vhi1DUwGjtnjrYn/WQ6v/luMEEO7EMD
+b3BbEziS3Pqej2JyprUKqOjv1g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..592bdcc58
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:x.b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..642135994
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUNXGolw8M2HU/gP4dOSMD2bdTQ+MwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMn
+MCUwIwYDVR0RBBwwGoIYeC5iLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAevN1gW64H2kCjW5W4wbQFkJIITjcdEUsw+8GPzDuBDJCvgGirhOi
+ArBie8Bz+JlqzgNCXSe6pFVLoNfLosG5xksLwHljEit/7gFQ5twFazdg7dwPXs9Z
+MIV2iv3vHmKYTFTcjfw07UWy0rHHt6EH+zXqpZFtFkJHqSgngKxAHgQlvSKeyynM
+albu5YAX/hzJ7TyAVGxVN8uxnvYqPbLCy3wKf9ILFiDer6B9pE4Ii+dUyUbqVQFZ
+tY2ac1474nkcfj3uj5qbV0TTpd9EL9HMvixTnoUrT3bqkRX7orvL4gXpnJJyRjvC
+/LvTh/Vt1mYKkNLc/ruOj7WfUUC0SJIDzQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..7e6d33d50
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:x.b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_header_parsing.js b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
new file mode 100644
index 000000000..fb4b32353
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to check that parsing of HPKP headers
+// is correct.
+
+var profileDir = do_get_profile();
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+var gSSService = Cc["@mozilla.org/ssservice;1"]
+                   .getService(Ci.nsISiteSecurityService);
+
+function certFromFile(cert_name) {
+  return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
+}
+
+function loadCert(cert_name, trust_string) {
+  let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
+  addCertFromFile(certdb, cert_filename, trust_string);
+  return constructCertFromFile(cert_filename);
+}
+
+function checkFailParseInvalidPin(pinValue) {
+  let sslStatus = new FakeSSLStatus(
+                        certFromFile('a.pinning2.example.com-pinningroot'));
+  let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
+  throws(() => {
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                             pinValue, sslStatus, 0);
+  }, /NS_ERROR_FAILURE/, `Invalid pin "${pinValue}" should be rejected`);
+}
+
+function checkPassValidPin(pinValue, settingPin, expectedMaxAge) {
+  let sslStatus = new FakeSSLStatus(
+                        certFromFile('a.pinning2.example.com-pinningroot'));
+  let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
+  let maxAge = {};
+
+  // setup preconditions for the test, if setting ensure there is no previous
+  // state, if removing ensure there is a valid pin in place.
+  if (settingPin) {
+    gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
+  } else {
+    // add a known valid pin!
+    let validPinValue = "max-age=5000;" + VALID_PIN1 + BACKUP_PIN1;
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                             validPinValue, sslStatus, 0);
+  }
+  try {
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                             pinValue, sslStatus, 0, maxAge);
+    ok(true, "Valid pin should be accepted");
+  } catch (e) {
+    ok(false, "Valid pin should have been accepted");
+  }
+
+  // check that maxAge was processed correctly
+  if (settingPin && expectedMaxAge) {
+    ok(maxAge.value == expectedMaxAge, `max-age value should be ${expectedMaxAge}`);
+  }
+
+  // after processing ensure that the postconditions are true, if setting
+  // the host must be pinned, if removing the host must not be pinned
+  let hostIsPinned = gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                                             "a.pinning2.example.com", 0);
+  if (settingPin) {
+    ok(hostIsPinned, "Host should be considered pinned");
+  } else {
+    ok(!hostIsPinned, "Host should not be considered pinned");
+  }
+}
+
+function checkPassSettingPin(pinValue, expectedMaxAge) {
+  return checkPassValidPin(pinValue, true, expectedMaxAge);
+}
+
+function checkPassRemovingPin(pinValue) {
+  return checkPassValidPin(pinValue, false);
+}
+
+const MAX_MAX_AGE_SECONDS = 100000;
+const GOOD_MAX_AGE_SECONDS = 69403;
+const LONG_MAX_AGE_SECONDS = 2 * MAX_MAX_AGE_SECONDS;
+const NON_ISSUED_KEY_HASH1 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+const NON_ISSUED_KEY_HASH2 = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ=";
+const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+const MAX_AGE_ZERO = "max-age=0;";
+const VALID_PIN1 = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`;
+const BACKUP_PIN1 = `pin-sha256="${NON_ISSUED_KEY_HASH1}";`;
+const BACKUP_PIN2 = `pin-sha256="${NON_ISSUED_KEY_HASH2}";`;
+const BROKEN_PIN1 = "pin-sha256=\"jdjsjsjs\";";
+const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
+const LONG_MAX_AGE = `max-age=${LONG_MAX_AGE_SECONDS};`;
+const INCLUDE_SUBDOMAINS = "includeSubdomains;";
+const REPORT_URI = "report-uri=\"https://www.example.com/report/\";";
+const UNRECOGNIZED_DIRECTIVE = "unreconized-dir=12343;";
+
+function run_test() {
+  Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+  Services.prefs.setIntPref("security.cert_pinning.max_max_age_seconds", MAX_MAX_AGE_SECONDS);
+  Services.prefs.setBoolPref("security.cert_pinning.process_headers_from_non_builtin_roots", true);
+
+  loadCert("pinningroot", "CTu,CTu,CTu");
+  loadCert("badca", "CTu,CTu,CTu");
+
+  checkFailParseInvalidPin("max-age=INVALID");
+  // check that incomplete headers are failure
+  checkFailParseInvalidPin(GOOD_MAX_AGE);
+  checkFailParseInvalidPin(VALID_PIN1);
+  checkFailParseInvalidPin(REPORT_URI);
+  checkFailParseInvalidPin(UNRECOGNIZED_DIRECTIVE);
+  checkFailParseInvalidPin(VALID_PIN1 + BACKUP_PIN1);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BROKEN_PIN1);
+  // next ensure a backup pin is present
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + VALID_PIN1);
+  // next section ensure duplicate directives result in failure
+  checkFailParseInvalidPin(GOOD_MAX_AGE + GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + INCLUDE_SUBDOMAINS + INCLUDE_SUBDOMAINS);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + REPORT_URI + REPORT_URI);
+  checkFailParseInvalidPin("thisisinvalidtest");
+  checkFailParseInvalidPin("invalid" + GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1);
+
+  checkPassRemovingPin("max-age=0"); //test removal without terminating ';'
+  checkPassRemovingPin(MAX_AGE_ZERO);
+  checkPassRemovingPin(MAX_AGE_ZERO + VALID_PIN1);
+
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1, GOOD_MAX_AGE_SECONDS);
+  checkPassSettingPin(LONG_MAX_AGE + VALID_PIN1 + BACKUP_PIN1, MAX_MAX_AGE_SECONDS);
+
+  checkPassRemovingPin(VALID_PIN1 + MAX_AGE_ZERO + VALID_PIN1);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN2);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN2 + INCLUDE_SUBDOMAINS);
+  checkPassSettingPin(VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2 + INCLUDE_SUBDOMAINS);
+  checkPassSettingPin(VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2 + REPORT_URI + INCLUDE_SUBDOMAINS);
+  checkPassSettingPin(INCLUDE_SUBDOMAINS + VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + UNRECOGNIZED_DIRECTIVE);
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js
new file mode 100644
index 000000000..b0592906c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js
@@ -0,0 +1,41 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test loads a testing PKCS #11 module that simulates a token being
+// inserted and removed from a slot every 50ms. This causes the observer
+// service to broadcast the observation topics "smartcard-insert" and
+// "smartcard-remove", respectively. This test ensures that one of each event
+// has been succssfully observed, and then it unloads the test module.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+const gExpectedTokenLabel = "Test PKCS11 Tokeñ Label";
+
+function SmartcardObserver(type) {
+  this.type = type;
+  do_test_pending();
+}
+
+SmartcardObserver.prototype = {
+  observe: function(subject, topic, data) {
+    equal(topic, this.type, "Observed and expected types should match");
+    equal(gExpectedTokenLabel, data,
+          "Expected and observed token labels should match");
+    Services.obs.removeObserver(this, this.type);
+    do_test_finished();
+  }
+};
+
+function run_test() {
+  Services.obs.addObserver(new SmartcardObserver("smartcard-insert"),
+                           "smartcard-insert", false);
+  Services.obs.addObserver(new SmartcardObserver("smartcard-remove"),
+                           "smartcard-remove", false);
+
+  loadPKCS11TestModule(false);
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_module.js b/security/manager/ssl/tests/unit/test_pkcs11_module.js
new file mode 100644
index 000000000..f00143187
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_module.js
@@ -0,0 +1,121 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 module and
+// the module database.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+const gModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]
+                    .getService(Ci.nsIPKCS11ModuleDB);
+
+function checkTestModuleNotPresent() {
+  let modules = gModuleDB.listModules();
+  ok(modules.hasMoreElements(),
+     "One or more modules should be present with test module not present");
+  while (modules.hasMoreElements()) {
+    let module = modules.getNext().QueryInterface(Ci.nsIPKCS11Module);
+    notEqual(module.name, "PKCS11 Test Module",
+             "Non-test module name shouldn't equal 'PKCS11 Test Module'");
+    ok(!(module.libName && module.libName.includes("pkcs11testmodule")),
+       "Non-test module lib name should not include 'pkcs11testmodule'");
+  }
+
+  throws(() => gModuleDB.findModuleByName("PKCS11 Test Module"),
+         /NS_ERROR_FAILURE/, "Test module should not be findable by name");
+}
+
+/**
+ * Checks that the test module exists in the module list.
+ * Also checks various attributes of the test module for correctness.
+ *
+ * @returns {nsIPKCS11Module}
+ *          The test module.
+ */
+function checkTestModuleExists() {
+  let modules = gModuleDB.listModules();
+  ok(modules.hasMoreElements(),
+     "One or more modules should be present with test module present");
+  let testModule = null;
+  while (modules.hasMoreElements()) {
+    let module = modules.getNext().QueryInterface(Ci.nsIPKCS11Module);
+    if (module.name == "PKCS11 Test Module") {
+      testModule = module;
+      break;
+    }
+  }
+  notEqual(testModule, null, "Test module should have been found");
+  notEqual(testModule.libName, null, "Test module lib name should not be null");
+  ok(testModule.libName.includes(ctypes.libraryName("pkcs11testmodule")),
+     "Test module lib name should include lib name of 'pkcs11testmodule'");
+
+  notEqual(gModuleDB.findModuleByName("PKCS11 Test Module"), null,
+           "Test module should be findable by name");
+
+  return testModule;
+}
+
+function run_test() {
+  // Check that if we have never added the test module, that we don't find it
+  // in the module list.
+  checkTestModuleNotPresent();
+
+  // Check that adding the test module makes it appear in the module list.
+  loadPKCS11TestModule(true);
+  let testModule = checkTestModuleExists();
+
+  // Check that listing the slots for the test module works.
+  let slots = testModule.listSlots();
+  let testModuleSlotNames = [];
+  while (slots.hasMoreElements()) {
+    let slot = slots.getNext().QueryInterface(Ci.nsIPKCS11Slot);
+    testModuleSlotNames.push(slot.name);
+  }
+  testModuleSlotNames.sort();
+  const expectedSlotNames = ["Test PKCS11 Slot", "Test PKCS11 Slot 二"];
+  deepEqual(testModuleSlotNames, expectedSlotNames,
+            "Actual and expected slot names should be equal");
+
+  // Check that finding the test slot by name is possible, and that trying to
+  // find a non-present slot fails.
+  notEqual(testModule.findSlotByName("Test PKCS11 Slot"), null,
+           "Test slot should be findable by name");
+  throws(() => testModule.findSlotByName("Not Present"), /NS_ERROR_FAILURE/,
+         "Non-present slot should not be findable by name");
+
+  // Check that the strangely named nsIPKCS11ModuleDB.findSlotByName() works.
+  // In particular, a comment in nsPKCS11Slot.cpp notes that the method
+  // "is essentially the same as nsIPK11Token::findTokenByName, except that it
+  //  returns an nsIPKCS11Slot".
+  let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"]
+                       .getService(Ci.nsIStringBundleService);
+  let bundle =
+    strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties");
+  let internalTokenName = bundle.GetStringFromName("PrivateTokenDescription");
+  let internalTokenAsSlot = gModuleDB.findSlotByName(internalTokenName);
+  notEqual(internalTokenAsSlot, null,
+           "Internal 'slot' should be findable by name via the module DB");
+  ok(internalTokenAsSlot instanceof Ci.nsIPKCS11Slot,
+     "Module DB findSlotByName() should return a token as an nsIPKCS11Slot");
+  equal(internalTokenAsSlot.name,
+        bundle.GetStringFromName("PrivateSlotDescription"),
+        "Spot check: actual and expected internal 'slot' names should be equal");
+  throws(() => gModuleDB.findSlotByName("Not Present"), /NS_ERROR_FAILURE/,
+         "Non-present 'slot' should not be findable by name via the module DB");
+
+  // Check that deleting the test module makes it disappear from the module list.
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  pkcs11.deleteModule("PKCS11 Test Module");
+  checkTestModuleNotPresent();
+
+  // Check miscellaneous module DB methods and attributes.
+  notEqual(gModuleDB.getInternal(), null,
+           "The internal module should be present");
+  notEqual(gModuleDB.getInternalFIPS(), null,
+           "The internal FIPS module should be present");
+  ok(gModuleDB.canToggleFIPS, "It should be possible to toggle FIPS");
+  ok(!gModuleDB.isFIPSEnabled, "FIPS should not be enabled");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
new file mode 100644
index 000000000..f31d1d494
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
@@ -0,0 +1,29 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test loads a testing PKCS #11 module that simulates a token being
+// inserted and removed from a slot every 50ms. This causes the observer
+// service to broadcast the observation topics "smartcard-insert" and
+// "smartcard-remove", respectively. This test ensures that these events
+// are no longer emitted once the module has been unloaded.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+function run_test() {
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  loadPKCS11TestModule(true);
+  pkcs11.deleteModule("PKCS11 Test Module");
+  Services.obs.addObserver(function() {
+    ok(false, "smartcard-insert event should not have been emitted");
+  }, "smartcard-insert", false);
+  Services.obs.addObserver(function() {
+    ok(false, "smartcard-remove event should not have been emitted");
+  }, "smartcard-remove", false);
+  do_timeout(500, do_test_finished);
+  do_test_pending();
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
new file mode 100644
index 000000000..d64d194e4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
@@ -0,0 +1,49 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// In safe mode, PKCS#11 modules should not be loaded. This test tests this by
+// simulating starting in safe mode and then attempting to load a module.
+
+function run_test() {
+  do_get_profile();
+
+  // Simulate starting in safe mode.
+  let xulRuntime = {
+    inSafeMode: true,
+    logConsoleErrors: true,
+    OS: "XPCShell",
+    XPCOMABI: "noarch-spidermonkey",
+    invalidateCachesOnRestart: function invalidateCachesOnRestart() {
+      // Do nothing
+    },
+    QueryInterface: XPCOMUtils.generateQI([Ci.nsIXULRuntime])
+  };
+
+  let xulRuntimeFactory = {
+    createInstance: function (outer, iid) {
+      if (outer != null) {
+        throw new Error(Cr.NS_ERROR_NO_AGGREGATION);
+      }
+      return xulRuntime.QueryInterface(iid);
+    }
+  };
+
+  let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+  const XULRUNTIME_CONTRACTID = "@mozilla.org/xre/runtime;1";
+  const XULRUNTIME_CID = Components.ID("{f0f0b230-5525-4127-98dc-7bca39059e70}");
+  registrar.registerFactory(XULRUNTIME_CID, "XULRuntime", XULRUNTIME_CONTRACTID,
+                            xulRuntimeFactory);
+
+  // When starting in safe mode, the test module should fail to load.
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  let libraryName = ctypes.libraryName("pkcs11testmodule");
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(libraryName);
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
+  throws(() => pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0),
+         /NS_ERROR_FAILURE/, "addModule should throw when in safe mode");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_slot.js b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
new file mode 100644
index 000000000..8aebf0439
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
@@ -0,0 +1,38 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 slot.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function run_test() {
+  loadPKCS11TestModule(false);
+
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]
+                   .getService(Ci.nsIPKCS11ModuleDB);
+  let testModule = moduleDB.findModuleByName("PKCS11 Test Module");
+  let testSlot = testModule.findSlotByName("Test PKCS11 Slot 二");
+
+  equal(testSlot.name, "Test PKCS11 Slot 二",
+        "Actual and expected name should match");
+  equal(testSlot.desc, "Test PKCS11 Slot 二",
+        "Actual and expected description should match");
+  equal(testSlot.manID, "Test PKCS11 Manufacturer ID",
+        "Actual and expected manufacturer ID should match");
+  equal(testSlot.HWVersion, "0.0",
+        "Actual and expected hardware version should match");
+  equal(testSlot.FWVersion, "0.0",
+        "Actual and expected firmware version should match");
+  equal(testSlot.status, Ci.nsIPKCS11Slot.SLOT_READY,
+        "Actual and expected status should match");
+  equal(testSlot.tokenName, "Test PKCS11 Tokeñ 2 Label",
+        "Actual and expected token name should match");
+
+  let testToken = testSlot.getToken();
+  notEqual(testToken, null, "getToken() should succeed");
+  equal(testToken.tokenLabel, "Test PKCS11 Tokeñ 2 Label",
+        "Spot check: the actual and expected test token labels should be equal");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_token.js b/security/manager/ssl/tests/unit/test_pkcs11_token.js
new file mode 100644
index 000000000..69b2cb384
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_token.js
@@ -0,0 +1,119 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 token, using
+// the internal key token.
+// We don't use either of the test tokens in the test PKCS #11 module because:
+//   1. Test token 1 cyclically inserts and removes itself in a tight loop.
+//      Using token 1 would complicate the test and introduce intermittent
+//      failures.
+//   2. Neither test token implements login or password related functionality.
+//      We want to test such functionality.
+//   3. Using the internal token lets us actually test the internal token works
+//      as expected.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function checkBasicAttributes(token) {
+  let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"]
+                       .getService(Ci.nsIStringBundleService);
+  let bundle =
+    strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties");
+
+  let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
+  equal(token.tokenName, expectedTokenName,
+        "Actual and expected name should match");
+  equal(token.tokenLabel, expectedTokenName,
+        "Actual and expected label should match");
+  equal(token.tokenManID, bundle.GetStringFromName("ManufacturerID"),
+        "Actual and expected manufacturer ID should match");
+  equal(token.tokenHWVersion, "0.0",
+        "Actual and expected hardware version should match");
+  equal(token.tokenFWVersion, "0.0",
+        "Actual and expected firmware version should match");
+  equal(token.tokenSerialNumber, "0000000000000000",
+        "Actual and expected serial number should match");
+}
+
+/**
+ * Checks the various password related features of the given token.
+ * The token should already have been init with a password and be logged into.
+ * The password of the token will be reset after calling this function.
+ *
+ * @param {nsIPK11Token} token
+ *        The token to test.
+ * @param {String} initialPW
+ *        The password that the token should have been init with.
+ */
+function checkPasswordFeaturesAndResetPassword(token, initialPW) {
+  ok(!token.needsUserInit,
+     "Token should not need user init after setting a password");
+
+  equal(token.minimumPasswordLength, 0,
+        "Actual and expected min password length should match");
+
+  token.setAskPasswordDefaults(10, 20);
+  equal(token.getAskPasswordTimes(), 10,
+        "Actual and expected ask password times should match");
+  equal(token.getAskPasswordTimeout(), 20,
+        "Actual and expected ask password timeout should match");
+
+  ok(token.checkPassword(initialPW),
+     "checkPassword() should succeed if the correct initial password is given");
+  token.changePassword(initialPW, "newPW ÿ 一二三");
+  ok(token.checkPassword("newPW ÿ 一二三"),
+     "checkPassword() should succeed if the correct new password is given");
+
+  ok(!token.checkPassword("wrongPW"),
+     "checkPassword() should fail if an incorrect password is given");
+  ok(!token.isLoggedIn(),
+     "Token should be logged out after an incorrect password was given");
+  ok(!token.needsUserInit,
+     "Token should still be init with a password even if an incorrect " +
+     "password was given");
+
+  token.reset();
+  ok(token.needsUserInit,
+     "Token should need password init after reset");
+  ok(!token.isLoggedIn(), "Token should be logged out of after reset");
+}
+
+function run_test() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+  let token = tokenDB.getInternalKeyToken();
+  notEqual(token, null, "The internal token should be present");
+
+  checkBasicAttributes(token);
+
+  ok(!token.isLoggedIn(), "Token should not be logged into yet");
+  // Test that attempting to log out even when the token was not logged into
+  // does not result in an error.
+  token.logoutSimple();
+  ok(!token.isLoggedIn(), "Token should still not be logged into");
+
+  let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三";
+  token.initPassword(initialPW);
+  token.login(/*force*/ false);
+  ok(token.isLoggedIn(), "Token should now be logged into");
+
+  checkPasswordFeaturesAndResetPassword(token, initialPW);
+
+  // We reset the password previously, so we need to initialize again.
+  token.initPassword("arbitrary");
+  ok(token.isLoggedIn(),
+     "Token should be logged into after initializing password again");
+  token.logoutSimple();
+  ok(!token.isLoggedIn(),
+     "Token should be logged out after calling logoutSimple()");
+
+  ok(!token.isHardwareToken(),
+     "The internal token should not be considered a hardware token");
+  ok(token.isFriendly(),
+     "The internal token should always be considered friendly");
+  ok(token.needsLogin(),
+     "The internal token should always need authentication");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
new file mode 100644
index 000000000..ac382ab82
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
@@ -0,0 +1,45 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods for interfacing with the PKCS #11 token database.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function run_test() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+
+  let tokenListPreLoad = tokenDB.listTokens();
+  while (tokenListPreLoad.hasMoreElements()) {
+    let token = tokenListPreLoad.getNext().QueryInterface(Ci.nsIPK11Token);
+    notEqual(token.tokenLabel, "Test PKCS11 Tokeñ Label",
+             "Test PKCS11 Token 1 should not be listed prior to module load");
+    notEqual(token.tokenLabel, "Test PKCS11 Tokeñ 2 Label",
+             "Test PKCS11 Token 2 should not be listed prior to module load");
+  }
+
+  throws(() => tokenDB.findTokenByName("Test PKCS11 Tokeñ Label"),
+         /NS_ERROR_FAILURE/,
+         "Non-present test token 1 should not be findable by name");
+  throws(() => tokenDB.findTokenByName("Test PKCS11 Tokeñ 2 Label"),
+         /NS_ERROR_FAILURE/,
+         "Non-present test token 2 should not be findable by name");
+
+  loadPKCS11TestModule(false);
+
+  // Test Token 1 is simulated to insert and remove itself in a tight loop, so
+  // we don't bother testing that it's present.
+  let tokenListPostLoad = tokenDB.listTokens();
+  let foundTokenNames = [];
+  while (tokenListPostLoad.hasMoreElements()) {
+    let token = tokenListPostLoad.getNext().QueryInterface(Ci.nsIPK11Token);
+    foundTokenNames.push(token.tokenName);
+  }
+  ok(foundTokenNames.includes("Test PKCS11 Tokeñ 2 Label"),
+     "Test PKCS11 Token 2 should be listed after module load");
+
+  notEqual(tokenDB.findTokenByName("Test PKCS11 Tokeñ 2 Label"), null,
+           "Test token 2 should be findable by name after loading test module");
+}
diff --git a/security/manager/ssl/tests/unit/test_sdr.js b/security/manager/ssl/tests/unit/test_sdr.js
new file mode 100644
index 000000000..3258ec901
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sdr.js
@@ -0,0 +1,87 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various aspects of the nsISecretDecoderRing implementation.
+
+do_get_profile();
+
+let gSetPasswordShownCount = 0;
+
+// Mock implementation of nsITokenPasswordDialogs.
+const gTokenPasswordDialogs = {
+  setPassword: (ctx, tokenName, canceled) => {
+    gSetPasswordShownCount++;
+    do_print(`setPassword() called; shown ${gSetPasswordShownCount} times`);
+    do_print(`tokenName: ${tokenName}`);
+    canceled.value = false;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsITokenPasswordDialogs])
+};
+
+function run_test() {
+  // We have to set a password and login before we attempt to encrypt anything.
+  // In particular, failing to do so will cause the Encrypt() implementation to
+  // pop up a dialog asking for a password to be set. This won't work in the
+  // xpcshell environment and will lead to an assertion.
+  loginToDBWithDefaultPassword();
+
+  let sdr = Cc["@mozilla.org/security/sdr;1"]
+              .getService(Ci.nsISecretDecoderRing);
+
+  // Test valid inputs for encryptString() and decryptString().
+  let inputs = [
+    "",
+    " ", // First printable latin1 character (code point 32).
+    "foo",
+    "1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?",
+    "¡äöüÿ", // Misc + last printable latin1 character (code point 255).
+    "aaa 一二三", // Includes Unicode with code points outside [0, 255].
+  ];
+  for (let input of inputs) {
+    let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                      .createInstance(Ci.nsIScriptableUnicodeConverter);
+    converter.charset = "UTF-8";
+
+    let convertedInput = converter.ConvertFromUnicode(input);
+    convertedInput += converter.Finish();
+
+    let encrypted = sdr.encryptString(convertedInput);
+
+    notEqual(convertedInput, encrypted,
+             "Encrypted input should not just be the input itself");
+
+    try {
+      atob(encrypted);
+    } catch (e) {
+      ok(false, `encryptString() should have returned Base64: ${e}`);
+    }
+
+    equal(convertedInput, sdr.decryptString(encrypted),
+          "decryptString(encryptString(input)) should return input");
+  }
+
+  // Test invalid inputs for decryptString().
+  throws(() => sdr.decryptString("*"), /NS_ERROR_ILLEGAL_VALUE/,
+         "decryptString() should throw if given non-Base64 input");
+
+  // Test calling changePassword() pops up the appropriate dialog.
+  // Note: On Android, nsITokenPasswordDialogs is apparently not implemented,
+  //       which also seems to prevent us from mocking out the interface.
+  if (AppConstants.platform != "android") {
+    let tokenPasswordDialogsCID =
+      MockRegistrar.register("@mozilla.org/nsTokenPasswordDialogs;1",
+                             gTokenPasswordDialogs);
+    do_register_cleanup(() => {
+      MockRegistrar.unregister(tokenPasswordDialogsCID);
+    });
+
+    equal(gSetPasswordShownCount, 0,
+          "changePassword() dialog should have been shown zero times");
+    sdr.changePassword();
+    equal(gSetPasswordShownCount, 1,
+          "changePassword() dialog should have been shown exactly once");
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_session_resumption.js b/security/manager/ssl/tests/unit/test_session_resumption.js
new file mode 100644
index 000000000..eea6b5f54
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_session_resumption.js
@@ -0,0 +1,159 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that PSM makes the correct determination of the security status of
+// loads involving session resumption (i.e. when a TLS handshake bypasses the
+// AuthCertificate callback).
+
+do_get_profile();
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+do_register_cleanup(() => {
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+});
+
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+addCertFromFile(certdb, "bad_certs/evroot.pem", "CTu,,");
+addCertFromFile(certdb, "bad_certs/ev-test-intermediate.pem", ",,");
+
+// For expired.example.com, the platform will make a connection that will fail.
+// Using information gathered at that point, an override will be added and
+// another connection will be made. This connection will succeed. At that point,
+// as long as the session cache isn't cleared, subsequent new connections should
+// use session resumption, thereby bypassing the AuthCertificate hook. We need
+// to ensure that the correct security state is propagated to the new connection
+// information object.
+function add_resume_non_ev_with_override_test() {
+  // This adds the override and makes one successful connection.
+  add_cert_override_test("expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_EXPIRED_CERTIFICATE);
+
+  // This connects again, using session resumption. Note that we don't clear
+  // the TLS session cache between these operations (that would defeat the
+  // purpose).
+  add_connection_test("expired.example.com", PRErrorCodeSuccess, null,
+    (transportSecurityInfo) => {
+      ok(transportSecurityInfo.securityState &
+         Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+         "expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag");
+      let sslStatus = transportSecurityInfo
+                        .QueryInterface(Ci.nsISSLStatusProvider)
+                        .SSLStatus;
+      ok(!sslStatus.isDomainMismatch,
+         "expired.example.com should not have isDomainMismatch set");
+      ok(sslStatus.isNotValidAtThisTime,
+         "expired.example.com should have isNotValidAtThisTime set");
+      ok(!sslStatus.isUntrusted,
+         "expired.example.com should not have isUntrusted set");
+      ok(!sslStatus.isExtendedValidation,
+         "expired.example.com should not have isExtendedValidation set");
+    }
+  );
+}
+
+// Helper function that adds a test that connects to ev-test.example.com and
+// verifies that it validates as EV (or not, if we're running a non-debug
+// build). This assumes that an appropriate OCSP responder is running or that
+// good responses are cached.
+function add_one_ev_test() {
+  add_connection_test("ev-test.example.com", PRErrorCodeSuccess, null,
+    (transportSecurityInfo) => {
+      ok(!(transportSecurityInfo.securityState &
+           Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
+         "ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag");
+      let sslStatus = transportSecurityInfo
+                        .QueryInterface(Ci.nsISSLStatusProvider)
+                        .SSLStatus;
+      ok(!sslStatus.isDomainMismatch,
+         "ev-test.example.com should not have isDomainMismatch set");
+      ok(!sslStatus.isNotValidAtThisTime,
+         "ev-test.example.com should not have isNotValidAtThisTime set");
+      ok(!sslStatus.isUntrusted,
+         "ev-test.example.com should not have isUntrusted set");
+      ok(!gEVExpected || sslStatus.isExtendedValidation,
+         "ev-test.example.com should have isExtendedValidation set " +
+         "(or this is a non-debug build)");
+    }
+  );
+}
+
+// This test is similar, except with extended validation. We should connect
+// successfully, and the certificate should be EV in debug builds. Without
+// clearing the session cache, we should connect successfully again, this time
+// with session resumption. The certificate should again be EV in debug builds.
+function add_resume_ev_test() {
+  const SERVER_PORT = 8888;
+  let expectedRequestPaths = gEVExpected ? [ "ev-test-intermediate", "ev-test" ]
+                                         : [ "ev-test" ];
+  let responseTypes = gEVExpected ? [ "good", "good" ] : [ "good" ];
+  // Since we cache OCSP responses, we only ever actually serve one set.
+  let ocspResponder = startOCSPResponder(SERVER_PORT, "localhost", "bad_certs",
+                                         expectedRequestPaths,
+                                         expectedRequestPaths.slice(),
+                                         null, responseTypes);
+  // We should be able to connect and verify the certificate as EV (in debug
+  // builds).
+  add_one_ev_test();
+  // We should be able to connect again (using session resumption). In debug
+  // builds, the certificate should be noted as EV. Again, it's important that
+  // nothing clears the TLS cache in between these two operations.
+  add_one_ev_test();
+
+  add_test(() => {
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+const statsPtr = getSSLStatistics();
+const toInt32 = ctypes.Int64.lo;
+const GOOD_DOMAIN = "good.include-subdomains.pinning.example.com";
+
+// Connect to the same domain with two origin attributes and check if any ssl
+// session is resumed.
+function add_origin_attributes_test(originAttributes1, originAttributes2,
+                                    resumeExpected) {
+  add_connection_test(GOOD_DOMAIN, PRErrorCodeSuccess, clearSessionCache, null,
+                      null, originAttributes1);
+
+  let hitsBeforeConnect;
+  let missesBeforeConnect;
+  let expectedHits = resumeExpected ? 1 : 0;
+  let expectedMisses = 1 - expectedHits;
+
+  add_connection_test(GOOD_DOMAIN, PRErrorCodeSuccess,
+                      function() {
+                        // Add the hits and misses before connection.
+                        let stats = statsPtr.contents;
+                        hitsBeforeConnect = toInt32(stats.sch_sid_cache_hits);
+                        missesBeforeConnect =
+                          toInt32(stats.sch_sid_cache_misses);
+                      },
+                      function() {
+                        let stats = statsPtr.contents;
+                        equal(toInt32(stats.sch_sid_cache_hits),
+                              hitsBeforeConnect + expectedHits,
+                              "Unexpected cache hits");
+                        equal(toInt32(stats.sch_sid_cache_misses),
+                              missesBeforeConnect + expectedMisses,
+                              "Unexpected cache misses");
+                      }, null, originAttributes2);
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertServer", "bad_certs");
+  add_resume_non_ev_with_override_test();
+  add_resume_ev_test();
+  add_origin_attributes_test({}, {}, true);
+  add_origin_attributes_test({ userContextId: 1 }, { userContextId: 2 }, false);
+  add_origin_attributes_test({ userContextId: 3 }, { userContextId: 3 }, true);
+  add_origin_attributes_test({ firstPartyDomain: "foo.com" },
+                             { firstPartyDomain: "bar.com" }, false);
+  add_origin_attributes_test({ firstPartyDomain: "baz.com" },
+                             { firstPartyDomain: "baz.com" }, true);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js
new file mode 100644
index 000000000..9f2af752d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js
@@ -0,0 +1,42 @@
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
+
+function run_test() {
+  run_next_test();
+}
+
+function check_open_result(name, expectedRv) {
+  return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
+    do_print("openSignedAppFileCallback called for " + name);
+    equal(rv, expectedRv, "Actual and expected return value should match");
+    equal(aZipReader != null, Components.isSuccessCode(expectedRv),
+          "ZIP reader should be null only if the return value denotes failure");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "Signer cert should be null only if the return value denotes failure");
+    run_next_test();
+  };
+}
+
+function original_app_path(test_name) {
+  return do_get_file("test_signed_apps/" + test_name + ".zip", false);
+}
+
+// Test that we no longer trust the test root cert that was originally used
+// during development of B2G 1.0.
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot,
+    original_app_path("test-privileged-app-test-1.0"),
+    check_open_result("test-privileged-app-test-1.0",
+                      getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)));
+});
+
+// Test that we trust the root cert used by by the Firefox Marketplace.
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot,
+    original_app_path("privileged-app-test-1.0"),
+    check_open_result("privileged-app-test-1.0", Cr.NS_OK));
+});
diff --git a/security/manager/ssl/tests/unit/test_signed_apps.js b/security/manager/ssl/tests/unit/test_signed_apps.js
new file mode 100644
index 000000000..819ea767a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps.js
@@ -0,0 +1,233 @@
+"use strict";
+/* To regenerate the certificates and apps for this test:
+
+        cd security/manager/ssl/tests/unit/test_signed_apps
+        PATH=$NSS/bin:$NSS/lib:$PATH ./generate.sh
+        cd ../../../../../..
+        make -C $OBJDIR/security/manager/ssl/tests
+
+   $NSS is the path to NSS binaries and libraries built for the host platform.
+   If you get error messages about "CertUtil" on Windows, then it means that
+   the Windows CertUtil.exe is ahead of the NSS certutil.exe in $PATH.
+
+   Check in the generated files. These steps are not done as part of the build
+   because we do not want to add a build-time dependency on the OpenSSL or NSS
+   tools or libraries built for the host platform.
+*/
+
+// XXX from prio.h
+const PR_RDWR        = 0x04;
+const PR_CREATE_FILE = 0x08;
+const PR_TRUNCATE    = 0x20;
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
+
+// Creates a new app package based in the inFilePath package, with a set of
+// modifications (including possibly deletions) applied to the existing entries,
+// and/or a set of new entries to be included.
+function tamper(inFilePath, outFilePath, modifications, newEntries) {
+  let writer = Cc["@mozilla.org/zipwriter;1"].createInstance(Ci.nsIZipWriter);
+  writer.open(outFilePath, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE);
+  try {
+    let reader = Cc["@mozilla.org/libjar/zip-reader;1"]
+                   .createInstance(Ci.nsIZipReader);
+    reader.open(inFilePath);
+    try {
+      let entries = reader.findEntries("");
+      while (entries.hasMore()) {
+        let entryName = entries.getNext();
+        let inEntry = reader.getEntry(entryName);
+        let entryInput = reader.getInputStream(entryName);
+        try {
+          let f = modifications[entryName];
+          let outEntry, outEntryInput;
+          if (f) {
+            [outEntry, outEntryInput] = f(inEntry, entryInput);
+            delete modifications[entryName];
+          } else {
+            [outEntry, outEntryInput] = [inEntry, entryInput];
+          }
+          // if f does not want the input entry to be copied to the output entry
+          // at all (i.e. it wants it to be deleted), it will return null.
+          if (outEntryInput) {
+            try {
+              writer.addEntryStream(entryName,
+                                    outEntry.lastModifiedTime,
+                                    outEntry.compression,
+                                    outEntryInput,
+                                    false);
+            } finally {
+              if (entryInput != outEntryInput) {
+                outEntryInput.close();
+              }
+            }
+          }
+        } finally {
+          entryInput.close();
+        }
+      }
+    } finally {
+      reader.close();
+    }
+
+    // Any leftover modification means that we were expecting to modify an entry
+    // in the input file that wasn't there.
+    for (let name in modifications) {
+      if (modifications.hasOwnProperty(name)) {
+        throw new Error("input file was missing expected entries: " + name);
+      }
+    }
+
+    // Now, append any new entries to the end
+    newEntries.forEach(function(newEntry) {
+      let sis = Cc["@mozilla.org/io/string-input-stream;1"]
+                  .createInstance(Ci.nsIStringInputStream);
+      try {
+        sis.setData(newEntry.content, newEntry.content.length);
+        writer.addEntryStream(newEntry.name,
+                              new Date(),
+                              Ci.nsIZipWriter.COMPRESSION_BEST,
+                              sis,
+                              false);
+      } finally {
+        sis.close();
+      }
+    });
+  } finally {
+    writer.close();
+  }
+}
+
+function removeEntry(entry, entryInput) { return [null, null]; }
+
+function truncateEntry(entry, entryInput) {
+  if (entryInput.available() == 0) {
+    throw new Error("Truncating already-zero length entry will result in " +
+                    "identical entry.");
+  }
+
+  let content = Cc["@mozilla.org/io/string-input-stream;1"]
+                  .createInstance(Ci.nsIStringInputStream);
+  content.data = "";
+
+  return [entry, content];
+}
+
+function run_test() {
+  run_next_test();
+}
+
+function check_open_result(name, expectedRv) {
+  return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
+    do_print("openSignedAppFileCallback called for " + name);
+    equal(rv, expectedRv, "Actual and expected return value should match");
+    equal(aZipReader != null, Components.isSuccessCode(expectedRv),
+          "ZIP reader should be null only if the return value denotes failure");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "Signer cert should be null only if the return value denotes failure");
+    run_next_test();
+  };
+}
+
+function original_app_path(test_name) {
+  return do_get_file("test_signed_apps/" + test_name + ".zip", false);
+}
+
+function tampered_app_path(test_name) {
+  return FileUtils.getFile("TmpD", ["test_signed_app-" + test_name + ".zip"]);
+}
+
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("valid_app_1"),
+    check_open_result("valid", Cr.NS_OK));
+});
+
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unsigned_app_1"),
+    check_open_result("unsigned", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED));
+});
+
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unknown_issuer_app_1"),
+    check_open_result("unknown_issuer",
+                      getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)));
+});
+
+// Sanity check to ensure a no-op tampering gives a valid result
+add_test(function () {
+  let tampered = tampered_app_path("identity_tampering");
+  tamper(original_app_path("valid_app_1"), tampered, { }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("valid_app_1"),
+    check_open_result("identity_tampering", Cr.NS_OK));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_rsa");
+  tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.RSA": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_rsa", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_sf");
+  tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.SF": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_sf", Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_manifest_mf");
+  tamper(original_app_path("valid_app_1"), tampered, { "META-INF/MANIFEST.MF": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_manifest_mf",
+                      Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_entry");
+  tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_entry", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("truncated_entry");
+  tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": truncateEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("truncated_entry", Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("unsigned_entry");
+  tamper(original_app_path("valid_app_1"), tampered, {},
+    [ { "name": "unsigned.txt", "content": "unsigned content!" } ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("unsigned_entry", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("unsigned_metainf_entry");
+  tamper(original_app_path("valid_app_1"), tampered, {},
+    [ { name: "META-INF/unsigned.txt", content: "unsigned content!" } ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("unsigned_metainf_entry",
+                      Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY));
+});
+
+// TODO: tampered MF, tampered SF
+// TODO: too-large MF, too-large RSA, too-large SF
+// TODO: MF and SF that end immediately after the last main header
+//       (no CR nor LF)
+// TODO: broken headers to exercise the parser
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md
new file mode 100644
index 000000000..5c6201534
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md
@@ -0,0 +1,18 @@
+This file contains the scripts and binary files needed to regenerate the signed
+files used on the signed apps test.
+
+Prerequisites:
+
+* NSS 3.4 or higher.
+* Python 2.7 (should work with 2.6 also)
+* Bash
+
+Usage:
+
+Run
+
+./create_test_files.sh
+
+The new test files will be created at the ./testApps directory. Just copy the
+contents of this directory to the test directory (dom/apps/tests/signed and
+security/manager/ssl/tests/unit) to use the new files.
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh
new file mode 100755
index 000000000..e211c3685
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh
@@ -0,0 +1,213 @@
+#!/bin/bash
+
+export NSS_DEFAULT_DB_TYPE=sql
+
+export BASE_PATH=`dirname $0`
+export SIGN_SCR_LOC=.
+export APPS_TEST_LOC=../../../../../../../dom/apps/tests/signed
+export TOOLKIT_WEBAPPS_TEST_LOC=../../../../../../../toolkit/webapps/tests/data/
+
+# Creates the entry zip files (unsigned apps) from the source directories
+packageApps() {
+APPS="unsigned_app_1 unsigned_app_origin unsigned_app_origin_toolkit_webapps"
+OLD_PWD=`pwd`
+cd ${BASE_PATH}
+for i in $APPS
+do
+  echo "Creating $i.zip"
+  cd $i && zip -r ../$i.zip . && cd ..
+done
+cd ${OLD_PWD}
+}
+
+
+# Function to create a signing database
+# Parameters:
+# $1: Output directory (where the DB will be created)
+createDb() {
+
+  db=$1
+
+  mkdir -p $db
+
+  # Insecure by design, so... please don't use this for anything serious
+  passwordfile=$db/passwordfile
+
+  echo insecurepassword > $passwordfile
+  certutil -d $db -N -f $passwordfile 2>&1 >/dev/null
+
+}
+
+# Add a CA cert and a signing cert to the database
+# Arguments:
+#   $1: DB directory
+#   $2: CA CN (don't include the CN=, just the value)
+#   $3: Signing Cert CN (don't include the CN=, just the value)
+#   $4: CA short name (don't use spaces!)
+#   $5: Signing Cert short name (don't use spaces!)
+addCerts() {
+  org="O=Examplla Corporation,L=Mountain View,ST=CA,C=US"
+  ca_subj="CN=${2},${org}"
+  ee_subj="CN=${3},${org}"
+
+  noisefile=/tmp/noise.$$
+  head -c 32 /dev/urandom > $noisefile
+
+  ca_responses=/tmp/caresponses.$$
+  ee_responses=/tmp/earesponses
+
+  echo y >  $ca_responses # Is this a CA?
+  echo >>   $ca_responses # Accept default path length constraint (no constraint)
+  echo y >> $ca_responses # Is this a critical constraint?
+  echo n >  $ee_responses # Is this a CA?
+  echo >>   $ee_responses # Accept default path length constraint (no constraint)
+  echo y >> $ee_responses # Is this a critical constraint?
+
+  make_cert="certutil -d $db -f $passwordfile -S -g 2048 -Z SHA256 \
+                    -z $noisefile -y 3 -2 --extKeyUsage critical,codeSigning"
+  $make_cert -v 480 -n ${4}        -m 1 -s "$ca_subj" \
+      --keyUsage critical,certSigning      -t ",,CTu" -x < $ca_responses 2>&1 >/dev/null
+  $make_cert -v 240 -n ${5} -c ${4} -m 2 -s "$ee_subj" \
+      --keyUsage critical,digitalSignature -t ",,,"      < $ee_responses 2>&1 >/dev/null
+
+  # In case we want to inspect the generated certs
+
+  # Also, we'll need this one later on
+  certutil -d $db -L -n ${4} -r -o $db/${4}.der
+  certutil -d $db -L -n ${5} -r -o $db/${5}.der
+
+  rm -f $noisefile $ee_responses $ca_responses
+}
+
+
+# Signs an app
+# Parameters:
+# $1: Database directory
+# $2: Unsigned ZIP file path
+# $3: Signed ZIP file path
+# $4: Store ID for the signed App
+# $5: Version of the signed App
+# $6: Nickname of the signing certificate
+signApp() {
+
+  db=$1
+
+  # Once again, this is INSECURE. It doesn't matter here but
+  # DON'T use this for anything production related
+  passwordfile=$db/passwordfile
+
+  python ${BASE_PATH}/${SIGN_SCR_LOC}/sign_b2g_app.py -d $db -f $passwordfile \
+         -k ${6} -i ${2} -o ${3} -S ${4} -V ${5}
+}
+
+DB_PATH=${BASE_PATH}/signingDB
+TEST_APP_PATH=${BASE_PATH}/testApps
+
+echo "Warning! The directories ${DB_PATH} and ${TEST_APP_PATH} will be erased!"
+echo "Do you want to proceed anyway?"
+select answer in "Yes" "No"
+do
+  case $answer in
+    Yes) break;;
+    No) exit 1;;
+  esac
+done
+
+rm -rf ${DB_PATH} ${TEST_APP_PATH}
+
+TRUSTED_EE=trusted_ee1
+UNTRUSTED_EE=untrusted_ee1
+TRUSTED_CA=trusted_ca1
+UNTRUSTED_CA=untrusted_ca1
+
+# First, we'll create a new couple of signing DBs
+createDb $DB_PATH
+addCerts $DB_PATH "Valid CA" "Store Cert" trusted_ca1 ${TRUSTED_EE}
+addCerts $DB_PATH "Invalid CA" "Invalid Cert" ${UNTRUSTED_CA} ${UNTRUSTED_EE}
+
+# Then we'll create the unsigned apps
+echo "Creating unsigned apps"
+packageApps
+
+# And then we'll create all the test apps...
+mkdir -p ${TEST_APP_PATH}
+
+# We need:
+# A valid signed file, with two different versions:
+#    valid_app_1.zip
+#    valid_app_2.zip
+VALID_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \
+        $TEST_APP_PATH/valid_app_1.zip \
+        $VALID_UID 1 ${TRUSTED_EE}
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \
+        $TEST_APP_PATH/valid_app_2.zip \
+        $VALID_UID 2 ${TRUSTED_EE}
+
+
+# A corrupt_package:
+#    corrupt_app_1.zip
+# A corrupt package is a package with a entry modified, for example...
+CURDIR=`pwd`
+export TEMP_DIR=$TEST_APP_PATH/aux_unzip_$$
+mkdir -p $TEMP_DIR
+cd  $TEMP_DIR
+unzip ../valid_app_1.zip 2>&1 >/dev/null
+echo " - " >> index.html
+zip -r ../corrupt_app_1.zip * 2>&1 >/dev/null
+cd $CURDIR
+rm -rf $TEMP_DIR
+
+# A file signed by a unknown issuer
+#    unknown_issuer_app_1.zip
+INVALID_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \
+        $TEST_APP_PATH/unknown_issuer_app_1.zip \
+        $INVALID_UID 1 ${UNTRUSTED_EE}
+
+# And finally a priviledged signed file that includes the origin on the manifest
+# to avoid that reverting again
+PRIV_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_origin.zip \
+        $TEST_APP_PATH/origin_app_1.zip \
+        $PRIV_UID 1 ${TRUSTED_EE}
+
+# A privileged signed app needed for a toolkit/webapps test
+PRIV_TOOLKIT_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_origin_toolkit_webapps.zip \
+        $TEST_APP_PATH/custom_origin.zip \
+        $PRIV_TOOLKIT_UID 1 ${TRUSTED_EE}
+
+# Now let's copy the trusted cert to the app directory so we have everything
+# on the same place...
+cp ${DB_PATH}/${TRUSTED_CA}.der ${TEST_APP_PATH}
+
+cat <<EOF
+
+All done. The new test files are in ${TEST_APP_PATH}. You should copy the
+contents of that directory to the dom/apps/tests/signed directory and to
+the security/manager/ssl/tests/unit/test_signed_apps (which should be the
+parent of this directory) to install them.
+
+EOF
+
+echo "Do you wish me to do that for you now?"
+select answer in "Yes" "No"
+do
+  case $answer in
+    Yes) break;;
+    No) echo "Ok, not installing the new files"
+        echo "You should run: "
+        echo cp ${TEST_APP_PATH}/* ${BASE_PATH}/${APPS_TEST_LOC}
+        echo cp ${TEST_APP_PATH}/* ${TEST_APP_PATH}/../unsigned_app_1.zip ${BASE_PATH}/..
+        echo cp ${TEST_APP_PATH}/* ${BASE_PATH}/${TOOLKIT_WEBAPPS_TEST_LOC}
+        echo "to install them"
+        exit 0;;
+  esac
+done
+
+cp ${TEST_APP_PATH}/* ${BASE_PATH}/${APPS_TEST_LOC}
+cp ${TEST_APP_PATH}/* ${TEST_APP_PATH}/../unsigned_app_1.zip ${BASE_PATH}/..
+cp ${TEST_APP_PATH}/* ${BASE_PATH}/${TOOLKIT_WEBAPPS_TEST_LOC}
+
+echo "Done!"
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py
new file mode 100644
index 000000000..35ca92959
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py
@@ -0,0 +1,129 @@
+from ctypes import *
+import os
+import sys
+
+if sys.platform == 'darwin':
+  libprefix = "lib"
+  libsuffix = ".dylib"
+elif os.name == 'posix':
+  libprefix = "lib"
+  libsuffix = ".so"
+else: # assume windows
+  libprefix = ""
+  libsuffix = ".dll"
+
+plc   = cdll.LoadLibrary(libprefix + "plc4"   + libsuffix)
+nspr  = cdll.LoadLibrary(libprefix + "nspr4"  + libsuffix)
+nss   = cdll.LoadLibrary(libprefix + "nss3"   + libsuffix)
+smime = cdll.LoadLibrary(libprefix + "smime3" + libsuffix)
+
+nspr.PR_GetError.argtypes = []
+nspr.PR_GetError.restype = c_int32
+nspr.PR_ErrorToName.argtypes = [c_int32]
+nspr.PR_ErrorToName.restype = c_char_p
+
+def raise_if_not_SECSuccess(rv):
+  SECSuccess = 0
+  if (rv != SECSuccess):
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+
+def raise_if_NULL(p):
+  if not p:
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+  return p
+
+PRBool = c_int
+SECStatus = c_int
+
+# from secoidt.h
+SEC_OID_SHA1 = 4
+
+# from certt.h
+certUsageObjectSigner = 6
+
+class SECItem(Structure):
+  _fields_ = [("type", c_int),
+              ("data", c_char_p),
+              ("len", c_uint)]
+
+nss.NSS_Init.argtypes = [c_char_p]
+nss.NSS_Init.restype = SECStatus
+def NSS_Init(db_dir):
+  nss.NSS_Init.argtypes = [c_char_p]
+  nss.NSS_Init.restype = SECStatus
+  raise_if_not_SECSuccess(nss.NSS_Init(db_dir))
+
+nss.NSS_Shutdown.argtypes = []
+nss.NSS_Shutdown.restype = SECStatus
+def NSS_Shutdown():
+  raise_if_not_SECSuccess(nss.NSS_Shutdown())
+
+PK11PasswordFunc = CFUNCTYPE(c_char_p, c_void_p, PRBool, c_char_p)
+
+# pass the result of this as the wincx parameter when a wincx is required
+nss.PK11_SetPasswordFunc.argtypes = [PK11PasswordFunc]
+nss.PK11_SetPasswordFunc.restype = None
+
+# Set the return type as *void so Python doesn't touch it
+plc.PL_strdup.argtypes = [c_char_p]
+plc.PL_strdup.restype = c_void_p
+def SetPasswordContext(password):
+  def callback(slot, retry, arg):
+    return plc.PL_strdup(password)
+  wincx = PK11PasswordFunc(callback)
+  nss.PK11_SetPasswordFunc(wincx)
+  return wincx
+
+nss.CERT_GetDefaultCertDB.argtypes = []
+nss.CERT_GetDefaultCertDB.restype = c_void_p
+def CERT_GetDefaultCertDB():
+  return raise_if_NULL(nss.CERT_GetDefaultCertDB())
+
+nss.PK11_FindCertFromNickname.argtypes = [c_char_p, c_void_p]
+nss.PK11_FindCertFromNickname.restype = c_void_p
+def PK11_FindCertFromNickname(nickname, wincx):
+  return raise_if_NULL(nss.PK11_FindCertFromNickname(nickname, wincx))
+
+nss.CERT_DestroyCertificate.argtypes = [c_void_p]
+nss.CERT_DestroyCertificate.restype = None
+def CERT_DestroyCertificate(cert):
+  nss.CERT_DestroyCertificate(cert)
+
+smime.SEC_PKCS7CreateSignedData.argtypes = [c_void_p, c_int, c_void_p,
+                                            c_int, c_void_p,
+                                            c_void_p, c_void_p]
+smime.SEC_PKCS7CreateSignedData.restype = c_void_p
+def SEC_PKCS7CreateSignedData(cert, certusage, certdb, digestalg, digest, wincx):
+  item = SECItem(0,  c_char_p(digest), len(digest))
+  return raise_if_NULL(smime.SEC_PKCS7CreateSignedData(cert, certusage, certdb,
+                                                       digestalg,
+                                                       pointer(item),
+                                                       None, wincx))
+
+smime.SEC_PKCS7AddSigningTime.argtypes = [c_void_p]
+smime.SEC_PKCS7AddSigningTime.restype = SECStatus
+def SEC_PKCS7AddSigningTime(p7):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7AddSigningTime(p7))
+
+smime.SEC_PKCS7IncludeCertChain.argtypes = [c_void_p, c_void_p]
+smime.SEC_PKCS7IncludeCertChain.restype = SECStatus
+def SEC_PKCS7IncludeCertChain(p7, wincx):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7IncludeCertChain(p7, wincx))
+
+SEC_PKCS7EncoderOutputCallback = CFUNCTYPE(None, c_void_p, c_void_p, c_long)
+smime.SEC_PKCS7Encode.argtypes = [c_void_p, SEC_PKCS7EncoderOutputCallback,
+                                  c_void_p, c_void_p, c_void_p, c_void_p]
+smime.SEC_PKCS7Encode.restype = SECStatus
+def SEC_PKCS7Encode(p7, bulkkey, wincx):
+  outputChunks = []
+  def callback(chunks, data, len):
+    outputChunks.append(string_at(data, len))
+  callbackWrapper = SEC_PKCS7EncoderOutputCallback(callback)
+  raise_if_not_SECSuccess(smime.SEC_PKCS7Encode(p7, callbackWrapper,
+                                                None, None, None, wincx))
+  return "".join(outputChunks)
+
+smime.SEC_PKCS7DestroyContentInfo.argtypes = [c_void_p]
+smime.SEC_PKCS7DestroyContentInfo.restype = None
+def SEC_PKCS7DestroyContentInfo(p7):
+  smime.SEC_PKCS7DestroyContentInfo(p7)
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py
new file mode 100644
index 000000000..89b385a9b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py
@@ -0,0 +1,174 @@
+import argparse
+from base64 import b64encode
+from hashlib import sha1
+import sys
+import zipfile
+import ctypes
+
+import nss_ctypes
+
+# Change the limits in JarSignatureVerification.cpp when you change the limits
+# here.
+max_entry_uncompressed_len = 100 * 1024 * 1024
+max_total_uncompressed_len = 500 * 1024 * 1024
+max_entry_count = 100 * 1000
+max_entry_filename_len = 1024
+max_mf_len = max_entry_count * 50
+max_sf_len = 1024
+
+
+
+def nss_load_cert(nss_db_dir, nss_password, cert_nickname):
+  nss_ctypes.NSS_Init(nss_db_dir)
+  try:
+    wincx = nss_ctypes.SetPasswordContext(nss_password)
+    cert = nss_ctypes.PK11_FindCertFromNickname(cert_nickname, wincx)
+    return (wincx, cert)
+  except:
+    nss_ctypes.NSS_Shutdown()
+    raise
+
+def nss_create_detached_signature(cert, dataToSign, wincx):
+  certdb = nss_ctypes.CERT_GetDefaultCertDB()
+  p7 = nss_ctypes.SEC_PKCS7CreateSignedData(cert,
+                                            nss_ctypes.certUsageObjectSigner,
+                                            certdb,
+                                            nss_ctypes.SEC_OID_SHA1,
+                                            sha1(dataToSign).digest(),
+                                            wincx       )
+  try:
+    nss_ctypes.SEC_PKCS7AddSigningTime(p7)
+    nss_ctypes.SEC_PKCS7IncludeCertChain(p7, wincx)
+    return nss_ctypes.SEC_PKCS7Encode(p7, None, wincx)
+  finally:
+    nss_ctypes.SEC_PKCS7DestroyContentInfo(p7)
+
+# We receive a ids_json string for the toBeSigned app
+def sign_zip(in_zipfile_name, out_zipfile_name, cert, wincx, ids_json):
+  mf_entries = []
+  seen_entries = set()
+
+  total_uncompressed_len = 0
+  entry_count = 0
+  with zipfile.ZipFile(out_zipfile_name, 'w') as out_zip:
+    with zipfile.ZipFile(in_zipfile_name, 'r') as in_zip:
+      for entry_info in in_zip.infolist():
+        name = entry_info.filename
+
+        # Check for reserved and/or insane (potentially malicious) names
+        if name.endswith("/"):
+          pass
+          # Do nothing; we don't copy directory entries since they are just a
+          # waste of space.
+        elif name.lower().startswith("meta-inf/"):
+          # META-INF/* is reserved for our use
+          raise ValueError("META-INF entries are not allowed: %s" % (name))
+        elif len(name) > max_entry_filename_len:
+          raise ValueError("Entry's filename is too long: %s" % (name))
+        # TODO: elif name has invalid characters...
+        elif name in seen_entries:
+          # It is possible for a zipfile to have duplicate entries (with the exact
+          # same filenames). Python's zipfile module accepts them, but our zip
+          # reader in Gecko cannot do anything useful with them, and there's no
+          # sane reason for duplicate entries to exist, so reject them.
+          raise ValueError("Duplicate entry in input file: %s" % (name))
+        else:
+          entry_count += 1
+          if entry_count > max_entry_count:
+            raise ValueError("Too many entries in input archive")
+
+          seen_entries.add(name)
+
+          # Read in the input entry, but be careful to avoid going over the
+          # various limits we have, to minimize the likelihood that we'll run
+          # out of memory. Note that we can't use the length from entry_info
+          # because that might not be accurate if the input zip file is
+          # maliciously crafted to contain misleading metadata.
+          with in_zip.open(name, 'r') as entry_file:
+            contents = entry_file.read(max_entry_uncompressed_len + 1)
+          if len(contents) > max_entry_uncompressed_len:
+            raise ValueError("Entry is too large: %s" % (name))
+          total_uncompressed_len += len(contents)
+          if total_uncompressed_len > max_total_uncompressed_len:
+            raise ValueError("Input archive is too large")
+
+          # Copy the entry, using the same compression as used in the input file
+          out_zip.writestr(entry_info, contents)
+
+          # Add the entry to the manifest we're building
+          mf_entries.append('Name: %s\nSHA1-Digest: %s\n'
+                                % (name, b64encode(sha1(contents).digest())))
+    if (ids_json):
+      mf_entries.append('Name: %s\nSHA1-Digest: %s\n'
+                        % ("META-INF/ids.json", b64encode(sha1(ids_json).digest())))
+
+    mf_contents = 'Manifest-Version: 1.0\n\n' + '\n'.join(mf_entries)
+    if len(mf_contents) > max_mf_len:
+      raise ValueError("Generated MANIFEST.MF is too large: %d" % (len(mf_contents)))
+
+    sf_contents = ('Signature-Version: 1.0\nSHA1-Digest-Manifest: %s\n'
+                                % (b64encode(sha1(mf_contents).digest())))
+    if len(sf_contents) > max_sf_len:
+      raise ValueError("Generated SIGNATURE.SF is too large: %d"
+                          % (len(mf_contents)))
+
+    p7 = nss_create_detached_signature(cert, sf_contents, wincx)
+
+    # write the signature, SF, and MF
+    out_zip.writestr("META-INF/A.RSA", p7, zipfile.ZIP_DEFLATED)
+    out_zip.writestr("META-INF/A.SF",  sf_contents, zipfile.ZIP_DEFLATED)
+    out_zip.writestr("META-INF/MANIFEST.MF", mf_contents, zipfile.ZIP_DEFLATED)
+    if (ids_json):
+        out_zip.writestr("META-INF/ids.json", ids_json, zipfile.ZIP_DEFLATED)
+
+def main():
+  parser = argparse.ArgumentParser(description='Sign a B2G app.')
+  parser.add_argument('-d', action='store',
+                            required=True, help='NSS database directory')
+  parser.add_argument('-f', action='store',
+                            type=argparse.FileType('rb'),
+                            required=True, help='password file')
+  parser.add_argument('-k', action='store',
+                            required=True, help="nickname of signing cert.")
+  parser.add_argument('-i', action='store', type=argparse.FileType('rb'),
+                            required=True, help="input JAR file (unsigned)")
+  parser.add_argument('-o', action='store', type=argparse.FileType('wb'),
+                            required=True, help="output JAR file (signed)")
+  parser.add_argument('-I', '--ids-file', action='store', type=argparse.FileType('rb'),
+                     help="Path to the ids.json file", dest='I')
+  parser.add_argument('-S', '--storeId', action='store',
+                      help="Store Id for the package", dest='S')
+  parser.add_argument('-V', '--storeVersion', action='store', type=int,
+                      help="Package Version", dest='V')
+  args = parser.parse_args()
+
+  # Sadly nested groups and neccesarily inclusive groups (http://bugs.python.org/issue11588)
+  # are not implemented. Note that this means the automatic help is slighty incorrect
+  if not((not args.I and args.V and args.S) or (args.I and not args.V and not args.S)):
+      raise ValueError("Either -I or -S and -V must be specified")
+
+  if (args.I):
+    ids_contents = args.I.read(max_entry_uncompressed_len+1)
+  else:
+    ids_contents = '''{
+  "id": "%(id)s",
+  "version": %(version)d
+}
+''' % {"id": args.S, "version": args.V}
+  if len(ids_contents) > max_entry_uncompressed_len:
+    raise ValueError("Entry is too large: %s" % (name))
+
+  db_dir = args.d
+  password = args.f.readline().strip()
+  cert_nickname = args.k
+
+  (wincx, cert) = nss_load_cert(db_dir, password, cert_nickname)
+  try:
+    sign_zip(args.i, args.o, cert, wincx, ids_contents)
+    return 0
+  finally:
+    nss_ctypes.CERT_DestroyCertificate(cert)
+    nss_ctypes.NSS_Shutdown()
+
+if __name__ == "__main__":
+    sys.exit(main())
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png
new file mode 100644
index 000000000..d6fd07a41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html
new file mode 100644
index 000000000..2acf635e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html
@@ -0,0 +1,6 @@
+<!doctype html>

+<html lang=en>

+<head><meta charset=utf-8><title>Simple App</title></head>

+<body><p>This is a Simple App.</body>

+</html>

+

diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp
new file mode 100644
index 000000000..447cd1e71
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp
@@ -0,0 +1,8 @@
+{ "name": "Simple App"
+, "description": "A Simple Open Web App"
+, "launch_path": "tests/dom/apps/tests/signed_app.sjs"
+, "icons": { "128" : "icon-128.png" }
+, "installs_allowed_from": [ "https://marketplace.mozilla.com", "http://mochi.test:8888" ]
+, "version": 1
+, "default_locale": "en-US"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png
new file mode 100644
index 000000000..d6fd07a41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html
new file mode 100644
index 000000000..9f2adf57b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html
@@ -0,0 +1,6 @@
+<!doctype html>
+<html lang=en>
+<head><meta charset=utf-8><title>Simple App</title></head>
+<body><p>This is a Simple App.</body>
+</html>
+
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp
new file mode 100644
index 000000000..d2393e3c3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp
@@ -0,0 +1,10 @@
+{ "name": "Simple App",
+  "description": "A Simple Open Web App",
+  "type": "privileged",
+  "origin": "app://test.origin.privileged.app",
+  "launch_path": "tests/dom/apps/tests/signed_app.sjs",
+  "icons": { "128" : "icon-128.png" },
+  "installs_allowed_from": [ "https://marketplace.mozilla.com", "http://mochi.test:8888" ],
+  "version": 1,
+  "default_locale": "en-US"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html
new file mode 100644
index 000000000..12c6881c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Test app</title>
+</head>
+<body>
+Test app:
+<iframe src="http://127.0.0.1:8888/chrome/toolkit/webapps/tests/app.sjs?appreq"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp
new file mode 100644
index 000000000..55103ca5a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp
@@ -0,0 +1,9 @@
+{
+  "name": "Custom Origin Test",
+  "version": 1,
+  "size": 777,
+  "package_path": "custom_origin.zip",
+  "launch_path": "/index.html",
+  "origin": "app://test.origin.privileged.app",
+  "type": "privileged"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip b/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip
new file mode 100644
index 000000000..3a12106c8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip b/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip
new file mode 100644
index 000000000..ec137ea14
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der b/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der
new file mode 100644
index 000000000..0200a7f35
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip
new file mode 100644
index 000000000..374e45f6f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip
new file mode 100644
index 000000000..731e050ab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip
new file mode 100644
index 000000000..74a35a420
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_dir.js b/security/manager/ssl/tests/unit/test_signed_dir.js
new file mode 100644
index 000000000..b07fd2285
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_dir.js
@@ -0,0 +1,201 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that signed extensions extracted/unpacked into a directory work pass
+// verification when non-tampered, and fail verification when tampered via
+// various means.
+
+const { ZipUtils } = Cu.import("resource://gre/modules/ZipUtils.jsm", {});
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+/**
+ * Signed test extension. This is any arbitrary Mozilla signed XPI that
+ * preferably has recently been signed (but note that it actually doesn't
+ * matter, since we ignore expired certificates when checking signing).
+ * @type nsIFile
+ */
+var gSignedXPI =
+  do_get_file("test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi", false);
+/**
+ * The directory that the test extension will be extracted to.
+ * @type nsIFile
+ */
+var gTarget = FileUtils.getDir("TmpD", ["test_signed_dir"]);
+gTarget.createUnique(Ci.nsIFile.DIRECTORY_TYPE, FileUtils.PERMS_DIRECTORY);
+
+/**
+ * Each property below is optional. Defining none of them means "don't tamper".
+ *
+ * @typedef {TamperInstructions}
+ * @type Object
+ * @property {String[][]} copy
+ *           Format: [[path,newname], [path2,newname2], ...]
+ *           Copy the file located at |path| and name it |newname|.
+ * @property {String[]} delete
+ *           List of paths to files to delete.
+ * @property {String[]} corrupt
+ *           List of paths to files to corrupt.
+ */
+
+/**
+ * Extracts the signed XPI into a directory, and tampers the files in that
+ * directory if instructed.
+ *
+ * @param {TamperInstructions} tamper
+ *        Instructions on whether to tamper any files, and if so, how.
+ * @returns {nsIFile}
+ *          The directory where the XPI was extracted to.
+ */
+function prepare(tamper) {
+  ZipUtils.extractFiles(gSignedXPI, gTarget);
+
+  // copy files
+  if (tamper.copy) {
+    tamper.copy.forEach(i => {
+      let f = gTarget.clone();
+      i[0].split("/").forEach(seg => { f.append(seg); });
+      f.copyTo(null, i[1]);
+    });
+  }
+
+  // delete files
+  if (tamper.delete) {
+    tamper.delete.forEach(i => {
+      let f = gTarget.clone();
+      i.split("/").forEach(seg => { f.append(seg); });
+      f.remove(true);
+    });
+  }
+
+  // corrupt files
+  if (tamper.corrupt) {
+    tamper.corrupt.forEach(i => {
+      let f = gTarget.clone();
+      i.split("/").forEach(seg => { f.append(seg); });
+      let s = FileUtils.openFileOutputStream(f, FileUtils.MODE_WRONLY);
+      const str = "Kilroy was here";
+      s.write(str, str.length);
+      s.close();
+    });
+  }
+
+  return gTarget;
+}
+
+function checkResult(expectedRv, dir, resolve) {
+  return function verifySignedDirCallback(rv, aSignerCert) {
+    equal(rv, expectedRv, "Actual and expected return value should match");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "expecting certificate:");
+    dir.remove(true);
+    resolve();
+  };
+}
+
+function verifyDirAsync(expectedRv, tamper) {
+  let targetDir = prepare(tamper);
+  return new Promise((resolve, reject) => {
+    certdb.verifySignedDirectoryAsync(
+      Ci.nsIX509CertDB.AddonsPublicRoot, targetDir,
+      checkResult(expectedRv, targetDir, resolve));
+  });
+}
+
+//
+// the tests
+//
+add_task(function* testValid() {
+  yield verifyDirAsync(Cr.NS_OK, {} /* no tampering */);
+});
+
+add_task(function* testNoMetaDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED,
+                       {delete: ["META-INF"]});
+});
+
+add_task(function* testEmptyMetaDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED,
+                       {delete: ["META-INF/mozilla.rsa",
+                                 "META-INF/mozilla.sf",
+                                 "META-INF/manifest.mf"]});
+});
+
+add_task(function* testTwoRSAFiles() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {copy: [["META-INF/mozilla.rsa", "extra.rsa"]]});
+});
+
+add_task(function* testCorruptRSAFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {corrupt: ["META-INF/mozilla.rsa"]});
+});
+
+add_task(function* testMissingSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {delete: ["META-INF/mozilla.sf"]});
+});
+
+add_task(function* testCorruptSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {corrupt: ["META-INF/mozilla.sf"]});
+});
+
+add_task(function* testExtraInvalidSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["META-INF/mozilla.rsa", "extra.sf"]]});
+});
+
+add_task(function* testExtraValidSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["META-INF/mozilla.sf", "extra.sf"]]});
+});
+
+add_task(function* testMissingManifest() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {delete: ["META-INF/manifest.mf"]});
+});
+
+add_task(function* testCorruptManifest() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {corrupt: ["META-INF/manifest.mf"]});
+});
+
+add_task(function* testMissingFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+                       {delete: ["bootstrap.js"]});
+});
+
+add_task(function* testCorruptFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+                       {corrupt: ["bootstrap.js"]});
+});
+
+add_task(function* testExtraFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["bootstrap.js", "extra"]]});
+});
+
+add_task(function* testMissingFileInDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+                       {delete: ["lib/ui.js"]});
+});
+
+add_task(function* testCorruptFileInDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+                       {corrupt: ["lib/ui.js"]});
+});
+
+add_task(function* testExtraFileInDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["lib/ui.js", "extra"]]});
+});
+
+do_register_cleanup(function() {
+  if (gTarget.exists()) {
+    gTarget.remove(true);
+  }
+});
diff --git a/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi b/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi
new file mode 100644
index 000000000..902b731f3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/README.md b/security/manager/ssl/tests/unit/test_signed_manifest/README.md
new file mode 100644
index 000000000..a442c7052
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/README.md
@@ -0,0 +1,17 @@
+This folder contains the scripts needed to generate signed manifest files
+to verify the Trusted Hosted Apps concept.
+
+Prerequisites:
+
+* NSS 3.4 or higher.
+* Python 2.7 (should work with 2.6 also)
+* Bash
+* OpenSSL
+
+Usage:
+
+Run
+  I) For usage info execute ./create_test_files.sh --help
+
+ II) Upload the signed manifest.webapp and manifest.sig to the
+     application hosting server.
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh b/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh
new file mode 100755
index 000000000..cddbe17ec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh
@@ -0,0 +1,181 @@
+#!/bin/bash
+#
+# Mode: shell-script; sh-indentation:2;
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+export BASE_PATH=`dirname $0`
+echo $BASE_PATH
+
+# location of the 'sign_b2g_manifest.py' script
+export SIGN_SCR_PATH=.
+
+DB_PATH=${BASE_PATH}/signingDB
+PASSWORD_FILE=${DB_PATH}/passwordfile
+VALID_MANIFEST_PATH=${BASE_PATH}/testValidSignedManifest
+INVALID_MANIFEST_PATH=${BASE_PATH}/testInvalidSignedManifest
+
+TRUSTED_EE=trusted_ee1
+UNTRUSTED_EE=untrusted_ee1
+TRUSTED_CA=trusted_ca1
+UNTRUSTED_CA=untrusted_ca1
+
+# Print usage info
+usage() {
+    echo
+    echo
+    tput bold
+    echo "NAME"
+    tput sgr0
+    echo "     create_test_files.sh - Signing a manifest for Trusted Hosted Apps."
+    echo
+    tput bold
+    echo "SYNOPSIS"
+    tput sgr0
+    echo "     create_test_files.sh"
+    echo "     create_test_files.sh [--regenerate-test-certs]"
+    echo "     create_test_files.sh [--help]"
+    echo
+    tput bold
+    echo "DESCRIPTION"
+    tput sgr0
+    echo "     The script signs a manifest for Trusted Hosted Apps if no parameter"
+    echo "     is given and if the manifest file and a certificate database directory"
+    echo "     is present in the current directory."
+    echo "     Two directories ./testValidSignedManifest and ./testInvalidSignedManifest"
+    echo "     are generated containing a manifest signature file each, signed with valid"
+    echo "     and invalid certificates respectively."
+    echo "     If the --regenerate-test-certs parameter is given, a new certificate database"
+    echo "     directory is generated before the signing takes place."
+    echo "     If the certificate database is not present and the --regenerate-test-certs"
+    echo "     parameter is not given the script exits whithout any operations."
+    echo
+    tput bold
+    echo "OPTIONS"
+    echo "    --regenerate-test-certs,"
+    tput sgr0
+    echo "        Generates a test certificate database and then signs the manifest.webapp"
+    echo "        file in the current directory."
+    echo
+    tput bold
+    echo "    --help,"
+    tput sgr0
+    echo "        Show this usage information."
+    echo
+}
+
+# Function to create a signing database
+# Parameters:
+# $1: Output directory (where the DB will be created)
+# $2: Password file
+createDB() {
+  local db_path=${1}
+  local password_file=${2}
+
+  mkdir -p ${db_path}
+  echo insecurepassword > ${password_file}
+  certutil -d ${db_path} -N -f ${password_file} 2>&1 >/dev/null
+}
+
+# Add a CA cert and a signing cert to the database
+# Arguments:
+#   $1: DB directory
+#   $2: CA CN (don't include the CN=, just the value)
+#   $3: Signing Cert CN (don't include the CN=, just the value)
+#   $4: CA short name (don't use spaces!)
+#   $5: Signing Cert short name (don't use spaces!)
+#   $6: Password file
+addCerts() {
+  local db_path=${1}
+  local password_file=${6}
+
+  org="O=Example Trusted Corporation,L=Mountain View,ST=CA,C=US"
+  ca_subj="CN=${2},${org}"
+  ee_subj="CN=${3},${org}"
+
+  noisefile=/tmp/noise.$$
+  head -c 32 /dev/urandom > ${noisefile}
+
+  ca_responses=/tmp/caresponses.$$
+  ee_responses=/tmp/earesponses
+
+  echo y >  ${ca_responses} # Is this a CA?
+  echo >>   ${ca_responses} # Accept default path length constraint (no constraint)
+  echo y >> ${ca_responses} # Is this a critical constraint?
+  echo n >  ${ee_responses} # Is this a CA?
+  echo >>   ${ee_responses} # Accept default path length constraint (no constraint)
+  echo y >> ${ee_responses} # Is this a critical constraint?
+
+  make_cert="certutil -d ${db_path} -f ${password_file} -S -g 2048 -Z SHA256 \
+                      -z ${noisefile} -y 3 -2 --extKeyUsage critical,codeSigning"
+  ${make_cert} -v 480 -n ${4} -m 1 -s "${ca_subj}" --keyUsage critical,certSigning \
+             -t ",,CTu" -x < ${ca_responses} 2>&1 >/dev/null
+  ${make_cert} -v 240 -n ${5} -c ${4} -m 2 -s "${ee_subj}" --keyUsage critical,digitalSignature \
+             -t ",,," < ${ee_responses} 2>&1 >/dev/null
+
+  certutil -d ${db_path} -L -n ${4} -r -o ${SIGN_SCR_PATH}/${4}.der
+
+  rm -f ${noisefile} ${ee_responses} ${ca_responses}
+}
+
+# Signs a manifest
+# Parameters:
+# $1: Database directory
+# $2: Unsigned manifest file path
+# $3: Signed manifest file path
+# $4: Nickname of the signing certificate
+# $5: Password file
+signManifest() {
+  local db_path=${1}
+  local password_file=${5}
+
+  python ${BASE_PATH}/${SIGN_SCR_PATH}/sign_b2g_manifest.py -d ${db_path} \
+      -f ${password_file} -k ${4} -i ${2} -o ${3}
+}
+
+# Generate the necessary files to be used for the signing
+generate_files() {
+  # First create a new couple of signing DBs
+  rm -rf ${DB_PATH} ${VALID_MANIFEST_PATH} ${INVALID_MANIFEST_PATH}
+  createDB ${DB_PATH} ${PASSWORD_FILE}
+  addCerts ${DB_PATH} "Trusted Valid CA" "Trusted Corp Cert" ${TRUSTED_CA} ${TRUSTED_EE} ${PASSWORD_FILE}
+  addCerts ${DB_PATH} "Trusted Invalid CA" "Trusted Invalid Cert" ${UNTRUSTED_CA} ${UNTRUSTED_EE} ${PASSWORD_FILE}
+}
+
+#Start of execution
+if [ ${1} ] && [ "${1}" == '--regenerate-test-certs' ]; then
+  generate_files
+elif [ "${1}" == '--help' ]; then
+    usage
+    exit 1
+else
+  if [ -d ${DB_PATH} ]; then
+    rm -rf ${VALID_MANIFEST_PATH} ${INVALID_MANIFEST_PATH}
+  else
+    echo "Error! The directory ${DB_PATH} does not exist!"
+    echo "New certificate database must be created!"
+    usage $0
+    exit 1
+  fi
+fi
+
+# Create all the test manifests
+mkdir -p ${VALID_MANIFEST_PATH}
+mkdir -p ${INVALID_MANIFEST_PATH}
+
+CURDIR=`pwd`
+cd $CURDIR
+
+# Sign a manifest file with a known issuer
+signManifest ${DB_PATH} ${BASE_PATH}/manifest.webapp \
+             ${VALID_MANIFEST_PATH}/manifest.sig \
+             ${TRUSTED_EE} ${PASSWORD_FILE}
+
+# Sign a manifest file with a unknown issuer
+signManifest ${DB_PATH} ${BASE_PATH}/manifest.webapp \
+             ${INVALID_MANIFEST_PATH}/manifest.sig \
+             ${UNTRUSTED_EE} ${PASSWORD_FILE}
+
+echo "Done!"
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp
new file mode 100644
index 000000000..ad477719b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp
@@ -0,0 +1,10 @@
+{ "name": "Trusted App Example",
+  "description": "A Manifest for a Trusted Hosted Application",
+  "type": "trusted",
+  "launch_path": "/index.html",
+  "icons": { "128" : "icon-128.png" },
+  "version": 1,
+  "csp" : "script-src https://www.example.com; style-src https://www.example.com",
+  "permissions": { "device-storage:videos":{ "access": "readonly" }, "device-storage:pictures":{ "access": "readwrite" } },
+  "default_locale": "en-US"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py b/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py
new file mode 100644
index 000000000..a0c50b1ed
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py
@@ -0,0 +1,136 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+from ctypes import *
+import os
+import sys
+
+if sys.platform == 'darwin':
+  libprefix = "lib"
+  libsuffix = ".dylib"
+elif os.name == 'posix':
+  libprefix = "lib"
+  libsuffix = ".so"
+else: # assume windows
+  libprefix = ""
+  libsuffix = ".dll"
+
+plc   = cdll.LoadLibrary(libprefix + "plc4"   + libsuffix)
+nspr  = cdll.LoadLibrary(libprefix + "nspr4"  + libsuffix)
+nss   = cdll.LoadLibrary(libprefix + "nss3"   + libsuffix)
+smime = cdll.LoadLibrary(libprefix + "smime3" + libsuffix)
+
+nspr.PR_GetError.argtypes = []
+nspr.PR_GetError.restype = c_int32
+nspr.PR_ErrorToName.argtypes = [c_int32]
+nspr.PR_ErrorToName.restype = c_char_p
+
+def raise_if_not_SECSuccess(rv):
+  SECSuccess = 0
+  if (rv != SECSuccess):
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+
+def raise_if_NULL(p):
+  if not p:
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+  return p
+
+PRBool = c_int
+SECStatus = c_int
+
+# from secoidt.h
+SEC_OID_SHA1 = 4
+
+# from certt.h
+certUsageObjectSigner = 6
+
+class SECItem(Structure):
+  _fields_ = [("type", c_int),
+              ("data", c_char_p),
+              ("len", c_uint)]
+
+nss.NSS_Init.argtypes = [c_char_p]
+nss.NSS_Init.restype = SECStatus
+def NSS_Init(db_dir):
+  nss.NSS_Init.argtypes = [c_char_p]
+  nss.NSS_Init.restype = SECStatus
+  raise_if_not_SECSuccess(nss.NSS_Init(db_dir))
+
+nss.NSS_Shutdown.argtypes = []
+nss.NSS_Shutdown.restype = SECStatus
+def NSS_Shutdown():
+  raise_if_not_SECSuccess(nss.NSS_Shutdown())
+
+PK11PasswordFunc = CFUNCTYPE(c_char_p, c_void_p, PRBool, c_char_p)
+
+# pass the result of this as the wincx parameter when a wincx is required
+nss.PK11_SetPasswordFunc.argtypes = [PK11PasswordFunc]
+nss.PK11_SetPasswordFunc.restype = None
+
+# Set the return type as *void so Python doesn't touch it
+plc.PL_strdup.argtypes = [c_char_p]
+plc.PL_strdup.restype = c_void_p
+def SetPasswordContext(password):
+  def callback(slot, retry, arg):
+    return plc.PL_strdup(password)
+  wincx = PK11PasswordFunc(callback)
+  nss.PK11_SetPasswordFunc(wincx)
+  return wincx
+
+nss.CERT_GetDefaultCertDB.argtypes = []
+nss.CERT_GetDefaultCertDB.restype = c_void_p
+def CERT_GetDefaultCertDB():
+  return raise_if_NULL(nss.CERT_GetDefaultCertDB())
+
+nss.PK11_FindCertFromNickname.argtypes = [c_char_p, c_void_p]
+nss.PK11_FindCertFromNickname.restype = c_void_p
+def PK11_FindCertFromNickname(nickname, wincx):
+  return raise_if_NULL(nss.PK11_FindCertFromNickname(nickname, wincx))
+
+nss.CERT_DestroyCertificate.argtypes = [c_void_p]
+nss.CERT_DestroyCertificate.restype = None
+def CERT_DestroyCertificate(cert):
+  nss.CERT_DestroyCertificate(cert)
+
+smime.SEC_PKCS7CreateSignedData.argtypes = [c_void_p, c_int, c_void_p,
+                                            c_int, c_void_p,
+                                            c_void_p, c_void_p]
+smime.SEC_PKCS7CreateSignedData.restype = c_void_p
+def SEC_PKCS7CreateSignedData(cert, certusage, certdb, digestalg, digest, wincx):
+  item = SECItem(0,  c_char_p(digest), len(digest))
+  return raise_if_NULL(smime.SEC_PKCS7CreateSignedData(cert, certusage, certdb,
+                                                       digestalg,
+                                                       pointer(item),
+                                                       None, wincx))
+
+smime.SEC_PKCS7AddSigningTime.argtypes = [c_void_p]
+smime.SEC_PKCS7AddSigningTime.restype = SECStatus
+def SEC_PKCS7AddSigningTime(p7):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7AddSigningTime(p7))
+
+smime.SEC_PKCS7IncludeCertChain.argtypes = [c_void_p, c_void_p]
+smime.SEC_PKCS7IncludeCertChain.restype = SECStatus
+def SEC_PKCS7IncludeCertChain(p7, wincx):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7IncludeCertChain(p7, wincx))
+
+SEC_PKCS7EncoderOutputCallback = CFUNCTYPE(None, c_void_p, c_void_p, c_long)
+smime.SEC_PKCS7Encode.argtypes = [c_void_p, SEC_PKCS7EncoderOutputCallback,
+                                  c_void_p, c_void_p, c_void_p, c_void_p]
+smime.SEC_PKCS7Encode.restype = SECStatus
+def SEC_PKCS7Encode(p7, bulkkey, wincx):
+  outputChunks = []
+  def callback(chunks, data, len):
+    outputChunks.append(string_at(data, len))
+  callbackWrapper = SEC_PKCS7EncoderOutputCallback(callback)
+  raise_if_not_SECSuccess(smime.SEC_PKCS7Encode(p7, callbackWrapper,
+                                                None, None, None, wincx))
+  return "".join(outputChunks)
+
+smime.SEC_PKCS7DestroyContentInfo.argtypes = [c_void_p]
+smime.SEC_PKCS7DestroyContentInfo.restype = None
+def SEC_PKCS7DestroyContentInfo(p7):
+  smime.SEC_PKCS7DestroyContentInfo(p7)
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py b/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py
new file mode 100644
index 000000000..a7f060481
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py
@@ -0,0 +1,76 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import argparse
+from base64 import b64encode
+from hashlib import sha1
+import sys
+import ctypes
+import nss_ctypes
+
+def nss_create_detached_signature(cert, dataToSign, wincx):
+  certdb = nss_ctypes.CERT_GetDefaultCertDB()
+  p7 = nss_ctypes.SEC_PKCS7CreateSignedData(cert,
+                                            nss_ctypes.certUsageObjectSigner,
+                                            certdb,
+                                            nss_ctypes.SEC_OID_SHA1,
+                                            sha1(dataToSign).digest(),
+                                            wincx)
+  try:
+    nss_ctypes.SEC_PKCS7AddSigningTime(p7)
+    nss_ctypes.SEC_PKCS7IncludeCertChain(p7, wincx)
+    return nss_ctypes.SEC_PKCS7Encode(p7, None, wincx)
+  finally:
+    nss_ctypes.SEC_PKCS7DestroyContentInfo(p7)
+
+# Sign a manifest file
+def sign_file(in_file, out_file, cert, wincx):
+  contents = in_file.read()
+  in_file.close()
+
+  # generate base64 encoded string of the sha1 digest of the input file
+  in_file_hash = b64encode(sha1(contents).digest())
+
+  # sign the base64 encoded string with the given certificate
+  in_file_signature = nss_create_detached_signature(cert, in_file_hash, wincx)
+
+  # write the content of the output file
+  out_file.write(in_file_signature)
+  out_file.close()
+
+def main():
+  parser = argparse.ArgumentParser(description='Sign a B2G app manifest.')
+  parser.add_argument('-d', action='store',
+                            required=True, help='NSS database directory')
+  parser.add_argument('-f', action='store',
+                            type=argparse.FileType('rb'),
+                            required=True, help='password file')
+  parser.add_argument('-k', action='store',
+                            required=True, help="nickname of signing cert.")
+  parser.add_argument('-i', action='store', type=argparse.FileType('rb'),
+                            required=True, help="input manifest file (unsigned)")
+  parser.add_argument('-o', action='store', type=argparse.FileType('wb'),
+                            required=True, help="output manifest file (signed)")
+  args = parser.parse_args()
+
+  db_dir = args.d
+  password = args.f.readline().strip()
+  cert_nickname = args.k
+  cert = None
+
+  try:
+    nss_ctypes.NSS_Init(db_dir)
+    wincx = nss_ctypes.SetPasswordContext(password)
+    cert = nss_ctypes.PK11_FindCertFromNickname(cert_nickname, wincx)
+    sign_file(args.i, args.o, cert, wincx)
+    return 0
+  finally:
+    nss_ctypes.CERT_DestroyCertificate(cert)
+    nss_ctypes.NSS_Shutdown()
+
+if __name__ == "__main__":
+    sys.exit(main())
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig b/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig
new file mode 100644
index 000000000..d5eee196c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig b/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig
new file mode 100644
index 000000000..996226351
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der b/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der
new file mode 100644
index 000000000..bf05308cc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der
diff --git a/security/manager/ssl/tests/unit/test_sss_eviction.js b/security/manager/ssl/tests/unit/test_sss_eviction.js
new file mode 100644
index 000000000..0ac8983f6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_eviction.js
@@ -0,0 +1,85 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to check that a frequently visited site
+// will not be evicted over an infrequently visited site.
+
+var gSSService = null;
+var gProfileDir = null;
+
+function do_state_written(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  ok(stateFile.exists());
+  let stateFileContents = readFile(stateFile);
+  // the last part is removed because it's the empty string after the final \n
+  let lines = stateFileContents.split('\n').slice(0, -1);
+  // We can receive multiple data-storage-written events. In particular, we
+  // may receive one where DataStorage wrote out data before we were done
+  // processing all of our headers. In this case, the data may not be
+  // as we expect. We only care about the final one being correct, however,
+  // so we return and wait for the next event if things aren't as we expect.
+  // There should be 1024 entries.
+  if (lines.length != 1024) {
+    return;
+  }
+
+  let foundLegitSite = false;
+  for (let line of lines) {
+    if (line.startsWith("frequentlyused.example.com:HSTS")) {
+      foundLegitSite = true;
+      break;
+    }
+  }
+
+  ok(foundLegitSite);
+  do_test_finished();
+}
+
+function do_state_read(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "frequentlyused.example.com", 0));
+  let sslStatus = new FakeSSLStatus();
+  for (let i = 0; i < 2000; i++) {
+    let uri = Services.io.newURI("http://bad" + i + ".example.com", null, null);
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                            "max-age=1000", sslStatus, 0);
+  }
+  do_test_pending();
+  Services.obs.addObserver(do_state_written, "data-storage-written", false);
+  do_test_finished();
+}
+
+function run_test() {
+  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
+  gProfileDir = do_get_profile();
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  let line = "frequentlyused.example.com:HSTS\t4\t0\t" + (now + 100000) + ",1,0\n";
+  outputStream.write(line, line.length);
+  outputStream.close();
+  Services.obs.addObserver(do_state_read, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate.js b/security/manager/ssl/tests/unit/test_sss_readstate.js
new file mode 100644
index 000000000..8b7e8cbb5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate.js
@@ -0,0 +1,82 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// and see that the site security service reads it properly.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "expired.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "notexpired.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "sub.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "incsubdomain.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.incsubdomain.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains2.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "sub.includesubdomains2.preloaded.test", 0));
+
+  // Clearing the data should make everything go back to default.
+  gSSService.clearAll();
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "expired.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "notexpired.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "incsubdomain.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "sub.incsubdomain.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains2.preloaded.test", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream);
+  writeLine("notexpired.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains.preloaded.test:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  writeLine("incsubdomain.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,1\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains2.preloaded.test:HSTS\t0\t0\t0,2,0\n", outputStream);
+  outputStream.close();
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_child.js b/security/manager/ssl/tests/unit/test_sss_readstate_child.js
new file mode 100644
index 000000000..80f00c31a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_child.js
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// and see that the site security service reads it properly. We also verify
+// that state changes are reflected in the child process.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+function start_test_in_child() {
+  run_test_in_child("sss_readstate_child_worker.js");
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream);
+  writeLine("notexpired.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains.preloaded.test:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  writeLine("incsubdomain.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,1\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains2.preloaded.test:HSTS\t0\t0\t0,2,0\n", outputStream);
+  outputStream.close();
+  Services.obs.addObserver(start_test_in_child, "data-storage-ready", false);
+  do_test_pending();
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  notEqual(SSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_empty.js b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js
new file mode 100644
index 000000000..c4605c0af
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create an empty site security service state
+// file and see that the site security service doesn't fail when reading it.
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  // nonexistent.example.com should never be an HSTS host
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "nonexistent.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  // notexpired.example.com is an HSTS host in a different test - we
+  // want to make sure that test hasn't interfered with this one.
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "notexpired.example.com", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  stateFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0x1a4); // 0x1a4 == 0o644
+  ok(stateFile.exists());
+  // Initialize nsISiteSecurityService after do_get_profile() so it
+  // can read the state file.
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
new file mode 100644
index 000000000..d4165f7f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a mostly bogus site security service
+// state file and see that the site security service handles it properly.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example1.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example2.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example3.example.com", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine("example1.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  writeLine("I'm a lumberjack and I'm okay; I work all night and I sleep all day!\n", outputStream);
+  writeLine("This is a totally bogus entry\t\n", outputStream);
+  writeLine("0\t0\t0\t0\t\n", outputStream);
+  writeLine("\t\t\t\t\t\t\t\n", outputStream);
+  writeLine("example.com:HSTS\t\t\t\t\t\t\t\n", outputStream);
+  writeLine("example3.example.com:HSTS\t0\t\t\t\t\t\t\n", outputStream);
+  writeLine("example2.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  outputStream.close();
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_huge.js b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
new file mode 100644
index 000000000..eec93b6f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// that is too large and see that the site security service reads it properly
+// (this means discarding all entries after the 1024th).
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example0.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example423.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example1023.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example1024.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example1025.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example9000.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example99999.example.com", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  for (let i = 0; i < 10000; i++) {
+    // The 0s will all get squashed down into one 0 when they are read.
+    // This is just to make the file size large (>2MB).
+    writeLine("example" + i + ".example.com:HSTS\t0000000000000000000000000000000000000000000000000\t00000000000000000000000000000000000000\t" + (now + 100000) + ",1,0000000000000000000000000000000000000000000000000000000000000000000000000\n", outputStream);
+  }
+  outputStream.close();
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_savestate.js b/security/manager/ssl/tests/unit/test_sss_savestate.js
new file mode 100644
index 000000000..a4d8b5297
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_savestate.js
@@ -0,0 +1,128 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to see that the site security service properly
+// writes its state file.
+
+const EXPECTED_ENTRIES = 6;
+const EXPECTED_HSTS_COLUMNS = 3;
+const EXPECTED_HPKP_COLUMNS = 4;
+var gProfileDir = null;
+
+const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+
+// For reference, the format of the state file is a list of:
+// <domain name> <expiration time in milliseconds>,<sts status>,<includeSubdomains>
+// separated by newlines ('\n')
+
+function checkStateWritten(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  ok(stateFile.exists());
+  let stateFileContents = readFile(stateFile);
+  // the last line is removed because it's just a trailing newline
+  let lines = stateFileContents.split('\n').slice(0, -1);
+  equal(lines.length, EXPECTED_ENTRIES);
+  let sites = {}; // a map of domain name -> [the entry in the state file]
+  for (let line of lines) {
+    let parts = line.split('\t');
+    let host = parts[0];
+    let score = parts[1];
+    let lastAccessed = parts[2];
+    let entry = parts[3].split(',');
+    let expectedColumns = EXPECTED_HSTS_COLUMNS;
+    if (host.indexOf("HPKP") != -1) {
+      expectedColumns = EXPECTED_HPKP_COLUMNS;
+    }
+    equal(entry.length, expectedColumns);
+    sites[host] = entry;
+  }
+
+  // We can receive multiple data-storage-written events. In particular, we
+  // may receive one where DataStorage wrote out data before we were done
+  // processing all of our headers. In this case, the data may not be
+  // as we expect. We only care about the final one being correct, however,
+  // so we return and wait for the next event if things aren't as we expect.
+  // sites[url][1] corresponds to SecurityPropertySet (if 1) and
+  //                              SecurityPropertyUnset (if 0)
+  // sites[url][2] corresponds to includeSubdomains
+  if (sites["includesubdomains.preloaded.test:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["includesubdomains.preloaded.test:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["a.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["a.example.com:HSTS"][2] != 1) {
+    return;
+  }
+  if (sites["b.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["b.example.com:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["c.c.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["c.c.example.com:HSTS"][2] != 1) {
+    return;
+  }
+  if (sites["d.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["d.example.com:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["dynamic-pin.example.com:HPKP"][1] != 1) {
+    return;
+  }
+  if (sites["dynamic-pin.example.com:HPKP"][2] != 1) {
+    return;
+  }
+  equal(sites["dynamic-pin.example.com:HPKP"][3], NON_ISSUED_KEY_HASH);
+
+  do_test_finished();
+}
+
+function run_test() {
+  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
+  gProfileDir = do_get_profile();
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  // Put an HPKP entry
+  SSService.setKeyPins("dynamic-pin.example.com", true,
+                       new Date().getTime() + 1000000, 1,
+                       [NON_ISSUED_KEY_HASH]);
+
+  let uris = [ Services.io.newURI("http://includesubdomains.preloaded.test", null, null),
+               Services.io.newURI("http://a.example.com", null, null),
+               Services.io.newURI("http://b.example.com", null, null),
+               Services.io.newURI("http://c.c.example.com", null, null),
+               Services.io.newURI("http://d.example.com", null, null) ];
+
+  for (let i = 0; i < 1000; i++) {
+    let uriIndex = i % uris.length;
+    // vary max-age
+    let maxAge = "max-age=" + (i * 1000);
+     // alternate setting includeSubdomains
+    let includeSubdomains = (i % 2 == 0 ? "; includeSubdomains" : "");
+    let sslStatus = new FakeSSLStatus();
+    SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            uris[uriIndex], maxAge + includeSubdomains,
+                            sslStatus, 0);
+  }
+
+  do_test_pending();
+  Services.obs.addObserver(checkStateWritten, "data-storage-written", false);
+}
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign.js b/security/manager/ssl/tests/unit/test_startcom_wosign.js
new file mode 100644
index 000000000..4ba89ca73
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign.js
@@ -0,0 +1,43 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests handling of certificates issued by StartCom and WoSign. If such
+// certificates have a notBefore before 21 October 2016, they are handled
+// normally. Otherwise, they are treated as revoked.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, "test_startcom_wosign/" + certName + ".pem", trustString);
+}
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_startcom_wosign/" + certName + ".pem");
+}
+
+function checkEndEntity(cert, expectedResult) {
+  // (new Date("2016-11-01")).getTime() / 1000
+  const VALIDATION_TIME = 1477958400;
+  checkCertErrorGenericAtTime(certdb, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME);
+}
+
+loadCertWithTrust("ca", "CTu,,");
+// This is not a real StartCom CA - it merely has the same distinguished name as
+// one (namely "/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2",
+// encoded with PrintableStrings). By checking for specific DNs, we can enforce
+// the date-based policy in a way that is testable.
+loadCertWithTrust("StartComCA", ",,");
+checkEndEntity(certFromFile("StartCom-before-cutoff"), PRErrorCodeSuccess);
+checkEndEntity(certFromFile("StartCom-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE);
+
+// Similarly, this is not a real WoSign CA. It has the same distinguished name
+// as "/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign", encoded
+// with PrintableStrings).
+loadCertWithTrust("WoSignCA", ",,");
+checkEndEntity(certFromFile("WoSign-before-cutoff"), PRErrorCodeSuccess);
+checkEndEntity(certFromFile("WoSign-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE);
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem
new file mode 100644
index 000000000..a3914b33f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgWgAwIBAgIUQcnJ38esL8x6sizuR5KC5SFcqMUwCwYJKoZIhvcNAQEL
+MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD
+EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjAiGA8yMDE2MTAy
+MjAwMDAwMFoYDzIwMTcxMDIyMDAwMDAwWjAgMR4wHAYDVQQDDBVTdGFydENvbS1h
+ZnRlci1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsG
+CSqGSIb3DQEBCwOCAQEAhvpbb5H8Cokd2S8g/tYMutgqnA7UXrYMiIMTC4AwLua3
+FCbqpHVU8oyAuL2uQ+RIPGIRBgVKgqlz1zrvB3HLX1DJ1yiUUbgDcCfGeLTQ1dOj
+ZEHKYgRxmb6OQyMjaHRvXSlPpuKoA2eymj7IaCyRwX3qxVX1vt7UpVEInpwVusNQ
+L2UH4ni0W/GfoO2z8DgMWv2fJAWaFJlVQgalhEq7qZ0B1vSMsx/exwjsqQiTCdGL
+y46y/wo/sUklpQyX7U3/FsYGAEw27LoJ+pf88Stk5VuTu+Ip5KnbWklRlKDxHoo1
+5VriR2NfFVfqtvapGNougn7t2xEuISVtSp2CKVBuUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec
new file mode 100644
index 000000000..9f0fe22fc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
+subject:StartCom-after-cutoff
+validity:20161022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem
new file mode 100644
index 000000000..a219e745f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAgagAwIBAgIUWZ9YRoup7gVY1EokoIfmnmi93gYwCwYJKoZIhvcNAQEL
+MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD
+EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjAiGA8yMDE1MTAy
+MjAwMDAwMFoYDzIwMTcxMDIyMDAwMDAwWjAhMR8wHQYDVQQDDBZTdGFydENvbS1i
+ZWZvcmUtY3V0b2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABoxowGDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAL
+BgkqhkiG9w0BAQsDggEBAFhgX9UQSu/Bde3O4EDhIrl413weRbOsy2qU8UrRMrm5
+3im2TGF2/75rlu3vE3dHQaSqPRiZ1HK1FvHt6faohJKGfbN2AFABIpPleh2evQC8
+wXjOcrURnz0MrK5c9v6gNjUq63n9daeIDLby7CTnKPuVGa2kpOWFI8gBGnOj3a96
+oBO9wfi8fVpKRxK+BoCfwUmF4HzlyQy7hMDcHUuf0rlSch6NKVeUpHBP4XlmnITO
+KC7TCIbM2cGSqsSr8rF5AdeCSf2ZukAHQUwO7W/Bs8OIaqurIjwEnM3E/wqUk/MW
+VzySem5LqHnz4yfeOKR9+DQImKZ0pAWn6cIuumMDP2M=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec
new file mode 100644
index 000000000..b7fbd4954
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
+subject:StartCom-before-cutoff
+validity:20151022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem
new file mode 100644
index 000000000..720c59d4f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAfWgAwIBAgIUP4zQ8t+wfQSkTf7d5CJUa6DCaDEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYD
+VQQDEyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBJ
+c1GQxMzouK7DnQ1vgrw5LH92x3navGhO7gJWN2dca1QXnzXG3c/Yh3aqbmNI0fu+
+4PXBEKWP2i+Idgslmxi0O/I9VURHGfEo5JzLEbK6Bj/hU1VIrHj64HZ4F0XcL/K8
+kD8kqLWyuoD/i1mjTp4oGNsprv6M/TsU5nv5FszWvtv0CaGmrjNjOvYEUBo5xies
+ETPbmmPKeVwa1Npk/9uBK8Zyczj0s3rRBaOa3NhzhKuL+6x5sKzEO6uxKgEf1GYB
+KFyugaqLXYsHRTI47gwtRtVHkmriZdxLJJV+8C9OkINUf7fVZNTrdcFncrAQrxDS
+can7HEO19JtMcStdW34i
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec
new file mode 100644
index 000000000..ee5d9fff1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem
new file mode 100644
index 000000000..5d7d50527
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgWgAwIBAgIUMYT7CkMtLLxN3tKEWzFXFQ6c/gwwCwYJKoZIhvcNAQEL
+MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG
+A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMCIYDzIwMTYx
+MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMB4xHDAaBgNVBAMME1dvU2lnbi1h
+ZnRlci1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsG
+CSqGSIb3DQEBCwOCAQEAjBm9k3WX810z55fcMrbsT6AJk4Fhr+rRLth+KWEpkvN+
+gYZymkVIA390oFyH9VxbEGvSIv6bJfB7yVOtL2q6mj9mn7ybRoWlX1HOH7Cjqp7R
+6qivI4nG5Khn6uQxSxBbu26yhHmGcyq0QrhKEGrLzhoQc/0MOg32xnRRNu/bkFiL
+GNsu6wkRnB82aC4qjyohfkNqnaHES+D5ed+GuSD5QEU/r7Gz0Wd1a+MiOBc71R0W
+WDadFfE7sTuMiidSrxdN4j5sGwSvyudM3NlEHhnyn/jJcOzYpTtVOg5qmcrNRxq5
+ppj7eoIfCz+YJVz86cI96TM7S4OL8LG+UU90+3Kd8w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec
new file mode 100644
index 000000000..2afb5d6ea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
+subject:WoSign-after-cutoff
+validity:20161022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem
new file mode 100644
index 000000000..09c661a92
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAgagAwIBAgIUVWn2KHK/AHKe+8z02VsFj3fXqjAwCwYJKoZIhvcNAQEL
+MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG
+A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMCIYDzIwMTUx
+MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMB8xHTAbBgNVBAMMFFdvU2lnbi1i
+ZWZvcmUtY3V0b2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABoxowGDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAL
+BgkqhkiG9w0BAQsDggEBALMqCQoOhrBOeIzR7ffMCR/qUNz8LeELms31eF0Ks/Ol
+vMUJ9FBJOVHWq40zXnNBrH3qTVnTgAAZegjepzgggwd52gkkg0aD5WCZZy7TP1ie
+fbcdqC71LWghBZKkl6EFBDcnB4/ssc5MDhFAd3qyH/GHZSwtn2Ekk3vQBudOC/tW
+W/OGS5o+qP3NwtTWXmdD5Q/dmm0wUp9t+4sJ9glwBVDeJfi23QWbR6G2cBBcyzvS
+IZ+F1dOPKrZ23OJufiu4pDLQupC9mpQUWXb5kst+i//52Zsfupe3U/4XjcLbqR+1
+VVhcoBNf/mJs9UMIpaG0tn+j82rw7t8zGd1VMcA/XYM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec
new file mode 100644
index 000000000..224522bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
+subject:WoSign-before-cutoff
+validity:20151022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem
new file mode 100644
index 000000000..30199bb3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAfegAwIBAgIUDxl5OmNq9eGdBbJrOQ/hkQbkVH0wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEq
+MCgGA1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+ox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zALBgkqhkiG9w0BAQsDggEB
+AEXCRSFaCDBBttpHRtGnX/tHbazxrHVzK2e5C8wN5piB8sOnwDHfpbRkcqs5Dn11
+7CAaRb993YVk22qzQ+R+r9cbbg2VuuBEYeHgGWNFdy4Oe4FMneHzOarWLiwIKjvS
+ZWf+obcRQpfI1hhXu5NkkZM5VgRwuRziIF6Xe9brQq5oqos/B9Rn7Edu6i8URrHx
+JLmpzTWGpyMYxVjUnvFQUyhFWaDMNE83SvXFY4bJww7O44XdXPpvrGU40oqZPPF4
+gzkYRmBAa/T4ERDQFigoqgZ9AmbFCnRQOBMLUwHT4ShcBO7iMCpxChpEb+nhr0LP
+fPkwoQr8c4keJOSpman2iXA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec
new file mode 100644
index 000000000..db92c5f6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem
new file mode 100644
index 000000000..4e4cb7814
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUQd13DvR3qDTAkz/7io280SPUCd0wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAEilE//BPKAsXleuiF6ITvBkjgJzlaD
+lGphvhPZNXENmYqkSOAZXAglmX0N4mq/1o3OC4IAhxqOj901y+QRM8zdemGDbpG7
+oqvAgeX5JLMKg5zj1lkdVkuNTfnKzNVJOWLHU4T1LrLuUGkVl7ba3s9RrqRmYtu8
+o4IgFUOXopjAo6Be/xrPzrRE6wTOFkhVaShYZBNNN/yJ4Eni4BnwxQ3uNSs6OQOO
+MpHW1Ibil2Oq7xcOmMj3WbB8uWCp1deM7h7l/u8cyUEMSCAhkYgSCorv/rECjP1k
+K3quGWnX3aN7idc4lOZkROIFyKR2V1No5OyUjmR2QKxf2RUq4XEWP2E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec
new file mode 100644
index 000000000..efd24b153
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:ca
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build b/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build
new file mode 100644
index 000000000..ed3680061
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build
@@ -0,0 +1,19 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'StartCom-after-cutoff.pem',
+#    'StartCom-before-cutoff.pem',
+#    'StartComCA.pem',
+#    'WoSign-after-cutoff.pem',
+#    'WoSign-before-cutoff.pem',
+#    'WoSignCA.pem',
+#    'ca.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js
new file mode 100644
index 000000000..c2c3eb2bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com.", 0));
+  // These cases are only relevant as long as bug 1118522 hasn't been fixed.
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com..", 0));
+
+  let uri = Services.io.newURI("https://example.com", null, null);
+  let sslStatus = new FakeSSLStatus();
+  SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                          "max-age=1000;includeSubdomains", sslStatus, 0);
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.com.", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.com..", 0));
+
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+  uri = Services.io.newURI("https://example.com.", null, null);
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+  uri = Services.io.newURI("https://example.com..", null, null);
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+
+  SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com.", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com..", 0));
+
+  // Somehow creating this malformed URI succeeds - we need to handle it
+  // gracefully.
+  uri = Services.io.newURI("https://../foo", null, null);
+  equal(uri.host, "..");
+  throws(() => {
+    SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+  }, /NS_ERROR_UNEXPECTED/, "Malformed URI should be rejected");
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_holepunch.js b/security/manager/ssl/tests/unit/test_sts_holepunch.js
new file mode 100644
index 000000000..b7e643148
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_holepunch.js
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+// bug 961528: chart.apis.google.com doesn't handle https. Check that
+// it isn't considered HSTS (other example.apis.google.com hosts should be
+// HSTS as long as they're on the preload list, however).
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "chart.apis.google.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "CHART.APIS.GOOGLE.COM", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.chart.apis.google.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "SUB.CHART.APIS.GOOGLE.COM", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.apis.google.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "EXAMPLE.APIS.GOOGLE.COM", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "sub.example.apis.google.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "SUB.EXAMPLE.APIS.GOOGLE.COM", 0));
+  // also check isSecureURI
+  let chartURI = Services.io.newURI("http://chart.apis.google.com", null, null);
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, chartURI, 0));
+  let otherURI = Services.io.newURI("http://other.apis.google.com", null, null);
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, otherURI, 0));
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
new file mode 100644
index 000000000..934fa4c3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
@@ -0,0 +1,42 @@
+"use strict";
+
+function check_ip(s, v, ip) {
+  let sslStatus = new FakeSSLStatus();
+  ok(!s.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, ip, 0));
+
+  let str = "https://";
+  if (v == 6) {
+    str += "[";
+  }
+  str += ip;
+  if (v == 6) {
+    str += "]";
+  }
+  str += "/";
+
+  let uri = Services.io.newURI(str, null, null);
+
+  let parsedMaxAge = {};
+  let parsedIncludeSubdomains = {};
+  s.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                  "max-age=1000;includeSubdomains", sslStatus, 0,
+                  parsedMaxAge, parsedIncludeSubdomains);
+
+  /* Test that processHeader will ignore headers for an uri, if the uri
+   * contains an IP address not a hostname.
+   * If processHeader indeed ignore the header, then the output parameters will
+   * remain empty, and we shouldn't see the values passed as the header.
+   */
+  notEqual(parsedMaxAge.value, 1000);
+  notEqual(parsedIncludeSubdomains.value, true);
+}
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+
+  check_ip(SSService, 4, "127.0.0.1");
+  check_ip(SSService, 4, "10.0.0.1");
+  check_ip(SSService, 6, "2001:db8::1");
+  check_ip(SSService, 6, "1080::8:800:200C:417A");
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
new file mode 100644
index 000000000..e83f6f5b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
@@ -0,0 +1,217 @@
+"use strict";
+
+var gSSService = Cc["@mozilla.org/ssservice;1"]
+                   .getService(Ci.nsISiteSecurityService);
+
+function Observer() {}
+Observer.prototype = {
+  observe: function(subject, topic, data) {
+    if (topic == "last-pb-context-exited") {
+      run_next_test();
+    }
+  }
+};
+
+var gObserver = new Observer();
+var sslStatus = new FakeSSLStatus();
+
+function cleanup() {
+  Services.obs.removeObserver(gObserver, "last-pb-context-exited");
+  gSSService.clearAll();
+}
+
+function run_test() {
+  do_register_cleanup(cleanup);
+  Services.obs.addObserver(gObserver, "last-pb-context-exited", false);
+
+  add_test(test_part1);
+  add_test(test_private_browsing1);
+  add_test(test_private_browsing2);
+
+  run_next_test();
+}
+
+function test_part1() {
+  // check that a host not in the list is not identified as an sts host
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "nonexistent.example.com", 0));
+
+  // check that an ancestor domain is not identified as an sts host
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "com", 0));
+
+  // check that the pref to toggle using the preload list works
+  Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", 0));
+  Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+
+  // check that a subdomain is an sts host (includeSubdomains is set)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+
+  // check that another subdomain is an sts host (includeSubdomains is set)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.b.c.def.includesubdomains.preloaded.test", 0));
+
+  // check that a subdomain is not an sts host (includeSubdomains is not set)
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.noincludesubdomains.preloaded.test", 0));
+
+  // check that a host with a dot on the end won't break anything
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "notsts.nonexistent.example.com.", 0));
+
+  // check that processing a header with max-age: 0 will remove a preloaded
+  // site from the list
+  let uri = Services.io.newURI("http://includesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, 0);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.includesubdomains.preloaded.test", 0));
+  // check that processing another header (with max-age non-zero) will
+  // re-enable a site's sts status
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1000", sslStatus, 0);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  // but this time include subdomains was not set, so test for that
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.includesubdomains.preloaded.test", 0));
+  gSSService.clearAll();
+
+  // check that processing a header with max-age: 0 from a subdomain of a site
+  // will not remove that (ancestor) site from the list
+  uri = Services.io.newURI("http://subdomain.noincludesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, 0);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "noincludesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.noincludesubdomains.preloaded.test", 0));
+
+  uri = Services.io.newURI("http://subdomain.includesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, 0);
+  // we received a header with "max-age=0", so we have "no information"
+  // regarding the sts state of subdomain.includesubdomains.preloaded.test specifically,
+  // but it is actually still an STS host, because of the preloaded
+  // includesubdomains.preloaded.test including subdomains.
+  // Here's a drawing:
+  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+  //     |-- subdomain.includesubdomains.preloaded.test                          IS sts host
+  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS sts host
+  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sibling.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "another.subdomain.includesubdomains.preloaded.test", 0));
+
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1000", sslStatus, 0);
+  // Here's what we have now:
+  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+  //     |-- subdomain.includesubdomains.preloaded.test (include subdomains is false) IS sts host
+  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS NOT sts host
+  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sibling.includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "another.subdomain.includesubdomains.preloaded.test", 0));
+
+  // Test that an expired non-private browsing entry results in correctly
+  // identifying a host that is on the preload list as no longer sts.
+  // (This happens when we're in regular browsing mode, we get a header from
+  // a site on the preload list, and that header later expires. We need to
+  // then treat that host as no longer an sts host.)
+  // (sanity check first - this should be in the preload list)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+  uri = Services.io.newURI("http://includesubdomains2.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1", sslStatus, 0);
+  do_timeout(1250, function() {
+    ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                                "includesubdomains2.preloaded.test", 0));
+    run_next_test();
+  });
+}
+
+const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
+
+function test_private_browsing1() {
+  gSSService.clearAll();
+  // sanity - includesubdomains.preloaded.test is preloaded, includeSubdomains set
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", IS_PRIVATE));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.b.c.subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  let uri = Services.io.newURI("http://includesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, IS_PRIVATE);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", IS_PRIVATE));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "a.b.subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  // check adding it back in
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1000", sslStatus, IS_PRIVATE);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", IS_PRIVATE));
+  // but no includeSubdomains this time
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "b.subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  // do the hokey-pokey...
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, IS_PRIVATE);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", IS_PRIVATE));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  // Test that an expired private browsing entry results in correctly
+  // identifying a host that is on the preload list as no longer sts.
+  // (This happens when we're in private browsing mode, we get a header from
+  // a site on the preload list, and that header later expires. We need to
+  // then treat that host as no longer an sts host.)
+  // (sanity check first - this should be in the preload list)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", IS_PRIVATE));
+  uri = Services.io.newURI("http://includesubdomains2.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1", sslStatus, IS_PRIVATE);
+  do_timeout(1250, function() {
+    ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                                "includesubdomains2.preloaded.test", IS_PRIVATE));
+    // Simulate leaving private browsing mode
+    Services.obs.notifyObservers(null, "last-pb-context-exited", null);
+  });
+}
+
+function test_private_browsing2() {
+  // if this test gets this far, it means there's a private browsing service
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  // the includesubdomains.preloaded.test entry has includeSubdomains set
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+
+  // Now that we're out of private browsing mode, we need to make sure
+  // we've "forgotten" that we "forgot" this site's sts status.
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
new file mode 100644
index 000000000..8b75b52ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
@@ -0,0 +1,23 @@
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+
+  // check that a host on the preload list is identified as an sts host
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "includesubdomains.preloaded.test", 0));
+
+  // now simulate that it's 19 weeks later than it actually is
+  let offsetSeconds = 19 * 7 * 24 * 60 * 60;
+  Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
+
+  // check that the preloaded host is no longer considered sts
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+
+  // just make sure we can get everything back to normal
+  Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "includesubdomains.preloaded.test", 0));
+}
diff --git a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
new file mode 100644
index 000000000..d7ffd17bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
@@ -0,0 +1,133 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This test is for the TLS error reporting functionality exposed by
+ * SecurityReporter.js in /toolkit/components/securityreporter. The test is
+ * here because we make use of the tlsserver functionality that lives with the
+ * PSM ssl tests.
+ *
+ * The testing here will be augmented by the existing mochitests for the
+ * error reporting functionality in aboutNetError.xhtml and
+ * aboutCertError.xhtml once these make use of this component.
+ */
+
+"use strict";
+const CC = Components.Constructor;
+const Cm = Components.manager;
+
+Cu.import("resource://testing-common/AppInfo.jsm");
+/*global updateAppInfo:false*/ // Imported via AppInfo.jsm.
+updateAppInfo();
+
+// We must get the profile before performing operations on the cert db.
+do_get_profile();
+
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+const reporter = Cc["@mozilla.org/securityreporter;1"]
+                   .getService(Ci.nsISecurityReporter);
+
+
+const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1",
+                             "nsIBinaryInputStream", "setInputStream");
+
+var server;
+
+// this allows us to create a callback which checks that a report is as
+// expected.
+function getReportCheck(expectReport, expectedError) {
+  return function sendReportWithInfo(transportSecurityInfo) {
+    // register a path handler on the server
+    server.registerPathHandler("/submit/sslreports",
+                              function(request, response) {
+      if (expectReport) {
+        let report = JSON.parse(readDataFromRequest(request));
+        do_check_eq(report.errorCode, expectedError);
+        response.setStatusLine(null, 201, "Created");
+        response.write("Created");
+      } else {
+        do_throw("No report should have been received");
+      }
+    });
+
+    reporter.reportTLSError(transportSecurityInfo, "example.com", -1);
+  };
+}
+
+// read the request body from a request
+function readDataFromRequest(aRequest) {
+  if (aRequest.method == "POST" || aRequest.method == "PUT") {
+    if (aRequest.bodyInputStream) {
+      let inputStream = new BinaryInputStream(aRequest.bodyInputStream);
+      let bytes = [];
+      let available;
+
+      while ((available = inputStream.available()) > 0) {
+        Array.prototype.push.apply(bytes, inputStream.readByteArray(available));
+      }
+
+      return String.fromCharCode.apply(null, bytes);
+    }
+  }
+  return null;
+}
+
+function run_test() {
+  // start a report server
+  server = new HttpServer();
+  server.start(-1);
+
+  let port = server.identity.primaryPort;
+
+  // Set the reporting URL to ensure any reports are sent to the test server
+  Services.prefs.setCharPref("security.ssl.errorReporting.url",
+                             `http://localhost:${port}/submit/sslreports`);
+  // set strict-mode pinning enforcement so we can cause connection failures.
+  Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+
+  // start a TLS server
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  // Add a user-specified trust anchor.
+  addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u");
+
+
+  // Cause a reportable condition with error reporting disabled. No report
+  // should be sent.
+  Services.prefs.setBoolPref("security.ssl.errorReporting.enabled", false);
+  add_connection_test("expired.example.com",
+                      SEC_ERROR_EXPIRED_CERTIFICATE, null,
+                      getReportCheck(false));
+
+  // Now enable reporting
+  add_test(function () {
+    Services.prefs.setBoolPref("security.ssl.errorReporting.enabled", true);
+    run_next_test();
+  });
+
+  // test calling the component with no transportSecurityInfo. No report should
+  // be sent even though reporting is enabled.
+  add_test(function() {
+    server.registerPathHandler("/submit/sslreports",
+                               function(request, response) {
+      do_throw("No report should be sent");
+    });
+    reporter.reportTLSError(null, "example.com", -1);
+    run_next_test();
+  });
+
+  // Test sending a report with no error. This allows us to check the case
+  // where there is no failed cert chain
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess, null,
+                      getReportCheck(true, PRErrorCodeSuccess));
+
+  // Test sending a report where there is an error and a failed cert chain.
+  add_connection_test("expired.example.com",
+                      SEC_ERROR_EXPIRED_CERTIFICATE, null,
+                      getReportCheck(true, SEC_ERROR_EXPIRED_CERTIFICATE));
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_validity.js b/security/manager/ssl/tests/unit/test_validity.js
new file mode 100644
index 000000000..9158c7a5d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity.js
@@ -0,0 +1,92 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that chains containing an end-entity cert with an overly long validity
+// period are rejected.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function getOCSPResponder(expectedCertNames) {
+  let expectedPaths = expectedCertNames.slice();
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_validity",
+                            expectedCertNames, expectedPaths);
+}
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_validity/${filename}`);
+}
+
+function loadCert(certFilename, trustString) {
+  addCertFromFile(certDB, `test_validity/${certFilename}`, trustString);
+}
+
+/**
+ * Adds a single EV test.
+ *
+ * @param {Array} expectedNamesForOCSP
+ *        An array of nicknames of the certs to be responded to.
+ * @param {String} rootCertFileName
+ *        The file name of the root cert. Can begin with ".." to reference
+ *        certs in folders other than "test_validity/".
+ * @param {Array} intCertFileNames
+ *        An array of file names of any intermediate certificates.
+ * @param {String} endEntityCertFileName
+ *        The file name of the end entity cert.
+ * @param {Boolean} expectedResult
+ *        Whether the chain is expected to validate as EV.
+ */
+function addEVTest(expectedNamesForOCSP, rootCertFileName, intCertFileNames,
+                   endEntityCertFileName, expectedResult)
+{
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = getOCSPResponder(expectedNamesForOCSP);
+
+    loadCert(`${rootCertFileName}.pem`, "CTu,CTu,CTu");
+    for (let intCertFileName of intCertFileNames) {
+      loadCert(`${intCertFileName}.pem`, ",,");
+    }
+    checkEVStatus(certDB, certFromFile(`${endEntityCertFileName}.pem`),
+                  certificateUsageSSLServer, expectedResult);
+
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+function checkEVChains() {
+  // Chain with an end entity cert with a validity period that is acceptable
+  // for EV.
+  const intFullName = "ev_int_60_months-evroot";
+  let eeFullName = `ev_ee_27_months-${intFullName}`;
+  let expectedNamesForOCSP = gEVExpected
+                           ? [ intFullName,
+                               eeFullName ]
+                           : [ eeFullName ];
+  addEVTest(expectedNamesForOCSP, "../test_ev_certs/evroot", [ intFullName ],
+            eeFullName, gEVExpected);
+
+  // Chain with an end entity cert with a validity period that is too long
+  // for EV.
+  eeFullName = `ev_ee_28_months-${intFullName}`;
+  expectedNamesForOCSP = gEVExpected
+                           ? [ intFullName,
+                               eeFullName ]
+                           : [ eeFullName ];
+  addEVTest(expectedNamesForOCSP, "../test_ev_certs/evroot", [ intFullName ],
+            eeFullName, false);
+}
+
+function run_test() {
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  checkEVChains();
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem
new file mode 100644
index 000000000..6a351f0f8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaTCCAlOgAwIBAgIUCfxWL6o44roTydDNAETL0eXxLF4wCwYJKoZIhvcNAQEL
+MCIxIDAeBgNVBAMMF2V2X2ludF82MF9tb250aHMtZXZyb290MCIYDzIwMTUxMTE3
+MDAwMDAwWhgPMjAxODAyMTYwMDAwMDBaMDIxMDAuBgNVBAMMJ2V2X2VlXzI3X21v
+bnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhjCBgzBgBggrBgEF
+BQcBAQRUMFIwUAYIKwYBBQUHMAGGRGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4
+OC9ldl9lZV8yN19tb250aHMtZXZfaW50XzYwX21vbnRocy1ldnJvb3QvMB8GA1Ud
+IAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEAIVNL
+5xN2XbNowmdE1AqGcx+fPzou65QRhhus3kLeDKiULIn8fk75rI9+3oqOpeu908iu
+1BQze/EX24DC8k+vkSWRSud1by/AL1ztnTFuFa1UFxKyTBzn9CGHqOK2fcQ2/TZk
+Zewt7yNcsazKGaf+V2K3slnNOjx1Jx7aby8moA74FzoEv6jCHhfbx5l+Ul5izDZH
+EcBi4kOZR6AFP8RhhG8ohqKXv7pxi7tS2OV75cl0sE4XwKp1UbdH7B2ea/aO9ZY8
+Bkq6vgY6Y2kAp8PE2S6cAY9ugEjoplBUq85/1n5FhpBevhMJ/L7oZ+EhooGowRfH
+VofhfUBd6Cn2fsTiMQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 000000000..d2c7fa127
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_60_months-evroot
+subject:ev_ee_27_months-ev_int_60_months-evroot
+validity:823
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_27_months-ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem
new file mode 100644
index 000000000..28d7bdb90
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaTCCAlOgAwIBAgIUVzCbeSKUj0d/ynX8eWoINELWJi8wCwYJKoZIhvcNAQEL
+MCIxIDAeBgNVBAMMF2V2X2ludF82MF9tb250aHMtZXZyb290MCIYDzIwMTUxMTAx
+MDAwMDAwWhgPMjAxODAzMDQwMDAwMDBaMDIxMDAuBgNVBAMMJ2V2X2VlXzI4X21v
+bnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhjCBgzBgBggrBgEF
+BQcBAQRUMFIwUAYIKwYBBQUHMAGGRGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4
+OC9ldl9lZV8yOF9tb250aHMtZXZfaW50XzYwX21vbnRocy1ldnJvb3QvMB8GA1Ud
+IAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEAjqOB
+RSvTVS9M/STcTmevwdW+JZXFkXvMYQ2TZQNsdKL8jTF7V8yUAuWIXt9dfZksRzCH
+J2M2iFBeme2w9732nv8dLiBvfHNHpWAW8YnQka0+SMXgsD7lMuHgXhbesGoGS6f6
+jtO5TsB+D1pXFncehDcxbW+0Ai1yd5sFuFaq2wN6zgsANzwehXp9qCGQ1jVQ2ti5
+ai4raaipKXEo3j3DxlNPdrdeN0RSimP+Mnyfj8LSxnmZQM1hdwRhJekUPQUux4pZ
+qseofBITmHehriREJRZlzxCzccpr2wCcwUYNBDwSJK91xy0SW2gSAQV0OVx/e3tA
+SqIRcRMdskz9NWa/oA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 000000000..2dcfb2e29
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_60_months-evroot
+subject:ev_ee_28_months-ev_int_60_months-evroot
+validity:854
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_28_months-ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem
new file mode 100644
index 000000000..370f4ff36
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAj2gAwIBAgIUc/8GbZoQxUER+Wpe3STidbOom4UwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MDcwNDAwMDAwMFoYDzIwMTkwNzAy
+MDAwMDAwWjAiMSAwHgYDVQQDDBdldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaOBkTCBjjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBQBggrBgEFBQcBAQRE
+MEIwQAYIKwYBBQUHMAGGNGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9ldl9p
+bnRfNjBfbW9udGhzLWV2cm9vdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa
+AYN0CQEwCwYJKoZIhvcNAQELA4IBAQBKiGfIv5d53ND76/fYD4UrAQCe4K5Ktj8s
+UkVgozmHi5IE7e2Ikzp5gDAEIirehSQAdGI4DXYArZYG7O90isYiItxD/LDh342Z
+sFkg5Zdm6Cmr0V5EZRcWtfj7ZwdTl3/YdI6Sp00BfeTLabsHQD0/trFcd3BcXXLR
++WcNPwrCktVCtem7mgUPa5GTFgUyoOtcVGC5BBk7MqqLBHX6/R4u8oLcNwQOYZ0v
+Ad/6iQCcJ+siLTuQHWB6zu1uLd9CZQXu3pBU43p3WvvQwCPFSfT4wAOEoqn0a9ny
+YWmq+mXlLH0M28x931Ay5/q3TV93fFHVv5bratytdoUBYpsx3Edy
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 000000000..e169514ff
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,8 @@
+issuer:evroot
+subject:ev_int_60_months-evroot
+issuerKey:ev
+validity:1825
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key b/security/manager/ssl/tests/unit/test_validity/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem b/security/manager/ssl/tests/unit/test_validity/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_validity/moz.build b/security/manager/ssl/tests/unit/test_validity/moz.build
new file mode 100644
index 000000000..d2f9bf8d1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/moz.build
@@ -0,0 +1,24 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ev_ee_27_months-ev_int_60_months-evroot.pem',
+#    'ev_ee_28_months-ev_int_60_months-evroot.pem',
+#    'ev_int_60_months-evroot.pem',
+#    'evroot.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'ev_int_60_months-evroot.key',
+#    'evroot.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_weak_crypto.js b/security/manager/ssl/tests/unit/test_weak_crypto.js
new file mode 100644
index 000000000..effedf8e3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_weak_crypto.js
@@ -0,0 +1,273 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests the weak crypto override
+
+const TLS_RSA_WITH_RC4_128_MD5         = 0x0004;
+const TLS_RSA_WITH_RC4_128_SHA         = 0x0005;
+const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007;
+const TLS_ECDHE_RSA_WITH_RC4_128_SHA   = 0xC011;
+
+// Need profile dir to store the key / cert
+do_get_profile();
+// Ensure PSM is initialized
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+const certService = Cc["@mozilla.org/security/local-cert-service;1"]
+                    .getService(Ci.nsILocalCertService);
+const certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                            .getService(Ci.nsICertOverrideService);
+const weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"]
+                           .getService(Ci.nsIWeakCryptoOverride);
+const socketTransportService =
+  Cc["@mozilla.org/network/socket-transport-service;1"]
+  .getService(Ci.nsISocketTransportService);
+
+function getCert() {
+  let deferred = Promise.defer();
+  certService.getOrCreateCert("tls-test", {
+    handleCert: function(c, rv) {
+      if (rv) {
+        deferred.reject(rv);
+        return;
+      }
+      deferred.resolve(c);
+    }
+  });
+  return deferred.promise;
+}
+
+function startServer(cert, rc4only) {
+  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"]
+                  .createInstance(Ci.nsITLSServerSocket);
+  tlsServer.init(-1, true, -1);
+  tlsServer.serverCert = cert;
+
+  let input, output;
+
+  let listener = {
+    onSocketAccepted: function(socket, transport) {
+      do_print("Accept TLS client connection");
+      let connectionInfo = transport.securityInfo
+                           .QueryInterface(Ci.nsITLSServerConnectionInfo);
+      connectionInfo.setSecurityObserver(listener);
+      input = transport.openInputStream(0, 0, 0);
+      output = transport.openOutputStream(0, 0, 0);
+    },
+    onHandshakeDone: function(socket, status) {
+      do_print("TLS handshake done");
+
+      equal(status.tlsVersionUsed, Ci.nsITLSClientStatus.TLS_VERSION_1_2,
+            "Using TLS 1.2");
+      let expectedCipher = rc4only ? "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+                                   : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+      equal(status.cipherName, expectedCipher,
+            "Using expected cipher");
+      equal(status.keyLength, 128, "Using 128-bit key");
+      equal(status.macLength, rc4only ? 160 : 128, "Using MAC of expected length");
+
+      input.asyncWait({
+        onInputStreamReady: function(streamReadyInput) {
+          NetUtil.asyncCopy(streamReadyInput, output);
+        }
+      }, 0, 0, Services.tm.currentThread);
+    },
+    onStopListening: function() {}
+  };
+
+  tlsServer.setSessionCache(false);
+  tlsServer.setSessionTickets(false);
+  tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_NEVER);
+  if (rc4only) {
+    let cipherSuites = [
+      TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+      TLS_RSA_WITH_RC4_128_SHA,
+      TLS_RSA_WITH_RC4_128_MD5
+    ];
+    tlsServer.setCipherSuites(cipherSuites, cipherSuites.length);
+  }
+
+  tlsServer.asyncListen(listener);
+
+  return tlsServer.port;
+}
+
+function storeCertOverride(port, cert) {
+  let overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                     Ci.nsICertOverrideService.ERROR_MISMATCH;
+  certOverrideService.rememberValidityOverride("127.0.0.1", port, cert,
+                                               overrideBits, true);
+}
+
+function startClient(port, expectedResult, options = {}) {
+  let transport =
+    socketTransportService.createTransport(["ssl"], 1, "127.0.0.1", port, null);
+  if (options.isPrivate) {
+    transport.connectionFlags |= Ci.nsISocketTransport.NO_PERMANENT_STORAGE;
+  }
+  let input;
+  let output;
+
+  let deferred = Promise.defer();
+
+  let handler = {
+
+    onTransportStatus: function(unused, status) {
+      if (status === Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+        output.asyncWait(handler, 0, 0, Services.tm.currentThread);
+      }
+    },
+
+    onInputStreamReady: function(streamReadyInput) {
+      try {
+        let data =
+          NetUtil.readInputStreamToString(streamReadyInput,
+                                          streamReadyInput.available());
+        equal(Cr.NS_OK, expectedResult, "Connection should succeed");
+        equal(data, "HELLO", "Echoed data received");
+      } catch (e) {
+        if (!((e.result == Cr.NS_ERROR_NET_RESET) && options.allowReset) &&
+            (e.result != expectedResult)) {
+          deferred.reject(e);
+        }
+      }
+      streamReadyInput.close();
+      output.close();
+      deferred.resolve();
+    },
+
+    onOutputStreamReady: function(streamReadyOutput) {
+      try {
+        try {
+          streamReadyOutput.write("HELLO", 5);
+        } catch (e) {
+          if (e.result == Cr.NS_BASE_STREAM_WOULD_BLOCK) {
+            streamReadyOutput.asyncWait(handler, 0, 0, Services.tm.currentThread);
+            return;
+          }
+          if (e.result != Cr.NS_OK) {
+            ok((e.result === expectedResult) ||
+               (options.allowReset && (e.result === Cr.NS_ERROR_NET_RESET)),
+               "Actual and expected connection result should match");
+            streamReadyOutput.close();
+            deferred.resolve();
+            return;
+          }
+        }
+        do_print("Output to server written");
+        input = transport.openInputStream(0, 0, 0);
+        input.asyncWait(handler, 0, 0, Services.tm.currentThread);
+      } catch (e) {
+        deferred.reject(e);
+      }
+    }
+
+  };
+
+  transport.setEventSink(handler, Services.tm.currentThread);
+  output = transport.openOutputStream(Ci.nsITransport.OPEN_UNBUFFERED, 0, 0);
+  output.QueryInterface(Ci.nsIAsyncOutputStream);
+
+  return deferred.promise;
+}
+
+function run_test() {
+  Services.prefs.setBoolPref("security.tls.unrestricted_rc4_fallback", false);
+  run_next_test();
+}
+
+// for sanity check
+add_task(function* () {
+  let cert = yield getCert();
+  ok(!!cert, "Got self-signed cert");
+  let port = startServer(cert, false);
+  storeCertOverride(port, cert);
+  yield startClient(port, Cr.NS_OK);
+  yield startClient(port, Cr.NS_OK, {isPrivate: true});
+});
+
+add_task(function* () {
+  let cert = yield getCert();
+  ok(!!cert, "Got self-signed cert");
+  let port = startServer(cert, true);
+  storeCertOverride(port, cert);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", true);
+  // private browsing should not affect the permanent storage.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  // The auto-retry on connection reset is implemented in our HTTP layer.
+  // So we will see the crafted NS_ERROR_NET_RESET when we use
+  // nsISocketTransport directly.
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true, allowReset: true});
+  // retry manually to simulate the HTTP layer
+  yield startClient(port, Cr.NS_OK, {isPrivate: true});
+
+  weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, true);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false, true);
+  // temporary override should not change the pref.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {allowReset: true});
+  yield startClient(port, Cr.NS_OK);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false);
+  // permanent override should change the pref.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "127.0.0.1");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {allowReset: true});
+  yield startClient(port, Cr.NS_OK);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  // add a host to the pref to prepare the next test
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {allowReset: true});
+  yield startClient(port, Cr.NS_OK);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "127.0.0.1");
+});
+
+add_task(function* () {
+  let cert = yield getCert();
+  ok(!!cert, "Got self-signed cert");
+  let port = startServer(cert, false);
+  storeCertOverride(port, cert);
+  yield startClient(port, Cr.NS_OK);
+  // Successful strong cipher will remove the host from the pref.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+});
diff --git a/security/manager/ssl/tests/unit/test_x509.js b/security/manager/ssl/tests/unit/test_x509.js
new file mode 100644
index 000000000..4c22e28d1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_x509.js
@@ -0,0 +1,83 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests X509.jsm functionality.
+
+var { X509 } = Cu.import("resource://gre/modules/psm/X509.jsm", {});
+
+function stringToBytes(s) {
+  let b = [];
+  for (let i = 0; i < s.length; i++) {
+    b.push(s.charCodeAt(i));
+  }
+  return b;
+}
+
+function readPEMToBytes(filename) {
+  return stringToBytes(atob(pemToBase64(readFile(do_get_file(filename)))));
+}
+
+function run_test() {
+  let certificate = new X509.Certificate();
+  certificate.parse(readPEMToBytes("bad_certs/default-ee.pem"));
+
+  equal(certificate.tbsCertificate.version, 3,
+        "default-ee.pem should be x509v3");
+
+  // serialNumber
+  deepEqual(certificate.tbsCertificate.serialNumber,
+            [ 0x35, 0x1b, 0xe9, 0x3a, 0x1b, 0x03, 0x1c, 0x46, 0x1b, 0x45,
+              0xfe, 0x9b, 0xb2, 0x20, 0x0f, 0x6e, 0xf2, 0x9e, 0xd9, 0x50 ],
+            "default-ee.pem should have expected serialNumber");
+
+  deepEqual(certificate.tbsCertificate.signature.algorithm._values,
+            [ 1, 2, 840, 113549, 1, 1, 11 ], // sha256WithRSAEncryption
+            "default-ee.pem should have sha256WithRSAEncryption signature");
+  // TODO: there should actually be an explicit encoded NULL here, but it looks
+  // like pycert doesn't include it.
+  deepEqual(certificate.tbsCertificate.signature.parameters, null,
+            "default-ee.pem should have NULL parameters for signature");
+
+  equal(certificate.tbsCertificate.issuer.rdns.length, 1,
+        "default-ee.pem should have one RDN in issuer");
+  equal(certificate.tbsCertificate.issuer.rdns[0].avas.length, 1,
+        "default-ee.pem should have one AVA in RDN in issuer");
+  deepEqual(certificate.tbsCertificate.issuer.rdns[0].avas[0].value.value,
+            stringToBytes("Test CA"),
+            "default-ee.pem should have issuer 'Test CA'");
+
+  equal(certificate.tbsCertificate.validity.notBefore.time.getTime(),
+        Date.parse("2015-11-28T00:00:00.000Z"),
+        "default-ee.pem should have the correct value for notBefore");
+  equal(certificate.tbsCertificate.validity.notAfter.time.getTime(),
+        Date.parse("2018-02-05T00:00:00.000Z"),
+        "default-ee.pem should have the correct value for notAfter");
+
+  equal(certificate.tbsCertificate.subject.rdns.length, 1,
+        "default-ee.pem should have one RDN in subject");
+  equal(certificate.tbsCertificate.subject.rdns[0].avas.length, 1,
+        "default-ee.pem should have one AVA in RDN in subject");
+  deepEqual(certificate.tbsCertificate.subject.rdns[0].avas[0].value.value,
+            stringToBytes("Test End-entity"),
+            "default-ee.pem should have subject 'Test End-entity'");
+
+  deepEqual(certificate.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm._values,
+            [ 1, 2, 840, 113549, 1, 1, 1 ], // rsaEncryption
+            "default-ee.pem should have a spki algorithm of rsaEncryption");
+
+  equal(certificate.tbsCertificate.extensions.length, 2,
+        "default-ee.pem should have two extensions");
+
+  deepEqual(certificate.signatureAlgorithm.algorithm._values,
+            [ 1, 2, 840, 113549, 1, 1, 11 ], // sha256WithRSAEncryption
+            "default-ee.pem should have sha256WithRSAEncryption signatureAlgorithm");
+  // TODO: there should actually be an explicit encoded NULL here, but it looks
+  // like pycert doesn't include it.
+  deepEqual(certificate.signatureAlgorithm.parameters, null,
+            "default-ee.pem should have NULL parameters for signatureAlgorithm");
+
+  equal(certificate.signatureValue.length, 2048 / 8,
+        "length of signature on default-ee.pem should be 2048 bits");
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
new file mode 100644
index 000000000..348dcfc5c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that uses various bad certificates.
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the certificate.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdio.h>
+
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct BadCertHost
+{
+  const char *mHostName;
+  const char *mCertName;
+};
+
+// Hostname, cert nickname pairs.
+const BadCertHost sBadCertHosts[] =
+{
+  { "expired.example.com", "expired-ee" },
+  { "notyetvalid.example.com", "notYetValid" },
+  { "before-epoch.example.com", "beforeEpoch" },
+  { "selfsigned.example.com", "selfsigned" },
+  { "unknownissuer.example.com", "unknownissuer" },
+  { "mismatch.example.com", "mismatch" },
+  { "mismatch-CN.example.com", "mismatchCN" },
+  { "expiredissuer.example.com", "expiredissuer" },
+  { "notyetvalidissuer.example.com", "notYetValidIssuer" },
+  { "before-epoch-issuer.example.com", "beforeEpochIssuer" },
+  { "md5signature.example.com", "md5signature" },
+  { "untrusted.example.com", "default-ee" },
+  { "untrustedissuer.example.com", "untrustedissuer" },
+  { "mismatch-expired.example.com", "mismatch-expired" },
+  { "mismatch-notYetValid.example.com", "mismatch-notYetValid" },
+  { "mismatch-untrusted.example.com", "mismatch-untrusted" },
+  { "untrusted-expired.example.com", "untrusted-expired" },
+  { "md5signature-expired.example.com", "md5signature-expired" },
+  { "mismatch-untrusted-expired.example.com", "mismatch-untrusted-expired" },
+  { "inadequatekeyusage.example.com", "inadequatekeyusage-ee" },
+  { "selfsigned-inadequateEKU.example.com", "selfsigned-inadequateEKU" },
+  { "self-signed-end-entity-with-cA-true.example.com", "self-signed-EE-with-cA-true" },
+  { "ca-used-as-end-entity.example.com", "ca-used-as-end-entity" },
+  { "ca-used-as-end-entity-name-mismatch.example.com", "ca-used-as-end-entity" },
+  // All of include-subdomains.pinning.example.com is pinned to End Entity
+  // Test Cert with nick default-ee. Any other nick will only
+  // pass pinning when security.cert_pinning.enforcement.level != strict and
+  // otherCA is added as a user-specified trust anchor. See StaticHPKPins.h.
+  { "include-subdomains.pinning.example.com", "default-ee" },
+  { "good.include-subdomains.pinning.example.com", "default-ee" },
+  { "bad.include-subdomains.pinning.example.com", "other-issuer-ee" },
+  { "bad.include-subdomains.pinning.example.com.", "other-issuer-ee" },
+  { "bad.include-subdomains.pinning.example.com..", "other-issuer-ee" },
+  { "exclude-subdomains.pinning.example.com", "default-ee" },
+  { "sub.exclude-subdomains.pinning.example.com", "other-issuer-ee" },
+  { "test-mode.pinning.example.com", "other-issuer-ee" },
+  { "unknownissuer.include-subdomains.pinning.example.com", "unknownissuer" },
+  { "unknownissuer.test-mode.pinning.example.com", "unknownissuer" },
+  { "nsCertTypeNotCritical.example.com", "nsCertTypeNotCritical" },
+  { "nsCertTypeCriticalWithExtKeyUsage.example.com", "nsCertTypeCriticalWithExtKeyUsage" },
+  { "nsCertTypeCritical.example.com", "nsCertTypeCritical" },
+  { "end-entity-issued-by-v1-cert.example.com", "eeIssuedByV1Cert" },
+  { "end-entity-issued-by-non-CA.example.com", "eeIssuedByNonCA" },
+  { "inadequate-key-size-ee.example.com", "inadequateKeySizeEE" },
+  { "badSubjectAltNames.example.com", "badSubjectAltNames" },
+  { "ipAddressAsDNSNameInSAN.example.com", "ipAddressAsDNSNameInSAN" },
+  { "noValidNames.example.com", "noValidNames" },
+  { "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", "idn-certificate" },
+  { "emptyissuername.example.com", "emptyIssuerName" },
+  { "ev-test.example.com", "ev-test" },
+  { nullptr, nullptr }
+};
+
+int32_t
+DoSNISocketConfigBySubjectCN(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                             uint32_t aSrvNameArrSize)
+{
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    UniquePORTString name(
+      static_cast<char*>(PORT_ZAlloc(aSrvNameArr[i].len + 1)));
+    if (name) {
+      PORT_Memcpy(name.get(), aSrvNameArr[i].data, aSrvNameArr[i].len);
+      if (ConfigSecureServerWithNamedCert(aFd, name.get(), nullptr, nullptr)
+            == SECSuccess) {
+        return 0;
+      }
+    }
+  }
+
+  return SSL_SNI_SEND_ALERT;
+}
+
+int32_t
+DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                  uint32_t aSrvNameArrSize, void* aArg)
+{
+  const BadCertHost* host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize,
+                                          sBadCertHosts);
+  if (!host) {
+    // No static cert <-> hostname mapping found. This happens when we use a
+    // collection of certificates in a given directory and build a cert DB at
+    // runtime, rather than using an NSS cert DB populated at build time.
+    // (This will be the default in the future.)
+    // For all given server names, check if the runtime-built cert DB contains
+    // a certificate with a matching subject CN.
+    return DoSNISocketConfigBySubjectCN(aFd, aSrvNameArr, aSrvNameArrSize);
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, host->mCertName,
+                                                    &cert, &certKEA)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+  if (argc != 2) {
+    fprintf(stderr, "usage: %s <NSS DB directory>\n", argv[0]);
+    return 1;
+  }
+
+  return StartServer(argv[1], DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
new file mode 100644
index 000000000..775f1f06e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
@@ -0,0 +1,170 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 sw=2 tw=80 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This simple program takes a database directory, and one or more tuples like
+ * <typeOfResponse> <CertNick> <ExtraCertNick> <outPutFilename>
+ * to generate (one or more) ocsp responses.
+ */
+
+#include <stdio.h>
+#include <string>
+#include <vector>
+
+#include "mozilla/ArrayUtils.h"
+
+#include "base64.h"
+#include "cert.h"
+#include "nspr.h"
+#include "nss.h"
+#include "plarenas.h"
+#include "prerror.h"
+#include "ssl.h"
+#include "secerr.h"
+
+#include "OCSPCommon.h"
+#include "ScopedNSSTypes.h"
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct OCSPResponseName
+{
+  const char *mTypeString;
+  const OCSPResponseType mORT;
+};
+
+const static OCSPResponseName kOCSPResponseNameList[] = {
+  { "good",            ORTGood },          // the certificate is good
+  { "good-delegated",  ORTDelegatedIncluded}, // the certificate is good, using
+                                           // a delegated signer
+  { "revoked",         ORTRevoked},        // the certificate has been revoked
+  { "unknown",         ORTUnknown},        // the responder doesn't know if the
+                                           //   cert is good
+  { "goodotherca",     ORTGoodOtherCA},    // the wrong CA has signed the
+                                           //   response
+  { "expiredresponse", ORTExpired},        // the signature on the response has
+                                           //   expired
+  { "oldvalidperiod",  ORTExpiredFreshCA}, // fresh signature, but old validity
+                                           //   period
+  { "empty",           ORTEmpty},          // an empty stapled response
+
+  { "malformed",       ORTMalformed},      // the response from the responder
+                                           //   was malformed
+  { "serverr",         ORTSrverr},         // the response indicates there was a
+                                           //   server error
+  { "trylater",        ORTTryLater},       // the responder replied with
+                                           //   "try again later"
+  { "resp-unsigned",   ORTNeedsSig},       // the response needs a signature
+  { "unauthorized",    ORTUnauthorized},   // the responder does not know about
+                                           //   the cert
+  { "bad-signature",   ORTBadSignature},   // the response has a bad signature
+  { "longvalidityalmostold", ORTLongValidityAlmostExpired}, // the response is
+                                           // still valid, but the generation
+                                           // is almost a year old
+  { "ancientstillvalid", ORTAncientAlmostExpired}, // The response is still
+                                           // valid but the generation is almost
+                                           // two years old
+};
+
+bool
+StringToOCSPResponseType(const char* respText,
+                         /*out*/ OCSPResponseType* OCSPType)
+{
+  if (!OCSPType) {
+    return false;
+  }
+  for (uint32_t i = 0; i < mozilla::ArrayLength(kOCSPResponseNameList); i++) {
+    if (strcmp(respText, kOCSPResponseNameList[i].mTypeString) == 0) {
+      *OCSPType = kOCSPResponseNameList[i].mORT;
+      return true;
+    }
+  }
+  return false;
+}
+
+bool
+WriteResponse(const char* filename, const SECItem* item)
+{
+  if (!filename || !item || !item->data) {
+    PR_fprintf(PR_STDERR, "invalid parameters to WriteResponse");
+    return false;
+  }
+
+  UniquePRFileDesc outFile(PR_Open(filename,
+                                   PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                                   0644));
+  if (!outFile) {
+    PrintPRError("cannot open file for writing");
+    return false;
+  }
+  int32_t rv = PR_Write(outFile.get(), item->data, item->len);
+  if (rv < 0 || (uint32_t) rv != item->len) {
+    PrintPRError("File write failure");
+    return false;
+  }
+
+  return true;
+}
+
+int
+main(int argc, char* argv[])
+{
+
+  if (argc < 6 || (argc - 6) % 4 != 0) {
+    PR_fprintf(PR_STDERR, "usage: %s <NSS DB directory> <responsetype> "
+                          "<cert_nick> <extranick> <outfilename> [<resptype> "
+                          "<cert_nick> <extranick> <outfilename>]* \n",
+                          argv[0]);
+    exit(EXIT_FAILURE);
+  }
+  SECStatus rv = InitializeNSS(argv[1]);
+  if (rv != SECSuccess) {
+    PR_fprintf(PR_STDERR, "Failed to initialize NSS\n");
+    exit(EXIT_FAILURE);
+  }
+  UniquePLArenaPool arena(PORT_NewArena(256 * argc));
+  if (!arena) {
+    PrintPRError("PORT_NewArena failed");
+    exit(EXIT_FAILURE);
+  }
+
+  for (int i = 2; i + 3 < argc; i += 4) {
+    const char* ocspTypeText  = argv[i];
+    const char* certNick      = argv[i + 1];
+    const char* extraCertname = argv[i + 2];
+    const char* filename      = argv[i + 3];
+
+    OCSPResponseType ORT;
+    if (!StringToOCSPResponseType(ocspTypeText, &ORT)) {
+      PR_fprintf(PR_STDERR, "Cannot generate OCSP response of type %s\n",
+                 ocspTypeText);
+      exit(EXIT_FAILURE);
+    }
+
+    UniqueCERTCertificate cert(PK11_FindCertFromNickname(certNick, nullptr));
+    if (!cert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      PR_fprintf(PR_STDERR, "Failed to find certificate with nick '%s'\n",
+                 certNick);
+      exit(EXIT_FAILURE);
+    }
+
+    SECItemArray* response = GetOCSPResponseForType(ORT, cert, arena,
+                                                    extraCertname);
+    if (!response) {
+      PR_fprintf(PR_STDERR, "Failed to generate OCSP response of type %s "
+                            "for %s\n", ocspTypeText, certNick);
+      exit(EXIT_FAILURE);
+    }
+
+    if (!WriteResponse(filename, &response->items[0])) {
+      PR_fprintf(PR_STDERR, "Failed to write file %s\n", filename);
+      exit(EXIT_FAILURE);
+    }
+  }
+  return 0;
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
new file mode 100644
index 000000000..6bf33a143
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
@@ -0,0 +1,129 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that delivers various stapled OCSP responses.
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the OCSP response.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdio.h>
+
+#include "OCSPCommon.h"
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+const OCSPHost sOCSPHosts[] =
+{
+  { "ocsp-stapling-good.example.com", ORTGood, nullptr, nullptr },
+  { "ocsp-stapling-revoked.example.com", ORTRevoked, nullptr, nullptr },
+  { "ocsp-stapling-revoked-old.example.com", ORTRevokedOld, nullptr, nullptr },
+  { "ocsp-stapling-unknown.example.com", ORTUnknown, nullptr, nullptr },
+  { "ocsp-stapling-unknown-old.example.com", ORTUnknownOld, nullptr, nullptr },
+  { "ocsp-stapling-good-other.example.com", ORTGoodOtherCert, "ocspOtherEndEntity", nullptr },
+  { "ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA, "other-test-ca", nullptr },
+  { "ocsp-stapling-expired.example.com", ORTExpired, nullptr, nullptr },
+  { "ocsp-stapling-expired-fresh-ca.example.com", ORTExpiredFreshCA, nullptr, nullptr },
+  { "ocsp-stapling-none.example.com", ORTNone, nullptr, nullptr },
+  { "ocsp-stapling-empty.example.com", ORTEmpty, nullptr, nullptr },
+  { "ocsp-stapling-malformed.example.com", ORTMalformed, nullptr, nullptr },
+  { "ocsp-stapling-srverr.example.com", ORTSrverr, nullptr, nullptr },
+  { "ocsp-stapling-trylater.example.com", ORTTryLater, nullptr, nullptr },
+  { "ocsp-stapling-needssig.example.com", ORTNeedsSig, nullptr, nullptr },
+  { "ocsp-stapling-unauthorized.example.com", ORTUnauthorized, nullptr, nullptr },
+  { "ocsp-stapling-with-intermediate.example.com", ORTGood, nullptr, "ocspEEWithIntermediate" },
+  { "ocsp-stapling-bad-signature.example.com", ORTBadSignature, nullptr, nullptr },
+  { "ocsp-stapling-skip-responseBytes.example.com", ORTSkipResponseBytes, nullptr, nullptr },
+  { "ocsp-stapling-critical-extension.example.com", ORTCriticalExtension, nullptr, nullptr },
+  { "ocsp-stapling-noncritical-extension.example.com", ORTNoncriticalExtension, nullptr, nullptr },
+  { "ocsp-stapling-empty-extensions.example.com", ORTEmptyExtensions, nullptr, nullptr },
+  { "ocsp-stapling-delegated-included.example.com", ORTDelegatedIncluded, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-included-last.example.com", ORTDelegatedIncludedLast, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-missing.example.com", ORTDelegatedMissing, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-missing-multiple.example.com", ORTDelegatedMissingMultiple, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-no-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerNoExtKeyUsage", nullptr },
+  { "ocsp-stapling-delegated-from-intermediate.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerFromIntermediate", nullptr },
+  { "ocsp-stapling-delegated-keyUsage-crlSigning.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerKeyUsageCrlSigning", nullptr },
+  { "ocsp-stapling-delegated-wrong-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerWrongExtKeyUsage", nullptr },
+  { "ocsp-stapling-ancient-valid.example.com", ORTAncientAlmostExpired, nullptr, nullptr },
+  { "keysize-ocsp-delegated.example.com", ORTDelegatedIncluded, "rsa-1016-keysizeDelegatedSigner", nullptr },
+  { "revoked-ca-cert-used-as-end-entity.example.com", ORTRevoked, "ca-used-as-end-entity", nullptr },
+  { "ocsp-stapling-must-staple.example.com", ORTGood, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-revoked.example.com", ORTRevoked, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-missing.example.com", ORTNone, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-empty.example.com", ORTEmpty, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com", ORTGood, nullptr, "must-staple-ee-with-must-staple-int" },
+  { "ocsp-stapling-plain-ee-with-must-staple-int.example.com", ORTGood, nullptr, "must-staple-missing-ee" },
+  { "multi-tls-feature-good.example.com", ORTNone, nullptr, "multi-tls-feature-good-ee" },
+  { "multi-tls-feature-bad.example.com", ORTNone, nullptr, "multi-tls-feature-bad-ee" },
+  { nullptr, ORTNull, nullptr, nullptr }
+};
+
+int32_t
+DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr,
+                  uint32_t aSrvNameArrSize, void *aArg)
+{
+  const OCSPHost *host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize,
+                                       sOCSPHosts);
+  if (!host) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  const char *certNickname = host->mServerCertName ? host->mServerCertName
+                                                   : DEFAULT_CERT_NICKNAME;
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, certNickname,
+                                                    &cert, &certKEA)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // If the OCSP response type is "none", don't staple a response.
+  if (host->mORT == ORTNone) {
+    return 0;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(1024));
+  if (!arena) {
+    PrintPRError("PORT_NewArena failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // response is contained by the arena - freeing the arena will free it
+  SECItemArray *response = GetOCSPResponseForType(host->mORT, cert, arena,
+                                                  host->mAdditionalCertName);
+  if (!response) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // SSL_SetStapledOCSPResponses makes a deep copy of response
+  SECStatus st = SSL_SetStapledOCSPResponses(aFd, response, certKEA);
+  if (st != SECSuccess) {
+    PrintPRError("SSL_SetStapledOCSPResponses failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+  if (argc != 2) {
+    fprintf(stderr, "usage: %s <NSS DB directory>\n", argv[0]);
+    return 1;
+  }
+
+  return StartServer(argv[1], DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build
new file mode 100644
index 000000000..6fdd0c35b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build
@@ -0,0 +1,25 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+GeckoSimplePrograms([
+    'BadCertServer',
+    'GenerateOCSPResponse',
+    'OCSPStaplingServer',
+], linkage=None)
+
+LOCAL_INCLUDES += [
+    '../lib',
+]
+
+USE_LIBS += [
+    'mozillapkix',
+    'nspr',
+    'nss',
+    'pkixtestutil',
+    'tlsserver',
+]
+
+CXXFLAGS += CONFIG['TK_CFLAGS']
diff --git a/security/manager/ssl/tests/unit/tlsserver/default-ee.der b/security/manager/ssl/tests/unit/tlsserver/default-ee.der
new file mode 100644
index 000000000..3a9b8fa9b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/default-ee.der
@@ -0,0 +1,3 @@
+This is now an unused file. It exists to ease the coordination between gecko
+development trees and the automation infrastructure that runs periodic updates.
+See bug 1203312 and bug 1205406.
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
new file mode 100644
index 000000000..5c99edade
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
@@ -0,0 +1,215 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "OCSPCommon.h"
+
+#include <stdio.h>
+
+#include "pkixtestutil.h"
+#include "TLSServer.h"
+#include "secder.h"
+#include "secerr.h"
+
+namespace mozilla { namespace pkix { namespace test {
+
+// Ownership of privateKey is transfered.
+TestKeyPair* CreateTestKeyPair(const TestPublicKeyAlgorithm publicKeyAlg,
+                               const SECKEYPublicKey& publicKey,
+                               SECKEYPrivateKey* privateKey);
+
+} } } // namespace mozilla::pkix::test
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::pkix::test;
+using namespace mozilla::test;
+
+static TestKeyPair*
+CreateTestKeyPairFromCert(const UniqueCERTCertificate& cert)
+{
+  UniqueSECKEYPrivateKey privateKey(PK11_FindKeyByAnyCert(cert.get(), nullptr));
+  if (!privateKey) {
+    return nullptr;
+  }
+  UniqueSECKEYPublicKey publicKey(CERT_ExtractPublicKey(cert.get()));
+  if (!publicKey) {
+    return nullptr;
+  }
+  return CreateTestKeyPair(RSA_PKCS1(), *publicKey.get(), privateKey.release());
+}
+
+SECItemArray*
+GetOCSPResponseForType(OCSPResponseType aORT, const UniqueCERTCertificate& aCert,
+                       const UniquePLArenaPool& aArena,
+                       const char* aAdditionalCertName)
+{
+  MOZ_ASSERT(aArena);
+  MOZ_ASSERT(aCert);
+  // Note: |aAdditionalCertName| may or may not need to be non-null depending
+  //       on the |aORT| value given.
+
+  if (aORT == ORTNone) {
+    if (gDebugLevel >= DEBUG_WARNINGS) {
+      fprintf(stderr, "GetOCSPResponseForType called with type ORTNone, "
+                      "which makes no sense.\n");
+    }
+    return nullptr;
+  }
+
+  if (aORT == ORTEmpty) {
+    SECItemArray* arr = SECITEM_AllocArray(aArena.get(), nullptr, 1);
+    arr->items[0].data = nullptr;
+    arr->items[0].len = 0;
+    return arr;
+  }
+
+  time_t now = time(nullptr);
+  time_t oldNow = now - (8 * Time::ONE_DAY_IN_SECONDS);
+
+  mozilla::UniqueCERTCertificate cert(CERT_DupCertificate(aCert.get()));
+
+  if (aORT == ORTGoodOtherCert) {
+    cert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr));
+    if (!cert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      return nullptr;
+    }
+  }
+  // XXX CERT_FindCertIssuer uses the old, deprecated path-building logic
+  mozilla::UniqueCERTCertificate
+    issuerCert(CERT_FindCertIssuer(aCert.get(), PR_Now(), certUsageSSLCA));
+  if (!issuerCert) {
+    PrintPRError("CERT_FindCertIssuer failed");
+    return nullptr;
+  }
+  Input issuer;
+  if (issuer.Init(cert->derIssuer.data, cert->derIssuer.len) != Success) {
+    return nullptr;
+  }
+  Input issuerPublicKey;
+  if (issuerPublicKey.Init(issuerCert->derPublicKey.data,
+                           issuerCert->derPublicKey.len) != Success) {
+    return nullptr;
+  }
+  Input serialNumber;
+  if (serialNumber.Init(cert->serialNumber.data,
+                        cert->serialNumber.len) != Success) {
+    return nullptr;
+  }
+  CertID certID(issuer, issuerPublicKey, serialNumber);
+  OCSPResponseContext context(certID, now);
+
+  mozilla::UniqueCERTCertificate signerCert;
+  if (aORT == ORTGoodOtherCA || aORT == ORTDelegatedIncluded ||
+      aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissing ||
+      aORT == ORTDelegatedMissingMultiple) {
+    signerCert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr));
+    if (!signerCert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      return nullptr;
+    }
+  }
+
+  ByteString certs[5];
+
+  if (aORT == ORTDelegatedIncluded) {
+    certs[0].assign(signerCert->derCert.data, signerCert->derCert.len);
+    context.certs = certs;
+  }
+  if (aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissingMultiple) {
+    certs[0].assign(issuerCert->derCert.data, issuerCert->derCert.len);
+    certs[1].assign(cert->derCert.data, cert->derCert.len);
+    certs[2].assign(issuerCert->derCert.data, issuerCert->derCert.len);
+    if (aORT != ORTDelegatedMissingMultiple) {
+      certs[3].assign(signerCert->derCert.data, signerCert->derCert.len);
+    }
+    context.certs = certs;
+  }
+
+  switch (aORT) {
+    case ORTMalformed:
+      context.responseStatus = 1;
+      break;
+    case ORTSrverr:
+      context.responseStatus = 2;
+      break;
+    case ORTTryLater:
+      context.responseStatus = 3;
+      break;
+    case ORTNeedsSig:
+      context.responseStatus = 5;
+      break;
+    case ORTUnauthorized:
+      context.responseStatus = 6;
+      break;
+    default:
+      // context.responseStatus is 0 in all other cases, and it has
+      // already been initialized in the constructor.
+      break;
+  }
+  if (aORT == ORTSkipResponseBytes) {
+    context.skipResponseBytes = true;
+  }
+  if (aORT == ORTExpired || aORT == ORTExpiredFreshCA ||
+      aORT == ORTRevokedOld || aORT == ORTUnknownOld) {
+    context.thisUpdate = oldNow;
+    context.nextUpdate = oldNow + Time::ONE_DAY_IN_SECONDS;
+  }
+  if (aORT == ORTLongValidityAlmostExpired) {
+    context.thisUpdate = now - (320 * Time::ONE_DAY_IN_SECONDS);
+  }
+  if (aORT == ORTAncientAlmostExpired) {
+    context.thisUpdate = now - (640 * Time::ONE_DAY_IN_SECONDS);
+  }
+  if (aORT == ORTRevoked || aORT == ORTRevokedOld) {
+    context.certStatus = 1;
+  }
+  if (aORT == ORTUnknown || aORT == ORTUnknownOld) {
+    context.certStatus = 2;
+  }
+  if (aORT == ORTBadSignature) {
+    context.badSignature = true;
+  }
+  OCSPResponseExtension extension;
+  if (aORT == ORTCriticalExtension || aORT == ORTNoncriticalExtension) {
+    // python DottedOIDToCode.py --tlv some-Mozilla-OID 1.3.6.1.4.1.13769.666.666.666.1.500.9.2
+    static const uint8_t tlv_some_Mozilla_OID[] = {
+      0x06, 0x12, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xeb, 0x49, 0x85, 0x1a, 0x85,
+      0x1a, 0x85, 0x1a, 0x01, 0x83, 0x74, 0x09, 0x02
+    };
+
+    extension.id.assign(tlv_some_Mozilla_OID, sizeof(tlv_some_Mozilla_OID));
+    extension.critical = (aORT == ORTCriticalExtension);
+    extension.value.push_back(0x05); // tag: NULL
+    extension.value.push_back(0x00); // length: 0
+    extension.next = nullptr;
+    context.responseExtensions = &extension;
+  }
+  if (aORT == ORTEmptyExtensions) {
+    context.includeEmptyExtensions = true;
+  }
+
+  if (!signerCert) {
+    signerCert.reset(CERT_DupCertificate(issuerCert.get()));
+  }
+  context.signerKeyPair.reset(CreateTestKeyPairFromCert(signerCert));
+  if (!context.signerKeyPair) {
+    PrintPRError("PK11_FindKeyByAnyCert failed");
+    return nullptr;
+  }
+
+  ByteString response(CreateEncodedOCSPResponse(context));
+  if (ENCODING_FAILED(response)) {
+    PrintPRError("CreateEncodedOCSPResponse failed");
+    return nullptr;
+  }
+
+  SECItem item = {
+    siBuffer,
+    const_cast<uint8_t*>(response.data()),
+    static_cast<unsigned int>(response.length())
+  };
+  SECItemArray arr = { &item, 1 };
+  return SECITEM_DupArray(aArena.get(), &arr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
new file mode 100644
index 000000000..5a88d6e52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
@@ -0,0 +1,61 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Implements generating OCSP responses of various types. Used by the
+// programs in tlsserver/cmd.
+
+#ifndef OCSPCommon_h
+#define OCSPCommon_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "seccomon.h"
+
+enum OCSPResponseType
+{
+  ORTNull = 0,
+  ORTGood,             // the certificate is good
+  ORTRevoked,          // the certificate has been revoked
+  ORTRevokedOld,       // same, but the response is old
+  ORTUnknown,          // the responder doesn't know if the cert is good
+  ORTUnknownOld,       // same, but the response is old
+  ORTGoodOtherCert,    // the response references a different certificate
+  ORTGoodOtherCA,      // the wrong CA has signed the response
+  ORTExpired,          // the signature on the response has expired
+  ORTExpiredFreshCA,   // fresh signature, but old validity period
+  ORTNone,             // no stapled response
+  ORTEmpty,            // an empty stapled response
+  ORTMalformed,        // the response from the responder was malformed
+  ORTSrverr,           // the response indicates there was a server error
+  ORTTryLater,         // the responder replied with "try again later"
+  ORTNeedsSig,         // the response needs a signature
+  ORTUnauthorized,     // the responder is not authorized for this certificate
+  ORTBadSignature,     // the response has a signature that does not verify
+  ORTSkipResponseBytes, // the response does not include responseBytes
+  ORTCriticalExtension, // the response includes a critical extension
+  ORTNoncriticalExtension, // the response includes an extension that is not critical
+  ORTEmptyExtensions,  // the response includes a SEQUENCE OF Extension that is empty
+  ORTDelegatedIncluded, // the response is signed by an included delegated responder
+  ORTDelegatedIncludedLast, // same, but multiple other certificates are included
+  ORTDelegatedMissing, // the response is signed by a not included delegated responder
+  ORTDelegatedMissingMultiple, // same, but multiple other certificates are included
+  ORTLongValidityAlmostExpired, // a good response, but that was generated a almost a year ago
+  ORTAncientAlmostExpired, // a good response, with a validity of almost two years almost expiring
+};
+
+struct OCSPHost
+{
+  const char *mHostName;
+  OCSPResponseType mORT;
+  const char *mAdditionalCertName; // useful for ORTGoodOtherCert, etc.
+  const char *mServerCertName;
+};
+
+SECItemArray*
+GetOCSPResponseForType(OCSPResponseType aORT,
+                       const mozilla::UniqueCERTCertificate& aCert,
+                       const mozilla::UniquePLArenaPool& aArena,
+                       const char* aAdditionalCertName);
+
+#endif // OCSPCommon_h
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
new file mode 100644
index 000000000..fcf6aa951
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
@@ -0,0 +1,600 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "TLSServer.h"
+
+#include <stdio.h>
+#include <string>
+#include <vector>
+
+#include "base64.h"
+#include "mozilla/Move.h"
+#include "mozilla/Sprintf.h"
+#include "nspr.h"
+#include "nss.h"
+#include "plarenas.h"
+#include "prenv.h"
+#include "prerror.h"
+#include "prnetdb.h"
+#include "prtime.h"
+#include "ssl.h"
+
+namespace mozilla { namespace test {
+
+static const uint16_t LISTEN_PORT = 8443;
+
+DebugLevel gDebugLevel = DEBUG_ERRORS;
+uint16_t gCallbackPort = 0;
+
+const char DEFAULT_CERT_NICKNAME[] = "default-ee";
+
+struct Connection
+{
+  PRFileDesc *mSocket;
+  char mByte;
+
+  explicit Connection(PRFileDesc *aSocket);
+  ~Connection();
+};
+
+Connection::Connection(PRFileDesc *aSocket)
+: mSocket(aSocket)
+, mByte(0)
+{}
+
+Connection::~Connection()
+{
+  if (mSocket) {
+    PR_Close(mSocket);
+  }
+}
+
+void
+PrintPRError(const char *aPrefix)
+{
+  const char *err = PR_ErrorToName(PR_GetError());
+  if (err) {
+    if (gDebugLevel >= DEBUG_ERRORS) {
+      fprintf(stderr, "%s: %s\n", aPrefix, err);
+    }
+  } else {
+    if (gDebugLevel >= DEBUG_ERRORS) {
+      fprintf(stderr, "%s\n", aPrefix);
+    }
+  }
+}
+
+template <size_t N>
+SECStatus
+ReadFileToBuffer(const char* basePath, const char* filename, char (&buf)[N])
+{
+  static_assert(N > 0, "input buffer too small for ReadFileToBuffer");
+  if (snprintf(buf, N - 1, "%s/%s", basePath, filename) == 0) {
+    PrintPRError("snprintf failed");
+    return SECFailure;
+  }
+  UniquePRFileDesc fd(PR_OpenFile(buf, PR_RDONLY, 0));
+  if (!fd) {
+    PrintPRError("PR_Open failed");
+    return SECFailure;
+  }
+  int32_t fileSize = PR_Available(fd.get());
+  if (fileSize < 0) {
+    PrintPRError("PR_Available failed");
+    return SECFailure;
+  }
+  if (static_cast<size_t>(fileSize) > N - 1) {
+    PR_fprintf(PR_STDERR, "file too large - not reading\n");
+    return SECFailure;
+  }
+  int32_t bytesRead = PR_Read(fd.get(), buf, fileSize);
+  if (bytesRead != fileSize) {
+    PrintPRError("PR_Read failed");
+    return SECFailure;
+  }
+  buf[bytesRead] = 0;
+  return SECSuccess;
+}
+
+SECStatus
+AddKeyFromFile(const char* basePath, const char* filename)
+{
+  const char* PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
+  const char* PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
+
+  char buf[16384] = { 0 };
+  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+  if (strncmp(buf, PRIVATE_KEY_HEADER, strlen(PRIVATE_KEY_HEADER)) != 0) {
+    PR_fprintf(PR_STDERR, "invalid key - not importing\n");
+    return SECFailure;
+  }
+  const char* bufPtr = buf + strlen(PRIVATE_KEY_HEADER);
+  size_t bufLen = strlen(buf);
+  char base64[16384] = { 0 };
+  char* base64Ptr = base64;
+  while (bufPtr < buf + bufLen) {
+    if (strncmp(bufPtr, PRIVATE_KEY_FOOTER, strlen(PRIVATE_KEY_FOOTER)) == 0) {
+      break;
+    }
+    if (*bufPtr != '\r' && *bufPtr != '\n') {
+      *base64Ptr = *bufPtr;
+      base64Ptr++;
+    }
+    bufPtr++;
+  }
+
+  unsigned int binLength;
+  UniquePORTString bin(
+    BitwiseCast<char*, unsigned char*>(ATOB_AsciiToData(base64, &binLength)));
+  if (!bin || binLength == 0) {
+    PrintPRError("ATOB_AsciiToData failed");
+    return SECFailure;
+  }
+  UniqueSECItem secitem(::SECITEM_AllocItem(nullptr, nullptr, binLength));
+  if (!secitem) {
+    PrintPRError("SECITEM_AllocItem failed");
+    return SECFailure;
+  }
+  PORT_Memcpy(secitem->data, bin.get(), binLength);
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  if (PK11_NeedUserInit(slot.get())) {
+    if (PK11_InitPin(slot.get(), nullptr, nullptr) != SECSuccess) {
+      PrintPRError("PK11_InitPin failed");
+      return SECFailure;
+    }
+  }
+  SECKEYPrivateKey* privateKey;
+  if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot.get(), secitem.get(),
+                                               nullptr, nullptr, true, false,
+                                               KU_ALL, &privateKey, nullptr)
+        != SECSuccess) {
+    PrintPRError("PK11_ImportDERPrivateKeyInfoAndReturnKey failed");
+    return SECFailure;
+  }
+  SECKEY_DestroyPrivateKey(privateKey);
+  return SECSuccess;
+}
+
+SECStatus
+DecodeCertCallback(void* arg, SECItem** certs, int numcerts)
+{
+  if (numcerts != 1) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+
+  SECItem* certDEROut = static_cast<SECItem*>(arg);
+  return SECITEM_CopyItem(nullptr, certDEROut, *certs);
+}
+
+SECStatus
+AddCertificateFromFile(const char* basePath, const char* filename)
+{
+  char buf[16384] = { 0 };
+  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+  ScopedAutoSECItem certDER;
+  rv = CERT_DecodeCertPackage(buf, strlen(buf), DecodeCertCallback, &certDER);
+  if (rv != SECSuccess) {
+    PrintPRError("CERT_DecodeCertPackage failed");
+    return rv;
+  }
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                                     &certDER, nullptr, false,
+                                                     true));
+  if (!cert) {
+    PrintPRError("CERT_NewTempCertificate failed");
+    return SECFailure;
+  }
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  // The nickname is the filename without '.pem'.
+  std::string nickname(filename, strlen(filename) - 4);
+  rv = PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE,
+                       nickname.c_str(), false);
+  if (rv != SECSuccess) {
+    PrintPRError("PK11_ImportCert failed");
+    return rv;
+  }
+  return SECSuccess;
+}
+
+SECStatus
+LoadCertificatesAndKeys(const char* basePath)
+{
+  // The NSS cert DB path could have been specified as "sql:path". Trim off
+  // the leading "sql:" if so.
+  if (strncmp(basePath, "sql:", 4) == 0) {
+    basePath = basePath + 4;
+  }
+
+  UniquePRDir fdDir(PR_OpenDir(basePath));
+  if (!fdDir) {
+    PrintPRError("PR_OpenDir failed");
+    return SECFailure;
+  }
+  // On the B2G ICS emulator, operations taken in AddCertificateFromFile
+  // appear to interact poorly with readdir (more specifically, something is
+  // causing readdir to never return null - it indefinitely loops through every
+  // file in the directory, which causes timeouts). Rather than waste more time
+  // chasing this down, loading certificates and keys happens in two phases:
+  // filename collection and then loading. (This is probably a good
+  // idea anyway because readdir isn't reentrant. Something could change later
+  // such that it gets called as a result of calling AddCertificateFromFile or
+  // AddKeyFromFile.)
+  std::vector<std::string> certificates;
+  std::vector<std::string> keys;
+  for (PRDirEntry* dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH); dirEntry;
+       dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH)) {
+    size_t nameLength = strlen(dirEntry->name);
+    if (nameLength > 4) {
+      if (strncmp(dirEntry->name + nameLength - 4, ".pem", 4) == 0) {
+        certificates.push_back(dirEntry->name);
+      } else if (strncmp(dirEntry->name + nameLength - 4, ".key", 4) == 0) {
+        keys.push_back(dirEntry->name);
+      }
+    }
+  }
+  SECStatus rv;
+  for (std::string& certificate : certificates) {
+    rv = AddCertificateFromFile(basePath, certificate.c_str());
+    if (rv != SECSuccess) {
+      return rv;
+    }
+  }
+  for (std::string& key : keys) {
+    rv = AddKeyFromFile(basePath, key.c_str());
+    if (rv != SECSuccess) {
+      return rv;
+    }
+  }
+  return SECSuccess;
+}
+
+SECStatus
+InitializeNSS(const char* nssCertDBDir)
+{
+  // Try initializing an existing DB.
+  if (NSS_Init(nssCertDBDir) == SECSuccess) {
+    return SECSuccess;
+  }
+
+  // Create a new DB if there is none...
+  SECStatus rv = NSS_Initialize(nssCertDBDir, nullptr, nullptr, nullptr, 0);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+
+  // ...and load all certificates into it.
+  return LoadCertificatesAndKeys(nssCertDBDir);
+}
+
+nsresult
+SendAll(PRFileDesc *aSocket, const char *aData, size_t aDataLen)
+{
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "sending '%s'\n", aData);
+  }
+
+  while (aDataLen > 0) {
+    int32_t bytesSent = PR_Send(aSocket, aData, aDataLen, 0,
+                                PR_INTERVAL_NO_TIMEOUT);
+    if (bytesSent == -1) {
+      PrintPRError("PR_Send failed");
+      return NS_ERROR_FAILURE;
+    }
+
+    aDataLen -= bytesSent;
+    aData += bytesSent;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+ReplyToRequest(Connection *aConn)
+{
+  // For debugging purposes, SendAll can print out what it's sending.
+  // So, any strings we give to it to send need to be null-terminated.
+  char buf[2] = { aConn->mByte, 0 };
+  return SendAll(aConn->mSocket, buf, 1);
+}
+
+nsresult
+SetupTLS(Connection *aConn, PRFileDesc *aModelSocket)
+{
+  PRFileDesc *sslSocket = SSL_ImportFD(aModelSocket, aConn->mSocket);
+  if (!sslSocket) {
+    PrintPRError("SSL_ImportFD failed");
+    return NS_ERROR_FAILURE;
+  }
+  aConn->mSocket = sslSocket;
+
+  SSL_OptionSet(sslSocket, SSL_SECURITY, true);
+  SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, false);
+  SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, true);
+
+  SSL_ResetHandshake(sslSocket, /* asServer */ 1);
+
+  return NS_OK;
+}
+
+nsresult
+ReadRequest(Connection *aConn)
+{
+  int32_t bytesRead = PR_Recv(aConn->mSocket, &aConn->mByte, 1, 0,
+                              PR_INTERVAL_NO_TIMEOUT);
+  if (bytesRead < 0) {
+    PrintPRError("PR_Recv failed");
+    return NS_ERROR_FAILURE;
+  } else if (bytesRead == 0) {
+    PR_SetError(PR_IO_ERROR, 0);
+    PrintPRError("PR_Recv EOF in ReadRequest");
+    return NS_ERROR_FAILURE;
+  } else {
+    if (gDebugLevel >= DEBUG_VERBOSE) {
+      fprintf(stderr, "read '0x%hhx'\n", aConn->mByte);
+    }
+  }
+  return NS_OK;
+}
+
+void
+HandleConnection(PRFileDesc* aSocket, const UniquePRFileDesc& aModelSocket)
+{
+  Connection conn(aSocket);
+  nsresult rv = SetupTLS(&conn, aModelSocket.get());
+  if (NS_FAILED(rv)) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    PrintPRError("PR_Recv failed");
+    exit(1);
+  }
+
+  // TODO: On tests that are expected to fail (e.g. due to a revoked
+  // certificate), the client will close the connection wtihout sending us the
+  // request byte. In those cases, we should keep going. But, in the cases
+  // where the connection is supposed to suceed, we should verify that we
+  // successfully receive the request and send the response.
+  rv = ReadRequest(&conn);
+  if (NS_SUCCEEDED(rv)) {
+    rv = ReplyToRequest(&conn);
+  }
+}
+
+// returns 0 on success, non-zero on error
+int
+DoCallback()
+{
+  UniquePRFileDesc socket(PR_NewTCPSocket());
+  if (!socket) {
+    PrintPRError("PR_NewTCPSocket failed");
+    return 1;
+  }
+
+  PRNetAddr addr;
+  PR_InitializeNetAddr(PR_IpAddrLoopback, gCallbackPort, &addr);
+  if (PR_Connect(socket.get(), &addr, PR_INTERVAL_NO_TIMEOUT) != PR_SUCCESS) {
+    PrintPRError("PR_Connect failed");
+    return 1;
+  }
+
+  const char *request = "GET / HTTP/1.0\r\n\r\n";
+  SendAll(socket.get(), request, strlen(request));
+  char buf[4096];
+  memset(buf, 0, sizeof(buf));
+  int32_t bytesRead = PR_Recv(socket.get(), buf, sizeof(buf) - 1, 0,
+                              PR_INTERVAL_NO_TIMEOUT);
+  if (bytesRead < 0) {
+    PrintPRError("PR_Recv failed 1");
+    return 1;
+  }
+  if (bytesRead == 0) {
+    fprintf(stderr, "PR_Recv eof 1\n");
+    return 1;
+  }
+  fprintf(stderr, "%s\n", buf);
+  return 0;
+}
+
+SECStatus
+ConfigSecureServerWithNamedCert(PRFileDesc* fd, const char* certName,
+                                /*optional*/ UniqueCERTCertificate* certOut,
+                                /*optional*/ SSLKEAType* keaOut)
+{
+  UniqueCERTCertificate cert(PK11_FindCertFromNickname(certName, nullptr));
+  if (!cert) {
+    PrintPRError("PK11_FindCertFromNickname failed");
+    return SECFailure;
+  }
+  // If an intermediate certificate issued the server certificate (rather than
+  // directly by a trust anchor), we want to send it along in the handshake so
+  // we don't encounter unknown issuer errors when that's not what we're
+  // testing.
+  UniqueCERTCertificateList certList;
+  UniqueCERTCertificate issuerCert(
+    CERT_FindCertByName(CERT_GetDefaultCertDB(), &cert->derIssuer));
+  // If we can't find the issuer cert, continue without it.
+  if (issuerCert) {
+    // Sadly, CERTCertificateList does not have a CERT_NewCertificateList
+    // utility function, so we must create it ourselves. This consists
+    // of creating an arena, allocating space for the CERTCertificateList,
+    // and then transferring ownership of the arena to that list.
+    UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+    if (!arena) {
+      PrintPRError("PORT_NewArena failed");
+      return SECFailure;
+    }
+    certList.reset(static_cast<CERTCertificateList*>(
+      PORT_ArenaAlloc(arena.get(), sizeof(CERTCertificateList))));
+    if (!certList) {
+      PrintPRError("PORT_ArenaAlloc failed");
+      return SECFailure;
+    }
+    certList->arena = arena.release();
+    // We also have to manually copy the certificates we care about to the
+    // list, because there aren't any utility functions for that either.
+    certList->certs = static_cast<SECItem*>(
+      PORT_ArenaAlloc(certList->arena, 2 * sizeof(SECItem)));
+    if (SECITEM_CopyItem(certList->arena, certList->certs, &cert->derCert)
+          != SECSuccess) {
+      PrintPRError("SECITEM_CopyItem failed");
+      return SECFailure;
+    }
+    if (SECITEM_CopyItem(certList->arena, certList->certs + 1,
+                         &issuerCert->derCert) != SECSuccess) {
+      PrintPRError("SECITEM_CopyItem failed");
+      return SECFailure;
+    }
+    certList->len = 2;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  UniqueSECKEYPrivateKey key(
+    PK11_FindKeyByDERCert(slot.get(), cert.get(), nullptr));
+  if (!key) {
+    PrintPRError("PK11_FindKeyByDERCert failed");
+    return SECFailure;
+  }
+
+  SSLKEAType certKEA = NSS_FindCertKEAType(cert.get());
+
+  if (SSL_ConfigSecureServerWithCertChain(fd, cert.get(), certList.get(),
+                                          key.get(), certKEA) != SECSuccess) {
+    PrintPRError("SSL_ConfigSecureServer failed");
+    return SECFailure;
+  }
+
+  if (certOut) {
+    *certOut = Move(cert);
+  }
+
+  if (keaOut) {
+    *keaOut = certKEA;
+  }
+
+  SSL_OptionSet(fd, SSL_NO_CACHE, false);
+  SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, true);
+
+  return SECSuccess;
+}
+
+int
+StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig,
+            void *sniSocketConfigArg)
+{
+  const char *debugLevel = PR_GetEnv("MOZ_TLS_SERVER_DEBUG_LEVEL");
+  if (debugLevel) {
+    int level = atoi(debugLevel);
+    switch (level) {
+      case DEBUG_ERRORS: gDebugLevel = DEBUG_ERRORS; break;
+      case DEBUG_WARNINGS: gDebugLevel = DEBUG_WARNINGS; break;
+      case DEBUG_VERBOSE: gDebugLevel = DEBUG_VERBOSE; break;
+      default:
+        PrintPRError("invalid MOZ_TLS_SERVER_DEBUG_LEVEL");
+        return 1;
+    }
+  }
+
+  const char *callbackPort = PR_GetEnv("MOZ_TLS_SERVER_CALLBACK_PORT");
+  if (callbackPort) {
+    gCallbackPort = atoi(callbackPort);
+  }
+
+  if (InitializeNSS(nssCertDBDir) != SECSuccess) {
+    PR_fprintf(PR_STDERR, "InitializeNSS failed");
+    return 1;
+  }
+
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    PrintPRError("NSS_SetDomesticPolicy failed");
+    return 1;
+  }
+
+  if (SSL_ConfigServerSessionIDCache(0, 0, 0, nullptr) != SECSuccess) {
+    PrintPRError("SSL_ConfigServerSessionIDCache failed");
+    return 1;
+  }
+
+  UniquePRFileDesc serverSocket(PR_NewTCPSocket());
+  if (!serverSocket) {
+    PrintPRError("PR_NewTCPSocket failed");
+    return 1;
+  }
+
+  PRSocketOptionData socketOption;
+  socketOption.option = PR_SockOpt_Reuseaddr;
+  socketOption.value.reuse_addr = true;
+  PR_SetSocketOption(serverSocket.get(), &socketOption);
+
+  PRNetAddr serverAddr;
+  PR_InitializeNetAddr(PR_IpAddrLoopback, LISTEN_PORT, &serverAddr);
+  if (PR_Bind(serverSocket.get(), &serverAddr) != PR_SUCCESS) {
+    PrintPRError("PR_Bind failed");
+    return 1;
+  }
+
+  if (PR_Listen(serverSocket.get(), 1) != PR_SUCCESS) {
+    PrintPRError("PR_Listen failed");
+    return 1;
+  }
+
+  UniquePRFileDesc rawModelSocket(PR_NewTCPSocket());
+  if (!rawModelSocket) {
+    PrintPRError("PR_NewTCPSocket failed for rawModelSocket");
+    return 1;
+  }
+
+  UniquePRFileDesc modelSocket(SSL_ImportFD(nullptr, rawModelSocket.release()));
+  if (!modelSocket) {
+    PrintPRError("SSL_ImportFD of rawModelSocket failed");
+    return 1;
+  }
+
+  if (SSL_SNISocketConfigHook(modelSocket.get(), sniSocketConfig,
+                              sniSocketConfigArg) != SECSuccess) {
+    PrintPRError("SSL_SNISocketConfigHook failed");
+    return 1;
+  }
+
+  // We have to configure the server with a certificate, but it's not one
+  // we're actually going to end up using. In the SNI callback, we pick
+  // the right certificate for the connection.
+  if (ConfigSecureServerWithNamedCert(modelSocket.get(), DEFAULT_CERT_NICKNAME,
+                                      nullptr, nullptr) != SECSuccess) {
+    return 1;
+  }
+
+  if (gCallbackPort != 0) {
+    if (DoCallback()) {
+      return 1;
+    }
+  }
+
+  while (true) {
+    PRNetAddr clientAddr;
+    PRFileDesc* clientSocket = PR_Accept(serverSocket.get(), &clientAddr,
+                                         PR_INTERVAL_NO_TIMEOUT);
+    HandleConnection(clientSocket, modelSocket);
+  }
+
+  return 0;
+}
+
+} } // namespace mozilla::test
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
new file mode 100644
index 000000000..f1dc1569a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
@@ -0,0 +1,89 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef TLSServer_h
+#define TLSServer_h
+
+// This is a standalone server for testing SSL features of Gecko.
+// The client is expected to connect and initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to). If all is good, the client then
+// sends one encrypted byte and receives that same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdint.h>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "prio.h"
+#include "secerr.h"
+#include "ssl.h"
+
+namespace mozilla {
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRDir, PRDir, PR_CloseDir);
+
+} // namespace mozilla
+
+namespace mozilla { namespace test {
+
+enum DebugLevel
+{
+  DEBUG_ERRORS = 1,
+  DEBUG_WARNINGS  = 2,
+  DEBUG_VERBOSE = 3
+};
+
+extern DebugLevel gDebugLevel;
+
+void PrintPRError(const char *aPrefix);
+
+// The default certificate is trusted for localhost and *.example.com
+extern const char DEFAULT_CERT_NICKNAME[];
+
+// Pass DEFAULT_CERT_NICKNAME as certName unless you need a specific
+// certificate.
+SECStatus
+ConfigSecureServerWithNamedCert(PRFileDesc* fd, const char* certName,
+                                /*optional*/ UniqueCERTCertificate* cert,
+                                /*optional*/ SSLKEAType* kea);
+
+SECStatus
+InitializeNSS(const char* nssCertDBDir);
+
+int
+StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig,
+            void *sniSocketConfigArg);
+
+template <typename Host>
+inline const Host *
+GetHostForSNI(const SECItem *aSrvNameArr, uint32_t aSrvNameArrSize,
+              const Host *hosts)
+{
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    for (const Host *host = hosts; host->mHostName; ++host) {
+      SECItem hostName;
+      hostName.data = BitwiseCast<unsigned char*, const char*>(host->mHostName);
+      hostName.len = strlen(host->mHostName);
+      if (SECITEM_ItemsAreEqual(&hostName, &aSrvNameArr[i])) {
+        if (gDebugLevel >= DEBUG_VERBOSE) {
+          fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+        }
+        return host;
+      }
+    }
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "could not find host info from SNI\n");
+  }
+
+  PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+  return nullptr;
+}
+
+} } // namespace mozilla::test
+
+#endif // TLSServer_h
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/moz.build b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
new file mode 100644
index 000000000..5b28e4a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+UNIFIED_SOURCES += [
+    'OCSPCommon.cpp',
+    'TLSServer.cpp',
+]
+
+LOCAL_INCLUDES += [
+    '../../../../../../pkix/include',
+    '../../../../../../pkix/test/lib',
+]
+
+Library('tlsserver')
diff --git a/security/manager/ssl/tests/unit/tlsserver/moz.build b/security/manager/ssl/tests/unit/tlsserver/moz.build
new file mode 100644
index 000000000..96fb65d06
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/moz.build
@@ -0,0 +1,8 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# lib must be first, because cmd depends on its output
+DIRS += ['lib', 'cmd']
diff --git a/security/manager/ssl/tests/unit/xpcshell-smartcards.ini b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini
new file mode 100644
index 000000000..df099b746
--- /dev/null
+++ b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini
@@ -0,0 +1,14 @@
+[DEFAULT]
+head = head_psm.js
+tail =
+tags = psm
+skip-if = toolkit == 'android'
+support-files =
+
+[test_pkcs11_insert_remove.js]
+[test_pkcs11_module.js]
+[test_pkcs11_no_events_after_removal.js]
+[test_pkcs11_safe_mode.js]
+[test_pkcs11_slot.js]
+[test_pkcs11_token.js]
+[test_pkcs11_tokenDB.js]
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini
new file mode 100644
index 000000000..b2f3de420
--- /dev/null
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -0,0 +1,149 @@
+[DEFAULT]
+head = head_psm.js
+tail =
+tags = psm
+support-files =
+  bad_certs/**
+  ocsp_certs/**
+  test_baseline_requirements/**
+  test_cert_eku/**
+  test_cert_embedded_null/**
+  test_cert_isBuiltInRoot_reload/**
+  test_cert_keyUsage/**
+  test_cert_sha1/**
+  test_cert_signatures/**
+  test_cert_trust/**
+  test_cert_version/**
+  test_certDB_import/**
+  test_certviewer_invalid_oids/**
+  test_content_signing/**
+  test_ev_certs/**
+  test_getchain/**
+  test_intermediate_basic_usage_constraints/**
+  test_keysize/**
+  test_keysize_ev/**
+  test_name_constraints/**
+  test_ocsp_fetch_method/**
+  test_ocsp_url/**
+  test_onecrl/**
+  test_pinning_dynamic/**
+  test_signed_apps/**
+  test_signed_dir/**
+  test_startcom_wosign/**
+  test_validity/**
+  tlsserver/**
+
+[test_add_preexisting_cert.js]
+[test_baseline_requirements_subject_common_name.js]
+[test_cert_blocklist.js]
+tags = addons psm
+[test_cert_chains.js]
+run-sequentially = hardcoded ports
+[test_cert_dbKey.js]
+[test_cert_eku.js]
+[test_cert_embedded_null.js]
+[test_cert_keyUsage.js]
+[test_cert_isBuiltInRoot.js]
+[test_cert_isBuiltInRoot_reload.js]
+[test_cert_overrides.js]
+run-sequentially = hardcoded ports
+[test_cert_override_bits_mismatches.js]
+run-sequentially = hardcoded ports
+[test_cert_sha1.js]
+[test_cert_signatures.js]
+[test_cert_trust.js]
+[test_cert_version.js]
+[test_certDB_import.js]
+[test_certDB_import_pkcs12.js]
+[test_certviewer_invalid_oids.js]
+skip-if = toolkit == 'android'
+[test_constructX509FromBase64.js]
+[test_content_signing.js]
+[test_datasignatureverifier.js]
+[test_der.js]
+[test_enterprise_roots.js]
+skip-if = os != 'win' # tests a Windows-specific feature
+[test_ev_certs.js]
+run-sequentially = hardcoded ports
+[test_forget_about_site_security_headers.js]
+skip-if = toolkit == 'android'
+[test_getchain.js]
+[test_hash_algorithms.js]
+[test_hash_algorithms_wrap.js]
+# bug 1124289 - run_test_in_child violates the sandbox on android
+skip-if = toolkit == 'android'
+[test_hmac.js]
+[test_intermediate_basic_usage_constraints.js]
+[test_js_cert_override_service.js]
+run-sequentially = hardcoded ports
+[test_keysize.js]
+[test_keysize_ev.js]
+run-sequentially = hardcoded ports
+[test_local_cert.js]
+[test_logoutAndTeardown.js]
+run-sequentially = hardcoded ports
+[test_name_constraints.js]
+[test_nsCertType.js]
+run-sequentially = hardcoded ports
+[test_nsIX509Cert_utf8.js]
+[test_nsIX509CertValidity.js]
+[test_nss_shutdown.js]
+[test_ocsp_caching.js]
+run-sequentially = hardcoded ports
+[test_ocsp_enabled_pref.js]
+run-sequentially = hardcoded ports
+[test_ocsp_fetch_method.js]
+run-sequentially = hardcoded ports
+[test_ocsp_must_staple.js]
+run-sequentially = hardcoded ports
+[test_ocsp_no_hsts_upgrade.js]
+run-sequentially = hardcoded ports
+[test_ocsp_required.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling_expired.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling_with_intermediate.js]
+run-sequentially = hardcoded ports
+[test_ocsp_timeout.js]
+run-sequentially = hardcoded ports
+[test_ocsp_url.js]
+run-sequentially = hardcoded ports
+[test_password_prompt.js]
+[test_pinning.js]
+run-sequentially = hardcoded ports
+# This test can take longer than 300 seconds on B2G emulator debug builds, so
+# give it enough time to finish. See bug 1081128.
+requesttimeoutfactor = 2
+[test_pinning_dynamic.js]
+[test_pinning_header_parsing.js]
+[test_sdr.js]
+[test_session_resumption.js]
+run-sequentially = hardcoded ports
+[test_signed_apps.js]
+[test_signed_apps-marketplace.js]
+[test_signed_dir.js]
+tags = addons psm
+[test_sss_eviction.js]
+[test_sss_readstate.js]
+[test_sss_readstate_child.js]
+support-files = sss_readstate_child_worker.js
+# bug 1124289 - run_test_in_child violates the sandbox on android
+skip-if = toolkit == 'android'
+[test_sss_readstate_empty.js]
+[test_sss_readstate_garbage.js]
+[test_sss_readstate_huge.js]
+[test_sss_savestate.js]
+[test_startcom_wosign.js]
+[test_sts_fqdn.js]
+[test_sts_holepunch.js]
+[test_sts_ipv4_ipv6.js]
+[test_sts_preloadlist_perwindowpb.js]
+[test_sts_preloadlist_selfdestruct.js]
+[test_validity.js]
+run-sequentially = hardcoded ports
+[test_x509.js]
+
+# The TLS error reporting functionality lives in /toolkit but needs tlsserver
+[test_toolkit_securityreporter.js]
diff --git a/security/manager/tools/.eslintrc.js b/security/manager/tools/.eslintrc.js
new file mode 100644
index 000000000..49de9eadd
--- /dev/null
+++ b/security/manager/tools/.eslintrc.js
@@ -0,0 +1,9 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "globals": {
+    // JS files in this folder are commonly xpcshell scripts where |arguments|
+    // is defined in the global scope.
+    "arguments": false
+  }
+};
diff --git a/security/manager/tools/KnownRootHashes.json b/security/manager/tools/KnownRootHashes.json
new file mode 100644
index 000000000..81adeb653
--- /dev/null
+++ b/security/manager/tools/KnownRootHashes.json
@@ -0,0 +1,949 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+//
+//***************************************************************************
+// This is an automatically generated file. It's used to maintain state for
+// runs of genRootCAHashes.js; you should never need to manually edit it
+//***************************************************************************
+
+{
+  "roots": [
+    {
+      "label": "GTE_CyberTrust_Global_Root",
+      "binNumber": 1,
+      "sha256Fingerprint": "pTElGI0hEKqWSwLHt8baMgMXCJTl+3H/+2Zn1eaBCjY="
+    },
+    {
+      "label": "Thawte_Server_CA",
+      "binNumber": 2,
+      "sha256Fingerprint": "tEELc+Lm6spH+8Qvj6QBivQ4HcVM+qhEUEYe7QlFTek="
+    },
+    {
+      "label": "Thawte_Premium_Server_CA",
+      "binNumber": 3,
+      "sha256Fingerprint": "q3A2NlxxVKopwsKfXUGRFjsWKiIlARNX1W0H/6e8H3I="
+    },
+    {
+      "label": "OU_Equifax_Secure_Certificate_Authority_O_Equifax_C_US",
+      "binNumber": 4,
+      "sha256Fingerprint": "CCl6QEfbojaAxzHbbjF2U8p4SOG+vToLAXmnB/ks8Xg="
+    },
+    {
+      "label": "OU_VeriSign_Trust_Network_OU___c__1998_VeriSign__Inc____For_authorized_use_only__OU_Class_3_Public_Primary_Certification_Authority___G2_O__VeriSign__Inc___C_US",
+      "binNumber": 5,
+      "sha256Fingerprint": "g848Eiloilk9SF+BlzwPkZVDHto3zF42Qw55x6iIY4s="
+    },
+    {
+      "label": "GlobalSign_Root_CA",
+      "binNumber": 6,
+      "sha256Fingerprint": "69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 7,
+      "sha256Fingerprint": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54="
+    },
+    {
+      "label": "VeriSign_Class_3_Public_Primary_Certification_Authority___G3",
+      "binNumber": 8,
+      "sha256Fingerprint": "6wTPXrHzmvp2LyuxIPKWy6Ugwbl9sViVZbgcuaF7ckQ="
+    },
+    {
+      "label": "VeriSign_Class_4_Public_Primary_Certification_Authority___G3",
+      "binNumber": 9,
+      "sha256Fingerprint": "44k2DQ/brrPSUFhLRzAxTiIvOcFWoCAUTo2WBWF5FQY="
+    },
+    {
+      "label": "Entrust_net_Certification_Authority__2048_",
+      "binNumber": 10,
+      "sha256Fingerprint": "bcRxcuAcvLC/YlgNiV/iuKya1PhzgB4MELnIN9IesXc="
+    },
+    {
+      "label": "Baltimore_CyberTrust_Root",
+      "binNumber": 11,
+      "sha256Fingerprint": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus="
+    },
+    {
+      "label": "Equifax_Secure_Global_eBusiness_CA_1",
+      "binNumber": 12,
+      "sha256Fingerprint": "Xwti6rXjU+plIWUWWPu2U1n0QygKSvvRBNd9EPnwTAc="
+    },
+    {
+      "label": "Equifax_Secure_eBusiness_CA_1",
+      "binNumber": 13,
+      "sha256Fingerprint": "z1b/RqShhhCd2WWEte61ilEMQnWw5flPQLuuhl4Z9nM="
+    },
+    {
+      "label": "AddTrust_Class_1_CA_Root",
+      "binNumber": 14,
+      "sha256Fingerprint": "jHIJJ5rATideFtB/07d16AFUtZaARuMfUt0ldmMk6ac="
+    },
+    {
+      "label": "AddTrust_External_CA_Root",
+      "binNumber": 15,
+      "sha256Fingerprint": "aH+kUTgieP/wyLEfjUPVdmccbrK86rQT+4PZZdBtL/I="
+    },
+    {
+      "label": "AddTrust_Public_CA_Root",
+      "binNumber": 16,
+      "sha256Fingerprint": "B5HKB0myB4Kq08fXvQzfyUhYNYQ+steZYAnOQ6tsaSc="
+    },
+    {
+      "label": "AddTrust_Qualified_CA_Root",
+      "binNumber": 17,
+      "sha256Fingerprint": "gJUhCAXbS7w1XkQo2P1uws3jq1+5eplCmI649NzQYBY="
+    },
+    {
+      "label": "Entrust_Root_Certification_Authority",
+      "binNumber": 18,
+      "sha256Fingerprint": "c8F2Q08bxtWt9FsOducnKHyN5XYWwebmFBorLLx9jkw="
+    },
+    {
+      "label": "OU_RSA_Security_2048_V3_O_RSA_Security_Inc",
+      "binNumber": 19,
+      "sha256Fingerprint": "r4tnYqHlKCKBYaldXFWe4mYnj3XXnoMBiaUDUGq9a0w="
+    },
+    {
+      "label": "GeoTrust_Global_CA",
+      "binNumber": 20,
+      "sha256Fingerprint": "/4VqLSUdzYjTZlb0UBJnmM+rqt5AeZxyLeTStds2pzo="
+    },
+    {
+      "label": "GeoTrust_Global_CA_2",
+      "binNumber": 21,
+      "sha256Fingerprint": "yi2CoIZ3By+KtnZP8DVnbP4+XjJeASFy3z+SCW23m4U="
+    },
+    {
+      "label": "GeoTrust_Universal_CA",
+      "binNumber": 22,
+      "sha256Fingerprint": "oEWbn2OyJVn1+l1MbbP59y/xk0IDNXjwc78dG0bLuRI="
+    },
+    {
+      "label": "GeoTrust_Universal_CA_2",
+      "binNumber": 23,
+      "sha256Fingerprint": "oCNPO8hSfKVijuyBrV1piV2laA3JHRy4R38z+Hi5Wws="
+    },
+    {
+      "label": "America_Online_Root_Certification_Authority_1",
+      "binNumber": 24,
+      "sha256Fingerprint": "d0BzEsY6FT1bwAtOUXWc39rCN9wqM7Z5RumOm/poCuM="
+    },
+    {
+      "label": "America_Online_Root_Certification_Authority_2",
+      "binNumber": 25,
+      "sha256Fingerprint": "fTtGWmAU5SbAr/zuISfSMRcnrYEcJoQtAGrzcwbMgL0="
+    },
+    {
+      "label": "Visa_eCommerce_Root",
+      "binNumber": 26,
+      "sha256Fingerprint": "afrJvVX7CseNU7vuXPHVl5if0KqrIKJRUb3xcz7n0SI="
+    },
+    {
+      "label": "Certum_CA",
+      "binNumber": 27,
+      "sha256Fingerprint": "2OD+vB2y440AlA830n1BNE2ZPnNLmdVlbZd41NgUNiQ="
+    },
+    {
+      "label": "AAA_Certificate_Services",
+      "binNumber": 28,
+      "sha256Fingerprint": "16eg+11+JzHXcelITrze9x1fDD4KKUh4K8g+4OppnvQ="
+    },
+    {
+      "label": "Secure_Certificate_Services",
+      "binNumber": 29,
+      "sha256Fingerprint": "vYHOO09lkdEaZ7X8ekf97yVSG/mqThi5498uNKeAO+g="
+    },
+    {
+      "label": "Trusted_Certificate_Services",
+      "binNumber": 30,
+      "sha256Fingerprint": "PwblVoHUlvW+Fp61OJ+fK4/2HhcI32iBckhJzV0ny2k="
+    },
+    {
+      "label": "QuoVadis_Root_Certification_Authority",
+      "binNumber": 31,
+      "sha256Fingerprint": "pF7eO7vwnIrhXHLvwHJo1pOiHJlv1R5nygeUYP1tiHM="
+    },
+    {
+      "label": "QuoVadis_Root_CA_2",
+      "binNumber": 32,
+      "sha256Fingerprint": "haDdfdcgrbf/Bfg9VCsgncf/RSj31nexg4n+peXEnoY="
+    },
+    {
+      "label": "QuoVadis_Root_CA_3",
+      "binNumber": 33,
+      "sha256Fingerprint": "GPH8fyBd+K3d63/gB91X4683WpxNjXNUa/Tx/tHhjTU="
+    },
+    {
+      "label": "OU_Security_Communication_RootCA1_O_SECOM_Trust_net_C_JP",
+      "binNumber": 34,
+      "sha256Fingerprint": "515y7Z9WDuxutIAAc6Q/w60ZGVo5IoIBeJWXSpkCa2w="
+    },
+    {
+      "label": "Sonera_Class2_CA",
+      "binNumber": 35,
+      "sha256Fingerprint": "eQi0AxTBOBALUY0HNYB/+/z4UYoAlTNxBbo4axU92Sc="
+    },
+    {
+      "label": "Staat_der_Nederlanden_Root_CA",
+      "binNumber": 36,
+      "sha256Fingerprint": "1B2CnowWWYIq+T/OYr/83iZPyE6LlQxf8nXQUjVGlaM="
+    },
+    {
+      "label": "UTN___DATACorp_SGC",
+      "binNumber": 37,
+      "sha256Fingerprint": "hfsvkd0SJ1oBRbY2U0+EAkrWi2m47ohoT/cRN1gFs0g="
+    },
+    {
+      "label": "UTN_USERFirst_Hardware",
+      "binNumber": 38,
+      "sha256Fingerprint": "bqVHQdAEZn7tG0gWY0qjp55uS5aVD4J52vyNm9iBITc="
+    },
+    {
+      "label": "Chambers_of_Commerce_Root",
+      "binNumber": 39,
+      "sha256Fingerprint": "DCWKEqVnSu8l8oun3Prs7qNI5UHm9cxO5jtxs2FgasM="
+    },
+    {
+      "label": "Global_Chambersign_Root",
+      "binNumber": 40,
+      "sha256Fingerprint": "7zy0F/yOv2+Xh2yeTs453h6l/mSRQdECi30RwLIpjO0="
+    },
+    {
+      "label": "NetLock_Kozjegyzoi__Class_A__Tanusitvanykiado",
+      "binNumber": 41,
+      "sha256Fingerprint": "fxLNX35eKQ7H2FF51bcsIKW+dQj/21v4GrloSn/J9mc="
+    },
+    {
+      "label": "XRamp_Global_Certification_Authority",
+      "binNumber": 42,
+      "sha256Fingerprint": "zs3ckFCZ2NrfxbHSCbc3y+LBjPssEMD/C88NMob8GqI="
+    },
+    {
+      "label": "OU_Go_Daddy_Class_2_Certification_Authority_O__The_Go_Daddy_Group__Inc___C_US",
+      "binNumber": 43,
+      "sha256Fingerprint": "w4Rr8kuek8pkJ0wOxnwezF4CT/ys0tdAGTUOgf5UauQ="
+    },
+    {
+      "label": "OU_Starfield_Class_2_Certification_Authority_O__Starfield_Technologies__Inc___C_US",
+      "binNumber": 44,
+      "sha256Fingerprint": "FGX6IFOXuHb6pvCplY5VkOQPzH+qT7fCyGd1Iftftlg="
+    },
+    {
+      "label": "StartCom_Certification_Authority",
+      "binNumber": 45,
+      "sha256Fingerprint": "x2apvvLUBxyGOjGqSSDoE7LRmGCMt7fP4hFDuDbfCeo="
+    },
+    {
+      "label": "O_Government_Root_Certification_Authority_C_TW",
+      "binNumber": 46,
+      "sha256Fingerprint": "dgApXu/oW54f1iTbdgYqqq5ZgYpU0ndM1MCywBEx4bM="
+    },
+    {
+      "label": "Swisscom_Root_CA_1",
+      "binNumber": 47,
+      "sha256Fingerprint": "IdsgEjZguy7UGCBdoR7nqFpl4rxuVbWvfniZyKJm2S4="
+    },
+    {
+      "label": "DigiCert_Assured_ID_Root_CA",
+      "binNumber": 48,
+      "sha256Fingerprint": "PpCZtQFej0hsALzqnREe5yH6ujVaibzx32lWHj3GMlw="
+    },
+    {
+      "label": "DigiCert_Global_Root_CA",
+      "binNumber": 49,
+      "sha256Fingerprint": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE="
+    },
+    {
+      "label": "DigiCert_High_Assurance_EV_Root_CA",
+      "binNumber": 50,
+      "sha256Fingerprint": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8="
+    },
+    {
+      "label": "Class_2_Primary_CA",
+      "binNumber": 51,
+      "sha256Fingerprint": "D5k8iu+Xuq9WhxQO1ZrRghu0r6zwqppYtdV6M4o6+8s="
+    },
+    {
+      "label": "DST_Root_CA_X3",
+      "binNumber": 52,
+      "sha256Fingerprint": "BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk="
+    },
+    {
+      "label": "DST_ACES_CA_X6",
+      "binNumber": 53,
+      "sha256Fingerprint": "dnyVWnZBLImvaI6QoccPVWz9a2Al2+oQQW1+toMfjEA="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 54,
+      "sha256Fingerprint": "RATjO14UDc+ZgFH9/IAox8gWFcXuc3sRG1iCM6m1NaA="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 55,
+      "sha256Fingerprint": "xHDPVH4jArl3+yndcaiae2wfYHd7Ayn1YBfzKL9Pa+Y="
+    },
+    {
+      "label": "SwissSign_Gold_CA___G2",
+      "binNumber": 56,
+      "sha256Fingerprint": "Yt0L6bn1ChY+oPjnXAU7HspX6lXIaI9kfGiB8sg1e5U="
+    },
+    {
+      "label": "SwissSign_Silver_CA___G2",
+      "binNumber": 57,
+      "sha256Fingerprint": "vmxNoru5ulm285OXaDdCRsPABZk/qY8CDR3tvtSKgdU="
+    },
+    {
+      "label": "GeoTrust_Primary_Certification_Authority",
+      "binNumber": 58,
+      "sha256Fingerprint": "N9UQBsUS6qtiZCHx7IySAT/F+CrpjuUz60YZuN600Gw="
+    },
+    {
+      "label": "thawte_Primary_Root_CA",
+      "binNumber": 59,
+      "sha256Fingerprint": "jXIvganBE8B5HfE2opZtsmyVCpcdtGtBmfTqVLeL+58="
+    },
+    {
+      "label": "VeriSign_Class_3_Public_Primary_Certification_Authority___G5",
+      "binNumber": 60,
+      "sha256Fingerprint": "ms+rfkPI2IDQayYqlN7u5LRlmYnD0Mrxm69kBeQat98="
+    },
+    {
+      "label": "SecureTrust_CA",
+      "binNumber": 61,
+      "sha256Fingerprint": "8cG1CuWiDdgDDsn2vCSCPdNntSVXWbTnG2H86fc3XXM="
+    },
+    {
+      "label": "Secure_Global_CA",
+      "binNumber": 62,
+      "sha256Fingerprint": "QgD1BDrIWQ67Un0gntFQMCn7y9QcobUG7CfxWt59rGk="
+    },
+    {
+      "label": "COMODO_Certification_Authority",
+      "binNumber": 63,
+      "sha256Fingerprint": "DCzWPfeAb6OZ7egJEWtXW/h5ifBlGPmAjIYFAxeLr2Y="
+    },
+    {
+      "label": "Network_Solutions_Certificate_Authority",
+      "binNumber": 64,
+      "sha256Fingerprint": "FfC6AKOsevOsiEwHKxARoHe9d8CX9AFksvhZir2Dhgw="
+    },
+    {
+      "label": "WellsSecure_Public_Root_Certificate_Authority",
+      "binNumber": 65,
+      "sha256Fingerprint": "pxJyrqqjz+hyf3+znw+z0eVCbpBgsG7m8T6aPFgzzUM="
+    },
+    {
+      "label": "COMODO_ECC_Certification_Authority",
+      "binNumber": 66,
+      "sha256Fingerprint": "F5OSegYUVJeJrc4vjzT38LZtDzrjo7hNIewV27pPrcc="
+    },
+    {
+      "label": "IGC_A",
+      "binNumber": 67,
+      "sha256Fingerprint": "ub6nhgqWLqNhHauXq22j4hwQaLl9VVde0OESecEciTI="
+    },
+    {
+      "label": "OU_Security_Communication_EV_RootCA1_O__SECOM_Trust_Systems_CO__LTD___C_JP",
+      "binNumber": 68,
+      "sha256Fingerprint": "oi26aB6XN24tOX1yiq46m2KWuf26YLwuEfZH8sZ1+zc="
+    },
+    {
+      "label": "OISTE_WISeKey_Global_Root_GA_CA",
+      "binNumber": 69,
+      "sha256Fingerprint": "Qckjhmq0yta3rVeAgVguAgeXpsvfT/94zoOWs4k31/U="
+    },
+    {
+      "label": "Microsec_e_Szigno_Root_CA",
+      "binNumber": 70,
+      "sha256Fingerprint": "Mno9dhq63qA065mEBidcsaR3bv2uL99tAWjqHE9VZ9A="
+    },
+    {
+      "label": "Certigna",
+      "binNumber": 71,
+      "sha256Fingerprint": "47ai2y7XzkiEL3rFMkHHtx1UFEv7QMEfPx0LQvXuoS0="
+    },
+    {
+      "label": "TC_TrustCenter_Class_2_CA_II",
+      "binNumber": 72,
+      "sha256Fingerprint": "5rj4dmSF+Aeuf42sFnBGHwfAoT7vOh/3F1ONerrTkbQ="
+    },
+    {
+      "label": "TC_TrustCenter_Class_3_CA_II",
+      "binNumber": 73,
+      "sha256Fingerprint": "jaCE/Pmc4Hci+JsyBZOYBvpcuBHhyBP2oQjH0zazQI4="
+    },
+    {
+      "label": "TC_TrustCenter_Universal_CA_I",
+      "binNumber": 74,
+      "sha256Fingerprint": "6/PAKoeJsft9URmV1mO3KQbZE84NXhBWiop34lhhZ+c="
+    },
+    {
+      "label": "Deutsche_Telekom_Root_CA_2",
+      "binNumber": 75,
+      "sha256Fingerprint": "thkaUNDDl399qZvNqshqIn2uuWeexwujsMnZInHBcNM="
+    },
+    {
+      "label": "ComSign_Secured_CA",
+      "binNumber": 76,
+      "sha256Fingerprint": "UHlBx0RgoLRwhiINTpkyVyq10bW7y4mAqxyxdlGoRNI="
+    },
+    {
+      "label": "Cybertrust_Global_Root",
+      "binNumber": 77,
+      "sha256Fingerprint": "lgrfAGPpY1Z1DCll3QoIZ9oLnL1ud3FK6vsjSas5PaM="
+    },
+    {
+      "label": "OU_ePKI_Root_Certification_Authority_O__Chunghwa_Telecom_Co___Ltd___C_TW",
+      "binNumber": 78,
+      "sha256Fingerprint": "wKb03GOiS/3PVO8qaggqCnLeNYA+L/X/Unrl2HIG39U="
+    },
+    {
+      "label": "T_B_TAK_UEKAE_K_k_Sertifika_Hizmet_Sa_lay_c_s____S_r_m_3",
+      "binNumber": 79,
+      "sha256Fingerprint": "5Mc0MNeltQkl30M3Cg0hbpp5udbbg3Ogxp6xzDHHxSo="
+    },
+    {
+      "label": "Buypass_Class_2_CA_1",
+      "binNumber": 80,
+      "sha256Fingerprint": "D06c3SZLAlVQ0XCAY0AhT+lENMmwL2l+xxD8X+r7Xjg="
+    },
+    {
+      "label": "Buypass_Class_3_CA_1",
+      "binNumber": 81,
+      "sha256Fingerprint": "t7ErFx+CHaqZDND+UIexKESLqOUYT4TFHgK1yPuWKyQ="
+    },
+    {
+      "label": "EBG_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 82,
+      "sha256Fingerprint": "Na5b3dj3rmNc/7pWgqjwC5X0hGLHEI7poOUpKwdKr7I="
+    },
+    {
+      "label": "OU_certSIGN_ROOT_CA_O_certSIGN_C_RO",
+      "binNumber": 83,
+      "sha256Fingerprint": "6qlixPpKa6/r5BUZbTUczYiNT1Pz+orm18RmqU5gQrs="
+    },
+    {
+      "label": "CNNIC_ROOT",
+      "binNumber": 84,
+      "sha256Fingerprint": "4oOTdz2oRaZ58ggMx/tEo7ehw3kst+t3Kf3Lao2Zrqc="
+    },
+    {
+      "label": "OU_ApplicationCA_O_Japanese_Government_C_JP",
+      "binNumber": 85,
+      "sha256Fingerprint": "LUdDfeF5USFaEvPFjlHHKaWAJu8fzApfs9ncAS9gDRk="
+    },
+    {
+      "label": "GeoTrust_Primary_Certification_Authority___G3",
+      "binNumber": 86,
+      "sha256Fingerprint": "tHi4EiUN+HhjXCqn7H0VXqpiXugpFuLNKUNhiGzR+9Q="
+    },
+    {
+      "label": "thawte_Primary_Root_CA___G2",
+      "binNumber": 87,
+      "sha256Fingerprint": "pDENUK8YpkRxkDcqhq+vi5Uf+0Mdg38eVoi0WXHtFVc="
+    },
+    {
+      "label": "thawte_Primary_Root_CA___G3",
+      "binNumber": 88,
+      "sha256Fingerprint": "SwP0WAetcPIb/Cyuccn95GBMBkz1/7aGuuXbqtf900w="
+    },
+    {
+      "label": "GeoTrust_Primary_Certification_Authority___G2",
+      "binNumber": 89,
+      "sha256Fingerprint": "Xtt6xDuCoGqHYejXvkl56/JhH33Xm/kcHGtWaiGe12Y="
+    },
+    {
+      "label": "VeriSign_Universal_Root_Certification_Authority",
+      "binNumber": 90,
+      "sha256Fingerprint": "I5lWESelcSXejO/qYQ3fL6B4tcgGf06CgpC/uGDoSzw="
+    },
+    {
+      "label": "VeriSign_Class_3_Public_Primary_Certification_Authority___G4",
+      "binNumber": 91,
+      "sha256Fingerprint": "ad3X6pC7V8k+E13IXqb81UgLYDI5vcRU/HWLKibPf3k="
+    },
+    {
+      "label": "NetLock_Arany__Class_Gold__F_tan_s_tv_ny",
+      "binNumber": 92,
+      "sha256Fingerprint": "bGHaw6Le8DFQa+A20qb+QBmU+9E9+cjUZlmSdMRG7Jg="
+    },
+    {
+      "label": "Staat_der_Nederlanden_Root_CA___G2",
+      "binNumber": 93,
+      "sha256Fingerprint": "ZoyDlH2mO3JL7OF0PDGg5q7Q247Fsxvjd7t4T5G2cW8="
+    },
+    {
+      "label": "CA_Disig",
+      "binNumber": 94,
+      "sha256Fingerprint": "kr9RGavsytCxMy3E4dBfunW1Z5BE7gyibpMfdE8vM88="
+    },
+    {
+      "label": "Juur_SK",
+      "binNumber": 95,
+      "sha256Fingerprint": "7MPpw0B1A77gkaqVL0E0j/iLqoY7ImS++sgHkBV06Tk="
+    },
+    {
+      "label": "Hongkong_Post_Root_CA_1",
+      "binNumber": 96,
+      "sha256Fingerprint": "+eZ9M2xRACrAVMYyAi1m3aLn4//xCtBh7THYu7QQz7I="
+    },
+    {
+      "label": "SecureSign_RootCA11",
+      "binNumber": 97,
+      "sha256Fingerprint": "vw/u+546WBrV+enbdYmYV0PSYQhcTTFPb11yWapCFhI="
+    },
+    {
+      "label": "ACEDICOM_Root",
+      "binNumber": 98,
+      "sha256Fingerprint": "A5UPtJpTHz4ZkZQjmN+p4Ooy17oc3ZvIXbV+2UALQ0o="
+    },
+    {
+      "label": "Microsec_e_Szigno_Root_CA_2009",
+      "binNumber": 99,
+      "sha256Fingerprint": "PF+B/qX6uCxkv6Lq7K/N6OB3/IYgp8rlNxY9827b83g="
+    },
+    {
+      "label": "e_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi",
+      "binNumber": 100,
+      "sha256Fingerprint": "5gkHhGWkGXgMtqxMHAv7RlPZ2cxus5Rut/PWmZe61Zg="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 101,
+      "sha256Fingerprint": "y7Ui17fxJ61qAROGW98c1BAufQdZr2NafPRyDcljxTs="
+    },
+    {
+      "label": "Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068",
+      "binNumber": 102,
+      "sha256Fingerprint": "BASAKL8fKGTUj5rU2DKUNmqCiFZVPzsUMD+QFH9dQO8="
+    },
+    {
+      "label": "Izenpe_com",
+      "binNumber": 103,
+      "sha256Fingerprint": "JTDMjpgyFQK62W+bH7obCZ4tKZ4PRUi7kU82O8DUUx8="
+    },
+    {
+      "label": "Chambers_of_Commerce_Root___2008",
+      "binNumber": 104,
+      "sha256Fingerprint": "Bj5K+sSR39My8wibhULpRhfYk9f+lE4Qp5N+4p2Wk8A="
+    },
+    {
+      "label": "Global_Chambersign_Root___2008",
+      "binNumber": 105,
+      "sha256Fingerprint": "E2M1Q5M0p2mAFqDTJN5yKE4HnXtSILuPvXR4Fu6+uso="
+    },
+    {
+      "label": "Go_Daddy_Root_Certificate_Authority___G2",
+      "binNumber": 106,
+      "sha256Fingerprint": "RRQLMkfrnMjFtPDXtTCR9zKSCJ5uWmPidJ3TrKkZjto="
+    },
+    {
+      "label": "Starfield_Root_Certificate_Authority___G2",
+      "binNumber": 107,
+      "sha256Fingerprint": "LOHLC/nS+eECmT++IVFSw7LdDKveHGjlMZuDkVTbt/U="
+    },
+    {
+      "label": "Starfield_Services_Root_Certificate_Authority___G2",
+      "binNumber": 108,
+      "sha256Fingerprint": "Vo1pBaLIhwikswJRkO3P7bGXSmBqE8blKQ/LKuY+2rU="
+    },
+    {
+      "label": "AffirmTrust_Commercial",
+      "binNumber": 109,
+      "sha256Fingerprint": "A3arHVTF+YA85LLiAaDufu97V7Y26Kk8m41IYMlvX6c="
+    },
+    {
+      "label": "AffirmTrust_Networking",
+      "binNumber": 110,
+      "sha256Fingerprint": "CoHsWpKXd/FFkErzjV1Qn2a14sWPzbUxBYsOF/PwtBs="
+    },
+    {
+      "label": "AffirmTrust_Premium",
+      "binNumber": 111,
+      "sha256Fingerprint": "cKc/fzdrYAdCSJBFNLEUgtW/DmmOzEmN9SV36/LpO5o="
+    },
+    {
+      "label": "AffirmTrust_Premium_ECC",
+      "binNumber": 112,
+      "sha256Fingerprint": "vXH99tqX5M9i0WR63SWBsH15rfg5frTsupxehIiCFCM="
+    },
+    {
+      "label": "Certum_Trusted_Network_CA",
+      "binNumber": 113,
+      "sha256Fingerprint": "XFhGjVX1jkl+dDmC0rUAELbRZTdKz4On1KMtt2jEQI4="
+    },
+    {
+      "label": "Certinomis___Autorit__Racine",
+      "binNumber": 114,
+      "sha256Fingerprint": "/L/iiGIG9ysnWTyLBwKX4S12ntEO15MHBagJjv/BTRc="
+    },
+    {
+      "label": "Root_CA_Generalitat_Valenciana",
+      "binNumber": 115,
+      "sha256Fingerprint": "jE7f0ENI8yKWnn4ppM1NygBGVQYcFuGwdkIu80KtYw4="
+    },
+    {
+      "label": "A_Trust_nQual_03",
+      "binNumber": 116,
+      "sha256Fingerprint": "eTy/RVm5/eOKsi3xaGn2mIGuFMSwE5rHiKeKGvzKAvs="
+    },
+    {
+      "label": "TWCA_Root_Certification_Authority",
+      "binNumber": 117,
+      "sha256Fingerprint": "v9iP4RAcQa4+gBv4vlY1Dum60aa5vVFe3FxtW4cRrEQ="
+    },
+    {
+      "label": "OU_Security_Communication_RootCA2_O__SECOM_Trust_Systems_CO__LTD___C_JP",
+      "binNumber": 118,
+      "sha256Fingerprint": "UTss7LgQ1M3l3YU5Gt/Gwt1g2Hu3NtK1IUhKpHoOvvY="
+    },
+    {
+      "label": "EC_ACC",
+      "binNumber": 119,
+      "sha256Fingerprint": "iEl/AWAvMVQkauKMTVrvEPHYfrt2Ym9K4Lf5W6eWh5k="
+    },
+    {
+      "label": "Hellenic_Academic_and_Research_Institutions_RootCA_2011",
+      "binNumber": 120,
+      "sha256Fingerprint": "vBBPFaSL5wncpUKn4dS5328FRSfoAuqpLVlURCWK/nE="
+    },
+    {
+      "label": "Actalis_Authentication_Root_CA",
+      "binNumber": 121,
+      "sha256Fingerprint": "VZJghOyWOmS5biq+Ac4LqGpk+/68x6q1r8FVs3/XYGY="
+    },
+    {
+      "label": "OU_Trustis_FPS_Root_CA_O_Trustis_Limited_C_GB",
+      "binNumber": 122,
+      "sha256Fingerprint": "wbSCmaulII/pYwrOVcpooD7aWlGciAKg06Zzvo+OVX0="
+    },
+    {
+      "label": "StartCom_Certification_Authority",
+      "binNumber": 123,
+      "sha256Fingerprint": "4XiQ7gmj+/T0i5xBShfWN7elBkfpvHUjInJ/zBdCqRE="
+    },
+    {
+      "label": "StartCom_Certification_Authority_G2",
+      "binNumber": 124,
+      "sha256Fingerprint": "x7plZ96Tp5iuH6p5HnEtN4+uH5PEOX/qRBu3y+b9WZU="
+    },
+    {
+      "label": "Buypass_Class_2_Root_CA",
+      "binNumber": 125,
+      "sha256Fingerprint": "mhFAJRl8W7ldlOY9Vc1DeQhHtkayPN8RraSgDv8V+0g="
+    },
+    {
+      "label": "Buypass_Class_3_Root_CA",
+      "binNumber": 126,
+      "sha256Fingerprint": "7ffrvKJ6KjhNOHt9QBDGZuLttIQ+TCm0rh1bkzLmsk0="
+    },
+    {
+      "label": "T_TeleSec_GlobalRoot_Class_3",
+      "binNumber": 127,
+      "sha256Fingerprint": "/XPa0xxkT/G0O+8MzdqWcQuc2Ydeyn4xcHrz6W1SK70="
+    },
+    {
+      "label": "EE_Certification_Centre_Root_CA",
+      "binNumber": 128,
+      "sha256Fingerprint": "PoS6Q0KQhRbndXPAmS8JecoITkaFaB/xlcy6iiKbinY="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 129,
+      "sha256Fingerprint": "l4zZZvL6oHunqpUA2cAunXfyza2mrWunSvS5HGZZPFA="
+    },
+    {
+      "label": "D_TRUST_Root_Class_3_CA_2_2009",
+      "binNumber": 130,
+      "sha256Fingerprint": "SeekQqzw6mKHBQBUtSVktlDk9J5C40jWqjjgOelXscE="
+    },
+    {
+      "label": "D_TRUST_Root_Class_3_CA_2_EV_2009",
+      "binNumber": 131,
+      "sha256Fingerprint": "7sVJa5iM6YYluTQJLuwpCL7QsPMWwtRzDITq8fPTSIE="
+    },
+    {
+      "label": "PSCProcert",
+      "binNumber": 132,
+      "sha256Fingerprint": "PPw8FNH2hP8X44xDykQMALln7JM+i/4GTKHXLJDyrbA="
+    },
+    {
+      "label": "China_Internet_Network_Information_Center_EV_Certificates_Root",
+      "binNumber": 133,
+      "sha256Fingerprint": "HAHG9Nuy/vwiVYsryjJWP0mESs/DK3vksP9Zn56Mevc="
+    },
+    {
+      "label": "Swisscom_Root_CA_2",
+      "binNumber": 134,
+      "sha256Fingerprint": "8JsSLHEU9KCb1OpPSpnVWLRuTCXNgRQNKcBWE5FMOEE="
+    },
+    {
+      "label": "Swisscom_Root_EV_CA_2",
+      "binNumber": 135,
+      "sha256Fingerprint": "2V/qPKTu3OdM1251/G0f9ixEHw+ovHfwNLGeXbJYAV0="
+    },
+    {
+      "label": "CA_Disig_Root_R1",
+      "binNumber": 136,
+      "sha256Fingerprint": "+W8j9MPnnAd6RpiNWvWQBnag8DnLZF3RdUmyFsgkQM4="
+    },
+    {
+      "label": "CA_Disig_Root_R2",
+      "binNumber": 137,
+      "sha256Fingerprint": "4j1KA217cOn1lbFCIHnSuR7fux+2UaBjPqqKncX4BwM="
+    },
+    {
+      "label": "ACCVRAIZ1",
+      "binNumber": 138,
+      "sha256Fingerprint": "mm7AEuGn2p2+NBlNR4rXwNsYIvsHHfEpgUlu0QQ4QRM="
+    },
+    {
+      "label": "TWCA_Global_Root_CA",
+      "binNumber": 139,
+      "sha256Fingerprint": "WXaQB/doXQ/NUIcvn5XVdVpbK0V9gfNpK2EKmGcvDhs="
+    },
+    {
+      "label": "TeliaSonera_Root_CA_v1",
+      "binNumber": 140,
+      "sha256Fingerprint": "3Wk2/iH48HfBI6GlIcEiJPciVbc+A6cmBpPooksPo4k="
+    },
+    {
+      "label": "E_Tugra_Certification_Authority",
+      "binNumber": 141,
+      "sha256Fingerprint": "sL/VK7DX2b2Sv11NwT2iVcAsVC83g2XqiTkR9V5V8jw="
+    },
+    {
+      "label": "T_TeleSec_GlobalRoot_Class_2",
+      "binNumber": 142,
+      "sha256Fingerprint": "keL1eI1YEOunulhzfeFUio7KzQFFmLwLFD4EGxcFJVI="
+    },
+    {
+      "label": "Atos_TrustedRoot_2011",
+      "binNumber": 143,
+      "sha256Fingerprint": "81a+okS3qR6zXVPKmteGSs4Bji011fj5bd9opvQapHQ="
+    },
+    {
+      "label": "QuoVadis_Root_CA_1_G3",
+      "binNumber": 144,
+      "sha256Fingerprint": "ioZv0bJ2tX5XjpIcZYKKK+1Y6fLyiAVBNLfx9L/JzHQ="
+    },
+    {
+      "label": "QuoVadis_Root_CA_2_G3",
+      "binNumber": 145,
+      "sha256Fingerprint": "j+T7Cvk6TQ1n2wvrsj43xxvzJdy83SQOoE2vWLR+GEA="
+    },
+    {
+      "label": "QuoVadis_Root_CA_3_G3",
+      "binNumber": 146,
+      "sha256Fingerprint": "iO+B3iAusBhFLkP4ZHJc6l+9H8LZ0gVzBwnF2LhpD0Y="
+    },
+    {
+      "label": "DigiCert_Assured_ID_Root_G2",
+      "binNumber": 147,
+      "sha256Fingerprint": "fQXrtoIzn4yUUe4JTuv++nlToRTtsvRJSUUvq30vwYU="
+    },
+    {
+      "label": "DigiCert_Assured_ID_Root_G3",
+      "binNumber": 148,
+      "sha256Fingerprint": "fjfLi0xHCQyrNlUbpvRduEBoD7oWapUtsQBxf0MFP8I="
+    },
+    {
+      "label": "DigiCert_Global_Root_G2",
+      "binNumber": 149,
+      "sha256Fingerprint": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18="
+    },
+    {
+      "label": "DigiCert_Global_Root_G3",
+      "binNumber": 150,
+      "sha256Fingerprint": "Ma1mSPgQQTjHOPOepDIBMzk+OhjMAilu+Xwqye9nMdA="
+    },
+    {
+      "label": "DigiCert_Trusted_Root_G4",
+      "binNumber": 151,
+      "sha256Fingerprint": "VS973PGnr55s5nIBf08Sq/dyQMeOdhrCA9HZ0grImYg="
+    },
+    {
+      "label": "Certification_Authority_of_WoSign",
+      "binNumber": 152,
+      "sha256Fingerprint": "SyLVpq7JnzzbeapewGg4R5zV7LpxZPfyLcHWX2PYVwg="
+    },
+    {
+      "label": "CA______",
+      "binNumber": 153,
+      "sha256Fingerprint": "1vA0vZSqIz8Cl+ykJFsoOXPkR6pZDzEMd/SP34MRIlQ="
+    },
+    {
+      "label": "COMODO_RSA_Certification_Authority",
+      "binNumber": 154,
+      "sha256Fingerprint": "UvDhxOWOxikpG2AxfwdGcbhdfqgNWwcnNGNTSzK0AjQ="
+    },
+    {
+      "label": "USERTrust_RSA_Certification_Authority",
+      "binNumber": 155,
+      "sha256Fingerprint": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I="
+    },
+    {
+      "label": "USERTrust_ECC_Certification_Authority",
+      "binNumber": 156,
+      "sha256Fingerprint": "T/Rg1Uuchtq/vPxXEuBADSvtP7xNT72qhuBq3NKprXo="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 157,
+      "sha256Fingerprint": "vslJEcKVVnbbbApVCYbXbjugBWZ8RCyXYrT7t3PeIow="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 158,
+      "sha256Fingerprint": "F5+8FIo90A/STqE0WMxDv6f1nIGC14OlE/br7BAMiSQ="
+    },
+    {
+      "label": "Staat_der_Nederlanden_Root_CA___G3",
+      "binNumber": 159,
+      "sha256Fingerprint": "PE+wuVq4swAy9DK4b1Nf4XLBhdD9OYZYN882GH+m9Cg="
+    },
+    {
+      "label": "Staat_der_Nederlanden_EV_Root_CA",
+      "binNumber": 160,
+      "sha256Fingerprint": "TSSRQUz+lWdG7Ezvps9vcuKKEylDL52KkHrEy12twVo="
+    },
+    {
+      "label": "IdenTrust_Commercial_Root_CA_1",
+      "binNumber": 161,
+      "sha256Fingerprint": "XVZJm+TS4IvPytCKPjhyPVBQO95waUjkL1VgMBnlKK4="
+    },
+    {
+      "label": "IdenTrust_Public_Sector_Root_CA_1",
+      "binNumber": 162,
+      "sha256Fingerprint": "MNCJWppEiiYgkWNVItH1IBC1hnrK4Sx475WP1PQ4ny8="
+    },
+    {
+      "label": "Entrust_Root_Certification_Authority___G2",
+      "binNumber": 163,
+      "sha256Fingerprint": "Q99XdLA+f+9f5A2TGnvt8bsua0JzjE5tOEEQPTqn8zk="
+    },
+    {
+      "label": "Entrust_Root_Certification_Authority___EC1",
+      "binNumber": 164,
+      "sha256Fingerprint": "Au0OsowU2kUWXFZnkXANZFHX+1bwsqsdO46wcOVu3/U="
+    },
+    {
+      "label": "CFCA_EV_ROOT",
+      "binNumber": 165,
+      "sha256Fingerprint": "XMPXjk4dXkVUegTmhz5k+Qz5U20czC74APNVxMX9cP0="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H5",
+      "binNumber": 166,
+      "sha256Fingerprint": "STUbkDREwYXM3FxpPSTYVVyyCNaoFBMHaZ9K8GMZnXg="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H6",
+      "binNumber": 167,
+      "sha256Fingerprint": "jeeGVeG+f3hHgAuT9pTSHTaMwG4DPn+rBLteuZ2mtwA="
+    },
+    {
+      "label": "Certinomis___Root_CA",
+      "binNumber": 168,
+      "sha256Fingerprint": "Kpn1vBF0tzy7HWIIhOAcNOUcyzl42hJfDjMmiIO/QVg="
+    },
+    {
+      "label": "OISTE_WISeKey_Global_Root_GB_CA",
+      "binNumber": 169,
+      "sha256Fingerprint": "a5wI6G6w92fPrWXNmLYhSeVJSmf1hF570e0Bnye4a9Y="
+    },
+    {
+      "label": "Certification_Authority_of_WoSign_G2",
+      "binNumber": 170,
+      "sha256Fingerprint": "1Ielb4OwdILoXpYzlMHswsnlHQkD7pRrAsMBWB7ZnhY="
+    },
+    {
+      "label": "CA_WoSign_ECC_Root",
+      "binNumber": 171,
+      "sha256Fingerprint": "i0XaHAb3kesMq/Jr5Yj1+yMWXC5hS/iFVi0NzlCymwI="
+    },
+    {
+      "label": "SZAFIR_ROOT_CA2",
+      "binNumber": 172,
+      "sha256Fingerprint": "oTOdMygaC1blV9PTKxzn+TZ+sJS9X6cqflAEyN7Xyv4="
+    },
+    {
+      "label": "Certum_Trusted_Network_CA_2",
+      "binNumber": 173,
+      "sha256Fingerprint": "tnby7drod1zTbLD2PNHUYDlh9J5iZboBOi8DB7bQuAQ="
+    },
+    {
+      "label": "Hellenic_Academic_and_Research_Institutions_RootCA_2015",
+      "binNumber": 174,
+      "sha256Fingerprint": "oECSmgLOU7Ss9PL/xpgc5ElvdV5tRf4LKmkrzVJSPzY="
+    },
+    {
+      "label": "Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015",
+      "binNumber": 175,
+      "sha256Fingerprint": "RLVFqool5lpzyhXcJ/w20kwcuZU6BmU5sRWC3Eh7SDM="
+    },
+    {
+      "label": "Certplus_Root_CA_G1",
+      "binNumber": 176,
+      "sha256Fingerprint": "FSpAK/zfLNVIBU0idbOcf8o+wJeAeLDw6nblYabHQz4="
+    },
+    {
+      "label": "Certplus_Root_CA_G2",
+      "binNumber": 177,
+      "sha256Fingerprint": "bMBQQeZEXnRpbEz7yfgPVDt+q7tEtM5veHxqmXHELxc="
+    },
+    {
+      "label": "OpenTrust_Root_CA_G1",
+      "binNumber": 178,
+      "sha256Fingerprint": "VsdxKNmMGNkbTP3/vCXukQPUdY6iq62CapDzRX1GDrQ="
+    },
+    {
+      "label": "OpenTrust_Root_CA_G2",
+      "binNumber": 179,
+      "sha256Fingerprint": "J5lYKf5qdRXBv+hI+cR2HbFsIlkpJXv0DQiU8p6ouvI="
+    },
+    {
+      "label": "OpenTrust_Root_CA_G3",
+      "binNumber": 180,
+      "sha256Fingerprint": "t8NiMXBugQeMNny4lhmPHjII3ZJpSd2PVwmkEPdbYpI="
+    },
+    {
+      "label": "ISRG_Root_X1",
+      "binNumber": 181,
+      "sha256Fingerprint": "lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY="
+    },
+    {
+      "label": "OU_AC_RAIZ_FNMT_RCM_O_FNMT_RCM_C_ES",
+      "binNumber": 182,
+      "sha256Fingerprint": "68VXDCkBjE1nsaoSe68S9wO0YR68F7fatVc4lBebk/o="
+    },
+    {
+      "label": "Amazon_Root_CA_1",
+      "binNumber": 183,
+      "sha256Fingerprint": "js3miE89h7ESW6Maw/yxPXAW3n9XzJBP4cuXxq6YGW4="
+    },
+    {
+      "label": "Amazon_Root_CA_2",
+      "binNumber": 184,
+      "sha256Fingerprint": "G6WyqoxlQBqClgEY+AvsT2IwTYPOxHE6GcOcAR6kbbQ="
+    },
+    {
+      "label": "Amazon_Root_CA_3",
+      "binNumber": 185,
+      "sha256Fingerprint": "GM5s/nvxTmCy40e43+hoyzHQLrs62icVafUDQ7Rts6Q="
+    },
+    {
+      "label": "Amazon_Root_CA_4",
+      "binNumber": 186,
+      "sha256Fingerprint": "410oQZ7QICXPppA4zWI5YkWNpcaV+96jwisL+yWJcJI="
+    },
+    {
+      "label": "LuxTrust_Global_Root_2",
+      "binNumber": 187,
+      "sha256Fingerprint": "VEVfcSnCCxRHxBj5lxaPJMWPxQI79dpb4utuHdiQLtU="
+    }
+  ],
+  "maxBin": 187
+}
\ No newline at end of file
diff --git a/security/manager/tools/PreloadedHPKPins.json b/security/manager/tools/PreloadedHPKPins.json
new file mode 100644
index 000000000..d9c394a1d
--- /dev/null
+++ b/security/manager/tools/PreloadedHPKPins.json
@@ -0,0 +1,222 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// The top-level element is a dictionary with two keys: "pinsets" maps details
+// of certificate pinning to a name and "entries" contains the HPKP details for
+// each host.
+//
+// "pinsets" is a list of objects. Each object has the following members:
+//   name: (string) the name of the pinset
+//   sha256_hashes: (list of strings) the set of allowed SPKIs hashes
+//
+// For a given pinset, a certificate is accepted if at least one of the
+// Subject Public Key Infos (SPKIs) is found in the chain.  SPKIs are specified
+// as names, which must match up with the name given in the Mozilla root store.
+//
+// "entries" is a list of objects. Each object has the following members:
+//   name: (string) the DNS name of the host in question
+//   include_subdomains: (optional bool) whether subdomains of |name| are also covered
+//   pins: (string) the |name| member of an object in |pinsets|
+//
+// "extra_certs" is a list of base64-encoded certificates. These are used in
+// pinsets that reference certificates not in our root program (for example,
+// Facebook).
+
+// equifax -> aus3
+// Geotrust Primary -> www.mozilla.org
+// Geotrust Global -> *. addons.mozilla.org
+{
+  "chromium_data" : {
+    "cert_file_url": "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.pins?format=TEXT",
+    "json_file_url": "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT",
+    "substitute_pinsets": {
+      // Use the larger google_root_pems pinset instead of google
+      "google": "google_root_pems"
+    },
+    "production_pinsets": [
+      "google_root_pems",
+      "facebook"
+    ],
+    "production_domains": [
+      // Chrome's test domains.
+      "pinningtest.appspot.com",
+      "pinning-test.badssl.com",
+      // Dropbox
+      "dropbox.com",
+      "www.dropbox.com",
+      // Twitter
+      "api.twitter.com",
+      "business.twitter.com",
+      "dev.twitter.com",
+      "mobile.twitter.com",
+      "oauth.twitter.com",
+      "platform.twitter.com",
+      "twimg.com",
+      "www.twitter.com",
+      // Tor
+      "torproject.org",
+      "blog.torproject.org",
+      "check.torproject.org",
+      "dist.torproject.org",
+      "www.torproject.org",
+      // SpiderOak
+      "spideroak.com"
+    ],
+    "exclude_domains" : [
+      // Chrome's entry for twitter.com doesn't include subdomains, so replace
+      // it with our own entry below which also uses an expanded pinset.
+      "twitter.com"
+    ]
+   },
+  "pinsets": [
+    {
+      // From bug 772756, mozilla uses GeoTrust, Digicert and Thawte.  Our
+      // cdn sites use Verisign and Baltimore. We exclude 1024-bit root certs
+      // from all providers. geotrust ca info:
+      // http://www.geotrust.com/resources/root-certificates/index.html
+      "name": "mozilla",
+      "sha256_hashes": [
+        "Baltimore CyberTrust Root",
+        "DigiCert Assured ID Root CA",
+        "DigiCert Global Root CA",
+        "DigiCert High Assurance EV Root CA",
+        "GeoTrust Global CA",
+        "GeoTrust Global CA 2",
+        "GeoTrust Primary Certification Authority",
+        "GeoTrust Primary Certification Authority - G2",
+        "GeoTrust Primary Certification Authority - G3",
+        "GeoTrust Universal CA",
+        "GeoTrust Universal CA 2",
+        "thawte Primary Root CA",
+        "thawte Primary Root CA - G2",
+        "thawte Primary Root CA - G3",
+        "Verisign Class 1 Public Primary Certification Authority - G3",
+        "Verisign Class 2 Public Primary Certification Authority - G3",
+        "Verisign Class 3 Public Primary Certification Authority - G3",
+        "VeriSign Class 3 Public Primary Certification Authority - G4",
+        "VeriSign Class 3 Public Primary Certification Authority - G5",
+        // "Verisign Class 4 Public Primary Certification Authority - G3",
+        "VeriSign Universal Root Certification Authority"
+      ]
+    },
+    {
+      "name": "mozilla_services",
+      "sha256_hashes": [
+        "DigiCert Global Root CA"
+      ]
+    },
+    // For pinning tests on pinning.example.com, the certificate must be 'End
+    // Entity Test Cert'
+    {
+      "name": "mozilla_test",
+      "sha256_hashes": [
+        "End Entity Test Cert"
+      ]
+    },
+    // Google's root PEMs. Chrome pins only to their intermediate certs, but
+    // they'd like us to be more liberal. For the initial list, we are using
+    // the certs from http://pki.google.com/roots.pem.
+    // We have no built-in for commented out CAs.
+    {
+      "name": "google_root_pems",
+      "sha256_hashes": [
+        "AddTrust External Root",
+        "AddTrust Low-Value Services Root",
+        "AddTrust Public Services Root",
+        "AddTrust Qualified Certificates Root",
+        "AffirmTrust Commercial",
+        "AffirmTrust Networking",
+        "AffirmTrust Premium",
+        "AffirmTrust Premium ECC",
+        "Baltimore CyberTrust Root",
+        "Comodo AAA Services root",
+        "COMODO Certification Authority",
+        "COMODO ECC Certification Authority",
+        "COMODO RSA Certification Authority",
+        "Comodo Secure Services root",
+        "Comodo Trusted Services root",
+        "Cybertrust Global Root",
+        "DigiCert Assured ID Root CA",
+        "DigiCert Assured ID Root G2",
+        "DigiCert Assured ID Root G3",
+        "DigiCert Global Root CA",
+        "DigiCert Global Root G2",
+        "DigiCert Global Root G3",
+        "DigiCert High Assurance EV Root CA",
+        "DigiCert Trusted Root G4",
+        "Entrust Root Certification Authority",
+        "Entrust Root Certification Authority - EC1",
+        "Entrust Root Certification Authority - G2",
+        "Entrust.net Premium 2048 Secure Server CA",
+        // "Equifax Secure Certificate Authority",
+        "GeoTrust Global CA",
+        "GeoTrust Global CA 2",
+        "GeoTrust Primary Certification Authority",
+        "GeoTrust Primary Certification Authority - G2",
+        "GeoTrust Primary Certification Authority - G3",
+        "GeoTrust Universal CA",
+        "GeoTrust Universal CA 2",
+        "GlobalSign ECC Root CA - R4",
+        "GlobalSign ECC Root CA - R5",
+        "GlobalSign Root CA",
+        "GlobalSign Root CA - R2",
+        "GlobalSign Root CA - R3",
+        "Go Daddy Class 2 CA",
+        "Go Daddy Root Certificate Authority - G2",
+        "Starfield Class 2 CA",
+        "Starfield Root Certificate Authority - G2",
+        "thawte Primary Root CA",
+        "thawte Primary Root CA - G2",
+        "thawte Primary Root CA - G3",
+        "USERTrust ECC Certification Authority",
+        "USERTrust RSA Certification Authority",
+        "UTN USERFirst Hardware Root CA",
+        "Verisign Class 3 Public Primary Certification Authority - G3",
+        "VeriSign Class 3 Public Primary Certification Authority - G4",
+        "VeriSign Class 3 Public Primary Certification Authority - G5",
+        "VeriSign Universal Root Certification Authority"
+      ]
+    }
+  ],
+
+  "entries": [
+    // Only domains that are operationally crucial to Firefox can have per-host
+    // telemetry reporting (the "id") field
+    { "name": "addons.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla", "test_mode": false, "id": 1 },
+    { "name": "addons.mozilla.net", "include_subdomains": true,
+      "pins": "mozilla", "test_mode": false, "id": 2 },
+    { "name": "aus4.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla", "test_mode": true, "id": 3 },
+    { "name": "accounts.firefox.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 4 },
+    { "name": "api.accounts.firefox.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 5 },
+    { "name": "cdn.mozilla.net", "include_subdomains": true,
+      "pins": "mozilla", "test_mode": false },
+    { "name": "cdn.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla", "test_mode": false },
+    { "name": "services.mozilla.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 6 },
+    { "name": "include-subdomains.pinning.example.com",
+      "include_subdomains": true, "pins": "mozilla_test",
+      "test_mode": false },
+    // Example domain to collect per-host stats for telemetry tests.
+    { "name": "exclude-subdomains.pinning.example.com",
+      "include_subdomains": false, "pins": "mozilla_test",
+      "test_mode": false, "id": 0 },
+    { "name": "test-mode.pinning.example.com", "include_subdomains": true,
+      "pins": "mozilla_test", "test_mode": true },
+    // Expand twitter's pinset to include all of *.twitter.com and use
+    // twitterCDN. More specific rules take precedence because we search for
+    // exact domain name first.
+    { "name": "twitter.com", "include_subdomains": true,
+      "pins": "twitterCDN", "test_mode": false },
+    { "name": "aus5.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla", "test_mode": true, "id": 7 }
+  ],
+
+  "extra_certificates": []
+}
diff --git a/security/manager/tools/dumpGoogleRoots.js b/security/manager/tools/dumpGoogleRoots.js
new file mode 100644
index 000000000..2daa20434
--- /dev/null
+++ b/security/manager/tools/dumpGoogleRoots.js
@@ -0,0 +1,106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file is a helper script that generates the list of certificates that
+// make up the preloaded pinset for Google properties.
+//
+// How to run this file:
+// 1. [obtain firefox source code]
+// 2. [build/obtain firefox binaries]
+// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell dumpGoogleRoots.js'
+// 4. [paste the output into the appropriate section in
+//     security/manager/tools/PreloadedHPKPins.json]
+
+var Cc = Components.classes;
+var Ci = Components.interfaces;
+
+function downloadRoots() {
+  let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
+              .createInstance(Ci.nsIXMLHttpRequest);
+  req.open("GET", "https://pki.google.com/roots.pem", false);
+  try {
+    req.send();
+  }
+  catch (e) {
+    throw new Error("ERROR: problem downloading Google Root PEMs: " + e);
+  }
+
+  if (req.status != 200) {
+    throw new Error("ERROR: problem downloading Google Root PEMs. Status: " +
+                    req.status);
+  }
+
+  let pem = req.responseText;
+  let roots = [];
+  let currentPEM = "";
+  let readingRoot = false;
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  for (let line of pem.split(/[\r\n]/)) {
+    if (line == "-----END CERTIFICATE-----") {
+      if (currentPEM) {
+        roots.push(certDB.constructX509FromBase64(currentPEM));
+      }
+      currentPEM = "";
+      readingRoot = false;
+      continue;
+    }
+    if (readingRoot) {
+      currentPEM += line;
+    }
+    if (line == "-----BEGIN CERTIFICATE-----") {
+      readingRoot = true;
+    }
+  }
+  return roots;
+}
+
+function makeFormattedNickname(cert) {
+  if (cert.nickname.startsWith("Builtin Object Token:")) {
+    return `"${cert.nickname.substring("Builtin Object Token:".length)}"`;
+  }
+  // Otherwise, this isn't a built-in and we have to comment it out.
+  if (cert.commonName) {
+    return `// "${cert.commonName}"`;
+  }
+  if (cert.organizationalUnit) {
+    return `// "${cert.organizationalUnit}"`;
+  }
+  if (cert.organization) {
+    return `// "${cert.organization}"`;
+  }
+  throw new Error(`couldn't make nickname for ${cert.subjectName}`);
+}
+
+var roots = downloadRoots();
+var rootNicknames = [];
+for (var root of roots) {
+  rootNicknames.push(makeFormattedNickname(root));
+}
+rootNicknames.sort(function(rootA, rootB) {
+  let rootALowercase = rootA.toLowerCase().replace(/(^[^"]*")|"/g, "");
+  let rootBLowercase = rootB.toLowerCase().replace(/(^[^"]*")|"/g, "");
+  if (rootALowercase < rootBLowercase) {
+    return -1;
+  }
+  if (rootALowercase > rootBLowercase) {
+    return 1;
+  }
+  return 0;
+});
+dump("    {\n");
+dump("      \"name\": \"google_root_pems\",\n");
+dump("      \"sha256_hashes\": [\n");
+var first = true;
+for (var nickname of rootNicknames) {
+  if (!first) {
+    dump(",\n");
+  }
+  first = false;
+  dump("        " + nickname);
+}
+dump("\n");
+dump("      ]\n");
+dump("    }\n");
diff --git a/security/manager/tools/genHPKPStaticPins.js b/security/manager/tools/genHPKPStaticPins.js
new file mode 100644
index 000000000..f2b9dbdda
--- /dev/null
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -0,0 +1,630 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// How to run this file:
+// 1. [obtain firefox source code]
+// 2. [build/obtain firefox binaries]
+// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell \
+//                                  [path to]/genHPKPStaticpins.js \
+//                                  [absolute path to]/PreloadedHPKPins.json \
+//                                  [an unused argument - see bug 1205406] \
+//                                  [absolute path to]/StaticHPKPins.h
+"use strict";
+
+if (arguments.length != 3) {
+  throw new Error("Usage: genHPKPStaticPins.js " +
+                  "<absolute path to PreloadedHPKPins.json> " +
+                  "<an unused argument - see bug 1205406> " +
+                  "<absolute path to StaticHPKPins.h>");
+}
+
+var { 'classes': Cc, 'interfaces': Ci, 'utils': Cu, 'results': Cr } = Components;
+
+var { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
+var { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
+var { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                .getService(Ci.nsIX509CertDB);
+
+const BUILT_IN_NICK_PREFIX = "Builtin Object Token:";
+const SHA256_PREFIX = "sha256/";
+const GOOGLE_PIN_PREFIX = "GOOGLE_PIN_";
+
+// Pins expire in 14 weeks (6 weeks on Beta + 8 weeks on stable)
+const PINNING_MINIMUM_REQUIRED_MAX_AGE = 60 * 60 * 24 * 7 * 14;
+
+const FILE_HEADER = "/* This Source Code Form is subject to the terms of the Mozilla Public\n" +
+" * License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
+" * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n" +
+"\n" +
+"/*****************************************************************************/\n" +
+"/* This is an automatically generated file. If you're not                    */\n" +
+"/* PublicKeyPinningService.cpp, you shouldn't be #including it.              */\n" +
+"/*****************************************************************************/\n" +
+"#include <stdint.h>" +
+"\n";
+
+const DOMAINHEADER = "/* Domainlist */\n" +
+  "struct TransportSecurityPreload {\n" +
+  "  const char* mHost;\n" +
+  "  const bool mIncludeSubdomains;\n" +
+  "  const bool mTestMode;\n" +
+  "  const bool mIsMoz;\n" +
+  "  const int32_t mId;\n" +
+  "  const StaticFingerprints* pinset;\n" +
+  "};\n\n";
+
+const PINSETDEF = "/* Pinsets are each an ordered list by the actual value of the fingerprint */\n" +
+  "struct StaticFingerprints {\n" +
+  "  const size_t size;\n" +
+  "  const char* const* data;\n" +
+  "};\n\n";
+
+// Command-line arguments
+var gStaticPins = parseJson(arguments[0]);
+
+// arguments[1] is ignored for now. See bug 1205406.
+
+// Open the output file.
+var file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
+file.initWithPath(arguments[2]);
+var gFileOutputStream = FileUtils.openSafeFileOutputStream(file);
+
+function writeString(string) {
+  gFileOutputStream.write(string, string.length);
+}
+
+function readFileToString(filename) {
+  let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
+  file.initWithPath(filename);
+  let stream = Cc["@mozilla.org/network/file-input-stream;1"]
+                 .createInstance(Ci.nsIFileInputStream);
+  stream.init(file, -1, 0, 0);
+  let buf = NetUtil.readInputStreamToString(stream, stream.available());
+  return buf;
+}
+
+function stripComments(buf) {
+  let lines = buf.split("\n");
+  let entryRegex = /^\s*\/\//;
+  let data = "";
+  for (let i = 0; i < lines.length; ++i) {
+    let match = entryRegex.exec(lines[i]);
+    if (!match) {
+      data = data + lines[i];
+    }
+  }
+  return data;
+}
+
+function isBuiltinToken(tokenName) {
+  return tokenName == "Builtin Object Token";
+}
+
+function isCertBuiltIn(cert) {
+  let tokenNames = cert.getAllTokenNames({});
+  if (!tokenNames) {
+    return false;
+  }
+  if (tokenNames.some(isBuiltinToken)) {
+    return true;
+  }
+  return false;
+}
+
+function download(filename) {
+  let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
+              .createInstance(Ci.nsIXMLHttpRequest);
+  req.open("GET", filename, false); // doing the request synchronously
+  try {
+    req.send();
+  }
+  catch (e) {
+    throw new Error(`ERROR: problem downloading '${filename}': ${e}`);
+  }
+
+  if (req.status != 200) {
+    throw new Error("ERROR: problem downloading '" + filename + "': status " +
+                    req.status);
+  }
+
+  let resultDecoded;
+  try {
+    resultDecoded = atob(req.responseText);
+  }
+  catch (e) {
+    throw new Error("ERROR: could not decode data as base64 from '" + filename +
+                    "': " + e);
+  }
+  return resultDecoded;
+}
+
+function downloadAsJson(filename) {
+  // we have to filter out '//' comments, while not mangling the json
+  let result = download(filename).replace(/^(\s*)?\/\/[^\n]*\n/mg, "");
+  let data = null;
+  try {
+    data = JSON.parse(result);
+  }
+  catch (e) {
+    throw new Error("ERROR: could not parse data from '" + filename + "': " + e);
+  }
+  return data;
+}
+
+// Returns a Subject Public Key Digest from the given pem, if it exists.
+function getSKDFromPem(pem) {
+  let cert = gCertDB.constructX509FromBase64(pem, pem.length);
+  return cert.sha256SubjectPublicKeyInfoDigest;
+}
+
+/**
+ * Hashes |input| using the SHA-256 algorithm in the following manner:
+ *   btoa(sha256(atob(input)))
+ *
+ * @argument {String} input Base64 string to decode and return the hash of.
+ * @returns {String} Base64 encoded SHA-256 hash.
+ */
+function sha256Base64(input) {
+  let decodedValue;
+  try {
+    decodedValue = atob(input);
+  }
+  catch (e) {
+    throw new Error(`ERROR: could not decode as base64: '${input}': ${e}`);
+  }
+
+  // Convert |decodedValue| to an array so that it can be hashed by the
+  // nsICryptoHash instance below.
+  // In most cases across the code base, convertToByteArray() of
+  // nsIScriptableUnicodeConverter is used to do this, but the method doesn't
+  // seem to work here.
+  let data = [];
+  for (let i = 0; i < decodedValue.length; i++) {
+    data[i] = decodedValue.charCodeAt(i);
+  }
+
+  let hasher = Cc["@mozilla.org/security/hash;1"]
+                 .createInstance(Ci.nsICryptoHash);
+  hasher.init(hasher.SHA256);
+  hasher.update(data, data.length);
+
+  // true is passed so that the hasher returns a Base64 encoded string.
+  return hasher.finish(true);
+}
+
+// Downloads the static certs file and tries to map Google Chrome nicknames
+// to Mozilla nicknames, as well as storing any hashes for pins for which we
+// don't have root PEMs. Each entry consists of a line containing the name of
+// the pin followed either by a hash in the format "sha256/" + base64(hash),
+// a PEM encoded public key, or a PEM encoded certificate.
+// For certificates that we have in our database,
+// return a map of Google's nickname to ours. For ones that aren't return a
+// map of Google's nickname to SHA-256 values. This code is modeled after agl's
+// https://github.com/agl/transport-security-state-generate, which doesn't
+// live in the Chromium repo because go is not an official language in
+// Chromium.
+// For all of the entries in this file:
+// - If the entry has a hash format, find the Mozilla pin name (cert nickname)
+// and stick the hash into certSKDToName
+// - If the entry has a PEM format, parse the PEM, find the Mozilla pin name
+// and stick the hash in certSKDToName
+// We MUST be able to find a corresponding cert nickname for the Chrome names,
+// otherwise we skip all pinsets referring to that Chrome name.
+function downloadAndParseChromeCerts(filename, certNameToSKD, certSKDToName) {
+  // Prefixes that we care about.
+  const BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
+  const END_CERT = "-----END CERTIFICATE-----";
+  const BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
+  const END_PUB_KEY = "-----END PUBLIC KEY-----";
+
+  // Parsing states.
+  const PRE_NAME = 0;
+  const POST_NAME = 1;
+  const IN_CERT = 2;
+  const IN_PUB_KEY = 3;
+  let state = PRE_NAME;
+
+  let lines = download(filename).split("\n");
+  let name = "";
+  let pemCert = "";
+  let pemPubKey = "";
+  let hash = "";
+  let chromeNameToHash = {};
+  let chromeNameToMozName = {};
+  let chromeName;
+  for (let line of lines) {
+    // Skip comments and newlines.
+    if (line.length == 0 || line[0] == '#') {
+      continue;
+    }
+    switch (state) {
+      case PRE_NAME:
+        chromeName = line;
+        state = POST_NAME;
+        break;
+      case POST_NAME:
+        if (line.startsWith(SHA256_PREFIX)) {
+          hash = line.substring(SHA256_PREFIX.length);
+          chromeNameToHash[chromeName] = hash;
+          certNameToSKD[chromeName] = hash;
+          certSKDToName[hash] = chromeName;
+          state = PRE_NAME;
+        } else if (line.startsWith(BEGIN_CERT)) {
+          state = IN_CERT;
+        } else if (line.startsWith(BEGIN_PUB_KEY)) {
+          state = IN_PUB_KEY;
+        } else {
+          throw new Error("ERROR: couldn't parse Chrome certificate file " +
+                          "line: " + line);
+        }
+        break;
+      case IN_CERT:
+        if (line.startsWith(END_CERT)) {
+          state = PRE_NAME;
+          hash = getSKDFromPem(pemCert);
+          pemCert = "";
+          let mozName;
+          if (hash in certSKDToName) {
+            mozName = certSKDToName[hash];
+          } else {
+            // Not one of our built-in certs. Prefix the name with
+            // GOOGLE_PIN_.
+            mozName = GOOGLE_PIN_PREFIX + chromeName;
+            dump("Can't find hash in builtin certs for Chrome nickname " +
+                 chromeName + ", inserting " + mozName + "\n");
+            certSKDToName[hash] = mozName;
+            certNameToSKD[mozName] = hash;
+          }
+          chromeNameToMozName[chromeName] = mozName;
+        } else {
+          pemCert += line;
+        }
+        break;
+      case IN_PUB_KEY:
+        if (line.startsWith(END_PUB_KEY)) {
+          state = PRE_NAME;
+          hash = sha256Base64(pemPubKey);
+          pemPubKey = "";
+          chromeNameToHash[chromeName] = hash;
+          certNameToSKD[chromeName] = hash;
+          certSKDToName[hash] = chromeName;
+        } else {
+          pemPubKey += line;
+        }
+        break;
+      default:
+        throw new Error("ERROR: couldn't parse Chrome certificate file " + line);
+    }
+  }
+  return [ chromeNameToHash, chromeNameToMozName ];
+}
+
+// We can only import pinsets from chrome if for every name in the pinset:
+// - We have a hash from Chrome's static certificate file
+// - We have a builtin cert
+// If the pinset meets these requirements, we store a map array of pinset
+// objects:
+// {
+//   pinset_name : {
+//     // Array of names with entries in certNameToSKD
+//     sha256_hashes: []
+//   }
+// }
+// and an array of imported pinset entries:
+// { name: string, include_subdomains: boolean, test_mode: boolean,
+//   pins: pinset_name }
+function downloadAndParseChromePins(filename,
+                                    chromeNameToHash,
+                                    chromeNameToMozName,
+                                    certNameToSKD,
+                                    certSKDToName) {
+  let chromePreloads = downloadAsJson(filename);
+  let chromePins = chromePreloads.pinsets;
+  let chromeImportedPinsets = {};
+  let chromeImportedEntries = [];
+
+  chromePins.forEach(function(pin) {
+    let valid = true;
+    let pinset = { name: pin.name, sha256_hashes: [] };
+    // Translate the Chrome pinset format to ours
+    pin.static_spki_hashes.forEach(function(name) {
+      if (name in chromeNameToHash) {
+        let hash = chromeNameToHash[name];
+        pinset.sha256_hashes.push(certSKDToName[hash]);
+
+        // We should have already added hashes for all of these when we
+        // imported the certificate file.
+        if (!certNameToSKD[name]) {
+          throw new Error("ERROR: No hash for name: " + name);
+        }
+      } else if (name in chromeNameToMozName) {
+        pinset.sha256_hashes.push(chromeNameToMozName[name]);
+      } else {
+        dump("Skipping Chrome pinset " + pinset.name + ", couldn't find " +
+             "builtin " + name + " from cert file\n");
+        valid = false;
+      }
+    });
+    if (valid) {
+      chromeImportedPinsets[pinset.name] = pinset;
+    }
+  });
+
+  // Grab the domain entry lists. Chrome's entry format is similar to
+  // ours, except theirs includes a HSTS mode.
+  const cData = gStaticPins.chromium_data;
+  let entries = chromePreloads.entries;
+  entries.forEach(function(entry) {
+    // HSTS entry only
+    if (!entry.pins) {
+      return;
+    }
+    let pinsetName = cData.substitute_pinsets[entry.pins];
+    if (!pinsetName) {
+      pinsetName = entry.pins;
+    }
+
+    // We trim the entry name here to avoid breaking hostname comparisons in the
+    // HPKP implementation.
+    entry.name = entry.name.trim();
+
+    let isProductionDomain =
+      (cData.production_domains.indexOf(entry.name) != -1);
+    let isProductionPinset =
+      (cData.production_pinsets.indexOf(pinsetName) != -1);
+    let excludeDomain =
+      (cData.exclude_domains.indexOf(entry.name) != -1);
+    let isTestMode = !isProductionPinset && !isProductionDomain;
+    if (entry.pins && !excludeDomain && chromeImportedPinsets[entry.pins]) {
+      chromeImportedEntries.push({
+        name: entry.name,
+        include_subdomains: entry.include_subdomains,
+        test_mode: isTestMode,
+        is_moz: false,
+        pins: pinsetName });
+    }
+  });
+  return [ chromeImportedPinsets, chromeImportedEntries ];
+}
+
+// Returns a pair of maps [certNameToSKD, certSKDToName] between cert
+// nicknames and digests of the SPKInfo for the mozilla trust store
+function loadNSSCertinfo(extraCertificates) {
+  let allCerts = gCertDB.getCerts();
+  let enumerator = allCerts.getEnumerator();
+  let certNameToSKD = {};
+  let certSKDToName = {};
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+    if (!isCertBuiltIn(cert)) {
+      continue;
+    }
+    let name = cert.nickname.substr(BUILT_IN_NICK_PREFIX.length);
+    let SKD = cert.sha256SubjectPublicKeyInfoDigest;
+    certNameToSKD[name] = SKD;
+    certSKDToName[SKD] = name;
+  }
+
+  for (let cert of extraCertificates) {
+    let name = cert.commonName;
+    let SKD = cert.sha256SubjectPublicKeyInfoDigest;
+    certNameToSKD[name] = SKD;
+    certSKDToName[SKD] = name;
+  }
+
+  {
+    // This is the pinning test certificate. The key hash identifies the
+    // default RSA key from pykey.
+    let name = "End Entity Test Cert";
+    let SKD = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+    certNameToSKD[name] = SKD;
+    certSKDToName[SKD] = name;
+  }
+  return [certNameToSKD, certSKDToName];
+}
+
+function parseJson(filename) {
+  let json = stripComments(readFileToString(filename));
+  return JSON.parse(json);
+}
+
+function nameToAlias(certName) {
+  // change the name to a string valid as a c identifier
+  // remove  non-ascii characters
+  certName = certName.replace(/[^[:ascii:]]/g, "_");
+  // replace non word characters
+  certName = certName.replace(/[^A-Za-z0-9]/g, "_");
+
+  return "k" + certName + "Fingerprint";
+}
+
+function compareByName (a, b) {
+  return a.name.localeCompare(b.name);
+}
+
+function genExpirationTime() {
+  let now = new Date();
+  let nowMillis = now.getTime();
+  let expirationMillis = nowMillis + (PINNING_MINIMUM_REQUIRED_MAX_AGE * 1000);
+  let expirationMicros = expirationMillis * 1000;
+  return "static const PRTime kPreloadPKPinsExpirationTime = INT64_C(" +
+         expirationMicros + ");\n";
+}
+
+function writeFullPinset(certNameToSKD, certSKDToName, pinset) {
+  let prefix = "kPinset_" + pinset.name;
+  if (!pinset.sha256_hashes || pinset.sha256_hashes.length == 0) {
+    throw new Error(`ERROR: Pinset ${pinset.name} does not contain any hashes`);
+  }
+  writeFingerprints(certNameToSKD, certSKDToName, pinset.name,
+                    pinset.sha256_hashes);
+}
+
+function writeFingerprints(certNameToSKD, certSKDToName, name, hashes) {
+  let varPrefix = "kPinset_" + name;
+  writeString("static const char* const " + varPrefix + "_Data[] = {\n");
+  let SKDList = [];
+  for (let certName of hashes) {
+    if (!(certName in certNameToSKD)) {
+      throw new Error(`ERROR: Can't find '${certName}' in certNameToSKD`);
+    }
+    SKDList.push(certNameToSKD[certName]);
+  }
+  for (let skd of SKDList.sort()) {
+    writeString("  " + nameToAlias(certSKDToName[skd]) + ",\n");
+  }
+  if (hashes.length == 0) {
+    // ANSI C requires that an initialiser list be non-empty.
+    writeString("  0\n");
+  }
+  writeString("};\n");
+  writeString("static const StaticFingerprints " + varPrefix + " = {\n  " +
+    "sizeof(" + varPrefix + "_Data) / sizeof(const char*),\n  " + varPrefix +
+    "_Data\n};\n\n");
+}
+
+function writeEntry(entry) {
+  let printVal = "  { \"" + entry.name + "\",\ ";
+  if (entry.include_subdomains) {
+    printVal += "true, ";
+  } else {
+    printVal += "false, ";
+  }
+  // Default to test mode if not specified.
+  let testMode = true;
+  if (entry.hasOwnProperty("test_mode")) {
+    testMode = entry.test_mode;
+  }
+  if (testMode) {
+    printVal += "true, ";
+  } else {
+    printVal += "false, ";
+  }
+  if (entry.is_moz || (entry.pins.indexOf("mozilla") != -1 &&
+                       entry.pins != "mozilla_test")) {
+    printVal += "true, ";
+  } else {
+    printVal += "false, ";
+  }
+  if ("id" in entry) {
+    if (entry.id >= 256) {
+      throw new Error("ERROR: Not enough buckets in histogram");
+    }
+    if (entry.id >= 0) {
+      printVal += entry.id + ", ";
+    }
+  } else {
+    printVal += "-1, ";
+  }
+  printVal += "&kPinset_" + entry.pins;
+  printVal += " },\n";
+  writeString(printVal);
+}
+
+function writeDomainList(chromeImportedEntries) {
+  writeString("/* Sort hostnames for binary search. */\n");
+  writeString("static const TransportSecurityPreload " +
+          "kPublicKeyPinningPreloadList[] = {\n");
+  let count = 0;
+  let mozillaDomains = {};
+  gStaticPins.entries.forEach(function(entry) {
+    mozillaDomains[entry.name] = true;
+  });
+  // For any domain for which we have set pins, exclude them from
+  // chromeImportedEntries.
+  for (let i = chromeImportedEntries.length - 1; i >= 0; i--) {
+    if (mozillaDomains[chromeImportedEntries[i].name]) {
+      dump("Skipping duplicate pinset for domain " +
+           JSON.stringify(chromeImportedEntries[i], undefined, 2) + "\n");
+      chromeImportedEntries.splice(i, 1);
+    }
+  }
+  let sortedEntries = gStaticPins.entries;
+  sortedEntries.push.apply(sortedEntries, chromeImportedEntries);
+  for (let entry of sortedEntries.sort(compareByName)) {
+    count++;
+    writeEntry(entry);
+  }
+  writeString("};\n");
+
+  writeString("\n// Pinning Preload List Length = " + count + ";\n");
+  writeString("\nstatic const int32_t kUnknownId = -1;\n");
+}
+
+function writeFile(certNameToSKD, certSKDToName,
+                   chromeImportedPinsets, chromeImportedEntries) {
+  // Compute used pins from both Chrome's and our pinsets, so we can output
+  // them later.
+  let usedFingerprints = {};
+  let mozillaPins = {};
+  gStaticPins.pinsets.forEach(function(pinset) {
+    mozillaPins[pinset.name] = true;
+    pinset.sha256_hashes.forEach(function (name) {
+      usedFingerprints[name] = true;
+    });
+  });
+  for (let key in chromeImportedPinsets) {
+    let pinset = chromeImportedPinsets[key];
+    pinset.sha256_hashes.forEach(function(name) {
+      usedFingerprints[name] = true;
+    });
+  }
+
+  writeString(FILE_HEADER);
+
+  // Write actual fingerprints.
+  Object.keys(usedFingerprints).sort().forEach(function(certName) {
+    if (certName) {
+      writeString("/* " + certName + " */\n");
+      writeString("static const char " + nameToAlias(certName) + "[] =\n");
+      writeString("  \"" + certNameToSKD[certName] + "\";\n");
+      writeString("\n");
+    }
+  });
+
+  // Write the pinsets
+  writeString(PINSETDEF);
+  writeString("/* PreloadedHPKPins.json pinsets */\n");
+  gStaticPins.pinsets.sort(compareByName).forEach(function(pinset) {
+    writeFullPinset(certNameToSKD, certSKDToName, pinset);
+  });
+  writeString("/* Chrome static pinsets */\n");
+  for (let key in chromeImportedPinsets) {
+    if (mozillaPins[key]) {
+      dump("Skipping duplicate pinset " + key + "\n");
+    } else {
+      dump("Writing pinset " + key + "\n");
+      writeFullPinset(certNameToSKD, certSKDToName, chromeImportedPinsets[key]);
+    }
+  }
+
+  // Write the domainlist entries.
+  writeString(DOMAINHEADER);
+  writeDomainList(chromeImportedEntries);
+  writeString("\n");
+  writeString(genExpirationTime());
+}
+
+function loadExtraCertificates(certStringList) {
+  let constructedCerts = [];
+  for (let certString of certStringList) {
+    constructedCerts.push(gCertDB.constructX509FromBase64(certString));
+  }
+  return constructedCerts;
+}
+
+var extraCertificates = loadExtraCertificates(gStaticPins.extra_certificates);
+var [ certNameToSKD, certSKDToName ] = loadNSSCertinfo(extraCertificates);
+var [ chromeNameToHash, chromeNameToMozName ] = downloadAndParseChromeCerts(
+  gStaticPins.chromium_data.cert_file_url, certNameToSKD, certSKDToName);
+var [ chromeImportedPinsets, chromeImportedEntries ] =
+  downloadAndParseChromePins(gStaticPins.chromium_data.json_file_url,
+    chromeNameToHash, chromeNameToMozName, certNameToSKD, certSKDToName);
+
+writeFile(certNameToSKD, certSKDToName, chromeImportedPinsets,
+          chromeImportedEntries);
+
+FileUtils.closeSafeFileOutputStream(gFileOutputStream);
diff --git a/security/manager/tools/genRootCAHashes.js b/security/manager/tools/genRootCAHashes.js
new file mode 100644
index 000000000..0d6f1df48
--- /dev/null
+++ b/security/manager/tools/genRootCAHashes.js
@@ -0,0 +1,255 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// How to run this file:
+// 1. [obtain firefox source code]
+// 2. [build/obtain firefox binaries]
+// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell genRootCAHashes.js \
+//                                  [absolute path to]/RootHashes.inc'
+
+var Cc = Components.classes;
+var Ci = Components.interfaces;
+var Cu = Components.utils;
+var Cr = Components.results;
+
+const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
+const CertDb = Components.classes[nsX509CertDB].getService(Ci.nsIX509CertDB);
+
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/FileUtils.jsm");
+Cu.import("resource://gre/modules/NetUtil.jsm");
+const { CommonUtils } = Cu.import("resource://services-common/utils.js", {});
+
+const FILENAME_OUTPUT = "RootHashes.inc";
+const FILENAME_TRUST_ANCHORS = "KnownRootHashes.json";
+const ROOT_NOT_ASSIGNED = -1;
+
+const JSON_HEADER = "// This Source Code Form is subject to the terms of the Mozilla Public\n" +
+"// License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
+"// file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n" +
+"//\n" +
+"//***************************************************************************\n" +
+"// This is an automatically generated file. It's used to maintain state for\n" +
+"// runs of genRootCAHashes.js; you should never need to manually edit it\n" +
+"//***************************************************************************\n" +
+"\n";
+
+const FILE_HEADER = "/* This Source Code Form is subject to the terms of the Mozilla Public\n" +
+" * License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
+" * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n" +
+"\n" +
+"/*****************************************************************************/\n" +
+"/* This is an automatically generated file. If you're not                    */\n" +
+"/* RootCertificateTelemetryUtils.cpp, you shouldn't be #including it.        */\n" +
+"/*****************************************************************************/\n" +
+"\n" +
+"#define HASH_LEN 32\n";
+
+const FP_PREAMBLE = "struct CertAuthorityHash {\n" +
+" const uint8_t hash[HASH_LEN];\n" +
+" const int32_t binNumber;\n" +
+"};\n\n" +
+"static const struct CertAuthorityHash ROOT_TABLE[] = {\n";
+
+const FP_POSTAMBLE = "};\n";
+
+// Helper
+function writeString(fos, string) {
+  fos.write(string, string.length);
+}
+
+// Remove all colons from a string
+function stripColons(hexString) {
+  return hexString.replace(/:/g, '');
+}
+
+// Expect an array of bytes and make it C-formatted
+function hexSlice(bytes, start, end) {
+  let ret = "";
+  for (let i = start; i < end; i++) {
+    let hex = (0 + bytes.charCodeAt(i).toString(16)).slice(-2).toUpperCase();
+    ret += "0x" + hex;
+    if (i < end - 1) {
+      ret += ", ";
+    }
+  }
+  return ret;
+}
+
+function stripComments(buf) {
+  let lines = buf.split("\n");
+  let entryRegex = /^\s*\/\//;
+  let data = "";
+  for (let i = 0; i < lines.length; i++) {
+    let match = entryRegex.exec(lines[i]);
+    if (!match) {
+      data = data + lines[i];
+    }
+  }
+  return data;
+}
+
+
+// Load the trust anchors JSON object from disk
+function loadTrustAnchors(file) {
+  if (file.exists()) {
+    let stream = Cc["@mozilla.org/network/file-input-stream;1"]
+                   .createInstance(Ci.nsIFileInputStream);
+    stream.init(file, -1, 0, 0);
+    let buf = NetUtil.readInputStreamToString(stream, stream.available());
+    return JSON.parse(stripComments(buf));
+  }
+  // If there's no input file, bootstrap.
+  return { roots: [], maxBin: 0 };
+}
+
+// Saves our persistence file so that we don't lose track of the mapping
+// between bin numbers and the CA-hashes, even as CAs come and go.
+function writeTrustAnchors(file) {
+  let fos = FileUtils.openSafeFileOutputStream(file);
+
+  let serializedData = JSON.stringify(gTrustAnchors, null, '  ');
+  fos.write(JSON_HEADER, JSON_HEADER.length);
+  fos.write(serializedData, serializedData.length);
+
+  FileUtils.closeSafeFileOutputStream(fos);
+}
+
+
+// Write the C++ header file
+function writeRootHashes(fos) {
+  try {
+    writeString(fos, FILE_HEADER);
+
+    // Output the sorted gTrustAnchors
+    writeString(fos, FP_PREAMBLE);
+    gTrustAnchors.roots.forEach(function(fp) {
+      let fpBytes = atob(fp.sha256Fingerprint);
+
+      writeString(fos, "  {\n");
+      writeString(fos, "    /* " + fp.label + " */\n");
+      writeString(fos, "    { " + hexSlice(fpBytes, 0, 16) + ",\n");
+      writeString(fos, "      " + hexSlice(fpBytes, 16, 32) + " },\n");
+      writeString(fos, "      " + fp.binNumber + " /* Bin Number */\n");
+
+      writeString(fos, "  },\n");
+    });
+    writeString(fos, FP_POSTAMBLE);
+
+    writeString(fos, "\n");
+
+  }
+  catch (e) {
+    dump("ERROR: problem writing output: " + e + "\n");
+  }
+}
+
+// Scan our list (linearly) for the given fingerprint string
+function findTrustAnchorByFingerprint(sha256Fingerprint) {
+  for (let i = 0; i < gTrustAnchors.roots.length; i++) {
+    if (sha256Fingerprint == gTrustAnchors.roots[i].sha256Fingerprint) {
+      return i;
+    }
+  }
+  return ROOT_NOT_ASSIGNED;
+}
+
+// Get a clean label for a given certificate; usually the common name.
+function getLabelForCert(cert) {
+  let label = cert.commonName;
+
+  if (label.length < 5) {
+    label = cert.subjectName;
+  }
+
+  // replace non-ascii characters
+  label = label.replace(/[^[:ascii:]]/g, "_");
+  // replace non-word characters
+  label = label.replace(/[^A-Za-z0-9]/g, "_");
+  return label;
+}
+
+// Fill in the gTrustAnchors list with trust anchors from the database.
+function insertTrustAnchorsFromDatabase() {
+  // We only want CA certs for SSL
+  const CERT_TYPE = Ci.nsIX509Cert.CA_CERT;
+  const TRUST_TYPE = Ci.nsIX509CertDB.TRUSTED_SSL;
+
+  // Iterate through the whole Cert DB
+  let enumerator = CertDb.getCerts().getEnumerator();
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+
+    // Find the certificate in our existing list. Do it here because we need to check if
+    // it's untrusted too.
+
+    // If this is a trusted cert
+    if (CertDb.isCertTrusted(cert, CERT_TYPE, TRUST_TYPE)) {
+      // Base64 encode the hex string
+      let binaryFingerprint = CommonUtils.hexToBytes(stripColons(cert.sha256Fingerprint));
+      let encodedFingerprint = btoa(binaryFingerprint);
+
+       // Scan to see if this is already in the database.
+      if (findTrustAnchorByFingerprint(encodedFingerprint) == ROOT_NOT_ASSIGNED) {
+
+        // Let's get a usable name; some old certs do not have CN= filled out
+        let label = getLabelForCert(cert);
+
+        // Add to list
+        gTrustAnchors.maxBin += 1;
+        gTrustAnchors.roots.push(
+          {
+            "label": label,
+            "binNumber": gTrustAnchors.maxBin,
+            "sha256Fingerprint": encodedFingerprint
+          });
+      }
+    }
+  }
+}
+
+//
+//  PRIMARY LOGIC
+//
+
+if (arguments.length != 1) {
+  throw new Error("Usage: genRootCAHashes.js " +
+                  "<absolute path to current RootHashes.inc>");
+}
+
+var trustAnchorsFile = FileUtils.getFile("CurWorkD", [FILENAME_TRUST_ANCHORS]);
+// let rootHashesFile = FileUtils.getFile("CurWorkD", arguments[0]);
+var rootHashesFile = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
+rootHashesFile.initWithPath(arguments[0]);
+
+// Open the known hashes file; this is to ensure stable bin numbers.
+var gTrustAnchors = loadTrustAnchors(trustAnchorsFile);
+
+// Collect all certificate entries
+insertTrustAnchorsFromDatabase();
+
+// Update known hashes before we sort
+writeTrustAnchors(trustAnchorsFile);
+
+// Sort all trust anchors before writing, as AccumulateRootCA.cpp
+// will perform binary searches
+gTrustAnchors.roots.sort(function(a, b) {
+  // We need to work from the binary values, not the base64 values.
+  let aBin = atob(a.sha256Fingerprint);
+  let bBin = atob(b.sha256Fingerprint);
+
+  if (aBin < bBin) {
+    return -1;
+  }
+  if (aBin > bBin) {
+    return 1;
+  }
+  return 0;
+});
+
+// Write the output file.
+var rootHashesFileOutputStream = FileUtils.openSafeFileOutputStream(rootHashesFile);
+writeRootHashes(rootHashesFileOutputStream);
+FileUtils.closeSafeFileOutputStream(rootHashesFileOutputStream);
diff --git a/security/manager/tools/getHSTSPreloadList.js b/security/manager/tools/getHSTSPreloadList.js
new file mode 100644
index 000000000..5b950f938
--- /dev/null
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -0,0 +1,497 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// How to run this file:
+// 1. [obtain firefox source code]
+// 2. [build/obtain firefox binaries]
+// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell \
+//                                  [path to]/getHSTSPreloadlist.js \
+//                                  [absolute path to]/nsSTSPreloadlist.inc'
+// Note: Running this file outputs a new nsSTSPreloadlist.inc in the current
+//       working directory.
+
+var Cc = Components.classes;
+var Ci = Components.interfaces;
+var Cu = Components.utils;
+var Cr = Components.results;
+
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/FileUtils.jsm");
+Cu.import("resource:///modules/XPCOMUtils.jsm");
+
+const SOURCE = "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT";
+const OUTPUT = "nsSTSPreloadList.inc";
+const ERROR_OUTPUT = "nsSTSPreloadList.errors";
+const MINIMUM_REQUIRED_MAX_AGE = 60 * 60 * 24 * 7 * 18;
+const MAX_CONCURRENT_REQUESTS = 5;
+const MAX_RETRIES = 3;
+const REQUEST_TIMEOUT = 30 * 1000;
+const ERROR_NONE = "no error";
+const ERROR_CONNECTING_TO_HOST = "could not connect to host";
+const ERROR_NO_HSTS_HEADER = "did not receive HSTS header";
+const ERROR_MAX_AGE_TOO_LOW = "max-age too low: ";
+const HEADER = "/* This Source Code Form is subject to the terms of the Mozilla Public\n" +
+" * License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
+" * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n" +
+"\n" +
+"/*****************************************************************************/\n" +
+"/* This is an automatically generated file. If you're not                    */\n" +
+"/* nsSiteSecurityService.cpp, you shouldn't be #including it.     */\n" +
+"/*****************************************************************************/\n" +
+"\n" +
+"#include <stdint.h>\n";
+
+function download() {
+  var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
+            .createInstance(Ci.nsIXMLHttpRequest);
+  req.open("GET", SOURCE, false); // doing the request synchronously
+  try {
+    req.send();
+  }
+  catch (e) {
+    throw new Error(`ERROR: problem downloading '${SOURCE}': ${e}`);
+  }
+
+  if (req.status != 200) {
+    throw new Error("ERROR: problem downloading '" + SOURCE + "': status " +
+                    req.status);
+  }
+
+  var resultDecoded;
+  try {
+    resultDecoded = atob(req.responseText);
+  }
+  catch (e) {
+    throw new Error("ERROR: could not decode data as base64 from '" + SOURCE +
+                    "': " + e);
+  }
+
+  // we have to filter out '//' comments, while not mangling the json
+  var result = resultDecoded.replace(/^(\s*)?\/\/[^\n]*\n/mg, "");
+  var data = null;
+  try {
+    data = JSON.parse(result);
+  }
+  catch (e) {
+    throw new Error(`ERROR: could not parse data from '${SOURCE}': ${e}`);
+  }
+  return data;
+}
+
+function getHosts(rawdata) {
+  var hosts = [];
+
+  if (!rawdata || !rawdata.entries) {
+    throw new Error("ERROR: source data not formatted correctly: 'entries' " +
+                    "not found");
+  }
+
+  for (let entry of rawdata.entries) {
+    if (entry.mode && entry.mode == "force-https") {
+      if (entry.name) {
+        // We trim the entry name here to avoid malformed URI exceptions when we
+        // later try to connect to the domain.
+        entry.name = entry.name.trim();
+        entry.retries = MAX_RETRIES;
+        entry.originalIncludeSubdomains = entry.include_subdomains;
+        hosts.push(entry);
+      } else {
+        throw new Error("ERROR: entry not formatted correctly: no name found");
+      }
+    }
+  }
+
+  return hosts;
+}
+
+var gSSService = Cc["@mozilla.org/ssservice;1"]
+                   .getService(Ci.nsISiteSecurityService);
+
+function processStsHeader(host, header, status, securityInfo) {
+  var maxAge = { value: 0 };
+  var includeSubdomains = { value: false };
+  var error = ERROR_NONE;
+  if (header != null && securityInfo != null) {
+    try {
+      var uri = Services.io.newURI("https://" + host.name, null, null);
+      var sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+                                  .SSLStatus;
+      gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
+                               uri, header, sslStatus, 0, maxAge,
+                               includeSubdomains);
+    }
+    catch (e) {
+      dump("ERROR: could not process header '" + header + "' from " +
+           host.name + ": " + e + "\n");
+      error = e;
+    }
+  } else if (status == 0) {
+    error = ERROR_CONNECTING_TO_HOST;
+  } else {
+    error = ERROR_NO_HSTS_HEADER;
+  }
+
+  let forceInclude = (host.forceInclude || host.pins == "google");
+
+  if (error == ERROR_NONE && maxAge.value < MINIMUM_REQUIRED_MAX_AGE) {
+    error = ERROR_MAX_AGE_TOO_LOW;
+  }
+
+  return { name: host.name,
+           maxAge: maxAge.value,
+           includeSubdomains: includeSubdomains.value,
+           error: error,
+           retries: host.retries - 1,
+           forceInclude: forceInclude,
+           originalIncludeSubdomains: host.originalIncludeSubdomains };
+}
+
+// RedirectAndAuthStopper prevents redirects and HTTP authentication
+function RedirectAndAuthStopper() {}
+
+RedirectAndAuthStopper.prototype = {
+  // nsIChannelEventSink
+  asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback) {
+    throw new Error(Cr.NS_ERROR_ENTITY_CHANGED);
+  },
+
+  // nsIAuthPrompt2
+  promptAuth: function(channel, level, authInfo) {
+    return false;
+  },
+
+  asyncPromptAuth: function(channel, callback, context, level, authInfo) {
+    throw new Error(Cr.NS_ERROR_NOT_IMPLEMENTED);
+  },
+
+  getInterface: function(iid) {
+    return this.QueryInterface(iid);
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIChannelEventSink,
+                                         Ci.nsIAuthPrompt2])
+};
+
+function getHSTSStatus(host, resultList) {
+  var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
+            .createInstance(Ci.nsIXMLHttpRequest);
+  var inResultList = false;
+  var uri = "https://" + host.name + "/";
+  req.open("GET", uri, true);
+  req.timeout = REQUEST_TIMEOUT;
+
+  let errorhandler = (evt) => {
+    dump(`ERROR: error making request to ${host.name} (type=${evt.type})\n`);
+    if (!inResultList) {
+      inResultList = true;
+      resultList.push(processStsHeader(host, null, req.status,
+                                       req.channel.securityInfo));
+    }
+  };
+  req.onerror = errorhandler;
+  req.ontimeout = errorhandler;
+  req.onabort = errorhandler;
+
+  req.onload = function(event) {
+    if (!inResultList) {
+      inResultList = true;
+      var header = req.getResponseHeader("strict-transport-security");
+      resultList.push(processStsHeader(host, header, req.status,
+                                       req.channel.securityInfo));
+    }
+  };
+
+  try {
+    req.channel.notificationCallbacks = new RedirectAndAuthStopper();
+    req.send();
+  }
+  catch (e) {
+    dump("ERROR: exception making request to " + host.name + ": " + e + "\n");
+  }
+}
+
+function compareHSTSStatus(a, b) {
+  if (a.name > b.name) {
+    return 1;
+  }
+  if (a.name < b.name) {
+    return -1;
+  }
+  return 0;
+}
+
+function writeTo(string, fos) {
+  fos.write(string, string.length);
+}
+
+// Determines and returns a string representing a declaration of when this
+// preload list should no longer be used.
+// This is the current time plus MINIMUM_REQUIRED_MAX_AGE.
+function getExpirationTimeString() {
+  var now = new Date();
+  var nowMillis = now.getTime();
+  // MINIMUM_REQUIRED_MAX_AGE is in seconds, so convert to milliseconds
+  var expirationMillis = nowMillis + (MINIMUM_REQUIRED_MAX_AGE * 1000);
+  var expirationMicros = expirationMillis * 1000;
+  return "const PRTime gPreloadListExpirationTime = INT64_C(" + expirationMicros + ");\n";
+}
+
+function errorToString(status) {
+  return (status.error == ERROR_MAX_AGE_TOO_LOW
+          ? status.error + status.maxAge
+          : status.error);
+}
+
+function writeEntry(status, indices, outputStream) {
+  let includeSubdomains = (status.finalIncludeSubdomains ? "true" : "false");
+  writeTo("  { " + indices[status.name] + ", " + includeSubdomains + " },\n",
+          outputStream);
+}
+
+function output(sortedStatuses, currentList) {
+  try {
+    var file = FileUtils.getFile("CurWorkD", [OUTPUT]);
+    var errorFile = FileUtils.getFile("CurWorkD", [ERROR_OUTPUT]);
+    var fos = FileUtils.openSafeFileOutputStream(file);
+    var eos = FileUtils.openSafeFileOutputStream(errorFile);
+    writeTo(HEADER, fos);
+    writeTo(getExpirationTimeString(), fos);
+
+    for (let status in sortedStatuses) {
+      // If we've encountered an error for this entry (other than the site not
+      // sending an HSTS header), be safe and don't remove it from the list
+      // (given that it was already on the list).
+      if (status.error != ERROR_NONE &&
+          status.error != ERROR_NO_HSTS_HEADER &&
+          status.error != ERROR_MAX_AGE_TOO_LOW &&
+          status.name in currentList) {
+        dump("INFO: error connecting to or processing " + status.name + " - using previous status on list\n");
+        writeTo(status.name + ": " + errorToString(status) + "\n", eos);
+        status.maxAge = MINIMUM_REQUIRED_MAX_AGE;
+        status.includeSubdomains = currentList[status.name];
+      }
+    }
+
+    // Filter out entries we aren't including.
+    var includedStatuses = sortedStatuses.filter(function (status) {
+      if (status.maxAge < MINIMUM_REQUIRED_MAX_AGE && !status.forceInclude) {
+        dump("INFO: " + status.name + " NOT ON the preload list\n");
+        writeTo(status.name + ": " + errorToString(status) + "\n", eos);
+        return false;
+      }
+
+      dump("INFO: " + status.name + " ON the preload list\n");
+      if (status.forceInclude && status.error != ERROR_NONE) {
+        writeTo(status.name + ": " + errorToString(status) + " (error "
+                + "ignored - included regardless)\n", eos);
+      }
+      return true;
+    });
+
+    // Resolve whether we should include subdomains for each entry.  We could
+    // do this while writing out entries, but separating out that decision is
+    // clearer.  Making that decision here also means we can write the choices
+    // in the comments in the static string table, which makes parsing the
+    // current list significantly easier when we go to update the list.
+    for (let status of includedStatuses) {
+      let incSubdomainsBool = (status.forceInclude && status.error != ERROR_NONE
+                               ? status.originalIncludeSubdomains
+                               : status.includeSubdomains);
+      status.finalIncludeSubdomains = incSubdomainsBool;
+    }
+
+    writeTo("\nstatic const char kSTSHostTable[] = {\n", fos);
+    var indices = {};
+    var currentIndex = 0;
+    for (let status of includedStatuses) {
+      indices[status.name] = currentIndex;
+      // Add 1 for the null terminator in C.
+      currentIndex += status.name.length + 1;
+      // Rebuilding the preload list requires reading the previous preload
+      // list.  Write out a comment describing each host prior to writing out
+      // the string for the host.
+      writeTo("  /* \"" + status.name + "\", " +
+              (status.finalIncludeSubdomains ? "true" : "false") + " */ ",
+              fos);
+      // Write out the string itself as individual characters, including the
+      // null terminator.  We do it this way rather than using C's string
+      // concatentation because some compilers have hardcoded limits on the
+      // lengths of string literals, and the preload list is large enough
+      // that it runs into said limits.
+      for (let c of status.name) {
+	writeTo("'" + c + "', ", fos);
+      }
+      writeTo("'\\0',\n", fos);
+    }
+    writeTo("};\n", fos);
+
+    const PREFIX = "\n" +
+      "struct nsSTSPreload\n" +
+      "{\n" +
+      "  const uint32_t mHostIndex : 31;\n" +
+      "  const uint32_t mIncludeSubdomains : 1;\n" +
+      "};\n" +
+      "\n" +
+      "static const nsSTSPreload kSTSPreloadList[] = {\n";
+    const POSTFIX = "};\n";
+
+    writeTo(PREFIX, fos);
+    for (let status of includedStatuses) {
+      writeEntry(status, indices, fos);
+    }
+    writeTo(POSTFIX, fos);
+    FileUtils.closeSafeFileOutputStream(fos);
+    FileUtils.closeSafeFileOutputStream(eos);
+  }
+  catch (e) {
+    dump("ERROR: problem writing output to '" + OUTPUT + "': " + e + "\n");
+  }
+}
+
+function shouldRetry(response) {
+  return (response.error != ERROR_NO_HSTS_HEADER &&
+          response.error != ERROR_MAX_AGE_TOO_LOW &&
+          response.error != ERROR_NONE && response.retries > 0);
+}
+
+function getHSTSStatuses(inHosts, outStatuses) {
+  var expectedOutputLength = inHosts.length;
+  var tmpOutput = [];
+  for (var i = 0; i < MAX_CONCURRENT_REQUESTS && inHosts.length > 0; i++) {
+    let host = inHosts.shift();
+    dump("spinning off request to '" + host.name + "' (remaining retries: " +
+         host.retries + ")\n");
+    getHSTSStatus(host, tmpOutput);
+  }
+
+  while (outStatuses.length != expectedOutputLength) {
+    waitForAResponse(tmpOutput);
+    var response = tmpOutput.shift();
+    dump("request to '" + response.name + "' finished\n");
+    if (shouldRetry(response)) {
+      inHosts.push(response);
+    } else {
+      outStatuses.push(response);
+    }
+
+    if (inHosts.length > 0) {
+      let host = inHosts.shift();
+      dump("spinning off request to '" + host.name + "' (remaining retries: " +
+           host.retries + ")\n");
+      getHSTSStatus(host, tmpOutput);
+    }
+  }
+}
+
+// Since all events are processed on the main thread, and since event
+// handlers are not preemptible, there shouldn't be any concurrency issues.
+function waitForAResponse(outputList) {
+  // From <https://developer.mozilla.org/en/XPConnect/xpcshell/HOWTO>
+  var threadManager = Cc["@mozilla.org/thread-manager;1"]
+                      .getService(Ci.nsIThreadManager);
+  var mainThread = threadManager.currentThread;
+  while (outputList.length == 0) {
+    mainThread.processNextEvent(true);
+  }
+}
+
+function readCurrentList(filename) {
+  var currentHosts = {};
+  var file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
+  file.initWithPath(filename);
+  var fis = Cc["@mozilla.org/network/file-input-stream;1"]
+              .createInstance(Ci.nsILineInputStream);
+  fis.init(file, -1, -1, Ci.nsIFileInputStream.CLOSE_ON_EOF);
+  var line = {};
+  // While we generate entries matching the version 2 format (see bug 1255425
+  // for details), we still need to be able to read entries in the version 1
+  // format for bootstrapping a version 2 preload list from a version 1
+  // preload list.  Hence these two regexes.
+  var v1EntryRegex = /  { "([^"]*)", (true|false) },/;
+  var v2EntryRegex = /  \/\* "([^"]*)", (true|false) \*\//;
+  while (fis.readLine(line)) {
+    var match = v1EntryRegex.exec(line.value);
+    if (!match) {
+      match = v2EntryRegex.exec(line.value);
+    }
+    if (match) {
+      currentHosts[match[1]] = (match[2] == "true");
+    }
+  }
+  return currentHosts;
+}
+
+function combineLists(newHosts, currentHosts) {
+  for (let currentHost in currentHosts) {
+    let found = false;
+    for (let newHost of newHosts) {
+      if (newHost.name == currentHost) {
+        found = true;
+        break;
+      }
+    }
+    if (!found) {
+      newHosts.push({ name: currentHost, retries: MAX_RETRIES });
+    }
+  }
+}
+
+const TEST_ENTRIES = [
+  { name: "includesubdomains.preloaded.test", includeSubdomains: true },
+  { name: "includesubdomains2.preloaded.test", includeSubdomains: true },
+  { name: "noincludesubdomains.preloaded.test", includeSubdomains: false },
+];
+
+function deleteTestHosts(currentHosts) {
+  for (let testEntry of TEST_ENTRIES) {
+    delete currentHosts[testEntry.name];
+  }
+}
+
+function insertTestHosts(hstsStatuses) {
+  for (let testEntry of TEST_ENTRIES) {
+    hstsStatuses.push({
+      name: testEntry.name,
+      maxAge: MINIMUM_REQUIRED_MAX_AGE,
+      includeSubdomains: testEntry.includeSubdomains,
+      error: ERROR_NONE,
+      // This deliberately doesn't have a value for `retries` (because we should
+      // never attempt to connect to this host).
+      forceInclude: true,
+      originalIncludeSubdomains: testEntry.includeSubdomains,
+    });
+  }
+}
+
+// ****************************************************************************
+// This is where the action happens:
+if (arguments.length != 1) {
+  throw new Error("Usage: getHSTSPreloadList.js " +
+                  "<absolute path to current nsSTSPreloadList.inc>");
+}
+// get the current preload list
+var currentHosts = readCurrentList(arguments[0]);
+// delete any hosts we use in tests so we don't actually connect to them
+deleteTestHosts(currentHosts);
+// disable the current preload list so it won't interfere with requests we make
+Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
+// download and parse the raw json file from the Chromium source
+var rawdata = download();
+// get just the hosts with mode: "force-https"
+var hosts = getHosts(rawdata);
+// add hosts in the current list to the new list (avoiding duplicates)
+combineLists(hosts, currentHosts);
+// get the HSTS status of each host
+var hstsStatuses = [];
+getHSTSStatuses(hosts, hstsStatuses);
+// add the hosts we use in tests
+insertTestHosts(hstsStatuses);
+// sort the hosts alphabetically
+hstsStatuses.sort(compareHSTSStatus);
+// write the results to a file (this is where we filter out hosts that we
+// either couldn't connect to, didn't receive an HSTS header from, couldn't
+// parse the header, or had a header with too short a max-age)
+output(hstsStatuses, currentHosts);
+// ****************************************************************************
diff --git a/security/manager/tools/makeCNNICHashes.js b/security/manager/tools/makeCNNICHashes.js
new file mode 100644
index 000000000..1b558949e
--- /dev/null
+++ b/security/manager/tools/makeCNNICHashes.js
@@ -0,0 +1,282 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// How to run this file:
+// 1. [obtain CNNIC-issued certificates to be whitelisted]
+// 2. [obtain firefox source code]
+// 3. [build/obtain firefox binaries]
+// 4. run `[path to]/run-mozilla.sh [path to]/xpcshell makeCNNICHashes.js \
+//                                  [path to]/intermediatesFile
+//                                  [path to]/certlist'
+//    Where |intermediatesFile| is a file containing PEM encoded intermediate
+//    certificates that the certificates in |certlist| may be issued by.
+//    where certlist is a file containing a list of paths to certificates to
+//    be included in the whitelist
+
+var Cc = Components.classes;
+var Ci = Components.interfaces;
+var Cu = Components.utils;
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                .getService(Ci.nsIX509CertDB);
+
+var { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
+var { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+
+const HEADER = "// This Source Code Form is subject to the terms of the Mozilla Public\n" +
+"// License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
+"// file, You can obtain one at http://mozilla.org/MPL/2.0/.\n" +
+"//\n" +
+"//***************************************************************************\n" +
+"// This file was automatically generated by makeCNNICHashes.js. It shouldn't\n" +
+"// need to be manually edited.\n" +
+"//***************************************************************************\n" +
+"\n";
+
+const PREAMBLE = "#define CNNIC_WHITELIST_HASH_LEN 32\n\n" +
+"struct WhitelistedCNNICHash {\n" +
+" const uint8_t hash[CNNIC_WHITELIST_HASH_LEN];\n" +
+"};\n\n" +
+"static const struct WhitelistedCNNICHash WhitelistedCNNICHashes[] = {\n";
+
+const POSTAMBLE = "};\n";
+
+function writeString(fos, string) {
+  fos.write(string, string.length);
+}
+
+// fingerprint is in the form "00:11:22:..."
+function hexSlice(fingerprint, start, end) {
+  let hexBytes = fingerprint.split(":");
+  let ret = "";
+  for (let i = start; i < end; i++) {
+    let hex = hexBytes[i];
+    ret += "0x" + hex;
+    if (i < end - 1) {
+      ret += ", ";
+    }
+  }
+  return ret;
+}
+
+// Write the C++ header file
+function writeHashes(certs, lastValidTime, fos) {
+  writeString(fos, HEADER);
+  writeString(fos, `// This file may be removed after ${new Date(lastValidTime)}\n\n`);
+  writeString(fos, PREAMBLE);
+
+  certs.forEach(function(cert) {
+    writeString(fos, "  {\n");
+    writeString(fos, "    { " + hexSlice(cert.sha256Fingerprint, 0, 16) + ",\n");
+    writeString(fos, "      " + hexSlice(cert.sha256Fingerprint, 16, 32) + " },\n");
+
+    writeString(fos, "  },\n");
+  });
+  writeString(fos, POSTAMBLE);
+}
+
+function readFileContents(file) {
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
+                  .createInstance(Ci.nsIFileInputStream);
+  fstream.init(file, -1, 0, 0);
+  let data = NetUtil.readInputStreamToString(fstream, fstream.available());
+  fstream.close();
+  return data;
+}
+
+function relativePathToFile(path) {
+  let currentDirectory = Cc["@mozilla.org/file/directory_service;1"]
+                           .getService(Ci.nsIProperties)
+                           .get("CurWorkD", Ci.nsILocalFile);
+  let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
+  file.initWithPath(currentDirectory.path + "/" + path);
+  return file;
+}
+
+function pathToFile(path) {
+  let file = relativePathToFile(path);
+  if (!file.exists()) {
+    // Fall back to trying absolute path
+    file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
+    file.initWithPath(path);
+  }
+  return file;
+}
+
+// punt on dealing with leap-years
+const sixYearsInMilliseconds = 6 * 366 * 24 * 60 * 60 * 1000;
+
+function loadCertificates(certFile, currentWhitelist) {
+  let nowInMilliseconds = (new Date()).getTime();
+  // months are 0-indexed, so April is month 3 :(
+  let april1InMilliseconds = (new Date(2015, 3, 1)).getTime();
+  let latestNotAfter = nowInMilliseconds;
+  let certs = [];
+  let certMap = {};
+  let invalidCerts = [];
+  let paths = readFileContents(certFile).split("\n");
+  for (let path of paths) {
+    if (!path) {
+      continue;
+    }
+    let certData = readFileContents(pathToFile(path));
+    let cert = null;
+    try {
+      cert = gCertDB.constructX509FromBase64(certData);
+    } catch (e) {}
+    if (!cert) {
+      cert = gCertDB.constructX509(certData, certData.length);
+    }
+    // Don't add multiple copies of any particular certificate.
+    if (cert.sha256Fingerprint in certMap) {
+      continue;
+    }
+    certMap[cert.sha256Fingerprint] = true;
+    // If we can't verify the certificate, don't include it. Unfortunately, if
+    // a CNNIC-issued certificate wasn't previously on the whitelist but it
+    // otherwise verifies successfully, verifyCertNow will return
+    // SEC_ERROR_REVOKED_CERTIFICATE, so we count that as verifying
+    // successfully. If the certificate is later revoked by CNNIC, the user
+    // will see that when they attempt to connect to a site using it and we do
+    // normal revocation checking.
+    let errorCode = gCertDB.verifyCertNow(cert, 2 /* SSL Server */,
+                                          Ci.nsIX509CertDB.LOCAL_ONLY, null,
+                                          {}, {});
+    if (errorCode != 0 &&
+        errorCode != -8180 /* SEC_ERROR_REVOKED_CERTIFICATE */) {
+      continue;
+    }
+    let durationMilliseconds = (cert.validity.notAfter - cert.validity.notBefore) / 1000;
+    let notBeforeMilliseconds = cert.validity.notBefore / 1000;
+    let notAfterMilliseconds = cert.validity.notAfter / 1000;
+    // Only consider certificates that were issued before 1 April 2015, haven't
+    // expired, and have a validity period shorter than 6 years (there is a
+    // delegated OCSP responder certificate with a validity period of 6 years
+    // that should be on the whitelist).
+    // Also only consider certificates that were already on the whitelist.
+    if (notBeforeMilliseconds < april1InMilliseconds &&
+        notAfterMilliseconds > nowInMilliseconds &&
+        durationMilliseconds < sixYearsInMilliseconds &&
+        currentWhitelist[cert.sha256Fingerprint]) {
+      certs.push(cert);
+      if (notAfterMilliseconds > latestNotAfter) {
+        latestNotAfter = notAfterMilliseconds;
+      }
+    }
+    if (durationMilliseconds >= sixYearsInMilliseconds) {
+      invalidCerts.push(cert);
+    }
+  }
+  return { certs: certs,
+           lastValidTime: latestNotAfter,
+           invalidCerts: invalidCerts };
+}
+
+// Expects something like "00:11:22:...", returns a string of bytes.
+function hexToBinaryString(hexString) {
+  let hexBytes = hexString.split(":");
+  let result = "";
+  for (let hexByte of hexBytes) {
+    result += String.fromCharCode(parseInt(hexByte, 16));
+  }
+  return result;
+}
+
+function compareCertificatesByHash(certA, certB) {
+  let aBin = hexToBinaryString(certA.sha256Fingerprint);
+  let bBin = hexToBinaryString(certB.sha256Fingerprint);
+
+  if (aBin < bBin) {
+     return -1;
+  }
+  if (aBin > bBin) {
+     return 1;
+  }
+ return 0;
+}
+
+function certToPEM(cert) {
+  let der = cert.getRawDER({});
+  let derString = '';
+  for (let i = 0; i < der.length; i++) {
+    derString += String.fromCharCode(der[i]);
+  }
+  let base64Lines = btoa(derString).replace(/(.{64})/g, "$1\n");
+  let output = "-----BEGIN CERTIFICATE-----\n";
+  for (let line of base64Lines.split("\n")) {
+    if (line.length > 0) {
+      output += line + "\n";
+    }
+  }
+  output += "-----END CERTIFICATE-----";
+  return output;
+}
+
+function loadIntermediates(intermediatesFile) {
+  let pem = readFileContents(intermediatesFile);
+  let intermediates = [];
+  let currentPEM = "";
+  for (let line of pem.split("\r\n")) {
+    if (line == "-----END CERTIFICATE-----") {
+      if (currentPEM) {
+        intermediates.push(gCertDB.constructX509FromBase64(currentPEM));
+      }
+      currentPEM = "";
+      continue;
+    }
+    if (line != "-----BEGIN CERTIFICATE-----") {
+      currentPEM += line;
+    }
+  }
+  return intermediates;
+}
+
+function readCurrentWhitelist(currentWhitelistFile) {
+  let contents = readFileContents(currentWhitelistFile).replace(/[\r\n ]/g, "");
+  let split = contents.split(/((?:0x[0-9A-F][0-9A-F],){31}0x[0-9A-F][0-9A-F])/);
+  // The hashes will be every odd-indexed element of the array.
+  let currentWhitelist = {};
+  for (let i = 1; i < split.length && i < split.length - 1; i += 2) {
+    let hash = split[i].replace(/0x/g, "").replace(/,/g, ":");
+    currentWhitelist[hash] = true;
+  }
+  return currentWhitelist;
+}
+
+///////////////////////////////////////////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+
+if (arguments.length != 3) {
+  throw new Error("Usage: makeCNNICHashes.js <PEM intermediates file> " +
+                  "<path to list of certificates> <path to current whitelist file>");
+}
+
+Services.prefs.setIntPref("security.OCSP.enabled", 0);
+var intermediatesFile = pathToFile(arguments[0]);
+var intermediates = loadIntermediates(intermediatesFile);
+var certFile = pathToFile(arguments[1]);
+var currentWhitelistFile = pathToFile(arguments[2]);
+var currentWhitelist = readCurrentWhitelist(currentWhitelistFile);
+var { certs, lastValidTime, invalidCerts } = loadCertificates(certFile, currentWhitelist);
+
+dump("The following certificates were not included due to overlong validity periods:\n");
+for (let cert of invalidCerts) {
+  dump(certToPEM(cert) + "\n");
+}
+
+// Sort the key hashes to allow for binary search.
+certs.sort(compareCertificatesByHash);
+
+// Write the output file.
+var outFile = relativePathToFile("CNNICHashWhitelist.inc");
+if (!outFile.exists()) {
+  outFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o644);
+}
+var outStream = Cc["@mozilla.org/network/file-output-stream;1"]
+                  .createInstance(Ci.nsIFileOutputStream);
+outStream.init(outFile, -1, 0, 0);
+writeHashes(certs, lastValidTime, outStream);
+outStream.close();